X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=fuzz%2Ffuzz_targets%2Fchannel_target.rs;h=e7cc6f76c999e42d6bdfc861a6a0244f500b1885;hb=1f1f82569a1774d2f6cb84e1de3c55dc733022c8;hp=b8da2165885f473ba80f2631232d2dc1b1315efc;hpb=511c5319f1b50438ed21e5c922c0c9ef0b258cac;p=rust-lightning diff --git a/fuzz/fuzz_targets/channel_target.rs b/fuzz/fuzz_targets/channel_target.rs index b8da2165..e7cc6f76 100644 --- a/fuzz/fuzz_targets/channel_target.rs +++ b/fuzz/fuzz_targets/channel_target.rs @@ -3,20 +3,29 @@ extern crate lightning; extern crate secp256k1; use bitcoin::blockdata::block::BlockHeader; -use bitcoin::blockdata::transaction::Transaction; +use bitcoin::blockdata::transaction::{Transaction, TxOut}; use bitcoin::util::hash::Sha256dHash; use bitcoin::network::serialize::{serialize, BitcoinHash}; -use lightning::ln::channel::Channel; -use lightning::ln::channelmanager::PendingForwardHTLCInfo; +use lightning::ln::channel::{Channel, ChannelKeys}; +use lightning::ln::channelmanager::{HTLCFailReason, HTLCSource, PendingHTLCStatus}; use lightning::ln::msgs; -use lightning::ln::msgs::MsgDecodable; +use lightning::ln::msgs::{ErrorAction}; use lightning::chain::chaininterface::{FeeEstimator, ConfirmationTarget}; +use lightning::chain::transaction::OutPoint; +use lightning::util::reset_rng_state; +use lightning::util::logger::Logger; +use lightning::util::ser::Readable; -use secp256k1::key::PublicKey; +mod utils; + +use utils::test_logger; + +use secp256k1::key::{PublicKey, SecretKey}; use secp256k1::Secp256k1; use std::sync::atomic::{AtomicUsize,Ordering}; +use std::sync::Arc; #[inline] pub fn slice_to_be16(v: &[u8]) -> u16 { @@ -78,10 +87,10 @@ struct FuzzEstimator<'a> { input: &'a InputData<'a>, } impl<'a> FeeEstimator for FuzzEstimator<'a> { - fn get_est_sat_per_vbyte(&self, _: ConfirmationTarget) -> u64 { + fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u64 { //TODO: We should actually be testing at least much more than 64k... match self.input.get_slice(2) { - Some(slice) => slice_to_be16(slice) as u64, + Some(slice) => slice_to_be16(slice) as u64 * 250, None => 0 } } @@ -89,6 +98,8 @@ impl<'a> FeeEstimator for FuzzEstimator<'a> { #[inline] pub fn do_test(data: &[u8]) { + reset_rng_state(); + let input = InputData { data, read_pos: AtomicUsize::new(0), @@ -97,6 +108,8 @@ pub fn do_test(data: &[u8]) { input: &input, }; + let logger: Arc = Arc::new(test_logger::TestLogger{}); + macro_rules! get_slice { ($len: expr) => { match input.get_slice($len as usize) { @@ -107,17 +120,24 @@ pub fn do_test(data: &[u8]) { } macro_rules! decode_msg { - ($MsgType: path, $len: expr) => { - match <($MsgType)>::decode(get_slice!($len)) { + ($MsgType: path, $len: expr) => {{ + let mut reader = ::std::io::Cursor::new(get_slice!($len)); + match <($MsgType)>::read(&mut reader) { Ok(msg) => msg, Err(e) => match e { msgs::DecodeError::UnknownRealmByte => return, + msgs::DecodeError::UnknownRequiredFeature => return, msgs::DecodeError::BadPublicKey => return, msgs::DecodeError::BadSignature => return, - msgs::DecodeError::WrongLength => panic!("We picked the length..."), + msgs::DecodeError::BadText => return, + msgs::DecodeError::ExtraAddressesPerType => return, + msgs::DecodeError::BadLengthDescriptor => return, + msgs::DecodeError::ShortRead => panic!("We picked the length..."), + msgs::DecodeError::InvalidValue => panic!("Should not happen with p2p message decoding"), + msgs::DecodeError::Io(e) => panic!(format!("{}", e)), } } - } + }} } macro_rules! decode_msg_with_len16 { @@ -127,15 +147,7 @@ pub fn do_test(data: &[u8]) { Some(slice) => slice, None => return, }[$begin_len..$begin_len + 2]); - match <($MsgType)>::decode(get_slice!