fix: add padded message

Author: trueChazza

lib/web_push_elixir.ex

@@ -20,19 +20,15 @@ defmodule WebPushElixir do
     |> :binary.part(0, length)
   end
 
-  defp encrypt(
-         message,
-         auth,
-         p256dh,
-         vapid_public_key,
-         vapid_private_key
-       ) do
+  defp encrypt(message, p256dh, auth) do
     client_public_key = url_decode(p256dh)
     client_auth_secret = url_decode(auth)
 
     salt = :crypto.strong_rand_bytes(16)
 
-    shared_secret = :crypto.compute_key(:ecdh, client_public_key, vapid_private_key, :prime256v1)
+    {local_public_key, local_private_key} = :crypto.generate_key(:ecdh, :prime256v1)
+
+    shared_secret = :crypto.compute_key(:ecdh, client_public_key, local_private_key, :prime256v1)
 
     pseudo_random_key =
       hmac_based_key_derivation_function(
@@ -45,7 +41,7 @@ defmodule WebPushElixir do
     context =
       <<0, byte_size(client_public_key)::unsigned-big-integer-size(16)>> <>
         client_public_key <>
-        <<byte_size(vapid_public_key)::unsigned-big-integer-size(16)>> <> vapid_public_key
+        <<byte_size(local_public_key)::unsigned-big-integer-size(16)>> <> local_public_key
 
     content_encryption_key_info = "Content-Encoding: aesgcm" <> <<0>> <> "P-256" <> context
 
@@ -60,17 +56,19 @@ defmodule WebPushElixir do
         12
       )
 
+    padded_message = <<0::unsigned-big-integer-size(16)>> <> :binary.copy(<<0>>, 0) <> message
+
     {cipher_text, cipher_tag} =
       :crypto.crypto_one_time_aead(
         :aes_128_gcm,
         content_encryption_key,
         nonce,
-        message,
-        "",
+        padded_message,
+        <<>>,
         true
       )
 
-    %{ciphertext: cipher_text <> cipher_tag, salt: salt}
+    %{ciphertext: cipher_text <> cipher_tag, salt: salt, local_public_key: local_public_key}
   end
 
   defp sign_json_web_token(endpoint, vapid_public_key, vapid_private_key) do
@@ -100,15 +98,18 @@ defmodule WebPushElixir do
     %{endpoint: endpoint, keys: %{auth: auth, p256dh: p256dh}} =
       Jason.decode!(subscription, keys: :atoms)
 
-    encrypted = encrypt(message, auth, p256dh, vapid_public_key, vapid_private_key)
+    encrypted = encrypt(message, p256dh, auth)
 
     signed_json_web_token =
       sign_json_web_token(endpoint, vapid_public_key, vapid_private_key)
 
     HTTPoison.post(endpoint, encrypted.ciphertext, %{
       "Authorization" => "WebPush #{signed_json_web_token}",
       "Content-Encoding" => "aesgcm",
-      "Crypto-Key" => "p256ecdsa=#{url_encode(vapid_public_key)}",
+      "Content-Length" => "#{byte_size(encrypted.ciphertext)}",
+      "Content-Type" => "application/octet-stream",
+      "Crypto-Key" =>
+        "dh=#{url_encode(encrypted.local_public_key)};p256ecdsa=#{url_encode(vapid_public_key)}",
       "Encryption" => "salt=#{url_encode(encrypted.salt)}",
       "TTL" => "60"
     })

lib/web_push_elixir/main.js

@@ -1,5 +1,5 @@
 navigator.serviceWorker
-    .register('/web-push-elixir/service-worker.js')
+    .register('/service-worker.js')
     .then(registration => {
       console.log('Service worker successfully registered.');
     })
@@ -20,7 +20,7 @@ button.addEventListener('click', event => {
 
                 registration.pushManager.subscribe({
                     userVisibleOnly: true,
-                    applicationServerKey: "some_public_key"
+                    applicationServerKey: 'some_public_key'
                 }).then(pushSubscription => {
                     console.log('Received PushSubscription: ', JSON.stringify(pushSubscription));
                 });

lib/web_push_elixir/mock_server.ex

@@ -4,7 +4,7 @@ defmodule WebPushElixir.MockServer do
   plug(:match)
   plug(:dispatch)
 
