#!/bin/bash # Cryptographic API fuzzing - malformed inputs, boundary conditions, type confusion SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/../config.sh" OUT="$OUT/crypto_fuzz" mkdir -p "$OUT" echo '=== CRYPTO API FUZZING ===' | tee "$OUT/summary.txt" ALGOS=('classical' 'hybrid' 'post-quantum' 'ml-kem-1024' 'hqc-256' 'quad-layer') # Malformed JSON echo '--- Malformed JSON ---' | tee -a "$OUT/summary.txt" MALFORMED=( '{}' '{"data":null}' '{"data":[]}' '{"data":{}}' '{"data":true}' '{"data":-1}' '{"data":""}' 'null' '[]' 'not-json' '{"data":"' ) for body in "${MALFORMED[@]}"; do resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 8 -X POST -H 'Content-Type: application/json' -d "$body" "$API_TARGET/encrypt") echo "[$resp] body: $body" | tee -a "$OUT/summary.txt" done # Algorithm confusion / injection echo '' | tee -a "$OUT/summary.txt" echo '--- Algorithm Injection ---' | tee -a "$OUT/summary.txt" ALG_PAYLOADS=( '../../../etc/passwd' '; cat /etc/passwd' '$(id)' 'classical; DROP TABLE keys' 'none' 'null' 'undefined' '../../config' "classical\\x00hybrid" "A$(python3 -c 'print("A"*10000)')" ) for alg in "${ALG_PAYLOADS[@]}"; do resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 8 -X POST -H 'Content-Type: application/json' -d "{\"data\":\"test\",\"algorithm\":\"$alg\"}" "$API_TARGET/encrypt") echo "[$resp] algorithm: $alg" | tee -a "$OUT/summary.txt" done # Oversized payloads echo '' | tee -a "$OUT/summary.txt" echo '--- Oversized Payloads ---' | tee -a "$OUT/summary.txt" for size in 1000 10000 100000 1000000; do data=$(python3 -c "print('A' * $size)") resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 15 -X POST -H 'Content-Type: application/json' -d "{\"data\":\"$data\",\"algorithm\":\"classical\"}" "$API_TARGET/encrypt") echo "[$resp] payload size: $size bytes" | tee -a "$OUT/summary.txt" done # Prototype pollution in JSON echo '' | tee -a "$OUT/summary.txt" echo '--- Prototype Pollution ---' | tee -a "$OUT/summary.txt" PROTO_PAYLOADS=( '{"__proto__":{"admin":true},"data":"test","algorithm":"classical"}' '{"constructor":{"prototype":{"admin":true}},"data":"test"}' '{"__proto__.admin":true,"data":"test"}' ) for body in "${PROTO_PAYLOADS[@]}"; do resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 8 -X POST -H 'Content-Type: application/json' -d "$body" "$API_TARGET/encrypt") echo "[$resp] $body" | tee -a "$OUT/summary.txt" done cat "$OUT/summary.txt"