X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=fuzz%2Ffuzz_targets%2Fchannel_target.rs;h=65f0419f50928d5a22a2867bf1264783285c2ea6;hb=1b8f4acb275621d52316ae1e5f1059b15f3a120e;hp=20fd4b4352d176df8c8f1749298ce3948354d1a5;hpb=4fbe0c90b8d535e407bd8a3021a80ab0bf0dc06e;p=rust-lightning diff --git a/fuzz/fuzz_targets/channel_target.rs b/fuzz/fuzz_targets/channel_target.rs index 20fd4b43..65f0419f 100644 --- a/fuzz/fuzz_targets/channel_target.rs +++ b/fuzz/fuzz_targets/channel_target.rs @@ -7,17 +7,24 @@ use bitcoin::blockdata::transaction::{Transaction, TxOut}; use bitcoin::util::hash::Sha256dHash; use bitcoin::network::serialize::{serialize, BitcoinHash}; -use lightning::ln::channel::Channel; +use lightning::ln::channel::{Channel, ChannelKeys}; use lightning::ln::channelmanager::{HTLCFailReason, PendingForwardHTLCInfo}; use lightning::ln::msgs; -use lightning::ln::msgs::MsgDecodable; +use lightning::ln::msgs::{MsgDecodable, ErrorAction}; use lightning::chain::chaininterface::{FeeEstimator, ConfirmationTarget}; +use lightning::chain::transaction::OutPoint; use lightning::util::reset_rng_state; +use lightning::util::logger::Logger; -use secp256k1::key::PublicKey; +mod utils; + +use utils::test_logger; + +use secp256k1::key::{PublicKey, SecretKey}; use secp256k1::Secp256k1; use std::sync::atomic::{AtomicUsize,Ordering}; +use std::sync::Arc; #[inline] pub fn slice_to_be16(v: &[u8]) -> u16 { @@ -79,10 +86,10 @@ struct FuzzEstimator<'a> { input: &'a InputData<'a>, } impl<'a> FeeEstimator for FuzzEstimator<'a> { - fn get_est_sat_per_vbyte(&self, _: ConfirmationTarget) -> u64 { + fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u64 { //TODO: We should actually be testing at least much more than 64k... match self.input.get_slice(2) { - Some(slice) => slice_to_be16(slice) as u64, + Some(slice) => slice_to_be16(slice) as u64 * 250, None => 0 } } @@ -100,6 +107,8 @@ pub fn do_test(data: &[u8]) { input: &input, }; + let logger: Arc = Arc::new(test_logger::TestLogger{}); + macro_rules! get_slice { ($len: expr) => { match input.get_slice($len as usize) { @@ -117,8 +126,10 @@ pub fn do_test(data: &[u8]) { msgs::DecodeError::UnknownRealmByte => return, msgs::DecodeError::BadPublicKey => return, msgs::DecodeError::BadSignature => return, + msgs::DecodeError::BadText => return, msgs::DecodeError::ExtraAddressesPerType => return, - msgs::DecodeError::WrongLength => panic!("We picked the length..."), + msgs::DecodeError::BadLengthDescriptor => return, + msgs::DecodeError::ShortRead => panic!("We picked the length..."), } } } @@ -137,8 +148,10 @@ pub fn do_test(data: &[u8]) { msgs::DecodeError::UnknownRealmByte => return, msgs::DecodeError::BadPublicKey => return, msgs::DecodeError::BadSignature => return, + msgs::DecodeError::BadText => return, msgs::DecodeError::ExtraAddressesPerType => return, - msgs::DecodeError::WrongLength => panic!("We picked the length..."), + msgs::DecodeError::BadLengthDescriptor => return, + msgs::DecodeError::ShortRead => panic!("We picked the length..."), } } } @@ -158,19 +171,38 @@ pub fn do_test(data: &[u8]) { macro_rules! return_err { ($expr: expr) => { match $expr { - Ok(_) => {}, + Ok(r) => r, Err(_) => return, } } } + macro_rules! chan_keys { + () => { + ChannelKeys { + funding_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + revocation_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + payment_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + delayed_payment_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + htlc_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + channel_close_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + channel_monitor_claim_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], + } + } + } + let their_pubkey = get_pubkey!