1d99048c95
Some checks failed
CI / lint (push) Successful in 1m37s
CI / test-python (push) Successful in 1m49s
CI / test-zig (push) Successful in 1m39s
CI / test-wasm (push) Successful in 1m54s
CI / test (push) Successful in 14m44s
CI / miri (push) Successful in 14m18s
CI / build (push) Successful in 1m9s
CI / fuzz-regression (push) Successful in 9m9s
CI / publish (push) Failing after 1m10s
CI / publish-python (push) Failing after 1m46s
CI / publish-wasm (push) Has been cancelled
Signed-off-by: Kamal Tufekcic <kamal@lo.sh>
59 lines
2.3 KiB
Rust
59 lines
2.3 KiB
Rust
#![no_main]
|
|
use libfuzzer_sys::fuzz_target;
|
|
use soliton::storage::{encrypt_dm_queue_blob, decrypt_dm_queue_blob, StorageKey, StorageKeyRing};
|
|
|
|
const FUZZ_KEY: [u8; 32] = [0x42; 32];
|
|
|
|
fuzz_target!(|data: &[u8]| {
|
|
// Wire layout: [compress_flag (1)] [batch_id_len (1)] [batch_id (..)] [plaintext (..)]
|
|
// Minimum: 2 bytes (compress flag + batch_id_len).
|
|
if data.len() < 2 {
|
|
return;
|
|
}
|
|
// Cap input size to prevent OOM — compress_to_vec allocates working
|
|
// buffers proportional to input size.
|
|
if data.len() > 1_048_576 {
|
|
return;
|
|
}
|
|
|
|
let compress = data[0] & 0x01 != 0;
|
|
let batch_len = data[1] as usize;
|
|
|
|
// batch_id must be valid UTF-8 — use a fixed string to avoid
|
|
// rejecting most fuzz inputs on UTF-8 validation.
|
|
let batch_id = if batch_len == 0 { "fuzz-batch" } else { "fuzz-batch-alt" };
|
|
|
|
let plaintext = if data.len() > 2 { &data[2..] } else { &[] };
|
|
|
|
let recipient_fp: [u8; 32] = [0xAA; 32];
|
|
|
|
let key = StorageKey::new(1, FUZZ_KEY).unwrap();
|
|
|
|
// encrypt_dm_queue_blob must never panic. Exercises: DM queue AAD
|
|
// construction (build_dm_queue_aad binds recipient_fp + batch_id),
|
|
// compression, nonce generation, XChaCha20-Poly1305 encryption.
|
|
let blob = match encrypt_dm_queue_blob(&key, plaintext, &recipient_fp, batch_id, compress) {
|
|
Ok(b) => b,
|
|
Err(_) => return,
|
|
};
|
|
|
|
// Roundtrip: decrypt must recover the original plaintext.
|
|
// Catches AAD mismatch, length-prefix errors, compression flag bugs.
|
|
let keyring = StorageKeyRing::new(StorageKey::new(1, FUZZ_KEY).unwrap()).unwrap();
|
|
let recovered = decrypt_dm_queue_blob(&keyring, &blob, &recipient_fp, batch_id)
|
|
.expect("decrypt_dm_queue_blob failed on freshly encrypted blob");
|
|
assert_eq!(&*recovered, plaintext, "DM queue roundtrip mismatch");
|
|
|
|
// Wrong recipient fingerprint must fail — verifies AAD binding.
|
|
let wrong_fp: [u8; 32] = [0xBB; 32];
|
|
assert!(
|
|
decrypt_dm_queue_blob(&keyring, &blob, &wrong_fp, batch_id).is_err(),
|
|
"decrypt must fail with wrong recipient_fp"
|
|
);
|
|
|
|
// Wrong batch_id must fail — verifies AAD binding.
|
|
assert!(
|
|
decrypt_dm_queue_blob(&keyring, &blob, &recipient_fp, "wrong-batch").is_err(),
|
|
"decrypt must fail with wrong batch_id"
|
|
);
|
|
});
|