Widevine MediaCas client code that works with Android R

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/25adc5d13d39231afeb8ed3da76a18f9658c681a

@@ -0,0 +1 @@
+(c020:0d112d7ea200;

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/32556c2f870258f2b18c905c3cd017d7064927d7

@@ -0,0 +1 @@
+(e2!0;u

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/3d152b926d295b49d73a968d1668c0b9125dd2da

@@ -0,0 +1 @@
+0a4c08001248000000020000101907d9ffde13aa95c122678053362136bdf8408f8276e4c2d87ec52b61aa1b9f646e58734930acebe899b3e464189a14a87202fb02570640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931b76a3a85f046523e10011a09393837363534333231180120002a0c313838363738373430350000

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4879965ec6be329dcc7697d913b2e8971a9729d8

@@ -0,0 +1 @@
+(2dea200;u

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4cd2f2c92b644ee1284cd082feb8e6773499ebe7

@@ -0,0 +1 @@
+0a4c020:0d1190d79fef02570640bd22ef44b2d7e3912250a200

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4d39a8df58267539e4db62ef45bda5d9573b00a4

@@ -0,0 +1 @@
+e2!0;u

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/58e6b3a414a1e090dfc6029add0f3555ccba127f

@@ -0,0 +1 @@
+e

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/655668f52bfd904b9f658280d3f144491f1d2a36

@@ -0,0 +1 @@
+(ea200;u

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/6923a33a0bb5c0694734b3063ecb212aa7873f5d

@@ -0,0 +1 @@
+0a(c020:0d112d7ea200;

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/71e064e7c3959c15c4b39d22e836fbfdc6b046b5

@@ -0,0 +1 @@
+0a4c000000200:0101907d9ffde02570640bd22ef44b2d7e3912250a230a1407363534333231180120002a0c313838363738373430350000

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ad95e413da295fa777257154ed40dfcd8e32ba2b

@@ -0,0 +1 @@
+0a4c000000220:01019dd79fef02570640bd22ef44b2d7e3912250a200

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/bcadfd6aacc62927bdb3e0a9f04b9aa11c192b6d

@@ -0,0 +1 @@
+e;

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/c6f546c378e78c5a74b45ce792c88f925f34000f

@@ -0,0 +1 @@
+0a4c000000200:010197d9ffde02570640bd22ef44b2d7e3912250a230a1407363534333231180120002a0c313838363738373430350000

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d6b1a032205b2b9ddeced35d07a9d7c7f27bbef2

@@ -0,0 +1 @@
+0a4c00000020000101907d9ffde02570640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931b76a3a85f046523e10011a09393837363534333231180120002a0c313838363738373430350000

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d7d4218b6a3c59f80d1fe0ece07ca13e5a2c209c

@@ -0,0 +1 @@
+0a4c020:0d112d7e3912250a200;

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d992e60874495b187bc157e0f24d4fd8ad957094

@@ -0,0 +1 @@
+0a4c08001248000000020000101907d9ffde02570640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931b76a3a85f046523e10011a09393837363534333231180120002a0c313838363738373430350000

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/e7064f0b80f61dbc65915311032d27baa569ae2a

@@ -0,0 +1 @@
+)

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ead485157c8b58596faa57d6c0818e6c5b652a9e

@@ -0,0 +1 @@
+e2;

oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/example.txt

@@ -0,0 +1 @@
+0a4c08001248000000020000101907d9ffde13aa95c122678053362136bdf8408f8276e4c2d87ec52b61aa1b9f646e58734930acebe899b3e464189a14a87202fb02574e70640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931b76a3a85f046523e10011a09393837363534333231180120002a0c313838363738373430350000

