#1794 mod_cloud_notify_encrypted does not encrypt outbound push notifications: 'invalid cipher type'

Reporter Alan
Owner MattJ
Stars ★★ (2)
  • Status-Accepted
  • Priority-Medium
  • Type-Defect
  1. Alan on

    Latest revision (3b609eaf0db5) of mod_cloud_notify_encrypted produces an error when sending push notification to a client. Client uses Siskin so push notification encryption is required. No push notification is sent because this module fails to encrypt the payload. Error in prosody.log: REDACTED:cloud_notify debug Sending important push notification for REDACTED to push.tigase.im (REDACTED) runnerskg254ZojBvr debug changed state from ready to error (ready) c2sda15b81dc40 error Traceback[c2s]: ...tom_plugins/share/lua/5.3/mod_cloud_notify_encrypted.lua:132: bad argument #1 to 'new' (AES-128-GCM: invalid cipher type) stack traceback: [C]: in function '_openssl.cipher.new' ...tom_plugins/share/lua/5.3/mod_cloud_notify_encrypted.lua:132: in field '?' /usr/local/lib/prosody/util/events.lua:81: in function </usr/local/lib/prosody/util/events.lua:77> (...tail calls...) ...rosody/custom_plugins/share/lua/5.3/mod_cloud_notify.lua:409: in upvalue 'handle_notify_request' ...rosody/custom_plugins/share/lua/5.3/mod_cloud_notify.lua:440: in field '?' /usr/local/lib/prosody/util/events.lua:81: in function </usr/local/lib/prosody/util/events.lua:77> (...tail calls...) /usr/local/lib/prosody/modules/mod_message.lua:60: in function </usr/local/lib/prosody/modules/mod_message.lua:18> (...tail calls...) /usr/local/lib/prosody/util/events.lua:81: in function </usr/local/lib/prosody/util/events.lua:77> (...tail calls...) /usr/local/lib/prosody/core/stanza_router.lua:188: in upvalue 'core_post_stanza' /usr/local/lib/prosody/core/stanza_router.lua:128: in upvalue 'core_process_stanza' /usr/local/lib/prosody/modules/mod_c2s.lua:326: in upvalue 'func' /usr/local/lib/prosody/util/async.lua:144: in function </usr/local/lib/prosody/util/async.lua:142> This happens because upper case argument is not allowed. I made a patch and tested it on Prosody 0.12.2 running on OpenBSD 7.2 with Lua 5.3 and LibreSSL 3.6.0. Proposed patch: @@ -126,13 +126,13 @@ local iv = random.bytes(12); local key_binary = base64.decode(encryption.key_base64); local push_json = json.encode(push_payload); -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes -- Siskin does not validate the tag anyway. - local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16)); + local encrypted_payload = base64.encode(ciphers.new("aes-128-gcm"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16)); local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) }) :text(encrypted_payload); if push_payload.type == "call" then encrypted_element.attr.type = "voip"; event.important = true; end prosody.log after applying the patch: REDACTED:cloud_notify debug Sending important push notification for REDACTED to push.tigase.im (REDACTED) REDACTED:cloud_notify_encrypted debug Encrypted 'chat' push notification using aes-128-gcm mod_s2s debug opening a new outgoing connection for this stanza

  2. Anjan Momi on

    I was having this same issue on my prosody instance. I have added this diff to my prosody instance and I will report back in a couple of days on how this solution worked out for me. Thank you!

  3. MattJ on

    Are both of you using LibreSSL?

    • tags Status-Accepted
    • owner MattJ
  4. Anjan Momi on

    I am using OpenSSL on Alpine Linux.

  5. MattJ on

    Hi Anjan, can you tell me what version of OpenSSL you have installed? If possible, could you also run these commands? (be sure to preserve the tricky quotes) lua -e 'require "openssl.cipher".new "AES-128-GCM"' and lua -e 'require "openssl.cipher".new "aes-128-gcm"' I'm trying to understand if this is a difference between OpenSSL and LibreSSL, a new change introduced in OpenSSL, or something else.

  6. Alan on

    I did a quick research to find out where this problem originates. I will not be able to test this properly in the near future due to severe lack of free time. Will post my test results here if the situation changes. Disclaimer: I am an amateur programmer so my conclusions may be wrong. This is the line that triggers the error: > local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16)); https://hg.prosody.im/prosody-modules/file/tip/mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua#l132 'ciphers.new' is a part of luaossl (which is unmaintained and broken): > local ciphers = require "openssl.cipher"; Error message contains this: > AES-128-GCM: invalid cipher type Which corresponds to these lines in luaossl: > if (!(type = EVP_get_cipherbyname(name))) > luaL_argerror(L, index, lua_pushfstring(L, "%s: invalid cipher type", name)); https://github.com/wahern/luaossl/blob/master/src/openssl.c#L11878-L11879 Apparently, there is a cipher name case problem with EVP_get_cipherbyname() in older versions of OpenSSL (allegedly resolved): https://github.com/openssl/openssl/issues/6921 lua-openssl also uses lower case chipher name for EVP_get_cipherbyname() (Example 7 in Readme): https://github.com/zhaozg/lua-openssl P.S. Unfortunately, I don't have enough time to verify which versions are affected. It's quite possible that this bug will resolve itself as OS maintainers drop affected OpenSSL and LibreSSL versions. P.P.S. Both lua54 -e 'require "openssl.cipher".new "AES-128-GCM"' and lua54 -e 'require "openssl.cipher".new "aes-128-gcm"' commands produce no output whatsoever.

New comment

Not published. Used for spam prevention and optional update notifications.