update v0.9.1-beta1 for anylink

This commit is contained in:
Stille 2022-11-10 15:53:48 +08:00
parent a2e0c2dc78
commit b85a05fcd2
448 changed files with 2877 additions and 17395 deletions

## 更新
- **2022-11-10** 更新`0.9.1-beta1`版 docker 镜像.
基于 [bjdgyc/anylink](https://github.com/bjdgyc/anylink) 项目的 docker 镜像.
## 更新
- **2022-11-10** 更新`0.9.1-beta1`版 docker 镜像.
- **2022-07-04** 更新`0.8.1`版 docker 镜像.
- **2022-04-07** 更新`0.7.4`版 docker 镜像.
- **2022-02-16** 更新`0.7.3`版 docker 镜像.

echo $ver

cp "$SCRIPT_PATH/hooks/pre-push.sh" "$SCRIPT_PATH/../.git/hooks/pre-push"

docker run -i --rm pion-dtls-e2e

push: force

flags: wasm

View File

View File

skip-dirs-use-default: false

copies or substantial portions of the Software.

@GO111MODULE=on go mod vendor

MIT License - see [LICENSE](LICENSE) for full text

benchmarkConn(b, n)

return &c.localCertificates[0], nil

t.Fatalf("Certificate does not match: expected(%v) actual(%v)", test.expectedCertificate.Leaf, cert.Leaf)

return cipherSuites[:i], nil

View File

View File

return []CipherSuite{&testCustomCipherSuite{authenticationType: CipherSuiteAuthenticationTypeAnonymous}}

View File

View File

t.Fatal("TestValidateConfig: Client error expected with invalid CipherSuiteID")
return c.SetWriteDeadline(t)
t.Errorf("Invalid cancel timing, expected: %v, got: %v", dial.order, order)

View File

func loadCerts(rawCertificates [][]byte) ([]*x509.Certificate, error) {
if len(rawCertificates) == 0 {
return nil, errLengthMismatch
certs := make([]*x509.Certificate, 0, len(rawCertificates))
for _, rawCert := range rawCertificates {
cert, err := x509.ParseCertificate(rawCert)
if err != nil {
return nil, err
certs = append(certs, cert)
return certs, nil
func verifyClientCert(rawCertificates [][]byte, roots *x509.CertPool) (chains [][]*x509.Certificate, err error) {
certificate, err := loadCerts(rawCertificates)
if err != nil {
return nil, err
intermediateCAPool := x509.NewCertPool()
for _, cert := range certificate[1:] {
opts := x509.VerifyOptions{
Roots: roots,
CurrentTime: time.Now(),
Intermediates: intermediateCAPool,
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
return certificate[0].Verify(opts)
func verifyServerCert(rawCertificates [][]byte, roots *x509.CertPool, serverName string) (chains [][]*x509.Certificate, err error) {
certificate, err := loadCerts(rawCertificates)
if err != nil {
return nil, err
intermediateCAPool := x509.NewCertPool()
for _, cert := range certificate[1:] {
opts := x509.VerifyOptions{
Roots: roots,
CurrentTime: time.Now(),
DNSName: serverName,
Intermediates: intermediateCAPool,
return certificate[0].Verify(opts)

package dtls
import (
const rawPrivateKey = `
func TestGenerateKeySignature(t *testing.T) {
block, _ := pem.Decode([]byte(rawPrivateKey))
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
clientRandom := []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}
serverRandom := []byte{0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f}
publicKey := []byte{0x20, 0x9f, 0xd7, 0xad, 0x6d, 0xcf, 0xf4, 0x29, 0x8d, 0xd3, 0xf9, 0x6d, 0x5b, 0x1b, 0x2a, 0xf9, 0x10, 0xa0, 0x53, 0x5b, 0x14, 0x88, 0xd7, 0xf8, 0xfa, 0xbb, 0x34, 0x9a, 0x98, 0x28, 0x80, 0xb6, 0x15}
expectedSignature := []byte{
0x6f, 0x47, 0x97, 0x85, 0xcc, 0x76, 0x50, 0x93, 0xbd, 0xe2, 0x6a, 0x69, 0x0b, 0xc3, 0x03, 0xd1, 0xb7, 0xe4, 0xab, 0x88, 0x7b, 0xa6, 0x52, 0x80, 0xdf,
0xaa, 0x25, 0x7a, 0xdb, 0x29, 0x32, 0xe4, 0xd8, 0x28, 0x28, 0xb3, 0xe8, 0x04, 0x3c, 0x38, 0x16, 0xfc, 0x78, 0xe9, 0x15, 0x7b, 0xc5, 0xbd, 0x7d, 0xfc,
0xcd, 0x83, 0x00, 0x57, 0x4a, 0x3c, 0x23, 0x85, 0x75, 0x6b, 0x37, 0xd5, 0x89, 0x72, 0x73, 0xf0, 0x44, 0x8c, 0x00, 0x70, 0x1f, 0x6e, 0xa2, 0x81, 0xd0,
0x09, 0xc5, 0x20, 0x36, 0xab, 0x23, 0x09, 0x40, 0x1f, 0x4d, 0x45, 0x96, 0x62, 0xbb, 0x81, 0xb0, 0x30, 0x72, 0xad, 0x3a, 0x0a, 0xac, 0x31, 0x63, 0x40,
0x52, 0x0a, 0x27, 0xf3, 0x34, 0xde, 0x27, 0x7d, 0xb7, 0x54, 0xff, 0x0f, 0x9f, 0x5a, 0xfe, 0x07, 0x0f, 0x4e, 0x9f, 0x53, 0x04, 0x34, 0x62, 0xf4, 0x30,
0x74, 0x83, 0x35, 0xfc, 0xe4, 0x7e, 0xbf, 0x5a, 0xc4, 0x52, 0xd0, 0xea, 0xf9, 0x61, 0x4e, 0xf5, 0x1c, 0x0e, 0x58, 0x02, 0x71, 0xfb, 0x1f, 0x34, 0x55,
0xe8, 0x36, 0x70, 0x3c, 0xc1, 0xcb, 0xc9, 0xb7, 0xbb, 0xb5, 0x1c, 0x44, 0x9a, 0x6d, 0x88, 0x78, 0x98, 0xd4, 0x91, 0x2e, 0xeb, 0x98, 0x81, 0x23, 0x30,
0x73, 0x39, 0x43, 0xd5, 0xbb, 0x70, 0x39, 0xba, 0x1f, 0xdb, 0x70, 0x9f, 0x91, 0x83, 0x56, 0xc2, 0xde, 0xed, 0x17, 0x6d, 0x2c, 0x3e, 0x21, 0xea, 0x36,
0xb4, 0x91, 0xd8, 0x31, 0x05, 0x60, 0x90, 0xfd, 0xc6, 0x74, 0xa9, 0x7b, 0x18, 0xfc, 0x1c, 0x6a, 0x1c, 0x6e, 0xec, 0xd3, 0xc1, 0xc0, 0x0d, 0x11, 0x25,
0x48, 0x37, 0x3d, 0x45, 0x11, 0xa2, 0x31, 0x14, 0x0a, 0x66, 0x9f, 0xd8, 0xac, 0x74, 0xa2, 0xcd, 0xc8, 0x79, 0xb3, 0x9e, 0xc6, 0x66, 0x25, 0xcf, 0x2c,
0x87, 0x5e, 0x5c, 0x36, 0x75, 0x86,
signature, err := generateKeySignature(clientRandom, serverRandom, publicKey, elliptic.X25519, key, hash.SHA256)
if err != nil {
} else if !bytes.Equal(expectedSignature, signature) {
t.Errorf("Signature generation failed \nexp % 02x \nactual % 02x ", expectedSignature, signature)

// Package dtls implements Datagram Transport Layer Security (DTLS) 1.2
package dtls

FROM golang:1.14-alpine3.11
RUN apk add --no-cache \
COPY . /go/src/github.com/pion/dtls
WORKDIR /go/src/github.com/pion/dtls/e2e
CMD ["go", "test", "-tags=openssl", "-v", "."]

// Package e2e contains end to end tests for pion/dtls
package e2e

View File

package e2e
import (
transportTest "github.com/pion/transport/test"
const (
flightInterval = time.Millisecond * 100
lossyTestTimeout = 30 * time.Second
DTLS Client/Server over a lossy transport, just asserts it can handle at increasing increments
func TestPionE2ELossy(t *testing.T) {
// Check for leaking routines
report := transportTest.CheckRoutines(t)
defer report()
type runResult struct {
dtlsConn *dtls.Conn
err error
serverCert, err := selfsign.GenerateSelfSigned()
if err != nil {
clientCert, err := selfsign.GenerateSelfSigned()
if err != nil {
for _, test := range []struct {
LossChanceRange int
DoClientAuth bool
CipherSuites []dtls.CipherSuiteID
MTU int
LossChanceRange: 0,
LossChanceRange: 10,
LossChanceRange: 20,
LossChanceRange: 50,
LossChanceRange: 0,
DoClientAuth: true,
LossChanceRange: 10,
DoClientAuth: true,
LossChanceRange: 20,
DoClientAuth: true,
LossChanceRange: 50,
DoClientAuth: true,
LossChanceRange: 0,
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
LossChanceRange: 10,
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
LossChanceRange: 20,
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
LossChanceRange: 50,
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
LossChanceRange: 10,
MTU: 100,
DoClientAuth: true,
LossChanceRange: 20,
MTU: 100,
DoClientAuth: true,
LossChanceRange: 50,
DoClientAuth: true,
} {
name := fmt.Sprintf("Loss%d_MTU%d", test.LossChanceRange, test.MTU)
if test.DoClientAuth {
name += "_WithCliAuth"
for _, ciph := range test.CipherSuites {
name += "_With" + ciph.String()
test := test
t.Run(name, func(t *testing.T) {
// Limit runtime in case of deadlocks
lim := transportTest.TimeOut(lossyTestTimeout + time.Second)
defer lim.Stop()
chosenLoss := rand.Intn(9) + test.LossChanceRange //nolint:gosec
serverDone := make(chan runResult)
clientDone := make(chan runResult)
br := transportTest.NewBridge()
if err = br.SetLossChance(chosenLoss); err != nil {
go func() {
cfg := &dtls.Config{
FlightInterval: flightInterval,
CipherSuites: test.CipherSuites,
InsecureSkipVerify: true,
MTU: test.MTU,
if test.DoClientAuth {
cfg.Certificates = []tls.Certificate{clientCert}
client, startupErr := dtls.Client(br.GetConn0(), cfg)
clientDone <- runResult{client, startupErr}
go func() {
cfg := &dtls.Config{
Certificates: []tls.Certificate{serverCert},
FlightInterval: flightInterval,
MTU: test.MTU,
if test.DoClientAuth {
cfg.ClientAuth = dtls.RequireAnyClientCert
server, startupErr := dtls.Server(br.GetConn1(), cfg)
serverDone <- runResult{server, startupErr}
testTimer := time.NewTimer(lossyTestTimeout)
var serverConn, clientConn *dtls.Conn
defer func() {
if serverConn != nil {
if err = serverConn.Close(); err != nil {
if clientConn != nil {
if err = clientConn.Close(); err != nil {
for {
if serverConn != nil && clientConn != nil {
select {
case serverResult := <-serverDone:
if serverResult.err != nil {
t.Errorf("Fail, serverError: clientComplete(%t) serverComplete(%t) LossChance(%d) error(%v)", clientConn != nil, serverConn != nil, chosenLoss, serverResult.err)
serverConn = serverResult.dtlsConn
case clientResult := <-clientDone:
if clientResult.err != nil {
t.Errorf("Fail, clientError: clientComplete(%t) serverComplete(%t) LossChance(%d) error(%v)", clientConn != nil, serverConn != nil, chosenLoss, clientResult.err)
clientConn = clientResult.dtlsConn
case <-testTimer.C:
t.Errorf("Test expired: clientComplete(%t) serverComplete(%t) LossChance(%d)", clientConn != nil, serverConn != nil, chosenLoss)
case <-time.After(10 * time.Millisecond):

