From bf9669af9ccc33dcade09bceb27d6745e9d9a75a Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Tue, 30 Jan 2024 19:27:21 +0530 Subject: [PATCH 01/11] test: Rename early key response test and move random_bitflip to util Early key response test is a special kind of test which requires modified v2 handshake functions. More such tests can be added where v2 handshake functions send incorrect garbage terminator, excess garbage bytes etc.. Hence, rename p2p_v2_earlykey.py to a general test file name - p2p_v2_misbehaving.py. random_bitflip function (used in signature tests prior to this commit) can be used in p2p_v2_misbehaving test to generate wrong garbage terminator, wrong garbage bytes etc.. So, move the function to util. --- .../{p2p_v2_earlykeyresponse.py => p2p_v2_misbehaving.py} | 0 test/functional/test_framework/key.py | 6 +----- test/functional/test_framework/util.py | 7 +++++++ test/functional/test_runner.py | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) rename test/functional/{p2p_v2_earlykeyresponse.py => p2p_v2_misbehaving.py} (100%) diff --git a/test/functional/p2p_v2_earlykeyresponse.py b/test/functional/p2p_v2_misbehaving.py similarity index 100% rename from test/functional/p2p_v2_earlykeyresponse.py rename to test/functional/p2p_v2_misbehaving.py diff --git a/test/functional/test_framework/key.py b/test/functional/test_framework/key.py index 06252f89960..939c7cbef61 100644 --- a/test/functional/test_framework/key.py +++ b/test/functional/test_framework/key.py @@ -14,6 +14,7 @@ import random import unittest from test_framework.crypto import secp256k1 +from test_framework.util import random_bitflip # Point with no known discrete log. H_POINT = "50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0" @@ -292,11 +293,6 @@ def sign_schnorr(key, msg, aux=None, flip_p=False, flip_r=False): class TestFrameworkKey(unittest.TestCase): def test_ecdsa_and_schnorr(self): """Test the Python ECDSA and Schnorr implementations.""" - def random_bitflip(sig): - sig = list(sig) - sig[random.randrange(len(sig))] ^= (1 << (random.randrange(8))) - return bytes(sig) - byte_arrays = [generate_privkey() for _ in range(3)] + [v.to_bytes(32, 'big') for v in [0, ORDER - 1, ORDER, 2**256 - 1]] keys = {} for privkey_bytes in byte_arrays: # build array of key/pubkey pairs diff --git a/test/functional/test_framework/util.py b/test/functional/test_framework/util.py index b4b05b15972..53f4a8ee4da 100644 --- a/test/functional/test_framework/util.py +++ b/test/functional/test_framework/util.py @@ -14,6 +14,7 @@ import logging import os import pathlib import platform +import random import re import time @@ -230,6 +231,12 @@ def ceildiv(a, b): return -(-a // b) +def random_bitflip(data): + data = list(data) + data[random.randrange(len(data))] ^= (1 << (random.randrange(8))) + return bytes(data) + + def get_fee(tx_size, feerate_btc_kvb): """Calculate the fee in BTC given a feerate is BTC/kvB. Reflects CFeeRate::GetFee""" feerate_sat_kvb = int(feerate_btc_kvb * Decimal(1e8)) # Fee in sat/kvb as an int to avoid float precision errors diff --git a/test/functional/test_runner.py b/test/functional/test_runner.py index 4d66ea97c84..964b7ab6aa2 100755 --- a/test/functional/test_runner.py +++ b/test/functional/test_runner.py @@ -264,7 +264,7 @@ BASE_SCRIPTS = [ 'p2p_invalid_tx.py --v2transport', 'p2p_v2_transport.py', 'p2p_v2_encrypted.py', - 'p2p_v2_earlykeyresponse.py', + 'p2p_v2_misbehaving.py', 'example_test.py', 'mempool_accept_v3.py', 'wallet_txn_doublespend.py --legacy-wallet', From 86cca2cba230c10324c6aedd12ae9655b83b2856 Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Tue, 13 Feb 2024 10:37:23 +0530 Subject: [PATCH 02/11] test: Support disconnect waiting for add_p2p_connection Adds a new boolean parameter `expect_success` to the `add_p2p_connection` method. If set, the node under test doesn't wait for connection to be established and is useful for testing scenarios when disconnection is expected. Without this parameter, intermittent test failures can happen if the disconnection happens before wait_until for is_connected is hit inside `add_p2p_connection`. Co-Authored-By: Sebastian Falbesoner --- test/functional/test_framework/test_node.