lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202107131145.eIKjy4Fl-lkp@intel.com>
Date:   Tue, 13 Jul 2021 11:20:48 +0800
From:   kernel test robot <lkp@...el.com>
To:     Hannes Reinecke <hare@...e.de>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org
Subject: [hare-scsi-devel:auth.v2 9/12] drivers/nvme/host/auth.c:691:5:
 warning: no previous prototype for 'nvme_auth_dhchap_exponential'

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel.git auth.v2
head:   9107ea4a3526c6801b38b7a2345b7372278a35ba
commit: 9ca30b761b5f46cc6293abdd7fb89cc1732381e9 [9/12] nvme-auth: augmented challenge support
config: x86_64-allyesconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
        # https://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel.git/commit/?id=9ca30b761b5f46cc6293abdd7fb89cc1732381e9
        git remote add hare-scsi-devel https://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel.git
        git fetch --no-tags hare-scsi-devel auth.v2
        git checkout 9ca30b761b5f46cc6293abdd7fb89cc1732381e9
        # save the attached .config to linux build tree
        make W=1 ARCH=x86_64 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

   drivers/nvme/host/auth.c:43:5: warning: no previous prototype for 'nvme_auth_send' [-Wmissing-prototypes]
      43 | int nvme_auth_send(struct nvme_ctrl *ctrl, int qid, void *data, size_t tl)
         |     ^~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:67:5: warning: no previous prototype for 'nvme_auth_receive' [-Wmissing-prototypes]
      67 | int nvme_auth_receive(struct nvme_ctrl *ctrl, int qid, void *buf, size_t al,
         |     ^~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:120:5: warning: no previous prototype for 'nvme_auth_dhchap_negotiate' [-Wmissing-prototypes]
     120 | int nvme_auth_dhchap_negotiate(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:149:5: warning: no previous prototype for 'nvme_auth_dhchap_challenge' [-Wmissing-prototypes]
     149 | int nvme_auth_dhchap_challenge(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:264:5: warning: no previous prototype for 'nvme_auth_dhchap_reply' [-Wmissing-prototypes]
     264 | int nvme_auth_dhchap_reply(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:310:5: warning: no previous prototype for 'nvme_auth_dhchap_success1' [-Wmissing-prototypes]
     310 | int nvme_auth_dhchap_success1(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:355:5: warning: no previous prototype for 'nvme_auth_dhchap_success2' [-Wmissing-prototypes]
     355 | int nvme_auth_dhchap_success2(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:370:5: warning: no previous prototype for 'nvme_auth_dhchap_failure2' [-Wmissing-prototypes]
     370 | int nvme_auth_dhchap_failure2(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:387:5: warning: no previous prototype for 'nvme_auth_select_hash' [-Wmissing-prototypes]
     387 | int nvme_auth_select_hash(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:531:5: warning: no previous prototype for 'nvme_auth_dhchap_host_response' [-Wmissing-prototypes]
     531 | int nvme_auth_dhchap_host_response(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:590:5: warning: no previous prototype for 'nvme_auth_dhchap_controller_response' [-Wmissing-prototypes]
     590 | int nvme_auth_dhchap_controller_response(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/nvme/host/auth.c:656:5: warning: no previous prototype for 'nvme_auth_generate_key' [-Wmissing-prototypes]
     656 | int nvme_auth_generate_key(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~
>> drivers/nvme/host/auth.c:691:5: warning: no previous prototype for 'nvme_auth_dhchap_exponential' [-Wmissing-prototypes]
     691 | int nvme_auth_dhchap_exponential(struct nvme_ctrl *ctrl,
         |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~


vim +/nvme_auth_dhchap_exponential +691 drivers/nvme/host/auth.c

   530	
 > 531	int nvme_auth_dhchap_host_response(struct nvme_ctrl *ctrl,
   532					   struct nvme_dhchap_context *chap)
   533	{
   534		SHASH_DESC_ON_STACK(shash, chap->shash_tfm);
   535		u8 buf[4], *challenge = chap->c1;
   536		int ret;
   537	
   538		dev_dbg(ctrl->device, "%s: qid %d host response seq %d transaction %d\n",
   539			__func__, chap->qid, chap->s1, chap->transaction);
   540		if (chap->dh_tfm) {
   541			challenge = kmalloc(chap->hash_len, GFP_KERNEL);
   542			if (!challenge) {
