libsoliton/soliton/fuzz/fuzz_targets/fuzz_auth_respond.rs

#![no_main]
use libfuzzer_sys::fuzz_target;
use soliton::{
    auth::auth_respond,
    identity::{generate_identity, GeneratedIdentity, IdentitySecretKey},
    primitives::xwing,
};
use std::sync::LazyLock;

struct ClientKeys {
    sk: IdentitySecretKey,
}

// Fixed client identity — keygen is expensive, amortise across corpus runs.
static CLIENT: LazyLock<ClientKeys> = LazyLock::new(|| {
    let GeneratedIdentity { secret_key: sk, .. } = generate_identity().unwrap();
    ClientKeys { sk }
});

const CT_SIZE: usize = 1120;

fuzz_target!(|data: &[u8]| {
    if data.len() < CT_SIZE {
        return;
    }
    let Ok(ct) = xwing::Ciphertext::from_bytes(data[..CT_SIZE].to_vec()) else { return; };

    // auth_respond must never panic regardless of ciphertext content.
    // Exercises: X-Wing decapsulation with arbitrary ct, HMAC-SHA256 derivation.
    // KEM decapsulation always "succeeds" (returns some shared secret); the HMAC
    // path always runs and the result is returned as Zeroizing<[u8; 32]>.
    let _ = auth_respond(&CLIENT.sk, &ct);
});