aes: Use const pointers for read-only parameters

Update AES function signatures to use const pointers for parameters that are not modified. This improves type safety and makes it easier to see which parameters are read-only. Fix the Nuvoton npcm_ae driver as well since it implements the API. Really that should be handled by a driver, but leave that for now. Functions updated: - aes_expand_key(): key parameter - aes_encrypt(): in and expkey parameters - aes_decrypt(): in and expkey parameters - aes_apply_cbc_chain_data(): cbc_chain_data and src parameters - aes_cbc_encrypt_blocks(): key_exp, iv, and src parameters - aes_cbc_decrypt_blocks(): key_exp, iv, and src parameters - add_round_key(): key parameter (internal) - debug_print_vector(): data parameter (internal) Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com>
2025-11-14 11:28:34 -07:00
parent 33f5f5cb3f
commit 76aa68ed86
3 changed files with 43 additions and 43 deletions
--- a/drivers/crypto/nuvoton/npcm_aes.c
+++ b/drivers/crypto/nuvoton/npcm_aes.c
@@ -102,10 +102,10 @@ static int npcm_aes_init(u8 dec_enc)
 	return 0;
 }

-static inline void npcm_aes_load_iv(u8 *iv)
+static inline void npcm_aes_load_iv(const u8 *iv)
 {
 	struct npcm_aes_regs *regs = aes_priv->regs;
-	u32 *p = (u32 *)iv;
+	const u32 *p = (const u32 *)iv;
 	u32 i;

 	/* Initialization Vector is loaded in 32-bit chunks */
@@ -113,10 +113,10 @@ static inline void npcm_aes_load_iv(u8 *iv)
 		writel(p[i], &regs->aes_iv_0 + i);
 }

-static inline void npcm_aes_load_key(u8 *key)
+static inline void npcm_aes_load_key(const u8 *key)
 {
 	struct npcm_aes_regs *regs = aes_priv->regs;
-	u32 *p = (u32 *)key;
+	const u32 *p = (const u32 *)key;
 	u32 i;

 	/* The key can be loaded either via the configuration or by using sideband
@@ -140,7 +140,7 @@ static inline void npcm_aes_load_key(u8 *key)
 	}
 }

-static inline void npcm_aes_write(u32 *in)
+static inline void npcm_aes_write(const u32 *in)
 {
 	struct npcm_aes_regs *regs = aes_priv->regs;
 	u32 i;
@@ -160,7 +160,7 @@ static inline void npcm_aes_read(u32 *out)
 		out[i] = readl(&regs->aes_fifo_data);
 }

-static void npcm_aes_feed(u32 num_aes_blocks, u32 *datain, u32 *dataout)
+static void npcm_aes_feed(u32 num_aes_blocks, const u32 *datain, u32 *dataout)
 {
 	struct npcm_aes_regs *regs = aes_priv->regs;
 	u32 aes_datablk;
@@ -235,14 +235,14 @@ static void npcm_aes_feed(u32 num_aes_blocks, u32 *datain, u32 *dataout)
 	}
 }

-void aes_expand_key(u8 *key, u32 key_size, u8 *expkey)
+void aes_expand_key(const u8 *key, u32 key_size, u8 *expkey)
 {
 	/* npcm hw expands the key automatically, just copy it */
 	memcpy(expkey, key, SIZE_AES_BLOCK * 2);
 }

-void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
-			    u32 num_aes_blocks)
+void aes_cbc_encrypt_blocks(u32 key_size, const u8 *key_exp, const u8 *iv,
+			    const u8 *src, u8 *dst, u32 num_aes_blocks)
 {
 	if (npcm_aes_init(AES_OP_ENCRYPT))
 		return;
@@ -254,8 +254,8 @@ void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 	npcm_aes_feed(num_aes_blocks, (u32 *)src, (u32 *)dst);
 }

-void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
-			    u32 num_aes_blocks)
+void aes_cbc_decrypt_blocks(u32 key_size, const u8 *key_exp, const u8 *iv,
+			    const u8 *src, u8 *dst, u32 num_aes_blocks)
 {
 	if (npcm_aes_init(AES_OP_DECRYPT))
 		return;
--- a/include/uboot_aes.h
+++ b/include/uboot_aes.h
@@ -44,67 +44,67 @@ enum {
 * Expand a key into a key schedule, which is then used for the other
 * operations.
 *
- * @key		Key
+ * @key		Key (not modified)
 * @key_size	Size of the key (in bits)
 * @expkey	Buffer to place expanded key, AES_EXPAND_KEY_LENGTH
 */
-void aes_expand_key(u8 *key, u32 key_size, u8 *expkey);
+void aes_expand_key(const u8 *key, u32 key_size, u8 *expkey);

 /**
 * aes_encrypt() - Encrypt single block of data with AES 128
 *
 * @key_size	Size of the aes key (in bits)
- * @in		Input data
- * @expkey	Expanded key to use for encryption (from aes_expand_key())
+ * @in		Input data (not modified)
+ * @expkey	Expanded key to use for encryption (from aes_expand_key(), not modified)
 * @out		Output data
 */
-void aes_encrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);
+void aes_encrypt(u32 key_size, const u8 *in, const u8 *expkey, u8 *out);

