View Source ExDTLS (ExDTLS v0.11.0)
Module that allows performing DTLS handshake including DTLS-SRTP one.
ExDTLS
spawns CNode that uses OpenSSL functions to perform DTLS handshake.
It doesn't create or require any socket. Instead it returns generated DTLS packets which then have
to be transported to the peer.
Link to this section Summary
Types
Type describing data returned after successful handshake.
Type describing ExDTLS configuration.
Supported protection profiles.
Functions
Returns a specification to start this module under a supervisor.
Starts performing DTLS handshake.
Generates new certificate.
Gets current certificate.
Returns a digest of the DER representation of the X509 certificate.
Returns max retransmission timeout after which ExDTLS
will raise an error.
Gets current private key.
Processes peer's packets.
Works similarly to start_link/1
, but does not link to the current process.
Starts ExDTLS GenServer process linked to the current process.
Stops ExDTLS instance.
Link to this section Types
@type handshake_data_t() :: {local_keying_material :: binary(), remote_keying_material :: binary(), protection_profile :: protection_profile_t()}
Type describing data returned after successful handshake.
Both local and remote keying materials consist of master key
and master salt
.
@type opts_t() :: [ client_mode: boolean(), dtls_srtp: boolean(), pkey: binary(), cert: binary(), impl: NIF | CNode ]
Type describing ExDTLS configuration.
It's a keyword list containing the following keys:
client_mode
-true
if ExDTLS module should work as a client orfalse
if as a serverdtls_srtp
-true
if DTLS-SRTP handshake should be performed orfalse
if a normal onepkey
- private key to use in this SSL context. Must correspond tocert
cert
- certificate to use in this SSL context. Must correspond topkey
impl
-NIF
if ExDTLS should run as a NIF orCNode
in other case. By default CNode implementation is used
If both pkey
and cert
are not passed ExDTLS
will generate key and certificate on its own.
@type protection_profile_t() :: 1 | 2 | 7 | 8
Supported protection profiles.
For meaning of these values please refer to https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
Link to this section Functions
Returns a specification to start this module under a supervisor.
See Supervisor
.
Starts performing DTLS handshake.
Generates initial DTLS packets that have to be passed to the second host. Has to be called by a host working in the client mode.
Generates new certificate.
Returns DER representation in binary format.
Gets current certificate.
Returns DER representation in binary format.
Returns a digest of the DER representation of the X509 certificate.
@spec get_max_retransmit_timeout() :: non_neg_integer()
Returns max retransmission timeout after which ExDTLS
will raise an error.
Timer starts at one second and is doubled each time ExDTLS
does not receive a response.
After reaching @max_retransmission_timeout
ExDTLS
will raise an error.
Gets current private key.
Returns key specific representation in binary format.
@spec process(pid :: pid(), packets :: binary()) :: {:ok, packets :: binary()} | :handshake_want_read | {:handshake_packets, packets :: binary()} | {:handshake_finished, handshake_data_t(), packets :: binary()} | {:handshake_finished, handshake_data_t()} | {:connection_closed, reason :: atom()}
Processes peer's packets.
If handshake is finished it returns {:ok, binary()}
which is decoded data
or {:error, value}
if error occurred.
{:handshake_packets, binary()}
contains handshake data that has to be sent to the peer.
:handshake_want_read
means some additional data is needed for continuing handshake. It can be returned
when retransmitted packet was passed but timer didn't expired yet.
Works similarly to start_link/1
, but does not link to the current process.
Starts ExDTLS GenServer process linked to the current process.
@spec stop(pid :: pid()) :: :ok
Stops ExDTLS instance.