($begin_len as usize + 2 + (extra_len as usize)*$factor)) { - Ok(msg) => msg, - Err(e) => match e { - msgs::DecodeError::UnknownRealmByte => return, - msgs::DecodeError::BadPublicKey => return, - msgs::DecodeError::BadSignature => return, - msgs::DecodeError::WrongLength => panic!("We picked the length..."), - } - } + decode_msg!($MsgType, $begin_len as usize + 2 + (extra_len as usize)*$factor) } } } @@ -153,27 +165,50 @@ pub fn do_test(data: &[u8]) { macro_rules! return_err { ($expr: expr) => { match $expr { - Ok(_) => {}, + Ok(r) => r, Err(_) => return, } } } + macro_rules! chan_keys { + () => { + ChannelKeys { + funding_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + revocation_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + payment_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + delayed_payment_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + htlc_base_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + channel_close_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + channel_monitor_claim_key: SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(), + commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], + } + } + } + let their_pubkey = get_pubkey!(); - let tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new(), witness: Vec::new() }; - let funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + let mut tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new() }; let mut channel = if get_slice!(1)[0] != 0 { - let mut chan = Channel::new_outbound(&fee_est, their_pubkey, slice_to_be24(get_slice!(3)), get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8))); - chan.get_open_channel(Sha256dHash::from(get_slice!(32)), &fee_est).unwrap(); + let chan_value = slice_to_be24(get_slice!(3)); + + let mut chan = match Channel::new_outbound(&fee_est, chan_keys!(), their_pubkey, chan_value, slice_to_be24(get_slice!(3)), get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8)), Arc::clone(&logger)) { + Ok(chan) => chan, + Err(_) => return, + }; + chan.get_open_channel(Sha256dHash::from(get_slice!(32)), &fee_est); let accept_chan = if get_slice!(1)[0] == 0 { decode_msg_with_len16!(msgs::AcceptChannel, 270, 1) } else { decode_msg!(msgs::AcceptChannel, 270) }; return_err!(chan.accept_channel(&accept_chan)); - chan.get_outbound_funding_created(funding_output.0.clone(), funding_output.1).unwrap(); + + tx.output.push(TxOut{ value: chan_value, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() }); + let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + + chan.get_outbound_funding_created(funding_output).unwrap(); let funding_signed = decode_msg!(msgs::FundingSigned, 32+64); return_err!(chan.funding_signed(&funding_signed)); chan @@ -183,14 +218,18 @@ pub fn do_test(data: &[u8]) { } else { decode_msg!(msgs::OpenChannel, 2*32+6*8+4+2*2+6*33+1) }; - let mut chan = match Channel::new_from_req(&fee_est, their_pubkey, &open_chan, slice_to_be64(get_slice!(8)), get_slice!(1)[0] == 0) { + let mut chan = match Channel::new_from_req(&fee_est, chan_keys!(), their_pubkey, &open_chan, slice_to_be64(get_slice!(8)), false, get_slice!(1)[0] == 0, Arc::clone(&logger)) { Ok(chan) => chan, Err(_) => return, }; - chan.get_accept_channel().unwrap(); + chan.get_accept_channel(); + + tx.output.push(TxOut{ value: open_chan.funding_satoshis, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() }); + let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + let mut funding_created = decode_msg!(msgs::FundingCreated, 32+32+2+64); - funding_created.funding_txid = funding_output.0.clone(); - funding_created.funding_output_index = funding_output.1; + funding_created.funding_txid = funding_output.txid.clone(); + funding_created.funding_output_index = funding_output.index; return_err!(chan.funding_created(&funding_created)); chan }; @@ -205,46 +244,73 @@ pub fn do_test(data: &[u8]) { let funding_locked = decode_msg!