working on oauth

INSTALL

@@ -760,9 +760,9 @@ The oauth_key table fields meanings are:
 		is 0 - unlimited lifetime.
 		
 	as_rs_alg - oAuth token encryption algorithm; the valid values are
-		"A256GCMKW", "A128GCMKW" (see 
-		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1).
-		The default value is "A256GCMKW";
+		"A256GCM", "A128GCM" (see 
+		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.1).
+		The default value is "A256GCM";
 
 # Https access admin users.
 # Leave this table empty if you do not want 

src/apps/relay/turn_admin_server.c

@@ -2973,23 +2973,23 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
 					str_buffer_append(sb,"<br>Token encryption algorithm (required):<br>\r\n");
 
 					if(!add_tea || !add_tea[0])
-						add_tea = "A256GCMKW";
+						add_tea = "A256GCM";
 
 					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
-					str_buffer_append(sb,"\" value=\"A128GCMKW\" ");
-					if(!strcmp("A128GCMKW",add_tea)) {
+					str_buffer_append(sb,"\" value=\"A128GCM\" ");
+					if(!strcmp("A128GCM",add_tea)) {
 						str_buffer_append(sb," checked ");
 					}
-					str_buffer_append(sb,">A128GCMKW\r\n<br>\r\n");
+					str_buffer_append(sb,">A128GCM\r\n<br>\r\n");
 
 					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
-					str_buffer_append(sb,"\" value=\"A256GCMKW\" ");
-					if(!strcmp("A256GCMKW",add_tea)) {
+					str_buffer_append(sb,"\" value=\"A256GCM\" ");
+					if(!strcmp("A256GCM",add_tea)) {
 						str_buffer_append(sb," checked ");
 					}
-					str_buffer_append(sb,">A256GCMKW\r\n<br>\r\n");
+					str_buffer_append(sb,">A256GCM\r\n<br>\r\n");
 				}
 
 				str_buffer_append(sb,"</td></tr>\r\n</table>\r\n");

src/apps/rfc5769/rfc5769check.c

@@ -43,7 +43,7 @@
 
 static const char* encs[]={
 #if !defined(TURN_NO_GCM)
-		"A128GCMKW", "A256GCMKW",
+		"A128GCM", "A256GCM",
 #endif
 		NULL};
 

src/apps/uclient/mainuclient.c

@@ -102,9 +102,9 @@ int oauth = 0;
 oauth_key okey_array[3];
 
 static oauth_key_data_raw okdr_array[3] = {
-		{"north","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK",0,0,"A256GCMKW"},
-		{"union","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK",0,0,"A128GCMKW"},
-		{"oldempire","MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK",0,0,"A256GCMKW"}
+		{"north","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK",0,0,"A256GCM"},
+		{"union","MTIzNDU2Nzg5MDEyMzQ1Ngo=",0,0,"A128GCM"},
+		{"oldempire","MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK",0,0,"A256GCM"}
 };
 
 //////////////// local definitions /////////////////

src/client/ns_turn_msg.c

@@ -2002,7 +2002,7 @@ static void normalize_algorithm(char *s)
 static size_t calculate_enc_key_length(ENC_ALG a)
 {
 	switch(a) {
-	case A128GCMKW:
+	case A128GCM:
 		return 16;
 	default:
 		break;
@@ -2015,8 +2015,8 @@ static size_t calculate_auth_key_length(ENC_ALG a)
 {
 	switch(a) {
 #if !defined(TURN_NO_GCM)
-	case A256GCMKW:
-	case A128GCMKW:
+	case A256GCM:
+	case A128GCM:
 		return 0;
 #endif
 	default:
@@ -2079,12 +2079,12 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
 
 		key->as_rs_alg = ENC_ALG_DEFAULT;
 #if !defined(TURN_NO_GCM)
-		if(!strcmp(oakd->as_rs_alg,"A128GCMKW")) {
-			key->as_rs_alg = A128GCMKW;
+		if(!strcmp(oakd->as_rs_alg,"A128GCM")) {
+			key->as_rs_alg = A128GCM;
 			key->auth_key_size = 0;
 			key->auth_key[0] = 0;
-		} else if(!strcmp(oakd->as_rs_alg,"A256GCMKW")) {
-			key->as_rs_alg = A256GCMKW;
+		} else if(!strcmp(oakd->as_rs_alg,"A256GCM")) {
+			key->as_rs_alg = A256GCM;
 			key->auth_key_size = 0;
 			key->auth_key[0] = 0;
 		} else if(oakd->as_rs_alg[0])
@@ -2117,9 +2117,9 @@ static const EVP_CIPHER *get_cipher_type(ENC_ALG enc_alg)
 {
 	switch(enc_alg) {
 #if !defined(TURN_NO_GCM)
-	case A128GCMKW:
+	case A128GCM:
 		return EVP_aes_128_gcm();
-	case A256GCMKW:
+	case A256GCM:
 		return EVP_aes_256_gcm();
 #endif
 	default:
@@ -2546,8 +2546,8 @@ int encode_oauth_token(const u08bits *server_name, encoded_oauth_token *etoken,
 	if(server_name && etoken && key && dtoken) {
 		switch(key->as_rs_alg) {
 #if !defined(TURN_NO_GCM)
-		case A256GCMKW:
-		case A128GCMKW:
+		case A256GCM:
+		case A128GCM:
 			return encode_oauth_token_aead(server_name, etoken,key,dtoken,nonce);
 #endif
 		default:
@@ -2563,8 +2563,8 @@ int decode_oauth_token(const u08bits *server_name, const encoded_oauth_token *et
 	if(server_name && etoken && key && dtoken) {
 		switch(key->as_rs_alg) {
 #if !defined(TURN_NO_GCM)
-		case A256GCMKW:
-		case A128GCMKW:
+		case A256GCM:
+		case A128GCM:
 			return decode_oauth_token_aead(server_name, etoken,key,dtoken);
 #endif
 		default:

