1d99048c95
Some checks failed
CI / lint (push) Successful in 1m37s
CI / test-python (push) Successful in 1m49s
CI / test-zig (push) Successful in 1m39s
CI / test-wasm (push) Successful in 1m54s
CI / test (push) Successful in 14m44s
CI / miri (push) Successful in 14m18s
CI / build (push) Successful in 1m9s
CI / fuzz-regression (push) Successful in 9m9s
CI / publish (push) Failing after 1m10s
CI / publish-python (push) Failing after 1m46s
CI / publish-wasm (push) Has been cancelled
Signed-off-by: Kamal Tufekcic <kamal@lo.sh>
23 lines
1,009 B
Rust
23 lines
1,009 B
Rust
#![no_main]
|
|
use libfuzzer_sys::fuzz_target;
|
|
use soliton::storage::{decrypt_blob, StorageKey, StorageKeyRing};
|
|
|
|
// Distinct keys per version — catches version-routing bugs that identical keys would hide.
|
|
const FUZZ_KEY_V1: [u8; 32] = [0x42; 32];
|
|
const FUZZ_KEY_V2: [u8; 32] = [0x43; 32];
|
|
const FUZZ_KEY_V3: [u8; 32] = [0x44; 32];
|
|
|
|
fuzz_target!(|data: &[u8]| {
|
|
// Build a keyring with versions 1-3 so version routing is exercised.
|
|
let key1 = StorageKey::new(1, FUZZ_KEY_V1).unwrap();
|
|
let key2 = StorageKey::new(2, FUZZ_KEY_V2).unwrap();
|
|
let key3 = StorageKey::new(3, FUZZ_KEY_V3).unwrap();
|
|
let mut ring = StorageKeyRing::new(key1).unwrap();
|
|
let _ = ring.add_key(key2, false);
|
|
let _ = ring.add_key(key3, false);
|
|
|
|
// decrypt_blob must never panic regardless of input.
|
|
// AEAD rejects most mutations; the pre-AEAD parsing paths
|
|
// (version routing, flag validation, length checks) are the target.
|
|
let _ = decrypt_blob(&ring, data, "fuzz-channel", "fuzz-segment");
|
|
});
|