github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

window.crypto.subtle cannot be used in insecure env (#39428) (#39559)

Browse source 
* window.crypto.subtle cannot be used in insecure env

* set extension. otherwise definition prioritiezed over js file

* move js to ts. fix build

* remove polyfills

* remove ext

* remove crypto from legacy
This commit is contained in:
Mikhail Shustov 2019-06-25 10:53:53 +02:00 committed by GitHub
parent 11a32ae452
commit bfb47fca29
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 117 additions and 149 deletions
Download patch file Download diff file Expand all files Collapse all files

2
package.json
View file

@ -274,7 +274,6 @@
"@microsoft/api-extractor": "7.1.8",
"@octokit/rest": "^15.10.0",
"@percy/agent": "^0.7.2",
"@trust/webcrypto": "^0.9.2",
"@types/angular": "1.6.50",
"@types/angular-mocks": "^1.7.0",
"@types/babel__core": "^7.1.0",
@ -374,7 +373,6 @@
"eslint-plugin-react-hooks": "1.6.0",
"exit-hook": "^2.1.0",
"faker": "1.1.0",
"fast-text-encoding": "^1.0.0",
"fetch-mock": "7.3.3",
"geckodriver": "1.16.2",
"getopts": "^2.2.4",

8
src/core/public/chrome/recently_accessed/create_log_key.ts
View file

@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
import { Sha256 } from '../../utils/';
export async function createLogKey(type: string, optionalIdentifier?: string) {
const baseKey = `kibana.history.${type}`;
@ -24,10 +24,6 @@ export async function createLogKey(type: string, optionalIdentifier?: string) {
return baseKey;
}
const encoder = new TextEncoder();
const data = encoder.encode(optionalIdentifier);
const buffer = await window.crypto.subtle.digest({ name: 'SHA-256' }, data);
const protectedIdentifier = btoa(String.fromCharCode(...new Uint8Array(buffer)));
const protectedIdentifier = new Sha256().update(optionalIdentifier, 'utf8').digest('base64');
return `${baseKey}-${protectedIdentifier}`;
}

0
src/legacy/ui/public/crypto/index.ts → src/core/public/utils/crypto/index.ts
View file

163
src/legacy/ui/public/crypto/sha256.js → src/core/public/utils/crypto/sha256.ts
View file

