libsoliton/soliton/fuzz/fuzz_targets/fuzz_ed25519_verify.rs

#![no_main]
use libfuzzer_sys::fuzz_target;
use soliton::primitives::ed25519;

fuzz_target!(|data: &[u8]| {
    // Need at least 32 (pk) + 64 (sig) = 96 bytes.
    if data.len() < 96 {
        return;
    }
    let pk_bytes: [u8; 32] = data[..32].try_into().unwrap();
    let sig: [u8; 64] = data[32..96].try_into().unwrap();
    let msg = &data[96..];

    // Attempt to construct a VerifyingKey from the fuzz input — from_bytes
    // rejects non-canonical encodings and points not on the curve.
    let Ok(vk) = ed25519_dalek::VerifyingKey::from_bytes(&pk_bytes) else {
        return;
    };

    // verify must never panic regardless of input.
    // Exercises: Ed25519 point decompression, strict signature verification.
    let _ = ed25519::verify(&vk, msg, &sig);
});