From: kernel test robot <lkp@intel.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev
Subject: [jarkko-tpmdd:tpm2key-v8 11/11] crypto/asymmetric_keys/tpm2_key_ecdsa.c:222:26: warning: format specifies type 'unsigned int' but the argument has type 'off_t' (aka 'long')
Date: Wed, 11 Sep 2024 18:11:18 +0800 [thread overview]
Message-ID: <202409111825.DFufE4RC-lkp@intel.com> (raw)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tpm2key-v8
head: 79e909153c0a5ac21c2c5c0d4eac9229b3408178
commit: 79e909153c0a5ac21c2c5c0d4eac9229b3408178 [11/11] keys: asymmetric: Add tpm2_key_ecdsa
config: x86_64-allyesconfig (https://download.01.org/0day-ci/archive/20240911/202409111825.DFufE4RC-lkp@intel.com/config)
compiler: clang version 18.1.8 (https://github.com/llvm/llvm-project 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240911/202409111825.DFufE4RC-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202409111825.DFufE4RC-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> crypto/asymmetric_keys/tpm2_key_ecdsa.c:222:26: warning: format specifies type 'unsigned int' but the argument has type 'off_t' (aka 'long') [-Wformat]
222 | pr_warn("offset=%u\n", offset);
| ~~ ^~~~~~
| %ld
include/linux/printk.h:518:37: note: expanded from macro 'pr_warn'
518 | printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
| ~~~ ^~~~~~~~~~~
include/linux/printk.h:465:60: note: expanded from macro 'printk'
465 | #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
| ~~~ ^~~~~~~~~~~
include/linux/printk.h:437:19: note: expanded from macro 'printk_index_wrap'
437 | _p_func(_fmt, ##__VA_ARGS__); \
| ~~~~ ^~~~~~~~~~~
crypto/asymmetric_keys/tpm2_key_ecdsa.c:232:26: warning: format specifies type 'unsigned int' but the argument has type 'off_t' (aka 'long') [-Wformat]
232 | pr_warn("offset=%u\n", offset);
| ~~ ^~~~~~
| %ld
include/linux/printk.h:518:37: note: expanded from macro 'pr_warn'
518 | printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
| ~~~ ^~~~~~~~~~~
include/linux/printk.h:465:60: note: expanded from macro 'printk'
465 | #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
| ~~~ ^~~~~~~~~~~
include/linux/printk.h:437:19: note: expanded from macro 'printk_index_wrap'
437 | _p_func(_fmt, ##__VA_ARGS__); \
| ~~~~ ^~~~~~~~~~~
>> crypto/asymmetric_keys/tpm2_key_ecdsa.c:421:10: warning: variable 'ret' is uninitialized when used here [-Wuninitialized]
421 | return ret;
| ^~~
crypto/asymmetric_keys/tpm2_key_ecdsa.c:417:9: note: initialize the variable 'ret' to silence this warning
417 | int ret;
| ^
| = 0
3 warnings generated.
