From 56d3b16a105e36c8fef305ccb9e0f8a20905291f Mon Sep 17 00:00:00 2001
From: Xinjun Ma <xinjun.ma@qq.com>
Date: Mon, 19 Sep 2022 18:33:02 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E6=9C=80=E6=96=B0=E7=89=88?=
=?UTF-8?q?=E4=B8=8A=E6=B8=B8=20Pion=20DTLS=EF=BC=8C=E9=81=BF=E5=85=8D?=
=?UTF-8?q?=E7=BB=B4=E6=8A=A4=20fork=20=E7=89=88=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
dtls-2.0.9/.editorconfig | 21 -
dtls-2.0.9/.github/assert-contributors.sh | 61 -
dtls-2.0.9/.github/hooks/commit-msg.sh | 11 -
dtls-2.0.9/.github/hooks/pre-commit.sh | 12 -
dtls-2.0.9/.github/hooks/pre-push.sh | 13 -
dtls-2.0.9/.github/install-hooks.sh | 16 -
dtls-2.0.9/.github/lint-commit-message.sh | 64 -
.../lint-disallowed-functions-in-library.sh | 48 -
dtls-2.0.9/.github/lint-filename.sh | 24 -
dtls-2.0.9/.github/workflows/e2e.yaml | 20 -
dtls-2.0.9/.github/workflows/lint.yaml | 43 -
.../workflows/renovate-go-mod-fix.yaml | 33 -
dtls-2.0.9/.github/workflows/test.yaml | 139 --
dtls-2.0.9/.github/workflows/tidy-check.yaml | 37 -
dtls-2.0.9/.gitignore | 24 -
dtls-2.0.9/.golangci.yml | 89 -
dtls-2.0.9/LICENSE | 21 -
dtls-2.0.9/Makefile | 6 -
dtls-2.0.9/README.md | 156 --
dtls-2.0.9/bench_test.go | 118 -
dtls-2.0.9/certificate.go | 67 -
dtls-2.0.9/certificate_test.go | 79 -
dtls-2.0.9/cipher_suite.go | 213 --
dtls-2.0.9/cipher_suite_go114.go | 40 -
dtls-2.0.9/cipher_suite_go114_test.go | 51 -
dtls-2.0.9/cipher_suite_test.go | 108 -
dtls-2.0.9/codecov.yml | 20 -
dtls-2.0.9/compression_method.go | 9 -
dtls-2.0.9/config.go | 197 --
dtls-2.0.9/config_test.go | 119 -
dtls-2.0.9/conn.go | 979 --------
dtls-2.0.9/conn_go_test.go | 169 --
dtls-2.0.9/conn_test.go | 2026 -----------------
dtls-2.0.9/crypto.go | 221 --
dtls-2.0.9/crypto_test.go | 73 -
dtls-2.0.9/dtls.go | 2 -
dtls-2.0.9/e2e/Dockerfile | 11 -
dtls-2.0.9/e2e/e2e.go | 2 -
dtls-2.0.9/e2e/e2e_lossy_test.go | 207 --
dtls-2.0.9/e2e/e2e_openssl_test.go | 250 --
dtls-2.0.9/e2e/e2e_openssl_v113_test.go | 17 -
dtls-2.0.9/e2e/e2e_test.go | 329 ---
dtls-2.0.9/e2e/e2e_v113_test.go | 62 -
dtls-2.0.9/errors.go | 141 --
dtls-2.0.9/errors_errno.go | 25 -
dtls-2.0.9/errors_errno_test.go | 41 -
dtls-2.0.9/errors_noerrno.go | 14 -
dtls-2.0.9/errors_test.go | 85 -
dtls-2.0.9/examples/certificates/README.md | 26 -
dtls-2.0.9/examples/certificates/client.pem | 5 -
.../examples/certificates/client.pub.pem | 9 -
dtls-2.0.9/examples/certificates/server.pem | 5 -
.../examples/certificates/server.pub.pem | 9 -
dtls-2.0.9/examples/dial/psk/main.go | 45 -
dtls-2.0.9/examples/dial/selfsign/main.go | 47 -
dtls-2.0.9/examples/dial/verify/main.go | 54 -
dtls-2.0.9/examples/listen/psk/main.go | 72 -
dtls-2.0.9/examples/listen/selfsign/main.go | 73 -
dtls-2.0.9/examples/listen/verify/main.go | 80 -
dtls-2.0.9/examples/util/hub.go | 80 -
dtls-2.0.9/examples/util/util.go | 154 --
dtls-2.0.9/flight.go | 75 -
dtls-2.0.9/flight0handler.go | 102 -
dtls-2.0.9/flight1handler.go | 112 -
dtls-2.0.9/flight2handler.go | 78 -
dtls-2.0.9/flight3handler.go | 194 --
dtls-2.0.9/flight4handler.go | 352 ---
dtls-2.0.9/flight5handler.go | 323 ---
dtls-2.0.9/flight6handler.go | 82 -
dtls-2.0.9/flighthandler.go | 57 -
dtls-2.0.9/fragment_buffer.go | 111 -
dtls-2.0.9/fragment_buffer_test.go | 101 -
dtls-2.0.9/fuzz.go | 38 -
...12178ca0830b7449ad370598d55873d81b95e40-25 | Bin 76 -> 0 bytes
...01277073b27ccc6925ce4c941527f7b7705c8311-1 | 1 -
...39192caed40959ac2f5c3254669312ba2dfbcad-12 | Bin 33 -> 0 bytes
...03a9bad270cf32520b5c3e99add47c648ba6150f-7 | Bin 25 -> 0 bytes
...48fcd45b732d5bed912e6652bc265a0adaf5664-26 | Bin 76 -> 0 bytes
...4a28c0806a91267f0576e11d042400f41dc538b-12 | Bin 28 -> 0 bytes
...4d00cfd50deb9ccd9d14be8c58f401a0414dad3-30 | Bin 76 -> 0 bytes
...04e7f402f7d9f6ed2e664190dbd3267eddfddefa-6 | Bin 25 -> 0 bytes
...57a8c627dc06c27296c8208265a9f8a32a8d4c2-19 | Bin 33 -> 0 bytes
...5a0d164b8e3ca08dc1bd077ce4aa4559731182b-15 | Bin 33 -> 0 bytes
...6148fe224720cd3a0497fc87f2b6bc5f004484a-30 | Bin 76 -> 0 bytes
...78c2bd97a33002242f9d5ac0a95970c9432124a-31 | Bin 76 -> 0 bytes
...7ff33058f3c6732b9439f7d5c2bd50bb46adb31-20 | Bin 38 -> 0 bytes
...8f2f7719e35261f615174917101cba578892f43-11 | Bin 28 -> 0 bytes
...9b742837cf0d26ddecb5dbf536d91db6d1e9855-12 | Bin 33 -> 0 bytes
...a3bff70743f3cc7ecdc293887c10e14e152dec2-19 | Bin 33 -> 0 bytes
...1e7b0e2a84f99b2f3f367cf546dde345bba563f-15 | Bin 28 -> 0 bytes
...36a342418a743d6167ef2b44e657c82427469b8-35 | Bin 76 -> 0 bytes
.../137e470b38deeeac3586025e0e6e2702117e26e6 | 1 -
...56c962d90205b0c4afa3394de42d56967dfc7ee-14 | Bin 33 -> 0 bytes
...7863d02affd5fc60da97a59318b3f7014f93a9f-36 | Bin 76 -> 0 bytes
...841fb69e960e2d6ce1d19c6264e70b5606bfa39-32 | Bin 76 -> 0 bytes
...a460400f96b0b40872eac2daed7c1db2e8f9843-11 | Bin 33 -> 0 bytes
...c042652c21f2c6d7ffcb6b6e6be55fdf95a5dbb-30 | Bin 76 -> 0 bytes
...1d09cef95c3269d3e244f0008a4fc6dfefd1e2ad-9 | Bin 25 -> 0 bytes
...2e3d3a8748eb152a65ee9ada8834f8a07b247f4-29 | Bin 76 -> 0 bytes
...3ce064ef35c0204982d748c34850bfc9433beca-13 | Bin 33 -> 0 bytes
...23e0e1cbd88637fbb4a19fe44c5665dda52e4c89-1 | 1 -
...403e35492e1dc374b40bb2b4eda453c2e9612f2-21 | Bin 38 -> 0 bytes
...438ed38ea739d8f57018f8de0a52f3e545ac760-18 | Bin 33 -> 0 bytes
...56b14a77bc0439a14908b6fa00afb348dde3af4-17 | Bin 33 -> 0 bytes
...7702a0157f6eeb426aef4d5789b380d7b23801e-35 | Bin 76 -> 0 bytes
...9accdef171829b8dc0dba39d24acf913e13a31f-20 | Bin 33 -> 0 bytes
...ad24ef4188d2626e363cb12c5242fa96abfa7a3-13 | Bin 28 -> 0 bytes
...db7497fc9f463803d041365e337cccd7e74111a-18 | Bin 33 -> 0 bytes
...0b9805b33c0d67926cbb5ab174508797eb7b7a7-17 | Bin 33 -> 0 bytes
...105d624d1010500139670e332bd50771c112fdd-17 | Bin 33 -> 0 bytes
...2b051a5ed27cbcb3c1689adbf51c4223e58f9bc-36 | Bin 76 -> 0 bytes
...40161bf9f51d50c47d1853eb5d4fcac06914900-12 | Bin 33 -> 0 bytes
...71f95aa3e615531b896c89647e6ce67586e082e-15 | Bin 33 -> 0 bytes
...86d1a6c0d51af038a3b2d3adba6eb15d8e3fe0a-23 | Bin 76 -> 0 bytes
...929563fe81b960a338a68a87a60e1940ac7f14e-34 | Bin 76 -> 0 bytes
...be9ff705b7c6d24ba58057e44fe7f51d0b0aa54-30 | Bin 76 -> 0 bytes
...eb3261e52074eceab2d28b5eee628d3ec213a84-14 | Bin 33 -> 0 bytes
...f88c87cc5fe3fff5a45dc1916eed2fdcfe20d57-13 | Bin 33 -> 0 bytes
...f928478ccaf16b9685071b91f52d5e0e6bc71c1-38 | Bin 76 -> 0 bytes
...2ab249f3ceb17939f5fcab757894b22d94a86a8-22 | Bin 33 -> 0 bytes
...42dbe1a681da3f7e48d18c53ab26b5893f3ea2ac-9 | Bin 25 -> 0 bytes
...71c2a2e1065b2c0f6040b286eebbca70e3742c6-10 | Bin 25 -> 0 bytes
...4735f3fc147ee436f8c02c24b9c40b4ee4cb1265-7 | Bin 25 -> 0 bytes
...8e4ba16b5626f66169cf52fb35054ae32f1037e-27 | Bin 76 -> 0 bytes
...be120299b63639b4c203c93da101e2db703839a-26 | Bin 76 -> 0 bytes
...cdafe201d691c06b529689668d52106a3e98dfa-22 | Bin 38 -> 0 bytes
...d79d6a303e57c882d1d329ad4e3f091dd60e7ff-20 | Bin 33 -> 0 bytes
...09dbda3f391113a75c8309028bf59c0f107ac52-30 | Bin 76 -> 0 bytes
...2aecd8762579fcaa1b5f26b152840f899683660-17 | Bin 33 -> 0 bytes
...545ad51188a5d270eafe4733272be18ac1769c21-1 | 1 -
...642ffc103d245461d8e754281bea517ff54ed85-17 | Bin 33 -> 0 bytes
...7d1652be22f597708e8099e2d23e8e4b00b0f89-33 | Bin 76 -> 0 bytes
...59d6ef268e83be801c670340b2383a5a732308cb-8 | Bin 25 -> 0 bytes
...5b3cbe41487f4f9f5e728a86adce154ebd73fbe0-9 | Bin 25 -> 0 bytes
...c165fd943bcb6df518c71b149d5aed736237833-16 | Bin 33 -> 0 bytes
...5eeaf10bf3fbb5575a63e054fd377645b5f45de5-3 | 1 -
...64c5404b7e07af41448c99eadd4ded3a1572b503-9 | Bin 25 -> 0 bytes
...926133d1d407a21e5e57ed4ec71583b8f4650ab-16 | Bin 33 -> 0 bytes
...6998ed50de84d0a1e2250af37ef989f866392d8e-7 | Bin 25 -> 0 bytes
...a823391df6589e83b50fbf6ad7ec4a61edb34c5-35 | Bin 76 -> 0 bytes
...af8fabbde43b2d6bb76502831dbd8c0d1dea233-36 | Bin 76 -> 0 bytes
...6b33f20c523b6d32a26863fa65923e66ab555408-3 | Bin 25 -> 0 bytes
...6bf06a9be690f993286b45425cb88b8331876fe1-1 | 1 -
...6d6e5a7d0dc716e9593f88fbdb684ca6ff0adebc-2 | 1 -
...71d40c1aa2131c7936b49cfb92ea2a60da15e44e-1 | 1 -
...384d4b5b89a95ef3448cd2d9bd5f9001592f83a-37 | Bin 76 -> 0 bytes
...428fe79252cf44624d39a9ee721ff169c2017ba-18 | Bin 33 -> 0 bytes
...5ab7aa686d0774f43a13c218b33528b2fe7d5f8-29 | Bin 76 -> 0 bytes
...5e00d510635ac25c84a337514180b32b8a4051b-25 | Bin 76 -> 0 bytes
...78183569973f5d7cf343bad7c8be1099e5c09b88-7 | Bin 25 -> 0 bytes
...81d2e38644a0fe53f8bfba8d567c206799a70f4-21 | Bin 33 -> 0 bytes
...9e1a7733a2d329564a16763a6bb394dddcd5679-14 | Bin 33 -> 0 bytes
...a459efd01415c7e35c8ae63358fc79e2d471093-35 | Bin 76 -> 0 bytes
...7b71e27c7ca6777b3eb1c03bf2bbfb91720186c1-5 | Bin 25 -> 0 bytes
...c33a04f1cb9a7b2bf6be6f834aeeef943a242f2-34 | Bin 76 -> 0 bytes
...c33caa83f291ca5a328d13e1d97954d9462e0e1-34 | Bin 76 -> 0 bytes
...c60d79ccb4b24c486293fe63c763f71c2948d33-28 | Bin 76 -> 0 bytes
...c9e5840e53826d82da4432b52c057bfbcd2c8f6-31 | Bin 76 -> 0 bytes
...80123a693544437c5d58878cf7aac8a281ec658c-8 | Bin 25 -> 0 bytes
...104833886e77f44f198916bdf2cc0aeafa6b59a-30 | Bin 76 -> 0 bytes
...83c3e7679df8b6e6cbb75de23ef0e0c9d400a434-1 | 1 -
...43ccb2f577d368fe0e793d0047311bac2b02afb-10 | Bin 25 -> 0 bytes
...8e0f2195b7c21004d87538f58bd7b751aeb79c7-27 | Bin 76 -> 0 bytes
...963740cfedced726a1579328b9aa58a7d348c2c-29 | Bin 76 -> 0 bytes
...05578265b19677b3c83aad3169ed0b9cae91a0f-20 | Bin 33 -> 0 bytes
...1ad828e4650d737c8fab0447f83b6380bb045a2-37 | Bin 76 -> 0 bytes
...2d652cb10701472585fadb89dee2ab05f4baa3f-16 | Bin 33 -> 0 bytes
...810ba71e7068b2752d4fc80ea1071957b4b20e4-22 | Bin 76 -> 0 bytes
...86aa2d13d0f60c614ca328c0b38a7d533b952fb-15 | Bin 33 -> 0 bytes
...8779dbfa7f25f57d8bc146d8c37d4a1f1b829a7-10 | Bin 33 -> 0 bytes
...95d8ae8db6dad3c5851077207ada893bf856830-25 | Bin 76 -> 0 bytes
...a6736cde6de5b473fb231535380a7617fd640c2-10 | Bin 25 -> 0 bytes
...aeb1efeb489adc9aec522039bba0a5f693271bf-35 | Bin 76 -> 0 bytes
...bc991375786a265c38c8553183807be67827625-18 | Bin 33 -> 0 bytes
...9bddfbdd2ed2e780103d5d34662106bd4ef8eb80-6 | Bin 25 -> 0 bytes
...beed258dfb4aa4ef102c1b4984699303e737d00-38 | Bin 76 -> 0 bytes
...d31063b355084a0a074f614a6b9279a25a4537e-35 | Bin 76 -> 0 bytes
...da74f96fe6f8dc2fdf340eec67662301a14086e-10 | Bin 25 -> 0 bytes
...9e0739e12c765ba14c8540a32f5a8252bebc6fad-7 | Bin 25 -> 0 bytes
...e8cb1ca388740d90a5337a85d48c78d93d96580-12 | Bin 33 -> 0 bytes
...f9c6abc185820375cdc3c63a52cca2cdc84946b-26 | Bin 76 -> 0 bytes
...067dbf437d8e235dc64a6819faa0d57ff2c3f94-21 | Bin 38 -> 0 bytes
...0a9328cec82f33420fed388ac10108c5f365847-31 | Bin 76 -> 0 bytes
...2ef40165d921e7d8b8c622348b0f3ba772bb45b-22 | Bin 76 -> 0 bytes
...54fc076b4362b89692c19a60cf0a19a8c025ea0-19 | Bin 33 -> 0 bytes
...57426e5962baf2af3c43bfba8bcfe8198aeac69-21 | Bin 33 -> 0 bytes
...646db15452695437f7b7bc3b65c5748dd9cbee4-36 | Bin 76 -> 0 bytes
...a76d4d5e1300a60dd945d28fd5fe2c9968f06871-6 | Bin 25 -> 0 bytes
...8208daf57a7ba1b8f75ef0a70421d16100668d8-22 | Bin 33 -> 0 bytes
...8e636f3b54cfd873b3d21cff150543a9e10f4de-13 | Bin 28 -> 0 bytes
...a8beeff31520b5cbf509bc5efe4fa194a990fed-31 | Bin 76 -> 0 bytes
...c3e9b5146d2220644dbca14d2dec64d23a82fd6-24 | Bin 76 -> 0 bytes
...d572827912f2c8b62392a1481af8897837d9b08-25 | Bin 76 -> 0 bytes
...fd532a8a55c6c39d9ca66231a96a5678fbe4ad2-27 | Bin 76 -> 0 bytes
...b0f5f4a2d196cded1dbfa87ab65be7122effa0e3-8 | Bin 25 -> 0 bytes
...b226a622228f89f8a6f98b6b09f06fa964a3d4f0-9 | Bin 25 -> 0 bytes
...28051b6fc87a2b74a765b237c697e0728f1bccf-12 | Bin 28 -> 0 bytes
...3c74f6100a87eb3ad15d44be8df465d490fb9bd-32 | Bin 76 -> 0 bytes
...b43bde2b9ea6f9d171156e4ba3d084444294625c-6 | Bin 25 -> 0 bytes
...485961b2eb34df99b22d66f377aeaf6bd87e0a6-36 | Bin 76 -> 0 bytes
...b4912597376e6edf2985267fe64d170977173481-1 | 3 -
...4ee5c1737fe829bfa1c8d6abcb2166c1b74effd-21 | Bin 38 -> 0 bytes
...4f24eee8a1d42ac1dc868e4d53b608f3746a2d7-31 | Bin 76 -> 0 bytes
...5c30ace1906dea8c5cf2fb4b7558563a2df978b-19 | Bin 33 -> 0 bytes
...64aecc1f27577b6c2efd550a8dd1b0f96054f7c-25 | Bin 38 -> 0 bytes
...6f83f0c490f9fbea7ea7b9574232e8fd90194aa-18 | Bin 33 -> 0 bytes
...7b653694d804d41294e46bb4aff34f2fc93f48d-19 | Bin 33 -> 0 bytes
...9bd6d81380956a8a8f08c551f7a1c8e4b769f01-33 | Bin 76 -> 0 bytes
...a0aeff9d6e84d6d0a54b40f674338489fe86d29-35 | Bin 76 -> 0 bytes
...a8f7331369766ec42d305afd13f74bd5c9f7598-26 | Bin 76 -> 0 bytes
...bab42319f9d989d1344ff4621f82c3eb950f01b8-4 | Bin 25 -> 0 bytes
...acecfa089ed936799b5ec00ab80f2c234ee6488-19 | Bin 33 -> 0 bytes
...bdd08d152c9b526d07ca2020b5236ee2021ddbf2-9 | Bin 25 -> 0 bytes
...e2d2ac22a22f3c07bbb03881145ed09d71cc9a3-23 | Bin 38 -> 0 bytes
...26326aa05dea63170e6429a64465e9c48fc4ba6-20 | Bin 33 -> 0 bytes
...341f33f77b845bbeb7f2e4cdc20072a370b81bb-19 | Bin 38 -> 0 bytes
...5ab6cb91cad5d95c1eed18fc9055ca5cfa03401-36 | Bin 76 -> 0 bytes
...6266582478c713d071415c5c20f7e17cacbca6b-11 | Bin 28 -> 0 bytes
...c69ac8b1c87631059129edfb2bac5504b1f6e1fe-7 | Bin 25 -> 0 bytes
...6fb60ed7606c773c6e381e1eeafa4d2beb0501d-13 | Bin 33 -> 0 bytes
...6ff571fac3824ce6314d936ddbe679a4532681a-24 | Bin 38 -> 0 bytes
...a7e5b747b90d4cc886c3e68582eb809672f9343-24 | Bin 76 -> 0 bytes
...caf20a50754c9f4885ff4872cfdb5badfafa0eab-2 | 1 -
...c0dfdb3fe2c6c450c8353fb951f0068c2da25c3-24 | Bin 38 -> 0 bytes
...c57cf224581b2055e3e509f8ddaf10204099d72-29 | Bin 76 -> 0 bytes
...d6fd1f976ae2f9e31733919f070988d5946cf18-25 | Bin 76 -> 0 bytes
...e04f52927639b8f845dd01a25ff06d61dbb7736-19 | Bin 33 -> 0 bytes
...fe9539fdc29f9bcdf123394ffb098838a5d8b83-29 | Bin 76 -> 0 bytes
...d093b42b65836218cc0ce0ad9a898b76f4cde121-7 | Bin 25 -> 0 bytes
...d184e74d92444b23e5c07431ac1901a3460efeef-2 | Bin 15 -> 0 bytes
...1fc43b23d31daa77b1c9b4f8930d2f3a9754287-31 | Bin 76 -> 0 bytes
...5e8de475ba87d0eddd97db6b61ef4621a2e8071-30 | Bin 76 -> 0 bytes
...78ab9295d2782c20cb99674622bde4e92359b16-15 | Bin 33 -> 0 bytes
...8f3a31fb0304017eb8466e958c843865a1d0c2b-14 | Bin 28 -> 0 bytes
...97dc4bb804a0d7bcd92f1abf81fb604caeef3db-18 | Bin 33 -> 0 bytes
...9c2f5fc766a4d8b70c20b2c7bb17f662821a18d-20 | Bin 33 -> 0 bytes
.../da39a3ee5e6b4b0d3255bfef95601890afd80709 | 0
...a75745263fae25217790f4c0f3414a2c2a7426c-30 | Bin 76 -> 0 bytes
...bb83f9c44304f536e5817c4301fe1ebad40b480-29 | Bin 76 -> 0 bytes
...c8dd2c7a89d009af1cc9d1dab9c7f030db09fee-28 | Bin 76 -> 0 bytes
...cac1a5ba7d6511532589fbceb771fd71f23ebeb-23 | Bin 38 -> 0 bytes
...dcc90b5ab9129ee3effd438c0a86bfe599ccfe17-8 | Bin 25 -> 0 bytes
...dd5c198fd08276fdba3f48884659199dceeaa2ac-2 | 1 -
...0d111660feb6004db7815eb0231fdb369517970-11 | Bin 33 -> 0 bytes
...e11fc30ee640e45e8185f384f9a116cf2cb75852-8 | Bin 25 -> 0 bytes
...124a66686755a3fe635b2bb6dc05849238ff474-28 | Bin 76 -> 0 bytes
...17dcda547abfa37685bb9d570a7bf9c4a34affc-35 | Bin 76 -> 0 bytes
...1a87e2698fcd50fdee9d425ba22cca94e82e689-31 | Bin 76 -> 0 bytes
...1f7de47792fed4f34a0a790cc688d43d75e80fd-34 | Bin 76 -> 0 bytes
...4d81d83c175232de004db3750b8509a3dc26cf7-27 | Bin 76 -> 0 bytes
...e5d083d83bb534c47f170509f84be51d847c9d95-2 | 1 -
...69a5e78519e11f948112f68197d2f0d469c60b2-28 | Bin 76 -> 0 bytes
...e7e0aec1e8718877cd61405d0b73cb8eea7830dd-2 | 1 -
...87d088c1b0796bcbfa649c9118329bf4fabd6f2-29 | Bin 76 -> 0 bytes
...8ad70294942e6f8c25bb01fd4443cfba4fb0308-19 | Bin 38 -> 0 bytes
...9895a39481476548887cbbb88835ba4318e41af-33 | Bin 76 -> 0 bytes
...9f3d28570e1c59dd81975f281b00374ad3f400e-28 | Bin 76 -> 0 bytes
...ea855f2d2933b53de04f93ed49d95f5fbc1777df-3 | Bin 14 -> 0 bytes
...eaa0e2396b6d857d3121c691ca35c10f54644ba5-3 | Bin 25 -> 0 bytes
...eab6d99255628b1b14f5f565e9f94e9f4042ba25-5 | Bin 25 -> 0 bytes
...d8baf884f660e13648b822dbc20c23ececbb6d9-14 | Bin 33 -> 0 bytes
...e7bc26e98a2e3fc02a8fac80ec94b8fe56d5852-26 | Bin 76 -> 0 bytes
...248a7b971b1fd07ea978e776fda73fee276d36d-17 | Bin 33 -> 0 bytes
...f3fc999fcd5f3f9f4d4cf2c4151d0bc6ef73c3cb-1 | 1 -
...8781259866be1553ac9625d18ff25ce354776ec-23 | Bin 76 -> 0 bytes
...a9ec5dd9ba00a696cb5217fd7455fe79c6610e4-18 | Bin 33 -> 0 bytes
...c3952e202a374d090fd4008d43183630a4b8dc2-15 | Bin 33 -> 0 bytes
...def7b51eb11668569ef1b45ba193becb956b2e7-15 | Bin 33 -> 0 bytes
dtls-2.0.9/go.mod | 12 -
dtls-2.0.9/go.sum | 40 -
dtls-2.0.9/handshake_cache.go | 171 --
dtls-2.0.9/handshake_cache_test.go | 210 --
dtls-2.0.9/handshake_test.go | 52 -
dtls-2.0.9/handshaker.go | 343 ---
dtls-2.0.9/handshaker_test.go | 277 ---
.../internal/ciphersuite/aes_128_ccm.go | 108 -
.../internal/ciphersuite/ciphersuite.go | 71 -
.../tls_ecdhe_ecdsa_with_aes_128_ccm.go | 11 -
.../tls_ecdhe_ecdsa_with_aes_128_ccm8.go | 11 -
...tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go | 92 -
.../tls_ecdhe_ecdsa_with_aes_256_cbc_sha.go | 101 -
.../tls_ecdhe_rsa_with_aes_128_gcm_sha256.go | 22 -
.../tls_ecdhe_rsa_with_aes_256_cbc_sha.go | 22 -
.../tls_psk_with_aes_128_cbc_sha256.go | 100 -
.../ciphersuite/tls_psk_with_aes_128_ccm.go | 11 -
.../ciphersuite/tls_psk_with_aes_128_ccm8.go | 11 -
.../tls_psk_with_aes_128_gcm_sha256.go | 27 -
dtls-2.0.9/internal/closer/closer.go | 45 -
dtls-2.0.9/internal/net/dpipe/dpipe.go | 144 --
dtls-2.0.9/internal/net/dpipe/dpipe_test.go | 106 -
dtls-2.0.9/internal/util/util.go | 39 -
dtls-2.0.9/listener.go | 80 -
dtls-2.0.9/nettest_test.go | 29 -
dtls-2.0.9/packet.go | 9 -
dtls-2.0.9/pkg/crypto/ccm/ccm.go | 251 --
dtls-2.0.9/pkg/crypto/ccm/ccm_test.go | 419 ----
dtls-2.0.9/pkg/crypto/ciphersuite/cbc.go | 164 --
dtls-2.0.9/pkg/crypto/ciphersuite/ccm.go | 104 -
.../pkg/crypto/ciphersuite/ciphersuite.go | 72 -
dtls-2.0.9/pkg/crypto/ciphersuite/gcm.go | 100 -
.../clientcertificate/client_certificate.go | 22 -
dtls-2.0.9/pkg/crypto/elliptic/elliptic.go | 99 -
.../pkg/crypto/fingerprint/fingerprint.go | 50 -
.../crypto/fingerprint/fingerprint_test.go | 52 -
dtls-2.0.9/pkg/crypto/fingerprint/hash.go | 37 -
.../pkg/crypto/fingerprint/hash_test.go | 41 -
dtls-2.0.9/pkg/crypto/hash/hash.go | 126 -
dtls-2.0.9/pkg/crypto/hash/hash_test.go | 25 -
dtls-2.0.9/pkg/crypto/prf/prf.go | 224 --
dtls-2.0.9/pkg/crypto/prf/prf_test.go | 80 -
dtls-2.0.9/pkg/crypto/selfsign/selfsign.go | 103 -
dtls-2.0.9/pkg/crypto/signature/signature.go | 24 -
dtls-2.0.9/pkg/crypto/signaturehash/errors.go | 9 -
.../pkg/crypto/signaturehash/signaturehash.go | 93 -
.../signaturehash/signaturehash_go113_test.go | 46 -
.../signaturehash/signaturehash_test.go | 102 -
dtls-2.0.9/pkg/protocol/alert/alert.go | 160 --
dtls-2.0.9/pkg/protocol/alert/alert_test.go | 49 -
dtls-2.0.9/pkg/protocol/application_data.go | 26 -
dtls-2.0.9/pkg/protocol/change_cipher_spec.go | 28 -
.../pkg/protocol/change_cipher_spec_test.go | 31 -
dtls-2.0.9/pkg/protocol/compression_method.go | 48 -
.../pkg/protocol/compression_method_test.go | 23 -
dtls-2.0.9/pkg/protocol/content.go | 21 -
dtls-2.0.9/pkg/protocol/errors.go | 104 -
dtls-2.0.9/pkg/protocol/extension/errors.go | 14 -
.../pkg/protocol/extension/extension.go | 96 -
.../pkg/protocol/extension/extension_test.go | 22 -
.../protocol/extension/renegotiation_info.go | 43 -
.../extension/renegotiation_info_test.go | 22 -
.../pkg/protocol/extension/server_name.go | 78 -
.../protocol/extension/server_name_test.go | 22 -
.../extension/srtp_protection_profile.go | 21 -
.../extension/supported_elliptic_curves.go | 62 -
.../supported_elliptic_curves_test.go | 22 -
.../extension/supported_point_formats.go | 62 -
.../extension/supported_point_formats_test.go | 22 -
.../supported_signature_algorithms.go | 70 -
.../supported_signature_algorithms_test.go | 35 -
.../protocol/extension/use_master_secret.go | 45 -
dtls-2.0.9/pkg/protocol/extension/use_srtp.go | 59 -
.../pkg/protocol/extension/use_srtp_test.go | 20 -
.../pkg/protocol/handshake/cipher_suite.go | 29 -
.../protocol/handshake/cipher_suite_test.go | 23 -
dtls-2.0.9/pkg/protocol/handshake/errors.go | 25 -
.../pkg/protocol/handshake/handshake.go | 145 --
dtls-2.0.9/pkg/protocol/handshake/header.go | 50 -
.../protocol/handshake/message_certificate.go | 66 -
.../handshake/message_certificate_request.go | 100 -
.../message_certificate_request_test.go | 46 -
.../handshake/message_certificate_test.go | 99 -
.../handshake/message_certificate_verify.go | 61 -
.../message_certificate_verify_test.go | 38 -
.../handshake/message_client_hello.go | 130 --
.../handshake/message_client_hello_test.go | 53 -
.../handshake/message_client_key_exchange.go | 56 -
.../message_client_key_exchange_test.go | 31 -
.../protocol/handshake/message_finished.go | 27 -
.../handshake/message_finished_test.go | 29 -
.../handshake/message_hello_verify_request.go | 62 -
.../message_hello_verify_request_test.go | 33 -
.../handshake/message_server_hello.go | 111 -
.../handshake/message_server_hello_done.go | 22 -
.../message_server_hello_done_test.go | 25 -
.../handshake/message_server_hello_test.go | 46 -
.../handshake/message_server_key_exchange.go | 119 -
.../message_server_key_exchange_test.go | 71 -
dtls-2.0.9/pkg/protocol/handshake/random.go | 49 -
dtls-2.0.9/pkg/protocol/recordlayer/errors.go | 16 -
dtls-2.0.9/pkg/protocol/recordlayer/header.go | 61 -
.../pkg/protocol/recordlayer/recordlayer.go | 99 -
.../protocol/recordlayer/recordlayer_test.go | 92 -
dtls-2.0.9/pkg/protocol/version.go | 21 -
dtls-2.0.9/renovate.json | 19 -
dtls-2.0.9/replayprotection_test.go | 139 --
dtls-2.0.9/resume.go | 19 -
dtls-2.0.9/resume_test.go | 208 --
dtls-2.0.9/srtp_protection_profile.go | 14 -
dtls-2.0.9/state.go | 198 --
dtls-2.0.9/util.go | 38 -
server/go.mod | 8 +-
server/go.sum | 36 +-
server/handler/dtls.go | 39 +-
383 files changed, 56 insertions(+), 16903 deletions(-)
delete mode 100644 dtls-2.0.9/.editorconfig
delete mode 100644 dtls-2.0.9/.github/assert-contributors.sh
delete mode 100644 dtls-2.0.9/.github/hooks/commit-msg.sh
delete mode 100644 dtls-2.0.9/.github/hooks/pre-commit.sh
delete mode 100644 dtls-2.0.9/.github/hooks/pre-push.sh
delete mode 100644 dtls-2.0.9/.github/install-hooks.sh
delete mode 100644 dtls-2.0.9/.github/lint-commit-message.sh
delete mode 100644 dtls-2.0.9/.github/lint-disallowed-functions-in-library.sh
delete mode 100644 dtls-2.0.9/.github/lint-filename.sh
delete mode 100644 dtls-2.0.9/.github/workflows/e2e.yaml
delete mode 100644 dtls-2.0.9/.github/workflows/lint.yaml
delete mode 100644 dtls-2.0.9/.github/workflows/renovate-go-mod-fix.yaml
delete mode 100644 dtls-2.0.9/.github/workflows/test.yaml
delete mode 100644 dtls-2.0.9/.github/workflows/tidy-check.yaml
delete mode 100644 dtls-2.0.9/.gitignore
delete mode 100644 dtls-2.0.9/.golangci.yml
delete mode 100644 dtls-2.0.9/LICENSE
delete mode 100644 dtls-2.0.9/Makefile
delete mode 100644 dtls-2.0.9/README.md
delete mode 100644 dtls-2.0.9/bench_test.go
delete mode 100644 dtls-2.0.9/certificate.go
delete mode 100644 dtls-2.0.9/certificate_test.go
delete mode 100644 dtls-2.0.9/cipher_suite.go
delete mode 100644 dtls-2.0.9/cipher_suite_go114.go
delete mode 100644 dtls-2.0.9/cipher_suite_go114_test.go
delete mode 100644 dtls-2.0.9/cipher_suite_test.go
delete mode 100644 dtls-2.0.9/codecov.yml
delete mode 100644 dtls-2.0.9/compression_method.go
delete mode 100644 dtls-2.0.9/config.go
delete mode 100644 dtls-2.0.9/config_test.go
delete mode 100644 dtls-2.0.9/conn.go
delete mode 100644 dtls-2.0.9/conn_go_test.go
delete mode 100644 dtls-2.0.9/conn_test.go
delete mode 100644 dtls-2.0.9/crypto.go
delete mode 100644 dtls-2.0.9/crypto_test.go
delete mode 100644 dtls-2.0.9/dtls.go
delete mode 100644 dtls-2.0.9/e2e/Dockerfile
delete mode 100644 dtls-2.0.9/e2e/e2e.go
delete mode 100644 dtls-2.0.9/e2e/e2e_lossy_test.go
delete mode 100644 dtls-2.0.9/e2e/e2e_openssl_test.go
delete mode 100644 dtls-2.0.9/e2e/e2e_openssl_v113_test.go
delete mode 100644 dtls-2.0.9/e2e/e2e_test.go
delete mode 100644 dtls-2.0.9/e2e/e2e_v113_test.go
delete mode 100644 dtls-2.0.9/errors.go
delete mode 100644 dtls-2.0.9/errors_errno.go
delete mode 100644 dtls-2.0.9/errors_errno_test.go
delete mode 100644 dtls-2.0.9/errors_noerrno.go
delete mode 100644 dtls-2.0.9/errors_test.go
delete mode 100644 dtls-2.0.9/examples/certificates/README.md
delete mode 100644 dtls-2.0.9/examples/certificates/client.pem
delete mode 100644 dtls-2.0.9/examples/certificates/client.pub.pem
delete mode 100644 dtls-2.0.9/examples/certificates/server.pem
delete mode 100644 dtls-2.0.9/examples/certificates/server.pub.pem
delete mode 100644 dtls-2.0.9/examples/dial/psk/main.go
delete mode 100644 dtls-2.0.9/examples/dial/selfsign/main.go
delete mode 100644 dtls-2.0.9/examples/dial/verify/main.go
delete mode 100644 dtls-2.0.9/examples/listen/psk/main.go
delete mode 100644 dtls-2.0.9/examples/listen/selfsign/main.go
delete mode 100644 dtls-2.0.9/examples/listen/verify/main.go
delete mode 100644 dtls-2.0.9/examples/util/hub.go
delete mode 100644 dtls-2.0.9/examples/util/util.go
delete mode 100644 dtls-2.0.9/flight.go
delete mode 100644 dtls-2.0.9/flight0handler.go
delete mode 100644 dtls-2.0.9/flight1handler.go
delete mode 100644 dtls-2.0.9/flight2handler.go
delete mode 100644 dtls-2.0.9/flight3handler.go
delete mode 100644 dtls-2.0.9/flight4handler.go
delete mode 100644 dtls-2.0.9/flight5handler.go
delete mode 100644 dtls-2.0.9/flight6handler.go
delete mode 100644 dtls-2.0.9/flighthandler.go
delete mode 100644 dtls-2.0.9/fragment_buffer.go
delete mode 100644 dtls-2.0.9/fragment_buffer_test.go
delete mode 100644 dtls-2.0.9/fuzz.go
delete mode 100644 dtls-2.0.9/fuzz/corpus/012178ca0830b7449ad370598d55873d81b95e40-25
delete mode 100644 dtls-2.0.9/fuzz/corpus/01277073b27ccc6925ce4c941527f7b7705c8311-1
delete mode 100644 dtls-2.0.9/fuzz/corpus/039192caed40959ac2f5c3254669312ba2dfbcad-12
delete mode 100644 dtls-2.0.9/fuzz/corpus/03a9bad270cf32520b5c3e99add47c648ba6150f-7
delete mode 100644 dtls-2.0.9/fuzz/corpus/048fcd45b732d5bed912e6652bc265a0adaf5664-26
delete mode 100644 dtls-2.0.9/fuzz/corpus/04a28c0806a91267f0576e11d042400f41dc538b-12
delete mode 100644 dtls-2.0.9/fuzz/corpus/04d00cfd50deb9ccd9d14be8c58f401a0414dad3-30
delete mode 100644 dtls-2.0.9/fuzz/corpus/04e7f402f7d9f6ed2e664190dbd3267eddfddefa-6
delete mode 100644 dtls-2.0.9/fuzz/corpus/057a8c627dc06c27296c8208265a9f8a32a8d4c2-19
delete mode 100644 dtls-2.0.9/fuzz/corpus/05a0d164b8e3ca08dc1bd077ce4aa4559731182b-15
delete mode 100644 dtls-2.0.9/fuzz/corpus/06148fe224720cd3a0497fc87f2b6bc5f004484a-30
delete mode 100644 dtls-2.0.9/fuzz/corpus/078c2bd97a33002242f9d5ac0a95970c9432124a-31
delete mode 100644 dtls-2.0.9/fuzz/corpus/07ff33058f3c6732b9439f7d5c2bd50bb46adb31-20
delete mode 100644 dtls-2.0.9/fuzz/corpus/08f2f7719e35261f615174917101cba578892f43-11
delete mode 100644 dtls-2.0.9/fuzz/corpus/09b742837cf0d26ddecb5dbf536d91db6d1e9855-12
delete mode 100644 dtls-2.0.9/fuzz/corpus/0a3bff70743f3cc7ecdc293887c10e14e152dec2-19
delete mode 100644 dtls-2.0.9/fuzz/corpus/11e7b0e2a84f99b2f3f367cf546dde345bba563f-15
delete mode 100644 dtls-2.0.9/fuzz/corpus/136a342418a743d6167ef2b44e657c82427469b8-35
delete mode 100644 dtls-2.0.9/fuzz/corpus/137e470b38deeeac3586025e0e6e2702117e26e6
delete mode 100644 dtls-2.0.9/fuzz/corpus/156c962d90205b0c4afa3394de42d56967dfc7ee-14
delete mode 100644 dtls-2.0.9/fuzz/corpus/17863d02affd5fc60da97a59318b3f7014f93a9f-36
delete mode 100644 dtls-2.0.9/fuzz/corpus/1841fb69e960e2d6ce1d19c6264e70b5606bfa39-32
delete mode 100644 dtls-2.0.9/fuzz/corpus/1a460400f96b0b40872eac2daed7c1db2e8f9843-11
delete mode 100644 dtls-2.0.9/fuzz/corpus/1c042652c21f2c6d7ffcb6b6e6be55fdf95a5dbb-30
delete mode 100644 dtls-2.0.9/fuzz/corpus/1d09cef95c3269d3e244f0008a4fc6dfefd1e2ad-9
delete mode 100644 dtls-2.0.9/fuzz/corpus/22e3d3a8748eb152a65ee9ada8834f8a07b247f4-29
delete mode 100644 dtls-2.0.9/fuzz/corpus/23ce064ef35c0204982d748c34850bfc9433beca-13
delete mode 100644 dtls-2.0.9/fuzz/corpus/23e0e1cbd88637fbb4a19fe44c5665dda52e4c89-1
delete mode 100644 dtls-2.0.9/fuzz/corpus/2403e35492e1dc374b40bb2b4eda453c2e9612f2-21
delete mode 100644 dtls-2.0.9/fuzz/corpus/2438ed38ea739d8f57018f8de0a52f3e545ac760-18
delete mode 100644 dtls-2.0.9/fuzz/corpus/256b14a77bc0439a14908b6fa00afb348dde3af4-17
delete mode 100644 dtls-2.0.9/fuzz/corpus/27702a0157f6eeb426aef4d5789b380d7b23801e-35
delete mode 100644 dtls-2.0.9/fuzz/corpus/29accdef171829b8dc0dba39d24acf913e13a31f-20
delete mode 100644 dtls-2.0.9/fuzz/corpus/2ad24ef4188d2626e363cb12c5242fa96abfa7a3-13
delete mode 100644 dtls-2.0.9/fuzz/corpus/2db7497fc9f463803d041365e337cccd7e74111a-18
delete mode 100644 dtls-2.0.9/fuzz/corpus/30b9805b33c0d67926cbb5ab174508797eb7b7a7-17
delete mode 100644 dtls-2.0.9/fuzz/corpus/3105d624d1010500139670e332bd50771c112fdd-17
delete mode 100644 dtls-2.0.9/fuzz/corpus/32b051a5ed27cbcb3c1689adbf51c4223e58f9bc-36
delete mode 100644 dtls-2.0.9/fuzz/corpus/340161bf9f51d50c47d1853eb5d4fcac06914900-12
delete mode 100644 dtls-2.0.9/fuzz/corpus/371f95aa3e615531b896c89647e6ce67586e082e-15
delete mode 100644 dtls-2.0.9/fuzz/corpus/386d1a6c0d51af038a3b2d3adba6eb15d8e3fe0a-23
delete mode 100644 dtls-2.0.9/fuzz/corpus/3929563fe81b960a338a68a87a60e1940ac7f14e-34
delete mode 100644 dtls-2.0.9/fuzz/corpus/3be9ff705b7c6d24ba58057e44fe7f51d0b0aa54-30
delete mode 100644 dtls-2.0.9/fuzz/corpus/3eb3261e52074eceab2d28b5eee628d3ec213a84-14
delete mode 100644 dtls-2.0.9/fuzz/corpus/3f88c87cc5fe3fff5a45dc1916eed2fdcfe20d57-13
delete mode 100644 dtls-2.0.9/fuzz/corpus/3f928478ccaf16b9685071b91f52d5e0e6bc71c1-38
delete mode 100644 dtls-2.0.9/fuzz/corpus/42ab249f3ceb17939f5fcab757894b22d94a86a8-22
delete mode 100644 dtls-2.0.9/fuzz/corpus/42dbe1a681da3f7e48d18c53ab26b5893f3ea2ac-9
delete mode 100644 dtls-2.0.9/fuzz/corpus/471c2a2e1065b2c0f6040b286eebbca70e3742c6-10
delete mode 100644 dtls-2.0.9/fuzz/corpus/4735f3fc147ee436f8c02c24b9c40b4ee4cb1265-7
delete mode 100644 dtls-2.0.9/fuzz/corpus/48e4ba16b5626f66169cf52fb35054ae32f1037e-27
delete mode 100644 dtls-2.0.9/fuzz/corpus/4be120299b63639b4c203c93da101e2db703839a-26
delete mode 100644 dtls-2.0.9/fuzz/corpus/4cdafe201d691c06b529689668d52106a3e98dfa-22
delete mode 100644 dtls-2.0.9/fuzz/corpus/4d79d6a303e57c882d1d329ad4e3f091dd60e7ff-20
delete mode 100644 dtls-2.0.9/fuzz/corpus/509dbda3f391113a75c8309028bf59c0f107ac52-30
delete mode 100644 dtls-2.0.9/fuzz/corpus/52aecd8762579fcaa1b5f26b152840f899683660-17
delete mode 100644 dtls-2.0.9/fuzz/corpus/545ad51188a5d270eafe4733272be18ac1769c21-1
delete mode 100644 dtls-2.0.9/fuzz/corpus/5642ffc103d245461d8e754281bea517ff54ed85-17
delete mode 100644 dtls-2.0.9/fuzz/corpus/57d1652be22f597708e8099e2d23e8e4b00b0f89-33
delete mode 100644 dtls-2.0.9/fuzz/corpus/59d6ef268e83be801c670340b2383a5a732308cb-8
delete mode 100644 dtls-2.0.9/fuzz/corpus/5b3cbe41487f4f9f5e728a86adce154ebd73fbe0-9
delete mode 100644 dtls-2.0.9/fuzz/corpus/5c165fd943bcb6df518c71b149d5aed736237833-16
delete mode 100644 dtls-2.0.9/fuzz/corpus/5eeaf10bf3fbb5575a63e054fd377645b5f45de5-3
delete mode 100644 dtls-2.0.9/fuzz/corpus/64c5404b7e07af41448c99eadd4ded3a1572b503-9
delete mode 100644 dtls-2.0.9/fuzz/corpus/6926133d1d407a21e5e57ed4ec71583b8f4650ab-16
delete mode 100644 dtls-2.0.9/fuzz/corpus/6998ed50de84d0a1e2250af37ef989f866392d8e-7
delete mode 100644 dtls-2.0.9/fuzz/corpus/6a823391df6589e83b50fbf6ad7ec4a61edb34c5-35
delete mode 100644 dtls-2.0.9/fuzz/corpus/6af8fabbde43b2d6bb76502831dbd8c0d1dea233-36
delete mode 100644 dtls-2.0.9/fuzz/corpus/6b33f20c523b6d32a26863fa65923e66ab555408-3
delete mode 100644 dtls-2.0.9/fuzz/corpus/6bf06a9be690f993286b45425cb88b8331876fe1-1
delete mode 100644 dtls-2.0.9/fuzz/corpus/6d6e5a7d0dc716e9593f88fbdb684ca6ff0adebc-2
delete mode 100644 dtls-2.0.9/fuzz/corpus/71d40c1aa2131c7936b49cfb92ea2a60da15e44e-1
delete mode 100644 dtls-2.0.9/fuzz/corpus/7384d4b5b89a95ef3448cd2d9bd5f9001592f83a-37
delete mode 100644 dtls-2.0.9/fuzz/corpus/7428fe79252cf44624d39a9ee721ff169c2017ba-18
delete mode 100644 dtls-2.0.9/fuzz/corpus/75ab7aa686d0774f43a13c218b33528b2fe7d5f8-29
delete mode 100644 dtls-2.0.9/fuzz/corpus/75e00d510635ac25c84a337514180b32b8a4051b-25
delete mode 100644 dtls-2.0.9/fuzz/corpus/78183569973f5d7cf343bad7c8be1099e5c09b88-7
delete mode 100644 dtls-2.0.9/fuzz/corpus/781d2e38644a0fe53f8bfba8d567c206799a70f4-21
delete mode 100644 dtls-2.0.9/fuzz/corpus/79e1a7733a2d329564a16763a6bb394dddcd5679-14
delete mode 100644 dtls-2.0.9/fuzz/corpus/7a459efd01415c7e35c8ae63358fc79e2d471093-35
delete mode 100644 dtls-2.0.9/fuzz/corpus/7b71e27c7ca6777b3eb1c03bf2bbfb91720186c1-5
delete mode 100644 dtls-2.0.9/fuzz/corpus/7c33a04f1cb9a7b2bf6be6f834aeeef943a242f2-34
delete mode 100644 dtls-2.0.9/fuzz/corpus/7c33caa83f291ca5a328d13e1d97954d9462e0e1-34
delete mode 100644 dtls-2.0.9/fuzz/corpus/7c60d79ccb4b24c486293fe63c763f71c2948d33-28
delete mode 100644 dtls-2.0.9/fuzz/corpus/7c9e5840e53826d82da4432b52c057bfbcd2c8f6-31
delete mode 100644 dtls-2.0.9/fuzz/corpus/80123a693544437c5d58878cf7aac8a281ec658c-8
delete mode 100644 dtls-2.0.9/fuzz/corpus/8104833886e77f44f198916bdf2cc0aeafa6b59a-30
delete mode 100644 dtls-2.0.9/fuzz/corpus/83c3e7679df8b6e6cbb75de23ef0e0c9d400a434-1
delete mode 100644 dtls-2.0.9/fuzz/corpus/843ccb2f577d368fe0e793d0047311bac2b02afb-10
delete mode 100644 dtls-2.0.9/fuzz/corpus/88e0f2195b7c21004d87538f58bd7b751aeb79c7-27
delete mode 100644 dtls-2.0.9/fuzz/corpus/8963740cfedced726a1579328b9aa58a7d348c2c-29
delete mode 100644 dtls-2.0.9/fuzz/corpus/905578265b19677b3c83aad3169ed0b9cae91a0f-20
delete mode 100644 dtls-2.0.9/fuzz/corpus/91ad828e4650d737c8fab0447f83b6380bb045a2-37
delete mode 100644 dtls-2.0.9/fuzz/corpus/92d652cb10701472585fadb89dee2ab05f4baa3f-16
delete mode 100644 dtls-2.0.9/fuzz/corpus/9810ba71e7068b2752d4fc80ea1071957b4b20e4-22
delete mode 100644 dtls-2.0.9/fuzz/corpus/986aa2d13d0f60c614ca328c0b38a7d533b952fb-15
delete mode 100644 dtls-2.0.9/fuzz/corpus/98779dbfa7f25f57d8bc146d8c37d4a1f1b829a7-10
delete mode 100644 dtls-2.0.9/fuzz/corpus/995d8ae8db6dad3c5851077207ada893bf856830-25
delete mode 100644 dtls-2.0.9/fuzz/corpus/9a6736cde6de5b473fb231535380a7617fd640c2-10
delete mode 100644 dtls-2.0.9/fuzz/corpus/9aeb1efeb489adc9aec522039bba0a5f693271bf-35
delete mode 100644 dtls-2.0.9/fuzz/corpus/9bc991375786a265c38c8553183807be67827625-18
delete mode 100644 dtls-2.0.9/fuzz/corpus/9bddfbdd2ed2e780103d5d34662106bd4ef8eb80-6
delete mode 100644 dtls-2.0.9/fuzz/corpus/9beed258dfb4aa4ef102c1b4984699303e737d00-38
delete mode 100644 dtls-2.0.9/fuzz/corpus/9d31063b355084a0a074f614a6b9279a25a4537e-35
delete mode 100644 dtls-2.0.9/fuzz/corpus/9da74f96fe6f8dc2fdf340eec67662301a14086e-10
delete mode 100644 dtls-2.0.9/fuzz/corpus/9e0739e12c765ba14c8540a32f5a8252bebc6fad-7
delete mode 100644 dtls-2.0.9/fuzz/corpus/9e8cb1ca388740d90a5337a85d48c78d93d96580-12
delete mode 100644 dtls-2.0.9/fuzz/corpus/9f9c6abc185820375cdc3c63a52cca2cdc84946b-26
delete mode 100644 dtls-2.0.9/fuzz/corpus/a067dbf437d8e235dc64a6819faa0d57ff2c3f94-21
delete mode 100644 dtls-2.0.9/fuzz/corpus/a0a9328cec82f33420fed388ac10108c5f365847-31
delete mode 100644 dtls-2.0.9/fuzz/corpus/a2ef40165d921e7d8b8c622348b0f3ba772bb45b-22
delete mode 100644 dtls-2.0.9/fuzz/corpus/a54fc076b4362b89692c19a60cf0a19a8c025ea0-19
delete mode 100644 dtls-2.0.9/fuzz/corpus/a57426e5962baf2af3c43bfba8bcfe8198aeac69-21
delete mode 100644 dtls-2.0.9/fuzz/corpus/a646db15452695437f7b7bc3b65c5748dd9cbee4-36
delete mode 100644 dtls-2.0.9/fuzz/corpus/a76d4d5e1300a60dd945d28fd5fe2c9968f06871-6
delete mode 100644 dtls-2.0.9/fuzz/corpus/a8208daf57a7ba1b8f75ef0a70421d16100668d8-22
delete mode 100644 dtls-2.0.9/fuzz/corpus/a8e636f3b54cfd873b3d21cff150543a9e10f4de-13
delete mode 100644 dtls-2.0.9/fuzz/corpus/aa8beeff31520b5cbf509bc5efe4fa194a990fed-31
delete mode 100644 dtls-2.0.9/fuzz/corpus/ac3e9b5146d2220644dbca14d2dec64d23a82fd6-24
delete mode 100644 dtls-2.0.9/fuzz/corpus/ad572827912f2c8b62392a1481af8897837d9b08-25
delete mode 100644 dtls-2.0.9/fuzz/corpus/afd532a8a55c6c39d9ca66231a96a5678fbe4ad2-27
delete mode 100644 dtls-2.0.9/fuzz/corpus/b0f5f4a2d196cded1dbfa87ab65be7122effa0e3-8
delete mode 100644 dtls-2.0.9/fuzz/corpus/b226a622228f89f8a6f98b6b09f06fa964a3d4f0-9
delete mode 100644 dtls-2.0.9/fuzz/corpus/b28051b6fc87a2b74a765b237c697e0728f1bccf-12
delete mode 100644 dtls-2.0.9/fuzz/corpus/b3c74f6100a87eb3ad15d44be8df465d490fb9bd-32
delete mode 100644 dtls-2.0.9/fuzz/corpus/b43bde2b9ea6f9d171156e4ba3d084444294625c-6
delete mode 100644 dtls-2.0.9/fuzz/corpus/b485961b2eb34df99b22d66f377aeaf6bd87e0a6-36
delete mode 100644 dtls-2.0.9/fuzz/corpus/b4912597376e6edf2985267fe64d170977173481-1
delete mode 100644 dtls-2.0.9/fuzz/corpus/b4ee5c1737fe829bfa1c8d6abcb2166c1b74effd-21
delete mode 100644 dtls-2.0.9/fuzz/corpus/b4f24eee8a1d42ac1dc868e4d53b608f3746a2d7-31
delete mode 100644 dtls-2.0.9/fuzz/corpus/b5c30ace1906dea8c5cf2fb4b7558563a2df978b-19
delete mode 100644 dtls-2.0.9/fuzz/corpus/b64aecc1f27577b6c2efd550a8dd1b0f96054f7c-25
delete mode 100644 dtls-2.0.9/fuzz/corpus/b6f83f0c490f9fbea7ea7b9574232e8fd90194aa-18
delete mode 100644 dtls-2.0.9/fuzz/corpus/b7b653694d804d41294e46bb4aff34f2fc93f48d-19
