• Stars
    star
    1,136
  • Rank 41,003 (Top 0.9 %)
  • Language
    Haskell
  • License
    BSD 3-Clause "New...
  • Created over 10 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Cryptol: The Language of Cryptography

Cryptol Open in Gitpod

Cryptol, version 3

This version of Cryptol is (C) 2013-2023 Galois, Inc., and
distributed under a standard, three-clause BSD license. Please see
the file LICENSE, distributed with this software, for specific
terms and conditions.

What is Cryptol?

The Cryptol specification language was designed by Galois for the NSA Laboratory for Advanced Cybersecurity Research as a public standard for specifying cryptographic algorithms. A Cryptol reference specification can serve as the formal documentation for a cryptographic module. Unlike current specification mechanisms, Cryptol is fully executable, allowing designers to experiment with their programs incrementally as their designs evolve.

This release is an interpreter for version 3 of the Cryptol language. The interpreter includes a :check command, which tests predicates written in Cryptol against randomly-generated test vectors (in the style of QuickCheck). There is also a :prove command, which calls out to SMT solvers, such as Yices, Z3, CVC4, or CVC5, to prove predicates for all possible inputs.

Getting Cryptol Binaries

Cryptol binaries for Mac OS X, Linux, and Windows are available from the GitHub releases page. Mac OS X and Linux binaries are distributed as a tarball which you can extract to a location of your choice. Windows binaries are distributed both as tarballs and as .msi installer packages which place a shortcut to the Cryptol interpreter in the Start menu.

On Mac OS X, Cryptol is also available via Homebrew. Simply run brew update && brew install cryptol to get the latest stable version.

Getting Z3

Cryptol currently uses Microsoft Research's Z3 SMT solver by default to solve constraints during type checking, and as the default solver for the :sat and :prove commands. Cryptol generally requires the most recent version of Z3, but you can see the specific version tested in CI by looking here.

You can download Z3 binaries for a variety of platforms from their releases page. If you install Cryptol using Homebrew, the appropriate version of Z3 will be installed automatically. If you're using Linux, the package manager for your distribution may include Z3, as well, though sometimes the available versions are somewhat old.

After installation, make sure that z3 (or z3.exe on Windows) is on your PATH.

Note for 64-bit Linux Users

On some 64-bit Linux configurations, 32-bit binaries do not work. This can lead to unhelpful error messages like z3: no such file or directory, even when z3 is clearly present. To fix this, either install 32-bit compatibility packages for your distribution, or download the x64 version of Z3.

Building Cryptol From Source

In addition to the binaries, the Cryptol source is available publicly on GitHub.

Cryptol builds and runs on various flavors of Linux, Mac OS X, and Windows. We regularly build and test it in the following environments:

  • macOS 12, 64-bit
  • Ubuntu 20.04, 64-bit
  • Ubuntu 22.04, 64-bit
  • Windows Server 2019, 64-bit

Prerequisites

Cryptol is regularly built and tested with the three most recent versions of GHC, which at the time of this writing are 8.10.7, 9.2.8, and 9.4.5. The easiest way to install an appropriate version of GHC is with ghcup.

Some supporting non-Haskell libraries are required to build Cryptol. Most should already be present for your operating system, but you may need to install the following:

You'll also need Z3 installed when running Cryptol.

Building Cryptol

After a fresh checkout of cryptol, be sure to initialize its git submodules:

git submodule update --init

Then, from the Cryptol source directory, run:

./cry build

This will build Cryptol in place. From there, there are additional targets:

  • ./cry run: run Cryptol in the current directory
  • ./cry test: run the regression test suite

Installing Cryptol

If you run cabal v2-install --installdir=DIR in your source directory after running one of the above ./cry command, you will end up with a binary in DIR.

Configuring Cryptol

Cryptol can use several external files to control its operation. Normally, the build process embeds these files into the executable. However, these embedded files can be overwritten with local copies in two ways:

  • Copy the contents of the lib directory into $HOME/.cryptol.

  • Set the CRYPTOLPATH environment variable to name some other directory that contains the files from the lib directory.

Contributing

We believe that anyone who uses Cryptol is making an important contribution toward making Cryptol a better tool. There are many ways to get involved.

