Skip to content

Instantly share code, notes, and snippets.

@BravoTango86
Created September 20, 2016 21:50
Show Gist options
  • Save BravoTango86/2265a0eb1abcd669a9c8a2d60bd653c3 to your computer and use it in GitHub Desktop.
Save BravoTango86/2265a0eb1abcd669a9c8a2d60bd653c3 to your computer and use it in GitHub Desktop.
Encrypting Data for Web Browser Push API Notifications
/*
* Built for .NET Core 1.0 on Windows 10 with Portable.BouncyCastle v1.8.1.1
*
* Tested on Chrome v53.0.2785.113 m (64-bit) and Firefox 48.0.2
*
* Massive thanks to Peter Beverloo for the following:
* https://docs.google.com/document/d/1_kWRLJHRYN0KH73WipFyfIXI1UzZ5IyOYSs-y_mLxEE/
* https://tests.peter.sh/push-encryption-verifier/
*
* Some more useful links:
* https://developers.google.com/web/updates/2016/03/web-push-encryption?hl=en
* https://github.com/web-push-libs/web-push/blob/master/src/index.js
*
* Copyright (C) 2016 BravoTango86
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
using Microsoft.AspNetCore.WebUtilities;
using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Agreement;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
public class WebPushHelper {
private const string FirebaseServerKey = "";
public static bool SendNotification(JsonSubscription sub, byte[] data, int ttl = 0, ushort padding = 0,
bool randomisePadding = false) {
return SendNotification(endpoint: sub.endpoint,
data: data,
userKey: WebEncoders.Base64UrlDecode(sub.keys["p256dh"]),
userSecret: WebEncoders.Base64UrlDecode(sub.keys["auth"]),
ttl: ttl,
padding: padding,
randomisePadding: randomisePadding);
}
public static bool SendNotification(string endpoint, string data, string userKey, string userSecret,
int ttl = 0, ushort padding = 0, bool randomisePadding = false) {
return SendNotification(endpoint: endpoint,
data: Encoding.UTF8.GetBytes(data),
userKey: WebEncoders.Base64UrlDecode(userKey),
userSecret: WebEncoders.Base64UrlDecode(userSecret),
ttl: ttl,
padding: padding,
randomisePadding: randomisePadding);
}
public static bool SendNotification(string endpoint, byte[] userKey, byte[] userSecret, byte[] data = null,
int ttl = 0, ushort padding = 0, bool randomisePadding = false) {
HttpRequestMessage Request = new HttpRequestMessage(HttpMethod.Post, endpoint);
if (endpoint.StartsWith("https://android.googleapis.com/gcm/send/"))
Request.Headers.TryAddWithoutValidation("Authorization", "key=" + FirebaseServerKey);
Request.Headers.Add("TTL", ttl.ToString());
if (data != null && userKey != null && userSecret != null) {
EncryptionResult Package = EncryptMessage(userKey, userSecret, data, padding, randomisePadding);
Request.Content = new ByteArrayContent(Package.Payload);
Request.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
Request.Content.Headers.ContentLength = Package.Payload.Length;
Request.Content.Headers.ContentEncoding.Add("aesgcm");
Request.Headers.Add("Crypto-Key", "keyid=p256dh;dh=" + WebEncoders.Base64UrlEncode(Package.PublicKey));
Request.Headers.Add("Encryption", "keyid=p256dh;salt=" + WebEncoders.Base64UrlEncode(Package.Salt));
}
using (HttpClient HC = new HttpClient()) {
return HC.SendAsync(Request).Result.StatusCode == HttpStatusCode.Created;
}
}
public static EncryptionResult EncryptMessage(byte[] userKey, byte[] userSecret, byte[] data,
ushort padding = 0, bool randomisePadding = false) {
SecureRandom Random = new SecureRandom();
byte[] Salt = new byte[16];
Random.NextBytes(Salt);
X9ECParameters Curve = ECNamedCurveTable.GetByName("prime256v1");
ECDomainParameters Spec = new ECDomainParameters(Curve.Curve, Curve.G, Curve.N, Curve.H, Curve.GetSeed());
ECKeyPairGenerator Generator = new ECKeyPairGenerator();
Generator.Init(new ECKeyGenerationParameters(Spec, new SecureRandom()));
AsymmetricCipherKeyPair KeyPair = Generator.GenerateKeyPair();
ECDHBasicAgreement AgreementGenerator = new ECDHBasicAgreement();
AgreementGenerator.Init(KeyPair.Private);
BigInteger IKM = AgreementGenerator.CalculateAgreement(new ECPublicKeyParameters(Spec.Curve.DecodePoint(userKey), Spec));
byte[] PRK = GenerateHKDF(userSecret, IKM.ToByteArrayUnsigned(), Encoding.UTF8.GetBytes("Content-Encoding: auth\0"), 32);
byte[] PublicKey = ((ECPublicKeyParameters)KeyPair.Public).Q.GetEncoded(false);
byte[] CEK = GenerateHKDF(Salt, PRK, CreateInfoChunk("aesgcm", userKey, PublicKey), 16);
byte[] Nonce = GenerateHKDF(Salt, PRK, CreateInfoChunk("nonce", userKey, PublicKey), 12);
if (randomisePadding && padding > 0) padding = Convert.ToUInt16(Math.Abs(Random.NextInt()) % (padding + 1));
byte[] Input = new byte[padding + 2 + data.Length];
Buffer.BlockCopy(ConvertInt(padding), 0, Input, 0, 2);
Buffer.BlockCopy(data, 0, Input, padding + 2, data.Length);
IBufferedCipher Cipher = CipherUtilities.GetCipher("AES/GCM/NoPadding");
Cipher.Init(true, new AeadParameters(new KeyParameter(CEK), 128, Nonce));
byte[] Message = new byte[Cipher.GetOutputSize(Input.Length)];
Cipher.DoFinal(Input, 0, Input.Length, Message, 0);
return new EncryptionResult() { Salt = Salt, Payload = Message, PublicKey = PublicKey };
}
public class EncryptionResult {
public byte[] PublicKey { get; set; }
public byte[] Payload { get; set; }
public byte[] Salt { get; set; }
}
public class JsonSubscription {
public string endpoint { get; set; }
public Dictionary<string, string> keys { get; set; }
}
public static byte[] ConvertInt(int number) {
byte[] Output = BitConverter.GetBytes(Convert.ToUInt16(number));
if (BitConverter.IsLittleEndian) Array.Reverse(Output);
return Output;
}
public static byte[] CreateInfoChunk(string type, byte[] recipientPublicKey, byte[] senderPublicKey) {
List<byte> Output = new List<byte>();
Output.AddRange(Encoding.UTF8.GetBytes($"Content-Encoding: {type}\0P-256\0"));
Output.AddRange(ConvertInt(recipientPublicKey.Length));
Output.AddRange(recipientPublicKey);
Output.AddRange(ConvertInt(senderPublicKey.Length));
Output.AddRange(senderPublicKey);
return Output.ToArray();
}
public static byte[] GenerateHKDF(byte[] salt, byte[] ikm, byte[] info, int len) {
IMac PRKGen = MacUtilities.GetMac("HmacSHA256");
PRKGen.Init(new KeyParameter(MacUtilities.CalculateMac("HmacSHA256", new KeyParameter(salt), ikm)));
PRKGen.BlockUpdate(info, 0, info.Length);
PRKGen.Update((byte)1);
byte[] Result = MacUtilities.DoFinal(PRKGen);
if (Result.Length > len) Array.Resize(ref Result, len);
return Result;
}
}
@DRQ14
Copy link

DRQ14 commented Nov 2, 2016

Any suggestion for the developers who are working with NetFramework 4.5, where obviously Microsoft.AspNetCore.WebUtilities is not an option? Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment