[gin] Fingerprint the V8 snapshot files on Windows and verify before loading the snapshot.

gin/isolate_holder.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "gin/public/isolate_holder.h"
 
 #include <stdlib.h>
 #include <string.h>
 
 #include "base/files/memory_mapped_file.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/rand_util.h"
 #include "base/sys_info.h"
+#include "crypto/sha2.h"
 #include "gin/array_buffer.h"
 #include "gin/debug_impl.h"
 #include "gin/function_template.h"
 #include "gin/per_isolate_data.h"
 #include "gin/public/v8_platform.h"
 #include "gin/run_microtasks_observer.h"
 
-#ifdef V8_USE_EXTERNAL_STARTUP_DATA
-#ifdef OS_MACOSX
+#if defined(V8_USE_EXTERNAL_STARTUP_DATA)
+#if defined(OS_MACOSX)
 #include "base/mac/foundation_util.h"
-#endif  // OS_MACOSX
+#endif  // defined(OS_MACOSX)
 #include "base/path_service.h"
-#endif  // V8_USE_EXTERNAL_STARTUP_DATA
+#endif  // defined(V8_USE_EXTERNAL_STARTUP_DATA)
 
 namespace gin {
 
 namespace {
 
 v8::ArrayBuffer::Allocator* g_array_buffer_allocator = NULL;
 
 bool GenerateEntropy(unsigned char* buffer, size_t amount) {
   base::RandBytes(buffer, amount);
   return true;
 }
 
 base::MemoryMappedFile* g_mapped_natives = NULL;
 base::MemoryMappedFile* g_mapped_snapshot = NULL;
 
-#ifdef V8_USE_EXTERNAL_STARTUP_DATA
+#if defined(V8_USE_EXTERNAL_STARTUP_DATA)
 bool MapV8Files(base::FilePath* natives_path, base::FilePath* snapshot_path,
                 int natives_fd = -1, int snapshot_fd = -1) {
   int flags = base::File::FLAG_OPEN | base::File::FLAG_READ;
 
   g_mapped_natives = new base::MemoryMappedFile;
   if (!g_mapped_natives->IsValid()) {
     if (natives_fd == -1
         ? !g_mapped_natives->Initialize(base::File(*natives_path, flags))
         : !g_mapped_natives->Initialize(base::File(natives_fd))) {
       delete g_mapped_natives;
@@ skipping 11 matching lines @@
       delete g_mapped_snapshot;
       g_mapped_snapshot = NULL;
       LOG(ERROR) << "Couldn't mmap v8 snapshot data file";
       return false;
     }
   }
 
   return true;
 }
 
+#if defined(OS_WIN)

[grt (UTC plus 2), 2015/01/08 17:46:35]

i can imagine other platforms eventually wanting the verified path as well (why
not on OSX?). how about switching from OS_WIN to something like
V8_VERIFY_EXTERNAL_STARTUP_DATA that is currently only set for OS_WIN?

[rmcilroy, 2015/01/08 18:54:14]

Done.

+bool VerifyV8SnapshotFile(base::MemoryMappedFile* snapshot_file,
+                          const unsigned char* fingerprint) {
+  unsigned char output[crypto::kSHA256Length];
+  crypto::SHA256HashString(
+      base::StringPiece(reinterpret_cast<const char*>(snapshot_file->data()),
+                        snapshot_file->length()),
+      output, sizeof(output));
+  return !memcmp(fingerprint, output, sizeof(output));
+}
+#endif  // defined(OS_WIN)
+
 #if !defined(OS_MACOSX)
 const int v8_snapshot_dir =
 #if defined(OS_ANDROID)
     base::DIR_ANDROID_APP_DATA;
 #elif defined(OS_POSIX)
     base::DIR_EXE;
 #endif  // defined(OS_ANDROID)
 #endif  // !defined(OS_MACOSX)
 
 #endif  // V8_USE_EXTERNAL_STARTUP_DATA
 
 }  // namespace
 
+#if defined(V8_USE_EXTERNAL_STARTUP_DATA)
 
-#ifdef V8_USE_EXTERNAL_STARTUP_DATA
+#if defined(OS_WIN)
+// Declared in gen/gin/v8_snapshot_fingerprint.cc

[grt (UTC plus 2), 2015/01/08 17:46:35]

ping: Declared -> Defined

[rmcilroy, 2015/01/08 18:54:14]

Oops, sorry missed this. Done.

