A blueprint for formal verification of Apple corecrypto (opens in new tab)

(security.apple.com)

120 pointshasheddan3d ago15 comments

15 comments

SAW/Cryptol are amazingly easy to use compared to other formal methods tools. It's a shame that C++ is still popular in high assurance spaces, because the tooling for it and the ability to write safe code is so much worse than C these days.

pjmlp2d ago

When did C got safe strings and arrays?

Ideally neither C nor C++ should be used when security matters.

Nokinside2d ago

Explain to someone like me who uses C in safety-critical software in aerospace and defense why not?

For me, choosing the language is not enough. It's the tooling that goes far beyond the language that is important for safety and quality of compiler and runtime. C has very mature tooling options. So does ADA.

https://www.absint.com/astree/index.htm

Abstract Interpretation in a Nutshell https://www.di.ens.fr/~cousot/AI/IntroAbsInt.html

pjmlp2d ago

Explain to us why you are not allowed to use 100% of ISO C, without certification processes that castrate C to the point it feels like Ada 83 with curly brackets.

Proceses that outside high integrity computing no one is willing to make themselves go through without legal requirements and liability.

Most of it because during 1980's it was cheaper to advocate for C plus certification than pay for Ada compilers and developers.

1 more reply

AlotOfReading1d ago

I've never met a company I could convince to buy an Ada toolchain. Someone at Nvidia managed the feat and it's a pretty good measure of their enthusiasm that they seem to be pushing the hard work off onto adacore instead of spreading it internally.

H0-LawJik2d ago

The missing-step bug in early ML-DSA is the perfect case for SAW. rare inputs that pass code review because the line that should be there doesn't look absent, it looks like the next line is correct. tests wouldn't catch it unless someone happened to roll exactly the right inputs.

FiloSottile2d ago

I would really like to look at the bug and whether we could have caught it with conventional testing, but it doesn't look like Apple actually disclosed it?

FabHK2d ago

Had totally forgotten that Apple had rolled out post-quantum crypto (ML-KEM and ML-DSA, FIPS 203 and FIPS 204, respectively) already back in 2024. [1]

Slightly off topic, but it's great to see "crypto" to mean cryptography, helping users to keep their data secure, and not as so often these days those silly cryptocurrency crime tokens.

[1] https://security.apple.com/blog/imessage-pq3/

throwaway858252d ago

Verified crypto is important but apple still doesnt take parser security seriously enough. They know it's insecure and offer lockdown mode instead of fixing it.

ethical2d ago

Can't wait to find all the holes in the github code, part-ay time!

j / k navigate · click thread line to collapse

15 comments

AlotOfReading2d ago

pjmlp2d ago

When did C got safe strings and arrays?

Ideally neither C nor C++ should be used when security matters.

Nokinside2d ago

Explain to someone like me who uses C in safety-critical software in aerospace and defense why not?

https://www.absint.com/astree/index.htm

Abstract Interpretation in a Nutshell https://www.di.ens.fr/~cousot/AI/IntroAbsInt.html

pjmlp2d ago

Explain to us why you are not allowed to use 100% of ISO C, without certification processes that castrate C to the point it feels like Ada 83 with curly brackets.

Proceses that outside high integrity computing no one is willing to make themselves go through without legal requirements and liability.

Most of it because during 1980's it was cheaper to advocate for C plus certification than pay for Ada compilers and developers.

1 more reply

AlotOfReading1d ago

H0-LawJik2d ago

FiloSottile2d ago

I would really like to look at the bug and whether we could have caught it with conventional testing, but it doesn't look like Apple actually disclosed it?

FabHK2d ago

Had totally forgotten that Apple had rolled out post-quantum crypto (ML-KEM and ML-DSA, FIPS 203 and FIPS 204, respectively) already back in 2024. [1]

Slightly off topic, but it's great to see "crypto" to mean cryptography, helping users to keep their data secure, and not as so often these days those silly cryptocurrency crime tokens.

[1] https://security.apple.com/blog/imessage-pq3/

throwaway858252d ago

Verified crypto is important but apple still doesnt take parser security seriously enough. They know it's insecure and offer lockdown mode instead of fixing it.

ethical2d ago

Can't wait to find all the holes in the github code, part-ay time!

j / k navigate · click thread line to collapse