From: kernel test robot <lkp@intel.com>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev,
Jarkko Sakkinen <jarkko@kernel.org>
Subject: [jarkko-tpmdd:next 22/38] drivers/char/tpm/tpm2-sessions.c:23: warning: Excess function parameter 'returns' description in 'tpm2_parse_create_primary'
Date: Mon, 6 May 2024 09:10:23 +0800 [thread overview]
Message-ID: <202405060916.dUftOVIp-lkp@intel.com> (raw)
tree: git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git next
head: 152585665f0f6b89e67ed6d04c17b18d1f0f4077
commit: 1c8cb605890dc0ffc8e82e7d1f8594a4d7b7189a [22/38] tpm: Add NULL primary creation
config: s390-defconfig (https://download.01.org/0day-ci/archive/20240506/202405060916.dUftOVIp-lkp@intel.com/config)
compiler: clang version 19.0.0git (https://github.com/llvm/llvm-project 37ae4ad0eef338776c7e2cffb3896153d43dcd90)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240506/202405060916.dUftOVIp-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202405060916.dUftOVIp-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> drivers/char/tpm/tpm2-sessions.c:23: warning: Excess function parameter 'returns' description in 'tpm2_parse_create_primary'
>> drivers/char/tpm/tpm2-sessions.c:186: warning: Excess function parameter 'returns' description in 'tpm2_create_primary'
vim +23 drivers/char/tpm/tpm2-sessions.c
10
11 /**
12 * tpm2_parse_create_primary() - parse the data returned from TPM_CC_CREATE_PRIMARY
13 *
14 * @chip: The TPM the primary was created under
15 * @buf: The response buffer from the chip
16 * @handle: pointer to be filled in with the return handle of the primary
17 * @hierarchy: The hierarchy the primary was created for
18 *
19 * @returns: 0 on success or a positive TPM or negative standard error
20 */
21 static int tpm2_parse_create_primary(struct tpm_chip *chip, struct tpm_buf *buf,
22 u32 *handle, u32 hierarchy)
> 23 {
24 struct tpm_header *head = (struct tpm_header *)buf->data;
25 off_t offset_r = TPM_HEADER_SIZE, offset_t;
26 u16 len = TPM_HEADER_SIZE;
27 u32 total_len = be32_to_cpu(head->length);
28 u32 val, param_len;
29
30 *handle = tpm_buf_read_u32(buf, &offset_r);
31 param_len = tpm_buf_read_u32(buf, &offset_r);
32 /*
33 * param_len doesn't include the header, but all the other
34 * lengths and offsets do, so add it to parm len to make
35 * the comparisons easier
36 */
37 param_len += TPM_HEADER_SIZE;
38
39 if (param_len + 8 > total_len)
40 return -EINVAL;
41 len = tpm_buf_read_u16(buf, &offset_r);
42 offset_t = offset_r;
43 /* now we have the public area, compute the name of the object */
44 put_unaligned_be16(TPM_ALG_SHA256, chip->null_key_name);
45 sha256(&buf->data[offset_r], len, chip->null_key_name + 2);
46
47 /* validate the public key */
48 val = tpm_buf_read_u16(buf, &offset_t);
49
50 /* key type (must be what we asked for) */
51 if (val != TPM_ALG_ECC)
52 return -EINVAL;
53 val = tpm_buf_read_u16(buf, &offset_t);
54
55 /* name algorithm */
56 if (val != TPM_ALG_SHA256)
57 return -EINVAL;
58 val = tpm_buf_read_u32(buf, &offset_t);
59
60 /* object properties */
61 if (val != TPM2_OA_TMPL)
62 return -EINVAL;
63
64 /* auth policy (empty) */
65 val = tpm_buf_read_u16(buf, &offset_t);
66 if (val != 0)
67 return -EINVAL;
68
69 /* symmetric key parameters */
70 val = tpm_buf_read_u16(buf, &offset_t);
