Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does pushbits server support end-to-end encryption? Messages are sent unencrypted to Matrix. #24

Open
sunrisepi opened this issue Apr 4, 2021 · 13 comments
Assignees
Labels
bug Something isn't working security
Milestone

Comments

@sunrisepi
Copy link

Hello! I like what I see so far with pushbits. Thanks very much for creating it. How I am using it:

  • Compiled my own docker image using the Dockerfile, for Raspberry Pi, to run on my ARM processor.
  • Using with Element web client (Firefox web browser) and Element app on iOS (iPhone)
  • I am able to create users and applications fine using pbcli. I can send messages fine using curl to the created application for the Matrix user.

I noticed the following:

  • When an application (Room) is created via pbcli, encryption for the Room is not enabled.
  • I manually enabled encryption for a room in Element.io's web app: Click "..." to right of Room name in Room list->Room Options->Settings->Security & Privacy->Select "Encrypted" slider to enable
  • After enabling encryption for the room manually via Element.io's web app, messages sent via my local pushbits server show up with a red exclamation mark. Hovering the mouse cursor on that the pop-up text indicates, Unencrypted
  • When I click on the unencrypted message in the Element iOS app, it shows:
    Curve25519 identity key
    none
    Claimed Ed25519 fingerprint key
    none
    Algorithm
    unencrypted

I am wondering why messages I send to my local pushbits server, are not relayed to Matrix using end-to-end encryption. Would it be possible to enable this in some way?

I also noticed when I built my own local Docker image that there was a warning in the SSL certificate section (in bold below). I wonder if this could be contributing to the lack of encryption. Thank you for any information you could share... much appreciated.

FYI, I modified the first line in the Dockerfile to the following: FROM arm32v7/golang:alpine as builder

 $ docker build -t pushbits .
Sending build context to Docker daemon  116.7kB
Step 1/15 : FROM arm32v7/golang:alpine as builder
 ---> 3acd86eb4cf4
Step 2/15 : WORKDIR /build
 ---> Using cache
 ---> 013fad3eabff
Step 3/15 : COPY . .
 ---> Using cache
 ---> 81c54ab0cc6c
Step 4/15 : RUN set -ex         && apk add --no-cache build-base        && go mod download      && go mod verify        && make build   && chmod +x /build/app
 ---> Running in 7a1c4aa05b65
+ apk add --no-cache build-base
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/armv7/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/armv7/APKINDEX.tar.gz
(1/20) Installing libgcc (10.2.1_pre1-r3)
(2/20) Installing libstdc++ (10.2.1_pre1-r3)
(3/20) Installing binutils (2.35.1-r1)
(4/20) Installing libmagic (5.39-r0)
(5/20) Installing file (5.39-r0)
(6/20) Installing libgomp (10.2.1_pre1-r3)
(7/20) Installing libatomic (10.2.1_pre1-r3)
(8/20) Installing libgphobos (10.2.1_pre1-r3)
(9/20) Installing gmp (6.2.1-r0)
(10/20) Installing isl22 (0.22-r0)
(11/20) Installing mpfr4 (4.1.0-r0)
(12/20) Installing mpc1 (1.2.0-r0)
(13/20) Installing gcc (10.2.1_pre1-r3)
(14/20) Installing musl-dev (1.2.2-r0)
(15/20) Installing libc-dev (0.7.2-r3)
(16/20) Installing g++ (10.2.1_pre1-r3)
(17/20) Installing make (4.3-r0)
(18/20) Installing fortify-headers (1.1-r0)
(19/20) Installing patch (2.7.6-r6)
(20/20) Installing build-base (0.5-r2)
Executing busybox-1.32.1-r3.trigger
OK: 137 MiB in 35 packages
+ go mod download
+ go mod verify
all modules verified
+ make build
go build -ldflags="-w -s" -o app ./cmd/pushbits
+ chmod +x /build/app
Removing intermediate container 7a1c4aa05b65
 ---> 495b734259a3
Step 5/15 : FROM alpine
 ---> 6ecc03ee95e9
Step 6/15 : ARG USER_ID=1000
 ---> Using cache
 ---> 023eb4422549
Step 7/15 : ENV PUSHBITS_HTTP_PORT="8080"
 ---> Using cache
 ---> aa898ce7fa9f
Step 8/15 : EXPOSE 8080
 ---> Using cache
 ---> abad2f4ff353
Step 9/15 : WORKDIR /app
 ---> Using cache
 ---> c94eb019b244
Step 10/15 : COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 ---> Using cache
 ---> 8726a5d408b9
Step 11/15 : COPY --from=builder /build/app ./run
 ---> b44e07535f24
Step 12/15 : RUN set -ex        && apk add --no-cache ca-certificates curl     && update-ca-certificates        && mkdir -p /data       && ln -s /data/pushbits.db /app/pushbits.db     && ln -s /data/config.yml /app/config.yml
 ---> Running in ce0654bbb2d6
+ apk add --no-cache ca-certificates curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/armv7/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/armv7/APKINDEX.tar.gz
(1/5) Installing ca-certificates (20191127-r5)
(2/5) Installing brotli-libs (1.0.9-r3)
(3/5) Installing nghttp2-libs (1.42.0-r1)
(4/5) Installing libcurl (7.74.0-r1)
(5/5) Installing curl (7.74.0-r1)
Executing busybox-1.32.1-r3.trigger
Executing ca-certificates-20191127-r5.trigger
OK: 6 MiB in 19 packages

