fuzz: Provide correct MAC tag to assist v2 transport fuzzing

before commit: 131072 pulse cov: 1734 ft: 1993 corp: 19/107b lim: 1260 exec/s: 757 rss: 465Mb after commit: 131072 pulse cov: 1888 ft: 2708 corp: 50/4004b lim: 1100 exec/s: 762 rss: 467Mb
dhruv · Feb 9, 2022 · d7afc96 · d7afc96
1 parent f72af76
commit d7afc96
Showing 1 changed file with 31 additions and 7 deletions.
diff --git a/src/test/fuzz/p2p_v2_transport_serialization.cpp b/src/test/fuzz/p2p_v2_transport_serialization.cpp
@@ -4,6 +4,7 @@
 
 #include <compat/endian.h>
 #include <crypto/chacha_poly_aead.h>
+#include <crypto/poly1305.h>
 #include <key.h>
 #include <net.h>
 #include <netmessagemaker.h>
@@ -14,22 +15,36 @@
 
 FUZZ_TARGET(p2p_v2_transport_serialization)
 {
-    CPrivKey k1(32, 0);
-    CPrivKey k2(32, 0);
+    CPrivKey k1(CHACHA20_POLY1305_AEAD_KEY_LEN, 0);
+    CPrivKey k2(CHACHA20_POLY1305_AEAD_KEY_LEN, 0);
 
     // Construct deserializer, with a dummy NodeId
     V2TransportDeserializer deserializer{(NodeId)0, k1, k2};
     V2TransportSerializer serializer{k1, k2};
     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
 
     bool length_assist = fuzzed_data_provider.ConsumeBool();
+
+    // There is no sense in providing a mac assist if the length is incorrect.
+    bool mac_assist = length_assist && fuzzed_data_provider.ConsumeBool();
     auto payload_bytes = fuzzed_data_provider.ConsumeRemainingBytes<uint8_t>();
 
-    if (length_assist && payload_bytes.size() >= CHACHA20_POLY1305_AEAD_AAD_LEN + CHACHA20_POLY1305_AEAD_TAG_LEN) {
-        uint32_t packet_length = payload_bytes.size() - CHACHA20_POLY1305_AEAD_AAD_LEN - CHACHA20_POLY1305_AEAD_TAG_LEN;
-        payload_bytes[0] = packet_length & 0xff;
-        payload_bytes[1] = (packet_length >> 8) & 0xff;
-        payload_bytes[2] = (packet_length >> 16) & 0xff;
+    if (payload_bytes.size() >= CHACHA20_POLY1305_AEAD_AAD_LEN + CHACHA20_POLY1305_AEAD_TAG_LEN) {
+        if (length_assist) {
+            uint32_t packet_length = payload_bytes.size() - CHACHA20_POLY1305_AEAD_AAD_LEN - CHACHA20_POLY1305_AEAD_TAG_LEN;
+            payload_bytes[0] = packet_length & 0xff;
+            payload_bytes[1] = (packet_length >> 8) & 0xff;
+            payload_bytes[2] = (packet_length >> 16) & 0xff;
+        }
+
+        if (mac_assist) {
+            unsigned char pseudorandom_bytes[CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_KEYLEN];
+            memset(pseudorandom_bytes, 0, sizeof(pseudorandom_bytes));
+            ChaCha20Forward4064 chacha{k1};
+            chacha.Crypt(pseudorandom_bytes, pseudorandom_bytes, CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_KEYLEN);
+
+            poly1305_auth(payload_bytes.data() + (payload_bytes.size() - POLY1305_TAGLEN), payload_bytes.data(), (payload_bytes.size() - POLY1305_TAGLEN), pseudorandom_bytes + CHACHA20_POLY1305_AEAD_AAD_LEN);
+        }
     }
 
     Span<const uint8_t> msg_bytes{payload_bytes};
@@ -43,6 +58,15 @@ FUZZ_TARGET(p2p_v2_transport_serialization)
             bool reject_message{true};
             bool disconnect{true};
             CNetMessage result{deserializer.GetMessage(m_time, reject_message, disconnect)};
+
+            if (mac_assist) {
+                assert(!disconnect);
+            }
+
+            if (length_assist && mac_assist) {
+                assert(!reject_message);
+            }
+
             if (!reject_message) {
                 assert(result.m_type.size() <= CMessageHeader::COMMAND_SIZE);
                 assert(result.m_raw_message_size <= buffer.size());