README
¶
dtls
https://github.com/tartabit/dtls
This package implements a RFC-4347 compliant DTLS client and server. NOTE: This library is under active development and is not yet stable enough to be used in production.
Key Features
- Pure go, no CGo
- Supports both client and server via UDP
- Supports TLS_PSK_WITH_AES_128_CCM_8 cipher RFC-6655
- Supports pre-shared key authentication, does not support certificate based authentication
- Supports DTLS session resumption
- Designed for OMA LWM2M comliance LWM2M
TODO
- Implement session renegotiation
- Implement packet retransmission for handshake
- Implement out of order handshake processing
- Implement replay detection
- Implement client hello stateless cookie handling
- Improve parallel processing of incoming packets
- Add interface for custom DTLS session cache storage
Samples
Keystore
mks := keystore.NewMemoryKeyStore()
keystore.SetKeyStores([]keystore.KeyStore{mks})
psk, _ := hex.DecodeString("00112233445566")
mks.AddKey("myIdentity", psk)
Sample Client
listener, _ = NewUdpListener(":6000", time.Second*5)
peer, err := listener.AddPeer("127.0.0.1:5684", "myIdentity")
err = peer.Write("hello world")
data, rsp := listener.Read()
Documentation
http://godoc.org/github.com/bocajim/dtls
License
Mozilla Public License Version 2.0
NOTE: License was changed from MIT on 11/20/2020.
Documentation
¶
Overview ¶
Package ccm implements a CCM, Counter with CBC-MAC as per RFC 3610.
See https://tools.ietf.org/html/rfc3610
Package ccm implements a CCM, Counter with CBC-MAC as per RFC 3610.
Index ¶
- Constants
- Variables
- func DebugAll()
- func GetPskFromKeystore(identity string, remoteAddr string) []byte
- func SessionCacheSize() int
- func SetKeyStores(ks []Keystore)
- func SetLogFunc(lf LogFunc)
- func SetLogLevel(level string)
- type CCM
- type Cipher
- type CipherCBC
- func (c CipherCBC) Decrypt(rec *record, key []byte, iv []byte, mac []byte) ([]byte, error)
- func (c CipherCBC) Encrypt(rec *record, key []byte, iv []byte, mac []byte) ([]byte, error)
- func (c CipherCBC) GenerateKeyBlock(masterSecret []byte, rawKeyBlock []byte) *keyBlock
- func (c CipherCBC) GetPrfSize() int
- type CipherCcm
- func (c CipherCcm) Decrypt(rec *record, key []byte, iv []byte, mac []byte) ([]byte, error)
- func (c CipherCcm) Encrypt(rec *record, key []byte, iv []byte, mac []byte) ([]byte, error)
- func (c CipherCcm) GenerateKeyBlock(masterSecret []byte, rawKeyBlock []byte) *keyBlock
- func (c CipherCcm) GetPrfSize() int
- type CipherSuite
- type CompressionMethod
- type ContentType
- type Keystore
- type KeystoreInMemory
- type Listener
- func (l *Listener) AddCipherSuite(cipherSuite CipherSuite)
- func (l *Listener) AddCompressionMethod(compressionMethod CompressionMethod)
- func (l *Listener) AddPeer(addr string, identity string) (*Peer, error)
- func (l *Listener) AddPeerWithParams(params *PeerParams) (*Peer, error)
- func (l *Listener) CountPeers() int
- func (l *Listener) FindPeer(addr string) (*Peer, error)
- func (l *Listener) Read() ([]byte, *Peer)
- func (l *Listener) RemovePeer(peer *Peer, alertDesc uint8) error
- func (l *Listener) RemovePeerByAddr(addr string, alertDesc uint8) error
- func (l *Listener) Shutdown() error
- type LogFunc
- type Peer
- func (p *Peer) Close(alertDesc uint8)
- func (p *Peer) LastActivity() time.Time
- func (p *Peer) Lock()
- func (p *Peer) Read(timeout time.Duration) ([]byte, error)
- func (p *Peer) RemoteAddr() string
- func (p *Peer) SessionIdentity() string
- func (p *Peer) SetName(name string)
- func (p *Peer) Unlock()
- func (p *Peer) UseQueue(en bool)
- func (p *Peer) Write(data []byte) error
- type PeerParams
- type Transport
- type TransportEndpoint
Constants ¶
View Source
const ( AlertType_Warning uint8 = 1 AlertType_Fatal uint8 = 2 AlertDesc_CloseNotify uint8 = 0 AlertDesc_UnexpectedMessage uint8 = 10 AlertDesc_BadRecordMac uint8 = 20 AlertDesc_DecryptionFailed uint8 = 21 AlertDesc_RecordOverflow uint8 = 22 AlertDesc_DecompressionFailure uint8 = 30 AlertDesc_HandshakeFailure uint8 = 40 AlertDesc_NoCertificate uint8 = 41 AlertDesc_BadCertificate uint8 = 42 AlertDesc_UnsupportedCertificate uint8 = 43 AlertDesc_CertificateRevoked uint8 = 44 AlertDesc_CertificateExpired uint8 = 45 AlertDesc_CertificateUnknown uint8 = 46 AlertDesc_IllegalParameter uint8 = 47 AlertDesc_UnknownCa uint8 = 48 AlertDesc_AccessDenied uint8 = 49 AlertDesc_DecodeError uint8 = 50 AlertDesc_DecryptError uint8 = 51 AlertDesc_ExportRestriction uint8 = 60 AlertDesc_ProtocolVersion uint8 = 70 AlertDesc_InsufficientSecurity uint8 = 71 AlertDesc_InternalError uint8 = 80 AlertDesc_UserCanceled uint8 = 90 AlertDesc_NoRenegotiation uint8 = 100 AlertDesc_UnsupportedExtension uint8 = 110 AlertDesc_Noop uint8 = 254 )
