2 extern crate lightning;
3 extern crate secp256k1;
5 use bitcoin::blockdata::block::BlockHeader;
6 use bitcoin::blockdata::transaction::{Transaction, TxOut};
7 use bitcoin::util::hash::Sha256dHash;
8 use bitcoin::network::serialize::{serialize, BitcoinHash};
10 use lightning::ln::channel::{Channel, ChannelKeys};
11 use lightning::ln::channelmanager::{HTLCFailReason, HTLCSource, PendingHTLCStatus};
12 use lightning::ln::msgs;
13 use lightning::ln::msgs::{MsgDecodable, ErrorAction};
14 use lightning::chain::chaininterface::{FeeEstimator, ConfirmationTarget};
15 use lightning::chain::transaction::OutPoint;
16 use lightning::util::reset_rng_state;
17 use lightning::util::logger::Logger;
21 use utils::test_logger;
23 use secp256k1::key::{PublicKey, SecretKey};
24 use secp256k1::Secp256k1;
26 use std::sync::atomic::{AtomicUsize,Ordering};
30 pub fn slice_to_be16(v: &[u8]) -> u16 {
31 ((v[0] as u16) << 8*1) |
32 ((v[1] as u16) << 8*0)
36 pub fn slice_to_be32(v: &[u8]) -> u32 {
37 ((v[0] as u32) << 8*3) |
38 ((v[1] as u32) << 8*2) |
39 ((v[2] as u32) << 8*1) |
40 ((v[3] as u32) << 8*0)
44 pub fn slice_to_be64(v: &[u8]) -> u64 {
45 ((v[0] as u64) << 8*7) |
46 ((v[1] as u64) << 8*6) |
47 ((v[2] as u64) << 8*5) |
48 ((v[3] as u64) << 8*4) |
49 ((v[4] as u64) << 8*3) |
50 ((v[5] as u64) << 8*2) |
51 ((v[6] as u64) << 8*1) |
52 ((v[7] as u64) << 8*0)
56 fn slice_to_be24(v: &[u8]) -> u64 {
57 //TODO: We should probably be returning a Result for channel creation, not panic!()ing on
59 ((v[0] as u64) << 8*2) |
60 ((v[1] as u64) << 8*1) |
61 ((v[2] as u64) << 8*0)
64 struct InputData<'a> {
66 read_pos: AtomicUsize,
68 impl<'a> InputData<'a> {
69 fn get_slice(&self, len: usize) -> Option<&'a [u8]> {
70 let old_pos = self.read_pos.fetch_add(len, Ordering::AcqRel);
71 if self.data.len() < old_pos + len {
74 Some(&self.data[old_pos..old_pos + len])
76 fn get_slice_nonadvancing(&self, len: usize) -> Option<&'a [u8]> {
77 let old_pos = self.read_pos.load(Ordering::Acquire);
78 if self.data.len() < old_pos + len {
81 Some(&self.data[old_pos..old_pos + len])
85 struct FuzzEstimator<'a> {
86 input: &'a InputData<'a>,
88 impl<'a> FeeEstimator for FuzzEstimator<'a> {
89 fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u64 {
90 //TODO: We should actually be testing at least much more than 64k...
91 match self.input.get_slice(2) {
92 Some(slice) => slice_to_be16(slice) as u64 * 250,
99 pub fn do_test(data: &[u8]) {
102 let input = InputData {
104 read_pos: AtomicUsize::new(0),
106 let fee_est = FuzzEstimator {
110 let logger: Arc<Logger> = Arc::new(test_logger::TestLogger{});
112 macro_rules! get_slice {
114 match input.get_slice($len as usize) {
115 Some(slice) => slice,
121 macro_rules! decode_msg {
122 ($MsgType: path, $len: expr) => {
123 match <($MsgType)>::decode(get_slice!($len)) {
126 msgs::DecodeError::UnknownRealmByte => return,
127 msgs::DecodeError::UnknownRequiredFeature => return,
128 msgs::DecodeError::BadPublicKey => return,
129 msgs::DecodeError::BadSignature => return,
130 msgs::DecodeError::BadText => return,
131 msgs::DecodeError::ExtraAddressesPerType => return,
132 msgs::DecodeError::BadLengthDescriptor => return,
133 msgs::DecodeError::ShortRead => panic!("We picked the length..."),
139 macro_rules! decode_msg_with_len16 {
140 ($MsgType: path, $begin_len: expr, $factor: expr) => {
142 let extra_len = slice_to_be16(&match input.get_slice_nonadvancing($begin_len as usize + 2) {
143 Some(slice) => slice,
145 }[$begin_len..$begin_len + 2]);
146 match <($MsgType)>::decode(get_slice!($begin_len as usize + 2 + (extra_len as usize)*$factor)) {
149 msgs::DecodeError::UnknownRealmByte => return,
150 msgs::DecodeError::UnknownRequiredFeature => return,
151 msgs::DecodeError::BadPublicKey => return,
152 msgs::DecodeError::BadSignature => return,
153 msgs::DecodeError::BadText => return,
154 msgs::DecodeError::ExtraAddressesPerType => return,
155 msgs::DecodeError::BadLengthDescriptor => return,
156 msgs::DecodeError::ShortRead => panic!("We picked the length..."),
163 let secp_ctx = Secp256k1::new();
164 macro_rules! get_pubkey {
166 match PublicKey::from_slice(&secp_ctx, get_slice!(33)) {
173 macro_rules! return_err {
182 macro_rules! chan_keys {
185 funding_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
186 revocation_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
187 payment_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
188 delayed_payment_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
189 htlc_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
190 channel_close_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
191 channel_monitor_claim_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
192 commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
197 let their_pubkey = get_pubkey!();
199 let mut tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new() };
201 let mut channel = if get_slice!(1)[0] != 0 {
202 let chan_value = slice_to_be24(get_slice!(3));
204 let mut chan = match Channel::new_outbound(&fee_est, chan_keys!(), their_pubkey, chan_value, slice_to_be24(get_slice!(3)), get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8)), Arc::clone(&logger)) {
208 chan.get_open_channel(Sha256dHash::from(get_slice!(32)), &fee_est).unwrap();
209 let accept_chan = if get_slice!(1)[0] == 0 {
210 decode_msg_with_len16!(msgs::AcceptChannel, 270, 1)
212 decode_msg!(msgs::AcceptChannel, 270)
214 return_err!(chan.accept_channel(&accept_chan));
216 tx.output.push(TxOut{ value: chan_value, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() });
217 let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0);
219 chan.get_outbound_funding_created(funding_output).unwrap();
220 let funding_signed = decode_msg!(msgs::FundingSigned, 32+64);
221 return_err!(chan.funding_signed(&funding_signed));
224 let open_chan = if get_slice!(1)[0] == 0 {
225 decode_msg_with_len16!(msgs::OpenChannel, 2*32+6*8+4+2*2+6*33+1, 1)
227 decode_msg!(msgs::OpenChannel, 2*32+6*8+4+2*2+6*33+1)
229 let mut chan = match Channel::new_from_req(&fee_est, chan_keys!(), their_pubkey, &open_chan, slice_to_be64(get_slice!(8)), false, get_slice!(1)[0] == 0, Arc::clone(&logger)) {
233 chan.get_accept_channel();
235 tx.output.push(TxOut{ value: open_chan.funding_satoshis, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() });
236 let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0);
238 let mut funding_created = decode_msg!(msgs::FundingCreated, 32+32+2+64);
239 funding_created.funding_txid = funding_output.txid.clone();
240 funding_created.funding_output_index = funding_output.index;
241 return_err!(chan.funding_created(&funding_created));
245 let mut header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
246 channel.block_connected(&header, 1, &[&tx; 1], &[42; 1]);
248 header = BlockHeader { version: 0x20000000, prev_blockhash: header.bitcoin_hash(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
249 channel.block_connected(&header, i, &[&tx; 0], &[0; 0]);
252 let funding_locked = decode_msg!(msgs::FundingLocked, 32+33);
253 return_err!(channel.funding_locked(&funding_locked));
255 macro_rules! test_err {
259 Err(e) => match e.action {
261 Some(ErrorAction::DisconnectPeer {..}) => return,
262 Some(ErrorAction::IgnoreError) => None,
263 Some(ErrorAction::SendErrorMessage {..}) => None,
270 match get_slice!(1)[0] {
272 test_err!(channel.send_htlc(slice_to_be64(get_slice!(8)), [42; 32], slice_to_be32(get_slice!(4)), HTLCSource::dummy(), msgs::OnionPacket {
273 version: get_slice!(1)[0],
274 public_key: PublicKey::from_slice(&secp_ctx, get_slice!(33)),
275 hop_data: [0; 20*65],
280 test_err!(channel.send_commitment());
283 let update_add_htlc = decode_msg!(msgs::UpdateAddHTLC, 32+8+8+32+4+4+33+20*65+32);
284 test_err!(channel.update_add_htlc(&update_add_htlc, PendingHTLCStatus::dummy()));
287 let update_fulfill_htlc = decode_msg!(msgs::UpdateFulfillHTLC, 32 + 8 + 32);
288 test_err!(channel.update_fulfill_htlc(&update_fulfill_htlc));
291 let update_fail_htlc = decode_msg_with_len16!(msgs::UpdateFailHTLC, 32 + 8, 1);
292 test_err!(channel.update_fail_htlc(&update_fail_htlc, HTLCFailReason::dummy()));
295 let update_fail_malformed_htlc = decode_msg!(msgs::UpdateFailMalformedHTLC, 32+8+32+2);
296 test_err!(channel.update_fail_malformed_htlc(&update_fail_malformed_htlc, HTLCFailReason::dummy()));
299 let commitment_signed = decode_msg_with_len16!(msgs::CommitmentSigned, 32+64, 64);
300 test_err!(channel.commitment_signed(&commitment_signed));
303 let revoke_and_ack = decode_msg!(msgs::RevokeAndACK, 32+32+33);
304 test_err!(channel.revoke_and_ack(&revoke_and_ack));
307 let update_fee = decode_msg!(msgs::UpdateFee, 32+4);
308 test_err!(channel.update_fee(&fee_est, &update_fee));
311 let shutdown = decode_msg_with_len16!(msgs::Shutdown, 32, 1);
312 test_err!(channel.shutdown(&fee_est, &shutdown));
313 if channel.is_shutdown() { return; }
316 let closing_signed = decode_msg!(msgs::ClosingSigned, 32+8+64);
317 let sign_res = test_err!(channel.closing_signed(&fee_est, &closing_signed));
318 if sign_res.is_some() && sign_res.unwrap().1.is_some() {
319 assert!(channel.is_shutdown());
328 #[cfg(feature = "afl")]
329 #[macro_use] extern crate afl;
330 #[cfg(feature = "afl")]
337 #[cfg(feature = "honggfuzz")]
338 #[macro_use] extern crate honggfuzz;
339 #[cfg(feature = "honggfuzz")]
352 fn duplicate_crash() {
353 super::do_test(&::hex::decode("00").unwrap());