Annotate

mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua @ 4651:8231774f5bfd

mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8 The `body:sub()` call risks splitting the string in the middle of a multi-byte UTF-8 sequence. This should have been caught by util.stanza validation, but that would have caused some havoc, at the very least causing the notification to not be sent. There have been no reports of this happening. Likely because this module isn't widely deployed among users with languages that use many longer UTF-8 sequences. The util.encodings.utf8.valid() function is O(n) where only the last sequence really needs to be checked, but it's in C and expected to be fast.
author Kim Alvefur <zash@zash.se>
date Sun, 22 Aug 2021 13:22:59 +0200
parent 4650:44af84178cea
child 5054:62480053c87b
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
1 local array = require "util.array";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local base64 = require "util.encodings".base64;
4651
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
3 local valid_utf8 = require "util.encodings".utf8.valid;
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 local ciphers = require "openssl.cipher";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local jid = require "util.jid";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local json = require "util.json";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 local random = require "util.random";
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
8 local set = require "util.set";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 local st = require "util.stanza";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local xmlns_jmi = "urn:xmpp:jingle-message:0";
4465
2a7a76712e71 mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents: 4457
diff changeset
12 local xmlns_jingle_apps_rtp = "urn:xmpp:jingle:apps:rtp:1";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local xmlns_push = "urn:xmpp:push:0";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local xmlns_push_encrypt = "tigase:push:encrypt:0";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local xmlns_push_encrypt_aes_128_gcm = "tigase:push:encrypt:aes-128-gcm";
4467
6d595857164a mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents: 4466
diff changeset
16 local xmlns_push_jingle = "tigase:push:jingle:0";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17
4650
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
18 local function detect_stanza_encryption(stanza)
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
19 local eme = stanza:get_child("encryption", "urn:xmpp:eme:0");
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
20 if eme then return eme.attr.namespace or ""; end
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
21 -- Fallback for legacy OMEMO clients without EME
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
22 local omemo = stanza:get_child("encrypted", "eu.siacs.conversations.axolotl");
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
23 if omemo then return "eu.siacs.conversations.axolotl"; end
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
24 end
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
25
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 -- https://xeps.tigase.net//docs/push-notifications/encrypt/#41-discovering-support
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local function account_disco_info(event)
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 event.reply:tag("feature", {var=xmlns_push_encrypt}):up();
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 event.reply:tag("feature", {var=xmlns_push_encrypt_aes_128_gcm}):up();
4467
6d595857164a mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents: 4466
diff changeset
30 event.reply:tag("feature", {var=xmlns_push_jingle}):up();
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 module:hook("account-disco-info", account_disco_info);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 function handle_register(event)
4329
2a5164162708 mod_cloud_notify_encrypted: Fix the location of the <encrypt> element in push registrations
Matthew Wild <mwild1@gmail.com>
parents: 4327
diff changeset
35 local encrypt = event.stanza:get_child("enable", xmlns_push):get_child("encrypt", xmlns_push_encrypt);
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 if not encrypt then return; end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 local algorithm = encrypt.attr.alg;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 if algorithm ~= "aes-128-gcm" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 event.origin.send(st.error_reply(
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 event.stanza, "modify", "feature-not-implemented", "Unknown encryption algorithm"
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 ));
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 return false;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 local key_base64 = encrypt:get_text();
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 local key_binary = base64.decode(key_base64);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 if not key_binary or #key_binary ~= 16 then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 event.origin.send(st.error_reply(
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 event.stanza, "modify", "bad-request", "Invalid encryption key"
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 ));
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 return false;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 event.push_info.encryption = {
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 algorithm = algorithm;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 key_base64 = key_base64;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 };
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 function handle_push(event)
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 local encryption = event.push_info.encryption;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 if not encryption then return; end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 if encryption.algorithm ~= "aes-128-gcm" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 event.reason = "Unsupported encryption algorithm: "..tostring(encryption.algorithm);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 return true;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 local push_summary = event.push_summary;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 local original_stanza = event.original_stanza;
4650
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
73 local is_encrypted_msg = detect_stanza_encryption(original_stanza);
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
74 local body;
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
75 if is_encrypted_msg then
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
76 -- TODO: localization
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
77 body = "You have received an encrypted message";
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
78 else
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
79 body = original_stanza:get_child_text("body");
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
80 if body and #body > 255 then
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
81 body = body:sub(1, 255);
4651
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
82 if not valid_utf8(body) then
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
83 body = body:gsub("[\194-\244][\128-\191]*$", "");
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
84 end
4650
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
85 end
4331
2e355540f8c8 mod_cloud_notify_encrypted: Truncate message body to 255 characters
Matthew Wild <mwild1@gmail.com>
parents: 4330
diff changeset
86 end
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 local push_payload = {
4330
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
89 unread = tonumber(push_summary["message-count"]) or 1;
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
90 sender = jid.bare(original_stanza.attr.from);
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
91 message = body;
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 };
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 if original_stanza.name == "message" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 if original_stanza.attr.type == "groupchat" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 push_payload.type = "groupchat";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 push_payload.nickname = jid.resource(original_stanza.attr.from);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 elseif original_stanza.attr.type ~= "error" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 local jmi_propose = original_stanza:get_child("propose", xmlns_jmi);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 if jmi_propose then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 push_payload.type = "call";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 push_payload.sid = jmi_propose.attr.id;
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
103 local media_types = set.new();
4465
2a7a76712e71 mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents: 4457
diff changeset
104 for description in jmi_propose:childtags("description", xmlns_jingle_apps_rtp) do
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
105 local media_type = description.attr.media;
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
106 if media_type then
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
107 media_types:add(media_type);
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
108 end
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
109 end
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
110 push_payload.media = array.collect(media_types:items());
4466
38bd4d557413 mod_cloud_notify_encrypted: Include full JID of sender with call notifications, per spec
Matthew Wild <mwild1@gmail.com>
parents: 4465
diff changeset
111 push_payload.sender = original_stanza.attr.from;
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112 else
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
113 push_payload.type = "chat";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
114 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
115 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
116 elseif original_stanza.name == "presence"
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
117 and original_stanza.attr.type == "subscribe" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
118 push_payload.type = "subscribe";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
119 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
120
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
121 local iv = random.bytes(12);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122 local key_binary = base64.decode(encryption.key_base64);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 local push_json = json.encode(push_payload);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
124
4330
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
125 -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
126 -- Siskin does not validate the tag anyway.
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
127 local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16));
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) })
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129 :text(encrypted_payload);
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
130 if push_payload.type == "call" then
4457
091d06c7d724 mod_cloud_notify_encrypted: Fix traceback (incorrect variable name)
Matthew Wild <mwild1@gmail.com>
parents: 4456
diff changeset
131 encrypted_element.attr.type = "voip";
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
132 event.important = true;
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
133 end
4333
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
134 -- Replace the unencrypted notification data with the encrypted one
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
135 event.notification_payload
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
136 :remove_children("x", "jabber:x:data")
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
137 :add_child(encrypted_element);
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
138 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
139
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
140 module:hook("cloud_notify/registration", handle_register);
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
141 module:hook("cloud_notify/push", handle_push, 1);