feat(fuzz): Add missing fuzzing targets.

Author: MathieuMorrissette

.github/workflows/ci.yml

@@ -145,8 +145,7 @@ jobs:
 
   tests_nuget_ios:
     needs: [nugets, setup_config]
-    runs-on: "macos-15"
-
+    runs-on: "macos-26"
     steps:
       - uses: actions/checkout@v4
         with:
@@ -230,6 +229,13 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/workflows/formatting/rust
 
+  #### FUZZ TESTING ####
+  quick_fuzz:
+    runs-on: "ubuntu-22.04"
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/workflows/tests/fuzz/quick
+
   csharp_code_format:
     needs: setup_config
     runs-on: "windows-2022"

.github/workflows/fuzz-extended.yml

@@ -0,0 +1,65 @@
+name: Extended Fuzzing
+
+on:
+  schedule:
+    # Run nightly at 2 AM UTC
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+    inputs:
+      duration:
+        description: 'Duration per target in seconds'
+        required: false
+        default: '300'
+        type: string
+
+jobs:
+  extended_fuzz:
+    runs-on: ubuntu-22.04
+    timeout-minutes: 300 # 5 hours max
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust nightly
+        run: |
+          rustup toolchain install nightly
+          rustup default nightly
+
+      - name: Install cargo-fuzz
+        run: cargo install cargo-fuzz
+
+      - name: Restore corpus cache
+        uses: actions/cache@v4
+        with:
+          path: fuzz/corpus
+          key: fuzz-corpus-${{ github.sha }}
+          restore-keys: |
+            fuzz-corpus-
+
+      - name: Run extended fuzz tests
+        working-directory: ./fuzz
+        run: |
+          DURATION=${{ inputs.duration || '300' }}
+          ./run_all_fuzz_tests.sh $DURATION
+
+      - name: Save corpus cache
+        if: always()
+        uses: actions/cache/save@v4
+        with:
+          path: fuzz/corpus
+          key: fuzz-corpus-${{ github.sha }}
+
+      - name: Upload crash artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4.3.6
+        with:
+          name: fuzz-crash-artifacts-extended-${{ github.run_id }}
+          path: fuzz/artifacts/
+          if-no-files-found: ignore
+
+      - name: Upload corpus on failure
+        if: failure()
+        uses: actions/upload-artifact@v4.3.6
+        with:
+          name: fuzz-corpus-${{ github.run_id }}
+          path: fuzz/corpus/
+          if-no-files-found: ignore

.github/workflows/tests/csharp/android/action.yml

@@ -48,9 +48,32 @@ runs:
       shell: bash
       run: echo "y" | sdkmanager --install "system-images;android-33;google_apis;x86_64"
 
+    - name: Clean up AVD cache
+      shell: bash
+      run: |
+        rm -rf ~/.android/avd/
+        rm -rf ~/.android/cache
+
+    - name: Free up disk space
+      shell: bash
+      run: |
+        echo "Disk space before cleanup:"
+        df -h
+
+        # Remove large unused packages (but keep dotnet - we need it!)
+        sudo rm -rf /opt/ghc
+        sudo rm -rf /usr/local/share/boost
+        sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+
+        # Clean docker
+        sudo docker image prune --all --force
+
+        echo "Disk space after cleanup:"
+        df -h
+
     - name: Creating Android device
       shell: bash
-      run: echo "no" | avdmanager create avd -n test_emulator -k "system-images;android-33;google_apis;x86_64"
+      run: echo "no" | avdmanager create avd -n test_emulator -k "system-images;android-33;google_apis;x86_64" -c 2048M
 
     - name: Starting emulator
       shell: bash

.github/workflows/tests/csharp/ios/action.yml

@@ -27,8 +27,8 @@ runs:
     - name: Extract UDID
       shell: bash
       run: | 
-        # Find the UDID of the iPhone 16 simulator running iOS 18.0
-        SIMULATOR_UDID=$(xcrun simctl list devices available 'iOS 18.0' | grep 'iPhone 16' | awk -F '[()]' '{print $2}' | head -n 1)
+        # Find the UDID of the iPhone 16 simulator running iOS 18
+        SIMULATOR_UDID=$(xcrun simctl list devices available 'iOS 18' | grep 'iPhone 16' | awk -F '[()]' '{print $2}' | head -n 1)
 
