feat: Add int "aes128gcm" content-type handling to python.

* adds new content-type verison handling
* fixes flake8 issues
* adds documentation and type descriptions for parameters
* moves tests to unit testing
* adds ability to do cross library validation (note: node.js does not
use valid ec256p curve points)
* prep work for travis integration

Author: jrconlin

nodejs/package.json

@@ -9,7 +9,7 @@
     "email": "martin.thomson@gmail.com"
   },
   "contributors": [{
-    "name": Marco Castelluccio",
+    "name": "Marco Castelluccio",
     "email": "mcastelluccio@mozilla.com"
   }],
   "repository": {

nodejs/test.js

@@ -4,17 +4,24 @@ var crypto = require('crypto');
 var ece = require('./ece.js');
 var base64 = require('urlsafe-base64');
 var assert = require('assert');
+var fs = require('fs');
 
-// Usage: node <this> <iterations> <maxsize>
+var DUMP_FILE = '../encrypt_data.json';
+var dump_data = {};
+
+// Usage: node <this> <iterations> <maxsize> <dump>
 var count = parseInt(process.argv[2], 10) || 20;
 var maxLen = 100;
 var plaintext = null;
+var dump = false;  // flag to dump encrypt/decrypted values to JSON file for cross library checks.
+
 if (process.argv.length >= 4) {
   if (!isNaN(parseInt(process.argv[3], 10))) {
     maxLen = parseInt(process.argv[3], 10);
   } else {
      plaintext = new Buffer(process.argv[3], 'ascii');
   }
+  dump = ( process.argv.indexOf('dump') != -1)
 }
 var log;
 if (count === 1) {
@@ -32,16 +39,26 @@ function logbuf(msg, buf) {
   }
 }
 
+// Validate that the encryption function only accepts Buffers
 function validate() {
   ['hello', null, 1, NaN, [], {}].forEach(function(v) {
     try {
-      encrypt('hello', {});
-      throw new Error('should insist on a buffer');
-    } catch (e) {}
+      ece.encrypt(v, {});
+    } catch (e) {
+      if (e.toString() != "Error: buffer argument must be a Buffer") {
+        throw new Error("encrypt failed to reject " + JSON.stringify(v));
+      }
+    }
   });
 }
 
-function encryptDecrypt(length, encryptParams, decryptParams) {
+function dumpData(data){
+  var version = data.version;
+  delete(data.version);
+  dump_data[version] = data;
+}
+
+function encryptDecrypt(length, encryptParams, decryptParams, version, keyData) {
   decryptParams = decryptParams || encryptParams;
   logbuf('Salt', encryptParams.salt);
   var input = plaintext || crypto.randomBytes(Math.min(length, maxLen));
@@ -51,22 +68,37 @@ function encryptDecrypt(length, encryptParams, decryptParams) {
   logbuf('Encrypted', encrypted);
   var decrypted = ece.decrypt(encrypted, decryptParams);
   logbuf('Decrypted', decrypted);
+  if (dump) {
+    var data = {
+      version: version,
+      input: base64.encode(input),
+      encrypted: base64.encode(encrypted),
+      params: {
+        encrypted: encryptParams,
+        decrypt: decryptParams,
+      }
+    };
+    if (keyData) {
+      data.keys = keyData;
+    }
+    dumpData(data);
+  }
   assert.equal(Buffer.compare(input, decrypted), 0);
   log('----- OK');
 }
 
-function useExplicitKey() {
+function useExplicitKey(version) {
   var length = crypto.randomBytes(4);
   var params = {
     key: base64.encode(crypto.randomBytes(16)),
     salt: base64.encode(crypto.randomBytes(16)),
     rs: length.readUInt16BE(0) + 1
   };
   logbuf('Key', params.key);
-  encryptDecrypt(length.readUInt16BE(2), params);
+  encryptDecrypt(length.readUInt16BE(2), params, params, version);
 }
 
-function authenticationSecret() {
+function authenticationSecret(version) {
   var length = crypto.randomBytes(4);
   var params = {
     key: base64.encode(crypto.randomBytes(16)),
@@ -76,20 +108,20 @@ function authenticationSecret() {
   };
   logbuf('Key', params.key);
   logbuf('Context', params.authSecret);
-  encryptDecrypt(length.readUInt16BE(2), params);
+  encryptDecrypt(length.readUInt16BE(2), params, params, version);
 }
 
-function exactlyOneRecord() {
+function exactlyOneRecord(version) {
   var length = Math.min(crypto.randomBytes(2).readUInt16BE(0), maxLen);
   var params = {
     key: base64.encode(crypto.randomBytes(16)),
     salt: base64.encode(crypto.randomBytes(16)),
     rs: length + 1
   };
-  encryptDecrypt(length, params);
+  encryptDecrypt(length, params, params, version);
 }
 
-function detectTruncation() {
+function detectTruncation(version) {
   var length = Math.min(crypto.randomBytes(2).readUInt16BE(0), maxLen);
   var params = {
     key: base64.encode(crypto.randomBytes(16)),
@@ -104,7 +136,7 @@ function detectTruncation() {
   logbuf('Encrypted', encrypted);
   var ok = false;
   try {
-    ece.decrypt(encrypted, params);
+    ece.decrypt(encrypted, params, params, version);
   } catch (e) {
     log('----- OK: ' + e);
     ok = true;
@@ -114,7 +146,7 @@ function detectTruncation() {
   }
 }
 
