mirror of
https://github.com/GaloisInc/cryptol.git
synced 2024-12-29 02:42:45 +03:00
232 lines
9.3 KiB
Markdown
232 lines
9.3 KiB
Markdown
[![Cryptol](https://github.com/GaloisInc/cryptol/workflows/Cryptol/badge.svg)](https://github.com/GaloisInc/cryptol/actions?query=workflow%3ACryptol)
|
|
|
|
# Cryptol, version 2
|
|
|
|
This version of Cryptol is (C) 2013-2020 Galois, Inc., and
|
|
distributed under a standard, three-clause BSD license. Please see
|
|
the file LICENSE, distributed with this software, for specific
|
|
terms and conditions.
|
|
|
|
# What is Cryptol?
|
|
|
|
The Cryptol specification language was designed by Galois for the NSA
|
|
Laboratory for Advanced Cybersecurity Research as a public standard for
|
|
specifying cryptographic algorithms. A Cryptol reference specification
|
|
can serve as the formal documentation for a cryptographic module.
|
|
Unlike current specification mechanisms, Cryptol is fully executable,
|
|
allowing designers to experiment with their programs incrementally as
|
|
their designs evolve.
|
|
|
|
This release is an interpreter for version 2 of the Cryptol
|
|
language. The interpreter includes a `:check` command, which tests
|
|
predicates written in Cryptol against randomly-generated test vectors
|
|
(in the style of
|
|
[QuickCheck](http://hackage.haskell.org/package/QuickCheck)). There is
|
|
also a `:prove` command, which calls out to SMT solvers, such as
|
|
Yices, Z3, or CVC4, to prove predicates for all possible inputs.
|
|
|
|
# Getting Cryptol Binaries
|
|
|
|
Cryptol binaries for Mac OS X, Linux, and Windows are available from the
|
|
GitHub [releases page](https://github.com/GaloisInc/cryptol/releases).
|
|
Mac OS X and Linux binaries are distributed as a tarball which you can
|
|
extract to a location of your choice. Windows binaries are distributed
|
|
both as tarballs and as `.msi` installer packages which place a shortcut
|
|
to the Cryptol interpreter in the Start menu.
|
|
|
|
On Mac OS X, Cryptol is also available via
|
|
[Homebrew](http://brew.sh/). Simply run `brew update && brew install cryptol`
|
|
to get the latest stable version.
|
|
|
|
## Getting Z3
|
|
|
|
Cryptol currently uses Microsoft Research's [Z3 SMT
|
|
solver](https://github.com/Z3Prover/z3) by default to solve constraints
|
|
during type checking, and as the default solver for the `:sat` and
|
|
`:prove` commands. Cryptol generally requires the most recent version
|
|
of Z3, but you can see the specific version tested in CI by looking for
|
|
the `Z3_VERSION` setting in [this
|
|
file](https://github.com/GaloisInc/cryptol/blob/master/.github/workflows/ci.yml).
|
|
|
|
You can download Z3 binaries for a variety of platforms from their
|
|
[releases page](https://github.com/Z3Prover/z3/releases). If you
|
|
install Cryptol using Homebrew, the appropriate version of Z3 will be
|
|
installed automatically. If you're using Linux, the package manager for
|
|
your distribution may include Z3, as well, though sometimes the
|
|
available versions are somewhat old.
|
|
|
|
After installation, make sure that `z3` (or `z3.exe` on Windows)
|
|
is on your PATH.
|
|
|
|
### Note for 64-bit Linux Users
|
|
|
|
On some 64-bit Linux configurations, 32-bit binaries do not work. This
|
|
can lead to unhelpful error messages like `z3: no such file or
|
|
directory`, even when `z3` is clearly present. To fix this, either
|
|
install 32-bit compatibility packages for your distribution, or download
|
|
the `x64` version of Z3.
|
|
|
|
# Building Cryptol From Source
|
|
|
|
In addition to the binaries, the Cryptol source is available publicly
|
|
on [GitHub](https://github.com/GaloisInc/cryptol).