         # Check if a UDID was found
         if [ -n "$SIMULATOR_UDID" ]; then
@@ -37,7 +37,7 @@ runs:
             echo "IPHONE_16_SIM_UDID=$SIMULATOR_UDID" >> $GITHUB_ENV
             echo "iPhone 16 UDID stored in environment variable IPHONE_16_SIM_UDID: $IPHONE_16_SIM_UDID"
         else
-            echo "iPhone 16 simulator with iOS 18.0 not found."
+            echo "iPhone 16 simulator with iOS 18 not found."
             exit 1
         fi
 

.github/workflows/tests/fuzz/quick/action.yml

@@ -0,0 +1,69 @@
+name: Quick Fuzz Test
+description: Run quick fuzz tests on all targets (10 seconds each)
+runs:
+  using: composite
+  steps:
+    - name: Install Rust nightly
+      shell: bash
+      run: |
+        rustup toolchain install nightly
+        rustup default nightly
+
+    - name: Install cargo-fuzz
+      shell: bash
+      run: cargo install cargo-fuzz
+
+    - name: Run quick fuzz tests
+      working-directory: ./fuzz
+      shell: bash
+      run: |
+        set -e
+
+        echo "=== Running Quick Fuzz Tests (10s per target) ==="
+
+        # Get all fuzz targets
+        TARGETS=$(cargo fuzz list)
+        TOTAL=$(echo "$TARGETS" | wc -l)
+        CURRENT=0
+        FAILED_TARGETS=()
+
+        for target in $TARGETS; do
+          CURRENT=$((CURRENT + 1))
+          echo ""
+          echo "[$CURRENT/$TOTAL] Testing: $target"
+
+          if timeout 15s cargo fuzz run "$target" -- -max_total_time=10 -rss_limit_mb=2048 2>&1; then
+            echo "✓ $target passed"
+          else
+            EXIT_CODE=$?
+            if [ $EXIT_CODE -eq 124 ]; then
+              echo "⏱ $target timed out (expected)"
+            else
+              echo "✗ $target failed with exit code $EXIT_CODE"
+              FAILED_TARGETS+=("$target")
+            fi
+          fi
+        done
+
+        echo ""
+        echo "=== Summary ==="
+        echo "Total targets: $TOTAL"
+        echo "Failed targets: ${#FAILED_TARGETS[@]}"
+
+        if [ ${#FAILED_TARGETS[@]} -gt 0 ]; then
+          echo ""
+          echo "Failed targets:"
+          printf '%s\n' "${FAILED_TARGETS[@]}"
+          exit 1
+        fi
+
+        echo ""
+        echo "All fuzz tests passed!"
+
+    - name: Upload crash artifacts
+      if: failure()
+      uses: actions/upload-artifact@v4.3.6
+      with:
+        name: fuzz-crash-artifacts
+        path: fuzz/artifacts/
+        if-no-files-found: ignore

fuzz/Cargo.toml

@@ -61,6 +61,10 @@ path = "fuzz_targets/key/private_key_deserialization.rs"
 name = "argon2parameters_deserialization"
 path = "fuzz_targets/key/argon2parameters_deserialization.rs"
 
