make parameters constant

canokeys · Dec 9, 2023 · c2855d9 · c2855d9
1 parent 02fe680
commit c2855d9
Show file tree

Hide file tree

Showing 8 changed files with 71 additions and 54 deletions.
diff --git a/include/ecc.h b/include/ecc.h
@@ -103,7 +103,7 @@ int K__short_weierstrass_generate(key_type_t type, ecc_key_t *key);
  *
  * @return 1: verified, 0: not verified
  */
-int K__short_weierstrass_verify_private_key(key_type_t type, ecc_key_t *key);
+int K__short_weierstrass_verify_private_key(const key_type_t type, const ecc_key_t *key);
 
 /**
  * Compute the corresponding public key using the private key

diff --git a/include/hmac.h b/include/hmac.h
@@ -48,17 +48,17 @@ typedef struct _HMAC_SHA512_CTX {
 } HMAC_SHA512_CTX;
 
 void hmac_sha1_Init(HMAC_SHA1_CTX *hctx, const uint8_t *key, size_t keylen);
-void hmac_sha1_Update(HMAC_SHA1_CTX *hctx, const uint8_t *msg, size_t msglen);
+void hmac_sha1_Update(const HMAC_SHA1_CTX *hctx, const uint8_t *msg, size_t msglen);
 void hmac_sha1_Final(HMAC_SHA1_CTX *hctx, uint8_t *hmac);
 void hmac_sha1(const uint8_t *key, size_t keylen, const uint8_t *msg, size_t msglen, uint8_t *hmac);
 
 void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, size_t keylen);
-void hmac_sha256_Update(HMAC_SHA256_CTX *hctx, const uint8_t *msg, size_t msglen);
+void hmac_sha256_Update(const HMAC_SHA256_CTX *hctx, const uint8_t *msg, size_t msglen);
 void hmac_sha256_Final(HMAC_SHA256_CTX *hctx, uint8_t *hmac);
 void hmac_sha256(const uint8_t *key, size_t keylen, const uint8_t *msg, size_t msglen, uint8_t *hmac);
 
 void hmac_sha512_Init(HMAC_SHA512_CTX *hctx, const uint8_t *key, size_t keylen);
-void hmac_sha512_Update(HMAC_SHA512_CTX *hctx, const uint8_t *msg, size_t msglen);
+void hmac_sha512_Update(const HMAC_SHA512_CTX *hctx, const uint8_t *msg, size_t msglen);
 void hmac_sha512_Final(HMAC_SHA512_CTX *hctx, uint8_t *hmac);
 void hmac_sha512(const uint8_t *key, size_t keylen, const uint8_t *msg, size_t msglen, uint8_t *hmac);
 

diff --git a/include/rsa.h b/include/rsa.h
@@ -49,7 +49,7 @@ int rsa_get_public_key(rsa_key_t *key, uint8_t *n);
  *
  * @return 0 on success.
  */
-int rsa_private(rsa_key_t *key, const uint8_t *input, uint8_t *output);
+int rsa_private(const rsa_key_t *key, const uint8_t *input, uint8_t *output);
 
 int rsa_sign_pkcs_v15(const rsa_key_t *key, const uint8_t *data, size_t len, uint8_t *sig);
 

diff --git a/src/ecc.c b/src/ecc.c
@@ -392,7 +392,7 @@ __attribute__((weak)) int K__short_weierstrass_generate(key_type_t type, ecc_key
   return 0;
 }
 
-__attribute__((weak)) int K__short_weierstrass_verify_private_key(key_type_t type, ecc_key_t *key) {
+__attribute__((weak)) int K__short_weierstrass_verify_private_key(key_type_t type, const ecc_key_t *key) {
 #ifdef USE_MBEDCRYPTO
   mbedtls_mpi d;
   mbedtls_ecp_group grp;

diff --git a/src/hmac.c b/src/hmac.c
@@ -25,7 +25,7 @@
 #include <memzero.h>
 #include <string.h>
 
-void hmac_sha1_Init(HMAC_SHA1_CTX *hctx, const uint8_t *key, size_t keylen) {
+void hmac_sha1_Init(HMAC_SHA1_CTX *hctx, const uint8_t *key, const size_t keylen) {
   uint8_t i_key_pad[SHA1_BLOCK_LENGTH];
   memzero(i_key_pad, SHA1_BLOCK_LENGTH);
   if (keylen > SHA1_BLOCK_LENGTH) {
@@ -42,7 +42,10 @@ void hmac_sha1_Init(HMAC_SHA1_CTX *hctx, const uint8_t *key, size_t keylen) {
   memzero(i_key_pad, sizeof(i_key_pad));
 }
 
