sha384 added

ChangeLog

@@ -1,6 +1,7 @@
 2/3/2015 Oleg Moskalenko <[email protected]>
 Version 4.4.2.1 'Ardee West':
 	- (HMAC-)SHA-512 algorithms added;
+	- (HMAC-)SHA-384 algorithms added;
 	- TOS (DiffServer) and TTL IP header field handling fixed;
 	- updates according to the new third-party-auth draft (oauth);
 	- peer logging added;

INSTALL

@@ -470,15 +470,15 @@ libevent2 from their web site. It was tested with older *NIXes
 
 NOTE: SQLite must be of version 3.x.
 
-NOTE: For extra security features (DTLS and SHA256 and SHA512) support, OpenSSL 
-version 1.0.0a or newer is recommended. Older versions do not support DTLS,
-reliably, in some cases. For example, the Debian 'Squeeze' Linux supplies
-0.9.8 version of OpenSSL, that does not work correctly with DTLS over IPv6.
-If your system already has an older version of OpenSSL installed (usually
-in directory /usr) then you may want to install your newer OpenSSL "over"
-the old one (because it will most probably will not allow removal of the
-old one). When installing the newer OpenSSL, run the OpenSSL's configure
-command like this:
+NOTE: For extra security features (DTLS and SHA256 and and SHA384 and SHA512)
+support, OpenSSL version 1.0.0a or newer is recommended. Older versions do 
+not support DTLS, reliably, in some cases. For example, the Debian 'Squeeze'
+Linux supplies 0.9.8 version of OpenSSL, that does not work correctly with
+DTLS over IPv6. If your system already has an older version of OpenSSL
+installed (usually in directory /usr) then you may want to install your
+newer OpenSSL "over" the old one (because it will most probably will not allow
+removal of the old one). When installing the newer OpenSSL, run the OpenSSL's
+configure command like this:
 
     $ ./config --prefix=/usr
 
@@ -684,6 +684,7 @@ users, because the realm is used for the HMAC key generation.
 
 The key must be up to 32 characters (HEX representation of 16 bytes) for SHA1,
 or up to 64 characters (HEX representation of 32 bytes) for SHA256,
+or up to 96 characters (HEX representation of 48 bytes) for SHA384,
 or up to 128 characters (HEX representation of 64 bytes) for SHA512:
 
 # Table holding shared secrets for secret-based authorization
@@ -765,9 +766,10 @@ The oauth_key table fields meanings are:
 		is 0 - unlimited lifetime.
 
 	hkdf_hash_func - (optional) hash function for HKDF procedure; the 
-		valid values are SHA-1, SHA-256 and SHA-512, with SHA-256 as default;
-		The hkdf_hash_func is not needed if the as_rs_key and auth_key 
-		are defined explicitly in the database;
+		valid values are SHA-1, SHA-256, SHA-384 and SHA-512, 
+		with SHA-256 as default. The hkdf_hash_func is not needed
+		if the as_rs_key and auth_key are defined explicitly
+		in the database;
 
 	as_rs_alg - oAuth token encryption algorithm; the valid values are
 		"AES-128-CBC" and "AES-256-CBC", , "AEAD-AES-128-GCM",
@@ -779,7 +781,8 @@ The oauth_key table fields meanings are:
 		is defined by as_rs_alg.
 
 	auth_alg - (optional) oAuth token authentication algorithm; the valid values are
-		"HMAC-SHA-256-128", "HMAC-SHA-256", "HMAC-SHA-512" and "HMAC-SHA-1".		  
+		"HMAC-SHA-256-128", "HMAC-SHA-256", "HMAC-SHA-384",
+		"HMAC-SHA-512" and "HMAC-SHA-1".		  
 		The default value is "HMAC-SHA-256-128".
 
 	auth_key - (optional) base64-encoded AUTH key. If not defined, then 

README.turnadmin

@@ -98,9 +98,8 @@ Options with required values:
 -H, --sha256		Use SHA256 as the keys hash function (a non-standard feature). 
 				By default, MD5 is used for the key storage encryption 
 				(as required by the current STUN/TURNstandards).
--K, --sha512		Use SHA512 as the keys hash function (a non-standard feature). 
-				By default, MD5 is used for the key storage encryption 
-				(as required by the current STUN/TURNstandards).
+-Y, --sha384		Use SHA384 as the keys hash function (a non-standard feature).
+-K, --sha512		Use SHA512 as the keys hash function (a non-standard feature).
 --max-bps		Set value of realm's max-bps parameter.
 --total-quota	Set value of realm's total-quota parameter.
 --user-quota	Set value of realm's user-quota parameter. 

