diff --git a/oemcrypto/include/OEMCryptoCENC.h b/oemcrypto/include/OEMCryptoCENC.h index e63c92e..7424242 100644 --- a/oemcrypto/include/OEMCryptoCENC.h +++ b/oemcrypto/include/OEMCryptoCENC.h @@ -379,6 +379,7 @@ typedef struct { typedef enum OEMCrypto_Algorithm { OEMCrypto_AES_CBC_128_NO_PADDING = 0, OEMCrypto_HMAC_SHA256 = 1, + OEMCrypto_Algorithm_MaxValue = 1, } OEMCrypto_Algorithm; /// @} diff --git a/oemcrypto/odk/include/OEMCryptoCENCCommon.h b/oemcrypto/odk/include/OEMCryptoCENCCommon.h index 5e54cc6..4f882e6 100644 --- a/oemcrypto/odk/include/OEMCryptoCENCCommon.h +++ b/oemcrypto/odk/include/OEMCryptoCENCCommon.h @@ -116,7 +116,7 @@ typedef enum OEMCrypto_Usage_Entry_Status { typedef enum OEMCrypto_LicenseType { OEMCrypto_ContentLicense = 0, OEMCrypto_EntitlementLicense = 1, - OEMCrypto_LicenstType_MaxValue = OEMCrypto_EntitlementLicense, + OEMCrypto_LicenseType_MaxValue = OEMCrypto_EntitlementLicense, } OEMCrypto_LicenseType; /* Private key type used in the provisioning response. */ diff --git a/oemcrypto/odk/test/odk_fuzz.cpp b/oemcrypto/odk/test/odk_fuzz.cpp deleted file mode 100644 index 3da6744..0000000 --- a/oemcrypto/odk/test/odk_fuzz.cpp +++ /dev/null @@ -1,326 +0,0 @@ -/* Copyright 2019 Google LLC. All rights reserved. This file and proprietary - * source code may only be used and distributed under the Widevine Master - * License Agreement. - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "OEMCryptoCENCCommon.h" -#include "core_message_deserialize.h" -#include "core_message_serialize.h" -#include "core_message_types.h" -#include "odk.h" -#include "odk_serialize.h" -#include "odk_structs.h" -#include "odk_structs_priv.h" - -typedef std::function - roundtrip_fun; - -using oemcrypto_core_message::ODK_LicenseRequest; -using oemcrypto_core_message::ODK_ProvisioningRequest; -using oemcrypto_core_message::ODK_RenewalRequest; - -using oemcrypto_core_message::deserialize::CoreLicenseRequestFromMessage; -using oemcrypto_core_message::deserialize::CoreProvisioningRequestFromMessage; -using oemcrypto_core_message::deserialize::CoreRenewalRequestFromMessage; - -using oemcrypto_core_message::serialize::CreateCoreLicenseResponse; -using oemcrypto_core_message::serialize::CreateCoreProvisioningResponse; -using oemcrypto_core_message::serialize::CreateCoreRenewalResponse; - -// @ kdo deserialize; odk serialize -static OEMCryptoResult odk_serialize_LicenseRequest( - const void* in, uint8_t* out, size_t* size, - const ODK_LicenseRequest& core_license_request, - const ODK_NonceValues* nonce_values) { - return ODK_PrepareCoreLicenseRequest(out, SIZE_MAX, size, nonce_values); -} - -static OEMCryptoResult odk_serialize_RenewalRequest( - const void* in, uint8_t* out, size_t* size, - const ODK_RenewalRequest& core_renewal, ODK_NonceValues* nonce_values) { - ODK_ClockValues clock{}; - memcpy(&clock, in, sizeof(ODK_ClockValues)); - uint64_t system_time_seconds = core_renewal.playback_time_seconds; - return ODK_PrepareCoreRenewalRequest(out, SIZE_MAX, size, nonce_values, - &clock, system_time_seconds); -} - -static OEMCryptoResult odk_serialize_ProvisioningRequest( - const void* in, uint8_t* out, size_t* size, - const ODK_ProvisioningRequest& core_provisioning, - const ODK_NonceValues* nonce_values) { - const std::string& device_id = core_provisioning.device_id; - return ODK_PrepareCoreProvisioningRequest( - out, SIZE_MAX, size, nonce_values, - reinterpret_cast(device_id.data()), device_id.size()); -} - -/** - * Template arguments: - * T: kdo deserialize output/odk serialize input structure - * F: kdo deserialize function - * G: odk serialize function - * - * raw bytes -> F deserialize -> struct T -> G serialize -> raw bytes - */ -template -static roundtrip_fun kdo_odk(const F& kdo_fun, const G& odk_fun) { - auto roundtrip = [&](const uint8_t* in, uint8_t* out, size_t size, - size_t clock_value_size) -> void { - if (size <= clock_value_size) { - return; - } - // Input byte array format: [Clock Values][data to parse] - std::string input(reinterpret_cast(in) + clock_value_size, - size - clock_value_size); - T t = {}; - if (!kdo_fun(input, &t)) { - return; - } - ODK_NonceValues nonce_values = {t.api_minor_version, t.api_major_version, - t.nonce, t.session_id}; - OEMCryptoResult err = odk_fun(in, out, &size, t, &nonce_values); - if (OEMCrypto_SUCCESS != err) { - return; - } - assert(0 == memcmp(in + clock_value_size, out, size)); - }; - return roundtrip; -} - -// @ odk deserialize; kdo serialize -namespace { -struct ODK_ParseLicense_Args { - ODK_NonceValues nonce_values; - uint8_t initial_license_load; - uint8_t usage_entry_present; - uint8_t request_hash[32]; - ODK_TimerLimits timer_limits; - ODK_ClockValues clock_values; -}; -struct ODK_ParseRenewal_Args { - ODK_NonceValues nonce_values; - uint64_t system_time; - ODK_TimerLimits timer_limits; - ODK_ClockValues clock_values; -}; -struct ODK_ParseProvisioning_Args { - ODK_NonceValues nonce_values; - size_t device_id_length; - uint8_t device_id[64]; -}; -} // namespace - -bool convert_byte_to_valid_boolean(const bool* in) { - const int value = *reinterpret_cast(in); - return value != 0; -} - -static OEMCryptoResult odk_deserialize_LicenseResponse( - const uint8_t* message, size_t core_message_length, - ODK_ParseLicense_Args* a, ODK_NonceValues* nonce_values, - ODK_ParsedLicense* parsed_lic) { - return ODK_ParseLicense(message, SIZE_MAX, core_message_length, - static_cast(a->initial_license_load), - static_cast(a->usage_entry_present), - a->request_hash, &a->timer_limits, &a->clock_values, - nonce_values, parsed_lic); -} - -static bool kdo_serialize_LicenseResponse(const ODK_ParseLicense_Args* args, - const ODK_ParsedLicense& parsed_lic, - std::string* oemcrypto_core_message) { - const auto& nonce_values = args->nonce_values; - ODK_LicenseRequest core_request{nonce_values.api_minor_version, - nonce_values.api_major_version, - nonce_values.nonce, nonce_values.session_id}; - std::string core_request_sha_256( - reinterpret_cast(args->request_hash), 32); - return CreateCoreLicenseResponse( - parsed_lic, core_request, core_request_sha_256, oemcrypto_core_message); -} - -static OEMCryptoResult odk_deserialize_RenewalResponse( - const uint8_t* buf, size_t len, ODK_ParseRenewal_Args* a, - ODK_NonceValues* nonce_values, ODK_PreparedRenewalRequest* renewal_msg) { - /* Address Sanitizer doesn't like values other than 0 OR 1 for boolean - * variables. Input from fuzzer can be parsed and any random bytes can be - * assigned to boolean variables. Using the workaround to mitigate sanitizer - * errors in fuzzer code and converting random bytes to 0 OR 1. - * This has no negative security impact*/ - a->timer_limits.soft_enforce_playback_duration = - convert_byte_to_valid_boolean( - &a->timer_limits.soft_enforce_playback_duration); - a->timer_limits.soft_enforce_rental_duration = convert_byte_to_valid_boolean( - &a->timer_limits.soft_enforce_rental_duration); - uint64_t timer_value = 0; - OEMCryptoResult err = - ODK_ParseRenewal(buf, SIZE_MAX, len, nonce_values, a->system_time, - &a->timer_limits, &a->clock_values, &timer_value); - if (OEMCrypto_SUCCESS == err) { - Message* msg = nullptr; - AllocateMessage(&msg, message_block); - InitMessage(msg, const_cast(buf), len); - SetSize(msg, len); - Unpack_ODK_PreparedRenewalRequest(msg, renewal_msg); - assert(ValidMessage(msg)); - } - return err; -} - -static bool kdo_serialize_RenewalResponse( - const ODK_ParseRenewal_Args* args, - const ODK_PreparedRenewalRequest& renewal_msg, - std::string* oemcrypto_core_message) { - const auto& nonce_values = args->nonce_values; - ODK_RenewalRequest core_request{ - nonce_values.api_minor_version, nonce_values.api_major_version, - nonce_values.nonce, nonce_values.session_id, renewal_msg.playback_time}; - return CreateCoreRenewalResponse( - core_request, args->timer_limits.initial_renewal_duration_seconds, - oemcrypto_core_message); -} - -static OEMCryptoResult odk_deserialize_ProvisioningResponse( - const uint8_t* buf, size_t len, ODK_ParseProvisioning_Args* a, - ODK_NonceValues* nonce_values, ODK_ParsedProvisioning* parsed_prov) { - return ODK_ParseProvisioning(buf, SIZE_MAX, len, nonce_values, a->device_id, - a->device_id_length, parsed_prov); -} - -static bool kdo_serialize_ProvisioningResponse( - const ODK_ParseProvisioning_Args* args, - const ODK_ParsedProvisioning& parsed_prov, - std::string* oemcrypto_core_message) { - const auto& nonce_values = args->nonce_values; - if (args->device_id_length > sizeof(args->device_id)) { - return false; - } - ODK_ProvisioningRequest core_request{ - nonce_values.api_minor_version, nonce_values.api_major_version, - nonce_values.nonce, nonce_values.session_id, - std::string(reinterpret_cast(args->device_id), - args->device_id_length)}; - return CreateCoreProvisioningResponse(parsed_prov, core_request, - oemcrypto_core_message); -} - -/** - * Template arguments: - * A: struct holding function arguments - * T: odk deserialize output/kdo serialize input structure - * F: odk deserialize function - * G: kdo serialize function - * - * raw bytes -> F deserialize -> struct T -> G serialize -> raw bytes - */ -template -static roundtrip_fun odk_kdo(const F& odk_fun, const G& kdo_fun) { - auto roundtrip = [&](const uint8_t* in, uint8_t* out, size_t size, - size_t args_size) -> void { - // Input byte array format: [function arguments][data to parse] - if (args_size > size) { - return; - } - T t = {}; - const uint8_t* buf = in + args_size; - std::shared_ptr _args(new A()); - A* args = _args.get(); - memcpy(args, in, args_size); - args->nonce_values.api_major_version = ODK_MAJOR_VERSION; - args->nonce_values.api_minor_version = ODK_MINOR_VERSION; - /* - * Input random bytes from autofuzz are interpreted by this script as - * [function args][data to parse]. Odk deserialize functions - * expect the nonce values in function args to match with those - * in data to parse which is not possible with random bytes. - * We follow two pass approach. - * - * 1st pass - We copy random bytes into struct t and call kdo serialize - * with function args which will create oemcrypto core message using nonce - * from function args. Now we have a valid oemcrypto core message which is - * formed using nonce_values from function args which acts as input bytes - * for 2nd pass - * - * 2nd pass - oemcrypto core message from 1st pass guarantees that - * nonce_values in [function args] and core message match. we call - * odk_deserialize using nonce from function args and oemcrypto core message - * from 1st pass. Then we call kdo function which generates oemcrypto core - * message2, which should be equal to oemcrypto_core_message which was input - * to 2nd pass - */ - // TODO(ellurubharath): Use structure aware fuzzing - // 1st pass - memcpy(&t, buf, sizeof(t)); - std::string oemcrypto_core_message; - if (!kdo_fun(args, t, &oemcrypto_core_message)) { - return; - } - assert(oemcrypto_core_message.size() <= size); - - // 2nd pass - ODK_NonceValues nonce_values = args->nonce_values; - OEMCryptoResult result = - odk_fun(reinterpret_cast(oemcrypto_core_message.data()), - oemcrypto_core_message.size(), args, &nonce_values, &t); - if (result != OEMCrypto_SUCCESS) { - return; - } - std::string oemcrypto_core_message2; - if (!kdo_fun(args, t, &oemcrypto_core_message2)) { - return; - } - assert(oemcrypto_core_message == oemcrypto_core_message2); - }; - return roundtrip; -} - -// @ fuzz raw -> parsed -> raw -static void verify_roundtrip(const uint8_t* in, size_t size, - roundtrip_fun roundtrip, size_t args_size) { - std::vector _out(size); - auto out = _out.data(); - roundtrip(in, out, size, args_size); -} - -// Entry point for fuzzer, data is random bytes program gets from autofuzzer -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - verify_roundtrip(data, size, - kdo_odk(CoreLicenseRequestFromMessage, - odk_serialize_LicenseRequest), - 0); - verify_roundtrip(data, size, - kdo_odk(CoreRenewalRequestFromMessage, - odk_serialize_RenewalRequest), - sizeof(ODK_ClockValues)); - verify_roundtrip( - data, size, - kdo_odk(CoreProvisioningRequestFromMessage, - odk_serialize_ProvisioningRequest), - 