-void hmac_sha1_Update(HMAC_SHA1_CTX *hctx, const uint8_t *msg, size_t msglen) { sha1_update(msg, msglen); }
+void hmac_sha1_Update(const HMAC_SHA1_CTX *hctx, const uint8_t *msg, const size_t msglen) {
+  (void) hctx;
+  sha1_update(msg, msglen);
+}
 
 void hmac_sha1_Final(HMAC_SHA1_CTX *hctx, uint8_t *hmac) {
   sha1_final(hmac);
@@ -53,14 +56,14 @@ void hmac_sha1_Final(HMAC_SHA1_CTX *hctx, uint8_t *hmac) {
   memzero(hctx, sizeof(HMAC_SHA1_CTX));
 }
 
-void hmac_sha1(const uint8_t *key, size_t keylen, const uint8_t *msg, size_t msglen, uint8_t *hmac) {
+void hmac_sha1(const uint8_t *key, const size_t keylen, const uint8_t *msg, const size_t msglen, uint8_t *hmac) {
   HMAC_SHA1_CTX hctx;
   hmac_sha1_Init(&hctx, key, keylen);
   hmac_sha1_Update(&hctx, msg, msglen);
   hmac_sha1_Final(&hctx, hmac);
 }
 
-void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, size_t keylen) {
+void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, const size_t keylen) {
   uint8_t i_key_pad[SHA256_BLOCK_LENGTH];
   memzero(i_key_pad, SHA256_BLOCK_LENGTH);
   if (keylen > SHA256_BLOCK_LENGTH) {
@@ -77,7 +80,10 @@ void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, size_t keylen)
   memzero(i_key_pad, sizeof(i_key_pad));
 }
 
-void hmac_sha256_Update(HMAC_SHA256_CTX *hctx, const uint8_t *msg, size_t msglen) { sha256_update(msg, msglen); }
+void hmac_sha256_Update(const HMAC_SHA256_CTX *hctx, const uint8_t *msg, const size_t msglen) {
+  (void) hctx;
+  sha256_update(msg, msglen);
+}
 
 void hmac_sha256_Final(HMAC_SHA256_CTX *hctx, uint8_t *hmac) {
   sha256_final(hmac);
@@ -88,14 +94,14 @@ void hmac_sha256_Final(HMAC_SHA256_CTX *hctx, uint8_t *hmac) {
   memzero(hctx, sizeof(HMAC_SHA256_CTX));
 }
 
-void hmac_sha256(const uint8_t *key, size_t keylen, const uint8_t *msg, size_t msglen, uint8_t *hmac) {
+void hmac_sha256(const uint8_t *key, const size_t keylen, const uint8_t *msg, const size_t msglen, uint8_t *hmac) {
   HMAC_SHA256_CTX hctx;
   hmac_sha256_Init(&hctx, key, keylen);
   hmac_sha256_Update(&hctx, msg, msglen);
   hmac_sha256_Final(&hctx, hmac);
 }
 
-void hmac_sha512_Init(HMAC_SHA512_CTX *hctx, const uint8_t *key, size_t keylen) {
+void hmac_sha512_Init(HMAC_SHA512_CTX *hctx, const uint8_t *key, const size_t keylen) {
   uint8_t i_key_pad[SHA512_BLOCK_LENGTH];
   memzero(i_key_pad, SHA512_BLOCK_LENGTH);
   if (keylen > SHA512_BLOCK_LENGTH) {
@@ -112,7 +118,10 @@ void hmac_sha512_Init(HMAC_SHA512_CTX *hctx, const uint8_t *key, size_t keylen)
   memzero(i_key_pad, sizeof(i_key_pad));
 }
 
-void hmac_sha512_Update(HMAC_SHA512_CTX *hctx, const uint8_t *msg, size_t msglen) { sha512_update(msg, msglen); }
+void hmac_sha512_Update(const HMAC_SHA512_CTX *hctx, const uint8_t *msg, const size_t msglen) {
+  (void) hctx;
+  sha512_update(msg, msglen);
+}
 
 void hmac_sha512_Final(HMAC_SHA512_CTX *hctx, uint8_t *hmac) {
   sha512_final(hmac);
@@ -123,7 +132,7 @@ void hmac_sha512_Final(HMAC_SHA512_CTX *hctx, uint8_t *hmac) {
   memzero(hctx, sizeof(HMAC_SHA512_CTX));
 }
 