@ -49,31 +49,102 @@
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
const K = [
0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
0x428a2f98,
0x71374491,
0xb5c0fbcf,
0xe9b5dba5,
0x3956c25b,
0x59f111f1,
0x923f82a4,
0xab1c5ed5,
0xd807aa98,
0x12835b01,
0x243185be,
0x550c7dc3,
0x72be5d74,
0x80deb1fe,
0x9bdc06a7,
0xc19bf174,
0xe49b69c1,
0xefbe4786,
0x0fc19dc6,
0x240ca1cc,
0x2de92c6f,
0x4a7484aa,
0x5cb0a9dc,
0x76f988da,
0x983e5152,
0xa831c66d,
0xb00327c8,
0xbf597fc7,
0xc6e00bf3,
0xd5a79147,
0x06ca6351,
0x14292967,
0x27b70a85,
0x2e1b2138,
0x4d2c6dfc,
0x53380d13,
0x650a7354,
0x766a0abb,
0x81c2c92e,
0x92722c85,
0xa2bfe8a1,
0xa81a664b,
0xc24b8b70,
0xc76c51a3,
0xd192e819,
0xd6990624,
0xf40e3585,
0x106aa070,
0x19a4c116,
0x1e376c08,
0x2748774c,
0x34b0bcb5,
0x391c0cb3,
0x4ed8aa4a,
0x5b9cca4f,
0x682e6ff3,
0x748f82ee,
0x78a5636f,
0x84c87814,
0x8cc70208,
0x90befffa,
0xa4506ceb,
0xbef9a3f7,
0xc67178f2,
];
const W = new Array(64);
/* eslint-disable no-bitwise, no-shadow */
export class Sha256 {
private _a: number;
private _b: number;
private _c: number;
private _d: number;
private _e: number;
private _f: number;
private _g: number;
private _h: number;
private _block: Buffer;
private _finalSize: number;
private _blockSize: number;
private _len: number;
private _s: number;
private _w: number[];
constructor() {
this.init();
this._a = 0x6a09e667;
this._b = 0xbb67ae85;
this._c = 0x3c6ef372;
this._d = 0xa54ff53a;
this._e = 0x510e527f;
this._f = 0x9b05688c;
this._g = 0x1f83d9ab;
this._h = 0x5be0cd19;
this._w = W; // new Array(64)
@ -86,33 +157,20 @@ export class Sha256 {
this._s = 0;
}
init() {
this._a = 0x6a09e667;
this._b = 0xbb67ae85;
this._c = 0x3c6ef372;
this._d = 0xa54ff53a;
this._e = 0x510e527f;
this._f = 0x9b05688c;
this._g = 0x1f83d9ab;
this._h = 0x5be0cd19;
return this;
}
update(data, enc) {
update(data: string | Buffer, encoding?: string): Sha256 {
if (typeof data === 'string') {
enc = enc || 'utf8';
data = Buffer.from(data, enc);
encoding = encoding || 'utf8';
data = Buffer.from(data, encoding);
}
const l = this._len += data.length;
const l = (this._len += data.length);
let s = this._s || 0;
let f = 0;
const buffer = this._block;
while (s < l) {
const t = Math.min(data.length, f + this._blockSize - (s % this._blockSize));
const ch = (t - f);
const ch = t - f;
for (let i = 0; i < ch; i++) {
buffer[(s % this._blockSize) + i] = data[i + f];
@ -121,7 +179,7 @@ export class Sha256 {
s += ch;
f += ch;
if ((s % this._blockSize) === 0) {
if (s % this._blockSize === 0) {
this._update(buffer);
}
}
@ -130,7 +188,7 @@ export class Sha256 {
return this;
}
digest(enc) {
digest(encoding: string): string {
// Suppose the length of the message M, in bits, is l
const l = this._len * 8;
@ -138,7 +196,7 @@ export class Sha256 {
this._block[this._len % this._blockSize] = 0x80;
// and then k zero bits, where k is the smallest non-negative solution to the equation (l + 1 + k) === finalSize mod blockSize
this._block.fill(0, this._len % this._blockSize + 1);
this._block.fill(0, (this._len % this._blockSize) + 1);
if (l % (this._blockSize * 8) >= this._finalSize * 8) {
this._update(this._block);
@ -148,13 +206,14 @@ export class Sha256 {
// to this append the block which is equal to the number l written in binary
// TODO: handle case where l is > Math.pow(2, 29)
this._block.writeInt32BE(l, this._blockSize - 4);
this._update(this._block);
const hash = this._update(this._block) || this._hash();
const hash = this._hash();
return enc ? hash.toString(enc) : hash;
return hash.toString(encoding);
}
_update(M) {
_update(M: Buffer) {
const W = this._w;
let a = this._a | 0;
@ -210,26 +269,26 @@ export class Sha256 {
}
}
function ch(x, y, z) {
function ch(x: number, y: number, z: number) {
return z ^ (x & (y ^ z));
}
function maj(x, y, z) {
function maj(x: number, y: number, z: number) {
return (x & y) | (z & (x | y));
}
function sigma0(x) {
return (x >>> 2 | x << 30) ^ (x >>> 13 | x << 19) ^ (x >>> 22 | x << 10);
function sigma0(x: number) {
return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10));
}
function sigma1(x) {
return (x >>> 6 | x << 26) ^ (x >>> 11 | x << 21) ^ (x >>> 25 | x << 7);
function sigma1(x: number) {
return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7));
}
function gamma0(x) {
return (x >>> 7 | x << 25) ^ (x >>> 18 | x << 14) ^ (x >>> 3);
function gamma0(x: number) {
return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3);
}
function gamma1(x) {
return (x >>> 17 | x << 15) ^ (x >>> 19 | x << 13) ^ (x >>> 10);
function gamma1(x: number) {
return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10);
}

