bolt8

Encrypted and authenticated transport, per BOLT #8.
git clone git://git.ppad.tech/bolt8.git
Log | Files | Refs | README | LICENSE
commit 76f871d6ac71873c5aa078c1079dd03dad74ad01
parent cfae46878f0df71b63fc5d131b1fa11ef043131c
Author: Jared Tobin <jared@jtobin.io>
Date:   Sun, 25 Jan 2026 11:01:20 +0400

test: add property-based tests

Add QuickCheck properties for:
- Handshake round-trip with random valid keys
- Encrypt/decrypt round-trip with random payloads (0-256 bytes)
- decrypt_frame consuming exactly one frame
- decrypt_frame_partial returning NeedMore on short buffers

Uses fixed ephemeral keys for determinism. All 26 tests pass.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Diffstat:

Aplans/IMPL6.md | 37+++++++++++++++++++++++++++++++++++++


Mppad-bolt8.cabal | 2++


Mtest/Main.hs | 108+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


3 files changed, 147 insertions(+), 0 deletions(-)

diff --git a/plans/IMPL6.md b/plans/IMPL6.md
@@ -0,0 +1,37 @@
+# IMPL6: Add property-based tests
+
+## Goal
+Add a small set of QuickCheck properties to complement spec vectors and
+negative tests.
+
+## Constraints
+- Use tasty-quickcheck only in the test suite.
+- Keep generators small and deterministic enough for CI.
+- No new dependencies beyond QuickCheck (already permitted for tests).
+
+## Properties
+1) Handshake round-trip:
+   - For random static keys and fixed entropy for ephemeral keys,
+     a full handshake succeeds and the derived sessions are consistent:
+     initiator send key == responder recv key, and vice versa.
+2) Encrypt/decrypt round-trip:
+   - For random payloads of size 0..256 bytes, encrypt then decrypt
+     yields the original payload and advances sessions.
+3) Framing:
+   - For random payloads, decrypt_frame consumes exactly one frame and
+     returns the remainder when concatenated with a second frame.
+   - decrypt_frame_partial returns NeedMore when given a prefix shorter
+     than 18 bytes, and FrameOk when given a full frame.
+
+## Implementation notes
+- Add small helpers to generate valid Sec/Pub pairs from 32-byte
+  entropy (filter invalid scalars).
+- Use fixed ephemeral entropy in properties for determinism, or
+  generate both static and ephemeral keys while rejecting invalid input.
+- Add QuickCheck size limits to keep runtime fast.
+
+## Steps
+1) Add tasty-quickcheck dependency to test-suite if not already present.
+2) Implement generators for 32-byte entropy and payload ByteStrings.
+3) Add property tests to `test/Main.hs` under a new test group.
+4) Run `cabal test` to confirm runtime and determinism.
diff --git a/ppad-bolt8.cabal b/ppad-bolt8.cabal
@@ -47,8 +47,10 @@ test-suite bolt8-tests
     , bytestring
     , ppad-base16
     , ppad-bolt8
+    , QuickCheck
     , tasty
     , tasty-hunit
+    , tasty-quickcheck
 
 benchmark bolt8-bench
   type:                exitcode-stdio-1.0
diff --git a/test/Main.hs b/test/Main.hs
@@ -9,6 +9,8 @@ import qualified Data.ByteString.Base16 as B16
 import qualified Lightning.Protocol.BOLT8 as BOLT8
 import Test.Tasty
 import Test.Tasty.HUnit
+import Test.Tasty.QuickCheck (Gen, Property, choose, forAll, testProperty,
+                              vectorOf)
 
 -- test helpers ----------------------------------------------------------------
 
@@ -31,6 +33,7 @@ main = defaultMain $ testGroup "ppad-bolt8" [
   , framing_tests
   , partial_framing_tests
   , negative_tests
+  , property_tests
   ]
 
