String JSCryptoKeySerializationJWK::serialize(ExecState* exec, const CryptoKey& key)
{
std::unique_ptr<CryptoKeyData> keyData = key.exportData();
if (!keyData) {
// This generally shouldn't happen as long as all key types implement exportData(), but as underlying libraries return errors, there may be some rare failure conditions.
throwTypeError(exec, "Couldn't export key material");
return String();
}
JSObject* result = constructEmptyObject(exec);
addJWKAlgorithmToJSON(exec, result, key);
if (exec->hadException())
return String();
addBoolToJSON(exec, result, "extractable", key.extractable());
addJWKUseToJSON(exec, result, key.usagesBitmap());
if (exec->hadException())
return String();
if (isCryptoKeyDataOctetSequence(*keyData))
buildJSONForOctetSequence(exec, toCryptoKeyDataOctetSequence(*keyData).octetSequence(), result);
else if (isCryptoKeyDataRSAComponents(*keyData))
buildJSONForRSAComponents(exec, toCryptoKeyDataRSAComponents(*keyData), result);
else {
throwTypeError(exec, "Key doesn't support exportKey");
return String();
}
if (exec->hadException())
return String();
return JSONStringify(exec, result, 4);
}
bool ScriptValueSerializerForModules::writeCryptoKey(v8::Local<v8::Value> value)
{
CryptoKey* key = V8CryptoKey::toImpl(value.As<v8::Object>());
if (!key)
return false;
return toSerializedScriptValueWriterForModules(writer()).writeCryptoKey(key->key());
}
void V8CryptoKey::algorithmAttributeGetterCustom(const v8::PropertyCallbackInfo<v8::Value>& info)
{
CryptoKey* impl = V8CryptoKey::toImpl(info.Holder());
DictionaryBuilder builder(info.Holder(), info.GetIsolate());
impl->key().algorithm().writeToDictionary(&builder);
v8SetReturnValue(info, builder.dictionary().v8Value());
}
static void exportKey(ExecState* exec, CryptoKeyFormat keyFormat, const CryptoKey& key, CryptoAlgorithm::VectorCallback callback, CryptoAlgorithm::VoidCallback failureCallback)
{
if (!key.extractable()) {
throwTypeError(exec, "Key is not extractable");
return;
}
switch (keyFormat) {
case CryptoKeyFormat::Raw: {
Vector<uint8_t> result;
if (CryptoKeySerializationRaw::serialize(key, result))
callback(result);
else
failureCallback();
break;
}
case CryptoKeyFormat::JWK: {
String result = JSCryptoKeySerializationJWK::serialize(exec, key);
if (exec->hadException())
return;
CString utf8String = result.utf8(StrictConversion);
Vector<uint8_t> resultBuffer;
resultBuffer.append(utf8String.data(), utf8String.length());
callback(resultBuffer);
break;
}
default:
throwTypeError(exec, "Unsupported key format for export");
break;
}
}
static void exportKey(ExecState& state, CryptoKeyFormat keyFormat, const CryptoKey& key, CryptoAlgorithm::VectorCallback callback, CryptoAlgorithm::VoidCallback failureCallback)
{
VM& vm = state.vm();
auto scope = DECLARE_THROW_SCOPE(vm);
if (!key.extractable()) {
throwTypeError(&state, scope, ASCIILiteral("Key is not extractable"));
return;
}
switch (keyFormat) {
case CryptoKeyFormat::Raw: {
Vector<uint8_t> result;
if (CryptoKeySerializationRaw::serialize(key, result))
callback(result);
else
failureCallback();
break;
}
case CryptoKeyFormat::JWK: {
String result = JSCryptoKeySerializationJWK::serialize(&state, key);
RETURN_IF_EXCEPTION(scope, void());
CString utf8String = result.utf8(StrictConversion);
Vector<uint8_t> resultBuffer;
resultBuffer.append(utf8String.data(), utf8String.length());
callback(resultBuffer);
break;
}
default:
throwTypeError(&state, scope, ASCIILiteral("Unsupported key format for export"));
