From 335012640a809821cd5a0afd35cb1e7463e1002d Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Wed, 29 Aug 2018 15:56:48 -0400 Subject: [PATCH] Update msg_targets with new, must-roundtrip, and hole messages --- fuzz/Cargo.toml | 32 ++++++++++++- fuzz/fuzz_targets/msg_targets/gen_target.sh | 36 +++++++++++++-- .../msg_announcement_signatures_target.rs | 46 +++++++++++++++++++ .../msg_channel_announcement_target.rs | 46 +++++++++++++++++++ .../msg_channel_update_target.rs} | 11 +++-- .../msg_decoded_onion_error_packet_target.rs | 46 +++++++++++++++++++ .../msg_targets/msg_error_message_target.rs | 46 +++++++++++++++++++ .../msg_init_target.rs} | 11 +++-- .../msg_node_announcement_target.rs | 46 +++++++++++++++++++ .../msg_targets/msg_onion_hop_data_target.rs | 46 +++++++++++++++++++ .../msg_targets/msg_target_template.txt | 2 +- .../msg_targets/msg_update_add_htlc_target.rs | 46 +++++++++++++++++++ fuzz/fuzz_targets/msg_targets/utils.rs | 25 ++++++++++ 13 files changed, 422 insertions(+), 17 deletions(-) create mode 100644 fuzz/fuzz_targets/msg_targets/msg_announcement_signatures_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_channel_announcement_target.rs rename fuzz/fuzz_targets/{msg_update_add_htlc_target.rs => msg_targets/msg_channel_update_target.rs} (74%) create mode 100644 fuzz/fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_error_message_target.rs rename fuzz/fuzz_targets/{msg_error_message_target.rs => msg_targets/msg_init_target.rs} (75%) create mode 100644 fuzz/fuzz_targets/msg_targets/msg_node_announcement_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_onion_hop_data_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index 48c9064c6..3cd249ea8 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -62,11 +62,11 @@ path = "fuzz_targets/msg_pong_target.rs" [[bin]] name = "msg_error_message_target" -path = "fuzz_targets/msg_error_message_target.rs" +path = "fuzz_targets/msg_targets/msg_error_message_target.rs" [[bin]] name = "msg_update_add_htlc_target" -path = "fuzz_targets/msg_update_add_htlc_target.rs" +path = "fuzz_targets/msg_targets/msg_update_add_htlc_target.rs" [[bin]] name = "msg_accept_channel_target" @@ -123,3 +123,31 @@ path = "fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs" [[bin]] name = "msg_channel_reestablish_target" path = "fuzz_targets/msg_targets/msg_channel_reestablish_target.rs" + +[[bin]] +name = "msg_announcement_signatures_target" +path = "fuzz_targets/msg_targets/msg_announcement_signatures_target.rs" + +[[bin]] +name = "msg_channel_announcement_target" +path = "fuzz_targets/msg_targets/msg_channel_announcement_target.rs" + +[[bin]] +name = "msg_channel_update_target" +path = "fuzz_targets/msg_targets/msg_channel_update_target.rs" + +[[bin]] +name = "msg_decoded_onion_error_packet_target" +path = "fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs" + +[[bin]] +name = "msg_init_target" +path = "fuzz_targets/msg_targets/msg_init_target.rs" + +[[bin]] +name = "msg_node_announcement_target" +path = "fuzz_targets/msg_targets/msg_node_announcement_target.rs" + +[[bin]] +name = "msg_onion_hop_data_target" +path = "fuzz_targets/msg_targets/msg_onion_hop_data_target.rs" diff --git a/fuzz/fuzz_targets/msg_targets/gen_target.sh b/fuzz/fuzz_targets/msg_targets/gen_target.sh index 249c0ce1f..32f071e85 100755 --- a/fuzz/fuzz_targets/msg_targets/gen_target.sh +++ b/fuzz/fuzz_targets/msg_targets/gen_target.sh @@ -1,5 +1,33 @@ -for target in CommitmentSigned FundingCreated FundingLocked FundingSigned OpenChannel RevokeAndACK Shutdown UpdateFailHTLC UpdateFailMalformedHTLC UpdateFee UpdateFulfillHTLC AcceptChannel ClosingSigned ChannelReestablish; do - tn=$(echo $target | sed 's/\([a-z0-9]\)\([A-Z]\)/\1_\2/g') +#!