dtls

package module
v0.0.0-...-b360182 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2019 License: MIT Imports: 17 Imported by: 4

README

dtls

This is a tiny fork of https://github.com/bocajim/dtls that works around an issue in the DTLS handshake when connecting to an IKEA Trådfri Gateway.

The rest of this README is identical to the original at the time of the forking.

This package implements a RFC-4347 compliant DTLS client and server. NOTE: This library is under active development and is not yet stable enough to be used in production.

Key Features

  • Pure go, no CGo
  • Supports both client and server via UDP
  • Supports TLS_PSK_WITH_AES_128_CCM_8 cipher RFC-6655
  • Supports pre-shared key authentication, does not support certificate based authentication
  • Supports DTLS session resumption
  • Designed for OMA LWM2M comliance LWM2M

TODO

  • Implement session renegotiation
  • Implement packet retransmission for handshake
  • Implement out of order handshake processing
  • Implement replay detection
  • Implement client hello stateless cookie handling
  • Improve parallel processing of incoming packets
  • Add interface for custom DTLS session cache storage

Samples

Keystore

	mks := keystore.NewMemoryKeyStore()
	keystore.SetKeyStores([]keystore.KeyStore{mks})
	psk, _ := hex.DecodeString("00112233445566")
	mks.AddKey("myIdentity", psk)

Sample Client

	listener, _ = NewUdpListener(":6000", time.Second*5)
	peer, err := listener.AddPeer("127.0.0.1:5684", "myIdentity")

	err = peer.Write("hello world")
	data, rsp := listener.Read()

Documentation

http://godoc.org/github.com/bocajim/dtls

License

MIT

Documentation

Index

Constants

View Source 
const (
	AlertType_Warning                uint8 = 1
	AlertType_Fatal                  uint8 = 2
	AlertDesc_CloseNotify            uint8 = 0
	AlertDesc_UnexpectedMessage      uint8 = 10
	AlertDesc_BadRecordMac           uint8 = 20
	AlertDesc_DecryptionFailed       uint8 = 21
	AlertDesc_RecordOverflow         uint8 = 22
	AlertDesc_DecompressionFailure   uint8 = 30
	AlertDesc_HandshakeFailure       uint8 = 40
	AlertDesc_NoCertificate          uint8 = 41
	AlertDesc_BadCertificate         uint8 = 42
	AlertDesc_UnsupportedCertificate uint8 = 43
	AlertDesc_CertificateRevoked     uint8 = 44
	AlertDesc_CertificateExpired     uint8 = 45
	AlertDesc_CertificateUnknown     uint8 = 46
	AlertDesc_IllegalParameter       uint8 = 47
	AlertDesc_UnknownCa              uint8 = 48
	AlertDesc_AccessDenied           uint8 = 49
	AlertDesc_DecodeError            uint8 = 50
	AlertDesc_DecryptError           uint8 = 51
	AlertDesc_ExportRestriction      uint8 = 60
	AlertDesc_ProtocolVersion        uint8 = 70
	AlertDesc_InsufficientSecurity   uint8 = 71
	AlertDesc_InternalError          uint8 = 80
	AlertDesc_UserCanceled           uint8 = 90
	AlertDesc_NoRenegotiation        uint8 = 100
	AlertDesc_UnsupportedExtension   uint8 = 110
	AlertDesc_Noop                   uint8 = 254
)
View Source 
const (
	LogLevelError string = "error"
	LogLevelWarn  string = "warn"
	LogLevelInfo  string = "info"
	LogLevelDebug string = "debug"
)
View Source 
const (
	ContentType_ChangeCipherSpec ContentType = 20
	ContentType_Alert                        = 21
	ContentType_Handshake                    = 22
	ContentType_Appdata                      = 23
)
View Source 
const (
	SessionType_Server string = "server"
	SessionType_Client string = "client"
)
View Source 
const (
	AadAuthLen int = 13
)
View Source 
const (
	DtlsVersion12 uint16 = 0xFEFD
)

Variables

View Source 
var DebugEncryption bool = false
View Source 
var DebugHandshake bool = false
View Source 
var DebugHandshakeHash bool = false
View Source 
var HandshakeCompleteCallback func(string, string, time.Duration, error)

This callback is invoked each time a handshake completes, if the handshake failed, the reason is stored in error

