src: perform integrity checks on built-in code cache

Currently V8 only checks that the length of the source code is the
same as the code used to generate the hash, so we add an additional
check here:

1. During compile time, when generating node_javascript.cc and
   node_code_cache.cc, we compute and include the hash of the
  (unwrapped) JavaScript source in both.
2. At runtime, we check that the hash of the code being compiled
  and the hash of the code used to generate the cache
  (inside the wrapper) is the same.

This is based on the assumptions:

1. `internalBinding('code_cache_hash')` must be in sync with
   `internalBinding('code_cache')` (same C++ file)
2. `internalBinding('natives_hash')` must be in sync with
   `process.binding('natives')` (same C++ file)
3. If `internalBinding('natives_hash')` is in sync with
   `internalBinding('natives_hash')`, then the (unwrapped)
   code used to generate `internalBinding('code_cache')`
   should be in sync with the (unwrapped) code in
   `process.binding('natives')`

There will be, however, false positives if the wrapper used
to generate the cache is different from the one used at run time,
and the length of the wrapper somehow stays the same.
But that should be rare and can be eased once we make the
two bootstrappers cached and checked as well.

PR-URL: https://github.com/nodejs/node/pull/22152
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>

2 files changed, 46 insertions, 4 deletions

diff --git a/tools/generate_code_cache.js b/tools/generate_code_cache.js
index 740cbd718a..35411bc5af 100644
--- a/tools/generate_code_cache.js
+++ b/tools/generate_code_cache.js
@@ -9,9 +9,17 @@
 
 const {
   getCodeCache,
+  getSource,
   cachableBuiltins
 } = require('internal/bootstrap/cache');
 
+function hash(str) {
+  if (process.versions.openssl) {
+    return require('crypto').createHash('sha256').update(str).digest('hex');
+  }
+  return '';
+}
+
 const fs = require('fs');
 
 const resultPath = process.argv[2];
@@ -51,6 +59,8 @@ function getInitalizer(key, cache) {
   const defName = key.replace(/\//g, '_').replace(/-/g, '_');
   const definition = `static uint8_t ${defName}_raw[] = {\n` +
                      `${cache.join(',')}\n};`;
+  const source = getSource(key);
+  const sourceHash = hash(source);
   const initializer = `
   v8::Local<v8::ArrayBuffer> ${defName}_ab =
     v8::ArrayBuffer::New(isolate, ${defName}_raw, ${cache.length});
@@ -60,13 +70,19 @@ function getInitalizer(key, cache) {
               FIXED_ONE_BYTE_STRING(isolate, "${key}"),
               ${defName}_array).FromJust();
   `;
+  const hashIntializer = `
+  target->Set(context,
+              FIXED_ONE_BYTE_STRING(isolate, "${key}"),
+              OneByteString(isolate, "${sourceHash}")).FromJust();
+  `;
   return {
-    definition, initializer
+    definition, initializer, hashIntializer, sourceHash
   };
 }
 
 const cacheDefinitions = [];
 const cacheInitializers = [];
+const cacheHashInitializers = [];
 let totalCacheSize = 0;
 
 
@@ -79,11 +95,14 @@ for (const key of cachableBuiltins) {
 
   const length = cachedData.length;
   totalCacheSize += length;
-  const { definition, initializer } = getInitalizer(key, cachedData);
+  const {
+    definition, initializer, hashIntializer, sourceHash
+  } = getInitalizer(key, cachedData);
   cacheDefinitions.push(definition);
   cacheInitializers.push(initializer);
+  cacheHashInitializers.push(hashIntializer);
   console.log(`Generated cache for '${key}', size = ${formatSize(length)}` +
-              `, total = ${formatSize(totalCacheSize)}`);
+              `, hash = ${sourceHash}, total = ${formatSize(totalCacheSize)}`);
 }
 
 const result = `#include "node.h"
@@ -106,6 +125,13 @@ void DefineCodeCache(Environment* env, v8::Local<v8::Object> target) {
   ${cacheInitializers.join('\n')}
 }
 
+// The target here will be returned as \`internalBinding('code_cache_hash')\`
+void DefineCodeCacheHash(Environment* env, v8::Local<v8::Object> target) {
+  v8::Isolate* isolate = env->isolate();
+  v8::Local<v8::Context> context = env->context();
+  ${cacheHashInitializers.join('\n')}
+}
+
 }  // namespace node
 `;
 
diff --git a/tools/js2c.py b/tools/js2c.py
index 249df58085..40f2bc6f48 100755
--- a/tools/js2c.py
+++ b/tools/js2c.py
@@ -35,6 +35,7 @@ import os
 import re
 import sys
 import string
+import hashlib
 
 
 def ToCArray(elements, step=10):
@@ -205,6 +206,10 @@ void DefineJavaScript(Environment* env, v8::Local<v8::Object> target) {{
   {initializers}
 }}
 
+void DefineJavaScriptHash(Environment* env, v8::Local<v8::Object> target) {{
+  {hash_initializers}
+}}
+
 }}  // namespace node
 """
 
@@ -240,6 +245,12 @@ CHECK(target->Set(env->context(),
                   {value}.ToStringChecked(env->isolate())).FromJust());
 """
 
+HASH_INITIALIZER = """\
+CHECK(target->Set(env->context(),
+                  FIXED_ONE_BYTE_STRING(env->isolate(), "{key}"),
+                  FIXED_ONE_BYTE_STRING(env->isolate(), "{value}")).FromJust());
+"""
+
 DEPRECATED_DEPS = """\
 'use strict';
 process.emitWarning(
@@ -280,6 +291,7 @@ def JS2C(source, target):
   # Build source code lines
   definitions = []
   initializers = []
+  hash_initializers = [];
 
   for name in modules:
     lines = ReadFile(str(name))
@@ -309,10 +321,12 @@ def JS2C(source, target):
     var = name.replace('-', '_').replace('/', '_')
     key = '%s_key' % var
     value = '%s_value' % var
+    hash_value = hashlib.sha256(lines).hexdigest()
 
     definitions.append(Render(key, name))
     definitions.append(Render(value, lines))
     initializers.append(INITIALIZER.format(key=key, value=value))
+    hash_initializers.append(HASH_INITIALIZER.format(key=name, value=hash_value))
 
     if deprecated_deps is not None:
       name = '/'.join(deprecated_deps)
@@ -324,11 +338,13 @@ def JS2C(source, target):
       definitions.append(Render(key, name))
       definitions.append(Render(value, DEPRECATED_DEPS.format(module=name)))
       initializers.append(INITIALIZER.format(key=key, value=value))
+      hash_initializers.append(HASH_INITIALIZER.format(key=name, value=hash_value))
 
   # Emit result
   output = open(str(target[0]), "w")
   output.write(TEMPLATE.format(definitions=''.join(definitions),
-                               initializers=''.join(initializers)))
+                               initializers=''.join(initializers),
+                               hash_initializers=''.join(hash_initializers)))
   output.close()
 
 def main():