1d99048c95
Some checks failed
CI / lint (push) Successful in 1m37s
CI / test-python (push) Successful in 1m49s
CI / test-zig (push) Successful in 1m39s
CI / test-wasm (push) Successful in 1m54s
CI / test (push) Successful in 14m44s
CI / miri (push) Successful in 14m18s
CI / build (push) Successful in 1m9s
CI / fuzz-regression (push) Successful in 9m9s
CI / publish (push) Failing after 1m10s
CI / publish-python (push) Failing after 1m46s
CI / publish-wasm (push) Has been cancelled
Signed-off-by: Kamal Tufekcic <kamal@lo.sh>
34 lines
1.2 KiB
Rust
34 lines
1.2 KiB
Rust
#![no_main]
|
|
use libfuzzer_sys::fuzz_target;
|
|
use soliton::streaming::stream_decrypt_init;
|
|
|
|
const FUZZ_KEY: [u8; 32] = [0x42; 32];
|
|
|
|
fuzz_target!(|data: &[u8]| {
|
|
// Fuzz the random-access decrypt path (decrypt_chunk_at) with adversarial
|
|
// (index, chunk) pairs. Exercises index-derived nonce/AAD construction,
|
|
// tag-byte validation, and framing guards through the random-access API
|
|
// which skips the sequential state guards (next_index, finalized).
|
|
if data.len() < 26 + 8 {
|
|
return;
|
|
}
|
|
let header: [u8; 26] = data[..26].try_into().unwrap();
|
|
let rest = &data[26..];
|
|
|
|
let dec = match stream_decrypt_init(&FUZZ_KEY, &header, b"fuzz-at-aad") {
|
|
Ok(d) => d,
|
|
Err(_) => return,
|
|
};
|
|
|
|
// Each iteration: consume 8 bytes as u64 index, then up to 2048 bytes as chunk.
|
|
let mut cursor = 0;
|
|
while cursor + 8 < rest.len() {
|
|
let index = u64::from_be_bytes(rest[cursor..cursor + 8].try_into().unwrap());
|
|
cursor += 8;
|
|
let chunk_end = (cursor + 2048).min(rest.len());
|
|
let chunk_data = &rest[cursor..chunk_end];
|
|
cursor = chunk_end;
|
|
|
|
let _ = dec.decrypt_chunk_at(index, chunk_data);
|
|
}
|
|
});
|