#![no_main]
use libfuzzer_sys::fuzz_target;
use soliton::storage::{decrypt_blob, StorageKey, StorageKeyRing};

// Distinct keys per version — catches version-routing bugs that identical keys would hide.
const FUZZ_KEY_V1: [u8; 32] = [0x42; 32];
const FUZZ_KEY_V2: [u8; 32] = [0x43; 32];
const FUZZ_KEY_V3: [u8; 32] = [0x44; 32];

fuzz_target!(|data: &[u8]| {
    // Build a keyring with versions 1-3 so version routing is exercised.
    let key1 = StorageKey::new(1, FUZZ_KEY_V1).unwrap();
    let key2 = StorageKey::new(2, FUZZ_KEY_V2).unwrap();
    let key3 = StorageKey::new(3, FUZZ_KEY_V3).unwrap();
    let mut ring = StorageKeyRing::new(key1).unwrap();
    let _ = ring.add_key(key2, false);
    let _ = ring.add_key(key3, false);

    // decrypt_blob must never panic regardless of input.
    // AEAD rejects most mutations; the pre-AEAD parsing paths
    // (version routing, flag validation, length checks) are the target.
    let _ = decrypt_blob(&ring, data, "fuzz-channel", "fuzz-segment");
});