printf: Convert %h to %ph

In order to make printf more standard, use %ph. Pass a pointer to
a struct describing the buffer, including its size. Add a convenience
macro so that conversion between the old style and new style is purely
mechanical. The old style of %h cannot be converted directly to %ph as-is
because the C standard doesn't allow flags, precision, or field width on
%p.

Ultimately the goal is to enable compile-time printf format checking.
This gets us one step closer to that.

BUG=chromium:984041
TEST=make -j buildall
BRANCH=None

Cq-Depend:chrome-internal:1559798,chrome-internal:1560598
Change-Id: I9c0ca124a048314c9b62d64bd55b36be55034e0e
Signed-off-by: Evan Green <evgreen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1730605

5 files changed, 12 insertions, 12 deletions

diff --git a/chip/g/dcrypto/app_cipher.c b/chip/g/dcrypto/app_cipher.c
index 2d95173c8f..e465598718 100644
--- a/chip/g/dcrypto/app_cipher.c
+++ b/chip/g/dcrypto/app_cipher.c
@@ -282,7 +282,7 @@ static int basic_check(struct test_info *pinfo)
 	int i;
 	uint32_t *p;
 
-	ccprintf("original data  %.16h\n", pinfo->p);
+	ccprintf("original data  %ph\n", HEX_BUF(pinfo->p, 16));
 
 	half = (pinfo->test_blob_size/2) & ~3;
 	if (!DCRYPTO_app_cipher(NVMEM, pinfo->p, pinfo->p,
@@ -301,7 +301,7 @@ static int basic_check(struct test_info *pinfo)
 			return EC_ERROR_UNKNOWN;
 		}
 
-	ccprintf("hashed data    %.16h\n", pinfo->p);
+	ccprintf("hashed data    %ph\n", HEX_BUF(pinfo->p, 16));
 
 	return EC_SUCCESS;
 }
@@ -407,7 +407,7 @@ static void run_cipher_cmd(void)
 		report_stats("Encryption", &info.enc_stats);
 		report_stats("Decryption", &info.dec_stats);
 	} else if (info.p) {
-		ccprintf("current data   %.16h\n", info.p);
+		ccprintf("current data   %ph\n", HEX_BUF(info.p, 16));
 	}
 
 	if (info.p)
diff --git a/chip/g/dcrypto/dcrypto_bn.c b/chip/g/dcrypto/dcrypto_bn.c
index cae54e6adf..2696d37669 100644
--- a/chip/g/dcrypto/dcrypto_bn.c
+++ b/chip/g/dcrypto/dcrypto_bn.c
@@ -1484,8 +1484,8 @@ static int command_genp(int argc, char **argv)
 	result = call_on_bigger_stack(genp_core);
 
 	if (result == EC_SUCCESS) {
-		ccprintf("prime: %.*h (lsb first)\n", sizeof(prime_buf),
-			 prime_buf);
+		ccprintf("prime: %ph (lsb first)\n",
+			 HEX_BUF(prime_buf, sizeof(prime_buf));
 		ccprintf("μs   : %lu\n", genp_end.val - genp_start.val);
 	}
 
diff --git a/chip/g/dcrypto/hmac_drbg.c b/chip/g/dcrypto/hmac_drbg.c
index 64b47a13f5..bf49103e93 100644
--- a/chip/g/dcrypto/hmac_drbg.c
+++ b/chip/g/dcrypto/hmac_drbg.c
@@ -202,7 +202,7 @@ static int cmd_rfc6979(int argc, char **argv)
 	hmac_drbg_init_rfc6979(&drbg, x, &h1);
 	do {
 		hmac_drbg_generate_p256(&drbg, &k);
-		ccprintf("K = %.32h\n", &k);
+		ccprintf("K = %ph\n", HEX_BUF(&k, 32));
 	} while (p256_cmp(&SECP256r1_nMin2, &k) < 0);
 	drbg_exit(&drbg);
 	result = p256_cmp(&k, reference_k);
diff --git a/chip/g/loader/launch.c b/chip/g/loader/launch.c
index cf701a21cb..823e29489b 100644
--- a/chip/g/loader/launch.c
+++ b/chip/g/loader/launch.c
@@ -79,7 +79,7 @@ void tryLaunch(uint32_t adr, size_t max_size)
 			hdr->image_size - offsetof(struct SignedHeader, tag),
 			(uint8_t *) hashes.img_hash);
 
-	VERBOSE("img_hash  : %.32h\n", hashes.img_hash);
+	VERBOSE("img_hash  : %ph\n", HEX_BUF(hashes.img_hash, 32));
 
 	/* Sense fuses into RAM array; hash array. */
 	/* TODO: is this glitch resistant enough? Certainly is simple.. */
@@ -104,7 +104,7 @@ void tryLaunch(uint32_t adr, size_t max_size)
 	DCRYPTO_SHA256_hash((uint8_t *) fuses, sizeof(fuses),
 			(uint8_t *) hashes.fuses_hash);
 
-	VERBOSE("fuses_hash: %.32h\n", hashes.fuses_hash);
+	VERBOSE("fuses_hash: %ph\n", HEX_BUF(hashes.fuses_hash, 32));
 
 	/* Sense info into RAM array; hash array. */
 	for (i = 0; i < INFO_MAX; ++i)
@@ -122,7 +122,7 @@ void tryLaunch(uint32_t adr, size_t max_size)
 
 	DCRYPTO_SHA256_hash((uint8_t *) info, sizeof(info),
 			(uint8_t *) hashes.info_hash);
-	VERBOSE("info_hash : %.32h\n", hashes.info_hash);
+	VERBOSE("info_hash : %ph\n", HEX_BUF(hashes.info_hash, 32));
 
 	/* Hash our set of hashes to get final hash. */
 	DCRYPTO_SHA256_hash((uint8_t *) &hashes, sizeof(hashes),
diff --git a/chip/g/loader/verify.c b/chip/g/loader/verify.c
index 41b1c6cddd..54be724f10 100644
--- a/chip/g/loader/verify.c
+++ b/chip/g/loader/verify.c
@@ -103,7 +103,7 @@ void LOADERKEY_verify(const uint32_t *key, const uint32_t *signature,
 	int i;
 
 	modpow3(key, signature, buf);
-	VERBOSE("sig %.384h\n", buf);
+	VERBOSE("sig %ph\n", HEX_BUF(buf, 384));
 
 	/*
 	 * If key was not 3Kb, assume 2Kb and expand for subsequent
@@ -142,12 +142,12 @@ void LOADERKEY_verify(const uint32_t *key, const uint32_t *signature,
 		offset = (offset + step) % SHA256_DIGEST_WORDS;
 	}
 
-	VERBOSE("\nsig^ %.384h\n\n", buf);
+	VERBOSE("\nsig^ %ph\n\n", HEX_BUF(buf, 384));
 
 	/* Hash resulting buffer. */
 	DCRYPTO_SHA256_hash((uint8_t *) buf, RSA_NUM_BYTES, (uint8_t *) hash);
 
-	VERBOSE("hash %.32h\n", hash);
+	VERBOSE("hash %ph\n", HEX_BUF(hash, 32));
 
 	/*
 	 * Write computed hash to unlock register to unlock execution, iff