Skip to content
GitHub no longer supports this web browser. Learn more about the browsers we support.
HACL*, a formally verified cryptographic library written in F*
F* Assembly C C++ Python Makefile Other
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.docker/build Refresh documentation on hacl-star.github.io Jan 30, 2020
code Make add1/add_scalar and fmul1/fmul_scalar names match for Linux dist… Jan 17, 2020
dist [CI] regenerate hints and dist Feb 4, 2020
doc typo Feb 3, 2020
hints [CI] regenerate hints and dist Jan 30, 2020
lib change carry chain and load_felem4 in poly1305 Dec 4, 2019
obj obj directory for build Oct 17, 2019
providers Various last-minute typo fixes and edits Jan 5, 2020
secure_api
specs Fix specs Makefile Jan 22, 2020
tests fix after merging Dec 18, 2019
tools More EverCrypt documentation Jan 3, 2020
vale Fix formatting that broke during merge Jan 28, 2020
.gitattributes Merge branch 'afromher_merge' into afromher_merge_dev Oct 17, 2019
.gitignore gitignore Jan 3, 2020
LICENSE License file for Apache2 Jun 16, 2017
MERGING-DEV.md Various last-minute typo fixes and edits Jan 5, 2020
Makefile Update Vale version Jan 28, 2020
Makefile.common Re-instate -fnoreturn-else, refresh snapshot, and fix #218 Jan 7, 2020
Makefile.include Move DRBG spec modules to specs/drbg; add interfaces, script and Make… Nov 5, 2019
Makefile.local Also enforce gmake for local makefiles Jan 22, 2020
README.md Merge branch 'master' into karthikbhargavan-patch-1 Jan 15, 2020
build_local.sh mozilla build target; allow copying out build artifacts Nov 1, 2019

README.md

A High-Assurance Cryptographic Library

This repository contains verified code for a library of modern cryptographic algorithms, including Curve25519, Ed25519, AES-GCM, Chacha20, Poly1305, SHA-2, SHA-3, HMAC, and HKDF. This set of algorithms is enough to support the full NaCl API and several TLS 1.3 ciphersuites. The code for all of these algorithms is formally verified using the F* verification framework for memory safety, functional correctness, and secret independence (resistance to some types of timing side-channels).

Documentation: More detailed documentation on the library and our verification method can be found at hacl-star.github.io.

The code in this repository is divided into three closely-related sub-projects, all developed as part of Project Everest.

HACL*

HACL* is a formally verified library of modern cryptographic algorithms written in a subset of F* called Low* and compiled to C using a compiler called KreMLin. The Low* source code for each primitive is verified for memory safety, functional correctness, and secret independence. The compiler generates efficient, readable, standalone C code for each algorithm that can be easily integrated into any C project. We include the current C code for various HACL* algorithms in the dist directory. HACL* can also be compiled to WebAssembly.

ValeCrypt

ValeCrypt provides formally verified high-performance cryptographic code for selected primitives in assembly language. It relies on the Vale tool to produce code and proofs in F*. Vale supports multiple platforms and proves that its implementations are memory safe, functionally correct, and that timing and memory accesses are secret independent.

EverCrypt

EverCrypt is a high-performance, cross-platform, formally verified modern cryptographic provider that packages implementations from HACL* and ValeCrypt, and automatically picks the fastest one available, depending on processor support and the target execution environment (multiplexing). Furthermore, EverCrypt offers an (agile) API that makes it simple to switch between algorithms (e.g., from SHA2 to SHA3).

Status

Warning: This is a research project. Although some of our code is currently used in popular products like Mozilla Firefox and Wireguard, we highly recommend that users consult with the HACL* maintainers before using this code in production systems.

We are actively developing and integrating our code on the master branch, which tracks F*'s master branch. Ongoing developments on new cryptographic primitives happen in the dev branch, which runs a little ahead of master. You can find a current snapshot of our C and assembly code in the dist directory; stable releases of the full library can be found in the releases page.

License

All the code in this repository is released under an Apache 2.0 license. The generated C code from HACL* is also released under an MIT license. Contact the maintainers if you have other licensing requirements.

Contact or Contribute

This repository contains contributions from many students and researchers at INRIA, Microsoft Research, and Carnegie Mellon University, and it is under active development. The primary authors of each verified algorithm are noted in the corresponding AUTHORS.md file. For questions and comments, or if you want to contribute to the project, contact the current maintainers at hacl-star-maintainers@lists.gforge.inria.fr.

You can’t perform that action at this time.