51 lines
1.8 KiB
Markdown
51 lines
1.8 KiB
Markdown
# OEMCRYPTO Fuzzing
|
|
|
|
## Objective
|
|
|
|
* Run fuzzing on OEMCrypto public APIs on linux using google
|
|
supported clusterfuzz infrastructure to find security vulnerabilities.
|
|
|
|
## Generate Corpus
|
|
|
|
* Once the fuzzer scripts are ready and running continuously using clusterfuzz
|
|
or android infrastructure, we can measure the efficiency of fuzzers by looking
|
|
at code coverage and number of new features that have been discovered by fuzzer
|
|
scripts here Fuzz script statistics.
|
|
|
|
A fuzzer which tries to start from random inputs and figure out intelligent
|
|
inputs to crash the libraries can be time consuming and not effective.
|
|
A way to make fuzzers more effective is by providing a set of valid
|
|
and invalid inputs of the library so that fuzzer can use those as a starting point.
|
|
These sets of valid and invalid inputs are called corpus.
|
|
|
|
The idea is to run OEMCrypto unit tests and read required data into binary corpus
|
|
files before calling into respective OEMCrypto APIs under test. Writing corpus data
|
|
to binary files is controlled by environment variable SHOULD_GENERATE_CORPUS.
|
|
|
|
|
|
### Get OEMCrypto and Build OEMCrypto unit tests to generate corpus:
|
|
|
|
* Install Pre-requisites
|
|
|
|
```shell
|
|
$ sudo apt-get install gyp ninja-build
|
|
```
|
|
|
|
* download cdm source code (including ODK & OEMCrypto unit tests):
|
|
|
|
```shell
|
|
$ git clone sso://widevine-internal/cdm
|
|
```
|
|
|
|
* Build OEMCrypto unit tests and run with --generate_corpus flag to
|
|
generate corpus files:
|
|
|
|
```shell
|
|
$ cd /path/to/cdm/repo
|
|
$ export CDM_DIR=/path/to/cdm/repo
|
|
$ export PATH_TO_CDM_DIR=.
|
|
$ gyp --format=ninja --depth=$(pwd) oemcrypto/oemcrypto_unittests.gyp
|
|
$ ninja -C out/Default/
|
|
$ ./out/Default/oemcrypto_unittests --generate_corpus
|
|
```
|