0); - verify_roundtrip( - data, size, - odk_kdo( - odk_deserialize_LicenseResponse, kdo_serialize_LicenseResponse), - sizeof(ODK_ParseLicense_Args)); - verify_roundtrip( - data, size, - odk_kdo( - odk_deserialize_RenewalResponse, kdo_serialize_RenewalResponse), - sizeof(ODK_ParseRenewal_Args)); - verify_roundtrip(data, size, - odk_kdo( - odk_deserialize_ProvisioningResponse, - kdo_serialize_ProvisioningResponse), - sizeof(ODK_ParseProvisioning_Args)); - - return 0; -} diff --git a/oemcrypto/odk/test/odk_fuzz.gyp b/oemcrypto/odk/test/odk_fuzz.gyp deleted file mode 100644 index 69473be..0000000 --- a/oemcrypto/odk/test/odk_fuzz.gyp +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2019 Google LLC. All rights reserved. This file and proprietary -# source code may only be used and distributed under the Widevine Master License -# Agreement. - -{ - 'targets': [ - { - 'target_name': 'odk_fuzz', - 'type': 'executable', - 'includes': [ - '../src/odk.gypi', - '../kdo/oec_util.gypi', - ], - 'include_dirs': [ - '../../include', - '../include', - '../src', - '../kdo/include', - ], - 'cflags_cc': [ - '-std=c++11', - '-g3', - '-O0', - '-fsanitize=fuzzer,address,undefined', - '-fno-omit-frame-pointer', - ], - 'ldflags': [ - '-fPIC', - '-fsanitize=fuzzer,address,undefined', - ], - 'sources': [ - 'odk_fuzz.cpp', - ], - 'dependencies': [ - '../../../cdm/cdm.gyp:license_protocol' - ], - } - ] -} diff --git a/oemcrypto/odk/test/odk_test_helper.cpp b/oemcrypto/odk/test/odk_test_helper.cpp index 167d9e5..b2ed5b8 100644 --- a/oemcrypto/odk/test/odk_test_helper.cpp +++ b/oemcrypto/odk/test/odk_test_helper.cpp @@ -177,6 +177,7 @@ void ODK_SetDefaultProvisioningResponseParams( memset(params->device_id + params->device_id_length, 0, ODK_DEVICE_ID_LEN_MAX - params->device_id_length); params->parsed_provisioning = { + .key_type = OEMCrypto_RSA_Private_Key, .enc_private_key = {.offset = 0, .length = 1}, .enc_private_key_iv = {.offset = 2, .length = 3}, .encrypted_message_key = {.offset = 4, .length = 5}, diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/0ac99ac6565414c7f57a36bcf0c212327cc88ab3 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/0ac99ac6565414c7f57a36bcf0c212327cc88ab3 deleted file mode 100644 index 14f9e28..0000000 Binary files a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/0ac99ac6565414c7f57a36bcf0c212327cc88ab3 and /dev/null differ diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/25adc5d13d39231afeb8ed3da76a18f9658c681a b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/25adc5d13d39231afeb8ed3da76a18f9658c681a deleted file mode 100644 index ed6ddac..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/25adc5d13d39231afeb8ed3da76a18f9658c681a +++ /dev/null @@ -1 +0,0 @@ -(c020:0d112d7ea200; \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/32556c2f870258f2b18c905c3cd017d7064927d7 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/32556c2f870258f2b18c905c3cd017d7064927d7 deleted file mode 100644 index 3ff9503..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/32556c2f870258f2b18c905c3cd017d7064927d7 +++ /dev/null @@ -1 +0,0 @@ -(e2!0;u \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/3cec58166305818af41d10666b1538024cfbe4ec b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/3cec58166305818af41d10666b1538024cfbe4ec deleted file mode 100644 index e453ee9..0000000 Binary files a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/3cec58166305818af41d10666b1538024cfbe4ec and /dev/null differ diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/3d152b926d295b49d73a968d1668c0b9125dd2da b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/3d152b926d295b49d73a968d1668c0b9125dd2da deleted file mode 100644 index b2cb12e..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/3d152b926d295b49d73a968d1668c0b9125dd2da +++ /dev/null @@ -1 +0,0 @@ -0a4c08001248000000020000101907d9ffde13aa95c122678053362136bdf8408f8276e4c2d87ec52b61aa1b9f646e58734930acebe899b3e464189a14a87202fb02570640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931b76a3a85f046523e10011a09393837363534333231180120002a0c313838363738373430350000 diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4879965ec6be329dcc7697d913b2e8971a9729d8 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4879965ec6be329dcc7697d913b2e8971a9729d8 deleted file mode 100644 index b1596cc..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4879965ec6be329dcc7697d913b2e8971a9729d8 +++ /dev/null @@ -1 +0,0 @@ -(2dea200;u \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4cd2f2c92b644ee1284cd082feb8e6773499ebe7 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4cd2f2c92b644ee1284cd082feb8e6773499ebe7 deleted file mode 100644 index 04a910c..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4cd2f2c92b644ee1284cd082feb8e6773499ebe7 +++ /dev/null @@ -1 +0,0 @@ -0a4c020:0d1190d79fef02570640bd22ef44b2d7e3912250a200 diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4d39a8df58267539e4db62ef45bda5d9573b00a4 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4d39a8df58267539e4db62ef45bda5d9573b00a4 deleted file mode 100644 index 2a27021..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/4d39a8df58267539e4db62ef45bda5d9573b00a4 +++ /dev/null @@ -1 +0,0 @@ -e2!0;u \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/58e6b3a414a1e090dfc6029add0f3555ccba127f b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/58e6b3a414a1e090dfc6029add0f3555ccba127f deleted file mode 100644 index 9cbe6ea..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/58e6b3a414a1e090dfc6029add0f3555ccba127f +++ /dev/null @@ -1 +0,0 @@ -e \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/655668f52bfd904b9f658280d3f144491f1d2a36 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/655668f52bfd904b9f658280d3f144491f1d2a36 deleted file mode 100644 index feb5341..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/655668f52bfd904b9f658280d3f144491f1d2a36 +++ /dev/null @@ -1 +0,0 @@ -(ea200;u \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/6923a33a0bb5c0694734b3063ecb212aa7873f5d b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/6923a33a0bb5c0694734b3063ecb212aa7873f5d deleted file mode 100644 index 7ac6fcd..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/6923a33a0bb5c0694734b3063ecb212aa7873f5d +++ /dev/null @@ -1 +0,0 @@ -0a(c020:0d112d7ea200; \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/71e064e7c3959c15c4b39d22e836fbfdc6b046b5 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/71e064e7c3959c15c4b39d22e836fbfdc6b046b5 deleted file mode 100644 index e91578d..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/71e064e7c3959c15c4b39d22e836fbfdc6b046b5 +++ /dev/null @@ -1 +0,0 @@ -0a4c000000200:0101907d9ffde02570640bd22ef44b2d7e3912250a230a1407363534333231180120002a0c313838363738373430350000 diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/8edb36d75f26dc46aae4520b02deea1a645cfbc3 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/8edb36d75f26dc46aae4520b02deea1a645cfbc3 deleted file mode 100644 index a4f7ea5..0000000 Binary files a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/8edb36d75f26dc46aae4520b02deea1a645cfbc3 and /dev/null differ diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/a121ddeb222a383990a85dfd75c93e3db6630a41 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/a121ddeb222a383990a85dfd75c93e3db6630a41 deleted file mode 100644 index 679be98..0000000 Binary files a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/a121ddeb222a383990a85dfd75c93e3db6630a41 and /dev/null differ diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ad95e413da295fa777257154ed40dfcd8e32ba2b b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ad95e413da295fa777257154ed40dfcd8e32ba2b deleted file mode 100644 index 5360871..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ad95e413da295fa777257154ed40dfcd8e32ba2b +++ /dev/null @@ -1 +0,0 @@ -0a4c000000220:01019dd79fef02570640bd22ef44b2d7e3912250a200 diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/b65818237816f961d1138ef352d0b905d3eb9330 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/b65818237816f961d1138ef352d0b905d3eb9330 deleted file mode 100644 index 20673e1..0000000 Binary files a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/b65818237816f961d1138ef352d0b905d3eb9330 and /dev/null differ diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/bcadfd6aacc62927bdb3e0a9f04b9aa11c192b6d b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/bcadfd6aacc62927bdb3e0a9f04b9aa11c192b6d deleted file mode 100644 index 8d6bcfc..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/bcadfd6aacc62927bdb3e0a9f04b9aa11c192b6d +++ /dev/null @@ -1 +0,0 @@ -e; \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/c6f546c378e78c5a74b45ce792c88f925f34000f b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/c6f546c378e78c5a74b45ce792c88f925f34000f deleted file mode 100644 index 39ca47b..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/c6f546c378e78c5a74b45ce792c88f925f34000f +++ /dev/null @@ -1 +0,0 @@ -0a4c000000200:010197d9ffde02570640bd22ef44b2d7e3912250a230a1407363534333231180120002a0c313838363738373430350000 diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d6b1a032205b2b9ddeced35d07a9d7c7f27bbef2 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d6b1a032205b2b9ddeced35d07a9d7c7f27bbef2 deleted file mode 100644 index f6d9016..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d6b1a032205b2b9ddeced35d07a9d7c7f27bbef2 +++ /dev/null @@ -1 +0,0 @@ -0a4c00000020000101907d9ffde02570640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931b76a3a85f046523e10011a09393837363534333231180120002a0c313838363738373430350000 diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d7d4218b6a3c59f80d1fe0ece07ca13e5a2c209c b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d7d4218b6a3c59f80d1fe0ece07ca13e5a2c209c deleted file mode 100644 index ad45249..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d7d4218b6a3c59f80d1fe0ece07ca13e5a2c209c +++ /dev/null @@ -1 +0,0 @@ -0a4c020:0d112d7e3912250a200; \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d992e60874495b187bc157e0f24d4fd8ad957094 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d992e60874495b187bc157e0f24d4fd8ad957094 deleted file mode 100644 index 7cea4d6..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/d992e60874495b187bc157e0f24d4fd8ad957094 +++ /dev/null @@ -1 +0,0 @@ -0a4c08001248000000020000101907d9ffde02570640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931b76a3a85f046523e10011a09393837363534333231180120002a0c313838363738373430350000 diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/e7064f0b80f61dbc65915311032d27baa569ae2a b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/e7064f0b80f61dbc65915311032d27baa569ae2a deleted file mode 100644 index e8a0f87..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/e7064f0b80f61dbc65915311032d27baa569ae2a +++ /dev/null @@ -1 +0,0 @@ -) \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ead485157c8b58596faa57d6c0818e6c5b652a9e b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ead485157c8b58596faa57d6c0818e6c5b652a9e deleted file mode 100644 index 44f8acb..