Home Explore Help
Register Sign In
Apq
/
coturn
mirror of https://github.com/coturn/coturn.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Imported Upstream version 4.4.5.1

Oleg Moskalenko 10 years ago
parent
809c357901
commit
d23e516421
52 changed files with 500 additions and 1372 deletions
Unified View Show Diff Stats
  1. 9 0
      ChangeLog
  2. 6 46
      INSTALL
  3. 0 5
      README.turnadmin
  4. 0 11
      README.turnserver
  5. 0 7
      README.turnutils
  6. 3 3
      TODO
  7. 0 12
      examples/etc/turnserver.conf
  8. 1 1
      examples/scripts/longtermsecure/secure_relay.sh
  9. 1 1
      examples/scripts/longtermsecure/secure_relay_cert.sh
  10. 1 1
      examples/scripts/longtermsecuredb/secure_relay_with_db_mongo.sh
  11. 1 1
      examples/scripts/longtermsecuredb/secure_relay_with_db_mysql.sh
  12. 1 1
      examples/scripts/longtermsecuredb/secure_relay_with_db_mysql_ssl.sh
  13. 1 1
      examples/scripts/longtermsecuredb/secure_relay_with_db_psql.sh
  14. 1 1
      examples/scripts/longtermsecuredb/secure_relay_with_db_redis.sh
  15. 1 1
      examples/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh
  16. BIN
      examples/var/db/turndb
  17. 1 15
      man/man1/turnadmin.1
  18. 1 18
      man/man1/turnserver.1
  19. 1 14
      man/man1/turnutils.1
  20. 1 1
      rpm/build.settings.sh
  21. 3 1
      rpm/turnserver.spec
  22. 0 23
      src/apps/common/apputils.c
  23. 0 4
      src/apps/common/apputils.h
  24. 5 43
      src/apps/relay/dbdrivers/dbd_mongo.c
  25. 19 44
      src/apps/relay/dbdrivers/dbd_mysql.c
  26. 14 24
      src/apps/relay/dbdrivers/dbd_pgsql.c
  27. 7 17
      src/apps/relay/dbdrivers/dbd_redis.c
  28. 13 24
      src/apps/relay/dbdrivers/dbd_sqlite.c
  29. 1 1
      src/apps/relay/dbdrivers/dbdriver.h
  30. 51 56
      src/apps/relay/mainrelay.c
  31. 0 1
      src/apps/relay/mainrelay.h
  32. 1 1
      src/apps/relay/netengine.c
  33. 31 251
      src/apps/relay/turn_admin_server.c
  34. 19 59
      src/apps/relay/userdb.c
  35. 9 33
      src/apps/rfc5769/rfc5769check.c
  36. 2 2
      src/apps/stunclient/stunclient.c
  37. 5 51
      src/apps/uclient/mainuclient.c
  38. 0 1
      src/apps/uclient/session.h
  39. 1 51
      src/apps/uclient/startuclient.c
  40. 6 20
      src/apps/uclient/uclient.c
  41. 0 2
      src/apps/uclient/uclient.h
  42. 229 336
      src/client/ns_turn_msg.c
  43. 5 3
      src/client/ns_turn_msg.h
  44. 12 37
      src/client/ns_turn_msg_defs_new.h
  45. 1 1
      src/ns_turn_defs.h
  46. 15 90
      src/server/ns_turn_server.c
  47. 0 2
      src/server/ns_turn_server.h
  48. 1 5
      turndb/schema.sql
  49. 8 29
      turndb/schema.userdb.redis
  50. 6 14
      turndb/testmongosetup.sh
  51. 3 3
      turndb/testredisdbsetup.sh
  52. 3 3
      turndb/testsqldbsetup.sql

+ 9 - 0
ChangeLog
View File 

@@ -1,3 +1,12 @@
 
+4/9/2015 Oleg Moskalenko <[email protected]>
 
+Version 4.4.5.1 'Ardee West':
 
+	- dual allocation adjusted according to the new TURN-bis draft;
 
+	- options sha256, sha384, sha512 retired as non-standard;
 
+	- third-party authorization (oAuth) updated according to the
 
+	version 14 of the draft;
 
+	- C++ fixes;
 
+	- cosmetic fixes;
 
+
 
 3/31/2015 Oleg Moskalenko <[email protected]>
 
 3/31/2015 Oleg Moskalenko <[email protected]>
 
 Version 4.4.4.2 'Ardee West':
 
 Version 4.4.4.2 'Ardee West':
 
 	- SCTP fixes;
 
 	- SCTP fixes;

+ 6 - 46
INSTALL
View File 

@@ -470,7 +470,7 @@ libevent2 from their web site. It was tested with older *NIXes
 
 
 
 NOTE: SQLite must be of version 3.x.
 
 NOTE: SQLite must be of version 3.x.
 
 
 
-NOTE: For extra security features (DTLS and SHA256 and and SHA384 and SHA512)
 
+NOTE: For extra security features (like DTLS)
 
 support, OpenSSL version 1.0.0a or newer is recommended. Older versions do 
 support, OpenSSL version 1.0.0a or newer is recommended. Older versions do 
 not support DTLS, reliably, in some cases. For example, the Debian 'Squeeze'
 
 not support DTLS, reliably, in some cases. For example, the Debian 'Squeeze'
 
 Linux supplies 0.9.8 version of OpenSSL, that does not work correctly with
 
 Linux supplies 0.9.8 version of OpenSSL, that does not work correctly with
 
@@ -683,10 +683,7 @@ security reasons. Storing only the HMAC key has its own implications -
 
 if you change the realm, you will have to update the HMAC keys of all 
 if you change the realm, you will have to update the HMAC keys of all 
 users, because the realm is used for the HMAC key generation.
 
 users, because the realm is used for the HMAC key generation.
 
 
 
-The key must be up to 32 characters (HEX representation of 16 bytes) for SHA1,
 
-or up to 64 characters (HEX representation of 32 bytes) for SHA256,
 
-or up to 96 characters (HEX representation of 48 bytes) for SHA384,
 
-or up to 128 characters (HEX representation of 64 bytes) for SHA512:
 
+The key must be up to 32 characters (HEX representation of 16 bytes) for SHA1:
 
 
 
 # Table holding shared secrets for secret-based authorization
 
 # Table holding shared secrets for secret-based authorization
 
 # (REST API). Shared secret can be stored either in unsecure open
 
 # (REST API). Shared secret can be stored either in unsecure open
 
@@ -743,14 +740,10 @@ CREATE TABLE turn_realm_option (
 
 #
 
 #
 
 CREATE TABLE oauth_key (
 
 CREATE TABLE oauth_key (
 
 	kid varchar(128), 
 	kid varchar(128), 
-	ikm_key varchar(256) default '',
 
+	ikm_key varchar(256),
 
 	timestamp bigint default 0,
 
 	timestamp bigint default 0,
 
 	lifetime integer default 0,
 
 	lifetime integer default 0,
 
-	hkdf_hash_func varchar(64) default '',
 
 	as_rs_alg varchar(64) default '',
 
 	as_rs_alg varchar(64) default '',
 
-	as_rs_key varchar(256) default '',
 
-	auth_alg varchar(64) default '',
 
-	auth_key varchar(256) default '',
 
 	primary key (kid)
 
 	primary key (kid)
 
 ); 
 ); 
 
 
@@ -759,38 +752,17 @@ The oauth_key table fields meanings are:
 
 	kid: the kid of the key;
 
 	kid: the kid of the key;
 
 
 
 	ikm_key - (optional) base64-encoded key ("input keying material");
 
 	ikm_key - (optional) base64-encoded key ("input keying material");
 
-		The ikm_key is not needed if the as_rs_key and auth_key are defined
 
-		explicitly in the database;
 
 		
 		
 	timestamp - (optional) the timestamp (in seconds) when the key 
 	timestamp - (optional) the timestamp (in seconds) when the key 
 		lifetime starts;
 
 		lifetime starts;
 
 	
 	
 	lifetime - (optional) the key lifetime in seconds; the default value 
 	lifetime - (optional) the key lifetime in seconds; the default value 
 		is 0 - unlimited lifetime.
 
 		is 0 - unlimited lifetime.
 
-	
-	hkdf_hash_func - (optional) hash function for HKDF procedure; the 
-		valid values are SHA-1, SHA-256, SHA-384 and SHA-512, 
-		with SHA-256 as default. The hkdf_hash_func is not needed
 
-		if the as_rs_key and auth_key are defined explicitly
 
-		in the database;
 
 		
 		
 	as_rs_alg - oAuth token encryption algorithm; the valid values are
 
 	as_rs_alg - oAuth token encryption algorithm; the valid values are
 
-		"AES-128-CBC" and "AES-256-CBC", , "AEAD-AES-128-GCM",
 
-		"AEAD-AES-256-GCM".
 
-		The default value is "AES-256-CBC";
 
-		
-	as_rs_key - (optional) base64-encoded AS-RS key. If not defined, then 
-		calculated with ikm_key and hkdf_hash_func. The as_rs_key length 
-		is defined by as_rs_alg.
 
-		
-	auth_alg - (optional) oAuth token authentication algorithm; the valid values are
 
-		"HMAC-SHA-256-128", "HMAC-SHA-256", "HMAC-SHA-384",
 
-		"HMAC-SHA-512" and "HMAC-SHA-1".		  
-		The default value is "HMAC-SHA-256-128".
 
-		
-	auth_key - (optional) base64-encoded AUTH key. If not defined, then 
-		calculated with ikm_key and hkdf_hash_func. The auth_key length 
-		is defined by auth_alg.
 
+		"A256GCM", "A128GCM" (see 
+		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.1).
 
+		The default value is "A256GCM";
 
 
 
 # Https access admin users.
 
 # Https access admin users.
 
 # Leave this table empty if you do not want 
 # Leave this table empty if you do not want 
@@ -827,9 +799,6 @@ Fill in users, for example:
 
   $ bin/turnadmin -a -b "/var/db/turndb" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -b "/var/db/turndb" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -b "/var/db/turndb" -u ninefingers -r north.gov -p youhavetoberealistic
 
   $ bin/turnadmin -a -b "/var/db/turndb" -u ninefingers -r north.gov -p youhavetoberealistic
 
   
   
-  Long-term credentials mechanism with SHA256 extension:
 
-  $ bin/turnadmin -a -b "/var/db/turndb" -u bethod -r north.gov -p king-of-north --sha256
 
-  
   Admin users:
 
   Admin users:
 
    
    
   $ bin/turnadmin -A -b "/var/db/turndb" -u gorst -p hero
 
   $ bin/turnadmin -A -b "/var/db/turndb" -u gorst -p hero
 
@@ -954,9 +923,6 @@ Fill in users, for example:
 
   $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
 
   $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
 
   
   
-  Long-term credentials mechanism with SHA256 extension:
 
-  $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
 
-  
   Admin users:
 
   Admin users:
 
    
    
   $ bin/turnadmin -A -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
 
   $ bin/turnadmin -A -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
 
@@ -1009,9 +975,6 @@ the root account.
 
   $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
 
   $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
 
   
   
-  Long-term credentials mechanism with SHA256 extension:
 
-  $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
 
-  
   Admin users:
 
   Admin users:
 
    
    
   $ bin/turnadmin -A -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
 
   $ bin/turnadmin -A -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
 
@@ -1138,9 +1101,6 @@ Redis TURN admin commands:
 
   $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u gorst -r north.gov -p hero
 
   $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
 
   $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
 
   
   
-  Long-term credentials mechanism with SHA256 extension:
 
-  $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
 
-  
   Admin users:
 
   Admin users:
 
    
    
   $ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u gorst -p hero
 
   $ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u gorst -p hero

+ 0 - 5
README.turnadmin
View File 

@@ -104,11 +104,6 @@ Options with required values:
 
 -r, --realm		Realm.
 
 -r, --realm		Realm.
 
 -p, --password		Password.
 
 -p, --password		Password.
 
 -o, --origin		Origin
 
 -o, --origin		Origin
 
--H, --sha256		Use SHA256 as the keys hash function (a non-standard feature). 
-				By default, MD5 is used for the key storage encryption 
-				(as required by the current STUN/TURNstandards).
 
--Y, --sha384		Use SHA384 as the keys hash function (a non-standard feature).
 
--K, --sha512		Use SHA512 as the keys hash function (a non-standard feature).
 
 --max-bps		Set value of realm's max-bps parameter.
 
 --max-bps		Set value of realm's max-bps parameter.
 
 --total-quota	Set value of realm's total-quota parameter.
 
 --total-quota	Set value of realm's total-quota parameter.
 
 --user-quota	Set value of realm's user-quota parameter. 
 --user-quota	Set value of realm's user-quota parameter.

+ 0 - 11
README.turnserver
View File 

@@ -236,17 +236,6 @@ Flags:
 
 --no-multicast-peers	Disallow peers on well-known broadcast addresses 
 --no-multicast-peers	Disallow peers on well-known broadcast addresses 
 			(224.0.0.0 and above, and FFXX:*).
 
 			(224.0.0.0 and above, and FFXX:*).
 
 
 
---sha256		Require SHA256 digest function to be used for the message integrity.
 
-			By default, the server uses SHA1 hashes. With this option, the server 
-			requires the stronger SHA256 hashes. The client application must support
 
-			SHA256 hash function if this option is used. If the server obtains a message 
-			from the client with a weaker (SHA1) hash function then the server returns 
-			error code 426.
 
-
 
---sha384		Require SHA384 digest function to be used for the message integrity.
 
-
 
---sha512		Require SHA512 digest function to be used for the message integrity.
 
-			
 --mobility		Mobility with ICE (MICE) specs support.
 
 --mobility		Mobility with ICE (MICE) specs support.
 
 
 
 --no-cli		Turn OFF the CLI support. By default it is always ON.
 
 --no-cli		Turn OFF the CLI support. By default it is always ON.

+ 0 - 7
README.turnutils
View File 

@@ -94,13 +94,6 @@ Flags:
 
 -R	do negative protocol tests.
 
 -R	do negative protocol tests.
 
 
 
 -O	DOS attack mode.
 
 -O	DOS attack mode.
 
-
 
--H	SHA256 digest function for message integrity calculation.
 
-	Without this option, by default, SHA1 is used.
 
-
 
--Y	SHA384 digest function for message integrity calculation.
 
-
 
--K	SHA512 digest function for message integrity calculation.
 
 		
 		
 -M	Use TURN ICE Mobility.
 
 -M	Use TURN ICE Mobility.

+ 3 - 3
TODO
View File 

@@ -59,9 +59,9 @@
 
 
 
 2) Redirect draft.
 
 2) Redirect draft.
 
 
 
-3) STUN-Bis: 
-	a. SCTP
 
-	b. New integrity attribute, algorithms
 
+3) STUN-bis: new integrity attribute, algorithms.
 
+
 
+4) Third-party authorization updates.
 
 
 
 ==================================================================
 
 ==================================================================

+ 0 - 12
examples/etc/turnserver.conf
View File 

@@ -557,18 +557,6 @@
 
 #
 
 #
 
 #secure-stun
 
 #secure-stun
 
 
 
-# Require SHA256, or SHA384, or SHA512 digest function to be used for the message
 
-# integrity. By default, the server uses SHA1 (as per TURN standard specs). 
-# With this option, the server always requires the stronger SHA256, SHA384 or SHA512 
-# function. The client application must support SHA256, SHA384 or SHA512 hash function
 
-# if this option is used. If the server obtains 
-# a message from the client with a weaker (SHA1) hash function then the 
-# server returns error code 426.
 
-#
 
-#sha256
 
-#sha384
 
-#sha512
 
-
 
 # Mobility with ICE (MICE) specs support.
 
 # Mobility with ICE (MICE) specs support.
 
 #
 
 #
 
 #mobility
 
 #mobility

+ 1 - 1
examples/scripts/longtermsecure/secure_relay.sh
View File 

@@ -32,4 +32,4 @@ fi
 
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
 
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -v --cipher-list=ALL --db="var/db/turndb" $@
 
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -v --cipher-list=ALL --db=var/db/turndb $@

+ 1 - 1
examples/scripts/longtermsecure/secure_relay_cert.sh
View File 

@@ -35,4 +35,4 @@ fi
 
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
 
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=turn_server_cert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" $@
 
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=turn_server_cert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --db=var/db/turndb $@

+ 1 - 1
examples/scripts/longtermsecuredb/secure_relay_with_db_mongo.sh
View File 

@@ -21,7 +21,7 @@
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
-# 11) --oauth - mandate oAuth security dialog
 
+# 11) --oauth - support oAuth security dialog
 
 # Other parameters (config file name, etc) are default.
 
 # Other parameters (config file name, etc) are default.
 
 
 
 if [ -d examples ] ; then
 
 if [ -d examples ] ; then

+ 1 - 1
examples/scripts/longtermsecuredb/secure_relay_with_db_mysql.sh
View File 

@@ -22,7 +22,7 @@
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
-# 11) --oauth - mandate oAuth security dialog
 
+# 11) --oauth - support oAuth security dialog
 
 # Other parameters (config file name, etc) are default.
 
 # Other parameters (config file name, etc) are default.
 
 
 
 if [ -d examples ] ; then
 
 if [ -d examples ] ; then

+ 1 - 1
examples/scripts/longtermsecuredb/secure_relay_with_db_mysql_ssl.sh
View File 

@@ -23,7 +23,7 @@
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
-# 11) --oauth - mandate oAuth security dialog
 
+# 11) --oauth - support oAuth security dialog
 
 # Other parameters (config file name, etc) are default.
 
 # Other parameters (config file name, etc) are default.
 
 
 
 if [ -d examples ] ; then
 
 if [ -d examples ] ; then

+ 1 - 1
examples/scripts/longtermsecuredb/secure_relay_with_db_psql.sh
View File 

@@ -22,7 +22,7 @@
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
-# 11) --oauth - mandate oAuth security dialog
 
+# 11) --oauth - support oAuth security dialog
 
 # Other parameters (config file name, etc) are default.
 
 # Other parameters (config file name, etc) are default.
 
 
 
 if [ -d examples ] ; then
 
 if [ -d examples ] ; then

+ 1 - 1
examples/scripts/longtermsecuredb/secure_relay_with_db_redis.sh
View File 

@@ -25,7 +25,7 @@
 
 # 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 10) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 10) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 11) --cipher-list=ALL means that we support all OpenSSL ciphers
 
 # 11) --cipher-list=ALL means that we support all OpenSSL ciphers
 
-# 12) --oauth - mandate oAuth security dialog
 
+# 12) --oauth - support oAuth security dialog
 
 # Other parameters (config file name, etc) are default.
 
 # Other parameters (config file name, etc) are default.
 
 
 
 if [ -d examples ] ; then
 
 if [ -d examples ] ; then

+ 1 - 1
examples/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh
View File 

@@ -21,7 +21,7 @@
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
 # 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 
-# 11) --oauth - mandate oAuth security dialog
 
+# 11) --oauth - support oAuth security dialog
 
 # Other parameters (config file name, etc) are default.
 
 # Other parameters (config file name, etc) are default.
 
 
 
 if [ -d examples ] ; then
 
 if [ -d examples ] ; then

BIN
examples/var/db/turndb
View File


+ 1 - 15
man/man1/turnadmin.1
View File 

@@ -1,5 +1,5 @@
 
 .\" Text automatically generated by txt2man
 
 .\" Text automatically generated by txt2man
 
-.TH TURN 1 "21 March 2015" "" ""
 
+.TH TURN 1 "11 April 2015" "" ""
 
 .SH GENERAL INFORMATION
 
 .SH GENERAL INFORMATION
 
 
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 
@@ -184,20 +184,6 @@ Password.
 
 Origin
 
 Origin
 
 .TP
 
 .TP
 
 .B
 
 .B
 
-\fB\-H\fP, \fB\-\-sha256\fP
 
-Use SHA256 as the keys hash function (a non\-standard feature). 
-By default, MD5 is used for the key storage encryption 
-(as required by the current STUN/TURNstandards).
 
-.TP
 
-.B
 
-\fB\-Y\fP, \fB\-\-sha384\fP
 
-Use SHA384 as the keys hash function (a non\-standard feature).
 
-.TP
 
-.B
 
-\fB\-K\fP, \fB\-\-sha512\fP
 
-Use SHA512 as the keys hash function (a non\-standard feature).
 
-.TP
 
-.B
 
 \fB\-\-max\-bps\fP
 
 \fB\-\-max\-bps\fP
 
 Set value of realm's max\-bps parameter.
 
 Set value of realm's max\-bps parameter.
 
 .TP
 
 .TP

+ 1 - 18
man/man1/turnserver.1
View File 

@@ -1,5 +1,5 @@
 
 .\" Text automatically generated by txt2man
 
 .\" Text automatically generated by txt2man
 
-.TH TURN 1 "21 March 2015" "" ""
 
+.TH TURN 1 "11 April 2015" "" ""
 
 .SH GENERAL INFORMATION
 
 .SH GENERAL INFORMATION
 
 
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 
@@ -363,23 +363,6 @@ Disallow peers on well\-known broadcast addresses
 
 (224.0.0.0 and above, and FFXX:*).
 
 (224.0.0.0 and above, and FFXX:*).
 
 .TP
 
 .TP
 
 .B
 
 .B
 
-\fB\-\-sha256\fP
 
-Require SHA256 digest function to be used for the message integrity.
 
-By default, the server uses SHA1 hashes. With this option, the server 
-requires the stronger SHA256 hashes. The client application must support
 
-SHA256 hash function if this option is used. If the server obtains a message 
-from the client with a weaker (SHA1) hash function then the server returns 
-error code 426.
 
-.TP
 
-.B
 
-\fB\-\-sha384\fP
 
-Require SHA384 digest function to be used for the message integrity.
 
-.TP
 
-.B
 
-\fB\-\-sha512\fP
 
-Require SHA512 digest function to be used for the message integrity.
 
-.TP
 
-.B
 
 \fB\-\-mobility\fP
 
 \fB\-\-mobility\fP
 
 Mobility with ICE (MICE) specs support.
 
 Mobility with ICE (MICE) specs support.
 
 .TP
 
 .TP

+ 1 - 14
man/man1/turnutils.1
View File 

@@ -1,5 +1,5 @@
 
 .\" Text automatically generated by txt2man
 
 .\" Text automatically generated by txt2man
 
-.TH TURN 1 "21 March 2015" "" ""
 
+.TH TURN 1 "11 April 2015" "" ""
 
 .SH GENERAL INFORMATION
 
 .SH GENERAL INFORMATION
 
 
 
 A set of turnutils_* programs provides some utility functionality to be used
 
 A set of turnutils_* programs provides some utility functionality to be used
 
@@ -143,19 +143,6 @@ do negative protocol tests.
 
 DOS attack mode.
 
 DOS attack mode.
 
 .TP
 
 .TP
 
 .B
 
 .B
 
-\fB\-H\fP
 
-SHA256 digest function for message integrity calculation.
 
-Without this option, by default, SHA1 is used.
 
-.TP
 
-.B
 
-\fB\-Y\fP
 
-SHA384 digest function for message integrity calculation.
 
-.TP
 
-.B
 
-\fB\-K\fP
 
-SHA512 digest function for message integrity calculation.
 
-.TP
 
-.B
 
 \fB\-M\fP
 
 \fB\-M\fP
 
 Use TURN ICE Mobility.
 
 Use TURN ICE Mobility.
 
 .TP
 
 .TP

+ 1 - 1
rpm/build.settings.sh
View File 

@@ -2,7 +2,7 @@
 
 
 
 # Common settings script.
 
 # Common settings script.
 
 
 
-TURNVERSION=4.4.4.2
 
+TURNVERSION=4.4.5.1
 
 BUILDDIR=~/rpmbuild
 
 BUILDDIR=~/rpmbuild
 
 ARCH=`uname -p`
 
 ARCH=`uname -p`
 
 TURNSERVER_SVN_URL=http://coturn.googlecode.com/svn
 
 TURNSERVER_SVN_URL=http://coturn.googlecode.com/svn

+ 3 - 1
rpm/turnserver.spec
View File 

@@ -1,5 +1,5 @@
 
 Name:		turnserver
 
 Name:		turnserver
 
-Version:	4.4.4.2
 
+Version:	4.4.5.1
 
 Release:	0%{dist}
 
 Release:	0%{dist}
 
 Summary:	Coturn TURN Server
 
 Summary:	Coturn TURN Server
 
 
 
@@ -289,6 +289,8 @@ fi
 
 %{_includedir}/turn/client/TurnMsgLib.h
 
 %{_includedir}/turn/client/TurnMsgLib.h
 
 
 
 %changelog
 
 %changelog
 
+* Thu Apr 09 2015 Oleg Moskalenko <[email protected]>
 
+  - Sync to 4.4.5.1
 
 * Tue Mar 31 2015 Oleg Moskalenko <[email protected]>
 
 * Tue Mar 31 2015 Oleg Moskalenko <[email protected]>
 
   - Sync to 4.4.4.2
 
   - Sync to 4.4.4.2
 
 * Sun Mar 15 2015 Oleg Moskalenko <[email protected]>
 
 * Sun Mar 15 2015 Oleg Moskalenko <[email protected]>

+ 0 - 23
src/apps/common/apputils.c
View File 

@@ -1125,8 +1125,6 @@ void convert_oauth_key_data_raw(const oauth_key_data_raw *raw, oauth_key_data *o
 
 		oakd->lifetime = raw->lifetime;
 
 		oakd->lifetime = raw->lifetime;
 
 
 
 		ns_bcopy(raw->as_rs_alg,oakd->as_rs_alg,sizeof(oakd->as_rs_alg));
 
 		ns_bcopy(raw->as_rs_alg,oakd->as_rs_alg,sizeof(oakd->as_rs_alg));
 
-		ns_bcopy(raw->auth_alg,oakd->auth_alg,sizeof(oakd->auth_alg));
 
-		ns_bcopy(raw->hkdf_hash_func,oakd->hkdf_hash_func,sizeof(oakd->hkdf_hash_func));
 
 		ns_bcopy(raw->kid,oakd->kid,sizeof(oakd->kid));
 
 		ns_bcopy(raw->kid,oakd->kid,sizeof(oakd->kid));
 
 
 
 		if(raw->ikm_key[0]) {
 
 		if(raw->ikm_key[0]) {
 
@@ -1138,27 +1136,6 @@ void convert_oauth_key_data_raw(const oauth_key_data_raw *raw, oauth_key_data *o
 
 				turn_free(ikm_key,ikm_key_size);
 
 				turn_free(ikm_key,ikm_key_size);
 
 			}
 
 			}
 
 		}
 
 		}
 
-
 
-		if(raw->as_rs_key[0]) {
 
-			size_t as_rs_key_size = 0;
 
-			char *as_rs_key = (char*)base64_decode(raw->as_rs_key,strlen(raw->as_rs_key),&as_rs_key_size);
 
-			if(as_rs_key) {
 
-				ns_bcopy(as_rs_key,oakd->as_rs_key,as_rs_key_size);
 
-				oakd->as_rs_key_size = as_rs_key_size;
 
-				turn_free(as_rs_key,as_rs_key_size);
 
-			}
 
-		}
 
-
 
-		if(raw->auth_key[0]) {
 
-			size_t auth_key_size = 0;
 
-			char *auth_key = (char*)base64_decode(raw->auth_key,strlen(raw->auth_key),&auth_key_size);
 
-			if(auth_key) {
 
-				ns_bcopy(auth_key,oakd->auth_key,auth_key_size);
 
-				oakd->auth_key_size = auth_key_size;
 
-				turn_free(auth_key,auth_key_size);
 
-			}
 
-		}
 
-
 
 	}
 
 	}
 
 }
 
 }

+ 0 - 4
src/apps/common/apputils.h
View File 

@@ -141,11 +141,7 @@ struct _oauth_key_data_raw {
 
 	char ikm_key[OAUTH_KEY_SIZE+1];
 
 	char ikm_key[OAUTH_KEY_SIZE+1];
 
 	u64bits timestamp;
 
 	u64bits timestamp;
 
 	u32bits lifetime;
 
 	u32bits lifetime;
 
-	char hkdf_hash_func[OAUTH_HASH_FUNC_SIZE+1];
 
 	char as_rs_alg[OAUTH_ALG_SIZE+1];
 
 	char as_rs_alg[OAUTH_ALG_SIZE+1];
 
-	char as_rs_key[OAUTH_KEY_SIZE+1];
 
-	char auth_alg[OAUTH_ALG_SIZE+1];
 
-	char auth_key[OAUTH_KEY_SIZE+1];
 
 };
 
 };
 
 
 
 typedef struct _oauth_key_data_raw oauth_key_data_raw;
 
 typedef struct _oauth_key_data_raw oauth_key_data_raw;

+ 5 - 43
src/apps/relay/dbdrivers/dbd_mongo.c
View File 

@@ -216,7 +216,7 @@ static int mongo_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
 
     if (mongoc_cursor_next(cursor, &item)) {
 
     if (mongoc_cursor_next(cursor, &item)) {
 
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "hmackey") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "hmackey") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
         value = bson_iter_utf8(&iter, &length);
 
         value = bson_iter_utf8(&iter, &length);
 
-				size_t sz = get_hmackey_size(turn_params.shatype) * 2;
 
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT) * 2;
 
 				if(length < sz) {
 
 				if(length < sz) {
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: string length=%d (must be %d): user %s\n", (int)length, (int)sz, usname);
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: string length=%d (must be %d): user %s\n", (int)length, (int)sz, usname);
 
 				} else {
 
 				} else {
 
@@ -255,10 +255,6 @@ static int mongo_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 	BSON_APPEND_INT32(&fields, "lifetime", 1);
 
 	BSON_APPEND_INT32(&fields, "lifetime", 1);
 
 	BSON_APPEND_INT32(&fields, "timestamp", 1);
 
 	BSON_APPEND_INT32(&fields, "timestamp", 1);
 
 	BSON_APPEND_INT32(&fields, "as_rs_alg", 1);
 
 	BSON_APPEND_INT32(&fields, "as_rs_alg", 1);
 
-	BSON_APPEND_INT32(&fields, "as_rs_key", 1);
 
-	BSON_APPEND_INT32(&fields, "auth_alg", 1);
 
-	BSON_APPEND_INT32(&fields, "auth_key", 1);
 
-	BSON_APPEND_INT32(&fields, "hkdf_hash_func", 1);
 
 	BSON_APPEND_INT32(&fields, "ikm_key", 1);
 
 	BSON_APPEND_INT32(&fields, "ikm_key", 1);
 
 
 
 	mongoc_cursor_t * cursor;
 
 	mongoc_cursor_t * cursor;
 
@@ -281,21 +277,9 @@ static int mongo_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
 				STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length));
 
 				STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length));
 
 			}
 
 			}
 
-			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
-				STRCPY(key->as_rs_key,bson_iter_utf8(&iter, &length));
 
-			}
 
-			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "auth_alg") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
-				STRCPY(key->auth_alg,bson_iter_utf8(&iter, &length));
 
-			}
 
-			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "auth_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
-				STRCPY(key->auth_key,bson_iter_utf8(&iter, &length));
 
-			}
 
 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
 				STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length));
 
 				STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length));
 
 			}
 
 			}
 
-			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "hkdf_hash_func") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
-				STRCPY(key->hkdf_hash_func,bson_iter_utf8(&iter, &length));
 