vim +222 crypto/asymmetric_keys/tpm2_key_ecdsa.c
128
129 static int tpm2_key_ecdsa_sign(struct tpm_chip *chip, struct tpm2_key *key,
130 struct kernel_pkey_params *params,
131 const void *in, void *out)
132 {
133 u8 r[SHA256_DIGEST_SIZE], s[SHA256_DIGEST_SIZE];
134 u32 in_len = params->in_len;
135 bool r_0, s_0;
136 struct tpm_header *head;
137 struct tpm_buf buf;
138 u32 key_handle;
139 u8 *ptr = out;
140 off_t offset;
141 int ret;
142
143
144 /* Require explicit hash algorithm: */
145 if (!params->hash_algo)
146 return -EINVAL;
147
148 /* Currently only support SHA256: */
149 if (!!strcmp(params->hash_algo, "sha256"))
150 return -EINVAL;
151
152 ret = tpm_try_get_ops(chip);
153 if (ret)
154 return ret;
155
156 ret = tpm2_start_auth_session(chip);
157 if (ret)
158 goto err_ops;
159
160 ret = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
161 if (ret < 0) {
162 tpm2_end_auth_session(chip);
163 goto err_ops;
164 }
165
166 tpm_buf_append_name(chip, &buf, key->parent, NULL);
167 tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_CONTINUE_SESSION |
168 TPM2_SA_ENCRYPT, NULL, 0);
169 tpm_buf_append(&buf, &key->data[0], key->priv_len + key->pub_len);
170 if (buf.flags & TPM_BUF_OVERFLOW) {
171 tpm2_end_auth_session(chip);
172 ret = -E2BIG;
173 goto err_buf;
174 }
175 tpm_buf_fill_hmac_session(chip, &buf);
176 ret = tpm_transmit_cmd(chip, &buf, 4, "ECDSA loading");
177 ret = tpm_buf_check_hmac_response(chip, &buf, ret);
178 if (ret) {
179 tpm2_end_auth_session(chip);
180 ret = -EIO;
181 goto err_buf;
182 }
183
184 key_handle = be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE]);
185
186 tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_SIGN);
187 tpm_buf_append_name(chip, &buf, key_handle, NULL);
188 tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_DECRYPT, NULL, 0);
189
190 sha256(in, in_len, r);
191 tpm_buf_append_u16(&buf, SHA256_DIGEST_SIZE);
192 tpm_buf_append(&buf, r, SHA256_DIGEST_SIZE);
193 tpm_buf_append_u16(&buf, TPM_ALG_ECDSA);
194 tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
195
196 /* 10.7.2 A NULL Ticket */
197 tpm_buf_append_u16(&buf, TPM2_ST_HASHCHECK);
198 tpm_buf_append_u32(&buf, TPM2_RH_NULL);
199 tpm_buf_append_u16(&buf, 0);
200
201 tpm_buf_fill_hmac_session(chip, &buf);
202 ret = tpm_transmit_cmd(chip, &buf, 4, "ECDSA signing");
203 ret = tpm_buf_check_hmac_response(chip, &buf, ret);
204 if (ret) {
205 tpm2_end_auth_session(chip);
206 ret = -EIO;
207 goto err_key_handle;
208 }
209
210 /* Move to parameters: */
211 head = (struct tpm_header *)buf.data;
212 offset = sizeof(*head);
213 if (be16_to_cpu(head->tag) == TPM2_ST_SESSIONS)
214 offset += 4;
215
216 ret = -EIO;
217
218 /* Copy R: */
219 if (tpm_buf_read_u16(&buf, &offset) != TPM_ALG_ECDSA ||
220 tpm_buf_read_u16(&buf, &offset) != TPM_ALG_SHA256 ||
221 tpm_buf_read_u16(&buf, &offset) != SHA256_DIGEST_SIZE) {
> 222 pr_warn("offset=%u\n", offset);
223 goto err_key_handle;
224 }
225
226 tpm_buf_read(&buf, &offset, SHA256_DIGEST_SIZE, r);
227 r_0 = (r[0] & 0x80) != 0;
228 pr_info("r_0=%d\n", r_0);
229
230 /* Copy S: */
231 if (tpm_buf_read_u16(&buf, &offset) != SHA256_DIGEST_SIZE) {
232 pr_warn("offset=%u\n", offset);
233 goto err_key_handle;
234 }
235
236 tpm_buf_read(&buf, &offset, SHA256_DIGEST_SIZE, s);
237 s_0 = (r[0] & 0x80) != 0;
238 pr_info("s_0=%d\n", r_0);
239
240 /* Encode the ASN.1 signature: */
241 #define TPM2_KEY_ECDSA_SIG_SIZE (2 + 2 * (2 + SHA256_DIGEST_SIZE) + r_0 + s_0)
242 pr_info("sig_size=%d\n", TPM2_KEY_ECDSA_SIG_SIZE);
