A Coq Starter Kit to Verify TLS Packet Processing in C

TLS is such a widespread security protocol that errors in its implementation can have disastrous consequences. This heavy responsibility is mostly borne by programmers who are almost left to themselves, caught between error-prone low-level programming with C and specifications with the ambiguities of natural language. Our purpose is to provide a Coq framework for the formal verification of TLS packet processing written in C. First, we provide a new library for C verification based on Separation logic. This library features a simple encoding of C types that makes for easy and faithful modeling. Second, we introduce a formalization of the RFC for TLS that improves on the original document by making prose statements palpable and even spotting errors. Last, we investigate application to an existing implementation of TLS from which we extract, specify and start verification of a parsing function, such functions being a notorious source of security bugs.