break;
}
}
bool CryptoAlgorithmAES_KW::keyAlgorithmMatches(const CryptoAlgorithmParameters&, const CryptoKey& key) const
{
if (key.algorithmIdentifier() != s_identifier)
return false;
ASSERT(isCryptoKeyAES(key));
return true;
}
bool CryptoAlgorithmHMAC::keyAlgorithmMatches(const CryptoAlgorithmHmacParamsDeprecated& parameters, const CryptoKey& key) const
{
if (key.algorithmIdentifier() != s_identifier)
return false;
if (downcast<CryptoKeyHMAC>(key).hashAlgorithmIdentifier() != parameters.hash)
return false;
return true;
}
bool CryptoAlgorithmRSA_OAEP::keyAlgorithmMatches(const CryptoAlgorithmRsaOaepParams& algorithmParameters, const CryptoKey& key) const
{
if (key.algorithmIdentifier() != s_identifier)
return false;
CryptoAlgorithmIdentifier keyHash;
if (downcast<CryptoKeyRSA>(key).isRestrictedToHash(keyHash) && keyHash != algorithmParameters.hash)
return false;
return true;
}
bool CryptoAlgorithmRSASSA_PKCS1_v1_5::keyAlgorithmMatches(const CryptoAlgorithmRsaSsaParamsDeprecated& algorithmParameters, const CryptoKey& key) const
{
if (key.algorithmIdentifier() != s_identifier)
return false;
CryptoAlgorithmIdentifier keyHash;
if (downcast<CryptoKeyRSA>(key).isRestrictedToHash(keyHash) && keyHash != algorithmParameters.hash)
return false;
return true;
}
bool CryptoKeySerializationRaw::serialize(const CryptoKey& key, Vector<uint8_t>& result)
{
std::unique_ptr<CryptoKeyData> keyData = key.exportData();
if (!keyData) {
// This generally shouldn't happen as long as all key types implement exportData(), but as underlying libraries return errors, there may be some rare failure conditions.
return false;
}
if (!is<CryptoKeyDataOctetSequence>(*keyData))
return false;
result.appendVector(downcast<CryptoKeyDataOctetSequence>(*keyData).octetSequence());
return true;
}
void JSCryptoKeySerializationJWK::addJWKAlgorithmToJSON(ExecState* exec, JSObject* json, const CryptoKey& key)
{
String jwkAlgorithm;
switch (key.algorithmIdentifier()) {
case CryptoAlgorithmIdentifier::HMAC:
switch (toCryptoKeyHMAC(key).hashAlgorithmIdentifier()) {
case CryptoAlgorithmIdentifier::SHA_256:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 256)
jwkAlgorithm = "HS256";
break;
case CryptoAlgorithmIdentifier::SHA_384:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 384)
jwkAlgorithm = "HS384";
break;
case CryptoAlgorithmIdentifier::SHA_512:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 512)
jwkAlgorithm = "HS512";
break;
default:
break;
}
break;
case CryptoAlgorithmIdentifier::AES_CBC:
switch (toCryptoKeyAES(key).key().size() * 8) {
case 128:
jwkAlgorithm = "A128CBC";
break;
case 192:
jwkAlgorithm = "A192CBC";
break;
case 256:
jwkAlgorithm = "A256CBC";
break;
}
break;
case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5: {
const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
CryptoAlgorithmIdentifier hash;
if (!rsaKey.isRestrictedToHash(hash))
break;
if (rsaKey.keySizeInBits() < 2048)
break;
switch (hash) {
case CryptoAlgorithmIdentifier::SHA_256:
jwkAlgorithm = "RS256";
break;
case CryptoAlgorithmIdentifier::SHA_384:
jwkAlgorithm = "RS384";
break;
case CryptoAlgorithmIdentifier::SHA_512:
jwkAlgorithm = "RS512";
break;
default:
break;
}
break;
}
default:
break;
}
if (jwkAlgorithm.isNull()) {
// The spec doesn't currently tell whether export should fail, or just skip "alg" (which is an optional key in JWK).
// Perhaps this should depend on whether the key is extractable?