-			}
 
 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "timestamp") && BSON_ITER_HOLDS_INT64(&iter)) {
 
 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "timestamp") && BSON_ITER_HOLDS_INT64(&iter)) {
 
 				key->timestamp = (u64bits)bson_iter_int64(&iter);
 
 				key->timestamp = (u64bits)bson_iter_int64(&iter);
 
 			}
 
 			}
 
@@ -357,10 +341,6 @@ static int mongo_set_oauth_key(oauth_key_data_raw *key) {
 
   bson_init(&doc);
 
   bson_init(&doc);
 
   BSON_APPEND_UTF8(&doc, "kid", (const char *)key->kid);
 
   BSON_APPEND_UTF8(&doc, "kid", (const char *)key->kid);
 
   BSON_APPEND_UTF8(&doc, "as_rs_alg", (const char *)key->as_rs_alg);
 
   BSON_APPEND_UTF8(&doc, "as_rs_alg", (const char *)key->as_rs_alg);
 
-  BSON_APPEND_UTF8(&doc, "as_rs_key", (const char *)key->as_rs_key);
 
-  BSON_APPEND_UTF8(&doc, "auth_alg", (const char *)key->auth_alg);
 
-  BSON_APPEND_UTF8(&doc, "auth_key", (const char *)key->auth_key);
 
-  BSON_APPEND_UTF8(&doc, "hkdf_hash_func", (const char *)key->hkdf_hash_func);
 
   BSON_APPEND_UTF8(&doc, "ikm_key", (const char *)key->ikm_key);
 
   BSON_APPEND_UTF8(&doc, "ikm_key", (const char *)key->ikm_key);
 
   BSON_APPEND_INT64(&doc, "timestamp", (int64_t)key->timestamp);
 
   BSON_APPEND_INT64(&doc, "timestamp", (int64_t)key->timestamp);
 
   BSON_APPEND_INT32(&doc, "lifetime", (int32_t)key->lifetime);
 
   BSON_APPEND_INT32(&doc, "lifetime", (int32_t)key->lifetime);
 
@@ -497,7 +477,7 @@ static int mongo_list_users(u08bits *realm, secrets_list_t *users, secrets_list_
 
   return ret;
 
   return ret;
 
 }
 
 }
 
 
 
-static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas,secrets_list_t *tss,secrets_list_t *lts) {
 
+static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secrets_list_t *tss,secrets_list_t *lts) {
 
 
 
   const char * collection_name = "oauth_key";
 
   const char * collection_name = "oauth_key";
 
   mongoc_collection_t * collection = mongo_get_collection(collection_name);
 
   mongoc_collection_t * collection = mongo_get_collection(collection_name);
 
@@ -521,10 +501,6 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
   BSON_APPEND_INT32(&fields, "lifetime", 1);
 
   BSON_APPEND_INT32(&fields, "lifetime", 1);
 
   BSON_APPEND_INT32(&fields, "timestamp", 1);
 
   BSON_APPEND_INT32(&fields, "timestamp", 1);
 
   BSON_APPEND_INT32(&fields, "as_rs_alg", 1);
 
   BSON_APPEND_INT32(&fields, "as_rs_alg", 1);
 
-  BSON_APPEND_INT32(&fields, "as_rs_key", 1);
 
-  BSON_APPEND_INT32(&fields, "auth_alg", 1);
 
-  BSON_APPEND_INT32(&fields, "auth_key", 1);
 
-  BSON_APPEND_INT32(&fields, "hkdf_hash_func", 1);
 
   BSON_APPEND_INT32(&fields, "ikm_key", 1);
 
   BSON_APPEND_INT32(&fields, "ikm_key", 1);
 
 
 
   mongoc_cursor_t * cursor;
 
   mongoc_cursor_t * cursor;
 
@@ -549,21 +525,9 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
     	    STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length));
 
     	    STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length));
 
     	}
 
     	}
 
-    	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
-    		STRCPY(key->as_rs_key,bson_iter_utf8(&iter, &length));
 
-    	}
 
-    	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "auth_alg") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
-    		STRCPY(key->auth_alg,bson_iter_utf8(&iter, &length));
 
-    	}
 
-    	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "auth_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
-    		STRCPY(key->auth_key,bson_iter_utf8(&iter, &length));
 
-    	}
 
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
     		STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length));
 
     		STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length));
 
     	}
 
     	}
 
-    	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "hkdf_hash_func") && BSON_ITER_HOLDS_UTF8(&iter)) {
 
-    		STRCPY(key->hkdf_hash_func,bson_iter_utf8(&iter, &length));
 
-    	}
 
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "timestamp") && BSON_ITER_HOLDS_INT64(&iter)) {
 
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "timestamp") && BSON_ITER_HOLDS_INT64(&iter)) {
 
     		key->timestamp = (u64bits)bson_iter_int64(&iter);
 
     		key->timestamp = (u64bits)bson_iter_int64(&iter);
 
     	}
 
     	}
 
@@ -572,9 +536,7 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
     	}
 
     	}
 
     	if(kids) {
 
     	if(kids) {
 
     		add_to_secrets_list(kids,key->kid);
 
     		add_to_secrets_list(kids,key->kid);
 
-    		add_to_secrets_list(hkdfs,key->hkdf_hash_func);
 
     		add_to_secrets_list(teas,key->as_rs_alg);
 
     		add_to_secrets_list(teas,key->as_rs_alg);
 
-    		add_to_secrets_list(aas,key->auth_alg);
 
 			{
 
 			{
 
 				char ts[256];
 
 				char ts[256];
 
 				snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
 				snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
@@ -586,9 +548,9 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
 				add_to_secrets_list(lts,lt);
 
 				add_to_secrets_list(lts,lt);
 
 			}
 
 			}
 
     	} else {
 
     	} else {
 
-    		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
 
-    						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
 
-    						key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
 
+    		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
 
+    						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
 
+    						key->as_rs_alg);
 
     	}
 
     	}
 
     }
 
     }
 
     mongoc_cursor_destroy(cursor);
 
     mongoc_cursor_destroy(cursor);

+ 19 - 44
src/apps/relay/dbdrivers/dbd_mysql.c
View File 

@@ -315,7 +315,7 @@ static int mysql_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
 
 				if(row && row[0]) {
 
 				if(row && row[0]) {
 
 					unsigned long *lengths = mysql_fetch_lengths(mres);
 
 					unsigned long *lengths = mysql_fetch_lengths(mres);
 
 					if(lengths) {
 
 					if(lengths) {
 
-						size_t sz = get_hmackey_size(turn_params.shatype)*2;
 
+						size_t sz = get_hmackey_size(SHATYPE_DEFAULT)*2;
 
 						if(lengths[0]<sz) {
 
 						if(lengths[0]<sz) {
 
 							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: string length=%d (must be %d): user %s\n",(int)lengths[0],(int)sz,usname);
 
 							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: string length=%d (must be %d): user %s\n",(int)lengths[0],(int)sz,usname);
 
 						} else {
 
 						} else {
 
@@ -343,7 +343,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 
 
 	int ret = -1;
 
 	int ret = -1;
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	char statement[TURN_LONG_STRING_SIZE];
 
-	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key from oauth_key where kid='%s'",(const char*)kid);
 
+	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s'",(const char*)kid);
 
 
 
 	MYSQL * myc = get_mydb_connection();
 
 	MYSQL * myc = get_mydb_connection();
 
 	if(myc) {
 
 	if(myc) {
 
@@ -354,7 +354,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 			MYSQL_RES *mres = mysql_store_result(myc);
 
 			MYSQL_RES *mres = mysql_store_result(myc);
 
 			if(!mres) {
 
 			if(!mres) {
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
 
-			} else if(mysql_field_count(myc)!=8) {
 
+			} else if(mysql_field_count(myc)!=4) {
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement);
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement);
 
 			} else {
 
 			} else {
 
 				MYSQL_ROW row = mysql_fetch_row(mres);
 
 				MYSQL_ROW row = mysql_fetch_row(mres);
 
@@ -375,20 +375,8 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 						slifetime[lengths[2]]=0;
 
 						slifetime[lengths[2]]=0;
 
 						key->lifetime = (u32bits)strtoul(slifetime,NULL,10);
 
 						key->lifetime = (u32bits)strtoul(slifetime,NULL,10);
 
 
 
-						ns_bcopy(row[3],key->hkdf_hash_func,lengths[3]);
 
-						key->hkdf_hash_func[lengths[3]]=0;
 
-
 
-						ns_bcopy(row[4],key->as_rs_alg,lengths[4]);
 
-						key->as_rs_alg[lengths[4]]=0;
 
-
 
-						ns_bcopy(row[5],key->as_rs_key,lengths[5]);
 
-						key->as_rs_key[lengths[5]]=0;
 
-
 
-						ns_bcopy(row[6],key->auth_alg,lengths[6]);
 
-						key->auth_alg[lengths[6]]=0;
 
-
 
-						ns_bcopy(row[7],key->auth_key,lengths[7]);
 
-						key->auth_key[lengths[7]]=0;
 
+						ns_bcopy(row[3],key->as_rs_alg,lengths[3]);
 
+						key->as_rs_alg[lengths[3]]=0;
 
 
 
 						ret = 0;
 
 						ret = 0;
 
 					}
 
 					}
 
@@ -402,13 +390,13 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 	return ret;
 
 	return ret;
 
 }
 
 }
 
 
 
-static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas,secrets_list_t *tss,secrets_list_t *lts) {
 
+static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secrets_list_t *tss,secrets_list_t *lts) {
 
 
 
 	oauth_key_data_raw key_;
 
 	oauth_key_data_raw key_;
 
 	oauth_key_data_raw *key=&key_;
 
 	oauth_key_data_raw *key=&key_;
 
 	int ret = -1;
 
 	int ret = -1;
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	char statement[TURN_LONG_STRING_SIZE];
 
-	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key,kid from oauth_key order by kid");
 
+	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid");
 
 
 
 	MYSQL * myc = get_mydb_connection();
 
 	MYSQL * myc = get_mydb_connection();
 
 	if(myc) {
 
 	if(myc) {
 
@@ -419,7 +407,7 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
 			MYSQL_RES *mres = mysql_store_result(myc);
 
 			MYSQL_RES *mres = mysql_store_result(myc);
 
 			if(!mres) {
 
 			if(!mres) {
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
 
-			} else if(mysql_field_count(myc)!=9) {
 
+			} else if(mysql_field_count(myc)!=5) {
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement);
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement);
 
 			} else {
 
 			} else {
 
 				MYSQL_ROW row = mysql_fetch_row(mres);
 
 				MYSQL_ROW row = mysql_fetch_row(mres);
 
@@ -440,28 +428,15 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
 						slifetime[lengths[2]]=0;
 
 						slifetime[lengths[2]]=0;
 
 						key->lifetime = (u32bits)strtoul(slifetime,NULL,10);
 
 						key->lifetime = (u32bits)strtoul(slifetime,NULL,10);
 
 
 
-						ns_bcopy(row[3],key->hkdf_hash_func,lengths[3]);
 
-						key->hkdf_hash_func[lengths[3]]=0;
 
-						ns_bcopy(row[4],key->as_rs_alg,lengths[4]);
 
-						key->as_rs_alg[lengths[4]]=0;
 
-
 
-						ns_bcopy(row[5],key->as_rs_key,lengths[5]);
 
-						key->as_rs_key[lengths[5]]=0;
 
-
 
-						ns_bcopy(row[6],key->auth_alg,lengths[6]);
 
-						key->auth_alg[lengths[6]]=0;
 
-
 
-						ns_bcopy(row[7],key->auth_key,lengths[7]);
 
-						key->auth_key[lengths[7]]=0;
 
+						ns_bcopy(row[3],key->as_rs_alg,lengths[3]);
 
+						key->as_rs_alg[lengths[3]]=0;
 
 
 
-						ns_bcopy(row[8],key->kid,lengths[8]);
 
-						key->kid[lengths[8]]=0;
 
+						ns_bcopy(row[4],key->kid,lengths[4]);
 
+						key->kid[lengths[4]]=0;
 
 
 
 						if(kids) {
 
 						if(kids) {
 
 							add_to_secrets_list(kids,key->kid);
 
 							add_to_secrets_list(kids,key->kid);
 
-							add_to_secrets_list(hkdfs,key->hkdf_hash_func);
 
 							add_to_secrets_list(teas,key->as_rs_alg);
 
 							add_to_secrets_list(teas,key->as_rs_alg);
 
-							add_to_secrets_list(aas,key->auth_alg);
 
 							{
 
 							{
 
 								char ts[256];
 
 								char ts[256];
 
 								snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
 								snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
@@ -473,9 +448,9 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
 								add_to_secrets_list(lts,lt);
 
 								add_to_secrets_list(lts,lt);
 
 							}
 
 							}
 
 						} else {
 
 						} else {
 
-							printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
 
-								key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
 
-								key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
 
+							printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
 
+								key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
 
+								key->as_rs_alg);
 
 						}
 
 						}
 
 					}
 
 					}
 
 					row = mysql_fetch_row(mres);
 
 					row = mysql_fetch_row(mres);
 
@@ -519,13 +494,13 @@ static int mysql_set_oauth_key(oauth_key_data_raw *key)
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	MYSQL * myc = get_mydb_connection();
 
 	MYSQL * myc = get_mydb_connection();
 
 	if(myc) {
 
 	if(myc) {
 
-		snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key) values('%s','%s',%llu,%lu,'%s','%s','%s','%s','%s')",
 
+		snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s','%s',%llu,%lu,'%s')",
 
 					  key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime,
 
 					  key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime,
 
-					  key->hkdf_hash_func,key->as_rs_alg,key->as_rs_key,key->auth_alg,key->auth_key);
 
+					  key->as_rs_alg);
 
 		int res = mysql_query(myc, statement);
 
 		int res = mysql_query(myc, statement);
 
 		if(res) {
 
 		if(res) {
 
-			snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, hkdf_hash_func = '%s', as_rs_alg='%s',as_rs_key='%s',auth_alg='%s',auth_key='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime,
 
-							  key->hkdf_hash_func,key->as_rs_alg,key->as_rs_key,key->auth_alg,key->auth_key,key->kid);
 
+			snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime,
 
+							  key->as_rs_alg,key->kid);
 
 			res = mysql_query(myc, statement);
 
 			res = mysql_query(myc, statement);
 
 			if(res) {
 
 			if(res) {
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth key information: %s\n",mysql_error(myc));
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth key information: %s\n",mysql_error(myc));

+ 14 - 24
src/apps/relay/dbdrivers/dbd_pgsql.c
View File 

@@ -133,7 +133,7 @@ static int pgsql_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
 
 			char *kval = PQgetvalue(res,0,0);
 
 			char *kval = PQgetvalue(res,0,0);
 
 			int len = PQgetlength(res,0,0);
 
 			int len = PQgetlength(res,0,0);
 
 			if(kval) {
 
 			if(kval) {
 
-				size_t sz = get_hmackey_size(turn_params.shatype);
 
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 
 				if(((size_t)len<sz*2)||(strlen(kval)<sz*2)) {
 
 				if(((size_t)len<sz*2)||(strlen(kval)<sz*2)) {
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s, user %s\n",kval,usname);
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s, user %s\n",kval,usname);
 
 				} else if(convert_string_key_to_binary(kval, key, sz)<0) {
 
 				} else if(convert_string_key_to_binary(kval, key, sz)<0) {
 
@@ -158,7 +158,7 @@ static int pgsql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 	int ret = -1;
 
 	int ret = -1;
 
 
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	char statement[TURN_LONG_STRING_SIZE];
 
-	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key from oauth_key where kid='%s'",(const char*)kid);
 
+	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s'",(const char*)kid);
 
 
 
 	PGconn * pqc = get_pqdb_connection();
 
 	PGconn * pqc = get_pqdb_connection();
 
 	if(pqc) {
 
 	if(pqc) {
 
@@ -170,11 +170,7 @@ static int pgsql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 			STRCPY(key->ikm_key,PQgetvalue(res,0,0));
 
 			STRCPY(key->ikm_key,PQgetvalue(res,0,0));
 
 			key->timestamp = (u64bits)strtoll(PQgetvalue(res,0,1),NULL,10);
 
 			key->timestamp = (u64bits)strtoll(PQgetvalue(res,0,1),NULL,10);
 
 			key->lifetime = (u32bits)strtol(PQgetvalue(res,0,2),NULL,10);
 
 			key->lifetime = (u32bits)strtol(PQgetvalue(res,0,2),NULL,10);
 
-			STRCPY(key->hkdf_hash_func,PQgetvalue(res,0,3));
 
-			STRCPY(key->as_rs_alg,PQgetvalue(res,0,4));
 
-			STRCPY(key->as_rs_key,PQgetvalue(res,0,5));
 
-			STRCPY(key->auth_alg,PQgetvalue(res,0,6));
 
-			STRCPY(key->auth_key,PQgetvalue(res,0,7));
 
+			STRCPY(key->as_rs_alg,PQgetvalue(res,0,3));
 
 			STRCPY(key->kid,kid);
 
 			STRCPY(key->kid,kid);
 
 			ret = 0;
 
 			ret = 0;
 
 		}
 
 		}
 
@@ -187,7 +183,7 @@ static int pgsql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 	return ret;
 
 	return ret;
 
 }
 
 }
 
 
 
-static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas,secrets_list_t *tss,secrets_list_t *lts) {
 
+static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secrets_list_t *tss,secrets_list_t *lts) {
 
 
 
 	oauth_key_data_raw key_;
 
 	oauth_key_data_raw key_;
 
 	oauth_key_data_raw *key=&key_;
 
 	oauth_key_data_raw *key=&key_;
 
@@ -195,7 +191,7 @@ static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
 	int ret = -1;
 
 	int ret = -1;
 
 
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	char statement[TURN_LONG_STRING_SIZE];
 
-	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key,kid from oauth_key order by kid");
 
+	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid");
 
 
 
 	PGconn * pqc = get_pqdb_connection();
 
 	PGconn * pqc = get_pqdb_connection();
 
 	if(pqc) {
 
 	if(pqc) {
 
@@ -210,18 +206,12 @@ static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
 				STRCPY(key->ikm_key,PQgetvalue(res,i,0));
 
 				STRCPY(key->ikm_key,PQgetvalue(res,i,0));
 
 				key->timestamp = (u64bits)strtoll(PQgetvalue(res,i,1),NULL,10);
 
 				key->timestamp = (u64bits)strtoll(PQgetvalue(res,i,1),NULL,10);
 
 				key->lifetime = (u32bits)strtol(PQgetvalue(res,i,2),NULL,10);
 
 				key->lifetime = (u32bits)strtol(PQgetvalue(res,i,2),NULL,10);
 
-				STRCPY(key->hkdf_hash_func,PQgetvalue(res,i,3));
 
-				STRCPY(key->as_rs_alg,PQgetvalue(res,i,4));
 
-				STRCPY(key->as_rs_key,PQgetvalue(res,i,5));
 
-				STRCPY(key->auth_alg,PQgetvalue(res,i,6));
 
-				STRCPY(key->auth_key,PQgetvalue(res,i,7));
 
-				STRCPY(key->kid,PQgetvalue(res,i,8));
 
+				STRCPY(key->as_rs_alg,PQgetvalue(res,i,3));
 
+				STRCPY(key->kid,PQgetvalue(res,i,4));
 
 
 
 				if(kids) {
 
 				if(kids) {
 
 					add_to_secrets_list(kids,key->kid);
 
 					add_to_secrets_list(kids,key->kid);
 
-					add_to_secrets_list(hkdfs,key->hkdf_hash_func);
 
 					add_to_secrets_list(teas,key->as_rs_alg);
 
 					add_to_secrets_list(teas,key->as_rs_alg);
 
-					add_to_secrets_list(aas,key->auth_alg);
 
 					{
 
 					{
 
 						char ts[256];
 
 						char ts[256];
 
 						snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
 						snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
@@ -233,9 +223,9 @@ static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
 						add_to_secrets_list(lts,lt);
 
 						add_to_secrets_list(lts,lt);
 
 					}
 
 					}
 
 				} else {
 
 				} else {
 
-					printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
 
-						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
 
-						key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
 
+					printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
 
+						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
 
+						key->as_rs_alg);
 
 				}
 
 				}
 
 
 
 				ret = 0;
 
 				ret = 0;
 
@@ -283,17 +273,17 @@ static int pgsql_set_oauth_key(oauth_key_data_raw *key) {
 
   char statement[TURN_LONG_STRING_SIZE];
 
   char statement[TURN_LONG_STRING_SIZE];
 
   PGconn *pqc = get_pqdb_connection();
 
   PGconn *pqc = get_pqdb_connection();
 
   if(pqc) {
 
   if(pqc) {
 
-	  snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key) values('%s','%s',%llu,%lu,'%s','%s','%s','%s','%s')",
 
+	  snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s','%s',%llu,%lu,'%s')",
 
 			  key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime,
 
 			  key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime,
 
-			  key->hkdf_hash_func,key->as_rs_alg,key->as_rs_key,key->auth_alg,key->auth_key);
 
+			  key->as_rs_alg);
 
 
 
 	  PGresult *res = PQexec(pqc, statement);
 
 	  PGresult *res = PQexec(pqc, statement);
 
 	  if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) {
 
 	  if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) {
 
 		  if(res) {
 
 		  if(res) {
 
 			PQclear(res);
 
 			PQclear(res);
 
 		  }
 
 		  }
 
-		  snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, hkdf_hash_func = '%s', as_rs_alg='%s',as_rs_key='%s',auth_alg='%s',auth_key='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime,
 
-				  key->hkdf_hash_func,key->as_rs_alg,key->as_rs_key,key->auth_alg,key->auth_key,key->kid);
 
+		  snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime,
 
+				  key->as_rs_alg,key->kid);
 
 		  res = PQexec(pqc, statement);
 
 		  res = PQexec(pqc, statement);
 
 		  if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) {
 
 		  if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) {
 
 			  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth_key information: %s\n",PQerrorMessage(pqc));
 
 			  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth_key information: %s\n",PQerrorMessage(pqc));

+ 7 - 17
src/apps/relay/dbdrivers/dbd_redis.c
View File 

@@ -439,7 +439,7 @@ static int redis_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
 
 				if (rget->type != REDIS_REPLY_NIL)
 
 				if (rget->type != REDIS_REPLY_NIL)
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", rget->type);
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", rget->type);
 
 			} else {
 
 			} else {
 
-				size_t sz = get_hmackey_size(turn_params.shatype);
 
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 
 				if(strlen(rget->str)<sz*2) {
 
 				if(strlen(rget->str)<sz*2) {
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s, user %s\n",rget->str,usname);
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s, user %s\n",rget->str,usname);
 
 				} else if(convert_string_key_to_binary(rget->str, key, sz)<0) {
 
 				} else if(convert_string_key_to_binary(rget->str, key, sz)<0) {
 
@@ -477,16 +477,8 @@ static int redis_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 				if(kw) {
 
 				if(kw) {
 
 					if(!strcmp(kw,"as_rs_alg")) {
 
 					if(!strcmp(kw,"as_rs_alg")) {
 
 						STRCPY(key->as_rs_alg,val);
 
 						STRCPY(key->as_rs_alg,val);
 
-					} else if(!strcmp(kw,"as_rs_key")) {
 
-						STRCPY(key->as_rs_key,val);
 
-					} else if(!strcmp(kw,"auth_key")) {
 
-						STRCPY(key->auth_key,val);
 
-					} else if(!strcmp(kw,"auth_alg")) {
 
-						STRCPY(key->auth_alg,val);
 
 					} else if(!strcmp(kw,"ikm_key")) {
 
 					} else if(!strcmp(kw,"ikm_key")) {
 
 						STRCPY(key->ikm_key,val);
 
 						STRCPY(key->ikm_key,val);
 
-					} else if(!strcmp(kw,"hkdf_hash_func")) {
 
-						STRCPY(key->hkdf_hash_func,val);
 
 					} else if(!strcmp(kw,"timestamp")) {
 
 					} else if(!strcmp(kw,"timestamp")) {
 
 						key->timestamp = (u64bits)strtoull(val,NULL,10);
 
 						key->timestamp = (u64bits)strtoull(val,NULL,10);
 
 					} else if(!strcmp(kw,"lifetime")) {
 
 					} else if(!strcmp(kw,"lifetime")) {
 
@@ -520,8 +512,8 @@ static int redis_set_oauth_key(oauth_key_data_raw *key) {
 
   redisContext *rc = get_redis_connection();
 
   redisContext *rc = get_redis_connection();
 
   if(rc) {
 
   if(rc) {
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	char statement[TURN_LONG_STRING_SIZE];
 
-	snprintf(statement,sizeof(statement),"hmset turn/oauth/kid/%s ikm_key %s hkdf_hash_func %s as_rs_alg %s as_rs_key %s auth_alg %s auth_key %s timestamp %llu lifetime %lu",
 
-			key->kid,key->ikm_key,key->hkdf_hash_func,key->as_rs_alg,key->as_rs_key,key->auth_alg,key->auth_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime);
 
+	snprintf(statement,sizeof(statement),"hmset turn/oauth/kid/%s ikm_key %s as_rs_alg %s timestamp %llu lifetime %lu",
 
+			key->kid,key->ikm_key,key->as_rs_alg,(unsigned long long)key->timestamp,(unsigned long)key->lifetime);
 
 	turnFreeRedisReply(redisCommand(rc, statement));
 
 	turnFreeRedisReply(redisCommand(rc, statement));
 
 	turnFreeRedisReply(redisCommand(rc, "save"));
 
 	turnFreeRedisReply(redisCommand(rc, "save"));
 
     ret = 0;
 
     ret = 0;
 
@@ -637,7 +629,7 @@ static int redis_list_users(u08bits *realm, secrets_list_t *users, secrets_list_
 
 	return ret;
 
 	return ret;
 
 }
 
 }
 
 
 
-static int redis_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas,secrets_list_t *tss,secrets_list_t *lts) {
 
+static int redis_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secrets_list_t *tss,secrets_list_t *lts) {
 
   int ret = -1;
 
   int ret = -1;
 
   redisContext *rc = get_redis_connection();
 
   redisContext *rc = get_redis_connection();
 
   secrets_list_t keys;
 
   secrets_list_t keys;
 
@@ -675,9 +667,7 @@ static int redis_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
 	if(redis_get_oauth_key((const u08bits*)s,key) == 0) {
 
 	if(redis_get_oauth_key((const u08bits*)s,key) == 0) {
 
 		if(kids) {
 
 		if(kids) {
 
 			add_to_secrets_list(kids,key->kid);
 
 			add_to_secrets_list(kids,key->kid);
 
-			add_to_secrets_list(hkdfs,key->hkdf_hash_func);
 
 			add_to_secrets_list(teas,key->as_rs_alg);
 
 			add_to_secrets_list(teas,key->as_rs_alg);
 
-			add_to_secrets_list(aas,key->auth_alg);
 
 			{
 
 			{
 
 				char ts[256];
 
 				char ts[256];
 
 				snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
 				snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
@@ -689,9 +679,9 @@ static int redis_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secr
 
 				add_to_secrets_list(lts,lt);
 
 				add_to_secrets_list(lts,lt);
 
 			}
 
 			}
 
 		} else {
 
 		} else {
 
-			printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
 
-							key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
 
-							key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
 
+			printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
 
+							key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
 
+							key->as_rs_alg);
 
 		}
 
 		}
 
 	}
 
 	}
 
   }
 
   }

+ 13 - 24
src/apps/relay/dbdrivers/dbd_sqlite.c
View File 

@@ -154,7 +154,7 @@ static void init_sqlite_database(sqlite3 *sqliteconnection) {
 
 		"CREATE TABLE denied_peer_ip (realm varchar(127) default '', ip_range varchar(256), primary key (realm,ip_range))",
 
 		"CREATE TABLE denied_peer_ip (realm varchar(127) default '', ip_range varchar(256), primary key (realm,ip_range))",
 
 		"CREATE TABLE turn_origin_to_realm (origin varchar(127),realm varchar(127),primary key (origin))",
 
 		"CREATE TABLE turn_origin_to_realm (origin varchar(127),realm varchar(127),primary key (origin))",
 
 		"CREATE TABLE turn_realm_option (realm varchar(127) default '',	opt varchar(32),	value varchar(128),	primary key (realm,opt))",
 
 		"CREATE TABLE turn_realm_option (realm varchar(127) default '',	opt varchar(32),	value varchar(128),	primary key (realm,opt))",
 
-		"CREATE TABLE oauth_key (kid varchar(128),ikm_key varchar(256) default '',timestamp bigint default 0,lifetime integer default 0,hkdf_hash_func varchar(64) default '',as_rs_alg varchar(64) default '',as_rs_key varchar(256) default '',auth_alg varchar(64) default '',auth_key varchar(256) default '',primary key (kid))",
 
+		"CREATE TABLE oauth_key (kid varchar(128),ikm_key varchar(256),timestamp bigint default 0,lifetime integer default 0,as_rs_alg varchar(64) default '',primary key (kid))",
 
 		"CREATE TABLE admin_user (name varchar(32), realm varchar(127), password varchar(127), primary key (name))",
 
 		"CREATE TABLE admin_user (name varchar(32), realm varchar(127), password varchar(127), primary key (name))",
 
 		NULL
 
 		NULL
 
 	};
 
 	};
 
@@ -266,7 +266,7 @@ static int sqlite_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key)
 
 			int res = sqlite3_step(st);
 
 			int res = sqlite3_step(st);
 
 			if (res == SQLITE_ROW) {
 
 			if (res == SQLITE_ROW) {
 
 				char *kval = turn_strdup((const char*) sqlite3_column_text(st, 0));
 
 				char *kval = turn_strdup((const char*) sqlite3_column_text(st, 0));
 
-				size_t sz = get_hmackey_size(turn_params.shatype);
 
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 
 				if (convert_string_key_to_binary(kval, key, sz) < 0) {
 
 				if (convert_string_key_to_binary(kval, key, sz) < 0) {
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key: %s, user %s\n", kval, usname);
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key: %s, user %s\n", kval, usname);
 
 				} else {
 
 				} else {
 
@@ -293,7 +293,7 @@ static int sqlite_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	sqlite3_stmt *st = NULL;
 
 	sqlite3_stmt *st = NULL;
 
 	int rc = 0;
 
 	int rc = 0;
 
-	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key from oauth_key where kid='%s'",(const char*)kid);
 
+	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s'",(const char*)kid);
 
 
 
 	sqlite3 *sqliteconnection = get_sqlite_connection();
 
 	sqlite3 *sqliteconnection = get_sqlite_connection();
 
 	if(sqliteconnection) {
 
 	if(sqliteconnection) {
 
@@ -308,11 +308,7 @@ static int sqlite_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 				STRCPY(key->ikm_key,sqlite3_column_text(st, 0));
 
 				STRCPY(key->ikm_key,sqlite3_column_text(st, 0));
 
 				key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10);
 
 				key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10);
 
 				key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10);
 
 				key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10);
 
-				STRCPY(key->hkdf_hash_func,sqlite3_column_text(st, 3));
 
-				STRCPY(key->as_rs_alg,sqlite3_column_text(st, 4));
 
-				STRCPY(key->as_rs_key,sqlite3_column_text(st, 5));
 
-				STRCPY(key->auth_alg,sqlite3_column_text(st, 6));
 
-				STRCPY(key->auth_key,sqlite3_column_text(st, 7));
 
+				STRCPY(key->as_rs_alg,sqlite3_column_text(st, 3));
 
 				STRCPY(key->kid,kid);
 
 				STRCPY(key->kid,kid);
 
 				ret = 0;
 
 				ret = 0;
 
 			}
 
 			}
 
@@ -329,7 +325,7 @@ static int sqlite_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
 	return ret;
 
 	return ret;
 
 }
 
 }
 
 
 
-static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas,secrets_list_t *tss,secrets_list_t *lts) {
 
+static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secrets_list_t *tss,secrets_list_t *lts) {
 
 
 
 	oauth_key_data_raw key_;
 
 	oauth_key_data_raw key_;
 
 	oauth_key_data_raw *key=&key_;
 
 	oauth_key_data_raw *key=&key_;
 
@@ -341,7 +337,7 @@ static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,sec
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	char statement[TURN_LONG_STRING_SIZE];
 
 	sqlite3_stmt *st = NULL;
 
 	sqlite3_stmt *st = NULL;
 
 	int rc = 0;
 
 	int rc = 0;
 
-	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key,kid from oauth_key order by kid");
 
+	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid");
 
 
 
 	sqlite3 *sqliteconnection = get_sqlite_connection();
 
 	sqlite3 *sqliteconnection = get_sqlite_connection();
 
 	if(sqliteconnection) {
 
 	if(sqliteconnection) {
 
@@ -358,18 +354,12 @@ static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,sec
 
 					STRCPY(key->ikm_key,sqlite3_column_text(st, 0));
 
 					STRCPY(key->ikm_key,sqlite3_column_text(st, 0));
 
 					key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10);
 
 					key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10);
 
 					key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10);
 
 					key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10);
 
-					STRCPY(key->hkdf_hash_func,sqlite3_column_text(st, 3));
 
-					STRCPY(key->as_rs_alg,sqlite3_column_text(st, 4));
 
-					STRCPY(key->as_rs_key,sqlite3_column_text(st, 5));
 
-					STRCPY(key->auth_alg,sqlite3_column_text(st, 6));
 
-					STRCPY(key->auth_key,sqlite3_column_text(st, 7));
 
-					STRCPY(key->kid,sqlite3_column_text(st, 8));
 
+					STRCPY(key->as_rs_alg,sqlite3_column_text(st, 3));
 
+					STRCPY(key->kid,sqlite3_column_text(st, 4));
 
 
 
 					if(kids) {
 
 					if(kids) {
 
 						add_to_secrets_list(kids,key->kid);
 
 						add_to_secrets_list(kids,key->kid);
 
-						add_to_secrets_list(hkdfs,key->hkdf_hash_func);
 
 						add_to_secrets_list(teas,key->as_rs_alg);
 
 						add_to_secrets_list(teas,key->as_rs_alg);
 
-						add_to_secrets_list(aas,key->auth_alg);
 
 						{
 
 						{
 
 							char ts[256];
 
 							char ts[256];
 
 							snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
 							snprintf(ts,sizeof(ts)-1,"%llu",(unsigned long long)key->timestamp);
 
@@ -381,9 +371,9 @@ static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,sec
 
 							add_to_secrets_list(lts,lt);
 
 							add_to_secrets_list(lts,lt);
 
 						}
 
 						}
 
 					} else {
 
 					} else {
 
-						printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
 
-										key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
 
-										key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
 
+						printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
 
+										key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
 
+										key->as_rs_alg);
 
 					}
 
 					}
 
 
 
 				} else if (res == SQLITE_DONE) {
 
 				} else if (res == SQLITE_DONE) {
 
@@ -453,9 +443,8 @@ static int sqlite_set_oauth_key(oauth_key_data_raw *key)
 
 		snprintf(
 
 		snprintf(
 
 						statement,
 
 						statement,
 
 						sizeof(statement),
 
 						sizeof(statement),
 
-						"insert or replace into oauth_key (kid,ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key) values('%s','%s',%llu,%lu,'%s','%s','%s','%s','%s')",
 
-						key->kid, key->ikm_key, (unsigned long long) key->timestamp, (unsigned long) key->lifetime, key->hkdf_hash_func, key->as_rs_alg, key->as_rs_key, key->auth_alg,
 
-						key->auth_key);
 
+						"insert or replace into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s','%s',%llu,%lu,'%s')",
 
+						key->kid, key->ikm_key, (unsigned long long) key->timestamp, (unsigned long) key->lifetime, key->as_rs_alg);
 
 
 
 		sqlite_lock(1);
 
 		sqlite_lock(1);

+ 1 - 1
src/apps/relay/dbdrivers/dbdriver.h
View File 

@@ -68,7 +68,7 @@ typedef struct _turn_dbdriver_t {
 
   int (*set_oauth_key)(oauth_key_data_raw *key);
 
   int (*set_oauth_key)(oauth_key_data_raw *key);
 
   int (*get_oauth_key)(const u08bits *kid, oauth_key_data_raw *key);
 
   int (*get_oauth_key)(const u08bits *kid, oauth_key_data_raw *key);
 
   int (*del_oauth_key)(const u08bits *kid);
 
   int (*del_oauth_key)(const u08bits *kid);
 
-  int (*list_oauth_keys)(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas,secrets_list_t *tss,secrets_list_t *lts);
 
+  int (*list_oauth_keys)(secrets_list_t *kids,secrets_list_t *teas,secrets_list_t *tss,secrets_list_t *lts);
 
   int (*get_admin_user)(const u08bits *usname, u08bits *realm, password_t pwd);
 
   int (*get_admin_user)(const u08bits *usname, u08bits *realm, password_t pwd);
 
   int (*set_admin_user)(const u08bits *usname, const u08bits *realm, const password_t pwd);
 
   int (*set_admin_user)(const u08bits *usname, const u08bits *realm, const password_t pwd);
 
   int (*del_admin_user)(const u08bits *usname);
 
   int (*del_admin_user)(const u08bits *usname);

+ 51 - 56
src/apps/relay/mainrelay.c
View File 

@@ -117,7 +117,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"",
 
 /////////////// stop server ////////////////
 
 /////////////// stop server ////////////////
 
 0,
 
 0,
 
 /////////////// MISC PARAMS ////////////////
 
 /////////////// MISC PARAMS ////////////////
 
-0,0,0,0,0,SHATYPE_SHA1,':',0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0,
 
+0,0,0,0,0,':',0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0,
 
 ///////////// Users DB //////////////
 
 ///////////// Users DB //////////////
 
 { (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL, {NULL,0}} },
 
 { (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL, {NULL,0}} },
 
 ///////////// CPUs //////////////////
 
 ///////////// CPUs //////////////////
 
@@ -562,15 +562,6 @@ static char Usage[] = "Usage: turnserver [options]\n"
 
 "						/var/tmp/turnserver.pid .\n"
 
 "						/var/tmp/turnserver.pid .\n"
 
 " --secure-stun					Require authentication of the STUN Binding request.\n"
 
 " --secure-stun					Require authentication of the STUN Binding request.\n"
 
 "						By default, the clients are allowed anonymous access to the STUN Binding functionality.\n"
 
 "						By default, the clients are allowed anonymous access to the STUN Binding functionality.\n"
 
-" --sha256					Require SHA256 digest function to be used for the message integrity.\n"
 
-"						By default, the server SHA1 (as per TURN standard specs).\n"
 
-"						With this option, the server\n"
 
-"						requires the stronger SHA256 function. The client application must\n"
 
-"						support SHA256 hash function if this option is used. If the server obtains\n"
 
-"						a message from the client with a weaker (SHA1) hash function then the server\n"
 
-"						returns error code 426.\n"
 
-" --sha384					Require SHA384 digest function to be used for the message integrity.\n"
 
-" --sha512					Require SHA512 digest function to be used for the message integrity.\n"
 
 " --proc-user <user-name>			User name to run the turnserver process.\n"
 
 " --proc-user <user-name>			User name to run the turnserver process.\n"
 
 "						After the initialization, the turnserver process\n"
 
 "						After the initialization, the turnserver process\n"
 
 "						will make an attempt to change the current user ID to that user.\n"
 
 "						will make an attempt to change the current user ID to that user.\n"
 
@@ -645,10 +636,6 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n"
 
 #if !defined(TURN_NO_SQLITE) || !defined(TURN_NO_PQ) || !defined(TURN_NO_MYSQL) || !defined(TURN_NO_MONGO) || !defined(TURN_NO_HIREDIS)
 
 #if !defined(TURN_NO_SQLITE) || !defined(TURN_NO_PQ) || !defined(TURN_NO_MYSQL) || !defined(TURN_NO_MONGO) || !defined(TURN_NO_HIREDIS)
 
 	"	-o, --origin			Origin\n"
 
 	"	-o, --origin			Origin\n"
 
 #endif
 
 #endif
 
-	"	-H, --sha256			Use SHA256 digest function to be used for the message integrity.\n"
 
-	"					By default, the server SHA1 (as per TURN standard specs).\n"
 
-	"	-Y, --sha384			Use SHA384 digest function to be used for the message integrity.\n"
 
-	"	-K, --sha512			Use SHA512 digest function to be used for the message integrity.\n"
 
 	"	--max-bps			Set value of realm's max-bps parameter.\n"
 
 	"	--max-bps			Set value of realm's max-bps parameter.\n"
 
 	"					Setting to zero value means removal of the option.\n"
 
 	"					Setting to zero value means removal of the option.\n"
 
 	"	--total-quota			Set value of realm's total-quota parameter.\n"
 
 	"	--total-quota			Set value of realm's total-quota parameter.\n"
 
@@ -698,9 +685,6 @@ enum EXTRA_OPTS {
 
 	SECURE_STUN_OPT,
 
 	SECURE_STUN_OPT,
 
 	CA_FILE_OPT,
 
 	CA_FILE_OPT,
 
 	DH_FILE_OPT,
 
 	DH_FILE_OPT,
 
-	SHA256_OPT,
 
-	SHA384_OPT,
 
-	SHA512_OPT,
 
 	NO_STUN_OPT,
 
 	NO_STUN_OPT,
 
 	PROC_USER_OPT,
 
 	PROC_USER_OPT,
 
 	PROC_GROUP_OPT,
 
 	PROC_GROUP_OPT,
 
@@ -759,10 +743,8 @@ static const struct myoption long_options[] = {
 
 				{ "lt-cred-mech", optional_argument, NULL, 'a' },
 
 				{ "lt-cred-mech", optional_argument, NULL, 'a' },
 
 				{ "no-auth", optional_argument, NULL, 'z' },
 
 				{ "no-auth", optional_argument, NULL, 'z' },
 
 				{ "user", required_argument, NULL, 'u' },
 
 				{ "user", required_argument, NULL, 'u' },
 
-#if !defined(TURN_NO_SQLITE)
 
 				{ "userdb", required_argument, NULL, 'b' },
 
 				{ "userdb", required_argument, NULL, 'b' },
 
 				{ "db", required_argument, NULL, 'b' },
 
 				{ "db", required_argument, NULL, 'b' },
 
-#endif
 
 #if !defined(TURN_NO_PQ)
 
 #if !defined(TURN_NO_PQ)
 
 				{ "psql-userdb", required_argument, NULL, 'e' },
 
 				{ "psql-userdb", required_argument, NULL, 'e' },
 
 				{ "sql-userdb", required_argument, NULL, 'e' },
 
 				{ "sql-userdb", required_argument, NULL, 'e' },
 
@@ -823,9 +805,6 @@ static const struct myoption long_options[] = {
 
 				{ "secure-stun", optional_argument, NULL, SECURE_STUN_OPT },
 
 				{ "secure-stun", optional_argument, NULL, SECURE_STUN_OPT },
 
 				{ "CA-file", required_argument, NULL, CA_FILE_OPT },
 
 				{ "CA-file", required_argument, NULL, CA_FILE_OPT },
 
 				{ "dh-file", required_argument, NULL, DH_FILE_OPT },
 
 				{ "dh-file", required_argument, NULL, DH_FILE_OPT },
 
-				{ "sha256", optional_argument, NULL, SHA256_OPT },
 
-				{ "sha384", optional_argument, NULL, SHA384_OPT },
 
-				{ "sha512", optional_argument, NULL, SHA512_OPT },
 
 				{ "proc-user", required_argument, NULL, PROC_USER_OPT },
 
 				{ "proc-user", required_argument, NULL, PROC_USER_OPT },
 
 				{ "proc-group", required_argument, NULL, PROC_GROUP_OPT },
 
 				{ "proc-group", required_argument, NULL, PROC_GROUP_OPT },
 
 				{ "mobility", optional_argument, NULL, MOBILITY_OPT },
 
 				{ "mobility", optional_argument, NULL, MOBILITY_OPT },
 
@@ -880,9 +859,6 @@ static const struct myoption admin_long_options[] = {
 
 				{ "user", required_argument, NULL, 'u' },
 
 				{ "user", required_argument, NULL, 'u' },
 
 				{ "realm", required_argument, NULL, 'r' },
 
 				{ "realm", required_argument, NULL, 'r' },
 
 				{ "password", required_argument, NULL, 'p' },
 
 				{ "password", required_argument, NULL, 'p' },
 
-				{ "sha256", no_argument, NULL, 'H' },
 
-				{ "sha384", no_argument, NULL, 'Y' },
 
-				{ "sha512", no_argument, NULL, 'K' },
 
 				{ "add-origin", no_argument, NULL, 'O' },
 
 				{ "add-origin", no_argument, NULL, 'O' },
 
 				{ "del-origin", no_argument, NULL, 'R' },
 
 				{ "del-origin", no_argument, NULL, 'R' },
 
 				{ "list-origins", required_argument, NULL, 'I' },
 
 				{ "list-origins", required_argument, NULL, 'I' },
 
@@ -919,7 +895,11 @@ static void set_option(int c, char *value)
 
 	  STRCPY(turn_params.oauth_server_name,value);
 
 	  STRCPY(turn_params.oauth_server_name,value);
 
 	  break;
 
 	  break;
 
   case OAUTH_OPT:
 
   case OAUTH_OPT:
 
-	  turn_params.oauth = get_bool_value(value);
 
+	  if(!ENC_ALG_NUM) {
 
+		  TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: option --oauth is not supported; ignored.\n");
 
+	  } else {
 
+		  turn_params.oauth = get_bool_value(value);
 
+	  }
 
 	  break;
 
 	  break;
 
   case NO_SSLV2_OPT:
 
   case NO_SSLV2_OPT:
 
     //deprecated
 
     //deprecated
 
@@ -1046,18 +1026,6 @@ static void set_option(int c, char *value)
 
 	case SECURE_STUN_OPT:
 
 	case SECURE_STUN_OPT:
 
 		turn_params.secure_stun = get_bool_value(value);
 
 		turn_params.secure_stun = get_bool_value(value);
 
 		break;
 
 		break;
 
-	case SHA256_OPT:
 
-		if(get_bool_value(value))
 
-			turn_params.shatype = SHATYPE_SHA256;
 
-		break;
 
-	case SHA384_OPT:
 
-		if(get_bool_value(value))
 
-			turn_params.shatype = SHATYPE_SHA384;
 
-		break;
 
-	case SHA512_OPT:
 
-		if(get_bool_value(value))
 
-			turn_params.shatype = SHATYPE_SHA512;
 
-		break;
 
 	case NO_MULTICAST_PEERS_OPT:
 
 	case NO_MULTICAST_PEERS_OPT:
 
 		turn_params.no_multicast_peers = get_bool_value(value);
 
 		turn_params.no_multicast_peers = get_bool_value(value);
 
 		break;
 
 		break;
 
@@ -1155,12 +1123,14 @@ static void set_option(int c, char *value)
 
 	case 'u':
 
 	case 'u':
 
 		add_static_user_account(value);
 
 		add_static_user_account(value);
 
 		break;
 
 		break;
 
-#if !defined(TURN_NO_SQLITE)
 
 	case 'b':
 
 	case 'b':
 
+#if defined(TURN_NO_SQLITE)
 
+	  TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: Options -b, --userdb and --db are not supported because SQLite is not supported in this build.\n");
 
+#else
 
 		STRCPY(turn_params.default_users_db.persistent_users_db.userdb, value);
 
 		STRCPY(turn_params.default_users_db.persistent_users_db.userdb, value);
 
 		turn_params.default_users_db.userdb_type = TURN_USERDB_TYPE_SQLITE;
 
 		turn_params.default_users_db.userdb_type = TURN_USERDB_TYPE_SQLITE;
 
-		break;
 
 #endif
 
 #endif
 
+		break;
 
 #if !defined(TURN_NO_PQ)
 
 #if !defined(TURN_NO_PQ)
 
 	case 'e':
 
 	case 'e':
 
 		STRCPY(turn_params.default_users_db.persistent_users_db.userdb, value);
 
 		STRCPY(turn_params.default_users_db.persistent_users_db.userdb, value);
 
@@ -1592,18 +1562,6 @@ static int adminmain(int argc, char **argv)
 
 				exit(0);
 
 				exit(0);
 
 			}
 
 			}
 
 			break;
 
 			break;
 
-		case 'H':
 
-			if(get_bool_value(optarg))
 
-				turn_params.shatype = SHATYPE_SHA256;
 
-			break;
 
-		case 'Y':
 
-			if(get_bool_value(optarg))
 
-				turn_params.shatype = SHATYPE_SHA384;
 
-			break;
 
-		case 'K':
 
-			if(get_bool_value(optarg))
 
-				turn_params.shatype = SHATYPE_SHA512;
 
-			break;
 
 		case 'h':
 
 		case 'h':
 
 			printf("\n%s\n", AdminUsage);
 
 			printf("\n%s\n", AdminUsage);
 
 			exit(0);
 
 			exit(0);
 
@@ -1650,6 +1608,17 @@ static void print_features(unsigned long mfn)
 
 
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "\n\n==== Show him the instruments, Practical Frost: ====\n\n");
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "\n\n==== Show him the instruments, Practical Frost: ====\n\n");
 
 
 
+/*
 
+	Frost stepped forward and opened the polished case with a theatrical
 
+	flourish. It was a masterful piece of craftsmanship. As the lid was
 
+	pulled back, the many trays inside lifted and fanned out, displaying
 
+	Glokta’s tools in all their gruesome glory. There were blades of every
 
+	size and shape, needles curved and straight, bottles of oil and acid,
 
+	nails and screws, clamps and pliers, saws, hammers, chisels. Metal, wood
 
+	and glass glittered in the bright lamplight, all polished to mirror
 
+	brightness and honed to a murderous sharpness.
 
+*/
 
+
 
 #if !TLS_SUPPORTED
 
 #if !TLS_SUPPORTED
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS is not supported\n");
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS is not supported\n");
 
 #else
 
 #else
 
@@ -1660,13 +1629,33 @@ static void print_features(unsigned long mfn)
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS is not supported\n");
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS is not supported\n");
 
 #else
 
 #else
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS supported\n");
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS supported\n");
 
+#if DTLSv1_2_SUPPORTED
 
+	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS 1.2 supported\n");
 
+#else
 
+	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS 1.2 is not supported\n");
 
+#endif
 
+#endif
 
+
 
+#if ALPN_SUPPORTED
 
+	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TURN/STUN ALPN supported\n");
 
+#else
 
+	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TURN/STUN ALPN is not supported\n");
 
 #endif
 
 #endif
 
 
 
+	if(!ENC_ALG_NUM) {
 
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Third-party authorization (oAuth) is not supported\n");
 
+	} else {
 
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Third-party authorization (oAuth) supported\n");
 
 #if defined(TURN_NO_GCM)
 
 #if defined(TURN_NO_GCM)
 
-	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "AEAD is not supported\n");
 
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "GCM (AEAD) is not supported\n");
 
 #else
 
 #else
 
-	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "AEAD supported\n");
 
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "GCM (AEAD) supported\n");
 
 #endif
 
 #endif
 
+	}
 
+
 
+	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "OpenSSL compile-time version: %s\n",OPENSSL_VERSION_TEXT);
 
+
 
+	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "\n");
 
 
 
 #if !defined(TURN_NO_SQLITE)
 
 #if !defined(TURN_NO_SQLITE)
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "SQLite supported, default database location is %s\n",DEFAULT_USERDB_FILE);
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "SQLite supported, default database location is %s\n",DEFAULT_USERDB_FILE);
 
@@ -1698,7 +1687,13 @@ static void print_features(unsigned long mfn)
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "MongoDB is not supported\n");
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "MongoDB is not supported\n");
 
 #endif
 
 #endif
 
 
 
-	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "OpenSSL compile-time version: %s\n",OPENSSL_VERSION_TEXT);
 
+	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "\n");
 
+
 
+#if !defined(TURN_NO_SCTP)
 
+	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "SCTP supported\n");
 
+#else
 
+	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "SCTP is not supported\n");
 
+#endif
 
 
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Default Net Engine version: %d (%s)\n\n=====================================================\n\n", (int)turn_params.net_engine_version, turn_params.net_engine_version_txt[(int)turn_params.net_engine_version]);
 
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Default Net Engine version: %d (%s)\n\n=====================================================\n\n", (int)turn_params.net_engine_version, turn_params.net_engine_version_txt[(int)turn_params.net_engine_version]);
 
 
 
@@ -2657,7 +2652,7 @@ static void openssl_setup(void)
 
 #if DTLSv1_2_SUPPORTED
 
 #if DTLSv1_2_SUPPORTED
 
 		turn_params.dtls_ctx = SSL_CTX_new(DTLS_server_method());
 
 		turn_params.dtls_ctx = SSL_CTX_new(DTLS_server_method());
 
 		turn_params.dtls_ctx_v1_2 = SSL_CTX_new(DTLSv1_2_server_method());
 
 		turn_params.dtls_ctx_v1_2 = SSL_CTX_new(DTLSv1_2_server_method());
 
-		set_ctx(turn_params.dtls_ctx_v1_2,"DTLS1,2");
 
+		set_ctx(turn_params.dtls_ctx_v1_2,"DTLS1.2");
 
 		SSL_CTX_set_read_ahead(turn_params.dtls_ctx_v1_2, 1);
 
 		SSL_CTX_set_read_ahead(turn_params.dtls_ctx_v1_2, 1);
 
 #else
 
 #else
 
 		turn_params.dtls_ctx = SSL_CTX_new(DTLSv1_server_method());
 
 		turn_params.dtls_ctx = SSL_CTX_new(DTLSv1_server_method());

+ 0 - 1
src/apps/relay/mainrelay.h
View File 

@@ -291,7 +291,6 @@ typedef struct _turn_params_ {
 
   vint secure_stun;
 
   vint secure_stun;
 
   int server_relay;
 
   int server_relay;
 
   int fingerprint;
 
   int fingerprint;
 
-  SHATYPE shatype;
 
   char rest_api_separator;
 
   char rest_api_separator;
 
   vint stale_nonce;
 
   vint stale_nonce;
 
   vint mobility;
 
   vint mobility;

+ 1 - 1
src/apps/relay/netengine.c
View File 

@@ -1642,7 +1642,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
 
 			 &turn_params.no_multicast_peers, &turn_params.no_loopback_peers,
 
 			 &turn_params.no_multicast_peers, &turn_params.no_loopback_peers,
 
 			 &turn_params.ip_whitelist, &turn_params.ip_blacklist,
 
 			 &turn_params.ip_whitelist, &turn_params.ip_blacklist,
 
 			 send_socket_to_relay,
 
 			 send_socket_to_relay,
 
-			 &turn_params.secure_stun, turn_params.shatype, &turn_params.mobility,
 
+			 &turn_params.secure_stun, &turn_params.mobility,
 
 			 turn_params.server_relay,
 
 			 turn_params.server_relay,
 
 			 send_turn_session_info,
 
 			 send_turn_session_info,
 
 			 send_https_socket,
 
 			 send_https_socket,

+ 31 - 251
src/apps/relay/turn_admin_server.c
View File 

@@ -691,16 +691,6 @@ static void cli_print_configuration(struct cli_session* cs)
 
 		cli_print_str(cs,turn_params.cert_file,"Certificate file",0);
 
 		cli_print_str(cs,turn_params.cert_file,"Certificate file",0);
 
 		cli_print_str(cs,turn_params.pkey_file,"Private Key file",0);
 
 		cli_print_str(cs,turn_params.pkey_file,"Private Key file",0);
 
 
 
-		if(turn_params.shatype == SHATYPE_SHA256)
 
-			cli_print_str(cs,"SHA256","SHA type",0);
 
-		else if(turn_params.shatype == SHATYPE_SHA384)
 
-			cli_print_str(cs,"SHA384","SHA type",0);
 
-		else if(turn_params.shatype == SHATYPE_SHA512)
 
-			cli_print_str(cs,"SHA512","SHA type",0);
 
-		else
 
-			cli_print_str(cs,"SHA1","SHA type",0);
 
-		myprintf(cs,"\n");
 
-
 
 		cli_print_str_array(cs,turn_params.listener.addrs,turn_params.listener.addrs_number,"Listener addr",0);
 
 		cli_print_str_array(cs,turn_params.listener.addrs,turn_params.listener.addrs_number,"Listener addr",0);
 
 
 
 		if(turn_params.listener_ifname[0])
 
 		if(turn_params.listener_ifname[0])
 
@@ -1382,11 +1372,7 @@ typedef enum _AS_FORM AS_FORM;
 
 #define HR_ADD_OAUTH_TS "oauth_ts"
 
 #define HR_ADD_OAUTH_TS "oauth_ts"
 
 #define HR_ADD_OAUTH_LT "oauth_lt"
 
 #define HR_ADD_OAUTH_LT "oauth_lt"
 
 #define HR_ADD_OAUTH_IKM "oauth_ikm"
 
 #define HR_ADD_OAUTH_IKM "oauth_ikm"
 
-#define HR_ADD_OAUTH_RS_KEY "oauth_rs_key"
 
-#define HR_ADD_OAUTH_AUTH_KEY "oauth_auth_key"
 
-#define HR_ADD_OAUTH_HKDF "oauth_hkdf"
 
 #define HR_ADD_OAUTH_TEA "oauth_tea"
 
 #define HR_ADD_OAUTH_TEA "oauth_tea"
 
-#define HR_ADD_OAUTH_AA "oauth_aa"
 
 #define HR_DELETE_OAUTH_KID "oauth_kid_del"
 
 #define HR_DELETE_OAUTH_KID "oauth_kid_del"
 
 #define HR_OAUTH_KID "kid"
 
 #define HR_OAUTH_KID "kid"
 
 
 
@@ -1665,13 +1651,15 @@ static void write_https_home_page(ioa_socket_handle s)
 
 			str_buffer_append(sb,"\">Origins</a>");
 
 			str_buffer_append(sb,"\">Origins</a>");
 
 
 
 			if(is_superuser()) {
 
 			if(is_superuser()) {
 
-			  str_buffer_append(sb,"<br><a href=\"");
 
-			  str_buffer_append(sb,form_names[AS_FORM_OAUTH].name);
 
-			  str_buffer_append(sb,"?");
 
-			  str_buffer_append(sb,HR_REALM);
 
-			  str_buffer_append(sb,"=");
 
-			  str_buffer_append(sb,current_eff_realm());
 
-			  str_buffer_append(sb,"\">oAuth keys</a>");
 
+			  if(ENC_ALG_NUM>0) {
 
+			  	str_buffer_append(sb,"<br><a href=\"");
 
+			  	str_buffer_append(sb,form_names[AS_FORM_OAUTH].name);
 
+			  	str_buffer_append(sb,"?");
 
+			  	str_buffer_append(sb,HR_REALM);
 
+			  	str_buffer_append(sb,"=");
 
+			  	str_buffer_append(sb,current_eff_realm());
 
+			  	str_buffer_append(sb,"\">oAuth keys</a>");
 
+			  }
 
 			}
 
 			}
 
 
 
 			str_buffer_append(sb,"</fieldset>\r\n");
 
 			str_buffer_append(sb,"</fieldset>\r\n");
 
@@ -1962,15 +1950,6 @@ static void write_pc_page(ioa_socket_handle s)
 
 				https_print_str(sb,turn_params.cert_file,"Certificate file",0);
 
 				https_print_str(sb,turn_params.cert_file,"Certificate file",0);
 
 				https_print_str(sb,turn_params.pkey_file,"Private Key file",0);
 
 				https_print_str(sb,turn_params.pkey_file,"Private Key file",0);
 
 
 
-				if(turn_params.shatype == SHATYPE_SHA256)
 
-					https_print_str(sb,"SHA256","SHA type",0);
 
-				else if(turn_params.shatype == SHATYPE_SHA384)
 
-					https_print_str(sb,"SHA384","SHA type",0);
 
-				else if(turn_params.shatype == SHATYPE_SHA512)
 
-					https_print_str(sb,"SHA512","SHA type",0);
 
-				else
 
-					https_print_str(sb,"SHA1","SHA type",0);
 
-
 
 				https_print_empty_row(sb,2);
 
 				https_print_empty_row(sb,2);
 
 
 
 				https_print_str_array(sb,turn_params.listener.addrs,turn_params.listener.addrs_number,"Listener addr");
 
 				https_print_str_array(sb,turn_params.listener.addrs,turn_params.listener.addrs_number,"Listener addr");
 
@@ -2495,15 +2474,6 @@ static void write_users_page(ioa_socket_handle s, const u08bits *add_user, const
 
 			str_buffer_append(sb,"\"");
 
 			str_buffer_append(sb,"\"");
 
 			str_buffer_append(sb,"><br><br>\r\n");
 
 			str_buffer_append(sb,"><br><br>\r\n");
 
 
 
-			if(turn_params.shatype == SHATYPE_SHA256)
 
-				str_buffer_append(sb,"SHA type: SHA256<br>\r\n");
 
-			else if(turn_params.shatype == SHATYPE_SHA384)
 
-				str_buffer_append(sb,"SHA type: SHA384<br>\r\n");
 
-			else if(turn_params.shatype == SHATYPE_SHA512)
 
-				str_buffer_append(sb,"SHA type: SHA512<br>\r\n");
 
-			else
 
-				str_buffer_append(sb,"SHA type: SHA1<br>\r\n");
 
-
 
 			str_buffer_append(sb,"<br><input type=\"submit\" value=\"Add user\">");
 
 			str_buffer_append(sb,"<br><input type=\"submit\" value=\"Add user\">");
 
 
 
 			str_buffer_append(sb,"</fieldset>\r\n");
 
 			str_buffer_append(sb,"</fieldset>\r\n");
 
@@ -2803,14 +2773,12 @@ static size_t https_print_oauth_keys(struct str_buffer* sb)
 
 	size_t ret = 0;
 
 	size_t ret = 0;
 
 	const turn_dbdriver_t * dbd = get_dbdriver();
 
 	const turn_dbdriver_t * dbd = get_dbdriver();
 
 	if (dbd && dbd->list_oauth_keys) {
 
 	if (dbd && dbd->list_oauth_keys) {
 
-		secrets_list_t kids,hkdfs,teas,aas,tss,lts;
 
+		secrets_list_t kids,teas,tss,lts;
 
 		init_secrets_list(&kids);
 
 		init_secrets_list(&kids);
 
-		init_secrets_list(&hkdfs);
 
 		init_secrets_list(&teas);
 
 		init_secrets_list(&teas);
 
