blob: 7d645918593f65df41fcea1b071ff55b47092590 [file] [log] [blame]
// Copyright (c) 2024, Google Inc.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
//go:build ignore
// This trivial program is used to corrupt the FIPS module. This is done as
// part of FIPS testing to show that the integrity check is effective.
//
// It finds the (sole) occurance of a given hex pattern in a file and flips the
// first bit. The hex pattern is intended to be the output of running
// `BORINGSSL_FIPS_SHOW_HASH=1 ninja bcm.o`, i.e. the integrity hash value of
// the module. By flipping the first bit we ensure that the check will
// mismatch.
//
// This is a simplier version of `break-hash.go` for when we're building with
// BORINGSSL_FIPS_SHOW_HASH. (But we don't do that in all cases.)
package main
import (
"bytes"
"encoding/hex"
"fmt"
"io/ioutil"
"os"
)
func main() {
if len(os.Args) != 3 {
fmt.Fprintln(os.Stderr, "Usage: program <hex_string> <file_path>")
os.Exit(1)
}
hexString := os.Args[1]
filePath := os.Args[2]
// Decode hex string
searchBytes, err := hex.DecodeString(hexString)
if err != nil {
fmt.Fprintln(os.Stderr, "Error decoding hex string:", err)
os.Exit(1)
}
// Read file contents
content, err := ioutil.ReadFile(filePath)
if err != nil {
fmt.Fprintln(os.Stderr, "Error reading file:", err)
os.Exit(1)
}
// Search for the occurrence of the hex string
index := bytes.Index(content, searchBytes)
if index == -1 {
fmt.Fprintln(os.Stderr, "Hex string not found in the file")
os.Exit(1)
}
// Check for other occurrences
if bytes.Index(content[index+len(searchBytes):], searchBytes) != -1 {
fmt.Fprintln(os.Stderr, "Multiple occurrences of the hex string found")
os.Exit(1)
}
// Flip the first bit
content[index] ^= 0x80
// Write updated contents to stdout
os.Stdout.Write(content)
}