 /**
 * aes_decrypt() - Decrypt single block of data with AES 128
 *
 * @key_size	Size of the aes key (in bits)
- * @in		Input data
- * @expkey	Expanded key to use for decryption (from aes_expand_key())
+ * @in		Input data (not modified)
+ * @expkey	Expanded key to use for decryption (from aes_expand_key(), not modified)
 * @out		Output data
 */
-void aes_decrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);
+void aes_decrypt(u32 key_size, const u8 *in, const u8 *expkey, u8 *out);

 /**
 * Apply chain data to the destination using EOR
 *
 * Each array is of length AES_BLOCK_LENGTH.
 *
- * @cbc_chain_data	Chain data
- * @src			Source data
+ * @cbc_chain_data	Chain data (not modified)
+ * @src			Source data (not modified)
 * @dst			Destination data, which is modified here
 */
-void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst);
+void aes_apply_cbc_chain_data(const u8 *cbc_chain_data, const u8 *src, u8 *dst);

 /**
 * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
 *
 * @key_size		Size of the aes key (in bits)
- * @key_exp		Expanded key to use
- * @iv			Initialization vector
- * @src			Source data to encrypt
+ * @key_exp		Expanded key to use (not modified)
+ * @iv			Initialization vector (not modified)
+ * @src			Source data to encrypt (not modified)
 * @dst			Destination buffer
 * @num_aes_blocks	Number of AES blocks to encrypt
 */
-void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
-			    u32 num_aes_blocks);
+void aes_cbc_encrypt_blocks(u32 key_size, const u8 *key_exp, const u8 *iv,
+			    const u8 *src, u8 *dst, u32 num_aes_blocks);

 /**
 * Decrypt multiple blocks of data with AES CBC.
 *
 * @key_size		Size of the aes key (in bits)
- * @key_exp		Expanded key to use
- * @iv			Initialization vector
- * @src			Source data to decrypt
+ * @key_exp		Expanded key to use (not modified)
+ * @iv			Initialization vector (not modified)
+ * @src			Source data to decrypt (not modified)
 * @dst			Destination buffer
 * @num_aes_blocks	Number of AES blocks to decrypt
 */
-void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
-			    u32 num_aes_blocks);
+void aes_cbc_decrypt_blocks(u32 key_size, const u8 *key_exp, const u8 *iv,
+			    const u8 *src, u8 *dst, u32 num_aes_blocks);

 #endif /* _AES_REF_H_ */
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -498,7 +498,7 @@ static void inv_mix_sub_columns(u8 *state)
 * encrypt/decrypt columns of the key
 * n.b. you can replace this with byte-wise xor if you wish.
 */
-static void add_round_key(u32 *state, u32 *key)
+static void add_round_key(u32 *state, const u32 *key)
 {
 	int idx;

@@ -537,7 +537,7 @@ static u32 aes_get_keycols(u32 key_len)
 }

 /* produce AES_STATECOLS bytes for each round */
-void aes_expand_key(u8 *key, u32 key_len, u8 *expkey)
+void aes_expand_key(const u8 *key, u32 key_len, u8 *expkey)
 {
 	u8 tmp0, tmp1, tmp2, tmp3, tmp4;
 	uint idx, aes_rounds, aes_keycols;
@@ -574,7 +574,7 @@ void aes_expand_key(u8 *key, u32 key_len, u8 *expkey)
 }

 /* encrypt one 128 bit block */
-void aes_encrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
+void aes_encrypt(u32 key_len, const u8 *in, const u8 *expkey, u8 *out)
 {
 	u8 state[AES_STATECOLS * 4];
 	u32 round, aes_rounds;
@@ -597,7 +597,7 @@ void aes_encrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
 	memcpy(out, state, sizeof(state));
 }

-void aes_decrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
+void aes_decrypt(u32 key_len, const u8 *in, const u8 *expkey, u8 *out)
 {
 	u8 state[AES_STATECOLS * 4];
 	int round, aes_rounds;
@@ -620,7 +620,7 @@ void aes_decrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
 	memcpy(out, state, sizeof(state));
 }

-static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
+static void debug_print_vector(char *name, u32 num_bytes, const u8 *data)
 {
 #ifdef DEBUG
 	printf("%s [%d] @0x%p", name, num_bytes, data);
@@ -628,7 +628,7 @@ static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
 #endif
 }

-void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
+void aes_apply_cbc_chain_data(const u8 *cbc_chain_data, const u8 *src, u8 *dst)
 {
 	int i;

@@ -636,11 +636,11 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
 		*dst++ = *src++ ^ *cbc_chain_data++;
 }

-void aes_cbc_encrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
-			    u32 num_aes_blocks)
+void aes_cbc_encrypt_blocks(u32 key_len, const u8 *key_exp, const u8 *iv,
+			    const u8 *src, u8 *dst, u32 num_aes_blocks)
 {
 	u8 tmp_data[AES_BLOCK_LENGTH];
-	u8 *cbc_chain_data = iv;
+	const u8 *cbc_chain_data = iv;
 	u32 i;

 	for (i = 0; i < num_aes_blocks; i++) {
@@ -662,8 +662,8 @@ void aes_cbc_encrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 	}
 }

-void aes_cbc_decrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
-			    u32 num_aes_blocks)
+void aes_cbc_decrypt_blocks(u32 key_len, const u8 *key_exp, const u8 *iv,
+			    const u8 *src, u8 *dst, u32 num_aes_blocks)
 {
 	u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH];
 	/* Convenient array of 0's for IV */