master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

retiring --sha256, etc

Browse Source
This commit is contained in:
mom040267 2015-04-11 07:53:30 +00:00
parent 4424b3c92a
commit 676843bf09
8 changed files with 6 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
INSTALL
View File

@ -470,7 +470,7 @@ libevent2 from their web site. It was tested with older *NIXes
NOTE: SQLite must be of version 3.x. NOTE: SQLite must be of version 3.x.
NOTE: For extra security features (DTLS and SHA256 and and SHA384 and SHA512) NOTE: For extra security features (like DTLS)
support, OpenSSL version 1.0.0a or newer is recommended. Older versions do support, OpenSSL version 1.0.0a or newer is recommended. Older versions do
not support DTLS, reliably, in some cases. For example, the Debian 'Squeeze' not support DTLS, reliably, in some cases. For example, the Debian 'Squeeze'
Linux supplies 0.9.8 version of OpenSSL, that does not work correctly with Linux supplies 0.9.8 version of OpenSSL, that does not work correctly with
@ -683,10 +683,7 @@ security reasons. Storing only the HMAC key has its own implications -
if you change the realm, you will have to update the HMAC keys of all if you change the realm, you will have to update the HMAC keys of all
users, because the realm is used for the HMAC key generation. users, because the realm is used for the HMAC key generation.
The key must be up to 32 characters (HEX representation of 16 bytes) for SHA1, The key must be up to 32 characters (HEX representation of 16 bytes) for SHA1:
or up to 64 characters (HEX representation of 32 bytes) for SHA256,
or up to 96 characters (HEX representation of 48 bytes) for SHA384,
or up to 128 characters (HEX representation of 64 bytes) for SHA512:
# Table holding shared secrets for secret-based authorization # Table holding shared secrets for secret-based authorization
# (REST API). Shared secret can be stored either in unsecure open # (REST API). Shared secret can be stored either in unsecure open
@ -827,9 +824,6 @@ Fill in users, for example:
$ bin/turnadmin -a -b "/var/db/turndb" -u gorst -r north.gov -p hero $ bin/turnadmin -a -b "/var/db/turndb" -u gorst -r north.gov -p hero
$ bin/turnadmin -a -b "/var/db/turndb" -u ninefingers -r north.gov -p youhavetoberealistic $ bin/turnadmin -a -b "/var/db/turndb" -u ninefingers -r north.gov -p youhavetoberealistic
Long-term credentials mechanism with SHA256 extension:
$ bin/turnadmin -a -b "/var/db/turndb" -u bethod -r north.gov -p king-of-north --sha256
Admin users: Admin users:
$ bin/turnadmin -A -b "/var/db/turndb" -u gorst -p hero $ bin/turnadmin -A -b "/var/db/turndb" -u gorst -p hero
@ -954,9 +948,6 @@ Fill in users, for example:
$ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
$ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic $ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
Long-term credentials mechanism with SHA256 extension:
$ bin/turnadmin -a -e "host=localhost dbname=coturn user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
Admin users: Admin users:
$ bin/turnadmin -A -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero $ bin/turnadmin -A -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
@ -1009,9 +1000,6 @@ the root account.
$ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -r north.gov -p hero
$ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic $ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
Long-term credentials mechanism with SHA256 extension:
$ bin/turnadmin -a -M "host=localhost dbname=coturn user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
Admin users: Admin users:
$ bin/turnadmin -A -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero $ bin/turnadmin -A -M "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero
@ -1138,9 +1126,6 @@ Redis TURN admin commands:
$ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u gorst -r north.gov -p hero $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u gorst -r north.gov -p hero
$ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic $ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
Long-term credentials mechanism with SHA256 extension:
$ bin/turnadmin -a -N "host=localhost dbname=2 user=turn password=turn" -u bethod -r north.gov -p king-of-north --sha256
Admin users: Admin users:
$ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u gorst -p hero $ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u gorst -p hero

5
README.turnadmin
View File

@ -104,11 +104,6 @@ Options with required values:
-r, --realm Realm. -r, --realm Realm.
-p, --password Password. -p, --password Password.
-o, --origin Origin -o, --origin Origin
-H, --sha256 Use SHA256 as the keys hash function (a non-standard feature).
By default, MD5 is used for the key storage encryption
(as required by the current STUN/TURNstandards).
-Y, --sha384 Use SHA384 as the keys hash function (a non-standard feature).
-K, --sha512 Use SHA512 as the keys hash function (a non-standard feature).
--max-bps Set value of realm's max-bps parameter. --max-bps Set value of realm's max-bps parameter.
--total-quota Set value of realm's total-quota parameter. --total-quota Set value of realm's total-quota parameter.
--user-quota Set value of realm's user-quota parameter. --user-quota Set value of realm's user-quota parameter.

7
README.turnutils
View File

@ -94,13 +94,6 @@ Flags:
-R do negative protocol tests. -R do negative protocol tests.
-O DOS attack mode. -O DOS attack mode.
-H SHA256 digest function for message integrity calculation.
Without this option, by default, SHA1 is used.
-Y SHA384 digest function for message integrity calculation.
-K SHA512 digest function for message integrity calculation.
-M Use TURN ICE Mobility. -M Use TURN ICE Mobility.

