37 lines
1.3 KiB
Rust
37 lines
1.3 KiB
Rust
#![no_main]
|
|
use libfuzzer_sys::fuzz_target;
|
|
use soliton::identity::{generate_identity, hybrid_sign, hybrid_verify, GeneratedIdentity, IdentityPublicKey, IdentitySecretKey};
|
|
use std::sync::LazyLock;
|
|
|
|
struct SignerKeys {
|
|
pk: IdentityPublicKey,
|
|
sk: IdentitySecretKey,
|
|
}
|
|
|
|
// Fixed signer — keygen is expensive, amortise across corpus runs.
|
|
static SIGNER: LazyLock<SignerKeys> = LazyLock::new(|| {
|
|
let GeneratedIdentity { public_key: pk, secret_key: sk, .. } = generate_identity().unwrap();
|
|
SignerKeys { pk, sk }
|
|
});
|
|
|
|
fuzz_target!(|data: &[u8]| {
|
|
if data.is_empty() {
|
|
return;
|
|
}
|
|
|
|
// Property 1: sign(msg) → verify(msg, sig) must always succeed.
|
|
let Ok(sig) = hybrid_sign(&SIGNER.sk, data) else {
|
|
panic!("hybrid_sign failed on a valid key");
|
|
};
|
|
if hybrid_verify(&SIGNER.pk, data, &sig).is_err() {
|
|
panic!("hybrid_verify rejected a freshly-signed message");
|
|
}
|
|
|
|
// Property 2: verify(tampered_msg, sig) must always fail.
|
|
// Flip the LSB of the first byte — always changes the message content.
|
|
let mut tampered = data.to_vec();
|
|
tampered[0] ^= 0x01;
|
|
if hybrid_verify(&SIGNER.pk, &tampered, &sig).is_ok() {
|
|
panic!("hybrid_verify accepted a message that differs by exactly one bit");
|
|
}
|
|
});
|