243 ptr[0] = 0x30; /* SEQUENCE */
244 ptr[1] = TPM2_KEY_ECDSA_SIG_SIZE - 2;
245 #define TPM2_KEY_ECDSA_SIG_R_TAG 2
246 #define TPM2_KEY_ECDSA_SIG_R_SIZE 3
247 #define TPM2_KEY_ECDSA_SIG_R_BODY 4
248 ptr[TPM2_KEY_ECDSA_SIG_R_TAG] = 0x02; /* INTEGER */
249 ptr[TPM2_KEY_ECDSA_SIG_R_SIZE] = SHA256_DIGEST_SIZE + r_0;
250 ptr[TPM2_KEY_ECDSA_SIG_R_BODY] = 0x00; /* maybe dummy write */
251 memcpy(&ptr[TPM2_KEY_ECDSA_SIG_R_BODY + r_0], r, SHA256_DIGEST_SIZE);
252 #define TPM2_KEY_ECDSA_SIG_S_TAG (4 + r_0 + SHA256_DIGEST_SIZE)
253 #define TPM2_KEY_ECDSA_SIG_S_SIZE (5 + r_0 + SHA256_DIGEST_SIZE)
254 #define TPM2_KEY_ECDSA_SIG_S_BODY (6 + r_0 + SHA256_DIGEST_SIZE)
255 ptr[TPM2_KEY_ECDSA_SIG_S_TAG] = 0x02; /* INTEGER */
256 ptr[TPM2_KEY_ECDSA_SIG_S_SIZE] = SHA256_DIGEST_SIZE + s_0;
257 ptr[TPM2_KEY_ECDSA_SIG_S_BODY] = 0x00; /* maybe dummy write */
258 memcpy(&ptr[TPM2_KEY_ECDSA_SIG_S_BODY + s_0], s, SHA256_DIGEST_SIZE);
259 ret = TPM2_KEY_ECDSA_SIG_SIZE;
260
261 err_key_handle:
262 tpm2_flush_context(chip, key_handle);
263
264 err_buf:
265 tpm_buf_destroy(&buf);
266
267 err_ops:
268 tpm_put_ops(chip);
269 return ret;
270 }
271
272 static int tpm2_key_ecdsa_eds_op(struct kernel_pkey_params *params,
273 const void *in, void *out)
274 {
275 struct tpm2_key *key = params->key->payload.data[asym_crypto];
276 struct tpm_chip *chip = tpm_default_chip();
277
278 if (!chip)
279 return -ENODEV;
280
281 switch (params->op) {
282 case kernel_pkey_sign:
283 return tpm2_key_ecdsa_sign(chip, key, params, in, out);
284 default:
285 return -EOPNOTSUPP;
286 }
287 }
288
289 static int tpm2_key_ecdsa_verify_signature(const struct key *key,
290 const struct public_key_signature *sig)
291 {
292 const struct tpm2_key *tpm2_key = key->payload.data[asym_crypto];
293 const off_t o = tpm2_key->priv_len + 2 + sizeof(*tpm2_key->desc);
294 const struct tpm2_ecc_parms *p =
295 (const struct tpm2_ecc_parms *)&tpm2_key->data[o];
296 u16 ecc = be16_to_cpu(p->ecc);
297 const char *ecc_name = tpm2_ecc_name(ecc);
298 const u8 *x = tpm2_key_ecdsa_ecc_x(tpm2_key);
299 u16 x_size = get_unaligned_be16(&x[0]);
300 struct akcipher_request *req;
301 struct scatterlist src_sg[2];
302 struct crypto_akcipher *tfm;
303 struct crypto_wait cwait;
304 char data[256];
305 u8 *ptr;
306 int ret;
307
308 tfm = crypto_alloc_akcipher(ecc_name, 0, 0);
309 if (IS_ERR(tfm))
310 return PTR_ERR(tfm);
311
312 ptr = &data[0];
313 *ptr++ = 0x04; /* uncompressed */
314 memcpy(&ptr[0], &x[2], x_size);
315 memcpy(&ptr[x_size], &x[2 + x_size + 2], x_size);
316 ret = crypto_akcipher_set_pub_key(tfm, data, 2 * x_size + 1);
317 if (ret)
318 goto err_tfm;
319
320 sha256(sig->digest, sig->digest_size, data);
321
322 ret = -ENOMEM;
323 req = akcipher_request_alloc(tfm, GFP_KERNEL);
324 if (!req)
325 goto err_tfm;
326
327 sg_init_table(src_sg, 2);
328 sg_set_buf(&src_sg[0], sig->s, sig->s_size);
329 sg_set_buf(&src_sg[1], data, SHA256_DIGEST_SIZE);
330
331 akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
332 SHA256_DIGEST_SIZE);
333
334 crypto_init_wait(&cwait);
335 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
336 CRYPTO_TFM_REQ_MAY_SLEEP,
337 crypto_req_done, &cwait);
338
339 ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
340 if (ret) {
341 pr_warn("crypto_wait_req() failed with %d\n", ret);
342 goto err_tfm;
343 }
344
345 akcipher_request_free(req);
346
347 err_tfm:
348 crypto_free_akcipher(tfm);
349 return ret;
350 }
351
352 /*
353 * Asymmetric TPM2 ECDSA key. Signs and decrypts with TPM.
