ExDTLS v0.2.0

ExDTLS (ExDTLS v0.2.0) View Source

Module that allows performing DTLS handshake including DTLS-SRTP one.

ExDTLS spawns CNode that uses OpenSSL functions to perform DTLS handshake. It doesn't create or require any socket. Instead it returns generated DTLS packets which then have to be transported to the peer.

Link to this section Summary

Types

handshake_data_t()

Type describing data returned after successful handshake.

opts_t()

Type describing ExDTLS configuration.

protection_profile_t()

Supported protection profiles.

Functions

child_spec(init_arg)

Returns a specification to start this module under a supervisor.

do_handshake(pid, packets \\ <<>>)

Starts performing DTLS handshake.

get_cert_fingerprint(pid)

Returns a digest of the DER representation of the X509 certificate.

start_link(opts)

Starts ExDTLS GenServer process linked to the current process.

Link to this section Types

Link to this type

handshake_data_t()

View Source

Specs

handshake_data_t() ::
  {local_keying_material :: binary(), remote_keying_material :: binary(),
   protection_profile :: protection_profile_t()}

Type describing data returned after successful handshake.

Both local and remote keying materials consist of master key and master salt.

Link to this type

opts_t()

View Source

Specs

opts_t() :: [client_mode: boolean(), dtls_srtp: boolean()]

Type describing ExDTLS configuration.

It's a keyword list containing the following keys:

  • client_mode - true if ExDTLS module should work as a client or false if as a server
  • dtls_srtp - true if DTLS-SRTP handshake should be performed or false if a normal one
Link to this type

protection_profile_t()

View Source

Specs

protection_profile_t() :: 1 | 2 | 7 | 8

Supported protection profiles.

For meaning of these values please refer to https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml

Link to this section Functions

Link to this function

child_spec(init_arg)

View Source

Returns a specification to start this module under a supervisor.

See Supervisor.

Link to this function

do_handshake(pid, packets \\ <<>>)

View Source

Specs

do_handshake(pid :: pid(), packets :: binary()) ::
  {:ok, packets :: binary()}
  | {:finished_with_packets, handshake_data_t(), packets :: binary()}
  | {:finished, handshake_data_t()}

Starts performing DTLS handshake.

This function has to be called without any packets by host working in the client mode at first. This will return initial DTLS packets that have to be passed to the second host. Then both peers have to call this function to process incoming packets and generate outgoing ones.

A peer that finishes handshake successfully first will return {:finished_with_packets, keying_material, packets} message. Received packets have to be once again passed to a second peer so it can finish its handshake too and return {:finished, keying_material} message.

Link to this function

get_cert_fingerprint(pid)

View Source

Specs

get_cert_fingerprint(pid :: pid()) :: {:ok, fingerprint :: binary()}

Returns a digest of the DER representation of the X509 certificate.

Link to this function

start_link(opts)

View Source

Specs

start_link(opts :: opts_t()) :: {:ok, pid()}

Starts ExDTLS GenServer process linked to the current process.