retiring --sha256, etc
This commit is contained in:
mom040267
parent
4424b3c92a
commit
676843bf09
19
INSTALL
19
INSTALL
@ -470,7 +470,7 @@ libevent2 from their web site. It was tested with older *NIXes
|
||||
|
||||
NOTE: SQLite must be of version 3.x.
|
||||
|
||||
NOTE: For extra security features (DTLS and SHA256 and and SHA384 and SHA512)
|
||||
NOTE: For extra security features (like DTLS)
|
||||
support, OpenSSL version 1.0.0a or newer is recommended. Older versions do
|
||||
not support DTLS, reliably, in some cases. For example, the Debian 'Squeeze'
|
||||
Linux supplies 0.9.8 version of OpenSSL, that does not work correctly with
|
||||
@ -683,10 +683,7 @@ security reasons. Storing only the HMAC key has its own implications -
|
||||
if you change the realm, you will have to update the HMAC keys of all
|
||||
users, because the realm is used for the HMAC key generation.
|
||||
|
||||
The key must be up to 32 characters (HEX representation of 16 bytes) for SHA1,
|
||||
or up to 64 characters (HEX representation of 32 bytes) for SHA256,
|
||||
or up to 96 characters (HEX representation of 48 bytes) for SHA384,
|
||||
or up to 128 characters (HEX representation of 64 bytes) for SHA512:
|
||||
The key must be up to 32 characters (HEX representation of 16 bytes) for SHA1:
|
||||
|
||||
# Table holding shared secrets for secret-based authorization
|
||||
# (REST API). Shared secret can be stored either in unsecure open
|
||||
@ -827,9 +824,6 @@ Fill in users, for example:
|
||||
$ bin/turnadmin -a -b "/var/db/turndb" -u gorst -r north.gov -p hero
|
||||
$ bin/turnadmin -a -b "/var/db/turndb" -u ninefingers -r north.gov -p youhavetoberealistic
|
||||
|
||||
Long-term credentials mechanism with SHA256 extension:
|
||||
$ bin/turnadmin -a -b "/var/db/turndb" -u bethod -r north.gov -p king-of-north --sha256
|
||||
|
||||
Admin users:
|
||||
|
||||
$ bin/turnadmin -A -b "/var/db/turndb" -u gorst -p hero
|
||||
@ -954,9 +948,6 @@ Fill in users, for example:
|
||||
$ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
|
||||
$ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
|
||||
|
||||
Long-term credentials mechanism with SHA256 extension:
|
||||
$ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
|
||||
|
||||
Admin users:
|
||||
|
||||
$ bin/turnadmin -A -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
|
||||
@ -1009,9 +1000,6 @@ the root account.
|
||||
$ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
|
||||
$ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
|
||||
|
||||
Long-term credentials mechanism with SHA256 extension:
|
||||
$ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
|
||||
|
||||
Admin users:
|
||||
|
||||
$ bin/turnadmin -A -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
|
||||
@ -1138,9 +1126,6 @@ Redis TURN admin commands:
|
||||
$ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u gorst -r north.gov -p hero
|
||||
$ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
|
||||
|
||||
Long-term credentials mechanism with SHA256 extension:
|
||||
$ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
|
||||
|
||||
Admin users:
|
||||
|
||||
$ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u gorst -p hero
|
||||
|
||||
@ -104,11 +104,6 @@ Options with required values:
|
||||
-r, --realm Realm.
|
||||
-p, --password Password.
|
||||
-o, --origin Origin
|
||||
-H, --sha256 Use SHA256 as the keys hash function (a non-standard feature).
|
||||
By default, MD5 is used for the key storage encryption
|
||||
(as required by the current STUN/TURNstandards).
|
||||
-Y, --sha384 Use SHA384 as the keys hash function (a non-standard feature).
|
||||
-K, --sha512 Use SHA512 as the keys hash function (a non-standard feature).
|
||||
--max-bps Set value of realm's max-bps parameter.
|
||||
--total-quota Set value of realm's total-quota parameter.
|
||||
--user-quota Set value of realm's user-quota parameter.
|
||||
|
||||
@ -94,13 +94,6 @@ Flags:
|
||||
-R do negative protocol tests.
|
||||
|
||||
-O DOS attack mode.
|
||||
|
||||
-H SHA256 digest function for message integrity calculation.
|
||||
Without this option, by default, SHA1 is used.
|
||||
|
||||
-Y SHA384 digest function for message integrity calculation.
|
||||
|
||||
-K SHA512 digest function for message integrity calculation.
|
||||
|
||||
-M Use TURN ICE Mobility.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
.\" Text automatically generated by txt2man
|
||||
.TH TURN 1 "10 April 2015" "" ""
|
||||
.TH TURN 1 "11 April 2015" "" ""
|
||||
.SH GENERAL INFORMATION
|
||||
|
||||
\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage
|
||||
@ -184,20 +184,6 @@ Password.
|
||||
Origin
|
||||
.TP
|
||||
.B
|
||||
\fB\-H\fP, \fB\-\-sha256\fP
|
||||
Use SHA256 as the keys hash function (a non\-standard feature).
|
||||
By default, MD5 is used for the key storage encryption
|
||||
(as required by the current STUN/TURNstandards).
|
||||
.TP
|
||||
.B
|
||||
\fB\-Y\fP, \fB\-\-sha384\fP
|
||||
Use SHA384 as the keys hash function (a non\-standard feature).
|
||||
.TP
|
||||
.B
|
||||
\fB\-K\fP, \fB\-\-sha512\fP
|
||||
Use SHA512 as the keys hash function (a non\-standard feature).
