Support aes128gcm

README.md

@@ -132,7 +132,8 @@ const options = {
   TTL: <Number>,
   headers: {
     '< header name >': '< header value >'
-  }
+  },
+  contentEncoding: '< Encoding type, e.g.: aesgcm or aes128gcm >'
 }
 
 webpush.sendNotification(
@@ -179,6 +180,7 @@ request only. This overrides any API key set via `setGCMAPIKey()`.
 - **TTL** is a value in seconds that describes how long a push message is
 retained by the push service (by default, four weeks).
 - **headers** is an object with all the extra headers you want to add to the request.
+- **contentEncoding** is the type of push encoding to use (e.g. 'aesgcm', by default, or 'aes128gcm').
 
 ### Returns
 
@@ -237,7 +239,7 @@ None.
 
 <hr />
 
-## encrypt(userPublicKey, userAuth, payload)
+## encrypt(userPublicKey, userAuth, payload, contentEncoding)
 
 ```javascript
 const pushSubscription = {
@@ -250,7 +252,8 @@ const pushSubscription = {
 webPush.encrypt(
   pushSubscription.keys.p256dh,
   pushSubscription.keys.auth,
-  'My Payload'
+  'My Payload',
+  'aes128gcm'
 )
 .then(encryptionDetails => {
 
@@ -270,6 +273,7 @@ The `encrypt()` method expects the following input:
 - *userPublicKey*: the public key of the receiver (from the browser).
 - *userAuth*: the auth secret of the receiver (from the browser).
 - *payload*: the message to attach to the notification.
+- *contentEncoding*: the type of content encoding to use (e.g. aesgcm or aes128gcm).
 
 ### Returns
 
@@ -282,7 +286,7 @@ encryption.
 
 <hr />
 
-## getVapidHeaders(audience, subject, publicKey, privateKey, expiration)
+## getVapidHeaders(audience, subject, publicKey, privateKey, contentEncoding, expiration)
 