-void hmac_sha512(const uint8_t *key, size_t keylen, const uint8_t *msg, size_t msglen, uint8_t *hmac) {
+void hmac_sha512(const uint8_t *key, const size_t keylen, const uint8_t *msg, const size_t msglen, uint8_t *hmac) {
   HMAC_SHA512_CTX hctx;
   hmac_sha512_Init(&hctx, key, keylen);
   hmac_sha512_Update(&hctx, msg, msglen);

diff --git a/src/rsa.c b/src/rsa.c
@@ -80,7 +80,7 @@ __attribute__((weak)) int rsa_get_public_key(rsa_key_t *key, uint8_t *n) {
   return ret;
 }
 
-__attribute__((weak)) int rsa_private(rsa_key_t *key, const uint8_t *input, uint8_t *output) {
+__attribute__((weak)) int rsa_private(const rsa_key_t *key, const uint8_t *input, uint8_t *output) {
   int ret = 0;
 #ifdef USE_MBEDCRYPTO
   mbedtls_rsa_context rsa;
@@ -108,15 +108,15 @@ __attribute__((weak)) int rsa_private(rsa_key_t *key, const uint8_t *input, uint
   return ret;
 }
 
-int rsa_sign_pkcs_v15(const rsa_key_t *key, const uint8_t *data, size_t len, uint8_t *sig) {
+int rsa_sign_pkcs_v15(const rsa_key_t *key, const uint8_t *data, const size_t len, uint8_t *sig) {
   if (pkcs1_v15_add_padding(data, len, sig, key->nbits / 8) < 0) return -1;
   return rsa_private(key, sig, sig);
 }
 
 int rsa_decrypt_pkcs_v15(const rsa_key_t *key, const uint8_t *in, size_t *olen, uint8_t *out, uint8_t *invalid_padding) {
   *invalid_padding = 0;
   if (rsa_private(key, in, out) < 0) return -1;
-  int len = pkcs1_v15_remove_padding(out, key->nbits / 8, out);
+  const int len = pkcs1_v15_remove_padding(out, key->nbits / 8, out);
   if (len < 0) {
     *invalid_padding = 1;
     return -1;

diff --git a/src/sha.c b/src/sha.c
@@ -22,18 +22,22 @@ __attribute__((weak)) void sha1_init() {
 __attribute__((weak)) void sha1_update(const uint8_t *data, uint16_t len) {
 #ifdef USE_MBEDCRYPTO
   mbedtls_sha1_update_ret(&sha1, data, len);
+#else
+  (void)data;
+  (void)len;
 #endif
 }
 
 __attribute__((weak)) void sha1_final(uint8_t digest[SHA1_DIGEST_LENGTH]) {
 #ifdef USE_MBEDCRYPTO
   mbedtls_sha1_finish_ret(&sha1, digest);
   mbedtls_sha1_free(&sha1);
+#else
+  (void)digest;
 #endif
 }
 
-void sha1_raw(const uint8_t *data, size_t len,
-              uint8_t digest[SHA1_DIGEST_LENGTH]) {
+void sha1_raw(const uint8_t *data, const size_t len, uint8_t digest[SHA1_DIGEST_LENGTH]) {
   sha1_init();
   sha1_update(data, len);
   sha1_final(digest);
@@ -49,18 +53,22 @@ __attribute__((weak)) void sha256_init() {
 __attribute__((weak)) void sha256_update(const uint8_t *data, uint16_t len) {
 #ifdef USE_MBEDCRYPTO
   mbedtls_sha256_update_ret(&sha256, data, len);
+#else
+  (void)data;
+  (void)len;
 #endif
 }
 
 __attribute__((weak)) void sha256_final(uint8_t digest[SHA256_DIGEST_LENGTH]) {
 #ifdef USE_MBEDCRYPTO
   mbedtls_sha256_finish_ret(&sha256, digest);
   mbedtls_sha256_free(&sha256);
+#else
+  (void)digest;
 #endif
 }
 
