p2p__handshake_8cpp_source.html

// Copyright (c) 2020-present The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#include <banman.h>

#include <net.h>

#include <net_processing.h>

#include <protocol.h>

#include <sync.h>

#include <test/fuzz/FuzzedDataProvider.h>

#include <test/fuzz/fuzz.h>

#include <test/fuzz/util.h>

#include <test/fuzz/util/net.h>

#include <test/util/net.h>

#include <test/util/setup_common.h>

#include <test/util/time.h>

#include <test/util/validation.h>

#include <util/time.h>

#include <validationinterface.h>


#include <ios>

#include <utility>

#include <vector>


namespace {

TestingSetup* g_setup;


void initialize()

{

    static const auto testing_setup = MakeNoLogFileContext<TestingSetup>(

        /*chain_type=*/ChainType::REGTEST);

    g_setup = testing_setup.get();

}

} // namespace


FUZZ_TARGET(p2p_handshake, .init = ::initialize)

{

    SeedRandomStateForTest(SeedRand::ZEROS);

    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());


    auto& node{g_setup->m_node};

    auto& connman{static_cast<ConnmanTestMsg&>(*node.connman)};

    auto& chainman{static_cast<TestChainstateManager&>(*node.chainman)};

    NodeClockContext clock_ctx{1610000000s}; // any time to successfully reset ibd

    chainman.ResetIbd();


    node.banman.reset();

    node.addrman.reset();

    node.peerman.reset();

    node.addrman = std::make_unique<AddrMan>(

        *node.netgroupman, /*deterministic=*/true, /*consistency_check_ratio=*/0);

    node.peerman = PeerManager::make(connman, *node.addrman,

                                     /*banman=*/nullptr, chainman,

                                     *node.mempool, *node.warnings,

                                     PeerManager::Options{

                                         .reconcile_txs = true,

                                         .deterministic_rng = true,

                                     });

    connman.SetMsgProc(node.peerman.get());

    connman.SetAddrman(*node.addrman);


    LOCK(NetEventsInterface::g_msgproc_mutex);


    std::vector<CNode*> peers;

    const auto num_peers_to_add = fuzzed_data_provider.ConsumeIntegralInRange(1, 3);

    for (int i = 0; i < num_peers_to_add; ++i) {

        peers.push_back(ConsumeNodeAsUniquePtr(fuzzed_data_provider, i).release());

        connman.AddTestNode(*peers.back());

        node.peerman->InitializeNode(

            *peers.back(),

            static_cast<ServiceFlags>(fuzzed_data_provider.ConsumeIntegral<uint64_t>()));

    }


    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100)

    {

        CNode& connection = *PickValue(fuzzed_data_provider, peers);

        if (connection.fDisconnect || connection.fSuccessfullyConnected) {

            // Skip if the connection was disconnected or if the version

            // handshake was already completed.

            continue;

        }


        clock_ctx += std::chrono::seconds{

                    fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(

                        -std::chrono::seconds{10min}.count(), // Allow mocktime to go backwards slightly

                        std::chrono::seconds{TIMEOUT_INTERVAL}.count()),

        };


        CSerializedNetMsg net_msg;

        net_msg.m_type = PickValue(fuzzed_data_provider, ALL_NET_MESSAGE_TYPES);

        net_msg.data = ConsumeRandomLengthByteVector(fuzzed_data_provider, MAX_PROTOCOL_MESSAGE_LENGTH);


        connman.FlushSendBuffer(connection);

        (void)connman.ReceiveMsgFrom(connection, std::move(net_msg));


        bool more_work{true};

        while (more_work) {

            connection.fPauseSend = false;


            try {

                more_work = connman.ProcessMessagesOnce(connection);

            } catch (const std::ios_base::failure&) {

            }

            node.peerman->SendMessages(connection);

        }

    }


    node.connman->StopNodes();

}

FuzzedDataProvider.h

banman.h

g_setup
const TestingSetup * g_setup
Definition: block_index_tree.cpp:22

ChainType::REGTEST
@ REGTEST

CNode
Information about a peer.
Definition: net.h:680

CNode::fSuccessfullyConnected
std::atomic_bool fSuccessfullyConnected
fSuccessfullyConnected is set to true on receiving VERACK from the peer.
Definition: net.h:735