Users

If you write Cryptol programs that you think would benefit the community, fork the GitHub repository, and add them to the examples/contrib directory and submit a pull request.

We host a Cryptol mailing list, which you can join here.

If you run into a bug in Cryptol, if something doesn't make sense in the documentation, if you think something could be better, or if you just have a cool use of Cryptol that you'd like to share with us, use the issues page on GitHub, or send email to [email protected].

Developers

If you'd like to get involved with Cryptol development, see the list of low-hanging fruit. These are tasks which should be straightforward to implement. Make a fork of this GitHub repository, send along pull requests and we'll be happy to incorporate your changes.

Repository Structure

  • /cryptol: Haskell sources for the front-end cryptol executable and read-eval-print loop
  • /docs: LaTeX and Markdown sources for the Cryptol documentation
  • /examples: Cryptol sources implementing several interesting algorithms
  • /lib: Cryptol standard library sources
  • /src: Haskell sources for the cryptol library (the bulk of the implementation)
  • /tests: Haskell sources for the Cryptol regression test suite, as well as the Cryptol sources and expected outputs that comprise that suite

Where to Look Next

The docs directory of the installation package contains an introductory book, the examples directory contains a number of algorithms specified in Cryptol.

If you are familiar with version 1 of Cryptol, you should read the Version2Changes document in the docs directory.

For a large collection of Cryptol examples, see the cryptol-specs repository.

Cryptol is still under active development at Galois. We are also building tools that consume both Cryptol specifications and implementations in (for example) C or Java, and can (with some amount of work) allow you to verify that an implementation meets its specification. See more information on the SAW website.

Thanks!

We hope that Cryptol is useful as a tool for educators and students, commercial and open source authors of cryptographic implementations, and by cryptographers to

  • specify cryptographic algorithms
  • check or prove properties of algorithms
  • generate test vectors for testing implementations
  • experiment with new algorithms

Acknowledgements

Cryptol has been under development for over a decade with many people contributing to its design and implementation. Those people include (but are not limited to) Aaron Tomb, Adam Foltzer, Adam Wick, Alexander Bakst, Andrew Kent, Andrei Stefanescu, Andrey Chudnov, Andy Gill, Benjamin Barenblat, Ben Jones, Ben Selfridge, Brett Boston, Bretton Chen, Brian Huffman, Brian Ledger, Chris Phifer, Daniel Wagner, David Thrane Christiansen, David Lazar, Dylan McNamee, Eddy Westbrook, Edward Yang, Eric Mertens, Eric Mullen, Fergus Henderson, Hazel Weakly, Henry Blanchette, Iavor Diatchki, Jeff Lewis, Jim Teisher, Joe Hendrix, Joe Hurd, Joe Kiniry, Joel Stanley, Joey Dodds, John Launchbury, John Matthews, Jonathan Daugherty, Kenneth Foner, Kevin Quick, Kyle Carter, Ledah Casburn, Lee Pike, Levent Erkök, Lisanna Dettwyler, Magnus Carlsson, Mark Shields, Mark Tullsen, Matt Sottile, Matthew Yacavone, Nathan Collins, Philip Weaver, Robert Dockins, Ryan Scott, Sally Browning, Sam Anklesaria, Sigbjørn Finne, Stephen Magill, Thomas Nordin, Trevor Elliott, and Tristan Ravitch.

Much of the work on Cryptol has been funded by, and lots of design input was provided by, the team at the NSA's Laboratory for Advanced Cybersecurity Research, including Brad Martin, Frank Taylor, and Sean Weaver.

Portions of Cryptol are also based upon work supported by the Office of Naval Research under Contract No. N68335-17-C-0452. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research.