README.turnserver

@@ -242,6 +242,9 @@ Flags:
 			SHA256 hash function if this option is used. If the server obtains a message 
 			from the client with a weaker (SHA1) hash function then the server returns 
 			error code 426.
+
+--sha384		Require SHA384 digest function to be used for the message integrity.
+
 --sha512		Require SHA512 digest function to be used for the message integrity.
 
 --mobility		Mobility with ICE (MICE) specs support.

README.turnutils

@@ -95,6 +95,8 @@ Flags:
 -H	SHA256 digest function for message integrity calculation.
 	Without this option, by default, SHA1 is used.
 
+-Y	SHA384 digest function for message integrity calculation.
+
 -K	SHA512 digest function for message integrity calculation.
 
 -M	Use TURN ICE Mobility.

STATUS

@@ -120,7 +120,7 @@ supported in the client library).
 
 52) Web HTTPS admin interface implemented.
 
-53) SHA512 support added (experimental).
+53) SHA384 and SHA512 support added (experimental).
 
 Things to be implemented in future (the development roadmap) 
 are described in the TODO file.

examples/etc/turnserver.conf

@@ -557,15 +557,16 @@
 #
 #secure-stun
 
-# Require SHA256 or SHA512 digest function to be used for the message
+# Require SHA256, or SHA384, or SHA512 digest function to be used for the message
 # integrity. By default, the server uses SHA1 (as per TURN standard specs). 
-# With this option, the server always requires the stronger SHA256 or SHA512 
-# function. The client application must support SHA256 or SHA512 hash function
+# With this option, the server always requires the stronger SHA256, SHA384 or SHA512 
+# function. The client application must support SHA256, SHA384 or SHA512 hash function
 # if this option is used. If the server obtains 
 # a message from the client with a weaker (SHA1) hash function then the 
 # server returns error code 426.
 #
 #sha256
+#sha384
 #sha512
 
 # Mobility with ICE (MICE) specs support.

man/man1/turnadmin.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "04 February 2015" "" ""
+.TH TURN 1 "06 February 2015" "" ""
 .SH GENERAL INFORMATION
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 
@@ -179,10 +179,12 @@ By default, MD5 is used for the key storage encryption
 (as required by the current STUN/TURNstandards).
 .TP
 .B
+\fB\-Y\fP, \fB\-\-sha384\fP
+Use SHA384 as the keys hash function (a non\-standard feature).
+.TP
+.B
 \fB\-K\fP, \fB\-\-sha512\fP
-Use SHA512 as the keys hash function (a non\-standard feature). 
-By default, MD5 is used for the key storage encryption 
-(as required by the current STUN/TURNstandards).
+Use SHA512 as the keys hash function (a non\-standard feature).
 .TP
 .B
 \fB\-\-max\-bps\fP

man/man1/turnserver.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "04 February 2015" "" ""
+.TH TURN 1 "06 February 2015" "" ""
 .SH GENERAL INFORMATION
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 
@@ -372,6 +372,10 @@ from the client with a weaker (SHA1) hash function then the server returns
 error code 426.
 .TP
 .B
+\fB\-\-sha384\fP
+Require SHA384 digest function to be used for the message integrity.
+.TP
+.B
 \fB\-\-sha512\fP
 Require SHA512 digest function to be used for the message integrity.
 .TP

man/man1/turnutils.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "04 February 2015" "" ""
+.TH TURN 1 "06 February 2015" "" ""
 .SH GENERAL INFORMATION
 
