projects / rust-lightning / blob
? search:


d2a4fbca94a2aa24cdeaf6beec5e9f7e2c01172c
[rust-lightning] / fuzz / fuzz_targets / channel_target.rs
1 extern crate bitcoin;
2 extern crate lightning;
3 extern crate secp256k1;
4
5 use bitcoin::blockdata::block::BlockHeader;
6 use bitcoin::blockdata::transaction::{Transaction, TxOut};
7 use bitcoin::util::hash::Sha256dHash;
8 use bitcoin::network::serialize::{serialize, BitcoinHash};
9
10 use lightning::ln::channel::{Channel, ChannelKeys};
11 use lightning::ln::channelmanager::{HTLCFailReason, PendingHTLCStatus};
12 use lightning::ln::msgs;
13 use lightning::ln::msgs::{MsgDecodable, ErrorAction};
14 use lightning::chain::chaininterface::{FeeEstimator, ConfirmationTarget};
15 use lightning::chain::transaction::OutPoint;
16 use lightning::util::reset_rng_state;
17 use lightning::util::logger::Logger;
18
19 mod utils;
20
21 use utils::test_logger;
22
23 use secp256k1::key::{PublicKey, SecretKey};
24 use secp256k1::Secp256k1;
25
26 use std::sync::atomic::{AtomicUsize,Ordering};
27 use std::sync::Arc;
28
29 #[inline]
30 pub fn slice_to_be16(v: &[u8]) -> u16 {
31         ((v[0] as u16) << 8*1) |
32         ((v[1] as u16) << 8*0)
33 }
34
35 #[inline]
36 pub fn slice_to_be32(v: &[u8]) -> u32 {
37         ((v[0] as u32) << 8*3) |
38         ((v[1] as u32) << 8*2) |
39         ((v[2] as u32) << 8*1) |
40         ((v[3] as u32) << 8*0)
41 }
42
43 #[inline]
44 pub fn slice_to_be64(v: &[u8]) -> u64 {
45         ((v[0] as u64) << 8*7) |
46         ((v[1] as u64) << 8*6) |
47         ((v[2] as u64) << 8*5) |
48         ((v[3] as u64) << 8*4) |
49         ((v[4] as u64) << 8*3) |
50         ((v[5] as u64) << 8*2) |
51         ((v[6] as u64) << 8*1) |
52         ((v[7] as u64) << 8*0)
53 }
54
55 #[inline]
56 fn slice_to_be24(v: &[u8]) -> u64 {
57         //TODO: We should probably be returning a Result for channel creation, not panic!()ing on
58         //>2**24 values...
59         ((v[0] as u64) << 8*2) |
60         ((v[1] as u64) << 8*1) |
61         ((v[2] as u64) << 8*0)
62 }
63
64 struct InputData<'a> {
65         data: &'a [u8],
66         read_pos: AtomicUsize,
67 }
68 impl<'a> InputData<'a> {
69         fn get_slice(&self, len: usize) -> Option<&'a [u8]> {
70                 let old_pos = self.read_pos.fetch_add(len, Ordering::AcqRel);
71                 if self.data.len() < old_pos + len {
72                         return None;
73                 }
74                 Some(&self.data[old_pos..old_pos + len])
75         }
76         fn get_slice_nonadvancing(&self, len: usize) -> Option<&'a [u8]> {
77                 let old_pos = self.read_pos.load(Ordering::Acquire);
78                 if self.data.len() < old_pos + len {
79                         return None;
80                 }
81                 Some(&self.data[old_pos..old_pos + len])
82         }
83 }
84
85 struct FuzzEstimator<'a> {
86         input: &'a InputData<'a>,
87 }
88 impl<'a> FeeEstimator for FuzzEstimator<'a> {
89         fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u64 {
90                 //TODO: We should actually be testing at least much more than 64k...
91                 match self.input.get_slice(2) {
92                         Some(slice) => slice_to_be16(slice) as u64 * 250,
93                         None => 0
94                 }
95         }
96 }
97
98 #[inline]
99 pub fn do_test(data: &[u8]) {
100         reset_rng_state();
101
102         let input = InputData {
103                 data,
104                 read_pos: AtomicUsize::new(0),
105         };
106         let fee_est = FuzzEstimator {
107                 input: &input,
108         };
109
110         let logger: Arc<Logger> = Arc::new(test_logger::TestLogger{});
111
112         macro_rules! get_slice {
113                 ($len: expr) => {
114                         match input.get_slice($len as usize) {
115                                 Some(slice) => slice,
116                                 None => return,
117                         }
118                 }
119         }
120
121         macro_rules! decode_msg {
122                 ($MsgType: path, $len: expr) => {
123                         match <($MsgType)>::decode(get_slice!($len)) {
124                                 Ok(msg) => msg,
125                                 Err(e) => match e {
126                                         msgs::DecodeError::UnknownRealmByte => return,
127                                         msgs::DecodeError::UnknownRequiredFeature => return,
128                                         msgs::DecodeError::BadPublicKey => return,
129                                         msgs::DecodeError::BadSignature => return,
130                                         msgs::DecodeError::BadText => return,
131                                         msgs::DecodeError::ExtraAddressesPerType => return,
132                                         msgs::DecodeError::BadLengthDescriptor => return,
133                                         msgs::DecodeError::ShortRead => panic!("We picked the length..."),
134                                         msgs::DecodeError::InvalidValue => panic!("Writeable not used yet..."),
135                                         msgs::DecodeError::Io(_) => panic!("Writeable not used yet..."),
136                                 }
137                         }
138                 }
139         }
140
141         macro_rules! decode_msg_with_len16 {
142                 ($MsgType: path, $begin_len: expr, $factor: expr) => {
143                         {
144                                 let extra_len = slice_to_be16(&match input.get_slice_nonadvancing($begin_len as usize + 2) {
145                                         Some(slice) => slice,
146                                         None => return,
147                                 }[$begin_len..$begin_len + 2]);
148                                 match <($MsgType)>::decode(get_slice!($begin_len as usize + 2 + (extra_len as usize)*$factor)) {
149                                         Ok(msg) => msg,
150                                         Err(e) => match e {
151                                                 msgs::DecodeError::UnknownRealmByte => return,
152                                                 msgs::DecodeError::UnknownRequiredFeature => return,
153                                                 msgs::DecodeError::BadPublicKey => return,
154                                                 msgs::DecodeError::BadSignature => return,
155                                                 msgs::DecodeError::BadText => return,
156                                                 msgs::DecodeError::ExtraAddressesPerType => return,
157                                                 msgs::DecodeError::BadLengthDescriptor => return,
158                                                 msgs::DecodeError::ShortRead => panic!("We picked the length..."),
159                                                 msgs::DecodeError::InvalidValue => panic!("Writeable not used yet..."),
160                                                 msgs::DecodeError::Io(_) => panic!("Writeable not used yet..."),
161                                         }
162                                 }
163                         }
164                 }
165         }
166
167         let secp_ctx = Secp256k1::new();
168         macro_rules! get_pubkey {
169                 () => {
170                         match PublicKey::from_slice(&secp_ctx, get_slice!(33)) {
171                                 Ok(key) => key,
172                                 Err(_) => return,
173                         }
174                 }
175         }
176
177         macro_rules! return_err {
178                 ($expr: expr) => {
179                         match $expr {
180                                 Ok(r) => r,
181                                 Err(_) => return,
182                         }
183                 }
184         }
185
186         macro_rules! chan_keys {
187                 () => {
188                         ChannelKeys {
189                                 funding_key:               SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
190                                 revocation_base_key:       SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
191                                 payment_base_key:          SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
192                                 delayed_payment_base_key:  SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
193                                 htlc_base_key:             SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
194                                 channel_close_key:         SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
195                                 channel_monitor_claim_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
196                                 commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
197                         }
198                 }
199         }
200
201         let their_pubkey = get_pubkey!();
202
203         let mut tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new() };
204
205         let mut channel = if get_slice!(1)[0] != 0 {
206                 let chan_value = slice_to_be24(get_slice!(3));
207
208                 let mut chan = match Channel::new_outbound(&fee_est, chan_keys!(), their_pubkey, chan_value, slice_to_be24(get_slice!(3)), get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8)), Arc::clone(&logger)) {
209                         Ok(chan) => chan,
210                         Err(_) => return,
211                 };
212                 chan.get_open_channel(Sha256dHash::from(get_slice!(32)), &fee_est).unwrap();
213                 let accept_chan = if get_slice!(1)[0] == 0 {
214                         decode_msg_with_len16!(msgs::AcceptChannel, 270, 1)
215                 } else {
216                         decode_msg!(msgs::AcceptChannel, 270)
217                 };
218                 return_err!(chan.accept_channel(&accept_chan));
219
220                 tx.output.push(TxOut{ value: chan_value, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() });
221                 let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0);
222
