mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
| .. | ||
| internal | ||
| pkg/crypto | ||
| .editorconfig | ||
| .gitignore | ||
| .golangci.yml | ||
| alert.go | ||
| application_data.go | ||
| certificate.go | ||
| change_cipher_spec.go | ||
| cipher_suite.go | ||
| cipher_suite_aes_128_ccm.go | ||
| cipher_suite_go114.go | ||
| cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm.go | ||
| cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm8.go | ||
| cipher_suite_tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go | ||
| cipher_suite_tls_ecdhe_ecdsa_with_aes_256_cbc_sha.go | ||
| cipher_suite_tls_ecdhe_rsa_with_aes_128_gcm_sha256.go | ||
| cipher_suite_tls_ecdhe_rsa_with_aes_256_cbc_sha.go | ||
| cipher_suite_tls_psk_with_aes_128_ccm.go | ||
| cipher_suite_tls_psk_with_aes_128_ccm8.go | ||
| cipher_suite_tls_psk_with_aes_128_gcm_sha256.go | ||
| client_certificate_type.go | ||
| codecov.yml | ||
| compression_method.go | ||
| config.go | ||
| conn.go | ||
| content.go | ||
| crypto.go | ||
| crypto_cbc.go | ||
| crypto_ccm.go | ||
| crypto_gcm.go | ||
| curve_type.go | ||
| dtls.go | ||
| errors.go | ||
| errors_errno.go | ||
| errors_noerrno.go | ||
| extension.go | ||
| extension_renegotiation_info.go | ||
| extension_server_name.go | ||
| extension_supported_elliptic_curves.go | ||
| extension_supported_point_formats.go | ||
| extension_supported_signature_algorithms.go | ||
| extension_use_master_secret.go | ||
| extension_use_srtp.go | ||
| flight.go | ||
| flight0handler.go | ||
| flight1handler.go | ||
| flight2handler.go | ||
| flight3handler.go | ||
| flight4handler.go | ||
| flight5handler.go | ||
| flight6handler.go | ||
| flighthandler.go | ||
| fragment_buffer.go | ||
| fuzz.go | ||
| go.mod | ||
| go.sum | ||
| handshake.go | ||
| handshake_cache.go | ||
| handshake_header.go | ||
| handshake_message_certificate.go | ||
| handshake_message_certificate_request.go | ||
| handshake_message_certificate_verify.go | ||
| handshake_message_client_hello.go | ||
| handshake_message_client_key_exchange.go | ||
| handshake_message_finished.go | ||
| handshake_message_hello_verify_request.go | ||
| handshake_message_server_hello.go | ||
| handshake_message_server_hello_done.go | ||
| handshake_message_server_key_exchange.go | ||
| handshake_random.go | ||
| handshaker.go | ||
| hash_algorithm.go | ||
| LICENSE | ||
| listener.go | ||
| Makefile | ||
| named_curve.go | ||
| packet.go | ||
| prf.go | ||
| README.md | ||
| record_layer.go | ||
| record_layer_header.go | ||
| renovate.json | ||
| resume.go | ||
| signature_algorithm.go | ||
| signature_hash_algorithm.go | ||
| srtp_protection_profile.go | ||
| state.go | ||
| util.go | ||
Pion DTLS
A Go implementation of DTLS
Native DTLS 1.2 implementation in the Go programming language.
A long term goal is a professional security review, and maye inclusion in stdlib.
Goals/Progress
This will only be targeting DTLS 1.2, and the most modern/common cipher suites. We would love contributes that fall under the 'Planned Features' and fixing any bugs!
Current features
- DTLS 1.2 Client/Server
- Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
- Packet loss and re-ordering is handled during handshaking
- Key export (RFC 5705)
- Serialization and Resumption of sessions
- Extended Master Secret extension (RFC 7627)
Supported ciphers
ECDHE
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM (RFC 6655)
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (RFC 6655)
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (RFC 8422)
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (RFC 8422)
PSK
- TLS_PSK_WITH_AES_128_CCM (RFC 6655)
- TLS_PSK_WITH_AES_128_CCM_8 (RFC 6655)
- TLS_PSK_WITH_AES_128_GCM_SHA256 (RFC 5487)
Planned Features
- Chacha20Poly1305
Excluded Features
- DTLS 1.0
- Renegotiation
- Compression
Using
This library needs at least Go 1.13, and you should have Go modules enabled.
Pion DTLS
For a DTLS 1.2 Server that listens on 127.0.0.1:4444
go run examples/listen/selfsign/main.go
For a DTLS 1.2 Client that connects to 127.0.0.1:4444
go run examples/dial/selfsign/main.go
OpenSSL
Pion DTLS can connect to itself and OpenSSL.
// Generate a certificate
openssl ecparam -out key.pem -name prime256v1 -genkey
openssl req -new -sha256 -key key.pem -out server.csr
openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem
// Use with examples/dial/selfsign/main.go
openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444
// Use with examples/listen/selfsign/main.go
openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem
Using with PSK
Pion DTLS also comes with examples that do key exchange via PSK
Pion DTLS
go run examples/listen/psk/main.go
go run examples/dial/psk/main.go
OpenSSL
// Use with examples/dial/psk/main.go
openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8
// Use with examples/listen/psk/main.go
openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8
Contributing
Check out the contributing wiki to join the group of amazing people making this project possible:
- Sean DuBois - Original Author
- Michiel De Backker - Public API
- Chris Hiszpanski - Support Signature Algorithms Extension
- Iñigo Garcia Olaizola - Serialization & resumption, cert verification, E2E
- Daniele Sluijters - AES-CCM support
- Jin Lei - Logging
- Hugo Arregui
- Lander Noterman
- Aleksandr Razumov - Fuzzing
- Ryan Gordon
- Stefan Tatschner
- Hayden James
- Jozef Kralik
- Robert Eperjesi
- Atsushi Watanabe
- Julien Salleyron - Server Name Indication
- Jeroen de Bruijn
- bjdgyc
- Jeffrey Stoke (Jeff Ctor) - Fragmentbuffer Fix
- Frank Olbricht
- ZHENK
- Carson Hoffman
- Vadim Filimonov
License
MIT License - see LICENSE for full text