* [cifs:gmac-signing-access-denied 14/16] fs/cifs/smb2transport.c:772: warning: expecting prototype for smb311_crypt_sign(). Prototype was for smb311_gmac_sign() instead
@ 2022-09-14 11:15 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-09-14 11:15 UTC (permalink / raw)
To: Steve French; +Cc: kbuild-all, linux-cifs, samba-technical
tree: git://git.samba.org/sfrench/cifs-2.6.git gmac-signing-access-denied
head: 2192d9439564a639ab2e9bc5d6c6ee64cb34283c
commit: 320f9b7ac776d203158be1d06147e94ca8fa794b [14/16] part2
config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20220914/202209141918.88hEOscp-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
git remote add cifs git://git.samba.org/sfrench/cifs-2.6.git
git fetch --no-tags cifs gmac-signing-access-denied
git checkout 320f9b7ac776d203158be1d06147e94ca8fa794b
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=m68k SHELL=/bin/bash fs/cifs/
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> fs/cifs/smb2transport.c:772: warning: expecting prototype for smb311_crypt_sign(). Prototype was for smb311_gmac_sign() instead
vim +772 fs/cifs/smb2transport.c
a7ecf7c2064db8 Steve French 2022-09-14 734
a7ecf7c2064db8 Steve French 2022-09-14 735 /**
a7ecf7c2064db8 Steve French 2022-09-14 736 * smb311_crypt_sign() - Encrypts, decrypts, or sign an SMB2 message using AES-GCM algorithm.
a7ecf7c2064db8 Steve French 2022-09-14 737 *
a7ecf7c2064db8 Steve French 2022-09-14 738 * @rqst: SMB2 request to transform.
a7ecf7c2064db8 Steve French 2022-09-14 739 * @num_rqst: Number of requests to transform. Must be 1 if @sign_only is true.
a7ecf7c2064db8 Steve French 2022-09-14 740 * @enc: True for an encryption operation, false for decryption. If both @enc and @sign_only are
a7ecf7c2064db8 Steve French 2022-09-14 741 * true, assumes an encryption operation and set @sign_only to false.
a7ecf7c2064db8 Steve French 2022-09-14 742 * @sign_only: True if the request must only have the signature computed.
a7ecf7c2064db8 Steve French 2022-09-14 743 * @tfm: AES-GCM crypto transformation object. Must be allocated and freed by the caller.
a7ecf7c2064db8 Steve French 2022-09-14 744 * @key: The private key to be used for the operation. Must be allocated and freed by the caller.
a7ecf7c2064db8 Steve French 2022-09-14 745 * @keylen: The size of @key. Must be 16 for AES-128-GCM crypt ops and AES-GMAC, or 32 for
a7ecf7c2064db8 Steve French 2022-09-14 746 * AES-256-GCM.
a7ecf7c2064db8 Steve French 2022-09-14 747 * @iv: The Initialization Vector, a.k.a. nonce. Must be allocated and freed by the caller.
a7ecf7c2064db8 Steve French 2022-09-14 748 * @assoclen: Size of the Additional Authenticated Data (AAD) (or Associated Data (AD)). Must be
a7ecf7c2064db8 Steve French 2022-09-14 749 * size of smb2_transform_hdr - 20 for encryption/decryption, and the size of the whole
a7ecf7c2064db8 Steve French 2022-09-14 750 * SMB2 message for signing (e.g gotten from smb_rqst_len()).
a7ecf7c2064db8 Steve French 2022-09-14 751 * @cryptlen: Size of the plain/cipher text buffer. Must be 0 if @sign_only is true.
a7ecf7c2064db8 Steve French 2022-09-14 752 *
a7ecf7c2064db8 Steve French 2022-09-14 753 * This function is shared between the SMB 3.1.1 AES-GCM encryption/decryption operations
a7ecf7c2064db8 Steve French 2022-09-14 754 * (crypt_message()), and AES-GMAC signing operation (smb311_calc_aes_gmac()).
a7ecf7c2064db8 Steve French 2022-09-14 755 *
a7ecf7c2064db8 Steve French 2022-09-14 756 * This function will perform the core operations (encrypt and decrypt) using the parameters passed
a7ecf7c2064db8 Steve French 2022-09-14 757 * by the callers, which is what differ encrypt/decrypt ops from signing ops.
a7ecf7c2064db8 Steve French 2022-09-14 758 *
a7ecf7c2064db8 Steve French 2022-09-14 759 * Note that signing functionality (@sign_only == true) must only be used when the request must NOT
a7ecf7c2064db8 Steve French 2022-09-14 760 * be encrypted, as encrypted requests will have their own signatures, but computed differently.
a7ecf7c2064db8 Steve French 2022-09-14 761 *
a7ecf7c2064db8 Steve French 2022-09-14 762 * References:
a7ecf7c2064db8 Steve French 2022-09-14 763 * MS-SMB2 3.2.4.1.1 "Signing the Message"
a7ecf7c2064db8 Steve French 2022-09-14 764 *
a7ecf7c2064db8 Steve French 2022-09-14 765 * Return: 0 on success, negative errno otherwise.
a7ecf7c2064db8 Steve French 2022-09-14 766 */
a7ecf7c2064db8 Steve French 2022-09-14 767 static int smb311_gmac_sign(struct smb_rqst *rqst, int num_rqst,
320f9b7ac776d2 Steve French 2022-09-14 768 unsigned long assoclen,
a7ecf7c2064db8 Steve French 2022-09-14 769 struct crypto_aead *tfm,
a7ecf7c2064db8 Steve French 2022-09-14 770 const u8 *key, unsigned int keylen,
a7ecf7c2064db8 Steve French 2022-09-14 771 u8 *iv)
a7ecf7c2064db8 Steve French 2022-09-14 @772 {
a7ecf7c2064db8 Steve French 2022-09-14 773 struct smb2_hdr *shdr = (struct smb2_hdr *)rqst[0].rq_iov[0].iov_base;
a7ecf7c2064db8 Steve French 2022-09-14 774 u8 sig[SMB2_SIGNATURE_SIZE] = { 0 };
a7ecf7c2064db8 Steve French 2022-09-14 775 struct aead_request *aead_req;
a7ecf7c2064db8 Steve French 2022-09-14 776 DECLARE_CRYPTO_WAIT(wait);
a7ecf7c2064db8 Steve French 2022-09-14 777 struct scatterlist *sg;
a7ecf7c2064db8 Steve French 2022-09-14 778 int rc = 0;
a7ecf7c2064db8 Steve French 2022-09-14 779
a7ecf7c2064db8 Steve French 2022-09-14 780 /* basic checks */
a7ecf7c2064db8 Steve French 2022-09-14 781 if (!rqst || !tfm || !key || !iv)
a7ecf7c2064db8 Steve French 2022-09-14 782 return -EINVAL;
a7ecf7c2064db8 Steve French 2022-09-14 783
a7ecf7c2064db8 Steve French 2022-09-14 784 if (unlikely(!rqst))
a7ecf7c2064db8 Steve French 2022-09-14 785 return -ENODATA;
a7ecf7c2064db8 Steve French 2022-09-14 786
a7ecf7c2064db8 Steve French 2022-09-14 787 /* signing is done on single requests only */
a7ecf7c2064db8 Steve French 2022-09-14 788 if (num_rqst > 1) {
a7ecf7c2064db8 Steve French 2022-09-14 789 cifs_dbg(VFS, "%s: invalid number of requests to sign '%u', expected 1\n",
a7ecf7c2064db8 Steve French 2022-09-14 790 __func__, num_rqst);
a7ecf7c2064db8 Steve French 2022-09-14 791 return -EINVAL;
a7ecf7c2064db8 Steve French 2022-09-14 792 }
a7ecf7c2064db8 Steve French 2022-09-14 793
a7ecf7c2064db8 Steve French 2022-09-14 794 /*
a7ecf7c2064db8 Steve French 2022-09-14 795 * Set the Additional Authenticated Data (AAD)/Associated Data (AD) length to the SMB
a7ecf7c2064db8 Steve French 2022-09-14 796 * request length, which corresponds to the part of the buffer we want to sign/authenticate.
a7ecf7c2064db8 Steve French 2022-09-14 797 */
a7ecf7c2064db8 Steve French 2022-09-14 798 if (unlikely(assoclen == 0)) {
a7ecf7c2064db8 Steve French 2022-09-14 799 cifs_dbg(FYI, "%s: assoclen is 0 for signing operation\n", __func__);
a7ecf7c2064db8 Steve French 2022-09-14 800 return -ENODATA;
a7ecf7c2064db8 Steve French 2022-09-14 801 }
a7ecf7c2064db8 Steve French 2022-09-14 802
a7ecf7c2064db8 Steve French 2022-09-14 803 if (keylen != SMB3_GCM128_CRYPTKEY_SIZE) { /* 16 bytes, for AES-GMAC */
a7ecf7c2064db8 Steve French 2022-09-14 804 cifs_dbg(FYI, "%s: invalid key size '%u'\n", __func__, keylen);
a7ecf7c2064db8 Steve French 2022-09-14 805 return -EINVAL;
a7ecf7c2064db8 Steve French 2022-09-14 806 }
a7ecf7c2064db8 Steve French 2022-09-14 807
a7ecf7c2064db8 Steve French 2022-09-14 808 rc = crypto_aead_setkey(tfm, key, keylen);
a7ecf7c2064db8 Steve French 2022-09-14 809 if (rc) {
a7ecf7c2064db8 Steve French 2022-09-14 810 cifs_dbg(VFS, "%s: Failed to set AEAD key, rc=%d\n", __func__, rc);
a7ecf7c2064db8 Steve French 2022-09-14 811 return rc;
a7ecf7c2064db8 Steve French 2022-09-14 812 }
a7ecf7c2064db8 Steve French 2022-09-14 813
a7ecf7c2064db8 Steve French 2022-09-14 814 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
a7ecf7c2064db8 Steve French 2022-09-14 815 if (rc) {
a7ecf7c2064db8 Steve French 2022-09-14 816 cifs_dbg(VFS, "%s: Failed to set AEAD authsize, rc=%d\n",
a7ecf7c2064db8 Steve French 2022-09-14 817 __func__, rc);
a7ecf7c2064db8 Steve French 2022-09-14 818 return rc;
a7ecf7c2064db8 Steve French 2022-09-14 819 }
a7ecf7c2064db8 Steve French 2022-09-14 820
a7ecf7c2064db8 Steve French 2022-09-14 821 aead_req = aead_request_alloc(tfm, GFP_KERNEL);
a7ecf7c2064db8 Steve French 2022-09-14 822 if (!aead_req) {
a7ecf7c2064db8 Steve French 2022-09-14 823 cifs_dbg(VFS, "%s: Failed to alloc AEAD request\n", __func__);
a7ecf7c2064db8 Steve French 2022-09-14 824 return -ENOMEM;
a7ecf7c2064db8 Steve French 2022-09-14 825 }
a7ecf7c2064db8 Steve French 2022-09-14 826
a7ecf7c2064db8 Steve French 2022-09-14 827 sg = init_sg_gmac(num_rqst, rqst, sig);
a7ecf7c2064db8 Steve French 2022-09-14 828 if (IS_ERR(sg)) {
a7ecf7c2064db8 Steve French 2022-09-14 829 rc = PTR_ERR(sg);
a7ecf7c2064db8 Steve French 2022-09-14 830 cifs_dbg(VFS, "%s: Failed to init SG, rc=%d\n", __func__, rc);
a7ecf7c2064db8 Steve French 2022-09-14 831
a7ecf7c2064db8 Steve French 2022-09-14 832 /* if -EIO, sg has been allocated */
a7ecf7c2064db8 Steve French 2022-09-14 833 if (rc == -EIO)
a7ecf7c2064db8 Steve French 2022-09-14 834 goto out_free_sg;
a7ecf7c2064db8 Steve French 2022-09-14 835
a7ecf7c2064db8 Steve French 2022-09-14 836 goto out_free_req;
a7ecf7c2064db8 Steve French 2022-09-14 837 }
a7ecf7c2064db8 Steve French 2022-09-14 838
a7ecf7c2064db8 Steve French 2022-09-14 839 aead_request_set_crypt(aead_req, sg, sg, 0, iv);
a7ecf7c2064db8 Steve French 2022-09-14 840 aead_request_set_ad(aead_req, assoclen);
a7ecf7c2064db8 Steve French 2022-09-14 841 aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
a7ecf7c2064db8 Steve French 2022-09-14 842 crypto_req_done, &wait);
a7ecf7c2064db8 Steve French 2022-09-14 843
a7ecf7c2064db8 Steve French 2022-09-14 844 /*
a7ecf7c2064db8 Steve French 2022-09-14 845 * Note for AES-GMAC (@sign_only): whether signing or verifying a signature, we must
a7ecf7c2064db8 Steve French 2022-09-14 846 * always use the encrypt function, as AES-GCM decrypt will internally try to match the
a7ecf7c2064db8 Steve French 2022-09-14 847 * authentication codes, which were computed based on the ciphertext, and fail (-EBADMSG),
a7ecf7c2064db8 Steve French 2022-09-14 848 * as expected.
a7ecf7c2064db8 Steve French 2022-09-14 849 */
a7ecf7c2064db8 Steve French 2022-09-14 850 rc = crypto_wait_req(crypto_aead_encrypt(aead_req), &wait);
a7ecf7c2064db8 Steve French 2022-09-14 851 if (!rc) {
a7ecf7c2064db8 Steve French 2022-09-14 852 memcpy(&shdr->Signature, sig, SMB2_SIGNATURE_SIZE);
a7ecf7c2064db8 Steve French 2022-09-14 853 }
a7ecf7c2064db8 Steve French 2022-09-14 854
a7ecf7c2064db8 Steve French 2022-09-14 855 out_free_sg:
a7ecf7c2064db8 Steve French 2022-09-14 856 kfree(sg);
a7ecf7c2064db8 Steve French 2022-09-14 857 out_free_req:
a7ecf7c2064db8 Steve French 2022-09-14 858 kfree(aead_req);
a7ecf7c2064db8 Steve French 2022-09-14 859
a7ecf7c2064db8 Steve French 2022-09-14 860 return rc;
a7ecf7c2064db8 Steve French 2022-09-14 861 }
a7ecf7c2064db8 Steve French 2022-09-14 862
:::::: The code at line 772 was first introduced by commit
:::::: a7ecf7c2064db88102d9bc6080325078ee5ffad6 part1
:::::: TO: Steve French <stfrench@microsoft.com>
:::::: CC: Steve French <stfrench@microsoft.com>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-09-14 11:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-14 11:15 [cifs:gmac-signing-access-denied 14/16] fs/cifs/smb2transport.c:772: warning: expecting prototype for smb311_crypt_sign(). Prototype was for smb311_gmac_sign() instead kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).