View Source ExDTLS (ExDTLS v0.11.0)
Module that allows performing DTLS handshake including DTLS-SRTP one.
ExDTLS spawns CNode that uses OpenSSL functions to perform DTLS handshake.
It doesn't create or require any socket. Instead it returns generated DTLS packets which then have
to be transported to the peer.
Link to this section Summary
Types
Type describing data returned after successful handshake.
Type describing ExDTLS configuration.
Supported protection profiles.
Functions
Returns a specification to start this module under a supervisor.
Starts performing DTLS handshake.
Generates new certificate.
Gets current certificate.
Returns a digest of the DER representation of the X509 certificate.
Returns max retransmission timeout after which ExDTLS will raise an error.
Gets current private key.
Processes peer's packets.
Works similarly to start_link/1, but does not link to the current process.
Starts ExDTLS GenServer process linked to the current process.
Stops ExDTLS instance.
Link to this section Types
@type handshake_data_t() :: {local_keying_material :: binary(), remote_keying_material :: binary(), protection_profile :: protection_profile_t()}
Type describing data returned after successful handshake.
Both local and remote keying materials consist of master key and master salt.
@type opts_t() :: [ client_mode: boolean(), dtls_srtp: boolean(), pkey: binary(), cert: binary(), impl: NIF | CNode ]
Type describing ExDTLS configuration.
It's a keyword list containing the following keys:
client_mode-trueif ExDTLS module should work as a client orfalseif as a serverdtls_srtp-trueif DTLS-SRTP handshake should be performed orfalseif a normal onepkey- private key to use in this SSL context. Must correspond tocertcert- certificate to use in this SSL context. Must correspond topkeyimpl-NIFif ExDTLS should run as a NIF orCNodein other case. By default CNode implementation is used
If both pkey and cert are not passed ExDTLS will generate key and certificate on its own.
@type protection_profile_t() :: 1 | 2 | 7 | 8
Supported protection profiles.
For meaning of these values please refer to https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
Link to this section Functions
Returns a specification to start this module under a supervisor.
See Supervisor.
Starts performing DTLS handshake.
Generates initial DTLS packets that have to be passed to the second host. Has to be called by a host working in the client mode.
Generates new certificate.
Returns DER representation in binary format.
Gets current certificate.
Returns DER representation in binary format.
Returns a digest of the DER representation of the X509 certificate.
@spec get_max_retransmit_timeout() :: non_neg_integer()
Returns max retransmission timeout after which ExDTLS will raise an error.
Timer starts at one second and is doubled each time ExDTLS does not receive a response.
After reaching @max_retransmission_timeout ExDTLS will raise an error.
Gets current private key.
Returns key specific representation in binary format.
@spec process(pid :: pid(), packets :: binary()) :: {:ok, packets :: binary()} | :handshake_want_read | {:handshake_packets, packets :: binary()} | {:handshake_finished, handshake_data_t(), packets :: binary()} | {:handshake_finished, handshake_data_t()} | {:connection_closed, reason :: atom()}
Processes peer's packets.
If handshake is finished it returns {:ok, binary()} which is decoded data
or {:error, value} if error occurred.
{:handshake_packets, binary()} contains handshake data that has to be sent to the peer.
:handshake_want_read means some additional data is needed for continuing handshake. It can be returned
when retransmitted packet was passed but timer didn't expired yet.
Works similarly to start_link/1, but does not link to the current process.
Starts ExDTLS GenServer process linked to the current process.
@spec stop(pid :: pid()) :: :ok
Stops ExDTLS instance.