From: Simon Glass <simon.glass@canonical.com> Update AES function signatures to use const pointers for parameters that are not modified. This improves type safety and makes it easier to see which parameters are read-only. Fix the Nuvoton npcm_ae driver as well since it implements the API. Really that should be handled by a driver, but leave that for now. Functions updated: - aes_expand_key(): key parameter - aes_encrypt(): in and expkey parameters - aes_decrypt(): in and expkey parameters - aes_apply_cbc_chain_data(): cbc_chain_data and src parameters - aes_cbc_encrypt_blocks(): key_exp, iv, and src parameters - aes_cbc_decrypt_blocks(): key_exp, iv, and src parameters - add_round_key(): key parameter (internal) - debug_print_vector(): data parameter (internal) Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com> --- drivers/crypto/nuvoton/npcm_aes.c | 22 ++++++++-------- include/uboot_aes.h | 42 +++++++++++++++---------------- lib/aes.c | 22 ++++++++-------- 3 files changed, 43 insertions(+), 43 deletions(-) diff --git a/drivers/crypto/nuvoton/npcm_aes.c b/drivers/crypto/nuvoton/npcm_aes.c index 8d3a30ea918..68b582b0d12 100644 --- a/drivers/crypto/nuvoton/npcm_aes.c +++ b/drivers/crypto/nuvoton/npcm_aes.c @@ -102,10 +102,10 @@ static int npcm_aes_init(u8 dec_enc) return 0; } -static inline void npcm_aes_load_iv(u8 *iv) +static inline void npcm_aes_load_iv(const u8 *iv) { struct npcm_aes_regs *regs = aes_priv->regs; - u32 *p = (u32 *)iv; + const u32 *p = (const u32 *)iv; u32 i; /* Initialization Vector is loaded in 32-bit chunks */ @@ -113,10 +113,10 @@ static inline void npcm_aes_load_iv(u8 *iv) writel(p[i], ®s->aes_iv_0 + i); } -static inline void npcm_aes_load_key(u8 *key) +static inline void npcm_aes_load_key(const u8 *key) { struct npcm_aes_regs *regs = aes_priv->regs; - u32 *p = (u32 *)key; + const u32 *p = (const u32 *)key; u32 i; /* The key can be loaded either via the configuration or by using sideband @@ -140,7 +140,7 @@ static inline void npcm_aes_load_key(u8 *key) } } -static inline void npcm_aes_write(u32 *in) +static inline void npcm_aes_write(const u32 *in) { struct npcm_aes_regs *regs = aes_priv->regs; u32 i; @@ -160,7 +160,7 @@ static inline void npcm_aes_read(u32 *out) out[i] = readl(®s->aes_fifo_data); } -static void npcm_aes_feed(u32 num_aes_blocks, u32 *datain, u32 *dataout) +static void npcm_aes_feed(u32 num_aes_blocks, const u32 *datain, u32 *dataout) { struct npcm_aes_regs *regs = aes_priv->regs; u32 aes_datablk; @@ -235,14 +235,14 @@ static void npcm_aes_feed(u32 num_aes_blocks, u32 *datain, u32 *dataout) } } -void aes_expand_key(u8 *key, u32 key_size, u8 *expkey) +void aes_expand_key(const u8 *key, u32 key_size, u8 *expkey) { /* npcm hw expands the key automatically, just copy it */ memcpy(expkey, key, SIZE_AES_BLOCK * 2); } -void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, - u32 num_aes_blocks) +void aes_cbc_encrypt_blocks(u32 key_size, const u8 *key_exp, const u8 *iv, + const u8 *src, u8 *dst, u32 num_aes_blocks) { if (npcm_aes_init(AES_OP_ENCRYPT)) return; @@ -254,8 +254,8 @@ void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, npcm_aes_feed(num_aes_blocks, (u32 *)src, (u32 *)dst); } -void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, - u32 num_aes_blocks) +void aes_cbc_decrypt_blocks(u32 key_size, const u8 *key_exp, const u8 *iv, + const u8 *src, u8 *dst, u32 num_aes_blocks) { if (npcm_aes_init(AES_OP_DECRYPT)) return; diff --git a/include/uboot_aes.h b/include/uboot_aes.h index d2583bed992..440049e3069 100644 --- a/include/uboot_aes.h +++ b/include/uboot_aes.h @@ -44,67 +44,67 @@ enum { * Expand a key into a key schedule, which is then used for the other * operations. * - * @key Key + * @key Key (not modified) * @key_size Size of the key (in bits) * @expkey Buffer to place expanded key, AES_EXPAND_KEY_LENGTH */ -void aes_expand_key(u8 *key, u32 key_size, u8 *expkey); +void aes_expand_key(const u8 *key, u32 key_size, u8 *expkey); /** * aes_encrypt() - Encrypt single block of data with AES 128 * * @key_size Size of the aes key (in bits) - * @in Input data - * @expkey Expanded key to use for encryption (from aes_expand_key()) + * @in Input data (not modified) + * @expkey Expanded key to use for encryption (from aes_expand_key(), not modified) * @out Output data */ -void aes_encrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out); +void aes_encrypt(u32 key_size, const u8 *in, const u8 *expkey, u8 *out); /** * aes_decrypt() - Decrypt single block of data with AES 128 * * @key_size Size of the aes key (in bits) - * @in Input data - * @expkey Expanded key to use for decryption (from aes_expand_key()) + * @in Input data (not modified) + * @expkey Expanded key to use