Add support for aes128gcm encoding (#150)

Fixes #48 #136

* Introduce Subscription object

* Fix CI

* Add content encoding field

* Actually prevent using a non supported content encoding

* Add PHPDoc tag

* Add content encoding to VAPID

* Add aes128gcm content encoding to VAPID

* Only send Encryption and Crypto-Key headers in aesgcm

* Add encryption logic of aes128gcm

* Add aes128gcm to supported content encodings

* Add encryptionContentCodingHeader

* Add test for every supported content encodings

* Use latest version of web-push-testing-service

* Fix test when browser doesn't have PushManager.supportedContentEncodings

* Fix pack ?

* Replace fcm/send by wp for FCM urls

* Add support for no padding in aes128gcm

* Fix record size for aes128gcm

* Fix padding with aes128gcm

* Update README

Author: Minishlink

.travis.yml

@@ -25,7 +25,7 @@ before_install:
   - nvm install node
 
 install:
-  - npm install web-push-testing-service -g
+  - npm install github:GoogleChromeLabs/web-push-testing-service -g
 
 before_script:
   - composer install --prefer-source -n

README.md

@@ -32,24 +32,30 @@ Use [composer](https://getcomposer.org/) to download and install the library and
 <?php
 
 use Minishlink\WebPush\WebPush;
+use Minishlink\WebPush\Subscription;
 
 // array of notifications
 $notifications = [
     [
-        'endpoint' => 'https://updates.push.services.mozilla.com/push/abc...', // Firefox 43+
+        'subscription' => Subscription::create([
+            'endpoint' => 'https://updates.push.services.mozilla.com/push/abc...', // Firefox 43+,
+            'publicKey' => 'BPcMbnWQL5GOYX/5LKZXT6sLmHiMsJSiEvIFvfcDvX7IZ9qqtq68onpTPEYmyxSQNiH7UD/98AUcQ12kBoxz/0s=', // base 64 encoded, should be 88 chars
+            'authToken' => 'CxVX6QsVToEGEcjfYPqXQw==', // base 64 encoded, should be 24 chars
+        ]),
         'payload' => 'hello !',
-        'userPublicKey' => 'BPcMbnWQL5GOYX/5LKZXT6sLmHiMsJSiEvIFvfcDvX7IZ9qqtq68onpTPEYmyxSQNiH7UD/98AUcQ12kBoxz/0s=', // base 64 encoded, should be 88 chars
-        'userAuthToken' => 'CxVX6QsVToEGEcjfYPqXQw==', // base 64 encoded, should be 24 chars
     ], [
-        'endpoint' => 'https://android.googleapis.com/gcm/send/abcdef...', // Chrome
+        'subscription' => Subscription::create([
+            'endpoint' => 'https://android.googleapis.com/gcm/send/abcdef...', // Chrome
+        ]),
         'payload' => null,
-        'userPublicKey' => null,
-        'userAuthToken' => null,
     ], [
-        'endpoint' => 'https://example.com/other/endpoint/of/another/vendor/abcdef...',
+        'subscription' => Subscription::create([
+            'endpoint' => 'https://example.com/other/endpoint/of/another/vendor/abcdef...',
+            'publicKey' => '(stringOf88Chars)',
+            'authToken' => '(stringOf24Chars)',
+            'contentEncoding' => 'aesgcm', // one of PushManager.supportedContentEncodings
+        ]),
         'payload' => '{msg:"test"}',
-        'userPublicKey' => '(stringOf88Chars)', 
-        'userAuthToken' => '(stringOf24Chars)',
     ],
 ];
 
@@ -58,20 +64,16 @@ $webPush = new WebPush();
 // send multiple notifications with payload
 foreach ($notifications as $notification) {
     $webPush->sendNotification(
-        $notification['endpoint'],
-        $notification['payload'], // optional (defaults null)
-        $notification['userPublicKey'], // optional (defaults null)
-        $notification['userAuthToken'] // optional (defaults null)
+        $notification['subscription'],
+        $notification['payload'] // optional (defaults null)
     );
 }
 $webPush->flush();
 