|
|
|
|
Cryptol builds and runs on various flavors of Linux, Mac OS X, and
|
|
Windows. We regularly build and test it in the following environments:
|
|
|
|
- macOS 10.15, 64-bit
|
|
- Ubuntu 18.04, 64-bit
|
|
- Windows Server 2019, 64-bit
|
|
|
|
## Prerequisites
|
|
|
|
Cryptol is regularly built and tested with the three most recent
|
|
versions of GHC, which at the time of this writing are 8.6.5, 8.8.4, and
|
|
8.10.2. The easiest way to install an approporiate version of GHC is
|
|
with [ghcup](https://www.haskell.org/ghcup/).
|
|
|
|
Some supporting non-Haskell libraries are required to build
|
|
Cryptol. Most should already be present for your operating system, but
|
|
you may need to install the following:
|
|
|
|
- [The GNU Multiple Precision Arithmetic Library (GMP)](https://gmplib.org/)
|
|
- [ncurses](https://www.gnu.org/software/ncurses/)
|
|
|
|
You'll also need [Z3](#getting-z3) installed when running Cryptol.
|
|
|
|
## Building Cryptol
|
|
|
|
After a fresh checkout of cryptol, be sure to initialize its git submodules:
|
|
|
|
git submodule update --init
|
|
|
|
Then, from the Cryptol source directory, run:
|
|
|
|
./cry build
|
|
|
|
This will build Cryptol in place. From there, there are additional targets:
|
|
|
|
- `./cry run`: run Cryptol in the current directory
|
|
- `./cry test`: run the regression test suite
|
|
|
|
## Installing Cryptol
|
|
|
|
If you run `cabal v2-install --installdir=DIR` in your source directory
|
|
after running one of the above `./cry` command, you will end up with a
|
|
binary in `DIR`.
|
|
|
|
## Configuring Cryptol
|
|
|
|
Cryptol can use several external files to control its operation.
|
|
Normally, the build process embeds these files into the executable.
|
|
However, these embedded files can be overwritten with local copies in
|
|
two ways:
|
|
|
|
- Copy the contents of the `lib` directory into `$HOME/.cryptol`.
|
|
|
|
- Set the `CRYPTOLPATH` environment variable to name some other
|
|
directory that contains the files from the `lib` directory.
|
|
|
|
# Contributing
|
|
|
|
We believe that anyone who uses Cryptol is making an important
|
|
contribution toward making Cryptol a better tool. There are many ways
|
|
to get involved.
|
|
|
|
## Users
|
|
|
|
If you write Cryptol programs that you think would benefit the
|
|
community, fork the GitHub repository, and add them to the
|
|
`examples/contrib` directory and submit a pull request.
|
|
|
|
We host a Cryptol mailing list, which you can [join
|
|
here](https://groups.google.com/a/galois.com/forum/#!forum/cryptol-users).
|
|
|
|
If you run into a bug in Cryptol, if something doesn't make sense in the
|
|
documentation, if you think something could be better, or if you just
|
|
have a cool use of Cryptol that you'd like to share with us, use the
|
|
issues page on [GitHub](https://github.com/GaloisInc/cryptol), or send
|
|
email to <cryptol@galois.com>.
|
|
|
|
## Developers
|
|
|
|
If you'd like to get involved with Cryptol development, see the list of
|
|
[low-hanging
|
|
fruit](https://github.com/GaloisInc/cryptol/labels/low-hanging%20fruit).
|
|
These are tasks which should be straightforward to implement. Make a
|
|
fork of this GitHub repository, send along pull requests and we'll be
|
|
happy to incorporate your changes.