 A set of turnutils_* programs provides some utility functionality to be used
@@ -143,6 +143,10 @@ SHA256 digest function for message integrity calculation.
 Without this option, by default, SHA1 is used.
 .TP
 .B
+\fB\-Y\fP
+SHA384 digest function for message integrity calculation.
+.TP
+.B
 \fB\-K\fP
 SHA512 digest function for message integrity calculation.
 .TP

src/apps/relay/mainrelay.c

@@ -569,6 +569,7 @@ static char Usage[] = "Usage: turnserver [options]\n"
 "						support SHA256 hash function if this option is used. If the server obtains\n"
 "						a message from the client with a weaker (SHA1) hash function then the server\n"
 "						returns error code 426.\n"
+" --sha384					Require SHA384 digest function to be used for the message integrity.\n"
 " --sha512					Require SHA512 digest function to be used for the message integrity.\n"
 " --proc-user <user-name>			User name to run the turnserver process.\n"
 "						After the initialization, the turnserver process\n"
@@ -639,6 +640,7 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n"
 #endif
 	"	-H, --sha256			Use SHA256 digest function to be used for the message integrity.\n"
 	"					By default, the server SHA1 (as per TURN standard specs).\n"
+	"	-Y, --sha384			Use SHA384 digest function to be used for the message integrity.\n"
 	"	-K, --sha512			Use SHA512 digest function to be used for the message integrity.\n"
 	"	--max-bps			Set value of realm's max-bps parameter.\n"
 	"					Setting to zero value means removal of the option.\n"
@@ -650,7 +652,7 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n"
 
 #define OPTIONS "c:d:p:L:E:X:i:m:l:r:u:b:B:e:M:J:N:O:q:Q:s:C:vVofhznaAS"
 
-#define ADMIN_OPTIONS "gGORIHKlLkaADSdb:e:M:J:N:u:r:p:s:X:o:h"
+#define ADMIN_OPTIONS "gGORIHKYlLkaADSdb:e:M:J:N:u:r:p:s:X:o:h"
 
 enum EXTRA_OPTS {
 	NO_UDP_OPT=256,
@@ -690,6 +692,7 @@ enum EXTRA_OPTS {
 	CA_FILE_OPT,
 	DH_FILE_OPT,
 	SHA256_OPT,
+	SHA384_OPT,
 	SHA512_OPT,
 	NO_STUN_OPT,
 	PROC_USER_OPT,
@@ -814,6 +817,7 @@ static const struct myoption long_options[] = {
 				{ "CA-file", required_argument, NULL, CA_FILE_OPT },
 				{ "dh-file", required_argument, NULL, DH_FILE_OPT },
 				{ "sha256", optional_argument, NULL, SHA256_OPT },
+				{ "sha384", optional_argument, NULL, SHA384_OPT },
 				{ "sha512", optional_argument, NULL, SHA512_OPT },
 				{ "proc-user", required_argument, NULL, PROC_USER_OPT },
 				{ "proc-group", required_argument, NULL, PROC_GROUP_OPT },
@@ -869,6 +873,7 @@ static const struct myoption admin_long_options[] = {
 				{ "realm", required_argument, NULL, 'r' },
 				{ "password", required_argument, NULL, 'p' },
 				{ "sha256", no_argument, NULL, 'H' },
+				{ "sha384", no_argument, NULL, 'Y' },
 				{ "sha512", no_argument, NULL, 'K' },
 				{ "add-origin", no_argument, NULL, 'O' },
 				{ "del-origin", no_argument, NULL, 'R' },
@@ -1037,6 +1042,10 @@ static void set_option(int c, char *value)
 		if(get_bool_value(value))
 			turn_params.shatype = SHATYPE_SHA256;
 		break;
+	case SHA384_OPT:
+		if(get_bool_value(value))
+			turn_params.shatype = SHATYPE_SHA384;
+		break;
 	case SHA512_OPT:
 		if(get_bool_value(value))
 			turn_params.shatype = SHATYPE_SHA512;
@@ -1562,6 +1571,10 @@ static int adminmain(int argc, char **argv)
 			if(get_bool_value(optarg))
 				turn_params.shatype = SHATYPE_SHA256;
 			break;
+		case 'Y':
+			if(get_bool_value(optarg))
+				turn_params.shatype = SHATYPE_SHA384;
+			break;
 		case 'K':
 			if(get_bool_value(optarg))
 				turn_params.shatype = SHATYPE_SHA512;

src/apps/relay/turn_admin_server.c

@@ -712,6 +712,8 @@ static void cli_print_configuration(struct cli_session* cs)
 
 		if(turn_params.shatype == SHATYPE_SHA256)
 			cli_print_str(cs,"SHA256","SHA type",0);
+		else if(turn_params.shatype == SHATYPE_SHA384)
+			cli_print_str(cs,"SHA384","SHA type",0);
 		else if(turn_params.shatype == SHATYPE_SHA512)
 			cli_print_str(cs,"SHA512","SHA type",0);
 		else
@@ -1981,6 +1983,8 @@ static void write_pc_page(ioa_socket_handle s)
 
