feat: review refactoring

* Moved utility functions to common.js
* Moved DER functions to DER_lite.js
* Improved comments
* Improved descriptive text
* made vapid & mzcc classes for multiple instantiation

Author: jrconlin

js/common.js

@@ -0,0 +1,93 @@
+class MozCommon {
+
+    constructor() {
+    }
+
+    ord(c){
+        /* return an ordinal for a character
+        */
+        return c.charCodeAt(0);
+    }
+
+    chr(c){
+        /* return a character for a given ordinal
+        */
+        return String.fromCharCode(c);
+    }
+
+    toUrlBase64(data) {
+        /* Convert a binary array into a URL safe base64 string
+        */
+        return btoa(data)
+            .replace(/\+/g, "-")
+            .replace(/\//g, "_")
+            .replace(/=/g, "")
+    }
+
+    fromUrlBase64(data) {
+        /* return a binary array from a URL safe base64 string
+        */
+        return atob((data + "====".substr(data.length % 4))
+            .replace(/\-/g, "+")
+            .replace(/\_/g, "/"));
+    }
+
+    _strToArray(str) {
+        /* convert a string into a ByteArray
+         *
+         * TextEncoders would be faster, but have a habit of altering
+         * byte order
+         */
+        let split = str.split("");
+        let reply = new Uint8Array(split.length);
+        for (let i in split) {
+            reply[i] = this.ord(split[i]);
+        }
+        return reply;
+    }
+
+    _arrayToStr(array) {
+        /* convert a ByteArray into a string
+         */
+        return String.fromCharCode.apply(null, new Uint8Array(array));
+    }
+
+    rawToJWK(raw, ops) {
+    /* convert a URL safe base64 raw key to jwk format
+    */
+        if (typeof(raw) == "string") {
+            raw = this._strToArray(this.fromUrlBase64(raw));
+        }
+        // Raw is supposed to start with a 0x04, but some libraries don't. sigh.
+        if (raw.length == 65 && raw[0] != 4) {
+            throw new Error('ERR_PUB_KEY');
+        }
+
+        raw= raw.slice(-64);
+        let x = this.toUrlBase64(String.fromCharCode.apply(null,
+            raw.slice(0,32)));
+        let y = this.toUrlBase64(String.fromCharCode.apply(null,
+            raw.slice(32,64)));
+
+        // Convert to a JWK and import it.
+        let jwk = {
+            crv: "P-256",
+            ext: true,
+            key_ops: ops,
+            kty: "EC",
+            x: x,
+            y, y
+        };
+
+        return jwk
+    }
+
+    JWKToRaw(jwk) {
+        /* Convert a JWK object to a "raw" URL Safe base64 string
+        */
+        xv = this.fromUrlBase64(jwk.x);
+        yv = this.fromUrlBase64(jwk.y);
+        return this.toUrlBase64("\x04" + xv + yv);
+    }
+}
+

js/der_lite.js

@@ -0,0 +1,165 @@
+'use strict';
+
+class DERLite{
+    constructor() {}
+
+    /* Simplified DER export and import is provided because a large number of
+     * libraries and languages understand DER as a key exchange and storage
+     * format. DER is NOT required for VAPID, however, the key you may
+     * generate here (or in a different library) may be in this format.
+     *
+     * A fully featured DER library is available at
+     * https://github.com/indutny/asn1.js
+     */
+
+    export_private_der(key) {
+        /* Generate a DER sequence.
+         *
+         * This can be read in via something like
+         * python's
+         * ecdsa.keys.SigningKey
+         *     .from_der(base64.urlsafe_b64decode("MHc..."))
+         *
+         * :param key: CryptoKey containing private key info
+         */
+        return webCrypto.exportKey("jwk", key)
+            .then(k => {
+                // verifying key
+                let xv = mzcc.fromUrlBase64(k.x);
+                let yv = mzcc.fromUrlBase64(k.y);
+                // private key
+                let dv = mzcc.fromUrlBase64(k.d);
+
+                // verifying key (public)
+                let vk = '\x00\x04' + xv + yv;
+                // \x02 is integer
+                let int1 = '\x02\x01\x01'; // integer 1
+                // \x04 is octet string
+                let dvstr = '\x04' + mzcc.chr(dv.length) + dv;
+                let curve_oid = "\x06\x08" +
+                    "\x2a\x86\x48\xce\x3d\x03\x01\x07";
+                // \xaX is a construct, low byte is order.
+                let curve_oid_const = '\xa0' + mzcc.chr(curve_oid.length) +
+                    curve_oid;
+                // \x03 is a bitstring
+                let vk_enc = '\x03' + mzcc.chr(vk.length) + vk;
+                let vk_const = '\xa1' + mzcc.chr(vk_enc.length) + vk_enc;
+                // \x30 is a sequence start.
+                let seq = int1 + dvstr + curve_oid_const + vk_const;
+                let rder = "\x30" + mzcc.chr(seq.length) + seq;
+                return mzcc.toUrlBase64(rder);
+            })
+            .catch(err => console.error(err))
+    }
+
+    import_private_der(der_str) {
+        /* Import a Private Key stored in DER format. This allows a key
+         * to be generated outside of this script.
+         *
+         * :param der_str: URL safe base64 formatted DER string.
+         * :returns: Promise containing the imported private key
+         */
+        let der = mzcc._strToArray(mzcc.fromUrlBase64(der_str));
+        // quick guantlet to see if this is a valid DER
+        let cmp = new Uint8Array([2,1,1,4]);
+        if (der[0] != 48 ||
+            ! der.slice(2, 6).every(function(v, i){return cmp[i] == v})){
+            throw new Error("Invalid import key")
+        }
+        let dv = der.slice(7, 7+der[6]);
+        // HUGE cheat to get the x y values
+        let xv = der.slice(-64, -32);
+        let yv = der.slice(-32);
+        let key_ops = ['sign'];
+
+        let jwk = {
+           crv: "P-256",
+           ext: true,
+           key_ops: key_ops,
+           kty: "EC",
+           x: mzcc.toUrlBase64(String.fromCharCode.apply(null, xv)),
+           y: mzcc.toUrlBase64(String.fromCharCode.apply(null, yv)),
+           d: mzcc.toUrlBase64(String.fromCharCode.apply(null, dv)),
+        };
+
+        console.debug(JSON.stringify(jwk));
+        return webCrypto.importKey('jwk', jwk, 'ECDSA', true, key_ops);
+    }
+
+    export_public_der(key) {
+        /* Generate a DER sequence containing just the public key info.
+         *
+         * :param key: CryptoKey containing public key information
+         * :returns: a URL safe base64 encoded string containing the
+         *   public key
+         */
+        return webCrypto.exportKey("jwk", key)
+            .then(k => {
+                // raw keys always begin with a 4
+                let xv = mzcc._strToArray(mzcc.fromUrlBase64(k.x));
+                let yv = mzcc._strToArray(mzcc.fromUrlBase64(k.y));
+
+                let point = "\x00\x04" +
+                    String.fromCharCode.apply(null, xv) +
+                    String.fromCharCode.apply(null, yv);
+                window.Kpoint = point;
+                // a combination of the oid_ecPublicKey + p256 encoded oid
+                let prefix = "\x30\x13" +  // sequence + length
+                    "\x06\x07" + "\x2a\x86\x48\xce\x3d\x02\x01" +
+                    "\x06\x08" + "\x2a\x86\x48\xce\x3d\x03\x01\x07"
+                let encPoint = "\x03" + mzcc.chr(point.length) + point
+                let rder = "\x30" + mzcc.chr(prefix.length + encPoint.length) +
+                    prefix + encPoint;
+                let der = mzcc.toUrlBase64(rder);
+                return der;
+            });
+    }
+
+    import_public_der(derArray) {
+        /* Import a DER formatted public key string.
+         *
+         * The Crypto-Key p256ecdsa=... key is such a thing.
+         * Returns a promise containing the public key.
+         *
+         * :param derArray: the DER array containing the public key.
+         *  NOTE: This may also be a URL safe base64 encoded version
+         *  of the DER array.
+         * :returns: A promise containing the imported public key.
+         *
+         */
+        if (typeof(derArray) == "string") {
+            derArray = mzcc._strToArray(mzcc.fromUrlBase64(derArray));
+        }
+        /* Super light weight public key import function */
+        let err = new Error(this.lang.errs.ERR_PUB_D_KEY);
+        // Does the record begin with "\x30"
+        if (derArray[0] != 48) { throw err}
+        // is this an ECDSA record? (looking for \x2a and \x86
+        if (derArray[6] != 42 && derArray[7] != 134) { throw err}
+        if (derArray[15] != 42 && derArray[16] != 134) { throw err}
+        // Public Key Record usually beings @ offset 23.
+        if (derArray[23] != 3 && derArray[24] != 40 &&
+                derArray[25] != 0 && derArray[26] != 4) {
+            throw err;
+        }
+        // pubkey offset starts at byte 25
+        let x = mzcc.toUrlBase64(String.fromCharCode
+                .apply(null, derArray.slice(27, 27+32)));
+        let y = mzcc.toUrlBase64(String.fromCharCode
+                .apply(null, derArray.slice(27+32, 27+64)));
+
+        // Convert to a JWK and import it.
+        let jwk = {
+            crv: "P-256",
+            ext: true,
+            key_ops: ["verify"],
+            kty: "EC",
+            x: x,
+            y, y
+        };
+
+        return webCrypto.importKey('jwk', jwk, 'ECDSA', true, ["verify"])
+
+    }
+}
+

js/index.html

@@ -11,35 +11,55 @@
 <div id="document-main">
 <h1>VAPID verification</h1>
 <div id="intro" class="section">
-    <p>This page helps construct or validate <a href="https://datatracker.ietf.org/doc/draft-thomson-webpush-vapid/">VAPID</a> header data.</p>
+    <p>This page helps validate or construct
+    <a href="https://datatracker.ietf.org/doc/draft-thomson-webpush-vapid/">VAPID</a>
+    header data. The <b><a href="#headers">Headers</a></b> section accepts existing header values
+    (e.g. ones created by a library or included as part of a subscription
+    update).</p>
+    <p>The <b><a href="#claims">Claims</a></b> section will create a valid JSON claim, generate a
+    VAPID key pair, and generate the proper header values.</p>
+    <p>The <b><a href="#export">Exported Keys</a></b> section provides the keys in DER format which
+    should be readable by many encryption libraries.</p>
 </div>
 <div id="inputs" class="section">
-<h2>Headers</h2>
-    <p>The headers are sent with subscription updates. They provide the site information to associate with
-    this feed.</p>
+    <a name="headers"><h2>Headers</h2></a>
+    <p>The headers are sent with subscription updates. They provide the
+    site information to associate with this feed. PLEASE NOTE: Your private
+    key should be generated on your machine and should NEVER leave your
+    box or control. This page will generate a valid key that can be used,
+    and all functions are local, but this is purely for educational purposes
+    only.</p>
     <label for="auth">Authorization Header:</label>
+    <div class="description">This is the content of the
+        <code>Authorization</code> header included as part of the subscription
+        POST update.</div>
     <textarea name="auth" placeholder="Bearer abCDef..."></textarea>
     <label for="crypt">Crypto-Key Header:</label>
-    <p>The public key expressed after "p256ecdsa=" can associate this feed with the dashboard.</p>
+    <div class="description">This is your VAPID public key. This is included
+        as part of the <code>Crypto-Key</code> header, which is included
+        as part of the subscription POST update. <code>Crypto-Key</code>
+        may contain more than one part. Each part should be separated by a
+        comma (",")</div>
     <textarea name="crypt" placeholder="p256ecdsa=abCDef.."></textarea>
     <div class="control">
     <label for="publicKey">Public Key:</label>
-    <p>This is the public key you'd use for the Dashboard</p>
-    <textarea name="publicKey" placeholder="abCDef..." readonly=true></textarea>
+    <div class="description">This is the VAPID key you would use when adding
+        applications to your Dashboard.</div>
+    <div name="publicKey" class="value" ></div>
     <button id="check">Check headers</button>
 </div>
 </div>
 <div id="result" class="section">
-<h2>Claims</h2>
+    <a name="claims"><h2>Claims</h2></a>
     <p>Claims are the information a site uses to identify itself.
     <div class="row">
         <label for="aud" title="The full URL to your site."><b>Aud</b>ience:</label>
-        <p>The full URL to your site.</p>
+        <p>The optional full URL to your site.</p>
         <input name="aud" placeholder="https://push.example.com">
     </div>
     <div class="row">
     <label for="sub" ><b>Sub</b>scriber:</label>
-    <p>The administrative email address that can be contacted if there's an issue</p>
+    <p>The required administrative email address that can be contacted if there's an issue</p>
     <input name="sub" placeholder="mailto:admin@push.example.com">
     </div>
     <div class="row">
@@ -61,17 +81,20 @@ <h3>Claims JSON object:</h3>
     </div>
 </div>
 <div id="keys" class="section">
-    <h2>Exported Keys</h2>
+    <a name="export"><h2>Exported Keys</h2></a>
 <b>Auto-generated keys:</b>
-<p>These are ASN.1 DER formatted version of the public and private keys used to generate
-the VAPID headers. These can be useful for languages that use DER or PEM for key import.</p>
+<p>These are ASN.1 DER formatted version of the public and private keys used
+to generate the above VAPID headers. These can be useful for languages that
+use DER or PEM for key import.</p>
     <label for="priv">DER Private Key:</label><textarea name="priv"></textarea>
     <label for="pub">DER Public Key:</label><textarea name="pub"></textarea>
 </div>
 <div id="err" class="hidden section"></div>
 </div>
 </div>
 </main>
+<script src="der_lite.js"></script>
+<script src="common.js"></script>
 <script src="vapid.js"></script>
 <script>
 