-  post "/some-endpoint" do
+  post "/some-push-service" do
     conn
     |> Plug.Conn.send_resp(200, "ok")
   end
@@ -27,13 +27,13 @@ defmodule WebPushElixir.MockServer do
     |> Plug.Conn.send_file(200, "./lib/web_push_elixir/main.js")
   end
 
-  get "/web-push-elixir/service-worker.js" do
+  get "/service-worker.js" do
     conn
     |> put_resp_header("content-type", "application/x-javascript")
     |> Plug.Conn.send_file(200, "./lib/web_push_elixir/service-worker.js")
   end
 
-  get "/service-worker.js" do
+  get "/web-push-elixir/service-worker.js" do
     conn
     |> put_resp_header("content-type", "application/x-javascript")
     |> Plug.Conn.send_file(200, "./lib/web_push_elixir/service-worker.js")

test/generate_vapid_keys_test.exs

@@ -3,8 +3,8 @@ defmodule GenerateVapidKeysTest do
 
   test "it should generate" do
     assert %{
-             vapid_public_key: <<_public_key::binary>>,
-             vapid_private_key: <<_private_key::binary>>,
+             vapid_public_key: <<_vapid_public_key::binary>>,
+             vapid_private_key: <<_vapid_private_key::binary>>,
              vapid_subject: "mailto:admin@email.com"
            } = Mix.Tasks.Generate.Vapid.Keys.run([])
   end

test/web_push_elixir_test.exs

@@ -1,7 +1,7 @@
 defmodule WebPushElixirTest do
   use ExUnit.Case
 
-  @subscription ~c"{\"endpoint\":\"http://localhost:4040/some-endpoint\",\"keys\":{\"p256dh\":\"BIPUL12DLfytvTajnryr2PRdAgXS3HGKiLqndGcJGabyhHheJYlNGCeXl1dn18gSJ1WAkAPIxr4gK0_dQds4yiI=\",\"auth\":\"FPssNDTKnInHVndSTdbKFw==\"}}"
+  @subscription ~c"{\"endpoint\":\"http://localhost:4040/some-push-service\",\"keys\":{\"p256dh\":\"BIPUL12DLfytvTajnryr2PRdAgXS3HGKiLqndGcJGabyhHheJYlNGCeXl1dn18gSJ1WAkAPIxr4gK0_dQds4yiI=\",\"auth\":\"FPssNDTKnInHVndSTdbKFw==\"}}"
 
   test "it should send notification" do
     %{
@@ -21,7 +21,9 @@ defmodule WebPushElixirTest do
     assert [
              {"Authorization", "WebPush " <> <<_jwt::binary>>},
              {"Content-Encoding", "aesgcm"},
-             {"Crypto-Key", "p256ecdsa=" <> <<_vapid_public_key::binary>>},
+             {"Content-Length", <<_content_length::binary>>},
+             {"Content-Type", "application/octet-stream"},
+             {"Crypto-Key", <<_crypto_keys::binary>>},
              {"Encryption", "salt=" <> <<_salt::binary>>},
              {"TTL", "60"}
            ] = response.request.headers
@@ -58,14 +60,26 @@ defmodule WebPushElixirTest do
 
     assert [
              {"cache-control", "max-age=0, private, must-revalidate"},
-             {"content-length", "903"},
+             {"content-length", "887"},
              {"content-type", "application/x-javascript"},
              {"date", <<_date::binary>>},
              {"server", "Cowboy"}
            ] = response.headers
   end
 
   test "it should have service worker headers" do
+    {:ok, response} = HTTPoison.get(~c"http://localhost:4040/service-worker.js")
+
+    assert [
+             {"cache-control", "max-age=0, private, must-revalidate"},
+             {"content-length", "262"},
+             {"content-type", "application/x-javascript"},
+             {"date", <<_date::binary>>},
+             {"server", "Cowboy"}
+           ] = response.headers
+  end
+
+  test "it should have static service worker headers" do
     {:ok, response} = HTTPoison.get(~c"http://localhost:4040/web-push-elixir/service-worker.js")
 
     assert [