71 if (val != TPM_ALG_AES)
72 return -EINVAL;
73
74 /* symmetric key length */
75 val = tpm_buf_read_u16(buf, &offset_t);
76 if (val != AES_KEY_BITS)
77 return -EINVAL;
78
79 /* symmetric encryption scheme */
80 val = tpm_buf_read_u16(buf, &offset_t);
81 if (val != TPM_ALG_CFB)
82 return -EINVAL;
83
84 /* signing scheme */
85 val = tpm_buf_read_u16(buf, &offset_t);
86 if (val != TPM_ALG_NULL)
87 return -EINVAL;
88
89 /* ECC Curve */
90 val = tpm_buf_read_u16(buf, &offset_t);
91 if (val != TPM2_ECC_NIST_P256)
92 return -EINVAL;
93
94 /* KDF Scheme */
95 val = tpm_buf_read_u16(buf, &offset_t);
96 if (val != TPM_ALG_NULL)
97 return -EINVAL;
98
99 /* extract public key (x and y points) */
100 val = tpm_buf_read_u16(buf, &offset_t);
101 if (val != EC_PT_SZ)
102 return -EINVAL;
103 memcpy(chip->null_ec_key_x, &buf->data[offset_t], val);
104 offset_t += val;
105 val = tpm_buf_read_u16(buf, &offset_t);
106 if (val != EC_PT_SZ)
107 return -EINVAL;
108 memcpy(chip->null_ec_key_y, &buf->data[offset_t], val);
109 offset_t += val;
110
111 /* original length of the whole TPM2B */
112 offset_r += len;
113
114 /* should have exactly consumed the TPM2B public structure */
115 if (offset_t != offset_r)
116 return -EINVAL;
117 if (offset_r > param_len)
118 return -EINVAL;
119
120 /* creation data (skip) */
121 len = tpm_buf_read_u16(buf, &offset_r);
122 offset_r += len;
123 if (offset_r > param_len)
124 return -EINVAL;
125
126 /* creation digest (must be sha256) */
127 len = tpm_buf_read_u16(buf, &offset_r);
128 offset_r += len;
129 if (len != SHA256_DIGEST_SIZE || offset_r > param_len)
130 return -EINVAL;
131
132 /* TPMT_TK_CREATION follows */
133 /* tag, must be TPM_ST_CREATION (0x8021) */
134 val = tpm_buf_read_u16(buf, &offset_r);
135 if (val != TPM2_ST_CREATION || offset_r > param_len)
136 return -EINVAL;
137
138 /* hierarchy */
139 val = tpm_buf_read_u32(buf, &offset_r);
140 if (val != hierarchy || offset_r > param_len)
141 return -EINVAL;
142
143 /* the ticket digest HMAC (might not be sha256) */
144 len = tpm_buf_read_u16(buf, &offset_r);
145 offset_r += len;
146 if (offset_r > param_len)
147 return -EINVAL;
148
149 /*
150 * finally we have the name, which is a sha256 digest plus a 2
151 * byte algorithm type
152 */
153 len = tpm_buf_read_u16(buf, &offset_r);
154 if (offset_r + len != param_len + 8)
155 return -EINVAL;
156 if (len != SHA256_DIGEST_SIZE + 2)
157 return -EINVAL;
158
159 if (memcmp(chip->null_key_name, &buf->data[offset_r],
160 SHA256_DIGEST_SIZE + 2) != 0) {
161 dev_err(&chip->dev, "NULL Seed name comparison failed\n");
162 return -EINVAL;
163 }
164
165 return 0;
166 }
167
168 /**
169 * tpm2_create_primary() - create a primary key using a fixed P-256 template
170 *
171 * @chip: the TPM chip to create under
172 * @hierarchy: The hierarchy handle to create under
173 * @handle: The returned volatile handle on success
174 *
175 * For platforms that might not have a persistent primary, this can be
176 * used to create one quickly on the fly (it uses Elliptic Curve not
177 * RSA, so even slow TPMs can create one fast). The template uses the
178 * TCG mandated H one for non-endorsement ECC primaries, i.e. P-256
179 * elliptic curve (the only current one all TPM2s are required to
180 * have) a sha256 name hash and no policy.
