window.crypto.subtle cannot be used in insecure env (#39428)

* window.crypto.subtle cannot be used in insecure env * set extension. otherwise definition prioritiezed over js file * move js to ts. fix build * remove polyfills * remove ext * remove crypto from legacy
2019-06-25 09:49:06 +02:00 · 2019-06-25 09:49:06 +02:00 · e43c7cf9e3
parent 01610b1a46
commit e43c7cf9e3
9 changed files with 117 additions and 149 deletions
--- a/package.json
+++ b/package.json
@ -275,7 +275,6 @@
    "@microsoft/api-extractor": "7.1.8",
    "@octokit/rest": "^15.10.0",
    "@percy/agent": "^0.7.2",
-    "@trust/webcrypto": "^0.9.2",
    "@types/angular": "1.6.50",
    "@types/angular-mocks": "^1.7.0",
    "@types/babel__core": "^7.1.0",
@ -375,7 +374,6 @@
    "eslint-plugin-react-hooks": "1.6.0",
    "exit-hook": "^2.1.0",
    "faker": "1.1.0",
-    "fast-text-encoding": "^1.0.0",
    "fetch-mock": "7.3.3",
    "geckodriver": "1.16.2",
    "getopts": "^2.2.4",
--- a/src/core/public/chrome/recently_accessed/create_log_key.ts
+++ b/src/core/public/chrome/recently_accessed/create_log_key.ts
@ -16,7 +16,7 @@
 * specific language governing permissions and limitations
 * under the License.
 */
-
+import { Sha256 } from '../../utils/';
 export async function createLogKey(type: string, optionalIdentifier?: string) {
  const baseKey = `kibana.history.${type}`;

@ -24,10 +24,6 @@ export async function createLogKey(type: string, optionalIdentifier?: string) {
    return baseKey;
  }

-  const encoder = new TextEncoder();
-  const data = encoder.encode(optionalIdentifier);
-  const buffer = await window.crypto.subtle.digest({ name: 'SHA-256' }, data);
-  const protectedIdentifier = btoa(String.fromCharCode(...new Uint8Array(buffer)));
-
+  const protectedIdentifier = new Sha256().update(optionalIdentifier, 'utf8').digest('base64');
  return `${baseKey}-${protectedIdentifier}`;
 }
--- a/src/core/public/utils/crypto/index.ts
+++ b/src/core/public/utils/crypto/index.ts
--- a/src/core/public/utils/crypto/sha256.ts
+++ b/src/core/public/utils/crypto/sha256.ts
@ -49,31 +49,102 @@
 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */
-
 const K = [
-  0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
-  0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
-  0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
-  0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
-  0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
-  0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
-  0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
-  0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
-  0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
-  0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
-  0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
-  0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
-  0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
-  0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
-  0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
-  0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
+  0x428a2f98,
+  0x71374491,
+  0xb5c0fbcf,
+  0xe9b5dba5,
+  0x3956c25b,
+  0x59f111f1,
+  0x923f82a4,
+  0xab1c5ed5,
+  0xd807aa98,
+  0x12835b01,
+  0x243185be,
+  0x550c7dc3,
+  0x72be5d74,
+  0x80deb1fe,
+  0x9bdc06a7,
+  0xc19bf174,
+  0xe49b69c1,
+  0xefbe4786,
+  0x0fc19dc6,
+  0x240ca1cc,
+  0x2de92c6f,
+  0x4a7484aa,
+  0x5cb0a9dc,
+  0x76f988da,
+  0x983e5152,
+  0xa831c66d,
+  0xb00327c8,
+  0xbf597fc7,
+  0xc6e00bf3,
+  0xd5a79147,
+  0x06ca6351,
+  0x14292967,
+  0x27b70a85,
+  0x2e1b2138,
+  0x4d2c6dfc,
+  0x53380d13,
+  0x650a7354,
+  0x766a0abb,
+  0x81c2c92e,
+  0x92722c85,
+  0xa2bfe8a1,
+  0xa81a664b,
+  0xc24b8b70,
+  0xc76c51a3,
+  0xd192e819,
+  0xd6990624,
+  0xf40e3585,
+  0x106aa070,
+  0x19a4c116,
+  0x1e376c08,
+  0x2748774c,
+  0x34b0bcb5,
+  0x391c0cb3,
+  0x4ed8aa4a,
+  0x5b9cca4f,
+  0x682e6ff3,
+  0x748f82ee,
+  0x78a5636f,
+  0x84c87814,
+  0x8cc70208,
+  0x90befffa,
+  0xa4506ceb,
+  0xbef9a3f7,
+  0xc67178f2,
 ];

 const W = new Array(64);

