I added a new module which encapsulates the new CryptoAuth and an old one. You can construct it with both new and old, or just old, or just new. If it's constructed with both then whenever you do any operation (encrypt, decrypt etc) it verifies both have the exact same result.
This amplifies the power of the existing tests and uses new and old code to cross-test each other. I also added 2 new fuzz tests to the cjdns fuzzing framework, same fuzz test as before but using CryptoAuth new+old and CryptoAuth noise protocol.
How do you fuzz an encryption function? You can't just throw random bytes at it and see how many times it fails to decrypt. The thing to do is decode the fuzz bytes into a "plan", i.e. a sequence of events. Alice sends a message, Bob sends a message, a message is lost, etc.