delete mode 100644 dtls-2.0.9/fuzz/corpus/b9bd6d81380956a8a8f08c551f7a1c8e4b769f01-33
delete mode 100644 dtls-2.0.9/fuzz/corpus/ba0aeff9d6e84d6d0a54b40f674338489fe86d29-35
delete mode 100644 dtls-2.0.9/fuzz/corpus/ba8f7331369766ec42d305afd13f74bd5c9f7598-26
delete mode 100644 dtls-2.0.9/fuzz/corpus/bab42319f9d989d1344ff4621f82c3eb950f01b8-4
delete mode 100644 dtls-2.0.9/fuzz/corpus/bacecfa089ed936799b5ec00ab80f2c234ee6488-19
delete mode 100644 dtls-2.0.9/fuzz/corpus/bdd08d152c9b526d07ca2020b5236ee2021ddbf2-9
delete mode 100644 dtls-2.0.9/fuzz/corpus/be2d2ac22a22f3c07bbb03881145ed09d71cc9a3-23
delete mode 100644 dtls-2.0.9/fuzz/corpus/c26326aa05dea63170e6429a64465e9c48fc4ba6-20
delete mode 100644 dtls-2.0.9/fuzz/corpus/c341f33f77b845bbeb7f2e4cdc20072a370b81bb-19
delete mode 100644 dtls-2.0.9/fuzz/corpus/c5ab6cb91cad5d95c1eed18fc9055ca5cfa03401-36
delete mode 100644 dtls-2.0.9/fuzz/corpus/c6266582478c713d071415c5c20f7e17cacbca6b-11
delete mode 100644 dtls-2.0.9/fuzz/corpus/c69ac8b1c87631059129edfb2bac5504b1f6e1fe-7
delete mode 100644 dtls-2.0.9/fuzz/corpus/c6fb60ed7606c773c6e381e1eeafa4d2beb0501d-13
delete mode 100644 dtls-2.0.9/fuzz/corpus/c6ff571fac3824ce6314d936ddbe679a4532681a-24
delete mode 100644 dtls-2.0.9/fuzz/corpus/ca7e5b747b90d4cc886c3e68582eb809672f9343-24
delete mode 100644 dtls-2.0.9/fuzz/corpus/caf20a50754c9f4885ff4872cfdb5badfafa0eab-2
delete mode 100644 dtls-2.0.9/fuzz/corpus/cc0dfdb3fe2c6c450c8353fb951f0068c2da25c3-24
delete mode 100644 dtls-2.0.9/fuzz/corpus/cc57cf224581b2055e3e509f8ddaf10204099d72-29
delete mode 100644 dtls-2.0.9/fuzz/corpus/cd6fd1f976ae2f9e31733919f070988d5946cf18-25
delete mode 100644 dtls-2.0.9/fuzz/corpus/ce04f52927639b8f845dd01a25ff06d61dbb7736-19
delete mode 100644 dtls-2.0.9/fuzz/corpus/cfe9539fdc29f9bcdf123394ffb098838a5d8b83-29
delete mode 100644 dtls-2.0.9/fuzz/corpus/d093b42b65836218cc0ce0ad9a898b76f4cde121-7
delete mode 100644 dtls-2.0.9/fuzz/corpus/d184e74d92444b23e5c07431ac1901a3460efeef-2
delete mode 100644 dtls-2.0.9/fuzz/corpus/d1fc43b23d31daa77b1c9b4f8930d2f3a9754287-31
delete mode 100644 dtls-2.0.9/fuzz/corpus/d5e8de475ba87d0eddd97db6b61ef4621a2e8071-30
delete mode 100644 dtls-2.0.9/fuzz/corpus/d78ab9295d2782c20cb99674622bde4e92359b16-15
delete mode 100644 dtls-2.0.9/fuzz/corpus/d8f3a31fb0304017eb8466e958c843865a1d0c2b-14
delete mode 100644 dtls-2.0.9/fuzz/corpus/d97dc4bb804a0d7bcd92f1abf81fb604caeef3db-18
delete mode 100644 dtls-2.0.9/fuzz/corpus/d9c2f5fc766a4d8b70c20b2c7bb17f662821a18d-20
delete mode 100644 dtls-2.0.9/fuzz/corpus/da39a3ee5e6b4b0d3255bfef95601890afd80709
delete mode 100644 dtls-2.0.9/fuzz/corpus/da75745263fae25217790f4c0f3414a2c2a7426c-30
delete mode 100644 dtls-2.0.9/fuzz/corpus/dbb83f9c44304f536e5817c4301fe1ebad40b480-29
delete mode 100644 dtls-2.0.9/fuzz/corpus/dc8dd2c7a89d009af1cc9d1dab9c7f030db09fee-28
delete mode 100644 dtls-2.0.9/fuzz/corpus/dcac1a5ba7d6511532589fbceb771fd71f23ebeb-23
delete mode 100644 dtls-2.0.9/fuzz/corpus/dcc90b5ab9129ee3effd438c0a86bfe599ccfe17-8
delete mode 100644 dtls-2.0.9/fuzz/corpus/dd5c198fd08276fdba3f48884659199dceeaa2ac-2
delete mode 100644 dtls-2.0.9/fuzz/corpus/e0d111660feb6004db7815eb0231fdb369517970-11
delete mode 100644 dtls-2.0.9/fuzz/corpus/e11fc30ee640e45e8185f384f9a116cf2cb75852-8
delete mode 100644 dtls-2.0.9/fuzz/corpus/e124a66686755a3fe635b2bb6dc05849238ff474-28
delete mode 100644 dtls-2.0.9/fuzz/corpus/e17dcda547abfa37685bb9d570a7bf9c4a34affc-35
delete mode 100644 dtls-2.0.9/fuzz/corpus/e1a87e2698fcd50fdee9d425ba22cca94e82e689-31
delete mode 100644 dtls-2.0.9/fuzz/corpus/e1f7de47792fed4f34a0a790cc688d43d75e80fd-34
delete mode 100644 dtls-2.0.9/fuzz/corpus/e4d81d83c175232de004db3750b8509a3dc26cf7-27
delete mode 100644 dtls-2.0.9/fuzz/corpus/e5d083d83bb534c47f170509f84be51d847c9d95-2
delete mode 100644 dtls-2.0.9/fuzz/corpus/e69a5e78519e11f948112f68197d2f0d469c60b2-28
delete mode 100644 dtls-2.0.9/fuzz/corpus/e7e0aec1e8718877cd61405d0b73cb8eea7830dd-2
delete mode 100644 dtls-2.0.9/fuzz/corpus/e87d088c1b0796bcbfa649c9118329bf4fabd6f2-29
delete mode 100644 dtls-2.0.9/fuzz/corpus/e8ad70294942e6f8c25bb01fd4443cfba4fb0308-19
delete mode 100644 dtls-2.0.9/fuzz/corpus/e9895a39481476548887cbbb88835ba4318e41af-33
delete mode 100644 dtls-2.0.9/fuzz/corpus/e9f3d28570e1c59dd81975f281b00374ad3f400e-28
delete mode 100644 dtls-2.0.9/fuzz/corpus/ea855f2d2933b53de04f93ed49d95f5fbc1777df-3
delete mode 100644 dtls-2.0.9/fuzz/corpus/eaa0e2396b6d857d3121c691ca35c10f54644ba5-3
delete mode 100644 dtls-2.0.9/fuzz/corpus/eab6d99255628b1b14f5f565e9f94e9f4042ba25-5
delete mode 100644 dtls-2.0.9/fuzz/corpus/ed8baf884f660e13648b822dbc20c23ececbb6d9-14
delete mode 100644 dtls-2.0.9/fuzz/corpus/ee7bc26e98a2e3fc02a8fac80ec94b8fe56d5852-26
delete mode 100644 dtls-2.0.9/fuzz/corpus/f248a7b971b1fd07ea978e776fda73fee276d36d-17
delete mode 100644 dtls-2.0.9/fuzz/corpus/f3fc999fcd5f3f9f4d4cf2c4151d0bc6ef73c3cb-1
delete mode 100644 dtls-2.0.9/fuzz/corpus/f8781259866be1553ac9625d18ff25ce354776ec-23
delete mode 100644 dtls-2.0.9/fuzz/corpus/fa9ec5dd9ba00a696cb5217fd7455fe79c6610e4-18
delete mode 100644 dtls-2.0.9/fuzz/corpus/fc3952e202a374d090fd4008d43183630a4b8dc2-15
delete mode 100644 dtls-2.0.9/fuzz/corpus/fdef7b51eb11668569ef1b45ba193becb956b2e7-15
delete mode 100644 dtls-2.0.9/go.mod
delete mode 100644 dtls-2.0.9/go.sum
delete mode 100644 dtls-2.0.9/handshake_cache.go
delete mode 100644 dtls-2.0.9/handshake_cache_test.go
delete mode 100644 dtls-2.0.9/handshake_test.go
delete mode 100644 dtls-2.0.9/handshaker.go
delete mode 100644 dtls-2.0.9/handshaker_test.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/aes_128_ccm.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/ciphersuite.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_ccm.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_ccm8.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_256_cbc_sha.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_ecdhe_rsa_with_aes_128_gcm_sha256.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_ecdhe_rsa_with_aes_256_cbc_sha.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_cbc_sha256.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_ccm.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_ccm8.go
delete mode 100644 dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_gcm_sha256.go
delete mode 100644 dtls-2.0.9/internal/closer/closer.go
delete mode 100644 dtls-2.0.9/internal/net/dpipe/dpipe.go
delete mode 100644 dtls-2.0.9/internal/net/dpipe/dpipe_test.go
delete mode 100644 dtls-2.0.9/internal/util/util.go
delete mode 100644 dtls-2.0.9/listener.go
delete mode 100644 dtls-2.0.9/nettest_test.go
delete mode 100644 dtls-2.0.9/packet.go
delete mode 100644 dtls-2.0.9/pkg/crypto/ccm/ccm.go
delete mode 100644 dtls-2.0.9/pkg/crypto/ccm/ccm_test.go
delete mode 100644 dtls-2.0.9/pkg/crypto/ciphersuite/cbc.go
delete mode 100644 dtls-2.0.9/pkg/crypto/ciphersuite/ccm.go
delete mode 100644 dtls-2.0.9/pkg/crypto/ciphersuite/ciphersuite.go
delete mode 100644 dtls-2.0.9/pkg/crypto/ciphersuite/gcm.go
delete mode 100644 dtls-2.0.9/pkg/crypto/clientcertificate/client_certificate.go
delete mode 100644 dtls-2.0.9/pkg/crypto/elliptic/elliptic.go
delete mode 100644 dtls-2.0.9/pkg/crypto/fingerprint/fingerprint.go
delete mode 100644 dtls-2.0.9/pkg/crypto/fingerprint/fingerprint_test.go
delete mode 100644 dtls-2.0.9/pkg/crypto/fingerprint/hash.go
delete mode 100644 dtls-2.0.9/pkg/crypto/fingerprint/hash_test.go
delete mode 100644 dtls-2.0.9/pkg/crypto/hash/hash.go
delete mode 100644 dtls-2.0.9/pkg/crypto/hash/hash_test.go
delete mode 100644 dtls-2.0.9/pkg/crypto/prf/prf.go
delete mode 100644 dtls-2.0.9/pkg/crypto/prf/prf_test.go
delete mode 100644 dtls-2.0.9/pkg/crypto/selfsign/selfsign.go
delete mode 100644 dtls-2.0.9/pkg/crypto/signature/signature.go
delete mode 100644 dtls-2.0.9/pkg/crypto/signaturehash/errors.go
delete mode 100644 dtls-2.0.9/pkg/crypto/signaturehash/signaturehash.go
delete mode 100644 dtls-2.0.9/pkg/crypto/signaturehash/signaturehash_go113_test.go
delete mode 100644 dtls-2.0.9/pkg/crypto/signaturehash/signaturehash_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/alert/alert.go
delete mode 100644 dtls-2.0.9/pkg/protocol/alert/alert_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/application_data.go
delete mode 100644 dtls-2.0.9/pkg/protocol/change_cipher_spec.go
delete mode 100644 dtls-2.0.9/pkg/protocol/change_cipher_spec_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/compression_method.go
delete mode 100644 dtls-2.0.9/pkg/protocol/compression_method_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/content.go
delete mode 100644 dtls-2.0.9/pkg/protocol/errors.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/errors.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/extension.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/extension_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/renegotiation_info.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/renegotiation_info_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/server_name.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/server_name_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/srtp_protection_profile.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/supported_elliptic_curves.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/supported_elliptic_curves_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/supported_point_formats.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/supported_point_formats_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/supported_signature_algorithms.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/supported_signature_algorithms_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/use_master_secret.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/use_srtp.go
delete mode 100644 dtls-2.0.9/pkg/protocol/extension/use_srtp_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/cipher_suite.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/cipher_suite_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/errors.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/handshake.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/header.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_certificate.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_certificate_request.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_certificate_request_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_certificate_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_certificate_verify.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_certificate_verify_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_client_hello.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_client_hello_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_client_key_exchange.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_client_key_exchange_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_finished.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_finished_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_hello_verify_request.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_hello_verify_request_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_server_hello.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_server_hello_done.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_server_hello_done_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_server_hello_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_server_key_exchange.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/message_server_key_exchange_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/handshake/random.go
delete mode 100644 dtls-2.0.9/pkg/protocol/recordlayer/errors.go
delete mode 100644 dtls-2.0.9/pkg/protocol/recordlayer/header.go
delete mode 100644 dtls-2.0.9/pkg/protocol/recordlayer/recordlayer.go
delete mode 100644 dtls-2.0.9/pkg/protocol/recordlayer/recordlayer_test.go
delete mode 100644 dtls-2.0.9/pkg/protocol/version.go
delete mode 100644 dtls-2.0.9/renovate.json
delete mode 100644 dtls-2.0.9/replayprotection_test.go
delete mode 100644 dtls-2.0.9/resume.go
delete mode 100644 dtls-2.0.9/resume_test.go
delete mode 100644 dtls-2.0.9/srtp_protection_profile.go
delete mode 100644 dtls-2.0.9/state.go
delete mode 100644 dtls-2.0.9/util.go
diff --git a/dtls-2.0.9/.editorconfig b/dtls-2.0.9/.editorconfig
deleted file mode 100644
index d2b3206..0000000
--- a/dtls-2.0.9/.editorconfig
+++ /dev/null
@@ -1,21 +0,0 @@
-# http://editorconfig.org/
-
-root = true
-
-[*]
-charset = utf-8
-insert_final_newline = true
-trim_trailing_whitespace = true
-end_of_line = lf
-
-[*.go]
-indent_style = tab
-indent_size = 4
-
-[{*.yml,*.yaml}]
-indent_style = space
-indent_size = 2
-
-# Makefiles always use tabs for indentation
-[Makefile]
-indent_style = tab
diff --git a/dtls-2.0.9/.github/assert-contributors.sh b/dtls-2.0.9/.github/assert-contributors.sh
deleted file mode 100644
index 12e6afe..0000000
--- a/dtls-2.0.9/.github/assert-contributors.sh
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/usr/bin/env bash
-
-#
-# DO NOT EDIT THIS FILE
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-#
-# If you want to update the shared CI config, send a PR to
-# https://github.com/pion/.goassets instead of this repository.
-#
-
-set -e
-
-SCRIPT_PATH=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
-
-if [ -f ${SCRIPT_PATH}/.ci.conf ]
-then
- . ${SCRIPT_PATH}/.ci.conf
-fi
-
-#
-# DO NOT EDIT THIS
-#
-EXCLUDED_CONTRIBUTORS+=('John R. Bradley' 'renovate[bot]' 'Renovate Bot' 'Pion Bot')
-# If you want to exclude a name from all repositories, send a PR to
-# https://github.com/pion/.goassets instead of this repository.
-# If you want to exclude a name only from this repository,
-# add EXCLUDED_CONTRIBUTORS=('name') to .github/.ci.conf
-
-MISSING_CONTRIBUTORS=()
-
-shouldBeIncluded () {
- for i in "${EXCLUDED_CONTRIBUTORS[@]}"
- do
- if [ "$i" == "$1" ] ; then
- return 1
- fi
- done
- return 0
-}
-
-
-IFS=$'\n' #Only split on newline
-for contributor in $(git log --format='%aN' | sort -u)
-do
- if shouldBeIncluded $contributor; then
- if ! grep -q "$contributor" "$SCRIPT_PATH/../README.md"; then
- MISSING_CONTRIBUTORS+=("$contributor")
- fi
- fi
-done
-unset IFS
-
-if [ ${#MISSING_CONTRIBUTORS[@]} -ne 0 ]; then
- echo "Please add the following contributors to the README"
- for i in "${MISSING_CONTRIBUTORS[@]}"
- do
- echo "$i"
- done
- exit 1
-fi
diff --git a/dtls-2.0.9/.github/hooks/commit-msg.sh b/dtls-2.0.9/.github/hooks/commit-msg.sh
deleted file mode 100644
index 8213dc2..0000000
--- a/dtls-2.0.9/.github/hooks/commit-msg.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-
-#
-# DO NOT EDIT THIS FILE DIRECTLY
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-#
-
-set -e
-
-.github/lint-commit-message.sh $1
diff --git a/dtls-2.0.9/.github/hooks/pre-commit.sh b/dtls-2.0.9/.github/hooks/pre-commit.sh
deleted file mode 100644
index cc318d7..0000000
--- a/dtls-2.0.9/.github/hooks/pre-commit.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-#
-# DO NOT EDIT THIS FILE DIRECTLY
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-#
-
-# Redirect output to stderr.
-exec 1>&2
-
-.github/lint-disallowed-functions-in-library.sh
diff --git a/dtls-2.0.9/.github/hooks/pre-push.sh b/dtls-2.0.9/.github/hooks/pre-push.sh
deleted file mode 100644
index 7cb2365..0000000
--- a/dtls-2.0.9/.github/hooks/pre-push.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-#
-# DO NOT EDIT THIS FILE DIRECTLY
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-#
-
-set -e
-
-.github/assert-contributors.sh
-
-exit 0
diff --git a/dtls-2.0.9/.github/install-hooks.sh b/dtls-2.0.9/.github/install-hooks.sh
deleted file mode 100644
index 73d20a4..0000000
--- a/dtls-2.0.9/.github/install-hooks.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-#
-# DO NOT EDIT THIS FILE
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-#
-# If you want to update the shared CI config, send a PR to
-# https://github.com/pion/.goassets instead of this repository.
-#
-
-SCRIPT_PATH=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
-
-cp "$SCRIPT_PATH/hooks/commit-msg.sh" "$SCRIPT_PATH/../.git/hooks/commit-msg"
-cp "$SCRIPT_PATH/hooks/pre-commit.sh" "$SCRIPT_PATH/../.git/hooks/pre-commit"
-cp "$SCRIPT_PATH/hooks/pre-push.sh" "$SCRIPT_PATH/../.git/hooks/pre-push"
diff --git a/dtls-2.0.9/.github/lint-commit-message.sh b/dtls-2.0.9/.github/lint-commit-message.sh
deleted file mode 100644
index 010a332..0000000
--- a/dtls-2.0.9/.github/lint-commit-message.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-
-#
-# DO NOT EDIT THIS FILE
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-#
-# If you want to update the shared CI config, send a PR to
-# https://github.com/pion/.goassets instead of this repository.
-#
-
-set -e
-
-display_commit_message_error() {
-cat << EndOfMessage
-$1
-
--------------------------------------------------
-The preceding commit message is invalid
-it failed '$2' of the following checks
-
-* Separate subject from body with a blank line
-* Limit the subject line to 50 characters
-* Capitalize the subject line
-* Do not end the subject line with a period
-* Wrap the body at 72 characters
-EndOfMessage
-
- exit 1
-}
-
-lint_commit_message() {
- if [[ "$(echo "$1" | awk 'NR == 2 {print $1;}' | wc -c)" -ne 1 ]]; then
- display_commit_message_error "$1" 'Separate subject from body with a blank line'
- fi
-
- if [[ "$(echo "$1" | head -n1 | awk '{print length}')" -gt 50 ]]; then
- display_commit_message_error "$1" 'Limit the subject line to 50 characters'
- fi
-
- if [[ ! $1 =~ ^[A-Z] ]]; then
- display_commit_message_error "$1" 'Capitalize the subject line'
- fi
-
- if [[ "$(echo "$1" | awk 'NR == 1 {print substr($0,length($0),1)}')" == "." ]]; then
- display_commit_message_error "$1" 'Do not end the subject line with a period'
- fi
-
- if [[ "$(echo "$1" | awk '{print length}' | sort -nr | head -1)" -gt 72 ]]; then
- display_commit_message_error "$1" 'Wrap the body at 72 characters'
- fi
-}
-
-if [ "$#" -eq 1 ]; then
- if [ ! -f "$1" ]; then
- echo "$0 was passed one argument, but was not a valid file"
- exit 1
- fi
- lint_commit_message "$(sed -n '/# Please enter the commit message for your changes. Lines starting/q;p' "$1")"
-else
- for commit in $(git rev-list --no-merges origin/master..); do
- lint_commit_message "$(git log --format="%B" -n 1 $commit)"
- done
-fi
diff --git a/dtls-2.0.9/.github/lint-disallowed-functions-in-library.sh b/dtls-2.0.9/.github/lint-disallowed-functions-in-library.sh
deleted file mode 100644
index 21e48da..0000000
--- a/dtls-2.0.9/.github/lint-disallowed-functions-in-library.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-#
-# DO NOT EDIT THIS FILE
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-#
-# If you want to update the shared CI config, send a PR to
-# https://github.com/pion/.goassets instead of this repository.
-#
-
-set -e
-
-# Disallow usages of functions that cause the program to exit in the library code
-SCRIPT_PATH=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
-if [ -f ${SCRIPT_PATH}/.ci.conf ]
-then
- . ${SCRIPT_PATH}/.ci.conf
-fi
-
-EXCLUDE_DIRECTORIES=${DISALLOWED_FUNCTIONS_EXCLUDED_DIRECTORIES:-"examples"}
-DISALLOWED_FUNCTIONS=('os.Exit(' 'panic(' 'Fatal(' 'Fatalf(' 'Fatalln(' 'fmt.Println(' 'fmt.Printf(' 'log.Print(' 'log.Println(' 'log.Printf(')
-
-files=$(
- find "$SCRIPT_PATH/.." -name "*.go" \
- | grep -v -e '^.*_test.go$' \
- | while read file
- do
- excluded=false
- for ex in $EXCLUDE_DIRECTORIES
- do
- if [[ $file == */$ex/* ]]
- then
- excluded=true
- break
- fi
- done
- $excluded || echo "$file"
- done
-)
-
-for disallowedFunction in "${DISALLOWED_FUNCTIONS[@]}"
-do
- if grep -e "$disallowedFunction" $files | grep -v -e 'nolint'; then
- echo "$disallowedFunction may only be used in example code"
- exit 1
- fi
-done
diff --git a/dtls-2.0.9/.github/lint-filename.sh b/dtls-2.0.9/.github/lint-filename.sh
deleted file mode 100644
index 81b3f14..0000000
--- a/dtls-2.0.9/.github/lint-filename.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-#
-# DO NOT EDIT THIS FILE
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-#
-# If you want to update the shared CI config, send a PR to
-# https://github.com/pion/.goassets instead of this repository.
-#
-
-set -e
-
-SCRIPT_PATH=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
-GO_REGEX="^[a-zA-Z][a-zA-Z0-9_]*\.go$"
-
-find "$SCRIPT_PATH/.." -name "*.go" | while read fullpath; do
- filename=$(basename -- "$fullpath")
-
- if ! [[ $filename =~ $GO_REGEX ]]; then
- echo "$filename is not a valid filename for Go code, only alpha, numbers and underscores are supported"
- exit 1
- fi
-done
diff --git a/dtls-2.0.9/.github/workflows/e2e.yaml b/dtls-2.0.9/.github/workflows/e2e.yaml
deleted file mode 100644
index c6b4cf4..0000000
--- a/dtls-2.0.9/.github/workflows/e2e.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: E2E
-on:
- pull_request:
- branches:
- - master
- push:
- branches:
- - master
-
-jobs:
- e2e-test:
- name: Test
- runs-on: ubuntu-latest
- steps:
- - name: checkout
- uses: actions/checkout@v2
- - name: test
- run: |
- docker build -t pion-dtls-e2e -f e2e/Dockerfile .
- docker run -i --rm pion-dtls-e2e
diff --git a/dtls-2.0.9/.github/workflows/lint.yaml b/dtls-2.0.9/.github/workflows/lint.yaml
deleted file mode 100644
index 8824c34..0000000
--- a/dtls-2.0.9/.github/workflows/lint.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: Lint
-on:
- pull_request:
- types:
- - opened
- - edited
- - synchronize
-jobs:
- lint-commit-message:
- name: Metadata
- runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- steps:
- - uses: actions/checkout@v2
- with:
- fetch-depth: 0
-
- - name: Commit Message
- run: .github/lint-commit-message.sh
-
- - name: File names
- run: .github/lint-filename.sh
-
- - name: Contributors
- run: .github/assert-contributors.sh
-
- - name: Functions
- run: .github/lint-disallowed-functions-in-library.sh
-
- lint-go:
- name: Go
- runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- steps:
- - uses: actions/checkout@v2
-
- - name: golangci-lint
- uses: golangci/golangci-lint-action@v2
- with:
- version: v1.31
- args: $GOLANGCI_LINT_EXRA_ARGS
diff --git a/dtls-2.0.9/.github/workflows/renovate-go-mod-fix.yaml b/dtls-2.0.9/.github/workflows/renovate-go-mod-fix.yaml
deleted file mode 100644
index 46d2d04..0000000
--- a/dtls-2.0.9/.github/workflows/renovate-go-mod-fix.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# DO NOT EDIT THIS FILE
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-# If this repository should have package specific CI config,
-# remove the repository name from .goassets/.github/workflows/assets-sync.yml.
-#
-# If you want to update the shared CI config, send a PR to
-# https://github.com/pion/.goassets instead of this repository.
-#
-
-name: go-mod-fix
-on:
- push:
- branches:
- - renovate/*
-
-jobs:
- go-mod-fix:
- runs-on: ubuntu-latest
- steps:
- - name: checkout
- uses: actions/checkout@v2
- with:
- fetch-depth: 2
- - name: fix
- uses: at-wat/go-sum-fix-action@v0
- with:
- git_user: Pion Bot
- git_email: 59523206+pionbot@users.noreply.github.com
- github_token: ${{ secrets.PIONBOT_PRIVATE_KEY }}
- commit_style: squash
- push: force
diff --git a/dtls-2.0.9/.github/workflows/test.yaml b/dtls-2.0.9/.github/workflows/test.yaml
deleted file mode 100644
index 5b7a43b..0000000
--- a/dtls-2.0.9/.github/workflows/test.yaml
+++ /dev/null
@@ -1,139 +0,0 @@
-name: Test
-on:
- push:
- branches:
- - master
- pull_request:
- branches:
- - master
-jobs:
- test:
- runs-on: ubuntu-latest
- strategy:
- matrix:
- go: ["1.15", "1.16"]
- fail-fast: false
- name: Go ${{ matrix.go }}
- steps:
- - uses: actions/checkout@v2
-
- - uses: actions/cache@v2
- with:
- path: |
- ~/go/pkg/mod
- ~/go/bin
- ~/.cache
- key: ${{ runner.os }}-amd64-go-${{ hashFiles('**/go.sum') }}
- restore-keys: |
- ${{ runner.os }}-amd64-go-
-
- - name: Setup Go
- uses: actions/setup-go@v2
- with:
- go-version: ${{ matrix.go }}
-
- - name: Setup go-acc
- run: |
- go get github.com/ory/go-acc
- git checkout go.mod go.sum
-
- - name: Run test
- run: |
- go-acc -o cover.out ./... -- \
- -bench=. \
- -v -race
-
- - uses: codecov/codecov-action@v1
- with:
- file: ./cover.out
- name: codecov-umbrella
- fail_ci_if_error: true
- flags: go
-
- test-i386:
- runs-on: ubuntu-latest
- strategy:
- matrix:
- go: ["1.15", "1.16"]
- fail-fast: false
- name: Go i386 ${{ matrix.go }}
- steps:
- - uses: actions/checkout@v2
-
- - uses: actions/cache@v2
- with:
- path: |
- ~/go/pkg/mod
- ~/.cache
- key: ${{ runner.os }}-i386-go-${{ hashFiles('**/go.sum') }}
- restore-keys: |
- ${{ runner.os }}-i386-go-
-
- - name: Run test
- run: |
- mkdir -p $HOME/go/pkg/mod $HOME/.cache
- docker run \
- -u $(id -u):$(id -g) \
- -e "GO111MODULE=on" \
- -e "CGO_ENABLED=0" \
- -v $GITHUB_WORKSPACE:/go/src/github.com/pion/$(basename $GITHUB_WORKSPACE) \
- -v $HOME/go/pkg/mod:/go/pkg/mod \
- -v $HOME/.cache:/.cache \
- -w /go/src/github.com/pion/$(basename $GITHUB_WORKSPACE) \
- i386/golang:${{matrix.go}}-alpine \
- /usr/local/go/bin/go test \
- ${TEST_EXTRA_ARGS:-} \
- -v ./...
-
- test-wasm:
- runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- name: WASM
- steps:
- - uses: actions/checkout@v2
-
- - name: Use Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '12.x'
-
- - uses: actions/cache@v2
- with:
- path: |
- ~/go/pkg/mod
- ~/.cache
- key: ${{ runner.os }}-wasm-go-${{ hashFiles('**/go.sum') }}
- restore-keys: |
- ${{ runner.os }}-wasm-go-
-
- - name: Download Go
- run: curl -sSfL https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz | tar -C ~ -xzf -
- env:
- GO_VERSION: 1.16
-
- - name: Set Go Root
- run: echo "GOROOT=${HOME}/go" >> $GITHUB_ENV
-
- - name: Set Go Path
- run: echo "GOPATH=${HOME}/go" >> $GITHUB_ENV
-
- - name: Set Go Path
- run: echo "GO_JS_WASM_EXEC=${GOROOT}/misc/wasm/go_js_wasm_exec" >> $GITHUB_ENV
-
- - name: Insall NPM modules
- run: yarn install
-
- - name: Run Tests
- run: |
- GOOS=js GOARCH=wasm $GOPATH/bin/go test \
- -coverprofile=cover.out -covermode=atomic \
- -exec="${GO_JS_WASM_EXEC}" \
- -v ./...
-
- - uses: codecov/codecov-action@v1
- with:
- file: ./cover.out
- name: codecov-umbrella
- fail_ci_if_error: true
- flags: wasm
diff --git a/dtls-2.0.9/.github/workflows/tidy-check.yaml b/dtls-2.0.9/.github/workflows/tidy-check.yaml
deleted file mode 100644
index 03b5189..0000000
--- a/dtls-2.0.9/.github/workflows/tidy-check.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# DO NOT EDIT THIS FILE
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-# If this repository should have package specific CI config,
-# remove the repository name from .goassets/.github/workflows/assets-sync.yml.
-#
-# If you want to update the shared CI config, send a PR to
-# https://github.com/pion/.goassets instead of this repository.
-#
-
-name: Go mod tidy
-on:
- pull_request:
- branches:
- - master
- push:
- branches:
- - master
-
-jobs:
- Check:
- runs-on: ubuntu-latest
- steps:
- - name: checkout
- uses: actions/checkout@v2
- - name: Setup Go
- uses: actions/setup-go@v2
- - name: check
- run: |
- go mod download
- go mod tidy
- if ! git diff --exit-code
- then
- echo "Not go mod tidied"
- exit 1
- fi
diff --git a/dtls-2.0.9/.gitignore b/dtls-2.0.9/.gitignore
deleted file mode 100644
index 83db74b..0000000
--- a/dtls-2.0.9/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-### JetBrains IDE ###
-#####################
-.idea/
-
-### Emacs Temporary Files ###
-#############################
-*~
-
-### Folders ###
-###############
-bin/
-vendor/
-node_modules/
-
-### Files ###
-#############
-*.ivf
-*.ogg
-tags
-cover.out
-*.sw[poe]
-*.wasm
-examples/sfu-ws/cert.pem
-examples/sfu-ws/key.pem
diff --git a/dtls-2.0.9/.golangci.yml b/dtls-2.0.9/.golangci.yml
deleted file mode 100644
index d6162c9..0000000
--- a/dtls-2.0.9/.golangci.yml
+++ /dev/null
@@ -1,89 +0,0 @@
-linters-settings:
- govet:
- check-shadowing: true
- misspell:
- locale: US
- exhaustive:
- default-signifies-exhaustive: true
- gomodguard:
- blocked:
- modules:
- - github.com/pkg/errors:
- recommendations:
- - errors
-
-linters:
- enable:
- - asciicheck # Simple linter to check that your code does not contain non-ASCII identifiers
- - bodyclose # checks whether HTTP response body is closed successfully
- - deadcode # Finds unused code
- - depguard # Go linter that checks if package imports are in a list of acceptable packages
- - dogsled # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
- - dupl # Tool for code clone detection
- - errcheck # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
- - exhaustive # check exhaustiveness of enum switch statements
- - exportloopref # checks for pointers to enclosing loop variables
- - gci # Gci control golang package import order and make it always deterministic.
- - gochecknoglobals # Checks that no globals are present in Go code
- - gochecknoinits # Checks that no init functions are present in Go code
- - gocognit # Computes and checks the cognitive complexity of functions
- - goconst # Finds repeated strings that could be replaced by a constant
- - gocritic # The most opinionated Go source code linter
- - godox # Tool for detection of FIXME, TODO and other comment keywords
- - goerr113 # Golang linter to check the errors handling expressions
- - gofmt # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
- - gofumpt # Gofumpt checks whether code was gofumpt-ed.
- - goheader # Checks is file header matches to pattern
- - goimports # Goimports does everything that gofmt does. Additionally it checks unused imports
- - golint # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
- - gomodguard # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
- - goprintffuncname # Checks that printf-like functions are named with `f` at the end
- - gosec # Inspects source code for security problems
- - gosimple # Linter for Go source code that specializes in simplifying a code
- - govet # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
- - ineffassign # Detects when assignments to existing variables are not used
- - misspell # Finds commonly misspelled English words in comments
- - nakedret # Finds naked returns in functions greater than a specified function length
- - noctx # noctx finds sending http request without context.Context
- - scopelint # Scopelint checks for unpinned variables in go programs
- - staticcheck # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
- - structcheck # Finds unused struct fields
- - stylecheck # Stylecheck is a replacement for golint
- - typecheck # Like the front-end of a Go compiler, parses and type-checks Go code
- - unconvert # Remove unnecessary type conversions
- - unparam # Reports unused function parameters
- - unused # Checks Go code for unused constants, variables, functions and types
- - varcheck # Finds unused global variables and constants
- - whitespace # Tool for detection of leading and trailing whitespace
- disable:
- - funlen # Tool for detection of long functions
- - gocyclo # Computes and checks the cyclomatic complexity of functions
- - godot # Check if comments end in a period
- - gomnd # An analyzer to detect magic numbers.
- - lll # Reports long lines
- - maligned # Tool to detect Go structs that would take less memory if their fields were sorted
- - nestif # Reports deeply nested if statements
- - nlreturn # nlreturn checks for a new line before return and branch statements to increase code clarity
- - nolintlint # Reports ill-formed or insufficient nolint directives
- - prealloc # Finds slice declarations that could potentially be preallocated
- - rowserrcheck # checks whether Err of rows is checked successfully
- - sqlclosecheck # Checks that sql.Rows and sql.Stmt are closed.
- - testpackage # linter that makes you use a separate _test package
- - wsl # Whitespace Linter - Forces you to use empty lines!
-
-issues:
- exclude-use-default: false
- exclude-rules:
- # Allow complex tests, better to be self contained
- - path: _test\.go
- linters:
- - gocognit
-
- # Allow complex main function in examples
- - path: examples
- text: "of func `main` is high"
- linters:
- - gocognit
-
-run:
- skip-dirs-use-default: false
diff --git a/dtls-2.0.9/LICENSE b/dtls-2.0.9/LICENSE
deleted file mode 100644
index ab60297..0000000
--- a/dtls-2.0.9/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2018
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/dtls-2.0.9/Makefile b/dtls-2.0.9/Makefile
deleted file mode 100644
index 1df38b2..0000000
--- a/dtls-2.0.9/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-fuzz-build-record-layer: fuzz-prepare
- go-fuzz-build -tags gofuzz -func FuzzRecordLayer
-fuzz-run-record-layer:
- go-fuzz -bin dtls-fuzz.zip -workdir fuzz
-fuzz-prepare:
- @GO111MODULE=on go mod vendor
diff --git a/dtls-2.0.9/README.md b/dtls-2.0.9/README.md
deleted file mode 100644
index 9f7e4a0..0000000
--- a/dtls-2.0.9/README.md
+++ /dev/null
@@ -1,156 +0,0 @@
-<h1 align="center">
- <br>
- Pion DTLS
- <br>
-</h1>
-<h4 align="center">A Go implementation of DTLS</h4>
-<p align="center">
- <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-dtls-gray.svg?longCache=true&colorB=brightgreen" alt="Pion DTLS"></a>
- <a href="https://sourcegraph.com/github.com/pion/dtls"><img src="https://sourcegraph.com/github.com/pion/dtls/-/badge.svg" alt="Sourcegraph Widget"></a>
- <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
- <br>
- <a href="https://travis-ci.org/pion/dtls"><img src="https://travis-ci.org/pion/dtls.svg?branch=master" alt="Build Status"></a>
- <a href="https://pkg.go.dev/github.com/pion/dtls"><img src="https://godoc.org/github.com/pion/dtls?status.svg" alt="GoDoc"></a>
- <a href="https://codecov.io/gh/pion/dtls"><img src="https://codecov.io/gh/pion/dtls/branch/master/graph/badge.svg" alt="Coverage Status"></a>
- <a href="https://goreportcard.com/report/github.com/pion/dtls"><img src="https://goreportcard.com/badge/github.com/pion/dtls" alt="Go Report Card"></a>
- <a href="https://www.codacy.com/app/Sean-Der/dtls"><img src="https://api.codacy.com/project/badge/Grade/18f4aec384894e6aac0b94effe51961d" alt="Codacy Badge"></a>
- <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
-</p>
-<br>
-
-Native [DTLS 1.2][rfc6347] implementation in the Go programming language.
-
-A long term goal is a professional security review, and maye inclusion in stdlib.
-
-[rfc6347]: https://tools.ietf.org/html/rfc6347
-
-### Goals/Progress
-This will only be targeting DTLS 1.2, and the most modern/common cipher suites.
-We would love contributes that fall under the 'Planned Features' and fixing any bugs!
-
-#### Current features
-* DTLS 1.2 Client/Server
-* Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
-* Packet loss and re-ordering is handled during handshaking
-* Key export ([RFC 5705][rfc5705])
-* Serialization and Resumption of sessions
-* Extended Master Secret extension ([RFC 7627][rfc7627])
-
-[rfc5705]: https://tools.ietf.org/html/rfc5705
-[rfc7627]: https://tools.ietf.org/html/rfc7627
-
-#### Supported ciphers
-
-##### ECDHE
-* TLS_ECDHE_ECDSA_WITH_AES_128_CCM ([RFC 6655][rfc6655])
-* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ([RFC 6655][rfc6655])
-* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ([RFC 5289][rfc5289])
-* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ([RFC 5289][rfc5289])
-* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ([RFC 8422][rfc8422])
-* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ([RFC 8422][rfc8422])
-
-##### PSK
-* TLS_PSK_WITH_AES_128_CCM ([RFC 6655][rfc6655])
-* TLS_PSK_WITH_AES_128_CCM_8 ([RFC 6655][rfc6655])
-* TLS_PSK_WITH_AES_128_GCM_SHA256 ([RFC 5487][rfc5487])
-* TLS_PSK_WITH_AES_128_CBC_SHA256 ([RFC 5487][rfc5487])
-
-[rfc5289]: https://tools.ietf.org/html/rfc5289
-[rfc8422]: https://tools.ietf.org/html/rfc8422
-[rfc6655]: https://tools.ietf.org/html/rfc6655
-[rfc5487]: https://tools.ietf.org/html/rfc5487
-
-#### Planned Features
-* Chacha20Poly1305
-
-#### Excluded Features
-* DTLS 1.0
-* Renegotiation
-* Compression
-
-### Using
-
-This library needs at least Go 1.13, and you should have [Go modules
-enabled](https://github.com/golang/go/wiki/Modules).
-
-#### Pion DTLS
-For a DTLS 1.2 Server that listens on 127.0.0.1:4444
-```sh
-go run examples/listen/selfsign/main.go
-```
-
-For a DTLS 1.2 Client that connects to 127.0.0.1:4444
-```sh
-go run examples/dial/selfsign/main.go
-```
-
-#### OpenSSL
-Pion DTLS can connect to itself and OpenSSL.