(); let mut tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new() }; let mut channel = if get_slice!(1)[0] != 0 { let chan_value = slice_to_be24(get_slice!(3)); - let mut chan = Channel::new_outbound(&fee_est, their_pubkey, chan_value, get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8))); + + let mut chan = match Channel::new_outbound(&fee_est, chan_keys!(), their_pubkey, chan_value, slice_to_be24(get_slice!(3)), get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8)), Arc::clone(&logger)) { + Ok(chan) => chan, + Err(_) => return, + }; chan.get_open_channel(Sha256dHash::from(get_slice!(32)), &fee_est).unwrap(); let accept_chan = if get_slice!(1)[0] == 0 { decode_msg_with_len16!(msgs::AcceptChannel, 270, 1) @@ -180,9 +212,9 @@ pub fn do_test(data: &[u8]) { return_err!(chan.accept_channel(&accept_chan)); tx.output.push(TxOut{ value: chan_value, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() }); - let funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); - chan.get_outbound_funding_created(funding_output.0.clone(), funding_output.1).unwrap(); + chan.get_outbound_funding_created(funding_output).unwrap(); let funding_signed = decode_msg!(msgs::FundingSigned, 32+64); return_err!(chan.funding_signed(&funding_signed)); chan @@ -192,18 +224,18 @@ pub fn do_test(data: &[u8]) { } else { decode_msg!(msgs::OpenChannel, 2*32+6*8+4+2*2+6*33+1) }; - let mut chan = match Channel::new_from_req(&fee_est, their_pubkey, &open_chan, slice_to_be64(get_slice!(8)), get_slice!(1)[0] == 0) { + let mut chan = match Channel::new_from_req(&fee_est, chan_keys!(), their_pubkey, &open_chan, slice_to_be64(get_slice!(8)), false, get_slice!(1)[0] == 0, Arc::clone(&logger)) { Ok(chan) => chan, Err(_) => return, }; chan.get_accept_channel().unwrap(); tx.output.push(TxOut{ value: open_chan.funding_satoshis, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() }); - let funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); let mut funding_created = decode_msg!(msgs::FundingCreated, 32+32+2+64); - funding_created.funding_txid = funding_output.0.clone(); - funding_created.funding_output_index = funding_output.1; + funding_created.funding_txid = funding_output.txid.clone(); + funding_created.funding_output_index = funding_output.index; return_err!(chan.funding_created(&funding_created)); chan }; @@ -218,10 +250,25 @@ pub fn do_test(data: &[u8]) { let funding_locked = decode_msg!(msgs::FundingLocked, 32+33); return_err!(channel.funding_locked(&funding_locked)); + macro_rules! test_err { + ($expr: expr) => { + match $expr { + Ok(r) => Some(r), + Err(e) => match e.action { + None => return, + Some(ErrorAction::UpdateFailHTLC {..}) => None, + Some(ErrorAction::DisconnectPeer {..}) => return, + Some(ErrorAction::IgnoreError) => None, + Some(ErrorAction::SendErrorMessage {..}) => None, + }, + } + } + } + loop { match get_slice!(1)[0] { 0 => { - return_err!(channel.send_htlc(slice_to_be64(get_slice!(8)), [42; 32], slice_to_be32(get_slice!(4)), msgs::OnionPacket { + test_err!