// +build openssl,!js
package e2e
import (
func serverOpenSSL(c *comm) {
go func() {
defer c.serverMutex.Unlock()
cfg := c.serverConfig
// create openssl arguments
args := []string{
fmt.Sprintf("-accept=%d", c.serverPort),
ciphers := ciphersOpenSSL(cfg)
if ciphers != "" {
args = append(args, fmt.Sprintf("-cipher=%s", ciphers))
// psk arguments
if cfg.PSK != nil {
psk, err := cfg.PSK(nil)
if err != nil {
c.errChan <- err
args = append(args, fmt.Sprintf("-psk=%X", psk))
if len(cfg.PSKIdentityHint) > 0 {
args = append(args, fmt.Sprintf("-psk_hint=%s", cfg.PSKIdentityHint))
// certs arguments
if len(cfg.Certificates) > 0 {
// create temporary cert files
certPEM, keyPEM, err := writeTempPEM(cfg)
if err != nil {
c.errChan <- err
args = append(args,
fmt.Sprintf("-cert=%s", certPEM),
fmt.Sprintf("-key=%s", keyPEM))
defer func() {
_ = os.Remove(certPEM)
_ = os.Remove(keyPEM)
} else {
args = append(args, "-nocert")
// launch command
// #nosec G204
cmd := exec.CommandContext(c.ctx, "openssl", args...)
var inner net.Conn
inner, c.serverConn = net.Pipe()
cmd.Stdin = inner
cmd.Stdout = inner
cmd.Stderr = os.Stderr
if err := cmd.Start(); err != nil {
c.errChan <- err
_ = inner.Close()
// Ensure that server has started
time.Sleep(500 * time.Millisecond)
c.serverReady <- struct{}{}
simpleReadWrite(c.errChan, c.serverChan, c.serverConn, c.messageRecvCount)
func clientOpenSSL(c *comm) {
select {
case <-c.serverReady:
// OK
case <-time.After(time.Second):
c.errChan <- errors.New("waiting on serverReady err: timeout")
defer c.clientMutex.Unlock()
cfg := c.clientConfig
// create openssl arguments
args := []string{
fmt.Sprintf("-connect=", c.serverPort),
ciphers := ciphersOpenSSL(cfg)
if ciphers != "" {
args = append(args, fmt.Sprintf("-cipher=%s", ciphers))
// psk arguments
if cfg.PSK != nil {
psk, err := cfg.PSK(nil)
if err != nil {
c.errChan <- err
args = append(args, fmt.Sprintf("-psk=%X", psk))
// certificate arguments
if len(cfg.Certificates) > 0 {
// create temporary cert files
certPEM, keyPEM, err := writeTempPEM(cfg)
if err != nil {
c.errChan <- err
args = append(args, fmt.Sprintf("-CAfile=%s", certPEM))
defer func() {
_ = os.Remove(certPEM)
_ = os.Remove(keyPEM)
// launch command
// #nosec G204
cmd := exec.CommandContext(c.ctx, "openssl", args...)
var inner net.Conn
inner, c.clientConn = net.Pipe()
cmd.Stdin = inner
cmd.Stdout = inner
cmd.Stderr = os.Stderr
if err := cmd.Start(); err != nil {
c.errChan <- err
_ = inner.Close()
simpleReadWrite(c.errChan, c.clientChan, c.clientConn, c.messageRecvCount)
func ciphersOpenSSL(cfg *dtls.Config) string {
// See https://tls.mbed.org/supported-ssl-ciphersuites
translate := map[dtls.CipherSuiteID]string{
dtls.TLS_PSK_WITH_AES_128_CCM_8: "PSK-AES128-CCM8",
dtls.TLS_PSK_WITH_AES_128_GCM_SHA256: "PSK-AES128-GCM-SHA256",
var ciphers []string
for _, c := range cfg.CipherSuites {
if text, ok := translate[c]; ok {
ciphers = append(ciphers, text)
return strings.Join(ciphers, ";")
func writeTempPEM(cfg *dtls.Config) (string, string, error) {
certOut, err := ioutil.TempFile("", "cert.pem")
if err != nil {
return "", "", fmt.Errorf("failed to create temporary file: %w", err)
keyOut, err := ioutil.TempFile("", "key.pem")
if err != nil {
return "", "", fmt.Errorf("failed to create temporary file: %w", err)
cert := cfg.Certificates[0]
derBytes := cert.Certificate[0]
if err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil {
return "", "", fmt.Errorf("failed to write data to cert.pem: %w", err)
if err = certOut.Close(); err != nil {
return "", "", fmt.Errorf("error closing cert.pem: %w", err)
priv := cert.PrivateKey
var privBytes []byte
privBytes, err = x509.MarshalPKCS8PrivateKey(priv)
if err != nil {
return "", "", fmt.Errorf("unable to marshal private key: %w", err)
if err = pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
return "", "", fmt.Errorf("failed to write data to key.pem: %w", err)
if err = keyOut.Close(); err != nil {
return "", "", fmt.Errorf("error closing key.pem: %w", err)
return certOut.Name(), keyOut.Name(), nil
func TestPionOpenSSLE2ESimple(t *testing.T) {
t.Run("OpenSSLServer", func(t *testing.T) {
testPionE2ESimple(t, serverOpenSSL, clientPion)
t.Run("OpenSSLClient", func(t *testing.T) {
testPionE2ESimple(t, serverPion, clientOpenSSL)
func TestPionOpenSSLE2ESimplePSK(t *testing.T) {
t.Run("OpenSSLServer", func(t *testing.T) {
testPionE2ESimplePSK(t, serverOpenSSL, clientPion)
t.Run("OpenSSLClient", func(t *testing.T) {
testPionE2ESimplePSK(t, serverPion, clientOpenSSL)
func TestPionOpenSSLE2EMTUs(t *testing.T) {
t.Run("OpenSSLServer", func(t *testing.T) {
testPionE2EMTUs(t, serverOpenSSL, clientPion)
t.Run("OpenSSLClient", func(t *testing.T) {
testPionE2EMTUs(t, serverPion, clientOpenSSL)

// +build openssl,go1.13,!js
package e2e
import (
func TestPionOpenSSLE2ESimpleED25519(t *testing.T) {
t.Skip("TODO: waiting OpenSSL's DTLS Ed25519 support")
t.Run("OpenSSLServer", func(t *testing.T) {
testPionE2ESimpleED25519(t, serverOpenSSL, clientPion)
t.Run("OpenSSLClient", func(t *testing.T) {
testPionE2ESimpleED25519(t, serverPion, clientOpenSSL)