View Source 
var SessionCacheSweepInterval = time.Minute * -5

set to the interval to look for expired sessions

View Source 
var SessionCacheTtl = time.Hour * 24

set to whatever you want the cache time to live to be

Functions

func DebugAll 

func DebugAll()

func GetPskFromKeystore 

func GetPskFromKeystore(identity string, remoteAddr string) []byte

func SessionCacheSize 

func SessionCacheSize() int

func SetKeyStores 

func SetKeyStores(ks []Keystore)

func SetLogFunc 

func SetLogFunc(lf LogFunc)

func SetLogLevel 

func SetLogLevel(level string)

Types

type CipherSuite 

type CipherSuite uint16
const (
	CipherSuite_TLS_PSK_WITH_AES_128_CCM_8 CipherSuite = 0xC0A8
)

type CompressionMethod 

type CompressionMethod uint8
const (
	CompressionMethod_Null CompressionMethod = 0
)

type ContentType 

type ContentType uint8

type Keystore 

type Keystore interface {
	GetPsk(identity string, remoteAddr string) ([]byte, error)
}

type KeystoreInMemory 

type KeystoreInMemory struct {
	// contains filtered or unexported fields
}

func NewKeystoreInMemory 

func NewKeystoreInMemory() *KeystoreInMemory

func (*KeystoreInMemory) AddKey 

func (ks *KeystoreInMemory) AddKey(identity string, psk []byte)

func (*KeystoreInMemory) GetPsk 

func (ks *KeystoreInMemory) GetPsk(identity string, remoteAddr string) ([]byte, error)

type Listener 

type Listener struct {
	// contains filtered or unexported fields
}

func NewUdpListener 

func NewUdpListener(listener string, readTimeout time.Duration) (*Listener, error)

func (*Listener) AddCipherSuite 

func (l *Listener) AddCipherSuite(cipherSuite CipherSuite)

func (*Listener) AddCompressionMethod 

func (l *Listener) AddCompressionMethod(compressionMethod CompressionMethod)

func (*Listener) AddPeer 

func (l *Listener) AddPeer(addr string, identity string) (*Peer, error)

func (*Listener) AddPeerWithParams 

func (l *Listener) AddPeerWithParams(params *PeerParams) (*Peer, error)

func (*Listener) CountPeers 

func (l *Listener) CountPeers() int

func (*Listener) FindPeer 

func (l *Listener) FindPeer(addr string) (*Peer, error)

func (*Listener) Read 

func (l *Listener) Read() ([]byte, *Peer)

func (*Listener) RemovePeer 

func (l *Listener) RemovePeer(peer *Peer, alertDesc uint8) error

func (*Listener) RemovePeerByAddr 

func (l *Listener) RemovePeerByAddr(addr string, alertDesc uint8) error

func (*Listener) Shutdown 

func (l *Listener) Shutdown() error

type LogFunc 

type LogFunc func(ts time.Time, level string, peer string, msg string)

type Peer 

type Peer struct {
	// contains filtered or unexported fields
}

func (*Peer) Close 

func (p *Peer) Close(alertDesc uint8)

func (*Peer) Lock 

func (p *Peer) Lock()

func (*Peer) Read 

func (p *Peer) Read(timeout time.Duration) ([]byte, error)

func (*Peer) RemoteAddr 

func (p *Peer) RemoteAddr() string

func (*Peer) SessionIdentity 

func (p *Peer) SessionIdentity() string

func (*Peer) Unlock 

func (p *Peer) Unlock()

func (*Peer) UseQueue 

func (p *Peer) UseQueue(en bool)

func (*Peer) Write 

func (p *Peer) Write(data []byte) error

type PeerParams 

type PeerParams struct {
	Addr             string
	Identity         string
	HandshakeTimeout time.Duration
	SessionId        []byte
}

type Transport 

type Transport interface {
	Type() string
	Local() string
	Shutdown() error
	NewPeer(address string) TransportPeer
	ReadPacket() ([]byte, TransportPeer, error)
}

type TransportPeer 

type TransportPeer interface {
	String() string
	WritePacket(data []byte) error
}

func NewUdpPeerFromSocket 

func NewUdpPeerFromSocket(socket *net.UDPConn, addr *net.UDPAddr) TransportPeer

Source Files

View all Source files

Directories

Path Synopsis
Package ccm implements a CCM, Counter with CBC-MAC as per RFC 3610.
 Package ccm implements a CCM, Counter with CBC-MAC as per RFC 3610.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.