Module: Webpush::Encryption
Instance Method Summary collapse
-
#encrypt(message, p256dh, auth) ⇒ Object
rubocop:disable Metrics/AbcSize, Metrics/MethodLength.
Instance Method Details
#encrypt(message, p256dh, auth) ⇒ Object
rubocop:disable Metrics/AbcSize, Metrics/MethodLength
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/webpush/encryption.rb', line 8 def encrypt(, p256dh, auth) assert_arguments(, p256dh, auth) group_name = 'prime256v1' salt = Random.new.bytes(16) server = OpenSSL::PKey::EC.new(group_name) server.generate_key server_public_key_bn = server.public_key.to_bn group = OpenSSL::PKey::EC::Group.new(group_name) client_public_key_bn = OpenSSL::BN.new(Webpush.decode64(p256dh), 2) client_public_key = OpenSSL::PKey::EC::Point.new(group, client_public_key_bn) shared_secret = server.dh_compute_key(client_public_key) client_auth_token = Webpush.decode64(auth) info = "WebPush: info\0" + client_public_key_bn.to_s(2) + server_public_key_bn.to_s(2) content_encryption_key_info = "Content-Encoding: aes128gcm\0" nonce_info = "Content-Encoding: nonce\0" prk = HKDF.new(shared_secret, salt: client_auth_token, algorithm: 'SHA256', info: info).next_bytes(32) content_encryption_key = HKDF.new(prk, salt: salt, info: content_encryption_key_info).next_bytes(16) nonce = HKDF.new(prk, salt: salt, info: nonce_info).next_bytes(12) ciphertext = encrypt_payload(, content_encryption_key, nonce) serverkey16bn = convert16bit(server_public_key_bn) rs = ciphertext.bytesize raise ArgumentError, "encrypted payload is too big" if rs > 4096 aes128gcmheader = "#{salt}" + [rs].pack('N*') + [serverkey16bn.bytesize].pack('C*') + serverkey16bn aes128gcmheader + ciphertext end |