Software / code / prosody-modules
Changeset
6033:8cb37a497e4c
mod_push2: Switch from patched luaossl to prosody-trunk methods
| author | Stephen Paul Weber <singpolyma@singpolyma.net> |
|---|---|
| date | Fri, 01 Nov 2024 11:07:23 -0500 |
| parents | 6032:a9fe4a50f935 |
| children | 6034:b4bf44765ce6 |
| files | mod_push2/README.md mod_push2/mod_push2.lua |
| diffstat | 2 files changed, 10 insertions(+), 35 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_push2/README.md Thu Oct 31 13:53:48 2024 +0100 +++ b/mod_push2/README.md Fri Nov 01 11:07:23 2024 -0500 @@ -41,8 +41,6 @@ **Note:** This module should be used with Lua 5.3 and higher. -Requires a slightly patches luaossl right now: https://github.com/wahern/luaossl/pull/214 - ------ ----------------------------------------------------------------------------- trunk Works ------ -----------------------------------------------------------------------------
--- a/mod_push2/mod_push2.lua Thu Oct 31 13:53:48 2024 +0100 +++ b/mod_push2/mod_push2.lua Fri Nov 01 11:07:23 2024 -0500 @@ -6,9 +6,7 @@ local watchdog = require "util.watchdog"; local uuid = require "util.uuid"; local base64 = require "util.encodings".base64; -local ciphers = require "openssl.cipher"; -local pkey = require "openssl.pkey"; -local kdf = require "openssl.kdf"; +local crypto = require "util.crypto"; local jwt = require "util.jwt"; local xmlns_push = "urn:xmpp:push2:0"; @@ -237,43 +235,22 @@ end local p256dh_raw = base64.decode(match.ua_public .. "==") - local p256dh = pkey.new(p256dh_raw, "*", "public", "prime256v1") - local one_time_key = pkey.new({ type = "EC", curve = "prime256v1" }) - local one_time_key_public = one_time_key:getParameters().pub_key:toBinary() + local p256dh = crypto.import_public_ec_raw(p256dh_raw, "prime256v1") + local one_time_key = crypto.generate_p256_keypair() + local one_time_key_public = one_time_key:public_raw() local info = "WebPush: info\0" .. p256dh_raw .. one_time_key_public local auth_secret = base64.decode(match.auth_secret .. "==") local salt = random.bytes(16) local shared_secret = one_time_key:derive(p256dh) - local ikm = kdf.derive({ - type = "HKDF", - outlen = 32, - salt = auth_secret, - key = shared_secret, - info = info, - md = "sha256" - }) - local key = kdf.derive({ - type = "HKDF", - outlen = 16, - salt = salt, - key = ikm, - info = "Content-Encoding: aes128gcm\0", - md = "sha256" - }) - local nonce = kdf.derive({ - type = "HKDF", - outlen = 12, - salt = salt, - key = ikm, - info = "Content-Encoding: nonce\0", - md = "sha256" - }) + local ikm = hashes.hkdf_hmac_sha256(32, shared_secret, auth_secret, info) + local key = hashes.hkdf_hmac_sha256(16, ikm, salt, "Content-Encoding: aes128gcm\0") + local nonce = hashes.hkdf_hmac_sha256(12, ikm, salt, "Content-Encoding: nonce\0") local header = salt .. "\0\0\16\0" .. string.char(string.len(one_time_key_public)) .. one_time_key_public - local encryptor = ciphers.new("AES-128-GCM"):encrypt(key, nonce) + local encrypted = crypto.aes_128_gcm_encrypt(key, nonce, envelope_bytes .. "\2") push_notification_payload :tag("encrypted", { xmlns = "urn:xmpp:sce:rfc8291:0" }) - :text_tag("payload", base64.encode(header .. encryptor:final(envelope_bytes .. "\2") .. encryptor:getTag(16))) + :text_tag("payload", base64.encode(header .. encrypted)) :up() end @@ -285,7 +262,7 @@ key = "-----BEGIN PRIVATE KEY-----\n"..key.."\n-----END PRIVATE KEY-----" end - local public_key = pkey.new(key):getParameters().pub_key:toBinary() + local public_key = crypto.import_private_pem(key):public_raw() local signer = jwt.new_signer(match.jwt_alg, key) local payload = {} for k, v in pairs(match.jwt_claims or {}) do
