diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile index fbeccbe07..d876602cf 100644 --- a/tests/fuzz/Makefile +++ b/tests/fuzz/Makefile @@ -7,7 +7,7 @@ FUZZ_TARGETS_SRC := $(wildcard tests/fuzz/fuzz-*.c) FUZZ_TARGETS_OBJS := $(FUZZ_TARGETS_SRC:.c=.o) FUZZ_TARGETS_BIN := $(FUZZ_TARGETS_SRC:.c=) -FUZZ_COMMON_OBJS := \ +FUZZ_COMMON_OBJS := \ common/amount.o \ common/addr.o \ common/base32.o \ @@ -15,18 +15,40 @@ FUZZ_COMMON_OBJS := \ common/bech32.o \ common/bip32.o \ common/bigsize.o \ + common/channel_config.o \ common/close_tx.o \ common/channel_id.o \ + common/daemon.o \ + common/daemon_conn.o \ + common/derive_basepoints.o \ + common/fee_states.o \ + common/htlc_state.o \ common/permute_tx.o \ + common/initial_channel.o \ + common/initial_commit_tx.o \ common/json.o \ common/json_stream.o \ + common/key_derive.o \ + common/keyset.o \ + common/msg_queue.o \ + common/memleak.o \ + common/node_id.o \ common/wireaddr.o \ common/setup.o \ + common/status.o \ + common/status_wire.o \ + common/status_wiregen.o \ common/type_to_string.o \ common/utils.o \ + common/version.o \ wire/fromwire.o \ wire/onion_wiregen.o \ - wire/towire.o + wire/peer_wire.o \ + wire/peer_wiregen.o \ + wire/towire.o \ + wire/wire_io.o \ + wire/wire_sync.o + $(FUZZ_TARGETS_OBJS): $(COMMON_HEADERS) $(WIRE_HEADERS) $(COMMON_SRC) $(FUZZ_TARGETS_BIN): $(LIBFUZZ_OBJS) $(FUZZ_COMMON_OBJS) $(BITCOIN_OBJS) diff --git a/tests/fuzz/fuzz-initial_channel.c b/tests/fuzz/fuzz-initial_channel.c new file mode 100644 index 000000000..8217b4007 --- /dev/null +++ b/tests/fuzz/fuzz-initial_channel.c @@ -0,0 +1,80 @@ +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +void init(int *argc, char ***argv) +{ + common_setup("fuzzer"); + int devnull = open("/dev/null", O_WRONLY); + status_setup_sync(devnull); + chainparams = chainparams_for_network("bitcoin"); +} + +void run(const uint8_t *data, size_t size) +{ + struct channel_id cid; + struct bitcoin_txid funding_txid; + u32 funding_txout, minimum_depth; + struct amount_sat funding, max; + struct amount_msat local_msatoshi; + u32 feerate_per_kw; + struct channel_config local, remote; + struct basepoints local_basepoints, remote_basepoints; + struct pubkey local_funding_pubkey, remote_funding_pubkey; + bool option_static_remotekey, option_anchor_outputs; + struct channel *channel; + + fromwire_channel_id(&data, &size, &cid); + fromwire_bitcoin_txid(&data, &size, &funding_txid); + funding_txout = fromwire_u32(&data, &size); + minimum_depth = fromwire_u32(&data, &size); + funding = fromwire_amount_sat(&data, &size); + local_msatoshi = fromwire_amount_msat(&data, &size); + max = AMOUNT_SAT((u32)WALLY_SATOSHI_PER_BTC * WALLY_BTC_MAX); + if (amount_sat_greater(funding, max)) + funding = max; + feerate_per_kw = fromwire_u32(&data, &size); + fromwire_channel_config(&data, &size, &local); + fromwire_channel_config(&data, &size, &remote); + fromwire_basepoints(&data, &size, &local_basepoints); + fromwire_basepoints(&data, &size, &remote_basepoints); + fromwire_pubkey(&data, &size, &local_funding_pubkey); + fromwire_pubkey(&data, &size, &remote_funding_pubkey); + option_anchor_outputs = fromwire_bool(&data, &size); + option_static_remotekey = option_anchor_outputs || fromwire_bool(&data, &size); + + /* TODO: determine if it makes sense to check at each step for libfuzzer + * to deduce pertinent inputs */ + if (!data || !size) + return; + + for (enum side opener = 0; opener < NUM_SIDES; opener++) { + channel = new_initial_channel(tmpctx, &cid, &funding_txid, funding_txout, + minimum_depth, funding, local_msatoshi, + take(new_fee_states(NULL, opener, &feerate_per_kw)), + &local, &remote, &local_basepoints, + &remote_basepoints, &local_funding_pubkey, + &remote_funding_pubkey, option_static_remotekey, + option_anchor_outputs, opener); + + /* TODO: make initial_channel_tx() work with ASAN.. */ + } + + clean_tmpctx(); +}