Fuzzing
Security is paramount when it comes to storing sensitive data, that's also the whole reason to adopt a technology like OPTEE.
When it comes to code, we do not simply wish to rely on our best effort to prove that the application is safe, that's why we make use of tools to aid us in making sure our application is robust even with malicious or unexpected inputs.
That's why we decided to use modern fuzzing so we can rely on these technologies to test for all kinds of inputs and edge cases that we can't easily reason about.
Prerequisite
Only Linux x86_64 or macOS x86_64 as supported
Git LFS
Have
make, but alsocargo, rust nightly toolchain and a C++ compiler with C++11 support
Run
Open a new terminal and navigate to the cloned repository
Then, install cargo-fuzz with fuzz_dep Makefile target and start fuzzing!
make fuzz_dep fuzz
Compilation may get stuck on curve25519-dalek for even 10 minutes before continuing
Subsequent runs only need to specify fuzz as make target, without fuzz_dep
The tool will start fuzzing the application, both with random and mutated inputs, this is done to explore the various branches of execution of the program and detect application crashses.
For more information please see libFuzzer documentation.
In case of an application crash the fuzzer will stop and point out the input that caused the crash, as well as the stacktrace that lead to the crash and also steps how to rerun the exact same input to verify the issue or, alternatively, verify that the issue has been fixed.
Run with AFL
We also support using AFL (American Fuzzy Loop) via afl.rs.
Simply open up a terminal and
make afl_fuzz_dep afl_fuzz
As with libFuzzer, afl_fuzz_dep is only necessary for the first run