-		init_secrets_list(&aas);
 
 		init_secrets_list(&tss);
 
 		init_secrets_list(&tss);
 
 		init_secrets_list(&lts);
 
 		init_secrets_list(&lts);
 
-		dbd->list_oauth_keys(&kids,&hkdfs,&teas,&aas,&tss,&lts);
 
+		dbd->list_oauth_keys(&kids,&teas,&tss,&lts);
 
 
 
 		size_t sz = get_secrets_list_size(&kids);
 
 		size_t sz = get_secrets_list_size(&kids);
 
 		size_t i;
 
 		size_t i;
 
@@ -2837,14 +2805,8 @@ static size_t https_print_oauth_keys(struct str_buffer* sb)
 
 			str_buffer_append(sb,get_secrets_list_elem(&lts,i));
 
 			str_buffer_append(sb,get_secrets_list_elem(&lts,i));
 
 			str_buffer_append(sb,"</td>");
 
 			str_buffer_append(sb,"</td>");
 
 			str_buffer_append(sb,"<td>");
 
 			str_buffer_append(sb,"<td>");
 
-			str_buffer_append(sb,get_secrets_list_elem(&hkdfs,i));
 
-			str_buffer_append(sb,"</td>");
 
-			str_buffer_append(sb,"<td>");
 
 			str_buffer_append(sb,get_secrets_list_elem(&teas,i));
 
 			str_buffer_append(sb,get_secrets_list_elem(&teas,i));
 
 			str_buffer_append(sb,"</td>");
 
 			str_buffer_append(sb,"</td>");
 
-			str_buffer_append(sb,"<td>");
 
-			str_buffer_append(sb,get_secrets_list_elem(&aas,i));
 
-			str_buffer_append(sb,"</td>");
 
 
 
 			{
 
 			{
 
 				str_buffer_append(sb,"<td> <a href=\"");
 
 				str_buffer_append(sb,"<td> <a href=\"");
 
@@ -2861,9 +2823,7 @@ static size_t https_print_oauth_keys(struct str_buffer* sb)
 
 		}
 
 		}
 
 
 
 		clean_secrets_list(&kids);
 
 		clean_secrets_list(&kids);
 
-		clean_secrets_list(&hkdfs);
 
 		clean_secrets_list(&teas);
 
 		clean_secrets_list(&teas);
 
-		clean_secrets_list(&aas);
 
 	}
 
 	}
 
 
 
 	return ret;
 
 	return ret;
 
@@ -2913,33 +2873,11 @@ static void write_https_oauth_show_keys(ioa_socket_handle s, const char* kid)
 
 							str_buffer_append(sb,"<table>\r\n");
 
 							str_buffer_append(sb,"<table>\r\n");
 
 
 
 							if(key.ikm_key[0]) {
 
 							if(key.ikm_key[0]) {
 
-								str_buffer_append(sb,"<tr><td>Input Keying Material:</td><td>");
 
+								str_buffer_append(sb,"<tr><td>Base64-encoded key:</td><td>");
 
 								str_buffer_append(sb,key.ikm_key);
 
 								str_buffer_append(sb,key.ikm_key);
 
 								str_buffer_append(sb,"</td></tr>\r\n");
 
 								str_buffer_append(sb,"</td></tr>\r\n");
 
 							}
 
 							}
 
 
 
-							if(okey.as_rs_key_size) {
 
-								size_t as_rs_key_size = 0;
 
-								char *as_rs_key = (char*)base64_encode((unsigned char*)okey.as_rs_key,okey.as_rs_key_size,&as_rs_key_size);
 
-								if(as_rs_key) {
 
-									str_buffer_append(sb,"<tr><td>AS-RS key:</td><td>");
 
-									str_buffer_append(sb,as_rs_key);
 
-									str_buffer_append(sb,"</td></tr>\r\n");
 
-									turn_free(as_rs_key,as_rs_key_size);
 
-								}
 
-							}
 
-
 
-							if(okey.auth_key_size) {
 
-								size_t auth_key_size = 0;
 
-								char *auth_key = (char*)base64_encode((unsigned char*)okey.auth_key,okey.auth_key_size,&auth_key_size);
 
-								if(auth_key) {
 
-									str_buffer_append(sb,"<tr><td>AUTH key:</td><td>");
 
-									str_buffer_append(sb,auth_key);
 
-									str_buffer_append(sb,"</td></tr>\r\n");
 
-									turn_free(auth_key,auth_key_size);
 
-								}
 
-							}
 
-
 
 							str_buffer_append(sb,"</table>\r\n");
 
 							str_buffer_append(sb,"</table>\r\n");
 
 						}
 
 						}
 
 					}
 
 					}
 
@@ -2952,9 +2890,8 @@ static void write_https_oauth_show_keys(ioa_socket_handle s, const char* kid)
 
 }
 
 }
 
 
 
 static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, const char* add_ikm,
 
 static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, const char* add_ikm,
 
-				const char* add_hkdf_hash_func, const char* add_tea, const char* add_aa,
 
+				const char* add_tea,
 
 				const char *add_ts, const char* add_lt,
 
 				const char *add_ts, const char* add_lt,
 
-				const char *add_rs_key, const char *add_auth_key,
 
 				const char* msg)
 
 				const char* msg)
 
 {
 
 {
 
 	if(s && !ioa_socket_tobeclosed(s)) {
 
 	if(s && !ioa_socket_tobeclosed(s)) {
 
@@ -3017,53 +2954,14 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
 
 					str_buffer_append(sb,"\"><br>\r\n");
 
 					str_buffer_append(sb,"\"><br>\r\n");
 
 				}
 
 				}
 
 
 
-				str_buffer_append(sb,"</td></tr><tr><td>");
 
-
 
-				{
 
-					str_buffer_append(sb,"<br>Hash key derivation function (optional):<br>\r\n");
 
-
 
-					if(!add_hkdf_hash_func || !add_hkdf_hash_func[0])
 
-						add_hkdf_hash_func = "SHA-256";
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_HKDF);
 
-					str_buffer_append(sb,"\" value=\"SHA-1\" ");
 
-					if(!strcmp("SHA-1",add_hkdf_hash_func)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">SHA-1\r\n<br>\r\n");
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_HKDF);
 
-					str_buffer_append(sb,"\" value=\"SHA-256\" ");
 
-					if(!strcmp("SHA-256",add_hkdf_hash_func)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">SHA-256\r\n<br>\r\n");
 
+				str_buffer_append(sb,"</td></tr>\r\n");
 
 
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_HKDF);
 
-					str_buffer_append(sb,"\" value=\"SHA-384\" ");
 
-					if(!strcmp("SHA-384",add_hkdf_hash_func)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">SHA-384\r\n<br>\r\n");
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_HKDF);
 
-					str_buffer_append(sb,"\" value=\"SHA-512\" ");
 
-					if(!strcmp("SHA-512",add_hkdf_hash_func)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">SHA-512\r\n<br>\r\n");
 
-				}
 
-
 
-				str_buffer_append(sb,"</td><td colspan=\"2\">");
 
+				str_buffer_append(sb,"<tr><td colspan=\"2\">");
 
 
 
 				{
 
 				{
 
 					if(!add_ikm) add_ikm = "";
 
 					if(!add_ikm) add_ikm = "";
 
 
 
-					str_buffer_append(sb,"  <br>Base64-encoded input keying material (optional):<br><textarea wrap=\"soft\" cols=70 rows=4 name=\"");
 
+					str_buffer_append(sb,"  <br>Base64-encoded input keying material (required):<br><textarea wrap=\"soft\" cols=70 rows=4 name=\"");
 
 					str_buffer_append(sb,HR_ADD_OAUTH_IKM);
 
 					str_buffer_append(sb,HR_ADD_OAUTH_IKM);
 
 					str_buffer_append(sb,"\" maxLength=256 >");
 
 					str_buffer_append(sb,"\" maxLength=256 >");
 
 					str_buffer_append(sb,(const char*)add_ikm);
 
 					str_buffer_append(sb,(const char*)add_ikm);
 
@@ -3071,123 +2969,32 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
 
 					str_buffer_append(sb,"<br>\r\n");
 
 					str_buffer_append(sb,"<br>\r\n");
 
 				}
 
 				}
 
 
 
-				str_buffer_append(sb,"</td></tr>\r\n<tr><td>");
 
+				str_buffer_append(sb,"</td><td>");
 
 
 
 				{
 
 				{
 
 					str_buffer_append(sb,"<br>Token encryption algorithm (required):<br>\r\n");
 
 					str_buffer_append(sb,"<br>Token encryption algorithm (required):<br>\r\n");
 
 
 
 					if(!add_tea || !add_tea[0])
 
 					if(!add_tea || !add_tea[0])
 
-						add_tea = "AES-256-CBC";
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
 
-					str_buffer_append(sb,"\" value=\"AES-128-CBC\" ");
 
-					if(!strcmp("AES-128-CBC",add_tea)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">AES-128-CBC\r\n<br>\r\n");
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
 
-					str_buffer_append(sb,"\" value=\"AES-256-CBC\" ");
 
-					if(!strcmp("AES-256-CBC",add_tea)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">AES-256-CBC\r\n<br>\r\n");
 
+						add_tea = "A256GCM";
 
 
 
 					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
 					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
 					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
 
 					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
 
-					str_buffer_append(sb,"\" value=\"AEAD-AES-128-GCM\" ");
 
-					if(!strcmp("AEAD-AES-128-GCM",add_tea)) {
 
+					str_buffer_append(sb,"\" value=\"A128GCM\" ");
 
+					if(!strcmp("A128GCM",add_tea)) {
 
 						str_buffer_append(sb," checked ");
 
 						str_buffer_append(sb," checked ");
 
 					}
 
 					}
 
-					str_buffer_append(sb,">AEAD-AES-128-GCM\r\n<br>\r\n");
 
+					str_buffer_append(sb,">A128GCM\r\n<br>\r\n");
 
 
 
 					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
 					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
 					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
 
 					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
 
-					str_buffer_append(sb,"\" value=\"AEAD-AES-256-GCM\" ");
 
-					if(!strcmp("AEAD-AES-256-GCM",add_tea)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">AEAD-AES-256-GCM\r\n<br>\r\n");
 
-				}
 
-
 
-				str_buffer_append(sb,"</td><td colspan=\"2\">");
 
-
 
-				{
 
-					if(!add_rs_key) add_rs_key = "";
 
-
 
-					str_buffer_append(sb,"  <br>Base64-encoded AS-RS key (optional):<br><textarea wrap=\"soft\" cols=70 rows=4 name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_RS_KEY);
 
-					str_buffer_append(sb,"\" maxLength=256 >");
 
-					str_buffer_append(sb,(const char*)add_rs_key);
 
-					str_buffer_append(sb,"</textarea>");
 
-					str_buffer_append(sb,"<br>\r\n");
 
-				}
 
-
 
-				str_buffer_append(sb,"</td></tr>\r\n<tr><td>");
 
-
 
-				{
 
-					str_buffer_append(sb,"<br>Token authentication algorithm (required if no AEAD used):<br>\r\n");
 
-
 
-					if(!add_aa || !add_aa[0])
 
-						add_aa = "HMAC-SHA-256-128";
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_AA);
 
-					str_buffer_append(sb,"\" value=\"HMAC-SHA-256-128\" ");
 
-					if(!strcmp("HMAC-SHA-256-128",add_aa)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">HMAC-SHA-256-128\r\n<br>\r\n");
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_AA);
 
-					str_buffer_append(sb,"\" value=\"HMAC-SHA-256\" ");
 
-					if(!strcmp("HMAC-SHA-256",add_aa)) {
 
+					str_buffer_append(sb,"\" value=\"A256GCM\" ");
 
+					if(!strcmp("A256GCM",add_tea)) {
 
 						str_buffer_append(sb," checked ");
 
 						str_buffer_append(sb," checked ");
 
 					}
 
 					}
 
-					str_buffer_append(sb,">HMAC-SHA-256\r\n<br>\r\n");
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_AA);
 
-					str_buffer_append(sb,"\" value=\"HMAC-SHA-384\" ");
 
-					if(!strcmp("HMAC-SHA-384",add_aa)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">HMAC-SHA-384\r\n<br>\r\n");
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_AA);
 
-					str_buffer_append(sb,"\" value=\"HMAC-SHA-512\" ");
 
-					if(!strcmp("HMAC-SHA-512",add_aa)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">HMAC-SHA-512\r\n<br>\r\n");
 
-
 
-					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_AA);
 
-					str_buffer_append(sb,"\" value=\"HMAC-SHA-1\" ");
 
-					if(!strcmp("HMAC-SHA-1",add_aa)) {
 
-						str_buffer_append(sb," checked ");
 
-					}
 
-					str_buffer_append(sb,">HMAC-SHA-1\r\n<br>\r\n");
 
+					str_buffer_append(sb,">A256GCM\r\n<br>\r\n");
 
 				}
 
 				}
 
 
 
-				str_buffer_append(sb,"</td><td colspan=\"2\">");
 
-
 
-				{
 
-					if(!add_auth_key) add_auth_key = "";
 
-
 
-					str_buffer_append(sb,"  <br>Base64-encoded AUTH key (optional):<br><textarea wrap=\"soft\" cols=70 rows=4 name=\"");
 
-					str_buffer_append(sb,HR_ADD_OAUTH_AUTH_KEY);
 
-					str_buffer_append(sb,"\" maxLength=256 >");
 
-					str_buffer_append(sb,(const char*)add_auth_key);
 
-					str_buffer_append(sb,"</textarea>");
 
-					str_buffer_append(sb,"<br>\r\n");
 
-				}
 
-
 
-				str_buffer_append(sb,"</td></tr></table>\r\n");
 
+				str_buffer_append(sb,"</td></tr>\r\n</table>\r\n");
 
 
 
 				str_buffer_append(sb,"<br><input type=\"submit\" value=\"Add key\">");
 
 				str_buffer_append(sb,"<br><input type=\"submit\" value=\"Add key\">");
 
 
 
@@ -3200,9 +3007,7 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
 
 			str_buffer_append(sb,"<tr><th>N</th><th>KID</th><th>keys</th>");
 
 			str_buffer_append(sb,"<tr><th>N</th><th>KID</th><th>keys</th>");
 
 			str_buffer_append(sb,"<th>Timestamp, secs</th>");
 
 			str_buffer_append(sb,"<th>Timestamp, secs</th>");
 
 			str_buffer_append(sb,"<th>Lifetime,secs</th>");
 
 			str_buffer_append(sb,"<th>Lifetime,secs</th>");
 
-			str_buffer_append(sb,"<th>Hash key derivation function</th>");
 
 			str_buffer_append(sb,"<th>Token encryption algorithm</th>");
 
 			str_buffer_append(sb,"<th>Token encryption algorithm</th>");
 
-			str_buffer_append(sb,"<th>Token authentication algorithm</th>");
 
 			str_buffer_append(sb,"<th> </th>");
 
 			str_buffer_append(sb,"<th> </th>");
 
 			str_buffer_append(sb,"</tr>\r\n");
 
 			str_buffer_append(sb,"</tr>\r\n");
 
 
 
@@ -3491,9 +3296,9 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
 
 										STRCPY(u,add_user);
 
 										STRCPY(u,add_user);
 
 										STRCPY(r,add_realm);
 
 										STRCPY(r,add_realm);
 
 										STRCPY(p,pwd);
 
 										STRCPY(p,pwd);
 
-										stun_produce_integrity_key_str(u, r, p, key, turn_params.shatype);
 
+										stun_produce_integrity_key_str(u, r, p, key, SHATYPE_DEFAULT);
 
 										size_t i = 0;
 
 										size_t i = 0;
 
-										size_t sz = get_hmackey_size(turn_params.shatype);
 
+										size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 
 										int maxsz = (int) (sz * 2) + 1;
 
 										int maxsz = (int) (sz * 2) + 1;
 
 										char *s = skey;
 
 										char *s = skey;
 
 										for (i = 0; (i < sz) && (maxsz > 2); i++) {
 
 										for (i = 0; (i < sz) && (maxsz > 2); i++) {
 
@@ -3689,34 +3494,19 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
 
 					const char* add_ts = "0";
 
 					const char* add_ts = "0";
 
 					const char* add_lt = "0";
 
 					const char* add_lt = "0";
 
 					const char* add_ikm = "";
 
 					const char* add_ikm = "";
 
-					const char *add_rs_key = "";
 
-					const char *add_auth_key = "";
 
-					const char* add_hkdf_hash_func = "";
 
 					const char* add_tea = "";
 
 					const char* add_tea = "";
 
-					const char* add_aa = "";
 
 					const char* msg = "";
 
 					const char* msg = "";
 
 
 
 					add_kid = get_http_header_value(hr,HR_ADD_OAUTH_KID,"");
 
 					add_kid = get_http_header_value(hr,HR_ADD_OAUTH_KID,"");
 
 					if(add_kid[0]) {
 
 					if(add_kid[0]) {
 
 						add_ikm = get_http_header_value(hr,HR_ADD_OAUTH_IKM,"");
 
 						add_ikm = get_http_header_value(hr,HR_ADD_OAUTH_IKM,"");
 
-						add_rs_key = get_http_header_value(hr,HR_ADD_OAUTH_RS_KEY,"");
 
-						add_auth_key = get_http_header_value(hr,HR_ADD_OAUTH_AUTH_KEY,"");
 
 						add_ts = get_http_header_value(hr,HR_ADD_OAUTH_TS,"");
 
 						add_ts = get_http_header_value(hr,HR_ADD_OAUTH_TS,"");
 
 						add_lt = get_http_header_value(hr,HR_ADD_OAUTH_LT,"");
 
 						add_lt = get_http_header_value(hr,HR_ADD_OAUTH_LT,"");
 
-						add_hkdf_hash_func = get_http_header_value(hr,HR_ADD_OAUTH_HKDF,"");
 
 						add_tea = get_http_header_value(hr,HR_ADD_OAUTH_TEA,"");
 
 						add_tea = get_http_header_value(hr,HR_ADD_OAUTH_TEA,"");
 
-						add_aa = get_http_header_value(hr,HR_ADD_OAUTH_AA,"");
 
-
 
-						int keys_ok = 0;
 
-						if(add_ikm[0] && add_hkdf_hash_func[0]) {
 
-							keys_ok = 1;
 
-						} else if(add_rs_key[0] && add_auth_key[0]) {
 
-							keys_ok = 1;
 
-						} else if(strstr(add_tea,"AEAD") && add_rs_key[0]) {
 
-							keys_ok = 1;
 
-						}
 
+
 
+						int keys_ok = (add_ikm[0] != 0);
 
 						if(!keys_ok) {
 
 						if(!keys_ok) {
 
-							msg = "Provided information is insufficient for the oAuth key generation.";
 
+							msg = "You must enter the key value.";
 
 						} else {
 
 						} else {
 
 							oauth_key_data_raw key;
 
 							oauth_key_data_raw key;
 
 							ns_bzero(&key,sizeof(key));
 
 							ns_bzero(&key,sizeof(key));
 
@@ -3737,13 +3527,7 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
 
 							}
 
 							}
 
 
 
 							STRCPY(key.ikm_key,add_ikm);
 
 							STRCPY(key.ikm_key,add_ikm);
 
-							STRCPY(key.hkdf_hash_func,add_hkdf_hash_func);
 
 							STRCPY(key.as_rs_alg,add_tea);
 
 							STRCPY(key.as_rs_alg,add_tea);
 
-							STRCPY(key.auth_alg,add_aa);
 
-							STRCPY(key.as_rs_key,add_rs_key);
 
-							STRCPY(key.auth_key,add_auth_key);
 
-
 
-							if(strstr(key.as_rs_alg,"AEAD")) key.auth_alg[0]=0;
 
 
 
 							const turn_dbdriver_t * dbd = get_dbdriver();
 
 							const turn_dbdriver_t * dbd = get_dbdriver();
 
 							if (dbd && dbd->set_oauth_key) {
 
 							if (dbd && dbd->set_oauth_key) {
 
@@ -3754,17 +3538,13 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
 
 									add_ts = "0";
 
 									add_ts = "0";
 
 									add_lt = "0";
 
 									add_lt = "0";
 
 									add_ikm = "";
 
 									add_ikm = "";
 
-									add_hkdf_hash_func = "";
 
 									add_tea = "";
 
 									add_tea = "";
 
-									add_aa = "";
 
-									add_rs_key = "";
 
-									add_auth_key = "";
 
 								}
 
 								}
 
 							}
 
 							}
 
 						}
 
 						}
 
 					}
 
 					}
 
 
 
-					write_https_oauth_page(s,add_kid,add_ikm,add_hkdf_hash_func,add_tea,add_aa,add_ts,add_lt,add_rs_key,add_auth_key,msg);
 
+					write_https_oauth_page(s,add_kid,add_ikm,add_tea,add_ts,add_lt,msg);
 
 				}
 
 				}
 
 				break;
 
 				break;
 
 			}
 
 			}

+ 19 - 59
src/apps/relay/userdb.c
View File 

@@ -484,29 +484,10 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 
 
 
 					switch(dot.enc_block.key_length) {
 
 					switch(dot.enc_block.key_length) {
 
 					case SHA1SIZEBYTES:
 
 					case SHA1SIZEBYTES:
 
-						if(turn_params.shatype != SHATYPE_SHA1) {
 
-							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(1): %d\n",(int)dot.enc_block.key_length);
 
-							return -1;
 
-						}
 
 						break;
 
 						break;
 
 					case SHA256SIZEBYTES:
 
 					case SHA256SIZEBYTES:
 
-						if(turn_params.shatype != SHATYPE_SHA256) {
 
-							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(2): %d\n",(int)dot.enc_block.key_length);
 
-							return -1;
 
-						}
 
-						break;
 
 					case SHA384SIZEBYTES:
 
 					case SHA384SIZEBYTES:
 
-						if(turn_params.shatype != SHATYPE_SHA384) {
 
-							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(3): %d\n",(int)dot.enc_block.key_length);
 
-							return -1;
 
-						}
 
-						break;
 
 					case SHA512SIZEBYTES:
 
 					case SHA512SIZEBYTES:
 
-						if(turn_params.shatype != SHATYPE_SHA512) {
 
-							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(3): %d\n",(int)dot.enc_block.key_length);
 
-							return -1;
 
-						}
 
-						break;
 
 					default:
 
 					default:
 
 						TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(3): %d\n",(int)dot.enc_block.key_length);
 
 						TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(3): %d\n",(int)dot.enc_block.key_length);
 
 						return -1;
 
 						return -1;
 
@@ -518,7 +499,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 
 								ioa_network_buffer_get_size(nbh),
 
 								ioa_network_buffer_get_size(nbh),
 
 								dot.enc_block.mac_key,
 
 								dot.enc_block.mac_key,
 
 								pwdtmp,
 
 								pwdtmp,
 
-								turn_params.shatype,NULL)>0) {
 
+								SHATYPE_DEFAULT)>0) {
 
 
 
 						turn_time_t lifetime = (turn_time_t)(dot.enc_block.lifetime);
 
 						turn_time_t lifetime = (turn_time_t)(dot.enc_block.lifetime);
 
 						if(lifetime) {
 
 						if(lifetime) {
 
@@ -578,25 +559,11 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 
 			int sarlen = stun_attr_get_len(sar);
 
 			int sarlen = stun_attr_get_len(sar);
 
 			switch(sarlen) {
 
 			switch(sarlen) {
 
 			case SHA1SIZEBYTES:
 
 			case SHA1SIZEBYTES:
 
-				if(turn_params.shatype != SHATYPE_SHA1)
 
-					return -1;
 
 				hmac_len = SHA1SIZEBYTES;
 
 				hmac_len = SHA1SIZEBYTES;
 
 				break;
 
 				break;
 
 			case SHA256SIZEBYTES:
 
 			case SHA256SIZEBYTES:
 
-				if(turn_params.shatype != SHATYPE_SHA256)
 
-					return -1;
 
-				hmac_len = SHA256SIZEBYTES;
 
-				break;
 
 			case SHA384SIZEBYTES:
 
 			case SHA384SIZEBYTES:
 
-				if(turn_params.shatype != SHATYPE_SHA384)
 
-					return -1;
 
-				hmac_len = SHA384SIZEBYTES;
 
-				break;
 
 			case SHA512SIZEBYTES:
 
 			case SHA512SIZEBYTES:
 
-				if(turn_params.shatype != SHATYPE_SHA512)
 
-					return -1;
 
-				hmac_len = SHA512SIZEBYTES;
 
-				break;
 
 			default:
 
 			default:
 
 				return -1;
 
 				return -1;
 
 			};
 
 			};
 
@@ -606,7 +573,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 
 				const char* secret = get_secrets_list_elem(&sl,sll);
 
 				const char* secret = get_secrets_list_elem(&sl,sll);
 
 
 
 				if(secret) {
 
 				if(secret) {
 
-					if(stun_calculate_hmac(usname, strlen((char*)usname), (const u08bits*)secret, strlen(secret), hmac, &hmac_len, turn_params.shatype)>=0) {
 
+					if(stun_calculate_hmac(usname, strlen((char*)usname), (const u08bits*)secret, strlen(secret), hmac, &hmac_len, SHATYPE_DEFAULT)>=0) {
 
 						size_t pwd_length = 0;
 
 						size_t pwd_length = 0;
 
 						char *pwd = base64_encode(hmac,hmac_len,&pwd_length);
 
 						char *pwd = base64_encode(hmac,hmac_len,&pwd_length);
 
 
 
@@ -614,14 +581,14 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 
 							if(pwd_length<1) {
 
 							if(pwd_length<1) {
 
 								turn_free(pwd,strlen(pwd)+1);
 
 								turn_free(pwd,strlen(pwd)+1);
 
 							} else {
 
 							} else {
 
-								if(stun_produce_integrity_key_str((u08bits*)usname, realm, (u08bits*)pwd, key, turn_params.shatype)>=0) {
 
+								if(stun_produce_integrity_key_str((u08bits*)usname, realm, (u08bits*)pwd, key, SHATYPE_DEFAULT)>=0) {
 
 
 
 									if(stun_check_message_integrity_by_key_str(TURN_CREDENTIALS_LONG_TERM,
 
 									if(stun_check_message_integrity_by_key_str(TURN_CREDENTIALS_LONG_TERM,
 
 										ioa_network_buffer_data(nbh),
 
 										ioa_network_buffer_data(nbh),
 
 										ioa_network_buffer_get_size(nbh),
 
 										ioa_network_buffer_get_size(nbh),
 
 										key,
 
 										key,
 
 										pwdtmp,
 
 										pwdtmp,
 
-										turn_params.shatype,NULL)>0) {
 
+										SHATYPE_DEFAULT)>0) {
 
 
 
 										ret = 0;
 
 										ret = 0;
 
 									}
 
 									}
 
@@ -650,15 +617,15 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 
 	ur_string_map_unlock(turn_params.default_users_db.ram_db.static_accounts);
 
 	ur_string_map_unlock(turn_params.default_users_db.ram_db.static_accounts);
 
 
 
 	if(ret==0) {
 
 	if(ret==0) {
 
-		size_t sz = get_hmackey_size(turn_params.shatype);
 
+		size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 
 		ns_bcopy(ukey,key,sz);
 
 		ns_bcopy(ukey,key,sz);
 
 		return 0;
 
 		return 0;
 
 	}
 
 	}
 
 
 
-  const turn_dbdriver_t * dbd = get_dbdriver();
 
-  if (dbd && dbd->get_user_key) {
 
-    ret = (*(dbd->get_user_key))(usname, realm, key);
 
-  }
 
+	const turn_dbdriver_t * dbd = get_dbdriver();
 
+	if (dbd && dbd->get_user_key) {
 
+		ret = (*(dbd->get_user_key))(usname, realm, key);
 
+	}
 
 
 
 	return ret;
 
 	return ret;
 
 }
 
 }
 
@@ -762,7 +729,7 @@ int add_static_user_account(char *user)
 
 			hmackey_t *key = (hmackey_t*)turn_malloc(sizeof(hmackey_t));
 
 			hmackey_t *key = (hmackey_t*)turn_malloc(sizeof(hmackey_t));
 
 			if(strstr(s,"0x")==s) {
 
 			if(strstr(s,"0x")==s) {
 
 				char *keysource = s + 2;
 
 				char *keysource = s + 2;
 
-				size_t sz = get_hmackey_size(turn_params.shatype);
 
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 
 				if(strlen(keysource)<sz*2) {
 
 				if(strlen(keysource)<sz*2) {
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s\n",s);
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s\n",s);
 
 				} if(convert_string_key_to_binary(keysource, *key, sz)<0) {
 
 				} if(convert_string_key_to_binary(keysource, *key, sz)<0) {
 
@@ -773,7 +740,7 @@ int add_static_user_account(char *user)
 
 				}
 
 				}
 
 			} else {
 
 			} else {
 
 				//this is only for default realm
 
 				//this is only for default realm
 
-				stun_produce_integrity_key_str((u08bits*)usname, (u08bits*)get_realm(NULL)->options.name, (u08bits*)s, *key, turn_params.shatype);
 
+				stun_produce_integrity_key_str((u08bits*)usname, (u08bits*)get_realm(NULL)->options.name, (u08bits*)s, *key, SHATYPE_DEFAULT);
 
 			}
 
 			}
 
 			{
 
 			{
 
 				ur_string_map_lock(turn_params.default_users_db.ram_db.static_accounts);
 
 				ur_string_map_lock(turn_params.default_users_db.ram_db.static_accounts);
 
@@ -973,9 +940,9 @@ int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08b
 
 		must_set_admin_pwd(pwd);
 
 		must_set_admin_pwd(pwd);
 
 
 
 		{
 
 		{
 
-			stun_produce_integrity_key_str(user, realm, pwd, key, turn_params.shatype);
 
+			stun_produce_integrity_key_str(user, realm, pwd, key, SHATYPE_DEFAULT);
 
 			size_t i = 0;
 
 			size_t i = 0;
 
-			size_t sz = get_hmackey_size(turn_params.shatype);
 
+			size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 
 			int maxsz = (int) (sz * 2) + 1;
 
 			int maxsz = (int) (sz * 2) + 1;
 
 			char *s = skey;
 
 			char *s = skey;
 
 			for (i = 0; (i < sz) && (maxsz > 2); i++) {
 
 			for (i = 0; (i < sz) && (maxsz > 2); i++) {
 
@@ -1051,17 +1018,12 @@ void run_db_test(void)
 
 		oauth_key_data_raw key_;
 
 		oauth_key_data_raw key_;
 
 		oauth_key_data_raw *key=&key_;
 
 		oauth_key_data_raw *key=&key_;
 
 		dbd->get_oauth_key((const u08bits*)"north",key);
 
 		dbd->get_oauth_key((const u08bits*)"north",key);
 
-		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
 
-		    		key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
 
-		    		key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
 
+		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
 
+		    		key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->as_rs_alg);
 
 
 
 		printf("DB TEST 3:\n");
 
 		printf("DB TEST 3:\n");
 
 
 
 		STRCPY(key->as_rs_alg,"as_rs_alg");
 
 		STRCPY(key->as_rs_alg,"as_rs_alg");
 
-		STRCPY(key->as_rs_key,"as_rs_key");
 
-		STRCPY(key->auth_alg,"auth_alg");
 
-		STRCPY(key->auth_key,"auth_key");
 