   543				ret = -ENOMEM;
   544				goto out;
   545			}
   546			ret = nvme_auth_augmented_challenge(chap, chap->c1, challenge);
   547			if (ret)
   548				goto out;
   549		}
   550		shash->tfm = chap->shash_tfm;
   551		ret = crypto_shash_init(shash);
   552		if (ret)
   553			goto out;
   554		ret = crypto_shash_update(shash, challenge, chap->hash_len);
   555		if (ret)
   556			goto out;
   557		put_unaligned_le32(chap->s1, buf);
   558		ret = crypto_shash_update(shash, buf, 4);
   559		if (ret)
   560			goto out;
   561		put_unaligned_le16(chap->transaction, buf);
   562		ret = crypto_shash_update(shash, buf, 2);
   563		if (ret)
   564			goto out;
   565		memset(buf, 0, sizeof(buf));
   566		ret = crypto_shash_update(shash, buf, 1);
   567		if (ret)
   568			goto out;
   569		ret = crypto_shash_update(shash, "HostHost", 8);
   570		if (ret)
   571			goto out;
   572		ret = crypto_shash_update(shash, ctrl->opts->host->nqn,
   573					  strlen(ctrl->opts->host->nqn));
   574		if (ret)
   575			goto out;
   576		ret = crypto_shash_update(shash, buf, 1);
   577		if (ret)
   578			goto out;
   579		ret = crypto_shash_update(shash, ctrl->opts->subsysnqn,
   580				    strlen(ctrl->opts->subsysnqn));
   581		if (ret)
   582			goto out;
   583		ret = crypto_shash_final(shash, chap->response);
   584	out:
   585		if (challenge != chap->c1)
   586			kfree(challenge);
   587		return ret;
   588	}
   589	
   590	int nvme_auth_dhchap_controller_response(struct nvme_ctrl *ctrl,
   591						 struct nvme_dhchap_context *chap)
   592	{
   593		SHASH_DESC_ON_STACK(shash, chap->shash_tfm);
   594		u8 buf[4], *challenge = chap->c2;
   595		int ret;
   596	
   597		if (chap->dh_tfm) {
   598			challenge = kmalloc(chap->hash_len, GFP_KERNEL);
   599			if (!challenge) {
   600				ret = -ENOMEM;
   601				goto out;
   602			}
   603			ret = nvme_auth_augmented_challenge(chap, chap->c2,
   604							    challenge);
   605			if (ret)
   606				goto out;
   607		}
   608		dev_dbg(ctrl->device, "%s: qid %d host response seq %d transaction %d\n",
   609			__func__, chap->qid, chap->s2, chap->transaction);
   610		dev_dbg(ctrl->device, "%s: qid %d challenge %*ph\n",
   611			__func__, chap->qid, chap->hash_len, challenge);
   612		dev_dbg(ctrl->device, "%s: qid %d subsysnqn %s\n",
   613			__func__, chap->qid, ctrl->opts->subsysnqn);
   614		dev_dbg(ctrl->device, "%s: qid %d hostnqn %s\n",
   615			__func__, chap->qid, ctrl->opts->host->nqn);
   616		shash->tfm = chap->shash_tfm;
   617		ret = crypto_shash_init(shash);
   618		if (ret)
   619			goto out;
   620		ret = crypto_shash_update(shash, challenge, chap->hash_len);
   621		if (ret)
   622			goto out;
   623		put_unaligned_le32(chap->s2, buf);
   624		ret = crypto_shash_update(shash, buf, 4);
   625		if (ret)
   626			goto out;
   627		put_unaligned_le16(chap->transaction, buf);
   628		ret = crypto_shash_update(shash, buf, 2);
   629		if (ret)
   630			goto out;
   631		memset(buf, 0, 4);
   632		ret = crypto_shash_update(shash, buf, 1);
   633		if (ret)
   634			goto out;
   635		ret = crypto_shash_update(shash, "Controller", 10);
   636		if (ret)
   637			goto out;
   638		ret = crypto_shash_update(shash, ctrl->opts->subsysnqn,
   639					  strlen(ctrl->opts->subsysnqn));
   640		if (ret)
   641			goto out;
   642		ret = crypto_shash_update(shash, buf, 1);
   643		if (ret)
   644			goto out;
   645		ret = crypto_shash_update(shash, ctrl->opts->host->nqn,
   646					  strlen(ctrl->opts->host->nqn));
   647		if (ret)
   648			goto out;
   649		ret = crypto_shash_final(shash, chap->response);
   650	out:
   651		if (challenge != chap->c2)
   652			kfree(challenge);
   653		return ret;
   654	}
   655	
   656	int nvme_auth_generate_key(struct nvme_ctrl *ctrl,
   657				   struct nvme_dhchap_context *chap)
   658	{
   659		size_t dhchap_len = strlen(ctrl->opts->dhchap_secret) - 11;
   660		u8 *decoded_key;
   661		size_t decoded_len;
   662		u32 crc;
   663	
   664		if (memcmp(ctrl->opts->dhchap_secret, "DHHC-1:00:", 10))
   665			return -EINVAL;
   666	
   667		decoded_key = kzalloc(dhchap_len, GFP_KERNEL);
   668		if (!decoded_key)
   669			return -ENOMEM;
   670		decoded_len = base64_decode(ctrl->opts->dhchap_secret + 10,
   671					    dhchap_len, decoded_key);
   672		if (decoded_len != 36 && decoded_len != 52 && decoded_len != 68) {
   673			dev_warn(ctrl->dev,
   674				 "DH-HMAC-CHAP: unsupported key length %zu\n", dhchap_len);