+/* eslint-disable  no-bitwise, no-shadow */
 export class Sha256 {
+  private _a: number;
+  private _b: number;
+  private _c: number;
+  private _d: number;
+  private _e: number;
+  private _f: number;
+  private _g: number;
+  private _h: number;
+
+  private _block: Buffer;
+  private _finalSize: number;
+  private _blockSize: number;
+  private _len: number;
+  private _s: number;
+
+  private _w: number[];
  constructor() {
-    this.init();
+    this._a = 0x6a09e667;
+    this._b = 0xbb67ae85;
+    this._c = 0x3c6ef372;
+    this._d = 0xa54ff53a;
+    this._e = 0x510e527f;
+    this._f = 0x9b05688c;
+    this._g = 0x1f83d9ab;
+    this._h = 0x5be0cd19;

    this._w = W; // new Array(64)

@ -86,33 +157,20 @@ export class Sha256 {
    this._s = 0;
  }

-  init() {
-    this._a = 0x6a09e667;
-    this._b = 0xbb67ae85;
-    this._c = 0x3c6ef372;
-    this._d = 0xa54ff53a;
-    this._e = 0x510e527f;
-    this._f = 0x9b05688c;
-    this._g = 0x1f83d9ab;
-    this._h = 0x5be0cd19;
-
-    return this;
-  }
-
-  update(data, enc) {
+  update(data: string | Buffer, encoding?: string): Sha256 {
    if (typeof data === 'string') {
-      enc = enc || 'utf8';
-      data = Buffer.from(data, enc);
+      encoding = encoding || 'utf8';
+      data = Buffer.from(data, encoding);
    }

-    const l = this._len += data.length;
+    const l = (this._len += data.length);
    let s = this._s || 0;
    let f = 0;
    const buffer = this._block;

    while (s < l) {
      const t = Math.min(data.length, f + this._blockSize - (s % this._blockSize));
-      const ch = (t - f);
+      const ch = t - f;

      for (let i = 0; i < ch; i++) {
        buffer[(s % this._blockSize) + i] = data[i + f];
@ -121,7 +179,7 @@ export class Sha256 {
      s += ch;
      f += ch;

-      if ((s % this._blockSize) === 0) {
+      if (s % this._blockSize === 0) {
        this._update(buffer);
      }
    }
@ -130,7 +188,7 @@ export class Sha256 {
    return this;
  }

-  digest(enc) {
+  digest(encoding: string): string {
    // Suppose the length of the message M, in bits, is l
    const l = this._len * 8;

@ -138,7 +196,7 @@ export class Sha256 {
    this._block[this._len % this._blockSize] = 0x80;

    // and then k zero bits, where k is the smallest non-negative solution to the equation (l + 1 + k) === finalSize mod blockSize
-    this._block.fill(0, this._len % this._blockSize + 1);
+    this._block.fill(0, (this._len % this._blockSize) + 1);

    if (l % (this._blockSize * 8) >= this._finalSize * 8) {
      this._update(this._block);
@ -148,13 +206,14 @@ export class Sha256 {
    // to this append the block which is equal to the number l written in binary
    // TODO: handle case where l is > Math.pow(2, 29)
    this._block.writeInt32BE(l, this._blockSize - 4);
+    this._update(this._block);

-    const hash = this._update(this._block) || this._hash();
+    const hash = this._hash();

-    return enc ? hash.toString(enc) : hash;
+    return hash.toString(encoding);
  }

-  _update(M) {
+  _update(M: Buffer) {
    const W = this._w;

    let a = this._a | 0;
@ -210,26 +269,26 @@ export class Sha256 {
  }
 }

-function ch(x, y, z) {
+function ch(x: number, y: number, z: number) {
  return z ^ (x & (y ^ z));
 }

-function maj(x, y, z) {
+function maj(x: number, y: number, z: number) {
  return (x & y) | (z & (x | y));
 }

-function sigma0(x) {
-  return (x >>> 2 | x << 30) ^ (x >>> 13 | x << 19) ^ (x >>> 22 | x << 10);
+function sigma0(x: number) {
+  return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10));
 }

-function sigma1(x) {
-  return (x >>> 6 | x << 26) ^ (x >>> 11 | x << 21) ^ (x >>> 25 | x << 7);
+function sigma1(x: number) {
+  return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7));
 }