oemcrypto/test/fuzz_tests/README.md

@@ -0,0 +1,50 @@
+# OEMCRYPTO Fuzzing
+
+## Objective
+
+*   Run fuzzing on OEMCrypto public APIs on linux using google
+    supported clusterfuzz infrastructure to find security vulnerabilities.
+
+## Generate Corpus
+
+*   Once the fuzzer scripts are ready and running continuously using clusterfuzz
+    or android infrastructure, we can measure the efficiency of fuzzers by looking
+    at code coverage and number of new features that have been discovered by fuzzer
+    scripts here Fuzz script statistics.
+
+    A fuzzer which tries to start from random inputs and figure out intelligent
+    inputs to crash the libraries can be time consuming and not effective.
+    A way to make fuzzers more effective is by providing a set of valid
+    and invalid inputs of the library so that fuzzer can use those as a starting point.
+    These sets of valid and invalid inputs are called corpus.
+
+    The idea is to run OEMCrypto unit tests and read required data into binary corpus
+    files before calling into respective OEMCrypto APIs under test. Writing corpus data
+    to binary files is controlled by environment variable SHOULD_GENERATE_CORPUS.
+
+
+### Get OEMCrypto and Build OEMCrypto unit tests to generate corpus:
+
+*   Install Pre-requisites
+
+    ```shell
+    $ sudo apt-get install gyp ninja-build
+    ```
+
+*   download cdm source code (including ODK & OEMCrypto unit tests):
+
+    ```shell
+    $ git clone sso://widevine-internal/cdm
+    ```
+
+*   Build OEMCrypto unit tests and run with --generate_corpus flag to
+    generate corpus files:
+
+    ```shell
+    $ cd /path/to/cdm/repo
+    $ export CDM_DIR=/path/to/cdm/repo
+    $ export PATH_TO_CDM_DIR=.
+    $ gyp --format=ninja --depth=$(pwd) oemcrypto/oemcrypto_unittests.gyp
+    $ ninja -C out/Default/
+    $ ./out/Default/oemcrypto_unittests --generate_corpus
+    ```

oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc

@@ -0,0 +1,8 @@
+// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+#include "oemcrypto_fuzz_helper.h"
+
+namespace wvoec {
+void RedirectStdoutToFile() { freopen("log.txt", "a", stdout); }
+}  // namespace wvoec

oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h

@@ -0,0 +1,73 @@
+// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+#ifndef OEMCRYPTO_FUZZ_HELPER_H_
+#define OEMCRYPTO_FUZZ_HELPER_H_
+
+#include <vector>
+
+#include "OEMCryptoCAS.h"
+#include "oec_device_features.h"
+#include "oec_session_util.h"
+#include "oemcrypto_corpus_generator_helper.h"
+#include "oemcrypto_session_tests_helper.h"
+namespace wvoec {
+// Initial setup to create a valid OEMCrypto state such as initializing crypto
+// firmware/hardware, installing golden key box etc. in order to fuzz
+// OEMCrypto APIs.
+class InitializeFuzz : public SessionUtil {
+ public:
+  InitializeFuzz() {
+    wvoec::global_features.Initialize();
+    OEMCrypto_SetSandbox(kTestSandbox, sizeof(kTestSandbox));
+    OEMCrypto_Initialize();
+    EnsureTestKeys();
+  }
+
+  ~InitializeFuzz() { OEMCrypto_Terminate(); }
+};
+
+class OEMCryptoLicenseAPIFuzz : public InitializeFuzz {
+ public:
+  OEMCryptoLicenseAPIFuzz() : license_messages_(&session_) {
+    session_.open();
+    InstallTestRSAKey(&session_);
+    session_.GenerateNonce();
+  }
+
+  ~OEMCryptoLicenseAPIFuzz() {
+    session_.close();
+  }
+
+  LicenseRoundTrip& license_messages() { return license_messages_; }
+
+ private:
+  Session session_;
+  LicenseRoundTrip license_messages_;
+};
+
+class OEMCryptoProvisioningAPIFuzz : public InitializeFuzz {
+ public:
+  OEMCryptoProvisioningAPIFuzz()
+      : provisioning_messages_(&session_, encoded_rsa_key_) {
+    // Opens a session and Generates Nonce.
+    provisioning_messages_.PrepareSession(keybox_);
+  }
+
+  ~OEMCryptoProvisioningAPIFuzz() { session_.close(); }
+
+  ProvisioningRoundTrip& provisioning_messages() {
+    return provisioning_messages_;
+  }
+
+ private:
+  Session session_;
+  ProvisioningRoundTrip provisioning_messages_;
+};
+
+// Redirect printf and log statements from oemcrypto functions to a file to
+// reduce noise
+void RedirectStdoutToFile();
+}  // namespace wvoec
+
+#endif  // OEMCRYPTO_FUZZ_HELPER_H_

