b0y-101 Mini Shell


Current Path : E:/www/risk/administrator/components/com_akeebabackup/webpush/WebPush/
File Upload :
Current File : E:/www/risk/administrator/components/com_akeebabackup/webpush/WebPush/Encryption.php

<?php
/**
 * Akeeba WebPush
 *
 * An abstraction layer for easier implementation of WebPush in Joomla components.
 *
 * @copyright (c) 2022 Akeeba Ltd
 * @license   GNU GPL v3 or later; see LICENSE.txt
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace Akeeba\WebPush\WebPush;

use Akeeba\WebPush\ECC\Curve;
use Akeeba\WebPush\ECC\Point;
use Akeeba\WebPush\ECC\PrivateKey;
use Base64Url\Base64Url;
use Brick\Math\BigInteger;
use function mb_substr;
use function chr;
use function hex2bin;
use function is_array;
use function openssl_encrypt;
use function pack;
use function str_pad;
use function unpack;
use const false;
use const OPENSSL_RAW_DATA;
use const STR_PAD_LEFT;

/**
 * This class is a derivative work based on the WebPush library by Louis Lagrange. It has been modified to only use
 * dependencies shipped with Joomla itself and must not be confused with the original work.
 *
 * You can find the original code at https://github.com/web-push-libs
 *
 * The original code came with the following copyright notice:
 *
 * =====================================================================================================================
 *
 * This file is part of the WebPush library.
 *
 * (c) Louis Lagrange <lagrange.louis@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE-LAGRANGE.txt
 * file that was distributed with this source code.
 *
 * =====================================================================================================================
 */
class Encryption
{
	public const MAX_PAYLOAD_LENGTH = 4078;

	public const MAX_COMPATIBILITY_PAYLOAD_LENGTH = 3052;

	/**
	 * @param   string  $payload        With padding
	 * @param   string  $userPublicKey  Base 64 encoded (MIME or URL-safe)
	 * @param   string  $userAuthToken  Base 64 encoded (MIME or URL-safe)
	 *
	 * @throws \ErrorException
	 */
	public static function encrypt(string $payload, string $userPublicKey, string $userAuthToken, string $contentEncoding): array
	{
		$localKeyData = self::createLocalKeyObjectUsingOpenSSL();
		$salt         = random_bytes(16);

		$userPublicKey = Base64Url::decode($userPublicKey);
		$userAuthToken = Base64Url::decode($userAuthToken);

		// get local key pair
		$localPublicKey = hex2bin(Utils::serializePublicKeyFromData($localKeyData));

		if (!$localPublicKey)
		{
			throw new \ErrorException('Failed to convert local public key from hexadecimal to binary');
		}

		// get user public key object
		[$userPublicKeyObjectX, $userPublicKeyObjectY] = Utils::unserializePublicKey($userPublicKey);

		$userKeyData = [
			'x'   => $userPublicKeyObjectX,
			'y'   => $userPublicKeyObjectY,
		];

		// get shared secret from user public key and local private key
		$sharedSecret = Encryption::calculateAgreementKey($localKeyData, $userKeyData);

		$sharedSecret = str_pad($sharedSecret, 32, chr(0), STR_PAD_LEFT);

		// section 4.3
		$ikm = Encryption::getIKM($userAuthToken, $userPublicKey, $localPublicKey, $sharedSecret, $contentEncoding);

		// section 4.2
		$context = Encryption::createContext($userPublicKey, $localPublicKey, $contentEncoding);

		// derive the Content Encryption Key
		$contentEncryptionKeyInfo = Encryption::createInfo($contentEncoding, $context, $contentEncoding);
		$contentEncryptionKey     = Encryption::hkdf($salt, $ikm, $contentEncryptionKeyInfo, 16);

		// section 3.3, derive the nonce
		$nonceInfo = Encryption::createInfo('nonce', $context, $contentEncoding);
		$nonce     = Encryption::hkdf($salt, $ikm, $nonceInfo, 12);