 // send one notification and flush directly
 $webPush->sendNotification(
-    $notifications[0]['endpoint'],
+    $notifications[0]['subscription'],
     $notifications[0]['payload'], // optional (defaults null)
-    $notifications[0]['userPublicKey'], // optional (defaults null)
-    $notifications[0]['userAuthToken'], // optional (defaults null)
     true // optional (defaults false)
 );
 ```
@@ -150,7 +152,7 @@ $webPush = new WebPush([], $defaultOptions);
 $webPush->setDefaultOptions($defaultOptions);
 
 // or for one notification
-$webPush->sendNotification($endpoint, $payload, $userPublicKey, $userAuthToken, $flush, ['TTL' => 5000]);
+$webPush->sendNotification($subscription, $payload, $flush, ['TTL' => 5000]);
 ```
 
 #### TTL
@@ -302,7 +304,7 @@ require __DIR__ . '/path/to/vendor/autoload.php';
 ```
 
 ### I must use PHP 5.4 or 5.5. What can I do?
-You won't be able to send any payload, so you'll only be able to use `sendNotification($endpoint)`.
+You won't be able to send any payload, so you'll only be able to use `sendNotification($subscription)`.
 Install the library with `composer` using `--ignore-platform-reqs`.
 The workaround for getting the payload is to fetch it in the service worker ([example](https://github.com/Minishlink/physbook/blob/2ed8b9a8a217446c9747e9191a50d6312651125d/web/service-worker.js#L75)). 
 

src/Encryption.php

@@ -26,36 +26,66 @@ class Encryption
 
     /**
      * @param string $payload
-     * @param int    $maxLengthToPad
-     *
+     * @param int $maxLengthToPad
+     * @param string $contentEncoding
      * @return string padded payload (plaintext)
+     * @throws \ErrorException
      */
-    public static function padPayload(string $payload, int $maxLengthToPad): string
+    public static function padPayload(string $payload, int $maxLengthToPad, string $contentEncoding): string
     {
         $payloadLen = Utils::safeStrlen($payload);
         $padLen = $maxLengthToPad ? $maxLengthToPad - $payloadLen : 0;
 
-        return pack('n*', $padLen).str_pad($payload, $padLen + $payloadLen, chr(0), STR_PAD_LEFT);
+        if ($contentEncoding === "aesgcm") {
+            return pack('n*', $padLen).str_pad($payload, $padLen + $payloadLen, chr(0), STR_PAD_LEFT);
+        } else if ($contentEncoding === "aes128gcm") {
+            return str_pad($payload.chr(2), $padLen + $payloadLen, chr(0), STR_PAD_RIGHT);
+        } else {
+            throw new \ErrorException("This content encoding is not supported");
+        }
     }
 
     /**
-     * @param string $payload       With padding
+     * @param string $payload With padding
      * @param string $userPublicKey Base 64 encoded (MIME or URL-safe)
      * @param string $userAuthToken Base 64 encoded (MIME or URL-safe)
+     * @param string $contentEncoding
+     * @return array
      *
+     * @throws \ErrorException
+     */
+    public static function encrypt(string $payload, string $userPublicKey, string $userAuthToken, string $contentEncoding): array
+    {
+        return self::deterministicEncrypt(
+            $payload,
+            $userPublicKey,
+            $userAuthToken,
+            $contentEncoding,
+            self::createLocalKeyObject(),
+            random_bytes(16)
+        );
+    }
+
+    /**
+     * @param string $payload
+     * @param string $userPublicKey
+     * @param string $userAuthToken
+     * @param string $contentEncoding
+     * @param array $localKeyObject
+     * @param string $salt
      * @return array
      *
      * @throws \ErrorException
      */
-    public static function encrypt(string $payload, string $userPublicKey, string $userAuthToken): array
+    public static function deterministicEncrypt(string $payload, string $userPublicKey, string $userAuthToken, string $contentEncoding, array $localKeyObject, string $salt): array
     {
         $userPublicKey = Base64Url::decode($userPublicKey);
         $userAuthToken = Base64Url::decode($userAuthToken);
 
         $curve = NistCurve::curve256();
 
         // get local key pair
-        list($localPublicKeyObject, $localPrivateKeyObject) = self::createLocalKeyObject();
