libsoliton/soliton/fuzz/fuzz_targets/fuzz_ratchet_encrypt.rs

#![no_main]
#![allow(deprecated)]
use libfuzzer_sys::fuzz_target;
use soliton::ratchet::RatchetState;

fuzz_target!(|data: &[u8]| {
    // Deserialize adversarial state, then encrypt.
    // Exercises: ChainExhausted guard,
    // perform_kem_ratchet_send (keygen + encaps + kdf_root),
    // kdf_msg_key, nonce construction, AAD building, AEAD encrypt,
    // and the session-fatal zeroize path on AEAD failure.
    let Ok(mut state) = RatchetState::from_bytes(data) else {
        return;
    };

    // Fixed plaintext — fingerprints are stored in the deserialized state,
    // not passed as parameters.
    let _ = state.encrypt(b"fuzz");
});