diff --git a/INSTALL b/INSTALL
index 1318c3d8..583ee409 100644
--- a/INSTALL
+++ b/INSTALL
@@ -760,9 +760,9 @@ The oauth_key table fields meanings are:
is 0 - unlimited lifetime.
as_rs_alg - oAuth token encryption algorithm; the valid values are
- "A256GCMKW", "A128GCMKW" (see
- http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1).
- The default value is "A256GCMKW";
+ "A256GCM", "A128GCM" (see
+ http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.1).
+ The default value is "A256GCM";
# Https access admin users.
# Leave this table empty if you do not want
diff --git a/examples/var/db/turndb b/examples/var/db/turndb
index 2459c11e..bcae52e8 100644
Binary files a/examples/var/db/turndb and b/examples/var/db/turndb differ
diff --git a/src/apps/relay/turn_admin_server.c b/src/apps/relay/turn_admin_server.c
index 05754a05..4ab4dc7d 100644
--- a/src/apps/relay/turn_admin_server.c
+++ b/src/apps/relay/turn_admin_server.c
@@ -2973,23 +2973,23 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
str_buffer_append(sb,"
Token encryption algorithm (required):
\r\n");
if(!add_tea || !add_tea[0])
- add_tea = "A256GCMKW";
+ add_tea = "A256GCM";
str_buffer_append(sb,"A128GCMKW\r\n
\r\n");
+ str_buffer_append(sb,">A128GCM\r\n
\r\n");
str_buffer_append(sb,"A256GCMKW\r\n
\r\n");
+ str_buffer_append(sb,">A256GCM\r\n
\r\n");
}
str_buffer_append(sb,"\r\n\r\n");
diff --git a/src/apps/rfc5769/rfc5769check.c b/src/apps/rfc5769/rfc5769check.c
index 712483b4..c8b2f129 100644
--- a/src/apps/rfc5769/rfc5769check.c
+++ b/src/apps/rfc5769/rfc5769check.c
@@ -43,7 +43,7 @@
static const char* encs[]={
#if !defined(TURN_NO_GCM)
- "A128GCMKW", "A256GCMKW",
+ "A128GCM", "A256GCM",
#endif
NULL};
diff --git a/src/apps/uclient/mainuclient.c b/src/apps/uclient/mainuclient.c
index 24316a8a..bfef972d 100644
--- a/src/apps/uclient/mainuclient.c
+++ b/src/apps/uclient/mainuclient.c
@@ -102,9 +102,9 @@ int oauth = 0;
oauth_key okey_array[3];
static oauth_key_data_raw okdr_array[3] = {
- {"north","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK",0,0,"A256GCMKW"},
- {"union","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK",0,0,"A128GCMKW"},
- {"oldempire","MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK",0,0,"A256GCMKW"}
+ {"north","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK",0,0,"A256GCM"},
+ {"union","MTIzNDU2Nzg5MDEyMzQ1Ngo=",0,0,"A128GCM"},
+ {"oldempire","MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK",0,0,"A256GCM"}
};
//////////////// local definitions /////////////////
diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c
index f8f2ddb7..dfce883e 100644
--- a/src/client/ns_turn_msg.c
+++ b/src/client/ns_turn_msg.c
@@ -2002,7 +2002,7 @@ static void normalize_algorithm(char *s)
static size_t calculate_enc_key_length(ENC_ALG a)
{
switch(a) {
- case A128GCMKW:
+ case A128GCM:
return 16;
default:
break;
@@ -2015,8 +2015,8 @@ static size_t calculate_auth_key_length(ENC_ALG a)
{
switch(a) {
#if !defined(TURN_NO_GCM)
- case A256GCMKW:
- case A128GCMKW:
+ case A256GCM:
+ case A128GCM:
return 0;
#endif
default:
@@ -2079,12 +2079,12 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
key->as_rs_alg = ENC_ALG_DEFAULT;
#if !defined(TURN_NO_GCM)
- if(!strcmp(oakd->as_rs_alg,"A128GCMKW")) {
- key->as_rs_alg = A128GCMKW;
+ if(!strcmp(oakd->as_rs_alg,"A128GCM")) {
+ key->as_rs_alg = A128GCM;
key->auth_key_size = 0;
key->auth_key[0] = 0;
- } else if(!strcmp(oakd->as_rs_alg,"A256GCMKW")) {
- key->as_rs_alg = A256GCMKW;
+ } else if(!strcmp(oakd->as_rs_alg,"A256GCM")) {
+ key->as_rs_alg = A256GCM;
key->auth_key_size = 0;
key->auth_key[0] = 0;
} else if(oakd->as_rs_alg[0])
@@ -2117,9 +2117,9 @@ static const EVP_CIPHER *get_cipher_type(ENC_ALG enc_alg)
{
switch(enc_alg) {
#if !defined(TURN_NO_GCM)
- case A128GCMKW:
+ case A128GCM:
return EVP_aes_128_gcm();
- case A256GCMKW:
+ case A256GCM:
return EVP_aes_256_gcm();
#endif
default:
@@ -2546,8 +2546,8 @@ int encode_oauth_token(const u08bits *server_name, encoded_oauth_token *etoken,
if(server_name && etoken && key && dtoken) {
switch(key->as_rs_alg) {
#if !defined(TURN_NO_GCM)
- case A256GCMKW:
- case A128GCMKW:
+ case A256GCM:
+ case A128GCM:
return encode_oauth_token_aead(server_name, etoken,key,dtoken,nonce);
#endif
default:
@@ -2563,8 +2563,8 @@ int decode_oauth_token(const u08bits *server_name, const encoded_oauth_token *et
if(server_name && etoken && key && dtoken) {
switch(key->as_rs_alg) {
#if !defined(TURN_NO_GCM)
- case A256GCMKW:
- case A128GCMKW:
+ case A256GCM:
+ case A128GCM:
