From 7a689ebc67b3b3f282fa8d6754da7930dcf1b15c Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@google.com>
Date: Mon, 12 Apr 2021 12:51:16 +0200
Subject: [PATCH] ANDROID: crypto: lib/sha256 - add vendor hook for sha256()
 routine

Add a vendor hook that will allow the FIPS140 kernel module to override
the implementation of the sha256() library routine. The FIPS 140 version
is identical to the normal one, but its code and rodata will have been
integrity checked at module load time.

Bug: 153614920
Bug: 188620248
Change-Id: I8ccc4f0cc8206af39fa922134b438dacac2a614a
Signed-off-by: Ard Biesheuvel <ardb@google.com>
---
 drivers/android/vendor_hooks.c |  2 ++
 include/trace/hooks/fips140.h  | 27 +++++++++++++++++++++++++++
 lib/crypto/sha256.c            |  9 +++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 include/trace/hooks/fips140.h

diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c
index 8768e7e6c61a..44397e97ff23 100644
--- a/drivers/android/vendor_hooks.c
+++ b/drivers/android/vendor_hooks.c
@@ -62,6 +62,7 @@
 #include <trace/hooks/scmi.h>
 #include <trace/hooks/user.h>
 #include <trace/hooks/cpuidle_psci.h>
+#include <trace/hooks/fips140.h>
 
 /*
  * Export tracepoints that act as a bare tracehook (ie: have no trace event
@@ -321,3 +322,4 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_free_user);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_set_balance_anon_file_reclaim);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_cpuidle_psci_enter);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_cpuidle_psci_exit);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_sha256);
diff --git a/include/trace/hooks/fips140.h b/include/trace/hooks/fips140.h
new file mode 100644
index 000000000000..10fe4bbaee08
--- /dev/null
+++ b/include/trace/hooks/fips140.h
@@ -0,0 +1,27 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#undef TRACE_SYSTEM
+#define TRACE_SYSTEM fips140
+#define TRACE_INCLUDE_PATH trace/hooks
+
+#if !defined(_TRACE_HOOK_FIPS140_H) || defined(TRACE_HEADER_MULTI_READ)
+#define _TRACE_HOOK_FIPS140_H
+#include <linux/tracepoint.h>
+#include <trace/hooks/vendor_hooks.h>
+
+/*
+ * This hook exists only for the benefit of the FIPS140 crypto module, which
+ * uses it to swap out the underlying implementation with one that is integrity
+ * checked as per FIPS 140 requirements. No other uses are allowed or
+ * supported.
+ */
+DECLARE_HOOK(android_vh_sha256,
+	     TP_PROTO(const u8 *data,
+		      unsigned int len,
+		      u8 *out,
+		      int *hook_inuse),
+	     TP_ARGS(data, len, out, hook_inuse));
+
+#endif /* _TRACE_HOOK_FIPS140_H */
+
+/* This part must be outside protection */
+#include <trace/define_trace.h>
diff --git a/lib/crypto/sha256.c b/lib/crypto/sha256.c
index 2321f6cb322f..216a0d9787b0 100644
--- a/lib/crypto/sha256.c
+++ b/lib/crypto/sha256.c
@@ -17,6 +17,7 @@
 #include <linux/string.h>
 #include <crypto/sha.h>
 #include <asm/unaligned.h>
+#include <trace/hooks/fips140.h>
 
 static inline u32 Ch(u32 x, u32 y, u32 z)
 {
@@ -284,6 +285,14 @@ void sha256(const u8 *data, unsigned int len, u8 *out)
 {
 	struct sha256_state sctx;
 
+#if defined(CONFIG_CRYPTO_FIPS140) && !defined(BUILD_FIPS140_KO)
+	int hook_inuse = 0;
+
+	trace_android_vh_sha256(data, len, out, &hook_inuse);
+	if (hook_inuse)
+		return;
+#endif
+
 	sha256_init(&sctx);
 	sha256_update(&sctx, data, len);
 	sha256_final(&sctx, out);