(channel.send_htlc(slice_to_be64(get_slice!(8)), [42; 32], slice_to_be32(get_slice!(4)), msgs::OnionPacket { version: get_slice!(1)[0], public_key: get_pubkey!(), hop_data: [0; 20*65], @@ -229,43 +276,48 @@ pub fn do_test(data: &[u8]) { })); }, 1 => { - return_err!(channel.send_commitment()); + test_err!(channel.send_commitment()); }, 2 => { let update_add_htlc = decode_msg!(msgs::UpdateAddHTLC, 32+8+8+32+4+4+33+20*65+32); - return_err!(channel.update_add_htlc(&update_add_htlc, PendingForwardHTLCInfo::dummy())); + test_err!(channel.update_add_htlc(&update_add_htlc, PendingForwardHTLCInfo::dummy())); }, 3 => { let update_fulfill_htlc = decode_msg!(msgs::UpdateFulfillHTLC, 32 + 8 + 32); - return_err!(channel.update_fulfill_htlc(&update_fulfill_htlc)); + test_err!(channel.update_fulfill_htlc(&update_fulfill_htlc)); }, 4 => { let update_fail_htlc = decode_msg_with_len16!(msgs::UpdateFailHTLC, 32 + 8, 1); - return_err!(channel.update_fail_htlc(&update_fail_htlc, HTLCFailReason::dummy())); + test_err!(channel.update_fail_htlc(&update_fail_htlc, HTLCFailReason::dummy())); }, 5 => { let update_fail_malformed_htlc = decode_msg!(msgs::UpdateFailMalformedHTLC, 32+8+32+2); - return_err!(channel.update_fail_malformed_htlc(&update_fail_malformed_htlc, HTLCFailReason::dummy())); + test_err!(channel.update_fail_malformed_htlc(&update_fail_malformed_htlc, HTLCFailReason::dummy())); }, 6 => { let commitment_signed = decode_msg_with_len16!(msgs::CommitmentSigned, 32+64, 64); - return_err!(channel.commitment_signed(&commitment_signed)); + test_err!(channel.commitment_signed(&commitment_signed)); }, 7 => { let revoke_and_ack = decode_msg!(msgs::RevokeAndACK, 32+32+33); - return_err!(channel.revoke_and_ack(&revoke_and_ack)); + test_err!(channel.revoke_and_ack(&revoke_and_ack)); }, 8 => { let update_fee = decode_msg!(msgs::UpdateFee, 32+4); - return_err!(channel.update_fee(&fee_est, &update_fee)); + test_err!(channel.update_fee(&fee_est, &update_fee)); }, 9 => { let shutdown = decode_msg_with_len16!(msgs::Shutdown, 32, 1); - return_err!(channel.shutdown(&fee_est, &shutdown)); + test_err!(channel.shutdown(&fee_est, &shutdown)); + if channel.is_shutdown() { return; } }, 10 => { let closing_signed = decode_msg!(msgs::ClosingSigned, 32+8+64); - return_err!(channel.closing_signed(&fee_est, &closing_signed)); + let sign_res = test_err!(channel.closing_signed(&fee_est, &closing_signed)); + if sign_res.is_some() && sign_res.unwrap().1.is_some() { + assert!(channel.is_shutdown()); + return; + } }, _ => return, } @@ -273,11 +325,11 @@ pub fn do_test(data: &[u8]) { } #[cfg(feature = "afl")] -extern crate afl; +#[macro_use] extern crate afl; #[cfg(feature = "afl")] fn main() { - afl::read_stdio_bytes(|data| { - do_test(&data); + fuzz!(|data| { + do_test(data); }); } @@ -292,29 +344,11 @@ fn main() { } } +extern crate hex; #[cfg(test)] mod tests { - fn extend_vec_from_hex(hex: &str, out: &mut Vec) { - let mut b = 0; - for (idx, c) in hex.as_bytes().iter().enumerate() { - b <<= 4; - match *c { - b'A'...b'F' => b |= c - b'A' + 10, - b'a'...b'f' => b |= c - b'a' + 10, - b'0'...b'9' => b |= c - b'0', - _ => panic!("Bad hex"), - } - if (idx & 1) == 1 { - out.push(b); - b = 0; - } - } - } - #[test] fn duplicate_crash() { - let mut a = Vec::new(); - extend_vec_from_hex("00", &mut a); - super::do_test(&a); + super::do_test(&::hex::decode("00").unwrap()); } }