 ```javascript
 const parsedUrl = url.parse(subscription.endpoint);
@@ -293,7 +297,8 @@ const vapidHeaders = vapidHelper.getVapidHeaders(
   audience,
   'mailto: example@web-push-node.org',
   vapidDetails.publicKey,
-  vapidDetails.privateKey
+  vapidDetails.privateKey,
+  'aes128gcm'
 );
 ```
 
@@ -308,6 +313,7 @@ The `getVapidHeaders()` method expects the following input:
 - *subject*: the mailto or URL for your application.
 - *publicKey*: the VAPID public key.
 - *privateKey*: the VAPID private key.
+- *contentEncoding*: the type of content encoding to use (e.g. aesgcm or aes128gcm).
 
 ### Returns
 
@@ -343,7 +349,8 @@ const options = {
   TTL: <Number>,
   headers: {
     '< header name >': '< header value >'
-  }
+  },
+  contentEncoding: '< Encoding type, e.g.: aesgcm or aes128gcm >'
 }
 
 try {
@@ -396,6 +403,7 @@ request only. This overrides any API key set via `setGCMAPIKey()`.
 - **TTL** is a value in seconds that describes how long a push message is
 retained by the push service (by default, four weeks).
 - **headers** is an object with all the extra headers you want to add to the request.
+- **contentEncoding** is the type of push encoding to use (e.g. 'aesgcm', by default, or 'aes128gcm').
 
 ### Returns
 

package.json

@@ -30,7 +30,7 @@
   "homepage": "https://github.com/web-push-libs/web-push#readme",
   "dependencies": {
     "asn1.js": "^5.0.0",
-    "http_ece": "0.7.2",
+    "http_ece": "1.0.5",
     "jws": "^3.1.3",
     "minimist": "^1.2.0",
     "urlsafe-base64": "^1.0.0"

src/cli.js

@@ -15,6 +15,7 @@ const printUsageDetails = () => {
         '[--auth=<auth secret>]',
         '[--payload=<message>]',
         '[--ttl=<seconds>]',
+        '[--encoding=<encoding type>]',
         '[--vapid-subject=<vapid subject>]',
         '[--vapid-pubkey=<public key url base64>]',
         '[--vapid-pvtkey=<private key url base64>]',
@@ -90,6 +91,10 @@ const sendNotification = args => {
     options.gcmAPIKey = args['gcm-api-key'];
   }
 
+  if (args.encoding) {
+    options.encodingType = args.encoding;
+  }
+
   webPush.sendNotification(subscription, payload, options)
   .then(() => {
     console.log('Push message sent.');

src/encryption-helper.js

@@ -4,7 +4,7 @@ const crypto = require('crypto');
 const ece = require('http_ece');
 const urlBase64 = require('urlsafe-base64');
 
-const encrypt = function(userPublicKey, userAuth, payload) {
+const encrypt = function(userPublicKey, userAuth, payload, contentEncoding) {
   if (!userPublicKey) {
     throw new Error('No user public key provided for encryption.');
   }
@@ -43,14 +43,12 @@ const encrypt = function(userPublicKey, userAuth, payload) {
 
   const salt = urlBase64.encode(crypto.randomBytes(16));
 
-  ece.saveKey('webpushKey', localCurve, 'P-256');
-
   const cipherText = ece.encrypt(payload, {
-    keyid: 'webpushKey',
+    version: contentEncoding,
     dh: userPublicKey,
+    privateKey: localCurve,
     salt: salt,
-    authSecret: userAuth,
-    padSize: 2
+    authSecret: userAuth
   });
 
   return {

src/index.js

@@ -4,11 +4,13 @@ const vapidHelper = require('./vapid-helper.js');
 const encryptionHelper = require('./encryption-helper.js');
 const WebPushLib = require('./web-push-lib.js');
 const WebPushError = require('./web-push-error.js');
+const WebPushConstants = require('./web-push-constants.js');
 
 const webPush = new WebPushLib();
 
 module.exports = {
   WebPushError: WebPushError,
+  supportedContentEncodings: WebPushConstants.supportedContentEncodings,
   encrypt: encryptionHelper.encrypt,
   getVapidHeaders: vapidHelper.getVapidHeaders,
   generateVAPIDKeys: vapidHelper.generateVAPIDKeys,

src/vapid-helper.js

@@ -6,6 +6,8 @@ const asn1 = require('asn1.js');
 const jws = require('jws');
 const url = require('url');
 
+const WebPushConstants = require('./web-push-constants.js');
+
 /**
  * DEFAULT_EXPIRATION is set to seconds in 12 hours
  */
@@ -156,16 +158,17 @@ function validateExpiration(expiration) {
 /**
  * This method takes the required VAPID parameters and returns the required
  * header to be added to a Web Push Protocol Request.
- * @param  {string} audience       This must be the origin of the push service.
- * @param  {string} subject        This should be a URL or a 'mailto:' email
+ * @param  {string} audience        This must be the origin of the push service.
+ * @param  {string} subject         This should be a URL or a 'mailto:' email
  * address.
- * @param  {Buffer} publicKey      The VAPID public key.
- * @param  {Buffer} privateKey     The VAPID private key.
- * @param  {integer} [expiration]  The expiration of the VAPID JWT.
- * @return {Object}                Returns an Object with the Authorization and
+ * @param  {Buffer} publicKey       The VAPID public key.
+ * @param  {Buffer} privateKey      The VAPID private key.
+ * @param  {string} contentEncoding The contentEncoding type.
+ * @param  {integer} [expiration]   The expiration of the VAPID JWT.
+ * @return {Object}                 Returns an Object with the Authorization and
  * 'Crypto-Key' values to be used as headers.
  */
-function getVapidHeaders(audience, subject, publicKey, privateKey, expiration) {
+function getVapidHeaders(audience, subject, publicKey, privateKey, contentEncoding, expiration) {
   if (!audience) {
     throw new Error('No audience could be generated for VAPID.');
   }
