Add discv5 fuzzing test targets

eth/p2p/discoveryv5/encoding.nim

@@ -208,7 +208,7 @@ proc decryptGCM*(key: AesKey, nonce, ct, authData: openarray[byte]):
 
   return some(res)
 
-proc decodeMessage(body: openarray[byte]): DecodeResult[Message] =
+proc decodeMessage*(body: openarray[byte]): DecodeResult[Message] =
   ## Decodes to the specific `Message` type.
   if body.len < 1:
     return err(PacketError)

tests/fuzzing/discoveryv5/fuzz_decode_authresp.nim

@@ -0,0 +1,29 @@
+import
+  testutils/fuzzing, chronicles, stew/byteutils,
+  eth/rlp, eth/p2p/discoveryv5/encoding
+
+test:
+  block:
+    # This test also includes the decoding of the ENR, so it kinda overlaps with
+    # the fuzz_enr test. And it will fail to decode most of the time for the
+    # same reasons.
+    let decoded = try: rlp.decode(payload, AuthResponse)
+                  except RlpError as e:
+                        debug "decode failed", err = e.msg
+                        break
+                  except ValueError as e:
+                        debug "decode failed", err = e.msg
+                        break
+
+    let encoded = try: rlp.encode(decoded)
+                  except RlpError as e:
+                    debug "decode failed", err = e.msg
+                    doAssert(false, "decoding worked but encoding failed")
+                    break
+    # This will hit assert because of issue:
+    # https://github.com/status-im/nim-eth/issues/255
+    # if encoded != payload.toOpenArray(0, encoded.len - 1):
+    #     echo "payload: ", toHex(payload.toOpenArray(0, encoded.len - 1))
+    #     echo "encoded: ", toHex(encoded)
+
+    #     doAssert(false, "re-encoded result does not equal original payload")

tests/fuzzing/discoveryv5/fuzz_decode_message.nim

@@ -0,0 +1,27 @@
+import
+  testutils/fuzzing, stew/byteutils,
+  eth/rlp, eth/p2p/discoveryv5/[encoding, types]
+
+test:
+  block:
+    let decoded = decodeMessage(payload)
+
+    if decoded.isOK():
+      let message = decoded.get()
+      var encoded: seq[byte]
+      case message.kind
+      of unused: break
+      of ping: encoded = encodeMessage(message.ping, message.reqId)
+      of pong: encoded = encodeMessage(message.pong, message.reqId)
+      of findNode: encoded = encodeMessage(message.findNode, message.reqId)
+      of nodes: encoded = encodeMessage(message.nodes, message.reqId)
+      of regtopic, ticket, regconfirmation, topicquery:
+        break
+
+      # This will hit assert because of issue:
+      # https://github.com/status-im/nim-eth/issues/255
+      # if encoded != payload:
+      #   echo "payload: ", toHex(payload)
+      #   echo "encoded: ", toHex(encoded)
+
+      #   doAssert(false, "re-encoded result does not equal original payload")

tests/fuzzing/discoveryv5/fuzz_receive.nim

@@ -0,0 +1,28 @@
+import
+  testutils/fuzzing, bearssl, stew/shims/net,
+  eth/[keys, trie/db], eth/p2p/discoveryv5/[protocol, discovery_db],
+  ../p2p/discv5_test_helper
+
+var targetNode: protocol.Protocol
+
+init:
+  let
+    rng = newRng()
+    privKey = PrivateKey.random(rng[])
+    ip = some(ValidIpAddress.init("127.0.0.1"))
+    port = Port(20301)
+    dbb = DiscoveryDB.init(newMemoryDB())
+  targetNode = newProtocol(privKey, dbb, ip, port, port, rng = rng)
+  # Need to open socket else the response part will fail, would be nice if we
+  # could skip that part during fuzzing.
+  targetNode.open()
+
+test:
+  # Some dummy address
+  let address = localAddress(20302)
+  # This is a quick and easy, high level fuzzing test and considering that the
+  # auth-response and the message gets encrypted, and that a handshake needs to
+  # be done, it will not be able to reach into testing those depths. However, it
+  # should still be of use hitting the more "simple" code paths (random-packet,
+  # whoareyou-packet, and the beginnings of other packets).
+  targetNode.receive(address, payload)