Startsida Utforska Hjälp
Registrera dig Logga in
Apq
/
coturn
spegling av https://github.com/coturn/coturn.git
1
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

retiring --sha256, etc

mom040267 10 år sedan
förälder
4424b3c92a
incheckning
676843bf09
8 ändrade filer med 6 tillägg och 108 borttagningar
Delad Vy Visa Diff Statistik
  1. 2 17
      INSTALL
  2. 0 5
      README.turnadmin
  3. 0 7
      README.turnutils
  4. 1 15
      man/man1/turnadmin.1
  5. 1 1
      man/man1/turnserver.1
  6. 1 14
      man/man1/turnutils.1
  7. 1 47
      src/apps/uclient/mainuclient.c
  8. 0 2
      src/apps/uclient/uclient.h

+ 2 - 17
INSTALL
Visa fil 

@@ -470,7 +470,7 @@ libevent2 from their web site. It was tested with older *NIXes
 
 
 NOTE: SQLite must be of version 3.x.
 
 
-NOTE: For extra security features (DTLS and SHA256 and and SHA384 and SHA512)
 
+NOTE: For extra security features (like DTLS)
 
 support, OpenSSL version 1.0.0a or newer is recommended. Older versions do 
 not support DTLS, reliably, in some cases. For example, the Debian 'Squeeze'
 
 Linux supplies 0.9.8 version of OpenSSL, that does not work correctly with
 
@@ -683,10 +683,7 @@ security reasons. Storing only the HMAC key has its own implications -
 
 if you change the realm, you will have to update the HMAC keys of all 
 users, because the realm is used for the HMAC key generation.
 
 
-The key must be up to 32 characters (HEX representation of 16 bytes) for SHA1,
 
-or up to 64 characters (HEX representation of 32 bytes) for SHA256,
 
-or up to 96 characters (HEX representation of 48 bytes) for SHA384,
 
-or up to 128 characters (HEX representation of 64 bytes) for SHA512:
 
+The key must be up to 32 characters (HEX representation of 16 bytes) for SHA1:
 
 
 # Table holding shared secrets for secret-based authorization
 
 # (REST API). Shared secret can be stored either in unsecure open
 
@@ -827,9 +824,6 @@ Fill in users, for example:
 
   $ bin/turnadmin -a -b "/var/db/turndb" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -b "/var/db/turndb" -u ninefingers -r north.gov -p youhavetoberealistic
 
   
-  Long-term credentials mechanism with SHA256 extension:
 
-  $ bin/turnadmin -a -b "/var/db/turndb" -u bethod -r north.gov -p king-of-north --sha256
 
-  
   Admin users:
 
    
   $ bin/turnadmin -A -b "/var/db/turndb" -u gorst -p hero
 
@@ -954,9 +948,6 @@ Fill in users, for example:
 
   $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
 
   
-  Long-term credentials mechanism with SHA256 extension:
 
-  $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
 
-  
   Admin users:
 
    
   $ bin/turnadmin -A -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
 
@@ -1009,9 +1000,6 @@ the root account.
 
   $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
 
   
-  Long-term credentials mechanism with SHA256 extension:
 
-  $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
 
-  
   Admin users:
 
    
   $ bin/turnadmin -A -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
 
@@ -1138,9 +1126,6 @@ Redis TURN admin commands:
 
   $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
 
   
-  Long-term credentials mechanism with SHA256 extension:
 
-  $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
 
-  
   Admin users:
 
    
   $ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u gorst -p hero

+ 0 - 5
README.turnadmin
Visa fil 

@@ -104,11 +104,6 @@ Options with required values:
 
 -r, --realm		Realm.
 
 -p, --password		Password.
 
 -o, --origin		Origin
 
--H, --sha256		Use SHA256 as the keys hash function (a non-standard feature). 
-				By default, MD5 is used for the key storage encryption 
-				(as required by the current STUN/TURNstandards).
 
--Y, --sha384		Use SHA384 as the keys hash function (a non-standard feature).
 
--K, --sha512		Use SHA512 as the keys hash function (a non-standard feature).
 
 --max-bps		Set value of realm's max-bps parameter.
 
 --total-quota	Set value of realm's total-quota parameter.
 
 --user-quota	Set value of realm's user-quota parameter.

+ 0 - 7
README.turnutils
Visa fil 

@@ -94,13 +94,6 @@ Flags:
 
 -R	do negative protocol tests.
 
 
 -O	DOS attack mode.
 
-
 
--H	SHA256 digest function for message integrity calculation.
 
-	Without this option, by default, SHA1 is used.
 
-
 
--Y	SHA384 digest function for message integrity calculation.
 
-
 
--K	SHA512 digest function for message integrity calculation.
 
 		
 -M	Use TURN ICE Mobility.

+ 1 - 15
man/man1/turnadmin.1
Visa fil 

@@ -1,5 +1,5 @@
 
 .\" Text automatically generated by txt2man
 
-.TH TURN 1 "10 April 2015" "" ""
 
+.TH TURN 1 "11 April 2015" "" ""
 
 .SH GENERAL INFORMATION
 
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 
@@ -184,20 +184,6 @@ Password.
 
 Origin
 
 .TP
 
 .B
 
-\fB\-H\fP, \fB\-\-sha256\fP
 
-Use SHA256 as the keys hash function (a non\-standard feature). 
-By default, MD5 is used for the key storage encryption 
-(as required by the current STUN/TURNstandards).
 
-.TP
 
-.B
 
-\fB\-Y\fP, \fB\-\-sha384\fP
 
-Use SHA384 as the keys hash function (a non\-standard feature).
 