+ update-ca-certificates
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping

+ mkdir -p /data
+ ln -s /data/pushbits.db /app/pushbits.db
+ ln -s /data/config.yml /app/config.yml
Removing intermediate container ce0654bbb2d6
 ---> bc69a4cf8780
Step 13/15 : USER ${USER_ID}
 ---> Running in ce7fe59f5fd8
Removing intermediate container ce7fe59f5fd8
 ---> 3ab00d75901c
Step 14/15 : HEALTHCHECK --interval=30s --timeout=5s --start-period=5s CMD curl --fail http://localhost:$PUSHBITS_HTTP_PORT/health || exit 1
 ---> Running in a6bc57a94b6e
Removing intermediate container a6bc57a94b6e
 ---> 65f07b171d20
Step 15/15 : ENTRYPOINT ["./run"]
 ---> Running in 837aa9b5cb9f
Removing intermediate container 837aa9b5cb9f
 ---> cbdc45f9e44b
Successfully built cbdc45f9e44b
Successfully tagged pushbits:latest

@eikendev
Copy link
Member

eikendev commented Apr 4, 2021

Hi @sunrisepi, thanks for bringing this up!

I checked the documentation of the official Matrix library for Go, and it appears that E2E is not supported (yet). However, it turns out that the developers are working on a solution that will work for clients in other languages, too.

I will set a reminder for next weekend to try work out a plan. I don't think there will be an immediate fix, but I'm happy to try my best.

@eikendev eikendev self-assigned this Apr 4, 2021
@eikendev eikendev added the bug Something isn't working label Apr 4, 2021
@sunrisepi
Copy link
Author

Thanks @eikendev! I look forward to your updates. By the way, I discovered Pantalaimon last night too! I am using a Raspberry Pi on ARM (32bit), and as you could probably imagine there are not always Docker images available for it. The same was true for Pantalaimon, so I had to build my own Docker image in order to try this out.

Of course it didn't build correctly the first time and when I went to the Github issues page for the software, I saw that someone else had already opened an issue: matrix-org/pantalaimon#76. With a lot of diligence I was able to work past the OpenSSL failure, then discovered a Rust installation fault (was able to resolve that too!) and actually get a working image built! 😁 I posted my findings there for others in case it could help someone else.

I was wondering if Pantalaimon could be used with PushBits in its native format, but based on your response it looks like PushBits may need some updates to accommodate/work with Pantalaimon. Thanks very much for PushBits, I think it's a cool software! If it could be expanded to support end to end encryption, that would be even better. 👏 🍺 😄

@sunrisepi
Copy link
Author

FYI @eikendev, I tried using PushBits with Pantalaimon and received an "i/o timeout" response. It doesn't seem to work. Maybe because I haven't configured things right, or maybe because PushBits requires some updates to work with Pantalaimon. I am sharing my findings in case they are helpful.

Built Pantalaimon Docker image and it seems to work OK. I have this in the config, pantalaimon.conf:

[Default]
LogLevel = Debug
SSL = True

[local-matrix]
Homeserver = https://matrix.org
ListenAddress = 0.0.0.0
ListenPort = 8008
SSL = False
UseKeyring = False
IgnoreVerification = True

Next, the config for PushBits (config.yml). I commented out https://matrix.org and replaced it with the Pantalaimon proxy (the server Pantalaimon is running on, at port 8008, as shown above in its config: ListenPort):

matrix:
    # The Matrix server to use for sending notifications.
    #homeserver: 'https://matrix.org'
    homeserver: 'http://192.168.1.43:8008'

I started Pantalaimon and it seems to work OK:

pi@pi:~/dockerapps/pushbits/data $ docker run -it --rm -v /home/pi/dockerapps/pantalaimon/data:/data -p 8008:8008 pantalaimon
======== Starting daemon for homeserver local-matrix on http://0.0.0.0:8008 ========
(Press CTRL+C to quit)

When I visit http://192.168.1.43:8008/_matrix/client/r0/login in my local browser, I see Matrix content, which seems to indicate that the proxy is working... as I am going to my local IP on the port (8008) of Pantalaimon, and I am seeing content from https://matrix.org. Partial screenshot below:
image

Now I start up PushBits, and see this in the log - i/o timeout:
image

When I update PushBits config to point to Matrix.org again, then PushBits works fine, sending unencrypted notifications. So it seems the step where we are trying to use Pantalaimon, isn't working. Sharing this so it is confirmed how things work now. Thank you!
image

@vszakats
Copy link

vszakats commented Jun 17, 2021

May be worth a mention that when using the matrix.org server, HTTPS encrypted requests are visible in cleartext at Cloudflare. E.g. message text, room ID, sender username, password; besides the sender IP and user-agent of course.

@eikendev
Copy link
Member

That's a good point @vszakats! I'll prioritize this issue once I'm freed up a bit. A first look let me think fixing this issue properly will take some more effort.

@CubicrootXYZ
Copy link
Collaborator

There still seems to be no change to the current situation, the official go client does not support e2ee and pantalaimon is not yet very polished.

For me there are 2 options here:

  1. Switch to mautrix-go which supports e2ee
  2. Make sure PushBits runs with pantalaimon and add instruction to the documentation

If we can commit on one of this approaches I might investigate further into this topic in the next weeks.

@eikendev
Copy link
Member

eikendev commented Feb 7, 2022

I thought about switching to mautrix-go for a while because the official library only supports an old version of the protocol. The whole pantalaimon seems kind of error-prone/complicated. What do you think?

@CubicrootXYZ
Copy link
Collaborator

I already used mautrix-go in other projects, the documentation is not the best and it would be a lot of work to change to it. Pantalaimon is totally new for me, never worked with it.

The official go library does not provide a future proof path so we should find an alternative solution. Pantalaimon in my eyes seems to go the same route as the matrix go library with no really reliable future plan.

So switching to mautrix will open new possibilities for us which would be great but it comes at the cost of reworking a lot of code.

@eikendev
Copy link
Member

eikendev commented Feb 9, 2022

I agree that neither solution is perfect, which is part of the reason this issue is still open. But provided that the official library does not seem future-proof to us we may want to consider switching to mautrix-go. I imagine since they support the same API (but different version), the calls will be sort of similar?

@CubicrootXYZ
Copy link
Collaborator

Yeah they will share some of the structure. So I will open a new branch and play a bit with it.

@ThinkChaos
Copy link

Looked into this a bit today. Found an mautrix/go issue with links to E2EE examples: mautrix/go#19

According to that, the best example is matrix-vacation-responder, specifically the interesting parts are:

Just thought I'd link that even though I'm not working on it (or even a pushbits user, was just evaluating whether it's right for me).

@mrusme
Copy link

mrusme commented Feb 26, 2024

The project's current description on GitHub says:

A simple server for push notifications via Matrix (and a minimalistic alternative to Pushover and Gotify with a strong focus on security) 🚀📯

I'd suggest updating the GitHub description and removing the strong focus on security part, as I feel it is slightly misleading at this stage.

@eikendev
Copy link
Member

@mrusme, thank you for that feedback. I agree with you, please check if the updated description makes sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working security
Projects
None yet
Development

No branches or pull requests

6 participants