diff --git a/composer.json b/composer.json
index b9b34b9..da1bdf5 100644
--- a/composer.json
+++ b/composer.json
@@ -35,7 +35,7 @@
"ext-openssl": "*",
"guzzlehttp/guzzle": "^7.4.5",
"web-token/jwt-library": "^3.3.0",
- "spomky-labs/base64url": "^2.0.4"
+ "paragonie/constant_time_encoding": "^2.6"
},
"suggest": {
"ext-bcmath": "Optional for performance.",
@@ -51,4 +51,4 @@
"Minishlink\\WebPush\\": "src"
}
}
-}
\ No newline at end of file
+}
diff --git a/src/Encryption.php b/src/Encryption.php
index e6bb708..86868dc 100644
--- a/src/Encryption.php
+++ b/src/Encryption.php
@@ -13,10 +13,10 @@
namespace Minishlink\WebPush;
-use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Ecc\PrivateKey;
use Jose\Component\Core\Util\ECKey;
+use ParagonIE\ConstantTime\Base64UrlSafe;
class Encryption
{
@@ -66,8 +66,8 @@ public static function encrypt(string $payload, string $userPublicKey, string $u
*/
public static function deterministicEncrypt(string $payload, string $userPublicKey, string $userAuthToken, string $contentEncoding, array $localKeyObject, string $salt): array
{
- $userPublicKey = Base64Url::decode($userPublicKey);
- $userAuthToken = Base64Url::decode($userAuthToken);
+ $userPublicKey = Base64UrlSafe::decodeNoPadding($userPublicKey);
+ $userAuthToken = Base64UrlSafe::decodeNoPadding($userAuthToken);
// get local key pair
if (count($localKeyObject) === 1) {
@@ -81,9 +81,9 @@ public static function deterministicEncrypt(string $payload, string $userPublicK
$localJwk = new JWK([
'kty' => 'EC',
'crv' => 'P-256',
- 'd' => Base64Url::encode($localPrivateKeyObject->getSecret()->toBytes(false)),
- 'x' => Base64Url::encode($localPublicKeyObject[0]),
- 'y' => Base64Url::encode($localPublicKeyObject[1]),
+ 'd' => Base64UrlSafe::encodeUnpadded($localPrivateKeyObject->getSecret()->toBytes(false)),
+ 'x' => Base64UrlSafe::encodeUnpadded($localPublicKeyObject[0]),
+ 'y' => Base64UrlSafe::encodeUnpadded($localPublicKeyObject[1]),
]);
}
if (!$localPublicKey) {
@@ -95,8 +95,8 @@ public static function deterministicEncrypt(string $payload, string $userPublicK
$userJwk = new JWK([
'kty' => 'EC',
'crv' => 'P-256',
- 'x' => Base64Url::encode($userPublicKeyObjectX),
- 'y' => Base64Url::encode($userPublicKeyObjectY),
+ 'x' => Base64UrlSafe::encodeUnpadded($userPublicKeyObjectX),
+ 'y' => Base64UrlSafe::encodeUnpadded($userPublicKeyObjectY),
]);
// get shared secret from user public key and local private key
@@ -252,9 +252,9 @@ private static function createLocalKeyObject(): array
new JWK([
'kty' => 'EC',
'crv' => 'P-256',
- 'x' => Base64Url::encode(self::addNullPadding($details['ec']['x'])),
- 'y' => Base64Url::encode(self::addNullPadding($details['ec']['y'])),
- 'd' => Base64Url::encode(self::addNullPadding($details['ec']['d'])),
+ 'x' => Base64UrlSafe::encodeUnpadded(self::addNullPadding($details['ec']['x'])),
+ 'y' => Base64UrlSafe::encodeUnpadded(self::addNullPadding($details['ec']['y'])),
+ 'd' => Base64UrlSafe::encodeUnpadded(self::addNullPadding($details['ec']['d'])),
]),
];
}
diff --git a/src/Utils.php b/src/Utils.php
index 887acb0..c34572e 100644
--- a/src/Utils.php
+++ b/src/Utils.php
@@ -13,9 +13,9 @@
namespace Minishlink\WebPush;
-use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Ecc\PublicKey;
+use ParagonIE\ConstantTime\Base64UrlSafe;
class Utils
{
@@ -37,8 +37,8 @@ public static function serializePublicKey(PublicKey $publicKey): string
public static function serializePublicKeyFromJWK(JWK $jwk): string
{
$hexString = '04';
- $hexString .= str_pad(bin2hex(Base64Url::decode($jwk->get('x'))), 64, '0', STR_PAD_LEFT);
- $hexString .= str_pad(bin2hex(Base64Url::decode($jwk->get('y'))), 64, '0', STR_PAD_LEFT);
+ $hexString .= str_pad(bin2hex(Base64UrlSafe::decodeNoPadding($jwk->get('x'))), 64, '0', STR_PAD_LEFT);
+ $hexString .= str_pad(bin2hex(Base64UrlSafe::decodeNoPadding($jwk->get('y'))), 64, '0', STR_PAD_LEFT);
return $hexString;
}
diff --git a/src/VAPID.php b/src/VAPID.php
index 5a40cd9..4ba3de9 100644
--- a/src/VAPID.php
+++ b/src/VAPID.php
@@ -13,13 +13,13 @@
namespace Minishlink\WebPush;
-use Base64Url\Base64Url;
use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\KeyManagement\JWKFactory;
use Jose\Component\Signature\Algorithm\ES256;
use Jose\Component\Signature\JWSBuilder;
use Jose\Component\Signature\Serializer\CompactSerializer;
+use ParagonIE\ConstantTime\Base64UrlSafe;
class VAPID
{
@@ -54,14 +54,14 @@ public static function validate(array $vapid): array
throw new \ErrorException('Failed to convert VAPID public key from hexadecimal to binary');
}
$vapid['publicKey'] = base64_encode($binaryPublicKey);
- $vapid['privateKey'] = base64_encode(str_pad(Base64Url::decode($jwk->get('d')), 2 * self::PRIVATE_KEY_LENGTH, '0', STR_PAD_LEFT));
+ $vapid['privateKey'] = base64_encode(str_pad(Base64UrlSafe::decodeNoPadding($jwk->get('d')), 2 * self::PRIVATE_KEY_LENGTH, '0', STR_PAD_LEFT));
}
if (!isset($vapid['publicKey'])) {
throw new \ErrorException('[VAPID] You must provide a public key.');
}
- $publicKey = Base64Url::decode($vapid['publicKey']);
+ $publicKey = Base64UrlSafe::decodeNoPadding($vapid['publicKey']);
if (Utils::safeStrlen($publicKey) !== self::PUBLIC_KEY_LENGTH) {
throw new \ErrorException('[VAPID] Public key should be 65 bytes long when decoded.');
@@ -71,7 +71,7 @@ public static function validate(array $vapid): array
throw new \ErrorException('[VAPID] You must provide a private key.');
}
- $privateKey = Base64Url::decode($vapid['privateKey']);
+ $privateKey = Base64UrlSafe::decodeNoPadding($vapid['privateKey']);
if (Utils::safeStrlen($privateKey) !== self::PRIVATE_KEY_LENGTH) {