-.TP
 
-.B
 
-\fB\-K\fP, \fB\-\-sha512\fP
 
-Use SHA512 as the keys hash function (a non\-standard feature).
 
-.TP
 
-.B
 
 \fB\-\-max\-bps\fP
 
 Set value of realm's max\-bps parameter.
 
 .TP

+ 1 - 1
man/man1/turnserver.1
Visa fil 

@@ -1,5 +1,5 @@
 
 .\" Text automatically generated by txt2man
 
-.TH TURN 1 "10 April 2015" "" ""
 
+.TH TURN 1 "11 April 2015" "" ""
 
 .SH GENERAL INFORMATION
 
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client

+ 1 - 14
man/man1/turnutils.1
Visa fil 

@@ -1,5 +1,5 @@
 
 .\" Text automatically generated by txt2man
 
-.TH TURN 1 "10 April 2015" "" ""
 
+.TH TURN 1 "11 April 2015" "" ""
 
 .SH GENERAL INFORMATION
 
 
 A set of turnutils_* programs provides some utility functionality to be used
 
@@ -143,19 +143,6 @@ do negative protocol tests.
 
 DOS attack mode.
 
 .TP
 
 .B
 
-\fB\-H\fP
 
-SHA256 digest function for message integrity calculation.
 
-Without this option, by default, SHA1 is used.
 
-.TP
 
-.B
 
-\fB\-Y\fP
 
-SHA384 digest function for message integrity calculation.
 
-.TP
 
-.B
 
-\fB\-K\fP
 
-SHA512 digest function for message integrity calculation.
 
-.TP
 
-.B
 
 \fB\-M\fP
 
 Use TURN ICE Mobility.
 
 .TP

+ 1 - 47
src/apps/uclient/mainuclient.c
Visa fil 

@@ -131,10 +131,6 @@ static char Usage[] =
 
   "	-N	Negative tests (some limited cases only).\n"
 
   "	-R	Negative protocol tests.\n"
 
   "	-O	DOS attack mode (quick connect and exit).\n"
 
-  "	-H	SHA256 digest function for message integrity calculation.\n"
 
-  "		Without this option, by default, SHA1 is used.\n"
 
-  "	-Y	SHA384 digest function for message integrity calculation.\n"
 
-  "	-K	SHA512 digest function for message integrity calculation.\n"
 
   "	-M	ICE Mobility engaged.\n"
 
   "	-I	Do not set permissions on TURN relay endpoints\n"
 
   "		(for testing the non-standard server relay functionality).\n"
 
@@ -166,39 +162,6 @@ static char Usage[] =
 
 
 //////////////////////////////////////////////////
 
 
-void recalculate_restapi_hmac(SHATYPE st) {
 
-
 
-	if (g_use_auth_secret_with_timestamp) {
 
-
 
-		u08bits hmac[MAXSHASIZE];
 
-		unsigned int hmac_len = 0;
 
-
 
-		if(st == SHATYPE_SHA256)
 
-		  hmac_len = SHA256SIZEBYTES;
 
-		else if(st == SHATYPE_SHA384)
 
-		  hmac_len = SHA384SIZEBYTES;
 
-		else if(st == SHATYPE_SHA512)
 
-		  hmac_len = SHA512SIZEBYTES;
 
-
 
-		hmac[0] = 0;
 
-
 
-		if (stun_calculate_hmac(g_uname, strlen((char*) g_uname),
 
-				(u08bits*) g_auth_secret, strlen(g_auth_secret), hmac,
 
-				&hmac_len, st) >= 0) {
 
-			size_t pwd_length = 0;
 
-			char *pwd = base64_encode(hmac, hmac_len, &pwd_length);
 
-
 
-			if (pwd) {
 
-				if (pwd_length > 0) {
 
-					ns_bcopy(pwd,g_upwd,pwd_length);
 
-					g_upwd[pwd_length] = 0;
 
-				}
 
-			}
 
-			turn_free(pwd,strlen(pwd)+1);
 
-		}
 
-	}
 
-}
 
-
 
 int main(int argc, char **argv)
 
 {
 
 	int port = 0;
 
@@ -220,7 +183,7 @@ int main(int argc, char **argv)
 
 
 	ns_bzero(local_addr, sizeof(local_addr));
 
 
-	while ((c = getopt(argc, argv, "a:d:p:l:n:L:m:e:r:u:w:i:k:z:W:C:E:F:o:bZvsyhcxXgtTSAPDNOUHYKMRIGBJ")) != -1) {
 
+	while ((c = getopt(argc, argv, "a:d:p:l:n:L:m:e:r:u:w:i:k:z:W:C:E:F:o:bZvsyhcxXgtTSAPDNOUMRIGBJ")) != -1) {
 
 		switch (c){
 
 		case 'J': {
 
 
@@ -271,15 +234,6 @@ int main(int argc, char **argv)
 
 		case 'M':
 
 			mobility = 1;
 
 			break;
 
-		case 'H':
 
-			shatype = SHATYPE_SHA256;
 
-			break;
 
-		case 'Y':
 
-			shatype = SHATYPE_SHA384;
 
-			break;
 
-		case 'K':
 
-			shatype = SHATYPE_SHA512;
 
-			break;
 
 		case 'E':
 
 		{
 
 			char* fn = find_config_file(optarg,1);

+ 0 - 2
src/apps/uclient/uclient.h
Visa fil 

@@ -110,8 +110,6 @@ turn_credential_type get_turn_credentials_type(void);
 
 int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
 
 int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
 
 
-void recalculate_restapi_hmac(SHATYPE st);
 
-
 
 SOCKET_TYPE get_socket_type(void);
 
 
 ////////////////////////////////////////////