throwTypeError(exec, "Key algorithm and size do not map to any JWK algorithm identifier");
return;
}
addToJSON(exec, json, "alg", jwkAlgorithm);
}
bool ContactRequestClient::buildRequestData(QByteArray cookie)
{
/* [2*length][16*hostname][16*serverCookie][16*connSecret][data:pubkey][str:nick][str:message][data:signature] */
QByteArray requestData;
CommandDataParser request(&requestData);
/* Hostname */
QString hostname = user->hostname();
hostname.truncate(hostname.lastIndexOf(QLatin1Char('.')));
if (hostname.size() != 16)
{
qWarning() << "Cannot send contact request: unable to determine the remote service hostname";
return false;
}
/* Connection secret */
QByteArray connSecret = user->settings()->read<Base64Encode>("localSecret");
if (connSecret.size() != 16)
{
qWarning() << "Cannot send contact request: invalid local secret";
return false;
}
/* Public service key */
Tor::HiddenService *service = user->identity->hiddenService();
CryptoKey serviceKey;
if (!service || !(serviceKey = service->cryptoKey()).isLoaded())
{
qWarning() << "Cannot send contact request: failed to load service key";
return false;
}
QByteArray publicKeyData = serviceKey.encodedPublicKey();
if (publicKeyData.isNull())
{
qWarning() << "Cannot send contact request: failed to encode service key";
return false;
}
/* Build request */
request << (quint16)0; /* placeholder for length */
request.writeFixedData(hostname.toLatin1());
request.writeFixedData(cookie);
request.writeFixedData(connSecret);
request.writeVariableData(publicKeyData);
request << myNickname() << message();
if (request.hasError())
{
qWarning() << "Cannot send contact request: command building failed";
return false;
}
/* Sign request, excluding the length field */
QByteArray signature = serviceKey.signData(requestData.mid(2));
if (signature.isNull())
{
qWarning() << "Cannot send contact request: failed to sign request";
return false;
}
request.writeVariableData(signature);
if (request.hasError())
{
qWarning() << "Cannot send contact request: command building failed";
return false;
}
/* Set length */
qToBigEndian((quint16)requestData.size(), reinterpret_cast<uchar*>(requestData.data()));
/* Send */
qint64 re = socket->write(requestData);
Q_ASSERT(re == requestData.size());
Q_UNUSED(re);
qDebug() << "Contact request for" << user->uniqueID << "sent request data";
return true;
}
static void addJWKAlgorithmToJSON(ExecState* exec, JSObject* json, const CryptoKey& key)
{
String jwkAlgorithm;
switch (key.algorithmIdentifier()) {
case CryptoAlgorithmIdentifier::HMAC:
switch (toCryptoKeyHMAC(key).hashAlgorithmIdentifier()) {
case CryptoAlgorithmIdentifier::SHA_256:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 256)
jwkAlgorithm = "HS256";
break;
case CryptoAlgorithmIdentifier::SHA_384:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 384)
jwkAlgorithm = "HS384";
break;
case CryptoAlgorithmIdentifier::SHA_512:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 512)
jwkAlgorithm = "HS512";
break;
default:
break;
}
break;
case CryptoAlgorithmIdentifier::AES_CBC:
switch (toCryptoKeyAES(key).key().size() * 8) {
case 128:
jwkAlgorithm = "A128CBC";
break;
case 192:
jwkAlgorithm = "A192CBC";
break;
case 256:
jwkAlgorithm = "A256CBC";
break;
}
break;
case CryptoAlgorithmIdentifier::AES_KW:
switch (toCryptoKeyAES(key).key().size() * 8) {
case 128:
jwkAlgorithm = "A128KW";
break;
case 192:
jwkAlgorithm = "A192KW";
break;
case 256:
jwkAlgorithm = "A256KW";
break;
}
break;
case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5: {
const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
CryptoAlgorithmIdentifier hash;
if (!rsaKey.isRestrictedToHash(hash))
break;
if (rsaKey.keySizeInBits() < 2048)
break;
switch (hash) {
case CryptoAlgorithmIdentifier::SHA_256:
jwkAlgorithm = "RS256";
break;
case CryptoAlgorithmIdentifier::SHA_384:
jwkAlgorithm = "RS384";
break;
case CryptoAlgorithmIdentifier::SHA_512:
jwkAlgorithm = "RS512";
break;
default:
break;
}
break;
}
case CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5: {
const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
if (rsaKey.keySizeInBits() < 2048)
break;
jwkAlgorithm = "RSA1_5";
break;
}
case CryptoAlgorithmIdentifier::RSA_OAEP: {
const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
CryptoAlgorithmIdentifier hash;
// WebCrypto RSA-OAEP keys are not tied to any particular hash, unless previously imported from JWK, which only supports SHA-1.
if (rsaKey.isRestrictedToHash(hash) && hash != CryptoAlgorithmIdentifier::SHA_1)
break;
if (rsaKey.keySizeInBits() < 2048)
break;
jwkAlgorithm = "RSA-OAEP";
break;
}
default:
break;
}
if (jwkAlgorithm.isNull()) {
// The spec doesn't currently tell whether export should fail, or just skip "alg" (which is an optional key in JWK).
throwTypeError(exec, "Key algorithm and size do not map to any JWK algorithm identifier");
return;
}
addToJSON(exec, json, "alg", jwkAlgorithm);
}