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/functional/test_framework/test_node.py b/test/functional/test_framework/test_node.py index 3baa78fd79f..d6cb5262ba1 100755 --- a/test/functional/test_framework/test_node.py +++ b/test/functional/test_framework/test_node.py @@ -667,7 +667,7 @@ class TestNode(): assert_msg += "with expected error " + expected_msg self._raise_assertion_error(assert_msg) - def add_p2p_connection(self, p2p_conn, *, wait_for_verack=True, send_version=True, supports_v2_p2p=None, wait_for_v2_handshake=True, **kwargs): + def add_p2p_connection(self, p2p_conn, *, wait_for_verack=True, send_version=True, supports_v2_p2p=None, wait_for_v2_handshake=True, expect_success=True, **kwargs): """Add an inbound p2p connection to the node. This method adds the p2p connection to the self.p2ps list and also @@ -687,7 +687,6 @@ class TestNode(): if supports_v2_p2p is None: supports_v2_p2p = self.use_v2transport - p2p_conn.p2p_connected_to_node = True if self.use_v2transport: kwargs['services'] = kwargs.get('services', P2P_SERVICES) | NODE_P2P_V2 @@ -695,6 +694,8 @@ class TestNode(): p2p_conn.peer_connect(**kwargs, send_version=send_version, net=self.chain, timeout_factor=self.timeout_factor, supports_v2_p2p=supports_v2_p2p)() self.p2ps.append(p2p_conn) + if not expect_success: + return p2p_conn p2p_conn.wait_until(lambda: p2p_conn.is_connected, check_connected=False) if supports_v2_p2p and wait_for_v2_handshake: p2p_conn.wait_until(lambda: p2p_conn.v2_state.tried_v2_handshake) From c642b08c4e45cb3a625a867ebd66c0ae51bde212 Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Fri, 17 May 2024 09:40:38 +0530 Subject: [PATCH 03/11] test: Log when the garbage is actually sent to transport layer Currently, we log the number of bytes of garbage when it is generated. The log is a better fit for when the garbage actually gets sent to the transport layer. --- test/functional/test_framework/p2p.py | 2 ++ test/functional/test_framework/v2_p2p.py | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/test/functional/test_framework/p2p.py b/test/functional/test_framework/p2p.py index dc04696114a..f11a3dd8939 100755 --- a/test/functional/test_framework/p2p.py +++ b/test/functional/test_framework/p2p.py @@ -223,6 +223,7 @@ class P2PConnection(asyncio.Protocol): # send the initial handshake immediately if self.supports_v2_p2p and self.v2_state.initiating and not self.v2_state.tried_v2_handshake: send_handshake_bytes = self.v2_state.initiate_v2_handshake() + logger.debug(f"sending {len(self.v2_state.sent_garbage)} bytes of garbage data") self.send_raw_message(send_handshake_bytes) # for v1 outbound connections, send version message immediately after opening # (for v2 outbound connections, send it after the initial v2 handshake) @@ -262,6 +263,7 @@ class P2PConnection(asyncio.Protocol): self.v2_state = None return elif send_handshake_bytes: + logger.debug(f"sending {len(self.v2_state.sent_garbage)} bytes of garbage data") self.send_raw_message(send_handshake_bytes) elif send_handshake_bytes == b"": return # only after send_handshake_bytes are sent can `complete_handshake()` be done diff --git a/test/functional/test_framework/v2_p2p.py b/test/functional/test_framework/v2_p2p.py index 8f79623bd8a..8b061fcd619 100644 --- a/test/functional/test_framework/v2_p2p.py +++ b/test/functional/test_framework/v2_p2p.py @@ -4,7 +4,6 @@ # file COPYING or http://www.opensource.org/licenses/mit-license.php. """Class for v2 P2P protocol (see BIP 324)""" -import logging import random from .crypto.bip324_cipher import FSChaCha20Poly1305 @@ -14,7 +13,6 @@ from .crypto.hkdf import hkdf_sha256 from .key import TaggedHash from .messages import MAGIC_BYTES -logger = logging.getLogger("TestFramework.v2_p2p") CHACHA20POLY1305_EXPANSION = 16 HEADER_LEN = 1 @@ -116,7 +114,6 @@ class EncryptedP2PState: self.privkey_ours, self.ellswift_ours = ellswift_create() garbage_len = random.randrange(MAX_GARBAGE_LEN + 1) self.sent_garbage = random.randbytes(garbage_len) - logger.debug(f"sending {garbage_len} bytes of garbage data") return self.ellswift_ours + self.sent_garbage def initiate_v2_handshake(self): From d4a1da8543522a213ac75761131d878eedfd4a5b Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Fri, 17 May 2024 10:06:59 +0530 Subject: [PATCH 04/11] test: Make global TRANSPORT_VERSION variable an instance variable Currently, transport version is a global variable declared as TRANSPORT_VERSION in v2_p2p.py. Making it an instance variable would help in sending non empty transport version packets for testing purposes. It might also help EncryptedP2PState be more extensible in far future protocol upgrades. --- test/functional/test_framework/v2_p2p.