// +build !js
package e2e
import (
const (
testMessage = "Hello World"
testTimeLimit = 5 * time.Second
messageRetry = 200 * time.Millisecond
var errServerTimeout = errors.New("waiting on serverReady err: timeout")
func randomPort(t testing.TB) int {
conn, err := net.ListenPacket("udp4", "")
if err != nil {
t.Fatalf("failed to pickPort: %v", err)
defer func() {
_ = conn.Close()
switch addr := conn.LocalAddr().(type) {
case *net.UDPAddr:
return addr.Port
t.Fatalf("unknown addr type %T", addr)
return 0
func simpleReadWrite(errChan chan error, outChan chan string, conn io.ReadWriter, messageRecvCount *uint64) {
go func() {
buffer := make([]byte, 8192)
n, err := conn.Read(buffer)
if err != nil {
errChan <- err
outChan <- string(buffer[:n])
atomic.AddUint64(messageRecvCount, 1)
for {
if atomic.LoadUint64(messageRecvCount) == 2 {
} else if _, err := conn.Write([]byte(testMessage)); err != nil {
errChan <- err
type comm struct {
ctx context.Context
clientConfig, serverConfig *dtls.Config
serverPort int
messageRecvCount *uint64 // Counter to make sure both sides got a message
clientMutex *sync.Mutex
clientConn net.Conn
serverMutex *sync.Mutex
serverConn net.Conn
serverListener net.Listener
serverReady chan struct{}
errChan chan error
clientChan chan string
serverChan chan string
client func(*comm)
server func(*comm)
func newComm(ctx context.Context, clientConfig, serverConfig *dtls.Config, serverPort int, server, client func(*comm)) *comm {
messageRecvCount := uint64(0)
c := &comm{
ctx: ctx,
clientConfig: clientConfig,
serverConfig: serverConfig,
serverPort: serverPort,
messageRecvCount: &messageRecvCount,
clientMutex: &sync.Mutex{},
serverMutex: &sync.Mutex{},
serverReady: make(chan struct{}),
errChan: make(chan error),
clientChan: make(chan string),
serverChan: make(chan string),
server: server,
client: client,
return c
func (c *comm) assert(t *testing.T) {
// DTLS Client
go c.client(c)
// DTLS Server
go c.server(c)
defer func() {
if c.clientConn != nil {
if err := c.clientConn.Close(); err != nil {
if c.serverConn != nil {
if err := c.serverConn.Close(); err != nil {
if c.serverListener != nil {
if err := c.serverListener.Close(); err != nil {
func() {
seenClient, seenServer := false, false
for {
select {
case err := <-c.errChan:
case <-time.After(testTimeLimit):
t.Fatalf("Test timeout, seenClient %t seenServer %t", seenClient, seenServer)
case clientMsg := <-c.clientChan:
if clientMsg != testMessage {
t.Fatalf("clientMsg does not equal test message: %s %s", clientMsg, testMessage)
seenClient = true
if seenClient && seenServer {
case serverMsg := <-c.serverChan:
if serverMsg != testMessage {
t.Fatalf("serverMsg does not equal test message: %s %s", serverMsg, testMessage)
seenServer = true
if seenClient && seenServer {
func clientPion(c *comm) {
select {
case <-c.serverReady:
// OK
case <-time.After(time.Second):
c.errChan <- errServerTimeout
defer c.clientMutex.Unlock()
var err error
c.clientConn, err = dtls.DialWithContext(c.ctx, "udp",
&net.UDPAddr{IP: net.ParseIP(""), Port: c.serverPort},
if err != nil {
c.errChan <- err
simpleReadWrite(c.errChan, c.clientChan, c.clientConn, c.messageRecvCount)
func serverPion(c *comm) {
defer c.serverMutex.Unlock()
var err error
c.serverListener, err = dtls.Listen("udp",
&net.UDPAddr{IP: net.ParseIP(""), Port: c.serverPort},
if err != nil {
c.errChan <- err
c.serverReady <- struct{}{}
c.serverConn, err = c.serverListener.Accept()
if err != nil {
c.errChan <- err
simpleReadWrite(c.errChan, c.serverChan, c.serverConn, c.messageRecvCount)
Simple DTLS Client/Server can communicate
- Assert that you can send messages both ways
- Assert that Close() on both ends work
- Assert that no Goroutines are leaked
func testPionE2ESimple(t *testing.T, server, client func(*comm)) {
lim := test.TimeOut(time.Second * 30)
defer lim.Stop()
report := test.CheckRoutines(t)
defer report()
for _, cipherSuite := range []dtls.CipherSuiteID{
} {
cipherSuite := cipherSuite
t.Run(cipherSuite.String(), func(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
defer cancel()
cert, err := selfsign.GenerateSelfSignedWithDNS("localhost")
if err != nil {
cfg := &dtls.Config{
Certificates: []tls.Certificate{cert},
CipherSuites: []dtls.CipherSuiteID{cipherSuite},
InsecureSkipVerify: true,
serverPort := randomPort(t)
comm := newComm(ctx, cfg, cfg, serverPort, server, client)
func testPionE2ESimplePSK(t *testing.T, server, client func(*comm)) {
lim := test.TimeOut(time.Second * 30)
defer lim.Stop()
report := test.CheckRoutines(t)
defer report()
for _, cipherSuite := range []dtls.CipherSuiteID{
} {
cipherSuite := cipherSuite
t.Run(cipherSuite.String(), func(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
defer cancel()
cfg := &dtls.Config{
PSK: func(hint []byte) ([]byte, error) {
return []byte{0xAB, 0xC1, 0x23}, nil
PSKIdentityHint: []byte{0x01, 0x02, 0x03, 0x04, 0x05},
CipherSuites: []dtls.CipherSuiteID{cipherSuite},
serverPort := randomPort(t)
comm := newComm(ctx, cfg, cfg, serverPort, server, client)
func testPionE2EMTUs(t *testing.T, server, client func(*comm)) {
lim := test.TimeOut(time.Second * 30)
defer lim.Stop()
report := test.CheckRoutines(t)
defer report()
for _, mtu := range []int{
} {
mtu := mtu
t.Run(fmt.Sprintf("MTU%d", mtu), func(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
cert, err := selfsign.GenerateSelfSignedWithDNS("localhost")
if err != nil {
cfg := &dtls.Config{
Certificates: []tls.Certificate{cert},
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
InsecureSkipVerify: true,
MTU: mtu,
serverPort := randomPort(t)
comm := newComm(ctx, cfg, cfg, serverPort, server, client)
func TestPionE2ESimple(t *testing.T) {
testPionE2ESimple(t, serverPion, clientPion)
func TestPionE2ESimplePSK(t *testing.T) {
testPionE2ESimplePSK(t, serverPion, clientPion)
func TestPionE2EMTUs(t *testing.T) {
testPionE2EMTUs(t, serverPion, clientPion)

// +build go1.13,!js
package e2e
import (
// ED25519 is not supported in Go 1.12 crypto/x509.
// Once Go 1.12 is deprecated, move this test to e2e_test.go.
func testPionE2ESimpleED25519(t *testing.T, server, client func(*comm)) {
lim := test.TimeOut(time.Second * 30)
defer lim.Stop()
report := test.CheckRoutines(t)
defer report()
for _, cipherSuite := range []dtls.CipherSuiteID{
} {
cipherSuite := cipherSuite
t.Run(cipherSuite.String(), func(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
_, key, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
cert, err := selfsign.SelfSign(key)
if err != nil {
cfg := &dtls.Config{
Certificates: []tls.Certificate{cert},
CipherSuites: []dtls.CipherSuiteID{cipherSuite},
InsecureSkipVerify: true,
serverPort := randomPort(t)
comm := newComm(ctx, cfg, cfg, serverPort, server, client)
func TestPionE2ESimpleED25519(t *testing.T) {
testPionE2ESimpleED25519(t, serverPion, clientPion)

package dtls
import (
// Typed errors
var (
ErrConnClosed = &FatalError{Err: errors.New("conn is closed")} //nolint:goerr113
errDeadlineExceeded = &TimeoutError{Err: xerrors.Errorf("read/write timeout: %w", context.DeadlineExceeded)}
errInvalidContentType = &TemporaryError{Err: errors.New("invalid content type")} //nolint:goerr113
errBufferTooSmall = &TemporaryError{Err: errors.New("buffer is too small")} //nolint:goerr113
errContextUnsupported = &TemporaryError{Err: errors.New("context is not supported for ExportKeyingMaterial")} //nolint:goerr113
errHandshakeInProgress = &TemporaryError{Err: errors.New("handshake is in progress")} //nolint:goerr113
errReservedExportKeyingMaterial = &TemporaryError{Err: errors.New("ExportKeyingMaterial can not be used with a reserved label")} //nolint:goerr113
errApplicationDataEpochZero = &TemporaryError{Err: errors.New("ApplicationData with epoch of 0")} //nolint:goerr113
errUnhandledContextType = &TemporaryError{Err: errors.New("unhandled contentType")} //nolint:goerr113
errCertificateVerifyNoCertificate = &FatalError{Err: errors.New("client sent certificate verify but we have no certificate to verify")} //nolint:goerr113
errCipherSuiteNoIntersection = &FatalError{Err: errors.New("client+server do not support any shared cipher suites")} //nolint:goerr113
errClientCertificateNotVerified = &FatalError{Err: errors.New("client sent certificate but did not verify it")} //nolint:goerr113
errClientCertificateRequired = &FatalError{Err: errors.New("server required client verification, but got none")} //nolint:goerr113
errClientNoMatchingSRTPProfile = &FatalError{Err: errors.New("server responded with SRTP Profile we do not support")} //nolint:goerr113
errClientRequiredButNoServerEMS = &FatalError{Err: errors.New("client required Extended Master Secret extension, but server does not support it")} //nolint:goerr113
errCookieMismatch = &FatalError{Err: errors.New("client+server cookie does not match")} //nolint:goerr113
errIdentityNoPSK = &FatalError{Err: errors.New("PSK Identity Hint provided but PSK is nil")} //nolint:goerr113
errInvalidCertificate = &FatalError{Err: errors.New("no certificate provided")} //nolint:goerr113
errInvalidCipherSuite = &FatalError{Err: errors.New("invalid or unknown cipher suite")} //nolint:goerr113
errInvalidECDSASignature = &FatalError{Err: errors.New("ECDSA signature contained zero or negative values")} //nolint:goerr113
errInvalidPrivateKey = &FatalError{Err: errors.New("invalid private key type")} //nolint:goerr113
errInvalidSignatureAlgorithm = &FatalError{Err: errors.New("invalid signature algorithm")} //nolint:goerr113
errKeySignatureMismatch = &FatalError{Err: errors.New("expected and actual key signature do not match")} //nolint:goerr113
errNilNextConn = &FatalError{Err: errors.New("Conn can not be created with a nil nextConn")} //nolint:goerr113
errNoAvailableCipherSuites = &FatalError{Err: errors.New("connection can not be created, no CipherSuites satisfy this Config")} //nolint:goerr113
errNoAvailablePSKCipherSuite = &FatalError{Err: errors.New("connection can not be created, pre-shared key present but no compatible CipherSuite")} //nolint:goerr113
errNoAvailableCertificateCipherSuite = &FatalError{Err: errors.New("connection can not be created, certificate present but no compatible CipherSuite")} //nolint:goerr113
errNoAvailableSignatureSchemes = &FatalError{Err: errors.New("connection can not be created, no SignatureScheme satisfy this Config")} //nolint:goerr113
errNoCertificates = &FatalError{Err: errors.New("no certificates configured")} //nolint:goerr113
errNoConfigProvided = &FatalError{Err: errors.New("no config provided")} //nolint:goerr113
errNoSupportedEllipticCurves = &FatalError{Err: errors.New("client requested zero or more elliptic curves that are not supported by the server")} //nolint:goerr113
errUnsupportedProtocolVersion = &FatalError{Err: errors.New("unsupported protocol version")} //nolint:goerr113
errPSKAndIdentityMustBeSetForClient = &FatalError{Err: errors.New("PSK and PSK Identity Hint must both be set for client")} //nolint:goerr113
errRequestedButNoSRTPExtension = &FatalError{Err: errors.New("SRTP support was requested but server did not respond with use_srtp extension")} //nolint:goerr113
errServerNoMatchingSRTPProfile = &FatalError{Err: errors.New("client requested SRTP but we have no matching profiles")} //nolint:goerr113
errServerRequiredButNoClientEMS = &FatalError{Err: errors.New("server requires the Extended Master Secret extension, but the client does not support it")} //nolint:goerr113
errVerifyDataMismatch = &FatalError{Err: errors.New("expected and actual verify data does not match")} //nolint:goerr113
errInvalidFlight = &InternalError{Err: errors.New("invalid flight number")} //nolint:goerr113
errKeySignatureGenerateUnimplemented = &InternalError{Err: errors.New("unable to generate key signature, unimplemented")} //nolint:goerr113
errKeySignatureVerifyUnimplemented = &InternalError{Err: errors.New("unable to verify key signature, unimplemented")} //nolint:goerr113
errLengthMismatch = &InternalError{Err: errors.New("data length and declared length do not match")} //nolint:goerr113
errSequenceNumberOverflow = &InternalError{Err: errors.New("sequence number overflow")} //nolint:goerr113
errInvalidFSMTransition = &InternalError{Err: errors.New("invalid state machine transition")} //nolint:goerr113
// FatalError indicates that the DTLS connection is no longer available.
// It is mainly caused by wrong configuration of server or client.
type FatalError = protocol.FatalError
// InternalError indicates and internal error caused by the implementation, and the DTLS connection is no longer available.
// It is mainly caused by bugs or tried to use unimplemented features.
type InternalError = protocol.InternalError
// TemporaryError indicates that the DTLS connection is still available, but the request was failed temporary.
type TemporaryError = protocol.TemporaryError
// TimeoutError indicates that the request was timed out.
type TimeoutError = protocol.TimeoutError
// HandshakeError indicates that the handshake failed.
type HandshakeError = protocol.HandshakeError
// invalidCipherSuite indicates an attempt at using an unsupported cipher suite.
type invalidCipherSuite struct {
id CipherSuiteID
func (e *invalidCipherSuite) Error() string {
return fmt.Sprintf("CipherSuite with id(%d) is not valid", e.id)
func (e *invalidCipherSuite) Is(err error) bool {
if other, ok := err.(*invalidCipherSuite); ok {
return e.id == other.id
return false
// errAlert wraps DTLS alert notification as an error
type errAlert struct {
func (e *errAlert) Error() string {
return fmt.Sprintf("alert: %s", e.Alert.String())
func (e *errAlert) IsFatalOrCloseNotify() bool {
return e.Level == alert.Fatal || e.Description == alert.CloseNotify
func (e *errAlert) Is(err error) bool {
if other, ok := err.(*errAlert); ok {
return e.Level == other.Level && e.Description == other.Description
return false
// netError translates an error from underlying Conn to corresponding net.Error.
func netError(err error) error {
switch err {
case io.EOF, context.Canceled, context.DeadlineExceeded:
// Return io.EOF and context errors as is.
return err
switch e := err.(type) {
case (*net.OpError):
if se, ok := e.Err.(*os.SyscallError); ok {
if se.Timeout() {
return &TimeoutError{Err: err}
if isOpErrorTemporary(se) {
return &TemporaryError{Err: err}
case (net.Error):
return err
@ -1,25 +0,0 @@
// +build aix darwin dragonfly freebsd linux nacl nacljs netbsd openbsd solaris windows
// For systems having syscall.Errno.
// Update build targets by following command:
// $ grep -R ECONN $(go env GOROOT)/src/syscall/zerrors_*.go \
// | tr "." "_" | cut -d"_" -f"2" | sort | uniq
package dtls
import (
func isOpErrorTemporary(err *os.SyscallError) bool {
if ne, ok := err.Err.(syscall.Errno); ok {
switch ne {
case syscall.ECONNREFUSED:
return true
return false
return false

