From 9287a6cdc37c7c37e744f8418a13a74bb0e629ef Mon Sep 17 00:00:00 2001
From: Daniel Schadt <kingdread@gmx.de>
Date: Thu, 17 Apr 2025 12:56:44 +0200
Subject: fuzz against slow aez-ref, not fast aez-ni

Two reasons:

First, this allows us to test more of the algorithm, as the (slow)
reference implementation supports multiple associated data items, large
values for tau, ...

Second, this avoids the segfault crash, which is a limit of the fast
implementation (the assumption there is that data is aligned properly,
and even a read out-of-bounds will not cause a segfault).
---
 fuzz/fuzz_targets/zears_vs_aez.rs | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

(limited to 'fuzz/fuzz_targets')

diff --git a/fuzz/fuzz_targets/zears_vs_aez.rs b/fuzz/fuzz_targets/zears_vs_aez.rs
index eda644d..39ccac6 100644
--- a/fuzz/fuzz_targets/zears_vs_aez.rs
+++ b/fuzz/fuzz_targets/zears_vs_aez.rs
@@ -9,28 +9,31 @@ use zears::Aez;
 struct Parameters<'a> {
     key: &'a [u8],
     nonce: &'a [u8],
-    ad: Option<&'a [u8]>,
-    tau: u32,
+    ad: &'a [u8],
+    adreps: u8,
+    tau: u8,
     message: &'a [u8],
 }
 
+const MAX_LEN: usize = 16 * 1024 * 1024;
+
 fuzz_target!(|data: Parameters| {
-    // Limitations stem from AEZ's underlying C library
-    if data.nonce.len() >= 1
-        && data.nonce.len() <= 16
-        && data.ad.map(|x| x.len()).unwrap_or(0) <= 16
-        && data.tau <= 16
-        && data.message.len() <= u32::MAX.try_into().unwrap()
-        && (!data.message.is_empty() || data.tau > 0)
-    {
-        let ad = match data.ad {
-            Some(ad) => &[ad] as &[&[u8]],
-            None => &[],
-        };
-        let actual = Aez::new(data.key).encrypt(data.nonce, ad, data.tau, data.message);
+    if data.message.len() + data.tau as usize <= MAX_LEN {
+        let ad = (0..data.adreps)
+            .map(|i| {
+                let i = i.into();
+                if i < data.ad.len() {
+                    &data.ad[i..]
+                } else {
+                    &[]
+                }
+            })
+            .collect::<Vec<_>>();
+
+        let actual = Aez::new(data.key).encrypt(data.nonce, &ad, data.tau.into(), data.message);
 
         let mut expected = vec![0; data.message.len() + data.tau as usize];
-        aez::Aez::new(data.key).encrypt(data.nonce, data.ad, data.message, &mut expected);
+        aezref::encrypt(data.key, data.nonce, &ad, data.message, &mut expected);
 
         assert_eq!(actual, expected);
     }
-- 
cgit v1.2.3