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/functional/test_framework/v2_p2p.py b/test/functional/test_framework/v2_p2p.py index 8b061fcd619..0d2f7f6ad2e 100644 --- a/test/functional/test_framework/v2_p2p.py +++ b/test/functional/test_framework/v2_p2p.py @@ -19,7 +19,6 @@ HEADER_LEN = 1 IGNORE_BIT_POS = 7 LENGTH_FIELD_LEN = 3 MAX_GARBAGE_LEN = 4095 -TRANSPORT_VERSION = b'' SHORTID = { 1: b"addr", @@ -93,6 +92,7 @@ class EncryptedP2PState: # has been decrypted. set to -1 if decryption hasn't been done yet. self.contents_len = -1 self.found_garbage_terminator = False + self.transport_version = b'' @staticmethod def v2_ecdh(priv, ellswift_theirs, ellswift_ours, initiating): @@ -169,7 +169,7 @@ class EncryptedP2PState: msg_to_send += self.v2_enc_packet(decoy_content_len * b'\x00', aad=aad, ignore=True) aad = b'' # Send version packet. - msg_to_send += self.v2_enc_packet(TRANSPORT_VERSION, aad=aad) + msg_to_send += self.v2_enc_packet(self.transport_version, aad=aad) return 64 - len(self.received_prefix), msg_to_send def authenticate_handshake(self, response): From 7d07daa62311bdb0e2ce23d0b55f711f5088bd28 Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Tue, 28 May 2024 11:32:04 +0530 Subject: [PATCH 05/11] log: Add V2 handshake timeout --- src/net.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/net.cpp b/src/net.cpp index 7c82f01d757..b3f2a157095 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -1988,7 +1988,11 @@ bool CConnman::InactivityCheck(const CNode& node) const } if (!node.fSuccessfullyConnected) { - LogPrint(BCLog::NET, "version handshake timeout peer=%d\n", node.GetId()); + if (node.m_transport->GetInfo().transport_type == TransportProtocolType::DETECTING) { + LogPrint(BCLog::NET, "V2 handshake timeout peer=%d\n", node.GetId()); + } else { + LogPrint(BCLog::NET, "version handshake timeout peer=%d\n", node.GetId()); + } return true; } From e075fd131d668d9d1ba3c8566624481c4a57032d Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Tue, 30 Jan 2024 19:50:12 +0530 Subject: [PATCH 06/11] test: Introduce test types and modify v2 handshake function accordingly Prior to this commit, TestEncryptedP2PState would always send initial_v2_handshake bytes in 2 parts (as required by early key response test). For generalising this test and having different v2 handshake behaviour based on the test type, special behaviours like sending initial_v2_handshake bytes in 2 parts are executed only if test_type is set to EARLY_KEY_RESPONSE. --- test/functional/p2p_v2_misbehaving.py | 93 ++++++++++++--------------- 1 file changed, 42 insertions(+), 51 deletions(-) diff --git a/test/functional/p2p_v2_misbehaving.py b/test/functional/p2p_v2_misbehaving.py index 32d2e1148a9..a3a5abdb6d3 100755 --- a/test/functional/p2p_v2_misbehaving.py +++ b/test/functional/p2p_v2_misbehaving.py @@ -3,87 +3,78 @@ # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. -import random +from enum import Enum -from test_framework.test_framework import BitcoinTestFramework -from test_framework.crypto.ellswift import ellswift_create +from test_framework.messages import MAGIC_BYTES from test_framework.p2p import P2PInterface +from test_framework.test_framework import BitcoinTestFramework from test_framework.v2_p2p import EncryptedP2PState -class TestEncryptedP2PState(EncryptedP2PState): - """ Modify v2 P2P protocol functions for testing that "The responder waits until one byte is received which does - not match the 16 bytes consisting of the network magic followed by "version\x00\x00\x00\x00\x00"." (see BIP 324) +class TestType(Enum): + """ Scenarios to be tested: - - if `send_net_magic` is True, send first 4 bytes of ellswift (match network magic) else send remaining 60 bytes - - `can_data_be_received` is a variable used to assert if data is received on recvbuf. - - v2 TestNode shouldn't respond back if we send V1_PREFIX and data shouldn't be received on recvbuf. - This state is represented using `can_data_be_received` = False. - - v2 TestNode responds back when mismatch from V1_PREFIX happens and data can be received on recvbuf. - This state is represented using `can_data_be_received` = True. + 1. EARLY_KEY_RESPONSE - The responder needs to wait until one byte is received which does not match the 16 bytes + consisting of network magic followed by "version\x00\x00\x00\x00\x00" before sending out its ellswift + garbage bytes """ - - def __init__(self): - super().