View Source
const ( LogLevelError string = "error" LogLevelWarn string = "warn" LogLevelInfo string = "info" LogLevelDebug string = "debug" )
View Source
const ( ContentType_ChangeCipherSpec ContentType = 20 ContentType_Alert = 21 ContentType_Handshake = 22 ContentType_Appdata = 23 )
View Source
const ( SessionType_Server string = "server" SessionType_Client string = "client" )
View Source
const (
AadAuthLen int = 13
)
View Source
const (
DtlsVersion12 uint16 = 0xFEFD
)
Variables ¶
View Source
var DebugEncryption bool = false
View Source
var DebugHandshake bool = false
View Source
var DebugHandshakeHash bool = false
This callback is invoked each time a handshake completes, if the handshake failed, the reason is stored in error
View Source
var PeerInactivityTimeout = time.Hour * 24
View Source
var SessionCacheSweepInterval = time.Minute * -5
set to the interval to look for expired sessions
View Source
var SessionCacheTtl = time.Hour * 24
set to whatever you want the cache time to live to be
Functions ¶
func GetPskFromKeystore ¶
func SessionCacheSize ¶
func SessionCacheSize() int
func SetKeyStores ¶
func SetKeyStores(ks []Keystore)
func SetLogFunc ¶
func SetLogFunc(lf LogFunc)
func SetLogLevel ¶
func SetLogLevel(level string)
Types ¶
type CCM ¶
type CCM interface {
cipher.AEAD
// MaxLength returns the maxium length of plaintext in calls to Seal.
// The maximum length of ciphertext in calls to Open is MaxLength()+Overhead().
// The maximum length is related to CCM's `L` parameter (15-noncesize) and
// is 1<<(8*L) - 1 (but also limited by the maxium size of an int).
MaxLength() int
}
CCM is a block cipher in Counter with CBC-MAC mode. Providing authenticated encryption with associated data via the cipher.AEAD interface.
type CipherCBC ¶
type CipherCBC struct {
// contains filtered or unexported fields
}
func (CipherCBC) GenerateKeyBlock ¶
func (CipherCBC) GetPrfSize ¶
type CipherCcm ¶
type CipherCcm struct {
// contains filtered or unexported fields
}
func (CipherCcm) GenerateKeyBlock ¶
func (CipherCcm) GetPrfSize ¶
type CipherSuite ¶
type CipherSuite uint16
const ( CipherSuite_TLS_PSK_WITH_AES_128_CCM_8 CipherSuite = 0xC0A8 CipherSuite_TLS_PSK_WITH_AES_128_CBC_SHA256 CipherSuite = 0x00ae )
type CompressionMethod ¶
type CompressionMethod uint8
const (
CompressionMethod_Null CompressionMethod = 0
)
type ContentType ¶
type ContentType uint8
type KeystoreInMemory ¶
type KeystoreInMemory struct {
// contains filtered or unexported fields
}
func NewKeystoreInMemory ¶
func NewKeystoreInMemory() *KeystoreInMemory
func (*KeystoreInMemory) AddKey ¶
func (ks *KeystoreInMemory) AddKey(identity string, psk []byte)
type Listener ¶
type Listener struct {
// contains filtered or unexported fields
}
func NewUdpListener ¶
func (*Listener) AddCipherSuite ¶
func (l *Listener) AddCipherSuite(cipherSuite CipherSuite)
func (*Listener) AddCompressionMethod ¶
func (l *Listener) AddCompressionMethod(compressionMethod CompressionMethod)
func (*Listener) AddPeerWithParams ¶
func (l *Listener) AddPeerWithParams(params *PeerParams) (*Peer, error)
func (*Listener) CountPeers ¶
func (*Listener) RemovePeerByAddr ¶
type Peer ¶
type Peer struct {
// contains filtered or unexported fields
}
func (*Peer) LastActivity ¶
func (*Peer) RemoteAddr ¶
func (*Peer) SessionIdentity ¶
type PeerParams ¶
type Transport ¶
type Transport interface {
Type() string
Local() string
Shutdown() error
NewEndpoint(address string) TransportEndpoint
ReadPacket() ([]byte, TransportEndpoint, error)
}
type TransportEndpoint ¶
func NewUdpPeerFromSocket ¶
func NewUdpPeerFromSocket(socket *net.UDPConn, addr *net.UDPAddr) TransportEndpoint
Source Files
¶
- alert.go
- bytereader.go
- bytewriter.go
- cipher.go
- cipher_cbc.go
- cipher_ccm.go
- common.go
- crypto.go
- debug.go
- dtls.go
- handshake.go
- handshake_clienthello.go
- handshake_clientkeyexchange.go
- handshake_finished.go
- handshake_header.go
- handshake_helloverifyrequest.go
- handshake_serverhello.go
- handshake_serverhellodone.go
- handshake_serverkeyexchange.go
- handshake_unknown.go
- keystore.go
- log.go
- peer.go
- record.go
- session.go
- session_cache.go
- session_handshake.go
- transport.go
- transport_udp.go
Directories
Click to show internal directories.
Click to hide internal directories.