[−][src]Crate sidefuzz
SideFuzz is an adaptive fuzzer that uses a genetic-algorithim optimizer in combination with t-statistics to find side-channel (timing) vulnerabilities in cryptography compiled to wasm.
See the README for complete documentation.
Creating a target in rust is done in the following way:
ⓘThis example is not tested
// lib.rs #[no_mangle] pub extern "C" fn fuzz() { let input = sidefuzz::fetch_input(32); // 32 bytes of of fuzzing input as a &[u8] sidefuzz::black_box(my_hopefully_constant_fn(input)); }
# Cargo.toml
[lib]
crate-type = ["cdylib"]
[dependencies]
sidefuzz = "0.1.2"
Compile and fuzz the target like so:
cargo build --release --target wasm32-unknown-unknown # Always build in release mode
sidefuzz fuzz ./target/wasm32-unknown-unknown/release/my_target.wasm # Fuzzing!
Functions
black_box | A function that is opaque to the optimizer, to allow fuzzed functions to pretend to use outputs to assist in avoiding dead-code elimination. |
fetch_input | Get an input of the desired length. This function should be called with a constant unchanging len argument. Calling it with different lengths will result in invalid fuzzing. |