 				if(turn_params.shatype == SHATYPE_SHA256)
 					https_print_str(sb,"SHA256","SHA type",0);
+				else if(turn_params.shatype == SHATYPE_SHA384)
+					https_print_str(sb,"SHA384","SHA type",0);
 				else if(turn_params.shatype == SHATYPE_SHA512)
 					https_print_str(sb,"SHA512","SHA type",0);
 				else
@@ -2512,6 +2516,8 @@ static void write_users_page(ioa_socket_handle s, const u08bits *add_user, const
 
 			if(turn_params.shatype == SHATYPE_SHA256)
 				str_buffer_append(sb,"SHA type: SHA256<br>\r\n");
+			else if(turn_params.shatype == SHATYPE_SHA384)
+				str_buffer_append(sb,"SHA type: SHA384<br>\r\n");
 			else if(turn_params.shatype == SHATYPE_SHA512)
 				str_buffer_append(sb,"SHA type: SHA512<br>\r\n");
 			else
@@ -3054,6 +3060,14 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
 					}
 					str_buffer_append(sb,">SHA-256\r\n<br>\r\n");
 
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_HKDF);
+					str_buffer_append(sb,"\" value=\"SHA-384\" ");
+					if(!strcmp("SHA-384",add_hkdf_hash_func)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">SHA-384\r\n<br>\r\n");
+
 					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 					str_buffer_append(sb,HR_ADD_OAUTH_HKDF);
 					str_buffer_append(sb,"\" value=\"SHA-512\" ");
@@ -3154,6 +3168,14 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
 					}
 					str_buffer_append(sb,">HMAC-SHA-256\r\n<br>\r\n");
 
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_AA);
+					str_buffer_append(sb,"\" value=\"HMAC-SHA-384\" ");
+					if(!strcmp("HMAC-SHA-384",add_aa)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">HMAC-SHA-384\r\n<br>\r\n");
+
 					str_buffer_append(sb,"<input type=\"radio\" name=\"");
 					str_buffer_append(sb,HR_ADD_OAUTH_AA);
 					str_buffer_append(sb,"\" value=\"HMAC-SHA-512\" ");

src/apps/relay/userdb.c

@@ -495,6 +495,12 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 							return -1;
 						}
 						break;
+					case SHA384SIZEBYTES:
+						if(turn_params.shatype != SHATYPE_SHA384) {
+							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(3): %d\n",(int)dot.enc_block.key_length);
+							return -1;
+						}
+						break;
 					case SHA512SIZEBYTES:
 						if(turn_params.shatype != SHATYPE_SHA512) {
 							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(3): %d\n",(int)dot.enc_block.key_length);
@@ -581,6 +587,11 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 					return -1;
 				hmac_len = SHA256SIZEBYTES;
 				break;
+			case SHA384SIZEBYTES:
+				if(turn_params.shatype != SHATYPE_SHA384)
+					return -1;
+				hmac_len = SHA384SIZEBYTES;
+				break;
 			case SHA512SIZEBYTES:
 				if(turn_params.shatype != SHATYPE_SHA512)
 					return -1;

src/apps/rfc5769/rfc5769check.c

@@ -45,6 +45,9 @@ static const char* shas[]={"SHA1",
 #if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
 			   "SHA256",
 #endif
+#if !defined(OPENSSL_NO_SHA384) && defined(SHA384_DIGEST_LENGTH)
+			   "SHA384",
+#endif
 #if !defined(OPENSSL_NO_SHA512) && defined(SHA512_DIGEST_LENGTH)
 			   "SHA512",
 #endif
@@ -58,6 +61,9 @@ static const char* hmacs[]={"HMAC-SHA-1",
 #if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
 			    "HMAC-SHA-256","HMAC-SHA-256-128",
 #endif
+#if !defined(OPENSSL_NO_SHA384) && defined(SHA384_DIGEST_LENGTH)
+			    "HMAC-SHA-384",
+#endif
 #if !defined(OPENSSL_NO_SHA512) && defined(SHA512_DIGEST_LENGTH)
 			    "HMAC-SHA-512",
 #endif