-		STRCPY(key->hkdf_hash_func,"hkdf");
 
 		STRCPY(key->ikm_key,"ikm_key");
 
 		STRCPY(key->ikm_key,"ikm_key");
 
 		STRCPY(key->kid,"kid");
 
 		STRCPY(key->kid,"kid");
 
 		key->timestamp = 123;
 
 		key->timestamp = 123;
 
@@ -1072,9 +1034,8 @@ void run_db_test(void)
 
 
 
 		printf("DB TEST 4:\n");
 
 		printf("DB TEST 4:\n");
 
 		dbd->get_oauth_key((const u08bits*)"kid",key);
 
 		dbd->get_oauth_key((const u08bits*)"kid",key);
 
-		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
 
-		    		key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
 
-		    		key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
 
+		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
 
+		    		key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->as_rs_alg);
 
 
 
 		printf("DB TEST 5:\n");
 
 		printf("DB TEST 5:\n");
 
 		dbd->del_oauth_key((const u08bits*)"kid");
 
 		dbd->del_oauth_key((const u08bits*)"kid");
 
@@ -1086,9 +1047,8 @@ void run_db_test(void)
 
 
 
 		oauth_key_data oakd;
 
 		oauth_key_data oakd;
 
 		convert_oauth_key_data_raw(key, &oakd);
 
 		convert_oauth_key_data_raw(key, &oakd);
 
-		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key_size=%d, auth_alg=%s, auth_key_size=%d\n",
 
-				    		oakd.kid, oakd.ikm_key, (unsigned long long)oakd.timestamp, (unsigned long)oakd.lifetime, oakd.hkdf_hash_func,
 
-				    		oakd.as_rs_alg, (int)oakd.as_rs_key_size, oakd.auth_alg, (int)oakd.auth_key_size);
 
+		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
 
+				    		oakd.kid, oakd.ikm_key, (unsigned long long)oakd.timestamp, (unsigned long)oakd.lifetime, oakd.as_rs_alg);
 
 
 
 		oauth_key oak;
 
 		oauth_key oak;
 
 		char err_msg[1025];
 
 		char err_msg[1025];

+ 9 - 33
src/apps/rfc5769/rfc5769check.c
View File 

@@ -41,33 +41,11 @@
 
 
 
 //////////// OAUTH //////////////////
 
 //////////// OAUTH //////////////////
 
 
 
-static const char* shas[]={"SHA1",
 
-#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
 
-			   "SHA256",
 
-#endif
 
-#if !defined(OPENSSL_NO_SHA384) && defined(SHA384_DIGEST_LENGTH)
 
-			   "SHA384",
 
-#endif
 
-#if !defined(OPENSSL_NO_SHA512) && defined(SHA512_DIGEST_LENGTH)
 
-			   "SHA512",
 
-#endif
 
-			   NULL};
 
-static const char* encs[]={"AES-256-CBC","AES-128-CBC",
 
+static const char* encs[]={
 
 #if !defined(TURN_NO_GCM)
 
 #if !defined(TURN_NO_GCM)
 
-		"AEAD_AES_128_GCM", "AEAD_AES_256_GCM",
 
+		"A128GCM", "A256GCM",
 
 #endif
 
 #endif
 
 		NULL};
 
 		NULL};
 
-static const char* hmacs[]={"HMAC-SHA-1",
 
-#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
 
-			    "HMAC-SHA-256","HMAC-SHA-256-128",
 
-#endif
 
-#if !defined(OPENSSL_NO_SHA384) && defined(SHA384_DIGEST_LENGTH)
 
-			    "HMAC-SHA-384",
 
-#endif
 
-#if !defined(OPENSSL_NO_SHA512) && defined(SHA512_DIGEST_LENGTH)
 
-			    "HMAC-SHA-512",
 
-#endif
 
-			    NULL};
 
 
 
 static int print_extra = 0;
 
 static int print_extra = 0;
 
 
 
@@ -86,7 +64,7 @@ static int check_oauth(void) {
 
 
 
 	const char server_name[33] = "blackdow.carleon.gov";
 
 	const char server_name[33] = "blackdow.carleon.gov";
 
 
 
-	size_t i_hmacs,i_shas,i_encs;
 
+	size_t i_encs;
 
 
 
 	const char long_term_key[33] = "HGkj32KJGiuy098sdfaqbNjOiaz71923";
 
 	const char long_term_key[33] = "HGkj32KJGiuy098sdfaqbNjOiaz71923";
 
 
 
@@ -105,20 +83,20 @@ static int check_oauth(void) {
 
 	const turn_time_t key_timestamp = 1234567890;
 
 	const turn_time_t key_timestamp = 1234567890;
 
 	const turn_time_t key_lifetime = 3600;
 
 	const turn_time_t key_lifetime = 3600;
 
 
 
-	const char aead_nonce[OAUTH_AEAD_NONCE_SIZE+1] = "h4j3k2l2n4b5";
 
+	const char gcm_nonce[OAUTH_GCM_NONCE_SIZE+1] = "h4j3k2l2n4b5";
 
 
 
-	for (i_hmacs = 0; hmacs[i_hmacs]; ++i_hmacs) {
 
-
 
-		for (i_shas = 0; shas[i_shas]; ++i_shas) {
 
+	{
 
+		{
 
 
 
 			for (i_encs = 0; encs[i_encs]; ++i_encs) {
 
 			for (i_encs = 0; encs[i_encs]; ++i_encs) {
 
 
 
-				printf("oauth token %s:%s:%s:",hmacs[i_hmacs],shas[i_shas],encs[i_encs]);
 
+				printf("oauth token %s:",encs[i_encs]);
 
 
 
 				if(print_extra)
 
 				if(print_extra)
 
 					printf("\n");
 
 					printf("\n");
 
 
 
 				oauth_token ot;
 
 				oauth_token ot;
 
+				ns_bzero(&ot,sizeof(ot));
 
 				ot.enc_block.key_length = (uint16_t)mac_key_length;
 
 				ot.enc_block.key_length = (uint16_t)mac_key_length;
 
 				STRCPY(ot.enc_block.mac_key,mac_key);
 
 				STRCPY(ot.enc_block.mac_key,mac_key);
 
 				ot.enc_block.timestamp = token_timestamp;
 
 				ot.enc_block.timestamp = token_timestamp;
 
@@ -140,8 +118,6 @@ static int check_oauth(void) {
 
 						STRCPY(okdr.kid,kid);
 
 						STRCPY(okdr.kid,kid);
 
 						STRCPY(okdr.ikm_key,base64encoded_ltp);
 
 						STRCPY(okdr.ikm_key,base64encoded_ltp);
 
 						STRCPY(okdr.as_rs_alg, encs[i_encs]);
 
 						STRCPY(okdr.as_rs_alg, encs[i_encs]);
 
-						STRCPY(okdr.auth_alg, hmacs[i_hmacs]);
 
-						STRCPY(okdr.hkdf_hash_func, shas[i_shas]);
 
 						okdr.timestamp = key_timestamp;
 
 						okdr.timestamp = key_timestamp;
 
 						okdr.lifetime = key_lifetime;
 
 						okdr.lifetime = key_lifetime;
 
 
 
@@ -168,7 +144,7 @@ static int check_oauth(void) {
 
 					ns_bzero(&etoken,sizeof(etoken));
 
 					ns_bzero(&etoken,sizeof(etoken));
 
 
 
 					if (encode_oauth_token((const u08bits *) server_name, &etoken,
 
 					if (encode_oauth_token((const u08bits *) server_name, &etoken,
 
-							&key, &ot, (const u08bits*)aead_nonce) < 0) {
 
+							&key, &ot, (const u08bits*)gcm_nonce) < 0) {
 
 						fprintf(stderr, "%s: cannot encode oauth token\n",
 
 						fprintf(stderr, "%s: cannot encode oauth token\n",
 
 								__FUNCTION__);
 
 								__FUNCTION__);
 
 						return -1;
 
 						return -1;

+ 2 - 2
src/apps/stunclient/stunclient.c
View File 

@@ -67,7 +67,7 @@ static int run_stunclient(const char* rip, int rport, int *port, int *rfc5780, i
 
 			err(-1, NULL);
 
 			err(-1, NULL);
 
 
 
 		if (!addr_any(&real_local_addr)) {
 
 		if (!addr_any(&real_local_addr)) {
 
-			if (addr_bind(udp_fd, &real_local_addr,0,1) < 0)
 
+			if (addr_bind(udp_fd, &real_local_addr,0,1,UDP_SOCKET) < 0)
 
 				err(-1, NULL);
 
 				err(-1, NULL);
 
 		}
 
 		}
 
 	}
 
 	}
 
@@ -80,7 +80,7 @@ static int run_stunclient(const char* rip, int rport, int *port, int *rfc5780, i
 
 
 
 		addr_set_port(&real_local_addr, response_port);
 
 		addr_set_port(&real_local_addr, response_port);
 
 
 
-		if (addr_bind(new_udp_fd, &real_local_addr, 0, 1) < 0)
 
+		if (addr_bind(new_udp_fd, &real_local_addr, 0, 1, UDP_SOCKET) < 0)
 
 			err(-1, NULL);
 
 			err(-1, NULL);
 
 	}
 
 	}

+ 5 - 51
src/apps/uclient/mainuclient.c
View File 

@@ -84,7 +84,7 @@ int negative_protocol_test = 0;
 
 int dos = 0;
 
 int dos = 0;
 
 int random_disconnect = 0;
 
 int random_disconnect = 0;
 
 
 
-SHATYPE shatype = SHATYPE_SHA1;
 
+SHATYPE shatype = SHATYPE_DEFAULT;
 
 
 
 int mobility = 0;
 
 int mobility = 0;
 
 
 
@@ -102,9 +102,9 @@ int oauth = 0;
 
 oauth_key okey_array[3];
 
 oauth_key okey_array[3];
 
 
 
 static oauth_key_data_raw okdr_array[3] = {
 
 static oauth_key_data_raw okdr_array[3] = {
 
-		{"north","Y2FybGVvbg==",0,0,"SHA-256","AES-256-CBC","","HMAC-SHA-256-128",""},
 
-		{"union","aGVyb2Q=",0,0,"SHA-256","AES-256-CBC","","HMAC-SHA-512",""},
 
-		{"oldempire","YXVsY3Vz",0,0,"SHA-256","AEAD-AES-256-GCM","","",""}
 
+		{"north","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK",0,0,"A256GCM"},
 
+		{"union","MTIzNDU2Nzg5MDEyMzQ1Ngo=",0,0,"A128GCM"},
 
+		{"oldempire","MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK",0,0,"A256GCM"}
 
 };
 
 };
 
 
 
 //////////////// local definitions /////////////////
 
 //////////////// local definitions /////////////////
 
@@ -131,10 +131,6 @@ static char Usage[] =
 
   "	-N	Negative tests (some limited cases only).\n"
 
   "	-N	Negative tests (some limited cases only).\n"
 
   "	-R	Negative protocol tests.\n"
 
   "	-R	Negative protocol tests.\n"
 
   "	-O	DOS attack mode (quick connect and exit).\n"
 
   "	-O	DOS attack mode (quick connect and exit).\n"
 
-  "	-H	SHA256 digest function for message integrity calculation.\n"
 
-  "		Without this option, by default, SHA1 is used.\n"
 
-  "	-Y	SHA384 digest function for message integrity calculation.\n"
 
-  "	-K	SHA512 digest function for message integrity calculation.\n"
 
   "	-M	ICE Mobility engaged.\n"
 
   "	-M	ICE Mobility engaged.\n"
 
   "	-I	Do not set permissions on TURN relay endpoints\n"
 
   "	-I	Do not set permissions on TURN relay endpoints\n"
 
   "		(for testing the non-standard server relay functionality).\n"
 
   "		(for testing the non-standard server relay functionality).\n"
 
@@ -166,39 +162,6 @@ static char Usage[] =
 
 
 
 //////////////////////////////////////////////////
 
 //////////////////////////////////////////////////
 
 
 
-void recalculate_restapi_hmac(SHATYPE st) {
 
-
 
-	if (g_use_auth_secret_with_timestamp) {
 
-
 
-		u08bits hmac[MAXSHASIZE];
 
-		unsigned int hmac_len = 0;
 
-
 
-		if(st == SHATYPE_SHA256)
 
-		  hmac_len = SHA256SIZEBYTES;
 
-		else if(st == SHATYPE_SHA384)
 
-		  hmac_len = SHA384SIZEBYTES;
 
-		else if(st == SHATYPE_SHA512)
 
-		  hmac_len = SHA512SIZEBYTES;
 
-
 
-		hmac[0] = 0;
 
-
 
-		if (stun_calculate_hmac(g_uname, strlen((char*) g_uname),
 
-				(u08bits*) g_auth_secret, strlen(g_auth_secret), hmac,
 
-				&hmac_len, st) >= 0) {
 
-			size_t pwd_length = 0;
 
-			char *pwd = base64_encode(hmac, hmac_len, &pwd_length);
 
-
 
-			if (pwd) {
 
-				if (pwd_length > 0) {
 
-					ns_bcopy(pwd,g_upwd,pwd_length);
 
-					g_upwd[pwd_length] = 0;
 
-				}
 
-			}
 
-			turn_free(pwd,strlen(pwd)+1);
 
-		}
 
-	}
 
-}
 
-
 
 int main(int argc, char **argv)
 
 int main(int argc, char **argv)
 
 {
 
 {
 
 	int port = 0;
 
 	int port = 0;
 
@@ -220,7 +183,7 @@ int main(int argc, char **argv)
 
 
 
 	ns_bzero(local_addr, sizeof(local_addr));
 
 	ns_bzero(local_addr, sizeof(local_addr));
 
 
 
-	while ((c = getopt(argc, argv, "a:d:p:l:n:L:m:e:r:u:w:i:k:z:W:C:E:F:o:bZvsyhcxXgtTSAPDNOUHYKMRIGBJ")) != -1) {
 
+	while ((c = getopt(argc, argv, "a:d:p:l:n:L:m:e:r:u:w:i:k:z:W:C:E:F:o:bZvsyhcxXgtTSAPDNOUMRIGBJ")) != -1) {
 
 		switch (c){
 
 		switch (c){
 
 		case 'J': {
 
 		case 'J': {
 
 
 
@@ -271,15 +234,6 @@ int main(int argc, char **argv)
 
 		case 'M':
 
 		case 'M':
 
 			mobility = 1;
 
 			mobility = 1;
 
 			break;
 
 			break;
 
-		case 'H':
 
-			shatype = SHATYPE_SHA256;
 
-			break;
 
-		case 'Y':
 
-			shatype = SHATYPE_SHA384;
 
-			break;
 
-		case 'K':
 
-			shatype = SHATYPE_SHA512;
 
-			break;
 
 		case 'E':
 
 		case 'E':
 
 		{
 
 		{
 
 			char* fn = find_config_file(optarg,1);
 
 			char* fn = find_config_file(optarg,1);

+ 0 - 1
src/apps/uclient/session.h
View File 

@@ -91,7 +91,6 @@ typedef struct {
 
   app_tcp_conn_info **tcp_conn;
 
   app_tcp_conn_info **tcp_conn;
 
   size_t tcp_conn_number;
 
   size_t tcp_conn_number;
 
   int is_peer;
 
   int is_peer;
 
-  SHATYPE shatype;
 
   char s_mobile_id[33];
 
   char s_mobile_id[33];
 
 } app_ur_conn_info;
 
 } app_ur_conn_info;

+ 1 - 51
src/apps/uclient/startuclient.c
View File 

@@ -526,16 +526,6 @@ static int clnet_allocate(int verbose,
 
 									&err_code,err_msg,sizeof(err_msg),
 
 									&err_code,err_msg,sizeof(err_msg),
 
 									clnet_info->realm,clnet_info->nonce,
 
 									clnet_info->realm,clnet_info->nonce,
 
 									clnet_info->server_name, &(clnet_info->oauth))) {
 
 									clnet_info->server_name, &(clnet_info->oauth))) {
 
-						if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 
-							clnet_info->shatype = SHATYPE_SHA256;
 
-							recalculate_restapi_hmac(clnet_info->shatype);
 
-						} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
 
-							clnet_info->shatype = SHATYPE_SHA384;
 
-							recalculate_restapi_hmac(clnet_info->shatype);
 
-						} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
 
-							clnet_info->shatype = SHATYPE_SHA512;
 
-							recalculate_restapi_hmac(clnet_info->shatype);
 
-						}
 
 						goto beg_allocate;
 
 						goto beg_allocate;
 
 					} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 					} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 
 
@@ -668,7 +658,7 @@ static int clnet_allocate(int verbose,
 
 					field[1]=0;
 
 					field[1]=0;
 
 					field[2]=0;
 
 					field[2]=0;
 
 					field[3]=0;
 
 					field[3]=0;
 
-					stun_attr_add(&request_message, STUN_ATTRIBUTE_ADDITIONAL_ADDRESS_FAMILY, (const char*) field, 4);
 
+					stun_attr_add(&request_message, STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY, (const char*) field, 4);
 
 				}
 
 				}
 
 			}
 
 			}
 
 
 
@@ -730,16 +720,6 @@ static int clnet_allocate(int verbose,
 
 										&err_code,err_msg,sizeof(err_msg),
 
 										&err_code,err_msg,sizeof(err_msg),
 
 										clnet_info->realm,clnet_info->nonce,
 
 										clnet_info->realm,clnet_info->nonce,
 
 										clnet_info->server_name, &(clnet_info->oauth))) {
 
 										clnet_info->server_name, &(clnet_info->oauth))) {
 
-						if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 
-							clnet_info->shatype = SHATYPE_SHA256;
 
-							recalculate_restapi_hmac(clnet_info->shatype);
 
-						} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
 
-							clnet_info->shatype = SHATYPE_SHA384;
 
-							recalculate_restapi_hmac(clnet_info->shatype);
 
-						} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
 
-							clnet_info->shatype = SHATYPE_SHA512;
 
-							recalculate_restapi_hmac(clnet_info->shatype);
 
-						}
 
 						goto beg_refresh;
 
 						goto beg_refresh;
 
 					} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 					} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 						refresh_received = 1;
 
 						refresh_received = 1;
 
@@ -834,16 +814,6 @@ static int turn_channel_bind(int verbose, uint16_t *chn,
 
 										&err_code,err_msg,sizeof(err_msg),
 
 										&err_code,err_msg,sizeof(err_msg),
 
 										clnet_info->realm,clnet_info->nonce,
 
 										clnet_info->realm,clnet_info->nonce,
 
 										clnet_info->server_name, &(clnet_info->oauth))) {
 
 										clnet_info->server_name, &(clnet_info->oauth))) {
 
-					if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 
-						clnet_info->shatype = SHATYPE_SHA256;
 
-						recalculate_restapi_hmac(clnet_info->shatype);
 
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
 
-						clnet_info->shatype = SHATYPE_SHA384;
 
-						recalculate_restapi_hmac(clnet_info->shatype);
 
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
 
-						clnet_info->shatype = SHATYPE_SHA512;
 
-						recalculate_restapi_hmac(clnet_info->shatype);
 
-					}
 
 					goto beg_bind;
 
 					goto beg_bind;
 
 				} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 				} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 					cb_received = 1;
 
 					cb_received = 1;
 
@@ -948,16 +918,6 @@ static int turn_create_permission(int verbose, app_ur_conn_info *clnet_info,
 
 									&err_code,err_msg,sizeof(err_msg),
 
 									&err_code,err_msg,sizeof(err_msg),
 
 									clnet_info->realm,clnet_info->nonce,
 
 									clnet_info->realm,clnet_info->nonce,
 
 									clnet_info->server_name, &(clnet_info->oauth))) {
 
 									clnet_info->server_name, &(clnet_info->oauth))) {
 
-					if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 
-						clnet_info->shatype = SHATYPE_SHA256;
 
-						recalculate_restapi_hmac(clnet_info->shatype);
 
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
 
-						clnet_info->shatype = SHATYPE_SHA384;
 
-						recalculate_restapi_hmac(clnet_info->shatype);
 
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
 
-						clnet_info->shatype = SHATYPE_SHA512;
 
-						recalculate_restapi_hmac(clnet_info->shatype);
 
-					}
 
 					goto beg_cp;
 
 					goto beg_cp;
 
 				} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 				} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 					cp_received = 1;
 
 					cp_received = 1;
 
@@ -1533,16 +1493,6 @@ static int turn_tcp_connection_bind(int verbose, app_ur_conn_info *clnet_info, a
 
 										&err_code,err_msg,sizeof(err_msg),
 
 										&err_code,err_msg,sizeof(err_msg),
 
 										clnet_info->realm,clnet_info->nonce,
 
 										clnet_info->realm,clnet_info->nonce,
 
 										clnet_info->server_name, &(clnet_info->oauth))) {
 
 										clnet_info->server_name, &(clnet_info->oauth))) {
 
-					if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 
-						clnet_info->shatype = SHATYPE_SHA256;
 
-						recalculate_restapi_hmac(clnet_info->shatype);
 
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
 
-						clnet_info->shatype = SHATYPE_SHA384;
 
-						recalculate_restapi_hmac(clnet_info->shatype);
 
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
 
-						clnet_info->shatype = SHATYPE_SHA512;
 
-						recalculate_restapi_hmac(clnet_info->shatype);
 
-					}
 
 					goto beg_cb;
 
 					goto beg_cb;
 
 				} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 				} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
 					cb_received = 1;
 
 					cb_received = 1;

+ 6 - 20
src/apps/uclient/uclient.c
View File 

@@ -119,7 +119,6 @@ static app_ur_session* init_app_session(app_ur_session *ss) {
 
   if(ss) {
 
   if(ss) {
 
     ns_bzero(ss,sizeof(app_ur_session));
 
     ns_bzero(ss,sizeof(app_ur_session));
 
     ss->pinfo.fd=-1;
 
     ss->pinfo.fd=-1;
 
-    ss->pinfo.shatype = shatype;
 
   }
 
   }
 
   return ss;
 
   return ss;
 
 }
 
 }
 
@@ -751,17 +750,6 @@ static int client_read(app_ur_session *elem, int is_tcp_data, app_tcp_conn_info
 
 							&err_code,err_msg,sizeof(err_msg),
 
 							&err_code,err_msg,sizeof(err_msg),
 
 							clnet_info->realm,clnet_info->nonce,
 
 							clnet_info->realm,clnet_info->nonce,
 
 							clnet_info->server_name, &(clnet_info->oauth))) {
 
 							clnet_info->server_name, &(clnet_info->oauth))) {
 
-			if(err_code == SHA_TOO_WEAK_ERROR_CODE && (elem->pinfo.shatype == SHATYPE_SHA1)) {
 
-				elem->pinfo.shatype = SHATYPE_SHA256;
 
-				recalculate_restapi_hmac(elem->pinfo.shatype);
 
-			} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (elem->pinfo.shatype == SHATYPE_SHA256)) {
 
-				elem->pinfo.shatype = SHATYPE_SHA384;
 
-				recalculate_restapi_hmac(elem->pinfo.shatype);
 
-			} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (elem->pinfo.shatype == SHATYPE_SHA384)) {
 
-				elem->pinfo.shatype = SHATYPE_SHA512;
 
-				recalculate_restapi_hmac(elem->pinfo.shatype);
 
-			}
 
-
 
 			if(is_TCP_relay() && (stun_get_method(&(elem->in_buffer)) == STUN_METHOD_CONNECT)) {
 
 			if(is_TCP_relay() && (stun_get_method(&(elem->in_buffer)) == STUN_METHOD_CONNECT)) {
 
 				turn_tcp_connect(clnet_verbose, &(elem->pinfo), &(elem->pinfo.peer_addr));
 
 				turn_tcp_connect(clnet_verbose, &(elem->pinfo), &(elem->pinfo.peer_addr));
 
 			} else if(stun_get_method(&(elem->in_buffer)) == STUN_METHOD_REFRESH) {
 
 			} else if(stun_get_method(&(elem->in_buffer)) == STUN_METHOD_REFRESH) {
 
@@ -1008,7 +996,6 @@ static int start_client(const char *remote_address, int port,
 
   app_ur_conn_info clnet_info_probe; /* for load balancing probe */
 
   app_ur_conn_info clnet_info_probe; /* for load balancing probe */
 
   ns_bzero(&clnet_info_probe,sizeof(clnet_info_probe));
 
   ns_bzero(&clnet_info_probe,sizeof(clnet_info_probe));
 
   clnet_info_probe.fd = -1;
 
   clnet_info_probe.fd = -1;
 
-  clnet_info_probe.shatype = shatype;
 
 
 
   app_ur_conn_info *clnet_info=&(ss->pinfo);
 
   app_ur_conn_info *clnet_info=&(ss->pinfo);
 
   app_ur_conn_info *clnet_info_rtcp=NULL;
 
   app_ur_conn_info *clnet_info_rtcp=NULL;
 
@@ -1103,7 +1090,6 @@ static int start_c2c(const char *remote_address, int port,
 
   app_ur_conn_info clnet_info_probe; /* for load balancing probe */
 
   app_ur_conn_info clnet_info_probe; /* for load balancing probe */
 
   ns_bzero(&clnet_info_probe,sizeof(clnet_info_probe));
 
   ns_bzero(&clnet_info_probe,sizeof(clnet_info_probe));
 
   clnet_info_probe.fd = -1;
 
   clnet_info_probe.fd = -1;
 
-  clnet_info_probe.shatype = shatype;
 
 
 
   app_ur_conn_info *clnet_info1=&(ss1->pinfo);
 
   app_ur_conn_info *clnet_info1=&(ss1->pinfo);
 
   app_ur_conn_info *clnet_info1_rtcp=NULL;
 
   app_ur_conn_info *clnet_info1_rtcp=NULL;
 
@@ -1247,7 +1233,7 @@ static int refresh_channel(app_ur_session* elem, u16bits method, uint32_t lt)
 
 				field[1]=0;
 
 				field[1]=0;
 
 				field[2]=0;
 
 				field[2]=0;
 
 				field[3]=0;
 
 				field[3]=0;
 
-				stun_attr_add(&message, STUN_ATTRIBUTE_ADDITIONAL_ADDRESS_FAMILY, (const char*) field, 4);
 
+				stun_attr_add(&message, STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY, (const char*) field, 4);
 
 			}
 
 			}
 
 		}
 
 		}
 
 
 
@@ -1652,7 +1638,7 @@ int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 
 			}
 
 			}
 
 
 
 			if(stun_attr_add_integrity_by_key_str(message->buf, (size_t*)&(message->len), (u08bits*)okey_array[cok].kid,
 
 			if(stun_attr_add_integrity_by_key_str(message->buf, (size_t*)&(message->len), (u08bits*)okey_array[cok].kid,
 
-					clnet_info->realm, clnet_info->key, clnet_info->nonce, clnet_info->shatype)<0) {
 
+					clnet_info->realm, clnet_info->key, clnet_info->nonce, shatype)<0) {
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO," Cannot add integrity to the message\n");
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO," Cannot add integrity to the message\n");
 
 				return -1;
 
 				return -1;
 
 			}
 
 			}
 
@@ -1661,14 +1647,14 @@ int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 
 			{
 
 			{
 
 				password_t pwd;
 
 				password_t pwd;
 
 				if(stun_check_message_integrity_by_key_str(get_turn_credentials_type(),
 
 				if(stun_check_message_integrity_by_key_str(get_turn_credentials_type(),
 
-								message->buf, (size_t)(message->len), clnet_info->key, pwd, clnet_info->shatype, NULL)<1) {
 
+								message->buf, (size_t)(message->len), clnet_info->key, pwd, shatype)<1) {
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR," Self-test of integrity does not comple correctly !\n");
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR," Self-test of integrity does not comple correctly !\n");
 
 					return -1;
 
 					return -1;
 
 				}
 
 				}
 
 			}
 
 			}
 
 		} else {
 
 		} else {
 
 			if(stun_attr_add_integrity_by_user_str(message->buf, (size_t*)&(message->len), g_uname,
 
 			if(stun_attr_add_integrity_by_user_str(message->buf, (size_t*)&(message->len), g_uname,
 
-					clnet_info->realm, g_upwd, clnet_info->nonce, clnet_info->shatype)<0) {
 
+					clnet_info->realm, g_upwd, clnet_info->nonce, shatype)<0) {
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO," Cannot add integrity to the message\n");
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO," Cannot add integrity to the message\n");
 
 				return -1;
 
 				return -1;
 
 			}
 
 			}
 
@@ -1680,14 +1666,14 @@ int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 
 
 
 int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 
 int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 
 {
 
 {
 
-	SHATYPE sht = clnet_info->shatype;
 
+	SHATYPE sht = shatype;
 
 
 
 	if(oauth && clnet_info->oauth) {
 
 	if(oauth && clnet_info->oauth) {
 
 
 
 		password_t pwd;
 
 		password_t pwd;
 
 
 
 		return stun_check_message_integrity_by_key_str(get_turn_credentials_type(),
 
 		return stun_check_message_integrity_by_key_str(get_turn_credentials_type(),
 
-				message->buf, (size_t)(message->len), clnet_info->key, pwd, sht, NULL);
 
+				message->buf, (size_t)(message->len), clnet_info->key, pwd, sht);
 
 
 
 	} else {
 
 	} else {

+ 0 - 2
src/apps/uclient/uclient.h
View File 

@@ -110,8 +110,6 @@ turn_credential_type get_turn_credentials_type(void);
 
 int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
 
 int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
 
 int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
 
 int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
 
 
 
-void recalculate_restapi_hmac(SHATYPE st);
 
-
 
 SOCKET_TYPE get_socket_type(void);
 
 SOCKET_TYPE get_socket_type(void);
 
 
 
 ////////////////////////////////////////////
 
 ////////////////////////////////////////////

+ 229 - 336
src/client/ns_turn_msg.c
View File 

@@ -231,7 +231,7 @@ static void readable_string(unsigned char *orig, unsigned char *out, size_t sz)
 
     out[0]=0;
 
     out[0]=0;
 
 
 
     for(i = 0; i < sz; ++i) {
 
     for(i = 0; i < sz; ++i) {
 
-        sprintf((char*)(out + (i * 2)), "%02x", (unsigned int)orig[i]);
 
+      snprintf((char*)(out + (i * 2)), 4, "%02x", (unsigned int)orig[i]);
 
     }
 
     }
 
 }
 
 }
 
 
 
@@ -441,20 +441,20 @@ int stun_is_error_response_str(const u08bits* buf, size_t len, int *err_code, u0
 
     if(err_code) {
 
     if(err_code) {
 
       stun_attr_ref sar = stun_attr_get_first_by_type_str(buf, len, STUN_ATTRIBUTE_ERROR_CODE);
 
       stun_attr_ref sar = stun_attr_get_first_by_type_str(buf, len, STUN_ATTRIBUTE_ERROR_CODE);
 
       if(sar) {
 
       if(sar) {
 
-	if(stun_attr_get_len(sar)>=4) {
 
-	  const u08bits* val = (const u08bits*)stun_attr_get_value(sar);
 
-	  *err_code=(int)(val[2]*100 + val[3]);
 
-	  if(err_msg && err_msg_size>0) {
 
-	    err_msg[0]=0;
 
-	    if(stun_attr_get_len(sar)>4) { 
-	      size_t msg_len = stun_attr_get_len(sar) - 4;
 
