From b63ff22b6db6be7e8e0017c9934cf2e339ef8184 Mon Sep 17 00:00:00 2001 From: UnbreakableMJ Date: Thu, 18 Jun 2026 02:47:45 +0300 Subject: [PATCH] docs: record passing EncString fuzz soak (v0.1 gate #1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The ≥24 h libFuzzer soak of the EncString type-2 parser (PRD §11.4 / RELEASING.md gate #1) completed clean: 8,874,210,317 executions over 86,401 s, coverage flat at 312 blocks, 928 features, exit 0, and an empty fuzz/artifacts/ — no panics, crashes, or round-trip failures. - docs/fuzzing-report.md: the report (moved out of the repo root), with the verbatim console output embedded so every headline figure is sourced. - RELEASING.md: tick gate #1, cite the run. - CHANGELOG.md: [Unreleased] note; first v0.1 operational gate cleared (PQC handshake + daily-driver still pending). Co-Authored-By: Claude Opus 4.8 (1M context) --- CHANGELOG.md | 7 ++ RELEASING.md | 5 +- docs/fuzzing-report.md | 176 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 186 insertions(+), 2 deletions(-) create mode 100644 docs/fuzzing-report.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 0634fd6..31a9a92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,13 @@ range may break in any release. ### Added +- **EncString fuzz soak passed (PRD §11.4 / RELEASING.md gate #1).** A ≥ 24 h + libFuzzer soak of the `EncString` type-2 parser completed with **0 findings**: + 8,874,210,317 executions over 86,401 s (~102.7 k exec/s), coverage flat at 312 + blocks, exit 0, `fuzz/artifacts/` empty. The verbatim run is captured in + `docs/fuzzing-report.md`. First of the v0.1 operational gates cleared; the tag + still waits on the live PQC handshake and the daily-driver attestation. + - **REUSE compliance (Standard §4.3) + CI gate.** Added `LICENSES/GPL-3.0-or-later.txt` and a `REUSE.toml` (a `path="**"` annotation supplying copyright + license in bulk, mirroring `construct/`), so every file carries license + copyright info diff --git a/RELEASING.md b/RELEASING.md index 6953b7e..b395da5 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -12,10 +12,11 @@ do the mechanical cut below. ## 1. Operational gates (run before tagging `v0.1.0`) -- [ ] **EncString fuzz soak** — ≥ 24 h with no findings (PRD §11.4): +- [x] **EncString fuzz soak** — ≥ 24 h with no findings (PRD §11.4): `cargo +nightly fuzz run enc_string_parse -- -max_total_time=86400` (see `docs/fuzzing.md`). Any reproducer under `fuzz/artifacts/` blocks the - tag until fixed. + tag until fixed. **Done 2026-06-18:** 8.87 B executions over 86,401 s, 0 + findings, exit 0 — full run logged in `docs/fuzzing-report.md`. - [ ] **Live PQC handshake** — build with PQC and confirm an X25519MLKEM768 handshake against a PQC-enabled endpoint: `cargo build -p vault-agent --features pqc` (see `docs/pqc.md`). diff --git a/docs/fuzzing-report.md b/docs/fuzzing-report.md new file mode 100644 index 0000000..7abb3d2 --- /dev/null +++ b/docs/fuzzing-report.md @@ -0,0 +1,176 @@ + + +# EncString Fuzzing Report + +**Target:** `vault-core::EncString::parse` (Bitwarden type 2 ciphertext parser) +**Harness:** `fuzz/fuzz_targets/enc_string_parse.rs` +**Date:** 2026-06-18 +**Duration:** 86,401 seconds (24 hours) +**Toolchain:** nightly-x86_64-unknown-linux-gnu via rustup + +## Objective + +PRD §11.4 requires a ≥24-hour fuzz soak of the `EncString` parser with no findings before the v0.1.0 tag. The parser base64-decodes attacker-influenceable cache and `/sync` responses into IV/ciphertext/MAC — it must never panic and must maintain parse→serialize→parse round-trip consistency. + +## Configuration + +| Parameter | Value | +|-----------|-------| +| Fuzzer | libFuzzer (via `cargo-fuzz`) | +| Target | `enc_string_parse` | +| Time limit | 86,400 seconds | +| Corpus seed | 436 files, 87,318 bytes | +| Max input length | 4,096 bytes | + +## Raw terminal output + +The following is the complete console output from the fuzz run, captured verbatim: + +``` +warning: linker stderr: lto-wrapper: using serial compilation of 5 LTRANS jobs + lto-wrapper: note: see the '-flto' option documentation for more information + | + = note: `#[warn(linker_messages)]` on by default + +warning: `vault-fuzz` (bin "enc_string_parse") generated 1 warning + Finished `release` profile [optimized + debuginfo] target(s) in 0.08s +warning: linker stderr: lto-wrapper: using serial compilation of 5 LTRANS jobs + lto-wrapper: note: see the '-flto' option documentation for more information + | + = note: `#[warn(linker_messages)]` on by default + +warning: `vault-fuzz` (bin "enc_string_parse") generated 1 warning + Finished `release` profile [optimized + debuginfo] target(s) in 0.05s + Running `target/x86_64-unknown-linux-gnu/release/enc_string_parse -artifact_prefix=/spacecraft-software/vault/fuzz/artifacts/enc_string_parse/ -max_total_time=86400 /spacecraft-software/vault/fuzz/corpus/enc_string_parse` +INFO: Running with entropic power schedule (0xFF, 100). +INFO: Seed: 1512457441 +INFO: Loaded 1 modules (25059 inline 8-bit counters): 25059 [0x5af8ba353868, 0x5af8ba359a4b), +INFO: Loaded 1 PC tables (25059 PCs): 25059 [0x5af8ba359a50,0x5af8ba3bb880), +INFO: 436 files found in /spacecraft-software/vault/fuzz/corpus/enc_string_parse +INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes +INFO: seed corpus: files: 436 min: 1b max: 4096b total: 87318b rss: 34Mb +#437 INITED cov: 312 ft: 922 corp: 133/27Kb exec/s: 0 rss: 43Mb +#262144 pulse cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 131072 rss: 406Mb +#524288 pulse cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 104857 rss: 413Mb +#899176 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 99908 rss: 413Mb L: 22/4096 MS: 4 EraseBytes-ShuffleBytes-ChangeBit-ChangeByte- +#1048576 pulse cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 104857 rss: 413Mb +#1224963 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 102080 rss: 413Mb L: 523/4096 MS: 2 ChangeBit-EraseBytes- +#1570019 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 98126 rss: 414Mb L: 73/4096 MS: 1 EraseBytes- +#2097152 pulse cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 99864 rss: 414Mb +#2301700 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 100073 rss: 414Mb L: 267/4096 MS: 1 EraseBytes- +#2808286 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 104010 rss: 415Mb L: 244/4096 MS: 1 EraseBytes- +#3617097 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 103345 rss: 419Mb L: 57/4096 MS: 1 EraseBytes- +#4194304 pulse cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 99864 rss: 419Mb +#5068411 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 97469 rss: 419Mb L: 30/4096 MS: 4 ChangeBinInt-EraseBytes-ShuffleBytes-ChangeBit- +#5290457 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 97971 rss: 419Mb L: 265/4096 MS: 1 EraseBytes- +#6232498 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 97382 rss: 419Mb L: 119/4096 MS: 1 EraseBytes- +#6914709 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 96037 rss: 419Mb L: 62/4096 MS: 1 EraseBytes- +#7247071 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 95356 rss: 419Mb L: 248/4096 MS: 2 InsertRepeatedBytes-EraseBytes- +#7382042 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 95870 rss: 419Mb L: 264/4096 MS: 1 EraseBytes- +#8388608 pulse cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 94254 rss: 420Mb +#9265633 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 93592 rss: 420Mb L: 117/4096 MS: 1 EraseBytes- +#9305383 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 93053 rss: 420Mb L: 54/4096 MS: 5 InsertByte-ChangeASCIIInt-CrossOver-ChangeBinInt-EraseBytes- +#10092809 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 92594 rss: 420Mb L: 264/4096 MS: 1 EraseBytes- +#10216505 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 92040 rss: 420Mb L: 53/4096 MS: 1 EraseBytes- +#12333662 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 87472 rss: 422Mb L: 92/4096 MS: 2 CrossOver-EraseBytes- +#12688693 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 86908 rss: 422Mb L: 91/4096 MS: 1 EraseBytes- +#13732260 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 84767 rss: 422Mb L: 263/4096 MS: 1 EraseBytes- +#16777216 pulse cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 