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ead485157c8b58596faa57d6c0818e6c5b652a9e +++ /dev/null @@ -1 +0,0 @@ -e2; \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ecca89819d61866b1f41e756edc08510f8f70747 b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ecca89819d61866b1f41e756edc08510f8f70747 deleted file mode 100644 index 508d436..0000000 Binary files a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/ecca89819d61866b1f41e756edc08510f8f70747 and /dev/null differ diff --git a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/example.txt b/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/example.txt deleted file mode 100644 index be5ddd8..0000000 --- a/oemcrypto/test/fuzz_tests/GenerateSignatureCorpus/example.txt +++ /dev/null @@ -1 +0,0 @@ -0a4c08001248000000020000101907d9ffde13aa95c122678053362136bdf8408f8276e4c2d87ec52b61aa1b9f646e58734930acebe899b3e464189a14a87202fb02574e70640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931b76a3a85f046523e10011a09393837363534333231180120002a0c313838363738373430350000 diff --git a/oemcrypto/test/fuzz_tests/README.md b/oemcrypto/test/fuzz_tests/README.md index 8c163fb..3550994 100644 --- a/oemcrypto/test/fuzz_tests/README.md +++ b/oemcrypto/test/fuzz_tests/README.md @@ -1,5 +1,9 @@ # OEMCRYPTO Fuzzing +Refer to [Setting up Clusterfuzz](build_clusterfuzz.md) if you are interested +in setting up a local instance of cluster fuzz to run fuzzing on your own +OEMCrypto implementations on linux. + ## Objective * Run fuzzing on OEMCrypto public APIs on linux using google supported @@ -76,13 +80,31 @@ $ export PATH_TO_CDM_DIR=.. $ gyp --format=ninja --depth=$(pwd) oemcrypto/oemcrypto_unittests.gyp $ ninja -C out/Default/ - $ ./out/Default/oemcrypto_unittests --generate_corpus + $ mkdir oemcrypto/test/fuzz_tests/corpus/_seed_corpus + # Generate corpus by excluding buffer overflow tests. + $ ./out/Default/oemcrypto_unittests --generate_corpus \ + --gtest_filter=-"*Huge*" + ``` + +* There can be lot of duplicate corpus files that are generated from unit + tests. We can minimize the corpus files to only a subset of files that + cover unique paths within the API when run using fuzzer. Run following + command to minimize corpus. + + ```shell + $ cd /path/to/cdm/repo + # build fuzzer binaries + $ ./oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests + $ mkdir /tmp/minimized_corpus + # minimize corpus + $ ./out/Default/ -merge=1 /tmp/minimized_corpus \ + ``` -* To avoid uploading huge binary files to git repository, the corpus files - will be saved in fuzzername_seed_corpus.zip format in blockbuster project's - oemcrypto_fuzzing_corpus GCS bucket using gsutil. If you need permissions - for blockbuster project, contact widevine-engprod@google.com. +* To avoid uploading huge binary files to git repository, the minimized corpus + files will be saved in fuzzername_seed_corpus.zip format in blockbuster + project's oemcrypto_fuzzing_corpus GCS bucket using gsutil. If you need + permissions for blockbuster project, contact widevine-engprod@google.com. ```shell $ gsutil cp gs://oemcrypto_fuzzing_corpus/ \ diff --git a/oemcrypto/test/fuzz_tests/build_clusterfuzz.md b/oemcrypto/test/fuzz_tests/build_clusterfuzz.md new file mode 100644 index 0000000..f3a0108 --- /dev/null +++ b/oemcrypto/test/fuzz_tests/build_clusterfuzz.md @@ -0,0 +1,174 @@ +# OEMCRYPTO Fuzzing - Build clustefuzz and run fuzzing + +## Objective + +* Run fuzzing on OEMCrypto public APIs on linux by building open sourced + clusterfuzz source code in order to find security vulnerabilities. + + [Clusterfuzz][1] + +* Partners who implement OEMCrypto can follow these instructions to build + clusterfuzz, the fuzzing framework and run fuzzing using fuzzer scripts + provided by the Widevine team at Google. + +## Glossary + +* Fuzzing - Fuzzing is a methodology where random, interesting, unexpected + inputs are fed to APIs in order to crash those, thereby catching any + security vulnerabilities with the code. + +* Fuzzing engines - [libfuzzer][4], afl, honggfuzz are the actual fuzzing + engines that get the coverage information from API, use that to generate + more interesting inputs which can be passed to fuzzer. + +* Seed corpus - Fuzzing engine trying to generate interesting inputs from an + empty file is not efficient. Seed corpus is the initial input that a fuzzer + can accept and call the API with that. Fuzzing engine can then mutate this + seed corpus to generate more inputs to fuzzer. + +* Clusterfuzz - ClusterFuzz is a scalable fuzzing infrastructure that finds + security and stability issues in software. Google uses ClusterFuzz to fuzz + all Google products. Clusterfuzz provides us with the capability, tools to + upload fuzz binaries and make use of the fuzzing engines to run fuzzing, + find crashes and organizes the information. Clusterfuzz framework is open + sourced, the source code can be downloaded and framework can be built + locally or by using google cloud. + +* Fuzzing output - Fuzzing is used to pass random inputs to API in order to + ensure that API is crash resistant. We are not testing functionality via + fuzzing. Fuzz scripts run continuously until they find a crash with the API + under test. + +## Building fuzz scripts + +This section outlines the steps to build fuzz binaries that can be run +continuously using clusterfuzz. + +> **Note:** All the directories mentioned below are relative to cdm repository +> root directory. + +1. Fuzz scripts for OEMCrypto APIs are provided by the Widevine team at Google + located under `oemcrypto/test/fuzz_tests` directory. + +> **Note:** Prerequisites to run the following step are [here][10]. We also need +> to install ninja. + +2. Build a static library of your OEMCrypto implementation. + * Compile and link your OEMCrypto implementation source with + `-fsanitize=address,fuzzer` flag as per these [instructions][9] when + building a static library. + + * Run `./oemcrypto/test/fuzz_tests/build_partner_oemcrypto_fuzztests + ` script from cdm repository root + directory. + + * This will generate fuzz binaries under the `out/Default` directory. + + + +> **Note:** Alternatively, you can use your own build systems, for which you +> will need to define your own build files with the OEMCrypto fuzz source files +> included. You can find the the fuzz source files in +> `oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gyp` and +> `oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gypi`. + +3. Seed corpus for each fuzz script can be found under + `oemcrypto/test/fuzz_tests/corpus` directory. Some fuzzers are simple and do + not have seed corpus associated with them. + +4. Create a zip file `oemcrypto_fuzzers_yyyymmddhhmmss.zip` with fuzz binaries + and respective seed corpus zip files. Structure of a sample zip file with + fuzzer binaries and seed corpus would look like following: + + ``` + * fuzzerA + * fuzzerA_seed_corpus.zip + * fuzzerB + * fuzzerB_seed_corpus.zip + * fuzzerC (fuzzerC doesn't have seed corpus associated with it) + ``` + +## Building clusterfuzz + +* OEMCrypto implementation can be fuzzed by building clusterfuzz code which is + open sourced and using it to run fuzzing. Use a Linux VM to build + clusterfuzz. + +> **Note:** You may see some issues with python modules missing, please install +> those modules if you see errors. If you have multiple versions of python on +> the VM, then use `python -m pipenv shell` when you are at [this][3] +> step. + +* Follow these [instructions][2] in order to download clusterfuzz repository, + build it locally or create a continuous fuzz infrastructure setup using + google cloud. + +## Running fuzzers on local clusterfuzz instance + +* If you prefer to run fuzzing on a local machine instead of having a + production setup using google cloud, then follow these [instructions][6] to + add a job to the local clusterfuzz instance. + +> **Note:** Job name should have a fuzzing engine and sanitizer as part of it. A +> libfuzzer and asan jobs should have libfuzzer_asan in the job name. + +* Create a job e:g:`libfuzzer_asan_oemcrypto` and upload previously created + `oemcrypto_fuzzers_yyyymmddhhmmss.zip` as a custom build. Future uploads of + zip file should have a name greater than current name. Following the above + naming standard will ensure zip file names are always in ascending order. + +* Once the job is added and clusterfuzz bot is running, fuzzing should be up + and running. Results can be monitored as mentioned [here][6]. + +* On a local clusterfuzz instance, only one fuzzer is being fuzzed at a time. + +> **Note:** Fuzzing is time consuming. Finding issues as well as clusterfuzz +> regressing and fixing the issues can take time. We need fuzzing to run at +> least for a couple of weeks to have good coverage. + +## Finding fuzz crashes + +Once the clusterfuzz finds an issue, it logs crash information such as the +build, test case and stack trace for the crash. + +* Test cases tab should show the fuzz crash and test case that caused the + crash. Run `./fuzz_binary ` in order to debug the crash locally. + +More information about different types of logs is as below: + +* [Bot logs][7] will show information related to fuzzing, number of crashes + that a particular fuzzer finds, number of new crashes, number of known + crashes etc. + +* [Local GCS][8] in your clusterfuzz checkout folder will store the fuzz + binaries that are being fuzzed, seed corpus etc. + +* `local_gcs/test-fuzz-logs-bucket` will store information related to fuzz + crashes if any were found by the fuzzing engine. It will store crash + information categorized by fuzzer and by each day. It will also store test + case that caused the crash. + +* `/path/to/my-bot/clusterfuzz/log.txt` will have any log information from + fuzzer script and OEMCrypto implementation. + +## Fixing issues + +* Once you are able to debug using the crash test case, apply fix to the + implementation, create `oemcrypto_fuzzers_yyyymmddhhmmss.zip` with latest + fuzz binaries. + +* Upload the latest fuzz binary to the fuzz job that was created earlier. + Fuzzer will recognize the fix and mark the crash as fixed in test cases tab + once the regression finishes. You do not need to update crashes as fixed, + clusterfuzz will do that. + +[1]: https://google.github.io/clusterfuzz/ +[2]: https://google.github.io/clusterfuzz/getting-started/ +[3]: https://google.github.io/clusterfuzz/getting-started/prerequisites/#loading-pipenv +[4]: https://llvm.org/docs/LibFuzzer.html +[5]: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/ +[6]: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/#checking-results +[7]: https://google.github.io/clusterfuzz/getting-started/local-instance/#viewing-logs +[8]: https://google.github.io/clusterfuzz/getting-started/local-instance/#local-google-cloud-storage +[9]: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/#libfuzzer +[10]: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/#prerequisites diff --git a/oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests b/oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests index bbffd4e..a32f5a3 100755 --- a/oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests +++ b/oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests @@ -4,13 +4,9 @@ set -ex export CXX=clang++ export CC=clang export GYP_DEFINES="$GYP_DEFINES clang=1" - export PATH_TO_CDM_DIR=. -gyp --format=ninja --depth=$(pwd) oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gyp -ninja -C out/Default -# oemcrypto_odkitee_fuzztests.gypi has flags to instrument all the gyp targets -# with fuzzer flags. -gyp --format=ninja --depth=$(pwd) \ - --include=oemcrypto/test/fuzz_tests/oemcrypto_odkitee_fuzztests.gypi \ - oemcrypto/test/fuzz_tests/oemcrypto_odkitee_fuzztests.gyp +export PYTHONPATH="$PYTHONPATH:$PATH_TO_CDM_DIR/third_party" + +python3 $PATH_TO_CDM_DIR/third_party/gyp/__init__.py --format=ninja \ + --depth=$(pwd) oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gyp ninja -C out/Default \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/build_partner_oemcrypto_fuzztests b/oemcrypto/test/fuzz_tests/build_partner_oemcrypto_fuzztests new file mode 100644 index 0000000..b320a8f --- /dev/null +++ b/oemcrypto/test/fuzz_tests/build_partner_oemcrypto_fuzztests @@ -0,0 +1,15 @@ +#!