Expose onion decoding types for differential fuzzing #4276
Conversation
Preparatory commit that exposes onion decoding types and functions to fuzzing targets for differential fuzzing against other Lightning implementations. Affected types: Hop, OnionDecodeErr, NextPacketBytes Affected function: decode_next_payment_hop
Allow passing None for payment_hash to support differential fuzzing scenarios where onion decoding needs to be tested independently of payment hash.
|
I've assigned @tankyleo as a reviewer! |
|
Can you not fuzz the already-public https://docs.rs/lightning/latest/lightning/ln/onion_payment/fn.peel_payment_onion.html ? That would also include additional HTLC validation logic that would be good to fuzz vs just the low-level decoding logic. |
The current target I'm working on is designed to decode the onion only. There is a custom mutator that helps the fuzzer build valid onion packets that the Lightning implementations will unwrap. I think it would be worthwhile to have a higher-level target for fully validating an update_add_htlc message, but it would be a different target. If you want to see: |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4276 +/- ##
==========================================
- Coverage 89.37% 89.36% -0.02%
==========================================
Files 180 180
Lines 139395 139399 +4
Branches 139395 139399 +4
==========================================
- Hits 124591 124576 -15
- Misses 12216 12235 +19
Partials 2588 2588
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Right, but you can fuzz something higher-level and generally get the same results, just with more checks so that its more realistic in terms of how LDK handles it (if theres a crash in higher-level logic we want to know!). You might have to allow a few more cases where our higher-level logic rejects things, but that should be doable. |
Differential fuzzing requires comparing equivalent operations across implementations with matching inputs and outputs. The current target is specifically designed to test onion decoding in isolation, using a custom mutator that builds valid onion packets for each implementation to unwrap. If I fuzz A higher-level target that validates full |
3 participants
This PR exposes internal onion decoding types and functions behind the
fuzzingcfg flag to enable differential fuzzing against other Lightning implementations.Changes
Hop,OnionDecodeErr,NextPacketBytes, anddecode_next_payment_hopintofuzzy_onion_utilsmodule (exposed only with#[cfg(fuzzing)])payment_hashparameter optional indecode_next_payment_hopto support fuzzing scenarios where onion decoding needs to be tested independentlyCloses #4247