+[[bin]]
+name = "mix_key_exchange"
+path = "fuzz_targets/key/mix_key_exchange.rs"
+
 [[bin]]
 name = "share_deserialization"
 path = "fuzz_targets/secret_sharing/share_deserialization.rs"
@@ -100,3 +104,75 @@ path = "fuzz_targets/utils/base64_decode.rs"
 [[bin]]
 name = "base64_decode_url"
 path = "fuzz_targets/utils/base64_decode_url.rs"
+
+[[bin]]
+name = "derive_key_argon2"
+path = "fuzz_targets/utils/derive_key_argon2.rs"
+
+[[bin]]
+name = "scrypt_simple"
+path = "fuzz_targets/utils/scrypt_simple.rs"
+
+[[bin]]
+name = "signature_deserialization"
+path = "fuzz_targets/signature/signature_deserialization.rs"
+
+[[bin]]
+name = "sign"
+path = "fuzz_targets/signature/sign.rs"
+
+[[bin]]
+name = "verify"
+path = "fuzz_targets/signature/verify.rs"
+
+[[bin]]
+name = "signing_keypair_deserialization"
+path = "fuzz_targets/signing_key/signing_keypair_deserialization.rs"
+
+[[bin]]
+name = "signing_public_key_deserialization"
+path = "fuzz_targets/signing_key/signing_public_key_deserialization.rs"
+
+[[bin]]
+name = "online_ciphertext_header_deserialization"
+path = "fuzz_targets/online_ciphertext/header_deserialization.rs"
+
+[[bin]]
+name = "online_encrypt_symmetric"
+path = "fuzz_targets/online_ciphertext/encrypt_symmetric.rs"
+
+[[bin]]
+name = "online_encrypt_asymmetric"
+path = "fuzz_targets/online_ciphertext/encrypt_asymmetric.rs"
+
+[[bin]]
+name = "online_decrypt_symmetric"
+path = "fuzz_targets/online_ciphertext/decrypt_symmetric.rs"
+
+[[bin]]
+name = "online_decrypt_asymmetric"
+path = "fuzz_targets/online_ciphertext/decrypt_asymmetric.rs"
+
+[[bin]]
+name = "encrypt_with_aad"
+path = "fuzz_targets/ciphertext/encrypt_with_aad.rs"
+
+[[bin]]
+name = "decrypt_with_aad"
+path = "fuzz_targets/ciphertext/decrypt_with_aad.rs"
+
+[[bin]]
+name = "encrypt_asymmetric_with_aad"
+path = "fuzz_targets/ciphertext/encrypt_asymmetric_with_aad.rs"
+
+[[bin]]
+name = "decrypt_asymmetric_with_aad"
+path = "fuzz_targets/ciphertext/decrypt_asymmetric_with_aad.rs"
+
+[[bin]]
+name = "generate_keypair"
+path = "fuzz_targets/key/generate_keypair.rs"
+
+[[bin]]
+name = "constant_time_equals"
+path = "fuzz_targets/utils/constant_time_equals.rs"

fuzz/fuzz_targets/ciphertext/decrypt_asymmetric_with_aad.rs

@@ -0,0 +1,17 @@
+#![no_main]
+use arbitrary::Arbitrary;
+use libfuzzer_sys::fuzz_target;
+
+use devolutions_crypto::ciphertext::Ciphertext;
+use devolutions_crypto::key::PrivateKey;
+
+#[derive(Arbitrary, Clone, Debug)]
+struct Input {
+    data: Ciphertext,
+    key: PrivateKey,
+    aad: Vec<u8>,
+}
+
+fuzz_target!(|data: Input| {
+    let _ = data.data.decrypt_asymmetric_with_aad(&data.key, &data.aad);
+});

fuzz/fuzz_targets/ciphertext/decrypt_with_aad.rs

@@ -0,0 +1,16 @@
+#![no_main]
+use arbitrary::Arbitrary;
+use libfuzzer_sys::fuzz_target;
+
+use devolutions_crypto::ciphertext::Ciphertext;
+
+#[derive(Arbitrary, Clone, Debug)]
+struct Input {
+    data: Ciphertext,
+    key: Vec<u8>,
+    aad: Vec<u8>,
+}
+
+fuzz_target!(|data: Input| {
+    let _ = data.data.decrypt_with_aad(&data.key, &data.aad);
+});

fuzz/fuzz_targets/ciphertext/encrypt_asymmetric_with_aad.rs

@@ -0,0 +1,18 @@
+#![no_main]
+use arbitrary::Arbitrary;
+use libfuzzer_sys::fuzz_target;
+
+use devolutions_crypto::ciphertext::{encrypt_asymmetric_with_aad, CiphertextVersion};
+use devolutions_crypto::key::PublicKey;
+
+#[derive(Arbitrary, Clone, Debug)]
+struct Input {
+    data: Vec<u8>,
+    key: PublicKey,
+    aad: Vec<u8>,
+    version: CiphertextVersion,
+}
+
+fuzz_target!(|data: Input| {
+    let _ = encrypt_asymmetric_with_aad(&data.data, &data.key, &data.aad, data.version);
+});

fuzz/fuzz_targets/ciphertext/encrypt_with_aad.rs

@@ -0,0 +1,17 @@
+#![no_main]
+use arbitrary::Arbitrary;
+use libfuzzer_sys::fuzz_target;
+
+use devolutions_crypto::ciphertext::{encrypt_with_aad, CiphertextVersion};
+
+#[derive(Arbitrary, Clone, Debug)]
+struct Input {
+    data: Vec<u8>,
+    key: Vec<u8>,
+    aad: Vec<u8>,
+    version: CiphertextVersion,
+}
+
+fuzz_target!(|data: Input| {
+    let _ = encrypt_with_aad(&data.data, &data.key, &data.aad, data.version);
+});