throw new \ErrorException('[VAPID] Private key should be 32 bytes long when decoded.');
@@ -122,9 +122,9 @@ public static function getVapidHeaders(string $audience, string $subject, string
$jwk = new JWK([
'kty' => 'EC',
'crv' => 'P-256',
- 'x' => Base64Url::encode($x),
- 'y' => Base64Url::encode($y),
- 'd' => Base64Url::encode($privateKey),
+ 'x' => Base64UrlSafe::encodeUnpadded($x),
+ 'y' => Base64UrlSafe::encodeUnpadded($y),
+ 'd' => Base64UrlSafe::encodeUnpadded($privateKey),
]);
$jwsCompactSerializer = new CompactSerializer();
@@ -136,7 +136,7 @@ public static function getVapidHeaders(string $audience, string $subject, string
->build();
$jwt = $jwsCompactSerializer->serialize($jws, 0);
- $encodedPublicKey = Base64Url::encode($publicKey);
+ $encodedPublicKey = Base64UrlSafe::encodeUnpadded($publicKey);
if ($contentEncoding === "aesgcm") {
return [
@@ -169,14 +169,14 @@ public static function createVapidKeys(): array
throw new \ErrorException('Failed to convert VAPID public key from hexadecimal to binary');
}
- $binaryPrivateKey = hex2bin(str_pad(bin2hex(Base64Url::decode($jwk->get('d'))), 2 * self::PRIVATE_KEY_LENGTH, '0', STR_PAD_LEFT));
+ $binaryPrivateKey = hex2bin(str_pad(bin2hex(Base64UrlSafe::decodeNoPadding($jwk->get('d'))), 2 * self::PRIVATE_KEY_LENGTH, '0', STR_PAD_LEFT));
if (!$binaryPrivateKey) {
throw new \ErrorException('Failed to convert VAPID private key from hexadecimal to binary');
}
return [
- 'publicKey' => Base64Url::encode($binaryPublicKey),
- 'privateKey' => Base64Url::encode($binaryPrivateKey),
+ 'publicKey' => Base64UrlSafe::encodeUnpadded($binaryPublicKey),
+ 'privateKey' => Base64UrlSafe::encodeUnpadded($binaryPrivateKey),
];
}
}
diff --git a/src/WebPush.php b/src/WebPush.php
index 68de138..4f20faa 100644
--- a/src/WebPush.php
+++ b/src/WebPush.php
@@ -13,10 +13,10 @@
namespace Minishlink\WebPush;
-use Base64Url\Base64Url;
use GuzzleHttp\Client;
use GuzzleHttp\Exception\RequestException;
use GuzzleHttp\Psr7\Request;
+use ParagonIE\ConstantTime\Base64UrlSafe;
use Psr\Http\Message\ResponseInterface;
class WebPush
@@ -208,8 +208,8 @@ protected function prepare(array $notifications): array
];
if ($contentEncoding === "aesgcm") {
- $headers['Encryption'] = 'salt='.Base64Url::encode($salt);
- $headers['Crypto-Key'] = 'dh='.Base64Url::encode($localPublicKey);
+ $headers['Encryption'] = 'salt='.Base64UrlSafe::encodeUnpadded($salt);
+ $headers['Crypto-Key'] = 'dh='.Base64UrlSafe::encodeUnpadded($localPublicKey);
}
$encryptionContentCodingHeader = Encryption::getContentCodingHeader($salt, $localPublicKey, $contentEncoding);
diff --git a/tests/EncryptionTest.php b/tests/EncryptionTest.php
index 68e1ca9..c7af076 100644
--- a/tests/EncryptionTest.php
+++ b/tests/EncryptionTest.php
@@ -8,10 +8,10 @@
* file that was distributed with this source code.
