fuzz against slow aez-ref, not fast aez-ni

Two reasons:

First, this allows us to test more of the algorithm, as the (slow)
reference implementation supports multiple associated data items, large
values for tau, ...

Second, this avoids the segfault crash, which is a limit of the fast
implementation (the assumption there is that data is aligned properly,
and even a read out-of-bounds will not cause a segfault).

3 files changed, 25 insertions, 22 deletions

diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock
index 2ae96d1..1fce2f7 100644
--- a/fuzz/Cargo.lock
+++ b/fuzz/Cargo.lock
@@ -14,10 +14,8 @@ dependencies = [
 ]
 
 [[package]]
-name = "aez"
-version = "0.0.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c0763d41b5091ea56fa39dd9390f08355b9e45c0310ec5d9fd99c0d23c9322e"
+name = "aezref"
+version = "0.1.0"
 dependencies = [
  "cc",
 ]
@@ -283,7 +281,7 @@ dependencies = [
 name = "zears-fuzz"
 version = "0.0.0"
 dependencies = [
- "aez",
+ "aezref",
  "arbitrary",
  "libfuzzer-sys",
  "zears",
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
index 7c063d6..043fbef 100644
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -10,11 +10,13 @@ cargo-fuzz = true
 [dependencies]
 arbitrary = { version = "1.4.1", features = ["derive"] }
 libfuzzer-sys = "0.4"
-aez = "0.0.7"
 
 [dependencies.zears]
 path = ".."
 
+[dependencies.aezref]
+path = "../aezref"
+
 [[bin]]
 name = "fuzz_target_1"
 path = "fuzz_targets/fuzz_target_1.rs"
diff --git a/fuzz/fuzz_targets/zears_vs_aez.rs b/fuzz/fuzz_targets/zears_vs_aez.rs
index eda644d..39ccac6 100644
--- a/fuzz/fuzz_targets/zears_vs_aez.rs
+++ b/fuzz/fuzz_targets/zears_vs_aez.rs
@@ -9,28 +9,31 @@ use zears::Aez;
 struct Parameters<'a> {
     key: &'a [u8],
     nonce: &'a [u8],
-    ad: Option<&'a [u8]>,
-    tau: u32,
+    ad: &'a [u8],
+    adreps: u8,
+    tau: u8,
     message: &'a [u8],
 }
 
+const MAX_LEN: usize = 16 * 1024 * 1024;
+
 fuzz_target!(|data: Parameters| {
-    // Limitations stem from AEZ's underlying C library
-    if data.nonce.len() >= 1
-        && data.nonce.len() <= 16
-        && data.ad.map(|x| x.len()).unwrap_or(0) <= 16
-        && data.tau <= 16
-        && data.message.len() <= u32::MAX.try_into().unwrap()
-        && (!data.message.is_empty() || data.tau > 0)
-    {
-        let ad = match data.ad {
-            Some(ad) => &[ad] as &[&[u8]],
-            None => &[],
-        };
-        let actual = Aez::new(data.key).encrypt(data.nonce, ad, data.tau, data.message);
+    if data.message.len() + data.tau as usize <= MAX_LEN {
+        let ad = (0..data.adreps)
+            .map(|i| {
+                let i = i.into();
+                if i < data.ad.len() {
+                    &data.ad[i..]
+                } else {
+                    &[]
+                }
+            })
+            .collect::<Vec<_>>();
+
+        let actual = Aez::new(data.key).encrypt(data.nonce, &ad, data.tau.into(), data.message);
 
         let mut expected = vec![0; data.message.len() + data.tau as usize];
-        aez::Aez::new(data.key).encrypt(data.nonce, data.ad, data.message, &mut expected);
+        aezref::encrypt(data.key, data.nonce, &ad, data.message, &mut expected);
 
         assert_eq!(actual, expected);
     }