+        list($localPublicKeyObject, $localPrivateKeyObject) = $localKeyObject;
         $localPublicKey = hex2bin(Utils::serializePublicKey($localPublicKeyObject));
 
         // get user public key object
@@ -69,23 +99,18 @@ public static function encrypt(string $payload, string $userPublicKey, string $u
         $sharedSecret = $curve->mul($userPublicKeyObject->getPoint(), $localPrivateKeyObject->getSecret())->getX();
         $sharedSecret = hex2bin(str_pad(gmp_strval($sharedSecret, 16), 64, '0', STR_PAD_LEFT));
 
-        // generate salt
-        $salt = random_bytes(16);
-
         // section 4.3
-        $ikm = !empty($userAuthToken) ?
-            self::hkdf($userAuthToken, $sharedSecret, 'Content-Encoding: auth'.chr(0), 32) :
-            $sharedSecret;
+        $ikm = self::getIKM($userAuthToken, $userPublicKey, $localPublicKey, $sharedSecret, $contentEncoding);
 
         // section 4.2
-        $context = self::createContext($userPublicKey, $localPublicKey);
+        $context = self::createContext($userPublicKey, $localPublicKey, $contentEncoding);
 
         // derive the Content Encryption Key
-        $contentEncryptionKeyInfo = self::createInfo('aesgcm', $context);
+        $contentEncryptionKeyInfo = self::createInfo($contentEncoding, $context, $contentEncoding);
         $contentEncryptionKey = self::hkdf($salt, $ikm, $contentEncryptionKeyInfo, 16);
 
         // section 3.3, derive the nonce
-        $nonceInfo = self::createInfo('nonce', $context);
+        $nonceInfo = self::createInfo('nonce', $context, $contentEncoding);
         $nonce = self::hkdf($salt, $ikm, $nonceInfo, 12);
 
         // encrypt
@@ -94,12 +119,24 @@ public static function encrypt(string $payload, string $userPublicKey, string $u
 
         // return values in url safe base64
         return [
-            'localPublicKey' => Base64Url::encode($localPublicKey),
-            'salt' => Base64Url::encode($salt),
+            'localPublicKey' => $localPublicKey,
+            'salt' => $salt,
             'cipherText' => $encryptedText.$tag,
         ];
     }
 
+    public static function getContentCodingHeader($salt, $localPublicKey, $contentEncoding): string
+    {
+        if ($contentEncoding === "aes128gcm") {
+            return $salt
+                .pack('N*', 4096)
+                .pack('C*', Utils::safeStrlen($localPublicKey))
+                .$localPublicKey;
+        }
+
+        return "";
+    }
+
     /**
      * HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
      *
@@ -138,12 +175,16 @@ private static function hkdf(string $salt, string $ikm, string $info, int $lengt
      * @param string $clientPublicKey The client's public key
      * @param string $serverPublicKey Our public key
      *
-     * @return string
+     * @return null|string
      *
      * @throws \ErrorException
      */
-    private static function createContext(string $clientPublicKey, string $serverPublicKey): string
+    private static function createContext(string $clientPublicKey, string $serverPublicKey, $contentEncoding): ?string
     {
+        if ($contentEncoding === "aes128gcm") {
+            return null;
+        }
+
         if (Utils::safeStrlen($clientPublicKey) !== 65) {
             throw new \ErrorException('Invalid client public key length');
         }
@@ -163,20 +204,30 @@ private static function createContext(string $clientPublicKey, string $serverPub
      * {@link https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-00}
      * From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}.
      *
-     * @param string $type    The type of the info record
-     * @param string $context The context for the record
-     *
+     * @param string $type The type of the info record
+     * @param string|null $context The context for the record
+     * @param string $contentEncoding
      * @return string
      *
      * @throws \ErrorException
      */
-    private static function createInfo(string $type, string $context): string
+    private static function createInfo(string $type, ?string $context, string $contentEncoding): string