*/
-use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Minishlink\WebPush\Encryption;
use Minishlink\WebPush\Utils;
+use ParagonIE\ConstantTime\Base64UrlSafe;
use PHPUnit\Framework\Attributes\DataProvider;
/**
@@ -23,30 +23,30 @@ public function testDeterministicEncrypt(): void
{
$contentEncoding = "aes128gcm";
$plaintext = 'When I grow up, I want to be a watermelon';
- $this->assertEquals('V2hlbiBJIGdyb3cgdXAsIEkgd2FudCB0byBiZSBhIHdhdGVybWVsb24', Base64Url::encode($plaintext));
+ $this->assertEquals('V2hlbiBJIGdyb3cgdXAsIEkgd2FudCB0byBiZSBhIHdhdGVybWVsb24', Base64UrlSafe::encodeUnpadded($plaintext));
$payload = Encryption::padPayload($plaintext, 0, $contentEncoding);
- $this->assertEquals('V2hlbiBJIGdyb3cgdXAsIEkgd2FudCB0byBiZSBhIHdhdGVybWVsb24C', Base64Url::encode($payload));
+ $this->assertEquals('V2hlbiBJIGdyb3cgdXAsIEkgd2FudCB0byBiZSBhIHdhdGVybWVsb24C', Base64UrlSafe::encodeUnpadded($payload));
$userPublicKey = 'BCVxsr7N_eNgVRqvHtD0zTZsEc6-VV-JvLexhqUzORcxaOzi6-AYWXvTBHm4bjyPjs7Vd8pZGH6SRpkNtoIAiw4';
$userAuthToken = 'BTBZMqHH6r4Tts7J_aSIgg';
- $localPublicKey = Base64Url::decode('BP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A8');
- $salt = Base64Url::decode('DGv6ra1nlYgDCS1FRnbzlw');
+ $localPublicKey = Base64UrlSafe::decodeNoPadding('BP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A8');
+ $salt = Base64UrlSafe::decodeNoPadding('DGv6ra1nlYgDCS1FRnbzlw');
[$localPublicKeyObjectX, $localPublicKeyObjectY] = Utils::unserializePublicKey($localPublicKey);
$localJwk = new JWK([
'kty' => 'EC',
'crv' => 'P-256',
'd' => 'yfWPiYE-n46HLnH0KqZOF1fJJU3MYrct3AELtAQ-oRw',
- 'x' => Base64Url::encode($localPublicKeyObjectX),
- 'y' => Base64Url::encode($localPublicKeyObjectY),
+ 'x' => Base64UrlSafe::encodeUnpadded($localPublicKeyObjectX),
+ 'y' => Base64UrlSafe::encodeUnpadded($localPublicKeyObjectY),
]);
$expected = [
'localPublicKey' => $localPublicKey,
'salt' => $salt,
- 'cipherText' => Base64Url::decode('8pfeW0KbunFT06SuDKoJH9Ql87S1QUrd irN6GcG7sFz1y1sqLgVi1VhjVkHsUoEsbI_0LpXMuGvnzQ'),
+ 'cipherText' => Base64UrlSafe::decodeNoPadding('8pfeW0KbunFT06SuDKoJH9Ql87S1QUrdirN6GcG7sFz1y1sqLgVi1VhjVkHsUoEsbI_0LpXMuGvnzQ'),
];
$result = Encryption::deterministicEncrypt(
@@ -59,17 +59,17 @@ public function testDeterministicEncrypt(): void
);
$this->assertEquals(Utils::safeStrlen($expected['cipherText']), Utils::safeStrlen($result['cipherText']));
- $this->assertEquals(Base64Url::encode($expected['cipherText']), Base64Url::encode($result['cipherText']));
+ $this->assertEquals(Base64UrlSafe::encodeUnpadded($expected['cipherText']), Base64UrlSafe::encodeUnpadded($result['cipherText']));
$this->assertEquals($expected, $result);
}
public function testGetContentCodingHeader(): void
{
- $localPublicKey = Base64Url::decode('BP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A8');
- $salt = Base64Url::decode('DGv6ra1nlYgDCS1FRnbzlw');
+ $localPublicKey = Base64UrlSafe::decodeNoPadding('BP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A8');
+ $salt = Base64UrlSafe::decodeNoPadding('DGv6ra1nlYgDCS1FRnbzlw');
$result = Encryption::getContentCodingHeader($salt, $localPublicKey, "aes128gcm");
- $expected = Base64Url::decode('DGv6ra1nlYgDCS1FRnbzlwAAEABBBP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A8');
+ $expected = Base64UrlSafe::decodeNoPadding('DGv6ra1nlYgDCS1FRnbzlwAAEABBBP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A8');
$this->assertEquals(Utils::safeStrlen($expected), Utils::safeStrlen($result));
$this->assertEquals($expected, $result);