#![no_main] //! Fuzz the attach-ticket and bootstrap decoders. These open server-sealed //! AEAD blobs and base64 bootstrap envelopes from cache / wire material that an //! attacker may corrupt; none may panic. use libfuzzer_sys::fuzz_target; use dosh::auth::{decode_bootstrap, open_attach_ticket, verify_attach_ticket}; fuzz_target!(|data: &[u8]| { let secret = [0x11u8; 32]; let psk = [0x22u8; 32]; let _ = open_attach_ticket(&secret, data); let _ = verify_attach_ticket(&secret, data, &psk, "default", "read-write"); if let Ok(text) = std::str::from_utf8(data) { let _ = decode_bootstrap(text); } });