package module
Version: v0.0.0-...-4ef9c2a Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 19, 2019 License: MIT Imports: 17 Imported by: 0



Build Status Coverage GoDoc License ReportCard


This package implements a RFC-4347 compliant DTLS client and server. NOTE: This library is under active development and is not yet stable enough to be used in production.

Key Features

  • Pure go, no CGo
  • Supports both client and server via UDP
  • Supports TLS_PSK_WITH_AES_128_CCM_8 cipher RFC-6655
  • Supports pre-shared key authentication, does not support certificate based authentication
  • Supports DTLS session resumption
  • Designed for OMA LWM2M comliance LWM2M


  • Implement session renegotiation
  • Implement packet retransmission for handshake
  • Implement out of order handshake processing
  • Implement replay detection
  • Implement client hello stateless cookie handling
  • Improve parallel processing of incoming packets
  • Add interface for custom DTLS session cache storage



	mks := keystore.NewMemoryKeyStore()
	psk, _ := hex.DecodeString("00112233445566")
	mks.AddKey("myIdentity", psk)

Sample Client

	listener, _ = NewUdpListener(":6000", time.Second*5)
	peer, err := listener.AddPeer("", "myIdentity")

	err = peer.Write("hello world")
	data, rsp := listener.Read()








View Source
const (
	AlertType_Warning                uint8 = 1
	AlertType_Fatal                  uint8 = 2
	AlertDesc_CloseNotify            uint8 = 0
	AlertDesc_UnexpectedMessage      uint8 = 10
	AlertDesc_BadRecordMac           uint8 = 20
	AlertDesc_DecryptionFailed       uint8 = 21
	AlertDesc_RecordOverflow         uint8 = 22
	AlertDesc_DecompressionFailure   uint8 = 30
	AlertDesc_HandshakeFailure       uint8 = 40
	AlertDesc_NoCertificate          uint8 = 41
	AlertDesc_BadCertificate         uint8 = 42
	AlertDesc_UnsupportedCertificate uint8 = 43
	AlertDesc_CertificateRevoked     uint8 = 44
	AlertDesc_CertificateExpired     uint8 = 45
	AlertDesc_CertificateUnknown     uint8 = 46
	AlertDesc_IllegalParameter       uint8 = 47
	AlertDesc_UnknownCa              uint8 = 48
	AlertDesc_AccessDenied           uint8 = 49
	AlertDesc_DecodeError            uint8 = 50
	AlertDesc_DecryptError           uint8 = 51
	AlertDesc_ExportRestriction      uint8 = 60
	AlertDesc_ProtocolVersion        uint8 = 70
	AlertDesc_InsufficientSecurity   uint8 = 71
	AlertDesc_InternalError          uint8 = 80
	AlertDesc_UserCanceled           uint8 = 90
	AlertDesc_NoRenegotiation        uint8 = 100
	AlertDesc_UnsupportedExtension   uint8 = 110
	AlertDesc_Noop                   uint8 = 254
View Source
const (
	LogLevelError string = "error"
	LogLevelWarn  string = "warn"
	LogLevelInfo  string = "info"
	LogLevelDebug string = "debug"
View Source
const (
	ContentType_ChangeCipherSpec ContentType = 20
	ContentType_Alert                        = 21
	ContentType_Handshake                    = 22
	ContentType_Appdata                      = 23
View Source
const (
	SessionType_Server string = "server"
	SessionType_Client string = "client"
View Source
const (
	AadAuthLen int = 13
View Source
const (
	DtlsVersion12 uint16 = 0xFEFD


View Source
var DebugEncryption bool = false
View Source
var DebugHandshake bool = false
View Source
var DebugHandshakeHash bool = false
View Source
var HandshakeCompleteCallback func(string, string, time.Duration, error)

This callback is invoked each time a handshake completes, if the handshake failed, the reason is stored in error