-function useKeyId() {
+function useKeyId(version) {
   var length = crypto.randomBytes(4);
   var keyid = base64.encode(crypto.randomBytes(16));
   var key = crypto.randomBytes(16);
@@ -124,15 +156,15 @@ function useKeyId() {
     salt: base64.encode(crypto.randomBytes(16)),
     rs: length.readUInt16BE(0) + 1
   };
-  encryptDecrypt(length.readUInt16BE(2), params);
+  encryptDecrypt(length.readUInt16BE(2), params, params, version);
 }
 
-function useDH() {
+function useDH(version) {
   // the static key is used by the receiver
   var staticKey = crypto.createECDH('prime256v1');
   staticKey.generateKeys();
   assert.equal(staticKey.getPublicKey()[0], 4, 'is an uncompressed point');
-  var staticKeyId = staticKey.getPublicKey().toString('hex')
+  var staticKeyId = staticKey.getPublicKey().toString('hex');
   ece.saveKey(staticKeyId, staticKey, 'P-256');
 
   logbuf('Receiver private', staticKey.getPrivateKey());
@@ -161,22 +193,44 @@ function useDH() {
     salt: encryptParams.salt,
     rs: encryptParams.rs
   };
-  encryptDecrypt(length.readUInt16BE(2), encryptParams, decryptParams);
+  // keyData is used for cross library verification dumps
+  var keyData = {
+    sender: {
+      private: base64.encode(ephemeralKey.getPrivateKey()),
+      public: base64.encode(ephemeralKey.getPublicKey())
+    },
+    receiver: {
+      private: base64.encode(staticKey.getPrivateKey()),
+      public: base64.encode(staticKey.getPublicKey())
+    }
+  };
+  encryptDecrypt(length.readUInt16BE(2), encryptParams, decryptParams, version, keyData);
 }
 
 validate();
-var i;
-for (i = 0; i < count; ++i) {
-  [ useExplicitKey,
-    authenticationSecret,
-    exactlyOneRecord,
-    detectTruncation,
-    useKeyId,
-    useDH,
-  ].forEach(function(f) {
-    log('Test: ' + f.name);
-    f();
-  });
-}
 
+for (var version of ['aes128gcm', 'aesgcm', 'aesgcm128']) {
+  for (var i = 0; i < count; ++i) {
+    [useExplicitKey,
+      authenticationSecret,
+      exactlyOneRecord,
+      detectTruncation,
+      useKeyId,
+      useDH,
+    ].forEach(function (f) {
+      log('Test: ' + f.name);
+      f(version);
+    });
+  }
+}
 console.log('All tests passed.');
+
+if (dump) {
+  fs.open(DUMP_FILE, 'w', function (err) {
+    if (err) {
+      fs.unlink(DUMP_FILE)
+    }
+
+    fs.writeFile(DUMP_FILE, JSON.stringify(dump_data, undefined, '  '));
+  })
+}

python/.coveragerc

@@ -0,0 +1,4 @@
+[report]
+omit =
+    *noseplugin*
+show_missing = true

python/.noserc

@@ -0,0 +1,12 @@
+# this file's explicitly loaded from setup.cfg (.noserc isn't a
+# standard config path), separated out due to '%(...)s'
+[nosetests]
+verbose=True
+verbosity=1
+detailed-errors=True
+with-coverage=True
+cover-erase=True
+cover-package=http_ece
+cover-tests=True
+logging-format=%(asctime)s,%(msecs)03d %(name)s: %(levelname)s: %(message)s
+logging-datefmt=%H:%M:%S

python/.travis.yml

@@ -0,0 +1,10 @@
+language: python
+python:
+- "2.7"
+install:
+- pip install -r test-requirements.txt
+script:
+- nosetests
+- flake8 http-ece
+after_success:
+- codecov

python/VERSION_DIFFERENCES.md

@@ -0,0 +1,28 @@
+# Major Differences Between the Various HTTP ECE Versions
+
+## aes128gcm
+* Most current version as of 2016/11
+* `salt`, `rs`, and `key_id` now all contained as preamble for the encrypted content.
+* Sender's public DH key value is sent as the `dh` parameter of the `Crypto-Key` header
+    * The `Encryption` header is no longer required.
+* The context string `WebPush: info\x00` + Receiver's raw public key + Sender's raw public key
+* `keyinfo` string set to `Content-Encoding: aes128gcm\x00`
+* `nonceinfo` string set to `Content-Encoding: nonce\x00`
+
+## aesgcm
+* `salt` contained as 'salt' parameter of the `Encryption` header
+* `key_id` contained as `keyid` parameter of the `Crypto-Key` header
+* Sender's public DH key value is sent as the `dh` parameter of the `Crypto-Key` header
+* The context string is: `P-256\x00\x00\x41` + Receiver's raw public key + `\x00\x41` + Sender's raw public key
+* `keyinfo` string set to `Content-Encoding: aesgcm\x00` + context_string 
+* `nonceinfo` string set to `Content-Encoding: nonce` + context_string
+
+## aesgcm128
+* Most obsolete version
+* `salt` contained as 'salt' parameter of the `Encryption` header
+* `key_id` contained as `keyid` parameter of the `Encryption-Key` header
+* Sender's public DH key value is sent as the `dh` parameter of the `Encryption-Key` header
+* The context string is: `P-256\x00\x00\x41` + Receiver's raw public key + `\x00\x41` + Sender's raw public key
+* `keyinfo` string set to `Content-Encoding: aesgcm128`
+* `nonceinfo` string set to `Content-Encoding: nonce`
+* padding between chunks is only 1 octet.