initial commit

Signed-off-by: Kamal Tufekcic <kamal@lo.sh>

soliton/fuzz/fuzz_targets/fuzz_storage_decrypt_blob.rs

@@ -0,0 +1,23 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+use soliton::storage::{decrypt_blob, StorageKey, StorageKeyRing};
+
+// Distinct keys per version — catches version-routing bugs that identical keys would hide.
+const FUZZ_KEY_V1: [u8; 32] = [0x42; 32];
+const FUZZ_KEY_V2: [u8; 32] = [0x43; 32];
+const FUZZ_KEY_V3: [u8; 32] = [0x44; 32];
+
+fuzz_target!(|data: &[u8]| {
+    // Build a keyring with versions 1-3 so version routing is exercised.
+    let key1 = StorageKey::new(1, FUZZ_KEY_V1).unwrap();
+    let key2 = StorageKey::new(2, FUZZ_KEY_V2).unwrap();
+    let key3 = StorageKey::new(3, FUZZ_KEY_V3).unwrap();
+    let mut ring = StorageKeyRing::new(key1).unwrap();
+    let _ = ring.add_key(key2, false);
+    let _ = ring.add_key(key3, false);
+
+    // decrypt_blob must never panic regardless of input.
+    // AEAD rejects most mutations; the pre-AEAD parsing paths
+    // (version routing, flag validation, length checks) are the target.
+    let _ = decrypt_blob(&ring, data, "fuzz-channel", "fuzz-segment");
+});