Fix AES/GCM length issue

shaftoes · May 29, 2016 · da2bf6e · da2bf6e
1 parent 35deda7
commit da2bf6e
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 69 deletions.
diff --git a/src/main/java/nl/martijndwars/webpush/GcmNotification.java b/src/main/java/nl/martijndwars/webpush/GcmNotification.java
@@ -1,9 +1,6 @@
 package nl.martijndwars.webpush;
 
-import org.json.JSONObject;
-
 import java.security.PublicKey;
-import java.util.Collections;
 
 public class GcmNotification extends Notification {
     public GcmNotification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload) {

diff --git a/src/main/java/nl/martijndwars/webpush/HttpEce.java b/src/main/java/nl/martijndwars/webpush/HttpEce.java
@@ -15,9 +15,8 @@
 import java.util.Map;
 
 /**
- * HTTP ECE (Encrypted Content Encoding)
- *
- * See https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-01
+ * An implementation of HTTP ECE (Encrypted Content Encoding) as described in
+ * https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-01
  */
 public class HttpEce {
     private Map<String, KeyPair> keys;
@@ -44,7 +43,7 @@ protected static byte[] buildInfo(String type, byte[] context) {
 
         return buffer.array();
     }
-    
+
     public byte[][] deriveKey(byte[] salt, byte[] key, String keyId, PublicKey dh, byte[] authSecret, int padSize) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, NoSuchProviderException, IOException {
         byte[] secret = null;
         byte[] context = null;
@@ -114,7 +113,7 @@ protected static byte[] hkdfExpand(byte[] ikm, byte[] salt, byte[] info, int len
     private byte[][] deriveDH(String keyId, PublicKey publicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, IOException {
         PublicKey senderPubKey = keys.get(keyId).getPublic();
 
-        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", "BC");
+        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
         keyAgreement.init(keys.get(keyId).getPrivate());
         keyAgreement.doPhase(publicKey, true);
 
@@ -139,8 +138,8 @@ private byte[] lengthPrefix(Key key) throws IOException {
     private byte[] intToBytes(int x) throws IOException {
         byte[] bytes = new byte[2];
 
-        bytes[1] = (byte)(x & 0xff);
-        bytes[0] = (byte)(x >> 8);
+        bytes[1] = (byte) (x & 0xff);
+        bytes[0] = (byte) (x >> 8);
 
         return bytes;
     }
@@ -163,17 +162,15 @@ private byte[] concat(byte[]... arrays) {
         return combined;
     }
 
-
     public byte[] encrypt(byte[] buffer, byte[] salt, byte[] key, String keyid, PublicKey dh, byte[] authSecret, int padSize) throws NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchProviderException, IOException {
         byte[][] derivedKey = deriveKey(salt, key, keyid, dh, authSecret, padSize);
         byte[] key_ = derivedKey[0];
         byte[] nonce_ = derivedKey[1];
 
-        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
         cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key_, "AES"), new GCMParameterSpec(16 * 8, nonce_));
         cipher.update(new byte[2]);
-        cipher.update(buffer);
 
-        return cipher.doFinal();
+        return cipher.doFinal(buffer);
     }
 }
diff --git a/src/main/java/nl/martijndwars/webpush/PushService.java b/src/main/java/nl/martijndwars/webpush/PushService.java
@@ -5,14 +5,14 @@
 import org.apache.http.client.fluent.Content;
 import org.apache.http.client.fluent.Request;
 import org.apache.http.entity.ContentType;
-import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
 import org.bouncycastle.jce.ECNamedCurveTable;
-import org.bouncycastle.jce.interfaces.ECPrivateKey;
 import org.bouncycastle.jce.interfaces.ECPublicKey;
 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.json.JSONObject;
 
-import javax.crypto.*;
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
 import java.io.IOException;
 import java.security.*;
 import java.security.spec.InvalidKeySpecException;

diff --git a/src/main/java/nl/martijndwars/webpush/Utils.java b/src/main/java/nl/martijndwars/webpush/Utils.java
@@ -13,7 +13,6 @@
 import java.math.BigInteger;
 import java.security.*;
 import java.security.spec.InvalidKeySpecException;
-import java.util.Base64;
 
 public class Utils {
     public static byte[] savePublicKey(ECPublicKey publicKey) {

diff --git a/src/test/java/nl/martijndwars/webpush/PushServiceTest.java b/src/test/java/nl/martijndwars/webpush/PushServiceTest.java
@@ -37,7 +37,7 @@ public void testPush() throws NoSuchProviderException, NoSuchAlgorithmException,
             endpoint,
             userPublicKey,
             userAuth,
-            "Hello world!!".getBytes()
+            "{\"title\": \"Hello\", \"message\": \"World\"}".getBytes()
         );
 
         PushService pushService = new PushService(gcmApiKey);

diff --git a/src/test/java/nl/martijndwars/webpush/TestKeyGeneration.java b/src/test/java/nl/martijndwars/webpush/TestKeyGeneration.java