Use FIPS-approved SHA256 instead of weak MD5 #8379
Conversation
|
Is it a breaking change for all workspace and plugin storages out there? All data will be lost? We need a migration? |
|
I've noticed also that we bogusly encode workspace roots into workspace id leading to bugs like #7472 I think the proper solution will be to align with VS Code implementation, maybe it does not even require usage of crypto. There is not a real security concern in affected code. It seems to be misusage of crypto to generate identifiers. Plus we should make sure that data are not lost, but migrated. |
| @@ -1457,7 +1457,7 @@ export class ProcessExecution { | |||
| } | |||
|
|
|||
| public computeId(): string { | |||
| const hash = crypto.createHash('md5'); | |||
| const hash = crypto.createHash('sha256'); | |||
There was a problem hiding this comment.
Not sure about backward computability consequences of changing this file. Do we store them somewhere and should read again or it is pure runtime thing?
There was a problem hiding this comment.
As I see, it's used at runtime only.
BTW I've found that it has been reworked in VS Code to generate IDs based on the command line instead of hashes.
microsoft/vscode@36d9d04
We need to update it in Theia correspondingly. I'll take a look at whether it can be done within this PR.
There was a problem hiding this comment.
I've changed the IDs generation according to the current VS Code state. Now, it doesn't require crypto Node module.
|
It breaks the Tasks list. With the changes: From master branch: Also, Need to investigate how it's related. |
|
I can reproduce both issues (mentioned above) on master branch as well. They are randomly reproducible and are not related to the PR changes. |
azatsarynnyy
changed the title
|
I'm restarting travis job that failed on macos |
|
@azatsarynnyy it is good, but we cannot switch algorithm for global and plugin state without providing migrations for old state. It will wipe out all state for VS Code extensions for existing installations. |
@akosyakov I agree that we should migrate the plugins' data. |
What would happen if someone migrated from 1.0.0 to 1.8.0? user data will be erased? Probably it is just should stay in codebase forever in the same way since it touches end user data. |
You are right @akosyakov. Thanks. I'll look for another way to fix #8378 |
| // md5 is not FIPS-approved but we have to continue use it as there're existing storage folders based on it | ||
| return crypto.createHash('md5').update(str).digest('hex'); | ||
| } catch (e) { | ||
| // FIPS-compliant |
There was a problem hiding this comment.
Can we narrow down the error and log in all other cases? to avoid false positively creating sha256 hashes?
Signed-off-by: Artem Zatsarynnyi <azatsary@redhat.com>
Signed-off-by: Artem Zatsarynnyi <azatsary@redhat.com>
azatsarynnyy
force-pushed
the
az/crypto
branch
from
f23730d to
604de71
Compare
|
Here are several screenshots made in the downstream product. With FIPS mode disabled, storage folders names are generated with MD5 - with no changes comparing to master branch Shell task is running well in both modes, without any changes If there're no objections, I'll merge it by the EOD. |
azatsarynnyy
changed the title
Signed-off-by: Artem Zatsarynnyi azatsary@redhat.com
What it does
Fixes #8378 by removing MD5 usage.
How to test
The simplest variant to test it is to run Theia and see that there's no unusual error logged, frontend is loaded as usual and Task of types
process/shellworks as expected.If it's possible, you can check the same in an OS with FIPS mode enabled. E.g. here's the instructions for Red Hat Enterprise Linux 7.
Review checklist
Reminder for reviewers