From 66814768f8c172d6996d037064924c908245a951 Mon Sep 17 00:00:00 2001
From: Daniel Schadt <kingdread@gmx.de>
Date: Wed, 16 Apr 2025 19:21:29 +0200
Subject: fuzz against aez crate

I just want to ensure that we get the same encrypted values as the
reference (which seems fine), but for some reason, I get a lot of
crashes in aez:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==15467==ERROR: AddressSanitizer: SEGV on unknown address 0x7b34b0420000 (pc 0x6371fcd8f682 bp 0x7ffceb91abf0 sp 0x7ffceb91a950 T0)
==15467==The signal is caused by a READ memory access.
    #0 0x6371fcd8f682 in _mm_loadu_si128 /usr/lib/gcc/x86_64-pc-linux-gnu/14.2.1/include/emmintrin.h:706:10
    #1 0x6371fcd8f682 in loadu /home/daniel/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/aez-0.0.7/aez5-impls/aesni/encrypt.c:107:46
    #2 0x6371fcd8f682 in cipher_aez_core /home/daniel/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/aez-0.0.7/aez5-impls/aesni/encrypt.c:572:32
    #3 0x6371fcd8d581 in aez::Aez::encrypt::h56048920113a17d9 /home/daniel/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/aez-0.0.7/src/lib.rs:118:13

The crash
---
 fuzz/fuzz_targets/zears_vs_aez.rs | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 fuzz/fuzz_targets/zears_vs_aez.rs

(limited to 'fuzz/fuzz_targets/zears_vs_aez.rs')

diff --git a/fuzz/fuzz_targets/zears_vs_aez.rs b/fuzz/fuzz_targets/zears_vs_aez.rs
new file mode 100644
index 0000000..eda644d
--- /dev/null
+++ b/fuzz/fuzz_targets/zears_vs_aez.rs
@@ -0,0 +1,37 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+
+use arbitrary::Arbitrary;
+use zears::Aez;
+
+#[derive(Debug, Arbitrary)]
+struct Parameters<'a> {
+    key: &'a [u8],
+    nonce: &'a [u8],
+    ad: Option<&'a [u8]>,
+    tau: u32,
+    message: &'a [u8],
+}
+
+fuzz_target!(|data: Parameters| {
+    // Limitations stem from AEZ's underlying C library
+    if data.nonce.len() >= 1
+        && data.nonce.len() <= 16
+        && data.ad.map(|x| x.len()).unwrap_or(0) <= 16
+        && data.tau <= 16
+        && data.message.len() <= u32::MAX.try_into().unwrap()
+        && (!data.message.is_empty() || data.tau > 0)
+    {
+        let ad = match data.ad {
+            Some(ad) => &[ad] as &[&[u8]],
+            None => &[],
+        };
+        let actual = Aez::new(data.key).encrypt(data.nonce, ad, data.tau, data.message);
+
+        let mut expected = vec![0; data.message.len() + data.tau as usize];
+        aez::Aez::new(data.key).encrypt(data.nonce, data.ad, data.message, &mut expected);
+
+        assert_eq!(actual, expected);
+    }
+});
-- 
cgit v1.2.3