PocketMine-MP 5.17.1 git-df4ada81e5d74a14046f27cf44a37dcee69d657e
EncryptionUtils.php
1<?php
2
3/*
4 *
5 * ____ _ _ __ __ _ __ __ ____
6 * | _ \ ___ ___| | _____| |_| \/ (_)_ __ ___ | \/ | _ \
7 * | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
8 * | __/ (_) | (__| < __/ |_| | | | | | | | __/_____| | | | __/
9 * |_| \___/ \___|_|\_\___|\__|_| |_|_|_| |_|\___| |_| |_|_|
10 *
11 * This program is free software: you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License as published by
13 * the Free Software Foundation, either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * @author PocketMine Team
17 * @link http://www.pocketmine.net/
18 *
19 *
20 */
21
22declare(strict_types=1);
23
24namespace pocketmine\network\mcpe\encryption;
25
28use function base64_encode;
29use function bin2hex;
30use function gmp_init;
31use function gmp_strval;
32use function hex2bin;
33use function openssl_digest;
34use function openssl_error_string;
35use function openssl_pkey_derive;
36use function openssl_pkey_get_details;
37use function str_pad;
38use const STR_PAD_LEFT;
39
40final class EncryptionUtils{
41
42 private function __construct(){
43 //NOOP
44 }
45
46 private static function validateKey(\OpenSSLAsymmetricKey $key) : void{
47 $keyDetails = Utils::assumeNotFalse(openssl_pkey_get_details($key));
48 if(!isset($keyDetails["ec"]["curve_name"])){
49 throw new \InvalidArgumentException("Key must be an EC key");
50 }
51 $curveName = $keyDetails["ec"]["curve_name"];
52 if($curveName !== JwtUtils::BEDROCK_SIGNING_KEY_CURVE_NAME){
53 throw new \InvalidArgumentException("Key must belong to the " . JwtUtils::BEDROCK_SIGNING_KEY_CURVE_NAME . " elliptic curve, got $curveName");
54 }
55 }
56
57 public static function generateSharedSecret(\OpenSSLAsymmetricKey $localPriv, \OpenSSLAsymmetricKey $remotePub) : \GMP{
58 self::validateKey($localPriv);
59 self::validateKey($remotePub);
60 $hexSecret = openssl_pkey_derive($remotePub, $localPriv, 48);
61 if($hexSecret === false){
62 throw new \InvalidArgumentException("Failed to derive shared secret: " . openssl_error_string());
63 }
64 return gmp_init(bin2hex($hexSecret), 16);
65 }
66
67 public static function generateKey(\GMP $secret, string $salt) : string{
68 return Utils::assumeNotFalse(openssl_digest($salt . hex2bin(str_pad(gmp_strval($secret, 16), 96, "0", STR_PAD_LEFT)), 'sha256', true));
69 }
70
71 public static function generateServerHandshakeJwt(\OpenSSLAsymmetricKey $serverPriv, string $salt) : string{
72 $derPublicKey = JwtUtils::emitDerPublicKey($serverPriv);
73 return JwtUtils::create(
74 [
75 "x5u" => base64_encode($derPublicKey),
76 "alg" => "ES384"
77 ],
78 [
79 "salt" => base64_encode($salt)
80 ],
81 $serverPriv
82 );
83 }
84}
static create(array $header, array $claims, \OpenSSLAsymmetricKey $signingKey)
Definition: JwtUtils.php:195
static assumeNotFalse(mixed $value, \Closure|string $context="This should never be false")
Definition: Utils.php:623