Fix encryption in v3 (#146)

* Don't fail silently PushServiceTest * Fix encryption
web-push-libs · Mar 16, 2018 · c09b8e2 · c09b8e2
1 parent 5c98dbf
commit c09b8e2
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/src/Encryption.php b/src/Encryption.php
@@ -50,12 +50,21 @@ public static function encrypt(string $payload, string $userPublicKey, string $u
         $userAuthToken = Base64Url::decode($userAuthToken);
 
         $curve = NistCurve::curve256();
-        $privateKey = $curve->createPrivateKey();
-        $publicKey = $curve->createPublicKey($privateKey);
-        $localPublicKey = hex2bin(Utils::serializePublicKey($publicKey));
+
+        // get local key pair
+        $localPrivateKeyObject = $curve->createPrivateKey();
+        $localPublicKeyObject = $curve->createPublicKey($localPrivateKeyObject);
+        $localPublicKey = hex2bin(Utils::serializePublicKey($localPublicKeyObject));
+
+        // get user public key object
+        [$userPublicKeyObjectX, $userPublicKeyObjectY] = Utils::unserializePublicKey($userPublicKey);
+        $userPublicKeyObject = $curve->getPublicKeyFrom(
+            gmp_init(bin2hex($userPublicKeyObjectX), 16),
+            gmp_init(bin2hex($userPublicKeyObjectY), 16)
+        );
 
         // get shared secret from user public key and local private key
-        $sharedSecret = $curve->mul($publicKey->getPoint(), $privateKey->getSecret())->getX();
+        $sharedSecret = $curve->mul($userPublicKeyObject->getPoint(), $localPrivateKeyObject->getSecret())->getX();
         $sharedSecret = hex2bin(gmp_strval($sharedSecret, 16));
 
         // generate salt

diff --git a/tests/PushServiceTest.php b/tests/PushServiceTest.php
@@ -161,7 +161,6 @@ protected function createClosureTest($browserId, $browserVersion, $options)
             $p256dh = $keys->{'p256dh'};
 
             $payload = 'hello';
-            $getNotificationCurl = null;
             try {
                 $sendResp = $this->webPush->sendNotification($endpoint, $payload, $p256dh, $auth, true);
                 $this->assertTrue($sendResp);
@@ -183,7 +182,7 @@ protected function createClosureTest($browserId, $browserVersion, $options)
                     CURLOPT_TIMEOUT => self::$timeout,
                 ]);
 
-                $parsedResp = $this->getResponse($getSubscriptionCurl);
+                $parsedResp = $this->getResponse($getNotificationCurl);
 
                 if (!property_exists($parsedResp->{'data'}, 'messages')) {
                     throw new Exception('web-push-testing-service error, no messages: '.json_encode($parsedResp));
@@ -199,6 +198,8 @@ protected function createClosureTest($browserId, $browserVersion, $options)
                         echo $e;
                     }
                     $this->assertEquals($e->getMessage(), 'No GCM API Key specified.');
+                } else {
+                    throw $e;
                 }
             }
         };