-	      if(msg_len>(err_msg_size-1))
 
-		msg_len=err_msg_size - 1;
 
-	      ns_bcopy(val+4, err_msg, msg_len);
 
-	      err_msg[msg_len]=0;
 
-	    }
 
-	  }
 
-	}
 
+    	  if(stun_attr_get_len(sar)>=4) {
 
+    		  const u08bits* val = (const u08bits*)stun_attr_get_value(sar);
 
+    		  *err_code=(int)(val[2]*100 + val[3]);
 
+    		  if(err_msg && err_msg_size>0) {
 
+    			  err_msg[0]=0;
 
+    			  if(stun_attr_get_len(sar)>4) {
 
+    				  size_t msg_len = stun_attr_get_len(sar) - 4;
 
+    				  if(msg_len>(err_msg_size-1))
 
+    					  msg_len=err_msg_size - 1;
 
+    				  ns_bcopy(val+4, err_msg, msg_len);
 
+    				  err_msg[msg_len]=0;
 
+    			  }
 
+    		  }
 
+    	  }
 
       }
 
       }
 
     }
 
     }
 
     return 1;
 
     return 1;
 
@@ -467,7 +467,7 @@ int stun_is_challenge_response_str(const u08bits* buf, size_t len, int *err_code
 
 {
 
 {
 
 	int ret = stun_is_error_response_str(buf, len, err_code, err_msg, err_msg_size);
 
 	int ret = stun_is_error_response_str(buf, len, err_code, err_msg, err_msg_size);
 
 
 
-	if(ret && (((*err_code) == 401) || ((*err_code) == 438) || ((*err_code) == SHA_TOO_WEAK_ERROR_CODE))) {
 
+	if(ret && (((*err_code) == 401) || ((*err_code) == 438) )) {
 
 
 
 		stun_attr_ref sar = stun_attr_get_first_by_type_str(buf,len,STUN_ATTRIBUTE_REALM);
 
 		stun_attr_ref sar = stun_attr_get_first_by_type_str(buf,len,STUN_ATTRIBUTE_REALM);
 
 		if(sar) {
 
 		if(sar) {
 
@@ -591,39 +591,79 @@ void old_stun_init_success_response_str(u16bits method, u08bits* buf, size_t *le
 
   }
 
   }
 
 }
 
 }
 
 
 
+const u08bits* get_default_reason(int error_code)
 
+{
 
+	const u08bits* reason = (const u08bits *) "Unknown error";
 
+
 
+	switch (error_code){
 
+	case 300:
 
+		reason = (const u08bits *) "Try Alternate";
 
+		break;
 
+	case 400:
 
+		reason = (const u08bits *) "Bad Request";
 
+		break;
 
+	case 401:
 
+		reason = (const u08bits *) "Unauthorized";
 
+		break;
 
+	case 403:
 
+		reason = (const u08bits *) "Forbidden";
 
+		break;
 
+	case 404:
 
+		reason = (const u08bits *) "Not Found";
 
+		break;
 
+	case 420:
 
+		reason = (const u08bits *) "Unknown Attribute";
 
+		break;
 
+	case 437:
 
+		reason = (const u08bits *) "Allocation Mismatch";
 
+		break;
 
+	case 438:
 
+		reason = (const u08bits *) "Stale Nonce";
 
+		break;
 
+	case 440:
 
+		reason = (const u08bits *) "Address Family not Supported";
 
+		break;
 
+	case 441:
 
+		reason = (const u08bits *) "Wrong Credentials";
 
+		break;
 
+	case 442:
 
+		reason = (const u08bits *) "Unsupported Transport Protocol";
 
+		break;
 
+	case 443:
 
+		reason = (const u08bits *) "Peer Address Family Mismatch";
 
+		break;
 
+	case 446:
 
+		reason = (const u08bits *) "Connection Already Exists";
 
+		break;
 
+	case 447:
 
+		reason = (const u08bits *) "Connection Timeout or Failure";
 
+		break;
 
+	case 486:
 
+		reason = (const u08bits *) "Allocation Quota Reached";
 
+		break;
 
+	case 487:
 
+		reason = (const u08bits *) "Role Conflict";
 
+		break;
 
+	case 500:
 
+		reason = (const u08bits *) "Server Error";
 
+		break;
 
+	case 508:
 
+		reason = (const u08bits *) "Insufficient Capacity";
 
+		break;
 
+	default:
 
+		;
 
+	};
 
+
 
+	return reason;
 
+}
 
+
 
 static void stun_init_error_response_common_str(u08bits* buf, size_t *len,
 
 static void stun_init_error_response_common_str(u08bits* buf, size_t *len,
 
 				u16bits error_code, const u08bits *reason,
 
 				u16bits error_code, const u08bits *reason,
 
 				stun_tid* id)
 
 				stun_tid* id)
 
 {
 
 {
 
 
 
-	if (!reason) {
 
-
 
-		switch (error_code){
 
-		case 300:
 
-			reason = (const u08bits *) "Try Alternate";
 
-			break;
 
-		case 400:
 
-			reason = (const u08bits *) "Bad Request";
 
-			break;
 
-		case 401:
 
-			reason = (const u08bits *) "Unauthorized";
 
-			break;
 
-		case 404:
 
-			reason = (const u08bits *) "Not Found";
 
-			break;
 
-		case 420:
 
-			reason = (const u08bits *) "Unknown Attribute";
 
-			break;
 
-		case 438:
 
-			reason = (const u08bits *) "Stale Nonce";
 
-			break;
 
-		case 500:
 
-			reason = (const u08bits *) "Server Error";
 
-			break;
 
-		default:
 
-			reason = (const u08bits *) "Unknown Error";
 
-			break;
 
-		};
 
+	if (!reason || !strcmp((const char*)reason,"Unknown error")) {
 
+		reason = get_default_reason(error_code);
 
 	}
 
 	}
 
 
 
 	u08bits avalue[513];
 
 	u08bits avalue[513];
 
@@ -1426,17 +1466,33 @@ int stun_attr_add_bandwidth_str(u08bits* buf, size_t *len, band_limit_t bps0) {
 
 	return stun_attr_add_str(buf,len,STUN_ATTRIBUTE_NEW_BANDWIDTH,(u08bits*)(&field),sizeof(field));
 
 	return stun_attr_add_str(buf,len,STUN_ATTRIBUTE_NEW_BANDWIDTH,(u08bits*)(&field),sizeof(field));
 
 }
 
 }
 
 
 
-int stun_attr_add_address_error_code(u08bits* buf, size_t *len, int requested_address_family, u08bits error_code)
 
+int stun_attr_add_address_error_code(u08bits* buf, size_t *len, int requested_address_family, int error_code)
 
 {
 
 {
 
-	u08bits field[4];
 
-	field[0]=(u08bits)requested_address_family;
 
-	field[1]=error_code;
 
-	field[2]=0;
 
-	field[3]=0;
 
-	return stun_attr_add_str(buf,len,STUN_ATTRIBUTE_ADDRESS_ERROR_CODE,field,sizeof(field));
 
+	const u08bits *reason = get_default_reason(error_code);
 
+
 
+	u08bits avalue[513];
 
+	avalue[0] = (u08bits)requested_address_family;
 
+	avalue[1] = 0;
 
+	avalue[2] = (u08bits) (error_code / 100);
 
+	avalue[3] = (u08bits) (error_code % 100);
 
+	strncpy((s08bits*) (avalue + 4), (const s08bits*) reason, sizeof(avalue)-4);
 
+	avalue[sizeof(avalue)-1]=0;
 
+	int alen = 4 + strlen((const s08bits*) (avalue+4));
 
+
 
+	//"Manual" padding for compatibility with classic old stun:
 
+	{
 
+		int rem = alen % 4;
 
+		if(rem) {
 
+			alen +=(4-rem);
 
+		}
 
+	}
 
+
 
+	stun_attr_add_str(buf, len, STUN_ATTRIBUTE_ADDRESS_ERROR_CODE, (u08bits*) avalue, alen);
 
+
 
+	return 0;
 
 }
 
 }
 
 
 
-int stun_attr_get_address_error_code(u08bits* buf, size_t len, int *requested_address_family, u08bits *error_code)
 
+int stun_attr_get_address_error_code(u08bits* buf, size_t len, int *requested_address_family, int *error_code)
 
 {
 
 {
 
 	if(requested_address_family) {
 
 	if(requested_address_family) {
 
 		*requested_address_family = 0;
 
 		*requested_address_family = 0;
 
@@ -1459,7 +1515,7 @@ int stun_attr_get_address_error_code(u08bits* buf, size_t len, int *requested_ad
 
 					*requested_address_family = value[0];
 
 					*requested_address_family = value[0];
 
 				}
 
 				}
 
 				if(error_code) {
 
 				if(error_code) {
 
-					*error_code = value[1];
 
+					*error_code = (int)(value[2]*100+value[3]);
 
 				}
 
 				}
 
 				return 0;
 
 				return 0;
 
 			}
 
 			}
 
@@ -1745,7 +1801,7 @@ void print_hmac(const char *name, const void *s, size_t len)
 
 /*
 
 /*
 
  * Return -1 if failure, 0 if the integrity is not correct, 1 if OK
 
  * Return -1 if failure, 0 if the integrity is not correct, 1 if OK
 
  */
 
  */
 
-int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype, int *too_weak)
 
+int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype)
 
 {
 
 {
 
 	int res = 0;
 
 	int res = 0;
 
 	u08bits new_hmac[MAXSHASIZE];
 
 	u08bits new_hmac[MAXSHASIZE];
 
@@ -1761,41 +1817,21 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *bu
 
 	switch(sarlen) {
 
 	switch(sarlen) {
 
 	case SHA256SIZEBYTES:
 
 	case SHA256SIZEBYTES:
 
 		shasize = SHA256SIZEBYTES;
 
 		shasize = SHA256SIZEBYTES;
 
-		if(shatype > SHATYPE_SHA256) {
 
-			if(too_weak)
 
-				*too_weak = 1;
 
-				return -1;
 
-		}
 
 		if(shatype != SHATYPE_SHA256)
 
 		if(shatype != SHATYPE_SHA256)
 
 			return -1;
 
 			return -1;
 
 		break;
 
 		break;
 
 	case SHA384SIZEBYTES:
 
 	case SHA384SIZEBYTES:
 
 		shasize = SHA384SIZEBYTES;
 
 		shasize = SHA384SIZEBYTES;
 
-		if(shatype > SHATYPE_SHA384) {
 
-			if(too_weak)
 
-				*too_weak = 1;
 
-				return -1;
 
-		}
 
 		if(shatype != SHATYPE_SHA384)
 
 		if(shatype != SHATYPE_SHA384)
 
 			return -1;
 
 			return -1;
 
 		break;
 
 		break;
 
 	case SHA512SIZEBYTES:
 
 	case SHA512SIZEBYTES:
 
 		shasize = SHA512SIZEBYTES;
 
 		shasize = SHA512SIZEBYTES;
 
-		if(shatype > SHATYPE_SHA512) {
 
-			if(too_weak)
 
-				*too_weak = 1;
 
-				return -1;
 
-		}
 
 		if(shatype != SHATYPE_SHA512)
 
 		if(shatype != SHATYPE_SHA512)
 
 			return -1;
 
 			return -1;
 
 		break;
 
 		break;
 
 	case SHA1SIZEBYTES:
 
 	case SHA1SIZEBYTES:
 
 		shasize = SHA1SIZEBYTES;
 
 		shasize = SHA1SIZEBYTES;
 
-		if(shatype > SHATYPE_SHA1) {
 
-			if(too_weak)
 
-				*too_weak = 1;
 
-			return -1;
 
-		}
 
 		if(shatype != SHATYPE_SHA1)
 
 		if(shatype != SHATYPE_SHA1)
 
 			return -1;
 
 			return -1;
 
 		break;
 
 		break;
 
@@ -1847,7 +1883,7 @@ int stun_check_message_integrity_str(turn_credential_type ct, u08bits *buf, size
 
 	else if (stun_produce_integrity_key_str(uname, realm, upwd, key, shatype) < 0)
 
 	else if (stun_produce_integrity_key_str(uname, realm, upwd, key, shatype) < 0)
 
 		return -1;
 
 		return -1;
 
 
 
-	return stun_check_message_integrity_by_key_str(ct, buf, len, key, pwd, shatype, NULL);
 
+	return stun_check_message_integrity_by_key_str(ct, buf, len, key, pwd, shatype);
 
 }
 
 }
 
 
 
 /* RFC 5780 */
 
 /* RFC 5780 */
 
@@ -1963,12 +1999,14 @@ static void normalize_algorithm(char *s)
 
 	}
 
 	}
 
 }
 
 }
 
 
 
-static size_t calculate_enc_key_length(ENC_ALG a)
 
+size_t calculate_enc_key_length(ENC_ALG a);
 
+size_t calculate_enc_key_length(ENC_ALG a)
 
 {
 
 {
 
 	switch(a) {
 
 	switch(a) {
 
-	case AES_128_CBC:
 
-	case AEAD_AES_128_GCM:
 
+#if !defined(TURN_NO_GCM)
 
+	case A128GCM:
 
 		return 16;
 
 		return 16;
 
+#endif
 
 	default:
 
 	default:
 
 		break;
 
 		break;
 
 	};
 
 	};
 
@@ -1976,105 +2014,30 @@ static size_t calculate_enc_key_length(ENC_ALG a)
 
 	return 32;
 
 	return 32;
 
 }
 
 }
 
 
 
-static size_t calculate_auth_key_length(AUTH_ALG a)
 
+size_t calculate_auth_key_length(ENC_ALG a);
 
+size_t calculate_auth_key_length(ENC_ALG a)
 
 {
 
 {
 
 	switch(a) {
 
 	switch(a) {
 
-	case AUTH_ALG_HMAC_SHA_1:
 
-		return 20;
 
-	case AUTH_ALG_HMAC_SHA_256_128:
 
-		return 32;
 
-	case AUTH_ALG_HMAC_SHA_256:
 
-		return 32;
 
-	case AUTH_ALG_HMAC_SHA_384:
 
-		return 48;
 
-	case AUTH_ALG_HMAC_SHA_512:
 
-		return 64;
 
+#if !defined(TURN_NO_GCM)
 
+	case A256GCM:
 
+	case A128GCM:
 
+		return 0;
 
+#endif
 
 	default:
 
 	default:
 
 		break;
 
 		break;
 
 	};
 
 	};
 
 
 
-	return 32;
 
+	return 0;
 
 }
 
 }
 
 
 
-static size_t calculate_auth_output_length(AUTH_ALG a)
 
+int calculate_key(char *key, size_t key_size,
 
+		char *new_key, size_t new_key_size);
 
+int calculate_key(char *key, size_t key_size,
 
+		char *new_key, size_t new_key_size)
 
 {
 
 {
 
-	switch(a) {
 
-	case AUTH_ALG_HMAC_SHA_1:
 
-		return 20;
 
-	case AUTH_ALG_HMAC_SHA_256_128:
 
-		return 16;
 
-	case AUTH_ALG_HMAC_SHA_256:
 
-		return 32;
 
-	case AUTH_ALG_HMAC_SHA_384:
 
-		return 48;
 
-	case AUTH_ALG_HMAC_SHA_512:
 
-		return 64;
 
-	default:
 
-		break;
 
-	};
 
-
 
-	return 32;
 
-}
 
+	UNUSED_ARG(key_size);
 
 
 
-static int calculate_key(char *key, size_t key_size,
 
-						char *new_key, size_t new_key_size,
 
-						SHATYPE shatype,
 
-						char *err_msg, size_t err_msg_size,
 
-						const char *info)
 
-{
 
-	//Extract:
 
-	u08bits prk[128];
 
-	unsigned int prk_len = 0;
 
-	stun_calculate_hmac((const u08bits *)key, key_size, (const u08bits *)"", 0, prk, &prk_len, shatype);
 
-
 
-	//Expand:
 
-	size_t info_len = strlen(info);
 
-	u08bits buf[256];
 
-	ns_bcopy(info,buf,info_len);
 
-	buf[info_len]=0x01;
 
-	u08bits hmac1[128];
 
-	unsigned int hmac1_len = 0;
 
-	stun_calculate_hmac((const u08bits *)buf, info_len+1, prk, prk_len, hmac1, &hmac1_len, shatype);
 
-	ns_bcopy(hmac1,new_key,hmac1_len);
 
-
 
-	//Check
 
-	if(new_key_size>hmac1_len) {
 
-		ns_bcopy(hmac1,buf,hmac1_len);
 
-		ns_bcopy(info,buf+hmac1_len,info_len);
 
-		buf[hmac1_len+info_len]=0x02;
 
-		u08bits hmac2[128];
 
-		unsigned int hmac2_len = 0;
 
-		stun_calculate_hmac((const u08bits *)buf, hmac1_len+info_len+1, prk, prk_len, hmac2, &hmac2_len, shatype);
 
-		ns_bcopy(hmac2,new_key+hmac1_len,hmac2_len);
 
-		if(new_key_size > (hmac1_len + hmac2_len)) {
 
-
 
-			ns_bcopy(hmac2,buf,hmac2_len);
 
-			ns_bcopy(info,buf+hmac2_len,info_len);
 
-			buf[hmac2_len+info_len]=0x03;
 
-			u08bits hmac3[128];
 
-			unsigned int hmac3_len = 0;
 
-			stun_calculate_hmac((const u08bits *)buf, hmac2_len+info_len+1, prk, prk_len, hmac3, &hmac3_len, shatype);
 
-			ns_bcopy(hmac3,new_key+hmac1_len+hmac2_len,hmac3_len);
 
-			if(new_key_size > (hmac1_len + hmac2_len + hmac3_len)) {
 
-
 
-				ns_bcopy(hmac3,buf,hmac3_len);
 
-				ns_bcopy(info,buf+hmac3_len,info_len);
 
-				buf[hmac3_len+info_len]=0x04;
 
-				u08bits hmac4[128];
 
-				unsigned int hmac4_len = 0;
 
-				stun_calculate_hmac((const u08bits *)buf, hmac3_len+info_len+1, prk, prk_len, hmac4, &hmac4_len, shatype);
 
-				ns_bcopy(hmac4,new_key+hmac1_len+hmac2_len+hmac3_len,hmac4_len);
 
-				if(new_key_size > (hmac1_len + hmac2_len + hmac3_len + hmac4_len)) {
 
-
 
-					if(err_msg) {
 
-						snprintf(err_msg,err_msg_size,"Wrong HKDF procedure (key sizes): output.sz=%lu, hmac(1)=%lu, hmac(2)=%lu",(unsigned long)new_key_size,(unsigned long)hmac1_len,(unsigned long)hmac2_len);
 
-					}
 
-					OAUTH_ERROR("Wrong HKDF procedure (key sizes): output.sz=%lu, hmac(1)=%lu, hmac(2)=%lu",(unsigned long)new_key_size,(unsigned long)hmac1_len,(unsigned long)hmac2_len);
 
-					return -1;
 
-				}
 
-			}
 
-		}
 
-	}
 
+	ns_bcopy(key,new_key,new_key_size);
 
 
 
 	return 0;
 
 	return 0;
 
 }
 
 }
 
@@ -2088,27 +2051,16 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
 
 		oauth_key_data *oakd = &oakd_obj;
 
 		oauth_key_data *oakd = &oakd_obj;
 
 
 
 		if(!(oakd->ikm_key_size)) {
 
 		if(!(oakd->ikm_key_size)) {
 
-			if(!(oakd->as_rs_key_size)) {
 
-				if(err_msg) {
 
-					snprintf(err_msg,err_msg_size,"AS-RS key is not defined");
 
-				}
 
-				OAUTH_ERROR("AS-RS key is not defined\n");
 
-				return -1;
 
-			}
 
-			if(!(oakd->auth_key_size)) {
 
-				//AEAD ?
 
+			if(err_msg) {
 
+				snprintf(err_msg,err_msg_size,"key is not defined");
 
 			}
 
 			}
 
 		}
 
 		}
 
 
 
 		remove_spaces(oakd->kid);
 
 		remove_spaces(oakd->kid);
 
 
 
-		remove_spaces(oakd->hkdf_hash_func);
 
 		remove_spaces(oakd->as_rs_alg);
 
 		remove_spaces(oakd->as_rs_alg);
 
-		remove_spaces(oakd->auth_alg);
 
 
 
-		normalize_algorithm(oakd->hkdf_hash_func);
 
 		normalize_algorithm(oakd->as_rs_alg);
 
 		normalize_algorithm(oakd->as_rs_alg);
 
-		normalize_algorithm(oakd->auth_alg);
 
 
 
 		if(!(oakd->kid[0])) {
 
 		if(!(oakd->kid[0])) {
 
 			if(err_msg) {
 
 			if(err_msg) {
 
@@ -2122,10 +2074,6 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
 
 
 
 		STRCPY(key->kid,oakd->kid);
 
 		STRCPY(key->kid,oakd->kid);
 
 
 
-		ns_bcopy(oakd->as_rs_key,key->as_rs_key,sizeof(key->as_rs_key));
 
-		key->as_rs_key_size = oakd->as_rs_key_size;
 
-		ns_bcopy(oakd->auth_key,key->auth_key,sizeof(key->auth_key));
 
-		key->auth_key_size = oakd->auth_key_size;
 
 		ns_bcopy(oakd->ikm_key,key->ikm_key,sizeof(key->ikm_key));
 
 		ns_bcopy(oakd->ikm_key,key->ikm_key,sizeof(key->ikm_key));
 
 		key->ikm_key_size = oakd->ikm_key_size;
 
 		key->ikm_key_size = oakd->ikm_key_size;
 
 
 
@@ -2135,57 +2083,20 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
 
 		if(!(key->timestamp)) key->timestamp = OAUTH_DEFAULT_TIMESTAMP;
 
 		if(!(key->timestamp)) key->timestamp = OAUTH_DEFAULT_TIMESTAMP;
 
 		if(!(key->lifetime)) key->lifetime = OAUTH_DEFAULT_LIFETIME;
 
 		if(!(key->lifetime)) key->lifetime = OAUTH_DEFAULT_LIFETIME;
 
 
 
-		key->hkdf_hash_func = SHATYPE_SHA256;
 
-		if(!strcmp(oakd->hkdf_hash_func,"SHA1") || !strcmp(oakd->hkdf_hash_func,"SHA-1")) {
 
-			key->hkdf_hash_func = SHATYPE_SHA1;
 
-		} else if(!strcmp(oakd->hkdf_hash_func,"SHA256") || !strcmp(oakd->hkdf_hash_func,"SHA-256")) {
 
-			key->hkdf_hash_func = SHATYPE_SHA256;
 
-		} else if(!strcmp(oakd->hkdf_hash_func,"SHA384") || !strcmp(oakd->hkdf_hash_func,"SHA-384")) {
 
-			key->hkdf_hash_func = SHATYPE_SHA384;
 
-		} else if(!strcmp(oakd->hkdf_hash_func,"SHA512") || !strcmp(oakd->hkdf_hash_func,"SHA-512")) {
 
-			key->hkdf_hash_func = SHATYPE_SHA512;
 
-		} else if(oakd->hkdf_hash_func[0]) {
 
-			if(err_msg) {
 
-				snprintf(err_msg,err_msg_size,"Wrong HKDF hash function algorithm: %s",oakd->hkdf_hash_func);
 
-			}
 
-			OAUTH_ERROR("Wrong HKDF hash function algorithm: %s\n",oakd->hkdf_hash_func);
 
-			return -1;
 
-		}
 
-
 
-		key->auth_alg = AUTH_ALG_DEFAULT;
 
-		if(!strcmp(oakd->auth_alg,"HMAC-SHA-1") || !strcmp(oakd->auth_alg,"HMAC-SHA1")) {
 
-			key->auth_alg = AUTH_ALG_HMAC_SHA_1;
 
-		} else if(!strcmp(oakd->auth_alg,"HMAC-SHA-256")) {
 
-			key->auth_alg = AUTH_ALG_HMAC_SHA_256;
 
-		} else if(!strcmp(oakd->auth_alg,"HMAC-SHA-384")) {
 
-			key->auth_alg = AUTH_ALG_HMAC_SHA_384;
 
-		} else if(!strcmp(oakd->auth_alg,"HMAC-SHA-512")) {
 
-			key->auth_alg = AUTH_ALG_HMAC_SHA_512;
 
-		} else if(!strcmp(oakd->auth_alg,"HMAC-SHA-256-128")) {
 
-			key->auth_alg = AUTH_ALG_HMAC_SHA_256_128;
 
-		} else if(oakd->auth_alg[0]) {
 
-			if(err_msg) {
 
-				snprintf(err_msg,err_msg_size,"Wrong oAuth token hash algorithm: %s (1)\n",oakd->auth_alg);
 
-			}
 
-			key->auth_alg = AUTH_ALG_ERROR;
 
-			OAUTH_ERROR("Wrong oAuth token hash algorithm: %s (2)\n",oakd->auth_alg);
 
-			return -1;
 
-		} else {
 
-			key->auth_alg = AUTH_ALG_UNDEFINED;
 
-		}
 
-
 
+		key->as_rs_alg = ENC_ALG_ERROR;
 
+#if !defined(TURN_NO_GCM)
 
 		key->as_rs_alg = ENC_ALG_DEFAULT;
 
 		key->as_rs_alg = ENC_ALG_DEFAULT;
 
-		if(!strcmp(oakd->as_rs_alg,"AES-128-CBC")) {
 
-			key->as_rs_alg = AES_128_CBC;
 
-		} else if(!strcmp(oakd->as_rs_alg,"AES-256-CBC")) {
 
-			key->as_rs_alg = AES_256_CBC;
 
-		} else if(!strcmp(oakd->as_rs_alg,"AEAD-AES-128-GCM")) {
 
-			key->as_rs_alg = AEAD_AES_128_GCM;
 
-			key->auth_alg = AUTH_ALG_UNDEFINED;
 
-		} else if(!strcmp(oakd->as_rs_alg,"AEAD-AES-256-GCM")) {
 
-			key->as_rs_alg = AEAD_AES_256_GCM;
 
-			key->auth_alg = AUTH_ALG_UNDEFINED;
 
-		} else if(oakd->as_rs_alg[0]) {
 
+		if(!strcmp(oakd->as_rs_alg,"A128GCM")) {
 
+			key->as_rs_alg = A128GCM;
 
+			key->auth_key_size = 0;
 
+			key->auth_key[0] = 0;
 
+		} else if(!strcmp(oakd->as_rs_alg,"A256GCM")) {
 
+			key->as_rs_alg = A256GCM;
 
+			key->auth_key_size = 0;
 
+			key->auth_key[0] = 0;
 
+		} else 
+#endif
 
+		{
 
 			if(err_msg) {
 
 			if(err_msg) {
 
 				snprintf(err_msg,err_msg_size,"Wrong oAuth token encryption algorithm: %s (2)\n",oakd->as_rs_alg);
 
 				snprintf(err_msg,err_msg_size,"Wrong oAuth token encryption algorithm: %s (2)\n",oakd->as_rs_alg);
 
 			}
 
 			}
 
@@ -2193,39 +2104,33 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
 
 			return -1;
 
 			return -1;
 
 		}
 
 		}
 
 
 
-		if(key->auth_alg == AUTH_ALG_UNDEFINED) {
 
-			//AEAD
 
-			key->auth_key_size = 0;
 
-			key->auth_key[0] = 0;
 
-		} else if(!(key->auth_key_size)) {
 
-			key->auth_key_size = calculate_auth_key_length(key->auth_alg);
 
-			if(calculate_key(key->ikm_key,key->ikm_key_size,key->auth_key,key->auth_key_size,key->hkdf_hash_func,err_msg,err_msg_size,"AUTH key")<0) {
 
+#if !defined(TURN_NO_GCM)
 
+
 
+		key->auth_key_size = calculate_auth_key_length(key->as_rs_alg);
 
+		if(key->auth_key_size) {
 
+			if(calculate_key(key->ikm_key,key->ikm_key_size,key->auth_key,key->auth_key_size)<0) {
 
 				return -1;
 
 				return -1;
 
 			}
 
 			}
 
 		}
 
 		}
 
 
 
-		if(!(key->as_rs_key_size)) {
 
-			key->as_rs_key_size = calculate_enc_key_length(key->as_rs_alg);
 
-			if(calculate_key(key->ikm_key,key->ikm_key_size,key->as_rs_key,key->as_rs_key_size,key->hkdf_hash_func,err_msg,err_msg_size,"AS-RS key")<0) {
 
-				return -1;
 
-			}
 
+		key->as_rs_key_size = calculate_enc_key_length(key->as_rs_alg);
 
+		if(calculate_key(key->ikm_key,key->ikm_key_size,key->as_rs_key,key->as_rs_key_size)<0) {
 
+			return -1;
 
 		}
 
 		}
 
+#endif
 
 	}
 
 	}
 
 
 
 	return 0;
 
 	return 0;
 
 }
 
 }
 
 
 
-static const EVP_CIPHER *get_cipher_type(ENC_ALG enc_alg)
 
+const EVP_CIPHER *get_cipher_type(ENC_ALG enc_alg);
 
+const EVP_CIPHER *get_cipher_type(ENC_ALG enc_alg)
 
 {
 
 {
 
 	switch(enc_alg) {
 
 	switch(enc_alg) {
 
-	case AES_256_CBC:
 
-		return EVP_aes_256_cbc();
 
-	case AES_128_CBC:
 
-		return EVP_aes_128_cbc();
 
 #if !defined(TURN_NO_GCM)
 
 #if !defined(TURN_NO_GCM)
 
-	case AEAD_AES_128_GCM:
 
+	case A128GCM:
 
 		return EVP_aes_128_gcm();
 
 		return EVP_aes_128_gcm();
 
-	case AEAD_AES_256_GCM:
 
+	case A256GCM:
 
 		return EVP_aes_256_gcm();
 
 		return EVP_aes_256_gcm();
 
 #endif
 
 #endif
 
 	default:
 
 	default:
 
@@ -2235,45 +2140,9 @@ static const EVP_CIPHER *get_cipher_type(ENC_ALG enc_alg)
 
 	return NULL;
 
 	return NULL;
 
 }
 
 }
 
 
 
-static const EVP_MD *get_auth_type(AUTH_ALG aa)
 
-{
 
-	switch(aa) {
 
-	case AUTH_ALG_HMAC_SHA_1:
 
-		return EVP_sha1();
 
-#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
 
-	case AUTH_ALG_HMAC_SHA_256_128:
 
-	case AUTH_ALG_HMAC_SHA_256:
 
-		return EVP_sha256();
 
-#endif
 
-#if !defined(OPENSSL_NO_SHA384) && defined(SHA384_DIGEST_LENGTH)
 
-	case AUTH_ALG_HMAC_SHA_384:
 
-		return EVP_sha384();
 
-#endif
 
-#if !defined(OPENSSL_NO_SHA512) && defined(SHA512_DIGEST_LENGTH)
 
-	case AUTH_ALG_HMAC_SHA_512:
 
-		return EVP_sha512();
 
-#endif
 
-	default:
 
-		break;
 
-	};
 
-	OAUTH_ERROR("%s: Unknown auth algorithm: %d\n",__FUNCTION__,(int)aa);
 
-	return NULL;
 
-}
 
-
 
-static void update_hmac_len(AUTH_ALG aa, unsigned int *hmac_len)
 
