initial commit

Signed-off-by: Kamal Tufekcic <kamal@lo.sh>

soliton/fuzz/fuzz_targets/fuzz_kex_decode_receive.rs

@@ -0,0 +1,43 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+use soliton::{
+    identity::{generate_identity, GeneratedIdentity, HybridSignature, IdentityPublicKey, IdentitySecretKey},
+    kex::{decode_session_init, receive_session},
+    primitives::xwing,
+};
+use std::sync::LazyLock;
+
+struct BobKeys {
+    ik_pk: IdentityPublicKey,
+    ik_sk: IdentitySecretKey,
+    spk_sk: xwing::SecretKey,
+}
+
+static BOB: LazyLock<BobKeys> = LazyLock::new(|| {
+    let GeneratedIdentity { public_key: ik_pk, secret_key: ik_sk, .. } = generate_identity().unwrap();
+    let (_spk_pk, spk_sk) = xwing::keygen().unwrap();
+    BobKeys { ik_pk, ik_sk, spk_sk }
+});
+
+static ALICE_PK: LazyLock<IdentityPublicKey> = LazyLock::new(|| generate_identity().unwrap().public_key);
+
+const SIG: usize = 3373;
+
+fuzz_target!(|data: &[u8]| {
+    // Chained fuzz target: decode_session_init → receive_session.
+    // Catches bugs in the interaction between wire parsing and session
+    // establishment that separate harnesses cannot reach.
+    //
+    // Wire layout: sig (3373) | encoded_session_init (rest)
+    if data.len() < SIG {
+        return;
+    }
+
+    let Ok(sig) = HybridSignature::from_bytes(data[..SIG].to_vec()) else { return; };
+    let encoded = &data[SIG..];
+
+    let Ok(si) = decode_session_init(encoded) else { return; };
+
+    // receive_session must never panic regardless of decoded input.
+    let _ = receive_session(&BOB.ik_pk, &BOB.ik_sk, &ALICE_PK, &si, &sig, &BOB.spk_sk, None);
+});