fuzz/brontide: random+static harnesses for acts 1-3

This commit is contained in:
nsa 2020-01-30 13:40:01 -05:00
parent 511fdb2520
commit 116c5469bc
No known key found for this signature in database
GPG Key ID: 118759E83439A9B1
6 changed files with 238 additions and 0 deletions

@ -0,0 +1,30 @@
// +build gofuzz
package brontidefuzz
import (
"github.com/lightningnetwork/lnd/brontide"
)
// Fuzz_random_actone is a go-fuzz harness for ActOne in the brontide
// handshake.
func Fuzz_random_actone(data []byte) int {
// Check if data is large enough.
if len(data) < brontide.ActOneSize {
return -1
}
// This will return brontide machines with random keys.
_, responder := getBrontideMachines()
// Copy data into [ActOneSize]byte.
var actOne [brontide.ActOneSize]byte
copy(actOne[:], data)
// Responder receives ActOne, should fail on the MAC check.
if err := responder.RecvActOne(actOne); err == nil {
nilAndPanic(nil, responder, nil)
}
return 1
}

@ -0,0 +1,50 @@
// +build gofuzz
package brontidefuzz
import (
"github.com/lightningnetwork/lnd/brontide"
)
// Fuzz_random_actthree is a go-fuzz harness for ActThree in the brontide
// handshake.
func Fuzz_random_actthree(data []byte) int {
// Check if data is large enough.
if len(data) < brontide.ActThreeSize {
return -1
}
// This will return brontide machines with random keys.
initiator, responder := getBrontideMachines()
// Generate ActOne and send to the responder.
actOne, err := initiator.GenActOne()
if err != nil {
nilAndPanic(initiator, responder, err)
}
// Receiving ActOne should succeed, so we panic on error.
if err := responder.RecvActOne(actOne); err != nil {
nilAndPanic(initiator, responder, err)
}
// Generate ActTwo - this is not sent to the initiator because nothing is
// done with the initiator after this point and it would slow down fuzzing.
// GenActTwo needs to be called to set the appropriate state in the
// responder machine.
_, err = responder.GenActTwo()
if err != nil {
nilAndPanic(initiator, responder, err)
}
// Copy data into [ActThreeSize]byte.
var actThree [brontide.ActThreeSize]byte
copy(actThree[:], data)
// Responder receives ActThree, should fail on the MAC check.
if err := responder.RecvActThree(actThree); err == nil {
nilAndPanic(initiator, responder, nil)
}
return 1
}

@ -0,0 +1,39 @@
// +build gofuzz
package brontidefuzz
import (
"github.com/lightningnetwork/lnd/brontide"
)
// Fuzz_random_acttwo is a go-fuzz harness for ActTwo in the brontide
// handshake.
func Fuzz_random_acttwo(data []byte) int {
// Check if data is large enough.
if len(data) < brontide.ActTwoSize {
return -1
}
// This will return brontide machines with random keys.
initiator, _ := getBrontideMachines()
// Generate ActOne - this isn't sent to the responder because nothing is
// done with the responder machine and this would slow down fuzzing.
// GenActOne needs to be called to set the appropriate state in the
// initiator machine.
_, err := initiator.GenActOne()
if err != nil {
nilAndPanic(initiator, nil, err)
}
// Copy data into [ActTwoSize]byte.
var actTwo [brontide.ActTwoSize]byte
copy(actTwo[:], data)
// Initiator receives ActTwo, should fail.
if err := initiator.RecvActTwo(actTwo); err == nil {
nilAndPanic(initiator, nil, nil)
}
return 1
}

@ -0,0 +1,30 @@
// +build gofuzz
package brontidefuzz
import (
"github.com/lightningnetwork/lnd/brontide"
)
// Fuzz_static_actone is a go-fuzz harness for ActOne in the brontide
// handshake.
func Fuzz_static_actone(data []byte) int {
// Check if data is large enough.
if len(data) < brontide.ActOneSize {
return -1
}
// This will return brontide machines with static keys.
_, responder := getStaticBrontideMachines()
// Copy data into [ActOneSize]byte.
var actOne [brontide.ActOneSize]byte
copy(actOne[:], data)
// Responder receives ActOne, should fail.
if err := responder.RecvActOne(actOne); err == nil {
nilAndPanic(nil, responder, nil)
}
return 1
}

@ -0,0 +1,50 @@
// +build gofuzz
package brontidefuzz
import (
"github.com/lightningnetwork/lnd/brontide"
)
// Fuzz_static_actthree is a go-fuzz harness for ActThree in the brontide
// handshake.
func Fuzz_static_actthree(data []byte) int {
// Check if data is large enough.
if len(data) < brontide.ActThreeSize {
return -1
}
// This will return brontide machines with static keys.
initiator, responder := getStaticBrontideMachines()
// Generate ActOne and send to the responder.
actOne, err := initiator.GenActOne()
if err != nil {
nilAndPanic(initiator, responder, err)
}
// Receiving ActOne should succeed, so we panic on error.
if err := responder.RecvActOne(actOne); err != nil {
nilAndPanic(initiator, responder, err)
}
// Generate ActTwo - this is not sent to the initiator because nothing is
// done with the initiator after this point and it would slow down fuzzing.
// GenActTwo needs to be called to set the appropriate state in the responder
// machine.
_, err = responder.GenActTwo()
if err != nil {
nilAndPanic(initiator, responder, err)
}
// Copy data into [ActThreeSize]byte.
var actThree [brontide.ActThreeSize]byte
copy(actThree[:], data)
// Responder receives ActThree, should fail.
if err := responder.RecvActThree(actThree); err == nil {
nilAndPanic(initiator, responder, nil)
}
return 1
}

@ -0,0 +1,39 @@
// +build gofuzz
package brontidefuzz
import (
"github.com/lightningnetwork/lnd/brontide"
)
// Fuzz_static_acttwo is a go-fuzz harness for ActTwo in the brontide
// handshake.
func Fuzz_static_acttwo(data []byte) int {
// Check if data is large enough.
if len(data) < brontide.ActTwoSize {
return -1
}
// This will return brontide machines with static keys.
initiator, _ := getStaticBrontideMachines()
// Generate ActOne - this isn't sent to the responder because nothing is
// done with the responder machine and this would slow down fuzzing.
// GenActOne needs to be called to set the appropriate state in the initiator
// machine.
_, err := initiator.GenActOne()
if err != nil {
nilAndPanic(initiator, nil, err)
}
// Copy data into [ActTwoSize]byte.
var actTwo [brontide.ActTwoSize]byte
copy(actTwo[:], data)
// Initiator receives ActTwo, should fail.
if err := initiator.RecvActTwo(actTwo); err == nil {
nilAndPanic(initiator, nil, nil)
}
return 1
}