oemcrypto/test/fuzz_tests/oemcrypto_generate_signature.cc

@@ -0,0 +1,36 @@
+#include "properties.h"
+#include "oemcrypto_session_tests_helper.h"
+
+using namespace wvoec;
+
+static bool is_init = false;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  SessionUtil session_helper;
+  if (!is_init) {
+    wvoec::global_features.Initialize();
+    wvoec::global_features.RestrictFilter("*");
+    wvutil::Properties::Init();
+    is_init = true;
+  }
+
+  OEMCrypto_Initialize();
+  session_helper.EnsureTestKeys();
+
+  Session s;
+  s.open();
+  s.GenerateDerivedKeysFromKeybox(session_helper.keybox_);
+
+  static const uint32_t SignatureBufferMaxLength = size;
+  vector<uint8_t> signature(SignatureBufferMaxLength);
+  size_t signature_length = signature.size();
+
+  OEMCryptoResult sts;
+  sts = OEMCrypto_GenerateSignature(s.session_id(), data, size,
+                                    &signature[0], &signature_length);
+
+  s.close();
+  OEMCrypto_Terminate();
+
+  return 0;
+}

oemcrypto/test/fuzz_tests/oemcrypto_load_license_fuzz.cc

@@ -0,0 +1,24 @@
+// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+
+#include "oemcrypto_fuzz_helper.h"
+
+namespace wvoec {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  // Redirect printf and log statements from oemcrypto functions to a file to
+  // reduce noise
+  RedirectStdoutToFile();
+  if (size < sizeof(ODK_ParsedLicense) + sizeof(MessageData)) {
+    return 0;
+  }
+  OEMCryptoLicenseAPIFuzz license_api_fuzz;
+  license_api_fuzz.license_messages().SignAndVerifyRequest();
+  // Interpreting input fuzz data as unencrypted (core_response + license
+  // message data) from license server.
+  license_api_fuzz.license_messages().InjectFuzzedResponseData(data, size);
+  license_api_fuzz.license_messages().EncryptAndSignResponse();
+  license_api_fuzz.license_messages().LoadResponse();
+  return 0;
+}
+}  // namespace wvoec

oemcrypto/test/fuzz_tests/oemcrypto_load_provisioning_fuzz.cc

@@ -0,0 +1,27 @@
+// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+
+#include "oemcrypto_fuzz_helper.h"
+
+namespace wvoec {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  // Redirect printf and log statements from oemcrypto functions to a file to
+  // reduce noise
+  RedirectStdoutToFile();
+  if (size < sizeof(ODK_ParsedProvisioning) + sizeof(RSAPrivateKeyMessage)) {
+    return 0;
+  }
+
+  OEMCryptoProvisioningAPIFuzz provisioning_api_fuzz;
+  provisioning_api_fuzz.provisioning_messages().SignAndVerifyRequest();
+  // Interpreting input fuzz data as unencrypted(core_response + provisioning
+  // message data) from provisioning server.
+  provisioning_api_fuzz.provisioning_messages().InjectFuzzedResponseData(data,
+                                                                         size);
+  provisioning_api_fuzz.provisioning_messages().EncryptAndSignResponse();
+  provisioning_api_fuzz.provisioning_messages().LoadResponse();
+  return 0;
+}
+}  // namespace wvoec

oemcrypto/test/fuzz_tests/sample_test.cc

@@ -0,0 +1,10 @@
+#include <stddef.h>
+#include <stdint.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  if (size > 0 && data[0] == 'H')
+    if (size > 1 && data[1] == 'I')
+       if (size > 2 && data[2] == '!')
+       __builtin_trap();
+  return 0;
+}