__init__(initiating=True, net='regtest') - self.send_net_magic = True - self.can_data_be_received = False - - def initiate_v2_handshake(self, garbage_len=random.randrange(4096)): - """Initiator begins the v2 handshake by sending its ellswift bytes and garbage. - Here, the 64 bytes ellswift is assumed to have it's 4 bytes match network magic bytes. It is sent in 2 phases: - 1. when `send_network_magic` = True, send first 4 bytes of ellswift (matches network magic bytes) - 2. when `send_network_magic` = False, send remaining 60 bytes of ellswift - """ - if self.send_net_magic: - self.privkey_ours, self.ellswift_ours = ellswift_create() - self.sent_garbage = random.randbytes(garbage_len) - self.send_net_magic = False - return b"\xfa\xbf\xb5\xda" - else: - self.can_data_be_received = True - return self.ellswift_ours[4:] + self.sent_garbage + EARLY_KEY_RESPONSE = 0 -class PeerEarlyKey(P2PInterface): +class EarlyKeyResponseState(EncryptedP2PState): + """ Modify v2 P2P protocol functions for testing EARLY_KEY_RESPONSE scenario""" + def __init__(self, initiating, net): + super().__init__(initiating=initiating, net=net) + self.can_data_be_received = False # variable used to assert if data is received on recvbuf. + + def initiate_v2_handshake(self): + """Send ellswift and garbage bytes in 2 parts when TestType = (EARLY_KEY_RESPONSE)""" + self.generate_keypair_and_garbage() + return b"" + + +class MisbehavingV2Peer(P2PInterface): """Custom implementation of P2PInterface which uses modified v2 P2P protocol functions for testing purposes.""" - def __init__(self): + def __init__(self, test_type): super().__init__() - self.v2_state = None - self.connection_opened = False + self.test_type = test_type def connection_made(self, transport): - """64 bytes ellswift is sent in 2 parts during `initial_v2_handshake()`""" - self.v2_state = TestEncryptedP2PState() + if self.test_type == TestType.EARLY_KEY_RESPONSE: + self.v2_state = EarlyKeyResponseState(initiating=True, net='regtest') super().connection_made(transport) def data_received(self, t): - # check that data can be received on recvbuf only when mismatch from V1_PREFIX happens (send_net_magic = False) - assert self.v2_state.can_data_be_received and not self.v2_state.send_net_magic + if self.test_type == TestType.EARLY_KEY_RESPONSE: + # check that data can be received on recvbuf only when mismatch from V1_PREFIX happens + assert self.v2_state.can_data_be_received + else: + super().data_received(t) - def on_open(self): - self.connection_opened = True -class P2PEarlyKey(BitcoinTestFramework): +class EncryptedP2PMisbehaving(BitcoinTestFramework): def set_test_params(self): self.num_nodes = 1 self.extra_args = [["-v2transport=1", "-peertimeout=3"]] def run_test(self): + self.test_earlykeyresponse() + + def test_earlykeyresponse(self): self.log.info('Sending ellswift bytes in parts to ensure that response from responder is received only when') self.log.info('ellswift bytes have a mismatch from the 16 bytes(network magic followed by "version\\x00\\x00\\x00\\x00\\x00")') node0 = self.nodes[0] self.log.info('Sending first 4 bytes of ellswift which match network magic') self.log.info('If a response is received, assertion failure would happen in our custom data_received() function') - # send happens in `initiate_v2_handshake()` in `connection_made()` - peer1 = node0.add_p2p_connection(PeerEarlyKey(), wait_for_verack=False, send_version=False, supports_v2_p2p=True, wait_for_v2_handshake=False) - self.wait_until(lambda: peer1.connection_opened) + peer1 = node0.add_p2p_connection(MisbehavingV2Peer(TestType.EARLY_KEY_RESPONSE), wait_for_verack=False, send_version=False, supports_v2_p2p=True, wait_for_v2_handshake=False) + peer1.send_raw_message(MAGIC_BYTES['regtest']) self.log.info('Sending remaining ellswift and garbage which are different from V1_PREFIX. Since a response is') self.log.info('expected now, our custom data_received() function wouldn\'t result in assertion failure') - ellswift_and_garbage_data = peer1.v2_state.initiate_v2_handshake() - peer1.send_raw_message(ellswift_and_garbage_data) - peer1.wait_for_disconnect(timeout=5) - self.log.info('successful disconnection when MITM happens in the key exchange phase') + peer1.v2_state.can_data_be_received = True + peer1.send_raw_message(peer1.v2_state.ellswift_ours[4:] + peer1.v2_state.sent_garbage) + with node0.assert_debug_log(['V2 handshake timeout peer=0']): + peer1.wait_for_disconnect(timeout=5) + self.log.info('successful disconnection since modified ellswift was sent as response') if __name__ == '__main__': - P2PEarlyKey().main() + EncryptedP2PMisbehaving().main() From