DTLShps

This is a simple implement and verification of DTLShps protocol based on pion/dtls and DTLShps: SDN-based DTLS handshake protocol simplification for IoT

License

GNU AGPL3.0 License - see LICENSE for full text

Note!!

This project uses GNU AGPL3.0 LICENSE. If you copy the source code and use it for secondary creation (such as copying or modifying the code for submitting the homework in college, etc.), you need to mark the original author's information and mark the modification of the code. For more information, please see the LICENSE file. If you want to use the code in academic research, please contact me by GitHub issue.

请注意：本项目使用AGPL3.0协议，如果复制源代码并用于二次创作（如对代码进行拷贝或修改后进行作业提交等）需标注原作者信息，并标注对代码的修改之处所在。详细信息请看LICENSE文件。如果你想在学术研究中使用这份代码，请通过GitHub issue联系我。

Introduction for DTLShps

DTLShps is a simplified handshake protocol of DTLS to reduce the computational overhead of the IoT devices for a general scenario of end-to-end communications based on software-defined networking (SDN).

DTLShps is designed by Yan Ma, Lei Yan, etc in paper DTLShps: SDN-based DTLS handshake protocol simplification for IoT.

The implementation of DTLShps is divided into two parts: the client/server and the controller, which are completed by Zhang Jiawei and Ye Lingyun (students in bupt) respectively.

This project is the code of the client/server part, and the author is Zhang Jiawei.

The code of the controller part was completed by Ye Lingyun, which is not open source now.

What I do

• define the format of new messages
  • Handshake messages types:
    MESSAGE FORMAT: one byte for length and some bytes for message
    • EncryptedKey - 31
    • Identity - 32
  • Alert types:
    • NoEncryptedKey - 101
    • NoIdentity - 102
• modify the cipher suite method and flight generation and parse method
• implement a DTLShps example program

How to use it

At first, you need to create your certificates. (Of course, you can also use existing certificates)

Then, you need to run the server and client. You can use parameter -h or --help to see all the options.

In particular, you can use parameter -t to send the DTLShps packets without the controller and run the DTLShps server and client for test.

cd examples/DTLShps
go run server/server.go

cd examples/DTLShps
go run client/client.go

The ORIGIN README

I fork the repo based on the version of pion/dtls#9610016. And then is the origin readme file of pion/dtls.

Pion DTLS

A Go implementation of DTLS

Native DTLS 1.2 implementation in the Go programming language.

A long term goal is a professional security review, and maybe an inclusion in stdlib.

Goals/Progress

This will only be targeting DTLS 1.2, and the most modern/common cipher suites. We would love contributions that fall under the 'Planned Features' and any bug fixes!

Current features

• DTLS 1.2 Client/Server
• Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
• Packet loss and re-ordering is handled during handshaking
• Key export (RFC 5705)
• Serialization and Resumption of sessions
• Extended Master Secret extension (RFC 7627)

Supported ciphers

ECDHE

• TLS_ECDHE_ECDSA_WITH_AES_128_CCM (RFC 6655)
• TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (RFC 6655)
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (RFC 8422)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (RFC 8422)

PSK

• TLS_PSK_WITH_AES_128_CCM (RFC 6655)
• TLS_PSK_WITH_AES_128_CCM_8 (RFC 6655)
• TLS_PSK_WITH_AES_128_GCM_SHA256 (RFC 5487)
• TLS_PSK_WITH_AES_128_CBC_SHA256 (RFC 5487)

Planned Features

• Chacha20Poly1305

Excluded Features

• DTLS 1.0
• Renegotiation
• Compression

Using

This library needs at least Go 1.13, and you should have Go modules enabled.

Pion DTLS

For a DTLS 1.2 Server that listens on 127.0.0.1:4444

go run examples/listen/selfsign/main.go

For a DTLS 1.2 Client that connects to 127.0.0.1:4444

go run examples/dial/selfsign/main.go

OpenSSL

Pion DTLS can connect to itself and OpenSSL.

  // Generate a certificate
  openssl ecparam -out key.pem -name prime256v1 -genkey
  openssl req -new -sha256 -key key.pem -out server.csr
  openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem

  // Use with examples/dial/selfsign/main.go
  openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444

  // Use with examples/listen/selfsign/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem

Using with PSK

Pion DTLS also comes with examples that do key exchange via PSK

Pion DTLS

go run examples/listen/psk/main.go

go run examples/dial/psk/main.go

OpenSSL

  // Use with examples/dial/psk/main.go
  openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8

  // Use with examples/listen/psk/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8

Contributing

Check out the contributing wiki to join the group of amazing people making this project possible:

License

MIT License - see LICENSE for full text