Expand description
SideFuzz is an adaptive fuzzer that uses a genetic-algorithim optimizer in combination with t-statistics to find side-channel (timing) vulnerabilities in cryptography compiled to wasm.
See the README for complete documentation.
Creating a target in rust is done in the following way:
ⓘ
// lib.rs
#[no_mangle]
pub extern "C" fn fuzz() {
let input = sidefuzz::fetch_input(32); // 32 bytes of of fuzzing input as a &[u8]
sidefuzz::black_box(my_hopefully_constant_fn(input));
}# Cargo.toml
[lib]
crate-type = ["cdylib"]
[dependencies]
sidefuzz = "0.1.2"Compile and fuzz the target like so:
cargo build --release --target wasm32-unknown-unknown # Always build in release mode
sidefuzz fuzz ./target/wasm32-unknown-unknown/release/my_target.wasm # Fuzzing!Functions§
- black_
box - A function that is opaque to the optimizer, to allow fuzzed functions to pretend to use outputs to assist in avoiding dead-code elimination.
- fetch_
input - Get an input of the desired length. This function should be called with a constant unchanging len argument. Calling it with different lengths will result in invalid fuzzing.