# HG changeset patch # User Stephen Paul Weber # Date 1730477243 18000 # Node ID 8cb37a497e4cb30c39eb953bfa29b2f4835698e4 # Parent a9fe4a50f935acfc1457e1bdc1f5993327ce561d mod_push2: Switch from patched luaossl to prosody-trunk methods diff -r a9fe4a50f935 -r 8cb37a497e4c mod_push2/README.md --- a/mod_push2/README.md Thu Oct 31 13:53:48 2024 +0100 +++ b/mod_push2/README.md Fri Nov 01 11:07:23 2024 -0500 @@ -41,8 +41,6 @@ **Note:** This module should be used with Lua 5.3 and higher. -Requires a slightly patches luaossl right now: https://github.com/wahern/luaossl/pull/214 - ------ ----------------------------------------------------------------------------- trunk Works ------ ----------------------------------------------------------------------------- diff -r a9fe4a50f935 -r 8cb37a497e4c mod_push2/mod_push2.lua --- a/mod_push2/mod_push2.lua Thu Oct 31 13:53:48 2024 +0100 +++ b/mod_push2/mod_push2.lua Fri Nov 01 11:07:23 2024 -0500 @@ -6,9 +6,7 @@ local watchdog = require "util.watchdog"; local uuid = require "util.uuid"; local base64 = require "util.encodings".base64; -local ciphers = require "openssl.cipher"; -local pkey = require "openssl.pkey"; -local kdf = require "openssl.kdf"; +local crypto = require "util.crypto"; local jwt = require "util.jwt"; local xmlns_push = "urn:xmpp:push2:0"; @@ -237,43 +235,22 @@ end local p256dh_raw = base64.decode(match.ua_public .. "==") - local p256dh = pkey.new(p256dh_raw, "*", "public", "prime256v1") - local one_time_key = pkey.new({ type = "EC", curve = "prime256v1" }) - local one_time_key_public = one_time_key:getParameters().pub_key:toBinary() + local p256dh = crypto.import_public_ec_raw(p256dh_raw, "prime256v1") + local one_time_key = crypto.generate_p256_keypair() + local one_time_key_public = one_time_key:public_raw() local info = "WebPush: info\0" .. p256dh_raw .. one_time_key_public local auth_secret = base64.decode(match.auth_secret .. "==") local salt = random.bytes(16) local shared_secret = one_time_key:derive(p256dh) - local ikm = kdf.derive({ - type = "HKDF", - outlen = 32, - salt = auth_secret, - key = shared_secret, - info = info, - md = "sha256" - }) - local key = kdf.derive({ - type = "HKDF", - outlen = 16, - salt = salt, - key = ikm, - info = "Content-Encoding: aes128gcm\0", - md = "sha256" - }) - local nonce = kdf.derive({ - type = "HKDF", - outlen = 12, - salt = salt, - key = ikm, - info = "Content-Encoding: nonce\0", - md = "sha256" - }) + local ikm = hashes.hkdf_hmac_sha256(32, shared_secret, auth_secret, info) + local key = hashes.hkdf_hmac_sha256(16, ikm, salt, "Content-Encoding: aes128gcm\0") + local nonce = hashes.hkdf_hmac_sha256(12, ikm, salt, "Content-Encoding: nonce\0") local header = salt .. "\0\0\16\0" .. string.char(string.len(one_time_key_public)) .. one_time_key_public - local encryptor = ciphers.new("AES-128-GCM"):encrypt(key, nonce) + local encrypted = crypto.aes_128_gcm_encrypt(key, nonce, envelope_bytes .. "\2") push_notification_payload :tag("encrypted", { xmlns = "urn:xmpp:sce:rfc8291:0" }) - :text_tag("payload", base64.encode(header .. encryptor:final(envelope_bytes .. "\2") .. encryptor:getTag(16))) + :text_tag("payload", base64.encode(header .. encrypted)) :up() end @@ -285,7 +262,7 @@ key = "-----BEGIN PRIVATE KEY-----\n"..key.."\n-----END PRIVATE KEY-----" end - local public_key = pkey.new(key):getParameters().pub_key:toBinary() + local public_key = crypto.import_private_pem(key):public_raw() local signer = jwt.new_signer(match.jwt_alg, key) local payload = {} for k, v in pairs(match.jwt_claims or {}) do