src/client/ns_turn_msg_defs_new.h

@@ -74,8 +74,8 @@ enum _ENC_ALG {
 	ENC_ALG_ERROR=-1,
 	ENC_ALG_DEFAULT=0,
 #if !defined(TURN_NO_GCM)
-	A256GCMKW=ENC_ALG_DEFAULT,
-	A128GCMKW,
+	A256GCM=ENC_ALG_DEFAULT,
+	A128GCM,
 #endif
 	ENG_ALG_NUM
 };

turndb/schema.userdb.redis

@@ -43,9 +43,9 @@ and they will be almost immediately "seen" by the turnserver process.
 		is 0 - unlimited lifetime.
 		
 	as_rs_alg - oAuth token encryption algorithm; the valid values are
-		"A256GCMKW", "A128GCMKW" (see 
-		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1).
-		The default value is "A256GCMKW".
+		"A256GCM", "A128GCM" (see 
+		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.1).
+		The default value is "A256GCM".
 		
 5) admin users (over https interface) are maintained as keys of form:
 "turn/admin_user/<username> with hash members "password" and,
@@ -117,7 +117,7 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
 sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
 sadd turn/realm/crinna.org/denied-peer-ip "123::77"
 
-hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCMKW'
+hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCM'
 
 hmset turn/admin_user/skarling realm 'north.gov' password 'hoodless'
 hmset turn/admin_user/bayaz password 'magi'

turndb/testmongosetup.sh

@@ -56,13 +56,13 @@ db.realm.insert({
 
 db.oauth_key.insert({ kid: 'north', 
 					ikm_key: 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK', 
-					as_rs_alg: 'A256GCMKW'});
+					as_rs_alg: 'A256GCM'});
 db.oauth_key.insert({ kid: 'union', 
-					ikm_key: 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK', 
-					as_rs_alg: 'A128GCMKW'});
+					ikm_key: 'MTIzNDU2Nzg5MDEyMzQ1Ngo=', 
+					as_rs_alg: 'A128GCM'});
 db.oauth_key.insert({ kid: 'oldempire', 
 					ikm_key: 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK', 
-					as_rs_alg: 'A256GCMKW'});
+					as_rs_alg: 'A256GCM'});
 
 exit
 

turndb/testredisdbsetup.sh

@@ -38,9 +38,9 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
 sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
 sadd turn/realm/crinna.org/denied-peer-ip "123::77"
 
-hmset turn/oauth/kid/north ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK' as_rs_alg 'A256GCMKW'
-hmset turn/oauth/kid/union ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK' as_rs_alg 'A128GCMKW'
-hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCMKW'
+hmset turn/oauth/kid/north ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK' as_rs_alg 'A256GCM'
+hmset turn/oauth/kid/union ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Ngo=' as_rs_alg 'A128GCM'
+hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCM'
 
 hmset turn/admin_user/skarling realm 'north.gov' password '\$5\$6fc35c3b0c7d4633\$27fca7574f9b79d0cb93ae03e45379470cbbdfcacdd6401f97ebc620f31f54f2'
 hmset turn/admin_user/bayaz password '\$5\$e018513e9de69e73\$5cbdd2e29e04ca46aeb022268a7460d3a3468de193dcb2b95f064901769f455f'

turndb/testsqldbsetup.sql

@@ -31,6 +31,6 @@ insert into denied_peer_ip (ip_range) values('123::45');
 insert into denied_peer_ip (realm,ip_range) values('north.gov','172.17.17.133-172.17.19.56');
 insert into denied_peer_ip (realm,ip_range) values('crinna.org','123::77');
 
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('north','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',0,0,'A256GCMKW');
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('union','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK',0,0,'A128GCMKW');
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('oldempire','MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK',0,0,'A256GCMKW');
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('north','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',0,0,'A256GCM');
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('union','MTIzNDU2Nzg5MDEyMzQ1Ngo=',0,0,'A128GCM');
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('oldempire','MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK',0,0,'A256GCM');