1249206 - Web Push Encryption: Crypto-Key header does not seem to be passed properly

Status: RESOLVED FIXED

(Core :: DOM: Push Subscriptions, defect)

Description

[Tomoyuki Shimizu]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4

Steps to reproduce:

I have set the option dom.push.loglevel to Debug on Firefox Developer Edition 46.0a2 (2016-02-17), and tried the following procedure:

1. An web app registers a Service Worker script and subscribes push service.
2. The web app send its public key (PushSubscription.getKey('p256dh')), authentication secret (PushSubscription.getKey('auth')), and the endpoint URL (PushSubscription.endpoint) to an app server.
3. The app server makes an encrypted push message according to Web Push Encryption [1] and Encrypted Content-Encoding [2], and then send it to the endpoint by HTTP POST, with request headers like below:

Content-Encoding: aesgcm128
Encryption: keyid="p256dh"; salt="(URL-safe Base64 encoded salt)"; rs=4096
Crypto-Key: keyid="p256dh"; dh="(URL-safe Base64 encoded public key of the app server)"
Content-Type: application/octet-stream

[1] https://webpush-wg.github.io/webpush-encryption/
[2] https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-00


Actual results:

Firefox does not receive the push massage, and outputs the debug log like below:

console.warn: PushServiceWebSocket: handleDataUpdate: Discarding invalid encrypted message {"headers":{"encryption":"keyid=\"p256dh\"; salt=\"...\"; rs=4096","encoding":"aesgcm128"},"version":"...:","data":"...","channelID":"...","messageType":"notification"}

According to source codes[3][4], this debug log seems to indicate that both 'Crypto-Key' and 'Encryption-Key' headers cannot be found, although 'Crypto-Key' header has been added to the HTTP request for the push message. (Note: the push server (i.e. endpoint) does not show any error response message to the app server, indeed.)

On the other hand, when 'Encryption-Key' header is added instead of 'Crypto-Key' and the push message is encrypted without authentication secret, Firefox succeeds to receive the push message as expected.

[3] https://dxr.mozilla.org/mozilla-central/source/dom/push/PushCrypto.jsm#60
[4] https://dxr.mozilla.org/mozilla-central/source/dom/push/PushServiceWebSocket.jsm#885


Expected results:

'Crypto-Key' header in the HTTP request sent by the app server should be received by the browser.

Comment 1

[Lina Butler [:lina]]

Thanks so much for the report, and the steps to reproduce. Our Push server isn't forwarding the `Crypto-Key` header correctly. I filed an issue here: https://github.com/mozilla-services/autopush/issues/355 Once that's fixed, verified, and deployed to production, I'll close out this bug.

Comment 2

[Tomoyuki Shimizu]

Thanks for confirmation. I'll try new push encryption scheme again after header forwarding by the push server is fixed.

Comment 3

[Tomoyuki Shimizu]

According to https://github.com/mozilla-services/autopush/pull/361, I have confirmed the change of push server by setting `dom.push.serverURL` to the dev endpoint URL (wss://autopush-dev.stage.mozaws.net/).

As a result, I could see both `Encryption-Key` and `Crypto-Key` were successfully forwarded to Firefox but `push` event did not fire. The debug log indicated these headers were forwarded as `encryption-key` and `crypto-key`, although Firefox seems to accept `encryption_key` and `crypto_key`[5]. This could also affect push message encryption without PushSubscription.getKey('auth').

[5] https://dxr.mozilla.org/mozilla-central/source/dom/push/PushCrypto.jsm#56-59

Comment 4

[Lina Butler [:lina]]

Ouch. Thank you so much for catching that!

Comment 5

[Tomoyuki Shimizu]

Now I have confirmed forwarding both `Encryption-Key` and `Crypto-Key` works fine and Firefox fires `push` event when it receives an encrypted push message with the new encryption scheme. Thanks so much!

Comment 6

[Lina Butler [:lina]]

Great! I'll close this out, then.