Here are some changes suggested by @karthikbhargavan to enable translation into fstar using hax:
[x] use chunk instead of step_by
[x] use for instead of loop or while with break
[x] add traits for structs
[x] use if instead of match with ranges
The items above are being addressed in PR #81.
In addition, there are other issues that arise when running cargo hax into fstar, but these are not straightforward to fix from the edhoc-hacspec side:
do not call RNG code from hacspec code, as in the case of p256_generate_key_pair. This code is not being called from edhoc-hacspec, so it should not really be a problem. According to @karthikbhargavan, they might add a flag to hax so that it treats certain functions as opaque items.
lines such as output.len = 1; and output.content[0] = ead_1.label;. This is not straightforward to fix since it would require re-thinking our buffer mechanisms.
Here are some changes suggested by @karthikbhargavan to enable translation into fstar using
hax
:chunk
instead ofstep_by
for
instead ofloop
orwhile
withbreak
trait
s for structsif
instead ofmatch
withrange
sThe items above are being addressed in PR #81.
In addition, there are other issues that arise when running
cargo hax into fstar
, but these are not straightforward to fix from theedhoc-hacspec
side:p256_generate_key_pair
. This code is not being called fromedhoc-hacspec
, so it should not really be a problem. According to @karthikbhargavan, they might add a flag tohax
so that it treats certain functions as opaque items.output.len = 1;
andoutput.content[0] = ead_1.label;
. This is not straightforward to fix since it would require re-thinking our buffer mechanisms.