prosody-modules
c83bfcc6ac0a

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Changeset

6220:c83bfcc6ac0a

mod_cloud_notify_encrypted: Use new 'util.crypto' on Prosody 13.0 This removes the dependency on lua-luaossl when running on Prosody 13.0 (or trunk) which has util.crypto Compatibility with Prosody 0.12 retained but also the dependency
author Kim Alvefur <zash@zash.se>
date Mon, 31 Mar 2025 13:24:44 +0200
parents 6219:06621ab30be0
children 6221:f315edc39f3d
files mod_cloud_notify_encrypted/README.md mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua
diffstat 2 files changed, 21 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/mod_cloud_notify_encrypted/README.md	Tue Mar 25 20:54:09 2025 -0500
+++ b/mod_cloud_notify_encrypted/README.md	Mon Mar 31 13:24:44 2025 +0200
@@ -15,15 +15,19 @@
 Details
 =======
 
-Add to modules_enabled, there are no configuration options.
+Add to `modules_enabled`, there are no configuration options.
 
-Depends on
+When used with Prosody 0.12.x, it has an extra dependency on
 [luaossl](http://25thandclement.com/~william/projects/luaossl.html)
 which is available in Debian as
 [`lua-luaossl`](https://tracker.debian.org/pkg/lua-luaossl) or via
 `luarocks install luaossl`.
 
-Compatibility
-=============
+Prosody 13.0.x and trunk does not require this.
+
+# Compatibility
 
-Not tested, but hopefully works on 0.11.x and later.
+  Prosody Version   Status
+  ----------------- -----------------------------------
+  13.0.x            Works
+  0.12.x            Works (with `luaossl`, see above)
--- a/mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua	Tue Mar 25 20:54:09 2025 -0500
+++ b/mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua	Mon Mar 31 13:24:44 2025 +0200
@@ -1,13 +1,23 @@
 local array = require "util.array";
 local base64 = require "util.encodings".base64;
 local valid_utf8 = require "util.encodings".utf8.valid;
-local ciphers = require "openssl.cipher";
+local have_crypto, crypto = pcall(require, "util.crypto");
 local jid = require "util.jid";
 local json = require "util.json";
 local random = require "util.random";
 local set = require "util.set";
 local st = require "util.stanza";
 
+if not have_crypto then
+	local ossl_ciphers = require "openssl.cipher";
+	crypto = {};
+	-- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes
+	-- Siskin does not validate the tag anyway.
+	function crypto.aes_128_gcm_encrypt(key, iv, message)
+		return ciphers.new("AES-128-GCM"):encrypt(key, iv):final(message)..string.rep("\0", 16);
+	end
+end
+
 local xmlns_jmi = "urn:xmpp:jingle-message:0";
 local xmlns_jingle_apps_rtp = "urn:xmpp:jingle:apps:rtp:1";
 local xmlns_push = "urn:xmpp:push:0";
@@ -127,9 +137,7 @@
 	local key_binary = base64.decode(encryption.key_base64);
 	local push_json = json.encode(push_payload);
 
-	-- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes
-	-- Siskin does not validate the tag anyway.
-	local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16));
+	local encrypted_payload = base64.encode(crypto.aes_128_gcm_encrypt(key_binary, iv, push_json));
 	local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) })
 		:text(encrypted_payload);
 	if push_payload.type == "call" then