fuzz: Provide correct MAC tag to assist v2 transport fuzzing

dhruv · dhruv · commit 83c865747d5e · 2021-12-02T11:14:24.000-08:00
before commit:
121218 REDUCE cov: 1889 ft: 2574 corp: 36/2305b lim: 877 exec/s: 939 rss: 442Mb L: 345/345

after commit:
119632 REDUCE cov: 2692 ft: 3657 corp: 57/8816b lim: 1021 exec/s: 61 rss: 478Mb L: 1000/1013
diff --git a/src/test/fuzz/p2p_v2_transport_serialization.cpp b/src/test/fuzz/p2p_v2_transport_serialization.cpp
@@ -4,6 +4,7 @@
 
 #include <compat/endian.h>
 #include <crypto/chacha_poly_aead.h>
+#include <crypto/poly1305.h>
 #include <key.h>
 #include <net.h>
 #include <netmessagemaker.h>
@@ -14,21 +15,35 @@
 
 FUZZ_TARGET(p2p_v2_transport_serialization)
 {
-    const CPrivKey k1(32, 0);
-    const CPrivKey k2(32, 0);
+    const CPrivKey k1(CHACHA20_POLY1305_AEAD_KEY_LEN, 0);
+    const CPrivKey k2(CHACHA20_POLY1305_AEAD_KEY_LEN, 0);
 
     // Construct deserializer, with a dummy NodeId
     V2TransportDeserializer deserializer{(NodeId)0, k1, k2};
     V2TransportSerializer serializer{k1, k2};
     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
 
     bool length_assist = fuzzed_data_provider.ConsumeBool();
+
+    // There is no sense is providing a mac assist if the length is incorrect.
+    bool mac_assist = length_assist && fuzzed_data_provider.ConsumeBool();
     auto payload_bytes = fuzzed_data_provider.ConsumeRemainingBytes<uint8_t>();
 
-    if (length_assist && payload_bytes.size() >= CHACHA20_POLY1305_AEAD_AAD_LEN + CHACHA20_POLY1305_AEAD_TAG_LEN) {
-        uint32_t packet_length = payload_bytes.size() - CHACHA20_POLY1305_AEAD_AAD_LEN - CHACHA20_POLY1305_AEAD_TAG_LEN;
-        packet_length = htole32(packet_length);
-        memcpy(payload_bytes.data(), &packet_length, 3);
+    if (payload_bytes.size() >= CHACHA20_POLY1305_AEAD_AAD_LEN + CHACHA20_POLY1305_AEAD_TAG_LEN) {
+        if (length_assist) {
+            uint32_t packet_length = payload_bytes.size() - CHACHA20_POLY1305_AEAD_AAD_LEN - CHACHA20_POLY1305_AEAD_TAG_LEN;
+            packet_length = htole32(packet_length);
+            memcpy(payload_bytes.data(), &packet_length, 3);
+        }
+
+        if (mac_assist) {
+            unsigned char pseudorandom_bytes[CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_KEYLEN];
+            memset(pseudorandom_bytes, 0, sizeof(pseudorandom_bytes));
+            ChaCha20Forward4064 chacha{k1.data(), CHACHA20_POLY1305_AEAD_KEY_LEN};
+            chacha.Crypt(pseudorandom_bytes, pseudorandom_bytes, CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_KEYLEN);
+
+            poly1305_auth(payload_bytes.data() + (payload_bytes.size() - POLY1305_TAGLEN), payload_bytes.data(), (payload_bytes.size() - POLY1305_TAGLEN), pseudorandom_bytes + CHACHA20_POLY1305_AEAD_AAD_LEN);
+        }
     }
 
     Span<const uint8_t> msg_bytes{payload_bytes};
@@ -42,6 +57,15 @@ FUZZ_TARGET(p2p_v2_transport_serialization)
             bool reject_message{true};
             bool disconnect{true};
             CNetMessage result{deserializer.GetMessage(m_time, reject_message, disconnect)};
+
+            if (mac_assist) {
+                assert(!disconnect);
+            }
+
+            if (length_assist && mac_assist) {
+                assert(!reject_message);
+            }
+
             if (!reject_message) {
                 assert(result.m_command.size() <= CMessageHeader::COMMAND_SIZE);
                 assert(result.m_raw_message_size <= buffer.size());
