policy: add policy-integrity to mitigate policy tampering

PR-URL: https://github.com/nodejs/node/pull/28734 Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Guy Bedford <guybedford@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
author: Bradley Farias <bradley.meck@gmail.com> 2019-06-05 13:33:07 -0500
committer: Michaël Zasso <targos@protonmail.com> 2019-07-22 21:20:42 +0200
commit: 2eeb44f3facb58dacbcb2f270d4f169a2c81ee08 (patch)
tree: cb3ecdb07852362d181312eb6ffd204d86199b09 /lib/internal/bootstrap/pre_execution.js
parent: cf811ecd47cf2c4f5bec2b27577c6d414842b703 (diff)
download: android-node-v8-2eeb44f3facb58dacbcb2f270d4f169a2c81ee08.tar.gz
android-node-v8-2eeb44f3facb58dacbcb2f270d4f169a2c81ee08.tar.bz2
android-node-v8-2eeb44f3facb58dacbcb2f270d4f169a2c81ee08.zip
1 files changed, 27 insertions, 0 deletions
diff --git a/lib/internal/bootstrap/pre_execution.js b/lib/internal/bootstrap/pre_execution.js
index bbb0786dcd..104ebaff32 100644
--- a/lib/internal/bootstrap/pre_execution.js
+++ b/lib/internal/bootstrap/pre_execution.js
@@ -4,6 +4,7 @@ const { Object, SafeWeakMap } = primordials;
 
 const { getOptionValue } = require('internal/options');
 const { Buffer } = require('buffer');
+const { ERR_MANIFEST_ASSERT_INTEGRITY } = require('internal/errors').codes;
 
 function prepareMainThreadExecution(expandArgv1 = false) {
   // Patch the process object with legacy properties and normalizations
@@ -332,6 +333,32 @@ function initializePolicy() {
     }
     const fs = require('fs');
     const src = fs.readFileSync(manifestURL, 'utf8');
+    const experimentalPolicyIntegrity = getOptionValue('--policy-integrity');
+    if (experimentalPolicyIntegrity) {
+      const SRI = require('internal/policy/sri');
+      const { createHash, timingSafeEqual } = require('crypto');
+      const realIntegrities = new Map();
+      const integrityEntries = SRI.parse(experimentalPolicyIntegrity);
+      let foundMatch = false;
+      for (var i = 0; i < integrityEntries.length; i++) {
+        const {
+          algorithm,
+          value: expected
+        } = integrityEntries[i];
+        const hash = createHash(algorithm);
+        hash.update(src);
+        const digest = hash.digest();
+        if (digest.length === expected.length &&
+          timingSafeEqual(digest, expected)) {
+          foundMatch = true;
+          break;
+        }
+        realIntegrities.set(algorithm, digest.toString('base64'));
+      }
+      if (!foundMatch) {
+        throw new ERR_MANIFEST_ASSERT_INTEGRITY(manifestURL, realIntegrities);
+      }
+    }
     require('internal/process/policy')
       .setup(src, manifestURL.href);
   }
author	Bradley Farias <bradley.meck@gmail.com>	2019-06-05 13:33:07 -0500
committer	Michaël Zasso <targos@protonmail.com>	2019-07-22 21:20:42 +0200
commit	2eeb44f3facb58dacbcb2f270d4f169a2c81ee08 (patch)
tree	cb3ecdb07852362d181312eb6ffd204d86199b09 /lib/internal/bootstrap/pre_execution.js
parent	cf811ecd47cf2c4f5bec2b27577c6d414842b703 (diff)
download	android-node-v8-2eeb44f3facb58dacbcb2f270d4f169a2c81ee08.tar.gz android-node-v8-2eeb44f3facb58dacbcb2f270d4f169a2c81ee08.tar.bz2 android-node-v8-2eeb44f3facb58dacbcb2f270d4f169a2c81ee08.zip