More Repositories

1

HaLVM

The Haskell Lightweight Virtual Machine (HaLVM): GHC running on Xen
Haskell
1,049
star
2

crucible

Crucible is a library for symbolic simulation of imperative programs
Rust
635
star
3

saw-script

The SAW scripting language.
Haskell
438
star
4

ivory

The Ivory EDSL
Haskell
374
star
5

reopt

A tool for analyzing x86-64 binaries.
LLVM
284
star
6

haskell-tor

A Haskell implementation of the Tor protocol.
Haskell
267
star
7

swanky

A suite of rust libraries for secure multi-party computation
Rust
263
star
8

macaw

Open source binary analysis tools.
Haskell
195
star
9

MATE

MATE is a suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code using Code Property Graphs.
Python
177
star
10

what4

Symbolic formula representation and solver interaction library
Haskell
148
star
11

cclyzerpp

cclyzer++ is a precise and scalable pointer analysis for LLVM code.
C++
133
star
12

HaNS

The haskell network stack
Haskell
113
star
13

dlkoopman

A general-purpose Python package for Koopman theory using deep learning.
Python
80
star
14

cereal

Haskell
77
star
15

ec2-unikernel

Tool for uploading unikernels into EC2
Haskell
77
star
16

smaccmpilot-build

An umbrella repository including all of the dependencies to build the smaccmpilot project
Makefile
72
star
17

daedalus

The Daedalus data description language
Haskell
66
star
18

blt

Lattice-based integer linear programming solver
C++
60
star
19

parameterized-utils

A set of utilities for using indexed types including containers, equality, and comparison.
Haskell
57
star
20

grift

Galois RISC-V ISA Formal Tools
Haskell
56
star
21

yapall

A precise and scalable pointer analysis for LLVM, written in Ascent
C
53
star
22

saw-core

The SAW core language.
Haskell
53
star
23

ddosflowgen

Simulate DDoS attacks and generate traffic datasets
Python
51
star
24

minlibc

C
49
star
25

llvm-pretty-bc-parser

Parser for the llvm bitcode format
LLVM
48
star
26

renovate

A library for binary analysis and rewriting
Haskell
47
star
27

FreeRTOS-Xen

FreeRTOS 7.6.0 ported to run as a Xen guest on ARM systems.
C
45
star
28

hacrypto

Experiments in high-assurance crypto.
C
43
star
29

lean4-balance-car

Lean4 port of Arduino balance car controller
C++
43
star
30

tower

A concurrency framework for the Ivory language
Haskell
41
star
31

lean-protocol-support

This project contains various supporting libraries for lean to reason about protocols.
Lean
38
star
32

jvm-parser

A Haskell parser for JVM bytecode files
Haskell
37
star
33

flexdis86

A library for disassembling x86-64 binaries.
Haskell
36
star
34

halfs

The Haskell File System: A file system implementation in Haskell
Haskell
36
star
35

elf-edit

The elf-edit library provides a datatype suitable for reading and writing Elf files.
Haskell
35
star
36

semmc

Stratified synthesis for learning machine code instruction semantics
Haskell
35
star
37

mir-verifier

SAW front end for the MIR language from rustc
HTML
34
star
38

fancy-garbling

Rust implementation of the BMR16 arithmetic garbling scheme.
Rust
33
star
39

smaccmpilot-stm32f4

SMACCMPilot flight controller
JavaScript
32
star
40

pure-zlib

A Haskell-only implementation of zlib / DEFLATE.
Haskell
31
star
41

helib-demos

Experiments in homomorphic encryption
C++
30
star
42

FiveUI

Extensible UI Analysis in your browser
JavaScript
29
star
43

lean-llvm

LLVM support for the lean theorem prover
Lean
28
star
44

llvm-pretty

An llvm pretty printer inspired by the haskell llvm binding
Haskell
28
star
45

galua

Lua debugger and interpreter
JavaScript
27
star
46

BESSPIN

Top-level repository including all relevant BESSPIN repository
26
star
47

curl

A Haskell binding to the curl library
Haskell
26
star
48

json

Haskell JSON library
Haskell
25
star
49

estimator

State-space estimation algorithms and models
Haskell
25
star
50

dismantle

A library of assemblers and disassemblers derived from LLVM TableGen data
HTML
25
star
51

xml

Haskell XML library
Haskell
25
star
52

http-server

A Haskell HTTP server
Haskell
23
star
53

llvm-verifier

The LLVM Symbolic Simulator, part of SAW.
Haskell
21
star
54

RSA

Haskell RSA Library
Haskell
20
star
55

msf-haskell

Haskell implementation of Metasploit remote API
Haskell
20
star
56

FAW

Galois Format Analysis Workbench
HTML
20
star
57

cryfsm

convert simple cryptol expressions into finite-state machines
Haskell
20
star
58

BLST-Verification

BLST-Verification
Python
20
star
59

lean-haskell-bindings

Haskell Bindings to the Lean Theorem Prover http://leanprover.github.io/
Haskell
19
star
60

sqlite

A simple sqlite3 library for Haskell
C
19
star
61

cryptol-specs

A central repository for specifications of cryptographic algorithms in Cryptol
TeX
18
star
62

surveyor

A symbolic debugger for C/C++ (via LLVM), machine code, and JVM programs
Haskell
18
star
63

mistral

An interpreter for the Mistral language.
Haskell
18
star
64

LinearArbitrary-SeaHorn

LinearArbitrary-SeaHorn is a CHC solver for LLVM-based languages.
C
17
star
65

HARDENS

Repository for the HARDENS project
Jupyter Notebook
17
star
66

scuttlebutt

Multi-party computation utilities toolkit for rust
Rust
16
star
67

cryptol-semantics

Semantics for Cryptol
Coq
16
star
68

e2eviv

Artifacts associated with the U.S. Vote Foundation's E2E-VIV Project (end-to-end verifiable internet voting).
TeX
16
star
69

pate

Patches Assured up to Trace Equivalence
Haskell
15
star
70

halvm-web

Haskell
15
star
71

pads-haskell

A domain specific language for processing ad-hoc data.
Haskell
14
star
72

ardupilot-mega

Fork: DO NOT SUBMIT PULL REQS/BUG REPORTS HERE
C
14
star
73

reopt-vcg

A translation verifier for Reopt (https://github.com/GaloisInc/reopt)
SMT
14
star
74

sat2015-crypto

Slides and examples to accompany the September 25th invited talk at SAT 2015
TeX
14
star
75

ICryptol

IPython-style interaction for Cryptol
Haskell
14
star
76

ivory-tower-stm32

Tower backend and Ivory board support package for the STM32 line of microcontrollers
C
12
star
77

AMIDOL

Scientific model creation toolset.
HTML
12
star
78

hpb

Haskell Protocol Buffers
Haskell
12
star
79

golang

Parser and type analysis for the Go programming language
Haskell
12
star
80

mime

A Haskell MIME library
Haskell
12
star
81

LIMA

LIMA: Language for Integrated Modeling and Analysis
Haskell
12
star
82

gec

Embedded-friendly crypto a la SMACCM
Haskell
12
star
83

SHA

Haskell implementation of SHA / SHA2 hash functions
Haskell
12
star
84

alex-tools

A Haskell library making it easier to write Alex lexers.
Haskell
12
star
85

nasa-affirm

Architectural Framework For Integrated Refinement Modeling
HTML
11
star
86

regex-fsm

Convert regular expressions into efficient matrix branching programs
Haskell
11
star
87

salty

A DSL for generating GR(1) problems
JavaScript
11
star
88

simple-tar

A very simple tar archive processing library
Haskell
11
star
89

ocelot

Oblivious transfer library for rust
Rust
11
star
90

csaf

Control Systems Analysis Framework - a framework to minimize the effort required to evaluate, implement, and verify controller design (classical and learning enabled) with respect to the system dynamics.
Python
11
star
91

hexdump

A human readable style for binary data.
Haskell
11
star
92

gidl

Gidl: an Interface Description Language
Haskell
11
star
93

saw-core-coq

A translator from SAWCore to Coq
Coq
11
star
94

BESSPIN-Voting-System-Demonstrator-2019

The BESSPIN Voting System. This system is used to demonstrate and red team SSITH secure CPUs.
Coq
11
star
95

argo

A Haskell library for building JSON-RPC servers (work in progress), with servers for Cryptol and SAW
Haskell
11
star
96

lustre

A parser and AST for Lustre
Haskell
11
star
97

rustwall

Rust firewall for seL4
Rust
10
star
98

arm-asl-parser

Parsing tools for ARM's ASL
Java
10
star
99

ivory-rtverification

Runtime verification for C code via a GCC plugin architecture.
Haskell
10
star
100

cryptol-verifier

The Cryptol Symbolic Simulator, part of SAW.
Haskell
9
star