// +build aix darwin dragonfly freebsd linux nacl nacljs netbsd openbsd solaris windows
// For systems having syscall.Errno.
// The build target must be same as errors_errno.go.
package dtls
import (
func TestErrorsTemporary(t *testing.T) {
addrListen, errListen := net.ResolveUDPAddr("udp", "localhost:0")
if errListen != nil {
t.Fatalf("Unexpected error: %v", errListen)
// Server is not listening.
conn, errDial := net.DialUDP("udp", nil, addrListen)
if errDial != nil {
t.Fatalf("Unexpected error: %v", errDial)
_, _ = conn.Write([]byte{0x00}) // trigger
_, err := conn.Read(make([]byte, 10))
_ = conn.Close()
if err == nil {
t.Skip("ECONNREFUSED is not set by system")
ne, ok := netError(err).(net.Error)
if !ok {
t.Fatalf("netError must return net.Error")
if ne.Timeout() {
t.Errorf("%v must not be timeout error", err)
if !ne.Temporary() {
t.Errorf("%v must be temporary error", err)

// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!nacl,!nacljs,!netbsd,!openbsd,!solaris,!windows
// For systems without syscall.Errno.
// Build targets must be inverse of errors_errno.go
package dtls
import (
func isOpErrorTemporary(err *os.SyscallError) bool {
return false

View File

@ -1,85 +0,0 @@
package dtls
import (
var errExample = errors.New("an example error")
func TestErrorUnwrap(t *testing.T) {
cases := []struct {
err error
errUnwrapped []error
&FatalError{Err: errExample},
&TemporaryError{Err: errExample},
&InternalError{Err: errExample},
&TimeoutError{Err: errExample},
&HandshakeError{Err: errExample},
for _, c := range cases {
c := c
t.Run(fmt.Sprintf("%T", c.err), func(t *testing.T) {
err := c.err
for _, unwrapped := range c.errUnwrapped {
e := xerrors.Unwrap(err)
if !errors.Is(e, unwrapped) {
t.Errorf("Unwrapped error is expected to be '%v', got '%v'", unwrapped, e)
func TestErrorNetError(t *testing.T) {
cases := []struct {
err error
str string
timeout, temporary bool
{&FatalError{Err: errExample}, "dtls fatal: an example error", false, false},
{&TemporaryError{Err: errExample}, "dtls temporary: an example error", false, true},
{&InternalError{Err: errExample}, "dtls internal: an example error", false, false},
{&TimeoutError{Err: errExample}, "dtls timeout: an example error", true, true},
{&HandshakeError{Err: errExample}, "handshake error: an example error", false, false},
{&HandshakeError{Err: &TimeoutError{Err: errExample}}, "handshake error: dtls timeout: an example error", true, true},
for _, c := range cases {
c := c
t.Run(fmt.Sprintf("%T", c.err), func(t *testing.T) {
ne, ok := c.err.(net.Error)
if !ok {
t.Fatalf("%T doesn't implement net.Error", c.err)
if ne.Timeout() != c.timeout {
t.Errorf("%T.Timeout() should be %v", c.err, c.timeout)
if ne.Temporary() != c.temporary {
t.Errorf("%T.Temporary() should be %v", c.err, c.temporary)
if ne.Error() != c.str {
t.Errorf("%T.Error() should be %v", c.err, c.str)

# Certificates
The certificates in for the examples are generated using the commands shown below.
Note that this was run on OpenSSL 1.1.1d, of which the arguments can be found in the [OpenSSL Manpages](https://www.openssl.org/docs/man1.1.1/man1), and is not guaranteed to work on different OpenSSL versions.
# Extensions required for certificate validation.
$ EXTFILE='extfile.conf'
$ echo 'subjectAltName = IP:\nbasicConstraints = critical,CA:true' > "${EXTFILE}"
# Server.
$ SERVER_NAME='server'
$ openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_NAME}.pem"
$ openssl req -key "${SERVER_NAME}.pem" -new -sha256 -subj '/C=NL' -out "${SERVER_NAME}.csr"
$ openssl x509 -req -in "${SERVER_NAME}.csr" -extfile "${EXTFILE}" -days 365 -signkey "${SERVER_NAME}.pem" -sha256 -out "${SERVER_NAME}.pub.pem"
# Client.
$ CLIENT_NAME='client'
$ openssl ecparam -name prime256v1 -genkey -noout -out "${CLIENT_NAME}.pem"
$ openssl req -key "${CLIENT_NAME}.pem" -new -sha256 -subj '/C=NL' -out "${CLIENT_NAME}.csr"
$ openssl x509 -req -in "${CLIENT_NAME}.csr" -extfile "${EXTFILE}" -days 365 -CA "${SERVER_NAME}.pub.pem" -CAkey "${SERVER_NAME}.pem" -set_serial '0xabcd' -sha256 -out "${CLIENT_NAME}.pub.pem"
# Cleanup.
$ rm "${EXTFILE}" "${SERVER_NAME}.csr" "${CLIENT_NAME}.csr"

View File

@ -1,9 +0,0 @@

View File

@ -1,9 +0,0 @@

package main
import (
func main() {
// Prepare the IP to connect to
addr := &net.UDPAddr{IP: net.ParseIP(""), Port: 4444}
// Everything below is the pion-DTLS API! Thanks for using it ❤️.
// Prepare the configuration of the DTLS connection
config := &dtls.Config{
PSK: func(hint []byte) ([]byte, error) {
fmt.Printf("Server's hint: %s \n", hint)
return []byte{0xAB, 0xC1, 0x23}, nil
PSKIdentityHint: []byte("Pion DTLS Server"),
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_PSK_WITH_AES_128_CCM_8},
ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
// Connect to a DTLS server
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
dtlsConn, err := dtls.DialWithContext(ctx, "udp", addr, config)
defer func() {
fmt.Println("Connected; type 'exit' to shutdown gracefully")
@ -1,47 +0,0 @@
package main
import (
func main() {
// Prepare the IP to connect to
addr := &net.UDPAddr{IP: net.ParseIP(""), Port: 4444}
// Generate a certificate and private key to secure the connection
certificate, genErr := selfsign.GenerateSelfSigned()
// Everything below is the pion-DTLS API! Thanks for using it ❤️.
// Prepare the configuration of the DTLS connection
config := &dtls.Config{
Certificates: []tls.Certificate{certificate},
InsecureSkipVerify: true,
ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
// Connect to a DTLS server
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
dtlsConn, err := dtls.DialWithContext(ctx, "udp", addr, config)
defer func() {
fmt.Println("Connected; type 'exit' to shutdown gracefully")
@ -1,54 +0,0 @@
package main
import (
func main() {
// Prepare the IP to connect to
addr := &net.UDPAddr{IP: net.ParseIP(""), Port: 4444}
// Everything below is the pion-DTLS API! Thanks for using it ❤️.
certificate, err := util.LoadKeyAndCertificate("examples/certificates/client.pem",
rootCertificate, err := util.LoadCertificate("examples/certificates/server.pub.pem")
certPool := x509.NewCertPool()
cert, err := x509.ParseCertificate(rootCertificate.Certificate[0])
// Prepare the configuration of the DTLS connection
config := &dtls.Config{
Certificates: []tls.Certificate{*certificate},
ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
RootCAs: certPool,
// Connect to a DTLS server
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
dtlsConn, err := dtls.DialWithContext(ctx, "udp", addr, config)
defer func() {
fmt.Println("Connected; type 'exit' to shutdown gracefully")
@ -1,72 +0,0 @@
package main
import (
func main() {
// Prepare the IP to connect to
addr := &net.UDPAddr{IP: net.ParseIP(""), Port: 4444}
// Create parent context to cleanup handshaking connections on exit.
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Everything below is the pion-DTLS API! Thanks for using it ❤️.
// Prepare the configuration of the DTLS connection
config := &dtls.Config{
PSK: func(hint []byte) ([]byte, error) {
fmt.Printf("Client's hint: %s \n", hint)
return []byte{0xAB, 0xC1, 0x23}, nil
PSKIdentityHint: []byte("Pion DTLS Client"),
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_PSK_WITH_AES_128_CCM_8},
ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
// Create timeout context for accepted connection.
ConnectContextMaker: func() (context.Context, func()) {
return context.WithTimeout(ctx, 30*time.Second)
// Connect to a DTLS server
listener, err := dtls.Listen("udp", addr, config)
defer func() {
// Simulate a chat session
hub := util.NewHub()
go func() {
for {
// Wait for a connection.
conn, err := listener.Accept()
// defer conn.Close() // TODO: graceful shutdown
// `conn` is of type `net.Conn` but may be casted to `dtls.Conn`
// using `dtlsConn := conn.(*dtls.Conn)` in order to to expose
// functions like `ConnectionState` etc.
// Register the connection with the chat hub
if err == nil {
// Start chatting

