initial commit

Signed-off-by: Kamal Tufekcic <kamal@lo.sh>

soliton/fuzz/fuzz_targets/fuzz_auth_verify.rs

@@ -0,0 +1,20 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+use soliton::auth::auth_verify;
+
+fuzz_target!(|data: &[u8]| {
+    // Feed adversarial 32-byte pairs to auth_verify. Confirms it never
+    // panics for any bit pattern and always returns a deterministic bool.
+    if data.len() < 64 {
+        return;
+    }
+
+    let expected: &[u8; 32] = data[..32].try_into().unwrap();
+    let proof: &[u8; 32] = data[32..64].try_into().unwrap();
+    let result = auth_verify(expected, proof);
+
+    // Correctness: auth_verify is constant-time equality. Verify it
+    // returns the correct answer — catches regressions where verify
+    // always returns true or always returns false.
+    assert_eq!(result, expected == proof, "auth_verify returned wrong result");
+});