		// encrypt
		// "The additional data passed to each invocation of AEAD_AES_128_GCM is a zero-length octet sequence."
		$tag           = '';
		$encryptedText = openssl_encrypt($payload, 'aes-128-gcm', $contentEncryptionKey, OPENSSL_RAW_DATA, $nonce, $tag);

		// return values in url safe base64
		return [
			'localPublicKey' => $localPublicKey,
			'salt'           => $salt,
			'cipherText'     => $encryptedText . $tag,
		];
	}

	public static function getContentCodingHeader(string $salt, string $localPublicKey, string $contentEncoding): string
	{
		if ($contentEncoding === "aes128gcm")
		{
			return $salt
				. pack('N*', 4096)
				. pack('C*', Utils::safeStrlen($localPublicKey))
				. $localPublicKey;
		}

		return "";
	}

	/**
	 * @return string padded payload (plaintext)
	 * @throws \ErrorException
	 */
	public static function padPayload(string $payload, int $maxLengthToPad, string $contentEncoding): string
	{
		$payloadLen = Utils::safeStrlen($payload);
		$padLen     = $maxLengthToPad ? $maxLengthToPad - $payloadLen : 0;

		if ($contentEncoding === "aesgcm")
		{
			return pack('n*', $padLen) . str_pad($payload, $padLen + $payloadLen, chr(0), STR_PAD_LEFT);
		}
		elseif ($contentEncoding === "aes128gcm")
		{
			return str_pad($payload . chr(2), $padLen + $payloadLen, chr(0), STR_PAD_RIGHT);
		}
		else
		{
			throw new \ErrorException("This content encoding is not supported");
		}
	}

	private static function addNullPadding(string $data): string
	{
		return str_pad($data, 32, chr(0), STR_PAD_LEFT);
	}

	private static function calculateAgreementKey(array $private_key, array $public_key): string
	{
		if (function_exists('openssl_pkey_derive'))
		{
			try
			{
				$publicPem  = self::convertPublicKeyToPEM($public_key);
				$private_key = array_map([Base64Url::class, 'encode'], $private_key);
				$privatePem = self::convertPrivateKeyToPEM($private_key);

				$result = openssl_pkey_derive($publicPem, $privatePem, 256);
				if ($result === false)
				{
					throw new \Exception('Unable to compute the agreement key');
				}

				return $result;
			}
			catch (\Throwable $throwable)
			{
				//Does nothing. Will fallback to the pure PHP function
			}
		}


		$curve = self::curve256();

		$rec_x    = self::convertBase64ToBigInteger($public_key['x']);
		$rec_y    = self::convertBase64ToBigInteger($public_key['y']);
		$sen_d    = self::convertBase64ToBigInteger($private_key['d']);
		$priv_key = PrivateKey::create($sen_d);
		$pub_key  = $curve->getPublicKeyFrom($rec_x, $rec_y);

		return hex2bin(str_pad($curve->mul($pub_key->getPoint(), $priv_key->getSecret())->getX()->toBase(16), 64, '0', STR_PAD_LEFT));
	}

	/**
	 * @throws \ErrorException
	 */
	private static function convertBase64ToBigInteger(string $value): BigInteger
	{
		try
		{
			$value = unpack('H*', Base64Url::decode($value));
		}
		catch (\Exception $e)
		{
			$value = unpack('H*', $value);
		}

		if ($value === false)
		{
			throw new \ErrorException('Unable to unpack hex value from string');
		}

		return BigInteger::fromBase($value[1], 16);
	}

	/**
	 * @throws \ErrorException
	 */
	private static function convertBase64ToGMP(string $value): \GMP
	{
		$value = unpack('H*', Base64Url::decode($value));

		if ($value === false)
		{
			throw new \ErrorException('Unable to unpack hex value from string');
		}