|
|
|
|
### Repository Structure
|
|
|
|
- `/cryptol`: Haskell sources for the front-end `cryptol` executable
|
|
and read-eval-print loop
|
|
- `/docs`: LaTeX and Markdown sources for the Cryptol documentation
|
|
- `/examples`: Cryptol sources implementing several interesting
|
|
algorithms
|
|
- `/lib`: Cryptol standard library sources
|
|
- `/src`: Haskell sources for the `cryptol` library (the bulk of the
|
|
implementation)
|
|
- `/tests`: Haskell sources for the Cryptol regression test suite, as
|
|
well as the Cryptol sources and expected outputs that comprise that
|
|
suite
|
|
|
|
# Where to Look Next
|
|
|
|
The `docs` directory of the installation package contains an
|
|
introductory book, the `examples` directory contains a number of
|
|
algorithms specified in Cryptol.
|
|
|
|
If you are familiar with version 1 of Cryptol, you should read the
|
|
`Version2Changes` document in the `docs` directory.
|
|
|
|
For a large collection of Cryptol examples, see the [cryptol-specs
|
|
repository](https://github.com/galoisinc/cryptol-specs).
|
|
|
|
Cryptol is still under active development at Galois. We are also
|
|
building tools that consume both Cryptol specifications and
|
|
implementations in (for example) C or Java, and can (with some amount of
|
|
work) allow you to verify that an implementation meets its
|
|
specification. See more information on the [SAW
|
|
website](https://saw.galois.com).
|
|
|
|
# Thanks!
|
|
|
|
We hope that Cryptol is useful as a tool for educators and students,
|
|
commercial and open source authors of cryptographic implementations,
|
|
and by cryptographers to
|
|
|
|
- specify cryptographic algorithms
|
|
- check or prove properties of algorithms
|
|
- generate test vectors for testing implementations
|
|
- experiment with new algorithms
|
|
|
|
## Acknowledgements
|
|
|
|
Cryptol has been under development for over a decade with many people
|
|
contributing to its design and implementation. Those people include (but
|
|
are not limited to) Aaron Tomb, Adam Foltzer, Adam Wick, Alexander
|
|
Bakst, Andrew Kent, Andrei Stefanescu, Andrey Chudnov, Andy Gill,
|
|
Benjamin Barenblat, Ben Jones, Ben Selfridge, Brett Boston, Brian
|
|
Huffman, Brian Ledger, Chris Phifer, Daniel Wagner, David Thrane
|
|
Christiansen, David Lazar, Dylan McNamee, Eddy Westbrook, Edward Yang,
|
|
Eric Mertens, Eric Mullen, Fergus Henderson, Iavor Diatchki, Jared
|
|
Weakly, Jeff Lewis, Jim Teisher, Joe Hendrix, Joe Hurd, Joe Kiniry, Joel
|
|
Stanley, Joey Dodds, John Launchbury, John Matthews, Jonathan Daugherty,
|
|
Kenneth Foner, Kevin Quick, Kyle Carter, Ledah Casburn, Lee Pike, Levent
|
|
Erkök, Lisanna Dettwyler, Magnus Carlsson, Mark Shields, Mark Tullsen,
|
|
Matt Sottile, Nathan Collins, Philip Weaver, Robert Dockins, Ryan Scott,
|
|
Sally Browning, Sam Anklesaria, Sigbjørn Finne, Stephen Magill, Thomas
|
|
Nordin, Trevor Elliott, and Tristan Ravitch.
|
|
|
|
Much of the work on Cryptol has been funded by, and lots of design input
|
|
was provided by, the team at the [NSA's Laboratory for Advanced Cybersecurity
|
|
Research](https://www.nsa.gov/what-we-do/research/cybersecurity-research/),
|
|
including Brad Martin, Frank Taylor, and Sean Weaver.
|
|
|
|
Portions of Cryptol are also based upon work supported by the Office
|
|
of Naval Research under Contract No. N68335-17-C-0452. Any opinions,
|
|
findings and conclusions or recommendations expressed in this
|
|
material are those of the author(s) and do not necessarily reflect
|
|
the views of the Office of Naval Research.
|