prosody-modules
c83bfcc6ac0a
mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua
Software / code / prosody-modules
Comparison
mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua @ 6220:c83bfcc6ac0a
mod_cloud_notify_encrypted: Use new 'util.crypto' on Prosody 13.0
This removes the dependency on lua-luaossl when running on Prosody 13.0
(or trunk) which has util.crypto
Compatibility with Prosody 0.12 retained but also the dependency
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 31 Mar 2025 13:24:44 +0200 |
| parent | 5952:2b80188448d1 |
comparison
equal
deleted
inserted
replaced
| 6219:06621ab30be0 | 6220:c83bfcc6ac0a |
|---|---|
| 1 local array = require "util.array"; | 1 local array = require "util.array"; |
| 2 local base64 = require "util.encodings".base64; | 2 local base64 = require "util.encodings".base64; |
| 3 local valid_utf8 = require "util.encodings".utf8.valid; | 3 local valid_utf8 = require "util.encodings".utf8.valid; |
| 4 local ciphers = require "openssl.cipher"; | 4 local have_crypto, crypto = pcall(require, "util.crypto"); |
| 5 local jid = require "util.jid"; | 5 local jid = require "util.jid"; |
| 6 local json = require "util.json"; | 6 local json = require "util.json"; |
| 7 local random = require "util.random"; | 7 local random = require "util.random"; |
| 8 local set = require "util.set"; | 8 local set = require "util.set"; |
| 9 local st = require "util.stanza"; | 9 local st = require "util.stanza"; |
| 10 | |
| 11 if not have_crypto then | |
| 12 local ossl_ciphers = require "openssl.cipher"; | |
| 13 crypto = {}; | |
| 14 -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes | |
| 15 -- Siskin does not validate the tag anyway. | |
| 16 function crypto.aes_128_gcm_encrypt(key, iv, message) | |
| 17 return ciphers.new("AES-128-GCM"):encrypt(key, iv):final(message)..string.rep("\0", 16); | |
| 18 end | |
| 19 end | |
| 10 | 20 |
| 11 local xmlns_jmi = "urn:xmpp:jingle-message:0"; | 21 local xmlns_jmi = "urn:xmpp:jingle-message:0"; |
| 12 local xmlns_jingle_apps_rtp = "urn:xmpp:jingle:apps:rtp:1"; | 22 local xmlns_jingle_apps_rtp = "urn:xmpp:jingle:apps:rtp:1"; |
| 13 local xmlns_push = "urn:xmpp:push:0"; | 23 local xmlns_push = "urn:xmpp:push:0"; |
| 14 local xmlns_push_encrypt = "tigase:push:encrypt:0"; | 24 local xmlns_push_encrypt = "tigase:push:encrypt:0"; |
| 125 | 135 |
| 126 local iv = random.bytes(12); | 136 local iv = random.bytes(12); |
| 127 local key_binary = base64.decode(encryption.key_base64); | 137 local key_binary = base64.decode(encryption.key_base64); |
| 128 local push_json = json.encode(push_payload); | 138 local push_json = json.encode(push_payload); |
| 129 | 139 |
| 130 -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes | 140 local encrypted_payload = base64.encode(crypto.aes_128_gcm_encrypt(key_binary, iv, push_json)); |
| 131 -- Siskin does not validate the tag anyway. | |
| 132 local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16)); | |
| 133 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) }) | 141 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) }) |
| 134 :text(encrypted_payload); | 142 :text(encrypted_payload); |
| 135 if push_payload.type == "call" then | 143 if push_payload.type == "call" then |
| 136 encrypted_element.attr.type = "voip"; | 144 encrypted_element.attr.type = "voip"; |
| 137 event.important = true; | 145 event.important = true; |