/bin/bash +set -ex + +# For use by partners to generate fuzz binaries for their OEMCrypto +# implementation on linux. + +export CXX=clang++ +export CC=clang +export GYP_DEFINES="$GYP_DEFINES clang=1 oemcrypto_static_library=$1" +export PATH_TO_CDM_DIR=. +export PYTHONPATH="$PYTHONPATH:$PATH_TO_CDM_DIR/third_party" + +python3 $PATH_TO_CDM_DIR/third_party/gyp/__init__.py --format=ninja \ + --depth=$(pwd) oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gyp +ninja -C out/Default \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/1970fbbb5d20902996167f3309fbd38a6850b147 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/1970fbbb5d20902996167f3309fbd38a6850b147 new file mode 100644 index 0000000..3c2447f Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/1970fbbb5d20902996167f3309fbd38a6850b147 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/5812ad7753622d9177a1b3dd71c6c4a008ff54eb b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/5812ad7753622d9177a1b3dd71c6c4a008ff54eb new file mode 100644 index 0000000..46c70c7 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/5812ad7753622d9177a1b3dd71c6c4a008ff54eb differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/10da8c370429a6a450d5ad0ee563653d18dbfeb8 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/10da8c370429a6a450d5ad0ee563653d18dbfeb8 new file mode 100644 index 0000000..129e7c5 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/10da8c370429a6a450d5ad0ee563653d18dbfeb8 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/1ae600c50a9a0bca685d7b83004fa3135901ded2 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/1ae600c50a9a0bca685d7b83004fa3135901ded2 new file mode 100644 index 0000000..803d215 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/1ae600c50a9a0bca685d7b83004fa3135901ded2 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/21d16dc13d2b8103c7943a5bd960ebc77dfefde4 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/21d16dc13d2b8103c7943a5bd960ebc77dfefde4 new file mode 100644 index 0000000..f3c738d Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/21d16dc13d2b8103c7943a5bd960ebc77dfefde4 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/38d4821122ddf0e84dba312f444bfbef5b81cc9d b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/38d4821122ddf0e84dba312f444bfbef5b81cc9d new file mode 100644 index 0000000..deaea68 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/38d4821122ddf0e84dba312f444bfbef5b81cc9d differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cdf5d3cd5937b78d2560970a0ccce14fb0d0230 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cdf5d3cd5937b78d2560970a0ccce14fb0d0230 new file mode 100644 index 0000000..1daaa24 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cdf5d3cd5937b78d2560970a0ccce14fb0d0230 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cf22dc963d6705061004cb0fad32bdebc86ffc9 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cf22dc963d6705061004cb0fad32bdebc86ffc9 new file mode 100644 index 0000000..30e8810 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cf22dc963d6705061004cb0fad32bdebc86ffc9 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3d891464eace6f7d3c716830e6051f7e90b90610 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3d891464eace6f7d3c716830e6051f7e90b90610 new file mode 100644 index 0000000..66ff92c Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3d891464eace6f7d3c716830e6051f7e90b90610 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/6f65463040c50e026e252e7544dff41babbc4604 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/6f65463040c50e026e252e7544dff41babbc4604 new file mode 100644 index 0000000..a7629af Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/6f65463040c50e026e252e7544dff41babbc4604 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/737cd5853708e2d2732e4c54dc944bc54d522406 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/737cd5853708e2d2732e4c54dc944bc54d522406 new file mode 100644 index 0000000..93bed59 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/737cd5853708e2d2732e4c54dc944bc54d522406 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/d775f9b5597e76cbf380ad74fea86c307c224309 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/d775f9b5597e76cbf380ad74fea86c307c224309 new file mode 100644 index 0000000..e6b86fa Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/d775f9b5597e76cbf380ad74fea86c307c224309 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/e9c4232d40cbc76f71220641ea9f8740bfedd306 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/e9c4232d40cbc76f71220641ea9f8740bfedd306 new file mode 100644 index 0000000..d586f10 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/e9c4232d40cbc76f71220641ea9f8740bfedd306 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/eaf3adf2980f1f1f021aafe465ec04d2bbf5d1ce b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/eaf3adf2980f1f1f021aafe465ec04d2bbf5d1ce new file mode 100644 index 0000000..a7dc614 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/eaf3adf2980f1f1f021aafe465ec04d2bbf5d1ce differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/f6c28150e2e1a1390516a09d453d33cb9a1337b4 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/f6c28150e2e1a1390516a09d453d33cb9a1337b4 new file mode 100644 index 0000000..b980096 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/f6c28150e2e1a1390516a09d453d33cb9a1337b4 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generate_rsa_signature_fuzz_seed_corpus/1315634022 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generate_rsa_signature_fuzz_seed_corpus/1315634022 new file mode 100644 index 0000000..60e4ed9 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generate_rsa_signature_fuzz_seed_corpus/1315634022 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/6c6a072aa58399454ee759bac539109a20f7e97f b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/6c6a072aa58399454ee759bac539109a20f7e97f new file mode 100644 index 0000000..411b41c Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/6c6a072aa58399454ee759bac539109a20f7e97f differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/75ae4c5769c9568d631452df3b3702d876e4863a b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/75ae4c5769c9568d631452df3b3702d876e4863a new file mode 100644 index 0000000..dd245f4 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/75ae4c5769c9568d631452df3b3702d876e4863a differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/9bdb356ec50807b86c807c09c780267101fd1a0b b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/9bdb356ec50807b86c807c09c780267101fd1a0b new file mode 100644 index 0000000..ff53f68 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/9bdb356ec50807b86c807c09c780267101fd1a0b differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/4114e243c6726f2d6dd11baefc4ad43fbd2b3595 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/4114e243c6726f2d6dd11baefc4ad43fbd2b3595 new file mode 100644 index 0000000..d42496e Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/4114e243c6726f2d6dd11baefc4ad43fbd2b3595 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/424ad879ed92e646707f53a2cd963910ffbb5c08 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/424ad879ed92e646707f53a2cd963910ffbb5c08 new file mode 100644 index 0000000..747df46 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/424ad879ed92e646707f53a2cd963910ffbb5c08 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_sign_fuzz_seed_corpus/f5d513d7333b92263ad849759db52a0cb4f383cd b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_sign_fuzz_seed_corpus/f5d513d7333b92263ad849759db52a0cb4f383cd new file mode 100644 index 0000000..4eb47bc Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_sign_fuzz_seed_corpus/f5d513d7333b92263ad849759db52a0cb4f383cd differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/374d2a1ab0be81451653b26a0ff99c2f20351700 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/374d2a1ab0be81451653b26a0ff99c2f20351700 new file mode 100644 index 0000000..561fce2 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/374d2a1ab0be81451653b26a0ff99c2f20351700 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/7a883f7628e57eb5fe48d660fed48ac5da2f5d21 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/7a883f7628e57eb5fe48d660fed48ac5da2f5d21 new file mode 100644 index 0000000..2f041f7 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/7a883f7628e57eb5fe48d660fed48ac5da2f5d21 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/a591b11c7ff1f45e8edb1a055a3255edb247576d b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/a591b11c7ff1f45e8edb1a055a3255edb247576d new file mode 100644 index 0000000..f5dc76e Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/a591b11c7ff1f45e8edb1a055a3255edb247576d differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/c182ac7556d1cd1ed73da74882dee807381f3ee0 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/c182ac7556d1cd1ed73da74882dee807381f3ee0 new file mode 100644 index 0000000..7a2af72 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/c182ac7556d1cd1ed73da74882dee807381f3ee0 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/3f58051d431ac575d0b804b2d512e46d7e8b4cda b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/3f58051d431ac575d0b804b2d512e46d7e8b4cda new file mode 100644 index 0000000..40d4436 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/3f58051d431ac575d0b804b2d512e46d7e8b4cda differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/4e2fef7ad945773dd77eb37d7d08dd2368ad4b89 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/4e2fef7ad945773dd77eb37d7d08dd2368ad4b89 new file mode 100644 index 0000000..57fbaf0 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/4e2fef7ad945773dd77eb37d7d08dd2368ad4b89 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/6f8b954fb7f8be2c3632f931aaf55e3d1a6c58d8 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/6f8b954fb7f8be2c3632f931aaf55e3d1a6c58d8 new file mode 100644 index 0000000..baf0a05 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/6f8b954fb7f8be2c3632f931aaf55e3d1a6c58d8 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/7997b5673d5a9402b2f8acc43f92cdf6ad1f913d b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/7997b5673d5a9402b2f8acc43f92cdf6ad1f913d new file mode 100644 index 0000000..4e60052 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/7997b5673d5a9402b2f8acc43f92cdf6ad1f913d differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/8196b2365ca56224853dfeeddde216b4f467f0dd b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/8196b2365ca56224853dfeeddde216b4f467f0dd new file mode 100644 index 0000000..639ab6a Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/8196b2365ca56224853dfeeddde216b4f467f0dd differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/81ac6d013d80da7f67fe6fbb5e8c15a35a0d8134 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/81ac6d013d80da7f67fe6fbb5e8c15a35a0d8134 new file mode 100644 index 0000000..16a14bc Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/81ac6d013d80da7f67fe6fbb5e8c15a35a0d8134 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0567e5f52c00fed0ad7858164434b02d8e629064 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0567e5f52c00fed0ad7858164434b02d8e629064 new file mode 100644 index 0000000..08541f4 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0567e5f52c00fed0ad7858164434b02d8e629064 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0f5cc252aaf43eaa1570ca07d174a0f96333c592 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0f5cc252aaf43eaa1570ca07d174a0f96333c592 new file mode 100644 index 0000000..6f71c2e Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0f5cc252aaf43eaa1570ca07d174a0f96333c592 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0fdcae4df7bc325099fb4b3b01a1c9290229f86c b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0fdcae4df7bc325099fb4b3b01a1c9290229f86c new file mode 100644 index 0000000..6f61946 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0fdcae4df7bc325099fb4b3b01a1c9290229f86c differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/134a0d85fbcbe367e66d69127114bece71add806 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/134a0d85fbcbe367e66d69127114bece71add806 new file mode 100644 index 0000000..70ed9c5 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/134a0d85fbcbe367e66d69127114bece71add806 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/1ee4b9ce1a4acc41e912487383ad77f3ccaa97fb b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/1ee4b9ce1a4acc41e912487383ad77f3ccaa97fb new file mode 100644 index 0000000..cab8c50 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/1ee4b9ce1a4acc41e912487383ad77f3ccaa97fb differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2d7246bd48ed8b68599445c98bb822c87f86acd1 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2d7246bd48ed8b68599445c98bb822c87f86acd1 new file mode 100644 index 0000000..0aded9d Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2d7246bd48ed8b68599445c98bb822c87f86acd1 