tests: Add new fuzz testing for PeerHandshake

Write a new fuzz test for the PeerHandshake module that is able
to generate failure paths that occur after a partial handshake sequence
has been completed.

To enable this, a new testing object FuzzGen has been introduced that
can deterministically generate bytes and bools based on the random fuzz
input. These building blocks are enough for the test code to generates
different execution paths and complete partial phases of the handshake
protocol before generating an error.

When going through a test cycle where the handshake completes, it will
also verify that the initiator and responder can communicate
successfully through the returned conduits sending variable length data
and validating the contents.

Author: julianknutsen

fuzz/src/peer_crypt.rs

@@ -7,81 +7,241 @@
 // You may not use this file except in accordance with one or both of these
 // licenses.
 
-use lightning::ln::peer_channel_encryptor::PeerChannelEncryptor;
+use bitcoin::secp256k1;
 
 use bitcoin::secp256k1::key::{PublicKey,SecretKey};
-
+use lightning::ln::peers::conduit::Conduit;
+use lightning::ln::peers::handshake::PeerHandshake;
 use utils::test_logger;
 
-#[inline]
-fn slice_to_be16(v: &[u8]) -> u16 {
-	((v[0] as u16) << 8*1) |
-	((v[1] as u16) << 8*0)
+// Test structure used to generate "random" values based on input data. It is used throughout
+// the various test cases to send random messages between nodes and to ensure the code does not fail
+// unexpectedly.
+pub struct FuzzGen<'a> {
+	read_pos: usize,
+	data: &'a [u8],
 }
 
-#[inline]
-pub fn do_test(data: &[u8]) {
-	let mut read_pos = 0;
-	macro_rules! get_slice {
-		($len: expr) => {
-			{
-				let slice_len = $len as usize;
-				if data.len() < read_pos + slice_len {
-					return;
-				}
-				read_pos += slice_len;
-				&data[read_pos - slice_len..read_pos]
+impl<'a> FuzzGen<'a> {
+	pub fn new(data: &'a [u8]) -> Self {
+		Self {
+			read_pos: 0,
+			data
+		}
+	}
+
+	pub fn generate_bytes(&mut self,  num: usize) -> Result<&'a [u8], String> {
+		if self.data.len() < self.read_pos + num {
+			return Err("out of bytes".to_string());
+		}
+
+		self.read_pos += num;
+		Ok(&self.data[self.read_pos - num..self.read_pos])
+	}
+
+	pub fn generate_secret_key(&mut self) -> Result<SecretKey, String> {
+		// Loop through the input 32 bytes at a time until a valid
+		// secret key can be created or we run out of bytes
+		loop {
+			match SecretKey::from_slice(self.generate_bytes(32)?) {
+				Ok(key) => { return Ok(key) },
+				_ => {}
 			}
 		}
 	}
 
-	let our_network_key = match SecretKey::from_slice(get_slice!(32)) {
-		Ok(key) => key,
-		Err(_) => return,
+	pub fn generate_bool(&mut self) -> Result<bool, String> {
+		let next_byte = self.generate_bytes(1)?;
+		Ok(next_byte[0] & 1 == 1)
+	}
+}
+
+struct TestCtx {
+	initiator_static_public_key: PublicKey,
+	initiator_handshake: PeerHandshake,
+	responder_static_public_key: PublicKey,
+	responder_handshake: PeerHandshake,
+	act1: Vec<u8>
+}
+
+impl TestCtx {
+	fn make(generator: &mut FuzzGen) -> Result<Self, String> {
+		let curve = secp256k1::Secp256k1::new();
+
+		// Generate needed keys for successful handshake
+		let initiator_static_private_key = generator.generate_secret_key()?;
+		let initiator_static_public_key = PublicKey::from_secret_key(&curve, &initiator_static_private_key);
+		let initiator_ephemeral_private_key = generator.generate_secret_key()?;
+		let responder_static_private_key = generator.generate_secret_key()?;
+		let responder_static_public_key = PublicKey::from_secret_key(&curve, &responder_static_private_key);
+		let responder_ephemeral_private_key = generator.generate_secret_key()?;
+
+		let (act1, initiator_handshake) = PeerHandshake::create_and_initialize_outbound(&initiator_static_private_key, &responder_static_public_key, &initiator_ephemeral_private_key);
+		let responder_handshake = PeerHandshake::new_inbound(&responder_static_private_key, &responder_ephemeral_private_key);
+
+		Ok(TestCtx {
+			initiator_static_public_key,
+			initiator_handshake,
+			responder_static_public_key,
+			responder_handshake,
+			act1
+		})
+	}
+}
+
+// Common test function that sends encrypted messages between two conduits until the source data
+// runs out.
+#[inline]
+fn do_conduit_tests(generator: &mut FuzzGen, initiator_conduit: &mut Conduit, responder_conduit: &mut Conduit) -> Result<(), String> {
+	// Keep sending messages back and forth until the input data is consumed
+	loop {
+		// Randomly generate message length
+		let msg_len_raw = generator.generate_bytes(1)?;
+		let msg_len = msg_len_raw[0] as usize;
+
+		// Randomly generate message
+		let sender_unencrypted_msg = generator.generate_bytes(msg_len)?;
+
+		// randomly choose sender of message
+		let receiver_unencrypted_msg = if generator.generate_bool()? {
+			let encrypted_msg = initiator_conduit.encrypt(sender_unencrypted_msg);
+			responder_conduit.decrypt_single_message(Some(&encrypted_msg))
+		} else {
+			let encrypted_msg = responder_conduit.encrypt(sender_unencrypted_msg);
+			initiator_conduit.decrypt_single_message(Some(&encrypted_msg))
+		};
+
+		assert_eq!(sender_unencrypted_msg, receiver_unencrypted_msg.unwrap().as_slice());
+	}
+}
+
+// This test completes a valid handshake based on "random" private keys and then sends variable
+// length encrypted messages between two conduits to validate that they can communicate.
+#[inline]
+fn do_completed_handshake_test(generator: &mut FuzzGen) -> Result<(), String> {
+	let mut test_ctx = TestCtx::make(generator)?;
+
+	// The handshake should complete with any valid private keys
+	let act2 = test_ctx.responder_handshake.process_act(&test_ctx.act1).unwrap().0.unwrap();
+	let (act3, (mut initiator_conduit, responder_pubkey)) = match test_ctx.initiator_handshake.process_act(&act2) {
+		Ok((Some(act3), Some((conduit, remote_pubkey)))) => {
+			(act3, (conduit, remote_pubkey))
+		}
+		_ => panic!("handshake failed")
 	};
-	let ephemeral_key = match SecretKey::from_slice(get_slice!(32)) {
-		Ok(key) => key,
-		Err(_) => return,
+
+	let (mut responder_conduit, initiator_pubkey) = match test_ctx.responder_handshake.process_act(&act3) {
+		Ok((None, Some((conduit, remote_pubkey)))) => {
+			(conduit, remote_pubkey)
+		}
+		_ => panic!("handshake failed")
 	};
 
-	let mut crypter = if get_slice!(1)[0] != 0 {
-		let their_pubkey = match PublicKey::from_slice(get_slice!(33)) {
-			Ok(key) => key,
-			Err(_) => return,
-		};
-		let mut crypter = PeerChannelEncryptor::new_outbound(their_pubkey, ephemeral_key);
-		crypter.get_act_one();
-		match crypter.process_act_two(get_slice!(50), &our_network_key) {
-			Ok(_) => {},
-			Err(_) => return,
+	// The handshake should complete with each peer knowing the static_public_key of the remote peer
+	assert_eq!(initiator_pubkey, test_ctx.initiator_static_public_key);
+	assert_eq!(responder_pubkey, test_ctx.responder_static_public_key);
+
+	// The nodes should be able to communicate over the conduit
+	do_conduit_tests(generator, &mut initiator_conduit, &mut responder_conduit)?;
+
+	unreachable!();
+}
+
+// This test variant goes through the peer handshake between the initiator and responder with
+// "random" failures to verify that nothing panics.
+// In the event of an error from process_act() we validate that the input data was generated
+// randomly to ensure real act generation still produces valid transitions.
+#[inline]
+fn do_handshake_test(generator: &mut FuzzGen) -> Result<(), String> {
+	let mut test_ctx = TestCtx::make(generator)?;
+	let mut used_generated_data = false;
+
+	// Possibly generate bad data for act1 and ensure that the responder does not panic
+	let mut act1 = test_ctx.act1;
+	if generator.generate_bool()? {
+		act1 = (generator.generate_bytes(50)?).to_vec();
+		used_generated_data = true;
+	}
+
+	let mut act2 = match test_ctx.responder_handshake.process_act(&act1) {
+		Ok((Some(act2), None)) => {
+			act2
 		}
-		assert!(crypter.is_ready_for_encryption());
-		crypter
-	} else {
-		let mut crypter = PeerChannelEncryptor::new_inbound(&our_network_key);
-		match crypter.process_act_one_with_keys(get_slice!(50), &our_network_key, ephemeral_key) {
-			Ok(_) => {},
-			Err(_) => return,
+		Err(_) => {
+			assert!(used_generated_data);
+			return Err("generated expected failure with bad data".to_string());
 		}
-		match crypter.process_act_three(get_slice!(66)) {
-			Ok(_) => {},
-			Err(_) => return,
+		_ => panic!("responder required to output act bytes and no conduit/pubkey")
+	};
+
+	// Possibly generate bad data for act2 and ensure that the initiator does not panic
+	if generator.generate_bool()? {
+		act2 = (generator.generate_bytes(50)?).to_vec();
+		used_generated_data = true;
+	}
+
+	let (mut act3, (mut initiator_conduit, responder_pubkey)) = match test_ctx.initiator_handshake.process_act(&act2) {
+		Ok((Some(act3), Some((conduit, remote_pubkey)))) => {
+			(act3, (conduit, remote_pubkey))
 		}
-		assert!(crypter.is_ready_for_encryption());
-		crypter
+		Err(_) => {
+			assert!(used_generated_data);
+			return Err("generated expected failure with bad data".to_string());
+		}
+		_ => panic!("initiator required to output act bytes and no conduit/pubkey")
 	};
-	loop {
-		if get_slice!(1)[0] == 0 {
-			crypter.encrypt_message(get_slice!(slice_to_be16(get_slice!(2))));
-		} else {
-			let len = match crypter.decrypt_length_header(get_slice!(16+2)) {
-				Ok(len) => len,
-				Err(_) => return,
-			};
-			match crypter.decrypt_message(get_slice!(len as usize + 16)) {
-				Ok(_) => {},
-				Err(_) => return,
-			}
+
+	// Possibly generate bad data for act3 and ensure that the responder does not panic