1
src/core/public/utils/index.ts
View file

@ -18,3 +18,4 @@
*/
export { shareWeakReplay } from './share_weak_replay';
export { Sha256 } from './crypto';

4
src/dev/jest/setup/polyfills.js
View file

@ -26,7 +26,3 @@ const MutationObserver = require('mutation-observer');
Object.defineProperty(window, 'MutationObserver', { value: MutationObserver });
require('whatwg-fetch');
// TextEncoder + TextDecoder
require('fast-text-encoding');
window.crypto = require('@trust/webcrypto');

23
src/legacy/ui/public/crypto/sha256.d.ts vendored
View file

@ -1,23 +0,0 @@
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
export class Sha256 {
public update(json: string | Buffer, encoding?: string): Sha256;
public digest(encoding: string): string;
}

2
src/legacy/ui/public/state_management/state_storage/state_hash.js
View file

@ -17,7 +17,7 @@
* under the License.
*/
import { Sha256 } from '../../crypto';
import { Sha256 } from '../../../../../core/public/utils/';
// This prefix is used to identify hash strings that have been encoded in the URL.
const HASH_PREFIX = 'h@';

63
yarn.lock
View file

@ -3152,26 +3152,6 @@
"@svgr/plugin-svgo" "^4.2.0"
loader-utils "^1.2.3"
"@trust/keyto@^0.3.4":
version "0.3.7"
resolved "https://registry.yarnpkg.com/@trust/keyto/-/keyto-0.3.7.tgz#e251264e302a7a6be64a3e208dacb2ef6268c946"
integrity sha512-t5kWWCTkPgg24JWVuCTPMx7l13F7YHdxBeJkT1vmoHjROgiOIEAN8eeY+iRmP1Hwsx+S7U55HyuqSsECr08a8A==
dependencies:
asn1.js "^5.0.1"
base64url "^3.0.1"
elliptic "^6.4.1"
"@trust/webcrypto@^0.9.2":
version "0.9.2"
resolved "https://registry.yarnpkg.com/@trust/webcrypto/-/webcrypto-0.9.2.tgz#c699d4c026a4446b04faa54d5389a81888ba713c"
integrity sha512-5iMAVcGYKhqLJGjefB1nzuQSqUJTru0nG4CytpBT/GGp1Piz/MVnj2jORdYf4JBYzggCIa8WZUr2rchP2Ngn/w==
dependencies:
"@trust/keyto" "^0.3.4"
base64url "^3.0.0"
elliptic "^6.4.0"
node-rsa "^0.4.0"
text-encoding "^0.6.1"
"@turf/bbox@6.x":
version "6.0.1"
resolved "https://registry.yarnpkg.com/@turf/bbox/-/bbox-6.0.1.tgz#b966075771475940ee1c16be2a12cf389e6e923a"
@ -5600,20 +5580,6 @@ asn1.js@^4.0.0:
inherits "^2.0.1"
minimalistic-assert "^1.0.0"
asn1.js@^5.0.1:
version "5.0.1"
resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-5.0.1.tgz#7668b56416953f0ce3421adbb3893ace59c96f59"
integrity sha512-aO8EaEgbgqq77IEw+1jfx5c9zTbzvkfuRBuZsSsPnTHMkmd5AI4J6OtITLZFa381jReeaQL67J0GBTUu0+ZTVw==
dependencies:
bn.js "^4.0.0"
inherits "^2.0.1"
minimalistic-assert "^1.0.0"
asn1@0.2.3:
version "0.2.3"
resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.3.tgz#dac8787713c9966849fc8180777ebe9c1ddf3b86"
integrity sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y=