-```
- // Generate a certificate
- openssl ecparam -out key.pem -name prime256v1 -genkey
- openssl req -new -sha256 -key key.pem -out server.csr
- openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem
-
- // Use with examples/dial/selfsign/main.go
- openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444
-
- // Use with examples/listen/selfsign/main.go
- openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem
-```
-
-### Using with PSK
-Pion DTLS also comes with examples that do key exchange via PSK
-
-
-#### Pion DTLS
-```sh
-go run examples/listen/psk/main.go
-```
-
-```sh
-go run examples/dial/psk/main.go
-```
-
-#### OpenSSL
-```
- // Use with examples/dial/psk/main.go
- openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8
-
- // Use with examples/listen/psk/main.go
- openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8
-```
-
-### Contributing
-Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
-
-* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
-* [Michiel De Backker](https://github.com/backkem) - *Public API*
-* [Chris Hiszpanski](https://github.com/thinkski) - *Support Signature Algorithms Extension*
-* [Iñigo Garcia Olaizola](https://github.com/igolaizola) - *Serialization & resumption, cert verification, E2E*
-* [Daniele Sluijters](https://github.com/daenney) - *AES-CCM support*
-* [Jin Lei](https://github.com/jinleileiking) - *Logging*
-* [Hugo Arregui](https://github.com/hugoArregui)
-* [Lander Noterman](https://github.com/LanderN)
-* [Aleksandr Razumov](https://github.com/ernado) - *Fuzzing*
-* [Ryan Gordon](https://github.com/ryangordon)
-* [Stefan Tatschner](https://rumpelsepp.org/contact.html)
-* [Hayden James](https://github.com/hjames9)
-* [Jozef Kralik](https://github.com/jkralik)
-* [Robert Eperjesi](https://github.com/epes)
-* [Atsushi Watanabe](https://github.com/at-wat)
-* [Julien Salleyron](https://github.com/juliens) - *Server Name Indication*
-* [Jeroen de Bruijn](https://github.com/vidavidorra)
-* [bjdgyc](https://github.com/bjdgyc)
-* [Jeffrey Stoke (Jeff Ctor)](https://github.com/jeffreystoke) - *Fragmentbuffer Fix*
-* [Frank Olbricht](https://github.com/folbricht)
-* [ZHENK](https://github.com/scorpionknifes)
-* [Carson Hoffman](https://github.com/CarsonHoffman)
-* [Vadim Filimonov](https://github.com/fffilimonov)
-* [Jim Wert](https://github.com/bocajim)
-* [Alvaro Viebrantz](https://github.com/alvarowolfx)
-* [Kegan Dougal](https://github.com/Kegsay)
-* [Michael Zabka](https://github.com/misak113)
-
-### License
-MIT License - see [LICENSE](LICENSE) for full text
diff --git a/dtls-2.0.9/bench_test.go b/dtls-2.0.9/bench_test.go
deleted file mode 100644
index 517bc16..0000000
--- a/dtls-2.0.9/bench_test.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package dtls
-
-import (
- "context"
- "crypto/tls"
- "fmt"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/internal/net/dpipe"
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
- "github.com/pion/logging"
- "github.com/pion/transport/test"
-)
-
-func TestSimpleReadWrite(t *testing.T) {
- report := test.CheckRoutines(t)
- defer report()
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- ca, cb := dpipe.Pipe()
- certificate, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
- gotHello := make(chan struct{})
-
- go func() {
- server, sErr := testServer(ctx, cb, &Config{
- Certificates: []tls.Certificate{certificate},
- LoggerFactory: logging.NewDefaultLoggerFactory(),
- }, false)
- if sErr != nil {
- t.Error(sErr)
- return
- }
- buf := make([]byte, 1024)
- if _, sErr = server.Read(buf); sErr != nil {
- t.Error(sErr)
- }
- gotHello <- struct{}{}
- if sErr = server.Close(); sErr != nil {
- t.Error(sErr)
- }
- }()
-
- client, err := testClient(ctx, ca, &Config{
- LoggerFactory: logging.NewDefaultLoggerFactory(),
- InsecureSkipVerify: true,
- }, false)
- if err != nil {
- t.Fatal(err)
- }
- if _, err = client.Write([]byte("hello")); err != nil {
- t.Error(err)
- }
- select {
- case <-gotHello:
- // OK
- case <-time.After(time.Second * 5):
- t.Error("timeout")
- }
-
- if err = client.Close(); err != nil {
- t.Error(err)
- }
-}
-
-func benchmarkConn(b *testing.B, n int64) {
- b.Run(fmt.Sprintf("%d", n), func(b *testing.B) {
- ctx := context.Background()
-
- ca, cb := dpipe.Pipe()
- certificate, err := selfsign.GenerateSelfSigned()
- server := make(chan *Conn)
- go func() {
- s, sErr := testServer(ctx, cb, &Config{
- Certificates: []tls.Certificate{certificate},
- }, false)
- if err != nil {
- b.Error(sErr)
- return
- }
- server <- s
- }()
- if err != nil {
- b.Fatal(err)
- }
- hw := make([]byte, n)
- b.ReportAllocs()
- b.SetBytes(int64(len(hw)))
- go func() {
- client, cErr := testClient(ctx, ca, &Config{InsecureSkipVerify: true}, false)
- if cErr != nil {
- b.Error(err)
- }
- for {
- if _, cErr = client.Write(hw); cErr != nil {
- b.Error(err)
- }
- }
- }()
- s := <-server
- buf := make([]byte, 2048)
- for i := 0; i < b.N; i++ {
- if _, err = s.Read(buf); err != nil {
- b.Error(err)
- }
- }
- })
-}
-
-func BenchmarkConnReadWrite(b *testing.B) {
- for _, n := range []int64{16, 128, 512, 1024, 2048} {
- benchmarkConn(b, n)
- }
-}
diff --git a/dtls-2.0.9/certificate.go b/dtls-2.0.9/certificate.go
deleted file mode 100644
index c99e1c9..0000000
--- a/dtls-2.0.9/certificate.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package dtls
-
-import (
- "crypto/tls"
- "crypto/x509"
- "strings"
-)
-
-func (c *handshakeConfig) getCertificate(serverName string) (*tls.Certificate, error) {
- c.mu.Lock()
- defer c.mu.Unlock()
-
- if c.nameToCertificate == nil {
- nameToCertificate := make(map[string]*tls.Certificate)
- for i := range c.localCertificates {
- cert := &c.localCertificates[i]
- x509Cert := cert.Leaf
- if x509Cert == nil {
- var parseErr error
- x509Cert, parseErr = x509.ParseCertificate(cert.Certificate[0])
- if parseErr != nil {
- continue
- }
- }
- if len(x509Cert.Subject.CommonName) > 0 {
- nameToCertificate[strings.ToLower(x509Cert.Subject.CommonName)] = cert
- }
- for _, san := range x509Cert.DNSNames {
- nameToCertificate[strings.ToLower(san)] = cert
- }
- }
- c.nameToCertificate = nameToCertificate
- }
-
- if len(c.localCertificates) == 0 {
- return nil, errNoCertificates
- }
-
- if len(c.localCertificates) == 1 {
- // There's only one choice, so no point doing any work.
- return &c.localCertificates[0], nil
- }
-
- if len(serverName) == 0 {
- return &c.localCertificates[0], nil
- }
-
- name := strings.TrimRight(strings.ToLower(serverName), ".")
-
- if cert, ok := c.nameToCertificate[name]; ok {
- return cert, nil
- }
-
- // try replacing labels in the name with wildcards until we get a
- // match.
- labels := strings.Split(name, ".")
- for i := range labels {
- labels[i] = "*"
- candidate := strings.Join(labels, ".")
- if cert, ok := c.nameToCertificate[candidate]; ok {
- return cert, nil
- }
- }
-
- // If nothing matches, return the first certificate.
- return &c.localCertificates[0], nil
-}
diff --git a/dtls-2.0.9/certificate_test.go b/dtls-2.0.9/certificate_test.go
deleted file mode 100644
index 56cc04e..0000000
--- a/dtls-2.0.9/certificate_test.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package dtls
-
-import (
- "crypto/tls"
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
-)
-
-func TestGetCertificate(t *testing.T) {
- certificateWildcard, err := selfsign.GenerateSelfSignedWithDNS("*.test.test")
- if err != nil {
- t.Fatal(err)
- }
-
- certificateTest, err := selfsign.GenerateSelfSignedWithDNS("test.test", "www.test.test", "pop.test.test")
- if err != nil {
- t.Fatal(err)
- }
-
- certificateRandom, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
-
- cfg := &handshakeConfig{
- localCertificates: []tls.Certificate{
- certificateRandom,
- certificateTest,
- certificateWildcard,
- },
- }
-
- testCases := []struct {
- desc string
- serverName string
- expectedCertificate tls.Certificate
- }{
- {
- desc: "Simple match in CN",
- serverName: "test.test",
- expectedCertificate: certificateTest,
- },
- {
- desc: "Simple match in SANs",
- serverName: "www.test.test",
- expectedCertificate: certificateTest,
- },
-
- {
- desc: "Wildcard match",
- serverName: "foo.test.test",
- expectedCertificate: certificateWildcard,
- },
- {
- desc: "No match return first",
- serverName: "foo.bar",
- expectedCertificate: certificateRandom,
- },
- }
-
- for _, test := range testCases {
- test := test
-
- t.Run(test.desc, func(t *testing.T) {
- t.Parallel()
-
- cert, err := cfg.getCertificate(test.serverName)
- if err != nil {
- t.Fatal(err)
- }
-
- if !reflect.DeepEqual(cert.Leaf, test.expectedCertificate.Leaf) {
- t.Fatalf("Certificate does not match: expected(%v) actual(%v)", test.expectedCertificate.Leaf, cert.Leaf)
- }
- })
- }
-}
diff --git a/dtls-2.0.9/cipher_suite.go b/dtls-2.0.9/cipher_suite.go
deleted file mode 100644
index ed10609..0000000
--- a/dtls-2.0.9/cipher_suite.go
+++ /dev/null
@@ -1,213 +0,0 @@
-package dtls
-
-import (
- "fmt"
- "hash"
-
- "github.com/pion/dtls/v2/internal/ciphersuite"
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-// CipherSuiteID is an ID for our supported CipherSuites
-type CipherSuiteID = ciphersuite.ID
-
-// Supported Cipher Suites
-const (
- // AES-128-CCM
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM //nolint:golint,stylecheck
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 //nolint:golint,stylecheck
-
- // AES-128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 //nolint:golint,stylecheck
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 CipherSuiteID = ciphersuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 //nolint:golint,stylecheck
-
- // AES-256-CBC-SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA //nolint:golint,stylecheck
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA CipherSuiteID = ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA //nolint:golint,stylecheck
-
- TLS_PSK_WITH_AES_128_CCM CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_CCM //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_128_CCM_8 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_CCM_8 //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_128_GCM_SHA256 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_GCM_SHA256 //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_128_CBC_SHA256 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_CBC_SHA256 //nolint:golint,stylecheck
-)
-
-// CipherSuiteAuthenticationType controls what authentication method is using during the handshake for a CipherSuite
-type CipherSuiteAuthenticationType = ciphersuite.AuthenticationType
-
-// AuthenticationType Enums
-const (
- CipherSuiteAuthenticationTypeCertificate CipherSuiteAuthenticationType = ciphersuite.AuthenticationTypeCertificate
- CipherSuiteAuthenticationTypePreSharedKey CipherSuiteAuthenticationType = ciphersuite.AuthenticationTypePreSharedKey
- CipherSuiteAuthenticationTypeAnonymous CipherSuiteAuthenticationType = ciphersuite.AuthenticationTypeAnonymous
-)
-
-var _ = allCipherSuites() // Necessary until this function isn't only used by Go 1.14
-
-// CipherSuite is an interface that all DTLS CipherSuites must satisfy
-type CipherSuite interface {
- // String of CipherSuite, only used for logging
- String() string
-
- // ID of CipherSuite.
- ID() CipherSuiteID
-
- // What type of Certificate does this CipherSuite use
- CertificateType() clientcertificate.Type
-
- // What Hash function is used during verification
- HashFunc() func() hash.Hash
-
- // AuthenticationType controls what authentication method is using during the handshake
- AuthenticationType() CipherSuiteAuthenticationType
-
- // Called when keying material has been generated, should initialize the internal cipher
- Init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error
- IsInitialized() bool
-
- Encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error)
- Decrypt(in []byte) ([]byte, error)
-}
-
-// CipherSuiteName provides the same functionality as tls.CipherSuiteName
-// that appeared first in Go 1.14.
-//
-// Our implementation differs slightly in that it takes in a CiperSuiteID,
-// like the rest of our library, instead of a uint16 like crypto/tls.
-func CipherSuiteName(id CipherSuiteID) string {
- suite := cipherSuiteForID(id, nil)
- if suite != nil {
- return suite.String()
- }
- return fmt.Sprintf("0x%04X", uint16(id))
-}
-
-// Taken from https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
-// A cipherSuite is a specific combination of key agreement, cipher and MAC
-// function.
-func cipherSuiteForID(id CipherSuiteID, customCiphers func() []CipherSuite) CipherSuite {
- switch id { //nolint:exhaustive
- case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
- return ciphersuite.NewTLSEcdheEcdsaWithAes128Ccm()
- case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
- return ciphersuite.NewTLSEcdheEcdsaWithAes128Ccm8()
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
- return &ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256{}
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
- return &ciphersuite.TLSEcdheRsaWithAes128GcmSha256{}
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- return &ciphersuite.TLSEcdheEcdsaWithAes256CbcSha{}
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- return &ciphersuite.TLSEcdheRsaWithAes256CbcSha{}
- case TLS_PSK_WITH_AES_128_CCM:
- return ciphersuite.NewTLSPskWithAes128Ccm()
- case TLS_PSK_WITH_AES_128_CCM_8:
- return ciphersuite.NewTLSPskWithAes128Ccm8()
- case TLS_PSK_WITH_AES_128_GCM_SHA256:
- return &ciphersuite.TLSPskWithAes128GcmSha256{}
- case TLS_PSK_WITH_AES_128_CBC_SHA256:
- return &ciphersuite.TLSPskWithAes128CbcSha256{}
- }
-
- if customCiphers != nil {
- for _, c := range customCiphers() {
- if c.ID() == id {
- return c
- }
- }
- }
-
- return nil
-}
-
-// CipherSuites we support in order of preference
-func defaultCipherSuites() []CipherSuite {
- return []CipherSuite{
- &ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256{},
- &ciphersuite.TLSEcdheRsaWithAes128GcmSha256{},
- &ciphersuite.TLSEcdheEcdsaWithAes256CbcSha{},
- &ciphersuite.TLSEcdheRsaWithAes256CbcSha{},
- }
-}
-
-func allCipherSuites() []CipherSuite {
- return []CipherSuite{
- ciphersuite.NewTLSEcdheEcdsaWithAes128Ccm(),
- ciphersuite.NewTLSEcdheEcdsaWithAes128Ccm8(),
- &ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256{},
- &ciphersuite.TLSEcdheRsaWithAes128GcmSha256{},
- &ciphersuite.TLSEcdheEcdsaWithAes256CbcSha{},
- &ciphersuite.TLSEcdheRsaWithAes256CbcSha{},
- ciphersuite.NewTLSPskWithAes128Ccm(),
- ciphersuite.NewTLSPskWithAes128Ccm8(),
- &ciphersuite.TLSPskWithAes128GcmSha256{},
- }
-}
-
-func cipherSuiteIDs(cipherSuites []CipherSuite) []uint16 {
- rtrn := []uint16{}
- for _, c := range cipherSuites {
- rtrn = append(rtrn, uint16(c.ID()))
- }
- return rtrn
-}
-
-func parseCipherSuites(userSelectedSuites []CipherSuiteID, customCipherSuites func() []CipherSuite, includeCertificateSuites, includePSKSuites bool) ([]CipherSuite, error) {
- cipherSuitesForIDs := func(ids []CipherSuiteID) ([]CipherSuite, error) {
- cipherSuites := []CipherSuite{}
- for _, id := range ids {
- c := cipherSuiteForID(id, nil)
- if c == nil {
- return nil, &invalidCipherSuite{id}
- }
- cipherSuites = append(cipherSuites, c)
- }
- return cipherSuites, nil
- }
-
- var (
- cipherSuites []CipherSuite
- err error
- i int
- )
- if userSelectedSuites != nil {
- cipherSuites, err = cipherSuitesForIDs(userSelectedSuites)
- if err != nil {
- return nil, err
- }
- } else {
- cipherSuites = defaultCipherSuites()
- }
-
- // Put CustomCipherSuites before ID selected suites
- if customCipherSuites != nil {
- cipherSuites = append(customCipherSuites(), cipherSuites...)
- }
-
- var foundCertificateSuite, foundPSKSuite, foundAnonymousSuite bool
- for _, c := range cipherSuites {
- switch {
- case includeCertificateSuites && c.AuthenticationType() == CipherSuiteAuthenticationTypeCertificate:
- foundCertificateSuite = true
- case includePSKSuites && c.AuthenticationType() == CipherSuiteAuthenticationTypePreSharedKey:
- foundPSKSuite = true
- case c.AuthenticationType() == CipherSuiteAuthenticationTypeAnonymous:
- foundAnonymousSuite = true
- default:
- continue
- }
- cipherSuites[i] = c
- i++
- }
-
- switch {
- case includeCertificateSuites && !foundCertificateSuite && !foundAnonymousSuite:
- return nil, errNoAvailableCertificateCipherSuite
- case includePSKSuites && !foundPSKSuite:
- return nil, errNoAvailablePSKCipherSuite
- case i == 0:
- return nil, errNoAvailableCipherSuites
- }
-
- return cipherSuites[:i], nil
-}
diff --git a/dtls-2.0.9/cipher_suite_go114.go b/dtls-2.0.9/cipher_suite_go114.go
deleted file mode 100644
index 7bba16e..0000000
--- a/dtls-2.0.9/cipher_suite_go114.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// +build go1.14
-
-package dtls
-
-import (
- "crypto/tls"
-)
-
-// VersionDTLS12 is the DTLS version in the same style as
-// VersionTLSXX from crypto/tls
-const VersionDTLS12 = 0xfefd
-
-// Convert from our cipherSuite interface to a tls.CipherSuite struct
-func toTLSCipherSuite(c CipherSuite) *tls.CipherSuite {
- return &tls.CipherSuite{
- ID: uint16(c.ID()),
- Name: c.String(),
- SupportedVersions: []uint16{VersionDTLS12},
- Insecure: false,
- }
-}
-
-// CipherSuites returns a list of cipher suites currently implemented by this
-// package, excluding those with security issues, which are returned by
-// InsecureCipherSuites.
-func CipherSuites() []*tls.CipherSuite {
- suites := allCipherSuites()
- res := make([]*tls.CipherSuite, len(suites))
- for i, c := range suites {
- res[i] = toTLSCipherSuite(c)
- }
- return res
-}
-
-// InsecureCipherSuites returns a list of cipher suites currently implemented by
-// this package and which have security issues.
-func InsecureCipherSuites() []*tls.CipherSuite {
- var res []*tls.CipherSuite
- return res
-}
diff --git a/dtls-2.0.9/cipher_suite_go114_test.go b/dtls-2.0.9/cipher_suite_go114_test.go
deleted file mode 100644
index 57c64d4..0000000
--- a/dtls-2.0.9/cipher_suite_go114_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-// +build go1.14
-
-package dtls
-
-import (
- "testing"
-)
-
-func TestInsecureCipherSuites(t *testing.T) {
- r := InsecureCipherSuites()
-
- if len(r) != 0 {
- t.Fatalf("Expected no insecure ciphersuites, got %d", len(r))
- }
-}
-
-func TestCipherSuites(t *testing.T) {
- ours := allCipherSuites()
- theirs := CipherSuites()
-
- if len(ours) != len(theirs) {
- t.Fatalf("Expected %d CipherSuites, got %d", len(ours), len(theirs))
- }
-
- for i, s := range ours {
- i := i
- s := s
- t.Run(s.String(), func(t *testing.T) {
- c := theirs[i]
- if c.ID != uint16(s.ID()) {
- t.Fatalf("Expected ID: 0x%04X, got 0x%04X", s.ID(), c.ID)
- }
-
- if c.Name != s.String() {
- t.Fatalf("Expected Name: %s, got %s", s.String(), c.Name)
- }
-
- if len(c.SupportedVersions) != 1 {
- t.Fatalf("Expected %d SupportedVersion, got %d", 1, len(c.SupportedVersions))
- }
-
- if c.SupportedVersions[0] != VersionDTLS12 {
- t.Fatalf("Expected SupportedVersions 0x%04X, got 0x%04X", VersionDTLS12, c.SupportedVersions[0])
- }
-
- if c.Insecure {
- t.Fatalf("Expected Insecure %t, got %t", false, c.Insecure)
- }
- })
- }
-}
diff --git a/dtls-2.0.9/cipher_suite_test.go b/dtls-2.0.9/cipher_suite_test.go
deleted file mode 100644
index e0ed6d1..0000000
--- a/dtls-2.0.9/cipher_suite_test.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package dtls
-
-import (
- "context"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/internal/ciphersuite"
- "github.com/pion/dtls/v2/internal/net/dpipe"
- "github.com/pion/transport/test"
-)
-
-func TestCipherSuiteName(t *testing.T) {
- testCases := []struct {
- suite CipherSuiteID
- expected string
- }{
- {TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"},
- {CipherSuiteID(0x0000), "0x0000"},
- }
-
- for _, testCase := range testCases {
- res := CipherSuiteName(testCase.suite)
- if res != testCase.expected {
- t.Fatalf("Expected: %s, got %s", testCase.expected, res)
- }
- }
-}
-
-func TestAllCipherSuites(t *testing.T) {
- actual := len(allCipherSuites())
- if actual == 0 {
- t.Fatal()
- }
-}
-
-// CustomCipher that is just used to assert Custom IDs work
-type testCustomCipherSuite struct {
- ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256
- authenticationType CipherSuiteAuthenticationType
-}
-
-func (t *testCustomCipherSuite) ID() CipherSuiteID {
- return 0xFFFF
-}
-
-func (t *testCustomCipherSuite) AuthenticationType() CipherSuiteAuthenticationType {
- return t.authenticationType
-}
-
-// Assert that two connections that pass in a CipherSuite with a CustomID works
-func TestCustomCipherSuite(t *testing.T) {
- type result struct {
- c *Conn
- err error
- }
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- runTest := func(cipherFactory func() []CipherSuite) {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- ca, cb := dpipe.Pipe()
- c := make(chan result)
-
- go func() {
- client, err := testClient(ctx, ca, &Config{
- CipherSuites: []CipherSuiteID{},
- CustomCipherSuites: cipherFactory,
- }, true)
- c <- result{client, err}
- }()
-
- server, err := testServer(ctx, cb, &Config{
- CipherSuites: []CipherSuiteID{},
- CustomCipherSuites: cipherFactory,
- }, true)
-
- clientResult := <-c
-
- if err != nil {
- t.Error(err)
- } else {
- _ = server.Close()
- }
-
- if clientResult.err != nil {
- t.Error(clientResult.err)
- } else {
- _ = clientResult.c.Close()
- }
- }
-
- t.Run("Custom ID", func(t *testing.T) {
- runTest(func() []CipherSuite {
- return []CipherSuite{&testCustomCipherSuite{authenticationType: CipherSuiteAuthenticationTypeCertificate}}
- })
- })
-
- t.Run("Anonymous Cipher", func(t *testing.T) {
- runTest(func() []CipherSuite {
- return []CipherSuite{&testCustomCipherSuite{authenticationType: CipherSuiteAuthenticationTypeAnonymous}}
- })
- })
-}
diff --git a/dtls-2.0.9/codecov.yml b/dtls-2.0.9/codecov.yml
deleted file mode 100644
index 085200a..0000000
--- a/dtls-2.0.9/codecov.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# DO NOT EDIT THIS FILE
-#
-# It is automatically copied from https://github.com/pion/.goassets repository.
-#
-
-coverage:
- status:
- project:
- default:
- # Allow decreasing 2% of total coverage to avoid noise.
- threshold: 2%
- patch:
- default:
- target: 70%
- only_pulls: true
-
-ignore:
- - "examples/*"
- - "examples/**/*"
diff --git a/dtls-2.0.9/compression_method.go b/dtls-2.0.9/compression_method.go
deleted file mode 100644
index 693eb7a..0000000
--- a/dtls-2.0.9/compression_method.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package dtls
-
-import "github.com/pion/dtls/v2/pkg/protocol"
-
-func defaultCompressionMethods() []*protocol.CompressionMethod {
- return []*protocol.CompressionMethod{
- {},
- }
-}
diff --git a/dtls-2.0.9/config.go b/dtls-2.0.9/config.go
deleted file mode 100644
index 7c1c0b7..0000000
--- a/dtls-2.0.9/config.go
+++ /dev/null
@@ -1,197 +0,0 @@
-package dtls
-
-import (
- "context"
- "crypto/ecdsa"
- "crypto/ed25519"
- "crypto/rsa"
- "crypto/tls"
- "crypto/x509"
- "io"
- "time"
-
- "github.com/pion/logging"
-)
-
-const keyLogLabelTLS12 = "CLIENT_RANDOM"
-
-// Config is used to configure a DTLS client or server.
-// After a Config is passed to a DTLS function it must not be modified.
-type Config struct {
- // Certificates contains certificate chain to present to the other side of the connection.
- // Server MUST set this if PSK is non-nil
- // client SHOULD sets this so CertificateRequests can be handled if PSK is non-nil
- Certificates []tls.Certificate
-
- // CipherSuites is a list of supported cipher suites.
- // If CipherSuites is nil, a default list is used
- CipherSuites []CipherSuiteID
-
- // CustomCipherSuites is a list of CipherSuites that can be
- // provided by the user. This allow users to user Ciphers that are reserved
- // for private usage.
- CustomCipherSuites func() []CipherSuite
-
- // SignatureSchemes contains the signature and hash schemes that the peer requests to verify.
- SignatureSchemes []tls.SignatureScheme
-
- // SRTPProtectionProfiles are the supported protection profiles
- // Clients will send this via use_srtp and assert that the server properly responds
- // Servers will assert that clients send one of these profiles and will respond as needed
- SRTPProtectionProfiles []SRTPProtectionProfile
-
- // ClientAuth determines the server's policy for
- // TLS Client Authentication. The default is NoClientCert.
- ClientAuth ClientAuthType
-
- // RequireExtendedMasterSecret determines if the "Extended Master Secret" extension
- // should be disabled, requested, or required (default requested).
- ExtendedMasterSecret ExtendedMasterSecretType
-
- // FlightInterval controls how often we send outbound handshake messages
- // defaults to time.Second
- FlightInterval time.Duration
-
- // PSK sets the pre-shared key used by this DTLS connection
- // If PSK is non-nil only PSK CipherSuites will be used
- PSK PSKCallback
- PSKIdentityHint []byte
-
- CiscoCompat PSKCallback // TODO add cisco anyconnect support
-
- // InsecureSkipVerify controls whether a client verifies the
- // server's certificate chain and host name.
- // If InsecureSkipVerify is true, TLS accepts any certificate
- // presented by the server and any host name in that certificate.
- // In this mode, TLS is susceptible to man-in-the-middle attacks.
- // This should be used only for testing.
- InsecureSkipVerify bool
-
- // InsecureHashes allows the use of hashing algorithms that are known
- // to be vulnerable.
- InsecureHashes bool
-
- // VerifyPeerCertificate, if not nil, is called after normal
- // certificate verification by either a client or server. It
- // receives the certificate provided by the peer and also a flag
- // that tells if normal verification has succeedded. If it returns a
- // non-nil error, the handshake is aborted and that error results.
- //
- // If normal verification fails then the handshake will abort before
- // considering this callback. If normal verification is disabled by
- // setting InsecureSkipVerify, or (for a server) when ClientAuth is
- // RequestClientCert or RequireAnyClientCert, then this callback will
- // be considered but the verifiedChains will always be nil.
- VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
-
- // RootCAs defines the set of root certificate authorities
- // that one peer uses when verifying the other peer's certificates.
- // If RootCAs is nil, TLS uses the host's root CA set.
- RootCAs *x509.CertPool
-
- // ClientCAs defines the set of root certificate authorities
- // that servers use if required to verify a client certificate
- // by the policy in ClientAuth.
- ClientCAs *x509.CertPool
-
- // ServerName is used to verify the hostname on the returned
- // certificates unless InsecureSkipVerify is given.
- ServerName string
-
- LoggerFactory logging.LoggerFactory
-
- // ConnectContextMaker is a function to make a context used in Dial(),
- // Client(), Server(), and Accept(). If nil, the default ConnectContextMaker
- // is used. It can be implemented as following.
- //
- // func ConnectContextMaker() (context.Context, func()) {
- // return context.WithTimeout(context.Background(), 30*time.Second)
- // }
- ConnectContextMaker func() (context.Context, func())
-
- // MTU is the length at which handshake messages will be fragmented to
- // fit within the maximum transmission unit (default is 1200 bytes)
- MTU int
-
- // ReplayProtectionWindow is the size of the replay attack protection window.
- // Duplication of the sequence number is checked in this window size.
- // Packet with sequence number older than this value compared to the latest
- // accepted packet will be discarded. (default is 64)
- ReplayProtectionWindow int
-
- // KeyLogWriter optionally specifies a destination for TLS master secrets
- // in NSS key log format that can be used to allow external programs
- // such as Wireshark to decrypt TLS connections.
- // See https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format.
- // Use of KeyLogWriter compromises security and should only be
- // used for debugging.
- KeyLogWriter io.Writer
-}
-
-func defaultConnectContextMaker() (context.Context, func()) {
- return context.WithTimeout(context.Background(), 30*time.Second)
-}
-
-func (c *Config) connectContextMaker() (context.Context, func()) {
- if c.ConnectContextMaker == nil {
- return defaultConnectContextMaker()
- }
- return c.ConnectContextMaker()
-}
-
-const defaultMTU = 1200 // bytes
-
-// PSKCallback is called once we have the remote's PSKIdentityHint.
-// If the remote provided none it will be nil
-type PSKCallback func([]byte) ([]byte, error)
-
-// ClientAuthType declares the policy the server will follow for
-// TLS Client Authentication.
-type ClientAuthType int
-
-// ClientAuthType enums
-const (
- NoClientCert ClientAuthType = iota
- RequestClientCert
- RequireAnyClientCert
- VerifyClientCertIfGiven
- RequireAndVerifyClientCert
-)
-
-// ExtendedMasterSecretType declares the policy the client and server
-// will follow for the Extended Master Secret extension
-type ExtendedMasterSecretType int
-
-// ExtendedMasterSecretType enums
-const (
- RequestExtendedMasterSecret ExtendedMasterSecretType = iota
- RequireExtendedMasterSecret
- DisableExtendedMasterSecret
-)
-
-func validateConfig(config *Config) error {
- switch {
- case config == nil:
- return errNoConfigProvided
- case config.PSKIdentityHint != nil && config.PSK == nil:
- return errIdentityNoPSK
- }
-
- for _, cert := range config.Certificates {
- if cert.Certificate == nil {
- return errInvalidCertificate
- }
- if cert.PrivateKey != nil {
- switch cert.PrivateKey.(type) {
- case ed25519.PrivateKey:
- case *ecdsa.PrivateKey:
- case *rsa.PrivateKey:
- default:
- return errInvalidPrivateKey
- }
- }
- }
-
- _, err := parseCipherSuites(config.CipherSuites, config.CustomCipherSuites, config.PSK == nil || len(config.Certificates) > 0, config.PSK != nil)
- return err
-}
diff --git a/dtls-2.0.9/config_test.go b/dtls-2.0.9/config_test.go
deleted file mode 100644
index a5a0772..0000000
--- a/dtls-2.0.9/config_test.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package dtls
-
-import (
- "crypto/dsa" //nolint
- "crypto/rand"
- "crypto/rsa"
- "crypto/tls"
- "errors"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
-)
-
-func TestValidateConfig(t *testing.T) {
- // Empty config
- if err := validateConfig(nil); !errors.Is(err, errNoConfigProvided) {
- t.Fatalf("TestValidateConfig: Config validation error exp(%v) failed(%v)", errNoConfigProvided, err)
- }
-
- // PSK and Certificate, valid cipher suites
- cert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatalf("TestValidateConfig: Config validation error(%v), self signed certificate not generated", err)
- return
- }
- config := &Config{
- CipherSuites: []CipherSuiteID{TLS_PSK_WITH_AES_128_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- PSK: func(hint []byte) ([]byte, error) {
- return nil, nil
- },
- Certificates: []tls.Certificate{cert},
- }
- if err = validateConfig(config); err != nil {
- t.Fatalf("TestValidateConfig: Client error exp(%v) failed(%v)", nil, err)
- }
-
- // PSK and Certificate, no PSK cipher suite
- config = &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- PSK: func(hint []byte) ([]byte, error) {
- return nil, nil
- },
- Certificates: []tls.Certificate{cert},
- }
- if err = validateConfig(config); !errors.Is(errNoAvailablePSKCipherSuite, err) {
- t.Fatalf("TestValidateConfig: Client error exp(%v) failed(%v)", errNoAvailablePSKCipherSuite, err)
- }
-
- // PSK and Certificate, no non-PSK cipher suite
- config = &Config{
- CipherSuites: []CipherSuiteID{TLS_PSK_WITH_AES_128_CCM_8},
- PSK: func(hint []byte) ([]byte, error) {
- return nil, nil
- },
- Certificates: []tls.Certificate{cert},
- }
- if err = validateConfig(config); !errors.Is(errNoAvailableCertificateCipherSuite, err) {
- t.Fatalf("TestValidateConfig: Client error exp(%v) failed(%v)", errNoAvailableCertificateCipherSuite, err)
- }
-
- // PSK identity hint with not PSK
- config = &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- PSK: nil,
- PSKIdentityHint: []byte{},
- }
- if err = validateConfig(config); !errors.Is(err, errIdentityNoPSK) {
- t.Fatalf("TestValidateConfig: Client error exp(%v) failed(%v)", errIdentityNoPSK, err)
- }
-
- // Invalid private key
- dsaPrivateKey := &dsa.PrivateKey{}
- err = dsa.GenerateParameters(&dsaPrivateKey.Parameters, rand.Reader, dsa.L1024N160)
- if err != nil {
- t.Fatalf("TestValidateConfig: Config validation error(%v), DSA parameters not generated", err)
- return
- }
- err = dsa.GenerateKey(dsaPrivateKey, rand.Reader)
- if err != nil {
- t.Fatalf("TestValidateConfig: Config validation error(%v), DSA private key not generated", err)
- return
- }
- config = &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- Certificates: []tls.Certificate{{Certificate: cert.Certificate, PrivateKey: dsaPrivateKey}},
- }
- if err = validateConfig(config); !errors.Is(err, errInvalidPrivateKey) {
- t.Fatalf("TestValidateConfig: Client error exp(%v) failed(%v)", errInvalidPrivateKey, err)
- }
-
- // PrivateKey without Certificate
- config = &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- Certificates: []tls.Certificate{{PrivateKey: cert.PrivateKey}},
- }
- if err = validateConfig(config); !errors.Is(err, errInvalidCertificate) {
- t.Fatalf("TestValidateConfig: Client error exp(%v) failed(%v)", errInvalidCertificate, err)
- }
-
- // Invalid cipher suites
- config = &Config{CipherSuites: []CipherSuiteID{0x0000}}
- if err = validateConfig(config); err == nil {
- t.Fatal("TestValidateConfig: Client error expected with invalid CipherSuiteID")
- }
-
- // Valid config
- rsaPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
- if err != nil {
- t.Fatalf("TestValidateConfig: Config validation error(%v), RSA private key not generated", err)
- return
- }
- config = &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- Certificates: []tls.Certificate{cert, {Certificate: cert.Certificate, PrivateKey: rsaPrivateKey}},
- }
- if err = validateConfig(config); err != nil {
- t.Fatalf("TestValidateConfig: Client error exp(%v) failed(%v)", nil, err)
- }
-}
diff --git a/dtls-2.0.9/conn.go b/dtls-2.0.9/conn.go
deleted file mode 100644
index b44d6ad..0000000
--- a/dtls-2.0.9/conn.go
+++ /dev/null
@@ -1,979 +0,0 @@
-package dtls
-
-import (
- "context"
- "errors"
- "fmt"
- "io"
- "net"
- "sync"
- "sync/atomic"
- "time"
-
- "github.com/pion/dtls/v2/internal/closer"
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
- "github.com/pion/logging"
- "github.com/pion/transport/connctx"
- "github.com/pion/transport/deadline"
- "github.com/pion/transport/replaydetector"
-)
-
-const (
- initialTickerInterval = time.Second
- cookieLength = 20
- defaultNamedCurve = elliptic.X25519
- inboundBufferSize = 8192
- // Default replay protection window is specified by RFC 6347 Section 4.1.2.6
- defaultReplayProtectionWindow = 64
-)
-
-func invalidKeyingLabels() map[string]bool {
- return map[string]bool{
- "client finished": true,
- "server finished": true,
- "master secret": true,
- "key expansion": true,
- }
-}
-
-// Conn represents a DTLS connection
-type Conn struct {
- lock sync.RWMutex // Internal lock (must not be public)
- nextConn connctx.ConnCtx // Embedded Conn, typically a udpconn we read/write from
- fragmentBuffer *fragmentBuffer // out-of-order and missing fragment handling
- handshakeCache *handshakeCache // caching of handshake messages for verifyData generation
- decrypted chan interface{} // Decrypted Application Data or error, pull by calling `Read`
-
- state State // Internal state
-
- maximumTransmissionUnit int
-
- handshakeCompletedSuccessfully atomic.Value
-
- encryptedPackets [][]byte
-
- connectionClosedByUser bool
- closeLock sync.Mutex
- closed *closer.Closer
- handshakeLoopsFinished sync.WaitGroup
-
- readDeadline *deadline.Deadline
- writeDeadline *deadline.Deadline
-
- log logging.LeveledLogger
-
- reading chan struct{}
- handshakeRecv chan chan struct{}
- cancelHandshaker func()
- cancelHandshakeReader func()
-
- fsm *handshakeFSM
-
- replayProtectionWindow uint
-}
-
-func createConn(ctx context.Context, nextConn net.Conn, config *Config, isClient bool, initialState *State) (*Conn, error) {
- err := validateConfig(config)
- if err != nil {
- return nil, err
- }
-
- if nextConn == nil {
- return nil, errNilNextConn
- }
-
- cipherSuites, err := parseCipherSuites(config.CipherSuites, config.CustomCipherSuites, config.PSK == nil || len(config.Certificates) > 0, config.PSK != nil)
- if err != nil {
- return nil, err
- }
-
- signatureSchemes, err := signaturehash.ParseSignatureSchemes(config.SignatureSchemes, config.InsecureHashes)
- if err != nil {
- return nil, err
- }
-
- workerInterval := initialTickerInterval
- if config.FlightInterval != 0 {
- workerInterval = config.FlightInterval
- }
-
- loggerFactory := config.LoggerFactory
- if loggerFactory == nil {
- loggerFactory = logging.NewDefaultLoggerFactory()
- }
-
- logger := loggerFactory.NewLogger("dtls")
-
- mtu := config.MTU
- if mtu <= 0 {
- mtu = defaultMTU
- }
-
- replayProtectionWindow := config.ReplayProtectionWindow
- if replayProtectionWindow <= 0 {
- replayProtectionWindow = defaultReplayProtectionWindow
- }
-
- c := &Conn{
- nextConn: connctx.New(nextConn),
- fragmentBuffer: newFragmentBuffer(),
- handshakeCache: newHandshakeCache(),
- maximumTransmissionUnit: mtu,
-
- decrypted: make(chan interface{}, 1),
- log: logger,
-
- readDeadline: deadline.New(),
- writeDeadline: deadline.New(),
-
- reading: make(chan struct{}, 1),
- handshakeRecv: make(chan chan struct{}),
- closed: closer.NewCloser(),
- cancelHandshaker: func() {},
-
- replayProtectionWindow: uint(replayProtectionWindow),
-
- state: State{
- isClient: isClient,
- },
- }
-
- c.setRemoteEpoch(0)
- c.setLocalEpoch(0)
-
- serverName := config.ServerName
- // Use host from conn address when serverName is not provided
- if isClient && serverName == "" && nextConn.RemoteAddr() != nil {
- remoteAddr := nextConn.RemoteAddr().String()
- var host string
- host, _, err = net.SplitHostPort(remoteAddr)
- if err != nil {
- serverName = remoteAddr
- } else {
- serverName = host
- }
- }
-
- hsCfg := &handshakeConfig{
- localPSKCallback: config.PSK,
- localPSKIdentityHint: config.PSKIdentityHint,
- localCiscoCompatCallback: config.CiscoCompat,
- localCipherSuites: cipherSuites,
- localSignatureSchemes: signatureSchemes,
- extendedMasterSecret: config.ExtendedMasterSecret,
- localSRTPProtectionProfiles: config.SRTPProtectionProfiles,
- serverName: serverName,
- clientAuth: config.ClientAuth,
- localCertificates: config.Certificates,
- insecureSkipVerify: config.InsecureSkipVerify,
- verifyPeerCertificate: config.VerifyPeerCertificate,
- rootCAs: config.RootCAs,
- clientCAs: config.ClientCAs,
- customCipherSuites: config.CustomCipherSuites,
- retransmitInterval: workerInterval,
- log: logger,
- initialEpoch: 0,
- keyLogWriter: config.KeyLogWriter,
- }
-
- var initialFlight flightVal
- var initialFSMState handshakeState
-
- if initialState != nil {
- if c.state.isClient {
- initialFlight = flight5
- } else {
- initialFlight = flight6
- }
- initialFSMState = handshakeFinished
-
- c.state = *initialState
- } else {
- if c.state.isClient {
- initialFlight = flight1
- } else {
- initialFlight = flight0
- }
- initialFSMState = handshakePreparing
- }
- // Do handshake
- if err := c.handshake(ctx, hsCfg, initialFlight, initialFSMState); err != nil {
- return nil, err
- }
-
- c.log.Trace("Handshake Completed")
-
- return c, nil
-}
-
-// Dial connects to the given network address and establishes a DTLS connection on top.
-// Connection handshake will timeout using ConnectContextMaker in the Config.
-// If you want to specify the timeout duration, use DialWithContext() instead.
-func Dial(network string, raddr *net.UDPAddr, config *Config) (*Conn, error) {
- ctx, cancel := config.connectContextMaker()
- defer cancel()
-
- return DialWithContext(ctx, network, raddr, config)
-}
-
-// Client establishes a DTLS connection over an existing connection.
-// Connection handshake will timeout using ConnectContextMaker in the Config.
-// If you want to specify the timeout duration, use ClientWithContext() instead.
-func Client(conn net.Conn, config *Config) (*Conn, error) {
- ctx, cancel := config.connectContextMaker()
- defer cancel()
-
- return ClientWithContext(ctx, conn, config)
-}
-
-// Server listens for incoming DTLS connections.
-// Connection handshake will timeout using ConnectContextMaker in the Config.
-// If you want to specify the timeout duration, use ServerWithContext() instead.
-func Server(conn net.Conn, config *Config) (*Conn, error) {
- ctx, cancel := config.connectContextMaker()
- defer cancel()
-
- return ServerWithContext(ctx, conn, config)
-}
-
-// DialWithContext connects to the given network address and establishes a DTLS connection on top.
-func DialWithContext(ctx context.Context, network string, raddr *net.UDPAddr, config *Config) (*Conn, error) {
- pConn, err := net.DialUDP(network, nil, raddr)
- if err != nil {
- return nil, err
- }
- return ClientWithContext(ctx, pConn, config)
-}
-
-// ClientWithContext establishes a DTLS connection over an existing connection.
-func ClientWithContext(ctx context.Context, conn net.Conn, config *Config) (*Conn, error) {
- switch {
- case config == nil:
- return nil, errNoConfigProvided
- case config.PSK != nil && config.PSKIdentityHint == nil:
- return nil, errPSKAndIdentityMustBeSetForClient
- }
-
- return createConn(ctx, conn, config, true, nil)
-}
-
-// ServerWithContext listens for incoming DTLS connections.
-func ServerWithContext(ctx context.Context, conn net.Conn, config *Config) (*Conn, error) {
- if config == nil {
- return nil, errNoConfigProvided
- }
-
- return createConn(ctx, conn, config, false, nil)
-}
-
-// Read reads data from the connection.
-func (c *Conn) Read(p []byte) (n int, err error) {
- if !c.isHandshakeCompletedSuccessfully() {
- return 0, errHandshakeInProgress
- }
-
- select {
- case <-c.readDeadline.Done():
- return 0, errDeadlineExceeded
- default:
- }
-
- for {
- select {
- case <-c.readDeadline.Done():
- return 0, errDeadlineExceeded
- case out, ok := <-c.decrypted:
- if !ok {
- return 0, io.EOF
- }
- switch val := out.(type) {
- case ([]byte):
- if len(p) < len(val) {
- return 0, errBufferTooSmall
- }
- copy(p, val)
- return len(val), nil
- case (error):
- return 0, val
- }
- }
- }
-}
-
-// Write writes len(p) bytes from p to the DTLS connection
-func (c *Conn) Write(p []byte) (int, error) {
- if c.isConnectionClosed() {
- return 0, ErrConnClosed
- }
-
- select {
- case <-c.writeDeadline.Done():
- return 0, errDeadlineExceeded
- default:
- }
-
- if !c.isHandshakeCompletedSuccessfully() {
- return 0, errHandshakeInProgress
- }
-
- return len(p), c.writePackets(c.writeDeadline, []*packet{
- {
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Epoch: c.getLocalEpoch(),
- Version: protocol.Version1_2,
- },
- Content: &protocol.ApplicationData{
- Data: p,
- },
- },
- shouldEncrypt: true,
- },
- })
-}
-
-// Close closes the connection.
-func (c *Conn) Close() error {
- err := c.close(true)
- c.handshakeLoopsFinished.Wait()
- return err
-}
-
-// ConnectionState returns basic DTLS details about the connection.
-// Note that this replaced the `Export` function of v1.
-func (c *Conn) ConnectionState() State {
- c.lock.RLock()
- defer c.lock.RUnlock()
- return *c.state.clone()
-}
-
-// SelectedSRTPProtectionProfile returns the selected SRTPProtectionProfile
-func (c *Conn) SelectedSRTPProtectionProfile() (SRTPProtectionProfile, bool) {
- c.lock.RLock()
- defer c.lock.RUnlock()
-
- if c.state.srtpProtectionProfile == 0 {
- return 0, false
- }
-
- return c.state.srtpProtectionProfile, true
-}
-
-func (c *Conn) writePackets(ctx context.Context, pkts []*packet) error {
- c.lock.Lock()
- defer c.lock.Unlock()
-
- var rawPackets [][]byte
-
- for _, p := range pkts {
- if h, ok := p.record.Content.(*handshake.Handshake); ok {
- handshakeRaw, err := p.record.Marshal()
- if err != nil {
- return err
- }
-
- c.log.Tracef("[handshake:%v] -> %s (epoch: %d, seq: %d)",
- srvCliStr(c.state.isClient), h.Header.Type.String(),
- p.record.Header.Epoch, h.Header.MessageSequence)
- c.handshakeCache.push(handshakeRaw[recordlayer.HeaderSize:], p.record.Header.Epoch, h.Header.MessageSequence, h.Header.Type, c.state.isClient)
-
- rawHandshakePackets, err := c.processHandshakePacket(p, h)
- if err != nil {
- return err
- }
- rawPackets = append(rawPackets, rawHandshakePackets...)
- } else {
- rawPacket, err := c.processPacket(p)
- if err != nil {
- return err
- }
- rawPackets = append(rawPackets, rawPacket)
- }
- }
- if len(rawPackets) == 0 {
- return nil
- }
- compactedRawPackets := c.compactRawPackets(rawPackets)
-
- for _, compactedRawPackets := range compactedRawPackets {
- if _, err := c.nextConn.WriteContext(ctx, compactedRawPackets); err != nil {
- return netError(err)
- }
- }
-
- return nil
-}
-
-func (c *Conn) compactRawPackets(rawPackets [][]byte) [][]byte {
- combinedRawPackets := make([][]byte, 0)
- currentCombinedRawPacket := make([]byte, 0)
-
- for _, rawPacket := range rawPackets {
- if len(currentCombinedRawPacket) > 0 && len(currentCombinedRawPacket)+len(rawPacket) >= c.maximumTransmissionUnit {
- combinedRawPackets = append(combinedRawPackets, currentCombinedRawPacket)
- currentCombinedRawPacket = []byte{}
- }
- currentCombinedRawPacket = append(currentCombinedRawPacket, rawPacket...)
- }
-
- combinedRawPackets = append(combinedRawPackets, currentCombinedRawPacket)
-
- return combinedRawPackets
-}
-
-func (c *Conn) processPacket(p *packet) ([]byte, error) {
- epoch := p.record.Header.Epoch
- for len(c.state.localSequenceNumber) <= int(epoch) {
- c.state.localSequenceNumber = append(c.state.localSequenceNumber, uint64(0))
- }
- seq := atomic.AddUint64(&c.state.localSequenceNumber[epoch], 1) - 1
- if seq > recordlayer.MaxSequenceNumber {
- // RFC 6347 Section 4.1.0
- // The implementation must either abandon an association or rehandshake
- // prior to allowing the sequence number to wrap.
- return nil, errSequenceNumberOverflow
- }
- p.record.Header.SequenceNumber = seq
-
- rawPacket, err := p.record.Marshal()
- if err != nil {
- return nil, err
- }
-
- if p.shouldEncrypt {
- var err error
- rawPacket, err = c.state.cipherSuite.Encrypt(p.record, rawPacket)
- if err != nil {
- return nil, err
- }
- }
-
- return rawPacket, nil
-}
-
-func (c *Conn) processHandshakePacket(p *packet, h *handshake.Handshake) ([][]byte, error) {
- rawPackets := make([][]byte, 0)
-
- handshakeFragments, err := c.fragmentHandshake(h)
- if err != nil {
- return nil, err
- }
- epoch := p.record.Header.Epoch
- for len(c.state.localSequenceNumber) <= int(epoch) {
- c.state.localSequenceNumber = append(c.state.localSequenceNumber, uint64(0))
- }
-
- for _, handshakeFragment := range handshakeFragments {
- seq := atomic.AddUint64(&c.state.localSequenceNumber[epoch], 1) - 1
- if seq > recordlayer.MaxSequenceNumber {
- return nil, errSequenceNumberOverflow
- }
-
- recordlayerHeader := &recordlayer.Header{
- Version: p.record.Header.Version,
- ContentType: p.record.Header.ContentType,
- ContentLen: uint16(len(handshakeFragment)),
- Epoch: p.record.Header.Epoch,
- SequenceNumber: seq,
- }
-
- recordlayerHeaderBytes, err := recordlayerHeader.Marshal()
- if err != nil {
- return nil, err
- }
-
- p.record.Header = *recordlayerHeader
-
- rawPacket := append(recordlayerHeaderBytes, handshakeFragment...)
- if p.shouldEncrypt {
- var err error
- rawPacket, err = c.state.cipherSuite.Encrypt(p.record, rawPacket)
- if err != nil {
- return nil, err
- }
- }
-
- rawPackets = append(rawPackets, rawPacket)
- }
-
- return rawPackets, nil
-}
-
-func (c *Conn) fragmentHandshake(h *handshake.Handshake) ([][]byte, error) {
- content, err := h.Message.Marshal()
- if err != nil {
- return nil, err
- }
-
- fragmentedHandshakes := make([][]byte, 0)
-
- contentFragments := splitBytes(content, c.maximumTransmissionUnit)
- if len(contentFragments) == 0 {
- contentFragments = [][]byte{
- {},
- }
- }
-
- offset := 0
- for _, contentFragment := range contentFragments {
- contentFragmentLen := len(contentFragment)
-
- headerFragment := &handshake.Header{
- Type: h.Header.Type,
- Length: h.Header.Length,
- MessageSequence: h.Header.MessageSequence,
- FragmentOffset: uint32(offset),
- FragmentLength: uint32(contentFragmentLen),
- }
-
- offset += contentFragmentLen
-
- headerFragmentRaw, err := headerFragment.Marshal()
- if err != nil {
- return nil, err
- }
-
- fragmentedHandshake := append(headerFragmentRaw, contentFragment...)
- fragmentedHandshakes = append(fragmentedHandshakes, fragmentedHandshake)
- }
-
- return fragmentedHandshakes, nil
-}
-
-var poolReadBuffer = sync.Pool{ //nolint:gochecknoglobals
- New: func() interface{} {
- b := make([]byte, inboundBufferSize)
- return &b
- },
-}
-
-func (c *Conn) readAndBuffer(ctx context.Context) error {
- bufptr := poolReadBuffer.Get().(*[]byte)
- defer poolReadBuffer.Put(bufptr)
-
- b := *bufptr
- i, err := c.nextConn.ReadContext(ctx, b)
- if err != nil {
- return netError(err)
- }
-
- pkts, err := recordlayer.UnpackDatagram(b[:i])
- if err != nil {
- return err
- }
-
- var hasHandshake bool
- for _, p := range pkts {
- hs, alert, err := c.handleIncomingPacket(p, true)
- if alert != nil {
- if alertErr := c.notify(ctx, alert.Level, alert.Description); alertErr != nil {
- if err == nil {
- err = alertErr
- }
- }
- }
- if hs {
- hasHandshake = true
- }
- switch e := err.(type) {
- case nil:
- case *errAlert:
- if e.IsFatalOrCloseNotify() {
- return e
- }
- default:
- return e
- }
- }
- if hasHandshake {
- done := make(chan struct{})
- select {
- case c.handshakeRecv <- done:
- // If the other party may retransmit the flight,
- // we should respond even if it not a new message.
- <-done
- case <-c.fsm.Done():
- }
- }
- return nil
-}
-
-func (c *Conn) handleQueuedPackets(ctx context.Context) error {
- pkts := c.encryptedPackets
- c.encryptedPackets = nil
-
- for _, p := range pkts {
- _, alert, err := c.handleIncomingPacket(p, false) // don't re-enqueue
- if alert != nil {
- if alertErr := c.notify(ctx, alert.Level, alert.Description); alertErr != nil {
- if err == nil {
- err = alertErr
- }
- }
- }
- switch e := err.(type) {
- case nil:
- case *errAlert:
- if e.IsFatalOrCloseNotify() {
- return e
- }
- default:
- return e
- }
- }
- return nil
-}
-
-func (c *Conn) handleIncomingPacket(buf []byte, enqueue bool) (bool, *alert.Alert, error) { //nolint:gocognit
- h := &recordlayer.Header{}
- if err := h.Unmarshal(buf); err != nil {
- // Decode error must be silently discarded
- // [RFC6347 Section-4.1.2.7]
- c.log.Debugf("discarded broken packet: %v", err)
- return false, nil, nil
- }
-
- // Validate epoch
- remoteEpoch := c.getRemoteEpoch()
- if h.Epoch > remoteEpoch {
- if h.Epoch > remoteEpoch+1 {
- c.log.Debugf("discarded future packet (epoch: %d, seq: %d)",
- h.Epoch, h.SequenceNumber,
- )
- return false, nil, nil
- }
- if enqueue {
- c.log.Debug("received packet of next epoch, queuing packet")
- c.encryptedPackets = append(c.encryptedPackets, buf)
- }
- return false, nil, nil
- }
-
- // Anti-replay protection
- for len(c.state.replayDetector) <= int(h.Epoch) {
- c.state.replayDetector = append(c.state.replayDetector,
- replaydetector.New(c.replayProtectionWindow, recordlayer.MaxSequenceNumber),
- )
- }
- markPacketAsValid, ok := c.state.replayDetector[int(h.Epoch)].Check(h.SequenceNumber)
- if !ok {
- c.log.Debugf("discarded duplicated packet (epoch: %d, seq: %d)",
- h.Epoch, h.SequenceNumber,
- )
- return false, nil, nil
- }
-
- // Decrypt
- if h.Epoch != 0 {
- if c.state.cipherSuite == nil || !c.state.cipherSuite.IsInitialized() {
- if enqueue {
- c.encryptedPackets = append(c.encryptedPackets, buf)
- c.log.Debug("handshake not finished, queuing packet")
- }
- return false, nil, nil
- }
-
- var err error
- buf, err = c.state.cipherSuite.Decrypt(buf)
- if err != nil {
- c.log.Debugf("%s: decrypt failed: %s", srvCliStr(c.state.isClient), err)
- return false, nil, nil
- }
- }
-
- isHandshake, err := c.fragmentBuffer.push(append([]byte{}, buf...))
- if err != nil {
- // Decode error must be silently discarded
- // [RFC6347 Section-4.1.2.7]
- c.log.Debugf("defragment failed: %s", err)
- return false, nil, nil
- } else if isHandshake {
- markPacketAsValid()
- for out, epoch := c.fragmentBuffer.pop(); out != nil; out, epoch = c.fragmentBuffer.pop() {
- rawHandshake := &handshake.Handshake{}
- if err := rawHandshake.Unmarshal(out); err != nil {
- c.log.Debugf("%s: handshake parse failed: %s", srvCliStr(c.state.isClient), err)
- continue
- }
-
- _ = c.handshakeCache.push(out, epoch, rawHandshake.Header.MessageSequence, rawHandshake.Header.Type, !c.state.isClient)
- }
-
- return true, nil, nil
- }
-
- r := &recordlayer.RecordLayer{}
- if err := r.Unmarshal(buf); err != nil {
- return false, &alert.Alert{Level: alert.Fatal, Description: alert.DecodeError}, err
- }
-
- switch content := r.Content.(type) {
- case *alert.Alert:
- c.log.Tracef("%s: <- %s", srvCliStr(c.state.isClient), content.String())
- var a *alert.Alert
- if content.Description == alert.CloseNotify {
- // Respond with a close_notify [RFC5246 Section 7.2.1]
- a = &alert.Alert{Level: alert.Warning, Description: alert.CloseNotify}
- }
- markPacketAsValid()
- return false, a, &errAlert{content}
- case *protocol.ChangeCipherSpec:
- if c.state.cipherSuite == nil || !c.state.cipherSuite.IsInitialized() {
- if enqueue {
- c.encryptedPackets = append(c.encryptedPackets, buf)
- c.log.Debugf("CipherSuite not initialized, queuing packet")
- }
- return false, nil, nil
- }
-
- newRemoteEpoch := h.Epoch + 1
- c.log.Tracef("%s: <- ChangeCipherSpec (epoch: %d)", srvCliStr(c.state.isClient), newRemoteEpoch)
-
- if c.getRemoteEpoch()+1 == newRemoteEpoch {
- c.setRemoteEpoch(newRemoteEpoch)
- markPacketAsValid()
- }
- case *protocol.ApplicationData:
- if h.Epoch == 0 {
- return false, &alert.Alert{Level: alert.Fatal, Description: alert.UnexpectedMessage}, errApplicationDataEpochZero
- }
-
- markPacketAsValid()
-
- select {
- case c.decrypted <- content.Data:
- case <-c.closed.Done():
- }
-
- default:
- return false, &alert.Alert{Level: alert.Fatal, Description: alert.UnexpectedMessage}, fmt.Errorf("%w: %d", errUnhandledContextType, content.ContentType())
- }
- return false, nil, nil
-}
-
-func (c *Conn) recvHandshake() <-chan chan struct{} {
- return c.handshakeRecv
-}
-
-func (c *Conn) notify(ctx context.Context, level alert.Level, desc alert.Description) error {
- return c.writePackets(ctx, []*packet{
- {
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Epoch: c.getLocalEpoch(),
- Version: protocol.Version1_2,
- },
- Content: &alert.Alert{
- Level: level,
- Description: desc,
- },
- },
- shouldEncrypt: c.isHandshakeCompletedSuccessfully(),
- },
- })
-}
-
-func (c *Conn) setHandshakeCompletedSuccessfully() {
- c.handshakeCompletedSuccessfully.Store(struct{ bool }{true})
-}
-
-func (c *Conn) isHandshakeCompletedSuccessfully() bool {
- boolean, _ := c.handshakeCompletedSuccessfully.Load().(struct{ bool })
- return boolean.bool
-}
-
-func (c *Conn) handshake(ctx context.Context, cfg *handshakeConfig, initialFlight flightVal, initialState handshakeState) error { //nolint:gocognit
- c.fsm = newHandshakeFSM(&c.state, c.handshakeCache, cfg, initialFlight)
-
- done := make(chan struct{})
- ctxRead, cancelRead := context.WithCancel(context.Background())
- c.cancelHandshakeReader = cancelRead
- cfg.onFlightState = func(f flightVal, s handshakeState) {
- if s == handshakeFinished && !c.isHandshakeCompletedSuccessfully() {
- c.setHandshakeCompletedSuccessfully()
- close(done)
- }
- }
-
- ctxHs, cancel := context.WithCancel(context.Background())
- c.cancelHandshaker = cancel
-
- firstErr := make(chan error, 1)
-
- c.handshakeLoopsFinished.Add(2)
-
- // Handshake routine should be live until close.
- // The other party may request retransmission of the last flight to cope with packet drop.
- go func() {
- defer c.handshakeLoopsFinished.Done()
- err := c.fsm.Run(ctxHs, c, initialState)
- if !errors.Is(err, context.Canceled) {
- select {
- case firstErr <- err:
- default:
- }
- }
- }()
- go func() {
- defer func() {
- // Escaping read loop.
- // It's safe to close decrypted channnel now.
- close(c.decrypted)
-
- // Force stop handshaker when the underlying connection is closed.
- cancel()
- }()
- defer c.handshakeLoopsFinished.Done()
- for {
- if err := c.readAndBuffer(ctxRead); err != nil {
- switch e := err.(type) {
- case *errAlert:
- if !e.IsFatalOrCloseNotify() {
- if c.isHandshakeCompletedSuccessfully() {
- // Pass the error to Read()
- select {
- case c.decrypted <- err:
- case <-c.closed.Done():
- }
- }
- continue // non-fatal alert must not stop read loop
- }
- case error:
- switch err {
- case context.DeadlineExceeded, context.Canceled, io.EOF:
- default:
- if c.isHandshakeCompletedSuccessfully() {
- // Keep read loop and pass the read error to Read()
- select {
- case c.decrypted <- err:
- case <-c.closed.Done():
- }
- continue // non-fatal alert must not stop read loop
- }
- }
- }
- select {
- case firstErr <- err:
- default:
- }
-
- if e, ok := err.(*errAlert); ok {
- if e.IsFatalOrCloseNotify() {
- _ = c.close(false)
- }
- }
- return
- }
- }
- }()
-
- select {
- case err := <-firstErr:
- cancelRead()
- cancel()
- return c.translateHandshakeCtxError(err)
- case <-ctx.Done():
- cancelRead()
- cancel()
- return c.translateHandshakeCtxError(ctx.Err())
- case <-done:
- return nil
- }
-}
-
-func (c *Conn) translateHandshakeCtxError(err error) error {
- if err == nil {
- return nil
- }
- if errors.Is(err, context.Canceled) && c.isHandshakeCompletedSuccessfully() {
- return nil
- }
- return &HandshakeError{Err: err}
-}
-
-func (c *Conn) close(byUser bool) error {
- c.cancelHandshaker()
- c.cancelHandshakeReader()
-
- if c.isHandshakeCompletedSuccessfully() && byUser {
- // Discard error from notify() to return non-error on the first user call of Close()
- // even if the underlying connection is already closed.
- _ = c.notify(context.Background(), alert.Warning, alert.CloseNotify)
- }
-
- c.closeLock.Lock()
- // Don't return ErrConnClosed at the first time of the call from user.
- closedByUser := c.connectionClosedByUser
- if byUser {
- c.connectionClosedByUser = true
- }
- c.closed.Close()
- c.closeLock.Unlock()
-
- if closedByUser {
- return ErrConnClosed
- }
-
- return c.nextConn.Close()
-}
-
-func (c *Conn) isConnectionClosed() bool {
- select {
- case <-c.closed.Done():
- return true
- default:
- return false
- }
-}
-
-func (c *Conn) setLocalEpoch(epoch uint16) {
- c.state.localEpoch.Store(epoch)
-}
-
-func (c *Conn) getLocalEpoch() uint16 {
- return c.state.localEpoch.Load().(uint16)
-}
-
-func (c *Conn) setRemoteEpoch(epoch uint16) {
- c.state.remoteEpoch.Store(epoch)
-}
-
-func (c *Conn) getRemoteEpoch() uint16 {
- return c.state.remoteEpoch.Load().(uint16)
-}
-
-// LocalAddr implements net.Conn.LocalAddr
-func (c *Conn) LocalAddr() net.Addr {
- return c.nextConn.LocalAddr()
-}
-
-// RemoteAddr implements net.Conn.RemoteAddr
-func (c *Conn) RemoteAddr() net.Addr {
- return c.nextConn.RemoteAddr()
-}
-
-// SetDeadline implements net.Conn.SetDeadline
-func (c *Conn) SetDeadline(t time.Time) error {
- c.readDeadline.Set(t)
- return c.SetWriteDeadline(t)
-}
-
-// SetReadDeadline implements net.Conn.SetReadDeadline
-func (c *Conn) SetReadDeadline(t time.Time) error {
- c.readDeadline.Set(t)
- // Read deadline is fully managed by this layer.
- // Don't set read deadline to underlying connection.
- return nil
-}
-
-// SetWriteDeadline implements net.Conn.SetWriteDeadline
-func (c *Conn) SetWriteDeadline(t time.Time) error {
- c.writeDeadline.Set(t)
- // Write deadline is also fully managed by this layer.
- return nil
-}
diff --git a/dtls-2.0.9/conn_go_test.go b/dtls-2.0.9/conn_go_test.go
deleted file mode 100644
index 17a1c62..0000000
--- a/dtls-2.0.9/conn_go_test.go
+++ /dev/null
@@ -1,169 +0,0 @@
-// +build !js
-
-package dtls
-
-import (
- "bytes"
- "context"
- "crypto/tls"
- "net"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/internal/net/dpipe"
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
- "github.com/pion/transport/test"
-)
-
-func TestContextConfig(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
-
- report := test.CheckRoutines(t)
- defer report()
-
- addrListen, err := net.ResolveUDPAddr("udp", "localhost:0")
- if err != nil {
- t.Fatalf("Unexpected error: %v", err)
- }
-
- // Dummy listener
- listen, err := net.ListenUDP("udp", addrListen)
- if err != nil {
- t.Fatalf("Unexpected error: %v", err)
- }
- defer func() {
- _ = listen.Close()
- }()
- addr := listen.LocalAddr().(*net.UDPAddr)
-
- cert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatalf("Unexpected error: %v", err)
- }
- config := &Config{
- ConnectContextMaker: func() (context.Context, func()) {
- return context.WithTimeout(context.Background(), 40*time.Millisecond)
- },
- Certificates: []tls.Certificate{cert},
- }
-
- dials := map[string]struct {
- f func() (func() (net.Conn, error), func())
- order []byte
- }{
- "Dial": {
- f: func() (func() (net.Conn, error), func()) {
- return func() (net.Conn, error) {
- return Dial("udp", addr, config)
- }, func() {
- }
- },
- order: []byte{0, 1, 2},
- },
- "DialWithContext": {
- f: func() (func() (net.Conn, error), func()) {
- ctx, cancel := context.WithTimeout(context.Background(), 80*time.Millisecond)
- return func() (net.Conn, error) {
- return DialWithContext(ctx, "udp", addr, config)
- }, func() {
- cancel()
- }
- },
- order: []byte{0, 2, 1},
- },
- "Client": {
- f: func() (func() (net.Conn, error), func()) {
- ca, _ := dpipe.Pipe()
- return func() (net.Conn, error) {
- return Client(ca, config)
- }, func() {
- _ = ca.Close()
- }
- },
- order: []byte{0, 1, 2},
- },
- "ClientWithContext": {
- f: func() (func() (net.Conn, error), func()) {
- ctx, cancel := context.WithTimeout(context.Background(), 80*time.Millisecond)
- ca, _ := dpipe.Pipe()
- return func() (net.Conn, error) {
- return ClientWithContext(ctx, ca, config)
- }, func() {
- cancel()
- _ = ca.Close()
- }
- },
- order: []byte{0, 2, 1},
- },
- "Server": {
- f: func() (func() (net.Conn, error), func()) {
- ca, _ := dpipe.Pipe()
- return func() (net.Conn, error) {
- return Server(ca, config)
- }, func() {
- _ = ca.Close()
- }
- },
- order: []byte{0, 1, 2},
- },
- "ServerWithContext": {
- f: func() (func() (net.Conn, error), func()) {
- ctx, cancel := context.WithTimeout(context.Background(), 80*time.Millisecond)
- ca, _ := dpipe.Pipe()
- return func() (net.Conn, error) {
- return ServerWithContext(ctx, ca, config)
- }, func() {
- cancel()
- _ = ca.Close()
- }
- },
- order: []byte{0, 2, 1},
- },
- }
-
- for name, dial := range dials {
- dial := dial
- t.Run(name, func(t *testing.T) {
- done := make(chan struct{})
-
- go func() {
- d, cancel := dial.f()
- conn, err := d()
- defer cancel()
- if netErr, ok := err.(net.Error); !ok || !netErr.Timeout() {
- t.Errorf("Client error exp(Temporary network error) failed(%v)", err)
- close(done)
- return
- }
- done <- struct{}{}
- if err == nil {
- _ = conn.Close()
- }
- }()
-
- var order []byte
- early := time.After(20 * time.Millisecond)
- late := time.After(60 * time.Millisecond)
- func() {
- for len(order) < 3 {
- select {
- case <-early:
- order = append(order, 0)
- case _, ok := <-done:
- if !ok {
- return
- }
- order = append(order, 1)
- case <-late:
- order = append(order, 2)
- }
- }
- }()
- if !bytes.Equal(dial.order, order) {
- t.Errorf("Invalid cancel timing, expected: %v, got: %v", dial.order, order)
- }
- })
- }
-}
diff --git a/dtls-2.0.9/conn_test.go b/dtls-2.0.9/conn_test.go
deleted file mode 100644
index b532926..0000000
--- a/dtls-2.0.9/conn_test.go
+++ /dev/null
@@ -1,2026 +0,0 @@
-package dtls
-
-import (
- "bytes"
- "context"
- "crypto/rand"
- "crypto/tls"
- "crypto/x509"
- "errors"
- "fmt"
- "io"
- "net"
- "sync"
- "sync/atomic"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/internal/ciphersuite"
- "github.com/pion/dtls/v2/internal/net/dpipe"
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
- "github.com/pion/transport/test"
-)
-
-var (
- errTestPSKInvalidIdentity = errors.New("TestPSK: Server got invalid identity")
- errPSKRejected = errors.New("PSK Rejected")
- errNotExpectedChain = errors.New("not expected chain")
- errExpecedChain = errors.New("expected chain")
- errWrongCert = errors.New("wrong cert")
-)
-
-func TestStressDuplex(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- // Run the test
- stressDuplex(t)
-}
-
-func stressDuplex(t *testing.T) {
- ca, cb, err := pipeMemory()
- if err != nil {
- t.Fatal(err)
- }
-
- defer func() {
- err = ca.Close()
- if err != nil {
- t.Fatal(err)
- }
- err = cb.Close()
- if err != nil {
- t.Fatal(err)
- }
- }()
-
- opt := test.Options{
- MsgSize: 2048,
- MsgCount: 100,
- }
-
- err = test.StressDuplex(ca, cb, opt)
- if err != nil {
- t.Fatal(err)
- }
-}
-
-func TestRoutineLeakOnClose(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(5 * time.Second)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- ca, cb, err := pipeMemory()
- if err != nil {
- t.Fatal(err)
- }
-
- if _, err := ca.Write(make([]byte, 100)); err != nil {
- t.Fatal(err)
- }
- if err := cb.Close(); err != nil {
- t.Fatal(err)
- }
- if err := ca.Close(); err != nil {
- t.Fatal(err)
- }
- // Packet is sent, but not read.
- // inboundLoop routine should not be leaked.
-}
-
-func TestReadWriteDeadline(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(5 * time.Second)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- ca, cb, err := pipeMemory()
- if err != nil {
- t.Fatal(err)
- }
-
- if err := ca.SetDeadline(time.Unix(0, 1)); err != nil {
- t.Fatal(err)
- }
- _, werr := ca.Write(make([]byte, 100))
- if e, ok := werr.(net.Error); ok {
- if !e.Timeout() {
- t.Error("Deadline exceeded Write must return Timeout error")
- }
- if !e.Temporary() {
- t.Error("Deadline exceeded Write must return Temporary error")
- }
- } else {
- t.Error("Write must return net.Error error")
- }
- _, rerr := ca.Read(make([]byte, 100))
- if e, ok := rerr.(net.Error); ok {
- if !e.Timeout() {
- t.Error("Deadline exceeded Read must return Timeout error")
- }
- if !e.Temporary() {
- t.Error("Deadline exceeded Read must return Temporary error")
- }
- } else {
- t.Error("Read must return net.Error error")
- }
- if err := ca.SetDeadline(time.Time{}); err != nil {
- t.Error(err)
- }
-
- if err := ca.Close(); err != nil {
- t.Error(err)
- }
- if err := cb.Close(); err != nil {
- t.Error(err)
- }
-
- if _, err := ca.Write(make([]byte, 100)); !errors.Is(err, ErrConnClosed) {
- t.Errorf("Write must return %v after close, got %v", ErrConnClosed, err)
- }
- if _, err := ca.Read(make([]byte, 100)); !errors.Is(err, io.EOF) {
- t.Errorf("Read must return %v after close, got %v", io.EOF, err)
- }
-}
-
-func TestSequenceNumberOverflow(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(5 * time.Second)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- t.Run("ApplicationData", func(t *testing.T) {
- ca, cb, err := pipeMemory()
- if err != nil {
- t.Fatal(err)
- }
-
- atomic.StoreUint64(&ca.state.localSequenceNumber[1], recordlayer.MaxSequenceNumber)
- if _, werr := ca.Write(make([]byte, 100)); werr != nil {
- t.Errorf("Write must send message with maximum sequence number, but errord: %v", werr)
- }
- if _, werr := ca.Write(make([]byte, 100)); !errors.Is(werr, errSequenceNumberOverflow) {
- t.Errorf("Write must abandonsend message with maximum sequence number, but errord: %v", werr)
- }
-
- if err := ca.Close(); err != nil {
- t.Error(err)
- }
- if err := cb.Close(); err != nil {
- t.Error(err)
- }
- })
- t.Run("Handshake", func(t *testing.T) {
- ca, cb, err := pipeMemory()
- if err != nil {
- t.Fatal(err)
- }
-
- ctx, cancel := context.WithTimeout(context.Background(), time.Second)
- defer cancel()
-
- atomic.StoreUint64(&ca.state.localSequenceNumber[0], recordlayer.MaxSequenceNumber+1)
-
- // Try to send handshake packet.
- if werr := ca.writePackets(ctx, []*packet{
- {
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageClientHello{
- Version: protocol.Version1_2,
- Cookie: make([]byte, 64),
- CipherSuiteIDs: cipherSuiteIDs(defaultCipherSuites()),
- CompressionMethods: defaultCompressionMethods(),
- },
- },
- },
- },
- }); !errors.Is(werr, errSequenceNumberOverflow) {
- t.Errorf("Connection must fail on handshake packet reaches maximum sequence number")
- }
-
- if err := ca.Close(); err != nil {
- t.Error(err)
- }
- if err := cb.Close(); err != nil {
- t.Error(err)
- }
- })
-}
-
-func pipeMemory() (*Conn, *Conn, error) {
- // In memory pipe
- ca, cb := dpipe.Pipe()
- return pipeConn(ca, cb)
-}
-
-func pipeConn(ca, cb net.Conn) (*Conn, *Conn, error) {
- type result struct {
- c *Conn
- err error
- }
-
- c := make(chan result)
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- // Setup client
- go func() {
- client, err := testClient(ctx, ca, &Config{SRTPProtectionProfiles: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80}}, true)
- c <- result{client, err}
- }()
-
- // Setup server
- server, err := testServer(ctx, cb, &Config{SRTPProtectionProfiles: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80}}, true)
- if err != nil {
- return nil, nil, err
- }
-
- // Receive client
- res := <-c
- if res.err != nil {
- return nil, nil, res.err
- }
-
- return res.c, server, nil
-}
-
-func testClient(ctx context.Context, c net.Conn, cfg *Config, generateCertificate bool) (*Conn, error) {
- if generateCertificate {
- clientCert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- return nil, err
- }
- cfg.Certificates = []tls.Certificate{clientCert}
- }
- cfg.InsecureSkipVerify = true
- return ClientWithContext(ctx, c, cfg)
-}
-
-func testServer(ctx context.Context, c net.Conn, cfg *Config, generateCertificate bool) (*Conn, error) {
- if generateCertificate {
- serverCert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- return nil, err
- }
- cfg.Certificates = []tls.Certificate{serverCert}
- }
- return ServerWithContext(ctx, c, cfg)
-}
-
-func TestHandshakeWithAlert(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- cases := map[string]struct {
- configServer, configClient *Config
- errServer, errClient error
- }{
- "CipherSuiteNoIntersection": {
- configServer: &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- },
- configClient: &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
- },
- errServer: errCipherSuiteNoIntersection,
- errClient: &errAlert{&alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}},
- },
- "SignatureSchemesNoIntersection": {
- configServer: &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- SignatureSchemes: []tls.SignatureScheme{tls.ECDSAWithP256AndSHA256},
- },
- configClient: &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- SignatureSchemes: []tls.SignatureScheme{tls.ECDSAWithP521AndSHA512},
- },
- errServer: &errAlert{&alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}},
- errClient: errNoAvailableSignatureSchemes,
- },
- }
-
- for name, testCase := range cases {
- testCase := testCase
- t.Run(name, func(t *testing.T) {
- clientErr := make(chan error, 1)
-
- ca, cb := dpipe.Pipe()
- go func() {
- _, err := testClient(ctx, ca, testCase.configClient, true)
- clientErr <- err
- }()
-
- _, errServer := testServer(ctx, cb, testCase.configServer, true)
- if !errors.Is(errServer, testCase.errServer) {
- t.Fatalf("Server error exp(%v) failed(%v)", testCase.errServer, errServer)
- }
-
- errClient := <-clientErr
- if !errors.Is(errClient, testCase.errClient) {
- t.Fatalf("Client error exp(%v) failed(%v)", testCase.errClient, errClient)
- }
- })
- }
-}
-
-func TestExportKeyingMaterial(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- var rand [28]byte
- exportLabel := "EXTRACTOR-dtls_srtp"
-
- expectedServerKey := []byte{0x61, 0x09, 0x9d, 0x7d, 0xcb, 0x08, 0x52, 0x2c, 0xe7, 0x7b}
- expectedClientKey := []byte{0x87, 0xf0, 0x40, 0x02, 0xf6, 0x1c, 0xf1, 0xfe, 0x8c, 0x77}
-
- c := &Conn{
- state: State{
- localRandom: handshake.Random{GMTUnixTime: time.Unix(500, 0), RandomBytes: rand},
- remoteRandom: handshake.Random{GMTUnixTime: time.Unix(1000, 0), RandomBytes: rand},
- localSequenceNumber: []uint64{0, 0},
- cipherSuite: &ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256{},
- },
- }
- c.setLocalEpoch(0)
- c.setRemoteEpoch(0)
-
- state := c.ConnectionState()
- _, err := state.ExportKeyingMaterial(exportLabel, nil, 0)
- if !errors.Is(err, errHandshakeInProgress) {
- t.Errorf("ExportKeyingMaterial when epoch == 0: expected '%s' actual '%s'", errHandshakeInProgress, err)
- }
-
- c.setLocalEpoch(1)
- state = c.ConnectionState()
- _, err = state.ExportKeyingMaterial(exportLabel, []byte{0x00}, 0)
- if !errors.Is(err, errContextUnsupported) {
- t.Errorf("ExportKeyingMaterial with context: expected '%s' actual '%s'", errContextUnsupported, err)
- }
-
- for k := range invalidKeyingLabels() {
- state = c.ConnectionState()
- _, err = state.ExportKeyingMaterial(k, nil, 0)
- if !errors.Is(err, errReservedExportKeyingMaterial) {
- t.Errorf("ExportKeyingMaterial reserved label: expected '%s' actual '%s'", errReservedExportKeyingMaterial, err)
- }
- }
-
- state = c.ConnectionState()
- keyingMaterial, err := state.ExportKeyingMaterial(exportLabel, nil, 10)
- if err != nil {
- t.Errorf("ExportKeyingMaterial as server: unexpected error '%s'", err)
- } else if !bytes.Equal(keyingMaterial, expectedServerKey) {
- t.Errorf("ExportKeyingMaterial client export: expected (% 02x) actual (% 02x)", expectedServerKey, keyingMaterial)
- }
-
- c.state.isClient = true
- state = c.ConnectionState()
- keyingMaterial, err = state.ExportKeyingMaterial(exportLabel, nil, 10)
- if err != nil {
- t.Errorf("ExportKeyingMaterial as server: unexpected error '%s'", err)
- } else if !bytes.Equal(keyingMaterial, expectedClientKey) {
- t.Errorf("ExportKeyingMaterial client export: expected (% 02x) actual (% 02x)", expectedClientKey, keyingMaterial)
- }
-}
-
-func TestPSK(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- for _, test := range []struct {
- Name string
- ServerIdentity []byte
- CipherSuites []CipherSuiteID
- }{
- {
- Name: "Server identity specified",
- ServerIdentity: []byte("Test Identity"),
- CipherSuites: []CipherSuiteID{TLS_PSK_WITH_AES_128_CCM_8},
- },
- {
- Name: "Server identity nil",
- ServerIdentity: nil,
- CipherSuites: []CipherSuiteID{TLS_PSK_WITH_AES_128_CCM_8},
- },
- {
- Name: "TLS_PSK_WITH_AES_128_CBC_SHA256",
- ServerIdentity: nil,
- CipherSuites: []CipherSuiteID{TLS_PSK_WITH_AES_128_CBC_SHA256},
- },
- } {
- test := test
- t.Run(test.Name, func(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- clientIdentity := []byte("Client Identity")
- type result struct {
- c *Conn
- err error
- }
- clientRes := make(chan result, 1)
-
- ca, cb := dpipe.Pipe()
- go func() {
- conf := &Config{
- PSK: func(hint []byte) ([]byte, error) {
- if !bytes.Equal(test.ServerIdentity, hint) { // nolint
- return nil, fmt.Errorf("TestPSK: Client got invalid identity expected(% 02x) actual(% 02x)", test.ServerIdentity, hint) // nolint
- }
-
- return []byte{0xAB, 0xC1, 0x23}, nil
- },
- PSKIdentityHint: clientIdentity,
- CipherSuites: test.CipherSuites,
- }
-
- c, err := testClient(ctx, ca, conf, false)
- clientRes <- result{c, err}
- }()
-
- config := &Config{
- PSK: func(hint []byte) ([]byte, error) {
- if !bytes.Equal(clientIdentity, hint) {
- return nil, fmt.Errorf("%w: expected(% 02x) actual(% 02x)", errTestPSKInvalidIdentity, clientIdentity, hint)
- }
- return []byte{0xAB, 0xC1, 0x23}, nil
- },
- PSKIdentityHint: test.ServerIdentity,
- CipherSuites: test.CipherSuites,
- }
-
- server, err := testServer(ctx, cb, config, false)
- if err != nil {
- t.Fatalf("TestPSK: Server failed(%v)", err)
- }
-
- actualPSKIdentityHint := server.ConnectionState().IdentityHint
- if !bytes.Equal(actualPSKIdentityHint, clientIdentity) {
- t.Errorf("TestPSK: Server ClientPSKIdentity Mismatch '%s': expected(%v) actual(%v)", test.Name, clientIdentity, actualPSKIdentityHint)
- }
-
- defer func() {
- _ = server.Close()
- }()
-
- res := <-clientRes
- if res.err != nil {
- t.Fatal(res.err)
- }
- _ = res.c.Close()
- })
- }
-}
-
-func TestPSKHintFail(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- serverAlertError := &errAlert{&alert.Alert{Level: alert.Fatal, Description: alert.InternalError}}
- pskRejected := errPSKRejected
-
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- clientErr := make(chan error, 1)
-
- ca, cb := dpipe.Pipe()
- go func() {
- conf := &Config{
- PSK: func(hint []byte) ([]byte, error) {
- return nil, pskRejected
- },
- PSKIdentityHint: []byte{},
- CipherSuites: []CipherSuiteID{TLS_PSK_WITH_AES_128_CCM_8},
- }
-
- _, err := testClient(ctx, ca, conf, false)
- clientErr <- err
- }()
-
- config := &Config{
- PSK: func(hint []byte) ([]byte, error) {
- return nil, pskRejected
- },
- PSKIdentityHint: []byte{},
- CipherSuites: []CipherSuiteID{TLS_PSK_WITH_AES_128_CCM_8},
- }
-
- if _, err := testServer(ctx, cb, config, false); !errors.Is(err, serverAlertError) {
- t.Fatalf("TestPSK: Server error exp(%v) failed(%v)", serverAlertError, err)
- }
-
- if err := <-clientErr; !errors.Is(err, pskRejected) {
- t.Fatalf("TestPSK: Client error exp(%v) failed(%v)", pskRejected, err)
- }
-}
-
-func TestClientTimeout(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- ctx, cancel := context.WithTimeout(context.Background(), time.Second)
- defer cancel()
-
- clientErr := make(chan error, 1)
-
- ca, _ := dpipe.Pipe()
- go func() {
- conf := &Config{}
-
- c, err := testClient(ctx, ca, conf, true)
- if err == nil {
- _ = c.Close()
- }
- clientErr <- err
- }()
-
- // no server!
- err := <-clientErr
- if netErr, ok := err.(net.Error); !ok || !netErr.Timeout() {
- t.Fatalf("Client error exp(Temporary network error) failed(%v)", err)
- }
-}
-
-func TestSRTPConfiguration(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- for _, test := range []struct {
- Name string
- ClientSRTP []SRTPProtectionProfile
- ServerSRTP []SRTPProtectionProfile
- ExpectedProfile SRTPProtectionProfile
- WantClientError error
- WantServerError error
- }{
- {
- Name: "No SRTP in use",
- ClientSRTP: nil,
- ServerSRTP: nil,
- ExpectedProfile: 0,
- WantClientError: nil,
- WantServerError: nil,
- },
- {
- Name: "SRTP both ends",
- ClientSRTP: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80},
- ServerSRTP: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80},
- ExpectedProfile: SRTP_AES128_CM_HMAC_SHA1_80,
- WantClientError: nil,
- WantServerError: nil,
- },
- {
- Name: "SRTP client only",
- ClientSRTP: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80},
- ServerSRTP: nil,
- ExpectedProfile: 0,
- WantClientError: &errAlert{&alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}},
- WantServerError: errServerNoMatchingSRTPProfile,
- },
- {
- Name: "SRTP server only",
- ClientSRTP: nil,
- ServerSRTP: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80},
- ExpectedProfile: 0,
- WantClientError: nil,
- WantServerError: nil,
- },
- {
- Name: "Multiple Suites",
- ClientSRTP: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32},
- ServerSRTP: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32},
- ExpectedProfile: SRTP_AES128_CM_HMAC_SHA1_80,
- WantClientError: nil,
- WantServerError: nil,
- },
- {
- Name: "Multiple Suites, Client Chooses",
- ClientSRTP: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32},
- ServerSRTP: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_32, SRTP_AES128_CM_HMAC_SHA1_80},
- ExpectedProfile: SRTP_AES128_CM_HMAC_SHA1_80,
- WantClientError: nil,
- WantServerError: nil,
- },
- } {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- ca, cb := dpipe.Pipe()
- type result struct {
- c *Conn
- err error
- }
- c := make(chan result)
-
- go func() {
- client, err := testClient(ctx, ca, &Config{SRTPProtectionProfiles: test.ClientSRTP}, true)
- c <- result{client, err}
- }()
-
- server, err := testServer(ctx, cb, &Config{SRTPProtectionProfiles: test.ServerSRTP}, true)
- if !errors.Is(err, test.WantServerError) {
- t.Errorf("TestSRTPConfiguration: Server Error Mismatch '%s': expected(%v) actual(%v)", test.Name, test.WantServerError, err)
- }
- if err == nil {
- defer func() {
- _ = server.Close()
- }()
- }
-
- res := <-c
- if res.err == nil {
- defer func() {
- _ = res.c.Close()
- }()
- }
- if !errors.Is(res.err, test.WantClientError) {
- t.Fatalf("TestSRTPConfiguration: Client Error Mismatch '%s': expected(%v) actual(%v)", test.Name, test.WantClientError, res.err)
- }
- if res.c == nil {
- return
- }
-
- actualClientSRTP, _ := res.c.SelectedSRTPProtectionProfile()
- if actualClientSRTP != test.ExpectedProfile {
- t.Errorf("TestSRTPConfiguration: Client SRTPProtectionProfile Mismatch '%s': expected(%v) actual(%v)", test.Name, test.ExpectedProfile, actualClientSRTP)
- }
-
- actualServerSRTP, _ := server.SelectedSRTPProtectionProfile()
- if actualServerSRTP != test.ExpectedProfile {
- t.Errorf("TestSRTPConfiguration: Server SRTPProtectionProfile Mismatch '%s': expected(%v) actual(%v)", test.Name, test.ExpectedProfile, actualServerSRTP)
- }
- }
-}
-
-func TestClientCertificate(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- srvCert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
- srvCAPool := x509.NewCertPool()
- srvCertificate, err := x509.ParseCertificate(srvCert.Certificate[0])
- if err != nil {
- t.Fatal(err)
- }
- srvCAPool.AddCert(srvCertificate)
-
- cert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
- certificate, err := x509.ParseCertificate(cert.Certificate[0])
- if err != nil {
- t.Fatal(err)
- }
- caPool := x509.NewCertPool()
- caPool.AddCert(certificate)
-
- t.Run("parallel", func(t *testing.T) { // sync routines to check routine leak
- tests := map[string]struct {
- clientCfg *Config
- serverCfg *Config
- wantErr bool
- }{
- "NoClientCert": {
- clientCfg: &Config{RootCAs: srvCAPool},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: NoClientCert,
- ClientCAs: caPool,
- },
- },
- "NoClientCert_cert": {
- clientCfg: &Config{RootCAs: srvCAPool, Certificates: []tls.Certificate{cert}},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: RequireAnyClientCert,
- },
- },
- "RequestClientCert_cert": {
- clientCfg: &Config{RootCAs: srvCAPool, Certificates: []tls.Certificate{cert}},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: RequestClientCert,
- },
- },
- "RequestClientCert_no_cert": {
- clientCfg: &Config{RootCAs: srvCAPool},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: RequestClientCert,
- ClientCAs: caPool,
- },
- },
- "RequireAnyClientCert": {
- clientCfg: &Config{RootCAs: srvCAPool, Certificates: []tls.Certificate{cert}},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: RequireAnyClientCert,
- },
- },
- "RequireAnyClientCert_error": {
- clientCfg: &Config{RootCAs: srvCAPool},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: RequireAnyClientCert,
- },
- wantErr: true,
- },
- "VerifyClientCertIfGiven_no_cert": {
- clientCfg: &Config{RootCAs: srvCAPool},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: VerifyClientCertIfGiven,
- ClientCAs: caPool,
- },
- },
- "VerifyClientCertIfGiven_cert": {
- clientCfg: &Config{RootCAs: srvCAPool, Certificates: []tls.Certificate{cert}},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: VerifyClientCertIfGiven,
- ClientCAs: caPool,
- },
- },
- "VerifyClientCertIfGiven_error": {
- clientCfg: &Config{RootCAs: srvCAPool, Certificates: []tls.Certificate{cert}},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: VerifyClientCertIfGiven,
- },
- wantErr: true,
- },
- "RequireAndVerifyClientCert": {
- clientCfg: &Config{RootCAs: srvCAPool, Certificates: []tls.Certificate{cert}},
- serverCfg: &Config{
- Certificates: []tls.Certificate{srvCert},
- ClientAuth: RequireAndVerifyClientCert,
- ClientCAs: caPool,
- },
- },
- }
- for name, tt := range tests {
- tt := tt
- t.Run(name, func(t *testing.T) {
- t.Parallel()
-
- ca, cb := dpipe.Pipe()
- type result struct {
- c *Conn
- err error
- }
- c := make(chan result)
-
- go func() {
- client, err := Client(ca, tt.clientCfg)
- c <- result{client, err}
- }()
-
- server, err := Server(cb, tt.serverCfg)
- res := <-c
- defer func() {
- if err == nil {
- _ = server.Close()
- }
- if res.err == nil {
- _ = res.c.Close()
- }
- }()
-
- if tt.wantErr {
- if err != nil {
- // Error expected, test succeeded
- return
- }
- t.Error("Error expected")
- }
- if err != nil {
- t.Errorf("Server failed(%v)", err)
- }
-
- if res.err != nil {
- t.Errorf("Client failed(%v)", res.err)
- }
-
- actualClientCert := server.ConnectionState().PeerCertificates
- if tt.serverCfg.ClientAuth == RequireAnyClientCert || tt.serverCfg.ClientAuth == RequireAndVerifyClientCert {
- if actualClientCert == nil {
- t.Errorf("Client did not provide a certificate")
- }
-
- if len(actualClientCert) != len(tt.clientCfg.Certificates[0].Certificate) || !bytes.Equal(tt.clientCfg.Certificates[0].Certificate[0], actualClientCert[0]) {
- t.Errorf("Client certificate was not communicated correctly")
- }
- }
- if tt.serverCfg.ClientAuth == NoClientCert {
- if actualClientCert != nil {
- t.Errorf("Client certificate wasn't expected")
- }
- }
-
- actualServerCert := res.c.ConnectionState().PeerCertificates
- if actualServerCert == nil {
- t.Errorf("Server did not provide a certificate")
- }
-
- if len(actualServerCert) != len(tt.serverCfg.Certificates[0].Certificate) || !bytes.Equal(tt.serverCfg.Certificates[0].Certificate[0], actualServerCert[0]) {
- t.Errorf("Server certificate was not communicated correctly")
- }
- })
- }
- })
-}
-
-func TestExtendedMasterSecret(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- tests := map[string]struct {
- clientCfg *Config
- serverCfg *Config
- expectedClientErr error
- expectedServerErr error
- }{
- "Request_Request_ExtendedMasterSecret": {
- clientCfg: &Config{
- ExtendedMasterSecret: RequestExtendedMasterSecret,
- },
- serverCfg: &Config{
- ExtendedMasterSecret: RequestExtendedMasterSecret,
- },
- expectedClientErr: nil,
- expectedServerErr: nil,
- },
- "Request_Require_ExtendedMasterSecret": {
- clientCfg: &Config{
- ExtendedMasterSecret: RequestExtendedMasterSecret,
- },
- serverCfg: &Config{
- ExtendedMasterSecret: RequireExtendedMasterSecret,
- },
- expectedClientErr: nil,
- expectedServerErr: nil,
- },
- "Request_Disable_ExtendedMasterSecret": {
- clientCfg: &Config{
- ExtendedMasterSecret: RequestExtendedMasterSecret,
- },
- serverCfg: &Config{
- ExtendedMasterSecret: DisableExtendedMasterSecret,
- },
- expectedClientErr: nil,
- expectedServerErr: nil,
- },
- "Require_Request_ExtendedMasterSecret": {
- clientCfg: &Config{
- ExtendedMasterSecret: RequireExtendedMasterSecret,
- },
- serverCfg: &Config{
- ExtendedMasterSecret: RequestExtendedMasterSecret,
- },
- expectedClientErr: nil,
- expectedServerErr: nil,
- },
- "Require_Require_ExtendedMasterSecret": {
- clientCfg: &Config{
- ExtendedMasterSecret: RequireExtendedMasterSecret,
- },
- serverCfg: &Config{
- ExtendedMasterSecret: RequireExtendedMasterSecret,
- },
- expectedClientErr: nil,
- expectedServerErr: nil,
- },
- "Require_Disable_ExtendedMasterSecret": {
- clientCfg: &Config{
- ExtendedMasterSecret: RequireExtendedMasterSecret,
- },
- serverCfg: &Config{
- ExtendedMasterSecret: DisableExtendedMasterSecret,
- },
- expectedClientErr: errClientRequiredButNoServerEMS,
- expectedServerErr: &errAlert{&alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}},
- },
- "Disable_Request_ExtendedMasterSecret": {
- clientCfg: &Config{
- ExtendedMasterSecret: DisableExtendedMasterSecret,
- },
- serverCfg: &Config{
- ExtendedMasterSecret: RequestExtendedMasterSecret,
- },
- expectedClientErr: nil,
- expectedServerErr: nil,
- },
- "Disable_Require_ExtendedMasterSecret": {
- clientCfg: &Config{
- ExtendedMasterSecret: DisableExtendedMasterSecret,
- },
- serverCfg: &Config{
- ExtendedMasterSecret: RequireExtendedMasterSecret,
- },
- expectedClientErr: &errAlert{&alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}},
- expectedServerErr: errServerRequiredButNoClientEMS,
- },
- "Disable_Disable_ExtendedMasterSecret": {
- clientCfg: &Config{
- ExtendedMasterSecret: DisableExtendedMasterSecret,
- },
- serverCfg: &Config{
- ExtendedMasterSecret: DisableExtendedMasterSecret,
- },
- expectedClientErr: nil,
- expectedServerErr: nil,
- },
- }
- for name, tt := range tests {
- tt := tt
- t.Run(name, func(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- ca, cb := dpipe.Pipe()
- type result struct {
- c *Conn
- err error
- }
- c := make(chan result)
-
- go func() {
- client, err := testClient(ctx, ca, tt.clientCfg, true)
- c <- result{client, err}
- }()
-
- server, err := testServer(ctx, cb, tt.serverCfg, true)
- res := <-c
- defer func() {
- if err == nil {
- _ = server.Close()
- }
- if res.err == nil {
- _ = res.c.Close()
- }
- }()
-
- if !errors.Is(res.err, tt.expectedClientErr) {
- t.Errorf("Client error expected: \"%v\" but got \"%v\"", tt.expectedClientErr, res.err)
- }
-
- if !errors.Is(err, tt.expectedServerErr) {
- t.Errorf("Server error expected: \"%v\" but got \"%v\"", tt.expectedServerErr, err)
- }
- })
- }
-}
-
-func TestServerCertificate(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- cert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
- certificate, err := x509.ParseCertificate(cert.Certificate[0])
- if err != nil {
- t.Fatal(err)
- }
- caPool := x509.NewCertPool()
- caPool.AddCert(certificate)
-
- t.Run("parallel", func(t *testing.T) { // sync routines to check routine leak
- tests := map[string]struct {
- clientCfg *Config
- serverCfg *Config
- wantErr bool
- }{
- "no_ca": {
- clientCfg: &Config{},
- serverCfg: &Config{Certificates: []tls.Certificate{cert}, ClientAuth: NoClientCert},
- wantErr: true,
- },
- "good_ca": {
- clientCfg: &Config{RootCAs: caPool},
- serverCfg: &Config{Certificates: []tls.Certificate{cert}, ClientAuth: NoClientCert},
- },
- "no_ca_skip_verify": {
- clientCfg: &Config{InsecureSkipVerify: true},
- serverCfg: &Config{Certificates: []tls.Certificate{cert}, ClientAuth: NoClientCert},
- },
- "good_ca_skip_verify_custom_verify_peer": {
- clientCfg: &Config{RootCAs: caPool, Certificates: []tls.Certificate{cert}},
- serverCfg: &Config{Certificates: []tls.Certificate{cert}, ClientAuth: RequireAnyClientCert, VerifyPeerCertificate: func(cert [][]byte, chain [][]*x509.Certificate) error {
- if len(chain) != 0 {
- return errNotExpectedChain
- }
- return nil
- }},
- },
- "good_ca_verify_custom_verify_peer": {
- clientCfg: &Config{RootCAs: caPool, Certificates: []tls.Certificate{cert}},
- serverCfg: &Config{ClientCAs: caPool, Certificates: []tls.Certificate{cert}, ClientAuth: RequireAndVerifyClientCert, VerifyPeerCertificate: func(cert [][]byte, chain [][]*x509.Certificate) error {
- if len(chain) == 0 {
- return errExpecedChain
- }
- return nil
- }},
- },
- "good_ca_custom_verify_peer": {
- clientCfg: &Config{
- RootCAs: caPool,
- VerifyPeerCertificate: func([][]byte, [][]*x509.Certificate) error {
- return errWrongCert
- },
- },
- serverCfg: &Config{Certificates: []tls.Certificate{cert}, ClientAuth: NoClientCert},
- wantErr: true,
- },
- "server_name": {
- clientCfg: &Config{RootCAs: caPool, ServerName: certificate.Subject.CommonName},
- serverCfg: &Config{Certificates: []tls.Certificate{cert}, ClientAuth: NoClientCert},
- },
- "server_name_error": {
- clientCfg: &Config{RootCAs: caPool, ServerName: "barfoo"},
- serverCfg: &Config{Certificates: []tls.Certificate{cert}, ClientAuth: NoClientCert},
- wantErr: true,
- },
- }
- for name, tt := range tests {
- tt := tt
- t.Run(name, func(t *testing.T) {
- t.Parallel()
-
- ca, cb := dpipe.Pipe()
-
- type result struct {
- c *Conn
- err error
- }
- srvCh := make(chan result)
- go func() {
- s, err := Server(cb, tt.serverCfg)
- srvCh <- result{s, err}
- }()
-
- cli, err := Client(ca, tt.clientCfg)
- if err == nil {
- _ = cli.Close()
- }
- if !tt.wantErr && err != nil {
- t.Errorf("Client failed(%v)", err)
- }
- if tt.wantErr && err == nil {
- t.Fatal("Error expected")
- }
-
- srv := <-srvCh
- if srv.err == nil {
- _ = srv.c.Close()
- }
- })
- }
- })
-}
-
-func TestCipherSuiteConfiguration(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- for _, test := range []struct {
- Name string
- ClientCipherSuites []CipherSuiteID
- ServerCipherSuites []CipherSuiteID
- WantClientError error
- WantServerError error
- WantSelectedCipherSuite CipherSuiteID
- }{
- {
- Name: "No CipherSuites specified",
- ClientCipherSuites: nil,
- ServerCipherSuites: nil,
- WantClientError: nil,
- WantServerError: nil,
- },
- {
- Name: "Invalid CipherSuite",
- ClientCipherSuites: []CipherSuiteID{0x00},
- ServerCipherSuites: []CipherSuiteID{0x00},
- WantClientError: &invalidCipherSuite{0x00},
- WantServerError: &invalidCipherSuite{0x00},
- },
- {
- Name: "Valid CipherSuites specified",
- ClientCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- ServerCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- WantClientError: nil,
- WantServerError: nil,
- WantSelectedCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- },
- {
- Name: "CipherSuites mismatch",
- ClientCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- ServerCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
- WantClientError: &errAlert{&alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}},
- WantServerError: errCipherSuiteNoIntersection,
- },
- {
- Name: "Valid CipherSuites CCM specified",
- ClientCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_CCM},
- ServerCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_CCM},
- WantClientError: nil,
- WantServerError: nil,
- WantSelectedCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
- },
- {
- Name: "Valid CipherSuites CCM-8 specified",
- ClientCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8},
- ServerCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8},
- WantClientError: nil,
- WantServerError: nil,
- WantSelectedCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
- },
- {
- Name: "Server supports subset of client suites",
- ClientCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
- ServerCipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
- WantClientError: nil,
- WantServerError: nil,
- WantSelectedCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- },
- } {
- test := test
- t.Run(test.Name, func(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- ca, cb := dpipe.Pipe()
- type result struct {
- c *Conn
- err error
- }
- c := make(chan result)
-
- go func() {
- client, err := testClient(ctx, ca, &Config{CipherSuites: test.ClientCipherSuites}, true)
- c <- result{client, err}
- }()
-
- server, err := testServer(ctx, cb, &Config{CipherSuites: test.ServerCipherSuites}, true)
- if err == nil {
- defer func() {
- _ = server.Close()
- }()
- }
- if !errors.Is(err, test.WantServerError) {
- t.Errorf("TestCipherSuiteConfiguration: Server Error Mismatch '%s': expected(%v) actual(%v)", test.Name, test.WantServerError, err)
- }
-
- res := <-c
- if res.err == nil {
- _ = server.Close()
- }
- if !errors.Is(res.err, test.WantClientError) {
- t.Errorf("TestSRTPConfiguration: Client Error Mismatch '%s': expected(%v) actual(%v)", test.Name, test.WantClientError, res.err)
- }
- if test.WantSelectedCipherSuite != 0x00 && res.c.state.cipherSuite.ID() != test.WantSelectedCipherSuite {
- t.Errorf("TestCipherSuiteConfiguration: Server Selected Bad Cipher Suite '%s': expected(%v) actual(%v)", test.Name, test.WantSelectedCipherSuite, res.c.state.cipherSuite.ID())
- }
- })
- }
-}
-
-func TestCertificateAndPSKServer(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- for _, test := range []struct {
- Name string
- ClientPSK bool
- }{
- {
- Name: "Client uses PKI",
- ClientPSK: false,
- },
- {
- Name: "Client uses PSK",
- ClientPSK: true,
- },
- } {
- test := test
- t.Run(test.Name, func(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- ca, cb := dpipe.Pipe()
- type result struct {
- c *Conn
- err error
- }
- c := make(chan result)
-
- go func() {
- config := &Config{CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}}
- if test.ClientPSK {
- config.PSK = func([]byte) ([]byte, error) {
- return []byte{0x00, 0x01, 0x02}, nil
- }
- config.PSKIdentityHint = []byte{0x00}
- config.CipherSuites = []CipherSuiteID{TLS_PSK_WITH_AES_128_GCM_SHA256}
- }
-
- client, err := testClient(ctx, ca, config, false)
- c <- result{client, err}
- }()
-
- config := &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_PSK_WITH_AES_128_GCM_SHA256},
- PSK: func([]byte) ([]byte, error) {
- return []byte{0x00, 0x01, 0x02}, nil
- },
- }
-
- server, err := testServer(ctx, cb, config, true)
- if err == nil {
- defer func() {
- _ = server.Close()
- }()
- } else {
- t.Errorf("TestCertificateAndPSKServer: Server Error Mismatch '%s': expected(%v) actual(%v)", test.Name, nil, err)
- }
-
- res := <-c
- if res.err == nil {
- _ = server.Close()
- } else {
- t.Errorf("TestCertificateAndPSKServer: Client Error Mismatch '%s': expected(%v) actual(%v)", test.Name, nil, res.err)
- }
- })
- }
-}
-
-func TestPSKConfiguration(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- for _, test := range []struct {
- Name string
- ClientHasCertificate bool
- ServerHasCertificate bool
- ClientPSK PSKCallback
- ServerPSK PSKCallback
- ClientPSKIdentity []byte
- ServerPSKIdentity []byte
- WantClientError error
- WantServerError error
- }{
- {
- Name: "PSK and no certificate specified",
- ClientHasCertificate: false,
- ServerHasCertificate: false,
- ClientPSK: func([]byte) ([]byte, error) { return []byte{0x00, 0x01, 0x02}, nil },
- ServerPSK: func([]byte) ([]byte, error) { return []byte{0x00, 0x01, 0x02}, nil },
- ClientPSKIdentity: []byte{0x00},
- ServerPSKIdentity: []byte{0x00},
- WantClientError: errNoAvailablePSKCipherSuite,
- WantServerError: errNoAvailablePSKCipherSuite,
- },
- {
- Name: "PSK and certificate specified",
- ClientHasCertificate: true,
- ServerHasCertificate: true,
- ClientPSK: func([]byte) ([]byte, error) { return []byte{0x00, 0x01, 0x02}, nil },
- ServerPSK: func([]byte) ([]byte, error) { return []byte{0x00, 0x01, 0x02}, nil },
- ClientPSKIdentity: []byte{0x00},
- ServerPSKIdentity: []byte{0x00},
- WantClientError: errNoAvailablePSKCipherSuite,
- WantServerError: errNoAvailablePSKCipherSuite,
- },
- {
- Name: "PSK and no identity specified",
- ClientHasCertificate: false,
- ServerHasCertificate: false,
- ClientPSK: func([]byte) ([]byte, error) { return []byte{0x00, 0x01, 0x02}, nil },
- ServerPSK: func([]byte) ([]byte, error) { return []byte{0x00, 0x01, 0x02}, nil },
- ClientPSKIdentity: nil,
- ServerPSKIdentity: nil,
- WantClientError: errPSKAndIdentityMustBeSetForClient,
- WantServerError: errNoAvailablePSKCipherSuite,
- },
- {
- Name: "No PSK and identity specified",
- ClientHasCertificate: false,
- ServerHasCertificate: false,
- ClientPSK: nil,
- ServerPSK: nil,
- ClientPSKIdentity: []byte{0x00},
- ServerPSKIdentity: []byte{0x00},
- WantClientError: errIdentityNoPSK,
- WantServerError: errIdentityNoPSK,
- },
- } {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- ca, cb := dpipe.Pipe()
- type result struct {
- c *Conn
- err error
- }
- c := make(chan result)
-
- go func() {
- client, err := testClient(ctx, ca, &Config{PSK: test.ClientPSK, PSKIdentityHint: test.ClientPSKIdentity}, test.ClientHasCertificate)
- c <- result{client, err}
- }()
-
- _, err := testServer(ctx, cb, &Config{PSK: test.ServerPSK, PSKIdentityHint: test.ServerPSKIdentity}, test.ServerHasCertificate)
- if err != nil || test.WantServerError != nil {
- if !(err != nil && test.WantServerError != nil && err.Error() == test.WantServerError.Error()) {
- t.Fatalf("TestPSKConfiguration: Server Error Mismatch '%s': expected(%v) actual(%v)", test.Name, test.WantServerError, err)
- }
- }
-
- res := <-c
- if res.err != nil || test.WantClientError != nil {
- if !(res.err != nil && test.WantClientError != nil && res.err.Error() == test.WantClientError.Error()) {
- t.Fatalf("TestPSKConfiguration: Client Error Mismatch '%s': expected(%v) actual(%v)", test.Name, test.WantClientError, res.err)
- }
- }
- }
-}
-
-func TestServerTimeout(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- cookie := make([]byte, 20)
- _, err := rand.Read(cookie)
- if err != nil {
- t.Fatal(err)
- }
-
- var rand [28]byte
- random := handshake.Random{GMTUnixTime: time.Unix(500, 0), RandomBytes: rand}
-
- cipherSuites := []CipherSuite{
- &ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256{},
- &ciphersuite.TLSEcdheRsaWithAes128GcmSha256{},
- }
-
- extensions := []extension.Extension{
- &extension.SupportedSignatureAlgorithms{
- SignatureHashAlgorithms: []signaturehash.Algorithm{
- {Hash: hash.SHA256, Signature: signature.ECDSA},
- {Hash: hash.SHA384, Signature: signature.ECDSA},
- {Hash: hash.SHA512, Signature: signature.ECDSA},
- {Hash: hash.SHA256, Signature: signature.RSA},
- {Hash: hash.SHA384, Signature: signature.RSA},
- {Hash: hash.SHA512, Signature: signature.RSA},
- },
- },
- &extension.SupportedEllipticCurves{
- EllipticCurves: []elliptic.Curve{elliptic.X25519, elliptic.P256, elliptic.P384},
- },
- &extension.SupportedPointFormats{
- PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
- },
- }
-
- record := &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- SequenceNumber: 0,
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- // sequenceNumber and messageSequence line up, may need to be re-evaluated
- Header: handshake.Header{
- MessageSequence: 0,
- },
- Message: &handshake.MessageClientHello{
- Version: protocol.Version1_2,
- Cookie: cookie,
- Random: random,
- CipherSuiteIDs: cipherSuiteIDs(cipherSuites),
- CompressionMethods: defaultCompressionMethods(),
- Extensions: extensions,
- },
- },
- }
-
- packet, err := record.Marshal()
- if err != nil {
- t.Fatal(err)
- }
-
- ca, cb := dpipe.Pipe()
- defer func() {
- err := ca.Close()
- if err != nil {
- t.Fatal(err)
- }
- }()
-
- // Client reader
- caReadChan := make(chan []byte, 1000)
- go func() {
- for {
- data := make([]byte, 8192)
- n, err := ca.Read(data)
- if err != nil {
- return
- }
-
- caReadChan <- data[:n]
- }
- }()
-
- // Start sending ClientHello packets until server responds with first packet
- go func() {
- for {
- select {
- case <-time.After(10 * time.Millisecond):
- _, err := ca.Write(packet)
- if err != nil {
- return
- }
- case <-caReadChan:
- // Once we receive the first reply from the server, stop
- return
- }
- }
- }()
-
- ctx, cancel := context.WithTimeout(context.Background(), 50*time.Millisecond)
- defer cancel()
-
- config := &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- FlightInterval: 100 * time.Millisecond,
- }
-
- _, serverErr := testServer(ctx, cb, config, true)
- if netErr, ok := serverErr.(net.Error); !ok || !netErr.Timeout() {
- t.Fatalf("Client error exp(Temporary network error) failed(%v)", serverErr)
- }
-
- // Wait a little longer to ensure no additional messages have been sent by the server
- time.Sleep(300 * time.Millisecond)
- select {
- case msg := <-caReadChan:
- t.Fatalf("Expected no additional messages from server, got: %+v", msg)
- default:
- }
-}
-
-func TestProtocolVersionValidation(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- cookie := make([]byte, 20)
- if _, err := rand.Read(cookie); err != nil {
- t.Fatal(err)
- }
-
- var rand [28]byte
- random := handshake.Random{GMTUnixTime: time.Unix(500, 0), RandomBytes: rand}
-
- localKeypair, err := elliptic.GenerateKeypair(elliptic.X25519)
- if err != nil {
- t.Fatal(err)
- }
-
- config := &Config{
- CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- FlightInterval: 100 * time.Millisecond,
- }
-
- t.Run("Server", func(t *testing.T) {
- serverCases := map[string]struct {
- records []*recordlayer.RecordLayer
- }{
- "ClientHelloVersion": {
- records: []*recordlayer.RecordLayer{
- {
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageClientHello{
- Version: protocol.Version{Major: 0xfe, Minor: 0xff}, // try to downgrade
- Cookie: cookie,
- Random: random,
- CipherSuiteIDs: []uint16{uint16((&ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256{}).ID())},
- CompressionMethods: defaultCompressionMethods(),
- },
- },
- },
- },
- },
- "SecondsClientHelloVersion": {
- records: []*recordlayer.RecordLayer{
- {
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageClientHello{
- Version: protocol.Version1_2,
- Cookie: cookie,
- Random: random,
- CipherSuiteIDs: []uint16{uint16((&ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256{}).ID())},
- CompressionMethods: defaultCompressionMethods(),
- },
- },
- },
- {
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- SequenceNumber: 1,
- },
- Content: &handshake.Handshake{
- Header: handshake.Header{
- MessageSequence: 1,
- },
- Message: &handshake.MessageClientHello{
- Version: protocol.Version{Major: 0xfe, Minor: 0xff}, // try to downgrade
- Cookie: cookie,
- Random: random,
- CipherSuiteIDs: []uint16{uint16((&ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256{}).ID())},
- CompressionMethods: defaultCompressionMethods(),
- },
- },
- },
- },
- },
- }
- for name, c := range serverCases {
- c := c
- t.Run(name, func(t *testing.T) {
- ca, cb := dpipe.Pipe()
- defer func() {
- err := ca.Close()
- if err != nil {
- t.Error(err)
- }
- }()
-
- ctx, cancel := context.WithTimeout(context.Background(), time.Second)
- defer cancel()
-
- var wg sync.WaitGroup
- wg.Add(1)
- defer wg.Wait()
- go func() {
- defer wg.Done()
- if _, err := testServer(ctx, cb, config, true); !errors.Is(err, errUnsupportedProtocolVersion) {
- t.Errorf("Client error exp(%v) failed(%v)", errUnsupportedProtocolVersion, err)
- }
- }()
-
- time.Sleep(50 * time.Millisecond)
-
- resp := make([]byte, 1024)
- for _, record := range c.records {
- packet, err := record.Marshal()
- if err != nil {
- t.Fatal(err)
- }
- if _, werr := ca.Write(packet); werr != nil {
- t.Fatal(werr)
- }
- n, rerr := ca.Read(resp[:cap(resp)])
- if rerr != nil {
- t.Fatal(rerr)
- }
- resp = resp[:n]
- }
-
- h := &recordlayer.Header{}
- if err := h.Unmarshal(resp); err != nil {
- t.Fatal("Failed to unmarshal response")
- }
- if h.ContentType != protocol.ContentTypeAlert {
- t.Errorf("Peer must return alert to unsupported protocol version")
- }
- })
- }
- })
-
- t.Run("Client", func(t *testing.T) {
- clientCases := map[string]struct {
- records []*recordlayer.RecordLayer
- }{
- "ServerHelloVersion": {
- records: []*recordlayer.RecordLayer{
- {
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageHelloVerifyRequest{
- Version: protocol.Version1_2,
- Cookie: cookie,
- },
- },
- },
- {
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- SequenceNumber: 1,
- },
- Content: &handshake.Handshake{
- Header: handshake.Header{
- MessageSequence: 1,
- },
- Message: &handshake.MessageServerHello{
- Version: protocol.Version{Major: 0xfe, Minor: 0xff}, // try to downgrade
- Random: random,
- CipherSuiteID: func() *uint16 { id := uint16(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256); return &id }(),
- CompressionMethod: defaultCompressionMethods()[0],
- },
- },
- },
- {
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- SequenceNumber: 2,
- },
- Content: &handshake.Handshake{
- Header: handshake.Header{
- MessageSequence: 2,
- },
- Message: &handshake.MessageCertificate{},
- },
- },
- {
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- SequenceNumber: 3,
- },
- Content: &handshake.Handshake{
- Header: handshake.Header{
- MessageSequence: 3,
- },
- Message: &handshake.MessageServerKeyExchange{
- EllipticCurveType: elliptic.CurveTypeNamedCurve,
- NamedCurve: elliptic.X25519,
- PublicKey: localKeypair.PublicKey,
- HashAlgorithm: hash.SHA256,
- SignatureAlgorithm: signature.ECDSA,
- Signature: make([]byte, 64),
- },
- },
- },
- {
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- SequenceNumber: 4,
- },
- Content: &handshake.Handshake{
- Header: handshake.Header{
- MessageSequence: 4,
- },
- Message: &handshake.MessageServerHelloDone{},
- },
- },
- },
- },
- }
- for name, c := range clientCases {
- c := c
- t.Run(name, func(t *testing.T) {
- ca, cb := dpipe.Pipe()
- defer func() {
- err := ca.Close()
- if err != nil {
- t.Error(err)
- }
- }()
-
- ctx, cancel := context.WithTimeout(context.Background(), time.Second)
- defer cancel()
-
- var wg sync.WaitGroup
- wg.Add(1)
- defer wg.Wait()
- go func() {
- defer wg.Done()
- if _, err := testClient(ctx, cb, config, true); !errors.Is(err, errUnsupportedProtocolVersion) {
- t.Errorf("Server error exp(%v) failed(%v)", errUnsupportedProtocolVersion, err)
- }
- }()
-
- time.Sleep(50 * time.Millisecond)
-
- for _, record := range c.records {
- if _, err := ca.Read(make([]byte, 1024)); err != nil {
- t.Fatal(err)
- }
-
- packet, err := record.Marshal()
- if err != nil {
- t.Fatal(err)
- }
- if _, err := ca.Write(packet); err != nil {
- t.Fatal(err)
- }
- }
- resp := make([]byte, 1024)
- n, err := ca.Read(resp)
- if err != nil {
- t.Fatal(err)
- }
- resp = resp[:n]
-
- h := &recordlayer.Header{}
- if err := h.Unmarshal(resp); err != nil {
- t.Fatal("Failed to unmarshal response")
- }
- if h.ContentType != protocol.ContentTypeAlert {
- t.Errorf("Peer must return alert to unsupported protocol version")
- }
- })
- }
- })
-}
-
-func TestMultipleHelloVerifyRequest(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- cookies := [][]byte{
- // first clientHello contains an empty cookie
- {},
- }
- var packets [][]byte
- for i := 0; i < 2; i++ {
- cookie := make([]byte, 20)
- if _, err := rand.Read(cookie); err != nil {
- t.Fatal(err)
- }
- cookies = append(cookies, cookie)
-
- record := &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- SequenceNumber: uint64(i),
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Header: handshake.Header{
- MessageSequence: uint16(i),
- },
- Message: &handshake.MessageHelloVerifyRequest{
- Version: protocol.Version1_2,
- Cookie: cookie,
- },
- },
- }
- packet, err := record.Marshal()
- if err != nil {
- t.Fatal(err)
- }
- packets = append(packets, packet)
- }
-
- ca, cb := dpipe.Pipe()
- defer func() {
- err := ca.Close()
- if err != nil {
- t.Error(err)
- }
- }()
-
- ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
- defer cancel()
-
- var wg sync.WaitGroup
- wg.Add(1)
- defer wg.Wait()
- go func() {
- defer wg.Done()
- _, _ = testClient(ctx, ca, &Config{}, false)
- }()
-
- for i, cookie := range cookies {
- // read client hello
- resp := make([]byte, 1024)
- n, err := cb.Read(resp)
- if err != nil {
- t.Fatal(err)
- }
- record := &recordlayer.RecordLayer{}
- if err := record.Unmarshal(resp[:n]); err != nil {
- t.Fatal(err)
- }
- clientHello := record.Content.(*handshake.Handshake).Message.(*handshake.MessageClientHello)
- if !bytes.Equal(clientHello.Cookie, cookie) {
- t.Fatalf("Wrong cookie, expected: %x, got: %x", clientHello.Cookie, cookie)
- }
- if len(packets) <= i {
- break
- }
- // write hello verify request
- if _, err := cb.Write(packets[i]); err != nil {
- t.Fatal(err)
- }
- }
- cancel()
-}
-
-// Assert that a DTLS Server always responds with RenegotiationInfo if
-// a ClientHello contained that extension or not
-func TestRenegotationInfo(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(10 * time.Second)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- resp := make([]byte, 1024)
-
- for _, testCase := range []struct {
- Name string
- SendRenegotiationInfo bool
- }{
- {
- "Include RenegotiationInfo",
- true,
- },
- {
- "No RenegotiationInfo",
- false,
- },
- } {
- test := testCase
- t.Run(test.Name, func(t *testing.T) {
- sendClientHello := func(cookie []byte, ca net.Conn, sequenceNumber uint64) {
- extensions := []extension.Extension{}
- if test.SendRenegotiationInfo {
- extensions = append(extensions, &extension.RenegotiationInfo{
- RenegotiatedConnection: 0,
- })
- }
-
- packet, err := (&recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- SequenceNumber: sequenceNumber,
- },
- Content: &handshake.Handshake{
- Header: handshake.Header{
- MessageSequence: uint16(sequenceNumber),
- },
- Message: &handshake.MessageClientHello{
- Version: protocol.Version1_2,
- Cookie: cookie,
- CipherSuiteIDs: cipherSuiteIDs(defaultCipherSuites()),
- CompressionMethods: defaultCompressionMethods(),
- Extensions: extensions,
- },
- },
- }).Marshal()
- if err != nil {
- t.Fatal(err)
- }
-
- if _, err = ca.Write(packet); err != nil {
- t.Fatal(err)
- }
- }
-
- ca, cb := dpipe.Pipe()
- defer func() {
- if err := ca.Close(); err != nil {
- t.Error(err)
- }
- }()
-
- ctx, cancel := context.WithCancel(context.Background())
- defer cancel()
-
- go func() {
- if _, err := testServer(ctx, cb, &Config{}, true); !errors.Is(err, context.Canceled) {
- t.Error(err)
- }
- }()
-
- time.Sleep(50 * time.Millisecond)
-
- sendClientHello([]byte{}, ca, 0)
- n, err := ca.Read(resp)
- if err != nil {
- t.Fatal(err)
- }
- r := &recordlayer.RecordLayer{}
- if err = r.Unmarshal(resp[:n]); err != nil {
- t.Fatal(err)
- }
-
- helloVerifyRequest := r.Content.(*handshake.Handshake).Message.(*handshake.MessageHelloVerifyRequest)
-
- sendClientHello(helloVerifyRequest.Cookie, ca, 1)
- if n, err = ca.Read(resp); err != nil {
- t.Fatal(err)
- }
-
- messages, err := recordlayer.UnpackDatagram(resp[:n])
- if err != nil {
- t.Fatal(err)
- }
-
- if err := r.Unmarshal(messages[0]); err != nil {
- t.Fatal(err)
- }
-
- serverHello := r.Content.(*handshake.Handshake).Message.(*handshake.MessageServerHello)
- gotNegotationInfo := false
- for _, v := range serverHello.Extensions {
- if _, ok := v.(*extension.RenegotiationInfo); ok {
- gotNegotationInfo = true
- }
- }
-
- if !gotNegotationInfo {
- t.Fatalf("Received ServerHello without RenegotiationInfo")
- }
- })
- }
-}
diff --git a/dtls-2.0.9/crypto.go b/dtls-2.0.9/crypto.go
deleted file mode 100644
index 768ee47..0000000
--- a/dtls-2.0.9/crypto.go
+++ /dev/null
@@ -1,221 +0,0 @@
-package dtls
-
-import (
- "crypto"
- "crypto/ecdsa"
- "crypto/ed25519"
- "crypto/rand"
- "crypto/rsa"
- "crypto/sha256"
- "crypto/x509"
- "encoding/asn1"
- "encoding/binary"
- "math/big"
- "time"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/crypto/hash"
-)
-
-type ecdsaSignature struct {
- R, S *big.Int
-}
-
-func valueKeyMessage(clientRandom, serverRandom, publicKey []byte, namedCurve elliptic.Curve) []byte {
- serverECDHParams := make([]byte, 4)
- serverECDHParams[0] = 3 // named curve
- binary.BigEndian.PutUint16(serverECDHParams[1:], uint16(namedCurve))
- serverECDHParams[3] = byte(len(publicKey))
-
- plaintext := []byte{}
- plaintext = append(plaintext, clientRandom...)
- plaintext = append(plaintext, serverRandom...)
- plaintext = append(plaintext, serverECDHParams...)
- plaintext = append(plaintext, publicKey...)
-
- return plaintext
-}
-
-// If the client provided a "signature_algorithms" extension, then all
-// certificates provided by the server MUST be signed by a
-// hash/signature algorithm pair that appears in that extension
-//
-// https://tools.ietf.org/html/rfc5246#section-7.4.2
-func generateKeySignature(clientRandom, serverRandom, publicKey []byte, namedCurve elliptic.Curve, privateKey crypto.PrivateKey, hashAlgorithm hash.Algorithm) ([]byte, error) {
- msg := valueKeyMessage(clientRandom, serverRandom, publicKey, namedCurve)
- switch p := privateKey.(type) {
- case ed25519.PrivateKey:
- // https://crypto.stackexchange.com/a/55483
- return p.Sign(rand.Reader, msg, crypto.Hash(0))
- case *ecdsa.PrivateKey:
- hashed := hashAlgorithm.Digest(msg)
- return p.Sign(rand.Reader, hashed, hashAlgorithm.CryptoHash())
- case *rsa.PrivateKey:
- hashed := hashAlgorithm.Digest(msg)
- return p.Sign(rand.Reader, hashed, hashAlgorithm.CryptoHash())
- }
-
- return nil, errKeySignatureGenerateUnimplemented
-}
-
-func verifyKeySignature(message, remoteKeySignature []byte, hashAlgorithm hash.Algorithm, rawCertificates [][]byte) error { //nolint:dupl
- if len(rawCertificates) == 0 {
- return errLengthMismatch
- }
- certificate, err := x509.ParseCertificate(rawCertificates[0])
- if err != nil {
- return err
- }
-
- switch p := certificate.PublicKey.(type) {
- case ed25519.PublicKey:
- if ok := ed25519.Verify(p, message, remoteKeySignature); !ok {
- return errKeySignatureMismatch
- }
- return nil
- case *ecdsa.PublicKey:
- ecdsaSig := &ecdsaSignature{}
- if _, err := asn1.Unmarshal(remoteKeySignature, ecdsaSig); err != nil {
- return err
- }
- if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
- return errInvalidECDSASignature
- }
- hashed := hashAlgorithm.Digest(message)
- if !ecdsa.Verify(p, hashed, ecdsaSig.R, ecdsaSig.S) {
- return errKeySignatureMismatch
- }
- return nil
- case *rsa.PublicKey:
- switch certificate.SignatureAlgorithm {
- case x509.SHA1WithRSA, x509.SHA256WithRSA, x509.SHA384WithRSA, x509.SHA512WithRSA:
- hashed := hashAlgorithm.Digest(message)
- return rsa.VerifyPKCS1v15(p, hashAlgorithm.CryptoHash(), hashed, remoteKeySignature)
- default:
- return errKeySignatureVerifyUnimplemented
- }
- }
-
- return errKeySignatureVerifyUnimplemented
-}
-
-// If the server has sent a CertificateRequest message, the client MUST send the Certificate
-// message. The ClientKeyExchange message is now sent, and the content
-// of that message will depend on the public key algorithm selected
-// between the ClientHello and the ServerHello. If the client has sent
-// a certificate with signing ability, a digitally-signed
-// CertificateVerify message is sent to explicitly verify possession of
-// the private key in the certificate.
-// https://tools.ietf.org/html/rfc5246#section-7.3
-func generateCertificateVerify(handshakeBodies []byte, privateKey crypto.PrivateKey, hashAlgorithm hash.Algorithm) ([]byte, error) {
- h := sha256.New()
- if _, err := h.Write(handshakeBodies); err != nil {
- return nil, err
- }
- hashed := h.Sum(nil)
-
- switch p := privateKey.(type) {
- case ed25519.PrivateKey:
- // https://crypto.stackexchange.com/a/55483
- return p.Sign(rand.Reader, hashed, crypto.Hash(0))
- case *ecdsa.PrivateKey:
- return p.Sign(rand.Reader, hashed, hashAlgorithm.CryptoHash())
- case *rsa.PrivateKey:
- return p.Sign(rand.Reader, hashed, hashAlgorithm.CryptoHash())
- }
-
- return nil, errInvalidSignatureAlgorithm
-}
-
-func verifyCertificateVerify(handshakeBodies []byte, hashAlgorithm hash.Algorithm, remoteKeySignature []byte, rawCertificates [][]byte) error { //nolint:dupl
- if len(rawCertificates) == 0 {
- return errLengthMismatch
- }
- certificate, err := x509.ParseCertificate(rawCertificates[0])
- if err != nil {
- return err
- }
-
- switch p := certificate.PublicKey.(type) {
- case ed25519.PublicKey:
- if ok := ed25519.Verify(p, handshakeBodies, remoteKeySignature); !ok {
- return errKeySignatureMismatch
- }
- return nil
- case *ecdsa.PublicKey:
- ecdsaSig := &ecdsaSignature{}
- if _, err := asn1.Unmarshal(remoteKeySignature, ecdsaSig); err != nil {
- return err
- }
- if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
- return errInvalidECDSASignature
- }
- hash := hashAlgorithm.Digest(handshakeBodies)
- if !ecdsa.Verify(p, hash, ecdsaSig.R, ecdsaSig.S) {
- return errKeySignatureMismatch
- }
- return nil
- case *rsa.PublicKey:
- switch certificate.SignatureAlgorithm {
- case x509.SHA1WithRSA, x509.SHA256WithRSA, x509.SHA384WithRSA, x509.SHA512WithRSA:
- hash := hashAlgorithm.Digest(handshakeBodies)
- return rsa.VerifyPKCS1v15(p, hashAlgorithm.CryptoHash(), hash, remoteKeySignature)
- default:
- return errKeySignatureVerifyUnimplemented
- }
- }
-
- return errKeySignatureVerifyUnimplemented
-}
-
-func loadCerts(rawCertificates [][]byte) ([]*x509.Certificate, error) {
- if len(rawCertificates) == 0 {
- return nil, errLengthMismatch
- }
-
- certs := make([]*x509.Certificate, 0, len(rawCertificates))
- for _, rawCert := range rawCertificates {
- cert, err := x509.ParseCertificate(rawCert)
- if err != nil {
- return nil, err
- }
- certs = append(certs, cert)
- }
- return certs, nil
-}
-
-func verifyClientCert(rawCertificates [][]byte, roots *x509.CertPool) (chains [][]*x509.Certificate, err error) {
- certificate, err := loadCerts(rawCertificates)
- if err != nil {
- return nil, err
- }
- intermediateCAPool := x509.NewCertPool()
- for _, cert := range certificate[1:] {
- intermediateCAPool.AddCert(cert)
- }
- opts := x509.VerifyOptions{
- Roots: roots,
- CurrentTime: time.Now(),
- Intermediates: intermediateCAPool,
- KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
- }
- return certificate[0].Verify(opts)
-}
-
-func verifyServerCert(rawCertificates [][]byte, roots *x509.CertPool, serverName string) (chains [][]*x509.Certificate, err error) {
- certificate, err := loadCerts(rawCertificates)
- if err != nil {
- return nil, err
- }
- intermediateCAPool := x509.NewCertPool()
- for _, cert := range certificate[1:] {
- intermediateCAPool.AddCert(cert)
- }
- opts := x509.VerifyOptions{
- Roots: roots,
- CurrentTime: time.Now(),
- DNSName: serverName,
- Intermediates: intermediateCAPool,
- }
- return certificate[0].Verify(opts)
-}
diff --git a/dtls-2.0.9/crypto_test.go b/dtls-2.0.9/crypto_test.go
deleted file mode 100644
index 03b714d..0000000
--- a/dtls-2.0.9/crypto_test.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package dtls
-
-import (
- "bytes"
- "crypto/x509"
- "encoding/pem"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/crypto/hash"
-)
-
-const rawPrivateKey = `
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAxIA2BrrnR2sIlATsp7aRBD/3krwZ7vt9dNeoDQAee0s6SuYP
-6MBx/HPnAkwNvPS90R05a7pwRkoT6Ur4PfPhCVlUe8lV+0Eto3ZSEeHz3HdsqlM3
-bso67L7Dqrc7MdVstlKcgJi8yeAoGOIL9/igOv0XBFCeznm9nznx6mnsR5cugw+1
-ypXelaHmBCLV7r5SeVSh57+KhvZGbQ2fFpUaTPegRpJZXBNS8lSeWvtOv9d6N5UB
-ROTAJodMZT5AfX0jB0QB9IT/0I96H6BSENH08NXOeXApMuLKvnAf361rS7cRAfRL
-rWZqERMP4u6Cnk0Cnckc3WcW27kGGIbtwbqUIQIDAQABAoIBAGF7OVIdZp8Hejn0
-N3L8HvT8xtUEe9kS6ioM0lGgvX5s035Uo4/T6LhUx0VcdXRH9eLHnLTUyN4V4cra
-ZkxVsE3zAvZl60G6E+oDyLMWZOP6Wu4kWlub9597A5atT7BpMIVCdmFVZFLB4SJ3
-AXkC3nplFAYP+Lh1rJxRIrIn2g+pEeBboWbYA++oDNuMQffDZaokTkJ8Bn1JZYh0
-xEXKY8Bi2Egd5NMeZa1UFO6y8tUbZfwgVs6Enq5uOgtfayq79vZwyjj1kd29MBUD
-8g8byV053ZKxbUOiOuUts97eb+fN3DIDRTcT2c+lXt/4C54M1FclJAbtYRK/qwsl
-pYWKQAECgYEA4ZUbqQnTo1ICvj81ifGrz+H4LKQqe92Hbf/W51D/Umk2kP702W22
-HP4CvrJRtALThJIG9m2TwUjl/WAuZIBrhSAbIvc3Fcoa2HjdRp+sO5U1ueDq7d/S
-Z+PxRI8cbLbRpEdIaoR46qr/2uWZ943PHMv9h4VHPYn1w8b94hwD6vkCgYEA3v87
-mFLzyM9ercnEv9zHMRlMZFQhlcUGQZvfb8BuJYl/WogyT6vRrUuM0QXULNEPlrin
-mBQTqc1nCYbgkFFsD2VVt1qIyiAJsB9MD1LNV6YuvE7T2KOSadmsA4fa9PUqbr71
-hf3lTTq+LeR09LebO7WgSGYY+5YKVOEGpYMR1GkCgYEAxPVQmk3HKHEhjgRYdaG5
-lp9A9ZE8uruYVJWtiHgzBTxx9TV2iST+fd/We7PsHFTfY3+wbpcMDBXfIVRKDVwH
-BMwchXH9+Ztlxx34bYJaegd0SmA0Hw9ugWEHNgoSEmWpM1s9wir5/ELjc7dGsFtz
-uzvsl9fpdLSxDYgAAdzeGtkCgYBAzKIgrVox7DBzB8KojhtD5ToRnXD0+H/M6OKQ
-srZPKhlb0V/tTtxrIx0UUEFLlKSXA6mPw6XDHfDnD86JoV9pSeUSlrhRI+Ysy6tq
-eIE7CwthpPZiaYXORHZ7wCqcK/HcpJjsCs9rFbrV0yE5S3FMdIbTAvgXg44VBB7O
-UbwIoQKBgDuY8gSrA5/A747wjjmsdRWK4DMTMEV4eCW1BEP7Tg7Cxd5n3xPJiYhr
-nhLGN+mMnVIcv2zEMS0/eNZr1j/0BtEdx+3IC6Eq+ONY0anZ4Irt57/5QeKgKn/L
-JPhfPySIPG4UmwE4gW8t79vfOKxnUu2fDD1ZXUYopan6EckACNH/
------END RSA PRIVATE KEY-----
-`
-
-func TestGenerateKeySignature(t *testing.T) {
- block, _ := pem.Decode([]byte(rawPrivateKey))
- key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
- if err != nil {
- t.Error(err)
- }
-
- clientRandom := []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}
- serverRandom := []byte{0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f}
- publicKey := []byte{0x20, 0x9f, 0xd7, 0xad, 0x6d, 0xcf, 0xf4, 0x29, 0x8d, 0xd3, 0xf9, 0x6d, 0x5b, 0x1b, 0x2a, 0xf9, 0x10, 0xa0, 0x53, 0x5b, 0x14, 0x88, 0xd7, 0xf8, 0xfa, 0xbb, 0x34, 0x9a, 0x98, 0x28, 0x80, 0xb6, 0x15}
- expectedSignature := []byte{
- 0x6f, 0x47, 0x97, 0x85, 0xcc, 0x76, 0x50, 0x93, 0xbd, 0xe2, 0x6a, 0x69, 0x0b, 0xc3, 0x03, 0xd1, 0xb7, 0xe4, 0xab, 0x88, 0x7b, 0xa6, 0x52, 0x80, 0xdf,
- 0xaa, 0x25, 0x7a, 0xdb, 0x29, 0x32, 0xe4, 0xd8, 0x28, 0x28, 0xb3, 0xe8, 0x04, 0x3c, 0x38, 0x16, 0xfc, 0x78, 0xe9, 0x15, 0x7b, 0xc5, 0xbd, 0x7d, 0xfc,
- 0xcd, 0x83, 0x00, 0x57, 0x4a, 0x3c, 0x23, 0x85, 0x75, 0x6b, 0x37, 0xd5, 0x89, 0x72, 0x73, 0xf0, 0x44, 0x8c, 0x00, 0x70, 0x1f, 0x6e, 0xa2, 0x81, 0xd0,
- 0x09, 0xc5, 0x20, 0x36, 0xab, 0x23, 0x09, 0x40, 0x1f, 0x4d, 0x45, 0x96, 0x62, 0xbb, 0x81, 0xb0, 0x30, 0x72, 0xad, 0x3a, 0x0a, 0xac, 0x31, 0x63, 0x40,
- 0x52, 0x0a, 0x27, 0xf3, 0x34, 0xde, 0x27, 0x7d, 0xb7, 0x54, 0xff, 0x0f, 0x9f, 0x5a, 0xfe, 0x07, 0x0f, 0x4e, 0x9f, 0x53, 0x04, 0x34, 0x62, 0xf4, 0x30,
- 0x74, 0x83, 0x35, 0xfc, 0xe4, 0x7e, 0xbf, 0x5a, 0xc4, 0x52, 0xd0, 0xea, 0xf9, 0x61, 0x4e, 0xf5, 0x1c, 0x0e, 0x58, 0x02, 0x71, 0xfb, 0x1f, 0x34, 0x55,
- 0xe8, 0x36, 0x70, 0x3c, 0xc1, 0xcb, 0xc9, 0xb7, 0xbb, 0xb5, 0x1c, 0x44, 0x9a, 0x6d, 0x88, 0x78, 0x98, 0xd4, 0x91, 0x2e, 0xeb, 0x98, 0x81, 0x23, 0x30,
- 0x73, 0x39, 0x43, 0xd5, 0xbb, 0x70, 0x39, 0xba, 0x1f, 0xdb, 0x70, 0x9f, 0x91, 0x83, 0x56, 0xc2, 0xde, 0xed, 0x17, 0x6d, 0x2c, 0x3e, 0x21, 0xea, 0x36,
- 0xb4, 0x91, 0xd8, 0x31, 0x05, 0x60, 0x90, 0xfd, 0xc6, 0x74, 0xa9, 0x7b, 0x18, 0xfc, 0x1c, 0x6a, 0x1c, 0x6e, 0xec, 0xd3, 0xc1, 0xc0, 0x0d, 0x11, 0x25,
- 0x48, 0x37, 0x3d, 0x45, 0x11, 0xa2, 0x31, 0x14, 0x0a, 0x66, 0x9f, 0xd8, 0xac, 0x74, 0xa2, 0xcd, 0xc8, 0x79, 0xb3, 0x9e, 0xc6, 0x66, 0x25, 0xcf, 0x2c,
- 0x87, 0x5e, 0x5c, 0x36, 0x75, 0x86,
- }
-
- signature, err := generateKeySignature(clientRandom, serverRandom, publicKey, elliptic.X25519, key, hash.SHA256)
- if err != nil {
- t.Error(err)
- } else if !bytes.Equal(expectedSignature, signature) {
- t.Errorf("Signature generation failed \nexp % 02x \nactual % 02x ", expectedSignature, signature)
- }
-}
diff --git a/dtls-2.0.9/dtls.go b/dtls-2.0.9/dtls.go
deleted file mode 100644
index 125b904..0000000
--- a/dtls-2.0.9/dtls.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package dtls implements Datagram Transport Layer Security (DTLS) 1.2
-package dtls
diff --git a/dtls-2.0.9/e2e/Dockerfile b/dtls-2.0.9/e2e/Dockerfile
deleted file mode 100644
index 7166fbc..0000000
--- a/dtls-2.0.9/e2e/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
-FROM golang:1.14-alpine3.11
-
-RUN apk add --no-cache \
- openssl
-
-ENV CGO_ENABLED=0
-
-COPY . /go/src/github.com/pion/dtls
-WORKDIR /go/src/github.com/pion/dtls/e2e
-
-CMD ["go", "test", "-tags=openssl", "-v", "."]
diff --git a/dtls-2.0.9/e2e/e2e.go b/dtls-2.0.9/e2e/e2e.go
deleted file mode 100644
index 1a2b024..0000000
--- a/dtls-2.0.9/e2e/e2e.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package e2e contains end to end tests for pion/dtls
-package e2e
diff --git a/dtls-2.0.9/e2e/e2e_lossy_test.go b/dtls-2.0.9/e2e/e2e_lossy_test.go
deleted file mode 100644
index 92a4074..0000000
--- a/dtls-2.0.9/e2e/e2e_lossy_test.go
+++ /dev/null
@@ -1,207 +0,0 @@
-package e2e
-
-import (
- "crypto/tls"
- "fmt"
- "math/rand"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2"
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
- transportTest "github.com/pion/transport/test"
-)
-
-const (
- flightInterval = time.Millisecond * 100
- lossyTestTimeout = 30 * time.Second
-)
-
-/*
- DTLS Client/Server over a lossy transport, just asserts it can handle at increasing increments
-*/
-func TestPionE2ELossy(t *testing.T) {
- // Check for leaking routines
- report := transportTest.CheckRoutines(t)
- defer report()
-
- type runResult struct {
- dtlsConn *dtls.Conn
- err error
- }
-
- serverCert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
-
- clientCert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
-
- for _, test := range []struct {
- LossChanceRange int
- DoClientAuth bool
- CipherSuites []dtls.CipherSuiteID
- MTU int
- }{
- {
- LossChanceRange: 0,
- },
- {
- LossChanceRange: 10,
- },
- {
- LossChanceRange: 20,
- },
- {
- LossChanceRange: 50,
- },
- {
- LossChanceRange: 0,
- DoClientAuth: true,
- },
- {
- LossChanceRange: 10,
- DoClientAuth: true,
- },
- {
- LossChanceRange: 20,
- DoClientAuth: true,
- },
- {
- LossChanceRange: 50,
- DoClientAuth: true,
- },
- {
- LossChanceRange: 0,
- CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
- },
- {
- LossChanceRange: 10,
- CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
- },
- {
- LossChanceRange: 20,
- CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
- },
- {
- LossChanceRange: 50,
- CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
- },
- {
- LossChanceRange: 10,
- MTU: 100,
- DoClientAuth: true,
- },
- {
- LossChanceRange: 20,
- MTU: 100,
- DoClientAuth: true,
- },
- {
- LossChanceRange: 50,
- MTU: 100,
- DoClientAuth: true,
- },
- } {
- name := fmt.Sprintf("Loss%d_MTU%d", test.LossChanceRange, test.MTU)
- if test.DoClientAuth {
- name += "_WithCliAuth"
- }
- for _, ciph := range test.CipherSuites {
- name += "_With" + ciph.String()
- }
- test := test
- t.Run(name, func(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := transportTest.TimeOut(lossyTestTimeout + time.Second)
- defer lim.Stop()
-
- rand.Seed(time.Now().UTC().UnixNano())
- chosenLoss := rand.Intn(9) + test.LossChanceRange //nolint:gosec
- serverDone := make(chan runResult)
- clientDone := make(chan runResult)
- br := transportTest.NewBridge()
-
- if err = br.SetLossChance(chosenLoss); err != nil {
- t.Fatal(err)
- }
-
- go func() {
- cfg := &dtls.Config{
- FlightInterval: flightInterval,
- CipherSuites: test.CipherSuites,
- InsecureSkipVerify: true,
- MTU: test.MTU,
- }
-
- if test.DoClientAuth {
- cfg.Certificates = []tls.Certificate{clientCert}
- }
-
- client, startupErr := dtls.Client(br.GetConn0(), cfg)
- clientDone <- runResult{client, startupErr}
- }()
-
- go func() {
- cfg := &dtls.Config{
- Certificates: []tls.Certificate{serverCert},
- FlightInterval: flightInterval,
- MTU: test.MTU,
- }
-
- if test.DoClientAuth {
- cfg.ClientAuth = dtls.RequireAnyClientCert
- }
-
- server, startupErr := dtls.Server(br.GetConn1(), cfg)
- serverDone <- runResult{server, startupErr}
- }()
-
- testTimer := time.NewTimer(lossyTestTimeout)
- var serverConn, clientConn *dtls.Conn
- defer func() {
- if serverConn != nil {
- if err = serverConn.Close(); err != nil {
- t.Error(err)
- }
- }
- if clientConn != nil {
- if err = clientConn.Close(); err != nil {
- t.Error(err)
- }
- }
- }()
-
- for {
- if serverConn != nil && clientConn != nil {
- break
- }
-
- br.Tick()
- select {
- case serverResult := <-serverDone:
- if serverResult.err != nil {
- t.Errorf("Fail, serverError: clientComplete(%t) serverComplete(%t) LossChance(%d) error(%v)", clientConn != nil, serverConn != nil, chosenLoss, serverResult.err)
- return
- }
-
- serverConn = serverResult.dtlsConn
- case clientResult := <-clientDone:
- if clientResult.err != nil {
- t.Errorf("Fail, clientError: clientComplete(%t) serverComplete(%t) LossChance(%d) error(%v)", clientConn != nil, serverConn != nil, chosenLoss, clientResult.err)
- return
- }
-
- clientConn = clientResult.dtlsConn
- case <-testTimer.C:
- t.Errorf("Test expired: clientComplete(%t) serverComplete(%t) LossChance(%d)", clientConn != nil, serverConn != nil, chosenLoss)
- return
- case <-time.After(10 * time.Millisecond):
- }
- }
- })
- }
-}
diff --git a/dtls-2.0.9/e2e/e2e_openssl_test.go b/dtls-2.0.9/e2e/e2e_openssl_test.go
deleted file mode 100644
index fd2e60f..0000000
--- a/dtls-2.0.9/e2e/e2e_openssl_test.go
+++ /dev/null
@@ -1,250 +0,0 @@
-// +build openssl,!js
-
-package e2e
-
-import (
- "crypto/x509"
- "encoding/pem"
- "errors"
- "fmt"
- "io/ioutil"
- "net"
- "os"
- "os/exec"
- "strings"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2"
-)
-
-func serverOpenSSL(c *comm) {
- go func() {
- c.serverMutex.Lock()
- defer c.serverMutex.Unlock()
-
- cfg := c.serverConfig
-
- // create openssl arguments
- args := []string{
- "s_server",
- "-dtls1_2",
- "-quiet",
- "-verify_quiet",
- "-verify_return_error",
- fmt.Sprintf("-accept=%d", c.serverPort),
- }
- ciphers := ciphersOpenSSL(cfg)
- if ciphers != "" {
- args = append(args, fmt.Sprintf("-cipher=%s", ciphers))
- }
-
- // psk arguments
- if cfg.PSK != nil {
- psk, err := cfg.PSK(nil)
- if err != nil {
- c.errChan <- err
- return
- }
- args = append(args, fmt.Sprintf("-psk=%X", psk))
- if len(cfg.PSKIdentityHint) > 0 {
- args = append(args, fmt.Sprintf("-psk_hint=%s", cfg.PSKIdentityHint))
- }
- }
-
- // certs arguments
- if len(cfg.Certificates) > 0 {
- // create temporary cert files
- certPEM, keyPEM, err := writeTempPEM(cfg)
- if err != nil {
- c.errChan <- err
- return
- }
- args = append(args,
- fmt.Sprintf("-cert=%s", certPEM),
- fmt.Sprintf("-key=%s", keyPEM))
- defer func() {
- _ = os.Remove(certPEM)
- _ = os.Remove(keyPEM)
- }()
- } else {
- args = append(args, "-nocert")
- }
-
- // launch command
- // #nosec G204
- cmd := exec.CommandContext(c.ctx, "openssl", args...)
- var inner net.Conn
- inner, c.serverConn = net.Pipe()
- cmd.Stdin = inner
- cmd.Stdout = inner
- cmd.Stderr = os.Stderr
- if err := cmd.Start(); err != nil {
- c.errChan <- err
- _ = inner.Close()
- return
- }
-
- // Ensure that server has started
- time.Sleep(500 * time.Millisecond)
-
- c.serverReady <- struct{}{}
- simpleReadWrite(c.errChan, c.serverChan, c.serverConn, c.messageRecvCount)
- }()
-}
-
-func clientOpenSSL(c *comm) {
- select {
- case <-c.serverReady:
- // OK
- case <-time.After(time.Second):
- c.errChan <- errors.New("waiting on serverReady err: timeout")
- }
-
- c.clientMutex.Lock()
- defer c.clientMutex.Unlock()
-
- cfg := c.clientConfig
-
- // create openssl arguments
- args := []string{
- "s_client",
- "-dtls1_2",
- "-quiet",
- "-verify_quiet",
- "-verify_return_error",
- "-servername=localhost",
- fmt.Sprintf("-connect=127.0.0.1:%d", c.serverPort),
- }
- ciphers := ciphersOpenSSL(cfg)
- if ciphers != "" {
- args = append(args, fmt.Sprintf("-cipher=%s", ciphers))
- }
-
- // psk arguments
- if cfg.PSK != nil {
- psk, err := cfg.PSK(nil)
- if err != nil {
- c.errChan <- err
- return
- }
- args = append(args, fmt.Sprintf("-psk=%X", psk))
- }
-
- // certificate arguments
- if len(cfg.Certificates) > 0 {
- // create temporary cert files
- certPEM, keyPEM, err := writeTempPEM(cfg)
- if err != nil {
- c.errChan <- err
- return
- }
- args = append(args, fmt.Sprintf("-CAfile=%s", certPEM))
- defer func() {
- _ = os.Remove(certPEM)
- _ = os.Remove(keyPEM)
- }()
- }
-
- // launch command
- // #nosec G204
- cmd := exec.CommandContext(c.ctx, "openssl", args...)
- var inner net.Conn
- inner, c.clientConn = net.Pipe()
- cmd.Stdin = inner
- cmd.Stdout = inner
- cmd.Stderr = os.Stderr
- if err := cmd.Start(); err != nil {
- c.errChan <- err
- _ = inner.Close()
- return
- }
-
- simpleReadWrite(c.errChan, c.clientChan, c.clientConn, c.messageRecvCount)
-}
-
-func ciphersOpenSSL(cfg *dtls.Config) string {
- // See https://tls.mbed.org/supported-ssl-ciphersuites
- translate := map[dtls.CipherSuiteID]string{
- dtls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM: "ECDHE-ECDSA-AES128-CCM",
- dtls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: "ECDHE-ECDSA-AES128-CCM8",
- dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "ECDHE-ECDSA-AES128-GCM-SHA256",
- dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: "ECDHE-RSA-AES128-GCM-SHA256",
-
- dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: "ECDHE-ECDSA-AES256-SHA",
- dtls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: "ECDHE-RSA-AES128-SHA",
-
- dtls.TLS_PSK_WITH_AES_128_CCM: "PSK-AES128-CCM",
- dtls.TLS_PSK_WITH_AES_128_CCM_8: "PSK-AES128-CCM8",
- dtls.TLS_PSK_WITH_AES_128_GCM_SHA256: "PSK-AES128-GCM-SHA256",
- }
-
- var ciphers []string
- for _, c := range cfg.CipherSuites {
- if text, ok := translate[c]; ok {
- ciphers = append(ciphers, text)
- }
- }
- return strings.Join(ciphers, ";")
-}
-
-func writeTempPEM(cfg *dtls.Config) (string, string, error) {
- certOut, err := ioutil.TempFile("", "cert.pem")
- if err != nil {
- return "", "", fmt.Errorf("failed to create temporary file: %w", err)
- }
- keyOut, err := ioutil.TempFile("", "key.pem")
- if err != nil {
- return "", "", fmt.Errorf("failed to create temporary file: %w", err)
- }
-
- cert := cfg.Certificates[0]
- derBytes := cert.Certificate[0]
- if err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil {
- return "", "", fmt.Errorf("failed to write data to cert.pem: %w", err)
- }
- if err = certOut.Close(); err != nil {
- return "", "", fmt.Errorf("error closing cert.pem: %w", err)
- }
-
- priv := cert.PrivateKey
- var privBytes []byte
- privBytes, err = x509.MarshalPKCS8PrivateKey(priv)
- if err != nil {
- return "", "", fmt.Errorf("unable to marshal private key: %w", err)
- }
- if err = pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
- return "", "", fmt.Errorf("failed to write data to key.pem: %w", err)
- }
- if err = keyOut.Close(); err != nil {
- return "", "", fmt.Errorf("error closing key.pem: %w", err)
- }
- return certOut.Name(), keyOut.Name(), nil
-}
-
-func TestPionOpenSSLE2ESimple(t *testing.T) {
- t.Run("OpenSSLServer", func(t *testing.T) {
- testPionE2ESimple(t, serverOpenSSL, clientPion)
- })
- t.Run("OpenSSLClient", func(t *testing.T) {
- testPionE2ESimple(t, serverPion, clientOpenSSL)
- })
-}
-
-func TestPionOpenSSLE2ESimplePSK(t *testing.T) {
- t.Run("OpenSSLServer", func(t *testing.T) {
- testPionE2ESimplePSK(t, serverOpenSSL, clientPion)
- })
- t.Run("OpenSSLClient", func(t *testing.T) {
- testPionE2ESimplePSK(t, serverPion, clientOpenSSL)
- })
-}
-
-func TestPionOpenSSLE2EMTUs(t *testing.T) {
- t.Run("OpenSSLServer", func(t *testing.T) {
- testPionE2EMTUs(t, serverOpenSSL, clientPion)
- })
- t.Run("OpenSSLClient", func(t *testing.T) {
- testPionE2EMTUs(t, serverPion, clientOpenSSL)
- })
-}
diff --git a/dtls-2.0.9/e2e/e2e_openssl_v113_test.go b/dtls-2.0.9/e2e/e2e_openssl_v113_test.go
deleted file mode 100644
index 1d947b6..0000000
--- a/dtls-2.0.9/e2e/e2e_openssl_v113_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// +build openssl,go1.13,!js
-
-package e2e
-
-import (
- "testing"
-)
-
-func TestPionOpenSSLE2ESimpleED25519(t *testing.T) {
- t.Skip("TODO: waiting OpenSSL's DTLS Ed25519 support")
- t.Run("OpenSSLServer", func(t *testing.T) {
- testPionE2ESimpleED25519(t, serverOpenSSL, clientPion)
- })
- t.Run("OpenSSLClient", func(t *testing.T) {
- testPionE2ESimpleED25519(t, serverPion, clientOpenSSL)
- })
-}
diff --git a/dtls-2.0.9/e2e/e2e_test.go b/dtls-2.0.9/e2e/e2e_test.go
deleted file mode 100644
index 1a77b3b..0000000
--- a/dtls-2.0.9/e2e/e2e_test.go
+++ /dev/null
@@ -1,329 +0,0 @@
-// +build !js
-
-package e2e
-
-import (
- "context"
- "crypto/tls"
- "errors"
- "fmt"
- "io"
- "net"
- "sync"
- "sync/atomic"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2"
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
- "github.com/pion/transport/test"
-)
-
-const (
- testMessage = "Hello World"
- testTimeLimit = 5 * time.Second
- messageRetry = 200 * time.Millisecond
-)
-
-var errServerTimeout = errors.New("waiting on serverReady err: timeout")
-
-func randomPort(t testing.TB) int {
- t.Helper()
- conn, err := net.ListenPacket("udp4", "127.0.0.1:0")
- if err != nil {
- t.Fatalf("failed to pickPort: %v", err)
- }
- defer func() {
- _ = conn.Close()
- }()
- switch addr := conn.LocalAddr().(type) {
- case *net.UDPAddr:
- return addr.Port
- default:
- t.Fatalf("unknown addr type %T", addr)
- return 0
- }
-}
-
-func simpleReadWrite(errChan chan error, outChan chan string, conn io.ReadWriter, messageRecvCount *uint64) {
- go func() {
- buffer := make([]byte, 8192)
- n, err := conn.Read(buffer)
- if err != nil {
- errChan <- err
- return
- }
-
- outChan <- string(buffer[:n])
- atomic.AddUint64(messageRecvCount, 1)
- }()
-
- for {
- if atomic.LoadUint64(messageRecvCount) == 2 {
- break
- } else if _, err := conn.Write([]byte(testMessage)); err != nil {
- errChan <- err
- break
- }
-
- time.Sleep(messageRetry)
- }
-}
-
-type comm struct {
- ctx context.Context
- clientConfig, serverConfig *dtls.Config
- serverPort int
- messageRecvCount *uint64 // Counter to make sure both sides got a message
- clientMutex *sync.Mutex
- clientConn net.Conn
- serverMutex *sync.Mutex
- serverConn net.Conn
- serverListener net.Listener
- serverReady chan struct{}
- errChan chan error
- clientChan chan string
- serverChan chan string
- client func(*comm)
- server func(*comm)
-}
-
-func newComm(ctx context.Context, clientConfig, serverConfig *dtls.Config, serverPort int, server, client func(*comm)) *comm {
- messageRecvCount := uint64(0)
- c := &comm{
- ctx: ctx,
- clientConfig: clientConfig,
- serverConfig: serverConfig,
- serverPort: serverPort,
- messageRecvCount: &messageRecvCount,
- clientMutex: &sync.Mutex{},
- serverMutex: &sync.Mutex{},
- serverReady: make(chan struct{}),
- errChan: make(chan error),
- clientChan: make(chan string),
- serverChan: make(chan string),
- server: server,
- client: client,
- }
- return c
-}
-
-func (c *comm) assert(t *testing.T) {
- // DTLS Client
- go c.client(c)
-
- // DTLS Server
- go c.server(c)
-
- defer func() {
- if c.clientConn != nil {
- if err := c.clientConn.Close(); err != nil {
- t.Fatal(err)
- }
- }
- if c.serverConn != nil {
- if err := c.serverConn.Close(); err != nil {
- t.Fatal(err)
- }
- }
- if c.serverListener != nil {
- if err := c.serverListener.Close(); err != nil {
- t.Fatal(err)
- }
- }
- }()
-
- func() {
- seenClient, seenServer := false, false
- for {
- select {
- case err := <-c.errChan:
- t.Fatal(err)
- case <-time.After(testTimeLimit):
- t.Fatalf("Test timeout, seenClient %t seenServer %t", seenClient, seenServer)
- case clientMsg := <-c.clientChan:
- if clientMsg != testMessage {
- t.Fatalf("clientMsg does not equal test message: %s %s", clientMsg, testMessage)
- }
-
- seenClient = true
- if seenClient && seenServer {
- return
- }
- case serverMsg := <-c.serverChan:
- if serverMsg != testMessage {
- t.Fatalf("serverMsg does not equal test message: %s %s", serverMsg, testMessage)
- }
-
- seenServer = true
- if seenClient && seenServer {
- return
- }
- }
- }
- }()
-}
-
-func clientPion(c *comm) {
- select {
- case <-c.serverReady:
- // OK
- case <-time.After(time.Second):
- c.errChan <- errServerTimeout
- }
-
- c.clientMutex.Lock()
- defer c.clientMutex.Unlock()
-
- var err error
- c.clientConn, err = dtls.DialWithContext(c.ctx, "udp",
- &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: c.serverPort},
- c.clientConfig,
- )
- if err != nil {
- c.errChan <- err
- return
- }
-
- simpleReadWrite(c.errChan, c.clientChan, c.clientConn, c.messageRecvCount)
-}
-
-func serverPion(c *comm) {
- c.serverMutex.Lock()
- defer c.serverMutex.Unlock()
-
- var err error
- c.serverListener, err = dtls.Listen("udp",
- &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: c.serverPort},
- c.serverConfig,
- )
- if err != nil {
- c.errChan <- err
- return
- }
- c.serverReady <- struct{}{}
- c.serverConn, err = c.serverListener.Accept()
- if err != nil {
- c.errChan <- err
- return
- }
-
- simpleReadWrite(c.errChan, c.serverChan, c.serverConn, c.messageRecvCount)
-}
-
-/*
- Simple DTLS Client/Server can communicate
- - Assert that you can send messages both ways
- - Assert that Close() on both ends work
- - Assert that no Goroutines are leaked
-*/
-func testPionE2ESimple(t *testing.T, server, client func(*comm)) {
- lim := test.TimeOut(time.Second * 30)
- defer lim.Stop()
-
- report := test.CheckRoutines(t)
- defer report()
-
- for _, cipherSuite := range []dtls.CipherSuiteID{
- dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- } {
- cipherSuite := cipherSuite
- t.Run(cipherSuite.String(), func(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
- defer cancel()
-
- cert, err := selfsign.GenerateSelfSignedWithDNS("localhost")
- if err != nil {
- t.Fatal(err)
- }
-
- cfg := &dtls.Config{
- Certificates: []tls.Certificate{cert},
- CipherSuites: []dtls.CipherSuiteID{cipherSuite},
- InsecureSkipVerify: true,
- }
- serverPort := randomPort(t)
- comm := newComm(ctx, cfg, cfg, serverPort, server, client)
- comm.assert(t)
- })
- }
-}
-
-func testPionE2ESimplePSK(t *testing.T, server, client func(*comm)) {
- lim := test.TimeOut(time.Second * 30)
- defer lim.Stop()
-
- report := test.CheckRoutines(t)
- defer report()
-
- for _, cipherSuite := range []dtls.CipherSuiteID{
- dtls.TLS_PSK_WITH_AES_128_CCM,
- dtls.TLS_PSK_WITH_AES_128_CCM_8,
- dtls.TLS_PSK_WITH_AES_128_GCM_SHA256,
- } {
- cipherSuite := cipherSuite
- t.Run(cipherSuite.String(), func(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
- defer cancel()
-
- cfg := &dtls.Config{
- PSK: func(hint []byte) ([]byte, error) {
- return []byte{0xAB, 0xC1, 0x23}, nil
- },
- PSKIdentityHint: []byte{0x01, 0x02, 0x03, 0x04, 0x05},
- CipherSuites: []dtls.CipherSuiteID{cipherSuite},
- }
- serverPort := randomPort(t)
- comm := newComm(ctx, cfg, cfg, serverPort, server, client)
- comm.assert(t)
- })
- }
-}
-
-func testPionE2EMTUs(t *testing.T, server, client func(*comm)) {
- lim := test.TimeOut(time.Second * 30)
- defer lim.Stop()
-
- report := test.CheckRoutines(t)
- defer report()
-
- for _, mtu := range []int{
- 10000,
- 1000,
- 100,
- } {
- mtu := mtu
- t.Run(fmt.Sprintf("MTU%d", mtu), func(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- cert, err := selfsign.GenerateSelfSignedWithDNS("localhost")
- if err != nil {
- t.Fatal(err)
- }
-
- cfg := &dtls.Config{
- Certificates: []tls.Certificate{cert},
- CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- InsecureSkipVerify: true,
- MTU: mtu,
- }
- serverPort := randomPort(t)
- comm := newComm(ctx, cfg, cfg, serverPort, server, client)
- comm.assert(t)
- })
- }
-}
-
-func TestPionE2ESimple(t *testing.T) {
- testPionE2ESimple(t, serverPion, clientPion)
-}
-
-func TestPionE2ESimplePSK(t *testing.T) {
- testPionE2ESimplePSK(t, serverPion, clientPion)
-}
-
-func TestPionE2EMTUs(t *testing.T) {
- testPionE2EMTUs(t, serverPion, clientPion)
-}
diff --git a/dtls-2.0.9/e2e/e2e_v113_test.go b/dtls-2.0.9/e2e/e2e_v113_test.go
deleted file mode 100644
index 5d7243f..0000000
--- a/dtls-2.0.9/e2e/e2e_v113_test.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// +build go1.13,!js
-
-package e2e
-
-import (
- "context"
- "crypto/ed25519"
- "crypto/rand"
- "crypto/tls"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2"
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
- "github.com/pion/transport/test"
-)
-
-// ED25519 is not supported in Go 1.12 crypto/x509.
-// Once Go 1.12 is deprecated, move this test to e2e_test.go.
-
-func testPionE2ESimpleED25519(t *testing.T, server, client func(*comm)) {
- lim := test.TimeOut(time.Second * 30)
- defer lim.Stop()
-
- report := test.CheckRoutines(t)
- defer report()
-
- for _, cipherSuite := range []dtls.CipherSuiteID{
- dtls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
- dtls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
- dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- dtls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- } {
- cipherSuite := cipherSuite
- t.Run(cipherSuite.String(), func(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
- defer cancel()
-
- _, key, err := ed25519.GenerateKey(rand.Reader)
- if err != nil {
- t.Fatal(err)
- }
- cert, err := selfsign.SelfSign(key)
- if err != nil {
- t.Fatal(err)
- }
-
- cfg := &dtls.Config{
- Certificates: []tls.Certificate{cert},
- CipherSuites: []dtls.CipherSuiteID{cipherSuite},
- InsecureSkipVerify: true,
- }
- serverPort := randomPort(t)
- comm := newComm(ctx, cfg, cfg, serverPort, server, client)
- comm.assert(t)
- })
- }
-}
-
-func TestPionE2ESimpleED25519(t *testing.T) {
- testPionE2ESimpleED25519(t, serverPion, clientPion)
-}
diff --git a/dtls-2.0.9/errors.go b/dtls-2.0.9/errors.go
deleted file mode 100644
index 2e16388..0000000
--- a/dtls-2.0.9/errors.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package dtls
-
-import (
- "context"
- "errors"
- "fmt"
- "io"
- "net"
- "os"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "golang.org/x/xerrors"
-)
-
-// Typed errors
-var (
- ErrConnClosed = &FatalError{Err: errors.New("conn is closed")} //nolint:goerr113
-
- errDeadlineExceeded = &TimeoutError{Err: xerrors.Errorf("read/write timeout: %w", context.DeadlineExceeded)}
- errInvalidContentType = &TemporaryError{Err: errors.New("invalid content type")} //nolint:goerr113
-
- errBufferTooSmall = &TemporaryError{Err: errors.New("buffer is too small")} //nolint:goerr113
- errContextUnsupported = &TemporaryError{Err: errors.New("context is not supported for ExportKeyingMaterial")} //nolint:goerr113
- errHandshakeInProgress = &TemporaryError{Err: errors.New("handshake is in progress")} //nolint:goerr113
- errReservedExportKeyingMaterial = &TemporaryError{Err: errors.New("ExportKeyingMaterial can not be used with a reserved label")} //nolint:goerr113
- errApplicationDataEpochZero = &TemporaryError{Err: errors.New("ApplicationData with epoch of 0")} //nolint:goerr113
- errUnhandledContextType = &TemporaryError{Err: errors.New("unhandled contentType")} //nolint:goerr113
-
- errCertificateVerifyNoCertificate = &FatalError{Err: errors.New("client sent certificate verify but we have no certificate to verify")} //nolint:goerr113
- errCipherSuiteNoIntersection = &FatalError{Err: errors.New("client+server do not support any shared cipher suites")} //nolint:goerr113
- errClientCertificateNotVerified = &FatalError{Err: errors.New("client sent certificate but did not verify it")} //nolint:goerr113
- errClientCertificateRequired = &FatalError{Err: errors.New("server required client verification, but got none")} //nolint:goerr113
- errClientNoMatchingSRTPProfile = &FatalError{Err: errors.New("server responded with SRTP Profile we do not support")} //nolint:goerr113
- errClientRequiredButNoServerEMS = &FatalError{Err: errors.New("client required Extended Master Secret extension, but server does not support it")} //nolint:goerr113
- errCookieMismatch = &FatalError{Err: errors.New("client+server cookie does not match")} //nolint:goerr113
- errIdentityNoPSK = &FatalError{Err: errors.New("PSK Identity Hint provided but PSK is nil")} //nolint:goerr113
- errInvalidCertificate = &FatalError{Err: errors.New("no certificate provided")} //nolint:goerr113
- errInvalidCipherSuite = &FatalError{Err: errors.New("invalid or unknown cipher suite")} //nolint:goerr113
- errInvalidECDSASignature = &FatalError{Err: errors.New("ECDSA signature contained zero or negative values")} //nolint:goerr113
- errInvalidPrivateKey = &FatalError{Err: errors.New("invalid private key type")} //nolint:goerr113
- errInvalidSignatureAlgorithm = &FatalError{Err: errors.New("invalid signature algorithm")} //nolint:goerr113
- errKeySignatureMismatch = &FatalError{Err: errors.New("expected and actual key signature do not match")} //nolint:goerr113
- errNilNextConn = &FatalError{Err: errors.New("Conn can not be created with a nil nextConn")} //nolint:goerr113
- errNoAvailableCipherSuites = &FatalError{Err: errors.New("connection can not be created, no CipherSuites satisfy this Config")} //nolint:goerr113
- errNoAvailablePSKCipherSuite = &FatalError{Err: errors.New("connection can not be created, pre-shared key present but no compatible CipherSuite")} //nolint:goerr113
- errNoAvailableCertificateCipherSuite = &FatalError{Err: errors.New("connection can not be created, certificate present but no compatible CipherSuite")} //nolint:goerr113
- errNoAvailableSignatureSchemes = &FatalError{Err: errors.New("connection can not be created, no SignatureScheme satisfy this Config")} //nolint:goerr113
- errNoCertificates = &FatalError{Err: errors.New("no certificates configured")} //nolint:goerr113
- errNoConfigProvided = &FatalError{Err: errors.New("no config provided")} //nolint:goerr113
- errNoSupportedEllipticCurves = &FatalError{Err: errors.New("client requested zero or more elliptic curves that are not supported by the server")} //nolint:goerr113
- errUnsupportedProtocolVersion = &FatalError{Err: errors.New("unsupported protocol version")} //nolint:goerr113
- errPSKAndIdentityMustBeSetForClient = &FatalError{Err: errors.New("PSK and PSK Identity Hint must both be set for client")} //nolint:goerr113
- errRequestedButNoSRTPExtension = &FatalError{Err: errors.New("SRTP support was requested but server did not respond with use_srtp extension")} //nolint:goerr113
- errServerNoMatchingSRTPProfile = &FatalError{Err: errors.New("client requested SRTP but we have no matching profiles")} //nolint:goerr113
- errServerRequiredButNoClientEMS = &FatalError{Err: errors.New("server requires the Extended Master Secret extension, but the client does not support it")} //nolint:goerr113
- errVerifyDataMismatch = &FatalError{Err: errors.New("expected and actual verify data does not match")} //nolint:goerr113
-
- errInvalidFlight = &InternalError{Err: errors.New("invalid flight number")} //nolint:goerr113
- errKeySignatureGenerateUnimplemented = &InternalError{Err: errors.New("unable to generate key signature, unimplemented")} //nolint:goerr113
- errKeySignatureVerifyUnimplemented = &InternalError{Err: errors.New("unable to verify key signature, unimplemented")} //nolint:goerr113
- errLengthMismatch = &InternalError{Err: errors.New("data length and declared length do not match")} //nolint:goerr113
- errSequenceNumberOverflow = &InternalError{Err: errors.New("sequence number overflow")} //nolint:goerr113
- errInvalidFSMTransition = &InternalError{Err: errors.New("invalid state machine transition")} //nolint:goerr113
-)
-
-// FatalError indicates that the DTLS connection is no longer available.
-// It is mainly caused by wrong configuration of server or client.
-type FatalError = protocol.FatalError
-
-// InternalError indicates and internal error caused by the implementation, and the DTLS connection is no longer available.
-// It is mainly caused by bugs or tried to use unimplemented features.
-type InternalError = protocol.InternalError
-
-// TemporaryError indicates that the DTLS connection is still available, but the request was failed temporary.
-type TemporaryError = protocol.TemporaryError
-
-// TimeoutError indicates that the request was timed out.
-type TimeoutError = protocol.TimeoutError
-
-// HandshakeError indicates that the handshake failed.
-type HandshakeError = protocol.HandshakeError
-
-// invalidCipherSuite indicates an attempt at using an unsupported cipher suite.
-type invalidCipherSuite struct {
- id CipherSuiteID
-}
-
-func (e *invalidCipherSuite) Error() string {
- return fmt.Sprintf("CipherSuite with id(%d) is not valid", e.id)
-}
-
-func (e *invalidCipherSuite) Is(err error) bool {
- if other, ok := err.(*invalidCipherSuite); ok {
- return e.id == other.id
- }
- return false
-}
-
-// errAlert wraps DTLS alert notification as an error
-type errAlert struct {
- *alert.Alert
-}
-
-func (e *errAlert) Error() string {
- return fmt.Sprintf("alert: %s", e.Alert.String())
-}
-
-func (e *errAlert) IsFatalOrCloseNotify() bool {
- return e.Level == alert.Fatal || e.Description == alert.CloseNotify
-}
-
-func (e *errAlert) Is(err error) bool {
- if other, ok := err.(*errAlert); ok {
- return e.Level == other.Level && e.Description == other.Description
- }
- return false
-}
-
-// netError translates an error from underlying Conn to corresponding net.Error.
-func netError(err error) error {
- switch err {
- case io.EOF, context.Canceled, context.DeadlineExceeded:
- // Return io.EOF and context errors as is.
- return err
- }
- switch e := err.(type) {
- case (*net.OpError):
- if se, ok := e.Err.(*os.SyscallError); ok {
- if se.Timeout() {
- return &TimeoutError{Err: err}
- }
- if isOpErrorTemporary(se) {
- return &TemporaryError{Err: err}
- }
- }
- case (net.Error):
- return err
- }
- return &FatalError{Err: err}
-}
diff --git a/dtls-2.0.9/errors_errno.go b/dtls-2.0.9/errors_errno.go
deleted file mode 100644
index a9a439b..0000000
--- a/dtls-2.0.9/errors_errno.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// +build aix darwin dragonfly freebsd linux nacl nacljs netbsd openbsd solaris windows
-
-// For systems having syscall.Errno.
-// Update build targets by following command:
-// $ grep -R ECONN $(go env GOROOT)/src/syscall/zerrors_*.go \
-// | tr "." "_" | cut -d"_" -f"2" | sort | uniq
-
-package dtls
-
-import (
- "os"
- "syscall"
-)
-
-func isOpErrorTemporary(err *os.SyscallError) bool {
- if ne, ok := err.Err.(syscall.Errno); ok {
- switch ne {
- case syscall.ECONNREFUSED:
- return true
- default:
- return false
- }
- }
- return false
-}
diff --git a/dtls-2.0.9/errors_errno_test.go b/dtls-2.0.9/errors_errno_test.go
deleted file mode 100644
index 7c567ee..0000000
--- a/dtls-2.0.9/errors_errno_test.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// +build aix darwin dragonfly freebsd linux nacl nacljs netbsd openbsd solaris windows
-
-// For systems having syscall.Errno.
-// The build target must be same as errors_errno.go.
-
-package dtls
-
-import (
- "net"
- "testing"
-)
-
-func TestErrorsTemporary(t *testing.T) {
- addrListen, errListen := net.ResolveUDPAddr("udp", "localhost:0")
- if errListen != nil {
- t.Fatalf("Unexpected error: %v", errListen)
- }
- // Server is not listening.
- conn, errDial := net.DialUDP("udp", nil, addrListen)
- if errDial != nil {
- t.Fatalf("Unexpected error: %v", errDial)
- }
-
- _, _ = conn.Write([]byte{0x00}) // trigger
- _, err := conn.Read(make([]byte, 10))
- _ = conn.Close()
-
- if err == nil {
- t.Skip("ECONNREFUSED is not set by system")
- }
- ne, ok := netError(err).(net.Error)
- if !ok {
- t.Fatalf("netError must return net.Error")
- }
- if ne.Timeout() {
- t.Errorf("%v must not be timeout error", err)
- }
- if !ne.Temporary() {
- t.Errorf("%v must be temporary error", err)
- }
-}
diff --git a/dtls-2.0.9/errors_noerrno.go b/dtls-2.0.9/errors_noerrno.go
deleted file mode 100644
index fcc37ce..0000000
--- a/dtls-2.0.9/errors_noerrno.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!nacl,!nacljs,!netbsd,!openbsd,!solaris,!windows
-
-// For systems without syscall.Errno.
-// Build targets must be inverse of errors_errno.go
-
-package dtls
-
-import (
- "os"
-)
-
-func isOpErrorTemporary(err *os.SyscallError) bool {
- return false
-}
diff --git a/dtls-2.0.9/errors_test.go b/dtls-2.0.9/errors_test.go
deleted file mode 100644
index 0234315..0000000
--- a/dtls-2.0.9/errors_test.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package dtls
-
-import (
- "errors"
- "fmt"
- "net"
- "testing"
-
- "golang.org/x/xerrors"
-)
-
-var errExample = errors.New("an example error")
-
-func TestErrorUnwrap(t *testing.T) {
- cases := []struct {
- err error
- errUnwrapped []error
- }{
- {
- &FatalError{Err: errExample},
- []error{errExample},
- },
- {
- &TemporaryError{Err: errExample},
- []error{errExample},
- },
- {
- &InternalError{Err: errExample},
- []error{errExample},
- },
- {
- &TimeoutError{Err: errExample},
- []error{errExample},
- },
- {
- &HandshakeError{Err: errExample},
- []error{errExample},
- },
- }
- for _, c := range cases {
- c := c
- t.Run(fmt.Sprintf("%T", c.err), func(t *testing.T) {
- err := c.err
- for _, unwrapped := range c.errUnwrapped {
- e := xerrors.Unwrap(err)
- if !errors.Is(e, unwrapped) {
- t.Errorf("Unwrapped error is expected to be '%v', got '%v'", unwrapped, e)
- }
- }
- })
- }
-}
-
-func TestErrorNetError(t *testing.T) {
- cases := []struct {
- err error
- str string
- timeout, temporary bool
- }{
- {&FatalError{Err: errExample}, "dtls fatal: an example error", false, false},
- {&TemporaryError{Err: errExample}, "dtls temporary: an example error", false, true},
- {&InternalError{Err: errExample}, "dtls internal: an example error", false, false},
- {&TimeoutError{Err: errExample}, "dtls timeout: an example error", true, true},
- {&HandshakeError{Err: errExample}, "handshake error: an example error", false, false},
- {&HandshakeError{Err: &TimeoutError{Err: errExample}}, "handshake error: dtls timeout: an example error", true, true},
- }
- for _, c := range cases {
- c := c
- t.Run(fmt.Sprintf("%T", c.err), func(t *testing.T) {
- ne, ok := c.err.(net.Error)
- if !ok {
- t.Fatalf("%T doesn't implement net.Error", c.err)
- }
- if ne.Timeout() != c.timeout {
- t.Errorf("%T.Timeout() should be %v", c.err, c.timeout)
- }
- if ne.Temporary() != c.temporary {
- t.Errorf("%T.Temporary() should be %v", c.err, c.temporary)
- }
- if ne.Error() != c.str {
- t.Errorf("%T.Error() should be %v", c.err, c.str)
- }
- })
- }
-}
diff --git a/dtls-2.0.9/examples/certificates/README.md b/dtls-2.0.9/examples/certificates/README.md
deleted file mode 100644
index aef3d09..0000000
--- a/dtls-2.0.9/examples/certificates/README.md
+++ /dev/null
@@ -1,26 +0,0 @@
-# Certificates
-
-The certificates in for the examples are generated using the commands shown below.
-
-Note that this was run on OpenSSL 1.1.1d, of which the arguments can be found in the [OpenSSL Manpages](https://www.openssl.org/docs/man1.1.1/man1), and is not guaranteed to work on different OpenSSL versions.
-
-```shell
-# Extensions required for certificate validation.
-$ EXTFILE='extfile.conf'
-$ echo 'subjectAltName = IP:127.0.0.1\nbasicConstraints = critical,CA:true' > "${EXTFILE}"
-
-# Server.
-$ SERVER_NAME='server'
-$ openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_NAME}.pem"
-$ openssl req -key "${SERVER_NAME}.pem" -new -sha256 -subj '/C=NL' -out "${SERVER_NAME}.csr"
-$ openssl x509 -req -in "${SERVER_NAME}.csr" -extfile "${EXTFILE}" -days 365 -signkey "${SERVER_NAME}.pem" -sha256 -out "${SERVER_NAME}.pub.pem"
-
-# Client.
-$ CLIENT_NAME='client'
-$ openssl ecparam -name prime256v1 -genkey -noout -out "${CLIENT_NAME}.pem"
-$ openssl req -key "${CLIENT_NAME}.pem" -new -sha256 -subj '/C=NL' -out "${CLIENT_NAME}.csr"
-$ openssl x509 -req -in "${CLIENT_NAME}.csr" -extfile "${EXTFILE}" -days 365 -CA "${SERVER_NAME}.pub.pem" -CAkey "${SERVER_NAME}.pem" -set_serial '0xabcd' -sha256 -out "${CLIENT_NAME}.pub.pem"
-
-# Cleanup.
-$ rm "${EXTFILE}" "${SERVER_NAME}.csr" "${CLIENT_NAME}.csr"
-```
diff --git a/dtls-2.0.9/examples/certificates/client.pem b/dtls-2.0.9/examples/certificates/client.pem
deleted file mode 100644
index f092d50..0000000
--- a/dtls-2.0.9/examples/certificates/client.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIGOO78dEAcepxdUIeDzC28jMcFrJr2q7x+UdhgtJ/RS3oAoGCCqGSM49
-AwEHoUQDQgAEGLSNxlkJ9mETKI2Hogq3Cyh06pJKA1YMgcKqYKS6yQQlvvk5rU88
-+RojFPgXJukymhfIJmw4eGxxEMSjuEZY7w==
------END EC PRIVATE KEY-----
diff --git a/dtls-2.0.9/examples/certificates/client.pub.pem b/dtls-2.0.9/examples/certificates/client.pub.pem
deleted file mode 100644
index 1259953..0000000
--- a/dtls-2.0.9/examples/certificates/client.pub.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBLTCB1aADAgECAgMAq80wCgYIKoZIzj0EAwIwDTELMAkGA1UEBhMCTkwwHhcN
-MjAwMzIwMDk0NjQ0WhcNMjEwMzIwMDk0NjQ0WjANMQswCQYDVQQGEwJOTDBZMBMG
-ByqGSM49AgEGCCqGSM49AwEHA0IABBi0jcZZCfZhEyiNh6IKtwsodOqSSgNWDIHC
-qmCkuskEJb75Oa1PPPkaIxT4FybpMpoXyCZsOHhscRDEo7hGWO+jJDAiMA8GA1Ud
-EQQIMAaHBH8AAAEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBx
-sIkcADN9E60veZOFOeANaRWAiQaLWZfUxqkOmfHztQIgI2CfHMjDQwJZFh35HvFs
-NOPJj8wxFhqR5pqMF23cgOY=
------END CERTIFICATE-----
diff --git a/dtls-2.0.9/examples/certificates/server.pem b/dtls-2.0.9/examples/certificates/server.pem
deleted file mode 100644
index 5a559d8..0000000
--- a/dtls-2.0.9/examples/certificates/server.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIDT8Xyx5RpPP+98ulYZKsvKIVdBUJug/L9H2M8JThv+GoAoGCCqGSM49
-AwEHoUQDQgAE6Wf0qQqIb5G7g51P83Dh1Yst52kyntGYz1Bt6S7crpmQFs9ZRZMy
-bJ6MGIwGcVBMgoL3pfxDKdZ3mnzmoibU0w==
------END EC PRIVATE KEY-----
diff --git a/dtls-2.0.9/examples/certificates/server.pub.pem b/dtls-2.0.9/examples/certificates/server.pub.pem
deleted file mode 100644
index e1cf479..0000000
--- a/dtls-2.0.9/examples/certificates/server.pub.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBPzCB5qADAgECAhRtzyVTL+9D0KHfbcKYeKckpLVRmTAKBggqhkjOPQQDAjAN
-MQswCQYDVQQGEwJOTDAeFw0yMDAzMjAwOTQ2NDRaFw0yMTAzMjAwOTQ2NDRaMA0x
-CzAJBgNVBAYTAk5MMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6Wf0qQqIb5G7
-g51P83Dh1Yst52kyntGYz1Bt6S7crpmQFs9ZRZMybJ6MGIwGcVBMgoL3pfxDKdZ3
-mnzmoibU06MkMCIwDwYDVR0RBAgwBocEfwAAATAPBgNVHRMBAf8EBTADAQH/MAoG
-CCqGSM49BAMCA0gAMEUCIQD000SU+klkNLGvHZcMYNVkCFsImnGKIqPMy3LELSiF
-0gIgSGIFkNEIAyNxn44CXZJu3piyz1ouK2fLefDJMYfcXgM=
------END CERTIFICATE-----
diff --git a/dtls-2.0.9/examples/dial/psk/main.go b/dtls-2.0.9/examples/dial/psk/main.go
deleted file mode 100644
index dfac162..0000000
--- a/dtls-2.0.9/examples/dial/psk/main.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package main
-
-import (
- "context"
- "fmt"
- "net"
- "time"
-
- "github.com/pion/dtls/v2"
- "github.com/pion/dtls/v2/examples/util"
-)
-
-func main() {
- // Prepare the IP to connect to
- addr := &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 4444}
-
- //
- // Everything below is the pion-DTLS API! Thanks for using it ❤️.
- //
-
- // Prepare the configuration of the DTLS connection
- config := &dtls.Config{
- PSK: func(hint []byte) ([]byte, error) {
- fmt.Printf("Server's hint: %s \n", hint)
- return []byte{0xAB, 0xC1, 0x23}, nil
- },
- PSKIdentityHint: []byte("Pion DTLS Server"),
- CipherSuites: []dtls.CipherSuiteID{dtls.TLS_PSK_WITH_AES_128_CCM_8},
- ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
- }
-
- // Connect to a DTLS server
- ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
- defer cancel()
- dtlsConn, err := dtls.DialWithContext(ctx, "udp", addr, config)
- util.Check(err)
- defer func() {
- util.Check(dtlsConn.Close())
- }()
-
- fmt.Println("Connected; type 'exit' to shutdown gracefully")
-
- // Simulate a chat session
- util.Chat(dtlsConn)
-}
diff --git a/dtls-2.0.9/examples/dial/selfsign/main.go b/dtls-2.0.9/examples/dial/selfsign/main.go
deleted file mode 100644
index 7ff2926..0000000
--- a/dtls-2.0.9/examples/dial/selfsign/main.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package main
-
-import (
- "context"
- "crypto/tls"
- "fmt"
- "net"
- "time"
-
- "github.com/pion/dtls/v2"
- "github.com/pion/dtls/v2/examples/util"
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
-)
-
-func main() {
- // Prepare the IP to connect to
- addr := &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 4444}
-
- // Generate a certificate and private key to secure the connection
- certificate, genErr := selfsign.GenerateSelfSigned()
- util.Check(genErr)
-
- //
- // Everything below is the pion-DTLS API! Thanks for using it ❤️.
- //
-
- // Prepare the configuration of the DTLS connection
- config := &dtls.Config{
- Certificates: []tls.Certificate{certificate},
- InsecureSkipVerify: true,
- ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
- }
-
- // Connect to a DTLS server
- ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
- defer cancel()
- dtlsConn, err := dtls.DialWithContext(ctx, "udp", addr, config)
- util.Check(err)
- defer func() {
- util.Check(dtlsConn.Close())
- }()
-
- fmt.Println("Connected; type 'exit' to shutdown gracefully")
-
- // Simulate a chat session
- util.Chat(dtlsConn)
-}
diff --git a/dtls-2.0.9/examples/dial/verify/main.go b/dtls-2.0.9/examples/dial/verify/main.go
deleted file mode 100644
index 53340da..0000000
--- a/dtls-2.0.9/examples/dial/verify/main.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package main
-
-import (
- "context"
- "crypto/tls"
- "crypto/x509"
- "fmt"
- "net"
- "time"
-
- "github.com/pion/dtls/v2"
- "github.com/pion/dtls/v2/examples/util"
-)
-
-func main() {
- // Prepare the IP to connect to
- addr := &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 4444}
-
- //
- // Everything below is the pion-DTLS API! Thanks for using it ❤️.
- //
-
- certificate, err := util.LoadKeyAndCertificate("examples/certificates/client.pem",
- "examples/certificates/client.pub.pem")
- util.Check(err)
-
- rootCertificate, err := util.LoadCertificate("examples/certificates/server.pub.pem")
- util.Check(err)
- certPool := x509.NewCertPool()
- cert, err := x509.ParseCertificate(rootCertificate.Certificate[0])
- util.Check(err)
- certPool.AddCert(cert)
-
- // Prepare the configuration of the DTLS connection
- config := &dtls.Config{
- Certificates: []tls.Certificate{*certificate},
- ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
- RootCAs: certPool,
- }
-
- // Connect to a DTLS server
- ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
- defer cancel()
- dtlsConn, err := dtls.DialWithContext(ctx, "udp", addr, config)
- util.Check(err)
- defer func() {
- util.Check(dtlsConn.Close())
- }()
-
- fmt.Println("Connected; type 'exit' to shutdown gracefully")
-
- // Simulate a chat session
- util.Chat(dtlsConn)
-}
diff --git a/dtls-2.0.9/examples/listen/psk/main.go b/dtls-2.0.9/examples/listen/psk/main.go
deleted file mode 100644
index 72a6c23..0000000
--- a/dtls-2.0.9/examples/listen/psk/main.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package main
-
-import (
- "context"
- "fmt"
- "net"
- "time"
-
- "github.com/pion/dtls/v2"
- "github.com/pion/dtls/v2/examples/util"
-)
-
-func main() {
- // Prepare the IP to connect to
- addr := &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 4444}
-
- // Create parent context to cleanup handshaking connections on exit.
- ctx, cancel := context.WithCancel(context.Background())
- defer cancel()
-
- //
- // Everything below is the pion-DTLS API! Thanks for using it ❤️.
- //
-
- // Prepare the configuration of the DTLS connection
- config := &dtls.Config{
- PSK: func(hint []byte) ([]byte, error) {
- fmt.Printf("Client's hint: %s \n", hint)
- return []byte{0xAB, 0xC1, 0x23}, nil
- },
- PSKIdentityHint: []byte("Pion DTLS Client"),
- CipherSuites: []dtls.CipherSuiteID{dtls.TLS_PSK_WITH_AES_128_CCM_8},
- ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
- // Create timeout context for accepted connection.
- ConnectContextMaker: func() (context.Context, func()) {
- return context.WithTimeout(ctx, 30*time.Second)
- },
- }
-
- // Connect to a DTLS server
- listener, err := dtls.Listen("udp", addr, config)
- util.Check(err)
- defer func() {
- util.Check(listener.Close())
- }()
-
- fmt.Println("Listening")
-
- // Simulate a chat session
- hub := util.NewHub()
-
- go func() {
- for {
- // Wait for a connection.
- conn, err := listener.Accept()
- util.Check(err)
- // defer conn.Close() // TODO: graceful shutdown
-
- // `conn` is of type `net.Conn` but may be casted to `dtls.Conn`
- // using `dtlsConn := conn.(*dtls.Conn)` in order to to expose
- // functions like `ConnectionState` etc.
-
- // Register the connection with the chat hub
- if err == nil {
- hub.Register(conn)
- }
- }
- }()
-
- // Start chatting
- hub.Chat()
-}
diff --git a/dtls-2.0.9/examples/listen/selfsign/main.go b/dtls-2.0.9/examples/listen/selfsign/main.go
deleted file mode 100644
index 2df4ac4..0000000
--- a/dtls-2.0.9/examples/listen/selfsign/main.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package main
-
-import (
- "context"
- "crypto/tls"
- "fmt"
- "net"
- "time"
-
- "github.com/pion/dtls/v2"
- "github.com/pion/dtls/v2/examples/util"
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
-)
-
-func main() {
- // Prepare the IP to connect to
- addr := &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 4444}
-
- // Generate a certificate and private key to secure the connection
- certificate, genErr := selfsign.GenerateSelfSigned()
- util.Check(genErr)
-
- // Create parent context to cleanup handshaking connections on exit.
- ctx, cancel := context.WithCancel(context.Background())
- defer cancel()
-
- //
- // Everything below is the pion-DTLS API! Thanks for using it ❤️.
- //
-
- // Prepare the configuration of the DTLS connection
- config := &dtls.Config{
- Certificates: []tls.Certificate{certificate},
- ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
- // Create timeout context for accepted connection.
- ConnectContextMaker: func() (context.Context, func()) {
- return context.WithTimeout(ctx, 30*time.Second)
- },
- }
-
- // Connect to a DTLS server
- listener, err := dtls.Listen("udp", addr, config)
- util.Check(err)
- defer func() {
- util.Check(listener.Close())
- }()
-
- fmt.Println("Listening")
-
- // Simulate a chat session
- hub := util.NewHub()
-
- go func() {
- for {
- // Wait for a connection.
- conn, err := listener.Accept()
- util.Check(err)
- // defer conn.Close() // TODO: graceful shutdown
-
- // `conn` is of type `net.Conn` but may be casted to `dtls.Conn`
- // using `dtlsConn := conn.(*dtls.Conn)` in order to to expose
- // functions like `ConnectionState` etc.
-
- // Register the connection with the chat hub
- if err == nil {
- hub.Register(conn)
- }
- }
- }()
-
- // Start chatting
- hub.Chat()
-}
diff --git a/dtls-2.0.9/examples/listen/verify/main.go b/dtls-2.0.9/examples/listen/verify/main.go
deleted file mode 100644
index 96f5c0d..0000000
--- a/dtls-2.0.9/examples/listen/verify/main.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package main
-
-import (
- "context"
- "crypto/tls"
- "crypto/x509"
- "fmt"
- "net"
- "time"
-
- "github.com/pion/dtls/v2"
- "github.com/pion/dtls/v2/examples/util"
-)
-
-func main() {
- // Prepare the IP to connect to
- addr := &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 4444}
-
- // Create parent context to cleanup handshaking connections on exit.
- ctx, cancel := context.WithCancel(context.Background())
- defer cancel()
-
- //
- // Everything below is the pion-DTLS API! Thanks for using it ❤️.
- //
-
- certificate, err := util.LoadKeyAndCertificate("examples/certificates/server.pem",
- "examples/certificates/server.pub.pem")
- util.Check(err)
-
- rootCertificate, err := util.LoadCertificate("examples/certificates/server.pub.pem")
- util.Check(err)
- certPool := x509.NewCertPool()
- cert, err := x509.ParseCertificate(rootCertificate.Certificate[0])
- util.Check(err)
- certPool.AddCert(cert)
-
- // Prepare the configuration of the DTLS connection
- config := &dtls.Config{
- Certificates: []tls.Certificate{*certificate},
- ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
- ClientAuth: dtls.RequireAndVerifyClientCert,
- ClientCAs: certPool,
- // Create timeout context for accepted connection.
- ConnectContextMaker: func() (context.Context, func()) {
- return context.WithTimeout(ctx, 30*time.Second)
- },
- }
-
- // Connect to a DTLS server
- listener, err := dtls.Listen("udp", addr, config)
- util.Check(err)
- defer func() {
- util.Check(listener.Close())
- }()
-
- fmt.Println("Listening")
-
- // Simulate a chat session
- hub := util.NewHub()
-
- go func() {
- for {
- // Wait for a connection.
- conn, err := listener.Accept()
- util.Check(err)
- // defer conn.Close() // TODO: graceful shutdown
-
- // `conn` is of type `net.Conn` but may be casted to `dtls.Conn`
- // using `dtlsConn := conn.(*dtls.Conn)` in order to to expose
- // functions like `ConnectionState` etc.