e351576862471fc77b1e798a16833439e23ff0b4 Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Tue, 13 Feb 2024 20:47:45 +0530 Subject: [PATCH 07/11] test: Check that disconnection happens when >4095 garbage bytes is sent This test type is represented using EXCESS_GARBAGE. --- test/functional/p2p_v2_misbehaving.py | 33 +++++++++++++++++++++++- test/functional/test_framework/v2_p2p.py | 5 ++-- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/test/functional/p2p_v2_misbehaving.py b/test/functional/p2p_v2_misbehaving.py index a3a5abdb6d3..ae325fa1823 100755 --- a/test/functional/p2p_v2_misbehaving.py +++ b/test/functional/p2p_v2_misbehaving.py @@ -3,12 +3,16 @@ # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. +import random from enum import Enum from test_framework.messages import MAGIC_BYTES from test_framework.p2p import P2PInterface from test_framework.test_framework import BitcoinTestFramework -from test_framework.v2_p2p import EncryptedP2PState +from test_framework.v2_p2p import ( + EncryptedP2PState, + MAX_GARBAGE_LEN, +) class TestType(Enum): @@ -16,8 +20,10 @@ class TestType(Enum): 1. EARLY_KEY_RESPONSE - The responder needs to wait until one byte is received which does not match the 16 bytes consisting of network magic followed by "version\x00\x00\x00\x00\x00" before sending out its ellswift + garbage bytes + 2. EXCESS_GARBAGE - Disconnection happens when > MAX_GARBAGE_LEN bytes garbage is sent """ EARLY_KEY_RESPONSE = 0 + EXCESS_GARBAGE = 1 class EarlyKeyResponseState(EncryptedP2PState): @@ -32,6 +38,13 @@ class EarlyKeyResponseState(EncryptedP2PState): return b"" +class ExcessGarbageState(EncryptedP2PState): + """Generate > MAX_GARBAGE_LEN garbage bytes""" + def generate_keypair_and_garbage(self): + garbage_len = MAX_GARBAGE_LEN + random.randrange(1, MAX_GARBAGE_LEN + 1) + return super().generate_keypair_and_garbage(garbage_len) + + class MisbehavingV2Peer(P2PInterface): """Custom implementation of P2PInterface which uses modified v2 P2P protocol functions for testing purposes.""" def __init__(self, test_type): @@ -41,6 +54,8 @@ class MisbehavingV2Peer(P2PInterface): def connection_made(self, transport): if self.test_type == TestType.EARLY_KEY_RESPONSE: self.v2_state = EarlyKeyResponseState(initiating=True, net='regtest') + elif self.test_type == TestType.EXCESS_GARBAGE: + self.v2_state = ExcessGarbageState(initiating=True, net='regtest') super().connection_made(transport) def data_received(self, t): @@ -58,6 +73,7 @@ class EncryptedP2PMisbehaving(BitcoinTestFramework): def run_test(self): self.test_earlykeyresponse() + self.test_v2disconnection() def test_earlykeyresponse(self): self.log.info('Sending ellswift bytes in parts to ensure that response from responder is received only when') @@ -75,6 +91,21 @@ class EncryptedP2PMisbehaving(BitcoinTestFramework): peer1.wait_for_disconnect(timeout=5) self.log.info('successful disconnection since modified ellswift was sent as response') + def test_v2disconnection(self): + # test v2 disconnection scenarios + node0 = self.nodes[0] + expected_debug_message = [ + [], # EARLY_KEY_RESPONSE + ["V2 transport error: missing garbage terminator, peer=1"], # EXCESS_GARBAGE + ] + for test_type in TestType: + if test_type == TestType.EARLY_KEY_RESPONSE: + continue + with node0.assert_debug_log(expected_debug_message[test_type.value], timeout=5): + peer = node0.add_p2p_connection(MisbehavingV2Peer(test_type), wait_for_verack=False, send_version=False, supports_v2_p2p=True, expect_success=False) + peer.wait_for_disconnect() + self.log.info(f"Expected disconnection for {test_type.name}") + if __name__ == '__main__': EncryptedP2PMisbehaving().main() diff --git a/test/functional/test_framework/v2_p2p.py b/test/functional/test_framework/v2_p2p.py index 0d2f7f6ad2e..87600c36de4 100644 --- a/test/functional/test_framework/v2_p2p.py +++ b/test/functional/test_framework/v2_p2p.py @@ -109,10 +109,11 @@ class EncryptedP2PState: # Responding, place their public key encoding first. return TaggedHash("bip324_ellswift_xonly_ecdh", ellswift_theirs + ellswift_ours + ecdh_point_x32) - def generate_keypair_and_garbage(self): + def generate_keypair_and_garbage(self, garbage_len=None): """Generates ellswift keypair and 4095 bytes garbage at max""" self.privkey_ours, self.ellswift_ours = ellswift_create() - garbage_len = random.randrange(MAX_GARBAGE_LEN + 1) + if garbage_len is None: + garbage_len = random.randrange(MAX_GARBAGE_LEN + 1) self.sent_garbage = random.randbytes(garbage_len) return self.ellswift_ours + self.sent_garbage From ad1482d5a20e6b155184a43d0724d2dcd950ce52 Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Tue, 13 Feb 2024 20:51:51 +0530 Subject: [PATCH 08/11] test: Check that disconnection happens when wrong garbage terminator is sent This test type is represented using WRONG_GARBAGE_TERMINATOR. since the wrong garbage terminator is sent to TestNode, TestNode will interpret all of the gabage bytes, wrong garbage terminator, decoy messages and version packet it receives as garbage bytes. If the length of all these is more than 4095 + 16, it will result in a missing garbage terminator error. otherwise, it will result in a V2 handshake timeout error. Send only MAX_GARBAGE_LEN//2 bytes of garbage data to TestNode so that the total length received by the TestNode is at max = (MAX_GARBAGE_LEN//2) + 16 + 10*120 + 20 = 3283 bytes (which is less than 4095 + 16 bytes) and we get a consistent V2 handshake timeout error message. If we do not limit the garbage length sent, we will intermittently get both missing garbage terminator error and V2 handshake timeout error based on the garbage length and decoy packets length which are chosen at random. --- test/functional/p2p_v2_misbehaving.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/test/functional/p2p_v2_misbehaving.py b/test/functional/p2p_v2_misbehaving.py index ae325fa1823..d0e64f57ac7 100755 --- a/test/functional/p2p_v2_misbehaving.py +++ b/test/functional/p2p_v2_misbehaving.py @@ -9,6 +9,7 @@ from enum import Enum from test_framework.messages import MAGIC_BYTES from test_framework.p2p import P2PInterface from test_framework.test_framework import BitcoinTestFramework +from test_framework.util import random_bitflip from test_framework.v2_p2p import ( EncryptedP2PState, MAX_GARBAGE_LEN, @@ -21,9 +22,11 @@ class TestType(Enum): 1. EARLY_KEY_RESPONSE - The responder needs to wait until one byte is received which does not match the 16 bytes consisting of network magic followed by "version\x00\x00\x00\x00\x00" before sending out its ellswift + garbage bytes 2. EXCESS_GARBAGE - Disconnection happens when > MAX_GARBAGE_LEN bytes garbage is sent + 3. WRONG_GARBAGE_TERMINATOR - Disconnection happens when incorrect garbage terminator is sent """ EARLY_KEY_RESPONSE = 0 EXCESS_GARBAGE = 1 + WRONG_GARBAGE_TERMINATOR = 2 class EarlyKeyResponseState(EncryptedP2PState): @@ -45,6 +48,19 @@ class ExcessGarbageState(EncryptedP2PState): return super().generate_keypair_and_garbage(garbage_len) +class WrongGarbageTerminatorState(EncryptedP2PState): + """Add option for sending wrong garbage terminator""" + def generate_keypair_and_garbage(self): + garbage_len = random.randrange(MAX_GARBAGE_LEN//2) + return super().generate_keypair_and_garbage(garbage_len) + + def complete_handshake(self, response): + length, handshake_bytes = super().complete_handshake(response) + # first 16 bytes returned by complete_handshake() is the garbage terminator + wrong_garbage_terminator = random_bitflip(handshake_bytes[:16]) + return length, wrong_garbage_terminator + handshake_bytes[16:] + + class MisbehavingV2Peer(P2PInterface): """Custom implementation of P2PInterface which uses modified v2 P2P protocol functions for testing purposes.""" def __init__(self, test_type): @@ -56,6 +72,8 @@ class MisbehavingV2Peer(P2PInterface): self.v2_state = EarlyKeyResponseState(initiating=True, net='regtest') elif self.test_type == TestType.EXCESS_GARBAGE: self.v2_state = ExcessGarbageState(initiating=True, net='regtest') + elif self.test_type == TestType.WRONG_GARBAGE_TERMINATOR: + self.v2_state = WrongGarbageTerminatorState(initiating=True, net='regtest') super().connection_made(transport) def data_received(self, t): @@ -97,6 +115,7 @@ class EncryptedP2PMisbehaving(BitcoinTestFramework): expected_debug_message = [ [], # EARLY_KEY_RESPONSE ["V2 transport error: missing garbage terminator, peer=1"], # EXCESS_GARBAGE + ["V2 handshake timeout peer=2"], # WRONG_GARBAGE_TERMINATOR ] for test_type in TestType: if test_type == TestType.EARLY_KEY_RESPONSE: From b5e6238fdbba5c777a5adfa4477dac51a82f4448 Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Tue, 13 Feb 2024 20:57:17 +0530 Subject: [PATCH 09/11] test: Check that disconnection happens when garbage sent/received are different This test type is represented using WRONG_GARBAGE. Here, garbage bytes sent to TestNode are assumed to be tampered with and do not correspond to the garbage bytes which P2PInterface calculated and uses. --- test/functional/p2p_v2_misbehaving.