From c09b8e2ceee237247abc3fb51ab5028b17b2f60c Mon Sep 17 00:00:00 2001
From: Louis Lagrange <lagrange.louis@gmail.com>
Date: Fri, 16 Mar 2018 13:44:08 +0100
Subject: [PATCH] Fix encryption in v3 (#146)

* Don't fail silently PushServiceTest

* Fix encryption
---
 src/Encryption.php        | 17 +++++++++++++----
 tests/PushServiceTest.php |  5 +++--
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/Encryption.php b/src/Encryption.php
index 9e68ef5c..0bdc0e5e 100644
--- a/src/Encryption.php
+++ b/src/Encryption.php
@@ -50,12 +50,21 @@ public static function encrypt(string $payload, string $userPublicKey, string $u
         $userAuthToken = Base64Url::decode($userAuthToken);
 
         $curve = NistCurve::curve256();
-        $privateKey = $curve->createPrivateKey();
-        $publicKey = $curve->createPublicKey($privateKey);
-        $localPublicKey = hex2bin(Utils::serializePublicKey($publicKey));
+
+        // get local key pair
+        $localPrivateKeyObject = $curve->createPrivateKey();
+        $localPublicKeyObject = $curve->createPublicKey($localPrivateKeyObject);
+        $localPublicKey = hex2bin(Utils::serializePublicKey($localPublicKeyObject));
+
+        // get user public key object
+        [$userPublicKeyObjectX, $userPublicKeyObjectY] = Utils::unserializePublicKey($userPublicKey);
+        $userPublicKeyObject = $curve->getPublicKeyFrom(
+            gmp_init(bin2hex($userPublicKeyObjectX), 16),
+            gmp_init(bin2hex($userPublicKeyObjectY), 16)
+        );
 
         // get shared secret from user public key and local private key
-        $sharedSecret = $curve->mul($publicKey->getPoint(), $privateKey->getSecret())->getX();
+        $sharedSecret = $curve->mul($userPublicKeyObject->getPoint(), $localPrivateKeyObject->getSecret())->getX();
         $sharedSecret = hex2bin(gmp_strval($sharedSecret, 16));
 
         // generate salt
diff --git a/tests/PushServiceTest.php b/tests/PushServiceTest.php
index 890dc5b0..30742335 100644
--- a/tests/PushServiceTest.php
+++ b/tests/PushServiceTest.php
@@ -161,7 +161,6 @@ protected function createClosureTest($browserId, $browserVersion, $options)
             $p256dh = $keys->{'p256dh'};
 
             $payload = 'hello';
-            $getNotificationCurl = null;
             try {
                 $sendResp = $this->webPush->sendNotification($endpoint, $payload, $p256dh, $auth, true);
                 $this->assertTrue($sendResp);
@@ -183,7 +182,7 @@ protected function createClosureTest($browserId, $browserVersion, $options)
                     CURLOPT_TIMEOUT => self::$timeout,
                 ]);
 
-                $parsedResp = $this->getResponse($getSubscriptionCurl);
+                $parsedResp = $this->getResponse($getNotificationCurl);
 
                 if (!property_exists($parsedResp->{'data'}, 'messages')) {
                     throw new Exception('web-push-testing-service error, no messages: '.json_encode($parsedResp));
@@ -199,6 +198,8 @@ protected function createClosureTest($browserId, $browserVersion, $options)
                         echo $e;
                     }
                     $this->assertEquals($e->getMessage(), 'No GCM API Key specified.');
+                } else {
+                    throw $e;
                 }
             }
         };