CNode::fPauseSend
std::atomic_bool fPauseSend
Definition: net.h:744

CNode::fDisconnect
std::atomic_bool fDisconnect
Definition: net.h:738

FuzzedDataProvider
Definition: FuzzedDataProvider.h:32

FuzzedDataProvider::ConsumeBool
bool ConsumeBool()
Definition: FuzzedDataProvider.h:289

FuzzedDataProvider::ConsumeIntegralInRange
T ConsumeIntegralInRange(T min, T max)
Definition: FuzzedDataProvider.h:205

FuzzedDataProvider::ConsumeIntegral
T ConsumeIntegral()
Definition: FuzzedDataProvider.h:195

NetEventsInterface::g_msgproc_mutex
static Mutex g_msgproc_mutex
Mutex for anything that is only accessed via the msg processing thread.
Definition: net.h:1030

NodeClockContext
Helper to initialize the global NodeClock, let a duration elapse, and reset it after use in a test.
Definition: time.h:40

PeerManager::make
static std::unique_ptr< PeerManager > make(CConnman &connman, AddrMan &addrman, BanMan *banman, ChainstateManager &chainman, CTxMemPool &pool, node::Warnings &warnings, Options opts)
Definition: net_processing.cpp:1997

initialize
static void initialize()
Definition: fuzz.cpp:93

fuzz.h

LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:22

init
Definition: basic.cpp:8

node
Definition: messages.h:21

test_vectors_musig2_generate.s
tuple s
Definition: test_vectors_musig2_generate.py:72

TIMEOUT_INTERVAL
static constexpr std::chrono::minutes TIMEOUT_INTERVAL
Time after which to disconnect, after waiting for a ping response (or inactivity).
Definition: net.h:59

MAX_PROTOCOL_MESSAGE_LENGTH
static const unsigned int MAX_PROTOCOL_MESSAGE_LENGTH
Maximum length of incoming protocol messages (no message over 4 MB is currently acceptable).
Definition: net.h:65

net_processing.h

FUZZ_TARGET
FUZZ_TARGET(p2p_handshake,.init=::initialize)
Definition: p2p_handshake.cpp:36

ALL_NET_MESSAGE_TYPES
const std::array ALL_NET_MESSAGE_TYPES
All known message types (see above).
Definition: protocol.h:270

ServiceFlags
ServiceFlags
nServices flags
Definition: protocol.h:309

setup_common.h

BasicTestingSetup::m_node
node::NodeContext m_node
Definition: setup_common.h:63

CSerializedNetMsg
Definition: net.h:120

CSerializedNetMsg::m_type
std::string m_type
Definition: net.h:137

CSerializedNetMsg::data
std::vector< unsigned char > data
Definition: net.h:136

ConnmanTestMsg
Definition: net.h:36

PeerManager::Options
Definition: net_processing.h:79

TestChainstateManager
Definition: validation.h:20

TestingSetup
Testing setup that configures a complete environment.
Definition: setup_common.h:118

sync.h

LOCK
#define LOCK(cs)
Definition: sync.h:268

net.h

ConsumeNodeAsUniquePtr
std::unique_ptr< CNode > ConsumeNodeAsUniquePtr(FuzzedDataProvider &fdp, const std::optional< NodeId > &node_id_in=std::nullopt)
Definition: net.h:310

util.h

PickValue
auto & PickValue(FuzzedDataProvider &fuzzed_data_provider, Collection &col)
Definition: util.h:49

ConsumeRandomLengthByteVector
std::vector< B > ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:59

net.h

SeedRandomStateForTest
void SeedRandomStateForTest(SeedRand seedtype)
Seed the global RNG state for testing and log the seed value.
Definition: random.cpp:19

SeedRand::ZEROS
@ ZEROS
Seed with a compile time constant of zeros.

time.h

validation.h

validationinterface.h

fuzzed_data_provider
FuzzedDataProvider & fuzzed_data_provider
Definition: fees.cpp:39