View Source
var PeerInactivityTimeout = time.Hour * 24
View Source
var SessionCacheSweepInterval = time.Minute * -5

set to the interval to look for expired sessions

View Source
var SessionCacheTtl = time.Hour * 24

set to whatever you want the cache time to live to be


func DebugAll

func DebugAll()

func GetPskFromKeystore

func GetPskFromKeystore(identity string, remoteAddr string) []byte

func SessionCacheSize

func SessionCacheSize() int

func SetKeyStores

func SetKeyStores(ks []Keystore)

func SetLogFunc

func SetLogFunc(lf LogFunc)

func SetLogLevel

func SetLogLevel(level string)


type CipherSuite

type CipherSuite uint16
const (
	CipherSuite_TLS_PSK_WITH_AES_128_CCM_8 CipherSuite = 0xC0A8

type CompressionMethod

type CompressionMethod uint8
const (
	CompressionMethod_Null CompressionMethod = 0

type ContentType

type ContentType uint8

type Keystore

type Keystore interface {
	GetPsk(identity string, remoteAddr string) ([]byte, error)

type KeystoreInMemory

type KeystoreInMemory struct {
	// contains filtered or unexported fields

func NewKeystoreInMemory

func NewKeystoreInMemory() *KeystoreInMemory

func (*KeystoreInMemory) AddKey

func (ks *KeystoreInMemory) AddKey(identity string, psk []byte)

func (*KeystoreInMemory) GetPsk

func (ks *KeystoreInMemory) GetPsk(identity string, remoteAddr string) ([]byte, error)

type Listener

type Listener struct {
	// contains filtered or unexported fields

func NewUdpListener

func NewUdpListener(listener string, readTimeout time.Duration) (*Listener, error)

func (*Listener) AddCipherSuite

func (l *Listener) AddCipherSuite(cipherSuite CipherSuite)

func (*Listener) AddCompressionMethod

func (l *Listener) AddCompressionMethod(compressionMethod CompressionMethod)

func (*Listener) AddPeer

func (l *Listener) AddPeer(addr string, identity string) (*Peer, error)

func (*Listener) AddPeerWithParams

func (l *Listener) AddPeerWithParams(params *PeerParams) (*Peer, error)

func (*Listener) CountPeers

func (l *Listener) CountPeers() int

func (*Listener) FindPeer

func (l *Listener) FindPeer(addr string) (*Peer, error)

func (*Listener) Read

func (l *Listener) Read() ([]byte, *Peer)

func (*Listener) RemovePeer

func (l *Listener) RemovePeer(peer *Peer, alertDesc uint8) error

func (*Listener) RemovePeerByAddr

func (l *Listener) RemovePeerByAddr(addr string, alertDesc uint8) error

func (*Listener) Shutdown

func (l *Listener) Shutdown() error

type LogFunc

type LogFunc func(ts time.Time, level string, peer string, msg string)

type Peer

type Peer struct {
	// contains filtered or unexported fields

func (*Peer) Close

func (p *Peer) Close(alertDesc uint8)

func (*Peer) LastActivity

func (p *Peer) LastActivity() time.Time

func (*Peer) Lock

func (p *Peer) Lock()

func (*Peer) Read

func (p *Peer) Read(timeout time.Duration) ([]byte, error)

func (*Peer) RemoteAddr

func (p *Peer) RemoteAddr() string

func (*Peer) SessionIdentity

func (p *Peer) SessionIdentity() string

func (*Peer) Unlock

func (p *Peer) Unlock()

func (*Peer) UseQueue

func (p *Peer) UseQueue(en bool)

func (*Peer) Write

func (p *Peer) Write(data []byte) error

type PeerParams

type PeerParams struct {
	Addr             string
	Identity         string
	HandshakeTimeout time.Duration
	SessionId        []byte

type Transport

type Transport interface {
	Type() string
	Local() string
	Shutdown() error
	NewPeer(address string) TransportPeer
	ReadPacket() ([]byte, TransportPeer, error)

type TransportPeer

type TransportPeer interface {
	String() string
	WritePacket(data []byte) error

func NewUdpPeerFromSocket

func NewUdpPeerFromSocket(socket *net.UDPConn, addr *net.UDPAddr) TransportPeer


Path Synopsis
Package ccm implements a CCM, Counter with CBC-MAC as per RFC 3610.
Package ccm implements a CCM, Counter with CBC-MAC as per RFC 3610.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL