mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-11-01 07:21:04 +01:00
Code Issues Projects Releases Wiki Activity

AEAD added

Browse Source
This commit is contained in:
mom040267 2014-08-28 16:05:12 +00:00
parent 294d7906ed
commit 01ba5fbffe
6 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/client/ns_turn_msg.c
View File

@ -1678,9 +1678,9 @@ static size_t calculate_enc_key_length(ENC_ALG a)
{
switch(a) {
case AES_128_CBC:
case AEAD_AES_128_CCM:
case AEAD_AES_128_GCM:
return 16;
case AES_256_CBC:
return 32;
default:
;
};
@ -1821,6 +1821,14 @@ int convert_oauth_key_data(oauth_key_data *oakd, oauth_key *key, char *err_msg,
key->as_rs_alg = AES_128_CBC;
} else if(!strcmp(oakd->as_rs_alg,"AES-256-CBC")) {
key->as_rs_alg = AES_256_CBC;
} else if(!strcmp(oakd->as_rs_alg,"AEAD-AES-128-GCM")) {
key->as_rs_alg = AEAD_AES_128_GCM;
} else if(!strcmp(oakd->as_rs_alg,"AEAD-AES-256-GCM")) {
key->as_rs_alg = AEAD_AES_256_GCM;
} else if(!strcmp(oakd->as_rs_alg,"AEAD-AES-128-CCM")) {
key->as_rs_alg = AEAD_AES_128_CCM;
} else if(!strcmp(oakd->as_rs_alg,"AEAD_AES_256_CCM")) {
key->as_rs_alg = AEAD_AES_256_CCM;
} else if(oakd->as_rs_alg[0]) {
if(err_msg) {
snprintf(err_msg,err_msg_size,"Wrong oAuth token encryption algorithm: %s",oakd->as_rs_alg);

4
src/client/ns_turn_msg_defs_new.h
View File

@ -73,6 +73,10 @@ enum _ENC_ALG {
ENC_ALG_DEFAULT=0,
AES_256_CBC=ENC_ALG_DEFAULT,
AES_128_CBC,
AEAD_AES_128_GCM,
AEAD_AES_256_GCM,
AEAD_AES_128_CCM,
AEAD_AES_256_CCM,
ENG_ALG_NUM
};

10
turndb/schema.userdb.redis
View File

@ -56,15 +56,17 @@ and they will be almost immediately "seen" by the turnserver process.
are defined explicitly in the database;
as_rs_alg - oAuth token encryption algorithm; the valid values are
"AES-128-CBC" and "AES-256-CBC", with "AES-256-CBC" as default;
"AES-128-CBC" and "AES-256-CBC", , "AEAD-AES-128-GCM",
"AEAD-AES-256-GCM", "AEAD-AES-128-CCM", "AEAD-AES-256-CCM".
The default value is "AES-256-CBC";
as_rs_key - (optional) base64-encoded AS-RS key. If not defined, then
calculated with ikm_key and hkdf_hash_func. The as_rs_key length
is defined by as_rs_alg.
auth_alg - oAuth token authentication algorithm; the valid values are
"HMAC-SHA-256-128", "HMAC-SHA-256" and "HMAC-SHA-1", with
"HMAC-SHA-256-128" as default;
auth_alg - (optional) oAuth token authentication algorithm; the valid values are
"HMAC-SHA-256-128", "HMAC-SHA-256" and "HMAC-SHA-1".
The default value is "HMAC-SHA-256-128".
auth_key - (optional) base64-encoded AUTH key. If not defined, then
calculated with ikm_key and hkdf_hash_func. The auth_key length

12
turndb/testmongosetup.sh
View File

@ -41,7 +41,17 @@ db.allowed_peer_ip.insert({ ip_range: '172.17.13.200' });
db.denied_peer_ip.insert({ ip_range: '172.17.13.133-172.17.14.56' });
db.denied_peer_ip.insert({ ip_range: '123::45' });
db.oauth_key.insert({ kid: 'north', ikm_key: 'Y2FybGVvbg==', hkdf_hash_func: 'SHA-256', as_rs_alg: 'AES-256-CBC', auth_alg: 'HMAC-SHA-256-128' });
db.oauth_key.insert({ kid: 'north',
ikm_key: 'Y2FybGVvbg==',
hkdf_hash_func: 'SHA-256',
as_rs_alg: 'AES-256-CBC',
auth_alg: 'HMAC-SHA-256-128' });
db.oauth_key.insert({ kid: 'oldempire',
ikm_key: 'YXVsY3Vz',
hkdf_hash_func: 'SHA-256',
as_rs_alg: 'AEAD-AES-256-GCM',
auth_alg: '' });
exit

1
turndb/testredisdbsetup.sh
View File

@ -39,6 +39,7 @@ set turn/denied-peer-ip/234567 "123::45"
set turn/allowed-peer-ip/345678 "172.17.13.200"
hmset turn/oauth/kid/north ikm_key Y2FybGVvbg== hkdf_hash_func 'SHA-256' as_rs_alg 'AES-256-CBC' auth_alg 'HMAC-SHA-256-128'
hmset turn/oauth/kid/oldempire ikm_key YXVsY3Vz hkdf_hash_func 'SHA-256' as_rs_alg 'AEAD-AES-256-GCM'
save

1
turndb/testsqldbsetup.sql
View File

@ -28,5 +28,6 @@ insert into denied_peer_ip (ip_range) values('172.17.13.133-172.17.14.56');
insert into denied_peer_ip (ip_range) values('123::45');
insert into oauth_key (kid,ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key) values('north','Y2FybGVvbg==',0,0,'SHA-256','AES-256-CBC','','HMAC-SHA-256-128','');
insert into oauth_key (kid,ikm_key,timestamp,lifetime,hkdf_hash_func,as_rs_alg,as_rs_key,auth_alg,auth_key) values('oldempire','YXVsY3Vz',0,0,'SHA-256','AEAD-AES-256-GCM','','','');
);