		return gmp_init($value[1], 16);
	}

	/**
	 * Creates a context for deriving encryption parameters.
	 * See section 4.2 of
	 * {@link https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-00}
	 * From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}.
	 *
	 * @param   string  $clientPublicKey  The client's public key
	 * @param   string  $serverPublicKey  Our public key
	 *
	 * @throws \ErrorException
	 */
	private static function createContext(string $clientPublicKey, string $serverPublicKey, string $contentEncoding): ?string
	{
		if ($contentEncoding === "aes128gcm")
		{
			return null;
		}

		if (Utils::safeStrlen($clientPublicKey) !== 65)
		{
			throw new \ErrorException('Invalid client public key length');
		}

		// This one should never happen, because it's our code that generates the key
		if (Utils::safeStrlen($serverPublicKey) !== 65)
		{
			throw new \ErrorException('Invalid server public key length');
		}

		$len = chr(0) . 'A'; // 65 as Uint16BE

		return chr(0) . $len . $clientPublicKey . $len . $serverPublicKey;
	}

	/**
	 * Returns an info record. See sections 3.2 and 3.3 of
	 * {@link https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-00}
	 * From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}.
	 *
	 * @param   string       $type     The type of the info record
	 * @param   string|null  $context  The context for the record
	 *
	 * @throws \ErrorException
	 */
	private static function createInfo(string $type, ?string $context, string $contentEncoding): string
	{
		if ($contentEncoding === "aesgcm")
		{
			if (!$context)
			{
				throw new \ErrorException('Context must exist');
			}

			if (Utils::safeStrlen($context) !== 135)
			{
				throw new \ErrorException('Context argument has invalid size');
			}

			return 'Content-Encoding: ' . $type . chr(0) . 'P-256' . $context;
		}
		elseif ($contentEncoding === "aes128gcm")
		{
			return 'Content-Encoding: ' . $type . chr(0);
		}

		throw new \ErrorException('This content encoding is not supported.');
	}

	private static function createLocalKeyObjectUsingOpenSSL(): array
	{
		$keyResource = openssl_pkey_new([
			'curve_name'       => 'prime256v1',
			'private_key_type' => OPENSSL_KEYTYPE_EC,
		]);

		if (!$keyResource)
		{
			throw new \RuntimeException('Unable to create the key');
		}

		$details = openssl_pkey_get_details($keyResource);
		if (PHP_MAJOR_VERSION < 8)
		{
			openssl_pkey_free($keyResource);
		}

		if (!$details)
		{
			throw new \RuntimeException('Unable to get the key details');
		}

		return [
			'x' => self::addNullPadding($details['ec']['x']),
			'y' => self::addNullPadding($details['ec']['y']),
			'd' => self::addNullPadding($details['ec']['d']),
		];
	}

	/**
	 * @throws \ErrorException
	 */
	private static function getIKM(string $userAuthToken, string $userPublicKey, string $localPublicKey, string $sharedSecret, string $contentEncoding): string
	{
		if (!empty($userAuthToken))
		{
			if ($contentEncoding === "aesgcm")
			{
				$info = 'Content-Encoding: auth' . chr(0);
			}
			elseif ($contentEncoding === "aes128gcm")
			{
				$info = "WebPush: info" . chr(0) . $userPublicKey . $localPublicKey;
			}
			else
			{
				throw new \ErrorException("This content encoding is not supported");
			}

			return self::hkdf($userAuthToken, $sharedSecret, $info, 32);
		}

		return $sharedSecret;
	}

	/**
	 * HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
	 *
	 * This is used to derive a secure encryption key from a mostly-secure shared
	 * secret.
	 *
	 * This is a partial implementation of HKDF tailored to our specific purposes.
	 * In particular, for us the value of N will always be 1, and thus T always
	 * equals HMAC-Hash(PRK, info | 0x01).
	 *
	 * See {@link https://www.rfc-editor.org/rfc/rfc5869.txt}
	 * From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}
	 *
	 * @param   string  $salt    A non-secret random value
	 * @param   string  $ikm     Input keying material
	 * @param   string  $info    Application-specific context
	 * @param   int     $length  The length (in bytes) of the required output key
	 */
	private static function hkdf(string $salt, string $ikm, string $info, int $length): string
	{
		// extract
		$prk = hash_hmac('sha256', $ikm, $salt, true);

