diff --git a/fuzz/brontide/random_actone.go b/fuzz/brontide/random_actone.go new file mode 100644 index 00000000..259d7d6a --- /dev/null +++ b/fuzz/brontide/random_actone.go @@ -0,0 +1,30 @@ +// +build gofuzz + +package brontidefuzz + +import ( + "github.com/lightningnetwork/lnd/brontide" +) + +// Fuzz_random_actone is a go-fuzz harness for ActOne in the brontide +// handshake. +func Fuzz_random_actone(data []byte) int { + // Check if data is large enough. + if len(data) < brontide.ActOneSize { + return -1 + } + + // This will return brontide machines with random keys. + _, responder := getBrontideMachines() + + // Copy data into [ActOneSize]byte. + var actOne [brontide.ActOneSize]byte + copy(actOne[:], data) + + // Responder receives ActOne, should fail on the MAC check. + if err := responder.RecvActOne(actOne); err == nil { + nilAndPanic(nil, responder, nil) + } + + return 1 +} diff --git a/fuzz/brontide/random_actthree.go b/fuzz/brontide/random_actthree.go new file mode 100644 index 00000000..38a3847f --- /dev/null +++ b/fuzz/brontide/random_actthree.go @@ -0,0 +1,50 @@ +// +build gofuzz + +package brontidefuzz + +import ( + "github.com/lightningnetwork/lnd/brontide" +) + +// Fuzz_random_actthree is a go-fuzz harness for ActThree in the brontide +// handshake. +func Fuzz_random_actthree(data []byte) int { + // Check if data is large enough. + if len(data) < brontide.ActThreeSize { + return -1 + } + + // This will return brontide machines with random keys. + initiator, responder := getBrontideMachines() + + // Generate ActOne and send to the responder. + actOne, err := initiator.GenActOne() + if err != nil { + nilAndPanic(initiator, responder, err) + } + + // Receiving ActOne should succeed, so we panic on error. + if err := responder.RecvActOne(actOne); err != nil { + nilAndPanic(initiator, responder, err) + } + + // Generate ActTwo - this is not sent to the initiator because nothing is + // done with the initiator after this point and it would slow down fuzzing. + // GenActTwo needs to be called to set the appropriate state in the + // responder machine. + _, err = responder.GenActTwo() + if err != nil { + nilAndPanic(initiator, responder, err) + } + + // Copy data into [ActThreeSize]byte. + var actThree [brontide.ActThreeSize]byte + copy(actThree[:], data) + + // Responder receives ActThree, should fail on the MAC check. + if err := responder.RecvActThree(actThree); err == nil { + nilAndPanic(initiator, responder, nil) + } + + return 1 +} diff --git a/fuzz/brontide/random_acttwo.go b/fuzz/brontide/random_acttwo.go new file mode 100644 index 00000000..1cda2f93 --- /dev/null +++ b/fuzz/brontide/random_acttwo.go @@ -0,0 +1,39 @@ +// +build gofuzz + +package brontidefuzz + +import ( + "github.com/lightningnetwork/lnd/brontide" +) + +// Fuzz_random_acttwo is a go-fuzz harness for ActTwo in the brontide +// handshake. +func Fuzz_random_acttwo(data []byte) int { + // Check if data is large enough. + if len(data) < brontide.ActTwoSize { + return -1 + } + + // This will return brontide machines with random keys. + initiator, _ := getBrontideMachines() + + // Generate ActOne - this isn't sent to the responder because nothing is + // done with the responder machine and this would slow down fuzzing. + // GenActOne needs to be called to set the appropriate state in the + // initiator machine. + _, err := initiator.GenActOne() + if err != nil { + nilAndPanic(initiator, nil, err) + } + + // Copy data into [ActTwoSize]byte. + var actTwo [brontide.ActTwoSize]byte + copy(actTwo[:], data) + + // Initiator receives ActTwo, should fail. + if err := initiator.RecvActTwo(actTwo); err == nil { + nilAndPanic(initiator, nil, nil) + } + + return 