@@ -210,10 +213,18 @@ function getVapidHeaders(audience, subject, publicKey, privateKey, expiration) {
     privateKey: toPEM(privateKey)
   });
 
-  return {
-    Authorization: 'WebPush ' + jwt,
-    'Crypto-Key': 'p256ecdsa=' + urlBase64.encode(publicKey)
-  };
+  if (contentEncoding === WebPushConstants.supportedContentEncodings.AES_128_GCM) {
+    return {
+      Authorization: 'vapid t=' + jwt + ', k=' + urlBase64.encode(publicKey)
+    };
+  } else if (contentEncoding === WebPushConstants.supportedContentEncodings.AES_GCM) {
+    return {
+      Authorization: 'WebPush ' + jwt,
+      'Crypto-Key': 'p256ecdsa=' + urlBase64.encode(publicKey)
+    };
+  }
+
+  throw new Error('Unsupported encoding type specified.');
 }
 
 module.exports = {

src/web-push-constants.js

@@ -0,0 +1,10 @@
+'use strict';
+
+const WebPushConstants = {};
+
+WebPushConstants.supportedContentEncodings = {
+  AES_GCM: 'aesgcm',
+  AES_128_GCM: 'aes128gcm'
+};
+
+module.exports = WebPushConstants;

src/web-push-lib.js

@@ -7,6 +7,7 @@ const https = require('https');
 const WebPushError = require('./web-push-error.js');
 const vapidHelper = require('./vapid-helper.js');
 const encryptionHelper = require('./encryption-helper.js');
+const webPushConstants = require('./web-push-constants.js');
 
 // Default TTL is four weeks.
 const DEFAULT_TTL = 2419200;
@@ -107,13 +108,15 @@ WebPushLib.prototype.generateRequestDetails =
     let currentVapidDetails = vapidDetails;
     let timeToLive = DEFAULT_TTL;
     let extraHeaders = {};
+    let contentEncoding = webPushConstants.supportedContentEncodings.AES_GCM;
 
     if (options) {
       const validOptionKeys = [
         'headers',
         'gcmAPIKey',
         'vapidDetails',
-        'TTL'
+        'TTL',
+        'contentEncoding'
       ];
       const optionKeys = Object.keys(options);
       for (let i = 0; i < optionKeys.length; i += 1) {
@@ -150,6 +153,15 @@ WebPushLib.prototype.generateRequestDetails =
       if (options.TTL) {
         timeToLive = options.TTL;
       }
+
+      if (options.contentEncoding) {
+        if ((options.contentEncoding === webPushConstants.supportedContentEncodings.AES_128_GCM
+          || options.contentEncoding === webPushConstants.supportedContentEncodings.AES_GCM)) {
+          contentEncoding = options.contentEncoding;
+        } else {
+          throw new Error('Unsupported content encoding specified.');
+        }
+      }
     }
 
     if (typeof timeToLive === 'undefined') {
@@ -177,13 +189,19 @@ WebPushLib.prototype.generateRequestDetails =
           'required encryption keys'));
       }
 
-      const encrypted = encryptionHelper.encrypt(subscription.keys.p256dh, subscription.keys.auth, payload);
+      const encrypted = encryptionHelper
+        .encrypt(subscription.keys.p256dh, subscription.keys.auth, payload, contentEncoding);
 
       requestDetails.headers['Content-Length'] = encrypted.cipherText.length;
       requestDetails.headers['Content-Type'] = 'application/octet-stream';
-      requestDetails.headers['Content-Encoding'] = 'aesgcm';
-      requestDetails.headers.Encryption = 'salt=' + encrypted.salt;
-      requestDetails.headers['Crypto-Key'] = 'dh=' + urlBase64.encode(encrypted.localPublicKey);
+
+      if (contentEncoding === webPushConstants.supportedContentEncodings.AES_128_GCM) {
+        requestDetails.headers['Content-Encoding'] = webPushConstants.supportedContentEncodings.AES_128_GCM;
+      } else if (contentEncoding === webPushConstants.supportedContentEncodings.AES_GCM) {
+        requestDetails.headers['Content-Encoding'] = webPushConstants.supportedContentEncodings.AES_GCM;
+        requestDetails.headers.Encryption = 'salt=' + encrypted.salt;
+        requestDetails.headers['Crypto-Key'] = 'dh=' + urlBase64.encode(encrypted.localPublicKey);
+      }
 
       requestPayload = encrypted.cipherText;
     } else {
@@ -201,6 +219,10 @@ WebPushLib.prototype.generateRequestDetails =
         requestDetails.headers.Authorization = 'key=' + currentGCMAPIKey;
       }
     } else if (currentVapidDetails) {
+      if (contentEncoding === webPushConstants.supportedContentEncodings.AES_128_GCM
+          && subscription.endpoint.indexOf('https://fcm.googleapis.com') === 0) {
+        subscription.endpoint = subscription.endpoint.replace('fcm/send', 'wp');
+      }
       const parsedUrl = url.parse(subscription.endpoint);
       const audience = parsedUrl.protocol + '//' +
         parsedUrl.host;
@@ -209,15 +231,19 @@ WebPushLib.prototype.generateRequestDetails =
         audience,
         currentVapidDetails.subject,
         currentVapidDetails.publicKey,
-        currentVapidDetails.privateKey
+        currentVapidDetails.privateKey,
+        contentEncoding
       );
 
       requestDetails.headers.Authorization = vapidHeaders.Authorization;
-      if (requestDetails.headers['Crypto-Key']) {
-        requestDetails.headers['Crypto-Key'] += ';' +
-          vapidHeaders['Crypto-Key'];
-      } else {
-        requestDetails.headers['Crypto-Key'] = vapidHeaders['Crypto-Key'];
+
+      if (contentEncoding === webPushConstants.supportedContentEncodings.AES_GCM) {
+        if (requestDetails.headers['Crypto-Key']) {
+          requestDetails.headers['Crypto-Key'] += ';' +
+            vapidHeaders['Crypto-Key'];
+        } else {
+          requestDetails.headers['Crypto-Key'] = vapidHeaders['Crypto-Key'];
+        }
       }
     }