Merge bitcoin/bitcoin#28951: fuzz: BIP324: damage ciphertext/aad in full byte range

e67634ef19db310511a22f461bb1af7edb3d862b fuzz: BIP324: damage ciphertext/aad in full byte range (Sebastian Falbesoner)

Pull request description:

  This PR is a tiny improvement for the `bip324_cipher_roundtrip` fuzz target: currently the damaging of input data for decryption (either ciphertext or aad) only ever happens in the lower nibble within the byte at the damage position, as the bit position for the `damage_val` byte was calculated with `damage_bit & 3` (corresponding to `% 4`) rather than `damage_bit & 7` (corresponding to the expected `% 8`).

  Noticed while reviewing #28263 which uses similar constructs.

ACKs for top commit:
  stratospher:
    ACK e67634ef.
  dergoegge:
    utACK e67634ef19db310511a22f461bb1af7edb3d862b

Tree-SHA512: 1bab4df28708e079874feee939beef45eff235215375c339decc696f4c9aef04e4b417322b045491c8aec6e88ec8ec2db564e27ef1b0be352b6ff4ed38bad49a

1 files changed, 1 insertions, 1 deletions

diff --git a/src/test/fuzz/bip324.cpp b/src/test/fuzz/bip324.cpp
index e5ed9bfd52..37c41f3895 100644
--- a/src/test/fuzz/bip324.cpp
+++ b/src/test/fuzz/bip324.cpp
@@ -98,7 +98,7 @@ FUZZ_TARGET(bip324_cipher_roundtrip, .init=Initialize)
             unsigned damage_bit = provider.ConsumeIntegralInRange<unsigned>(0,
                 (ciphertext.size() + aad.size()) * 8U - 1U);
             unsigned damage_pos = damage_bit >> 3;
-            std::byte damage_val{(uint8_t)(1U << (damage_bit & 3))};
+            std::byte damage_val{(uint8_t)(1U << (damage_bit & 7))};
             if (damage_pos >= ciphertext.size()) {
                 aad[damage_pos - ciphertext.size()] ^= damage_val;
             } else {