1 +} diff --git a/fuzz/brontide/static_actone.go b/fuzz/brontide/static_actone.go new file mode 100644 index 00000000..7c351680 --- /dev/null +++ b/fuzz/brontide/static_actone.go @@ -0,0 +1,30 @@ +// +build gofuzz + +package brontidefuzz + +import ( + "github.com/lightningnetwork/lnd/brontide" +) + +// Fuzz_static_actone is a go-fuzz harness for ActOne in the brontide +// handshake. +func Fuzz_static_actone(data []byte) int { + // Check if data is large enough. + if len(data) < brontide.ActOneSize { + return -1 + } + + // This will return brontide machines with static keys. + _, responder := getStaticBrontideMachines() + + // Copy data into [ActOneSize]byte. + var actOne [brontide.ActOneSize]byte + copy(actOne[:], data) + + // Responder receives ActOne, should fail. + if err := responder.RecvActOne(actOne); err == nil { + nilAndPanic(nil, responder, nil) + } + + return 1 +} diff --git a/fuzz/brontide/static_actthree.go b/fuzz/brontide/static_actthree.go new file mode 100644 index 00000000..3f4878bf --- /dev/null +++ b/fuzz/brontide/static_actthree.go @@ -0,0 +1,50 @@ +// +build gofuzz + +package brontidefuzz + +import ( + "github.com/lightningnetwork/lnd/brontide" +) + +// Fuzz_static_actthree is a go-fuzz harness for ActThree in the brontide +// handshake. +func Fuzz_static_actthree(data []byte) int { + // Check if data is large enough. + if len(data) < brontide.ActThreeSize { + return -1 + } + + // This will return brontide machines with static keys. + initiator, responder := getStaticBrontideMachines() + + // Generate ActOne and send to the responder. + actOne, err := initiator.GenActOne() + if err != nil { + nilAndPanic(initiator, responder, err) + } + + // Receiving ActOne should succeed, so we panic on error. + if err := responder.RecvActOne(actOne); err != nil { + nilAndPanic(initiator, responder, err) + } + + // Generate ActTwo - this is not sent to the initiator because nothing is + // done with the initiator after this point and it would slow down fuzzing. + // GenActTwo needs to be called to set the appropriate state in the responder + // machine. + _, err = responder.GenActTwo() + if err != nil { + nilAndPanic(initiator, responder, err) + } + + // Copy data into [ActThreeSize]byte. + var actThree [brontide.ActThreeSize]byte + copy(actThree[:], data) + + // Responder receives ActThree, should fail. + if err := responder.RecvActThree(actThree); err == nil { + nilAndPanic(initiator, responder, nil) + } + + return 1 +} diff --git a/fuzz/brontide/static_acttwo.go b/fuzz/brontide/static_acttwo.go new file mode 100644 index 00000000..4a2b094f --- /dev/null +++ b/fuzz/brontide/static_acttwo.go @@ -0,0 +1,39 @@ +// +build gofuzz + +package brontidefuzz + +import ( + "github.com/lightningnetwork/lnd/brontide" +) + +// Fuzz_static_acttwo is a go-fuzz harness for ActTwo in the brontide +// handshake. +func Fuzz_static_acttwo(data []byte) int { + // Check if data is large enough. + if len(data) < brontide.ActTwoSize { + return -1 + } + + // This will return brontide machines with static keys. + initiator, _ := getStaticBrontideMachines() + + // Generate ActOne - this isn't sent to the responder because nothing is + // done with the responder machine and this would slow down fuzzing. + // GenActOne needs to be called to set the appropriate state in the initiator + // machine. + _, err := initiator.GenActOne() + if err != nil { + nilAndPanic(initiator, nil, err) + } + + // Copy data into [ActTwoSize]byte. + var actTwo [brontide.ActTwoSize]byte + copy(actTwo[:], data) + + // Initiator receives ActTwo, should fail. + if err := initiator.RecvActTwo(actTwo); err == nil { + nilAndPanic(initiator, nil, nil) + } + + return 1 +}