tree: https://github.com/intel/linux-intel-lts.git 5.4/yocto head: eeb611e5394c56d45c5cc8f7dc484c9f19e93143 commit: d2a205db2c4ee2728f9be6d45f2361f05205408e [13/1142] crypto: keembay: Add Keem Bay offload ECC Driver config: x86_64-randconfig-r013-20201225 (attached as .config) compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project cee1e7d14f4628d6174b33640d502bff3b54ae45) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu # https://github.com/intel/linux-intel-lts/commit/d2a205db2c4ee2728f9be6d45f2361f05205408e git remote add intel-linux-intel-lts https://github.com/intel/linux-intel-lts.git git fetch --no-tags intel-linux-intel-lts 5.4/yocto git checkout d2a205db2c4ee2728f9be6d45f2361f05205408e # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot All warnings (new ones prefixed by >>): >> drivers/crypto/keembay/keembay-ocs-ecc-core.c:574:5: warning: no previous prototype for function 'kmb_ecc_gen_privkey' [-Wmissing-prototypes] int kmb_ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, ^ drivers/crypto/keembay/keembay-ocs-ecc-core.c:574:1: note: declare 'static' if the function is not intended to be used outside of this translation unit int kmb_ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, ^ static >> drivers/crypto/keembay/keembay-ocs-ecc-core.c:680:12: warning: address of array 'ctx->private_key' will always evaluate to 'true' [-Wpointer-bool-conversion] if (!ctx->private_key || !curve || ~~~~~~^~~~~~~~~~~ 2 warnings generated. vim +/kmb_ecc_gen_privkey +574 drivers/crypto/keembay/keembay-ocs-ecc-core.c 561 562 /* 563 * ECC private keys are generated using the method of extra random bits, 564 * equivalent to that described in FIPS 186-4, Appendix B.4.1. 565 * 566 * d = (c mod(n–1)) + 1 where c is a string of random bits, 64 bits longer 567 * than requested 568 * 0 <= c mod(n-1) <= n-2 and implies that 569 * 1 <= d <= n-1 570 * 571 * This method generates a private key uniformly distributed in the range 572 * [1, n-1]. 573 */ > 574 int kmb_ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, 575 u64 *privkey) 576 { 577 u64 priv[KMB_ECC_MAX_DIGITS]; 578 579 const struct ecc_curve *curve = ecc_get_curve(curve_id); 580 unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; 581 unsigned int nbits = vli_num_bits(curve->n, ndigits); 582 int err = 0; 583 584 /* Check that N is included in Table 1 of FIPS 186-4, section 6.1.1 */ 585 if (nbits < 160 || ndigits > ARRAY_SIZE(priv)) 586 return -EINVAL; 587 588 /* 589 * FIPS 186-4 recommends that the private key should be obtained from a 590 * RBG with a security strength equal to or greater than the security 591 * strength associated with N. 592 * 593 * The maximum security strength identified by NIST SP800-57pt1r4 for 594 * ECC is 256 (N >= 512). 595 * 596 * This condition is met by the default RNG because it selects a favored 597 * DRBG with a security strength of 256. 598 */ 599 if (crypto_get_default_rng()) 600 return -EFAULT; 601 602 err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes); 603 crypto_put_default_rng(); 604 if (err) 605 goto cleanup; 606 607 err = kmb_ecc_is_key_valid(curve_id, ndigits, priv, nbytes); 608 if (err) 609 goto cleanup; 610 611 memcpy(privkey, priv, nbytes); 612 613 cleanup: 614 memzero_explicit(&priv, sizeof(priv)); 615 616 return err; 617 } 618 619 static int kmb_ocs_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, 620 unsigned int len) 621 { 622 struct ecdh params; 623 unsigned int ndigits; 624 625 int ret = 0; 626 struct ocs_ecc_ctx *ctx = kpp_tfm_ctx(tfm); 627 628 ret = crypto_ecdh_decode_key(buf, len, ¶ms); 629 if (ret) 630 goto cleanup; 631 632 ndigits = kmb_ocs_ecdh_supported_curve(params.curve_id); 633 634 if (!ndigits) { 635 ret = -EOPNOTSUPP; 636 goto cleanup; 637 } 638 639 ctx->curve_id = params.curve_id; 640 ctx->ndigits = ndigits; 641 642 if (!params.key || !params.key_size) { 643 ret = -EINVAL; 644 #ifdef CONFIG_CRYPTO_DEV_KEEMBAY_OCS_ECDH_GEN_PRIV_KEY_SUPPORT 645 ret = kmb_ecc_gen_privkey(ctx->curve_id, ctx->ndigits, 646 ctx->private_key); 647 #endif /* CONFIG_CRYPTO_DEV_KEEMBAY_OCS_ECDH_GEN_PRIV_KEY_SUPPORT */ 648 if (ret) 649 goto cleanup; 650 goto swap_digits; 651 } 652 653 ret = kmb_ecc_is_key_valid(ctx->curve_id, ctx->ndigits, 654 (const u64 *)params.key, params.key_size); 655 if (ret) 656 goto cleanup; 657 658 swap_digits: 659 ecc_swap_digits((u64 *)params.key, ctx->private_key, ctx->ndigits); 660 cleanup: 661 memzero_explicit(¶ms, sizeof(params)); 662 663 return ret; 664 } 665 666 static int kmb_ocs_ecc_do_one_request(struct crypto_engine *engine, 667 void *areq) 668 { 669 size_t copied, nbytes; 670 struct ecc_point *pk; 671 672 u64 *public_key = NULL; 673 int ret = -ENOMEM; 674 size_t public_key_sz = 0; 675 struct kpp_request *req = container_of(areq, struct kpp_request, 676 base); 677 struct ocs_ecc_ctx *ctx = kmb_ocs_kpp_ctx(req); 678 const struct ecc_curve *curve = ecc_get_curve(ctx->curve_id); 679 > 680 if (!ctx->private_key || !curve || 681 (ctx->ndigits > KMB_ECC_MAX_DIGITS)) { 682 ret = -EINVAL; 683 goto out; 684 } 685 686 /* No spurious request checked at top level.*/ 687 if ((!req->src) && (!req->dst)) { 688 ret = -EINVAL; 689 goto out; 690 } 691 692 /* Store the request flag in ctx. */ 693 ctx->gfp = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? GFP_KERNEL 694 : GFP_ATOMIC; 695 696 pk = ecc_alloc_point(ctx->ndigits, ctx->gfp); 697 if (!pk) { 698 ret = -ENOMEM; 699 goto out; 700 } 701 702 /* Store the kpp_request struct in the device context. */ 703 ctx->ecc_dev->req = req; 704 705 /* In case shared_secret branch not taken. */ 706 ctx->pk = NULL; 707 708 nbytes = data_size_u64_to_u8(ctx->ndigits); 709 /* Public part is a point thus it has both coordinates */ 710 public_key_sz = 2 * nbytes; 711 712 public_key = kzalloc(public_key_sz, ctx->gfp); 713 if (!public_key) { 714 ret = -ENOMEM; 715 goto free_all; 716 } 717 718 if (req->src) { 719 /* from here on it's invalid parameters */ 720 ret = -EINVAL; 721 722 /* must have exactly two points to be on the curve */ 723 if (public_key_sz != req->src_len) 724 goto free_all; 725 726 copied = sg_copy_to_buffer(req->src, 727 sg_nents_for_len(req->src, 728 public_key_sz), 729 public_key, public_key_sz); 730 if (copied != public_key_sz) 731 goto free_all; 732 /* Store pk in the device context. */ 733 ctx->pk = pk; 734 ecc_swap_digits(public_key, pk->x, ctx->ndigits); 735 ecc_swap_digits(&public_key[ctx->ndigits], pk->y, ctx->ndigits); 736 /* 737 * Check the public key for following 738 * Check 1: Verify key is not the zero point. 739 * Check 2: Verify key is in the range [1, p-1]. 740 * Check 3: Verify that y^2 == (x^3 + a·x + b) mod p 741 */ 742 ret = kmb_ocs_ecc_is_pubkey_valid_partial(ctx->ecc_dev, curve, 743 pk); 744 } else { 745 /* Public Key(pk) = priv * G. */ 746 ret = ecc_point_mult(ctx->ecc_dev, pk, &curve->g, 747 ctx->private_key, curve, ctx->ndigits); 748 } 749 750 if (ret) 751 goto free_all; 752 goto return_success; 753 754 /* follow through */ 755 free_all: 756 ecc_free_point(pk); 757 out: 758 crypto_finalize_kpp_request(ctx->ecc_dev->engine, 759 req, ret); 760 return_success: 761 if (public_key) { 762 memzero_explicit(public_key, public_key_sz); 763 kzfree(public_key); 764 } 765 return 0; 766 } 767 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org