[][src]Crate sidefuzz

SideFuzz is an adaptive fuzzer that uses a genetic-algorithim optimizer in combination with t-statistics to find side-channel (timing) vulnerabilities in cryptography compiled to wasm.

See the README for complete documentation.

Creating a target in rust is done in the following way:

This example is not tested
// lib.rs
#[no_mangle]
pub extern "C" fn fuzz() {
  let input = sidefuzz::fetch_input(32); // 32 bytes of of fuzzing input as a &[u8]
  sidefuzz::black_box(my_hopefully_constant_fn(input));
}
# Cargo.toml
[lib]
crate-type = ["cdylib"]

[dependencies]
sidefuzz = "0.1.2"

Compile and fuzz the target like so:

cargo build --release --target wasm32-unknown-unknown                # Always build in release mode
sidefuzz fuzz ./target/wasm32-unknown-unknown/release/my_target.wasm # Fuzzing!

Functions

black_box

A function that is opaque to the optimizer, to allow fuzzed functions to pretend to use outputs to assist in avoiding dead-code elimination.

fetch_input

Get an input of the desired length. This function should be called with a constant unchanging len argument. Calling it with different lengths will result in invalid fuzzing.