		// expand
		return mb_substr(hash_hmac('sha256', $info . chr(1), $prk, true), 0, $length, '8bit');
	}

	/**
	 * @throws \InvalidArgumentException if the curve is not supported
	 */
	public static function convertPublicKeyToPEM(array $keyData): string
	{
		$der = pack(
			'H*',
			'3059' // SEQUENCE, length 89
			.'3013' // SEQUENCE, length 19
			.'0607' // OID, length 7
			.'2a8648ce3d0201' // 1.2.840.10045.2.1 = EC Public Key
			.'0608' // OID, length 8
			.'2a8648ce3d030107' // 1.2.840.10045.3.1.7 = P-256 Curve
			.'0342' // BIT STRING, length 66
			.'00' // prepend with NUL - pubkey will follow
		);
		$der .= "\04"
		. str_pad($keyData['x'], 32, "\0", STR_PAD_LEFT)
		. str_pad($keyData['y'], 32, "\0", STR_PAD_LEFT);
		$pem = '-----BEGIN PUBLIC KEY-----'.PHP_EOL;
		$pem .= chunk_split(base64_encode($der), 64, PHP_EOL);
		$pem .= '-----END PUBLIC KEY-----'.PHP_EOL;

		return $pem;
	}

	/**
	 * @throws \InvalidArgumentException if the curve is not supported
	 */
	public static function convertPrivateKeyToPEM(array $keyData): string
	{
		$d = unpack('H*', str_pad(Base64Url::decode($keyData['d']), 32, "\0", STR_PAD_LEFT));

		if (!is_array($d) || !isset($d[1]))
		{
			throw new \InvalidArgumentException('Unable to get the private key');
		}

		$der = pack(
			'H*',
			'3077' // SEQUENCE, length 87+length($d)=32
			. '020101' // INTEGER, 1
			. '0420'   // OCTET STRING, length($d) = 32
			. $d[1]
			. 'a00a' // TAGGED OBJECT #0, length 10
			. '0608' // OID, length 8
			. '2a8648ce3d030107' // 1.3.132.0.34 = P-256 Curve
			. 'a144' //  TAGGED OBJECT #1, length 68
			. '0342' // BIT STRING, length 66
			. '00' // prepend with NUL - pubkey will follow
		);
		$der .= "\04"
			. str_pad(Base64Url::decode($keyData['x']), 32, "\0", STR_PAD_LEFT)
			. str_pad(Base64Url::decode($keyData['y']), 32, "\0", STR_PAD_LEFT);
		$pem = '-----BEGIN EC PRIVATE KEY-----'.PHP_EOL;
		$pem .= chunk_split(base64_encode($der), 64, PHP_EOL);
		$pem .= '-----END EC PRIVATE KEY-----'.PHP_EOL;

		return $pem;
	}

	/**
	 * Returns an NIST P-256 curve.
	 */
	private static function curve256(): Curve
	{
		$p = BigInteger::fromBase('ffffffff00000001000000000000000000000000ffffffffffffffffffffffff', 16);
		$a = BigInteger::fromBase('ffffffff00000001000000000000000000000000fffffffffffffffffffffffc', 16);
		$b = BigInteger::fromBase('5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b', 16);
		$x = BigInteger::fromBase('6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296', 16);
		$y = BigInteger::fromBase('4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5', 16);
		$n = BigInteger::fromBase('ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551', 16);
		$generator = Point::create($x, $y, $n);

		return new Curve(256, $p, $a, $b, $generator);
	}

}

Copyright © 2019 by b0y-101