1.8 KiB
OEMCRYPTO Fuzzing
Objective
- Run fuzzing on OEMCrypto public APIs on linux using google supported clusterfuzz infrastructure to find security vulnerabilities.
Generate Corpus
-
Once the fuzzer scripts are ready and running continuously using clusterfuzz or android infrastructure, we can measure the efficiency of fuzzers by looking at code coverage and number of new features that have been discovered by fuzzer scripts here Fuzz script statistics.
A fuzzer which tries to start from random inputs and figure out intelligent inputs to crash the libraries can be time consuming and not effective. A way to make fuzzers more effective is by providing a set of valid and invalid inputs of the library so that fuzzer can use those as a starting point. These sets of valid and invalid inputs are called corpus.
The idea is to run OEMCrypto unit tests and read required data into binary corpus files before calling into respective OEMCrypto APIs under test. Writing corpus data to binary files is controlled by environment variable SHOULD_GENERATE_CORPUS.
Get OEMCrypto and Build OEMCrypto unit tests to generate corpus:
-
Install Pre-requisites
$ sudo apt-get install gyp ninja-build -
download cdm source code (including ODK & OEMCrypto unit tests):
$ git clone sso://widevine-internal/cdm -
Build OEMCrypto unit tests and run with --generate_corpus flag to generate corpus files:
$ cd /path/to/cdm/repo $ export CDM_DIR=/path/to/cdm/repo $ export PATH_TO_CDM_DIR=. $ gyp --format=ninja --depth=$(pwd) oemcrypto/oemcrypto_unittests.gyp $ ninja -C out/Default/ $ ./out/Default/oemcrypto_unittests --generate_corpus