+extern const unsigned char g_natives_fingerprint[];
+extern const unsigned char g_snapshot_fingerprint[];
+#endif  // defined(OS_WIN)
+
 // static
-bool IsolateHolder::LoadV8Snapshot() {
+bool IsolateHolder::LoadV8SnapshotCommon() {
   if (g_mapped_natives && g_mapped_snapshot)
     return true;
 
 #if !defined(OS_MACOSX)
   base::FilePath data_path;
   PathService::Get(v8_snapshot_dir, &data_path);
   DCHECK(!data_path.empty());
 
   base::FilePath natives_path = data_path.AppendASCII("natives_blob.bin");
   base::FilePath snapshot_path = data_path.AppendASCII("snapshot_blob.bin");
 #else  // !defined(OS_MACOSX)
   base::FilePath natives_path = base::mac::PathForFrameworkBundleResource(
       CFSTR("natives_blob.bin"));
   base::FilePath snapshot_path = base::mac::PathForFrameworkBundleResource(
       CFSTR("snapshot_blob.bin"));
   DCHECK(!natives_path.empty());
   DCHECK(!snapshot_path.empty());
 #endif  // !defined(OS_MACOSX)
 
   return MapV8Files(&natives_path, &snapshot_path);
 }
 
 //static
 bool IsolateHolder::LoadV8SnapshotFD(int natives_fd, int snapshot_fd) {
   if (g_mapped_natives && g_mapped_snapshot)
     return true;
 
   return MapV8Files(NULL, NULL, natives_fd, snapshot_fd);
 }
-#endif  // V8_USE_EXTERNAL_STARTUP_DATA
+
+#if defined(OS_WIN)
+// static
+bool IsolateHolder::LoadAndVerifyV8Snapshot() {
+  if (!LoadV8SnapshotCommon())
+    return false;
+  return VerifyV8SnapshotFile(g_mapped_natives, g_natives_fingerprint) &&
+         VerifyV8SnapshotFile(g_mapped_snapshot, g_snapshot_fingerprint);
+}
+#else
+// static
+bool IsolateHolder::LoadV8Snapshot() {
+  return LoadV8SnapshotCommon();
+}
+#endif  // defined(OS_WIN)
+
+#endif  // defined(V8_USE_EXTERNAL_STARTUP_DATA)
 
 //static
 void IsolateHolder::GetV8ExternalSnapshotData(const char** natives_data_out,
                                               int* natives_size_out,
                                               const char** snapshot_data_out,
                                               int* snapshot_size_out) {
   if (!g_mapped_natives || !g_mapped_snapshot) {
     *natives_data_out = *snapshot_data_out = NULL;
     *natives_size_out = *snapshot_size_out = 0;
     return;
@@ skipping 54 matching lines @@
   if (v8_is_initialized)
     return;
   v8::V8::InitializePlatform(V8Platform::Get());
   v8::V8::SetArrayBufferAllocator(allocator);
   g_array_buffer_allocator = allocator;
   if (mode == gin::IsolateHolder::kStrictMode) {
     static const char v8_flags[] = "--use_strict";
     v8::V8::SetFlagsFromString(v8_flags, sizeof(v8_flags) - 1);
   }
   v8::V8::SetEntropySource(&GenerateEntropy);
-#ifdef V8_USE_EXTERNAL_STARTUP_DATA
+#if defined(V8_USE_EXTERNAL_STARTUP_DATA)
   v8::StartupData natives;
   natives.data = reinterpret_cast<const char*>(g_mapped_natives->data());
   natives.raw_size = static_cast<int>(g_mapped_natives->length());
   v8::V8::SetNativesDataBlob(&natives);
 
   v8::StartupData snapshot;
   snapshot.data = reinterpret_cast<const char*>(g_mapped_snapshot->data());
   snapshot.raw_size = static_cast<int>(g_mapped_snapshot->length());
   v8::V8::SetSnapshotDataBlob(&snapshot);
-#endif  // V8_USE_EXTERNAL_STARTUP_DATA
+#endif  // defined(V8_USE_EXTERNAL_STARTUP_DATA)
   v8::V8::Initialize();
   v8_is_initialized = true;
 }
 
 void IsolateHolder::AddRunMicrotasksObserver() {
   DCHECK(!task_observer_.get());
   task_observer_.reset(new RunMicrotasksObserver(isolate_));;
   base::MessageLoop::current()->AddTaskObserver(task_observer_.get());
 }
 
 void IsolateHolder::RemoveRunMicrotasksObserver() {
   DCHECK(task_observer_.get());
   base::MessageLoop::current()->RemoveTaskObserver(task_observer_.get());
   task_observer_.reset();
 }
 
 }  // namespace gin