diff --git a/src/crypto.c b/src/crypto.c
index e09bdd83..9e3b0020 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -127,9 +127,9 @@ int crypto_psk_from_passphrase(const char *passphrase,
  * Max operations for nonces are with the nonces treated as positive integers
  * converted as specified in 8.2.2.
  */
-bool crypto_derive_ptk(uint8_t *pmk, size_t pmk_len, const char *label,
-			uint8_t *addr1, uint8_t *addr2,
-			uint8_t *nonce1, uint8_t *nonce2,
+bool crypto_derive_ptk(const uint8_t *pmk, size_t pmk_len, const char *label,
+			const uint8_t *addr1, const uint8_t *addr2,
+			const uint8_t *nonce1, const uint8_t *nonce2,
 			uint8_t *out_ptk, size_t ptk_len)
 {
 	/* Nonce length is 32 */
diff --git a/src/crypto.h b/src/crypto.h
index 320c03da..19eb0470 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -38,7 +38,7 @@ int crypto_psk_from_passphrase(const char *passphrase,
 				const unsigned char *ssid, size_t ssid_len,
 				unsigned char *out_psk);
 
-bool crypto_derive_ptk(uint8_t *pmk, size_t pmk_len, const char *label,
-			uint8_t *addr1, uint8_t *addr2,
-			uint8_t *nonce1, uint8_t *nonce2,
+bool crypto_derive_ptk(const uint8_t *pmk, size_t pmk_len, const char *label,
+			const uint8_t *addr1, const uint8_t *addr2,
+			const uint8_t *nonce1, const uint8_t *nonce2,
 			uint8_t *out_ptk, size_t ptk_len);