Skip to content

qwerty-iot/dtls

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

109 Commits
examples
examples
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
alert.go
alert.go
 
 
bytereader.go
bytereader.go
 
 
bytewriter.go
bytewriter.go
 
 
cert.go
cert.go
 
 
cipher.go
cipher.go
 
 
cipher_cbc.go
cipher_cbc.go
 
 
cipher_cbc_test.go
cipher_cbc_test.go
 
 
cipher_ccm.go
cipher_ccm.go
 
 
cipher_ccm_test.go
cipher_ccm_test.go
 
 
cipher_gcm.go
cipher_gcm.go
 
 
cipher_gcm_test.go
cipher_gcm_test.go
 
 
common.go
common.go
 
 
crypto.go
crypto.go
 
 
crypto_test.go
crypto_test.go
 
 
debug.go
debug.go
 
 
dtls.go
dtls.go
 
 
dtls_test.go
dtls_test.go
 
 
ecc_curves.go
ecc_curves.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
handshake.go
handshake.go
 
 
handshake_certificate.go
handshake_certificate.go
 
 
handshake_certificaterequest.go
handshake_certificaterequest.go
 
 
handshake_certificateverify.go
handshake_certificateverify.go
 
 
handshake_clienthello.go
handshake_clienthello.go
 
 
handshake_clientkeyexchange.go
handshake_clientkeyexchange.go
 
 
handshake_finished.go
handshake_finished.go
 
 
handshake_header.go
handshake_header.go
 
 
handshake_helloverifyrequest.go
handshake_helloverifyrequest.go
 
 
handshake_serverhello.go
handshake_serverhello.go
 
 
handshake_serverhellodone.go
handshake_serverhellodone.go
 
 
handshake_serverkeyexchange.go
handshake_serverkeyexchange.go
 
 
handshake_test.go
handshake_test.go
 
 
handshake_unknown.go
handshake_unknown.go
 
 
keystore.go
keystore.go
 
 
log.go
log.go
 
 
peer.go
peer.go
 
 
record.go
record.go
 
 
record_test.go
record_test.go
 
 
session.go
session.go
 
 
session_cache.go
session_cache.go
 
 
session_export.go
session_export.go
 
 
session_handshake.go
session_handshake.go
 
 
session_test.go
session_test.go
 
 
transport.go
transport.go
 
 
transport_sniffer.go
transport_sniffer.go
 
 
transport_udp.go
transport_udp.go
 
 

Repository files navigation

dtls

Build Status Coverage GoDoc License ReportCard

https://github.com/qwerty-iot/dtls

Renamed from https://github.com/bocajim/dtls

This package implements a RFC-4347 compliant DTLS client and server.

Key Features

  • Pure go, no CGo
  • Supports both client and server via UDP
  • Supports TLS_PSK_WITH_AES_128_CCM_8 cipher RFC-6655
  • Supports TLS_PSK_WITH_AES_128_CBC_SHA256 cipher RFC-5487
  • Supports TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher RFC-7251
  • Supports pre-shared key authentication
  • Supports certificate based authentication
  • Supports DTLS session resumption
  • Supports persisting session data for resumption later
  • Designed for OMA LWM2M comliance LWM2M
  • Support for Connection ID RFC-9146 (Nov/19 draft)

TODO

  • Implement session renegotiation
  • Implement packet retransmission for handshake
  • Implement out of order handshake processing
  • Implement replay detection
  • Implement client hello stateless cookie handling
  • Improve parallel processing of incoming packets
  • Implement Connection ID for latest RFC-9146 draft

Samples

Keystore

    mks := keystore.NewMemoryKeyStore()
keystore.SetKeyStores([]keystore.KeyStore{mks})
psk, _ := hex.DecodeString("00112233445566")
mks.AddKey("myIdentity", psk)

Sample Client

    listener, _ = NewUdpListener(":6000", time.Second*5)
peer, err := listener.AddPeer("127.0.0.1:5684", "myIdentity")

err = peer.Write("hello world")
data, rsp := listener.Read()

Generating Certificates

The following commands can be used to generate certificates for testing:

# generate private key
openssl ecparam -out key.pem -name prime256v1 -genkey

# generate certificate
openssl req -new -key key.pem -x509 -nodes -days 3650 -out cert.pem

Testing the Server

Some helpful commands for testing the server.

openssl s_client -dtls1_2 -connect 127.0.0.1:4433   -psk_identity myid   -psk 00112233445566778899AABBCCDDEEFF -legacy_renegotiation

Testing session resumption

openssl s_client -dtls1_2 -connect 172.24.16.1:4433 -sess_out session.pem -debug -msg -state -psk_identity myid -psk 00112233445566778899AABBCCDDEEFF -cipher 'PSK-AES128-CCM8' -legacy_renegotiation
openssl s_client -dtls1_2 -connect 172.24.16.1:4433 -sess_in session.pem -debug -msg -state -psk_identity myid -psk 00112233445566778899AABBCCDDEEFF -cipher 'PSK-AES128-CCM8' -legacy_renegotiation

Testing with mbedtls

./programs/ssl/ssl_client2 dtls=1 server_addr=172.24.16.1 server_port=4433 psk_identity=myid psk=00112233445566778899AABBCCDDEEFF debug_level=4

Documentation

http://godoc.org/github.com/qwerty-iot/dtls

License

Mozilla Public License Version 2.0

NOTE: License was changed from MIT on 11/20/2020.

About

DTLS 1.0 client/server in go.

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

68 stars

Watchers

10 watching

Forks

6 forks
Report repository

Releases

46 tags

Packages

 
 
 

Contributors

Languages