dtls

package module
v0.0.0-...-b360182 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 4, 2019 License: MIT Imports: 17 Imported by: 5

README

dtls

This is a tiny fork of https://github.com/bocajim/dtls that works around an issue in the DTLS handshake when connecting to an IKEA Trådfri Gateway.

The rest of this README is identical to the original at the time of the forking.

This package implements a RFC-4347 compliant DTLS client and server. NOTE: This library is under active development and is not yet stable enough to be used in production.

Key Features

  • Pure go, no CGo
  • Supports both client and server via UDP
  • Supports TLS_PSK_WITH_AES_128_CCM_8 cipher RFC-6655
  • Supports pre-shared key authentication, does not support certificate based authentication
  • Supports DTLS session resumption
  • Designed for OMA LWM2M comliance LWM2M

TODO

  • Implement session renegotiation
  • Implement packet retransmission for handshake
  • Implement out of order handshake processing
  • Implement replay detection
  • Implement client hello stateless cookie handling
  • Improve parallel processing of incoming packets
  • Add interface for custom DTLS session cache storage

Samples

Keystore

	mks := keystore.NewMemoryKeyStore()
	keystore.SetKeyStores([]keystore.KeyStore{mks})
	psk, _ := hex.DecodeString("00112233445566")
	mks.AddKey("myIdentity", psk)

Sample Client

	listener, _ = NewUdpListener(":6000", time.Second*5)
	peer, err := listener.AddPeer("127.0.0.1:5684", "myIdentity")

	err = peer.Write("hello world")
	data, rsp := listener.Read()

Documentation

http://godoc.org/github.com/bocajim/dtls

License

MIT

Documentation

Index

Constants

View Source
const (
	AlertType_Warning                uint8 = 1
	AlertType_Fatal                  uint8 = 2
	AlertDesc_CloseNotify            uint8 = 0
	AlertDesc_UnexpectedMessage      uint8 = 10
	AlertDesc_BadRecordMac           uint8 = 20
	AlertDesc_DecryptionFailed       uint8 = 21
	AlertDesc_RecordOverflow         uint8 = 22
	AlertDesc_DecompressionFailure   uint8 = 30
	AlertDesc_HandshakeFailure       uint8 = 40
	AlertDesc_NoCertificate          uint8 = 41
	AlertDesc_BadCertificate         uint8 = 42
	AlertDesc_UnsupportedCertificate uint8 = 43
	AlertDesc_CertificateRevoked     uint8 = 44
	AlertDesc_CertificateExpired     uint8 = 45
	AlertDesc_CertificateUnknown     uint8 = 46
	AlertDesc_IllegalParameter       uint8 = 47
	AlertDesc_UnknownCa              uint8 = 48
	AlertDesc_AccessDenied           uint8 = 49
	AlertDesc_DecodeError            uint8 = 50
	AlertDesc_DecryptError           uint8 = 51
	AlertDesc_ExportRestriction      uint8 = 60
	AlertDesc_ProtocolVersion        uint8 = 70
	AlertDesc_InsufficientSecurity   uint8 = 71
	AlertDesc_InternalError          uint8 = 80
	AlertDesc_UserCanceled           uint8 = 90
	AlertDesc_NoRenegotiation        uint8 = 100
	AlertDesc_UnsupportedExtension   uint8 = 110
	AlertDesc_Noop                   uint8 = 254
)
View Source
const (
	LogLevelError string = "error"
	LogLevelWarn  string = "warn"
	LogLevelInfo  string = "info"
	LogLevelDebug string = "debug"
)
View Source
const (
	ContentType_ChangeCipherSpec ContentType = 20
	ContentType_Alert                        = 21
	ContentType_Handshake                    = 22
	ContentType_Appdata                      = 23
)
View Source
const (
	SessionType_Server string = "server"
	SessionType_Client string = "client"
)
View Source
const (
	AadAuthLen int = 13
)
View Source
const (
	DtlsVersion12 uint16 = 0xFEFD
)

Variables

View Source
var DebugEncryption bool = false
View Source
var DebugHandshake bool = false
View Source
var DebugHandshakeHash bool = false
View Source
var HandshakeCompleteCallback func(string, string, time.Duration, error)

This callback is invoked each time a handshake completes, if the handshake failed, the reason is stored in error

