work on aesgcm

Minishlink · Minishlink · commit 34491d08a008 · 2016-03-16T18:28:23.000+01:00
diff --git a/src/Encryption.php b/src/Encryption.php
@@ -0,0 +1,155 @@
+<?php
+
+/*
+ * This file is part of the WebPush library.
+ *
+ * (c) Louis Lagrange <lagrange.louis@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Minishlink\WebPush;
+
+use Base64Url\Base64Url;
+use Mdanter\Ecc\Crypto\Key\PublicKey;
+use Mdanter\Ecc\EccFactory;
+use Mdanter\Ecc\Serializer\Point\UncompressedPointSerializer;
+
+final class Encryption
+{
+    /**
+     * @param string $payload
+     * @param string $userPublicKey MIME base 64 encoded
+     * @param string $userAuthToken MIME base 64 encoded
+     * @param bool   $nativeEncryption Use OpenSSL (>PHP7.1)
+     *
+     * @return array
+     */
+    public static function encrypt($payload, $userPublicKey, $userAuthToken, $nativeEncryption)
+    {
+        $userPublicKey = base64_decode($userPublicKey);
+        $userAuthToken = base64_decode($userAuthToken);
+        $plaintext = chr(0).chr(0).utf8_decode($payload);
+
+        // initialize utilities
+        $math = EccFactory::getAdapter();
+        $keySerializer = new UncompressedPointSerializer($math);
+        $curveGenerator = EccFactory::getNistCurves()->generator256();
+        $curve = EccFactory::getNistCurves()->curve256();
+
+        // get local key pair
+        $localPrivateKeyObject = $curveGenerator->createPrivateKey();
+        $localPublicKeyObject = $localPrivateKeyObject->getPublicKey();
+        $localPublicKey = hex2bin($keySerializer->serialize($localPublicKeyObject->getPoint()));
+
+        // get user public key object
+        $userPublicKeyObject = new PublicKey($math, $curveGenerator, $keySerializer->unserialize($curve, bin2hex($userPublicKey)));
+
+        // get shared secret from user public key and local private key
+        $sharedSecret = hex2bin($math->decHex($userPublicKeyObject->getPoint()->mul($localPrivateKeyObject->getSecret())->getX()));
+
+        // generate salt
+        $salt = openssl_random_pseudo_bytes(16);
+
+        $prk = !empty($userAuthToken) ?
+            self::hkdf($userAuthToken, $sharedSecret, utf8_decode('Content-Encoding: auth\0'), 32) :
+            $sharedSecret;
+
+        $context = self::createContext($userPublicKey, $localPublicKey);
+
+        // derive the Content Encryption Key
+        $contentEncryptionKeyInfo = self::createInfo('aesgcm', $context);
+        $contentEncryptionKey = self::hkdf($salt, $prk, $contentEncryptionKeyInfo, 16);
+
+        // derive the Nonce
+        $nonceInfo = self::createInfo('nonce', $context);
+        $nonce = self::hkdf($salt, $prk, $nonceInfo, 12);
+
+        // encrypt
+        if (!$nativeEncryption) {
+            list($encryptedText, $tag) = \Jose\Util\GCM::encrypt($contentEncryptionKey, $nonce, $plaintext, "");
+            $cipherText = $encryptedText.$tag;
+        } else {
+            $cipherText = openssl_encrypt($plaintext, 'aes-128-gcm', $contentEncryptionKey, false, $nonce); // base 64 encoded
+        }
+
+        // return values in url safe base64
+        return array(
+            'localPublicKey' => Base64Url::encode($localPublicKey),
+            'salt' => Base64Url::encode($salt),
+            'cipherText' => $cipherText,
+        );
+    }
+
+    /**
+     * HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
+     *
+     * This is used to derive a secure encryption key from a mostly-secure shared
+     * secret.
+     *
+     * This is a partial implementation of HKDF tailored to our specific purposes.
+     * In particular, for us the value of N will always be 1, and thus T always
+     * equals HMAC-Hash(PRK, info | 0x01).
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc5869.txt}
+     * From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}
+     *
+     * @param $salt string A non-secret random value
+     * @param $ikm string Input keying material
+     * @param $info string Application-specfic context
+     * @param $length int The length (in bytes) of the required output key
+     * @return string
+     */
+    private static function hkdf($salt, $ikm, $info, $length)
+    {
+        // extract
+        $prk = hash_hmac('sha256', $ikm, $salt, true);
+
+        // expand
+        return substr(hash_hmac('sha256', $info.chr(1), $prk, true), 0, $length);
+    }
+
+    /**
+     * Creates a context for deriving encyption parameters.
+     * See section 4.2 of
+     * {@link https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-00}
+     * From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}
+     *
+     * @param $clientPublicKey string The client's public key
+     * @param $serverPublicKey string Our public key
+     * @return string
+     * @throws \ErrorException
+     */
+    private static function createContext($clientPublicKey, $serverPublicKey)
+    {
+        if (strlen($clientPublicKey) !== 65) {
+            throw new \ErrorException('Invalid client public key length');
+        }
+
+        // This one should never happen, because it's our code that generates the key
+        if (strlen($serverPublicKey) !== 65) {
+        throw new \ErrorException('Invalid server public key length');
+        }
+
+        return chr(0).strlen($clientPublicKey).$clientPublicKey.strlen($serverPublicKey).$serverPublicKey;
+    }
+
+    /**
+     * Returns an info record. See sections 3.2 and 3.3 of
+     * {@link https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-00}
+     * From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}
+     *
+     * @param $type string The type of the info record
+     * @param $context string The context for the record
+     * @return string
+     * @throws \ErrorException
+     */
+    private static function createInfo($type, $context) {
+        if (strlen($context) !== 135) {
+            throw new \ErrorException('Context argument has invalid size');
+        }
+
+        return 'Content-Encoding: '.$type.chr(0).'P-256'.$context;
+    }
+}
diff --git a/src/WebPush.php b/src/WebPush.php
@@ -11,15 +11,11 @@
 
