48 lines
1.7 KiB
Rust
48 lines
1.7 KiB
Rust
#![no_main]
|
||
use libfuzzer_sys::fuzz_target;
|
||
use soliton::primitives::argon2::{argon2id, Argon2Params};
|
||
|
||
fuzz_target!(|data: &[u8]| {
|
||
// Wire layout: [m_cost (4)] [t_cost (4)] [p_cost (4)] [out_len (2)] [salt_len (1)] [salt (..)] [password (..)]
|
||
// Minimum: 15 bytes (4+4+4+2+1).
|
||
if data.len() < 15 {
|
||
return;
|
||
}
|
||
|
||
let m_cost = u32::from_le_bytes(data[0..4].try_into().unwrap());
|
||
let t_cost = u32::from_le_bytes(data[4..8].try_into().unwrap());
|
||
let p_cost = u32::from_le_bytes(data[8..12].try_into().unwrap());
|
||
let out_len = u16::from_le_bytes(data[12..14].try_into().unwrap()) as usize;
|
||
let salt_len = data[14] as usize;
|
||
|
||
let rest = &data[15..];
|
||
if rest.len() < salt_len {
|
||
return;
|
||
}
|
||
let salt = &rest[..salt_len];
|
||
let password = &rest[salt_len..];
|
||
|
||
// Cap m_cost to prevent actual multi-GiB allocation during fuzzing.
|
||
// The validation boundary is at 4_194_304 — we test up to 2× that
|
||
// but never allocate: invalid params are rejected before allocation.
|
||
// For valid params, cap at 1024 KiB (1 MiB) to keep fuzzing fast.
|
||
let m_cost = if m_cost > 8_388_608 { m_cost } else { m_cost.min(1024) };
|
||
|
||
// Cap out_len to prevent large allocation.
|
||
let out_len = out_len.min(4097);
|
||
if out_len == 0 {
|
||
return;
|
||
}
|
||
|
||
let params = Argon2Params {
|
||
m_cost,
|
||
t_cost,
|
||
p_cost,
|
||
};
|
||
let mut out = vec![0u8; out_len];
|
||
|
||
// argon2id must never panic regardless of parameters. Exercises:
|
||
// salt minimum check, output length bounds, cost parameter caps,
|
||
// argon2 library parameter validation, error-path output zeroization.
|
||
let _ = argon2id(password, salt, params, &mut out);
|
||
});
|