Hardening deserialization (#836)

* fuzz: add MMR and crypto type deserialization fuzz targets

Add fuzz targets for high-severity attack surface:
- mmr.rs: PartialMmr and Forest deserialization
- crypto.rs: Falcon PublicKey, SealingKey, SealedMessage deserialization

Also update keccak to 0.1.6 to fix RUSTSEC-2026-0012.

* ci: add mmr and crypto fuzz targets to CI workflow

Add new fuzz targets for MMR structures (PartialMmr, Forest) and
cryptographic types (PublicKey, SealingKey, SealedMessage) to the
daily CI fuzz job.

* fix: replace unwrap with proper error handling in XChaCha decryption

The AeadScheme implementation for XChaCha used unwrap() when
deserializing EncryptedData from raw bytes, which could panic on
malformed attacker-controlled input. Replace with proper error
propagation.

Also add AEAD fuzz target to catch similar issues and include it
in CI fuzz job.

* fuzz: add DSA signatures fuzz target

Add fuzz coverage for all signature deserialization paths:
- EdDSA (Ed25519) signatures and public keys
- ECDSA (secp256k1) signatures, public keys, and recovery
- Falcon512 signatures, public keys, and recovery

Also exercises verify paths to catch panics on malformed input.

* chore: Changelog

Author: huitseeker

.github/workflows/fuzz.yml

@@ -49,7 +49,7 @@ jobs:
       fail-fast: false
       max-parallel: 1
       matrix:
-        target: [word, merkle, smt_serde]
+        target: [word, merkle, smt_serde, mmr, crypto, aead, signatures]
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@main

CHANGELOG.md

@@ -12,6 +12,7 @@
 - Fixed tuple `min_serialized_size()` to exclude alignment padding, fixing `BudgetedReader` rejecting valid data ([#827](https://github.com/0xMiden/crypto/pull/827)).
 - [BREAKING] Added validation to `PartialMmr::from_parts()` and `Deserializable` implementation, added `from_parts_unchecked()` for performance-critical code ([#812](https://github.com/0xMiden/crypto/pull/812)).
 - Added `Signature::from_der()` for ECDSA signatures over secp256k1 ([#842](https://github.com/0xMiden/crypto/pull/842)).
+- Fix possible panic in `XChaCha::decrypt_bytes_with_associated_data` and harden deserialization with fuzzing across 7 new targets ([#836](https://github.com/0xMiden/crypto/pull/836)).
 
 ## 0.22.3 (2026-02-23)
 

Makefile

@@ -165,6 +165,22 @@ fuzz-merkle: ## Run fuzzing for Merkle tree serialization
 fuzz-smt-serde: ## Run fuzzing for SMT serialization
 	cargo +nightly fuzz run smt_serde --release --fuzz-dir miden-crypto-fuzz
 
+.PHONY: fuzz-mmr
+fuzz-mmr: ## Run fuzzing for MMR structures serialization
+	cargo +nightly fuzz run mmr --release --fuzz-dir miden-crypto-fuzz
+
+.PHONY: fuzz-crypto
+fuzz-crypto: ## Run fuzzing for cryptographic types serialization
+	cargo +nightly fuzz run crypto --release --fuzz-dir miden-crypto-fuzz
+
+.PHONY: fuzz-aead
+fuzz-aead: ## Run fuzzing for AEAD decryption paths
+	cargo +nightly fuzz run aead --release --fuzz-dir miden-crypto-fuzz
+
+.PHONY: fuzz-signatures
+fuzz-signatures: ## Run fuzzing for DSA signature deserialization
+	cargo +nightly fuzz run signatures --release --fuzz-dir miden-crypto-fuzz
+
 # --- installing ----------------------------------------------------------------------------------
 
 .PHONY: check-tools