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2f64b8ffa25844924fe24678067feee9be80f4ec b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2f64b8ffa25844924fe24678067feee9be80f4ec new file mode 100644 index 0000000..7aac2f9 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2f64b8ffa25844924fe24678067feee9be80f4ec differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/3acf30d485a4370ceb8e64785094a50b768e1ca4 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/3acf30d485a4370ceb8e64785094a50b768e1ca4 new file mode 100644 index 0000000..57edbd7 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/3acf30d485a4370ceb8e64785094a50b768e1ca4 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/461c08228ae6a0eaa191d24eea1823b46f4a9d67 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/461c08228ae6a0eaa191d24eea1823b46f4a9d67 new file mode 100644 index 0000000..591c0e9 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/461c08228ae6a0eaa191d24eea1823b46f4a9d67 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/4b69b92f45febc4dbf5b8fb9a216a290ba51d478 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/4b69b92f45febc4dbf5b8fb9a216a290ba51d478 new file mode 100644 index 0000000..0a09fb4 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/4b69b92f45febc4dbf5b8fb9a216a290ba51d478 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/5db53de009652f61b1ed21ee988d0156ce287033 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/5db53de009652f61b1ed21ee988d0156ce287033 new file mode 100644 index 0000000..dc80cb8 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/5db53de009652f61b1ed21ee988d0156ce287033 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/618cdf5927b2b092d9d7b5e93c30af8708270f11 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/618cdf5927b2b092d9d7b5e93c30af8708270f11 new file mode 100644 index 0000000..dc58149 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/618cdf5927b2b092d9d7b5e93c30af8708270f11 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/78e527f05b03c2ecd8a0ffc2baeb5dab57088934 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/78e527f05b03c2ecd8a0ffc2baeb5dab57088934 new file mode 100644 index 0000000..bd4f876 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/78e527f05b03c2ecd8a0ffc2baeb5dab57088934 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7dcdad1c2df1656678947b2009a9fcea44f4025d b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7dcdad1c2df1656678947b2009a9fcea44f4025d new file mode 100644 index 0000000..e320261 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7dcdad1c2df1656678947b2009a9fcea44f4025d differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7e120b1ec852c448490b9b060a5f35deb486c360 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7e120b1ec852c448490b9b060a5f35deb486c360 new file mode 100644 index 0000000..9bed284 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7e120b1ec852c448490b9b060a5f35deb486c360 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7f701c0f31e68192bc8c829f343fa2326aa4d3dc b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7f701c0f31e68192bc8c829f343fa2326aa4d3dc new file mode 100644 index 0000000..7cd10af Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7f701c0f31e68192bc8c829f343fa2326aa4d3dc differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/8243212a7a7160c91e2f9717b855b568f9a34233 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/8243212a7a7160c91e2f9717b855b568f9a34233 new file mode 100644 index 0000000..352ae2e Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/8243212a7a7160c91e2f9717b855b568f9a34233 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/85bff933def1ce530a1febd93ef2890ed4bcdcb5 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/85bff933def1ce530a1febd93ef2890ed4bcdcb5 new file mode 100644 index 0000000..1e5f340 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/85bff933def1ce530a1febd93ef2890ed4bcdcb5 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/a06905d0b9421966c527b5ef2ac68bdce1e0cfe5 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/a06905d0b9421966c527b5ef2ac68bdce1e0cfe5 new file mode 100644 index 0000000..02ccf56 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/a06905d0b9421966c527b5ef2ac68bdce1e0cfe5 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/b452f7b6c615035d63a9825c5c17e049f54648ef b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/b452f7b6c615035d63a9825c5c17e049f54648ef new file mode 100644 index 0000000..c708d1e Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/b452f7b6c615035d63a9825c5c17e049f54648ef differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/bb8c2201cf10fd7d24fc0c8009a44525f426b033 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/bb8c2201cf10fd7d24fc0c8009a44525f426b033 new file mode 100644 index 0000000..8f98344 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/bb8c2201cf10fd7d24fc0c8009a44525f426b033 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/c7a7cd07925450628efa677165d403510d89bf51 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/c7a7cd07925450628efa677165d403510d89bf51 new file mode 100644 index 0000000..5442beb Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/c7a7cd07925450628efa677165d403510d89bf51 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-5919435528601600 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-5919435528601600 new file mode 100644 index 0000000..58dc14f Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-5919435528601600 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-6406770604638208 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-6406770604638208 new file mode 100644 index 0000000..1a0f23c Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-6406770604638208 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/d7014f417415314dd83162570bcafd7935875f00 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/d7014f417415314dd83162570bcafd7935875f00 new file mode 100644 index 0000000..3df5267 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/d7014f417415314dd83162570bcafd7935875f00 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e26757270b3d149d1ce10bef32ed0b3a5794977c b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e26757270b3d149d1ce10bef32ed0b3a5794977c new file mode 100644 index 0000000..d891152 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e26757270b3d149d1ce10bef32ed0b3a5794977c differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e598a949c6b14e1a3f96bcdf1b3d9335b07a6085 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e598a949c6b14e1a3f96bcdf1b3d9335b07a6085 new file mode 100644 index 0000000..b54027c Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e598a949c6b14e1a3f96bcdf1b3d9335b07a6085 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/2f194a24b3b2f2e096403926fca6b2fda4883e7c b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/2f194a24b3b2f2e096403926fca6b2fda4883e7c new file mode 100644 index 0000000..73e48a7 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/2f194a24b3b2f2e096403926fca6b2fda4883e7c differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/4b31607722adad1f28555bc9b07cd17100a90df6 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/4b31607722adad1f28555bc9b07cd17100a90df6 new file mode 100644 index 0000000..2f42d66 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/4b31607722adad1f28555bc9b07cd17100a90df6 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/543f332b627f3891b3f15c6227f4f946cba81886 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/543f332b627f3891b3f15c6227f4f946cba81886 new file mode 100644 index 0000000..b3788a2 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/543f332b627f3891b3f15c6227f4f946cba81886 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/6a33ae6e95eb1b9fbf116359df679265376b308b b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/6a33ae6e95eb1b9fbf116359df679265376b308b new file mode 100644 index 0000000..dcab52c Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/6a33ae6e95eb1b9fbf116359df679265376b308b differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/a98f2da86c01706159e32fc37c1a6b2df779395a b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/a98f2da86c01706159e32fc37c1a6b2df779395a new file mode 100644 index 0000000..dfa20e2 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/a98f2da86c01706159e32fc37c1a6b2df779395a differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/dc6e941489e6164e349a9dd0a80713f57645b0db b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/dc6e941489e6164e349a9dd0a80713f57645b0db new file mode 100644 index 0000000..c948661 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/dc6e941489e6164e349a9dd0a80713f57645b0db differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/fb7a84cdab0bff7dabb339c7fc35eb2ea3c2eb9c b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/fb7a84cdab0bff7dabb339c7fc35eb2ea3c2eb9c new file mode 100644 index 0000000..eacb9d2 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/fb7a84cdab0bff7dabb339c7fc35eb2ea3c2eb9c differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f00652aa0e80e90257bfa28a63e623a92e25d4d8 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f00652aa0e80e90257bfa28a63e623a92e25d4d8 new file mode 100644 index 0000000..a71ef18 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f00652aa0e80e90257bfa28a63e623a92e25d4d8 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f2f45ab615736936405ec6c8df9ab92dbc91017b b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f2f45ab615736936405ec6c8df9ab92dbc91017b new file mode 100644 index 0000000..263e060 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f2f45ab615736936405ec6c8df9ab92dbc91017b differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_provisioning_request_fuzz_seed_corpus/6ee38ff02d14cae0565cd26553cde5f898444014 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_provisioning_request_fuzz_seed_corpus/6ee38ff02d14cae0565cd26553cde5f898444014 new file mode 100644 index 0000000..1eb62c3 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_provisioning_request_fuzz_seed_corpus/6ee38ff02d14cae0565cd26553cde5f898444014 differ diff --git a/oemcrypto/test/fuzz_tests/corpus/oemcrypto_renewal_request_fuzz_seed_corpus/2e120b916a62c00addf137d7e7733620394009b8 b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_renewal_request_fuzz_seed_corpus/2e120b916a62c00addf137d7e7733620394009b8 new file mode 100644 index 0000000..8d09e73 Binary files /dev/null and b/oemcrypto/test/fuzz_tests/corpus/oemcrypto_renewal_request_fuzz_seed_corpus/2e120b916a62c00addf137d7e7733620394009b8 differ diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_deactivate_usage_entry_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_deactivate_usage_entry_fuzz.cc new file mode 100644 index 0000000..560a172 --- /dev/null +++ b/oemcrypto/test/fuzz_tests/oemcrypto_deactivate_usage_entry_fuzz.cc @@ -0,0 +1,30 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + LicenseWithUsageEntryFuzz entry; + entry.CreateUsageTableHeader(); + // Open a session, create a usage entry. + Session* session = entry.license_messages().session(); + session->open(); + entry.InstallTestRSAKey(session); + session->GenerateNonce(); + session->CreateNewUsageEntry(); + vector encrypted_usage_header; + session->UpdateUsageEntry(&encrypted_usage_header); + // LoadLicense sets the pst for usage entry. + entry.LoadLicense(); + + OEMCrypto_DeactivateUsageEntry(session->session_id(), data, size); + session->close(); + return 0; +} +} // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_cenc_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_cenc_fuzz.cc index b69bdf7..6ff69a9 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_cenc_fuzz.