   675			return -EKEYREJECTED;
   676		}
   677		/* The last four bytes is the CRC in little-endian format */
   678		decoded_len -= 4;
   679		crc = ~crc32(~0, decoded_key, decoded_len);
   680	
   681		if (get_unaligned_le32(decoded_key + decoded_len) != crc) {
   682			dev_warn(ctrl->dev,
   683				 "DH-HMAC-CHAP: key crc mismatch! (%u != %u)\n",
   684				 get_unaligned_le32(decoded_key + decoded_len), crc);
   685		}
   686		memcpy(chap->key, decoded_key, decoded_len);
   687		kfree(decoded_key);
   688		return 0;
   689	}
   690	
 > 691	int nvme_auth_dhchap_exponential(struct nvme_ctrl *ctrl,
   692					 struct nvme_dhchap_context *chap)
   693	{
   694		struct kpp_request *req;
   695		struct crypto_wait wait;
   696		struct scatterlist src, dst;
   697		u8 *pkey;
   698		int ret, pkey_len;
   699	
   700		if (chap->dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_ECDH) {
   701			struct ecdh p = {0};
   702	
   703			pkey_len = crypto_ecdh_key_len(&p);
   704			pkey = kzalloc(pkey_len, GFP_KERNEL);
   705			if (!pkey)
   706				return -ENOMEM;
   707	
   708			get_random_bytes(pkey, pkey_len);
   709			ret = crypto_ecdh_encode_key(pkey, pkey_len, &p);
   710			if (ret) {
   711				dev_dbg(ctrl->device,
   712					"failed to encode pkey, error %d\n", ret);
   713				kfree(pkey);
   714				return ret;
   715			}
   716			chap->host_key_len = 64;
   717			chap->sess_key_len = 32;
   718		} else if (chap->dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_25519) {
   719			pkey_len = CURVE25519_KEY_SIZE;
   720			pkey = kzalloc(pkey_len, GFP_KERNEL);
   721			if (!pkey)
   722				return -ENOMEM;
   723			get_random_bytes(pkey, pkey_len);
   724			chap->host_key_len = chap->sess_key_len = CURVE25519_KEY_SIZE;
   725		} else {
   726			dev_warn(ctrl->device, "Invalid DH group id %d\n",
   727				 chap->dhgroup_id);
   728			chap->status = NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD;
   729			return -EINVAL;
   730		}
   731	
   732		ret = crypto_kpp_set_secret(chap->dh_tfm, pkey, pkey_len);
   733		if (ret) {
   734			dev_dbg(ctrl->dev, "failed to set secret, error %d\n", ret);
   735			kfree(pkey);
   736			return ret;
   737		}
   738		req = kpp_request_alloc(chap->dh_tfm, GFP_KERNEL);
   739		if (!req) {
   740			ret = -ENOMEM;
   741			goto out_free_exp;
   742		}
   743	
   744		chap->host_key = kzalloc(chap->host_key_len, GFP_KERNEL);
   745		if (!chap->host_key) {
   746			ret = -ENOMEM;
   747			goto out_free_req;
   748		}
   749		crypto_init_wait(&wait);
   750		kpp_request_set_input(req, NULL, 0);
   751		sg_init_one(&dst, chap->host_key, chap->host_key_len);
   752		kpp_request_set_output(req, &dst, chap->host_key_len);
   753		kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
   754					 crypto_req_done, &wait);
   755	
   756		ret = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
   757		if (ret) {
   758			dev_dbg(ctrl->dev,
   759				"failed to generate public key, error %d\n", ret);
   760			goto out_free_host;
   761		}
   762	
   763		chap->sess_key = kmalloc(chap->sess_key_len, GFP_KERNEL);
   764		if (!chap->sess_key)
   765			goto out_free_host;
   766	
   767		crypto_init_wait(&wait);
   768		sg_init_one(&src, chap->ctrl_key, chap->ctrl_key_len);
   769		kpp_request_set_input(req, &src, chap->ctrl_key_len);
   770		sg_init_one(&dst, chap->sess_key, chap->sess_key_len);
   771		kpp_request_set_output(req, &dst, chap->sess_key_len);
   772		kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
   773					 crypto_req_done, &wait);
   774	
   775		ret = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
   776		if (ret) {
   777			dev_dbg(ctrl->dev,
   778				"failed to generate shared secret, error %d\n", ret);
   779			kfree_sensitive(chap->sess_key);
   780			chap->sess_key = NULL;
   781			chap->sess_key_len = 0;
   782		} else
   783			dev_dbg(ctrl->dev, "shared secret %*ph\n",
   784				 (int)chap->sess_key_len, chap->sess_key);
   785	out_free_host:
   786		if (ret) {
   787			kfree(chap->host_key);
   788			chap->host_key = NULL;
   789			chap->host_key_len = 0;
   790		}
   791	out_free_req:
   792		kpp_request_free(req);
   793	out_free_exp:
   794		kfree_sensitive(pkey);
   795		if (ret)
   796			chap->status = NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD;
   797		return ret;
   798	}
   799	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (65329 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