+	if generator.generate_bool()? {
+		act3 = (generator.generate_bytes(66)?).to_vec();
+		used_generated_data = true;
+	}
+
+	let (mut responder_conduit, initiator_pubkey) = match test_ctx.responder_handshake.process_act(&act3) {
+		Ok((None, Some((conduit, remote_pubkey)))) => {
+			(conduit, remote_pubkey)
+		}
+		Err(_) => {
+			// extremely unlikely we randomly generate a correct act3, but if so.. reset this
+			assert!(used_generated_data);
+			return Err("generated expected failure with bad data".to_string());
+		},
+		_ => panic!("responder required to output conduit/remote pubkey and no act bytes")
+	};
+
+	// The handshake should complete with each peer knowing the static_public_key of the remote peer
+	if initiator_pubkey != test_ctx.initiator_static_public_key {
+		assert!(used_generated_data);
+		return Ok(());
+	}
+	if responder_pubkey != test_ctx.responder_static_public_key {
+		assert!(used_generated_data);
+		return Ok(());
+	}
+
+	// The nodes should be able to communicate over the conduit
+	do_conduit_tests(generator, &mut initiator_conduit, &mut responder_conduit)?;
+
+	unreachable!();
+}
+
+#[inline]
+fn do_test(data: &[u8]) {
+	let mut generator = FuzzGen::new(data);
+
+	// Based on a "random" bool, decide which test variant to run
+	let do_valid_handshake = match generator.generate_bool() {
+		Ok(value) => { value },
+		_ => { return }
+	};
+
+	if do_valid_handshake {
+		match do_completed_handshake_test(&mut generator) {
+			_ => {}
+		}
+	} else {
+		match do_handshake_test(&mut generator) {
+			_ => {}
 		}
 	}
 }
@@ -94,3 +254,58 @@ pub fn peer_crypt_test<Out: test_logger::Output>(data: &[u8], _out: Out) {
 pub extern "C" fn peer_crypt_run(data: *const u8, datalen: usize) {
 	do_test(unsafe { std::slice::from_raw_parts(data, datalen) });
 }
+
+#[cfg(test)]
+mod test {
+	use super::*;
+
+	#[test]
+	fn data_generator_empty() {
+		let mut generator = FuzzGen::new(&[]);
+		assert_eq!(generator.generate_bool().err(), Some("out of bytes".to_string()));
+	}
+
+	#[test]
+	fn data_generator_bool_true() {
+		let mut generator = FuzzGen::new(&[1]);
+		assert!(generator.generate_bool().unwrap());
+	}
+
+	#[test]
+	fn data_generator_bool_false() {
+		let mut generator = FuzzGen::new(&[0]);
+		assert!(!generator.generate_bool().unwrap());
+	}
+
+	#[test]
+	fn data_generator_bool_then_error() {
+		let mut generator = FuzzGen::new(&[1]);
+		assert!(generator.generate_bool().unwrap());
+		assert_eq!(generator.generate_bool().err(), Some("out of bytes".to_string()));
+	}
+
+	#[test]
+	fn data_generator_bytes_too_many() {
+		let mut generator = FuzzGen::new(&[1, 2, 3, 4]);
+		assert_eq!(generator.generate_bytes(5).err(), Some("out of bytes".to_string()));
+	}
+
+	#[test]
+	fn data_generator_bytes() {
+		let input = [1, 2, 3, 4];
+		let mut generator = FuzzGen::new(&input);
+		let result = generator.generate_bytes(4).unwrap();
+		assert_eq!(result, input);
+	}
+
+	#[test]
+	fn data_generator_bytes_sequential() {
+		let input = [1, 2, 3, 4];
+		let mut generator = FuzzGen::new(&input);
+		let result = generator.generate_bytes(2).unwrap();
+		assert_eq!(result, &input[..2]);
+		let result = generator.generate_bytes(2).unwrap();
+		assert_eq!(result, &input[2..]);
+		assert_eq!(generator.generate_bytes(1).err(), Some("out of bytes".to_string()));
+	}
+}