181 *
182 * @returns: 0 on success or positive TPM or negative error.
183 */
184 static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy,
185 u32 *handle)
> 186 {
187 int rc;
188 struct tpm_buf buf;
189 struct tpm_buf template;
190
191 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE_PRIMARY);
192 if (rc)
193 return rc;
194
195 rc = tpm_buf_init_sized(&template);
196 if (rc) {
197 tpm_buf_destroy(&buf);
198 return rc;
199 }
200
201 /*
202 * create the template. Note: in order for userspace to
203 * verify the security of the system, it will have to create
204 * and certify this NULL primary, meaning all the template
205 * parameters will have to be identical, so conform exactly to
206 * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC
207 * key H template (H has zero size unique points)
208 */
209
210 /* key type */
211 tpm_buf_append_u16(&template, TPM_ALG_ECC);
212
213 /* name algorithm */
214 tpm_buf_append_u16(&template, TPM_ALG_SHA256);
215
216 /* object properties */
217 tpm_buf_append_u32(&template, TPM2_OA_TMPL);
218
219 /* sauth policy (empty) */
220 tpm_buf_append_u16(&template, 0);
221
222 /* BEGIN parameters: key specific; for ECC*/
223
224 /* symmetric algorithm */
225 tpm_buf_append_u16(&template, TPM_ALG_AES);
226
227 /* bits for symmetric algorithm */
228 tpm_buf_append_u16(&template, AES_KEY_BITS);
229
230 /* algorithm mode (must be CFB) */
231 tpm_buf_append_u16(&template, TPM_ALG_CFB);
232
233 /* scheme (NULL means any scheme) */
234 tpm_buf_append_u16(&template, TPM_ALG_NULL);
235
236 /* ECC Curve ID */
237 tpm_buf_append_u16(&template, TPM2_ECC_NIST_P256);
238
239 /* KDF Scheme */
240 tpm_buf_append_u16(&template, TPM_ALG_NULL);
241
242 /* unique: key specific; for ECC it is two zero size points */
243 tpm_buf_append_u16(&template, 0);
244 tpm_buf_append_u16(&template, 0);
245
246 /* END parameters */
247
248 /* primary handle */
249 tpm_buf_append_u32(&buf, hierarchy);
250 tpm_buf_append_empty_auth(&buf, TPM2_RS_PW);
251
252 /* sensitive create size is 4 for two empty buffers */
253 tpm_buf_append_u16(&buf, 4);
254
255 /* sensitive create auth data (empty) */
256 tpm_buf_append_u16(&buf, 0);
257
258 /* sensitive create sensitive data (empty) */
259 tpm_buf_append_u16(&buf, 0);
260
261 /* the public template */
262 tpm_buf_append(&buf, template.data, template.length);
263 tpm_buf_destroy(&template);
264
265 /* outside info (empty) */
266 tpm_buf_append_u16(&buf, 0);
267
268 /* creation PCR (none) */
269 tpm_buf_append_u32(&buf, 0);
270
271 rc = tpm_transmit_cmd(chip, &buf, 0,
272 "attempting to create NULL primary");
273
274 if (rc == TPM2_RC_SUCCESS)
275 rc = tpm2_parse_create_primary(chip, &buf, handle, hierarchy);
276
277 tpm_buf_destroy(&buf);
278
279 return rc;
280 }
281
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2024-05-06 1:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-06 1:10 kernel test robot [this message]
2024-05-07 20:04 ` [jarkko-tpmdd:next 22/38] drivers/char/tpm/tpm2-sessions.c:23: warning: Excess function parameter 'returns' description in 'tpm2_parse_create_primary' Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202405060916.dUftOVIp-lkp@intel.com \
--to=lkp@intel.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=jarkko@kernel.org \
--cc=llvm@lists.linux.dev \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.