asn1@~0.2.3:
version "0.2.4"
resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
@ -6502,7 +6468,7 @@ base64id@1.0.0:
resolved "https://registry.yarnpkg.com/base64id/-/base64id-1.0.0.tgz#47688cb99bb6804f0e06d3e763b1c32e57d8e6b6"
integrity sha1-R2iMuZu2gE8OBtPnY7HDLlfY5rY=
base64url@^3.0.0, base64url@^3.0.1:
base64url@^3.0.0:
version "3.0.1"
resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
@ -10556,19 +10522,6 @@ elliptic@^6.0.0:
minimalistic-assert "^1.0.0"
minimalistic-crypto-utils "^1.0.0"
elliptic@^6.4.0, elliptic@^6.4.1:
version "6.4.1"
resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.4.1.tgz#c2d0b7776911b86722c632c3c06c60f2f819939a"
integrity sha512-BsXLz5sqX8OHcsh7CqBMztyXARmGQ3LWPtGjJi6DiJHq5C/qvi9P3OqgswKSDftbu8+IoI/QDTAm2fFnQ9SZSQ==
dependencies:
bn.js "^4.4.0"
brorand "^1.0.1"
hash.js "^1.0.0"
hmac-drbg "^1.0.0"
inherits "^2.0.1"
minimalistic-assert "^1.0.0"
minimalistic-crypto-utils "^1.0.0"
emoji-regex@^7.0.1, emoji-regex@^7.0.2:
version "7.0.3"
resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-7.0.3.tgz#933a04052860c85e83c122479c4748a8e4c72156"
@ -11974,11 +11927,6 @@ fast-safe-stringify@^2.0.4:
resolved "https://registry.yarnpkg.com/fast-safe-stringify/-/fast-safe-stringify-2.0.6.tgz#04b26106cc56681f51a044cfc0d76cf0008ac2c2"
integrity sha512-q8BZ89jjc+mz08rSxROs8VsrBBcn1SIw1kq9NjolL509tkABRk9io01RAjSaEv1Xb2uFLt8VtRiZbGp5H8iDtg==
fast-text-encoding@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/fast-text-encoding/-/fast-text-encoding-1.0.0.tgz#3e5ce8293409cfaa7177a71b9ca84e1b1e6f25ef"
integrity sha512-R9bHCvweUxxwkDwhjav5vxpFvdPGlVngtqmx4pIZfSUhM/Q4NiIUHB456BAf+Q1Nwu3HEZYONtu+Rya+af4jiQ==
fastparse@^1.1.1:
version "1.1.1"
resolved "https://registry.yarnpkg.com/fastparse/-/fastparse-1.1.1.tgz#d1e2643b38a94d7583b479060e6c4affc94071f8"
@ -19609,13 +19557,6 @@ node-releases@^1.1.3:
dependencies:
semver "^5.3.0"
node-rsa@^0.4.0:
version "0.4.2"
resolved "https://registry.yarnpkg.com/node-rsa/-/node-rsa-0.4.2.tgz#d6391729ec16a830ed5a38042b3157d2d5d72530"
integrity sha1-1jkXKewWqDDtWjgEKzFX0tXXJTA=
dependencies:
asn1 "0.2.3"
node-sass@^4.9.4:
version "4.9.4"
resolved "https://registry.yarnpkg.com/node-sass/-/node-sass-4.9.4.tgz#349bd7f1c89422ffe7e1e4b60f2055a69fbc5512"
@ -26232,7 +26173,7 @@ test-exclude@^5.0.0:
read-pkg-up "^4.0.0"
require-main-filename "^1.0.1"
text-encoding@^0.6.1, text-encoding@^0.6.4:
text-encoding@^0.6.4:
version "0.6.4"
resolved "https://registry.yarnpkg.com/text-encoding/-/text-encoding-0.6.4.tgz#e399a982257a276dae428bb92845cb71bdc26d19"
integrity sha1-45mpgiV6J22uQou5KEXLcb3CbRk=