16
man/man1/turnadmin.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man .\" Text automatically generated by txt2man
.TH TURN 1 "10 April 2015" "" "" .TH TURN 1 "11 April 2015" "" ""
.SH GENERAL INFORMATION .SH GENERAL INFORMATION
\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage
@ -184,20 +184,6 @@ Password.
Origin Origin
.TP .TP
.B .B
\fB\-H\fP, \fB\-\-sha256\fP
Use SHA256 as the keys hash function (a non\-standard feature).
By default, MD5 is used for the key storage encryption
(as required by the current STUN/TURNstandards).
.TP
.B
\fB\-Y\fP, \fB\-\-sha384\fP
Use SHA384 as the keys hash function (a non\-standard feature).
.TP
.B
\fB\-K\fP, \fB\-\-sha512\fP
Use SHA512 as the keys hash function (a non\-standard feature).
.TP
.B
\fB\-\-max\-bps\fP \fB\-\-max\-bps\fP
Set value of realm's max\-bps parameter. Set value of realm's max\-bps parameter.
.TP .TP

2
man/man1/turnserver.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man .\" Text automatically generated by txt2man
.TH TURN 1 "10 April 2015" "" "" .TH TURN 1 "11 April 2015" "" ""
.SH GENERAL INFORMATION .SH GENERAL INFORMATION
The \fBTURN Server\fP project contains the source code of a TURN server and TURN client The \fBTURN Server\fP project contains the source code of a TURN server and TURN client

15
man/man1/turnutils.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man .\" Text automatically generated by txt2man
.TH TURN 1 "10 April 2015" "" "" .TH TURN 1 "11 April 2015" "" ""
.SH GENERAL INFORMATION .SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used A set of turnutils_* programs provides some utility functionality to be used
@ -143,19 +143,6 @@ do negative protocol tests.
DOS attack mode. DOS attack mode.
.TP .TP
.B .B
\fB\-H\fP
SHA256 digest function for message integrity calculation.
Without this option, by default, SHA1 is used.
.TP
.B
\fB\-Y\fP
SHA384 digest function for message integrity calculation.
.TP
.B
\fB\-K\fP
SHA512 digest function for message integrity calculation.
.TP
.B
\fB\-M\fP \fB\-M\fP
Use TURN ICE Mobility. Use TURN ICE Mobility.
.TP .TP

48
src/apps/uclient/mainuclient.c
View File

@ -131,10 +131,6 @@ static char Usage[] =
" -N Negative tests (some limited cases only).\n" " -N Negative tests (some limited cases only).\n"
" -R Negative protocol tests.\n" " -R Negative protocol tests.\n"
" -O DOS attack mode (quick connect and exit).\n" " -O DOS attack mode (quick connect and exit).\n"
" -H SHA256 digest function for message integrity calculation.\n"
" Without this option, by default, SHA1 is used.\n"
" -Y SHA384 digest function for message integrity calculation.\n"
" -K SHA512 digest function for message integrity calculation.\n"
" -M ICE Mobility engaged.\n" " -M ICE Mobility engaged.\n"
" -I Do not set permissions on TURN relay endpoints\n" " -I Do not set permissions on TURN relay endpoints\n"
" (for testing the non-standard server relay functionality).\n" " (for testing the non-standard server relay functionality).\n"
@ -166,39 +162,6 @@ static char Usage[] =
////////////////////////////////////////////////// //////////////////////////////////////////////////
void recalculate_restapi_hmac(SHATYPE st) {
if (g_use_auth_secret_with_timestamp) {
u08bits hmac[MAXSHASIZE];
unsigned int hmac_len = 0;
if(st == SHATYPE_SHA256)
hmac_len = SHA256SIZEBYTES;
else if(st == SHATYPE_SHA384)
hmac_len = SHA384SIZEBYTES;
else if(st == SHATYPE_SHA512)
hmac_len = SHA512SIZEBYTES;
hmac[0] = 0;
if (stun_calculate_hmac(g_uname, strlen((char*) g_uname),
(u08bits*) g_auth_secret, strlen(g_auth_secret), hmac,
&hmac_len, st) >= 0) {
size_t pwd_length = 0;
char *pwd = base64_encode(hmac, hmac_len, &pwd_length);
if (pwd) {
if (pwd_length > 0) {
ns_bcopy(pwd,g_upwd,pwd_length);
g_upwd[pwd_length] = 0;
}
}
turn_free(pwd,strlen(pwd)+1);
}
}
}
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
int port = 0; int port = 0;
@ -220,7 +183,7 @@ int main(int argc, char **argv)
ns_bzero(local_addr, sizeof(local_addr)); ns_bzero(local_addr, sizeof(local_addr));
while ((c = getopt(argc, argv, "a:d:p:l:n:L:m:e:r:u:w:i:k:z:W:C:E:F:o:bZvsyhcxXgtTSAPDNOUHYKMRIGBJ")) != -1) { while ((c = getopt(argc, argv, "a:d:p:l:n:L:m:e:r:u:w:i:k:z:W:C:E:F:o:bZvsyhcxXgtTSAPDNOUMRIGBJ")) != -1) {
switch (c){ switch (c){
case 'J': { case 'J': {
@ -271,15 +234,6 @@ int main(int argc, char **argv)
case 'M': case 'M':
mobility = 1; mobility = 1;
break; break;
case 'H':
shatype = SHATYPE_SHA256;
break;
case 'Y':
shatype = SHATYPE_SHA384;
break;
case 'K':
shatype = SHATYPE_SHA512;
break;
case 'E': case 'E':
{ {
char* fn = find_config_file(optarg,1); char* fn = find_config_file(optarg,1);

2
src/apps/uclient/uclient.h
View File

@ -110,8 +110,6 @@ turn_credential_type get_turn_credentials_type(void);
int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message); int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message); int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message);
void recalculate_restapi_hmac(SHATYPE st);
SOCKET_TYPE get_socket_type(void); SOCKET_TYPE get_socket_type(void);
//////////////////////////////////////////// ////////////////////////////////////////////