View File

@ -1,73 +0,0 @@
package main
import (
func main() {
// Prepare the IP to connect to
addr := &net.UDPAddr{IP: net.ParseIP(""), Port: 4444}
// Generate a certificate and private key to secure the connection
certificate, genErr := selfsign.GenerateSelfSigned()
// Create parent context to cleanup handshaking connections on exit.
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Everything below is the pion-DTLS API! Thanks for using it ❤️.
// Prepare the configuration of the DTLS connection
config := &dtls.Config{
Certificates: []tls.Certificate{certificate},
ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
// Create timeout context for accepted connection.
ConnectContextMaker: func() (context.Context, func()) {
return context.WithTimeout(ctx, 30*time.Second)
// Connect to a DTLS server
listener, err := dtls.Listen("udp", addr, config)
defer func() {
// Simulate a chat session
hub := util.NewHub()
go func() {
for {
// Wait for a connection.
conn, err := listener.Accept()
// defer conn.Close() // TODO: graceful shutdown
// `conn` is of type `net.Conn` but may be casted to `dtls.Conn`
// using `dtlsConn := conn.(*dtls.Conn)` in order to to expose
// functions like `ConnectionState` etc.
// Register the connection with the chat hub
if err == nil {
@ -1,80 +0,0 @@
package main
import (
func main() {
// Prepare the IP to connect to
addr := &net.UDPAddr{IP: net.ParseIP(""), Port: 4444}
// Create parent context to cleanup handshaking connections on exit.
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Everything below is the pion-DTLS API! Thanks for using it ❤️.
certificate, err := util.LoadKeyAndCertificate("examples/certificates/server.pem",
rootCertificate, err := util.LoadCertificate("examples/certificates/server.pub.pem")
certPool := x509.NewCertPool()
cert, err := x509.ParseCertificate(rootCertificate.Certificate[0])
// Prepare the configuration of the DTLS connection
config := &dtls.Config{
Certificates: []tls.Certificate{*certificate},
ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
ClientAuth: dtls.RequireAndVerifyClientCert,
ClientCAs: certPool,
// Create timeout context for accepted connection.
ConnectContextMaker: func() (context.Context, func()) {
return context.WithTimeout(ctx, 30*time.Second)
// Connect to a DTLS server
listener, err := dtls.Listen("udp", addr, config)
defer func() {
// Simulate a chat session
hub := util.NewHub()
go func() {
for {
// Wait for a connection.
conn, err := listener.Accept()
// defer conn.Close() // TODO: graceful shutdown
// `conn` is of type `net.Conn` but may be casted to `dtls.Conn`
// using `dtlsConn := conn.(*dtls.Conn)` in order to to expose
// functions like `ConnectionState` etc.
// Register the connection with the chat hub
@ -1,80 +0,0 @@
package util
import (
// Hub is a helper to handle one to many chat
type Hub struct {
conns map[string]net.Conn
lock sync.RWMutex
// NewHub builds a new hub
func NewHub() *Hub {
return &Hub{conns: make(map[string]net.Conn)}
// Register adds a new conn to the Hub
func (h *Hub) Register(conn net.Conn) {
fmt.Printf("Connected to %s\n", conn.RemoteAddr())
defer h.lock.Unlock()
h.conns[conn.RemoteAddr().String()] = conn
go h.readLoop(conn)
func (h *Hub) readLoop(conn net.Conn) {
b := make([]byte, bufSize)
for {
n, err := conn.Read(b)
if err != nil {
fmt.Printf("Got message: %s\n", string(b[:n]))
func (h *Hub) unregister(conn net.Conn) {
defer h.lock.Unlock()
delete(h.conns, conn.RemoteAddr().String())
err := conn.Close()
if err != nil {
fmt.Println("Failed to disconnect", conn.RemoteAddr(), err)
} else {
fmt.Println("Disconnected ", conn.RemoteAddr())
func (h *Hub) broadcast(msg []byte) {
defer h.lock.RUnlock()
for _, conn := range h.conns {
_, err := conn.Write(msg)
if err != nil {
fmt.Printf("Failed to write message to %s: %v\n", conn.RemoteAddr(), err)
// Chat starts the stdin readloop to dispatch messages to the hub
func (h *Hub) Chat() {
reader := bufio.NewReader(os.Stdin)
for {
msg, err := reader.ReadString('\n')
if strings.TrimSpace(msg) == "exit" {

// Package util provides auxiliary utilities used in examples
package util
import (
const bufSize = 8192
var (
errBlockIsNotPrivateKey = errors.New("block is not a private key, unable to load key")
errUnknownKeyTime = errors.New("unknown key time in PKCS#8 wrapping, unable to load key")
errNoPrivateKeyFound = errors.New("no private key found, unable to load key")
errBlockIsNotCertificate = errors.New("block is not a certificate, unable to load certificates")
errNoCertificateFound = errors.New("no certificate found, unable to load certificates")
// Chat simulates a simple text chat session over the connection
func Chat(conn io.ReadWriter) {
go func() {
b := make([]byte, bufSize)
for {
n, err := conn.Read(b)
fmt.Printf("Got message: %s\n", string(b[:n]))
reader := bufio.NewReader(os.Stdin)
for {
text, err := reader.ReadString('\n')
if strings.TrimSpace(text) == "exit" {
_, err = conn.Write([]byte(text))
// Check is a helper to throw errors in the examples
func Check(err error) {
switch e := err.(type) {
case nil:
case (net.Error):
if e.Temporary() {
fmt.Printf("Warning: %v\n", err)
fmt.Printf("net.Error: %v\n", err)
fmt.Printf("error: %v\n", err)
// LoadKeyAndCertificate reads certificates or key from file
func LoadKeyAndCertificate(keyPath string, certificatePath string) (*tls.Certificate, error) {
privateKey, err := LoadKey(keyPath)
if err != nil {
return nil, err
certificate, err := LoadCertificate(certificatePath)
if err != nil {
return nil, err
certificate.PrivateKey = privateKey
return certificate, nil
// LoadKey Load/read key from file
func LoadKey(path string) (crypto.PrivateKey, error) {
rawData, err := ioutil.ReadFile(filepath.Clean(path))
if err != nil {
return nil, err
block, _ := pem.Decode(rawData)
if block == nil || !strings.HasSuffix(block.Type, "PRIVATE KEY") {
return nil, errBlockIsNotPrivateKey
if key, err := x509.ParsePKCS1PrivateKey(block.Bytes); err == nil {
return key, nil
if key, err := x509.ParsePKCS8PrivateKey(block.Bytes); err == nil {
switch key := key.(type) {
case *rsa.PrivateKey, *ecdsa.PrivateKey:
return key, nil
return nil, errUnknownKeyTime
if key, err := x509.ParseECPrivateKey(block.Bytes); err == nil {
return key, nil
return nil, errNoPrivateKeyFound
// LoadCertificate Load/read certificate(s) from file
func LoadCertificate(path string) (*tls.Certificate, error) {
rawData, err := ioutil.ReadFile(filepath.Clean(path))
if err != nil {
return nil, err
var certificate tls.Certificate
for {
block, rest := pem.Decode(rawData)
if block == nil {
if block.Type != "CERTIFICATE" {
return nil, errBlockIsNotCertificate
certificate.Certificate = append(certificate.Certificate, block.Bytes)
rawData = rest
if len(certificate.Certificate) == 0 {
return nil, errNoCertificateFound
@ -1,75 +0,0 @@
package dtls
DTLS messages are grouped into a series of message flights, according
to the diagrams below. Although each flight of messages may consist
of a number of messages, they should be viewed as monolithic for the
purpose of timeout and retransmission.
Client Server
------ ------
Waiting Flight 0
ClientHello --------> Flight 1
<------- HelloVerifyRequest Flight 2
ClientHello --------> Flight 3
ServerHello \
Certificate* \
ServerKeyExchange* Flight 4
CertificateRequest* /
<-------- ServerHelloDone /
Certificate* \
ClientKeyExchange \
CertificateVerify* Flight 5
[ChangeCipherSpec] /
Finished --------> /
[ChangeCipherSpec] \ Flight 6
<-------- Finished /
type flightVal uint8
const (
flight0 flightVal = iota + 1
func (f flightVal) String() string {
switch f {
case flight0:
return "Flight 0"
case flight1:
return "Flight 1"
case flight2:
return "Flight 2"
case flight3:
return "Flight 3"
case flight4:
return "Flight 4"
case flight5:
return "Flight 5"
case flight6:
return "Flight 6"
return "Invalid Flight"
func (f flightVal) isLastSendFlight() bool {
return f == flight6
func (f flightVal) isLastRecvFlight() bool {
@ -1,102 +0,0 @@
package dtls
import (
func flight0Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
seq, msgs, ok := cache.fullPullMap(0,
handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
if !ok {
// No valid message received. Keep reading
return 0, nil, nil
state.handshakeRecvSequence = seq
var clientHello *handshake.MessageClientHello
// Validate type
if clientHello, ok = msgs[handshake.TypeClientHello].(*handshake.MessageClientHello); !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
if !clientHello.Version.Equal(protocol.Version1_2) {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
state.remoteRandom = clientHello.Random
cipherSuites := []CipherSuite{}
for _, id := range clientHello.CipherSuiteIDs {
if c := cipherSuiteForID(CipherSuiteID(id), cfg.customCipherSuites); c != nil {
cipherSuites = append(cipherSuites, c)
if state.cipherSuite, ok = findMatchingCipherSuite(cipherSuites, cfg.localCipherSuites); !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errCipherSuiteNoIntersection
for _, val := range clientHello.Extensions {
switch e := val.(type) {
case *extension.SupportedEllipticCurves:
if len(e.EllipticCurves) == 0 {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errNoSupportedEllipticCurves
state.namedCurve = e.EllipticCurves[0]
case *extension.UseSRTP:
profile, ok := findMatchingSRTPProfile(e.ProtectionProfiles, cfg.localSRTPProtectionProfiles)
if !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errServerNoMatchingSRTPProfile
state.srtpProtectionProfile = profile
case *extension.UseExtendedMasterSecret:
if cfg.extendedMasterSecret != DisableExtendedMasterSecret {
state.extendedMasterSecret = true
case *extension.ServerName:
state.serverName = e.ServerName // remote server name
if cfg.extendedMasterSecret == RequireExtendedMasterSecret && !state.extendedMasterSecret {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errServerRequiredButNoClientEMS
if state.localKeypair == nil {
var err error
state.localKeypair, err = elliptic.GenerateKeypair(state.namedCurve)
if err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
return flight2, nil, nil
func flight0Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
// Initialize
state.cookie = make([]byte, cookieLength)
if _, err := rand.Read(state.cookie); err != nil {
return nil, nil, err
var zeroEpoch uint16
state.namedCurve = defaultNamedCurve
if err := state.localRandom.Populate(); err != nil {
return nil, nil, err
return nil, nil, nil

