#![no_main]
use libfuzzer_sys::fuzz_target;
use soliton::storage::{encrypt_dm_queue_blob, decrypt_dm_queue_blob, StorageKey, StorageKeyRing};

const FUZZ_KEY: [u8; 32] = [0x42; 32];

fuzz_target!(|data: &[u8]| {
    // Wire layout: [compress_flag (1)] [batch_id_len (1)] [batch_id (..)] [plaintext (..)]
    // Minimum: 2 bytes (compress flag + batch_id_len).
    if data.len() < 2 {
        return;
    }
    // Cap input size to prevent OOM — compress_to_vec allocates working
    // buffers proportional to input size.
    if data.len() > 1_048_576 {
        return;
    }

    let compress = data[0] & 0x01 != 0;
    let batch_len = data[1] as usize;

    // batch_id must be valid UTF-8 — use a fixed string to avoid
    // rejecting most fuzz inputs on UTF-8 validation.
    let batch_id = if batch_len == 0 { "fuzz-batch" } else { "fuzz-batch-alt" };

    let plaintext = if data.len() > 2 { &data[2..] } else { &[] };

    let recipient_fp: [u8; 32] = [0xAA; 32];

    let key = StorageKey::new(1, FUZZ_KEY).unwrap();

    // encrypt_dm_queue_blob must never panic. Exercises: DM queue AAD
    // construction (build_dm_queue_aad binds recipient_fp + batch_id),
    // compression, nonce generation, XChaCha20-Poly1305 encryption.
    let blob = match encrypt_dm_queue_blob(&key, plaintext, &recipient_fp, batch_id, compress) {
        Ok(b) => b,
        Err(_) => return,
    };

    // Roundtrip: decrypt must recover the original plaintext.
    // Catches AAD mismatch, length-prefix errors, compression flag bugs.
    let keyring = StorageKeyRing::new(StorageKey::new(1, FUZZ_KEY).unwrap()).unwrap();
    let recovered = decrypt_dm_queue_blob(&keyring, &blob, &recipient_fp, batch_id)
        .expect("decrypt_dm_queue_blob failed on freshly encrypted blob");
    assert_eq!(&*recovered, plaintext, "DM queue roundtrip mismatch");

    // Wrong recipient fingerprint must fail — verifies AAD binding.
    let wrong_fp: [u8; 32] = [0xBB; 32];
    assert!(
        decrypt_dm_queue_blob(&keyring, &blob, &wrong_fp, batch_id).is_err(),
        "decrypt must fail with wrong recipient_fp"
    );

    // Wrong batch_id must fail — verifies AAD binding.
    assert!(
        decrypt_dm_queue_blob(&keyring, &blob, &recipient_fp, "wrong-batch").is_err(),
        "decrypt must fail with wrong batch_id"
    );
});