Fuzzing

Security is paramount when it comes to storing sensitive data, that's also the whole reason to adopt a technology like OPTEE.

When it comes to code, we do not simply wish to rely on our best effort to prove that the application is safe, that's why we make use of tools to aid us in making sure our application is robust even with malicious or unexpected inputs.

That's why we decided to use modern fuzzing so we can rely on these technologies to test for all kinds of inputs and edge cases that we can't easily reason about.

Prerequisite

• Only Linux x86_64 or macOS x86_64 as supported

• Git LFS

• Have make, but also cargo, rust nightly toolchain and a C++ compiler with C++11 support

Run

Open a new terminal and navigate to the cloned repository

Then, install cargo-fuzz with fuzz_dep Makefile target and start fuzzing!

make fuzz_dep fuzz

note

Compilation may get stuck on curve25519-dalek for even 10 minutes before continuing

tip

Subsequent runs only need to specify fuzz as make target, without fuzz_dep

The tool will start fuzzing the application, both with random and mutated inputs, this is done to explore the various branches of execution of the program and detect application crashses.

For more information please see libFuzzer documentation.

In case of an application crash the fuzzer will stop and point out the input that caused the crash, as well as the stacktrace that lead to the crash and also steps how to rerun the exact same input to verify the issue or, alternatively, verify that the issue has been fixed.

Run with AFL

We also support using AFL (American Fuzzy Loop) via afl.rs.

Simply open up a terminal and

make afl_fuzz_dep afl_fuzz

tip

As with libFuzzer, afl_fuzz_dep is only necessary for the first run