pion/dtlsPublic

NotificationsYou must be signed in to change notification settings
Fork164
Star623

DTLS 1.2 Server/Client implementation for Go

License

MIT license

623 stars 164 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 714 Commits
.github		.github
.reuse		.reuse
LICENSES		LICENSES
e2e		e2e
examples		examples
internal		internal
pkg		pkg
testdata/seed		testdata/seed
.editorconfig		.editorconfig
.gitignore		.gitignore
.golangci.yml		.golangci.yml
.goreleaser.yml		.goreleaser.yml
LICENSE		LICENSE
README.md		README.md
bench_test.go		bench_test.go
certificate.go		certificate.go
certificate_test.go		certificate_test.go
cipher_suite.go		cipher_suite.go
cipher_suite_go114.go		cipher_suite_go114.go
cipher_suite_go114_test.go		cipher_suite_go114_test.go
cipher_suite_test.go		cipher_suite_test.go
codecov.yml		codecov.yml
compression_method.go		compression_method.go
config.go		config.go
config_test.go		config_test.go
conn.go		conn.go
conn_go_test.go		conn_go_test.go
conn_test.go		conn_test.go
connection_id.go		connection_id.go
connection_id_test.go		connection_id_test.go
crypto.go		crypto.go
crypto_test.go		crypto_test.go
dtls.go		dtls.go
errors.go		errors.go
errors_errno.go		errors_errno.go
errors_errno_test.go		errors_errno_test.go
errors_noerrno.go		errors_noerrno.go
errors_test.go		errors_test.go
flight.go		flight.go
flight0handler.go		flight0handler.go
flight1handler.go		flight1handler.go
flight1handler_test.go		flight1handler_test.go
flight2handler.go		flight2handler.go
flight3handler.go		flight3handler.go
flight3handler_test.go		flight3handler_test.go
flight4bhandler.go		flight4bhandler.go
flight4handler.go		flight4handler.go
flight4handler_test.go		flight4handler_test.go
flight5bhandler.go		flight5bhandler.go
flight5handler.go		flight5handler.go
flight6handler.go		flight6handler.go
flighthandler.go		flighthandler.go
fragment_buffer.go		fragment_buffer.go
fragment_buffer_test.go		fragment_buffer_test.go
fuzz_test.go		fuzz_test.go
go.mod		go.mod
go.sum		go.sum
handshake_cache.go		handshake_cache.go
handshake_cache_test.go		handshake_cache_test.go
handshake_test.go		handshake_test.go
handshaker.go		handshaker.go
handshaker_test.go		handshaker_test.go
listener.go		listener.go
nettest_test.go		nettest_test.go
packet.go		packet.go
renovate.json		renovate.json
replayprotection_test.go		replayprotection_test.go
resume.go		resume.go
resume_test.go		resume_test.go
session.go		session.go
srtp_protection_profile.go		srtp_protection_profile.go
state.go		state.go
util.go		util.go

Repository files navigation

Pion DTLS

A Go implementation of DTLS

NativeDTLS 1.2 implementation in the Go programming language.

A long term goal is a professional security review, and maybe an inclusion in stdlib.

RFCs

Implemented

RFC 6347:Datagram Transport Layer Security Version 1.2
RFC 5705:Keying Material Exporters for Transport Layer Security (TLS)
RFC 7627:Transport Layer Security (TLS) - Session Hash and Extended Master Secret Extension
RFC 7301:Transport Layer Security (TLS) - Application-Layer Protocol Negotiation Extension

Goals/Progress

This will only be targeting DTLS 1.2, and the most modern/common cipher suites.We would love contributions that fall under the 'Planned Features' and any bug fixes!

Current features

DTLS 1.2 Client/Server
Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
Packet loss and re-ordering is handled during handshaking
Key export (RFC 5705)
Serialization and Resumption of sessions
Extended Master Secret extension (RFC 7627)
ALPN extension (RFC 7301)

Supported ciphers

ECDHE

TLS_ECDHE_ECDSA_WITH_AES_128_CCM (RFC 6655)
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (RFC 6655)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (RFC 8422)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (RFC 8422)

PSK

TLS_PSK_WITH_AES_128_CCM (RFC 6655)
TLS_PSK_WITH_AES_128_CCM_8 (RFC 6655)
TLS_PSK_WITH_AES_256_CCM_8 (RFC 6655)
TLS_PSK_WITH_AES_128_GCM_SHA256 (RFC 5487)
TLS_PSK_WITH_AES_128_CBC_SHA256 (RFC 5487)

ECDHE & PSK

TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 (RFC 5489)

Planned Features

Chacha20Poly1305

Excluded Features

DTLS 1.0
Renegotiation
Compression

Using

This library needs at least Go 1.13, and you should haveGo modulesenabled.

Pion DTLS

For a DTLS 1.2 Server that listens on 127.0.0.1:4444

go run examples/listen/selfsign/main.go

For a DTLS 1.2 Client that connects to 127.0.0.1:4444

go run examples/dial/selfsign/main.go

OpenSSL

Pion DTLS can connect to itself and OpenSSL.

  // Generate a certificate  openssl ecparam -out key.pem -name prime256v1 -genkey  openssl req -new -sha256 -key key.pem -out server.csr  openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem  // Use with examples/dial/selfsign/main.go  openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444  // Use with examples/listen/selfsign/main.go  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem

Using with PSK

Pion DTLS also comes with examples that do key exchange via PSK

Pion DTLS

go run examples/listen/psk/main.go

go run examples/dial/psk/main.go

OpenSSL

  // Use with examples/dial/psk/main.go  openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8  // Use with examples/listen/psk/main.go  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8

Community

Pion has an active community on theSlack.

Follow thePion Twitter for project updates and important WebRTC news.

We are always looking to supportyour projects. Please reach out if you have something to build!If you need commercial support or don't want to use public methods you can contact us atteam@pion.ly