223                 chan.get_outbound_funding_created(funding_output).unwrap();
224                 let funding_signed = decode_msg!(msgs::FundingSigned, 32+64);
225                 return_err!(chan.funding_signed(&funding_signed));
226                 chan
227         } else {
228                 let open_chan = if get_slice!(1)[0] == 0 {
229                         decode_msg_with_len16!(msgs::OpenChannel, 2*32+6*8+4+2*2+6*33+1, 1)
230                 } else {
231                         decode_msg!(msgs::OpenChannel, 2*32+6*8+4+2*2+6*33+1)
232                 };
233                 let mut chan = match Channel::new_from_req(&fee_est, chan_keys!(), their_pubkey, &open_chan, slice_to_be64(get_slice!(8)), false, get_slice!(1)[0] == 0, Arc::clone(&logger)) {
234                         Ok(chan) => chan,
235                         Err(_) => return,
236                 };
237                 chan.get_accept_channel();
238
239                 tx.output.push(TxOut{ value: open_chan.funding_satoshis, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() });
240                 let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0);
241
242                 let mut funding_created = decode_msg!(msgs::FundingCreated, 32+32+2+64);
243                 funding_created.funding_txid = funding_output.txid.clone();
244                 funding_created.funding_output_index = funding_output.index;
245                 return_err!(chan.funding_created(&funding_created));
246                 chan
247         };
248
249         let mut header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
250         channel.block_connected(&header, 1, &[&tx; 1], &[42; 1]);
251         for i in 2..100 {
252                 header = BlockHeader { version: 0x20000000, prev_blockhash: header.bitcoin_hash(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
253                 channel.block_connected(&header, i, &[&tx; 0], &[0; 0]);
254         }
255
256         let funding_locked = decode_msg!(msgs::FundingLocked, 32+33);
257         return_err!(channel.funding_locked(&funding_locked));
258
259         macro_rules! test_err {
260                 ($expr: expr) => {
261                         match $expr {
262                                 Ok(r) => Some(r),
263                                 Err(e) => match e.action {
264                                         None => return,
265                                         Some(ErrorAction::DisconnectPeer {..}) => return,
266                                         Some(ErrorAction::IgnoreError) => None,
267                                         Some(ErrorAction::SendErrorMessage {..}) => None,
268                                 },
269                         }
270                 }
271         }
272
273         loop {
274                 match get_slice!(1)[0] {
275                         0 => {
276                                 test_err!(channel.send_htlc(slice_to_be64(get_slice!(8)), [42; 32], slice_to_be32(get_slice!(4)), msgs::OnionPacket {
277                                         version: get_slice!(1)[0],
278                                         public_key: PublicKey::from_slice(&secp_ctx, get_slice!(33)),
279                                         hop_data: [0; 20*65],
280                                         hmac: [0; 32],
281                                 }));
282                         },
283                         1 => {
284                                 test_err!(channel.send_commitment());
285                         },
286                         2 => {
287                                 let update_add_htlc = decode_msg!(msgs::UpdateAddHTLC, 32+8+8+32+4+4+33+20*65+32);
288                                 test_err!(channel.update_add_htlc(&update_add_htlc, PendingHTLCStatus::dummy()));
289                         },
290                         3 => {
291                                 let update_fulfill_htlc = decode_msg!(msgs::UpdateFulfillHTLC, 32 + 8 + 32);
292                                 test_err!(channel.update_fulfill_htlc(&update_fulfill_htlc));
293                         },
294                         4 => {
295                                 let update_fail_htlc = decode_msg_with_len16!(msgs::UpdateFailHTLC, 32 + 8, 1);
296                                 test_err!(channel.update_fail_htlc(&update_fail_htlc, HTLCFailReason::dummy()));
297                         },
298                         5 => {
299                                 let update_fail_malformed_htlc = decode_msg!(msgs::UpdateFailMalformedHTLC, 32+8+32+2);
300                                 test_err!(channel.update_fail_malformed_htlc(&update_fail_malformed_htlc, HTLCFailReason::dummy()));
301                         },
302                         6 => {
303                                 let commitment_signed = decode_msg_with_len16!(msgs::CommitmentSigned, 32+64, 64);
304                                 test_err!(channel.commitment_signed(&commitment_signed));
305                         },
306                         7 => {
307                                 let revoke_and_ack = decode_msg!(msgs::RevokeAndACK, 32+32+33);
308                                 test_err!(channel.revoke_and_ack(&revoke_and_ack));
309                         },
310                         8 => {
311                                 let update_fee = decode_msg!(msgs::UpdateFee, 32+4);
312                                 test_err!(channel.update_fee(&fee_est, &update_fee));
313                         },
314                         9 => {
315                                 let shutdown = decode_msg_with_len16!(msgs::Shutdown, 32, 1);
316                                 test_err!(channel.shutdown(&fee_est, &shutdown));
317                                 if channel.is_shutdown() { return; }
318                         },
319                         10 => {
320                                 let closing_signed = decode_msg!(msgs::ClosingSigned, 32+8+64);
321                                 let sign_res = test_err!(channel.closing_signed(&fee_est, &closing_signed));
322                                 if sign_res.is_some() && sign_res.unwrap().1.is_some() {
323                                         assert!(channel.is_shutdown());
324                                         return;
325                                 }
326                         },
327                         _ => return,
328                 }
329         }
330 }
331
332 #[cfg(feature = "afl")]
333 #[macro_use] extern crate afl;
334 #[cfg(feature = "afl")]
335 fn main() {
336         fuzz!(|data| {
337                 do_test(data);
338         });
339 }
340
341 #[cfg(feature = "honggfuzz")]
342 #[macro_use] extern crate honggfuzz;
343 #[cfg(feature = "honggfuzz")]
344 fn main() {
345         loop {
346                 fuzz!(|data| {
347                         do_test(data);
348                 });
349         }
350 }
351
352 extern crate hex;
353 #[cfg(test)]
354 mod tests {
355         #[test]
356         fn duplicate_crash() {
357                 super::do_test(&::hex::decode("00").unwrap());
358         }
359 }
Personal fork of Rust-Lightning. Upstream is https://github.com/rust-bitcoin/rust-lightning