Merge pull request #108 from TheBlueMatt/2018-08-fuzz-fixes

Asorted Fixes from full_stack_target work

Author: TheBlueMatt

src/ln/channel.rs

@@ -271,7 +271,7 @@ pub struct Channel {
 	/// to detect unconfirmation after a serialize-unserialize roudtrip where we may not see a full
 	/// series of block_connected/block_disconnected calls. Obviously this is not a guarantee as we
 	/// could miss the funding_tx_confirmed_in block as well, but it serves as a useful fallback.
-	funding_tx_confirmed_in: Sha256dHash,
+	funding_tx_confirmed_in: Option<Sha256dHash>,
 	short_channel_id: Option<u64>,
 	/// Used to deduplicate block_connected callbacks
 	last_block_connected: Sha256dHash,
@@ -401,7 +401,7 @@ impl Channel {
 
 			last_sent_closing_fee: None,
 
-			funding_tx_confirmed_in: Default::default(),
+			funding_tx_confirmed_in: None,
 			short_channel_id: None,
 			last_block_connected: Default::default(),
 			funding_tx_confirmations: 0,
@@ -519,7 +519,7 @@ impl Channel {
 
 			last_sent_closing_fee: None,
 
-			funding_tx_confirmed_in: Default::default(),
+			funding_tx_confirmed_in: None,
 			short_channel_id: None,
 			last_block_connected: Default::default(),
 			funding_tx_confirmations: 0,
@@ -1827,6 +1827,7 @@ impl Channel {
 		self.user_id
 	}
 
+	/// May only be called after funding has been initiated (ie is_funding_initiated() is true)
 	pub fn channel_monitor(&self) -> ChannelMonitor {
 		if self.channel_state < ChannelState::FundingCreated as u32 {
 			panic!("Can't get a channel monitor until funding has been created");
@@ -1904,6 +1905,11 @@ impl Channel {
 		self.is_usable()
 	}
 
+	/// Returns true if funding_created was sent/received.
+	pub fn is_funding_initiated(&self) -> bool {
+		self.channel_state >= ChannelState::FundingCreated as u32
+	}
+
 	/// Returns true if this channel is fully shut down. True here implies that no further actions
 	/// may/will be taken on this channel, and thus this object should be freed. Any future changes
 	/// will be handled appropriately by the chain monitor.
@@ -1927,27 +1933,38 @@ impl Channel {
 				self.last_block_connected = header.bitcoin_hash();
 				self.funding_tx_confirmations += 1;
 				if self.funding_tx_confirmations == CONF_TARGET as u64 {
-					if non_shutdown_state == ChannelState::FundingSent as u32 {
+					let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 {
 						self.channel_state |= ChannelState::OurFundingLocked as u32;
+						true
 					} else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32) {
 						self.channel_state = ChannelState::ChannelFunded as u32 | (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK);
 						self.channel_update_count += 1;
-						//TODO: Something about a state where we "lost confirmation"
+						true
+					} else if self.channel_state == (ChannelState::FundingSent as u32 | ChannelState::OurFundingLocked as u32) {
+						// We got a reorg but not enough to trigger a force close, just update
+						// funding_tx_confirmed_in and return.
+						false
 					} else if self.channel_state < ChannelState::ChannelFunded as u32 {
-						panic!("Started confirming a channel in a state pre-FundingSent?");
-					}
-					self.funding_tx_confirmed_in = header.bitcoin_hash();
+						panic!("Started confirming a channel in a state pre-FundingSent?: {}", self.channel_state);
+					} else {
+						// We got a reorg but not enough to trigger a force close, just update
+						// funding_tx_confirmed_in and return.
+						false
+					};
+					self.funding_tx_confirmed_in = Some(header.bitcoin_hash());
 
 					//TODO: Note that this must be a duplicate of the previous commitment point they sent us,
 					//as otherwise we will have a commitment transaction that they can't revoke (well, kinda,
 					//they can by sending two revoke_and_acks back-to-back, but not really). This appears to be
 					//a protocol oversight, but I assume I'm just missing something.
-					let next_per_commitment_secret = self.build_local_commitment_secret(self.cur_local_commitment_transaction_number);
-					let next_per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &next_per_commitment_secret).unwrap();
-					return Ok(Some(msgs::FundingLocked {
-						channel_id: self.channel_id,
-						next_per_commitment_point: next_per_commitment_point,
-					}));
+					if need_commitment_update {
+						let next_per_commitment_secret = self.build_local_commitment_secret(self.cur_local_commitment_transaction_number);
+						let next_per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &next_per_commitment_secret).unwrap();
+						return Ok(Some(msgs::FundingLocked {
+							channel_id: self.channel_id,
+							next_per_commitment_point: next_per_commitment_point,
+						}));
+					}
 				}
 			}
 		}
@@ -1982,7 +1999,7 @@ impl Channel {
 				return true;
 			}
 		}
-		if header.bitcoin_hash() == self.funding_tx_confirmed_in {
+		if Some(header.bitcoin_hash()) == self.funding_tx_confirmed_in {
 			self.funding_tx_confirmations = CONF_TARGET as u64 - 1;
 		}
 		false

src/ln/channelmanager.rs

@@ -19,13 +19,13 @@ use ln::msgs;
 use ln::msgs::{HandleError,ChannelMessageHandler,MsgEncodable,MsgDecodable};
 use util::{byte_utils, events, internal_traits, rng};
 use util::sha2::Sha256;
+use util::chacha20poly1305rfc::ChaCha20;
 
 use crypto;
 use crypto::mac::{Mac,MacResult};
 use crypto::hmac::Hmac;
 use crypto::digest::Digest;
 use crypto::symmetriccipher::SynchronousStreamCipher;
-use crypto::chacha20::ChaCha20;
 
 use std::{ptr, mem};
 use std::collections::HashMap;
@@ -1188,7 +1188,7 @@ impl ChainListener for ChannelManager {
 						}
 					}
 				}
-				if channel.channel_monitor().would_broadcast_at_height(height) {
+				if channel.is_funding_initiated() && channel.channel_monitor().would_broadcast_at_height(height) {
 					if let Some(short_id) = channel.get_short_channel_id() {
 						short_to_id.remove(&short_id);
 					}
@@ -1268,13 +1268,13 @@ impl ChannelMessageHandler for ChannelManager {
 
 		let chan_keys = if cfg!(feature = "fuzztarget") {
 			ChannelKeys {
-				funding_key:               SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-				revocation_base_key:       SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-				payment_base_key:          SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-				delayed_payment_base_key:  SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-				htlc_base_key:             SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-				channel_close_key:         SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-				channel_monitor_claim_key: SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
+				funding_key:               SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0]).unwrap(),
+				revocation_base_key:       SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0]).unwrap(),
+				payment_base_key:          SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0]).unwrap(),
+				delayed_payment_base_key:  SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0]).unwrap(),
+				htlc_base_key:             SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0]).unwrap(),
+				channel_close_key:         SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0]).unwrap(),
+				channel_monitor_claim_key: SecretKey::from_slice(&self.secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7, 0]).unwrap(),
 				commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
 			}
 		} else {

src/ln/channelmonitor.rs

@@ -423,7 +423,9 @@ impl ChannelMonitor {
 
 	pub fn insert_combine(&mut self, mut other: ChannelMonitor) -> Result<(), HandleError> {
 		if self.funding_txo.is_some() {
-			if other.funding_txo.is_some() && other.funding_txo.as_ref().unwrap() != self.funding_txo.as_ref().unwrap() {
+			// We should be able to compare the entire funding_txo, but in fuzztarget its trivially
+			// easy to collide the funding_txo hash and have a different scriptPubKey.
+			if other.funding_txo.is_some() && other.funding_txo.as_ref().unwrap().0 != self.funding_txo.as_ref().unwrap().0 {
 				return Err(HandleError{err: "Funding transaction outputs are not identical!", action: None});
 			}
 		} else {

src/ln/msgs.rs

@@ -937,7 +937,7 @@ impl MsgDecodable for UpdateAddHTLC {
 }
 impl MsgEncodable for UpdateAddHTLC {
 	fn encode(&self) -> Vec<u8> {
-		let mut res = Vec::with_capacity(32+8+8+32+4+1+1366);
+		let mut res = Vec::with_capacity(32+8+8+32+4+1366);
 		res.extend_from_slice(&self.channel_id);
 		res.extend_from_slice(&byte_utils::be64_to_array(self.htlc_id));
 		res.extend_from_slice(&byte_utils::be64_to_array(self.amount_msat));

src/util/chacha20poly1305rfc.rs

@@ -13,12 +13,13 @@
 #[cfg(not(feature = "fuzztarget"))]
 mod real_chachapoly {
 	use crypto::aead::{AeadEncryptor,AeadDecryptor};
-	use crypto::chacha20::ChaCha20;
 	use crypto::symmetriccipher::SynchronousStreamCipher;
 	use crypto::poly1305::Poly1305;
 	use crypto::mac::Mac;
 	use crypto::util::fixed_time_eq;
 
+	pub use crypto::chacha20::ChaCha20;
+
 	use util::byte_utils;
 
 	#[derive(Clone, Copy)]
@@ -104,11 +105,12 @@ mod real_chachapoly {
 	}
 }
 #[cfg(not(feature = "fuzztarget"))]
-pub use self::real_chachapoly::ChaCha20Poly1305RFC;
+pub use self::real_chachapoly::{ChaCha20Poly1305RFC, ChaCha20};
 
 #[cfg(feature = "fuzztarget")]
 mod fuzzy_chachapoly {
 	use crypto::aead::{AeadEncryptor,AeadDecryptor};
+	use crypto::symmetriccipher::SynchronousStreamCipher;
 
 	#[derive(Clone, Copy)]
 	pub struct ChaCha20Poly1305RFC {
@@ -155,6 +157,22 @@ mod fuzzy_chachapoly {
 			true
 		}
 	}
+
+	pub struct ChaCha20 {}
+
+	impl ChaCha20 {
+		pub fn new(key: &[u8], nonce: &[u8]) -> ChaCha20 {
+			assert!(key.len() == 16 || key.len() == 32);
+			assert!(nonce.len() == 8 || nonce.len() == 12);
+			Self {}
+		}
+	}
+
+	impl SynchronousStreamCipher for ChaCha20 {
+		fn process(&mut self, input: &[u8], output: &mut [u8]) {
+			output.copy_from_slice(input);
+		}
+	}
 }
 #[cfg(feature = "fuzztarget")]
-pub use self::fuzzy_chachapoly::ChaCha20Poly1305RFC;
+pub use self::fuzzy_chachapoly::{ChaCha20Poly1305RFC, ChaCha20};