(msgs::FundingLocked, 32+33); return_err!(channel.funding_locked(&funding_locked)); + macro_rules! test_err { + ($expr: expr) => { + match $expr { + Ok(r) => Some(r), + Err(e) => match e.action { + None => return, + Some(ErrorAction::DisconnectPeer {..}) => return, + Some(ErrorAction::IgnoreError) => None, + Some(ErrorAction::SendErrorMessage {..}) => None, + }, + } + } + } + loop { match get_slice!(1)[0] { 0 => { - return_err!(channel.send_htlc(slice_to_be64(get_slice!(8)), [42; 32], slice_to_be32(get_slice!(4)), msgs::OnionPacket { + test_err!(channel.send_htlc(slice_to_be64(get_slice!(8)), [42; 32], slice_to_be32(get_slice!(4)), HTLCSource::dummy(), msgs::OnionPacket { version: get_slice!(1)[0], - public_key: get_pubkey!(), + public_key: PublicKey::from_slice(&secp_ctx, get_slice!(33)), hop_data: [0; 20*65], hmac: [0; 32], })); }, 1 => { - return_err!(channel.send_commitment()); + test_err!(channel.send_commitment()); }, 2 => { let update_add_htlc = decode_msg!(msgs::UpdateAddHTLC, 32+8+8+32+4+4+33+20*65+32); - return_err!(channel.update_add_htlc(&update_add_htlc, PendingForwardHTLCInfo::dummy())); + test_err!(channel.update_add_htlc(&update_add_htlc, PendingHTLCStatus::dummy())); }, 3 => { let update_fulfill_htlc = decode_msg!(msgs::UpdateFulfillHTLC, 32 + 8 + 32); - return_err!(channel.update_fulfill_htlc(&update_fulfill_htlc)); + test_err!(channel.update_fulfill_htlc(&update_fulfill_htlc)); }, 4 => { let update_fail_htlc = decode_msg_with_len16!(msgs::UpdateFailHTLC, 32 + 8, 1); - return_err!(channel.update_fail_htlc(&update_fail_htlc)); + test_err!(channel.update_fail_htlc(&update_fail_htlc, HTLCFailReason::dummy())); }, 5 => { let update_fail_malformed_htlc = decode_msg!(msgs::UpdateFailMalformedHTLC, 32+8+32+2); - return_err!(channel.update_fail_malformed_htlc(&update_fail_malformed_htlc)); + test_err!(channel.update_fail_malformed_htlc(&update_fail_malformed_htlc, HTLCFailReason::dummy())); }, 6 => { let commitment_signed = decode_msg_with_len16!(msgs::CommitmentSigned, 32+64, 64); - return_err!(channel.commitment_signed(&commitment_signed)); + test_err!(channel.commitment_signed(&commitment_signed)); }, 7 => { let revoke_and_ack = decode_msg!(msgs::RevokeAndACK, 32+32+33); - return_err!(channel.revoke_and_ack(&revoke_and_ack)); + test_err!(channel.revoke_and_ack(&revoke_and_ack)); }, 8 => { let update_fee = decode_msg!(msgs::UpdateFee, 32+4); - return_err!(channel.update_fee(&fee_est, &update_fee)); + test_err!(channel.update_fee(&fee_est, &update_fee)); + }, + 9 => { + let shutdown = decode_msg_with_len16!(msgs::Shutdown, 32, 1); + test_err!(channel.shutdown(&fee_est, &shutdown)); + if channel.is_shutdown() { return; } + }, + 10 => { + let closing_signed = decode_msg!(msgs::ClosingSigned, 32+8+64); + let sign_res = test_err!(channel.closing_signed(&fee_est, &closing_signed)); + if sign_res.is_some() && sign_res.unwrap().1.is_some() { + assert!(channel.is_shutdown()); + return; + } }, _ => return, } @@ -252,11 +318,11 @@ pub fn do_test(data: &[u8]) { } #[cfg(feature = "afl")] -extern crate afl; +#[macro_use] extern crate afl; #[cfg(feature = "afl")] fn main() { - afl::read_stdio_bytes(|data| { - do_test(&data); + fuzz!(|data| { + do_test(data); }); } @@ -271,29 +337,11 @@ fn main() { } } +extern crate hex; #[cfg(test)] mod tests { - fn extend_vec_from_hex(hex: &str, out: &mut Vec) { - let mut b = 0; - for (idx, c) in hex.as_bytes().iter().enumerate() { - b <<= 4; - match *c { - b'A'...b'F' => b |= c - b'A' + 10, - b'a'...b'f' => b |= c - b'a' + 10, - b'0'...b'9' => b |= c - b'0', - _ => panic!("Bad hex"), - } - if (idx & 1) == 1 { - out.push(b); - b = 0; - } - } - } - #[test] fn duplicate_crash() { - let mut a = Vec::new(); - extend_vec_from_hex("00", &mut a); - super::do_test(&a); + super::do_test(&::hex::decode("00").unwrap()); } }