mirror of
https://github.com/coturn/coturn.git
synced 2025-11-02 16:01:24 +01:00
oauth cleaning
This commit is contained in:
mom040267
parent
2ddd6d4c9e
commit
2b0c9c0cde
@ -52,7 +52,7 @@ static const char* hmacs[]={"HMAC-SHA-1","HMAC-SHA-256","HMAC-SHA-256-128",NULL}
|
||||
void print_field5769(const char* name, const void* f0, size_t len);
|
||||
void print_field5769(const char* name, const void* f0, size_t len) {
|
||||
const unsigned char* f = (const unsigned char*)f0;
|
||||
printf("\nfield %s==>>\n",name);
|
||||
printf("\nfield %s %lu==>>\n",name,(unsigned long)len);
|
||||
size_t i;
|
||||
for(i = 0;i<len;++i) {
|
||||
printf("\\x%x",(unsigned int)f[i]);
|
||||
@ -76,13 +76,17 @@ static int check_oauth(void) {
|
||||
|
||||
const char mac_key[33] = "ZksjpweoixXmvn67534m";
|
||||
const size_t mac_key_length=strlen(mac_key);
|
||||
const uint64_t token_timestamp = 1234567890;
|
||||
uint64_t token_timestamp0 = turn_time();
|
||||
const uint64_t token_timestamp = token_timestamp0 << 16;
|
||||
printf("key timestamp: %llu\n",(unsigned long long)token_timestamp);
|
||||
const uint32_t token_lifetime = 3600;
|
||||
|
||||
const char kid[33] = "2783466234";
|
||||
const turn_time_t key_timestamp = 1234567890;
|
||||
const turn_time_t key_lifetime = 3600;
|
||||
|
||||
const char aead_nonce[OAUTH_AEAD_NONCE_SIZE+1] = "h4j3k2l2n4b5";
|
||||
|
||||
for (i_hmacs = 0; hmacs[i_hmacs]; ++i_hmacs) {
|
||||
|
||||
for (i_shas = 0; shas[i_shas]; ++i_shas) {
|
||||
@ -98,14 +102,17 @@ static int check_oauth(void) {
|
||||
ot.enc_block.lifetime = token_lifetime;
|
||||
|
||||
oauth_token dot;
|
||||
ns_bzero((&dot),sizeof(dot));
|
||||
oauth_key key;
|
||||
ns_bzero(&key,sizeof(key));
|
||||
|
||||
{
|
||||
oauth_key_data okd;
|
||||
ns_bzero(&okd,sizeof(okd));
|
||||
|
||||
{
|
||||
oauth_key_data_raw okdr;
|
||||
ns_bzero(&okdr,sizeof(okdr));
|
||||
|
||||
STRCPY(okdr.kid,kid);
|
||||
STRCPY(okdr.ikm_key,base64encoded_ltp);
|
||||
@ -133,9 +140,10 @@ static int check_oauth(void) {
|
||||
|
||||
{
|
||||
encoded_oauth_token etoken;
|
||||
ns_bzero(&etoken,sizeof(etoken));
|
||||
|
||||
if (encode_oauth_token((const u08bits *) server_name, &etoken,
|
||||
&key, &ot) < 0) {
|
||||
&key, &ot, (const u08bits*)aead_nonce) < 0) {
|
||||
fprintf(stderr, "%s: cannot encode oauth token\n",
|
||||
__FUNCTION__);
|
||||
return -1;
|
||||
|
||||
@ -2006,11 +2006,14 @@ static int encode_oauth_token_normal(const u08bits *server_name, encoded_oauth_t
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_EncryptInit_ex(&ctx, cipher, NULL, (const unsigned char *)key->as_rs_key, NULL);
|
||||
EVP_CIPHER_CTX_set_padding(&ctx,1);
|
||||
int outl=0;
|
||||
my_EVP_EncryptUpdate(&ctx, encoded_field, &outl, orig_field, (int)len);
|
||||
int tmp_outl = 0;
|
||||
EVP_EncryptFinal_ex(&ctx, encoded_field + outl, &tmp_outl);
|
||||
outl += tmp_outl;
|
||||
if(outl % OAUTH_ENC_ALG_BLOCK_SIZE) {
|
||||
int tmp_outl = 0;
|
||||
EVP_EncryptFinal_ex(&ctx, encoded_field + outl, &tmp_outl);
|
||||
outl += tmp_outl;
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
|
||||
@ -2089,6 +2092,7 @@ static int decode_oauth_token_normal(const u08bits *server_name, const encoded_o
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_DecryptInit_ex(&ctx, cipher, NULL, (const unsigned char *)key->as_rs_key, NULL);
|
||||
EVP_CIPHER_CTX_set_padding(&ctx,1);
|
||||
int outl=0;
|
||||
my_EVP_DecryptUpdate(&ctx, decoded_field, &outl, encoded_field, (int)encoded_field_size);
|
||||
|
||||
@ -2128,7 +2132,7 @@ static void generate_random_nonce(unsigned char *nonce, size_t sz) {
|
||||
}
|
||||
}
|
||||
|
||||
static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken)
|
||||
static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken, const u08bits* nonce0)