-{
 
-	if(hmac_len) {
 
-		switch(aa) {
 
-		case AUTH_ALG_HMAC_SHA_256_128:
 
-			*hmac_len = 16;
 
-			break;
 
-		default:
 
-			break;
 
-		};
 
-	}
 
-}
 
-
 
-static int my_EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
+int my_EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
+			 int *outl, const unsigned char *in, int inl);
 
+int my_EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 		int *outl, const unsigned char *in, int inl)
 
 		int *outl, const unsigned char *in, int inl)
 
 {
 
 {
 
 	int cycle = 0;
 
 	int cycle = 0;
 
@@ -2292,7 +2161,9 @@ static int my_EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 	return 1;
 
 	return 1;
 
 }
 
 }
 
 
 
-static int my_EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
+int my_EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
+			 int *outl, const unsigned char *in, int inl);
 
+int my_EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 		int *outl, const unsigned char *in, int inl)
 
 		int *outl, const unsigned char *in, int inl)
 
 {
 
 {
 
 	int cycle = 0;
 
 	int cycle = 0;
 
@@ -2321,8 +2192,15 @@ void print_field(const char* name, const unsigned char* f, size_t len) {
 
 	printf("\n<<==field %s\n",name);
 
 	printf("\n<<==field %s\n",name);
 
 }
 
 }
 
 
 
-static int encode_oauth_token_normal(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken)
 
+int encode_oauth_token_normal(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken);
 
+int encode_oauth_token_normal(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken)
 
 {
 
 {
 
+	UNUSED_ARG(server_name);
 
+	UNUSED_ARG(etoken);
 
+	UNUSED_ARG(key);
 
+	UNUSED_ARG(dtoken);
 
+
 
+	/*
 
 	if(server_name && etoken && key && dtoken && (dtoken->enc_block.key_length<=128)) {
 
 	if(server_name && etoken && key && dtoken && (dtoken->enc_block.key_length<=128)) {
 
 
 
 		unsigned char orig_field[MAX_ENCODED_OAUTH_TOKEN_SIZE];
 
 		unsigned char orig_field[MAX_ENCODED_OAUTH_TOKEN_SIZE];
 
@@ -2384,11 +2262,19 @@ static int encode_oauth_token_normal(const u08bits *server_name, encoded_oauth_t
 
 
 
 		return 0;
 
 		return 0;
 
 	}
 
 	}
 
+	*/
 
 	return -1;
 
 	return -1;
 
 }
 
 }
 
 
 
-static int decode_oauth_token_normal(const u08bits *server_name, const encoded_oauth_token *etoken, const oauth_key *key, oauth_token *dtoken)
 
+int decode_oauth_token_normal(const u08bits *server_name, const encoded_oauth_token *etoken, const oauth_key *key, oauth_token *dtoken);
 
+int decode_oauth_token_normal(const u08bits *server_name, const encoded_oauth_token *etoken, const oauth_key *key, oauth_token *dtoken)
 
 {
 
 {
 
+	UNUSED_ARG(server_name);
 
+	UNUSED_ARG(etoken);
 
+	UNUSED_ARG(key);
 
+	UNUSED_ARG(dtoken);
 
+
 
+	/*
 
 	if(server_name && etoken && key && dtoken) {
 
 	if(server_name && etoken && key && dtoken) {
 
 
 
 		size_t mac_size = calculate_auth_output_length(key->auth_alg);
 
 		size_t mac_size = calculate_auth_output_length(key->auth_alg);
 
@@ -2462,6 +2348,7 @@ static int decode_oauth_token_normal(const u08bits *server_name, const encoded_o
 
 
 
 		return 0;
 
 		return 0;
 
 	}
 
 	}
 
+	*/
 
 	return -1;
 
 	return -1;
 
 }
 
 }
 
 
 
@@ -2476,14 +2363,27 @@ static void generate_random_nonce(unsigned char *nonce, size_t sz) {
 
 
 
 #if !defined(TURN_NO_GCM)
 
 #if !defined(TURN_NO_GCM)
 
 
 
-static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken, const u08bits* nonce0)
 
-{
 
-	if(server_name && etoken && key && dtoken && (dtoken->enc_block.key_length<128)) {
 
+static int encode_oauth_token_gcm(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken, const u08bits* nonce0) {
 
+	if(server_name && etoken && key && dtoken && (dtoken->enc_block.key_length<=MAXSHASIZE)) {
 
 
 
 		unsigned char orig_field[MAX_ENCODED_OAUTH_TOKEN_SIZE];
 
 		unsigned char orig_field[MAX_ENCODED_OAUTH_TOKEN_SIZE];
 
 		ns_bzero(orig_field,sizeof(orig_field));
 
 		ns_bzero(orig_field,sizeof(orig_field));
 
 
 
+		unsigned char nonce[OAUTH_GCM_NONCE_SIZE];
 
+		if(nonce0) {
 
+			ns_bcopy(nonce0,nonce,sizeof(nonce));
 
+		} else {
 
+			generate_random_nonce(nonce, sizeof(nonce));
 
+		}
 
+
 
 		size_t len = 0;
 
 		size_t len = 0;
 
+
 
+		*((uint16_t*)(orig_field+len)) = nswap16(OAUTH_GCM_NONCE_SIZE);
 
+		len +=2;
 
+
 
+		ns_bcopy(nonce,orig_field+len,OAUTH_GCM_NONCE_SIZE);
 
+		len += OAUTH_GCM_NONCE_SIZE;
 
+
 
 		*((uint16_t*)(orig_field+len)) = nswap16(dtoken->enc_block.key_length);
 
 		*((uint16_t*)(orig_field+len)) = nswap16(dtoken->enc_block.key_length);
 
 		len +=2;
 
 		len +=2;
 
 
 
@@ -2500,15 +2400,6 @@ static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_tok
 
 		if(!cipher)
 
 		if(!cipher)
 
 			return -1;
 
 			return -1;
 
 
 
-		unsigned char *encoded_field = (unsigned char*)etoken->token;
 
-
 
-		unsigned char nonce[OAUTH_AEAD_NONCE_SIZE];
 
-		if(nonce0) {
 
-			ns_bcopy(nonce0,nonce,sizeof(nonce));
 
-		} else {
 
-			generate_random_nonce(nonce, sizeof(nonce));
 
-		}
 
-
 
 		EVP_CIPHER_CTX ctx;
 
 		EVP_CIPHER_CTX ctx;
 
 		EVP_CIPHER_CTX_init(&ctx);
 
 		EVP_CIPHER_CTX_init(&ctx);
 
 
 
@@ -2519,7 +2410,7 @@ static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_tok
 
 		EVP_CIPHER_CTX_set_padding(&ctx,1);
 
 		EVP_CIPHER_CTX_set_padding(&ctx,1);
 
 
 
 		/* Set IV length if default 12 bytes (96 bits) is not appropriate */
 
 		/* Set IV length if default 12 bytes (96 bits) is not appropriate */
 
-		if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, OAUTH_AEAD_NONCE_SIZE, NULL))
 
+		if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, OAUTH_GCM_NONCE_SIZE, NULL))
 
 			return -1;
 
 			return -1;
 
 
 
 		/* Initialize key and IV */
 
 		/* Initialize key and IV */
 
@@ -2536,21 +2427,23 @@ static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_tok
 
 			return -1;
 
 			return -1;
 
 
 
 		outl=0;
 
 		outl=0;
 
+		unsigned char *encoded_field = (unsigned char*)etoken->token;
 
+		ns_bcopy(orig_field,encoded_field,OAUTH_GCM_NONCE_SIZE + 2);
 
+		encoded_field += OAUTH_GCM_NONCE_SIZE + 2;
 
+		unsigned char *start_field = orig_field + OAUTH_GCM_NONCE_SIZE + 2;
 
+		len -= OAUTH_GCM_NONCE_SIZE + 2;
 
 
 
-		if(1 != my_EVP_EncryptUpdate(&ctx, encoded_field, &outl, orig_field, (int)len))
 
+		if(1 != my_EVP_EncryptUpdate(&ctx, encoded_field, &outl, start_field, (int)len))
 
 			return -1;
 
 			return -1;
 
 
 
 		int tmp_outl = 0;
 
 		int tmp_outl = 0;
 
 		EVP_EncryptFinal_ex(&ctx, encoded_field + outl, &tmp_outl);
 
 		EVP_EncryptFinal_ex(&ctx, encoded_field + outl, &tmp_outl);
 
 		outl += tmp_outl;
 
 		outl += tmp_outl;
 
 
 
-		EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, OAUTH_AEAD_TAG_SIZE, encoded_field + outl);
 
-		outl += OAUTH_AEAD_TAG_SIZE;
 
+		EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, OAUTH_GCM_TAG_SIZE, encoded_field + outl);
 
+		outl += OAUTH_GCM_TAG_SIZE;
 
 
 
-		ns_bcopy(nonce, encoded_field + outl, OAUTH_AEAD_NONCE_SIZE);
 
-		outl += OAUTH_AEAD_NONCE_SIZE; //encoded+tag+hmac
 
-
 
-		etoken->size = outl;
 
+		etoken->size = 2 + OAUTH_GCM_NONCE_SIZE + outl;
 
 
 
 		EVP_CIPHER_CTX_cleanup(&ctx);
 
 		EVP_CIPHER_CTX_cleanup(&ctx);
 
 
 
@@ -2559,22 +2452,28 @@ static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_tok
 
 	return -1;
 
 	return -1;
 
 }
 
 }
 
 
 
-static int decode_oauth_token_aead(const u08bits *server_name, const encoded_oauth_token *etoken, const oauth_key *key, oauth_token *dtoken)
 
+static int decode_oauth_token_gcm(const u08bits *server_name, const encoded_oauth_token *etoken, const oauth_key *key, oauth_token *dtoken)
 
 {
 
 {
 
 	if(server_name && etoken && key && dtoken) {
 
 	if(server_name && etoken && key && dtoken) {
 
 
 
-		size_t min_encoded_field_size = 2+4+8+OAUTH_AEAD_NONCE_SIZE+OAUTH_AEAD_TAG_SIZE+1;
 
+		unsigned char snl[2];
 
+		ns_bcopy((const unsigned char*)(etoken->token),snl,2);
 
+		const unsigned char *csnl = snl;
 
+
 
+		uint16_t nonce_len = nswap16(*((const uint16_t*)csnl));
 
+
 
+		size_t min_encoded_field_size = 2+4+8+nonce_len+2+OAUTH_GCM_TAG_SIZE+1;
 
 		if(etoken->size < min_encoded_field_size) {
 
 		if(etoken->size < min_encoded_field_size) {
 
 			OAUTH_ERROR("%s: token size too small: %d\n",__FUNCTION__,(int)etoken->size);
 
 			OAUTH_ERROR("%s: token size too small: %d\n",__FUNCTION__,(int)etoken->size);
 
 			return -1;
 
 			return -1;
 
 		}
 
 		}
 
 
 
-		const unsigned char* encoded_field = (const unsigned char*)etoken->token;
 
-		unsigned int encoded_field_size = (unsigned int)etoken->size-OAUTH_AEAD_NONCE_SIZE - OAUTH_AEAD_TAG_SIZE;
 
-		const unsigned char* nonce = ((const unsigned char*)etoken->token) + encoded_field_size + OAUTH_AEAD_TAG_SIZE;
 
+		const unsigned char* encoded_field = (const unsigned char*)(etoken->token + nonce_len + 2);
 
+		unsigned int encoded_field_size = (unsigned int)etoken->size - nonce_len - 2 - OAUTH_GCM_TAG_SIZE;
 
+		const unsigned char* nonce = ((const unsigned char*)etoken->token + 2);
 
 
 
-		unsigned char tag[OAUTH_AEAD_TAG_SIZE];
 
-		ns_bcopy(((const unsigned char*)etoken->token) + encoded_field_size, tag ,sizeof(tag));
 
+		unsigned char tag[OAUTH_GCM_TAG_SIZE];
 
+		ns_bcopy(((const unsigned char*)etoken->token) + nonce_len + 2 + encoded_field_size, tag ,sizeof(tag));
 
 
 
 		unsigned char decoded_field[MAX_ENCODED_OAUTH_TOKEN_SIZE];
 
 		unsigned char decoded_field[MAX_ENCODED_OAUTH_TOKEN_SIZE];
 
 
 
@@ -2595,7 +2494,7 @@ static int decode_oauth_token_aead(const u08bits *server_name, const encoded_oau
 
 		//EVP_CIPHER_CTX_set_padding(&ctx,1);
 
 		//EVP_CIPHER_CTX_set_padding(&ctx,1);
 
 
 
 		/* Set IV length if default 12 bytes (96 bits) is not appropriate */
 
 		/* Set IV length if default 12 bytes (96 bits) is not appropriate */
 
-		if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, OAUTH_AEAD_NONCE_SIZE, NULL)) {
 
+		if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, nonce_len, NULL)) {
 
 			OAUTH_ERROR("%s: Cannot set nonce length\n",__FUNCTION__);
 
 			OAUTH_ERROR("%s: Cannot set nonce length\n",__FUNCTION__);
 
 			return -1;
 
 			return -1;
 
 		}
 
 		}
 
@@ -2608,7 +2507,7 @@ static int decode_oauth_token_aead(const u08bits *server_name, const encoded_oau
 
 
 
 		/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
 
 		/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
 
 		  +         * required the tag before any AAD or ciphertext */
 
 		  +         * required the tag before any AAD or ciphertext */
 
-		EVP_CIPHER_CTX_ctrl (&ctx, EVP_CTRL_GCM_SET_TAG, OAUTH_AEAD_TAG_SIZE, tag);
 
+		EVP_CIPHER_CTX_ctrl (&ctx, EVP_CTRL_GCM_SET_TAG, OAUTH_GCM_TAG_SIZE, tag);
 
 
 
 		int outl=0;
 
 		int outl=0;
 
 		size_t sn_len = strlen((const char*)server_name);
 
 		size_t sn_len = strlen((const char*)server_name);
 
@@ -2661,13 +2560,10 @@ int encode_oauth_token(const u08bits *server_name, encoded_oauth_token *etoken,
 
 	UNUSED_ARG(nonce);
 
 	UNUSED_ARG(nonce);
 
 	if(server_name && etoken && key && dtoken) {
 
 	if(server_name && etoken && key && dtoken) {
 
 		switch(key->as_rs_alg) {
 
 		switch(key->as_rs_alg) {
 
-		case AES_256_CBC:
 
-		case AES_128_CBC:
 
-			return encode_oauth_token_normal(server_name, etoken,key,dtoken);
 
 #if !defined(TURN_NO_GCM)
 
 #if !defined(TURN_NO_GCM)
 
-		case AEAD_AES_128_GCM:
 
-		case AEAD_AES_256_GCM:
 
-			return encode_oauth_token_aead(server_name, etoken,key,dtoken,nonce);
 
+		case A256GCM:
 
+		case A128GCM:
 
+			return encode_oauth_token_gcm(server_name, etoken,key,dtoken,nonce);
 
 #endif
 
 #endif
 
 		default:
 
 		default:
 
 			fprintf(stderr,"Unsupported AS_RS algorithm: %d\n",(int)key->as_rs_alg);
 
 			fprintf(stderr,"Unsupported AS_RS algorithm: %d\n",(int)key->as_rs_alg);
 
@@ -2681,13 +2577,10 @@ int decode_oauth_token(const u08bits *server_name, const encoded_oauth_token *et
 
 {
 
 {
 
 	if(server_name && etoken && key && dtoken) {
 
 	if(server_name && etoken && key && dtoken) {
 
 		switch(key->as_rs_alg) {
 
 		switch(key->as_rs_alg) {
 
-		case AES_256_CBC:
 
-		case AES_128_CBC:
 
-			return decode_oauth_token_normal(server_name, etoken,key,dtoken);
 
 #if !defined(TURN_NO_GCM)
 
 #if !defined(TURN_NO_GCM)
 
-		case AEAD_AES_128_GCM:
 
-		case AEAD_AES_256_GCM:
 
-			return decode_oauth_token_aead(server_name, etoken,key,dtoken);
 
+		case A256GCM:
 
+		case A128GCM:
 
+			return decode_oauth_token_gcm(server_name, etoken,key,dtoken);
 
 #endif
 
 #endif
 
 		default:
 
 		default:
 
 			fprintf(stderr,"Unsupported AS_RS algorithm: %d\n",(int)key->as_rs_alg);
 
 			fprintf(stderr,"Unsupported AS_RS algorithm: %d\n",(int)key->as_rs_alg);

+ 5 - 3
src/client/ns_turn_msg.h
View File 

@@ -134,6 +134,8 @@ void stun_tid_generate_in_message_str(u08bits* buf, stun_tid* id);
 
 
 
 int stun_get_command_message_len_str(const u08bits* buf, size_t len);
 
 int stun_get_command_message_len_str(const u08bits* buf, size_t len);
 
 
 
+const u08bits* get_default_reason(int error_code);
 
+
 
 int stun_attr_is_addr(stun_attr_ref attr);
 
 int stun_attr_is_addr(stun_attr_ref attr);
 
 int stun_attr_get_type(stun_attr_ref attr);
 
 int stun_attr_get_type(stun_attr_ref attr);
 
 int stun_attr_get_len(stun_attr_ref attr);
 
 int stun_attr_get_len(stun_attr_ref attr);
 
@@ -151,9 +153,9 @@ int stun_attr_get_addr_str(const u08bits *buf, size_t len, stun_attr_ref attr, i
 
 int stun_attr_get_first_addr_str(const u08bits *buf, size_t len, u16bits attr_type, ioa_addr* ca, const ioa_addr *default_addr);
 
 int stun_attr_get_first_addr_str(const u08bits *buf, size_t len, u16bits attr_type, ioa_addr* ca, const ioa_addr *default_addr);
 
 int stun_attr_add_channel_number_str(u08bits* buf, size_t *len, u16bits chnumber);
 
 int stun_attr_add_channel_number_str(u08bits* buf, size_t *len, u16bits chnumber);
 
 int stun_attr_add_bandwidth_str(u08bits* buf, size_t *len, band_limit_t bps);
 
 int stun_attr_add_bandwidth_str(u08bits* buf, size_t *len, band_limit_t bps);
 
-int stun_attr_add_address_error_code(u08bits* buf, size_t *len, int requested_address_family, u08bits error_code);
 
+int stun_attr_add_address_error_code(u08bits* buf, size_t *len, int requested_address_family, int error_code);
 
 /* return +1 if present, 0 if not, -1 if error: */
 
 /* return +1 if present, 0 if not, -1 if error: */
 
-int stun_attr_get_address_error_code(u08bits* buf, size_t len, int *requested_address_family, u08bits *error_code);
 
+int stun_attr_get_address_error_code(u08bits* buf, size_t len, int *requested_address_family, int *error_code);
 
 u16bits stun_attr_get_first_channel_number_str(const u08bits *buf, size_t len);
 
 u16bits stun_attr_get_first_channel_number_str(const u08bits *buf, size_t len);
 
 
 
 int stun_set_allocate_request_str(u08bits* buf, size_t *len, u32bits lifetime, int af4, int af6, u08bits transport, int mobile, const char* rt, int ep);
 
 int stun_set_allocate_request_str(u08bits* buf, size_t *len, u32bits lifetime, int af4, int af6, u08bits transport, int mobile, const char* rt, int ep);
 
@@ -179,7 +181,7 @@ void print_bin_func(const char *name, size_t len, const void *s, const char *fun
 
 /*
 
 /*
 
  * Return -1 if failure, 0 if the integrity is not correct, 1 if OK
 
  * Return -1 if failure, 0 if the integrity is not correct, 1 if OK
 
  */
 
  */
 
-int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype, int *too_weak);
 
+int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype);
 
 int stun_check_message_integrity_str(turn_credential_type ct, u08bits *buf, size_t len, u08bits *uname, u08bits *realm, u08bits *upwd, SHATYPE shatype);
 
 int stun_check_message_integrity_str(turn_credential_type ct, u08bits *buf, size_t len, u08bits *uname, u08bits *realm, u08bits *upwd, SHATYPE shatype);
 
 int stun_attr_add_integrity_str(turn_credential_type ct, u08bits *buf, size_t *len, hmackey_t key, password_t pwd, SHATYPE shatype);
 
 int stun_attr_add_integrity_str(turn_credential_type ct, u08bits *buf, size_t *len, hmackey_t key, password_t pwd, SHATYPE shatype);
 
 int stun_attr_add_integrity_by_key_str(u08bits *buf, size_t *len, u08bits *uname, u08bits *realm, hmackey_t key, u08bits *nonce, SHATYPE shatype);
 
 int stun_attr_add_integrity_by_key_str(u08bits *buf, size_t *len, u08bits *uname, u08bits *realm, hmackey_t key, u08bits *nonce, SHATYPE shatype);

+ 12 - 37
src/client/ns_turn_msg_defs_new.h
View File 

@@ -44,7 +44,7 @@
 
 
 
 /* <<== Bandwidth */
 
 /* <<== Bandwidth */
 
 
 
-/* SHA AGILITY ==>> */
 
+/* SHA ==>> */
 
 
 
 #define SHA1SIZEBYTES (20)
 
 #define SHA1SIZEBYTES (20)
 
 #define SHA256SIZEBYTES (32)
 
 #define SHA256SIZEBYTES (32)
 
@@ -66,44 +66,24 @@ typedef enum _SHATYPE SHATYPE;
 
 
 
 #define shatype_name(sht) ((sht == SHATYPE_SHA1) ? "SHA1" : ((sht == SHATYPE_SHA256) ? "SHA256" : ((sht == SHATYPE_SHA384) ? "SHA384" : "SHA512")))
 
 #define shatype_name(sht) ((sht == SHATYPE_SHA1) ? "SHA1" : ((sht == SHATYPE_SHA256) ? "SHA256" : ((sht == SHATYPE_SHA384) ? "SHA384" : "SHA512")))
 
 
 
-#define SHA_TOO_WEAK_ERROR_CODE (426)
 
-#define SHA_TOO_WEAK_ERROR_REASON ((const u08bits*)("credentials too weak"))
 
-
 
-/* <<== SHA AGILITY */
 
+/* <<== SHA */
 
 
 
 /* OAUTH TOKEN ENC ALG ==> */
 
 /* OAUTH TOKEN ENC ALG ==> */
 
 
 
 enum _ENC_ALG {
 
 enum _ENC_ALG {
 
 	ENC_ALG_ERROR=-1,
 
 	ENC_ALG_ERROR=-1,
 
+#if !defined(TURN_NO_GCM)
 
 	ENC_ALG_DEFAULT=0,
 
 	ENC_ALG_DEFAULT=0,
 
-	AES_256_CBC=ENC_ALG_DEFAULT,
 
-	AES_128_CBC,
 
-	AEAD_AES_128_GCM,
 
-	AEAD_AES_256_GCM,
 
-	ENG_ALG_NUM
 
+	A256GCM=ENC_ALG_DEFAULT,
 
+	A128GCM,
 
+#endif
 
+	ENC_ALG_NUM
 
 };
 
 };
 
 
 
 typedef enum _ENC_ALG ENC_ALG;
 
 typedef enum _ENC_ALG ENC_ALG;
 
 
 
 /* <<== OAUTH TOKEN ENC ALG */
 
 /* <<== OAUTH TOKEN ENC ALG */
 
 
 
-/* OAUTH TOKEN AUTH ALG ==> */
 
-
 
-enum _AUTH_ALG {
 
-	AUTH_ALG_ERROR = -1,
 
-	AUTH_ALG_UNDEFINED = 0,
 
-	AUTH_ALG_DEFAULT = 1,
 
-	AUTH_ALG_HMAC_SHA_256_128 = AUTH_ALG_DEFAULT,
 
-	AUTH_ALG_HMAC_SHA_1,
 
-	AUTH_ALG_HMAC_SHA_256,
 
-	AUTH_ALG_HMAC_SHA_384,
 
-	AUTH_ALG_HMAC_SHA_512
 
-};
 
-
 
-typedef enum _AUTH_ALG AUTH_ALG;
 
-
 
-/* <<== OAUTH TOKEN AUTH ALG */
 
-
 
 /**
 
 /**
 
  * oAuth struct
 
  * oAuth struct
 
  */
 
  */
 
@@ -115,8 +95,9 @@ typedef enum _AUTH_ALG AUTH_ALG;
 
 #define OAUTH_HASH_FUNC_SIZE (64)
 
 #define OAUTH_HASH_FUNC_SIZE (64)
 
 #define OAUTH_ALG_SIZE (64)
 
 #define OAUTH_ALG_SIZE (64)
 
 #define OAUTH_KEY_SIZE (256)
 
 #define OAUTH_KEY_SIZE (256)
 
-#define OAUTH_AEAD_NONCE_SIZE (12)
 
-#define OAUTH_AEAD_TAG_SIZE (16)
 
+#define OAUTH_GCM_NONCE_SIZE (12)
 
+#define OAUTH_MAX_NONCE_SIZE (256)
 
+#define OAUTH_GCM_TAG_SIZE (16)
 
 #define OAUTH_ENC_ALG_BLOCK_SIZE (16)
 
 #define OAUTH_ENC_ALG_BLOCK_SIZE (16)
 
 
 
 #define OAUTH_DEFAULT_LIFETIME (0)
 
 #define OAUTH_DEFAULT_LIFETIME (0)
 
@@ -130,13 +111,7 @@ struct _oauth_key_data {
 
 	size_t ikm_key_size;
 
 	size_t ikm_key_size;
 
 	turn_time_t timestamp;
 
 	turn_time_t timestamp;
 
 	turn_time_t lifetime;
 
 	turn_time_t lifetime;
 
-	char hkdf_hash_func[OAUTH_HASH_FUNC_SIZE+1];
 
 	char as_rs_alg[OAUTH_ALG_SIZE+1];
 
 	char as_rs_alg[OAUTH_ALG_SIZE+1];
 
-	char as_rs_key[OAUTH_KEY_SIZE+1];
 
-	size_t as_rs_key_size;
 
-	char auth_alg[OAUTH_ALG_SIZE+1];
 
-	char auth_key[OAUTH_KEY_SIZE+1];
 
-	size_t auth_key_size;
 
 };
 
 };
 
 
 
 typedef struct _oauth_key_data oauth_key_data;
 
 typedef struct _oauth_key_data oauth_key_data;
 
@@ -147,11 +122,9 @@ struct _oauth_key {
 
 	size_t ikm_key_size;
 
 	size_t ikm_key_size;
 
 	turn_time_t timestamp;
 
 	turn_time_t timestamp;
 
 	turn_time_t lifetime;
 
 	turn_time_t lifetime;
 
-	SHATYPE hkdf_hash_func;
 
 	ENC_ALG as_rs_alg;
 
 	ENC_ALG as_rs_alg;
 
 	char as_rs_key[OAUTH_KEY_SIZE+1];
 
 	char as_rs_key[OAUTH_KEY_SIZE+1];
 
 	size_t as_rs_key_size;
 
 	size_t as_rs_key_size;
 
-	AUTH_ALG auth_alg;
 
 	char auth_key[OAUTH_KEY_SIZE+1];
 
 	char auth_key[OAUTH_KEY_SIZE+1];
 
 	size_t auth_key_size;
 
 	size_t auth_key_size;
 
 };
 
 };
 
@@ -159,6 +132,8 @@ struct _oauth_key {
 
 typedef struct _oauth_key oauth_key;
 
 typedef struct _oauth_key oauth_key;
 
 
 
 struct _oauth_encrypted_block {
 
 struct _oauth_encrypted_block {
 
+	uint16_t nonce_length;
 
+	uint8_t nonce[OAUTH_MAX_NONCE_SIZE];
 
 	uint16_t key_length;
 
 	uint16_t key_length;
 
 	uint8_t mac_key[MAXSHASIZE];
 
 	uint8_t mac_key[MAXSHASIZE];
 
 	uint64_t timestamp;
 
 	uint64_t timestamp;

+ 1 - 1
src/ns_turn_defs.h
View File 

@@ -31,7 +31,7 @@
 
 #ifndef __IOADEFS__
 
 #ifndef __IOADEFS__
 
 #define __IOADEFS__
 
 #define __IOADEFS__
 
 
 
-#define TURN_SERVER_VERSION "4.4.4.2"
 
+#define TURN_SERVER_VERSION "4.4.5.1"
 
 #define TURN_SERVER_VERSION_NAME "Ardee West"
 
 #define TURN_SERVER_VERSION_NAME "Ardee West"
 
 #define TURN_SOFTWARE "Coturn-" TURN_SERVER_VERSION " '" TURN_SERVER_VERSION_NAME "'"
 
 #define TURN_SOFTWARE "Coturn-" TURN_SERVER_VERSION " '" TURN_SERVER_VERSION_NAME "'"

+ 15 - 90
src/server/ns_turn_server.c
View File 

@@ -1047,7 +1047,6 @@ static int handle_turn_allocate(turn_turnserver *server,
 
 						transport = get_transport_value(value);
 
 						transport = get_transport_value(value);
 
 						if (!transport) {
 
 						if (!transport) {
 
 							*err_code = 442;
 
 							*err_code = 442;
 
-							*reason = (const u08bits *)"Unsupported Transport Protocol";
 
 						}
 
 						}
 
 						if((transport == STUN_ATTRIBUTE_TRANSPORT_TCP_VALUE) && *(server->no_tcp_relay)) {
 
 						if((transport == STUN_ATTRIBUTE_TRANSPORT_TCP_VALUE) && *(server->no_tcp_relay)) {
 
 							*err_code = 442;
 
 							*err_code = 442;
 
@@ -1159,7 +1158,6 @@ static int handle_turn_allocate(turn_turnserver *server,
 
 						break;
 
 						break;
 
 					default:
 
 					default:
 
 						*err_code = 440;
 
 						*err_code = 440;
 
-						*reason = (const u08bits *)"Unsupported address family requested";
 
 					}
 
 					}
 
 				}
 
 				}
 
 			}
 
 			}
 
@@ -1182,8 +1180,6 @@ static int handle_turn_allocate(turn_turnserver *server,
 
 		} else if (*ua_num > 0) {
 
 		} else if (*ua_num > 0) {
 
 
 
 		  *err_code = 420;
 
 		  *err_code = 420;
 
-		  if(!(*reason))
 
-		    *reason = (const u08bits *)"Unknown attribute";
 
 
 
 		} else if (*err_code) {
 
 		} else if (*err_code) {
 
 
 
@@ -1209,7 +1205,6 @@ static int handle_turn_allocate(turn_turnserver *server,
 
 			if(inc_quota(ss, username)<0) {
 
 			if(inc_quota(ss, username)<0) {
 
 
 
 				*err_code = 486;
 
 				*err_code = 486;
 
-				*reason = (const u08bits *)"Allocation Quota Reached";
 
 
 
 			} else {
 
 			} else {
 
 
 
@@ -1290,7 +1285,7 @@ static int handle_turn_allocate(turn_turnserver *server,
 
 							if(af4res<0) {
 
 							if(af4res<0) {
 
 								set_relay_session_failure(alloc,AF_INET);
 
 								set_relay_session_failure(alloc,AF_INET);
 
 								if(!err_code4) {
 
 								if(!err_code4) {
 
-									err_code4 = 437;
 
+									err_code4 = 440;
 
