A blueprint for formal verification of Apple corecrypto
Apple has released a detailed blueprint for the formal verification of its corecrypto library, which underpins cryptographic operations across iOS, macOS, and other Apple platforms. The verification was performed using the Software Analysis Workbench (SAW), a tool developed by Galois, Inc. The process involved translating corecrypto's C code into SAW's internal representation and proving that it matches functional specifications written in Cryptol, a domain-specific language for cryptography. Key verified algorithms include AES-GCM, SHA-256, and elliptic curve operations. The verification uncovered several bugs, including an off-by-one error in a memory copy routine and a missing bounds check, which were fixed before shipping. Apple notes that formal verification does not eliminate all vulnerabilities but significantly reduces the risk of implementation flaws. The blueprint is intended to help other organizations adopt similar practices for critical security components.
Formal verification of corecrypto reduces the risk of cryptographic bugs in Apple's OS ecosystem.