|
||||
.TP
|
||||
.B
|
||||
\fB\-\-max\-bps\fP
|
||||
Set value of realm's max\-bps parameter.
|
||||
.TP
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
.\" Text automatically generated by txt2man
|
||||
.TH TURN 1 "10 April 2015" "" ""
|
||||
.TH TURN 1 "11 April 2015" "" ""
|
||||
.SH GENERAL INFORMATION
|
||||
|
||||
The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
.\" Text automatically generated by txt2man
|
||||
.TH TURN 1 "10 April 2015" "" ""
|
||||
.TH TURN 1 "11 April 2015" "" ""
|
||||
.SH GENERAL INFORMATION
|
||||
|
||||
A set of turnutils_* programs provides some utility functionality to be used
|
||||
@ -143,19 +143,6 @@ do negative protocol tests.
|
||||
DOS attack mode.
|
||||
.TP
|
||||
.B
|
||||
\fB\-H\fP
|
||||
SHA256 digest function for message integrity calculation.
|
||||
Without this option, by default, SHA1 is used.
|
||||
.TP
|
||||
.B
|
||||
\fB\-Y\fP
|
||||
SHA384 digest function for message integrity calculation.
|
||||
.TP
|
||||
.B
|
||||
\fB\-K\fP
|
||||
SHA512 digest function for message integrity calculation.
|
||||
.TP
|
||||
.B
|
||||
\fB\-M\fP
|
||||
Use TURN ICE Mobility.
|
||||
.TP
|
||||
|
||||
@ -131,10 +131,6 @@ static char Usage[] =
|
||||
" -N Negative tests (some limited cases only).\n"
|
||||
" -R Negative protocol tests.\n"
|
||||
" -O DOS attack mode (quick connect and exit).\n"
|
||||
" -H SHA256 digest function for message integrity calculation.\n"
|
||||
" Without this option, by default, SHA1 is used.\n"
|
||||
" -Y SHA384 digest function for message integrity calculation.\n"
|
||||
" -K SHA512 digest function for message integrity calculation.\n"
|
||||
" -M ICE Mobility engaged.\n"
|
||||
" -I Do not set permissions on TURN relay endpoints\n"
|
||||
" (for testing the non-standard server relay functionality).\n"
|
||||
@ -166,39 +162,6 @@ static char Usage[] =
|
||||
|
||||
//////////////////////////////////////////////////
|
||||
|
||||
void recalculate_restapi_hmac(SHATYPE st) {
|
||||
|
||||
if (g_use_auth_secret_with_timestamp) {
|
||||
|
||||
u08bits hmac[MAXSHASIZE];
|
||||
unsigned int hmac_len = 0;
|
||||
|
||||
if(st == SHATYPE_SHA256)
|
||||
hmac_len = SHA256SIZEBYTES;
|
||||
else if(st == SHATYPE_SHA384)
|
||||
hmac_len = SHA384SIZEBYTES;
|
||||
else if(st == SHATYPE_SHA512)
|
||||
hmac_len = SHA512SIZEBYTES;
|
||||
|
||||
hmac[0] = 0;
|
||||
|
||||
if (stun_calculate_hmac(g_uname, strlen((char*) g_uname),
|
||||
(u08bits*) g_auth_secret, strlen(g_auth_secret), hmac,
|
||||
&hmac_len, st) >= 0) {
|
||||
size_t pwd_length = 0;
|
||||
char *pwd = base64_encode(hmac, hmac_len, &pwd_length);
|
||||
|
||||
if (pwd) {
|
||||
if (pwd_length > 0) {
|
||||
ns_bcopy(pwd,g_upwd,pwd_length);
|
||||
g_upwd[pwd_length] = 0;
|
||||
}
|
||||
}
|
||||
turn_free(pwd,strlen(pwd)+1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int port = 0;
|
||||
@ -220,7 +183,7 @@ int main(int argc, char **argv)
|
||||
|
||||
ns_bzero(local_addr, sizeof(local_addr));
|
||||
|
||||
while ((c = getopt(argc, argv, "a:d:p:l:n:L:m:e:r:u:w:i:k:z:W:C:E:F:o:bZvsyhcxXgtTSAPDNOUHYKMRIGBJ")) != -1) {
|
||||
while ((c = getopt(argc, argv, "a:d:p:l:n:L:m:e:r:u:w:i:k:z:W:C:E:F:o:bZvsyhcxXgtTSAPDNOUMRIGBJ")) != -1) {
|
||||
switch (c){
|
||||
case 'J': {
|
||||
|
||||
@ -271,15 +234,6 @@ int main(int argc, char **argv)
|
||||
case 'M':
|
||||
mobility = 1;
|
||||
break;
|
||||
case 'H':
|
||||
shatype = SHATYPE_SHA256;
|
||||
break;
|
||||
case 'Y':
|
||||
shatype = SHATYPE_SHA384;
|
||||
break;
|
||||
case 'K':
|
||||
shatype = SHATYPE_SHA512;
|
||||
break;
|
||||
case 'E':
|
||||
{
|
||||
char* fn = find_config_file(optarg,1);
|
||||
|
||||
@ -110,8 +110,6 @@ turn_credential_type get_turn_credentials_type(void);
|
||||
int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
|
||||
int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
|
||||
|
||||
void recalculate_restapi_hmac(SHATYPE st);
|
||||
|
||||
SOCKET_TYPE get_socket_type(void);
|
||||
|
||||
////////////////////////////////////////////
|
||||
|
||||
Loading…
Reference in New Issue
Block a user