79512 rss: 425Mb +#17788491 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 79769 rss: 426Mb L: 277/4096 MS: 1 EraseBytes- +#18432467 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 80141 rss: 427Mb L: 247/4096 MS: 1 EraseBytes- +#19473118 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 79807 rss: 427Mb L: 126/4096 MS: 1 EraseBytes- +#20451384 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 79888 rss: 427Mb L: 243/4096 MS: 1 EraseBytes- +#20753240 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 79514 rss: 427Mb L: 256/4096 MS: 1 EraseBytes- +#21375630 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 79463 rss: 428Mb L: 56/4096 MS: 5 ShuffleBytes-InsertRepeatedBytes-ChangeBinInt-ChangeBinInt-EraseBytes- +#22480216 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 79435 rss: 429Mb L: 522/4096 MS: 1 EraseBytes- +#22801457 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 79447 rss: 429Mb L: 255/4096 MS: 1 EraseBytes- +#23793180 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 79575 rss: 431Mb L: 116/4096 MS: 3 ChangeBinInt-ShuffleBytes-EraseBytes- +#28707647 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 78651 rss: 432Mb L: 251/4096 MS: 2 ChangeBinInt-EraseBytes- +#28832244 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 78561 rss: 432Mb L: 274/4096 MS: 2 ChangeBit-EraseBytes- +#29159670 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 78386 rss: 432Mb L: 263/4096 MS: 1 EraseBytes- +#29200511 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 78495 rss: 432Mb L: 122/4096 MS: 1 EraseBytes- +#30042267 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 78235 rss: 432Mb L: 250/4096 MS: 1 EraseBytes- +#31280668 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 77812 rss: 432Mb L: 90/4096 MS: 1 EraseBytes- +#33116731 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 77375 rss: 432Mb L: 134/4096 MS: 3 ChangeByte-EraseBytes-CopyPart- +#33470954 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 77300 rss: 432Mb L: 16/4096 MS: 3 ChangeASCIIInt-EraseBytes-CMP- DE: "\377\377\377\377"- +#33554432 pulse cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 77314 rss: 433Mb +#41375995 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 74150 rss: 437Mb L: 273/4096 MS: 1 EraseBytes- +#42057332 REDUCE cov: 312 ft: 922 corp: 133/27Kb lim: 4096 exec/s: 74175 rss: 437Mb L: 133/4096 MS: 2 EraseBytes-ChangeByte- +#47008223 NEW cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 74262 rss: 440Mb L: 4096/4096 MS: 1 CrossOver- +#47127135 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 74333 rss: 440Mb L: 261/4096 MS: 2 CopyPart-EraseBytes- +#52955135 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 76746 rss: 452Mb L: 61/4096 MS: 5 CrossOver-ChangeBit-CrossOver-ShuffleBytes-EraseBytes- +#53143626 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 76797 rss: 452Mb L: 241/4096 MS: 1 EraseBytes- +#56801897 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 78131 rss: 453Mb L: 114/4096 MS: 1 EraseBytes- +#61522007 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 79691 rss: 453Mb L: 22/4096 MS: 5 ChangeBit-ChangeBinInt-EraseBytes-ChangeByte-PersAutoDict- DE: "\377\377\377\377"- +#67108864 pulse cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 80854 rss: 455Mb +#73292123 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 83097 rss: 455Mb L: 245/4096 MS: 1 EraseBytes- +#81244415 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 85520 rss: 455Mb L: 27/4096 MS: 2 CMP-EraseBytes- DE: "\377\377\377\377"- +#88536641 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 87228 rss: 455Mb L: 262/4096 MS: 1 EraseBytes- +#95243309 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 88433 rss: 455Mb L: 260/4096 MS: 3 PersAutoDict-EraseBytes-CopyPart- DE: "\377\377\377\377"- +#97018670 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 88763 rss: 455Mb L: 259/4096 MS: 1 EraseBytes- +#103050447 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 89765 rss: 455Mb L: 118/4096 MS: 1 EraseBytes- +#120719260 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 89887 rss: 455Mb L: 31/4096 MS: 3 ChangeByte-ChangeBinInt-EraseBytes- +#126401432 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 89329 rss: 455Mb L: 60/4096 MS: 2 EraseBytes-PersAutoDict- DE: "\377\377\377\377"- +#134217728 pulse cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 88127 rss: 455Mb +#162270068 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 87618 rss: 455Mb L: 249/4096 MS: 1 EraseBytes- +#178765585 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 87931 rss: 455Mb L: 521/4096 MS: 2 ChangeBit-EraseBytes- +#197276586 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 89875 rss: 455Mb L: 132/4096 MS: 1 EraseBytes- +#206503373 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 90531 rss: 455Mb L: 261/4096 MS: 2 EraseBytes-ChangeByte- +#250340520 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 89759 rss: 456Mb L: 46/4096 MS: 2 InsertRepeatedBytes-EraseBytes- +#253702036 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 89584 rss: 456Mb L: 260/4096 MS: 1 EraseBytes- +#268435456 pulse cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 88797 rss: 456Mb +#324040958 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 88222 rss: 456Mb L: 254/4096 MS: 2 ChangeBinInt-EraseBytes- +#332618555 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 88297 rss: 456Mb L: 253/4096 MS: 2 ChangeByte-EraseBytes- +#385563602 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 87172 rss: 457Mb L: 1045/4096 MS: 1 EraseBytes- +#398614518 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 87243 rss: 457Mb L: 252/4096 MS: 1 EraseBytes- +#423420080 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 87375 rss: 457Mb L: 125/4096 MS: 2 InsertByte-EraseBytes- +#465467148 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 88006 rss: 457Mb L: 520/4096 MS: 3 EraseBytes-ShuffleBytes-ShuffleBytes- +#520354749 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 89025 rss: 457Mb L: 4095/4096 MS: 1 EraseBytes- +#536870912 pulse cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 89523 rss: 458Mb +#624273755 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 91872 rss: 458Mb L: 519/4096 MS: 1 EraseBytes- +#625331238 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 91906 rss: 458Mb L: 518/4096 MS: 3 CopyPart-CopyPart-EraseBytes- +#701762246 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 93780 rss: 458Mb L: 517/4096 MS: 2 ShuffleBytes-EraseBytes- +#724188235 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 94295 rss: 458Mb L: 247/4096 MS: 3 CrossOver-ChangeASCIIInt-EraseBytes- +#882267731 REDUCE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 97326 rss: 458Mb L: 246/4096 MS: 1 EraseBytes- +#1073741824 pulse cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 99651 rss: 458Mb +#2147483648 pulse cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 104980 rss: 459Mb +#4294967296 pulse cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 104370 rss: 459Mb +#8589934592 pulse cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 103442 rss: 459Mb +#8874210317 DONE cov: 312 ft: 928 corp: 134/31Kb lim: 4096 exec/s: 102709 rss: 459Mb +###### Recommended dictionary. ###### +"\377\377\377\377" # Uses: 801644167 +###### End of recommended dictionary. ###### +Done 8874210317 runs in 86401 second(s) +``` + +## Results summary + +| Metric | Value | +|--------|-------| +| Total executions | 8,874,210,317 (~8.9 billion) | +| Execution rate | ~102,709 exec/s | +| Coverage (hit blocks) | 312 | +| Features (`ft:`) | 928 | +| Final corpus size | 134 files, 31 KB | +| Peak RSS | 459 MB | +| Findings (artifacts) | **0** | +| Exit code | 0 | + +## Post-run verification + +```sh +$ ls -la fuzz/artifacts/enc_string_parse/ +total 8 +drwxr-xr-x 2 mj users 4096 Jun 16 10:19 . +drwxr-xr-x 2 mj users 4096 Jun 16 10:19 .. +``` + +Confirmed: **No artifacts produced.** The directory contains only `.` and `..` — zero crash reproducers, zero findings. + +## Conclusion + +PRD §11.4 / RELEASING.md gate #1: **PASSED.** The EncString parser is stable and correct under 8.9 billion adversarial executions across 24 hours. + +--- + +*Generated from the 24-hour soak run on 2026-06-18.*