fix bug that was kindly caught by fuzz tests

Author: arik-so

lightning/src/ln/peers/chacha.rs

@@ -21,8 +21,12 @@ pub fn decrypt(key: &[u8], nonce: u64, associated_data: &[u8], tagged_ciphertext
 	nonce_bytes[4..].copy_from_slice(&byte_utils::le64_to_array(nonce));
 
 	let length = tagged_ciphertext.len();
-	let ciphertext = &tagged_ciphertext[0..length - 16];
-	let authentication_tag = &tagged_ciphertext[length - 16..length];
+	if length < 16 {
+		return Err("ciphertext cannot be shorter than tag length of 16 bytes".to_string());
+	}
+	let end_index = length - 16;
+	let ciphertext = &tagged_ciphertext[0..end_index];
+	let authentication_tag = &tagged_ciphertext[end_index..length];
 
 	let mut chacha = ChaCha20Poly1305RFC::new(key, &nonce_bytes, associated_data);
 	let mut plaintext = vec![0u8; length - 16];

lightning/src/ln/peers/conduit.rs

@@ -86,7 +86,7 @@ impl Conduit {
 		length_bytes.copy_from_slice(length_vec.as_slice());
 		let message_length = byte_utils::slice_to_be16(&length_bytes) as usize;
 
-		let message_end_index = message_length + 18; // todo: abort if too short
+		let message_end_index = message_length + 18 + 16; // todo: abort if too short
 		if buffer.len() < message_end_index {
 			return (None, 0);
 		}
@@ -154,6 +154,16 @@ mod tests {
 			read_buffer: None,
 		};
 
+		let mut remote_peer = Conduit {
+			sending_key: receiving_key,
+			receiving_key: sending_key,
+			sending_chaining_key: chaining_key,
+			receiving_chaining_key: chaining_key,
+			sending_nonce: 0,
+			receiving_nonce: 0,
+			read_buffer: None,
+		};
+
 		let message = hex::decode("68656c6c6f").unwrap();
 		let mut encrypted_messages: Vec<Vec<u8>> = Vec::new();
 
@@ -168,5 +178,13 @@ mod tests {
 		assert_eq!(encrypted_messages[501], hex::decode("1b186c57d44eb6de4c057c49940d79bb838a145cb528d6e8fd26dbe50a60ca2c104b56b60e45bd").unwrap());
 		assert_eq!(encrypted_messages[1000], hex::decode("4a2f3cc3b5e78ddb83dcb426d9863d9d9a723b0337c89dd0b005d89f8d3c05c52b76b29b740f09").unwrap());
 		assert_eq!(encrypted_messages[1001], hex::decode("2ecd8c8a5629d0d02ab457a0fdd0f7b90a192cd46be5ecb6ca570bfc5e268338b1a16cf4ef2d36").unwrap());
+
+		for _ in 0..1002 {
+			let encrypted_message = encrypted_messages.remove(0);
+			let mut decrypted_messages = remote_peer.decrypt_message_stream(Some(&encrypted_message));
+			assert_eq!(decrypted_messages.len(), 1);
+			let decrypted_message = decrypted_messages.remove(0);
+			assert_eq!(decrypted_message, hex::decode("68656c6c6f").unwrap());
+		}
 	}
 }

lightning/src/ln/peers/handshake/tests.rs

@@ -1,6 +1,8 @@
 #![cfg(test)]
 
+use hex;
 use secp256k1;
+
 use secp256k1::key::{PublicKey, SecretKey};
 
 use ln::peers::handshake::PeerHandshake;
@@ -20,8 +22,18 @@ fn test_exchange() {
 
 	let remote_public_key = PublicKey::from_secret_key(&curve, &remote_private_key);
 
-	let act_1_message = local_handshake.initiate(&remote_public_key);
-	let act_2_message = remote_handshake.process_act_one(act_1_message.unwrap());
-	let act_3_message = local_handshake.process_act_two(act_2_message.unwrap());
-	remote_handshake.process_act_three(act_3_message.unwrap().0).unwrap();
+	let act_1 = local_handshake.initiate(&remote_public_key).unwrap();
+	let act_1_hex = hex::encode(&act_1.0.to_vec());
+	assert_eq!(act_1_hex, "00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a");
+
+	let act_2 = remote_handshake.process_act_one(act_1).unwrap();
+	let act_2_hex = hex::encode(&act_2.0.to_vec());
+	assert_eq!(act_2_hex, "0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae");
+
+	let act_2_result = local_handshake.process_act_two(act_2).unwrap();
+	let act_3 = act_2_result.0;
+	let act_3_hex = hex::encode(&act_3.0.to_vec());
+	assert_eq!(act_3_hex, "00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba");
+
+	remote_handshake.process_act_three(act_3).unwrap();
 }