fuzz against aez crate

I just want to ensure that we get the same encrypted values as the
reference (which seems fine), but for some reason, I get a lot of
crashes in aez:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==15467==ERROR: AddressSanitizer: SEGV on unknown address 0x7b34b0420000 (pc 0x6371fcd8f682 bp 0x7ffceb91abf0 sp 0x7ffceb91a950 T0)
==15467==The signal is caused by a READ memory access.
    #0 0x6371fcd8f682 in _mm_loadu_si128 /usr/lib/gcc/x86_64-pc-linux-gnu/14.2.1/include/emmintrin.h:706:10
    #1 0x6371fcd8f682 in loadu /home/daniel/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/aez-0.0.7/aez5-impls/aesni/encrypt.c:107:46
    #2 0x6371fcd8f682 in cipher_aez_core /home/daniel/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/aez-0.0.7/aez5-impls/aesni/encrypt.c:572:32
    #3 0x6371fcd8d581 in aez::Aez::encrypt::h56048920113a17d9 /home/daniel/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/aez-0.0.7/src/lib.rs:118:13

The crash

3 files changed, 56 insertions, 0 deletions

diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock
index 8f40151..2ae96d1 100644
--- a/fuzz/Cargo.lock
+++ b/fuzz/Cargo.lock
@@ -14,6 +14,15 @@ dependencies = [
 ]
 
 [[package]]
+name = "aez"
+version = "0.0.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c0763d41b5091ea56fa39dd9390f08355b9e45c0310ec5d9fd99c0d23c9322e"
+dependencies = [
+ "cc",
+]
+
+[[package]]
 name = "arbitrary"
 version = "1.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -267,12 +276,14 @@ dependencies = [
  "aes",
  "blake2",
  "constant_time_eq",
+ "cpufeatures",
 ]
 
 [[package]]
 name = "zears-fuzz"
 version = "0.0.0"
 dependencies = [
+ "aez",
  "arbitrary",
  "libfuzzer-sys",
  "zears",
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
index 357b0ac..7c063d6 100644
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -10,6 +10,7 @@ cargo-fuzz = true
 [dependencies]
 arbitrary = { version = "1.4.1", features = ["derive"] }
 libfuzzer-sys = "0.4"
+aez = "0.0.7"
 
 [dependencies.zears]
 path = ".."
@@ -20,3 +21,10 @@ path = "fuzz_targets/fuzz_target_1.rs"
 test = false
 doc = false
 bench = false
+
+[[bin]]
+name = "zears_vs_aez"
+path = "fuzz_targets/zears_vs_aez.rs"
+test = false
+doc = false
+bench = false
diff --git a/fuzz/fuzz_targets/zears_vs_aez.rs b/fuzz/fuzz_targets/zears_vs_aez.rs
new file mode 100644
index 0000000..eda644d
--- /dev/null
+++ b/fuzz/fuzz_targets/zears_vs_aez.rs
@@ -0,0 +1,37 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+
+use arbitrary::Arbitrary;
+use zears::Aez;
+
+#[derive(Debug, Arbitrary)]
+struct Parameters<'a> {
+    key: &'a [u8],
+    nonce: &'a [u8],
+    ad: Option<&'a [u8]>,
+    tau: u32,
+    message: &'a [u8],
+}
+
+fuzz_target!(|data: Parameters| {
+    // Limitations stem from AEZ's underlying C library
+    if data.nonce.len() >= 1
+        && data.nonce.len() <= 16
+        && data.ad.map(|x| x.len()).unwrap_or(0) <= 16
+        && data.tau <= 16
+        && data.message.len() <= u32::MAX.try_into().unwrap()
+        && (!data.message.is_empty() || data.tau > 0)
+    {
+        let ad = match data.ad {
+            Some(ad) => &[ad] as &[&[u8]],
+            None => &[],
+        };
+        let actual = Aez::new(data.key).encrypt(data.nonce, ad, data.tau, data.message);
+
+        let mut expected = vec![0; data.message.len() + data.tau as usize];
+        aez::Aez::new(data.key).encrypt(data.nonce, data.ad, data.message, &mut expected);
+
+        assert_eq!(actual, expected);
+    }
+});