-void sha256_raw(const uint8_t *data, size_t len,
-                uint8_t digest[SHA256_DIGEST_LENGTH]) {
+void sha256_raw(const uint8_t *data, const size_t len, uint8_t digest[SHA256_DIGEST_LENGTH]) {
   sha256_init();
   sha256_update(data, len);
   sha256_final(digest);
@@ -76,18 +84,22 @@ __attribute__((weak)) void sha512_init() {
 __attribute__((weak)) void sha512_update(const uint8_t *data, uint16_t len) {
 #ifdef USE_MBEDCRYPTO
   mbedtls_sha512_update_ret(&sha512, data, len);
+#else
+  (void)data;
+  (void)len;
 #endif
 }
 
 __attribute__((weak)) void sha512_final(uint8_t digest[SHA512_DIGEST_LENGTH]) {
 #ifdef USE_MBEDCRYPTO
   mbedtls_sha512_finish_ret(&sha512, digest);
   mbedtls_sha512_free(&sha512);
+#else
+  (void)digest;
 #endif
 }
 
-void sha512_raw(const uint8_t *data, size_t len,
-                uint8_t digest[SHA512_DIGEST_LENGTH]) {
+void sha512_raw(const uint8_t *data, const size_t len, uint8_t digest[SHA512_DIGEST_LENGTH]) {
   sha512_init();
   sha512_update(data, len);
   sha512_final(digest);

diff --git a/src/sha3.c b/src/sha3.c
@@ -44,7 +44,7 @@ static void swap_copy_u64_to_str(void *to, const void *from, size_t length);
 
 #define I64(x) x##LL
 #define ROTL64(qword, n) ((qword) << (n) ^ ((qword) >> (64 - (n))))
-#define IS_ALIGNED_64(p) (0 == (7 & ((const char *)(p) - (const char *)0)))
+#define IS_ALIGNED_64(p) (0 == (7 & ((int)(const char *)(p))))
 
 /* constants */
 #define NumberOfRounds 24
@@ -58,27 +58,26 @@ static uint64_t keccak_round_constants[NumberOfRounds] = {
     I64(0x8000000000008002), I64(0x8000000000000080), I64(0x000000000000800A), I64(0x800000008000000A),
     I64(0x8000000080008081), I64(0x8000000000008080), I64(0x0000000080000001), I64(0x8000000080008008)};
 
-__attribute__((unused)) static void swap_copy_u64_to_str(void *to, const void *from, size_t length) {
+__attribute__((unused)) static void swap_copy_u64_to_str(void *to, const void *from, const size_t length) {
   /* if all pointers and length are 64-bits aligned */
-  if (0 == (((int)((char *)to - (char *)0) | ((char *)from - (char *)0) | length) & 7)) {
+  if (0 == (((int)(char *)to | (int)(char *)from | length) & 7)) {
     /* copy aligned memory block as 64-bit integers */
-    const uint64_t *src = (const uint64_t *)from;
+    const uint64_t *src = from;
     const uint64_t *end = (const uint64_t *)((const char *)src + length);
-    uint64_t *dst = (uint64_t *)to;
+    uint64_t *dst = to;
     while (src < end)
-      *(dst++) = __builtin_bswap64(*(src++));
+      *dst++ = __builtin_bswap64(*src++);
   } else {
-    size_t index;
-    char *dst = (char *)to;
-    for (index = 0; index < length; index++)
-      *(dst++) = ((char *)from)[index ^ 7];
+    char *dst = to;
+    for (size_t index = 0; index < length; index++)
+      *dst++ = ((char *)from)[index ^ 7];
   }
 }
 
 /* Initializing a sha3 context for given number of output bits */
-static void keccak_Init(SHA3_CTX *ctx, unsigned bits) {
+static void keccak_Init(SHA3_CTX *ctx, const unsigned bits) {
   /* NB: The Keccak capacity parameter = bits * 2 */
-  unsigned rate = 1600 - bits * 2;
+  const unsigned rate = 1600 - bits * 2;
 
   memzero(ctx, sizeof(SHA3_CTX));
   ctx->block_size = rate / 8;
@@ -138,8 +137,7 @@ static void keccak_theta(uint64_t *A) {
 
 /* Keccak pi() transformation */
 static void keccak_pi(uint64_t *A) {
-  uint64_t A1;
-  A1 = A[1];
+  const uint64_t A1 = A[1];
   A[1] = A[6];
   A[6] = A[9];
   A[9] = A[22];
@@ -169,9 +167,8 @@ static void keccak_pi(uint64_t *A) {
 
