hex-search-modify: add tool used in FIPS validations.

Change-Id: I940875e06f13830f53532a430dd5b7a0d49248a1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71428
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Adam Langley <agl@google.com>
diff --git a/util/fipstools/hex-search-modify.go b/util/fipstools/hex-search-modify.go
new file mode 100644
index 0000000..7d64591
--- /dev/null
+++ b/util/fipstools/hex-search-modify.go
@@ -0,0 +1,80 @@
+// Copyright (c) 2024, Google Inc.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+//go:build ignore
+
+// This trivial program is used to corrupt the FIPS module. This is done as
+// part of FIPS testing to show that the integrity check is effective.
+//
+// It finds the (sole) occurance of a given hex pattern in a file and flips the
+// first bit. The hex pattern is intended to be the output of running
+// `BORINGSSL_FIPS_SHOW_HASH=1 ninja bcm.o`, i.e. the integrity hash value of
+// the module. By flipping the first bit we ensure that the check will
+// mismatch.
+//
+// This is a simplier version of `break-hash.go` for when we're building with
+// BORINGSSL_FIPS_SHOW_HASH. (But we don't do that in all cases.)
+
+package main
+
+import (
+	"bytes"
+	"encoding/hex"
+	"fmt"
+	"io/ioutil"
+	"os"
+)
+
+func main() {
+	if len(os.Args) != 3 {
+		fmt.Fprintln(os.Stderr, "Usage: program <hex_string> <file_path>")
+		os.Exit(1)
+	}
+
+	hexString := os.Args[1]
+	filePath := os.Args[2]
+
+	// Decode hex string
+	searchBytes, err := hex.DecodeString(hexString)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error decoding hex string:", err)
+		os.Exit(1)
+	}
+
+	// Read file contents
+	content, err := ioutil.ReadFile(filePath)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error reading file:", err)
+		os.Exit(1)
+	}
+
+	// Search for the occurrence of the hex string
+	index := bytes.Index(content, searchBytes)
+	if index == -1 {
+		fmt.Fprintln(os.Stderr, "Hex string not found in the file")
+		os.Exit(1)
+	}
+
+	// Check for other occurrences
+	if bytes.Index(content[index+len(searchBytes):], searchBytes) != -1 {
+		fmt.Fprintln(os.Stderr, "Multiple occurrences of the hex string found")
+		os.Exit(1)
+	}
+
+	// Flip the first bit
+	content[index] ^= 0x80
+
+	// Write updated contents to stdout
+	os.Stdout.Write(content)
+}