Fuzz fixes WIP

Author: cryptoquick

fuzz/Cargo.lock

@@ -6,25 +6,35 @@ use libfuzzer_sys::fuzz_target;
 const NUM_ALGORITHMS: u8 = 4; // SECP256K1_SCHNORR, FN_DSA_512, ML_DSA_44, SLH_DSA_128S
 
 fuzz_target!(|data: &[u8]| {
-    if data.is_empty() {
-        return; // Need at least one byte for algorithm selection
+    if data.len() < 2 {
+        // Need at least 2 bytes: 1 for algorithm, 1+ for key data
+        return;
     }
 
-    // Use first byte to select an algorithm
+    // First byte selects algorithm
     let alg_byte = data[0];
     let algorithm = algorithm_from_index(alg_byte);
 
-    // Use remaining bytes as potential key data
+    // Rest of the data is treated as a potential key
     let key_data = &data[1..];
 
-    // Attempt to parse as PublicKey
-    let _ = PublicKey::try_from_slice(algorithm, key_data);
-
-    // Attempt to parse as SecretKey
-    let secret_key_result = SecretKey::try_from_slice(algorithm, key_data);
-
-    assert!(
-        secret_key_result.is_ok(),
-        "Secret key parsing failed! Algorithm: {algorithm:?}",
-    );
+    // Try to interpret this as a secret key
+    // The key_parsing should correctly validate this without crashing
+    let sk_result = SecretKey::try_from_slice(algorithm, key_data);
+    if key_data.len() == bitcoinpqc::secret_key_size(algorithm) {
+        // If length matches, it should parse correctly
+        // (assuming bytewise validation passes)
+        let _ = sk_result.unwrap_or_else(|_| {
+            panic!(
+                "Secret key parsing failed! Algorithm: {}",
+                algorithm.debug_name()
+            )
+        });
+    } else {
+        // Otherwise it should return an error
+        assert!(
+            sk_result.is_err(),
+            "Parsing should fail for invalid key length!"
+        );
+    }
 });

fuzz/fuzz_targets/key_parsing_fuzz.rs

@@ -4,23 +4,25 @@ use bitcoinpqc::{algorithm_from_index, generate_keypair};
 use libfuzzer_sys::fuzz_target;
 
 fuzz_target!(|data: &[u8]| {
-    if data.len() < 129 {
-        // Need at least 129 bytes: 1 for algorithm selection and 128 for random data
+    if data.len() < 130 {
+        // Need at least 1 byte for algorithm + 129 bytes for key seed
         return;
     }
 
-    // Use first byte to select an algorithm
+    // First byte selects algorithm
     let alg_byte = data[0];
     let algorithm = algorithm_from_index(alg_byte);
 
-    // Use remaining bytes as random data
-    let random_data = &data[1..];
-
-    // Try to generate a keypair with this data
-    let keypair = generate_keypair(algorithm, random_data);
+    // Rest is key generation data
+    let key_data = &data[1..]; // Should be 129+ bytes
 
+    // Try to generate a keypair
+    let keypair_result = generate_keypair(algorithm, key_data);
     assert!(
-        keypair.is_ok(),
-        "Keypair generation failed! Algorithm: {algorithm:?}",
+        keypair_result.is_ok(),
+        "Keypair generation failed! Algorithm: {}",
+        algorithm.debug_name()
     );
+    let _keypair = keypair_result.unwrap();
+    // Success!
 });

fuzz/fuzz_targets/keypair_generation_fuzz.rs

@@ -17,40 +17,59 @@ fuzz_target!(|data: &[u8]| {
     let key_data = &data[1..129];
 
     // Try to generate a keypair
-    let keypair = match generate_keypair(algorithm, key_data) {
-        Ok(kp) => kp,
-        Err(_) => return, // Skip if key generation fails
-    };
+    let keypair_result = generate_keypair(algorithm, key_data);
+    if let Err(err) = &keypair_result {
+        panic!(
+            "Key generation failed for algorithm: {}, error: {:?}",
+            algorithm.debug_name(),
+            err
+        );
+    }
+    let keypair = keypair_result.unwrap();
 
     // Use remaining bytes as message to sign
     let message = &data[129..];
 
     // Try to sign the message
-    let signature = match sign(&keypair.secret_key, message) {
-        Ok(sig) => sig,
-        Err(_) => return, // Skip if signing fails
-    };
+    let signature_result = sign(&keypair.secret_key, message);
+    if let Err(err) = &signature_result {
+        panic!(
+            "Signing failed for algorithm: {}, error: {:?}",
+            algorithm.debug_name(),
+            err
+        );
+    }
+    let signature = signature_result.unwrap();
 
     // Try to verify the signature with the correct public key
     let verify_result = verify(&keypair.public_key, message, &signature);
-
-    assert!(
-        verify_result.is_ok(),
-        "Verification failed for a signature generated with the corresponding private key! Algorithm: {algorithm:?}",
-    );
+    if let Err(err) = &verify_result {
+        panic!("Verification failed for a signature generated with the corresponding private key! Algorithm: {}, error: {:?}",
+               algorithm.debug_name(), err);
+    }
 
     // Also try some invalid cases (if we have a valid signature)
     if message.len() > 1 {
         // Try with modified message
         let mut modified_msg = message.to_vec();
         modified_msg[0] ^= 0xFF; // Flip bits in first byte
-        let _verify_result_bad_msg = verify(&keypair.public_key, &modified_msg, &signature);
+        let verify_result_bad_msg = verify(&keypair.public_key, &modified_msg, &signature);
+        assert!(
+            verify_result_bad_msg.is_err(),
+            "Verification should fail with modified message! Algorithm: {}",
+            algorithm.debug_name()
+        );
     }
 
     if signature.bytes.len() > 1 {
         // Try with modified signature
         let mut modified_sig = signature.clone();
         modified_sig.bytes[0] ^= 0xFF; // Flip bits in first byte
-        let _verify_result_bad_sig = verify(&keypair.public_key, message, &modified_sig);
+        let verify_result_bad_sig = verify(&keypair.public_key, message, &modified_sig);
+        assert!(
+            verify_result_bad_sig.is_err(),
+            "Verification should fail with modified signature! Algorithm: {}",
+            algorithm.debug_name()
+        );
     }
 });