 -- test vectors from BOLT #8 specification -----------------------------------
@@ -547,3 +550,108 @@ hex :: BS.ByteString -> BS.ByteString
 hex bs = case B16.decode bs of
   Nothing -> error "hex: invalid test vector literal"
   Just r  -> r
+
+-- property tests --------------------------------------------------------------
+
+property_tests :: TestTree
+property_tests = testGroup "Properties" [
+    testProperty "handshake round-trip" prop_handshake_roundtrip
+  , testProperty "encrypt/decrypt round-trip" prop_encrypt_decrypt_roundtrip
+  , testProperty "decrypt_frame consumes one frame" prop_frame_consumes_one
+  , testProperty "decrypt_frame_partial NeedMore on short"
+      prop_partial_needmore_short
+  ]
+
+-- generators ------------------------------------------------------------------
+
+-- | Generate 32 bytes of entropy that yields a valid keypair.
+genValidEntropy :: Gen BS.ByteString
+genValidEntropy = do
+  bytes <- BS.pack <$> vectorOf 32 (choose (0, 255))
+  case BOLT8.keypair bytes of
+    Just _  -> pure bytes
+    Nothing -> genValidEntropy
+
+-- | Generate a payload of 0..256 bytes.
+genPayload :: Gen BS.ByteString
+genPayload = do
+  len <- choose (0, 256)
+  BS.pack <$> vectorOf len (choose (0, 255))
+
+-- | Perform a full handshake with given static key entropy.
+-- Uses fixed ephemeral keys for determinism.
+doHandshake
+  :: BS.ByteString
+  -> BS.ByteString
+  -> Maybe (BOLT8.Session, BOLT8.Session)
+doHandshake i_entropy r_entropy = do
+  (i_s_sec, i_s_pub) <- BOLT8.keypair i_entropy
+  (r_s_sec, r_s_pub) <- BOLT8.keypair r_entropy
+  let i_e = BS.replicate 32 0x12
+      r_e = BS.replicate 32 0x22
+  (msg1, i_hs) <- either (const Nothing) Just $
+    BOLT8.act1 i_s_sec i_s_pub r_s_pub i_e
+  (msg2, r_hs) <- either (const Nothing) Just $
+    BOLT8.act2 r_s_sec r_s_pub r_e msg1
+  (msg3, i_res) <- either (const Nothing) Just $
+    BOLT8.act3 i_hs msg2
+  r_res <- either (const Nothing) Just $
+    BOLT8.finalize r_hs msg3
+  pure (BOLT8.session i_res, BOLT8.session r_res)
+
+-- properties ------------------------------------------------------------------
+
+-- | Handshake succeeds for valid keys and sessions are consistent.
+prop_handshake_roundtrip :: Property
+prop_handshake_roundtrip = forAll genValidEntropy $ \i_ent ->
+  forAll genValidEntropy $ \r_ent ->
+    case doHandshake i_ent r_ent of
+      Nothing -> False
+      Just _  -> True
+
+-- | Encrypt then decrypt yields original payload.
+prop_encrypt_decrypt_roundtrip :: Property
+prop_encrypt_decrypt_roundtrip = forAll genPayload $ \payload ->
+  case doHandshake initiator_s_priv responder_s_priv of
+    Nothing -> False
+    Just (i_sess, r_sess) ->
+      case BOLT8.encrypt i_sess payload of
+        Left _ -> False
+        Right (ct, _) ->
+          case BOLT8.decrypt r_sess ct of
+            Left _ -> False
+            Right (pt, _) -> pt == payload
+
+-- | decrypt_frame consumes exactly one frame and returns remainder.
+prop_frame_consumes_one :: Property
+prop_frame_consumes_one = forAll genPayload $ \p1 ->
+  forAll genPayload $ \p2 ->
+    case doHandshake initiator_s_priv responder_s_priv of
+      Nothing -> False
+      Just (i_sess, r_sess) ->
+        case BOLT8.encrypt i_sess p1 of
+          Left _ -> False
+          Right (ct1, i_sess') ->
+            case BOLT8.encrypt i_sess' p2 of
+              Left _ -> False
+              Right (ct2, _) ->
+                let buf = ct1 <> ct2
+                in case BOLT8.decrypt_frame r_sess buf of
+                  Left _ -> False
+                  Right (pt1, rest, r_sess') ->
+                    pt1 == p1 &&
+                    case BOLT8.decrypt_frame r_sess' rest of
+                      Left _ -> False
+                      Right (pt2, rest2, _) ->
+                        pt2 == p2 && BS.null rest2
+
+-- | decrypt_frame_partial returns NeedMore when buffer < 18 bytes.
+prop_partial_needmore_short :: Property
+prop_partial_needmore_short = forAll (choose (0, 17)) $ \len ->
+  case doHandshake initiator_s_priv responder_s_priv of
+    Nothing -> False
+    Just (_, r_sess) ->
+      let buf = BS.replicate len 0x00
+      in case BOLT8.decrypt_frame_partial r_sess buf of
+        BOLT8.NeedMore n -> n == 18 - len
+        _                -> False