package dtls
import (
func flight1Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
// HelloVerifyRequest can be skipped by the server,
// so allow ServerHello during flight1 also
seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
handshakeCachePullRule{handshake.TypeHelloVerifyRequest, cfg.initialEpoch, false, true},
handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, true},
if !ok {
// No valid message received. Keep reading
return 0, nil, nil
if _, ok := msgs[handshake.TypeServerHello]; ok {
// Flight1 and flight2 were skipped.
// Parse as flight3.
return flight3Parse(ctx, c, state, cache, cfg)
if h, ok := msgs[handshake.TypeHelloVerifyRequest].(*handshake.MessageHelloVerifyRequest); ok {
// DTLS 1.2 clients must not assume that the server will use the protocol version
// specified in HelloVerifyRequest message. RFC 6347 Section 4.2.1
if !h.Version.Equal(protocol.Version1_0) && !h.Version.Equal(protocol.Version1_2) {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
state.cookie = append([]byte{}, h.Cookie...)
state.handshakeRecvSequence = seq
return flight3, nil, nil
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
func flight1Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
var zeroEpoch uint16
state.namedCurve = defaultNamedCurve
state.cookie = nil
if err := state.localRandom.Populate(); err != nil {
return nil, nil, err
extensions := []extension.Extension{
SignatureHashAlgorithms: cfg.localSignatureSchemes,
RenegotiatedConnection: 0,
if cfg.localPSKCallback == nil {
extensions = append(extensions, []extension.Extension{
EllipticCurves: []elliptic.Curve{elliptic.X25519, elliptic.P256, elliptic.P384},
PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
if len(cfg.localSRTPProtectionProfiles) > 0 {
extensions = append(extensions, &extension.UseSRTP{
ProtectionProfiles: cfg.localSRTPProtectionProfiles,
if cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
cfg.extendedMasterSecret == RequireExtendedMasterSecret {
extensions = append(extensions, &extension.UseExtendedMasterSecret{
Supported: true,
if len(cfg.serverName) > 0 {
extensions = append(extensions, &extension.ServerName{ServerName: cfg.serverName})
return []*packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageClientHello{
Version: protocol.Version1_2,
Cookie: state.cookie,
Random: state.localRandom,
CipherSuiteIDs: cipherSuiteIDs(cfg.localCipherSuites),
CompressionMethods: defaultCompressionMethods(),
Extensions: extensions,
@ -1,78 +0,0 @@
package dtls
import (
func flight2Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
if !ok {
// Client may retransmit the first ClientHello when HelloVerifyRequest is dropped.
// Parse as flight 0 in this case.
return flight0Parse(ctx, c, state, cache, cfg)
state.handshakeRecvSequence = seq
var clientHello *handshake.MessageClientHello
// Validate type
if clientHello, ok = msgs[handshake.TypeClientHello].(*handshake.MessageClientHello); !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
if !clientHello.Version.Equal(protocol.Version1_2) {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
if len(clientHello.Cookie) == 0 {
return 0, nil, nil
if !bytes.Equal(state.cookie, clientHello.Cookie) {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.AccessDenied}, errCookieMismatch
// TODO 添加 CiscoCompat 支持
if cfg.localCiscoCompatCallback != nil {
var err error
state.SessionID = clientHello.SessionID
if len(state.SessionID) == 0 {
err = fmt.Errorf("clientHello SessionID is nil")
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
state.masterSecret, err = cfg.localCiscoCompatCallback(state.SessionID)
if err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
return flight4, nil, nil
func flight2Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
state.handshakeSendSequence = 0
return []*packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageHelloVerifyRequest{
Version: protocol.Version1_2,
Cookie: state.cookie,
@ -1,194 +0,0 @@
package dtls
import (
func flight3Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) { //nolint:gocognit
// Clients may receive multiple HelloVerifyRequest messages with different cookies.
// Clients SHOULD handle this by sending a new ClientHello with a cookie in response
// to the new HelloVerifyRequest. RFC 6347 Section 4.2.1
seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
handshakeCachePullRule{handshake.TypeHelloVerifyRequest, cfg.initialEpoch, false, true},
if ok {
if h, msgOk := msgs[handshake.TypeHelloVerifyRequest].(*handshake.MessageHelloVerifyRequest); msgOk {
// DTLS 1.2 clients must not assume that the server will use the protocol version
// specified in HelloVerifyRequest message. RFC 6347 Section 4.2.1
if !h.Version.Equal(protocol.Version1_0) && !h.Version.Equal(protocol.Version1_2) {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
state.cookie = append([]byte{}, h.Cookie...)
state.handshakeRecvSequence = seq
return flight3, nil, nil
if cfg.localPSKCallback != nil {
seq, msgs, ok = cache.fullPullMap(state.handshakeRecvSequence,
handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, true},
handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
} else {
seq, msgs, ok = cache.fullPullMap(state.handshakeRecvSequence,
handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, true},
handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, true},
handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
if !ok {
// Don't have enough messages. Keep reading
return 0, nil, nil
state.handshakeRecvSequence = seq
if h, ok := msgs[handshake.TypeServerHello].(*handshake.MessageServerHello); ok {
if !h.Version.Equal(protocol.Version1_2) {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
for _, v := range h.Extensions {
switch e := v.(type) {
case *extension.UseSRTP:
profile, ok := findMatchingSRTPProfile(e.ProtectionProfiles, cfg.localSRTPProtectionProfiles)
if !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, errClientNoMatchingSRTPProfile
state.srtpProtectionProfile = profile
case *extension.UseExtendedMasterSecret:
if cfg.extendedMasterSecret != DisableExtendedMasterSecret {
state.extendedMasterSecret = true
if cfg.extendedMasterSecret == RequireExtendedMasterSecret && !state.extendedMasterSecret {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errClientRequiredButNoServerEMS
if len(cfg.localSRTPProtectionProfiles) > 0 && state.srtpProtectionProfile == 0 {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errRequestedButNoSRTPExtension
remoteCipherSuite := cipherSuiteForID(CipherSuiteID(*h.CipherSuiteID), cfg.customCipherSuites)
if remoteCipherSuite == nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errCipherSuiteNoIntersection
selectedCipherSuite, ok := findMatchingCipherSuite([]CipherSuite{remoteCipherSuite}, cfg.localCipherSuites)
if !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errInvalidCipherSuite
state.cipherSuite = selectedCipherSuite
state.remoteRandom = h.Random
cfg.log.Tracef("[handshake] use cipher suite: %s", selectedCipherSuite.String())
if h, ok := msgs[handshake.TypeCertificate].(*handshake.MessageCertificate); ok {
state.PeerCertificates = h.Certificate
} else if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeCertificate {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.NoCertificate}, errInvalidCertificate
if h, ok := msgs[handshake.TypeServerKeyExchange].(*handshake.MessageServerKeyExchange); ok {
alertPtr, err := handleServerKeyExchange(c, state, cfg, h)
if err != nil {
return 0, alertPtr, err
if _, ok := msgs[handshake.TypeCertificateRequest].(*handshake.MessageCertificateRequest); ok {
state.remoteRequestedCertificate = true
return flight5, nil, nil
func handleServerKeyExchange(_ flightConn, state *State, cfg *handshakeConfig, h *handshake.MessageServerKeyExchange) (*alert.Alert, error) {
var err error
if cfg.localPSKCallback != nil {
var psk []byte
if psk, err = cfg.localPSKCallback(h.IdentityHint); err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
state.IdentityHint = h.IdentityHint
state.preMasterSecret = prf.PSKPreMasterSecret(psk)
} else {
if state.localKeypair, err = elliptic.GenerateKeypair(h.NamedCurve); err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
if state.preMasterSecret, err = prf.PreMasterSecret(h.PublicKey, state.localKeypair.PrivateKey, state.localKeypair.Curve); err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
return nil, nil
func flight3Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
extensions := []extension.Extension{
SignatureHashAlgorithms: cfg.localSignatureSchemes,
RenegotiatedConnection: 0,
if cfg.localPSKCallback == nil {
extensions = append(extensions, []extension.Extension{
EllipticCurves: []elliptic.Curve{elliptic.X25519, elliptic.P256, elliptic.P384},
PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
if len(cfg.localSRTPProtectionProfiles) > 0 {
extensions = append(extensions, &extension.UseSRTP{
ProtectionProfiles: cfg.localSRTPProtectionProfiles,
if cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
cfg.extendedMasterSecret == RequireExtendedMasterSecret {
extensions = append(extensions, &extension.UseExtendedMasterSecret{
Supported: true,
if len(cfg.serverName) > 0 {
extensions = append(extensions, &extension.ServerName{ServerName: cfg.serverName})
return []*packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageClientHello{
Version: protocol.Version1_2,
Cookie: state.cookie,
Random: state.localRandom,
CipherSuiteIDs: cipherSuiteIDs(cfg.localCipherSuites),
CompressionMethods: defaultCompressionMethods(),
Extensions: extensions,
@ -1,352 +0,0 @@
package dtls
import (
func flight4Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) { //nolint:gocognit
seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, true},
handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeCertificateVerify, cfg.initialEpoch, true, true},
if !ok {
// No valid message received. Keep reading
return 0, nil, nil
// Validate type
var clientKeyExchange *handshake.MessageClientKeyExchange
if clientKeyExchange, ok = msgs[handshake.TypeClientKeyExchange].(*handshake.MessageClientKeyExchange); !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
if h, hasCert := msgs[handshake.TypeCertificate].(*handshake.MessageCertificate); hasCert {
state.PeerCertificates = h.Certificate
if h, hasCertVerify := msgs[handshake.TypeCertificateVerify].(*handshake.MessageCertificateVerify); hasCertVerify {
if state.PeerCertificates == nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.NoCertificate}, errCertificateVerifyNoCertificate
plainText := cache.pullAndMerge(
handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
// Verify that the pair of hash algorithm and signiture is listed.
var validSignatureScheme bool
for _, ss := range cfg.localSignatureSchemes {
if ss.Hash == h.HashAlgorithm && ss.Signature == h.SignatureAlgorithm {
validSignatureScheme = true
if !validSignatureScheme {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errNoAvailableSignatureSchemes
if err := verifyCertificateVerify(plainText, h.HashAlgorithm, h.Signature, state.PeerCertificates); err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
var chains [][]*x509.Certificate
var err error
var verified bool
if cfg.clientAuth >= VerifyClientCertIfGiven {
if chains, err = verifyClientCert(state.PeerCertificates, cfg.clientCAs); err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
verified = true
if cfg.verifyPeerCertificate != nil {
if err := cfg.verifyPeerCertificate(state.PeerCertificates, chains); err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
