auditor

An aarch64 constant-time memory access auditing tool.
git clone git://git.ppad.tech/auditor.git
Log | Files | Refs | README | LICENSE

IMPL1.md (1576B)


      1 # IMPL1: Implement Symbol-Offset Addressing Support
      2 
      3 ## Summary
      4 
      5 Implement `BaseSymbol` addressing for AArch64 loads/stores, update
      6 parser, taint checks, JSON output, and tests. Track missing instruction
      7 parsers as a follow-up task.
      8 
      9 ## Steps
     10 
     11 1) Update core types
     12 - Add `BaseSymbol Reg Text` to `AddrMode` in `Audit.AArch64.Types`.
     13 - Extend the `ToJSON` instance to encode the new constructor.
     14 
     15 2) Extend parser
     16 - Add a `pAddrModeSymbol` or extend `pAddrModeInner` to parse a
     17   symbol reference after the comma inside brackets.
     18 - Ensure `[xN, _symbol@GOTPAGEOFF]` parses as `BaseSymbol`.
     19 - Keep existing address parsing behavior unchanged.
     20 
     21 3) Update taint + checks
     22 - `addrBaseTaint`: treat `BaseSymbol` like `BaseImm` (base reg only).
     23 - `checkAddrMode`: accept `BaseSymbol` as a constant offset mode; only
     24   base-taint can trigger a violation.
     25 
     26 4) Add fixtures + tests
     27 - Add parser fixtures with symbol offsets:
     28   - `ldr x8, [x8, _symbol@GOTPAGEOFF]`
     29   - `ldr x0, [x1, _foo@PAGEOFF]`
     30 - Add an analysis fixture that uses a public base reg and confirm no
     31   violation.
     32 - Add a negative fixture where base reg is secret to ensure violation.
     33 
     34 5) Follow-up (non-blocking)
     35 - Add parser support for `ldur`, `stur`, `adcs`, `negs`, `mneg`.
     36 - Update tests accordingly.
     37 
     38 ## Files to Touch
     39 
     40 - `lib/Audit/AArch64/Types.hs`
     41 - `lib/Audit/AArch64/Parser.hs`
     42 - `lib/Audit/AArch64/Taint.hs`
     43 - `lib/Audit/AArch64/Check.hs`
     44 - `test/` fixtures and unit tests
     45 
     46 ## Validation
     47 
     48 - Run the parser tests on symbol-offset fixtures.
     49 - Run a small audit on a GHC aarch64 dump to confirm no parse errors.