Add hostile-network tests, parser fuzzing, and CI fuzz job
Track B (milestone 5 / §16 hardening): - tests/hostile_network.rs: in-process UDP relay/shim between a test client and a real dosh-server that can drop, reorder, and duplicate datagrams, and rebind its upstream socket mid-session. Asserts: session survives loss/reorder, duplicated/replayed Input is applied at most once, stale packets after resume are ignored (not fatal), and a client source-address change preserves the session. - tests/parser_robustness.rs: deterministic randomized tests throwing garbage at every reachable public parser (packet decode, from_body for all protocol/native structs, authorized_keys, known_hosts, host-key line, ssh-ed25519 blob, bootstrap, attach ticket); asserts none panic. - fuzz/: standalone cargo-fuzz crate (own [workspace], non-default member) with libfuzzer-sys harnesses for packet decode, from_body, authorized_keys, known_hosts, handshake structs+verifiers, and attach tickets. README documents the run command. - .github/workflows/ci.yml: add fuzz-smoke job (nightly + cargo-fuzz, short -max_total_time per target, tolerant if tooling unavailable); existing fmt/test/build/bench steps unchanged. cargo fmt --check and cargo test are green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
co-authored by
Claude Opus 4.8
parent
6c14d669b8
commit
9b0f09a8a8
@@ -0,0 +1,23 @@
|
||||
#![no_main]
|
||||
//! Fuzz the wire-packet decoder + decrypt path.
|
||||
//!
|
||||
//! Mirrors tests/parser_robustness.rs but driven by libFuzzer so the coverage
|
||||
//! engine can search for panics in `protocol::decode`, `Header::parse`, and the
|
||||
//! decode -> decrypt_body pipeline. The objective is: NO PANICS on any input.
|
||||
|
||||
use libfuzzer_sys::fuzz_target;
|
||||
|
||||
use dosh::protocol::{self, CLIENT_TO_SERVER, SERVER_TO_CLIENT};
|
||||
|
||||
fuzz_target!(|data: &[u8]| {
|
||||
// Header parsing must never panic.
|
||||
let _ = protocol::Header::parse(data);
|
||||
|
||||
// Full decode, then attempt decryption with a fixed key in both directions.
|
||||
// A real attacker controls these bytes; neither path may panic.
|
||||
if let Ok(packet) = protocol::decode(data) {
|
||||
let key = [0x42u8; 32];
|
||||
let _ = protocol::decrypt_body(&packet, &key, CLIENT_TO_SERVER);
|
||||
let _ = protocol::decrypt_body(&packet, &key, SERVER_TO_CLIENT);
|
||||
}
|
||||
});
|
||||
Reference in New Issue
Block a user