/bin/sh + +GEN_TEST() { + tn=$(echo $1 | sed 's/\([a-z0-9]\)\([A-Z]\)/\1_\2/g') fn=msg_$(echo $tn | tr '[:upper:]' '[:lower:]')_target.rs - cat msg_target_template.txt | sed s/MSG_TARGET/$target/ > $fn -done + cat msg_target_template.txt | sed s/MSG_TARGET/$1/ | sed "s/TEST_MSG/$2/" | sed "s/EXTRA_ARGS/$3/" > $fn +} + +GEN_TEST AcceptChannel test_msg "" +GEN_TEST AnnouncementSignatures test_msg "" +GEN_TEST ChannelReestablish test_msg "" +GEN_TEST ClosingSigned test_msg "" +GEN_TEST CommitmentSigned test_msg "" +GEN_TEST DecodedOnionErrorPacket test_msg "" +GEN_TEST FundingCreated test_msg "" +GEN_TEST FundingLocked test_msg "" +GEN_TEST FundingSigned test_msg "" +GEN_TEST Init test_msg "" +GEN_TEST OpenChannel test_msg "" +GEN_TEST RevokeAndACK test_msg "" +GEN_TEST Shutdown test_msg "" +GEN_TEST UpdateFailHTLC test_msg "" +GEN_TEST UpdateFailMalformedHTLC test_msg "" +GEN_TEST UpdateFee test_msg "" +GEN_TEST UpdateFulfillHTLC test_msg "" + +GEN_TEST ChannelAnnouncement test_msg_exact "" +GEN_TEST ChannelUpdate test_msg_exact "" +GEN_TEST NodeAnnouncement test_msg_exact "" + +GEN_TEST UpdateAddHTLC test_msg_hole ", 85, 33" +GEN_TEST ErrorMessage test_msg_hole ", 32, 2" +GEN_TEST OnionHopData test_msg_hole ", 1+8+8+4, 12" diff --git a/fuzz/fuzz_targets/msg_targets/msg_announcement_signatures_target.rs b/fuzz/fuzz_targets/msg_targets/msg_announcement_signatures_target.rs new file mode 100644 index 000000000..33c52b33e --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_announcement_signatures_target.rs @@ -0,0 +1,46 @@ +// This file is auto-generated by gen_target.sh based on msg_target_template.txt +// To modify it, modify msg_target_template.txt and run gen_target.sh instead. + +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + test_msg!(msgs::AnnouncementSignatures, data); +} + +#[cfg(feature = "afl")] +#[macro_use] extern crate afl; +#[cfg(feature = "afl")] +fn main() { + fuzz!(|data| { + do_test(data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +extern crate hex; +#[cfg(test)] +mod tests { + #[test] + fn duplicate_crash() { + super::do_test(&::hex::decode("00").unwrap()); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_channel_announcement_target.rs b/fuzz/fuzz_targets/msg_targets/msg_channel_announcement_target.rs new file mode 100644 index 000000000..1252cfe79 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_channel_announcement_target.rs @@ -0,0 +1,46 @@ +// This file is auto-generated by gen_target.sh based on msg_target_template.txt +// To modify it, modify msg_target_template.txt and run gen_target.sh instead. + +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + test_msg_exact!(msgs::ChannelAnnouncement, data); +} + +#[cfg(feature = "afl")] +#[macro_use] extern crate afl; +#[cfg(feature = "afl")] +fn main() { + fuzz!(|data| { + do_test(data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +extern crate hex; +#[cfg(test)] +mod tests { + #[test] + fn duplicate_crash() { + super::do_test(&::hex::decode("00").unwrap()); + } +} diff --git a/fuzz/fuzz_targets/msg_update_add_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_channel_update_target.rs similarity index 74% rename from fuzz/fuzz_targets/msg_update_add_htlc_target.rs rename to fuzz/fuzz_targets/msg_targets/msg_channel_update_target.rs index 5616047c2..c488fb6da 100644 --- a/fuzz/fuzz_targets/msg_update_add_htlc_target.rs +++ b/fuzz/fuzz_targets/msg_targets/msg_channel_update_target.rs @@ -1,3 +1,6 @@ +// This file is auto-generated by gen_target.sh based on msg_target_template.txt +// To modify it, modify msg_target_template.txt and run gen_target.sh instead. + extern crate lightning; use lightning::ln::msgs; @@ -5,14 +8,12 @@ use lightning::util::reset_rng_state; use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; +mod utils; + #[inline] pub fn do_test(data: &[u8]) { reset_rng_state(); - if let Ok(msg) = msgs::UpdateAddHTLC::decode(data){ - let enc = msg.encode(); - assert_eq!(&data[0..85], &enc[0..85]); - assert_eq!(&data[85+33..enc.len()], &enc[85+33..]); - } + test_msg_exact!(msgs::ChannelUpdate, data); } #[cfg(feature = "afl")] diff --git a/fuzz/fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs b/fuzz/fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs new file mode 100644 index 000000000..56a5fb9f6 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs @@ -0,0 +1,46 @@ +// This file is auto-generated by gen_target.sh based on msg_target_template.txt +// To modify it, modify msg_target_template.txt and run gen_target.sh instead. + +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + test_msg!(msgs::DecodedOnionErrorPacket, data); +} + +#[cfg(feature = "afl")] +#[macro_use] extern crate afl; +#[cfg(feature = "afl")] +fn main() { + fuzz!(|data| { + do_test(data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +extern crate hex; +#[cfg(test)] +mod tests { + #[test] + fn duplicate_crash() { + super::do_test(&::hex::decode("00").unwrap()); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_error_message_target.rs b/fuzz/fuzz_targets/msg_targets/msg_error_message_target.rs new file mode 100644 index 000000000..97e15c3c4 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_error_message_target.rs @@ -0,0 +1,46 @@ +// This file is auto-generated by gen_target.sh based on msg_target_template.txt +// To modify it, modify msg_target_template.txt and run gen_target.sh instead. + +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + test_msg_hole!(msgs::ErrorMessage, data, 32, 2); +} + +#[cfg(feature = "afl")] +#[macro_use] extern crate afl; +#[cfg(feature = "afl")] +fn main() { + fuzz!(|data| { + do_test(data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +extern crate hex; +#[cfg(test)] +mod tests { + #[test] + fn duplicate_crash() { + super::do_test(&::hex::decode("00").unwrap()); + } +} diff --git a/fuzz/fuzz_targets/msg_error_message_target.rs b/fuzz/fuzz_targets/msg_targets/msg_init_target.rs similarity index 75% rename from fuzz/fuzz_targets/msg_error_message_target.rs rename to fuzz/fuzz_targets/msg_targets/msg_init_target.rs index ff3719559..8a5ee76f5 100644 --- a/fuzz/fuzz_targets/msg_error_message_target.rs +++ b/fuzz/fuzz_targets/msg_targets/msg_init_target.rs @@ -1,3 +1,6 @@ +// This file is auto-generated by gen_target.sh based on msg_target_template.txt +// To modify it, modify msg_target_template.txt and run gen_target.sh instead. + extern crate lightning; use lightning::ln::msgs; @@ -5,14 +8,12 @@ use lightning::util::reset_rng_state; use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; +mod utils; + #[inline] pub fn do_test(data: &[u8]) { reset_rng_state(); - if let Ok(msg) = msgs::ErrorMessage::decode(data){ - let enc = msg.encode(); - assert_eq!(&data[0..32], &enc[0..32]); - assert_eq!(&data[34..enc.len()], &enc[34..]); - } + test_msg!(msgs::Init, data); } #[cfg(feature = "afl")] diff --git a/fuzz/fuzz_targets/msg_targets/msg_node_announcement_target.rs b/fuzz/fuzz_targets/msg_targets/msg_node_announcement_target.rs new file mode 100644 index 000000000..54b9cb684 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_node_announcement_target.rs @@ -0,0 +1,46 @@ +// This file is auto-generated by gen_target.sh based on msg_target_template.txt +// To modify it, modify msg_target_template.txt and run gen_target.sh instead. + +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + test_msg_exact!