@@ -207,12 +230,6 @@ <h2>Exported Keys</h2>
          rclaims.innerHTML = JSON.stringify(claims, null, "    ");
          rclaims.classList.add("updated");
          vapid.generate_keys().then(x => {
-             vapid.export_private_der()
-                 .then(k => document.getElementsByName("priv")[0].value = k)
-                 .catch(er => error(er, "Private Key export failed"));
-            vapid.export_public_der()
-                 .then(k => document.getElementsByName("pub")[0].value = k)
-                .catch(er => error(er, "Public key export failed" ));
              vapid.sign(claims)
                 .then(k => {
                  let auth = document.getElementsByName("auth")[0];
@@ -223,10 +240,17 @@ <h2>Exported Keys</h2>
                  crypt.classList.add('updated');
                  let pk = document.getElementsByName("publicKey")[0];
                  // Public Key is the crypto key minus the 'p256ecdsa='
-                 pk.value = k.publicKey;
+                 pk.innerHTML = k.publicKey;
                  pk.classList.add('updated');
                 })
                .catch(err => error(err, err_strs.enus.CLAIMS_FAIL));
+              exporter = new DERLite();
+              exporter.export_private_der(x.privateKey)
+                     .then(k => document.getElementsByName("priv")[0].value = k)
+                     .catch(er => error(er, "Private Key export failed"));
+              exporter.export_public_der(x.publicKey)
+                     .then(k => document.getElementsByName("pub")[0].value = k)
+                     .catch(er => error(er, "Public key export failed" ));
              });
      } catch (ex) {
          error(ex, err_strs.enus.HEADER_NOPE);
@@ -269,6 +293,8 @@ <h2>Exported Keys</h2>
 document.getElementById("gen").addEventListener("click", gen);
 document.getElementById('vapid_exp').value = parseInt(Date.now()*.001) + 86400;
 
+var vapid = new VapidToken();
+var mzcc = new MozCommon();
 
 </script>
 </body>