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/test/functional/p2p_v2_misbehaving.py b/test/functional/p2p_v2_misbehaving.py index d0e64f57ac7..e0633f25e39 100755 --- a/test/functional/p2p_v2_misbehaving.py +++ b/test/functional/p2p_v2_misbehaving.py @@ -23,10 +23,12 @@ class TestType(Enum): consisting of network magic followed by "version\x00\x00\x00\x00\x00" before sending out its ellswift + garbage bytes 2. EXCESS_GARBAGE - Disconnection happens when > MAX_GARBAGE_LEN bytes garbage is sent 3. WRONG_GARBAGE_TERMINATOR - Disconnection happens when incorrect garbage terminator is sent + 4. WRONG_GARBAGE - Disconnection happens when garbage bytes that is sent is different from what the peer receives """ EARLY_KEY_RESPONSE = 0 EXCESS_GARBAGE = 1 WRONG_GARBAGE_TERMINATOR = 2 + WRONG_GARBAGE = 3 class EarlyKeyResponseState(EncryptedP2PState): @@ -61,6 +63,15 @@ class WrongGarbageTerminatorState(EncryptedP2PState): return length, wrong_garbage_terminator + handshake_bytes[16:] +class WrongGarbageState(EncryptedP2PState): + """Generate tampered garbage bytes""" + def generate_keypair_and_garbage(self): + garbage_len = random.randrange(1, MAX_GARBAGE_LEN) + ellswift_garbage_bytes = super().generate_keypair_and_garbage(garbage_len) + # assume that garbage bytes sent to TestNode were tampered with + return ellswift_garbage_bytes[:64] + random_bitflip(ellswift_garbage_bytes[64:]) + + class MisbehavingV2Peer(P2PInterface): """Custom implementation of P2PInterface which uses modified v2 P2P protocol functions for testing purposes.""" def __init__(self, test_type): @@ -74,6 +85,8 @@ class MisbehavingV2Peer(P2PInterface): self.v2_state = ExcessGarbageState(initiating=True, net='regtest') elif self.test_type == TestType.WRONG_GARBAGE_TERMINATOR: self.v2_state = WrongGarbageTerminatorState(initiating=True, net='regtest') + elif self.test_type == TestType.WRONG_GARBAGE: + self.v2_state = WrongGarbageState(initiating=True, net='regtest') super().connection_made(transport) def data_received(self, t): @@ -116,6 +129,7 @@ class EncryptedP2PMisbehaving(BitcoinTestFramework): [], # EARLY_KEY_RESPONSE ["V2 transport error: missing garbage terminator, peer=1"], # EXCESS_GARBAGE ["V2 handshake timeout peer=2"], # WRONG_GARBAGE_TERMINATOR + ["V2 transport error: packet decryption failure"], # WRONG_GARBAGE ] for test_type in TestType: if test_type == TestType.EARLY_KEY_RESPONSE: From 997cc00b950a7d1b7f2a3971282685f4e81d87d2 Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Wed, 14 Feb 2024 13:43:52 +0530 Subject: [PATCH 10/11] test: Check that disconnection happens when AAD isn't filled This test type is represented using SEND_NO_AAD. If AAD of the first encrypted packet sent after the garbage terminator (optional decoy packet/version packet) hasn't been filled, disconnection happens. --- test/functional/p2p_v2_misbehaving.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/test/functional/p2p_v2_misbehaving.py b/test/functional/p2p_v2_misbehaving.py index e0633f25e39..51bf580b9db 100755 --- a/test/functional/p2p_v2_misbehaving.py +++ b/test/functional/p2p_v2_misbehaving.py @@ -24,11 +24,13 @@ class TestType(Enum): 2. EXCESS_GARBAGE - Disconnection happens when > MAX_GARBAGE_LEN bytes garbage is sent 3. WRONG_GARBAGE_TERMINATOR - Disconnection happens when incorrect garbage terminator is sent 4. WRONG_GARBAGE - Disconnection happens when garbage bytes that is sent is different from what the peer receives + 5. SEND_NO_AAD - Disconnection happens when AAD of first encrypted packet after the garbage terminator is not filled """ EARLY_KEY_RESPONSE = 0 EXCESS_GARBAGE = 1 WRONG_GARBAGE_TERMINATOR = 2 WRONG_GARBAGE = 3 + SEND_NO_AAD = 4 class EarlyKeyResponseState(EncryptedP2PState): @@ -72,6 +74,17 @@ class WrongGarbageState(EncryptedP2PState): return ellswift_garbage_bytes[:64] + random_bitflip(ellswift_garbage_bytes[64:]) +class NoAADState(EncryptedP2PState): + """Add option for not filling first encrypted packet after garbage terminator with AAD""" + def generate_keypair_and_garbage(self): + garbage_len = random.randrange(1, MAX_GARBAGE_LEN) + return super().generate_keypair_and_garbage(garbage_len) + + def complete_handshake(self, response): + self.sent_garbage = b'' # do not authenticate the garbage which is sent + return super().complete_handshake(response) + + class MisbehavingV2Peer(P2PInterface): """Custom implementation of P2PInterface which uses modified v2 P2P protocol functions for testing purposes.""" def __init__(self, test_type): @@ -87,6 +100,8 @@ class MisbehavingV2Peer(P2PInterface): self.v2_state = WrongGarbageTerminatorState(initiating=True, net='regtest') elif self.test_type == TestType.WRONG_GARBAGE: self.v2_state = WrongGarbageState(initiating=True, net='regtest') + elif self.test_type == TestType.SEND_NO_AAD: + self.v2_state = NoAADState(initiating=True, net='regtest') super().connection_made(transport) def data_received(self, t): @@ -130,6 +145,7 @@ class EncryptedP2PMisbehaving(BitcoinTestFramework): ["V2 transport error: missing garbage terminator, peer=1"], # EXCESS_GARBAGE ["V2 handshake timeout peer=2"], # WRONG_GARBAGE_TERMINATOR ["V2 transport error: packet decryption failure"], # WRONG_GARBAGE + ["V2 transport error: packet decryption failure"], # SEND_NO_AAD ] for test_type in TestType: if test_type == TestType.EARLY_KEY_RESPONSE: From c9dacd958d7c1e98b08a7083c299d981e4c11193 Mon Sep 17 00:00:00 2001 From: stratospher <44024636+stratospher@users.noreply.github.com> Date: Tue, 13 Feb 2024 21:01:21 +0530 Subject: [PATCH 11/11] test: Check that non empty version packet is ignored and no disconnection happens This test type is represented using SEND_NON_EMPTY_VERSION_PACKET. --- test/functional/p2p_v2_misbehaving.py | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/test/functional/p2p_v2_misbehaving.py b/test/functional/p2p_v2_misbehaving.py index 51bf580b9db..e45a63b3b0b 100755 --- a/test/functional/p2p_v2_misbehaving.py +++ b/test/functional/p2p_v2_misbehaving.py @@ -25,12 +25,14 @@ class TestType(Enum): 3. WRONG_GARBAGE_TERMINATOR - Disconnection happens when incorrect garbage terminator is sent 4. WRONG_GARBAGE - Disconnection happens when garbage bytes that is sent is different from what the peer receives 5. SEND_NO_AAD - Disconnection happens when AAD of first encrypted packet after the garbage terminator is not filled + 6. SEND_NON_EMPTY_VERSION_PACKET - non-empty version packet is simply ignored """ EARLY_KEY_RESPONSE = 0 EXCESS_GARBAGE = 1 WRONG_GARBAGE_TERMINATOR = 2 WRONG_GARBAGE = 3 SEND_NO_AAD = 4 + SEND_NON_EMPTY_VERSION_PACKET = 5 class EarlyKeyResponseState(EncryptedP2PState): @@ -85,6 +87,13 @@ class NoAADState(EncryptedP2PState): return super().complete_handshake(response) +class NonEmptyVersionPacketState(EncryptedP2PState): + """"Add option for sending non-empty transport version packet.""" + def complete_handshake(self, response): + self.transport_version = random.randbytes(5) + return super().complete_handshake(response) + + class MisbehavingV2Peer(P2PInterface): """Custom implementation of P2PInterface which uses modified v2 P2P protocol functions for testing purposes.""" def __init__(self, test_type): @@ -102,6 +111,8 @@ class MisbehavingV2Peer(P2PInterface): self.v2_state = WrongGarbageState(initiating=True, net='regtest') elif self.test_type == TestType.SEND_NO_AAD: self.v2_state = NoAADState(initiating=True, net='regtest') + elif TestType.SEND_NON_EMPTY_VERSION_PACKET: + self.v2_state = NonEmptyVersionPacketState(initiating=True, net='regtest') super().connection_made(transport) def data_received(self, t): @@ -146,14 +157,19 @@ class EncryptedP2PMisbehaving(BitcoinTestFramework): ["V2 handshake timeout peer=2"], # WRONG_GARBAGE_TERMINATOR ["V2 transport error: packet decryption failure"], # WRONG_GARBAGE ["V2 transport error: packet decryption failure"], # SEND_NO_AAD + [], # SEND_NON_EMPTY_VERSION_PACKET ] for test_type in TestType: if test_type == TestType.EARLY_KEY_RESPONSE: continue - with node0.assert_debug_log(expected_debug_message[test_type.value], timeout=5): - peer = node0.add_p2p_connection(MisbehavingV2Peer(test_type), wait_for_verack=False, send_version=False, supports_v2_p2p=True, expect_success=False) - peer.wait_for_disconnect() - self.log.info(f"Expected disconnection for {test_type.name}") + elif test_type == TestType.SEND_NON_EMPTY_VERSION_PACKET: + node0.add_p2p_connection(MisbehavingV2Peer(test_type), wait_for_verack=True, send_version=True, supports_v2_p2p=True) + self.log.info(f"No disconnection for {test_type.name}") + else: + with node0.assert_debug_log(expected_debug_message[test_type.value], timeout=5): + peer = node0.add_p2p_connection(MisbehavingV2Peer(test_type), wait_for_verack=False, send_version=False, supports_v2_p2p=True, expect_success=False) + peer.wait_for_disconnect() + self.log.info(f"Expected disconnection for {test_type.name}") if __name__ == '__main__':