|
||||
{
|
||||
if(server_name && etoken && key && dtoken && (dtoken->enc_block.key_length<128)) {
|
||||
|
||||
@ -2155,7 +2159,11 @@ static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_tok
|
||||
unsigned char *encoded_field = (unsigned char*)etoken->token;
|
||||
|
||||
unsigned char nonce[OAUTH_AEAD_NONCE_SIZE];
|
||||
generate_random_nonce(nonce, sizeof(nonce));
|
||||
if(nonce0) {
|
||||
ns_bcopy(nonce0,nonce,sizeof(nonce));
|
||||
} else {
|
||||
generate_random_nonce(nonce, sizeof(nonce));
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
@ -2164,6 +2172,8 @@ static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_tok
|
||||
if(1 != EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL))
|
||||
return -1;
|
||||
|
||||
EVP_CIPHER_CTX_set_padding(&ctx,1);
|
||||
|
||||
/* Set IV length if default 12 bytes (96 bits) is not appropriate */
|
||||
if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, OAUTH_AEAD_NONCE_SIZE, NULL))
|
||||
return -1;
|
||||
@ -2181,6 +2191,8 @@ static int encode_oauth_token_aead(const u08bits *server_name, encoded_oauth_tok
|
||||
if(1 != my_EVP_EncryptUpdate(&ctx, NULL, &outl, server_name, (int)sn_len))
|
||||
return -1;
|
||||
|
||||
outl=0;
|
||||
|
||||
if(1 != my_EVP_EncryptUpdate(&ctx, encoded_field, &outl, orig_field, (int)len))
|
||||
return -1;
|
||||
|
||||
@ -2232,6 +2244,8 @@ static int decode_oauth_token_aead(const u08bits *server_name, const encoded_oau
|
||||
if(1 != EVP_DecryptInit_ex(&ctx, cipher, NULL, NULL, NULL))
|
||||
return -1;
|
||||
|
||||
EVP_CIPHER_CTX_set_padding(&ctx,1);
|
||||
|
||||
/* Set IV length if default 12 bytes (96 bits) is not appropriate */
|
||||
if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, OAUTH_AEAD_NONCE_SIZE, NULL))
|
||||
return -1;
|
||||
@ -2285,8 +2299,9 @@ static int decode_oauth_token_aead(const u08bits *server_name, const encoded_oau
|
||||
|
||||
#endif
|
||||
|
||||
int encode_oauth_token(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken)
|
||||
int encode_oauth_token(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken, const u08bits *nonce)
|
||||
{
|
||||
UNUSED_ARG(nonce);
|
||||
if(server_name && etoken && key && dtoken) {
|
||||
switch(key->as_rs_alg) {
|
||||
case AES_256_CBC:
|
||||
@ -2295,7 +2310,7 @@ int encode_oauth_token(const u08bits *server_name, encoded_oauth_token *etoken,
|
||||
#if !defined(TURN_NO_GCM)
|
||||
case AEAD_AES_128_GCM:
|
||||
case AEAD_AES_256_GCM:
|
||||
return encode_oauth_token_aead(server_name, etoken,key,dtoken);
|
||||
return encode_oauth_token_aead(server_name, etoken,key,dtoken,nonce);
|
||||
#endif
|
||||
default:
|
||||
fprintf(stderr,"Wrong AS_RS algorithm: %d\n",(int)key->as_rs_alg);
|
||||
|
||||
@ -212,7 +212,7 @@ int is_http_get(const char *s, size_t blen);
|
||||
/* OAUTH */
|
||||
int convert_oauth_key_data(const oauth_key_data *oakd, oauth_key *key, char *err_msg, size_t err_msg_size);
|
||||
int decode_oauth_token(const u08bits *server_name, const encoded_oauth_token *etoken, const oauth_key *key, oauth_token *dtoken);
|
||||
int encode_oauth_token(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken);
|
||||
int encode_oauth_token(const u08bits *server_name, encoded_oauth_token *etoken, const oauth_key *key, const oauth_token *dtoken, const u08bits *nonce);
|
||||
|
||||
///////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
@ -109,6 +109,7 @@ typedef enum _AUTH_ALG AUTH_ALG;
|
||||
#define OAUTH_KEY_SIZE (256)
|
||||
#define OAUTH_AEAD_NONCE_SIZE (12)
|
||||
#define OAUTH_AEAD_TAG_SIZE (16)
|
||||
#define OAUTH_ENC_ALG_BLOCK_SIZE (16)
|
||||
|
||||
#define OAUTH_DEFAULT_LIFETIME (0)
|
||||
#define OAUTH_DEFAULT_TIMESTAMP (turn_time())
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user