Skip to content

fuzz: fix ChaCha20 encrypt_single_block to preserve data#4385

Merged
TheBlueMatt merged 1 commit intolightningdevkit:mainfrom
joostjager:fuzz-no-pending-payments
Feb 6, 2026
Merged

fuzz: fix ChaCha20 encrypt_single_block to preserve data#4385
TheBlueMatt merged 1 commit intolightningdevkit:mainfrom
joostjager:fuzz-no-pending-payments

Conversation

@joostjager
Copy link
Contributor

@joostjager joostjager commented Feb 5, 2026
edited
Loading

The fuzzing ChaCha20's encrypt_single_block wasn't copying src to dest, leaving dest as zeros. This caused payment metadata in payment_secret to be lost, making the receiver detect LdkPaymentHash (method 0) instead of UserPaymentHash (method 1), which then failed preimage verification.

This means we were never actually fuzzing successful payment completions - all payments failed with "mismatching preimage". The fix makes encrypt_single_block copy src to dest (identity encryption), matching the behavior of process().

Verified by adding a panic in the PaymentSent handler: before the fix it never triggered, after the fix it does.

@joostjager @claude
fuzz: fix ChaCha20 encrypt_single_block to preserve data
dde2c82 
The fuzzing ChaCha20 implementation's encrypt_single_block was not
copying src to dest, causing encrypted data to be lost (dest remained
zeros). This broke payment flows where metadata is encrypted into
payment_secret - the receiver would decrypt zeros and detect the wrong
payment method (LdkPaymentHash instead of UserPaymentHash), causing
payments to fail with "mismatching preimage".

Fix by making encrypt_single_block copy src to dest (identity
encryption), matching the behavior of the process() method.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Feb 5, 2026
edited
Loading

🎉 This PR is now ready for review!
Please choose at least one reviewer by assigning them on the right bar.
If no reviewers are assigned within 10 minutes, I'll automatically assign one.
Once the first reviewer has submitted a review, a second will be assigned if required.

@joostjager joostjager mentioned this pull request Feb 5, 2026
Open
@joostjager joostjager marked this pull request as ready for review February 5, 2026 12:22
@codecov
Copy link

codecov bot commented Feb 5, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.00%. Comparing base (7fcfb39) to head (dde2c82).
⚠️ Report is 12 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4385      +/-   ##
==========================================
- Coverage   86.01%   86.00%   -0.01%     
==========================================
  Files         156      156              
  Lines      102857   102857              
  Branches   102857   102857              
==========================================
- Hits        88471    88465       -6     
- Misses      11877    11883       +6     
  Partials     2509     2509
Flag Coverage Δ
tests 86.00% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Feb 6, 2026

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

@TheBlueMatt TheBlueMatt merged commit ee768f4 into lightningdevkit:main Feb 6, 2026
20 of 21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joostjager @ldk-reviews-bot @TheBlueMatt