state.peerCertificatesVerified = verified
if !state.cipherSuite.IsInitialized() {
serverRandom := state.localRandom.MarshalFixed()
clientRandom := state.remoteRandom.MarshalFixed()
var err error
var preMasterSecret []byte
if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypePreSharedKey {
var psk []byte
if psk, err = cfg.localPSKCallback(clientKeyExchange.IdentityHint); err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
state.IdentityHint = clientKeyExchange.IdentityHint
preMasterSecret = prf.PSKPreMasterSecret(psk)
} else {
preMasterSecret, err = prf.PreMasterSecret(clientKeyExchange.PublicKey, state.localKeypair.PrivateKey, state.localKeypair.Curve)
if err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
if state.extendedMasterSecret {
var sessionHash []byte
sessionHash, err = cache.sessionHash(state.cipherSuite.HashFunc(), cfg.initialEpoch)
if err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
state.masterSecret, err = prf.ExtendedMasterSecret(preMasterSecret, sessionHash, state.cipherSuite.HashFunc())
if err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
} else {
state.masterSecret, err = prf.MasterSecret(preMasterSecret, clientRandom[:], serverRandom[:], state.cipherSuite.HashFunc())
if err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
if err := state.cipherSuite.Init(state.masterSecret, clientRandom[:], serverRandom[:], false); err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
cfg.writeKeyLog(keyLogLabelTLS12, clientRandom[:], state.masterSecret)
// Now, encrypted packets can be handled
if err := c.handleQueuedPackets(ctx); err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
seq, msgs, ok = cache.fullPullMap(seq,
handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
if !ok {
// No valid message received. Keep reading
return 0, nil, nil
state.handshakeRecvSequence = seq
if _, ok = msgs[handshake.TypeFinished].(*handshake.MessageFinished); !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeAnonymous {
return flight6, nil, nil
switch cfg.clientAuth {
case RequireAnyClientCert:
if state.PeerCertificates == nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.NoCertificate}, errClientCertificateRequired
case VerifyClientCertIfGiven:
if state.PeerCertificates != nil && !state.peerCertificatesVerified {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, errClientCertificateNotVerified
case RequireAndVerifyClientCert:
if state.PeerCertificates == nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.NoCertificate}, errClientCertificateRequired
if !state.peerCertificatesVerified {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, errClientCertificateNotVerified
case NoClientCert, RequestClientCert:
return flight6, nil, nil
return flight6, nil, nil
func flight4Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
extensions := []extension.Extension{&extension.RenegotiationInfo{
RenegotiatedConnection: 0,
if (cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
cfg.extendedMasterSecret == RequireExtendedMasterSecret) && state.extendedMasterSecret {
extensions = append(extensions, &extension.UseExtendedMasterSecret{
Supported: true,
if state.srtpProtectionProfile != 0 {
extensions = append(extensions, &extension.UseSRTP{
ProtectionProfiles: []SRTPProtectionProfile{state.srtpProtectionProfile},
if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeCertificate {
extensions = append(extensions, []extension.Extension{
EllipticCurves: []elliptic.Curve{elliptic.X25519, elliptic.P256, elliptic.P384},
PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
var pkts []*packet
cipherSuiteID := uint16(state.cipherSuite.ID())
pkts = append(pkts, &packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageServerHello{
Version: protocol.Version1_2,
Random: state.localRandom,
SessionID: state.SessionID,
CipherSuiteID: &cipherSuiteID,
CompressionMethod: defaultCompressionMethods()[0],
Extensions: extensions,
// TODO 添加 CiscoCompat 支持
if cfg.localCiscoCompatCallback != nil {
if !state.cipherSuite.IsInitialized() {
serverRandom := state.localRandom.MarshalFixed()
clientRandom := state.remoteRandom.MarshalFixed()
if err := state.cipherSuite.Init(state.masterSecret, clientRandom[:], serverRandom[:], false); err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
cfg.writeKeyLog(keyLogLabelTLS12, clientRandom[:], state.masterSecret)
return pkts, nil, nil
switch {
case state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeCertificate:
certificate, err := cfg.getCertificate(cfg.serverName)
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.HandshakeFailure}, err
pkts = append(pkts, &packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageCertificate{
Certificate: certificate.Certificate,
serverRandom := state.localRandom.MarshalFixed()
clientRandom := state.remoteRandom.MarshalFixed()
// Find compatible signature scheme
signatureHashAlgo, err := signaturehash.SelectSignatureScheme(cfg.localSignatureSchemes, certificate.PrivateKey)
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, err
signature, err := generateKeySignature(clientRandom[:], serverRandom[:], state.localKeypair.PublicKey, state.namedCurve, certificate.PrivateKey, signatureHashAlgo.Hash)
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
state.localKeySignature = signature
pkts = append(pkts, &packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageServerKeyExchange{
EllipticCurveType: elliptic.CurveTypeNamedCurve,
NamedCurve: state.namedCurve,
PublicKey: state.localKeypair.PublicKey,
HashAlgorithm: signatureHashAlgo.Hash,
SignatureAlgorithm: signatureHashAlgo.Signature,
Signature: state.localKeySignature,
if cfg.clientAuth > NoClientCert {
pkts = append(pkts, &packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageCertificateRequest{
CertificateTypes: []clientcertificate.Type{clientcertificate.RSASign, clientcertificate.ECDSASign},
SignatureHashAlgorithms: cfg.localSignatureSchemes,
case cfg.localPSKIdentityHint != nil:
// To help the client in selecting which identity to use, the server
// can provide a "PSK identity hint" in the ServerKeyExchange message.
// If no hint is provided, the ServerKeyExchange message is omitted.
// https://tools.ietf.org/html/rfc4279#section-2
pkts = append(pkts, &packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageServerKeyExchange{
IdentityHint: cfg.localPSKIdentityHint,
case state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeAnonymous:
pkts = append(pkts, &packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageServerKeyExchange{
EllipticCurveType: elliptic.CurveTypeNamedCurve,
NamedCurve: state.namedCurve,
PublicKey: state.localKeypair.PublicKey,
pkts = append(pkts, &packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageServerHelloDone{},
@ -1,323 +0,0 @@
package dtls
import (
func flight5Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
_, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, false, false},
if !ok {
// No valid message received. Keep reading
return 0, nil, nil
var finished *handshake.MessageFinished
if finished, ok = msgs[handshake.TypeFinished].(*handshake.MessageFinished); !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
plainText := cache.pullAndMerge(
handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeCertificateVerify, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
expectedVerifyData, err := prf.VerifyDataServer(state.masterSecret, plainText, state.cipherSuite.HashFunc())
if err != nil {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
if !bytes.Equal(expectedVerifyData, finished.VerifyData) {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.HandshakeFailure}, errVerifyDataMismatch
return flight5, nil, nil
func flight5Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) { //nolint:gocognit
var certBytes [][]byte
var privateKey crypto.PrivateKey
if len(cfg.localCertificates) > 0 {
certificate, err := cfg.getCertificate(cfg.serverName)
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.HandshakeFailure}, err
certBytes = certificate.Certificate
privateKey = certificate.PrivateKey
var pkts []*packet
if state.remoteRequestedCertificate {
pkts = append(pkts,
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageCertificate{
Certificate: certBytes,
clientKeyExchange := &handshake.MessageClientKeyExchange{}
if cfg.localPSKCallback == nil {
clientKeyExchange.PublicKey = state.localKeypair.PublicKey
} else {
clientKeyExchange.IdentityHint = cfg.localPSKIdentityHint
pkts = append(pkts,
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: clientKeyExchange,
serverKeyExchangeData := cache.pullAndMerge(
handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
serverKeyExchange := &handshake.MessageServerKeyExchange{}
// handshakeMessageServerKeyExchange is optional for PSK
if len(serverKeyExchangeData) == 0 {
alertPtr, err := handleServerKeyExchange(c, state, cfg, &handshake.MessageServerKeyExchange{})
if err != nil {
return nil, alertPtr, err
} else {
rawHandshake := &handshake.Handshake{}
err := rawHandshake.Unmarshal(serverKeyExchangeData)
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.UnexpectedMessage}, err
switch h := rawHandshake.Message.(type) {
case *handshake.MessageServerKeyExchange:
serverKeyExchange = h
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.UnexpectedMessage}, errInvalidContentType
// Append not-yet-sent packets
merged := []byte{}
seqPred := uint16(state.handshakeSendSequence)
for _, p := range pkts {
h, ok := p.record.Content.(*handshake.Handshake)
if !ok {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, errInvalidContentType
h.Header.MessageSequence = seqPred
raw, err := h.Marshal()
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
merged = append(merged, raw...)
if alertPtr, err := initalizeCipherSuite(state, cache, cfg, serverKeyExchange, merged); err != nil {
return nil, alertPtr, err
// If the client has sent a certificate with signing ability, a digitally-signed
// CertificateVerify message is sent to explicitly verify possession of the
// private key in the certificate.
if state.remoteRequestedCertificate && len(cfg.localCertificates) > 0 {
plainText := append(cache.pullAndMerge(
handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
), merged...)
// Find compatible signature scheme
signatureHashAlgo, err := signaturehash.SelectSignatureScheme(cfg.localSignatureSchemes, privateKey)
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, err
certVerify, err := generateCertificateVerify(plainText, privateKey, signatureHashAlgo.Hash)
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
state.localCertificatesVerify = certVerify
p := &packet{
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &handshake.Handshake{
Message: &handshake.MessageCertificateVerify{
HashAlgorithm: signatureHashAlgo.Hash,
SignatureAlgorithm: signatureHashAlgo.Signature,
Signature: state.localCertificatesVerify,
pkts = append(pkts, p)
h, ok := p.record.Content.(*handshake.Handshake)
if !ok {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, errInvalidContentType
h.Header.MessageSequence = seqPred
// seqPred++ // this is the last use of seqPred
raw, err := h.Marshal()
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
merged = append(merged, raw...)
pkts = append(pkts,
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &protocol.ChangeCipherSpec{},
if len(state.localVerifyData) == 0 {
plainText := cache.pullAndMerge(
handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeCertificateVerify, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
var err error
