1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
#######################################
TF-Fuzz (Trusted-Firmware Fuzzer) guide
#######################################
************
Introduction
************
TF-Fuzz is a TF-M fuzzing tool, at the PSA-call level. At the time of writing
this at least, presentations available at:
- https://www.trustedfirmware.org/docs/TF-M_Fuzzing_Tool_TFOrg.pdf
- https://zoom.us/rec/share/1dxZcZit111IadadyFqFU7IoP5X5aaa8gXUdr_UInxmMbyLzEqEmXQdx79-IWQ9p
(These presentation materials may not all be viewable by all parties.)
To build TF-Fuzz, simply type ``make`` in this directory. The executable,
called ``tfz``, is placed in this directory.
To run ``tfz``, two environment variables must first be assigned. In bash
syntax:
.. code-block:: bash
export TF_FUZZ_LIB_DIR=<path to this TF-M installation>/tools/tf_fuzz/lib
export TF_FUZZ_BPLATE=tfm_boilerplate.txt
Examples of usage can be found in the ``demo`` directory.
**********************************
``.../tf_fuzz`` directory contents
**********************************
.. code-block:: bash
assets calls demo parser tests regression
backupStuff class_forwards.hpp lib document tf_fuzz.cpp utility
boilerplate commands Makefile template tf_fuzz.hpp visualStudio
*************
Code Overview
*************
To help understand the code, below is a C++-class hierarchy used in this code
base. They are explained further in the documents in their respective
directories, so the file names where the classes are defined is listed below (this,
very roughly in order of functional interactions, of chronological usage during
execution, and of most-to-least importance):
.. code-block:: bash
template_line ./template/template_line.hpp
sst_template_line ./template/template_line.hpp
read_sst_template_line ./template/sst_template_line.hpp
remove_sst_template_line ./template/sst_template_line.hpp
set_sst_template_line ./template/sst_template_line.hpp
policy_template_line ./template/template_line.hpp
read_policy_template_line ./template/crypto_template_line.hpp
set_policy_template_line ./template/crypto_template_line.hpp
key_template_line ./template/template_line.hpp
read_key_template_line ./template/crypto_template_line.hpp
remove_key_template_line ./template/crypto_template_line.hpp
set_key_template_line ./template/crypto_template_line.hpp
security_template_line ./template/template_line.hpp
security_hash_template_line ./template/secure_template_line.hpp
psa_call ./calls/psa_call.hpp
crypto_call ./calls/psa_call.hpp
policy_call ./calls/crypto_call.hpp
init_policy_call ./calls/crypto_call.hpp
reset_policy_call ./calls/crypto_call.hpp
add_policy_usage_call ./calls/crypto_call.hpp
set_policy_lifetime_call ./calls/crypto_call.hpp
set_policy_type_call ./calls/crypto_call.hpp
set_policy_algorithm_call ./calls/crypto_call.hpp
set_policy_usage_call ./calls/crypto_call.hpp
get_policy_lifetime_call ./calls/crypto_call.hpp
get_policy_type_call ./calls/crypto_call.hpp
get_policy_algorithm_call ./calls/crypto_call.hpp
get_policy_usage_call ./calls/crypto_call.hpp
get_policy_size_call ./calls/crypto_call.hpp
get_policy_call ./calls/crypto_call.hpp
key_call ./calls/crypto_call.hpp
generate_key_call ./calls/crypto_call.hpp
create_key_call ./calls/crypto_call.hpp
copy_key_call ./calls/crypto_call.hpp
read_key_data_call ./calls/crypto_call.hpp
remove_key_call ./calls/crypto_call.hpp
sst_call ./calls/psa_call.hpp
sst_remove_call ./calls/sst_call.hpp
sst_get_call ./calls/sst_call.hpp
sst_set_call ./calls/sst_call.hpp
security_call ./calls/psa_call.hpp
hash_call ./calls/security_call.hpp
boilerplate ./boilerplate/boilerplate.hpp
psa_asset ./assets/psa_asset.hpp
crypto_asset ./assets/crypto_asset.hpp
policy_asset ./assets/crypto_asset.hpp
key_asset ./assets/crypto_asset.hpp
sst_asset ./assets/sst_asset.hpp
tf_fuzz_info ./tf_fuzz.hpp
variables ./utility/variables.hpp
crc32 ./utility/compute.hpp
gibberish ./utility/gibberish.hpp
expect_info ./utility/data_blocks.hpp
set_data_info ./utility/data_blocks.hpp
asset_name_id_info ./utility/data_blocks.hpp
TF-Fuzz now has better-organized management of variables in the generated code.
In particular, it maintains a list of variables named in the test template, and
implicit in the code, notably variables assets are ``read`` into. It also now has
completely separate execution phases to parse the test template, simulate the
sequence of PSA calls generated, and write out the expected results. That
simulation is only in enough detail to predict expected results. Since TF-Fuzz
currectly mostly addresses only SST calls, that simulation is very simple in
nature -- just tracking data movement.
--------------
*Copyright (c) 2020, Arm Limited. All rights reserved.*
|