[Cryptech Tech] IO interface (was Re: Incremental digest outputs)

[Rob Austein]

At Tue, 18 Nov 2014 10:30:13 -0500, Rob Austein wrote:
...
> Eg, if we were just talking about what's most convenient for C code,
> the representation that might make the most sense for a memory-mapped
> implementation might be to map an entire block so one could just
> memcmp() complete blocks in one go, similarly map the entire output
> digest so one could memcmp() the result out.

Or possibly structure assignments, in order to get array bounds
checking.  Eg:

    typedef sha512_block_t { unsigned char b[SHA512_BLOCK_LENGTH]; }

    static volatile sha512_block_t * const sha512_block_in = ...;

    /* ... */
    {
      sha512_block_t block;

      /* ... */

      *sha512_block_in = block;
    }

Whether one gets any real benefit from adding the structure wrapper
depends on how one writes the rest of the code, but, used properly, it
can make it easier for both humans and compilers to understand.

> Control registers might be mapped directly; separating these into
> read-only and write-only might be easier to get right, as read-write
> control registers would be potential race conditions even when using
> C's "volatile" type qualifier.

The Net of a Million Lies suggests that at least some people think
that volatile is sufficient to let one bit-twiddle mapped read-write
registers.  Probably depends on exactly how they're specified: if all
modifications come from the C code, they're probably safe.