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_cenc_fuzz.cc @@ -1,13 +1,13 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #include "FuzzedDataProvider.h" #include "OEMCryptoCENC.h" #include "log.h" +#include "odk_overflow.h" #include "oemcrypto_fuzz_helper.h" #include "oemcrypto_fuzz_structs.h" -#include "oemcrypto_overflow.h" namespace wvoec { const size_t MAX_FUZZ_SAMPLE_SIZE = 5 * MB; @@ -95,7 +95,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Read subsamples from fuzzed data. vector subsamples; - while (fuzzed_subsample_data.remaining_bytes() > + while (fuzzed_subsample_data.remaining_bytes() >= sizeof(OEMCrypto_SubSampleDescription)) { OEMCrypto_SubSampleDescription subsample; fuzzed_subsample_data.ConsumeData(&subsample, @@ -138,9 +138,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Copy sub sample data. sample_descriptions[i].subsamples = &subsamples[input_subsample_index]; - if (AddOverflowUX(input_subsample_index, - sample_descriptions[i].subsamples_length, - &input_subsample_index)) { + if (odk_add_overflow_ux(input_subsample_index, + sample_descriptions[i].subsamples_length, + &input_subsample_index)) { return 0; } if (input_subsample_index > subsamples.size()) return 0; diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc index 3596d61..f76fafa 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc @@ -1,5 +1,5 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #include "oemcrypto_fuzz_helper.h" @@ -22,4 +22,45 @@ std::vector> SplitInput(const uint8_t* data, size_t size) { } return result; } + +void OEMCryptoLicenseAPIFuzz::LoadLicense() { + license_messages_.SignAndVerifyRequest(); + license_messages_.CreateDefaultResponse(); + license_messages_.EncryptAndSignResponse(); + OEMCryptoResult sts = license_messages_.LoadResponse(); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); +} + +void OEMCryptoProvisioningAPIFuzz::LoadProvisioning() { + provisioning_messages_.SignAndVerifyRequest(); + provisioning_messages_.CreateDefaultResponse(); + provisioning_messages_.EncryptAndSignResponse(); + OEMCryptoResult sts = provisioning_messages_.LoadResponse(); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); +} + +void LicenseWithUsageEntryFuzz::CreateUsageTableHeader() { + size_t header_buffer_length = 0; + OEMCryptoResult sts = + OEMCrypto_CreateUsageTableHeader(nullptr, &header_buffer_length); + encrypted_usage_header_.resize(header_buffer_length); + sts = OEMCrypto_CreateUsageTableHeader(encrypted_usage_header_.data(), + &header_buffer_length); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); +} + +void LicenseWithUsageEntryFuzz::LoadLicense() { + license_messages_.SignAndVerifyRequest(); + license_messages_.CreateDefaultResponse(); + license_messages_.EncryptAndSignResponse(); + OEMCryptoResult sts = license_messages_.LoadResponse(); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); +} + +void CheckStatusAndExitFuzzerOnFailure(OEMCryptoResult result, + OEMCryptoResult expected_status) { + if (result != expected_status) { + abort(); + } +} } // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h index c524196..2aa1f46 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h +++ b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h @@ -1,5 +1,5 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #ifndef OEMCRYPTO_FUZZ_HELPER_H_ #define OEMCRYPTO_FUZZ_HELPER_H_ @@ -13,6 +13,16 @@ #include "oemcrypto_session_tests_helper.h" namespace wvoec { +// Forward-declare the libFuzzer's mutator callback. Mark it weak so that +// the program links successfully even outside of --config=asan-fuzzer +// (apparently the only config in which LLVM uses our custom mutator). +extern "C" size_t LLVMFuzzerMutate(uint8_t* Data, size_t Size, size_t MaxSize) + __attribute__((weak)); + +const size_t KB = 1024; +// Maximum signature length. If fuzzed signature length is greater that this, +// this value will be used for signature length. +const size_t MAX_FUZZ_SIGNATURE_LENGTH = 5 * KB; // Initial setup to create a valid OEMCrypto state such as initializing crypto // firmware/hardware, installing golden key box etc. in order to fuzz // OEMCrypto APIs. @@ -42,12 +52,7 @@ class OEMCryptoLicenseAPIFuzz : public InitializeFuzz { Session* session() { return &session_; } - void LoadLicense() { - license_messages_.SignAndVerifyRequest(); - license_messages_.CreateDefaultResponse(); - license_messages_.EncryptAndSignResponse(); - license_messages_.LoadResponse(); - } + void LoadLicense(); private: Session session_; @@ -64,9 +69,11 @@ class OEMCryptoProvisioningAPIFuzz : public InitializeFuzz { ~OEMCryptoProvisioningAPIFuzz() { session_.close(); } + void LoadProvisioning(); ProvisioningRoundTrip& provisioning_messages() { return provisioning_messages_; } + Session* session() { return &session_; } private: Session session_; @@ -85,6 +92,25 @@ class OEMCryptoRenewalAPIFuzz : public OEMCryptoLicenseAPIFuzz { RenewalRoundTrip renewal_messages_; }; +class LicenseWithUsageEntryFuzz : public InitializeFuzz { + public: + LicenseWithUsageEntryFuzz() : license_messages_(&session_) { + license_messages_.set_pst("my_pst"); + } + + void CreateUsageTableHeader(); + LicenseRoundTrip& license_messages() { return license_messages_; } + const vector& encrypted_usage_header() { + return encrypted_usage_header_; + } + void LoadLicense(); + + private: + vector encrypted_usage_header_; + LicenseRoundTrip license_messages_; + Session session_; +}; + // Convert data to valid enum value. template void ConvertDataToValidEnum(T max_enum_value, T* t) { @@ -99,6 +125,10 @@ void RedirectStdoutToFile(); // Function to split fuzzer input using delimiter "-_^_". std::vector> SplitInput(const uint8_t* data, size_t size); +// Check the status and exit fuzzer if arguments do not match. This is usually +// called to check status of APIs which are called to setup state for fuzzers. +void CheckStatusAndExitFuzzerOnFailure(OEMCryptoResult result, + OEMCryptoResult expected_status); } // namespace wvoec #endif // OEMCRYPTO_FUZZ_HELPER_H_ diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_structs.h b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_structs.h index 52fb400..5a5febb 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_structs.h +++ b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_structs.h @@ -1,9 +1,12 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #ifndef OEMCRYPTO_FUZZ_STRUCTS_H_ #define OEMCRYPTO_FUZZ_STRUCTS_H_ +#include "core_message_types.h" +#include "odk.h" + namespace wvoec { struct OEMCrypto_Renewal_Response_Fuzz { // Timer limits in core license response needs to be fuzzed as load renewal @@ -37,6 +40,34 @@ struct OEMCrypto_Decrypt_Cenc_Fuzz { // Sample data and subsample data are of variable length and not included in // this structure. }; + +struct OEMCrypto_Generic_Api_Fuzz { + // Corpus format is as below, let | be separator. + // cipher_mode + algorithm + iv | buffer with actual data + OEMCryptoCipherMode cipher_mode; + OEMCrypto_Algorithm algorithm; + // iv and buffer data are of variable length and not included in + // this structure. +}; + +struct OEMCrypto_Generic_Verify_Fuzz { + // Corpus format is as belowr. + // cipher_mode + algorithm + signature_length + buffer with actual data + OEMCryptoCipherMode cipher_mode; + OEMCrypto_Algorithm algorithm; + size_t signature_length; + // Buffer data is of variable length and not included in + // this structure. +}; + +struct OEMCrypto_Generate_RSA_Signature_Fuzz { + // Corpus format is as below, let | be separator. + // padding_scheme + signature_length + input buffer + RSA_Padding_Scheme padding_scheme; + size_t signature_length; + // input buffer data is of variable length and not included in + // this structure. +}; } // namespace wvoec #endif // OEMCRYPTO_FUZZ_STRUCTS_H_ \ No newline at end of file diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gyp b/oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gyp index e263c13..6192f29 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gyp +++ b/oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gyp @@ -1,5 +1,5 @@ # Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary -#source code may only be used and distributed under the Widevine Master License +#source code may only be used and distributed under the Widevine License #Agreement. # # Builds under the CDM ./build.py (target platform) build system @@ -65,5 +65,59 @@ 'oemcrypto_load_entitled_content_keys_fuzz.cc', ], }, + { + 'target_name': 'oemcrypto_generic_encrypt_fuzz', + 'sources': [ + 'oemcrypto_generic_encrypt_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_generic_decrypt_fuzz', + 'sources': [ + 'oemcrypto_generic_decrypt_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_generic_sign_fuzz', + 'sources': [ + 'oemcrypto_generic_sign_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_generic_verify_fuzz', + 'sources': [ + 'oemcrypto_generic_verify_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_generate_rsa_signature_fuzz', + 'sources': [ + 'oemcrypto_generate_rsa_signature_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_load_usage_table_header_fuzz', + 'sources': [ + 'oemcrypto_load_usage_table_header_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_load_usage_entry_fuzz', + 'sources': [ + 'oemcrypto_load_usage_entry_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_deactivate_usage_entry_fuzz', + 'sources': [ + 'oemcrypto_deactivate_usage_entry_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_report_usage_fuzz', + 'sources': [ + 'oemcrypto_report_usage_fuzz.cc', + ], + }, ], } diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gypi b/oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gypi index 2b23666..6d43e37 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gypi +++ b/oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gypi @@ -1,5 +1,5 @@ # Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary -#source code may only be used and distributed under the Widevine Master License +#source code may only be used and distributed under the Widevine License #Agreement. { @@ -52,30 +52,49 @@ 'defines': [ 'OEMCRYPTO_FUZZ_TESTS', ], + 'cflags': [ + '-fPIC', + ], + 'cflags_c': [ + '-std=c11', + '-D_POSIX_C_SOURCE=200809L', + ], + 'cflags_cc': [ + '-std=c++11', + ], + 'ldflags': [ + '-fPIC', + ], + 'libraries': [ + '-lpthread', + ], 'conditions': [ ['generate_code_coverage_report=="false"', { # Include flags to build fuzzer binaries for cluster fuzz. - 'cflags_cc': [ - '-std=c++11', + 'cflags': [ + '-O0', + '-fno-omit-frame-pointer', + '-U_FORTIFY_SOURCE', '-fsanitize=fuzzer,address,undefined', + '-fno-sanitize-recover=address,undefined', # Need -g flag to include source line numbers in error stack trace. - '-g', + '-g3', + ], + 'cflags_cc' : [ + '-frtti', ], 'ldflags': [ - '-fPIC', - '-fsanitize=fuzzer,address,undefined', + # Sanitizers with link-time components must be repeated here. + '-fsanitize=fuzzer,address', ], }], ['generate_code_coverage_report=="true"', { # Include flags to build fuzzer binaries to generate source based code coverage reports. - 'cflags_cc': [ - '-std=c++11', + 'cflags': [ '-fprofile-instr-generate', '-fcoverage-mapping', ], 'ldflags': [ - '-fPIC', - '-fsanitize=fuzzer,address,undefined', '-fprofile-instr-generate', '-fcoverage-mapping', ], @@ -95,7 +114,4 @@ ], }], ], # conditions - 'libraries': [ - '-lpthread', - ], } diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_generate_rsa_signature_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_generate_rsa_signature_fuzz.cc new file mode 100644 index 0000000..872b302 --- /dev/null +++ b/oemcrypto/test/fuzz_tests/oemcrypto_generate_rsa_signature_fuzz.cc @@ -0,0 +1,34 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "OEMCryptoCENC.h" +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + OEMCrypto_Generate_RSA_Signature_Fuzz fuzzed_structure; + if (size <= sizeof(OEMCrypto_Generate_RSA_Signature_Fuzz)) { + return 0; + } + + // Copy data to fuzzed structure. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + // Creates wrapped rsa key and calls load drm private key. + static OEMCryptoLicenseAPIFuzz license_api_fuzz; + // We cannot allocate buffers of random huge lengths in memory. + // This also slows down the fuzzer. + size_t signature_length = + std::min(MAX_FUZZ_SIGNATURE_LENGTH, fuzzed_structure.signature_length); + vector signature(signature_length); + OEMCrypto_GenerateRSASignature( + license_api_fuzz.session()->session_id(), data + sizeof(fuzzed_structure), + size - sizeof(fuzzed_structure), signature.data(), &signature_length, + fuzzed_structure.padding_scheme); + return 0; +} +} // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_generic_decrypt_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_generic_decrypt_fuzz.cc new file mode 100644 index 0000000..e36d550 --- /dev/null +++ b/oemcrypto/test/fuzz_tests/oemcrypto_generic_decrypt_fuzz.cc @@ -0,0 +1,61 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "FuzzedDataProvider.h" +#include "OEMCryptoCENC.h" +#include "log.h" +#include "oemcrypto_fuzz_helper.h" +#include "oemcrypto_fuzz_structs.h" +#include "oemcrypto_types.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + // Split data using separator. + auto inputs = SplitInput(data, size); + if (inputs.size() < 2) { + return 0; + } + + OEMCrypto_Generic_Api_Fuzz fuzzed_structure; + if (inputs[0].size() < sizeof(fuzzed_structure)) { + return 0; + } + // Copy OEMCrypto_Generic_Api_Fuzz from input data. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, + &fuzzed_structure.cipher_mode); + ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, + &fuzzed_structure.algorithm); + + // Copy iv from input data. + size_t iv_size = inputs[0].size() - sizeof(fuzzed_structure); + if (iv_size == 0) { + return 0; + } + vector iv(iv_size); + memcpy(iv.data(), data + sizeof(fuzzed_structure), iv_size); + + // Copy clear buffer from input data. + vector encrypted_buffer(inputs[1].size()); + vector clear_buffer(inputs[1].size()); + memcpy(encrypted_buffer.data(), inputs[1].data(), inputs[1].size()); + + OEMCryptoLicenseAPIFuzz license_api_fuzz; + Session* session = license_api_fuzz.session(); + // Load license and call generic_decrypt API. + license_api_fuzz.LoadLicense(); + OEMCryptoResult sts = OEMCrypto_SelectKey( + session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, fuzzed_structure.cipher_mode); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); + OEMCrypto_Generic_Decrypt(session->session_id(), encrypted_buffer.data(), + encrypted_buffer.size(), iv.data(), + fuzzed_structure.algorithm, clear_buffer.data()); + return 0; +} +} // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_generic_encrypt_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_generic_encrypt_fuzz.cc new file mode 100644 index 0000000..df0a35e --- /dev/null +++ b/oemcrypto/test/fuzz_tests/oemcrypto_generic_encrypt_fuzz.cc @@ -0,0 +1,61 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "FuzzedDataProvider.h" +#include "OEMCryptoCENC.h" +#include "log.h" +#include "oemcrypto_fuzz_helper.h" +#include "oemcrypto_fuzz_structs.h" +#include "oemcrypto_types.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + // Split data using separator. + auto inputs = SplitInput(data, size); + if (inputs.size() < 2) { + return 0; + } + + OEMCrypto_Generic_Api_Fuzz fuzzed_structure; + if (inputs[0].size() < sizeof(fuzzed_structure)) { + return 0; + } + // Copy OEMCrypto_Generic_Api_Fuzz from input data. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, + &fuzzed_structure.cipher_mode); + ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, + &fuzzed_structure.algorithm); + + // Copy iv from input data. + size_t iv_size = inputs[0].size() - sizeof(fuzzed_structure); + if (iv_size == 0) { + return 0; + } + vector iv(iv_size); + memcpy(iv.data(), data + sizeof(fuzzed_structure), iv_size); + + // Copy clear buffer from input data. + vector clear_buffer(inputs[1].size()); + vector encrypted_buffer(inputs[1].size()); + memcpy(clear_buffer.data(), inputs[1].data(), inputs[1].size()); + + OEMCryptoLicenseAPIFuzz license_api_fuzz; + Session* session = license_api_fuzz.session(); + // Load license and call generic_encrypt API. + license_api_fuzz.LoadLicense(); + OEMCryptoResult sts = OEMCrypto_SelectKey( + session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, fuzzed_structure.cipher_mode); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); + OEMCrypto_Generic_Encrypt( + session->session_id(), clear_buffer.data(), clear_buffer.size(), + iv.data(), fuzzed_structure.algorithm, encrypted_buffer.data()); + return 0; +} +} // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_generic_sign_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_generic_sign_fuzz.cc new file mode 100644 index 0000000..d27415d --- /dev/null +++ b/oemcrypto/test/fuzz_tests/oemcrypto_generic_sign_fuzz.cc @@ -0,0 +1,55 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "OEMCryptoCENC.h" +#include "log.h" +#include "oemcrypto_fuzz_helper.h" +#include "oemcrypto_fuzz_structs.h" +#include "oemcrypto_types.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + OEMCrypto_Generic_Api_Fuzz fuzzed_structure; + if (size < sizeof(fuzzed_structure)) { + return 0; + } + // Copy OEMCrypto_Generic_Api_Fuzz from input data. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, + &fuzzed_structure.cipher_mode); + ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, + &fuzzed_structure.algorithm); + + size_t clear_buffer_size = size - sizeof(fuzzed_structure); + if (clear_buffer_size == 0) { + return 0; + } + // Copy clear buffer from input data. + vector clear_buffer(clear_buffer_size); + memcpy(clear_buffer.data(), data + sizeof(fuzzed_structure), + clear_buffer_size); + + OEMCryptoLicenseAPIFuzz license_api_fuzz; + Session* session = license_api_fuzz.session(); + // Load license and call generic_sign API. + license_api_fuzz.LoadLicense(); + OEMCryptoResult sts = OEMCrypto_SelectKey( + session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, fuzzed_structure.cipher_mode); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); + size_t signature_length = 0; + OEMCrypto_Generic_Sign(session->session_id(), clear_buffer.data(), + clear_buffer.size(), fuzzed_structure.algorithm, + nullptr, &signature_length); + vector signature(signature_length); + OEMCrypto_Generic_Sign(session->session_id(), clear_buffer.data(), + clear_buffer.size(), fuzzed_structure.algorithm, + signature.data(), &signature_length); + return 0; +} +} // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc new file mode 100644 index 0000000..076d3ca --- /dev/null +++ b/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc @@ -0,0 +1,67 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include +#include + +#include "OEMCryptoCENC.h" +#include "log.h" +#include "oemcrypto_fuzz_helper.h" +#include "oemcrypto_fuzz_structs.h" +#include "oemcrypto_types.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + OEMCrypto_Generic_Verify_Fuzz fuzzed_structure; + if (size < sizeof(fuzzed_structure)) { + return 0; + } + // Copy OEMCrypto_Generic_Verify_Fuzz from input data. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, + &fuzzed_structure.cipher_mode); + ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, + &fuzzed_structure.algorithm); + + size_t in_buffer_size = size - sizeof(fuzzed_structure); + if (in_buffer_size == 0) { + return 0; + } + // Copy clear buffer from input data. + vector in_buffer(in_buffer_size); + memcpy(in_buffer.data(), data + sizeof(fuzzed_structure), in_buffer_size); + + OEMCryptoLicenseAPIFuzz license_api_fuzz; + Session* session = license_api_fuzz.session(); + // Load license and call generic_verify API. + license_api_fuzz.LoadLicense(); + OEMCrypto_SelectKey(session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, + OEMCrypto_CipherMode_CTR); + // Calculate signature for in buffer. + size_t signature_length = 0; + OEMCrypto_Generic_Sign(session->session_id(), in_buffer.data(), + in_buffer.size(), fuzzed_structure.algorithm, nullptr, + &signature_length); + vector signature(signature_length); + OEMCrypto_Generic_Sign(session->session_id(), in_buffer.data(), + in_buffer.size(), fuzzed_structure.algorithm, + signature.data(), &signature_length); + + OEMCrypto_SelectKey(session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, + fuzzed_structure.cipher_mode); + signature_length = + std::min(MAX_FUZZ_SIGNATURE_LENGTH, fuzzed_structure.signature_length); + signature.resize(signature_length); + OEMCrypto_Generic_Verify(session->session_id(), in_buffer.data(), + in_buffer.size(), fuzzed_structure.algorithm, + signature.data(), signature_length); + return 0; +} +} // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_license_request_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_license_request_fuzz.cc index d100dde..52d3493 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_license_request_fuzz.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_license_request_fuzz.cc @@ -1,5 +1,5 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #include "oemcrypto_fuzz_helper.h" diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_load_entitled_content_keys_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_load_entitled_content_keys_fuzz.cc index 892d6e9..fbb33e6 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_load_entitled_content_keys_fuzz.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_load_entitled_content_keys_fuzz.cc @@ -1,5 +1,5 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #include "FuzzedDataProvider.h" diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_load_license_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_load_license_fuzz.cc index e125ae0..64f5f4b 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_load_license_fuzz.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_load_license_fuzz.cc @@ -1,5 +1,5 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #include "oemcrypto_fuzz_helper.h" @@ -20,7 +20,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Convert OEMCrypto_LicenseType in core_response to a valid enum value. ConvertDataToValidEnum( - OEMCrypto_LicenstType_MaxValue, + OEMCrypto_LicenseType_MaxValue, &license_api_fuzz.license_messages().core_response().license_type); license_api_fuzz.license_messages().EncryptAndSignResponse(); diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_load_provisioning_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_load_provisioning_fuzz.cc index 739f79f..757ab24 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_load_provisioning_fuzz.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_load_provisioning_fuzz.cc @@ -1,5 +1,5 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #include "oemcrypto_fuzz_helper.h" diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_load_renewal_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_load_renewal_fuzz.cc index f521b47..1b6ecfc 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_load_renewal_fuzz.