On Thu, Mar 19, 2015 at 11:36 AM, Samuel Neves <[email protected]> wrote: > On 03/19/2015 05:03 PM, Watson Ladd wrote: >> What about mixed 1 and 4? Distribute asm a tool made. > > This has the same problem as 1: you don't simply distribute one assembly > dump, you have to distribute one for each > toolchain/ABI/etc combo. [...] > > It's not really a major problem, but it is annoying enough that I would very > much prefer if the tool came with the > distribution. For that to happen, the tool must be portable, polished, etc. > OpenSSL went with Perl, but I would prefer > something better.
So the OpenSSL approach is to emit asm from scripts. This allows syntactic sugar (e.g. variable names for stack locations, loop unrolling). There's also support for translating to different toolchain / ABI formats (e.g. it can convert AT&T syntax to Intel). It seems like you're okay with this approach but want a higher-quality tool that could be reused outside OpenSSL? (so asm source could be written in "perlasm" or similar and be ingested by different projects)? This makes sense but I wonder if having the source file be a string-processing script loses the ability to have code auditors or formal-methods tools validate the code at a higher level? I don't know that anyone's doing much formal validation of ECC codebases yet, but it seems like a potential good idea. If the input source is a Perl script any formal validation tools would need to understand Perl (not likely) or would need to understand asm, and be re-run on every output flavor... Trevor _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
