cryspen / bertie

Bertie TLS 1.3 Implementation
Apache License 2.0
112 stars 3 forks source link

CI Scheduled

Bertie is a minimal, high-assurance implementation of TLS 1.3 written in a subset of Rust called hacspec.

It is built upon the following design principles:

1) Purely functional: no mutable data structures or externally visible side-effects. 2) Verification friendly: written in hacspec and translates to F*. 3) Succinct and minimal: configured with a single protocol version and cipher suite.

Karthikeyan Bhargavan first authored Bertie at Inria in 2021 and transferred it to Cryspen in 2022. It is licensed under Apache 2.0 but not yet ready for public consumption.

USING BERTIE

An example HTTPS client using Bertie is provided in the simple_https_client crate. The client retrieves a web page using Bertie as the underlying TLS implementation.

You can try it out by executing ...

$ cargo run -p simple_https_client -- google.com

There is also a HTTPS server available as simple_https_server.

WARNING: Do not use in production. This is an early draft of Bertie and strictly work-in-progress.

If you are looking for commercial support for Bertie, please reach out to Crypsen.

WORKING ON BERTIE

Note: You do not need to do any of this when you just want to build and run Bertie. This is only if you intend to work on Bertie, i.e., change its core and contribute the changes to the project.

Keep in mind that Bertie is written in hacspec -- a more "restrictive" version of Rust that lends itself to formal verification. Working on Bertie feels a lot like working on a typical Rust crate but all code needs to be valid according to hacspec. Thus, you may also find that some code is "unusual" compared to vanilla Rust.

But no worries! There is a Cargo plugin to verify that everything is valid according to hacspec. Just follow the instructions on the hacspec website to install it. Then, set a rustup override to the channel currently used in the hacspec repository, i.e., ...

rustup override set <channel>

You can then cargo clean, cargo build, and cargo hacspec to verify that your changes conform to the hacspec specification.

CONTRIBUTING

To see what we are working on and what is in the pipeline, you can follow our project tasks.

Before contributing, please have a look at the contributing guidelines and the code of conduct.

PROJECT STRUCTURE

PUBLICATIONS

Bertie is inspired by a number of prior research works, including works on hacspec and TLS 1.3.

Some of the most relevant publications are listed below:

LICENSE

Bertie is licensed under Apache 2.0.

ACKNOWLEDGEMENTS

The Bertie project is supported by Inria and the nlnet foundation.