return decode_oauth_token_aead(server_name, etoken,key,dtoken);
#endif
default:
diff --git a/src/client/ns_turn_msg_defs_new.h b/src/client/ns_turn_msg_defs_new.h
index 9a0d3732..122d3d13 100644
--- a/src/client/ns_turn_msg_defs_new.h
+++ b/src/client/ns_turn_msg_defs_new.h
@@ -74,8 +74,8 @@ enum _ENC_ALG {
ENC_ALG_ERROR=-1,
ENC_ALG_DEFAULT=0,
#if !defined(TURN_NO_GCM)
- A256GCMKW=ENC_ALG_DEFAULT,
- A128GCMKW,
+ A256GCM=ENC_ALG_DEFAULT,
+ A128GCM,
#endif
ENG_ALG_NUM
};
diff --git a/turndb/schema.userdb.redis b/turndb/schema.userdb.redis
index 354190bf..e57c0a14 100644
--- a/turndb/schema.userdb.redis
+++ b/turndb/schema.userdb.redis
@@ -43,9 +43,9 @@ and they will be almost immediately "seen" by the turnserver process.
is 0 - unlimited lifetime.
as_rs_alg - oAuth token encryption algorithm; the valid values are
- "A256GCMKW", "A128GCMKW" (see
- http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1).
- The default value is "A256GCMKW".
+ "A256GCM", "A128GCM" (see
+ http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.1).
+ The default value is "A256GCM".
5) admin users (over https interface) are maintained as keys of form:
"turn/admin_user/ with hash members "password" and,
@@ -117,7 +117,7 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
sadd turn/realm/crinna.org/denied-peer-ip "123::77"
-hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCMKW'
+hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCM'
hmset turn/admin_user/skarling realm 'north.gov' password 'hoodless'
hmset turn/admin_user/bayaz password 'magi'
diff --git a/turndb/testmongosetup.sh b/turndb/testmongosetup.sh
index de75bd5b..e1c5021b 100755
--- a/turndb/testmongosetup.sh
+++ b/turndb/testmongosetup.sh
@@ -56,13 +56,13 @@ db.realm.insert({
db.oauth_key.insert({ kid: 'north',
ikm_key: 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',
- as_rs_alg: 'A256GCMKW'});
+ as_rs_alg: 'A256GCM'});
db.oauth_key.insert({ kid: 'union',
- ikm_key: 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK',
- as_rs_alg: 'A128GCMKW'});
+ ikm_key: 'MTIzNDU2Nzg5MDEyMzQ1Ngo=',
+ as_rs_alg: 'A128GCM'});
db.oauth_key.insert({ kid: 'oldempire',
ikm_key: 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK',
- as_rs_alg: 'A256GCMKW'});
+ as_rs_alg: 'A256GCM'});
exit
diff --git a/turndb/testredisdbsetup.sh b/turndb/testredisdbsetup.sh
index ab685398..9c7196b7 100755
--- a/turndb/testredisdbsetup.sh
+++ b/turndb/testredisdbsetup.sh
@@ -38,9 +38,9 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
sadd turn/realm/crinna.org/denied-peer-ip "123::77"
-hmset turn/oauth/kid/north ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK' as_rs_alg 'A256GCMKW'
-hmset turn/oauth/kid/union ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK' as_rs_alg 'A128GCMKW'
-hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCMKW'
+hmset turn/oauth/kid/north ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK' as_rs_alg 'A256GCM'
+hmset turn/oauth/kid/union ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Ngo=' as_rs_alg 'A128GCM'
+hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCM'
hmset turn/admin_user/skarling realm 'north.gov' password '\$5\$6fc35c3b0c7d4633\$27fca7574f9b79d0cb93ae03e45379470cbbdfcacdd6401f97ebc620f31f54f2'
hmset turn/admin_user/bayaz password '\$5\$e018513e9de69e73\$5cbdd2e29e04ca46aeb022268a7460d3a3468de193dcb2b95f064901769f455f'
diff --git a/turndb/testsqldbsetup.sql b/turndb/testsqldbsetup.sql
index db2ae163..ea7e1132 100644
--- a/turndb/testsqldbsetup.sql
+++ b/turndb/testsqldbsetup.sql
@@ -31,6 +31,6 @@ insert into denied_peer_ip (ip_range) values('123::45');
insert into denied_peer_ip (realm,ip_range) values('north.gov','172.17.17.133-172.17.19.56');
insert into denied_peer_ip (realm,ip_range) values('crinna.org','123::77');
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('north','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',0,0,'A256GCMKW');
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('union','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK',0,0,'A128GCMKW');
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('oldempire','MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK',0,0,'A256GCMKW');
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('north','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',0,0,'A256GCM');
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('union','MTIzNDU2Nzg5MDEyMzQ1Ngo=',0,0,'A128GCM');
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('oldempire','MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK',0,0,'A256GCM');