 namespace Minishlink\WebPush;
 
-use Base64Url\Base64Url;
 use Buzz\Browser;
 use Buzz\Client\AbstractClient;
 use Buzz\Client\MultiCurl;
 use Buzz\Exception\RequestException;
 use Buzz\Message\Response;
-use Mdanter\Ecc\Crypto\Key\PublicKey;
-use Mdanter\Ecc\EccFactory;
-use Mdanter\Ecc\Serializer\Point\UncompressedPointSerializer;
 
 class WebPush
 {
@@ -177,54 +173,6 @@ public function flush()
         return $completeSuccess ? true : $return;
     }
 
-    /**
-     * @param string $userPublicKey MIME base 64 encoded
-     * @param string $payload
-     *
-     * @return array
-     */
-    private function encrypt($userPublicKey, $payload)
-    {
-        // initialize utilities
-        $math = EccFactory::getAdapter();
-        $keySerializer = new UncompressedPointSerializer($math);
-        $curveGenerator = EccFactory::getNistCurves()->generator256();
-        $curve = EccFactory::getNistCurves()->curve256();
-
-        // get local key pair
-        $localPrivateKeyObject = $curveGenerator->createPrivateKey();
-        $localPublicKeyObject = $localPrivateKeyObject->getPublicKey();
-        $localPublicKey = hex2bin($keySerializer->serialize($localPublicKeyObject->getPoint()));
-
-        // get user public key object
-        $userPublicKeyObject = new PublicKey($math, $curveGenerator, $keySerializer->unserialize($curve, bin2hex(base64_decode($userPublicKey))));
-
-        // get shared secret from user public key and local private key
-        $sharedSecret = $userPublicKeyObject->getPoint()->mul($localPrivateKeyObject->getSecret())->getX();
-
-        // generate salt
-        $salt = openssl_random_pseudo_bytes(16);
-
-        // get encryption key
-        $encryptionKey = hash_hmac('sha256', $salt, $sharedSecret, true);
-
-        // encrypt
-        $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-128-gcm'));
-        if (!$this->nativePayloadEncryptionSupport && $this->payloadEncryptionSupport) {
-            list($encryptedText, $tag) = \Jose\Util\GCM::encrypt($encryptionKey, $iv, $payload, "");
-            $cipherText = $encryptedText.$tag;
-        } else {
-            $cipherText = openssl_encrypt($payload, 'aes-128-gcm', $encryptionKey, false, $iv); // base 64 encoded
-        }
-
-        // return values in url safe base64
-        return array(
-            'localPublicKey' => Base64Url::encode($localPublicKey),
-            'salt' => Base64Url::encode($salt),
-            'cipherText' => Base64Url::encode($cipherText),
-        );
-    }
-
     private function sendToStandardEndpoints(array $notifications)
     {
         $responses = array();
@@ -234,12 +182,12 @@ private function sendToStandardEndpoints(array $notifications)
             $userPublicKey = $notification->getUserPublicKey();
 
             if (isset($payload) && isset($userPublicKey) && ($this->payloadEncryptionSupport || $this->nativePayloadEncryptionSupport)) {
-                $encrypted = $this->encrypt($userPublicKey, $payload);
+                $encrypted = Encryption::encrypt($payload, $userPublicKey, null, $this->nativePayloadEncryptionSupport);
 
                 $headers = array(
                     'Content-Length' => strlen($encrypted['cipherText']),
                     'Content-Type' => 'application/octet-stream',
-                    'Content-Encoding' => 'aesgcm128',
+                    'Content-Encoding' => 'aesgcm',
                     'Encryption' => 'keyid="p256dh";salt="'.$encrypted['salt'].'"',
                     'Crypto-Key' => 'keyid="p256dh";dh="'.$encrypted['localPublicKey'].'"',
                     'TTL' => $this->TTL,