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_load_renewal_fuzz.cc @@ -1,5 +1,5 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #include "oemcrypto_fuzz_helper.h" diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_entry_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_entry_fuzz.cc new file mode 100644 index 0000000..ed47b0b --- /dev/null +++ b/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_entry_fuzz.cc @@ -0,0 +1,61 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "OEMCryptoCENC.h" +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { +LicenseWithUsageEntryFuzz entry; +// The custom mutator to mutate created encrypted usage entry. +extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, + size_t max_size, unsigned int seed) { + entry.CreateUsageTableHeader(); + Session* s = entry.license_messages().session(); + s->open(); + entry.InstallTestRSAKey(s); + uint32_t usage_entry_number = 0; + memcpy(&usage_entry_number, data, sizeof(uint32_t)); + if (OEMCrypto_LoadUsageEntry(s->session_id(), usage_entry_number, + data + sizeof(uint32_t), + size - sizeof(uint32_t)) != OEMCrypto_SUCCESS) { + s->CreateNewUsageEntry(); + vector encrypted_usage_header; + s->UpdateUsageEntry(&encrypted_usage_header); + vector encrypted_usage_entry = s->encrypted_usage_entry(); + usage_entry_number = s->usage_entry_number(); + // Copy created usage entry number and usage entry to data and mutate it. + memcpy(data, &usage_entry_number, sizeof(uint32_t)); + memcpy(data + sizeof(uint32_t), encrypted_usage_entry.data(), + encrypted_usage_entry.size()); + size = sizeof(uint32_t) + encrypted_usage_entry.size(); + } + s->close(); + return LLVMFuzzerMutate(data, size, max_size); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + uint32_t usage_entry_number = 0; + if (size < sizeof(usage_entry_number)) { + return 0; + } + + memcpy(&usage_entry_number, data, sizeof(usage_entry_number)); + const uint8_t* extra_data = data + sizeof(usage_entry_number); + size_t extra_data_size = size - sizeof(usage_entry_number); + if (extra_data_size == 0) { + return 0; + } + + Session s; + s.open(); + OEMCrypto_LoadUsageEntry(s.session_id(), usage_entry_number, extra_data, + extra_data_size); + s.close(); + return 0; +} +} // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_table_header_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_table_header_fuzz.cc new file mode 100644 index 0000000..8d3000a --- /dev/null +++ b/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_table_header_fuzz.cc @@ -0,0 +1,36 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "OEMCryptoCENC.h" +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { + +// The custom mutator to mutate created encrypted usage table header. +extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, + size_t max_size, unsigned int seed) { + LicenseWithUsageEntryFuzz entry; + if (OEMCrypto_LoadUsageTableHeader(data, size) != OEMCrypto_SUCCESS) { + entry.CreateUsageTableHeader(); + if (size < entry.encrypted_usage_header().size()) { + return 0; + } + // Copy created usage table header to data and mutate it. + memcpy(data, entry.encrypted_usage_header().data(), + entry.encrypted_usage_header().size()); + size = entry.encrypted_usage_header().size(); + } + return LLVMFuzzerMutate(data, size, max_size); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + // Initialize OEMCrypto and call API. + InitializeFuzz initialize_fuzz; + OEMCrypto_LoadUsageTableHeader(data, size); + return 0; +} +} // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_odkitee_fuzztests.gypi b/oemcrypto/test/fuzz_tests/oemcrypto_odkitee_fuzztests.gypi index 316b051..574c8b0 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_odkitee_fuzztests.gypi +++ b/oemcrypto/test/fuzz_tests/oemcrypto_odkitee_fuzztests.gypi @@ -1,5 +1,5 @@ # Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -# source code may only be used and distributed under the Widevine Master +# source code may only be used and distributed under the Widevine # License Agreement. # gypi file to be included using --includes option while building oemcrypto @@ -17,13 +17,33 @@ }, # Include flags to build fuzzer binaries to generate source based code coverage reports. 'cflags': [ - '-fsanitize=fuzzer,address,undefined', - # Need -g flag to include source line numbers in error stack trace. - '-g', + '-fPIC', + '-O0', + '-fno-omit-frame-pointer', + '-U_FORTIFY_SOURCE', + '-fsanitize=fuzzer,address,undefined', + '-fno-sanitize-recover=address,undefined', + # Need -g flag to include source line numbers in error stack trace. + '-g3', + ], + 'cflags_c': [ + '-std=c99', + '-D_POSIX_C_SOURCE=200809L', + ], + 'cflags_cc' : [ + '-frtti', + '-std=c++11', ], 'ldflags': [ - '-fPIC', - '-fsanitize=fuzzer,address,undefined', + '-fPIC', + # Sanitizers with link-time components must be repeated here. + '-fsanitize=address', + # Fuzzer is put on its own line so targets that need to swap it for + # the version without a main function can easily find it. + '-fsanitize=fuzzer', + ], + 'libraries': [ + '-lpthread', ], 'conditions': [ ['generate_code_coverage_report=="true"', { diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_provisioning_request_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_provisioning_request_fuzz.cc index 1cda2ab..b66aab6 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_provisioning_request_fuzz.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_provisioning_request_fuzz.cc @@ -1,5 +1,5 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #include "oemcrypto_fuzz_helper.h" diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_renewal_request_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_renewal_request_fuzz.cc index 67ecb0a..8b7fd79 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_renewal_request_fuzz.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_renewal_request_fuzz.cc @@ -1,5 +1,5 @@ // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master +// source code may only be used and distributed under the Widevine // License Agreement. #include "oemcrypto_fuzz_helper.h" diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_report_usage_fuzz.cc b/oemcrypto/test/fuzz_tests/oemcrypto_report_usage_fuzz.cc new file mode 100644 index 0000000..3b3813a --- /dev/null +++ b/oemcrypto/test/fuzz_tests/oemcrypto_report_usage_fuzz.cc @@ -0,0 +1,46 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { +const size_t MAX_FUZZ_PST_REPORT_BUFFER_LENGTH = 5 * MB; +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + size_t pst_buffer_length = 0; + if (size <= sizeof(pst_buffer_length)) { + return 0; + } + + LicenseWithUsageEntryFuzz entry; + entry.CreateUsageTableHeader(); + // Open a session, create a usage entry. + Session* session = entry.license_messages().session(); + session->open(); + entry.InstallTestRSAKey(session); + session->GenerateNonce(); + session->CreateNewUsageEntry(); + vector encrypted_usage_header; + session->UpdateUsageEntry(&encrypted_usage_header); + // Sets pst for usage entry. + entry.LoadLicense(); + + memcpy(&pst_buffer_length, data, sizeof(pst_buffer_length)); + const uint8_t* extra_data = data + sizeof(pst_buffer_length); + size_t extra_data_size = size - sizeof(pst_buffer_length); + // We cannot allocate a huge buffer, hence limiting buffer size to + // MAX_FUZZ_PST_REPORT_BUFFER_LENGTH. + pst_buffer_length = + std::min(MAX_FUZZ_PST_REPORT_BUFFER_LENGTH, pst_buffer_length); + vector pst_report_buffer(pst_buffer_length); + // Call API with fuzzed pst_buffer_length, pst. + OEMCrypto_ReportUsage(session->session_id(), extra_data, extra_data_size, + pst_report_buffer.data(), &pst_buffer_length); + session->close(); + return 0; +} +} // namespace wvoec diff --git a/oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gyp b/oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gyp new file mode 100644 index 0000000..bd72a5c --- /dev/null +++ b/oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gyp @@ -0,0 +1,119 @@ +# Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary +# source code may only be used and distributed under the Widevine License +# Agreement. +# +# Gyp configurations to build fuzz tests for partners on linux. +# This should be used by partners who want to run oemcrypto fuzz tests on +# their implementation on linux. +{ + 'target_defaults': { + 'type': 'executable', + 'includes': [ + 'partner_oemcrypto_fuzztests.gypi', + ], + }, + 'targets': [ + { + 'target_name': 'oemcrypto_load_license_fuzz', + 'sources': [ + 'oemcrypto_load_license_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_load_provisioning_fuzz', + 'sources': [ + 'oemcrypto_load_provisioning_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_load_renewal_fuzz', + 'sources': [ + 'oemcrypto_load_renewal_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_license_request_fuzz', + 'sources': [ + 'oemcrypto_license_request_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_provisioning_request_fuzz', + 'sources': [ + 'oemcrypto_provisioning_request_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_renewal_request_fuzz', + 'sources': [ + 'oemcrypto_renewal_request_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_decrypt_cenc_fuzz', + 'sources': [ + 'oemcrypto_decrypt_cenc_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_load_entitled_content_keys_fuzz', + 'sources': [ + 'oemcrypto_load_entitled_content_keys_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_generic_encrypt_fuzz', + 'sources': [ + 'oemcrypto_generic_encrypt_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_generic_decrypt_fuzz', + 'sources': [ + 'oemcrypto_generic_decrypt_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_generic_sign_fuzz', + 'sources': [ + 'oemcrypto_generic_sign_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_generic_verify_fuzz', + 'sources': [ + 'oemcrypto_generic_verify_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_generate_rsa_signature_fuzz', + 'sources': [ + 'oemcrypto_generate_rsa_signature_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_load_usage_table_header_fuzz', + 'sources': [ + 'oemcrypto_load_usage_table_header_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_load_usage_entry_fuzz', + 'sources': [ + 'oemcrypto_load_usage_entry_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_deactivate_usage_entry_fuzz', + 'sources': [ + 'oemcrypto_deactivate_usage_entry_fuzz.cc', + ], + }, + { + 'target_name': 'oemcrypto_report_usage_fuzz', + 'sources': [ + 'oemcrypto_report_usage_fuzz.cc', + ], + }, + ], +} diff --git a/oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gypi b/oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gypi new file mode 100644 index 0000000..16af1a8 --- /dev/null +++ b/oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gypi @@ -0,0 +1,84 @@ +# Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary +# source code may only be used and distributed under the Widevine License +# Agreement. + +{ + 'variables': { + 'boringssl_libcrypto_path%': '../../../third_party/boringssl/boringssl.gyp:crypto', + 'boringssl_libssl_path%': '../../../third_party/boringssl/boringssl.gyp:ssl', + 'oemcrypto_dir': '../..', + 'platform_specific_dir': '../../../linux/src', + 'privacy_crypto_impl%': 'boringssl', + 'oemcrypto_static_library%': '', + 'util_dir': '../../../util', + }, + 'sources': [ + '../../odk/src/core_message_deserialize.cpp', + '../../odk/src/core_message_serialize.cpp', + '../oec_device_features.cpp', + '../oec_key_deriver.cpp', + '../oemcrypto_corpus_generator_helper.cpp', + '../oec_session_util.cpp', + '../oemcrypto_corpus_generator_helper.cpp', + 'oemcrypto_fuzz_helper.cc', + '../oemcrypto_session_tests_helper.cpp', + '<(platform_specific_dir)/file_store.cpp', + '<(platform_specific_dir)/log.cpp', + '<(util_dir)/src/platform.cpp', + '<(util_dir)/src/rw_lock.cpp', + '<(util_dir)/src/string_conversions.cpp', + '<(util_dir)/test/test_sleep.cpp', + '<(util_dir)/test/test_clock.cpp', + ], + 'include_dirs': [ + '../../../third_party/fuzz', + '<(util_dir)/include', + '<(util_dir)/test', + '<(oemcrypto_dir)/include', + '<(oemcrypto_dir)/test', + '<(oemcrypto_dir)/test/fuzz_tests', + '<(oemcrypto_dir)/odk/include', + '<(oemcrypto_dir)/odk/src', + '<(oemcrypto_dir)/opk/oemcrypto_ta', + ], + 'includes': [ + '../../../util/libssl_dependency.gypi', + ], + 'dependencies': [ + '../../../third_party/gmock.gyp:gtest', + '../../../third_party/gmock.gyp:gmock', + ], + 'defines': [ + 'OEMCRYPTO_FUZZ_TESTS', + ], + # Include flags to build fuzzer binaries for cluster fuzz. + 'cflags': [ + '-fPIC', + '-O0', + '-fno-omit-frame-pointer', + '-U_FORTIFY_SOURCE', + '-fsanitize=fuzzer,address,undefined', + '-fno-sanitize-recover=address,undefined', + # Need -g flag to include source line numbers in error stack trace. + '-g3', + ], + 'cflags_c': [ + '-std=c11', + '-D_POSIX_C_SOURCE=200809L', + ], + 'cflags_cc': [ + '-std=c++11', + '-frtti', + ], + 'ldflags': [ + '-fPIC', + # Sanitizers with link-time components must be repeated here. + '-fsanitize=fuzzer,address', + ], + 'libraries': [ + '-lpthread', + # include absolute path to oemcrypto static library on the machine where + # fuzz tests are being built here. + '<(oemcrypto_static_library)', + ], +} diff --git a/oemcrypto/test/fuzz_tests/platforms/x86-64/fuzzer_settings.gypi b/oemcrypto/test/fuzz_tests/platforms/x86-64/fuzzer_settings.gypi index 718280b..5c06bb9 100644 --- a/oemcrypto/test/fuzz_tests/platforms/x86-64/fuzzer_settings.gypi +++ b/oemcrypto/test/fuzz_tests/platforms/x86-64/fuzzer_settings.gypi @@ -1,5 +1,5 @@ # Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary -# source code may only be used and distributed under the Widevine Master +# source code may only be used and distributed under the Widevine # License Agreement. { # Here you can set platform-specific compiler settings.