Add discv5 fuzzing test targets

This commit is contained in:
kdeme 2020-07-14 22:56:34 +02:00
parent 485d6db9e7
commit 4e4836a0fe
No known key found for this signature in database
GPG Key ID: 4E8DD21420AF43F5
4 changed files with 85 additions and 1 deletions

View File

@ -208,7 +208,7 @@ proc decryptGCM*(key: AesKey, nonce, ct, authData: openarray[byte]):
return some(res)
proc decodeMessage(body: openarray[byte]): DecodeResult[Message] =
proc decodeMessage*(body: openarray[byte]): DecodeResult[Message] =
## Decodes to the specific `Message` type.
if body.len < 1:
return err(PacketError)

View File

@ -0,0 +1,29 @@
import
testutils/fuzzing, chronicles, stew/byteutils,
eth/rlp, eth/p2p/discoveryv5/encoding
test:
block:
# This test also includes the decoding of the ENR, so it kinda overlaps with
# the fuzz_enr test. And it will fail to decode most of the time for the
# same reasons.
let decoded = try: rlp.decode(payload, AuthResponse)
except RlpError as e:
debug "decode failed", err = e.msg
break
except ValueError as e:
debug "decode failed", err = e.msg
break
let encoded = try: rlp.encode(decoded)
except RlpError as e:
debug "decode failed", err = e.msg
doAssert(false, "decoding worked but encoding failed")
break
# This will hit assert because of issue:
# https://github.com/status-im/nim-eth/issues/255
# if encoded != payload.toOpenArray(0, encoded.len - 1):
# echo "payload: ", toHex(payload.toOpenArray(0, encoded.len - 1))
# echo "encoded: ", toHex(encoded)
# doAssert(false, "re-encoded result does not equal original payload")

View File

@ -0,0 +1,27 @@
import
testutils/fuzzing, stew/byteutils,
eth/rlp, eth/p2p/discoveryv5/[encoding, types]
test:
block:
let decoded = decodeMessage(payload)
if decoded.isOK():
let message = decoded.get()
var encoded: seq[byte]
case message.kind
of unused: break
of ping: encoded = encodeMessage(message.ping, message.reqId)
of pong: encoded = encodeMessage(message.pong, message.reqId)
of findNode: encoded = encodeMessage(message.findNode, message.reqId)
of nodes: encoded = encodeMessage(message.nodes, message.reqId)
of regtopic, ticket, regconfirmation, topicquery:
break
# This will hit assert because of issue:
# https://github.com/status-im/nim-eth/issues/255
# if encoded != payload:
# echo "payload: ", toHex(payload)
# echo "encoded: ", toHex(encoded)
# doAssert(false, "re-encoded result does not equal original payload")

View File

@ -0,0 +1,28 @@
import
testutils/fuzzing, bearssl, stew/shims/net,
eth/[keys, trie/db], eth/p2p/discoveryv5/[protocol, discovery_db],
../p2p/discv5_test_helper
var targetNode: protocol.Protocol
init:
let
rng = newRng()
privKey = PrivateKey.random(rng[])
ip = some(ValidIpAddress.init("127.0.0.1"))
port = Port(20301)
dbb = DiscoveryDB.init(newMemoryDB())
targetNode = newProtocol(privKey, dbb, ip, port, port, rng = rng)
# Need to open socket else the response part will fail, would be nice if we
# could skip that part during fuzzing.
targetNode.open()
test:
# Some dummy address
let address = localAddress(20302)
# This is a quick and easy, high level fuzzing test and considering that the
# auth-response and the message gets encrypted, and that a handshake needs to
# be done, it will not be able to reach into testing those depths. However, it
# should still be of use hitting the more "simple" code paths (random-packet,
# whoareyou-packet, and the beginnings of other packets).
targetNode.receive(address, payload)