-function gamma0(x) {
-  return (x >>> 7 | x << 25) ^ (x >>> 18 | x << 14) ^ (x >>> 3);
+function gamma0(x: number) {
+  return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3);
 }

-function gamma1(x) {
-  return (x >>> 17 | x << 15) ^ (x >>> 19 | x << 13) ^ (x >>> 10);
+function gamma1(x: number) {
+  return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10);
 }
--- a/src/core/public/utils/index.ts
+++ b/src/core/public/utils/index.ts
@ -18,3 +18,4 @@
 */

 export { shareWeakReplay } from './share_weak_replay';
+export { Sha256 } from './crypto';
--- a/src/dev/jest/setup/polyfills.js
+++ b/src/dev/jest/setup/polyfills.js
@ -26,7 +26,3 @@ const MutationObserver = require('mutation-observer');
 Object.defineProperty(window, 'MutationObserver', { value: MutationObserver });

 require('whatwg-fetch');
-
-// TextEncoder + TextDecoder
-require('fast-text-encoding');
-window.crypto = require('@trust/webcrypto');
--- a/src/legacy/ui/public/crypto/sha256.d.ts
+++ b/src/legacy/ui/public/crypto/sha256.d.ts
@ -1,23 +0,0 @@
-/*
- * Licensed to Elasticsearch B.V. under one or more contributor
- * license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright
- * ownership. Elasticsearch B.V. licenses this file to you under
- * the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-export class Sha256 {
-  public update(json: string | Buffer, encoding?: string): Sha256;
-  public digest(encoding: string): string;
-}
--- a/src/legacy/ui/public/state_management/state_storage/state_hash.js
+++ b/src/legacy/ui/public/state_management/state_storage/state_hash.js
@ -17,7 +17,7 @@
 * under the License.
 */

-import { Sha256 } from '../../crypto';
+import { Sha256 } from '../../../../../core/public/utils/';

 // This prefix is used to identify hash strings that have been encoded in the URL.
 const HASH_PREFIX = 'h@';
--- a/yarn.lock
+++ b/yarn.lock
@ -3167,26 +3167,6 @@
    "@svgr/plugin-svgo" "^4.2.0"
    loader-utils "^1.2.3"

-"@trust/keyto@^0.3.4":
-  version "0.3.7"
-  resolved "https://registry.yarnpkg.com/@trust/keyto/-/keyto-0.3.7.tgz#e251264e302a7a6be64a3e208dacb2ef6268c946"
-  integrity sha512-t5kWWCTkPgg24JWVuCTPMx7l13F7YHdxBeJkT1vmoHjROgiOIEAN8eeY+iRmP1Hwsx+S7U55HyuqSsECr08a8A==
-  dependencies:
-    asn1.js "^5.0.1"
-    base64url "^3.0.1"
-    elliptic "^6.4.1"
-
-"@trust/webcrypto@^0.9.2":
-  version "0.9.2"
-  resolved "https://registry.yarnpkg.com/@trust/webcrypto/-/webcrypto-0.9.2.tgz#c699d4c026a4446b04faa54d5389a81888ba713c"
-  integrity sha512-5iMAVcGYKhqLJGjefB1nzuQSqUJTru0nG4CytpBT/GGp1Piz/MVnj2jORdYf4JBYzggCIa8WZUr2rchP2Ngn/w==
-  dependencies:
-    "@trust/keyto" "^0.3.4"
-    base64url "^3.0.0"
-    elliptic "^6.4.0"
-    node-rsa "^0.4.0"
-    text-encoding "^0.6.1"
-
 "@turf/bbox@6.x":
  version "6.0.1"
  resolved "https://registry.yarnpkg.com/@turf/bbox/-/bbox-6.0.1.tgz#b966075771475940ee1c16be2a12cf389e6e923a"
@ -5610,20 +5590,6 @@ asn1.js@^4.0.0:
    inherits "^2.0.1"
    minimalistic-assert "^1.0.0"