state.localVerifyData, err = prf.VerifyDataClient(state.masterSecret, append(plainText, merged...), state.cipherSuite.HashFunc())
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
pkts = append(pkts,
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Epoch: 1,
Content: &handshake.Handshake{
Message: &handshake.MessageFinished{
VerifyData: state.localVerifyData,
shouldEncrypt: true,
resetLocalSequenceNumber: true,
return pkts, nil, nil
func initalizeCipherSuite(state *State, cache *handshakeCache, cfg *handshakeConfig, h *handshake.MessageServerKeyExchange, sendingPlainText []byte) (*alert.Alert, error) { //nolint:gocognit
if state.cipherSuite.IsInitialized() {
return nil, nil
clientRandom := state.localRandom.MarshalFixed()
serverRandom := state.remoteRandom.MarshalFixed()
var err error
if state.extendedMasterSecret {
var sessionHash []byte
sessionHash, err = cache.sessionHash(state.cipherSuite.HashFunc(), cfg.initialEpoch, sendingPlainText)
if err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
state.masterSecret, err = prf.ExtendedMasterSecret(state.preMasterSecret, sessionHash, state.cipherSuite.HashFunc())
if err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
} else {
state.masterSecret, err = prf.MasterSecret(state.preMasterSecret, clientRandom[:], serverRandom[:], state.cipherSuite.HashFunc())
if err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeCertificate {
// Verify that the pair of hash algorithm and signiture is listed.
var validSignatureScheme bool
for _, ss := range cfg.localSignatureSchemes {
if ss.Hash == h.HashAlgorithm && ss.Signature == h.SignatureAlgorithm {
validSignatureScheme = true
if !validSignatureScheme {
return &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errNoAvailableSignatureSchemes
expectedMsg := valueKeyMessage(clientRandom[:], serverRandom[:], h.PublicKey, h.NamedCurve)
if err = verifyKeySignature(expectedMsg, h.Signature, h.HashAlgorithm, state.PeerCertificates); err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
var chains [][]*x509.Certificate
if !cfg.insecureSkipVerify {
if chains, err = verifyServerCert(state.PeerCertificates, cfg.rootCAs, cfg.serverName); err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
if cfg.verifyPeerCertificate != nil {
if err = cfg.verifyPeerCertificate(state.PeerCertificates, chains); err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
if err = state.cipherSuite.Init(state.masterSecret, clientRandom[:], serverRandom[:], true); err != nil {
return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
cfg.writeKeyLog(keyLogLabelTLS12, clientRandom[:], state.masterSecret)
@ -1,82 +0,0 @@
package dtls
import (
func flight6Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
_, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence-1,
handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
if !ok {
// No valid message received. Keep reading
return 0, nil, nil
if _, ok = msgs[handshake.TypeFinished].(*handshake.MessageFinished); !ok {
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
// Other party retransmitted the last flight.
return flight6, nil, nil
func flight6Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
var pkts []*packet
pkts = append(pkts,
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Content: &protocol.ChangeCipherSpec{},
if len(state.localVerifyData) == 0 {
plainText := cache.pullAndMerge(
handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeCertificateVerify, cfg.initialEpoch, true, false},
handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
var err error
state.localVerifyData, err = prf.VerifyDataServer(state.masterSecret, plainText, state.cipherSuite.HashFunc())
if err != nil {
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
pkts = append(pkts,
record: &recordlayer.RecordLayer{
Header: recordlayer.Header{
Version: protocol.Version1_2,
Epoch: 1,
Content: &handshake.Handshake{
Message: &handshake.MessageFinished{
VerifyData: state.localVerifyData,
shouldEncrypt: true,
resetLocalSequenceNumber: true,
@ -1,57 +0,0 @@
package dtls
import (
// Parse received handshakes and return next flightVal
type flightParser func(context.Context, flightConn, *State, *handshakeCache, *handshakeConfig) (flightVal, *alert.Alert, error)
// Generate flights
type flightGenerator func(flightConn, *State, *handshakeCache, *handshakeConfig) ([]*packet, *alert.Alert, error)
func (f flightVal) getFlightParser() (flightParser, error) {
switch f {
case flight0:
return flight0Parse, nil
case flight1:
return flight1Parse, nil
case flight2:
return flight2Parse, nil
case flight3:
return flight3Parse, nil
case flight4:
return flight4Parse, nil
case flight5:
return flight5Parse, nil
case flight6:
return flight6Parse, nil
return nil, errInvalidFlight
func (f flightVal) getFlightGenerator() (gen flightGenerator, retransmit bool, err error) {
switch f {
case flight0:
return flight0Generate, true, nil
case flight1:
return flight1Generate, true, nil
case flight2:
// https://tools.ietf.org/html/rfc6347#section-3.2.1
// HelloVerifyRequests must not be retransmitted.
return flight2Generate, false, nil
case flight3:
return flight3Generate, true, nil
case flight4:
return flight4Generate, true, nil
case flight5:
return flight5Generate, true, nil
case flight6:
return flight6Generate, true, nil
@ -1,111 +0,0 @@
package dtls
import (
type fragment struct {
recordLayerHeader recordlayer.Header
handshakeHeader handshake.Header
data []byte
type fragmentBuffer struct {
// map of MessageSequenceNumbers that hold slices of fragments
cache map[uint16][]*fragment
currentMessageSequenceNumber uint16
func newFragmentBuffer() *fragmentBuffer {
return &fragmentBuffer{cache: map[uint16][]*fragment{}}
// Attempts to push a DTLS packet to the fragmentBuffer
// when it returns true it means the fragmentBuffer has inserted and the buffer shouldn't be handled
// when an error returns it is fatal, and the DTLS connection should be stopped
func (f *fragmentBuffer) push(buf []byte) (bool, error) {
frag := new(fragment)
if err := frag.recordLayerHeader.Unmarshal(buf); err != nil {
return false, err
// fragment isn't a handshake, we don't need to handle it
if frag.recordLayerHeader.ContentType != protocol.ContentTypeHandshake {
return false, nil
for buf = buf[recordlayer.HeaderSize:]; len(buf) != 0; frag = new(fragment) {
if err := frag.handshakeHeader.Unmarshal(buf); err != nil {
return false, err
if _, ok := f.cache[frag.handshakeHeader.MessageSequence]; !ok {
f.cache[frag.handshakeHeader.MessageSequence] = []*fragment{}
// end index should be the length of handshake header but if the handshake
// was fragmented, we should keep them all
end := int(handshake.HeaderLength + frag.handshakeHeader.Length)
if size := len(buf); end > size {
end = size
// Discard all headers, when rebuilding the packet we will re-build
frag.data = append([]byte{}, buf[handshake.HeaderLength:end]...)
f.cache[frag.handshakeHeader.MessageSequence] = append(f.cache[frag.handshakeHeader.MessageSequence], frag)
buf = buf[end:]
return true, nil
func (f *fragmentBuffer) pop() (content []byte, epoch uint16) {
frags, ok := f.cache[f.currentMessageSequenceNumber]
if !ok {
return nil, 0
// Go doesn't support recursive lambdas
var appendMessage func(targetOffset uint32) bool
rawMessage := []byte{}
appendMessage = func(targetOffset uint32) bool {
for _, f := range frags {
if f.handshakeHeader.FragmentOffset == targetOffset {
fragmentEnd := (f.handshakeHeader.FragmentOffset + f.handshakeHeader.FragmentLength)
if fragmentEnd != f.handshakeHeader.Length {
if !appendMessage(fragmentEnd) {
return false
rawMessage = append(f.data, rawMessage...)
return true
return false
// Recursively collect up
if !appendMessage(0) {
return nil, 0
firstHeader := frags[0].handshakeHeader
firstHeader.FragmentOffset = 0
firstHeader.FragmentLength = firstHeader.Length
rawHeader, err := firstHeader.Marshal()
if err != nil {
return nil, 0
messageEpoch := frags[0].recordLayerHeader.Epoch
delete(f.cache, f.currentMessageSequenceNumber)
@ -1,101 +0,0 @@
package dtls
import (
func TestFragmentBuffer(t *testing.T) {
for _, test := range []struct {
Name string
In [][]byte
Expected [][]byte
Epoch uint16
Name: "Single Fragment",
In: [][]byte{
{0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, 0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xfe, 0xff, 0x00},
Expected: [][]byte{
{0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xfe, 0xff, 0x00},
Epoch: 0,
Name: "Single Fragment Epoch 3",
In: [][]byte{
{0x16, 0xfe, 0xff, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, 0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xfe, 0xff, 0x00},
Expected: [][]byte{
{0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xfe, 0xff, 0x00},
Epoch: 3,
Name: "Multiple Fragments",
In: [][]byte{
{0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x02, 0x03, 0x04},
{0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x05, 0x05, 0x06, 0x07, 0x08, 0x09},
{0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x05, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E},
Expected: [][]byte{
{0x0b, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e},
Epoch: 0,
Name: "Multiple Unordered Fragments",
In: [][]byte{
{0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x02, 0x03, 0x04},
{0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x05, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E},
{0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x05, 0x05, 0x06, 0x07, 0x08, 0x09},
Expected: [][]byte{
{0x0b, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e},
Epoch: 0,
Name: "Multiple Handshakes in Signle Fragment",
In: [][]byte{
0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x30, /* record header */
0x03, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01, /*handshake msg 1*/
0x03, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01, /*handshake msg 2*/
0x03, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01, /*handshake msg 3*/
Expected: [][]byte{
{0x03, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01},
{0x03, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01},
{0x03, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01},
Epoch: 0,
} {
fragmentBuffer := newFragmentBuffer()
for _, frag := range test.In {
status, err := fragmentBuffer.push(frag)
if err != nil {
} else if !status {
t.Errorf("fragmentBuffer didn't accept fragments for '%s'", test.Name)
for _, expected := range test.Expected {
out, epoch := fragmentBuffer.pop()
if !reflect.DeepEqual(out, expected) {
t.Errorf("fragmentBuffer '%s' push/pop: got % 02x, want % 02x", test.Name, out, expected)
if epoch != test.Epoch {
t.Errorf("fragmentBuffer returned wrong epoch: got %d, want %d", epoch, test.Epoch)
if frag, _ := fragmentBuffer.pop(); frag != nil {
t.Errorf("fragmentBuffer popped single buffer multiple times for '%s'", test.Name)

// +build gofuzz
package dtls
import "fmt"
func partialHeaderMismatch(a, b recordlayer.Header) bool {
// Ignoring content length for now.
a.contentLen = b.contentLen
return a != b
func FuzzRecordLayer(data []byte) int {
var r recordLayer
if err := r.Unmarshal(data); err != nil {
return 0
buf, err := r.Marshal()
if err != nil {
return 1
if len(buf) == 0 {
panic("zero buff") // nolint
var nr recordLayer
if err = nr.Unmarshal(data); err != nil {
panic(err) // nolint
if partialHeaderMismatch(nr.recordlayer.Header, r.recordlayer.Header) {
panic( // nolint
fmt.Sprintf("header mismatch: %+v != %+v",
nr.recordlayer.Header, r.recordlayer.Header,
return 1

Some files were not shown because too many files have changed in this diff Show More