[rust] add validation tests for core

.github/workflows/rust-fuzz-core.yml

@@ -0,0 +1,37 @@
+name: "Fuzz (rust/core)"
+
+on:
+    workflow_dispatch:
+    pull_request:
+        paths:
+            - "rust/core/**"
+
+permissions:
+    contents: read
+
+jobs:
+    fuzz:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Install nightly toolchain
+              uses: dtolnay/rust-toolchain@nightly
+
+            - name: Cache
+              uses: actions/cache@v4
+              with:
+                  path: |
+                      ~/.cargo/registry
+                      ~/.cargo/git
+                      rust/core/target
+                      rust/core/fuzz/target
+                  key: ${{ runner.os }}-cargo-fuzz-${{ hashFiles('rust/core/Cargo.lock') }}
+
+            - name: Install cargo-fuzz
+              run: cargo +nightly install cargo-fuzz
+
+            - name: Run fuzz target (secretbox)
+              working-directory: rust/core
+              run: cargo +nightly fuzz run secretbox -- -max_total_time=300

rust/README.md

@@ -41,6 +41,7 @@
 ## Contents (this repo)
 
 - `rust/core/` (`ente-core`) - shared, pure Rust code used by clients (crypto + auth, plus small HTTP/URL helpers).
+- `rust/validation/` - crypto validation + benchmarks vs libsodium.
 - `rust/cli/` - Rust CLI (work-in-progress).
 
 ## Directory Structure
@@ -53,15 +54,30 @@ rust/
 │   ├── Cargo.toml
 │   └── Cargo.lock
 │
-└── core/                   # Pure Rust shared logic
+├── core/                   # Pure Rust shared logic
+│   ├── src/
+│   │   ├── lib.rs
+│   │   ├── crypto/
+│   │   └── auth/
+│   ├── docs/
+│   │   ├── crypto.md
+│   │   └── auth.md
+│   └── Cargo.toml          # crate name: ente-core
+│
+└── validation/             # Crypto validation + benchmarks vs libsodium
     ├── src/
-    │   ├── lib.rs
-    │   ├── crypto/
-    │   └── auth/
-    ├── docs/
-    │   ├── crypto.md
-    │   └── auth.md
-    └── Cargo.toml          # crate name: ente-core
+    │   ├── main.rs
+    │   └── bin/
+    │       └── bench.rs
+    ├── wasm/               # WASM bench bindings
+    │   ├── src/
+    │   │   └── lib.rs
+    │   └── Cargo.toml      # crate name: ente-validation-wasm
+    ├── js/                 # JS + WASM benchmarks
+    │   ├── bench-wasm.mjs
+    │   ├── bench-wasm-browser.mjs
+    │   └── bench-wasm-browser.html
+    └── Cargo.toml          # crate name: ente-validation
 
 web/packages/wasm/          # WASM bindings (lives in web workspace)
 ├── src/
@@ -90,6 +106,8 @@ mobile/apps/photos/rust/    # Photos app-specific FRB bindings
 
 - `ente-core` - shared business logic (pure Rust, no FFI)
   - Docs: `rust/core/docs/crypto.md`, `rust/core/docs/auth.md`
+- `ente-validation` - validation + benchmarks vs libsodium
+  - `ente-validation-wasm` - wasm bench bindings
 - `ente-wasm` - wasm-bindgen wrappers for web
 - `ente_rust` - shared FRB wrappers for mobile (Dart class: `EnteRust`)
 - `ente_photos_rust` - Photos app-specific FRB (Dart class: `EntePhotosRust`)
@@ -136,6 +154,39 @@ cargo build      # build
 cargo test       # test
 ```
 
+**ente-validation (rust/validation/):**
+
+```sh
+cargo run -p ente-validation --bin ente-validation    # validation suite
+cargo run -p ente-validation --bin bench              # benchmarks (debug)
+cargo run -p ente-validation --bin bench --release    # benchmarks (release)
+```
+
+**ente-validation wasm benchmarks (rust/validation/):**
+
+Node (rust-core wasm vs libsodium-wrappers-sumo wasm):
+
+```sh
+wasm-pack build --target nodejs rust/validation/wasm  # wasm bench build
+cd rust/validation/js
+npm install
+node bench-wasm.mjs                                   # wasm benchmarks
+```
+
+Browser (Chrome):
+
+```sh
+wasm-pack build --target web rust/validation/wasm
+cd rust/validation
+python3 -m http.server 8000
+```
+
+Open:
+
+```text
+http://localhost:8000/js/bench-wasm-browser.html
+```
+
 **ente-wasm (web/packages/wasm/):**
 
 ```sh

rust/core/README.md

@@ -59,3 +59,58 @@ cargo clippy   # lint
 cargo build    # build
 cargo test     # test
 ```
+
+## Fuzzing
+
+Fuzzing is an automated technique that feeds randomized and malformed inputs into
+functions to uncover panics, edge cases, and security bugs that unit tests may miss.
+
+Fuzz targets live in `rust/core/fuzz` (cargo-fuzz). Requires a nightly toolchain.
+
+```bash
+cargo +nightly install cargo-fuzz
+cd rust/core
+cargo +nightly fuzz run secretbox -- -max_total_time=60
+```
+
+Other targets: `sealed_box`, `stream`, `argon`.
+
+## Tests
+
+```
+tests/
+├── auth_integration.rs          # Auth workflow tests
+├── comprehensive_crypto_tests.rs # Stress tests (up to 50MB files)
+├── crypto_interop.rs            # Cross-platform vectors (JS/Dart)
+└── libsodium_vectors.rs         # Libsodium compatibility
+
+src/
+├── auth/*.rs                    # Auth unit tests
+└── crypto/*.rs                  # Crypto unit tests
+```
+
+**Total: 186+ tests**
+
+| Test Suite | What it tests |
+|------------|---------------|
+| Auth unit tests | Login, signup, recovery, SRP |
+| Auth integration | Full auth workflows |
+| Crypto unit tests | Individual crypto operations |
+| Libsodium vectors | Cross-platform compatibility |
+| Comprehensive | Large files, edge cases |
+
+### Running Tests
+
+```bash
+# All tests
+cargo test
+
+# Auth tests only
+cargo test auth
+
+# Crypto tests only
+cargo test crypto
+
+# With output
+cargo test -- --nocapture
+```

rust/core/fuzz/.gitignore

@@ -0,0 +1,4 @@
+/corpus/
+/artifacts/
+/target/
+Cargo.lock

rust/core/fuzz/Cargo.toml

@@ -0,0 +1,37 @@
+[package]
+name = "ente-core-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2021"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+arbitrary = { version = "1", features = ["derive"] }
+ente-core = { path = ".." }
+
+[[bin]]
+name = "secretbox"
+path = "fuzz_targets/secretbox.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "sealed_box"
+path = "fuzz_targets/sealed_box.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "stream"
+path = "fuzz_targets/stream.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "argon"
+path = "fuzz_targets/argon.rs"
+test = false
+doc = false

rust/core/fuzz/fuzz_targets/argon.rs

@@ -0,0 +1,21 @@
+#![no_main]
+
+use arbitrary::Arbitrary;
+use libfuzzer_sys::fuzz_target;
+
+#[derive(Arbitrary, Debug)]
+struct ArgonInput {
+    password: Vec<u8>,
+    salt: [u8; 16],
+    mem_kib: u16,
+    ops: u8,
+}
+
+fuzz_target!(|input: ArgonInput| {
+    // Clamp to values that are fast enough for fuzzing.
+    let mem_limit = 8_192u32 + (u32::from(input.mem_kib % 64) * 1024); // 8 KiB .. 72 KiB
+    let ops_limit = 1u32 + (u32::from(input.ops % 5)); // 1..=5
+
+    let password = String::from_utf8_lossy(&input.password);
+    let _ = ente_core::crypto::argon::derive_key(password.as_ref(), &input.salt, mem_limit, ops_limit);
+});

rust/core/fuzz/fuzz_targets/sealed_box.rs

@@ -0,0 +1,20 @@
+#![no_main]
+
+use arbitrary::Arbitrary;
+use libfuzzer_sys::fuzz_target;
+
+#[derive(Arbitrary, Debug)]
+struct SealedBoxInput {
+    ciphertext: Vec<u8>,
+    recipient_pk: [u8; 32],
+    recipient_sk: [u8; 32],
+}
+
+fuzz_target!(|input: SealedBoxInput| {
+    // Primary goal: ensure `open()` never panics on malformed inputs.
+    let _ = ente_core::crypto::sealed::open(
+        &input.ciphertext,
+        &input.recipient_pk,
+        &input.recipient_sk,
+    );
+});

rust/core/fuzz/fuzz_targets/secretbox.rs

@@ -0,0 +1,38 @@
+#![no_main]
+
+use arbitrary::Arbitrary;
+use libfuzzer_sys::fuzz_target;
+
+#[derive(Arbitrary, Debug)]
+struct SecretBoxInput {
+    plaintext: Vec<u8>,
+    key: [u8; 32],
+    nonce: [u8; 24],
+    flip_bit: bool,
+}
+
+fuzz_target!(|input: SecretBoxInput| {
+    // Roundtrip: encrypt_with_nonce is deterministic, so fuzzing stays reproducible.
+    if let Ok(ciphertext) = ente_core::crypto::secretbox::encrypt_with_nonce(
+        &input.plaintext,
+        &input.nonce,
+        &input.key,
+    ) {
+        let mut ct = ciphertext;
+
+        // Optional: corrupt a byte to exercise error paths.
+        if input.flip_bit && !ct.is_empty() {
+            ct[0] ^= 0x01;
+        }
+
+        let decrypted = ente_core::crypto::secretbox::decrypt(&ct, &input.nonce, &input.key);
+
+        if input.flip_bit {
+            // Corruption should fail (unless ciphertext was empty, which never happens: MAC is
+            // always present, so ct is at least 16 bytes).
+            assert!(decrypted.is_err());
+        } else {
+            assert_eq!(decrypted.unwrap(), input.plaintext);
+        }
+    }
+});

rust/core/fuzz/fuzz_targets/stream.rs

@@ -0,0 +1,21 @@
+#![no_main]
+
+use arbitrary::Arbitrary;
+use libfuzzer_sys::fuzz_target;
+
+#[derive(Arbitrary, Debug)]
+struct StreamInput {
+    header: [u8; 24],
+    key: [u8; 32],
+    ciphertext: Vec<u8>,
+    ad: Vec<u8>,
+}
+
+fuzz_target!(|input: StreamInput| {
+    // Primary goal: ensure secretstream parsing/decryption never panics.
+    if let Ok(mut decryptor) = ente_core::crypto::stream::StreamDecryptor::new(&input.header, &input.key)
+    {
+        let _ = decryptor.pull_with_ad(&input.ciphertext, &input.ad);
+        let _ = decryptor.pull_typed_with_ad(&input.ciphertext, &input.ad);
+    }
+});

rust/core/tests/.gitignore

@@ -0,0 +1,2 @@
+# Node dependencies should not be committed
+node_modules/