-asn1.js@^5.0.1:
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-5.0.1.tgz#7668b56416953f0ce3421adbb3893ace59c96f59"
-  integrity sha512-aO8EaEgbgqq77IEw+1jfx5c9zTbzvkfuRBuZsSsPnTHMkmd5AI4J6OtITLZFa381jReeaQL67J0GBTUu0+ZTVw==
-  dependencies:
-    bn.js "^4.0.0"
-    inherits "^2.0.1"
-    minimalistic-assert "^1.0.0"
-
-asn1@0.2.3:
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.3.tgz#dac8787713c9966849fc8180777ebe9c1ddf3b86"
-  integrity sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y=
-
 asn1@~0.2.3:
  version "0.2.4"
  resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
@ -6508,7 +6474,7 @@ base64id@1.0.0:
  resolved "https://registry.yarnpkg.com/base64id/-/base64id-1.0.0.tgz#47688cb99bb6804f0e06d3e763b1c32e57d8e6b6"
  integrity sha1-R2iMuZu2gE8OBtPnY7HDLlfY5rY=

-base64url@^3.0.0, base64url@^3.0.1:
+base64url@^3.0.0:
  version "3.0.1"
  resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
  integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
@ -10562,19 +10528,6 @@ elliptic@^6.0.0:
    minimalistic-assert "^1.0.0"
    minimalistic-crypto-utils "^1.0.0"

-elliptic@^6.4.0, elliptic@^6.4.1:
-  version "6.4.1"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.4.1.tgz#c2d0b7776911b86722c632c3c06c60f2f819939a"
-  integrity sha512-BsXLz5sqX8OHcsh7CqBMztyXARmGQ3LWPtGjJi6DiJHq5C/qvi9P3OqgswKSDftbu8+IoI/QDTAm2fFnQ9SZSQ==
-  dependencies:
-    bn.js "^4.4.0"
-    brorand "^1.0.1"
-    hash.js "^1.0.0"
-    hmac-drbg "^1.0.0"
-    inherits "^2.0.1"
-    minimalistic-assert "^1.0.0"
-    minimalistic-crypto-utils "^1.0.0"
-
 emoji-regex@^7.0.1, emoji-regex@^7.0.2:
  version "7.0.3"
  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-7.0.3.tgz#933a04052860c85e83c122479c4748a8e4c72156"
@ -11980,11 +11933,6 @@ fast-safe-stringify@^2.0.4:
  resolved "https://registry.yarnpkg.com/fast-safe-stringify/-/fast-safe-stringify-2.0.6.tgz#04b26106cc56681f51a044cfc0d76cf0008ac2c2"
  integrity sha512-q8BZ89jjc+mz08rSxROs8VsrBBcn1SIw1kq9NjolL509tkABRk9io01RAjSaEv1Xb2uFLt8VtRiZbGp5H8iDtg==

-fast-text-encoding@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/fast-text-encoding/-/fast-text-encoding-1.0.0.tgz#3e5ce8293409cfaa7177a71b9ca84e1b1e6f25ef"
-  integrity sha512-R9bHCvweUxxwkDwhjav5vxpFvdPGlVngtqmx4pIZfSUhM/Q4NiIUHB456BAf+Q1Nwu3HEZYONtu+Rya+af4jiQ==
-
 fastparse@^1.1.1:
  version "1.1.1"
  resolved "https://registry.yarnpkg.com/fastparse/-/fastparse-1.1.1.tgz#d1e2643b38a94d7583b479060e6c4affc94071f8"
@ -19630,13 +19578,6 @@ node-releases@^1.1.3:
  dependencies:
    semver "^5.3.0"

-node-rsa@^0.4.0:
-  version "0.4.2"
-  resolved "https://registry.yarnpkg.com/node-rsa/-/node-rsa-0.4.2.tgz#d6391729ec16a830ed5a38042b3157d2d5d72530"
-  integrity sha1-1jkXKewWqDDtWjgEKzFX0tXXJTA=
-  dependencies:
-    asn1 "0.2.3"
-
 node-sass@^4.9.4:
  version "4.9.4"
  resolved "https://registry.yarnpkg.com/node-sass/-/node-sass-4.9.4.tgz#349bd7f1c89422ffe7e1e4b60f2055a69fbc5512"
@ -26289,7 +26230,7 @@ test-exclude@^5.0.0:
    read-pkg-up "^4.0.0"
    require-main-filename "^1.0.1"

-text-encoding@^0.6.1, text-encoding@^0.6.4:
+text-encoding@^0.6.4:
  version "0.6.4"
  resolved "https://registry.yarnpkg.com/text-encoding/-/text-encoding-0.6.4.tgz#e399a982257a276dae428bb92845cb71bdc26d19"
  integrity sha1-45mpgiV6J22uQou5KEXLcb3CbRk=