View Source
var SessionCacheSweepInterval = time.Minute * -5

set to the interval to look for expired sessions

View Source
var SessionCacheTtl = time.Hour * 24

set to whatever you want the cache time to live to be

Functions

func DebugAll

func DebugAll()

func GetPskFromKeystore

func GetPskFromKeystore(identity string, remoteAddr string) []byte

func SessionCacheSize

func SessionCacheSize() int

func SetKeyStores

func SetKeyStores(ks []Keystore)

func SetLogFunc

func SetLogFunc(lf LogFunc)

func SetLogLevel

func SetLogLevel(level string)

Types

type CipherSuite

type CipherSuite uint16
const (
	CipherSuite_TLS_PSK_WITH_AES_128_CCM_8 CipherSuite = 0xC0A8
)

type CompressionMethod

type CompressionMethod uint8
const (
	CompressionMethod_Null CompressionMethod = 0
)

type ContentType

type ContentType uint8

type Keystore

type Keystore interface {
	GetPsk(identity string, remoteAddr string) ([]byte, error)
}

type KeystoreInMemory

type KeystoreInMemory struct {
	// contains filtered or unexported fields
}

func NewKeystoreInMemory

func NewKeystoreInMemory() *KeystoreInMemory

func (*KeystoreInMemory) AddKey

func (ks *KeystoreInMemory) AddKey(identity string, psk []byte)

func (*KeystoreInMemory) GetPsk

func (ks *KeystoreInMemory) GetPsk(identity string, remoteAddr string) ([]byte, error)

type Listener

type Listener struct {
	// contains filtered or unexported fields
}

func NewUdpListener

func NewUdpListener(listener string, readTimeout time.Duration) (*Listener, error)

func (*Listener) AddCipherSuite

func (l *Listener) AddCipherSuite(cipherSuite CipherSuite)

func (*Listener) AddCompressionMethod

func (l *Listener) AddCompressionMethod(compressionMethod CompressionMethod)

func (*Listener) AddPeer

func (l *Listener) AddPeer(addr string, identity string) (*Peer, error)

func (*Listener) AddPeerWithParams

func (l *Listener) AddPeerWithParams(params *PeerParams) (*Peer, error)

func (*Listener) CountPeers

func (l *Listener) CountPeers() int

func (*Listener) FindPeer

func (l *Listener) FindPeer(addr string) (*Peer, error)

func (*Listener) Read

func (l *Listener) Read() ([]byte, *Peer)

func (*Listener) RemovePeer

func (l *Listener) RemovePeer(peer *Peer, alertDesc uint8) error

func (*Listener) RemovePeerByAddr

func (l *Listener) RemovePeerByAddr(addr string, alertDesc uint8) error

func (*Listener) Shutdown

func (l *Listener) Shutdown() error

type LogFunc

type LogFunc func(ts time.Time, level string, peer string, msg string)

type Peer

type Peer struct {
	// contains filtered or unexported fields
}

func (*Peer) Close

func (p *Peer) Close(alertDesc uint8)

func (*Peer) Lock

func (p *Peer) Lock()

func (*Peer) Read

func (p *Peer) Read(timeout time.Duration) ([]byte, error)

func (*Peer) RemoteAddr

func (p *Peer) RemoteAddr() string

func (*Peer) SessionIdentity

func (p *Peer) SessionIdentity() string

func (*Peer) Unlock

func (p *Peer) Unlock()

func (*Peer) UseQueue

func (p *Peer) UseQueue(en bool)

func (*Peer) Write

func (p *Peer) Write(data []byte) error

type PeerParams

type PeerParams struct {
	Addr             string
	Identity         string
	HandshakeTimeout time.Duration
	SessionId        []byte
}

type Transport

type Transport interface {
	Type() string
	Local() string
	Shutdown() error
	NewPeer(address string) TransportPeer
	ReadPacket() ([]byte, TransportPeer, error)
}

type TransportPeer

type TransportPeer interface {
	String() string
	WritePacket(data []byte) error
}

func NewUdpPeerFromSocket

func NewUdpPeerFromSocket(socket *net.UDPConn, addr *net.UDPAddr) TransportPeer

Directories

Path Synopsis
Package ccm implements a CCM, Counter with CBC-MAC as per RFC 3610.
Package ccm implements a CCM, Counter with CBC-MAC as per RFC 3610.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL