DTLS 1.2 Server/Client implementation for Go

Перейти к файлу

Sean DuBois 92a924530d Update github.com/pion/udp to v2 transport/v2 was a breaking change to that API		2023-02-15 12:50:39 -05:00
.github	Update CI configs to v0.10.1	2023-01-20 11:52:48 +09:00
e2e	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
examples	Update CI configs to v0.7.2	2022-04-26 21:03:31 -04:00
internal	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
pkg	Add fuzz tests for handshake	2023-02-05 15:47:16 +01:00
.editorconfig	Fuzz: initial commit	2019-05-24 11:51:38 -07:00
.gitignore	Update CI configs to v0.6.8	2022-03-02 13:58:07 -05:00
.golangci.yml	Update CI configs to v0.10.3	2023-01-23 09:20:21 +01:00
.goreleaser.yml	Update CI configs to v0.8.0	2022-10-20 18:39:35 +02:00
AUTHORS.txt	Add fuzz tests for handshake	2023-02-05 15:47:16 +01:00
LICENSE	Update README to match pion-WebRTC style	2018-12-12 16:40:52 -08:00
README.md	Update goreportcard links to point to v2	2022-05-10 10:26:41 -04:00
bench_test.go	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
certificate.go	Implement GetCertificate and GetClientCertificate	2022-08-15 11:01:56 +02:00
certificate_test.go	Implement GetCertificate and GetClientCertificate	2022-08-15 11:01:56 +02:00
cipher_suite.go	Update CI configs to v0.7.2	2022-04-26 21:03:31 -04:00
cipher_suite_go114.go	Run `go fmt ./...`	2022-01-29 21:28:43 -05:00
cipher_suite_go114_test.go	Run `go fmt ./...`	2022-01-29 21:28:43 -05:00
cipher_suite_test.go	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
codecov.yml	Update CI configs to v0.3.3	2020-08-04 12:12:23 -07:00
compression_method.go	Move DTLS wire format to pkg	2021-01-16 10:15:40 -08:00
config.go	Add SkipHelloVerify option to dTLS	2023-02-03 15:44:59 +01:00
config_test.go	Implement GetCertificate and GetClientCertificate	2022-08-15 11:01:56 +02:00
conn.go	Add SkipHelloVerify option to dTLS	2023-02-03 15:44:59 +01:00
conn_go_test.go	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
conn_test.go	Add SkipHelloVerify option to dTLS	2023-02-03 15:44:59 +01:00
crypto.go	Fix CertificateVerify for ed25519	2022-05-24 10:20:22 +02:00
crypto_test.go	Move DTLS wire format to pkg	2021-01-16 10:15:40 -08:00
dtls.go	Upgrade golangci-lint to 1.19.1	2020-01-11 22:58:50 -08:00
errors.go	Implement GetCertificate and GetClientCertificate	2022-08-15 11:01:56 +02:00
errors_errno.go	Update CI configs to v0.7.2	2022-04-26 21:03:31 -04:00
errors_errno_test.go	Update CI configs to v0.7.2	2022-04-26 21:03:31 -04:00
errors_noerrno.go	Run `go fmt ./...`	2022-01-29 21:28:43 -05:00
errors_test.go	Update CI configs to v0.7.2	2022-04-26 21:03:31 -04:00
flight.go	Separate session resumption diagrams	2022-01-11 21:27:27 +01:00
flight0handler.go	Add SkipHelloVerify option to dTLS	2023-02-03 15:44:59 +01:00
flight1handler.go	Make the Elliptic curves and order configurable	2022-07-29 13:30:38 +02:00
flight2handler.go	Extends for TLS_ECDHE_PSK_* ciphers	2022-03-22 10:32:26 +01:00
flight3handler.go	Update CI configs to v0.7.2	2022-04-26 21:03:31 -04:00
flight4bhandler.go	Extends for TLS_ECDHE_PSK_* ciphers	2022-03-22 10:32:26 +01:00
flight4handler.go	Ignore lint error on Subjects() deprecation	2022-12-31 11:57:49 +01:00
flight4handler_test.go	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
flight5bhandler.go	Extends for TLS_ECDHE_PSK_* ciphers	2022-03-22 10:32:26 +01:00
flight5handler.go	Implement GetCertificate and GetClientCertificate	2022-08-15 11:01:56 +02:00
flight6handler.go	Extends for TLS_ECDHE_PSK_* ciphers	2022-03-22 10:32:26 +01:00
flighthandler.go	Support stateful session resumption	2022-01-11 21:27:27 +01:00
fragment_buffer.go	Add limit to fragmentBuffer	2022-05-10 16:28:02 -04:00
fragment_buffer_test.go	Add limit to fragmentBuffer	2022-05-10 16:28:02 -04:00
go.mod	Update github.com/pion/udp to v2	2023-02-15 12:50:39 -05:00
go.sum	Update github.com/pion/udp to v2	2023-02-15 12:50:39 -05:00
handshake_cache.go	Update CI configs to v0.7.2	2022-04-26 21:03:31 -04:00
handshake_cache_test.go	Move CipherSuite to pkg or internal	2021-01-23 23:03:19 -08:00
handshake_test.go	Support stateful session resumption	2022-01-11 21:27:27 +01:00
handshaker.go	Add SkipHelloVerify option to dTLS	2023-02-03 15:44:59 +01:00
handshaker_test.go	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
listener.go	Update github.com/pion/udp to v2	2023-02-15 12:50:39 -05:00
nettest_test.go	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
packet.go	Move DTLS wire format to pkg	2021-01-16 10:15:40 -08:00
renovate.json	Update CI configs to v0.8.0	2022-10-20 18:39:35 +02:00
replayprotection_test.go	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
resume.go	Add ConnectionState to Conn to return State	2020-03-30 10:29:10 +02:00
resume_test.go	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
session.go	Support stateful session resumption	2022-01-11 21:27:27 +01:00
srtp_protection_profile.go	Update CI configs to v0.7.2	2022-04-26 21:03:31 -04:00
state.go	Update github.com/pion/transport to v2	2023-01-24 04:36:53 +01:00
util.go	Update CI configs to v0.7.2	2022-04-26 21:03:31 -04:00

README.md

Pion DTLS

A Go implementation of DTLS

Native DTLS 1.2 implementation in the Go programming language.

A long term goal is a professional security review, and maybe an inclusion in stdlib.

Goals/Progress

This will only be targeting DTLS 1.2, and the most modern/common cipher suites. We would love contributions that fall under the 'Planned Features' and any bug fixes!

Current features

DTLS 1.2 Client/Server
Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
Packet loss and re-ordering is handled during handshaking
Key export (RFC 5705)
Serialization and Resumption of sessions
Extended Master Secret extension (RFC 7627)
ALPN extension (RFC 7301)

Supported ciphers

ECDHE

TLS_ECDHE_ECDSA_WITH_AES_128_CCM (RFC 6655)
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (RFC 6655)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (RFC 8422)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (RFC 8422)

PSK

TLS_PSK_WITH_AES_128_CCM (RFC 6655)
TLS_PSK_WITH_AES_128_CCM_8 (RFC 6655)
TLS_PSK_WITH_AES_256_CCM_8 (RFC 6655)
TLS_PSK_WITH_AES_128_GCM_SHA256 (RFC 5487)
TLS_PSK_WITH_AES_128_CBC_SHA256 (RFC 5487)

ECDHE & PSK

TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 (RFC 5489)

Planned Features

Chacha20Poly1305

Excluded Features

DTLS 1.0
Renegotiation
Compression

Using

This library needs at least Go 1.13, and you should have Go modules enabled.

Pion DTLS

For a DTLS 1.2 Server that listens on 127.0.0.1:4444

go run examples/listen/selfsign/main.go

For a DTLS 1.2 Client that connects to 127.0.0.1:4444

go run examples/dial/selfsign/main.go

OpenSSL

Pion DTLS can connect to itself and OpenSSL.

  // Generate a certificate
  openssl ecparam -out key.pem -name prime256v1 -genkey
  openssl req -new -sha256 -key key.pem -out server.csr
  openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem

  // Use with examples/dial/selfsign/main.go
  openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444

  // Use with examples/listen/selfsign/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem

Using with PSK

Pion DTLS also comes with examples that do key exchange via PSK

Pion DTLS

go run examples/listen/psk/main.go

go run examples/dial/psk/main.go

OpenSSL

  // Use with examples/dial/psk/main.go
  openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8

  // Use with examples/listen/psk/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8

Contributing

Check out the contributing wiki to join the group of amazing people making this project possible:

License

MIT License - see LICENSE for full text