 								}
 
 								}
 
 							}
 
 							}
 
 						}
 
 						}
 
@@ -1303,7 +1298,7 @@ static int handle_turn_allocate(turn_turnserver *server,
 
 							if(af6res<0) {
 
 							if(af6res<0) {
 
 								set_relay_session_failure(alloc,AF_INET6);
 
 								set_relay_session_failure(alloc,AF_INET6);
 
 								if(!err_code6) {
 
 								if(!err_code6) {
 
-									err_code6 = 437;
 
+									err_code6 = 440;
 
 								}
 
 								}
 
 							}
 
 							}
 
 						}
 
 						}
 
@@ -1405,12 +1400,12 @@ static int handle_turn_allocate(turn_turnserver *server,
 
 	if(*resp_constructed && !(*err_code)) {
 
 	if(*resp_constructed && !(*err_code)) {
 
 		if(err_code4) {
 
 		if(err_code4) {
 
 			size_t len = ioa_network_buffer_get_size(nbh);
 
 			size_t len = ioa_network_buffer_get_size(nbh);
 
-			stun_attr_add_address_error_code(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV4, (u08bits)err_code4);
 
+			stun_attr_add_address_error_code(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV4, err_code4);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 		}
 
 		}
 
 		if(err_code6) {
 
 		if(err_code6) {
 
 			size_t len = ioa_network_buffer_get_size(nbh);
 
 			size_t len = ioa_network_buffer_get_size(nbh);
 
-			stun_attr_add_address_error_code(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV6, (u08bits)err_code6);
 
+			stun_attr_add_address_error_code(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV6, err_code6);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 		}
 
 		}
 
 	}
 
 	}
 
@@ -1519,8 +1514,8 @@ static int handle_turn_refresh(turn_turnserver *server,
 
 				}
 
 				}
 
 			}
 
 			}
 
 				break;
 
 				break;
 
-			case STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY: /* <<== ??? */
 
-			case STUN_ATTRIBUTE_ADDITIONAL_ADDRESS_FAMILY: {
 
+			case STUN_ATTRIBUTE_ADDITIONAL_ADDRESS_FAMILY: /* deprecated, for backward compatibility with older versions of TURN-bis */
 
+			case STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY: {
 
 				int af_req = stun_get_requested_address_family(sar);
 
 				int af_req = stun_get_requested_address_family(sar);
 
 				{
 
 				{
 
 					int is_err = 0;
 
 					int is_err = 0;
 
@@ -1561,7 +1556,6 @@ static int handle_turn_refresh(turn_turnserver *server,
 
 		if (*ua_num > 0) {
 
 		if (*ua_num > 0) {
 
 
 
 			*err_code = 420;
 
 			*err_code = 420;
 
-			*reason = (const u08bits *)"Unknown attribute";
 
 
 
 		} else if (*err_code) {
 
 		} else if (*err_code) {
 
 
 
@@ -1723,7 +1717,7 @@ static int handle_turn_refresh(turn_turnserver *server,
 
 										}
 
 										}
 
 
 
 										if(message_integrity) {
 
 										if(message_integrity) {
 
-											stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,server->shatype);
 
+											stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,SHATYPE_DEFAULT);
 
 											ioa_network_buffer_set_size(nbh,len);
 
 											ioa_network_buffer_set_size(nbh,len);
 
 										}
 
 										}
 
 
 
@@ -1980,14 +1974,13 @@ static void tcp_peer_connection_completed_callback(int success, void *arg)
 
 				addr_to_string(&(tc->peer_addr),(u08bits*)rs);
 
 				addr_to_string(&(tc->peer_addr),(u08bits*)rs);
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: failure to connect from %s to %s\n", __FUNCTION__, ls,rs);
 
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: failure to connect from %s to %s\n", __FUNCTION__, ls,rs);
 
 			}
 
 			}
 
-			const u08bits *reason = (const u08bits *)"Connection Timeout or Failure";
 
-			stun_init_error_response_str(STUN_METHOD_CONNECT, ioa_network_buffer_data(nbh), &len, err_code, reason, &(tc->tid));
 
+			stun_init_error_response_str(STUN_METHOD_CONNECT, ioa_network_buffer_data(nbh), &len, err_code, NULL, &(tc->tid));
 
 		}
 
 		}
 
 
 
 		ioa_network_buffer_set_size(nbh,len);
 
 		ioa_network_buffer_set_size(nbh,len);
 
 
 
 		if(need_stun_authentication(server, ss)) {
 
 		if(need_stun_authentication(server, ss)) {
 
-			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,server->shatype);
 
+			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,SHATYPE_DEFAULT);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 		}
 
 		}
 
 
 
@@ -2051,7 +2044,6 @@ static int tcp_start_connection_to_peer(turn_turnserver *server, ts_ur_super_ses
 
 	tcp_connection *tc = get_tcp_connection_by_peer(a, peer_addr);
 
 	tcp_connection *tc = get_tcp_connection_by_peer(a, peer_addr);
 
 	if(tc) {
 
 	if(tc) {
 
 		*err_code = 446;
 
 		*err_code = 446;
 
-		*reason = (const u08bits *)"Connection Already Exists";
 
 		FUNCEND;
 
 		FUNCEND;
 
 		return -1;
 
 		return -1;
 
 	}
 
 	}
 
@@ -2219,7 +2211,6 @@ static int handle_turn_connect(turn_turnserver *server,
 
 		*reason = (const u08bits *)"Connect cannot be used with UDP relay";
 
 		*reason = (const u08bits *)"Connect cannot be used with UDP relay";
 
 	} else if (!is_allocation_valid(a)) {
 
 	} else if (!is_allocation_valid(a)) {
 
 		*err_code = 437;
 
 		*err_code = 437;
 
-		*reason = (const u08bits *)"Allocation mismatch";
 
 	} else {
 
 	} else {
 
 
 
 		stun_attr_ref sar = stun_attr_get_first_str(ioa_network_buffer_data(in_buffer->nbh),
 
 		stun_attr_ref sar = stun_attr_get_first_str(ioa_network_buffer_data(in_buffer->nbh),
 
@@ -2258,7 +2249,6 @@ static int handle_turn_connect(turn_turnserver *server,
 
 		if (*ua_num > 0) {
 
 		if (*ua_num > 0) {
 
 
 
 			*err_code = 420;
 
 			*err_code = 420;
 
-			*reason = (const u08bits *)"Unknown attribute";
 
 
 
 		} else if (*err_code) {
 
 		} else if (*err_code) {
 
 
 
@@ -2296,7 +2286,6 @@ static int handle_turn_connection_bind(turn_turnserver *server,
 
 	if(ss->to_be_closed) {
 
 	if(ss->to_be_closed) {
 
 
 
 		*err_code = 400;
 
 		*err_code = 400;
 
-		*reason = (const u08bits *)"Bad request";
 
 
 
 	} else if (is_allocation_valid(a)) {
 
 	} else if (is_allocation_valid(a)) {
 
 
 
@@ -2343,7 +2332,6 @@ static int handle_turn_connection_bind(turn_turnserver *server,
 
 		if (*ua_num > 0) {
 
 		if (*ua_num > 0) {
 
 
 
 			*err_code = 420;
 
 			*err_code = 420;
 
-			*reason = (const u08bits *)"Unknown attribute";
 
 
 
 		} else if (*err_code) {
 
 		} else if (*err_code) {
 
 
 
@@ -2474,7 +2462,7 @@ int turnserver_accept_tcp_client_data_connection(turn_turnserver *server, tcp_co
 
 
 
 		if(message_integrity && ss) {
 
 		if(message_integrity && ss) {
 
 			size_t len = ioa_network_buffer_get_size(nbh);
 
 			size_t len = ioa_network_buffer_get_size(nbh);
 
-			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,server->shatype);
 
+			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,SHATYPE_DEFAULT);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 		}
 
 		}
 
 
 
@@ -2584,7 +2572,6 @@ static int handle_turn_channel_bind(turn_turnserver *server,
 
 		if (*ua_num > 0) {
 
 		if (*ua_num > 0) {
 
 
 
 			*err_code = 420;
 
 			*err_code = 420;
 
-			*reason = (const u08bits *)"Unknown attribute";
 
 
 
 		} else if (*err_code) {
 
 		} else if (*err_code) {
 
 
 
@@ -2798,7 +2785,6 @@ static int handle_turn_binding(turn_turnserver *server,
 
 	if (*ua_num > 0) {
 
 	if (*ua_num > 0) {
 
 
 
 		*err_code = 420;
 
 		*err_code = 420;
 
-		*reason = (const u08bits *)"Unknown attribute";
 
 
 
 	} else if (*err_code) {
 
 	} else if (*err_code) {
 
 
 
@@ -3286,7 +3272,6 @@ static int check_stun_auth(turn_turnserver *server,
 
 
 
 	if(!sar) {
 
 	if(!sar) {
 
 		*err_code = 401;
 
 		*err_code = 401;
 
-		*reason = (const u08bits*)"Unauthorised";
 
 		return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
 		return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
 	}
 
 	}
 
 
 
@@ -3295,49 +3280,10 @@ static int check_stun_auth(turn_turnserver *server,
 
 
 
 		switch(sarlen) {
 
 		switch(sarlen) {
 
 		case SHA1SIZEBYTES:
 
 		case SHA1SIZEBYTES:
 
-			if(server->shatype > SHATYPE_SHA1) {
 
-				*err_code = SHA_TOO_WEAK_ERROR_CODE;
 
-				*reason = SHA_TOO_WEAK_ERROR_REASON;
 
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
-			}
 
-			if(server->shatype != SHATYPE_SHA1) {
 
-				*err_code = 401;
 
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
-			}
 
 			break;
 
 			break;
 
 		case SHA256SIZEBYTES:
 
 		case SHA256SIZEBYTES:
 
-			if(server->shatype > SHATYPE_SHA256) {
 
-				*err_code = SHA_TOO_WEAK_ERROR_CODE;
 
-				*reason = SHA_TOO_WEAK_ERROR_REASON;
 
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
-			}
 
-			if(server->shatype != SHATYPE_SHA256) {
 
-				*err_code = 401;
 
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
-			}
 
-			break;
 
 		case SHA384SIZEBYTES:
 
 		case SHA384SIZEBYTES:
 
-			if(server->shatype > SHATYPE_SHA384) {
 
-				*err_code = SHA_TOO_WEAK_ERROR_CODE;
 
-				*reason = SHA_TOO_WEAK_ERROR_REASON;
 
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
-			}
 
-			if(server->shatype != SHATYPE_SHA384) {
 
-				*err_code = 401;
 
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
-			}
 
-			break;
 
 		case SHA512SIZEBYTES:
 
 		case SHA512SIZEBYTES:
 
-			if(server->shatype > SHATYPE_SHA512) {
 
-				*err_code = SHA_TOO_WEAK_ERROR_CODE;
 
-				*reason = SHA_TOO_WEAK_ERROR_REASON;
 
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
-			}
 
-			if(server->shatype != SHATYPE_SHA512) {
 
-				*err_code = 401;
 
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
-			}
 
-			break;
 
 		default:
 
 		default:
 
 			*err_code = 401;
 
 			*err_code = 401;
 
 			return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
 			return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
@@ -3354,7 +3300,6 @@ static int check_stun_auth(turn_turnserver *server,
 
 
 
 		if(!sar) {
 
 		if(!sar) {
 
 			*err_code = 400;
 
 			*err_code = 400;
 
-			*reason = (const u08bits*)"Bad request";
 
 			return -1;
 
 			return -1;
 
 		}
 
 		}
 
 
 
@@ -3386,7 +3331,6 @@ static int check_stun_auth(turn_turnserver *server,
 
 
 
 	if(!sar) {
 
 	if(!sar) {
 
 		*err_code = 400;
 
 		*err_code = 400;
 
-		*reason = (const u08bits*)"Bad request";
 
 		return -1;
 
 		return -1;
 
 	}
 
 	}
 
 
 
@@ -3405,7 +3349,6 @@ static int check_stun_auth(turn_turnserver *server,
 
 					*reason = (const u08bits*)"Allocation mismatch: wrong credentials";
 
 					*reason = (const u08bits*)"Allocation mismatch: wrong credentials";
 
 				} else {
 
 				} else {
 
 					*err_code = 441;
 
 					*err_code = 441;
 
-					*reason = (const u08bits*)"Wrong credentials";
 
 				}
 
 				}
 
 				return -1;
 
 				return -1;
 
 			}
 
 			}
 
@@ -3424,7 +3367,6 @@ static int check_stun_auth(turn_turnserver *server,
 
 
 
 		if(!sar) {
 
 		if(!sar) {
 
 			*err_code = 400;
 
 			*err_code = 400;
 
-			*reason = (const u08bits*)"Bad request";
 
 			return -1;
 
 			return -1;
 
 		}
 
 		}
 
 
 
@@ -3456,33 +3398,19 @@ static int check_stun_auth(turn_turnserver *server,
 
 			}
 
 			}
 
 		}
 
 		}
 
 
 
-		/* direct user pattern is supported only for long-term credentials */
 
 		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,
 
 		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,
 
 				"%s: Cannot find credentials of user <%s>\n",
 
 				"%s: Cannot find credentials of user <%s>\n",
 
 				__FUNCTION__, (char*)usname);
 
 				__FUNCTION__, (char*)usname);
 
 		*err_code = 401;
 
 		*err_code = 401;
 
-		*reason = (const u08bits*)"Unauthorised";
 
 		return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
 		return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
 	}
 
 	}
 
 
 
 	/* Check integrity */
 
 	/* Check integrity */
 
-	int too_weak = 0;
 
 	if(stun_check_message_integrity_by_key_str(server->ct,ioa_network_buffer_data(in_buffer->nbh),
 
 	if(stun_check_message_integrity_by_key_str(server->ct,ioa_network_buffer_data(in_buffer->nbh),
 
 					  ioa_network_buffer_get_size(in_buffer->nbh),
 
 					  ioa_network_buffer_get_size(in_buffer->nbh),
 
 					  ss->hmackey,
 
 					  ss->hmackey,
 
 					  ss->pwd,
 
 					  ss->pwd,
 
-					  server->shatype,
 
-					  &too_weak)<1) {
 
-
 
-		if(too_weak) {
 
-					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,
 
-							"%s: user %s credentials are incorrect: SHA function is too weak\n",
 
-									__FUNCTION__, (char*)usname);
 
-					*err_code = SHA_TOO_WEAK_ERROR_CODE;
 
-					*reason = SHA_TOO_WEAK_ERROR_REASON;
 
-					*reason = (const u08bits*)"Unauthorised: weak SHA function is used";
 
-					return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
-		}
 
+					  SHATYPE_DEFAULT)<1) {
 
 
 
 		if(can_resume) {
 
 		if(can_resume) {
 
 			(server->userkeycb)(server->id, server->ct, server->oauth, &(ss->oauth), usname, realm, resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
 
 			(server->userkeycb)(server->id, server->ct, server->oauth, &(ss->oauth), usname, realm, resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
 
@@ -3495,7 +3423,6 @@ static int check_stun_auth(turn_turnserver *server,
 
 				"%s: user %s credentials are incorrect\n",
 
 				"%s: user %s credentials are incorrect\n",
 
 				__FUNCTION__, (char*)usname);
 
 				__FUNCTION__, (char*)usname);
 
 		*err_code = 401;
 
 		*err_code = 401;
 
-		*reason = (const u08bits*)"Unauthorised";
 
 		return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
 		return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 
 	}
 
 	}
 
 
 
@@ -3528,7 +3455,6 @@ static void set_alternate_server(turn_server_addrs_list_t *asl, const ioa_addr *
 
 			if(addr->ss.sa_family == local_addr->ss.sa_family) {
 
 			if(addr->ss.sa_family == local_addr->ss.sa_family) {
 
 
 
 				*err_code = 300;
 
 				*err_code = 300;
 
-				*reason = (const u08bits *)"Redirect";
 
 
 
 				size_t len = ioa_network_buffer_get_size(nbh);
 
 				size_t len = ioa_network_buffer_get_size(nbh);
 
 				stun_init_error_response_str(method, ioa_network_buffer_data(nbh), &len, *err_code, *reason, tid);
 
 				stun_init_error_response_str(method, ioa_network_buffer_data(nbh), &len, *err_code, *reason, tid);
 
@@ -3930,7 +3856,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
 
 
 
 		if(message_integrity) {
 
 		if(message_integrity) {
 
 			size_t len = ioa_network_buffer_get_size(nbh);
 
 			size_t len = ioa_network_buffer_get_size(nbh);
 
-			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,server->shatype);
 
+			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,SHATYPE_DEFAULT);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 			ioa_network_buffer_set_size(nbh,len);
 
 		}
 
 		}
 
 
 
@@ -4329,7 +4255,7 @@ static int create_relay_connection(turn_turnserver* server,
 
 				ioa_socket_tobeclosed(s)) {
 
 				ioa_socket_tobeclosed(s)) {
 
 
 
 				IOA_CLOSE_SOCKET(s);
 
 				IOA_CLOSE_SOCKET(s);
 
-				*err_code = 508;
 
+				*err_code = 404;
 
 				*reason = (const u08bits *)"Cannot find reserved socket";
 
 				*reason = (const u08bits *)"Cannot find reserved socket";
 
 				return -1;
 
 				return -1;
 
 			}
 
 			}
 
@@ -4389,7 +4315,7 @@ static int create_relay_connection(turn_turnserver* server,
 
 			} else {
 
 			} else {
 
 				IOA_CLOSE_SOCKET(newelem->s);
 
 				IOA_CLOSE_SOCKET(newelem->s);
 
 				IOA_CLOSE_SOCKET(rtcp_s);
 
 				IOA_CLOSE_SOCKET(rtcp_s);
 
-				*err_code = 508;
 
+				*err_code = 500;
 
 				*reason = (const u08bits *)"Wrong reservation tokens (internal error)";
 
 				*reason = (const u08bits *)"Wrong reservation tokens (internal error)";
 
 				return -1;
 
 				return -1;
 
 			}
 
 			}
 
@@ -4863,7 +4789,7 @@ void init_turn_server(turn_turnserver* server,
 
 		vintp no_multicast_peers, vintp no_loopback_peers,
 
 		vintp no_multicast_peers, vintp no_loopback_peers,
 
 		ip_range_list_t* ip_whitelist, ip_range_list_t* ip_blacklist,
 
 		ip_range_list_t* ip_whitelist, ip_range_list_t* ip_blacklist,
 
 		send_socket_to_relay_cb send_socket_to_relay,
 
 		send_socket_to_relay_cb send_socket_to_relay,
 
-		vintp secure_stun, SHATYPE shatype, vintp mobility, int server_relay,
 
+		vintp secure_stun, vintp mobility, int server_relay,
 
 		send_turn_session_info_cb send_turn_session_info,
 
 		send_turn_session_info_cb send_turn_session_info,
 
 		send_https_socket_cb send_https_socket,
 
 		send_https_socket_cb send_https_socket,
 
 		allocate_bps_cb allocate_bps_func,
 
 		allocate_bps_cb allocate_bps_func,
 
@@ -4887,7 +4813,6 @@ void init_turn_server(turn_turnserver* server,
 
 	server->no_multicast_peers = no_multicast_peers;
 
 	server->no_multicast_peers = no_multicast_peers;
 
 	server->no_loopback_peers = no_loopback_peers;
 
 	server->no_loopback_peers = no_loopback_peers;
 
 	server->secure_stun = secure_stun;
 
 	server->secure_stun = secure_stun;
 
-	server->shatype = shatype;
 
 	server->mobility = mobility;
 
 	server->mobility = mobility;
 
 	server->server_relay = server_relay;
 
 	server->server_relay = server_relay;
 
 	server->send_turn_session_info = send_turn_session_info;
 
 	server->send_turn_session_info = send_turn_session_info;

+ 0 - 2
src/server/ns_turn_server.h
View File 

@@ -118,7 +118,6 @@ struct _turn_turnserver {
 
 	vintp stun_only;
 
 	vintp stun_only;
 
 	vintp no_stun;
 
 	vintp no_stun;
 
 	vintp secure_stun;
 
 	vintp secure_stun;
 
-	SHATYPE shatype;
 
 	turn_credential_type ct;
 
 	turn_credential_type ct;
 
 	get_alt_addr_cb alt_addr_cb;
 
 	get_alt_addr_cb alt_addr_cb;
 
 	send_message_cb sm_cb;
 
 	send_message_cb sm_cb;
 
@@ -197,7 +196,6 @@ void init_turn_server(turn_turnserver* server,
 
 				    ip_range_list_t* ip_blacklist,
 
 				    ip_range_list_t* ip_blacklist,
 
 				    send_socket_to_relay_cb send_socket_to_relay,
 
 				    send_socket_to_relay_cb send_socket_to_relay,
 
 				    vintp secure_stun,
 
 				    vintp secure_stun,
 
-				    SHATYPE shatype,
 
 				    vintp mobility,
 
 				    vintp mobility,
 
 				    int server_relay,
 
 				    int server_relay,
 
 				    send_turn_session_info_cb send_turn_session_info,
 
 				    send_turn_session_info_cb send_turn_session_info,

+ 1 - 5
turndb/schema.sql
View File 

@@ -39,14 +39,10 @@ CREATE TABLE turn_realm_option (
 
 
 
 CREATE TABLE oauth_key (
 
 CREATE TABLE oauth_key (
 
 	kid varchar(128),
 
 	kid varchar(128),
 
-	ikm_key varchar(256) default '',
 
+	ikm_key varchar(256),
 
 	timestamp bigint default 0,
 
 	timestamp bigint default 0,
 
 	lifetime integer default 0,
 
 	lifetime integer default 0,
 
-	hkdf_hash_func varchar(64) default '',
 
 	as_rs_alg varchar(64) default '',
 
 	as_rs_alg varchar(64) default '',
 
-	as_rs_key varchar(256) default '',
 
-	auth_alg varchar(64) default '',
 
-	auth_key varchar(256) default '',
 
 	primary key (kid)
 
 	primary key (kid)
 
 );
 
 );

+ 8 - 29
turndb/schema.userdb.redis
View File 

@@ -34,39 +34,18 @@ and they will be almost immediately "seen" by the turnserver process.
 
 4) For the oAuth authentication, there is a hash structure with the key 
 4) For the oAuth authentication, there is a hash structure with the key 
 "turn/oauth/kid/<kid-value>". The kid structure fields are:
 
 "turn/oauth/kid/<kid-value>". The kid structure fields are:
 
  
  
-	ikm_key - (optional) base64-encoded key ("input keying material");
 
-		The ikm_key is not needed if the as_rs_key and auth_key are defined
 
-		explicitly in the database;
 
+	ikm_key - (optional) base64-encoded key ("input keying material").
 
 		
 		
 	timestamp - (optional) the timestamp (in seconds) when the key 
 	timestamp - (optional) the timestamp (in seconds) when the key 
-		lifetime started;
 
+		lifetime started.
 
 	
 	
 	lifetime - (optional) the key lifetime in seconds; the default value 
 	lifetime - (optional) the key lifetime in seconds; the default value 
 		is 0 - unlimited lifetime.
 
 		is 0 - unlimited lifetime.
 
-	
-	hkdf_hash_func - (optional) hash function for HKDF procedure; the 
-		valid values are SHA-1, SHA-256, SHA-384 and SHA-512,
 
-		with SHA-256 as default. The hkdf_hash_func is not needed
 
-		if the as_rs_key and auth_key are defined explicitly
 
-		in the database;
 
 		
 		
 	as_rs_alg - oAuth token encryption algorithm; the valid values are
 
 	as_rs_alg - oAuth token encryption algorithm; the valid values are
 
-		"AES-128-CBC" and "AES-256-CBC", , "AEAD-AES-128-GCM",
 
-		"AEAD-AES-256-GCM".
 
-		The default value is "AES-256-CBC";
 
-		
-	as_rs_key - (optional) base64-encoded AS-RS key. If not defined, then 
-		calculated with ikm_key and hkdf_hash_func. The as_rs_key length 
-		is defined by as_rs_alg.
 
-		
-	auth_alg - (optional) oAuth token authentication algorithm; the valid values are
 
-		"HMAC-SHA-256-128", "HMAC-SHA-256", "HMAC-SHA-384",
 
-		"HMAC-SHA-512" and "HMAC-SHA-1".		  
-		The default value is "HMAC-SHA-256-128".
 
-		
-	auth_key - (optional) base64-encoded AUTH key. If not defined, then 
-		calculated with ikm_key and hkdf_hash_func. The auth_key length 
-		is defined by auth_alg.
 
+		"A256GCM", "A128GCM" (see 
+		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.1).
 
+		The default value is "A256GCM".
 
 		
 		
 5) admin users (over https interface) are maintained as keys of form:
 
 5) admin users (over https interface) are maintained as keys of form:
 
 "turn/admin_user/<username> with hash members "password" and,
 
 "turn/admin_user/<username> with hash members "password" and,
 
@@ -102,7 +81,8 @@ This example sets user database for:
 
   * The realm performance parameters: "max_bps", 
   * The realm performance parameters: "max_bps", 
   	"total_quota" and "user_quota" (same names as the turnserver 
   	"total_quota" and "user_quota" (same names as the turnserver 
   	configuration options, with the same meanings).
 
   	configuration options, with the same meanings).
 
-  * The oAuth data for the key with kid "north" and key value "carleon".
 
+  * The oAuth data for the key with kid "oldempire" and key value
 
+  "12345678901234567890123456789012".
 
   * The admin user 'skarling', realm 'north.gov', with password 'hoodless';
 
   * The admin user 'skarling', realm 'north.gov', with password 'hoodless';
 
   * The global admin user 'bayaz' with password 'magi';  
   * The global admin user 'bayaz' with password 'magi';  
   
   
@@ -137,8 +117,7 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
 
 sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
 
 sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
 
 sadd turn/realm/crinna.org/denied-peer-ip "123::77"
 
 sadd turn/realm/crinna.org/denied-peer-ip "123::77"
 
 
 
-hmset turn/oauth/kid/north ikm_key 'Y2FybGVvbg==' hkdf_hash_func 'SHA-256' as_rs_alg 'AES-128-CBC' auth_alg 'HMAC-SHA-256-128'
 
-hmset turn/oauth/kid/oldempire ikm_key 'YXVsY3Vz' hkdf_hash_func 'SHA-256' as_rs_alg 'AEAD-AES-256-GCM'
 
+hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCM'
 
 
 
 hmset turn/admin_user/skarling realm 'north.gov' password 'hoodless'
 
 hmset turn/admin_user/skarling realm 'north.gov' password 'hoodless'
 
 hmset turn/admin_user/bayaz password 'magi'
 
 hmset turn/admin_user/bayaz password 'magi'

+ 6 - 14
turndb/testmongosetup.sh
View File 

@@ -55,22 +55,14 @@ db.realm.insert({
 
 });
 
 });
 
 
 
 db.oauth_key.insert({ kid: 'north', 
 db.oauth_key.insert({ kid: 'north', 
-					ikm_key: 'Y2FybGVvbg==', 
-					hkdf_hash_func: 'SHA-256', 
-					as_rs_alg: 'AES-256-CBC', 
-					auth_alg: 'HMAC-SHA-256-128' });
 
-
 
+					ikm_key: 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK', 
+					as_rs_alg: 'A256GCM'});
 
 db.oauth_key.insert({ kid: 'union', 
 db.oauth_key.insert({ kid: 'union', 
-					ikm_key: 'aGVyb2Q=', 
-					hkdf_hash_func: 'SHA-256', 
-					as_rs_alg: 'AES-256-CBC', 
-					auth_alg: 'HMAC-SHA-512' });
 
-					
+					ikm_key: 'MTIzNDU2Nzg5MDEyMzQ1Ngo=', 
+					as_rs_alg: 'A128GCM'});
 
 db.oauth_key.insert({ kid: 'oldempire', 
 db.oauth_key.insert({ kid: 'oldempire', 
-					ikm_key: 'YXVsY3Vz', 
-					hkdf_hash_func: 'SHA-256', 
-					as_rs_alg: 'AEAD-AES-256-GCM', 
-					auth_alg: '' });
 
+					ikm_key: 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK', 
+					as_rs_alg: 'A256GCM'});
 
 
 
 exit
 
 exit

+ 3 - 3
turndb/testredisdbsetup.sh
View File 

@@ -38,9 +38,9 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
 
 sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
 
 sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
 
 sadd turn/realm/crinna.org/denied-peer-ip "123::77"
 
 sadd turn/realm/crinna.org/denied-peer-ip "123::77"
 
 
 
-hmset turn/oauth/kid/north ikm_key 'Y2FybGVvbg==' hkdf_hash_func 'SHA-256' as_rs_alg 'AES-256-CBC' auth_alg 'HMAC-SHA-256-128'
 
-hmset turn/oauth/kid/union ikm_key 'aGVyb2Q=' hkdf_hash_func 'SHA-256' as_rs_alg 'AES-256-CBC' auth_alg 'HMAC-SHA-512'
 
-hmset turn/oauth/kid/oldempire ikm_key 'YXVsY3Vz' hkdf_hash_func 'SHA-256' as_rs_alg 'AEAD-AES-256-GCM'
 
+hmset turn/oauth/kid/north ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK' as_rs_alg 'A256GCM'
 
+hmset turn/oauth/kid/union ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Ngo=' as_rs_alg 'A128GCM'
 
+hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCM'
 
 
 
 hmset turn/admin_user/skarling realm 'north.gov' password '\$5\$6fc35c3b0c7d4633\$27fca7574f9b79d0cb93ae03e45379470cbbdfcacdd6401f97ebc620f31f54f2'
 
 hmset turn/admin_user/skarling realm 'north.gov' password '\$5\$6fc35c3b0c7d4633\$27fca7574f9b79d0cb93ae03e45379470cbbdfcacdd6401f97ebc620f31f54f2'
 
 hmset turn/admin_user/bayaz password '\$5\$e018513e9de69e73\$5cbdd2e29e04ca46aeb022268a7460d3a3468de193dcb2b95f064901769f455f'
 
 hmset turn/admin_user/bayaz password '\$5\$e018513e9de69e73\$5cbdd2e29e04ca46aeb022268a7460d3a3468de193dcb2b95f064901769f455f'

+ 3 - 3
turndb/testsqldbsetup.sql
View File 

@@ -31,6 +31,6 @@ insert into denied_peer_ip (ip_range) values('123::45');
 
 insert into denied_peer_ip (realm,ip_range) values('north.gov','172.17.17.133-172.17.19.56');
 
 insert into denied_peer_ip (realm,ip_range) values('north.gov','172.17.17.133-172.17.19.56');
 
 insert into denied_peer_ip (realm,ip_range) values('crinna.org','123::77');
 
 insert into denied_peer_ip (realm,ip_range) values('crinna.org','123::77');
 
 
 
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key) values('north','Y2FybGVvbg==',0,0,'SHA-256','AES-256-CBC','','HMAC-SHA-256-128','');
 
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key) values('union','aGVyb2Q=',0,0,'SHA-256','AES-256-CBC','','HMAC-SHA-512','');
 
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key) values('oldempire','YXVsY3Vz',0,0,'SHA-256','AEAD-AES-256-GCM','','','');
 
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('north','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',0,0,'A256GCM');
 
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('union','MTIzNDU2Nzg5MDEyMzQ1Ngo=',0,0,'A128GCM');
 
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('oldempire','MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK',0,0,'A256GCM');