     {
-        if (Utils::safeStrlen($context) !== 135) {
-            throw new \ErrorException('Context argument has invalid size');
+        if ($contentEncoding === "aesgcm") {
+            if (!$context) {
+                throw new \ErrorException('Context must exist');
+            }
+
+            if (Utils::safeStrlen($context) !== 135) {
+                throw new \ErrorException('Context argument has invalid size');
+            }
+
+            return 'Content-Encoding: '.$type.chr(0).'P-256'.$context;
+        } else if ($contentEncoding === "aes128gcm") {
+            return 'Content-Encoding: '.$type.chr(0);
         }
 
-        return 'Content-Encoding: '.$type.chr(0).'P-256'.$context;
+        throw new \ErrorException('This content encoding is not supported.');
     }
 
     /**
@@ -234,4 +285,30 @@ private static function createLocalKeyObjectUsingOpenSSL(): array
             PrivateKey::create(gmp_init(bin2hex($details['ec']['d']), 16))
         ];
     }
+
+    /**
+     * @param string $userAuthToken
+     * @param string $userPublicKey
+     * @param string $localPublicKey
+     * @param string $sharedSecret
+     * @param string $contentEncoding
+     * @return string
+     * @throws \ErrorException
+     */
+    private static function getIKM(string $userAuthToken, string $userPublicKey, string $localPublicKey, string $sharedSecret, string $contentEncoding): string
+    {
+        if (!empty($userAuthToken)) {
+            if ($contentEncoding === "aesgcm") {
+                $info = 'Content-Encoding: auth'.chr(0);
+            } else if ($contentEncoding === "aes128gcm") {
+                $info = "WebPush: info".chr(0).$userPublicKey.$localPublicKey;
+            } else {
+                throw new \ErrorException("This content encoding is not supported");
+            }
+
+            return self::hkdf($userAuthToken, $sharedSecret, $info, 32);
+        }
+
+        return $sharedSecret;
+    }
 }

src/Notification.php

@@ -15,18 +15,12 @@
 
 class Notification
 {
-    /** @var string */
-    private $endpoint;
+    /** @var Subscription */
+    private $subscription;
 
     /** @var null|string */
     private $payload;
 
-    /** @var null|string */
-    private $userPublicKey;
-
-    /** @var null|string */
-    private $userAuthToken;
-
     /** @var array Options : TTL, urgency, topic */
     private $options;
 
@@ -36,29 +30,25 @@ class Notification
     /**
      * Notification constructor.
      *
-     * @param string      $endpoint
+     * @param Subscription $subscription
      * @param null|string $payload
-     * @param null|string $userPublicKey
-     * @param null|string $userAuthToken
-     * @param array       $options
-     * @param array       $auth
+     * @param array $options
+     * @param array $auth
      */
-    public function __construct(string $endpoint, ?string $payload, ?string $userPublicKey, ?string $userAuthToken, array $options, array $auth)
+    public function __construct(Subscription $subscription, ?string $payload, array $options, array $auth)
     {
-        $this->endpoint = $endpoint;
+        $this->subscription = $subscription;
         $this->payload = $payload;
-        $this->userPublicKey = $userPublicKey;
-        $this->userAuthToken = $userAuthToken;
         $this->options = $options;
         $this->auth = $auth;
     }
 
     /**
-     * @return string
+     * @return Subscription
      */
-    public function getEndpoint(): string
+    public function getSubscription(): Subscription
     {
-        return $this->endpoint;
+        return $this->subscription;
     }
 
     /**
@@ -69,22 +59,6 @@ public function getPayload(): ?string
         return $this->payload;
     }
 
-    /**
-     * @return null|string
-     */
-    public function getUserPublicKey(): ?string
-    {
-        return $this->userPublicKey;
-    }
-
-    /**
-     * @return null|string
-     */
-    public function getUserAuthToken(): ?string
-    {
-        return $this->userAuthToken;
-    }
-
     /**
      * @param array $defaultOptions
      *