libsoliton/soliton/fuzz/fuzz_targets/fuzz_auth_verify.rs

#![no_main]
use libfuzzer_sys::fuzz_target;
use soliton::auth::auth_verify;

fuzz_target!(|data: &[u8]| {
    // Feed adversarial 32-byte pairs to auth_verify. Confirms it never
    // panics for any bit pattern and always returns a deterministic bool.
    if data.len() < 64 {
        return;
    }

    let expected: &[u8; 32] = data[..32].try_into().unwrap();
    let proof: &[u8; 32] = data[32..64].try_into().unwrap();
    let result = auth_verify(expected, proof);

    // Correctness: auth_verify is constant-time equality. Verify it
    // returns the correct answer — catches regressions where verify
    // always returns true or always returns false.
    assert_eq!(result, expected == proof, "auth_verify returned wrong result");
});