 /* Keccak chi() transformation */
 static void keccak_chi(uint64_t *A) {
-  int i;
-  for (i = 0; i < 25; i += 5) {
-    uint64_t A0 = A[0 + i], A1 = A[1 + i];
+  for (int i = 0; i < 25; i += 5) {
+    const uint64_t A0 = A[0 + i], A1 = A[1 + i];
     A[0 + i] ^= ~A1 & A[2 + i];
     A[1 + i] ^= ~A[2 + i] & A[3 + i];
     A[2 + i] ^= ~A[3 + i] & A[4 + i];
@@ -181,8 +178,7 @@ static void keccak_chi(uint64_t *A) {
 }
 
 static void sha3_permutation(uint64_t *state) {
-  int round;
-  for (round = 0; round < NumberOfRounds; round++) {
+  for (int round = 0; round < NumberOfRounds; round++) {
     keccak_theta(state);
 
     /* apply Keccak rho() transformation */
@@ -282,16 +278,16 @@ static void sha3_process_block(uint64_t hash[25], const uint64_t *block, size_t
  * @param size length of the message chunk
  */
 void sha3_Update(SHA3_CTX *ctx, const unsigned char *msg, size_t size) {
-  size_t idx = (size_t)ctx->rest;
-  size_t block_size = (size_t)ctx->block_size;
+  const size_t idx = ctx->rest;
+  const size_t block_size = ctx->block_size;
 
   if (ctx->rest & SHA3_FINALIZED) return; /* too late for additional input */
-  ctx->rest = (unsigned)((ctx->rest + size) % block_size);
+  ctx->rest = (ctx->rest + size) % block_size;
 
   /* fill partial block */
   if (idx) {
-    size_t left = block_size - idx;
-    memcpy((char *)ctx->message + idx, msg, (size < left ? size : left));
+    const size_t left = block_size - idx;
+    memcpy((char *)ctx->message + idx, msg, size < left ? size : left);
     if (size < left) return;
 
     /* process partial block */
@@ -326,7 +322,7 @@ void sha3_Update(SHA3_CTX *ctx, const unsigned char *msg, size_t size) {
  * @param result calculated hash in binary form
  */
 void sha3_Final(SHA3_CTX *ctx, unsigned char *result) {
-  size_t digest_length = 100 - ctx->block_size / 2;
+  const size_t digest_length = 100 - ctx->block_size / 2;
   const size_t block_size = ctx->block_size;
 
   if (!(ctx->rest & SHA3_FINALIZED)) {
@@ -352,7 +348,7 @@ void sha3_Final(SHA3_CTX *ctx, unsigned char *result) {
  * @param result calculated hash in binary form
  */
 void keccak_Final(SHA3_CTX *ctx, unsigned char *result) {
-  size_t digest_length = 100 - ctx->block_size / 2;
+  const size_t digest_length = 100 - ctx->block_size / 2;
   const size_t block_size = ctx->block_size;
 
   if (!(ctx->rest & SHA3_FINALIZED)) {
@@ -371,28 +367,28 @@ void keccak_Final(SHA3_CTX *ctx, unsigned char *result) {
   memzero(ctx, sizeof(SHA3_CTX));
 }
 
-void keccak_256(const unsigned char *data, size_t len, unsigned char *digest) {
+void keccak_256(const unsigned char *data, const size_t len, unsigned char *digest) {
   SHA3_CTX ctx;
   keccak_256_Init(&ctx);
   keccak_Update(&ctx, data, len);
   keccak_Final(&ctx, digest);
 }
 
-void keccak_512(const unsigned char *data, size_t len, unsigned char *digest) {
+void keccak_512(const unsigned char *data, const size_t len, unsigned char *digest) {
   SHA3_CTX ctx;
   keccak_512_Init(&ctx);
   keccak_Update(&ctx, data, len);
   keccak_Final(&ctx, digest);
 }
 
-void sha3_256(const unsigned char *data, size_t len, unsigned char *digest) {
+void sha3_256(const unsigned char *data, const size_t len, unsigned char *digest) {
   SHA3_CTX ctx;
   sha3_256_Init(&ctx);
   sha3_Update(&ctx, data, len);
   sha3_Final(&ctx, digest);
 }
 
-void sha3_512(const unsigned char *data, size_t len, unsigned char *digest) {
+void sha3_512(const unsigned char *data, const size_t len, unsigned char *digest) {
   SHA3_CTX ctx;
   sha3_512_Init(&ctx);
   sha3_Update(&ctx, data, len);