for decryption (from aes_expand_key(), not modified) * @out Output data */ -void aes_decrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out); +void aes_decrypt(u32 key_size, const u8 *in, const u8 *expkey, u8 *out); /** * Apply chain data to the destination using EOR * * Each array is of length AES_BLOCK_LENGTH. * - * @cbc_chain_data Chain data - * @src Source data + * @cbc_chain_data Chain data (not modified) + * @src Source data (not modified) * @dst Destination data, which is modified here */ -void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst); +void aes_apply_cbc_chain_data(const u8 *cbc_chain_data, const u8 *src, u8 *dst); /** * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC. * * @key_size Size of the aes key (in bits) - * @key_exp Expanded key to use - * @iv Initialization vector - * @src Source data to encrypt + * @key_exp Expanded key to use (not modified) + * @iv Initialization vector (not modified) + * @src Source data to encrypt (not modified) * @dst Destination buffer * @num_aes_blocks Number of AES blocks to encrypt */ -void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, - u32 num_aes_blocks); +void aes_cbc_encrypt_blocks(u32 key_size, const u8 *key_exp, const u8 *iv, + const u8 *src, u8 *dst, u32 num_aes_blocks); /** * Decrypt multiple blocks of data with AES CBC. * * @key_size Size of the aes key (in bits) - * @key_exp Expanded key to use - * @iv Initialization vector - * @src Source data to decrypt + * @key_exp Expanded key to use (not modified) + * @iv Initialization vector (not modified) + * @src Source data to decrypt (not modified) * @dst Destination buffer * @num_aes_blocks Number of AES blocks to decrypt */ -void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, - u32 num_aes_blocks); +void aes_cbc_decrypt_blocks(u32 key_size, const u8 *key_exp, const u8 *iv, + const u8 *src, u8 *dst, u32 num_aes_blocks); #endif /* _AES_REF_H_ */ diff --git a/lib/aes.c b/lib/aes.c index 3bcbeeab9af..6894dd89e50 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -498,7 +498,7 @@ static void inv_mix_sub_columns(u8 *state) * encrypt/decrypt columns of the key * n.b. you can replace this with byte-wise xor if you wish. */ -static void add_round_key(u32 *state, u32 *key) +static void add_round_key(u32 *state, const u32 *key) { int idx; @@ -537,7 +537,7 @@ static u32 aes_get_keycols(u32 key_len) } /* produce AES_STATECOLS bytes for each round */ -void aes_expand_key(u8 *key, u32 key_len, u8 *expkey) +void aes_expand_key(const u8 *key, u32 key_len, u8 *expkey) { u8 tmp0, tmp1, tmp2, tmp3, tmp4; uint idx, aes_rounds, aes_keycols; @@ -574,7 +574,7 @@ void aes_expand_key(u8 *key, u32 key_len, u8 *expkey) } /* encrypt one 128 bit block */ -void aes_encrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out) +void aes_encrypt(u32 key_len, const u8 *in, const u8 *expkey, u8 *out) { u8 state[AES_STATECOLS * 4]; u32 round, aes_rounds; @@ -597,7 +597,7 @@ void aes_encrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out) memcpy(out, state, sizeof(state)); } -void aes_decrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out) +void aes_decrypt(u32 key_len, const u8 *in, const u8 *expkey, u8 *out) { u8 state[AES_STATECOLS * 4]; int round, aes_rounds; @@ -620,7 +620,7 @@ void aes_decrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out) memcpy(out, state, sizeof(state)); } -static void debug_print_vector(char *name, u32 num_bytes, u8 *data) +static void debug_print_vector(char *name, u32 num_bytes, const u8 *data) { #ifdef DEBUG printf("%s [%d] @0x%p", name, num_bytes, data); @@ -628,7 +628,7 @@ static void debug_print_vector(char *name, u32 num_bytes, u8 *data) #endif } -void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) +void aes_apply_cbc_chain_data(const u8 *cbc_chain_data, const u8 *src, u8 *dst) { int i; @@ -636,11 +636,11 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) *dst++ = *src++ ^ *cbc_chain_data++; } -void aes_cbc_encrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, - u32 num_aes_blocks) +void aes_cbc_encrypt_blocks(u32 key_len, const u8 *key_exp, const u8 *iv, + const u8 *src, u8 *dst, u32 num_aes_blocks) { u8 tmp_data[AES_BLOCK_LENGTH]; - u8 *cbc_chain_data = iv; + const u8 *cbc_chain_data = iv; u32 i; for (i = 0; i < num_aes_blocks; i++) { @@ -662,8 +662,8 @@ void aes_cbc_encrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, } } -void aes_cbc_decrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, - u32 num_aes_blocks) +void aes_cbc_decrypt_blocks(u32 key_len, const u8 *key_exp, const u8 *iv, + const u8 *src, u8 *dst, u32 num_aes_blocks) { u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH]; /* Convenient array of 0's for IV */ -- 2.43.0