(msgs::NodeAnnouncement, data); +} + +#[cfg(feature = "afl")] +#[macro_use] extern crate afl; +#[cfg(feature = "afl")] +fn main() { + fuzz!(|data| { + do_test(data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +extern crate hex; +#[cfg(test)] +mod tests { + #[test] + fn duplicate_crash() { + super::do_test(&::hex::decode("00").unwrap()); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_onion_hop_data_target.rs b/fuzz/fuzz_targets/msg_targets/msg_onion_hop_data_target.rs new file mode 100644 index 000000000..70849c189 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_onion_hop_data_target.rs @@ -0,0 +1,46 @@ +// This file is auto-generated by gen_target.sh based on msg_target_template.txt +// To modify it, modify msg_target_template.txt and run gen_target.sh instead. + +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + test_msg_hole!(msgs::OnionHopData, data, 1+8+8+4, 12); +} + +#[cfg(feature = "afl")] +#[macro_use] extern crate afl; +#[cfg(feature = "afl")] +fn main() { + fuzz!(|data| { + do_test(data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +extern crate hex; +#[cfg(test)] +mod tests { + #[test] + fn duplicate_crash() { + super::do_test(&::hex::decode("00").unwrap()); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_target_template.txt b/fuzz/fuzz_targets/msg_targets/msg_target_template.txt index 599a4f722..6053c041c 100644 --- a/fuzz/fuzz_targets/msg_targets/msg_target_template.txt +++ b/fuzz/fuzz_targets/msg_targets/msg_target_template.txt @@ -13,7 +13,7 @@ mod utils; #[inline] pub fn do_test(data: &[u8]) { reset_rng_state(); - test_msg!(msgs::MSG_TARGET, data); + TEST_MSG!(msgs::MSG_TARGET, dataEXTRA_ARGS); } #[cfg(feature = "afl")] diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs new file mode 100644 index 000000000..64806f20f --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs @@ -0,0 +1,46 @@ +// This file is auto-generated by gen_target.sh based on msg_target_template.txt +// To modify it, modify msg_target_template.txt and run gen_target.sh instead. + +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + test_msg_hole!(msgs::UpdateAddHTLC, data, 85, 33); +} + +#[cfg(feature = "afl")] +#[macro_use] extern crate afl; +#[cfg(feature = "afl")] +fn main() { + fuzz!(|data| { + do_test(data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +extern crate hex; +#[cfg(test)] +mod tests { + #[test] + fn duplicate_crash() { + super::do_test(&::hex::decode("00").unwrap()); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/utils.rs b/fuzz/fuzz_targets/msg_targets/utils.rs index 27de871dc..64bfd8932 100644 --- a/fuzz/fuzz_targets/msg_targets/utils.rs +++ b/fuzz/fuzz_targets/msg_targets/utils.rs @@ -11,3 +11,28 @@ macro_rules! test_msg { } } } + +#[macro_export] +macro_rules! test_msg_exact { + ($MsgType: path, $data: ident) => { + { + if let Ok(msg) = <$MsgType as MsgDecodable>::decode($data){ + let enc = msg.encode(); + assert_eq!(&$data[..], &enc[..]); + } + } + } +} + +#[macro_export] +macro_rules! test_msg_hole { + ($MsgType: path, $data: ident, $hole: expr, $hole_len: expr) => { + { + if let Ok(msg) = <$MsgType as MsgDecodable>::decode($data){ + let enc = msg.encode(); + assert_eq!(&$data[..$hole], &enc[..$hole]); + assert_eq!(&$data[$hole + $hole_len..enc.len()], &enc[$hole + $hole_len..]); + } + } + } +} -- 2.39.5