354 */
355 struct asymmetric_key_subtype tpm2_key_ecdsa_subtype = {
356 .owner = THIS_MODULE,
357 .name = "tpm2_key_ecdsa",
358 .name_len = sizeof("tpm2_key_ecdsa") - 1,
359 .describe = tpm2_key_ecdsa_describe,
360 .destroy = tpm2_key_ecdsa_destroy,
361 .query = tpm2_key_ecdsa_query,
362 .eds_op = tpm2_key_ecdsa_eds_op,
363 .verify_signature = tpm2_key_ecdsa_verify_signature,
364 };
365 EXPORT_SYMBOL_GPL(tpm2_key_ecdsa_subtype);
366
367 static int __tpm2_key_ecdsa_preparse(struct tpm2_key *key)
368 {
369 const off_t o = key->priv_len + 2 + sizeof(*key->desc);
370 const struct tpm2_ecc_parms *p =
371 (const struct tpm2_ecc_parms *)&key->data[o];
372 u16 x_size, y_size;
373 const u8 *x, *y;
374
375 if (tpm2_key_type(key) != TPM_ALG_ECC)
376 return -EBADMSG;
377
378 if (tpm2_key_policy_size(key) != 0)
379 return -EBADMSG;
380
381 if (be16_to_cpu(p->symmetric) != TPM_ALG_NULL)
382 return -EBADMSG;
383
384 if (be16_to_cpu(p->scheme) != TPM_ALG_NULL)
385 return -EBADMSG;
386
387 if (be16_to_cpu(p->ecc) != TPM2_ECC_NIST_P256 &&
388 be16_to_cpu(p->ecc) != TPM2_ECC_NIST_P384 &&
389 be16_to_cpu(p->ecc) != TPM2_ECC_NIST_P521)
390 return -EBADMSG;
391
392 if (be16_to_cpu(p->kdf) != TPM_ALG_NULL)
393 return -EBADMSG;
394
395 x = tpm2_key_ecdsa_ecc_x(key);
396 x_size = get_unaligned_be16(&x[0]);
397 if (x_size > ECC_MAX_BYTES)
398 return -EBADMSG;
399
400 y = tpm2_key_ecdsa_ecc_y(key);
401 y_size = get_unaligned_be16(&y[0]);
402 if (y_size > ECC_MAX_BYTES)
403 return -EBADMSG;
404
405 if (x_size != y_size)
406 return -EBADMSG;
407
408 return 0;
409 }
410
411 /*
412 * Attempt to parse a data blob for a key as a TPM private key blob.
413 */
414 static int tpm2_key_ecdsa_preparse(struct key_preparsed_payload *prep)
415 {
416 struct tpm2_key *key;
417 int ret;
418
419 key = tpm2_key_decode(prep->data, prep->datalen);
420 if (IS_ERR(key))
> 421 return ret;
422
423 if (key->oid != OID_TPMLoadableKey) {
424 kfree(key);
425 return -EBADMSG;
426 }
427
428 ret = __tpm2_key_ecdsa_preparse(key);
429 if (ret < 0) {
430 kfree(key);
431 return ret;
432 }
433
434 prep->payload.data[asym_subtype] = &tpm2_key_ecdsa_subtype;
435 prep->payload.data[asym_key_ids] = NULL;
436 prep->payload.data[asym_crypto] = key;
437 prep->payload.data[asym_auth] = NULL;
438 prep->quotalen = 100;
439 return 0;
440 }
441
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2024-09-11 10:12 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202409111825.DFufE4RC-lkp@intel.com \
--to=lkp@intel.com \
--cc=jarkko@kernel.org \
--cc=llvm@lists.linux.dev \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox