-
Notifications
You must be signed in to change notification settings - Fork 766
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
hex-search-modify: add tool used in FIPS validations.
Change-Id: I940875e06f13830f53532a430dd5b7a0d49248a1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71428 Auto-Submit: Adam Langley <agl@google.com> Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: Adam Langley <agl@google.com>
- Loading branch information
Showing
1 changed file
with
80 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| // Copyright (c) 2024, Google Inc. | ||
| // | ||
| // Permission to use, copy, modify, and/or distribute this software for any | ||
| // purpose with or without fee is hereby granted, provided that the above | ||
| // copyright notice and this permission notice appear in all copies. | ||
| // | ||
| // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | ||
| // SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION | ||
| // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | ||
| // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
|
|
||
| //go:build ignore | ||
|
|
||
| // This trivial program is used to corrupt the FIPS module. This is done as | ||
| // part of FIPS testing to show that the integrity check is effective. | ||
| // | ||
| // It finds the (sole) occurance of a given hex pattern in a file and flips the | ||
| // first bit. The hex pattern is intended to be the output of running | ||
| // `BORINGSSL_FIPS_SHOW_HASH=1 ninja bcm.o`, i.e. the integrity hash value of | ||
| // the module. By flipping the first bit we ensure that the check will | ||
| // mismatch. | ||
| // | ||
| // This is a simplier version of `break-hash.go` for when we're building with | ||
| // BORINGSSL_FIPS_SHOW_HASH. (But we don't do that in all cases.) | ||
|
|
||
| package main | ||
|
|
||
| import ( | ||
| "bytes" | ||
| "encoding/hex" | ||
| "fmt" | ||
| "io/ioutil" | ||
| "os" | ||
| ) | ||
|
|
||
| func main() { | ||
| if len(os.Args) != 3 { | ||
| fmt.Fprintln(os.Stderr, "Usage: program <hex_string> <file_path>") | ||
| os.Exit(1) | ||
| } | ||
|
|
||
| hexString := os.Args[1] | ||
| filePath := os.Args[2] | ||
|
|
||
| // Decode hex string | ||
| searchBytes, err := hex.DecodeString(hexString) | ||
| if err != nil { | ||
| fmt.Fprintln(os.Stderr, "Error decoding hex string:", err) | ||
| os.Exit(1) | ||
| } | ||
|
|
||
| // Read file contents | ||
| content, err := ioutil.ReadFile(filePath) | ||
| if err != nil { | ||
| fmt.Fprintln(os.Stderr, "Error reading file:", err) | ||
| os.Exit(1) | ||
| } | ||
|
|
||
| // Search for the occurrence of the hex string | ||
| index := bytes.Index(content, searchBytes) | ||
| if index == -1 { | ||
| fmt.Fprintln(os.Stderr, "Hex string not found in the file") | ||
| os.Exit(1) | ||
| } | ||
|
|
||
| // Check for other occurrences | ||
| if bytes.Index(content[index+len(searchBytes):], searchBytes) != -1 { | ||
| fmt.Fprintln(os.Stderr, "Multiple occurrences of the hex string found") | ||
| os.Exit(1) | ||
| } | ||
|
|
||
| // Flip the first bit | ||
| content[index] ^= 0x80 | ||
|
|
||
| // Write updated contents to stdout | ||
| os.Stdout.Write(content) | ||
| } |