Merge remote-tracking branch 'origin/payload' into payload

Author: Minishlink

README.md

@@ -100,7 +100,9 @@ $browser = $webPush->getBrowser();
 Not until the [Push API spec](http://www.w3.org/TR/push-api/) is finished.
 
 ### What about security?
-Internally, WebPush uses the [phpecc](https://github.com/phpecc/phpecc) Elliptic Curve Cryptography library.
+Internally, WebPush uses the [phpecc](https://github.com/phpecc/phpecc) Elliptic Curve Cryptography library to create 
+local public and private keys and compute the shared secret. 
+Then, WebPush uses `openssl` in order to encrypt the payload with the encryption key.
 
 ### How to solve "SSL certificate problem: unable to get local issuer certificate" ?
 Your installation lacks some certificates.

composer.json

@@ -15,7 +15,8 @@
   "require": {
     "php": ">=5.4",
     "kriswallsmith/buzz": ">=0.6",
-    "mdanter/ecc": "^0.3.0"
+    "mdanter/ecc": "^0.3.0",
+    "lib-openssl": "*"
   },
   "require-dev": {
     "phpunit/phpunit": "4.8.*"

src/WebPush.php

@@ -16,8 +16,9 @@
 use Buzz\Client\MultiCurl;
 use Buzz\Exception\RequestException;
 use Buzz\Message\Response;
+use Mdanter\Ecc\Crypto\Key\PublicKey;
 use Mdanter\Ecc\EccFactory;
-use Mdanter\Ecc\Message\MessageFactory;
+use Mdanter\Ecc\Serializer\Point\UncompressedPointSerializer;
 
 class WebPush
 {
@@ -134,40 +135,40 @@ public function sendNotifications(array $endpoints, array $payloads = null, arra
      * @param string $payload
      *
      * @return array
-     *
-     * @throws
      */
     private function encrypt($userPublicKey, $payload)
     {
-        throw new \ErrorException('Encryption does not work yet.');
-
-        // get local curve
-        $localCurveGenerator = EccFactory::getNistCurves()->generator256();
-        $localPrivateKey = $localCurveGenerator->createPrivateKey();
-        $localPublicKey = $localPrivateKey->getPublicKey();
-        // var sharedSecret = localCurve.computeSecret(userPublicKey);
+        // initialize utilities
+        $math = EccFactory::getAdapter();
+        $keySerializer = new UncompressedPointSerializer($math);
+        $curveGenerator = EccFactory::getNistCurves()->generator256();
+        $curve = EccFactory::getNistCurves()->curve256();
 
-        //var salt = crypto.randomBytes(16);
+        // get local key pair
+        $localPrivateKeyObject = $curveGenerator->createPrivateKey();
+        $localPublicKeyObject = $localPrivateKeyObject->getPublicKey();
+        $localPublicKey = base64_encode(hex2bin($keySerializer->serialize($localPublicKeyObject->getPoint())));
 
-        //ece.saveKey('webpushKey', sharedSecret);
+        // get user public key object
+        $userPublicKeyObject = new PublicKey($math, $curveGenerator, $keySerializer->unserialize($curve, bin2hex(base64_decode($userPublicKey))));
 
-        /*var cipherText = ece.encrypt(payload, {
-            keyid: 'webpushKey',
-            salt: urlBase64.encode(salt),
-        });*/
+        // get shared secret from user public key and local private key
+        $sharedSecret = $userPublicKeyObject->getPoint()->mul($localPrivateKeyObject->getSecret())->getX();
 
-        $messages = new MessageFactory(EccFactory::getAdapter());
-        $message = $messages->plaintext($payload, 'sha256');
+        // generate salt
+        $salt = openssl_random_pseudo_bytes(16);
 
-        $dh = $localPrivateKey->createExchange($messages, $userPublicKey);
-        $salt = hash('sha256', $dh->calculateSharedKey(), true);
+        // get encryption key
+        $encryptionKey = hash_hmac('sha256', $salt, $sharedSecret);
 
-        $cipherText = $dh->encrypt($message)->getContent();
+        // encrypt
+        $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-128-gcm'));
+        $cipherText = openssl_encrypt($payload, 'aes-128-gcm', $encryptionKey, false, $iv); // base 64 encoded
 
         return array(
-            'localPublicKey' => base64_encode($localPublicKey),
+            'localPublicKey' => $localPublicKey,
             'salt' => base64_encode($salt),
-            'cipherText' => base64_encode($cipherText),
+            'cipherText' => $cipherText,
         );
     }
 

tests/WebPushTest.php

@@ -91,17 +91,13 @@ public function testEncrypt()
         $encrypt = $class->getMethod('encrypt');
         $encrypt->setAccessible(true);
 
-        $expected = array(
-            'localPublicKey' => 'BH_1HZcs53fCIMW7Q6ePJqCqc4JIzSeCTjcNBmoet2eMObvQTpiBHH0EnDYZ0kTqk5f2b6wruq7US1vewtngt6o',
-            'salt' => '0HK6QfkQmcQKFVAgG2iOTw',
-            'cipherText' => 'ivmuewrVd-7qkRgxRcu972JyrSvXJzbLeWhTXx1FRZndeP5PVS3fnLQhmK077PgW7C5MLAA_wzDpIN_oB9vo',
-        );
-
-        $actualUserPublicKey = 'BDFsuXPNuJ4SxoYcVVvRagonMcSKHXjsif4qmzpXTDyy29ZKqbwtVAgHCLJGP0HgQ0hpkg6H5-fPBvDjBQxjYfc';
-        $actualPayload = '{"action":"chatMsg","name":"Bob","msg":"test"}';
-
-        $actual = $encrypt->invokeArgs($this->webPush, array($actualUserPublicKey, $actualPayload));
-
-        $this->assertEquals($expected, $actual);
+        $res = $encrypt->invokeArgs($this->webPush, array($this->keys['standard'], 'test'));
+
+        // I can't really test encryption since I don't have the user private key.
+        // I can only test if the function executes.
+        $this->assertArrayHasKey('cipherText', $res);
+        $this->assertArrayHasKey('salt', $res);
+        $this->assertArrayHasKey('localPublicKey', $res);
+        $this->assertEquals(16, strlen(base64_decode($res['salt']))); // should be 16 bytes
     }
 }