-
- // Register the connection with the chat hub
- hub.Register(conn)
- }
- }()
-
- // Start chatting
- hub.Chat()
-}
diff --git a/dtls-2.0.9/examples/util/hub.go b/dtls-2.0.9/examples/util/hub.go
deleted file mode 100644
index ad8e597..0000000
--- a/dtls-2.0.9/examples/util/hub.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package util
-
-import (
- "bufio"
- "fmt"
- "net"
- "os"
- "strings"
- "sync"
-)
-
-// Hub is a helper to handle one to many chat
-type Hub struct {
- conns map[string]net.Conn
- lock sync.RWMutex
-}
-
-// NewHub builds a new hub
-func NewHub() *Hub {
- return &Hub{conns: make(map[string]net.Conn)}
-}
-
-// Register adds a new conn to the Hub
-func (h *Hub) Register(conn net.Conn) {
- fmt.Printf("Connected to %s\n", conn.RemoteAddr())
- h.lock.Lock()
- defer h.lock.Unlock()
-
- h.conns[conn.RemoteAddr().String()] = conn
-
- go h.readLoop(conn)
-}
-
-func (h *Hub) readLoop(conn net.Conn) {
- b := make([]byte, bufSize)
- for {
- n, err := conn.Read(b)
- if err != nil {
- h.unregister(conn)
- return
- }
- fmt.Printf("Got message: %s\n", string(b[:n]))
- }
-}
-
-func (h *Hub) unregister(conn net.Conn) {
- h.lock.Lock()
- defer h.lock.Unlock()
- delete(h.conns, conn.RemoteAddr().String())
- err := conn.Close()
- if err != nil {
- fmt.Println("Failed to disconnect", conn.RemoteAddr(), err)
- } else {
- fmt.Println("Disconnected ", conn.RemoteAddr())
- }
-}
-
-func (h *Hub) broadcast(msg []byte) {
- h.lock.RLock()
- defer h.lock.RUnlock()
- for _, conn := range h.conns {
- _, err := conn.Write(msg)
- if err != nil {
- fmt.Printf("Failed to write message to %s: %v\n", conn.RemoteAddr(), err)
- }
- }
-}
-
-// Chat starts the stdin readloop to dispatch messages to the hub
-func (h *Hub) Chat() {
- reader := bufio.NewReader(os.Stdin)
- for {
- msg, err := reader.ReadString('\n')
- Check(err)
- if strings.TrimSpace(msg) == "exit" {
- return
- }
- h.broadcast([]byte(msg))
- }
-}
diff --git a/dtls-2.0.9/examples/util/util.go b/dtls-2.0.9/examples/util/util.go
deleted file mode 100644
index 8f53539..0000000
--- a/dtls-2.0.9/examples/util/util.go
+++ /dev/null
@@ -1,154 +0,0 @@
-// Package util provides auxiliary utilities used in examples
-package util
-
-import (
- "bufio"
- "crypto"
- "crypto/ecdsa"
- "crypto/rsa"
- "crypto/tls"
- "crypto/x509"
- "encoding/pem"
- "errors"
- "fmt"
- "io"
- "io/ioutil"
- "net"
- "os"
- "path/filepath"
- "strings"
-)
-
-const bufSize = 8192
-
-var (
- errBlockIsNotPrivateKey = errors.New("block is not a private key, unable to load key")
- errUnknownKeyTime = errors.New("unknown key time in PKCS#8 wrapping, unable to load key")
- errNoPrivateKeyFound = errors.New("no private key found, unable to load key")
- errBlockIsNotCertificate = errors.New("block is not a certificate, unable to load certificates")
- errNoCertificateFound = errors.New("no certificate found, unable to load certificates")
-)
-
-// Chat simulates a simple text chat session over the connection
-func Chat(conn io.ReadWriter) {
- go func() {
- b := make([]byte, bufSize)
-
- for {
- n, err := conn.Read(b)
- Check(err)
- fmt.Printf("Got message: %s\n", string(b[:n]))
- }
- }()
-
- reader := bufio.NewReader(os.Stdin)
-
- for {
- text, err := reader.ReadString('\n')
- Check(err)
-
- if strings.TrimSpace(text) == "exit" {
- return
- }
-
- _, err = conn.Write([]byte(text))
- Check(err)
- }
-}
-
-// Check is a helper to throw errors in the examples
-func Check(err error) {
- switch e := err.(type) {
- case nil:
- case (net.Error):
- if e.Temporary() {
- fmt.Printf("Warning: %v\n", err)
- return
- }
-
- fmt.Printf("net.Error: %v\n", err)
- panic(err)
- default:
- fmt.Printf("error: %v\n", err)
- panic(err)
- }
-}
-
-// LoadKeyAndCertificate reads certificates or key from file
-func LoadKeyAndCertificate(keyPath string, certificatePath string) (*tls.Certificate, error) {
- privateKey, err := LoadKey(keyPath)
- if err != nil {
- return nil, err
- }
-
- certificate, err := LoadCertificate(certificatePath)
- if err != nil {
- return nil, err
- }
-
- certificate.PrivateKey = privateKey
-
- return certificate, nil
-}
-
-// LoadKey Load/read key from file
-func LoadKey(path string) (crypto.PrivateKey, error) {
- rawData, err := ioutil.ReadFile(filepath.Clean(path))
- if err != nil {
- return nil, err
- }
-
- block, _ := pem.Decode(rawData)
- if block == nil || !strings.HasSuffix(block.Type, "PRIVATE KEY") {
- return nil, errBlockIsNotPrivateKey
- }
-
- if key, err := x509.ParsePKCS1PrivateKey(block.Bytes); err == nil {
- return key, nil
- }
-
- if key, err := x509.ParsePKCS8PrivateKey(block.Bytes); err == nil {
- switch key := key.(type) {
- case *rsa.PrivateKey, *ecdsa.PrivateKey:
- return key, nil
- default:
- return nil, errUnknownKeyTime
- }
- }
-
- if key, err := x509.ParseECPrivateKey(block.Bytes); err == nil {
- return key, nil
- }
-
- return nil, errNoPrivateKeyFound
-}
-
-// LoadCertificate Load/read certificate(s) from file
-func LoadCertificate(path string) (*tls.Certificate, error) {
- rawData, err := ioutil.ReadFile(filepath.Clean(path))
- if err != nil {
- return nil, err
- }
-
- var certificate tls.Certificate
-
- for {
- block, rest := pem.Decode(rawData)
- if block == nil {
- break
- }
-
- if block.Type != "CERTIFICATE" {
- return nil, errBlockIsNotCertificate
- }
-
- certificate.Certificate = append(certificate.Certificate, block.Bytes)
- rawData = rest
- }
-
- if len(certificate.Certificate) == 0 {
- return nil, errNoCertificateFound
- }
-
- return &certificate, nil
-}
diff --git a/dtls-2.0.9/flight.go b/dtls-2.0.9/flight.go
deleted file mode 100644
index 580ee48..0000000
--- a/dtls-2.0.9/flight.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package dtls
-
-/*
- DTLS messages are grouped into a series of message flights, according
- to the diagrams below. Although each flight of messages may consist
- of a number of messages, they should be viewed as monolithic for the
- purpose of timeout and retransmission.
- https://tools.ietf.org/html/rfc4347#section-4.2.4
- Client Server
- ------ ------
- Waiting Flight 0
-
- ClientHello --------> Flight 1
-
- <------- HelloVerifyRequest Flight 2
-
- ClientHello --------> Flight 3
-
- ServerHello \
- Certificate* \
- ServerKeyExchange* Flight 4
- CertificateRequest* /
- <-------- ServerHelloDone /
-
- Certificate* \
- ClientKeyExchange \
- CertificateVerify* Flight 5
- [ChangeCipherSpec] /
- Finished --------> /
-
- [ChangeCipherSpec] \ Flight 6
- <-------- Finished /
-
-*/
-
-type flightVal uint8
-
-const (
- flight0 flightVal = iota + 1
- flight1
- flight2
- flight3
- flight4
- flight5
- flight6
-)
-
-func (f flightVal) String() string {
- switch f {
- case flight0:
- return "Flight 0"
- case flight1:
- return "Flight 1"
- case flight2:
- return "Flight 2"
- case flight3:
- return "Flight 3"
- case flight4:
- return "Flight 4"
- case flight5:
- return "Flight 5"
- case flight6:
- return "Flight 6"
- default:
- return "Invalid Flight"
- }
-}
-
-func (f flightVal) isLastSendFlight() bool {
- return f == flight6
-}
-
-func (f flightVal) isLastRecvFlight() bool {
- return f == flight5
-}
diff --git a/dtls-2.0.9/flight0handler.go b/dtls-2.0.9/flight0handler.go
deleted file mode 100644
index 949d7c0..0000000
--- a/dtls-2.0.9/flight0handler.go
+++ /dev/null
@@ -1,102 +0,0 @@
-package dtls
-
-import (
- "context"
- "crypto/rand"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
-)
-
-func flight0Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
- seq, msgs, ok := cache.fullPullMap(0,
- handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
- )
- if !ok {
- // No valid message received. Keep reading
- return 0, nil, nil
- }
- state.handshakeRecvSequence = seq
-
- var clientHello *handshake.MessageClientHello
-
- // Validate type
- if clientHello, ok = msgs[handshake.TypeClientHello].(*handshake.MessageClientHello); !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
- }
-
- if !clientHello.Version.Equal(protocol.Version1_2) {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
- }
-
- state.remoteRandom = clientHello.Random
-
- cipherSuites := []CipherSuite{}
- for _, id := range clientHello.CipherSuiteIDs {
- if c := cipherSuiteForID(CipherSuiteID(id), cfg.customCipherSuites); c != nil {
- cipherSuites = append(cipherSuites, c)
- }
- }
-
- if state.cipherSuite, ok = findMatchingCipherSuite(cipherSuites, cfg.localCipherSuites); !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errCipherSuiteNoIntersection
- }
-
- for _, val := range clientHello.Extensions {
- switch e := val.(type) {
- case *extension.SupportedEllipticCurves:
- if len(e.EllipticCurves) == 0 {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errNoSupportedEllipticCurves
- }
- state.namedCurve = e.EllipticCurves[0]
- case *extension.UseSRTP:
- profile, ok := findMatchingSRTPProfile(e.ProtectionProfiles, cfg.localSRTPProtectionProfiles)
- if !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errServerNoMatchingSRTPProfile
- }
- state.srtpProtectionProfile = profile
- case *extension.UseExtendedMasterSecret:
- if cfg.extendedMasterSecret != DisableExtendedMasterSecret {
- state.extendedMasterSecret = true
- }
- case *extension.ServerName:
- state.serverName = e.ServerName // remote server name
- }
- }
-
- if cfg.extendedMasterSecret == RequireExtendedMasterSecret && !state.extendedMasterSecret {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errServerRequiredButNoClientEMS
- }
-
- if state.localKeypair == nil {
- var err error
- state.localKeypair, err = elliptic.GenerateKeypair(state.namedCurve)
- if err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
- }
- }
-
- return flight2, nil, nil
-}
-
-func flight0Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
- // Initialize
- state.cookie = make([]byte, cookieLength)
- if _, err := rand.Read(state.cookie); err != nil {
- return nil, nil, err
- }
-
- var zeroEpoch uint16
- state.localEpoch.Store(zeroEpoch)
- state.remoteEpoch.Store(zeroEpoch)
- state.namedCurve = defaultNamedCurve
-
- if err := state.localRandom.Populate(); err != nil {
- return nil, nil, err
- }
-
- return nil, nil, nil
-}
diff --git a/dtls-2.0.9/flight1handler.go b/dtls-2.0.9/flight1handler.go
deleted file mode 100644
index 9229292..0000000
--- a/dtls-2.0.9/flight1handler.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package dtls
-
-import (
- "context"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-func flight1Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
- // HelloVerifyRequest can be skipped by the server,
- // so allow ServerHello during flight1 also
- seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
- handshakeCachePullRule{handshake.TypeHelloVerifyRequest, cfg.initialEpoch, false, true},
- handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, true},
- )
- if !ok {
- // No valid message received. Keep reading
- return 0, nil, nil
- }
-
- if _, ok := msgs[handshake.TypeServerHello]; ok {
- // Flight1 and flight2 were skipped.
- // Parse as flight3.
- return flight3Parse(ctx, c, state, cache, cfg)
- }
-
- if h, ok := msgs[handshake.TypeHelloVerifyRequest].(*handshake.MessageHelloVerifyRequest); ok {
- // DTLS 1.2 clients must not assume that the server will use the protocol version
- // specified in HelloVerifyRequest message. RFC 6347 Section 4.2.1
- if !h.Version.Equal(protocol.Version1_0) && !h.Version.Equal(protocol.Version1_2) {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
- }
- state.cookie = append([]byte{}, h.Cookie...)
- state.handshakeRecvSequence = seq
- return flight3, nil, nil
- }
-
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
-}
-
-func flight1Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
- var zeroEpoch uint16
- state.localEpoch.Store(zeroEpoch)
- state.remoteEpoch.Store(zeroEpoch)
- state.namedCurve = defaultNamedCurve
- state.cookie = nil
-
- if err := state.localRandom.Populate(); err != nil {
- return nil, nil, err
- }
-
- extensions := []extension.Extension{
- &extension.SupportedSignatureAlgorithms{
- SignatureHashAlgorithms: cfg.localSignatureSchemes,
- },
- &extension.RenegotiationInfo{
- RenegotiatedConnection: 0,
- },
- }
- if cfg.localPSKCallback == nil {
- extensions = append(extensions, []extension.Extension{
- &extension.SupportedEllipticCurves{
- EllipticCurves: []elliptic.Curve{elliptic.X25519, elliptic.P256, elliptic.P384},
- },
- &extension.SupportedPointFormats{
- PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
- },
- }...)
- }
-
- if len(cfg.localSRTPProtectionProfiles) > 0 {
- extensions = append(extensions, &extension.UseSRTP{
- ProtectionProfiles: cfg.localSRTPProtectionProfiles,
- })
- }
-
- if cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
- cfg.extendedMasterSecret == RequireExtendedMasterSecret {
- extensions = append(extensions, &extension.UseExtendedMasterSecret{
- Supported: true,
- })
- }
-
- if len(cfg.serverName) > 0 {
- extensions = append(extensions, &extension.ServerName{ServerName: cfg.serverName})
- }
-
- return []*packet{
- {
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageClientHello{
- Version: protocol.Version1_2,
- Cookie: state.cookie,
- Random: state.localRandom,
- CipherSuiteIDs: cipherSuiteIDs(cfg.localCipherSuites),
- CompressionMethods: defaultCompressionMethods(),
- Extensions: extensions,
- },
- },
- },
- },
- }, nil, nil
-}
diff --git a/dtls-2.0.9/flight2handler.go b/dtls-2.0.9/flight2handler.go
deleted file mode 100644
index 33e2ee7..0000000
--- a/dtls-2.0.9/flight2handler.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package dtls
-
-import (
- "bytes"
- "context"
- "fmt"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-func flight2Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
- seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
- handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
- )
- if !ok {
- // Client may retransmit the first ClientHello when HelloVerifyRequest is dropped.
- // Parse as flight 0 in this case.
- return flight0Parse(ctx, c, state, cache, cfg)
- }
- state.handshakeRecvSequence = seq
-
- var clientHello *handshake.MessageClientHello
-
- // Validate type
- if clientHello, ok = msgs[handshake.TypeClientHello].(*handshake.MessageClientHello); !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
- }
-
- if !clientHello.Version.Equal(protocol.Version1_2) {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
- }
-
- if len(clientHello.Cookie) == 0 {
- return 0, nil, nil
- }
- if !bytes.Equal(state.cookie, clientHello.Cookie) {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.AccessDenied}, errCookieMismatch
- }
-
- // TODO 添加 CiscoCompat 支持
- if cfg.localCiscoCompatCallback != nil {
- var err error
- state.SessionID = clientHello.SessionID
- if len(state.SessionID) == 0 {
- err = fmt.Errorf("clientHello SessionID is nil")
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
- }
-
- state.masterSecret, err = cfg.localCiscoCompatCallback(state.SessionID)
- if err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
- }
- }
-
- return flight4, nil, nil
-}
-
-func flight2Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
- state.handshakeSendSequence = 0
- return []*packet{
- {
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageHelloVerifyRequest{
- Version: protocol.Version1_2,
- Cookie: state.cookie,
- },
- },
- },
- },
- }, nil, nil
-}
diff --git a/dtls-2.0.9/flight3handler.go b/dtls-2.0.9/flight3handler.go
deleted file mode 100644
index f953be8..0000000
--- a/dtls-2.0.9/flight3handler.go
+++ /dev/null
@@ -1,194 +0,0 @@
-package dtls
-
-import (
- "context"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-func flight3Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) { //nolint:gocognit
- // Clients may receive multiple HelloVerifyRequest messages with different cookies.
- // Clients SHOULD handle this by sending a new ClientHello with a cookie in response
- // to the new HelloVerifyRequest. RFC 6347 Section 4.2.1
- seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
- handshakeCachePullRule{handshake.TypeHelloVerifyRequest, cfg.initialEpoch, false, true},
- )
- if ok {
- if h, msgOk := msgs[handshake.TypeHelloVerifyRequest].(*handshake.MessageHelloVerifyRequest); msgOk {
- // DTLS 1.2 clients must not assume that the server will use the protocol version
- // specified in HelloVerifyRequest message. RFC 6347 Section 4.2.1
- if !h.Version.Equal(protocol.Version1_0) && !h.Version.Equal(protocol.Version1_2) {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
- }
- state.cookie = append([]byte{}, h.Cookie...)
- state.handshakeRecvSequence = seq
- return flight3, nil, nil
- }
- }
-
- if cfg.localPSKCallback != nil {
- seq, msgs, ok = cache.fullPullMap(state.handshakeRecvSequence,
- handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, true},
- handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
- )
- } else {
- seq, msgs, ok = cache.fullPullMap(state.handshakeRecvSequence,
- handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, true},
- handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, true},
- handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
- )
- }
- if !ok {
- // Don't have enough messages. Keep reading
- return 0, nil, nil
- }
- state.handshakeRecvSequence = seq
-
- if h, ok := msgs[handshake.TypeServerHello].(*handshake.MessageServerHello); ok {
- if !h.Version.Equal(protocol.Version1_2) {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
- }
- for _, v := range h.Extensions {
- switch e := v.(type) {
- case *extension.UseSRTP:
- profile, ok := findMatchingSRTPProfile(e.ProtectionProfiles, cfg.localSRTPProtectionProfiles)
- if !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, errClientNoMatchingSRTPProfile
- }
- state.srtpProtectionProfile = profile
- case *extension.UseExtendedMasterSecret:
- if cfg.extendedMasterSecret != DisableExtendedMasterSecret {
- state.extendedMasterSecret = true
- }
- }
- }
- if cfg.extendedMasterSecret == RequireExtendedMasterSecret && !state.extendedMasterSecret {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errClientRequiredButNoServerEMS
- }
- if len(cfg.localSRTPProtectionProfiles) > 0 && state.srtpProtectionProfile == 0 {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errRequestedButNoSRTPExtension
- }
-
- remoteCipherSuite := cipherSuiteForID(CipherSuiteID(*h.CipherSuiteID), cfg.customCipherSuites)
- if remoteCipherSuite == nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errCipherSuiteNoIntersection
- }
-
- selectedCipherSuite, ok := findMatchingCipherSuite([]CipherSuite{remoteCipherSuite}, cfg.localCipherSuites)
- if !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errInvalidCipherSuite
- }
-
- state.cipherSuite = selectedCipherSuite
- state.remoteRandom = h.Random
- cfg.log.Tracef("[handshake] use cipher suite: %s", selectedCipherSuite.String())
- }
-
- if h, ok := msgs[handshake.TypeCertificate].(*handshake.MessageCertificate); ok {
- state.PeerCertificates = h.Certificate
- } else if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeCertificate {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.NoCertificate}, errInvalidCertificate
- }
-
- if h, ok := msgs[handshake.TypeServerKeyExchange].(*handshake.MessageServerKeyExchange); ok {
- alertPtr, err := handleServerKeyExchange(c, state, cfg, h)
- if err != nil {
- return 0, alertPtr, err
- }
- }
-
- if _, ok := msgs[handshake.TypeCertificateRequest].(*handshake.MessageCertificateRequest); ok {
- state.remoteRequestedCertificate = true
- }
-
- return flight5, nil, nil
-}
-
-func handleServerKeyExchange(_ flightConn, state *State, cfg *handshakeConfig, h *handshake.MessageServerKeyExchange) (*alert.Alert, error) {
- var err error
- if cfg.localPSKCallback != nil {
- var psk []byte
- if psk, err = cfg.localPSKCallback(h.IdentityHint); err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- state.IdentityHint = h.IdentityHint
- state.preMasterSecret = prf.PSKPreMasterSecret(psk)
- } else {
- if state.localKeypair, err = elliptic.GenerateKeypair(h.NamedCurve); err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
-
- if state.preMasterSecret, err = prf.PreMasterSecret(h.PublicKey, state.localKeypair.PrivateKey, state.localKeypair.Curve); err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- }
-
- return nil, nil
-}
-
-func flight3Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
- extensions := []extension.Extension{
- &extension.SupportedSignatureAlgorithms{
- SignatureHashAlgorithms: cfg.localSignatureSchemes,
- },
- &extension.RenegotiationInfo{
- RenegotiatedConnection: 0,
- },
- }
- if cfg.localPSKCallback == nil {
- extensions = append(extensions, []extension.Extension{
- &extension.SupportedEllipticCurves{
- EllipticCurves: []elliptic.Curve{elliptic.X25519, elliptic.P256, elliptic.P384},
- },
- &extension.SupportedPointFormats{
- PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
- },
- }...)
- }
-
- if len(cfg.localSRTPProtectionProfiles) > 0 {
- extensions = append(extensions, &extension.UseSRTP{
- ProtectionProfiles: cfg.localSRTPProtectionProfiles,
- })
- }
-
- if cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
- cfg.extendedMasterSecret == RequireExtendedMasterSecret {
- extensions = append(extensions, &extension.UseExtendedMasterSecret{
- Supported: true,
- })
- }
-
- if len(cfg.serverName) > 0 {
- extensions = append(extensions, &extension.ServerName{ServerName: cfg.serverName})
- }
-
- return []*packet{
- {
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageClientHello{
- Version: protocol.Version1_2,
- Cookie: state.cookie,
- Random: state.localRandom,
- CipherSuiteIDs: cipherSuiteIDs(cfg.localCipherSuites),
- CompressionMethods: defaultCompressionMethods(),
- Extensions: extensions,
- },
- },
- },
- },
- }, nil, nil
-}
diff --git a/dtls-2.0.9/flight4handler.go b/dtls-2.0.9/flight4handler.go
deleted file mode 100644
index 1464854..0000000
--- a/dtls-2.0.9/flight4handler.go
+++ /dev/null
@@ -1,352 +0,0 @@
-package dtls
-
-import (
- "context"
- "crypto/x509"
-
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-func flight4Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) { //nolint:gocognit
- seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, true},
- handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeCertificateVerify, cfg.initialEpoch, true, true},
- )
- if !ok {
- // No valid message received. Keep reading
- return 0, nil, nil
- }
-
- // Validate type
- var clientKeyExchange *handshake.MessageClientKeyExchange
- if clientKeyExchange, ok = msgs[handshake.TypeClientKeyExchange].(*handshake.MessageClientKeyExchange); !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
- }
-
- if h, hasCert := msgs[handshake.TypeCertificate].(*handshake.MessageCertificate); hasCert {
- state.PeerCertificates = h.Certificate
- }
-
- if h, hasCertVerify := msgs[handshake.TypeCertificateVerify].(*handshake.MessageCertificateVerify); hasCertVerify {
- if state.PeerCertificates == nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.NoCertificate}, errCertificateVerifyNoCertificate
- }
-
- plainText := cache.pullAndMerge(
- handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
- )
-
- // Verify that the pair of hash algorithm and signiture is listed.
- var validSignatureScheme bool
- for _, ss := range cfg.localSignatureSchemes {
- if ss.Hash == h.HashAlgorithm && ss.Signature == h.SignatureAlgorithm {
- validSignatureScheme = true
- break
- }
- }
- if !validSignatureScheme {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errNoAvailableSignatureSchemes
- }
-
- if err := verifyCertificateVerify(plainText, h.HashAlgorithm, h.Signature, state.PeerCertificates); err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
- }
- var chains [][]*x509.Certificate
- var err error
- var verified bool
- if cfg.clientAuth >= VerifyClientCertIfGiven {
- if chains, err = verifyClientCert(state.PeerCertificates, cfg.clientCAs); err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
- }
- verified = true
- }
- if cfg.verifyPeerCertificate != nil {
- if err := cfg.verifyPeerCertificate(state.PeerCertificates, chains); err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
- }
- }
- state.peerCertificatesVerified = verified
- }
-
- if !state.cipherSuite.IsInitialized() {
- serverRandom := state.localRandom.MarshalFixed()
- clientRandom := state.remoteRandom.MarshalFixed()
-
- var err error
- var preMasterSecret []byte
- if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypePreSharedKey {
- var psk []byte
- if psk, err = cfg.localPSKCallback(clientKeyExchange.IdentityHint); err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- state.IdentityHint = clientKeyExchange.IdentityHint
- preMasterSecret = prf.PSKPreMasterSecret(psk)
- } else {
- preMasterSecret, err = prf.PreMasterSecret(clientKeyExchange.PublicKey, state.localKeypair.PrivateKey, state.localKeypair.Curve)
- if err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
- }
- }
-
- if state.extendedMasterSecret {
- var sessionHash []byte
- sessionHash, err = cache.sessionHash(state.cipherSuite.HashFunc(), cfg.initialEpoch)
- if err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
-
- state.masterSecret, err = prf.ExtendedMasterSecret(preMasterSecret, sessionHash, state.cipherSuite.HashFunc())
- if err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- } else {
- state.masterSecret, err = prf.MasterSecret(preMasterSecret, clientRandom[:], serverRandom[:], state.cipherSuite.HashFunc())
- if err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- }
-
- if err := state.cipherSuite.Init(state.masterSecret, clientRandom[:], serverRandom[:], false); err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- cfg.writeKeyLog(keyLogLabelTLS12, clientRandom[:], state.masterSecret)
- }
-
- // Now, encrypted packets can be handled
- if err := c.handleQueuedPackets(ctx); err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
-
- seq, msgs, ok = cache.fullPullMap(seq,
- handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
- )
- if !ok {
- // No valid message received. Keep reading
- return 0, nil, nil
- }
- state.handshakeRecvSequence = seq
-
- if _, ok = msgs[handshake.TypeFinished].(*handshake.MessageFinished); !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
- }
-
- if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeAnonymous {
- return flight6, nil, nil
- }
-
- switch cfg.clientAuth {
- case RequireAnyClientCert:
- if state.PeerCertificates == nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.NoCertificate}, errClientCertificateRequired
- }
- case VerifyClientCertIfGiven:
- if state.PeerCertificates != nil && !state.peerCertificatesVerified {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, errClientCertificateNotVerified
- }
- case RequireAndVerifyClientCert:
- if state.PeerCertificates == nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.NoCertificate}, errClientCertificateRequired
- }
- if !state.peerCertificatesVerified {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, errClientCertificateNotVerified
- }
- case NoClientCert, RequestClientCert:
- return flight6, nil, nil
- }
-
- return flight6, nil, nil
-}
-
-func flight4Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
- extensions := []extension.Extension{&extension.RenegotiationInfo{
- RenegotiatedConnection: 0,
- }}
- if (cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
- cfg.extendedMasterSecret == RequireExtendedMasterSecret) && state.extendedMasterSecret {
- extensions = append(extensions, &extension.UseExtendedMasterSecret{
- Supported: true,
- })
- }
- if state.srtpProtectionProfile != 0 {
- extensions = append(extensions, &extension.UseSRTP{
- ProtectionProfiles: []SRTPProtectionProfile{state.srtpProtectionProfile},
- })
- }
- if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeCertificate {
- extensions = append(extensions, []extension.Extension{
- &extension.SupportedEllipticCurves{
- EllipticCurves: []elliptic.Curve{elliptic.X25519, elliptic.P256, elliptic.P384},
- },
- &extension.SupportedPointFormats{
- PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
- },
- }...)
- }
-
- var pkts []*packet
- cipherSuiteID := uint16(state.cipherSuite.ID())
-
- pkts = append(pkts, &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageServerHello{
- Version: protocol.Version1_2,
- Random: state.localRandom,
- SessionID: state.SessionID,
- CipherSuiteID: &cipherSuiteID,
- CompressionMethod: defaultCompressionMethods()[0],
- Extensions: extensions,
- },
- },
- },
- })
-
- // TODO 添加 CiscoCompat 支持
- if cfg.localCiscoCompatCallback != nil {
- if !state.cipherSuite.IsInitialized() {
- serverRandom := state.localRandom.MarshalFixed()
- clientRandom := state.remoteRandom.MarshalFixed()
-
- if err := state.cipherSuite.Init(state.masterSecret, clientRandom[:], serverRandom[:], false); err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- cfg.writeKeyLog(keyLogLabelTLS12, clientRandom[:], state.masterSecret)
- }
- return pkts, nil, nil
- }
-
- switch {
- case state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeCertificate:
- certificate, err := cfg.getCertificate(cfg.serverName)
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.HandshakeFailure}, err
- }
-
- pkts = append(pkts, &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageCertificate{
- Certificate: certificate.Certificate,
- },
- },
- },
- })
-
- serverRandom := state.localRandom.MarshalFixed()
- clientRandom := state.remoteRandom.MarshalFixed()
-
- // Find compatible signature scheme
- signatureHashAlgo, err := signaturehash.SelectSignatureScheme(cfg.localSignatureSchemes, certificate.PrivateKey)
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, err
- }
-
- signature, err := generateKeySignature(clientRandom[:], serverRandom[:], state.localKeypair.PublicKey, state.namedCurve, certificate.PrivateKey, signatureHashAlgo.Hash)
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- state.localKeySignature = signature
-
- pkts = append(pkts, &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageServerKeyExchange{
- EllipticCurveType: elliptic.CurveTypeNamedCurve,
- NamedCurve: state.namedCurve,
- PublicKey: state.localKeypair.PublicKey,
- HashAlgorithm: signatureHashAlgo.Hash,
- SignatureAlgorithm: signatureHashAlgo.Signature,
- Signature: state.localKeySignature,
- },
- },
- },
- })
-
- if cfg.clientAuth > NoClientCert {
- pkts = append(pkts, &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageCertificateRequest{
- CertificateTypes: []clientcertificate.Type{clientcertificate.RSASign, clientcertificate.ECDSASign},
- SignatureHashAlgorithms: cfg.localSignatureSchemes,
- },
- },
- },
- })
- }
- case cfg.localPSKIdentityHint != nil:
- // To help the client in selecting which identity to use, the server
- // can provide a "PSK identity hint" in the ServerKeyExchange message.
- // If no hint is provided, the ServerKeyExchange message is omitted.
- //
- // https://tools.ietf.org/html/rfc4279#section-2
- pkts = append(pkts, &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageServerKeyExchange{
- IdentityHint: cfg.localPSKIdentityHint,
- },
- },
- },
- })
- case state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeAnonymous:
- pkts = append(pkts, &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageServerKeyExchange{
- EllipticCurveType: elliptic.CurveTypeNamedCurve,
- NamedCurve: state.namedCurve,
- PublicKey: state.localKeypair.PublicKey,
- },
- },
- },
- })
- }
-
- pkts = append(pkts, &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageServerHelloDone{},
- },
- },
- })
-
- return pkts, nil, nil
-}
diff --git a/dtls-2.0.9/flight5handler.go b/dtls-2.0.9/flight5handler.go
deleted file mode 100644
index baa1d5c..0000000
--- a/dtls-2.0.9/flight5handler.go
+++ /dev/null
@@ -1,323 +0,0 @@
-package dtls
-
-import (
- "bytes"
- "context"
- "crypto"
- "crypto/x509"
-
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-func flight5Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
- _, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
- handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, false, false},
- )
- if !ok {
- // No valid message received. Keep reading
- return 0, nil, nil
- }
-
- var finished *handshake.MessageFinished
- if finished, ok = msgs[handshake.TypeFinished].(*handshake.MessageFinished); !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
- }
- plainText := cache.pullAndMerge(
- handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeCertificateVerify, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
- )
-
- expectedVerifyData, err := prf.VerifyDataServer(state.masterSecret, plainText, state.cipherSuite.HashFunc())
- if err != nil {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- if !bytes.Equal(expectedVerifyData, finished.VerifyData) {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.HandshakeFailure}, errVerifyDataMismatch
- }
-
- return flight5, nil, nil
-}
-
-func flight5Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) { //nolint:gocognit
- var certBytes [][]byte
- var privateKey crypto.PrivateKey
- if len(cfg.localCertificates) > 0 {
- certificate, err := cfg.getCertificate(cfg.serverName)
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.HandshakeFailure}, err
- }
- certBytes = certificate.Certificate
- privateKey = certificate.PrivateKey
- }
-
- var pkts []*packet
-
- if state.remoteRequestedCertificate {
- pkts = append(pkts,
- &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageCertificate{
- Certificate: certBytes,
- },
- },
- },
- })
- }
-
- clientKeyExchange := &handshake.MessageClientKeyExchange{}
- if cfg.localPSKCallback == nil {
- clientKeyExchange.PublicKey = state.localKeypair.PublicKey
- } else {
- clientKeyExchange.IdentityHint = cfg.localPSKIdentityHint
- }
-
- pkts = append(pkts,
- &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: clientKeyExchange,
- },
- },
- })
-
- serverKeyExchangeData := cache.pullAndMerge(
- handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
- )
-
- serverKeyExchange := &handshake.MessageServerKeyExchange{}
-
- // handshakeMessageServerKeyExchange is optional for PSK
- if len(serverKeyExchangeData) == 0 {
- alertPtr, err := handleServerKeyExchange(c, state, cfg, &handshake.MessageServerKeyExchange{})
- if err != nil {
- return nil, alertPtr, err
- }
- } else {
- rawHandshake := &handshake.Handshake{}
- err := rawHandshake.Unmarshal(serverKeyExchangeData)
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.UnexpectedMessage}, err
- }
-
- switch h := rawHandshake.Message.(type) {
- case *handshake.MessageServerKeyExchange:
- serverKeyExchange = h
- default:
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.UnexpectedMessage}, errInvalidContentType
- }
- }
-
- // Append not-yet-sent packets
- merged := []byte{}
- seqPred := uint16(state.handshakeSendSequence)
- for _, p := range pkts {
- h, ok := p.record.Content.(*handshake.Handshake)
- if !ok {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, errInvalidContentType
- }
- h.Header.MessageSequence = seqPred
- seqPred++
- raw, err := h.Marshal()
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- merged = append(merged, raw...)
- }
-
- if alertPtr, err := initalizeCipherSuite(state, cache, cfg, serverKeyExchange, merged); err != nil {
- return nil, alertPtr, err
- }
-
- // If the client has sent a certificate with signing ability, a digitally-signed
- // CertificateVerify message is sent to explicitly verify possession of the
- // private key in the certificate.
- if state.remoteRequestedCertificate && len(cfg.localCertificates) > 0 {
- plainText := append(cache.pullAndMerge(
- handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
- ), merged...)
-
- // Find compatible signature scheme
- signatureHashAlgo, err := signaturehash.SelectSignatureScheme(cfg.localSignatureSchemes, privateKey)
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, err
- }
-
- certVerify, err := generateCertificateVerify(plainText, privateKey, signatureHashAlgo.Hash)
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- state.localCertificatesVerify = certVerify
-
- p := &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageCertificateVerify{
- HashAlgorithm: signatureHashAlgo.Hash,
- SignatureAlgorithm: signatureHashAlgo.Signature,
- Signature: state.localCertificatesVerify,
- },
- },
- },
- }
- pkts = append(pkts, p)
-
- h, ok := p.record.Content.(*handshake.Handshake)
- if !ok {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, errInvalidContentType
- }
- h.Header.MessageSequence = seqPred
- // seqPred++ // this is the last use of seqPred
- raw, err := h.Marshal()
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- merged = append(merged, raw...)
- }
-
- pkts = append(pkts,
- &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &protocol.ChangeCipherSpec{},
- },
- })
-
- if len(state.localVerifyData) == 0 {
- plainText := cache.pullAndMerge(
- handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeCertificateVerify, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
- )
-
- var err error
- state.localVerifyData, err = prf.VerifyDataClient(state.masterSecret, append(plainText, merged...), state.cipherSuite.HashFunc())
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- }
-
- pkts = append(pkts,
- &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- Epoch: 1,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageFinished{
- VerifyData: state.localVerifyData,
- },
- },
- },
- shouldEncrypt: true,
- resetLocalSequenceNumber: true,
- })
-
- return pkts, nil, nil
-}
-
-func initalizeCipherSuite(state *State, cache *handshakeCache, cfg *handshakeConfig, h *handshake.MessageServerKeyExchange, sendingPlainText []byte) (*alert.Alert, error) { //nolint:gocognit
- if state.cipherSuite.IsInitialized() {
- return nil, nil
- }
-
- clientRandom := state.localRandom.MarshalFixed()
- serverRandom := state.remoteRandom.MarshalFixed()
-
- var err error
-
- if state.extendedMasterSecret {
- var sessionHash []byte
- sessionHash, err = cache.sessionHash(state.cipherSuite.HashFunc(), cfg.initialEpoch, sendingPlainText)
- if err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
-
- state.masterSecret, err = prf.ExtendedMasterSecret(state.preMasterSecret, sessionHash, state.cipherSuite.HashFunc())
- if err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.IllegalParameter}, err
- }
- } else {
- state.masterSecret, err = prf.MasterSecret(state.preMasterSecret, clientRandom[:], serverRandom[:], state.cipherSuite.HashFunc())
- if err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- }
-
- if state.cipherSuite.AuthenticationType() == CipherSuiteAuthenticationTypeCertificate {
- // Verify that the pair of hash algorithm and signiture is listed.
- var validSignatureScheme bool
- for _, ss := range cfg.localSignatureSchemes {
- if ss.Hash == h.HashAlgorithm && ss.Signature == h.SignatureAlgorithm {
- validSignatureScheme = true
- break
- }
- }
- if !validSignatureScheme {
- return &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, errNoAvailableSignatureSchemes
- }
-
- expectedMsg := valueKeyMessage(clientRandom[:], serverRandom[:], h.PublicKey, h.NamedCurve)
- if err = verifyKeySignature(expectedMsg, h.Signature, h.HashAlgorithm, state.PeerCertificates); err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
- }
- var chains [][]*x509.Certificate
- if !cfg.insecureSkipVerify {
- if chains, err = verifyServerCert(state.PeerCertificates, cfg.rootCAs, cfg.serverName); err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
- }
- }
- if cfg.verifyPeerCertificate != nil {
- if err = cfg.verifyPeerCertificate(state.PeerCertificates, chains); err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.BadCertificate}, err
- }
- }
- }
-
- if err = state.cipherSuite.Init(state.masterSecret, clientRandom[:], serverRandom[:], true); err != nil {
- return &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
-
- cfg.writeKeyLog(keyLogLabelTLS12, clientRandom[:], state.masterSecret)
-
- return nil, nil
-}
diff --git a/dtls-2.0.9/flight6handler.go b/dtls-2.0.9/flight6handler.go
deleted file mode 100644
index 10de5ad..0000000
--- a/dtls-2.0.9/flight6handler.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package dtls
-
-import (
- "context"
-
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-func flight6Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
- _, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence-1,
- handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
- )
- if !ok {
- // No valid message received. Keep reading
- return 0, nil, nil
- }
-
- if _, ok = msgs[handshake.TypeFinished].(*handshake.MessageFinished); !ok {
- return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
- }
-
- // Other party retransmitted the last flight.
- return flight6, nil, nil
-}
-
-func flight6Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
- var pkts []*packet
-
- pkts = append(pkts,
- &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &protocol.ChangeCipherSpec{},
- },
- })
-
- if len(state.localVerifyData) == 0 {
- plainText := cache.pullAndMerge(
- handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeCertificateVerify, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeFinished, cfg.initialEpoch + 1, true, false},
- )
-
- var err error
- state.localVerifyData, err = prf.VerifyDataServer(state.masterSecret, plainText, state.cipherSuite.HashFunc())
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- }
-
- pkts = append(pkts,
- &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- Epoch: 1,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageFinished{
- VerifyData: state.localVerifyData,
- },
- },
- },
- shouldEncrypt: true,
- resetLocalSequenceNumber: true,
- },
- )
- return pkts, nil, nil
-}
diff --git a/dtls-2.0.9/flighthandler.go b/dtls-2.0.9/flighthandler.go
deleted file mode 100644
index b364c09..0000000
--- a/dtls-2.0.9/flighthandler.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package dtls
-
-import (
- "context"
-
- "github.com/pion/dtls/v2/pkg/protocol/alert"
-)
-
-// Parse received handshakes and return next flightVal
-type flightParser func(context.Context, flightConn, *State, *handshakeCache, *handshakeConfig) (flightVal, *alert.Alert, error)
-
-// Generate flights
-type flightGenerator func(flightConn, *State, *handshakeCache, *handshakeConfig) ([]*packet, *alert.Alert, error)
-
-func (f flightVal) getFlightParser() (flightParser, error) {
- switch f {
- case flight0:
- return flight0Parse, nil
- case flight1:
- return flight1Parse, nil
- case flight2:
- return flight2Parse, nil
- case flight3:
- return flight3Parse, nil
- case flight4:
- return flight4Parse, nil
- case flight5:
- return flight5Parse, nil
- case flight6:
- return flight6Parse, nil
- default:
- return nil, errInvalidFlight
- }
-}
-
-func (f flightVal) getFlightGenerator() (gen flightGenerator, retransmit bool, err error) {
- switch f {
- case flight0:
- return flight0Generate, true, nil
- case flight1:
- return flight1Generate, true, nil
- case flight2:
- // https://tools.ietf.org/html/rfc6347#section-3.2.1
- // HelloVerifyRequests must not be retransmitted.
- return flight2Generate, false, nil
- case flight3:
- return flight3Generate, true, nil
- case flight4:
- return flight4Generate, true, nil
- case flight5:
- return flight5Generate, true, nil
- case flight6:
- return flight6Generate, true, nil
- default:
- return nil, false, errInvalidFlight
- }
-}
diff --git a/dtls-2.0.9/fragment_buffer.go b/dtls-2.0.9/fragment_buffer.go
deleted file mode 100644
index 0274993..0000000
--- a/dtls-2.0.9/fragment_buffer.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package dtls
-
-import (
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-type fragment struct {
- recordLayerHeader recordlayer.Header
- handshakeHeader handshake.Header
- data []byte
-}
-
-type fragmentBuffer struct {
- // map of MessageSequenceNumbers that hold slices of fragments
- cache map[uint16][]*fragment
-
- currentMessageSequenceNumber uint16
-}
-
-func newFragmentBuffer() *fragmentBuffer {
- return &fragmentBuffer{cache: map[uint16][]*fragment{}}
-}
-
-// Attempts to push a DTLS packet to the fragmentBuffer
-// when it returns true it means the fragmentBuffer has inserted and the buffer shouldn't be handled
-// when an error returns it is fatal, and the DTLS connection should be stopped
-func (f *fragmentBuffer) push(buf []byte) (bool, error) {
- frag := new(fragment)
- if err := frag.recordLayerHeader.Unmarshal(buf); err != nil {
- return false, err
- }
-
- // fragment isn't a handshake, we don't need to handle it
- if frag.recordLayerHeader.ContentType != protocol.ContentTypeHandshake {
- return false, nil
- }
-
- for buf = buf[recordlayer.HeaderSize:]; len(buf) != 0; frag = new(fragment) {
- if err := frag.handshakeHeader.Unmarshal(buf); err != nil {
- return false, err
- }
-
- if _, ok := f.cache[frag.handshakeHeader.MessageSequence]; !ok {
- f.cache[frag.handshakeHeader.MessageSequence] = []*fragment{}
- }
-
- // end index should be the length of handshake header but if the handshake
- // was fragmented, we should keep them all
- end := int(handshake.HeaderLength + frag.handshakeHeader.Length)
- if size := len(buf); end > size {
- end = size
- }
-
- // Discard all headers, when rebuilding the packet we will re-build
- frag.data = append([]byte{}, buf[handshake.HeaderLength:end]...)
- f.cache[frag.handshakeHeader.MessageSequence] = append(f.cache[frag.handshakeHeader.MessageSequence], frag)
- buf = buf[end:]
- }
-
- return true, nil
-}
-
-func (f *fragmentBuffer) pop() (content []byte, epoch uint16) {
- frags, ok := f.cache[f.currentMessageSequenceNumber]
- if !ok {
- return nil, 0
- }
-
- // Go doesn't support recursive lambdas
- var appendMessage func(targetOffset uint32) bool
-
- rawMessage := []byte{}
- appendMessage = func(targetOffset uint32) bool {
- for _, f := range frags {
- if f.handshakeHeader.FragmentOffset == targetOffset {
- fragmentEnd := (f.handshakeHeader.FragmentOffset + f.handshakeHeader.FragmentLength)
- if fragmentEnd != f.handshakeHeader.Length {
- if !appendMessage(fragmentEnd) {
- return false
- }
- }
-
- rawMessage = append(f.data, rawMessage...)
- return true
- }
- }
- return false
- }
-
- // Recursively collect up
- if !appendMessage(0) {
- return nil, 0
- }
-
- firstHeader := frags[0].handshakeHeader
- firstHeader.FragmentOffset = 0
- firstHeader.FragmentLength = firstHeader.Length
-
- rawHeader, err := firstHeader.Marshal()
- if err != nil {
- return nil, 0
- }
-
- messageEpoch := frags[0].recordLayerHeader.Epoch
-
- delete(f.cache, f.currentMessageSequenceNumber)
- f.currentMessageSequenceNumber++
- return append(rawHeader, rawMessage...), messageEpoch
-}
diff --git a/dtls-2.0.9/fragment_buffer_test.go b/dtls-2.0.9/fragment_buffer_test.go
deleted file mode 100644
index 62c7ead..0000000
--- a/dtls-2.0.9/fragment_buffer_test.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package dtls
-
-import (
- "reflect"
- "testing"
-)
-
-func TestFragmentBuffer(t *testing.T) {
- for _, test := range []struct {
- Name string
- In [][]byte
- Expected [][]byte
- Epoch uint16
- }{
- {
- Name: "Single Fragment",
- In: [][]byte{
- {0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, 0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xfe, 0xff, 0x00},
- },
- Expected: [][]byte{
- {0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xfe, 0xff, 0x00},
- },
- Epoch: 0,
- },
- {
- Name: "Single Fragment Epoch 3",
- In: [][]byte{
- {0x16, 0xfe, 0xff, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, 0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xfe, 0xff, 0x00},
- },
- Expected: [][]byte{
- {0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xfe, 0xff, 0x00},
- },
- Epoch: 3,
- },
- {
- Name: "Multiple Fragments",
- In: [][]byte{
- {0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x02, 0x03, 0x04},
- {0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x05, 0x05, 0x06, 0x07, 0x08, 0x09},
- {0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x05, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E},
- },
- Expected: [][]byte{
- {0x0b, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e},
- },
- Epoch: 0,
- },
- {
- Name: "Multiple Unordered Fragments",
- In: [][]byte{
- {0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x02, 0x03, 0x04},
- {0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x05, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E},
- {0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x81, 0x0b, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x05, 0x05, 0x06, 0x07, 0x08, 0x09},
- },
- Expected: [][]byte{
- {0x0b, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e},
- },
- Epoch: 0,
- },
- {
- Name: "Multiple Handshakes in Signle Fragment",
- In: [][]byte{
- {
- 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x30, /* record header */
- 0x03, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01, /*handshake msg 1*/
- 0x03, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01, /*handshake msg 2*/
- 0x03, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01, /*handshake msg 3*/
- },
- },
- Expected: [][]byte{
- {0x03, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01},
- {0x03, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01},
- {0x03, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xfe, 0xff, 0x01, 0x01},
- },
- Epoch: 0,
- },
- } {
- fragmentBuffer := newFragmentBuffer()
- for _, frag := range test.In {
- status, err := fragmentBuffer.push(frag)
- if err != nil {
- t.Error(err)
- } else if !status {
- t.Errorf("fragmentBuffer didn't accept fragments for '%s'", test.Name)
- }
- }
-
- for _, expected := range test.Expected {
- out, epoch := fragmentBuffer.pop()
- if !reflect.DeepEqual(out, expected) {
- t.Errorf("fragmentBuffer '%s' push/pop: got % 02x, want % 02x", test.Name, out, expected)
- }
- if epoch != test.Epoch {
- t.Errorf("fragmentBuffer returned wrong epoch: got %d, want %d", epoch, test.Epoch)
- }
- }
-
- if frag, _ := fragmentBuffer.pop(); frag != nil {
- t.Errorf("fragmentBuffer popped single buffer multiple times for '%s'", test.Name)
- }
- }
-}
diff --git a/dtls-2.0.9/fuzz.go b/dtls-2.0.9/fuzz.go
deleted file mode 100644
index 56c1bf2..0000000
--- a/dtls-2.0.9/fuzz.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// +build gofuzz
-
-package dtls
-
-import "fmt"
-
-func partialHeaderMismatch(a, b recordlayer.Header) bool {
- // Ignoring content length for now.
- a.contentLen = b.contentLen
- return a != b
-}
-
-func FuzzRecordLayer(data []byte) int {
- var r recordLayer
- if err := r.Unmarshal(data); err != nil {
- return 0
- }
- buf, err := r.Marshal()
- if err != nil {
- return 1
- }
- if len(buf) == 0 {
- panic("zero buff") // nolint
- }
- var nr recordLayer
- if err = nr.Unmarshal(data); err != nil {
- panic(err) // nolint
- }
- if partialHeaderMismatch(nr.recordlayer.Header, r.recordlayer.Header) {
- panic( // nolint
- fmt.Sprintf("header mismatch: %+v != %+v",
- nr.recordlayer.Header, r.recordlayer.Header,
- ),
- )
- }
-
- return 1
-}
diff --git a/dtls-2.0.9/fuzz/corpus/012178ca0830b7449ad370598d55873d81b95e40-25 b/dtls-2.0.9/fuzz/corpus/012178ca0830b7449ad370598d55873d81b95e40-25
deleted file mode 100644
index f82ac9a17f515ca94cba4160df6c271af30ec8e1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCUOC}FTPF*h+WH8Qp^^vNtK$w_t1OEF?#
W-~dVh)i5#eg4t}W|5+Uv6gdFO^AoKA
diff --git a/dtls-2.0.9/fuzz/corpus/01277073b27ccc6925ce4c941527f7b7705c8311-1 b/dtls-2.0.9/fuzz/corpus/01277073b27ccc6925ce4c941527f7b7705c8311-1
deleted file mode 100644
index 4756c7a..0000000
--- a/dtls-2.0.9/fuzz/corpus/01277073b27ccc6925ce4c941527f7b7705c8311-1
+++ /dev/null
@@ -1 +0,0 @@
-��12�����[A51
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/039192caed40959ac2f5c3254669312ba2dfbcad-12 b/dtls-2.0.9/fuzz/corpus/039192caed40959ac2f5c3254669312ba2dfbcad-12
deleted file mode 100644
index 3580e3c85ed253af66dbfa4eae2382164e926034..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
jcmWf8?w3=XlgUt$pRbU^&%nR|W&mkMMh2Gsd$kz=r&kDw
diff --git a/dtls-2.0.9/fuzz/corpus/03a9bad270cf32520b5c3e99add47c648ba6150f-7 b/dtls-2.0.9/fuzz/corpus/03a9bad270cf32520b5c3e99add47c648ba6150f-7
deleted file mode 100644
index f3b959a0fd9b4d4afae80a3990bd93c808821fe6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
acmWf;xOe~i{qI3UwE`mp2)t)V0g?c(Dhe6^
diff --git a/dtls-2.0.9/fuzz/corpus/048fcd45b732d5bed912e6652bc265a0adaf5664-26 b/dtls-2.0.9/fuzz/corpus/048fcd45b732d5bed912e6652bc265a0adaf5664-26
deleted file mode 100644
index 40c5ce232ca658255b7ad9352483cf6737b721d8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZiQ9T2YHfCVpC}FTPF*h+WH8Qp^^vNtK$w_t1OEH2-
X0M#%s@G`Km{%0^{bzm@MFy#OMzCjaV
diff --git a/dtls-2.0.9/fuzz/corpus/04a28c0806a91267f0576e11d042400f41dc538b-12 b/dtls-2.0.9/fuzz/corpus/04a28c0806a91267f0576e11d042400f41dc538b-12
deleted file mode 100644
index a25e2a6a991a8d4a0477c0941f347e8807823077..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 28
fcmWf8?w3=XlgUt$&%?mL3`8#&6c|Cw7YqylYl#K*
diff --git a/dtls-2.0.9/fuzz/corpus/04d00cfd50deb9ccd9d14be8c58f401a0414dad3-30 b/dtls-2.0.9/fuzz/corpus/04d00cfd50deb9ccd9d14be8c58f401a0414dad3-30
deleted file mode 100644
index 53a1acbdeb16bcfedd5af2dd4fb749c8dc16785e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
V042bxm>75&7&w617#R2%7y+4{5i<Y)
diff --git a/dtls-2.0.9/fuzz/corpus/04e7f402f7d9f6ed2e664190dbd3267eddfddefa-6 b/dtls-2.0.9/fuzz/corpus/04e7f402f7d9f6ed2e664190dbd3267eddfddefa-6
deleted file mode 100644
index 3f7dfd3e3e5fc1efdeeb62d7fb45da66982f82e9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
dcmWf;xOe~i{qI4<{`brb3=9tY-!r5DX#m8w3@!iw
diff --git a/dtls-2.0.9/fuzz/corpus/057a8c627dc06c27296c8208265a9f8a32a8d4c2-19 b/dtls-2.0.9/fuzz/corpus/057a8c627dc06c27296c8208265a9f8a32a8d4c2-19
deleted file mode 100644
index 50846b2f1a43a89c64046d4936d1022ca9dc0cb6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
icmWf8?w3>Sm#MCvpRbU^%fP@<!T<&wY^?uTK`a1`&jvaG
diff --git a/dtls-2.0.9/fuzz/corpus/05a0d164b8e3ca08dc1bd077ce4aa4559731182b-15 b/dtls-2.0.9/fuzz/corpus/05a0d164b8e3ca08dc1bd077ce4aa4559731182b-15
deleted file mode 100644
index aa77799771005889339e6d4cb7dff26804f1bb01..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlgUt$FQ$;g&A`A>qQC$G91IMs3=B-#N&twJ1&9Cu
diff --git a/dtls-2.0.9/fuzz/corpus/06148fe224720cd3a0497fc87f2b6bc5f004484a-30 b/dtls-2.0.9/fuzz/corpus/06148fe224720cd3a0497fc87f2b6bc5f004484a-30
deleted file mode 100644
index f80886b52902e61db04fa8e6247469cbc5366294..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
V042bxm>75&7&w617#O%17y+4*5ibA$
diff --git a/dtls-2.0.9/fuzz/corpus/078c2bd97a33002242f9d5ac0a95970c9432124a-31 b/dtls-2.0.9/fuzz/corpus/078c2bd97a33002242f9d5ac0a95970c9432124a-31
deleted file mode 100644
index ac541d3ce7ff06d9de16bf13d93251e3b9d7c663..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
V042bxm>75&7&w61n1Kc`0sx?r6O#Y{
diff --git a/dtls-2.0.9/fuzz/corpus/07ff33058f3c6732b9439f7d5c2bd50bb46adb31-20 b/dtls-2.0.9/fuzz/corpus/07ff33058f3c6732b9439f7d5c2bd50bb46adb31-20
deleted file mode 100644
index dd34c829037d46a10ee0bf1340337eea167b022e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
hcmWf8?w3>Sm#MCvpRbU^%fP@}!T<(9CMP2t005$n1xNq@
diff --git a/dtls-2.0.9/fuzz/corpus/08f2f7719e35261f615174917101cba578892f43-11 b/dtls-2.0.9/fuzz/corpus/08f2f7719e35261f615174917101cba578892f43-11
deleted file mode 100644
index c6911cbca8da92198fdcabd30df890806ba1b317..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 28
dcmWf8?w3=XlgUt$pRd5k!@$7&f&oS|004D127&+p
diff --git a/dtls-2.0.9/fuzz/corpus/09b742837cf0d26ddecb5dbf536d91db6d1e9855-12 b/dtls-2.0.9/fuzz/corpus/09b742837cf0d26ddecb5dbf536d91db6d1e9855-12
deleted file mode 100644
index c41903165f943d7a955a02a3bd901b6485358554..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
kcmWf8?w3=XlgUt$pRbU^&%nR|W&mkM#{KX2@6~1i0I+BZG5`Po
diff --git a/dtls-2.0.9/fuzz/corpus/0a3bff70743f3cc7ecdc293887c10e14e152dec2-19 b/dtls-2.0.9/fuzz/corpus/0a3bff70743f3cc7ecdc293887c10e14e152dec2-19
deleted file mode 100644
index 73bb16ae25a0a4401c299ea3bb4b297d363d44db..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
kcmWf8?w3>Sm#MCvpRbU^%fP@<!T<&wtc;8f3=Rwo0EwOjvH$=8
diff --git a/dtls-2.0.9/fuzz/corpus/11e7b0e2a84f99b2f3f367cf546dde345bba563f-15 b/dtls-2.0.9/fuzz/corpus/11e7b0e2a84f99b2f3f367cf546dde345bba563f-15
deleted file mode 100644
index 3f8d0aabc42b3fd71aa0e5de72d5ff5f3ffb1b75..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 28
gcmWf8?w3=XlgUt$pRd3mz`(%#f&mPe8D1~|0CN5YSO5S3
diff --git a/dtls-2.0.9/fuzz/corpus/136a342418a743d6167ef2b44e657c82427469b8-35 b/dtls-2.0.9/fuzz/corpus/136a342418a743d6167ef2b44e657c82427469b8-35
deleted file mode 100644
index fbfb7c0c3da8cd35f7688aec071959a895a3a81a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
V1`dV;`UmuN84hqA;M&W;1OUjQ6&nBm
diff --git a/dtls-2.0.9/fuzz/corpus/137e470b38deeeac3586025e0e6e2702117e26e6 b/dtls-2.0.9/fuzz/corpus/137e470b38deeeac3586025e0e6e2702117e26e6
deleted file mode 100644
index 7af9349..0000000
--- a/dtls-2.0.9/fuzz/corpus/137e470b38deeeac3586025e0e6e2702117e26e6
+++ /dev/null
@@ -1 +0,0 @@
-�864797660130
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/156c962d90205b0c4afa3394de42d56967dfc7ee-14 b/dtls-2.0.9/fuzz/corpus/156c962d90205b0c4afa3394de42d56967dfc7ee-14
deleted file mode 100644
index aa1f91d70776e3e431bea14f2571cd50a09c54b6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3>Sm#MCvpRbU^%fP@<(vbfz5lAyLFfr`kt91_mto8~5
diff --git a/dtls-2.0.9/fuzz/corpus/17863d02affd5fc60da97a59318b3f7014f93a9f-36 b/dtls-2.0.9/fuzz/corpus/17863d02affd5fc60da97a59318b3f7014f93a9f-36
deleted file mode 100644
index 073672020ac7552e18385ce3a28334da6df1c4e3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
R1`dV;rU$fjL9{lI1^~p26x9F#
diff --git a/dtls-2.0.9/fuzz/corpus/1841fb69e960e2d6ce1d19c6264e70b5606bfa39-32 b/dtls-2.0.9/fuzz/corpus/1841fb69e960e2d6ce1d19c6264e70b5606bfa39-32
deleted file mode 100644
index 7db3310a6f6d43c6d8c24979c1d5aa24b33f2c6f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!Gn6=#Fj$(Jo0v2h8Cw|oWR{fVq(THtjTkI}
QYM2;!88|q=3<i)c0I_Znz5oCK
diff --git a/dtls-2.0.9/fuzz/corpus/1a460400f96b0b40872eac2daed7c1db2e8f9843-11 b/dtls-2.0.9/fuzz/corpus/1a460400f96b0b40872eac2daed7c1db2e8f9843-11
deleted file mode 100644
index fdcf4dcde253b8a53b47a4d30220c0e55bcf1bf0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlgUt$pRbU^&A`A>(vbfz8%V$3zZZzK834%V48{Ne
diff --git a/dtls-2.0.9/fuzz/corpus/1c042652c21f2c6d7ffcb6b6e6be55fdf95a5dbb-30 b/dtls-2.0.9/fuzz/corpus/1c042652c21f2c6d7ffcb6b6e6be55fdf95a5dbb-30
deleted file mode 100644
index 7a20346984191a673b80b39d8d5c489a17f2200d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`~#gR!Y80|*!!FfcfjFj$(Jo0ymy8Cw|oWR{fVq{0LkEP-m6
R7=Ri$N*LH!|1&fI`2d}862|}l
diff --git a/dtls-2.0.9/fuzz/corpus/1d09cef95c3269d3e244f0008a4fc6dfefd1e2ad-9 b/dtls-2.0.9/fuzz/corpus/1d09cef95c3269d3e244f0008a4fc6dfefd1e2ad-9
deleted file mode 100644
index f7c552375871bbb6ceb00238093b56f09443b113..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
ccmWf8?w3=XlgUt$pRbU^%fP@83B(`(0AZj7L;wH)
diff --git a/dtls-2.0.9/fuzz/corpus/22e3d3a8748eb152a65ee9ada8834f8a07b247f4-29 b/dtls-2.0.9/fuzz/corpus/22e3d3a8748eb152a65ee9ada8834f8a07b247f4-29
deleted file mode 100644
index a8c217e4991e9bd3e9b36e0d2085c5da1bae5351..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZiQ9T2YHfCVuC}FTPF>f+4H43&c^vNtK$w_t1OEF?#
R080D^s$pQ@WiUlR4glHi6Y2l}
diff --git a/dtls-2.0.9/fuzz/corpus/23ce064ef35c0204982d748c34850bfc9433beca-13 b/dtls-2.0.9/fuzz/corpus/23ce064ef35c0204982d748c34850bfc9433beca-13
deleted file mode 100644
index 1a992de605a56d647eac44a9ed1a86334f81d4be..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3=XlgUt$pRbU^%fP@<(vbfz8%VSM|IfOAuQme!z<CRH
diff --git a/dtls-2.0.9/fuzz/corpus/23e0e1cbd88637fbb4a19fe44c5665dda52e4c89-1 b/dtls-2.0.9/fuzz/corpus/23e0e1cbd88637fbb4a19fe44c5665dda52e4c89-1
deleted file mode 100644
index bf83f49..0000000
--- a/dtls-2.0.9/fuzz/corpus/23e0e1cbd88637fbb4a19fe44c5665dda52e4c89-1
+++ /dev/null
@@ -1 +0,0 @@
-�8647996606130
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/2403e35492e1dc374b40bb2b4eda453c2e9612f2-21 b/dtls-2.0.9/fuzz/corpus/2403e35492e1dc374b40bb2b4eda453c2e9612f2-21
deleted file mode 100644
index 1d206490deb0319c329d8a221edea3fec8e792b5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
kcmWf8?w3>Sm#MCvpRbU^%fP@}!T<)m?2Md@Aiw}30HW{(PXGV_
diff --git a/dtls-2.0.9/fuzz/corpus/2438ed38ea739d8f57018f8de0a52f3e545ac760-18 b/dtls-2.0.9/fuzz/corpus/2438ed38ea739d8f57018f8de0a52f3e545ac760-18
deleted file mode 100644
index 6ebc62fd38d06bdc452ffd23f3312b74bfabd8ff..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf8?w8Y$lPT~oKVKn-mw|z!M1cVWI2ah18TT_X-U9%nsR!8r
diff --git a/dtls-2.0.9/fuzz/corpus/256b14a77bc0439a14908b6fa00afb348dde3af4-17 b/dtls-2.0.9/fuzz/corpus/256b14a77bc0439a14908b6fa00afb348dde3af4-17
deleted file mode 100644
index fc08e43090ee7411cbeaac0994192d89a67127db..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3>Sm#MCvpRbU^%fP@<(vbfz5lAyLGCJ(vt91_mt~Uxo
diff --git a/dtls-2.0.9/fuzz/corpus/27702a0157f6eeb426aef4d5789b380d7b23801e-35 b/dtls-2.0.9/fuzz/corpus/27702a0157f6eeb426aef4d5789b380d7b23801e-35
deleted file mode 100644
index 64b2027f3f6a7baf98ab8d863b3a63e4fea216c5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;=&=9&{`Y%<M707V1B0=tDFX-?8#9zRlrUJDnj0E57#Uj_`ec@r<S;N;c$k}*
Sm^v6SSb~*tF>si|*bD%RZ4re4
diff --git a/dtls-2.0.9/fuzz/corpus/29accdef171829b8dc0dba39d24acf913e13a31f-20 b/dtls-2.0.9/fuzz/corpus/29accdef171829b8dc0dba39d24acf913e13a31f-20
deleted file mode 100644
index e0fd446e2f8b7a3ed8fc48c3b426bb31c718f35f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
kcmWf;xR-(9|Np)F8GwL?fq|o>A^%?@kY;8OX9R+K0J<&+`2YX_
diff --git a/dtls-2.0.9/fuzz/corpus/2ad24ef4188d2626e363cb12c5242fa96abfa7a3-13 b/dtls-2.0.9/fuzz/corpus/2ad24ef4188d2626e363cb12c5242fa96abfa7a3-13
deleted file mode 100644
index 8038d1a4b858641111e6a30dd6a05a0a42553301..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 28
fcmWf8?w3=XlgUt$&%?mL3`8#&6c|Cw7Yq&nYsm&R
diff --git a/dtls-2.0.9/fuzz/corpus/2db7497fc9f463803d041365e337cccd7e74111a-18 b/dtls-2.0.9/fuzz/corpus/2db7497fc9f463803d041365e337cccd7e74111a-18
deleted file mode 100644
index 558ffdb0b57830951a7ff6bb1771a3215f5ae36c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf;xOe;e{pWY@X8-~o1_q9jhWvktK$@9BoPm*%;T{0qXbLL;
diff --git a/dtls-2.0.9/fuzz/corpus/30b9805b33c0d67926cbb5ab174508797eb7b7a7-17 b/dtls-2.0.9/fuzz/corpus/30b9805b33c0d67926cbb5ab174508797eb7b7a7-17
deleted file mode 100644
index 95b5ea5d669bf76130609bdabbde8d0d1759e819..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf;xOe;e{pa`YX8-~o1_q9jhWvktK$@9BJbC|Kt$P6G3k);>
diff --git a/dtls-2.0.9/fuzz/corpus/3105d624d1010500139670e332bd50771c112fdd-17 b/dtls-2.0.9/fuzz/corpus/3105d624d1010500139670e332bd50771c112fdd-17
deleted file mode 100644
index ac56ddcf00620a09642322696e539c64d01598e5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
kcmWf8?w8Y`kSXvlKVKn^mw|z!M1cVWIG7o7fRxrf0Gkg7Qvd(}
diff --git a/dtls-2.0.9/fuzz/corpus/32b051a5ed27cbcb3c1689adbf51c4223e58f9bc-36 b/dtls-2.0.9/fuzz/corpus/32b051a5ed27cbcb3c1689adbf51c4223e58f9bc-36
deleted file mode 100644
index f5138d98a25b190476e70122c5d117bb1b61b973..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhyS|GcZ^Rg5?=_
P85lSi4rm|H)`igk@URw3
diff --git a/dtls-2.0.9/fuzz/corpus/340161bf9f51d50c47d1853eb5d4fcac06914900-12 b/dtls-2.0.9/fuzz/corpus/340161bf9f51d50c47d1853eb5d4fcac06914900-12
deleted file mode 100644
index f832cf5ac5ad535d9a6c52f11ac1e5284cb6aff2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlgUt$pRbU^%fP@<(vbfz8%V$3zZZzK834%-49EZg
diff --git a/dtls-2.0.9/fuzz/corpus/371f95aa3e615531b896c89647e6ce67586e082e-15 b/dtls-2.0.9/fuzz/corpus/371f95aa3e615531b896c89647e6ce67586e082e-15
deleted file mode 100644
index 9b658672b7b4331d0347b3c973842745fee531c5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlgUt$FQ$;g&A`A>qQC$G91IMs3=B-#4FHJq1?B(%
diff --git a/dtls-2.0.9/fuzz/corpus/386d1a6c0d51af038a3b2d3adba6eb15d8e3fe0a-23 b/dtls-2.0.9/fuzz/corpus/386d1a6c0d51af038a3b2d3adba6eb15d8e3fe0a-23
deleted file mode 100644
index c5914c7c9199f7ce9e7162a8b7565c127ed1d9a7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>S*R8IUpRbU^#K2%|YHC!^0Hlq~O&H89Eltc#OiYc8Eew4!OG<K5UGq{H
d7#JCNOMprk7)*H?7&uB8*jWFwIw&e~006Ng53>LO
diff --git a/dtls-2.0.9/fuzz/corpus/3929563fe81b960a338a68a87a60e1940ac7f14e-34 b/dtls-2.0.9/fuzz/corpus/3929563fe81b960a338a68a87a60e1940ac7f14e-34
deleted file mode 100644
index 552a00a70c6e8fbb894369d7b8eecaae633b37bb..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
S1`dV;TnDsuK_u5+1||T;z7+BR
diff --git a/dtls-2.0.9/fuzz/corpus/3be9ff705b7c6d24ba58057e44fe7f51d0b0aa54-30 b/dtls-2.0.9/fuzz/corpus/3be9ff705b7c6d24ba58057e44fe7f51d0b0aa54-30
deleted file mode 100644
index 0a09ce81e5a431b3af55963fbf9fdebbaa811392..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Jo0ymy8Cw|oWR{fVq{0LkEP-m6
Q7<d^NI7&bah6W%X0F>4dwg3PC
diff --git a/dtls-2.0.9/fuzz/corpus/3eb3261e52074eceab2d28b5eee628d3ec213a84-14 b/dtls-2.0.9/fuzz/corpus/3eb3261e52074eceab2d28b5eee628d3ec213a84-14
deleted file mode 100644
index c1d6dd48957e3e41382506601d51c7d9bc76b622..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlgUt$FQ$;g&A`A>qQC$G91IMs3=B-#3;>981!e#M
diff --git a/dtls-2.0.9/fuzz/corpus/3f88c87cc5fe3fff5a45dc1916eed2fdcfe20d57-13 b/dtls-2.0.9/fuzz/corpus/3f88c87cc5fe3fff5a45dc1916eed2fdcfe20d57-13
deleted file mode 100644
index 0da0cc33200033dcbada2e385f425caa2a1c2cd4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3=XlPOS=pRbU^%fP@<(vbfz5lAyIFfr`kt91_mwN(mJ
diff --git a/dtls-2.0.9/fuzz/corpus/3f928478ccaf16b9685071b91f52d5e0e6bc71c1-38 b/dtls-2.0.9/fuzz/corpus/3f928478ccaf16b9685071b91f52d5e0e6bc71c1-38
deleted file mode 100644
index c19a284e3654f7d833f16815edea31b5d9bd6419..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?3YvQm#LnapRb_6$iQH1%ESNy#>NZ`B_%nj0eL1SrXYrEUWyUJ|NjgOmV#h;
P23`gR4u%8T2&fAH*H;s=
diff --git a/dtls-2.0.9/fuzz/corpus/42ab249f3ceb17939f5fcab757894b22d94a86a8-22 b/dtls-2.0.9/fuzz/corpus/42ab249f3ceb17939f5fcab757894b22d94a86a8-22
deleted file mode 100644
index 322bf2c0d180e6fbd5e5b863ffd62fd126d58014..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3=XlgUt$FJ_d(&A`A>qQG#M0Z212ure?(32*}dl??_(
diff --git a/dtls-2.0.9/fuzz/corpus/42dbe1a681da3f7e48d18c53ab26b5893f3ea2ac-9 b/dtls-2.0.9/fuzz/corpus/42dbe1a681da3f7e48d18c53ab26b5893f3ea2ac-9
deleted file mode 100644
index c7c2bed5f99c0c212fa2d80128c658ac8df6c9a3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
acmWf8?w3=XlgUt$pRbU^&A<R*0BHbfQwGNX
diff --git a/dtls-2.0.9/fuzz/corpus/471c2a2e1065b2c0f6040b286eebbca70e3742c6-10 b/dtls-2.0.9/fuzz/corpus/471c2a2e1065b2c0f6040b286eebbca70e3742c6-10
deleted file mode 100644
index 1b5fa6659fb61f84441a0d4ca88c54c61d6568e6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
ccmWf8?w3=XlgUt$pRbT3!oa{#0>mHy0AkDqW&i*H
diff --git a/dtls-2.0.9/fuzz/corpus/4735f3fc147ee436f8c02c24b9c40b4ee4cb1265-7 b/dtls-2.0.9/fuzz/corpus/4735f3fc147ee436f8c02c24b9c40b4ee4cb1265-7
deleted file mode 100644
index 66de70c366f467243b59cf2ef5b4a5af9750a40d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
gcmWf;xOe~i{qOhgdN0StCBneK;IRKaLkf@v0H!wy{{R30
diff --git a/dtls-2.0.9/fuzz/corpus/48e4ba16b5626f66169cf52fb35054ae32f1037e-27 b/dtls-2.0.9/fuzz/corpus/48e4ba16b5626f66169cf52fb35054ae32f1037e-27
deleted file mode 100644
index 6c37949f03b7dfccde1c94d9fd04369a9481334e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>S*R8IUpRbU^#K2%|YRUit#zy8Q3}%*=Cgvt4rbfmVhCZ1kB{`|Cc_|DG
Zj10UbU`0Ts+#Dqg_5c5~Iw&e~005Mw5OV+k
diff --git a/dtls-2.0.9/fuzz/corpus/4be120299b63639b4c203c93da101e2db703839a-26 b/dtls-2.0.9/fuzz/corpus/4be120299b63639b4c203c93da101e2db703839a-26
deleted file mode 100644
index f8da2d609abd1a72fa8e0750abd967e513dc61e0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>S*R8IUpRbU^#K2%|YHC!^0Hlq~O&H89Eltc#OiYc8Eew4!OG<K5UGq{H
d7#JCNOMprk7)%)$xH(D~>i_>|bx>5~006s>5hMTr
diff --git a/dtls-2.0.9/fuzz/corpus/4cdafe201d691c06b529689668d52106a3e98dfa-22 b/dtls-2.0.9/fuzz/corpus/4cdafe201d691c06b529689668d52106a3e98dfa-22
deleted file mode 100644
index 2fb9f62b5638ecc38532dd24397154c53df01a7e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
ocmWf8?w3>Sm#MCvpRbU^%fP@}!T<(9CT9r;8|!~o2L?q30ItsmDgXcg
diff --git a/dtls-2.0.9/fuzz/corpus/4d79d6a303e57c882d1d329ad4e3f091dd60e7ff-20 b/dtls-2.0.9/fuzz/corpus/4d79d6a303e57c882d1d329ad4e3f091dd60e7ff-20
deleted file mode 100644
index 672fb7982540bea9e6f8c6fb8e391450daef2dcf..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
jcmWf;xOe;e{pWY@X8-~o1_q9j1`vyZgPB1bh!_|F##9HG
diff --git a/dtls-2.0.9/fuzz/corpus/509dbda3f391113a75c8309028bf59c0f107ac52-30 b/dtls-2.0.9/fuzz/corpus/509dbda3f391113a75c8309028bf59c0f107ac52-30
deleted file mode 100644
index 401db35c030e078827de53de6d4c61bdb9895f63..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!YG0|*!csgjbMRM$Kc6H_B&3qzkw2sg!uL71b2!4j;B
SiGi1afrEkTz+MI>*8c$0iWI^C
diff --git a/dtls-2.0.9/fuzz/corpus/52aecd8762579fcaa1b5f26b152840f899683660-17 b/dtls-2.0.9/fuzz/corpus/52aecd8762579fcaa1b5f26b152840f899683660-17
deleted file mode 100644
index 9483584efa231cb369e9e0d7ae1c5d488e30fbb5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
kcmWf8?w3>Sm#MCvpRbU^%fP@<!T<&w3=FIc3`_<}0EiC-ga7~l
diff --git a/dtls-2.0.9/fuzz/corpus/545ad51188a5d270eafe4733272be18ac1769c21-1 b/dtls-2.0.9/fuzz/corpus/545ad51188a5d270eafe4733272be18ac1769c21-1
deleted file mode 100644
index e06cbd9..0000000
--- a/dtls-2.0.9/fuzz/corpus/545ad51188a5d270eafe4733272be18ac1769c21-1
+++ /dev/null
@@ -1 +0,0 @@
-�/��ソソ��Y
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/5642ffc103d245461d8e754281bea517ff54ed85-17 b/dtls-2.0.9/fuzz/corpus/5642ffc103d245461d8e754281bea517ff54ed85-17
deleted file mode 100644
index f2d2e993afd1fb2e60bcca9898b8ef3f397dec29..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf8?w8Y$lPT~oKVKn-mw|z!M1cVWI2ah18TT_X+yellrw7;o
diff --git a/dtls-2.0.9/fuzz/corpus/57d1652be22f597708e8099e2d23e8e4b00b0f89-33 b/dtls-2.0.9/fuzz/corpus/57d1652be22f597708e8099e2d23e8e4b00b0f89-33
deleted file mode 100644
index 620e248f649161f020d0e929eaa4a1fcaec20a4f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!Gn6=#Fj$(Jo0v2h8Cw|oWR{fVq%v3<00m5q
U7%YKmm>75&I5-#>KsrDe0J4D*>;M1&
diff --git a/dtls-2.0.9/fuzz/corpus/59d6ef268e83be801c670340b2383a5a732308cb-8 b/dtls-2.0.9/fuzz/corpus/59d6ef268e83be801c670340b2383a5a732308cb-8
deleted file mode 100644
index 91e28537d493b3dd41ddbeefa0e51cd4449b5570..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
acmWf8?w3=XlgUt$pRbU^&%gj-0BHbfg9gh0
diff --git a/dtls-2.0.9/fuzz/corpus/5b3cbe41487f4f9f5e728a86adce154ebd73fbe0-9 b/dtls-2.0.9/fuzz/corpus/5b3cbe41487f4f9f5e728a86adce154ebd73fbe0-9
deleted file mode 100644
index 71470b058a4bd983128a2bcb76346c72ef9cd8dc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
gcmWf;xOe;e{pa`YXV}00Jud?TgYN$K3@Jbw0J4?~4gdfE
diff --git a/dtls-2.0.9/fuzz/corpus/5c165fd943bcb6df518c71b149d5aed736237833-16 b/dtls-2.0.9/fuzz/corpus/5c165fd943bcb6df518c71b149d5aed736237833-16
deleted file mode 100644
index 31cd9b35607b9dfa523358263603d5b0d640f00d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3>Sm#MCvpRbU^%fP@<(vbfz5lAyLFgontt91_mt}qHg
diff --git a/dtls-2.0.9/fuzz/corpus/5eeaf10bf3fbb5575a63e054fd377645b5f45de5-3 b/dtls-2.0.9/fuzz/corpus/5eeaf10bf3fbb5575a63e054fd377645b5f45de5-3
deleted file mode 100644
index 224b46e..0000000
--- a/dtls-2.0.9/fuzz/corpus/5eeaf10bf3fbb5575a63e054fd377645b5f45de5-3
+++ /dev/null
@@ -1 +0,0 @@
-��}���\v/���
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/64c5404b7e07af41448c99eadd4ded3a1572b503-9 b/dtls-2.0.9/fuzz/corpus/64c5404b7e07af41448c99eadd4ded3a1572b503-9
deleted file mode 100644
index f887cb37188b84abbcd79e5f7bc533df9e2c1f8d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
acmWf8?w3=XlgUt$pRbT3!oUDw0BHbfzXs3%
diff --git a/dtls-2.0.9/fuzz/corpus/6926133d1d407a21e5e57ed4ec71583b8f4650ab-16 b/dtls-2.0.9/fuzz/corpus/6926133d1d407a21e5e57ed4ec71583b8f4650ab-16
deleted file mode 100644
index 04d21c8f6c189ba7be359d766ed2b93360f1c07b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlgUt$FQ$;g&A`A>qQC$G91IMs3=B*LN&twT1&sgz
diff --git a/dtls-2.0.9/fuzz/corpus/6998ed50de84d0a1e2250af37ef989f866392d8e-7 b/dtls-2.0.9/fuzz/corpus/6998ed50de84d0a1e2250af37ef989f866392d8e-7
deleted file mode 100644
index 4fcf44dd074f27e92c505ab62ebd1a5ac77e863c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
bcmWf8?w3=XlgUt$pRd3mz`y`z<N#>^WfKNq
diff --git a/dtls-2.0.9/fuzz/corpus/6a823391df6589e83b50fbf6ad7ec4a61edb34c5-35 b/dtls-2.0.9/fuzz/corpus/6a823391df6589e83b50fbf6ad7ec4a61edb34c5-35
deleted file mode 100644
index fe27af27abf8f7712ba15e6811d56aa54eda8fa8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
M1`dV;TnKm+0L#x7J^%m!
diff --git a/dtls-2.0.9/fuzz/corpus/6af8fabbde43b2d6bb76502831dbd8c0d1dea233-36 b/dtls-2.0.9/fuzz/corpus/6af8fabbde43b2d6bb76502831dbd8c0d1dea233-36
deleted file mode 100644
index aacbe8b92f248d72e74428b74bc4f7cd125d07f2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;=&=9&{`Y%RjP_S6FfuS0o0>9!fUz+{i9-p4rK!20QNw#<3qzmGl9C(-1`7{!
V6B9!RBL+*bGA;%Vr~&&K7yy137H<Fm
diff --git a/dtls-2.0.9/fuzz/corpus/6b33f20c523b6d32a26863fa65923e66ab555408-3 b/dtls-2.0.9/fuzz/corpus/6b33f20c523b6d32a26863fa65923e66ab555408-3
deleted file mode 100644
index e61c359ca08d5bb1f969db4e39316f81a0a1f75b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
gcmWf8?w3=XlbM{VkdvCHz`(#zlAo`TV_%dG0CEusJpcdz
diff --git a/dtls-2.0.9/fuzz/corpus/6bf06a9be690f993286b45425cb88b8331876fe1-1 b/dtls-2.0.9/fuzz/corpus/6bf06a9be690f993286b45425cb88b8331876fe1-1
deleted file mode 100644
index c9231f2..0000000
--- a/dtls-2.0.9/fuzz/corpus/6bf06a9be690f993286b45425cb88b8331876fe1-1
+++ /dev/null
@@ -1 +0,0 @@
-��1<JPrior�td�
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/6d6e5a7d0dc716e9593f88fbdb684ca6ff0adebc-2 b/dtls-2.0.9/fuzz/corpus/6d6e5a7d0dc716e9593f88fbdb684ca6ff0adebc-2
deleted file mode 100644
index 5b68f59..0000000
--- a/dtls-2.0.9/fuzz/corpus/6d6e5a7d0dc716e9593f88fbdb684ca6ff0adebc-2
+++ /dev/null
@@ -1 +0,0 @@
-�864797660130
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/71d40c1aa2131c7936b49cfb92ea2a60da15e44e-1 b/dtls-2.0.9/fuzz/corpus/71d40c1aa2131c7936b49cfb92ea2a60da15e44e-1
deleted file mode 100644
index 4c942a1..0000000
--- a/dtls-2.0.9/fuzz/corpus/71d40c1aa2131c7936b49cfb92ea2a60da15e44e-1
+++ /dev/null
@@ -1 +0,0 @@
-6864797660130
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/7384d4b5b89a95ef3448cd2d9bd5f9001592f83a-37 b/dtls-2.0.9/fuzz/corpus/7384d4b5b89a95ef3448cd2d9bd5f9001592f83a-37
deleted file mode 100644
index 0fd7591eca5842cc7301c54451a47ed6458b74f5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
Q1`dV;`UmuN!6c9d0LrEn!T<mO
diff --git a/dtls-2.0.9/fuzz/corpus/7428fe79252cf44624d39a9ee721ff169c2017ba-18 b/dtls-2.0.9/fuzz/corpus/7428fe79252cf44624d39a9ee721ff169c2017ba-18
deleted file mode 100644
index 1fc9da1a6db526ac18fdce449e3bd927415f0687..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
icmWf8?w3>Sm#MCvpRbU^%fP@<!T<&w%#4f<AQk|K&IND)
diff --git a/dtls-2.0.9/fuzz/corpus/75ab7aa686d0774f43a13c218b33528b2fe7d5f8-29 b/dtls-2.0.9/fuzz/corpus/75ab7aa686d0774f43a13c218b33528b2fe7d5f8-29
deleted file mode 100644
index cb7998613a58778d8785c0fc1c17e3954c12020b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
X042bxm>75&7&sXC4(w%MVqgRSq6HGM
diff --git a/dtls-2.0.9/fuzz/corpus/75e00d510635ac25c84a337514180b32b8a4051b-25 b/dtls-2.0.9/fuzz/corpus/75e00d510635ac25c84a337514180b32b8a4051b-25
deleted file mode 100644
index 0645567ccafe20638b6b378ed9786e048d2806a8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>S*R8IUpRbU^#K2%|YHC!^0Hlq~O&H89Eltc#OiYc8Eew4!OG<K5UGvlx
a((;QGN`Oju8B7`K88}K9*nk`cAO`@=I}i{6
diff --git a/dtls-2.0.9/fuzz/corpus/78183569973f5d7cf343bad7c8be1099e5c09b88-7 b/dtls-2.0.9/fuzz/corpus/78183569973f5d7cf343bad7c8be1099e5c09b88-7
deleted file mode 100644
index fb8fcc7b5784a04d2ae12c1b261d3e62c86091ae..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
acmWf8?w3=XlgUt$pRbU^$iM($0BHbe+XlS=
diff --git a/dtls-2.0.9/fuzz/corpus/781d2e38644a0fe53f8bfba8d567c206799a70f4-21 b/dtls-2.0.9/fuzz/corpus/781d2e38644a0fe53f8bfba8d567c206799a70f4-21
deleted file mode 100644
index bbafca38f20d1e82da5be1c36e4deb7e3bce04f0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf;xOe;e{pWY@X8-~o1_q9j1`vyZgPB2`g@KWQ0RYAp2Z8_q
diff --git a/dtls-2.0.9/fuzz/corpus/79e1a7733a2d329564a16763a6bb394dddcd5679-14 b/dtls-2.0.9/fuzz/corpus/79e1a7733a2d329564a16763a6bb394dddcd5679-14
deleted file mode 100644
index fbca08909ac14046bbc4a2aecc1ce8bb8cba78e6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlPOS=pRbU^%fP@<!T<&w3=B*R`}b<y0|1s$2n7HD
diff --git a/dtls-2.0.9/fuzz/corpus/7a459efd01415c7e35c8ae63358fc79e2d471093-35 b/dtls-2.0.9/fuzz/corpus/7a459efd01415c7e35c8ae63358fc79e2d471093-35
deleted file mode 100644
index a82a9dab4c0079b0021b12009da1f6c6a4cd8263..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
V1`dV;`UkXi84hqA;M&W;1OUi-6&C;i
diff --git a/dtls-2.0.9/fuzz/corpus/7b71e27c7ca6777b3eb1c03bf2bbfb91720186c1-5 b/dtls-2.0.9/fuzz/corpus/7b71e27c7ca6777b3eb1c03bf2bbfb91720186c1-5
deleted file mode 100644
index 99337fb7cef3df305bd9a42a106ebe246f736043..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
ecmWf8?w3=XlbNibkdvC1%D})-lAo`T1Ec|Num>do
diff --git a/dtls-2.0.9/fuzz/corpus/7c33a04f1cb9a7b2bf6be6f834aeeef943a242f2-34 b/dtls-2.0.9/fuzz/corpus/7c33a04f1cb9a7b2bf6be6f834aeeef943a242f2-34
deleted file mode 100644
index e9d60531125f3f4de8b2ef3ac9c83d39602ec6a0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
Q1`dV;TnD%y<N>au0L2Ftd;kCd
diff --git a/dtls-2.0.9/fuzz/corpus/7c33caa83f291ca5a328d13e1d97954d9462e0e1-34 b/dtls-2.0.9/fuzz/corpus/7c33caa83f291ca5a328d13e1d97954d9462e0e1-34
deleted file mode 100644
index c0d8e6e81ab49e9beb52dad4ec6dfe4dabbc07a2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!Gn6=#Fj$(Jo0v2h8Cw|oWR{fVq%v3<00m5q
V7%YKmm>75&I5-#>Ou>+W0RXeV5+MKp
diff --git a/dtls-2.0.9/fuzz/corpus/7c60d79ccb4b24c486293fe63c763f71c2948d33-28 b/dtls-2.0.9/fuzz/corpus/7c60d79ccb4b24c486293fe63c763f71c2948d33-28
deleted file mode 100644
index ffd2dce8c91703975b247422b8019f336afd8997..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCUOC}FTPF*h+WH8Qp^^vNtK$w_t1OEF?#
W-~dVh)i5#e0@*+Y!+#)F<NyG~{}Sl{
diff --git a/dtls-2.0.9/fuzz/corpus/7c9e5840e53826d82da4432b52c057bfbcd2c8f6-31 b/dtls-2.0.9/fuzz/corpus/7c9e5840e53826d82da4432b52c057bfbcd2c8f6-31
deleted file mode 100644
index 5b24a603adbe9df80fa3b31dbc6454218dde5701..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
V040EGco~>LN;!bq7#O%17y+5a5ibA$
diff --git a/dtls-2.0.9/fuzz/corpus/80123a693544437c5d58878cf7aac8a281ec658c-8 b/dtls-2.0.9/fuzz/corpus/80123a693544437c5d58878cf7aac8a281ec658c-8
deleted file mode 100644
index 5cfd7fc723801693eeaff4a984568539d1ca6b4c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
ccmWf8?w3=XlgUt$pRbU^$H2f43B(`(0AZ{JMF0Q*
diff --git a/dtls-2.0.9/fuzz/corpus/8104833886e77f44f198916bdf2cc0aeafa6b59a-30 b/dtls-2.0.9/fuzz/corpus/8104833886e77f44f198916bdf2cc0aeafa6b59a-30
deleted file mode 100644
index 312f645af4d837dcf59725599a9eb6863b54a7a3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Jo0ymy8Cw|oWR{fVq{0LkEP-lx
S7<d^NI7%4USpPFL0Qmr$wGzkx
diff --git a/dtls-2.0.9/fuzz/corpus/83c3e7679df8b6e6cbb75de23ef0e0c9d400a434-1 b/dtls-2.0.9/fuzz/corpus/83c3e7679df8b6e6cbb75de23ef0e0c9d400a434-1
deleted file mode 100644
index a004e67..0000000
--- a/dtls-2.0.9/fuzz/corpus/83c3e7679df8b6e6cbb75de23ef0e0c9d400a434-1
+++ /dev/null
@@ -1 +0,0 @@
-��md5����
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/843ccb2f577d368fe0e793d0047311bac2b02afb-10 b/dtls-2.0.9/fuzz/corpus/843ccb2f577d368fe0e793d0047311bac2b02afb-10
deleted file mode 100644
index 52201bc1b14b703e44890fbca91885b3ad3edf99..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
dcmWf;xOe;e{pa`YX8-~oAa>aQo*@ND0|1d+2(thH
diff --git a/dtls-2.0.9/fuzz/corpus/88e0f2195b7c21004d87538f58bd7b751aeb79c7-27 b/dtls-2.0.9/fuzz/corpus/88e0f2195b7c21004d87538f58bd7b751aeb79c7-27
deleted file mode 100644
index 0dc4e68fa26fc25814f53c541a48f8b0d33960fe..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCUOC}FTPF*h+WH8Qp^^vNtK$w_t1OEF>)
W<^W0n)i5wHG4L`laImq0iT?n>;}Y=z
diff --git a/dtls-2.0.9/fuzz/corpus/8963740cfedced726a1579328b9aa58a7d348c2c-29 b/dtls-2.0.9/fuzz/corpus/8963740cfedced726a1579328b9aa58a7d348c2c-29
deleted file mode 100644
index 94ad46a1dce231bf1e43095e37ce2879fee0a8c4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0#w#8Cw|oWR{fVq`Ky%7%>QQ
S042bxm>7VnIoMdi#D4&mnG!$%
diff --git a/dtls-2.0.9/fuzz/corpus/905578265b19677b3c83aad3169ed0b9cae91a0f-20 b/dtls-2.0.9/fuzz/corpus/905578265b19677b3c83aad3169ed0b9cae91a0f-20
deleted file mode 100644
index 7327516240b6ad2a4a8da07f82bc50b66a6d8fbf..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf;xOe;e{pWY@X8-~o1_q9j1`vyZgPB2`fsv7c0RYAZ2Y&zn
diff --git a/dtls-2.0.9/fuzz/corpus/91ad828e4650d737c8fab0447f83b6380bb045a2-37 b/dtls-2.0.9/fuzz/corpus/91ad828e4650d737c8fab0447f83b6380bb045a2-37
deleted file mode 100644
index a8bb45c2aa81c6f3de138aa489d120a7eacbeec9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>Sm#LnapRb_6$iQH1%ESNy#>NZ`B_%nj0eL1SrXYrEUWyUJ|NjgOmV#h;
Q23`gR4u%8TAPAv#0n&LA(*OVf
diff --git a/dtls-2.0.9/fuzz/corpus/92d652cb10701472585fadb89dee2ab05f4baa3f-16 b/dtls-2.0.9/fuzz/corpus/92d652cb10701472585fadb89dee2ab05f4baa3f-16
deleted file mode 100644
index c3c0284dca800d9c3271548de0d12aef5295a375..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf8?w8Y$lPT~oKVKn-mw|z!M1cVWI2ah18Taqix(5KKF9^N>
diff --git a/dtls-2.0.9/fuzz/corpus/9810ba71e7068b2752d4fc80ea1071957b4b20e4-22 b/dtls-2.0.9/fuzz/corpus/9810ba71e7068b2752d4fc80ea1071957b4b20e4-22
deleted file mode 100644
index a599bb0c6fd686f02574764c8c08e48088c035ca..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>S*R8IUpRbU^#K2%|YHC!^0Hlq~O)ShTEltc#OiYc8Eew4!OG<K5UGq{h
b6Y~ssOMps%fR}-RqlAHt^*^fvgCYk2+RzaE
diff --git a/dtls-2.0.9/fuzz/corpus/986aa2d13d0f60c614ca328c0b38a7d533b952fb-15 b/dtls-2.0.9/fuzz/corpus/986aa2d13d0f60c614ca328c0b38a7d533b952fb-15
deleted file mode 100644
index d6599ad1646bb7050d43456aa47fd26713b38bf8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf8?w8Y$lPT~oKVKn-mw|z!M1cVWI2ah1829hhx(5KKDG0p)
diff --git a/dtls-2.0.9/fuzz/corpus/98779dbfa7f25f57d8bc146d8c37d4a1f1b829a7-10 b/dtls-2.0.9/fuzz/corpus/98779dbfa7f25f57d8bc146d8c37d4a1f1b829a7-10
deleted file mode 100644
index 8821cea4b132d9df3b755dbbd9a0d6da6201d435..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
icmWf8?w3=XlgUt$pRbU^&%nR|W&r8;`}YEoHUj{>{tMgy
diff --git a/dtls-2.0.9/fuzz/corpus/995d8ae8db6dad3c5851077207ada893bf856830-25 b/dtls-2.0.9/fuzz/corpus/995d8ae8db6dad3c5851077207ada893bf856830-25
deleted file mode 100644
index 3073016bd6290cd11b1f99a4df29f51db6f6b543..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>S*R5`lpRbU^#K2%|YHC!^0Hlq~O&H89Eltc#OiYc8Eew4!OG<K5UGq{H
d7#JCNOMprg8B7`K88}K9*jWFwIw&e~006wn5L5sF
diff --git a/dtls-2.0.9/fuzz/corpus/9a6736cde6de5b473fb231535380a7617fd640c2-10 b/dtls-2.0.9/fuzz/corpus/9a6736cde6de5b473fb231535380a7617fd640c2-10
deleted file mode 100644
index 6d533d042aa0a4f26c4b0407b31c45dd996084c4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
dcmWf;xOe;e{pa`YX8-~|Aa>aQo*@ND0|1e92(<tJ
diff --git a/dtls-2.0.9/fuzz/corpus/9aeb1efeb489adc9aec522039bba0a5f693271bf-35 b/dtls-2.0.9/fuzz/corpus/9aeb1efeb489adc9aec522039bba0a5f693271bf-35
deleted file mode 100644
index 72db59b83b9c1b6152f8e7696c25ee0f3e435278..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!Gn6=#Fj$(Jo0v2h8Cw|oWR{fVq%v3<00m5q
T7%YKmm>75&I2cT!kbwaJwRsXw
diff --git a/dtls-2.0.9/fuzz/corpus/9bc991375786a265c38c8553183807be67827625-18 b/dtls-2.0.9/fuzz/corpus/9bc991375786a265c38c8553183807be67827625-18
deleted file mode 100644
index f7dae88d4293cb2beddceff9fef6458898334f39..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf;xOe;e{pWY@X8-~o1_q9jhWvktK$@9BoPm*n;T{0qWeO?)
diff --git a/dtls-2.0.9/fuzz/corpus/9bddfbdd2ed2e780103d5d34662106bd4ef8eb80-6 b/dtls-2.0.9/fuzz/corpus/9bddfbdd2ed2e780103d5d34662106bd4ef8eb80-6
deleted file mode 100644
index e7214c8f88d4de2d4cb2e34b73da996f745587b4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
YcmWf8?w3=XlgUt$pRbU^00b}w0BO$#yZ`_I
diff --git a/dtls-2.0.9/fuzz/corpus/9beed258dfb4aa4ef102c1b4984699303e737d00-38 b/dtls-2.0.9/fuzz/corpus/9beed258dfb4aa4ef102c1b4984699303e737d00-38
deleted file mode 100644
index ffd687cb5ab75bf1a29ce4dd482ef88bb18115ce..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!GxV2~<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
M1`dV;`Ut2C0PLt26951J
diff --git a/dtls-2.0.9/fuzz/corpus/9d31063b355084a0a074f614a6b9279a25a4537e-35 b/dtls-2.0.9/fuzz/corpus/9d31063b355084a0a074f614a6b9279a25a4537e-35
deleted file mode 100644
index adeba74c970752253be7bdc6a684d21044ff1444..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;=&=9&{`Y%<M707V1B0=tDFX-?8#9zRlrUJDnj0E57#Uj_`ec@r<S;N;c$k}*
Rm^v6SSb~*tfk_CP0RV?V5f%Ud
diff --git a/dtls-2.0.9/fuzz/corpus/9da74f96fe6f8dc2fdf340eec67662301a14086e-10 b/dtls-2.0.9/fuzz/corpus/9da74f96fe6f8dc2fdf340eec67662301a14086e-10
deleted file mode 100644
index 4c6c2e8bfc9683e90aa6890d7b548fec48f80076..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
ccmWf8?w3=XlgUt$pRd5k!@$503B(`(09+*m*Z=?k
diff --git a/dtls-2.0.9/fuzz/corpus/9e0739e12c765ba14c8540a32f5a8252bebc6fad-7 b/dtls-2.0.9/fuzz/corpus/9e0739e12c765ba14c8540a32f5a8252bebc6fad-7
deleted file mode 100644
index 82d999fe60cdaaa00c11eadc262c99154080ad14..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
dcmWf;xOe~i{qI4<`uF?{3=9tY-!r5DX#m7#3@QKs
diff --git a/dtls-2.0.9/fuzz/corpus/9e8cb1ca388740d90a5337a85d48c78d93d96580-12 b/dtls-2.0.9/fuzz/corpus/9e8cb1ca388740d90a5337a85d48c78d93d96580-12
deleted file mode 100644
index befc3ba00f99c833dbcee5c8f25ea99db7f8b646..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3=XlgUt$pRbU^%fP@<(vbfz8%Q(m-}`?5Uaflo!g~z2
diff --git a/dtls-2.0.9/fuzz/corpus/9f9c6abc185820375cdc3c63a52cca2cdc84946b-26 b/dtls-2.0.9/fuzz/corpus/9f9c6abc185820375cdc3c63a52cca2cdc84946b-26
deleted file mode 100644
index 763d2f03a53387b80a17e626ca0424efbc01e532..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCUOC}FTPF*h+WH8Qp^^vNtK$w_t1OEF>)
a<^W0n)i5wHG4L`laImrdXLVpu<NyH31rtmF
diff --git a/dtls-2.0.9/fuzz/corpus/a067dbf437d8e235dc64a6819faa0d57ff2c3f94-21 b/dtls-2.0.9/fuzz/corpus/a067dbf437d8e235dc64a6819faa0d57ff2c3f94-21
deleted file mode 100644
index 5e0eb03cd48aa4b2d7294f72d721f4e8d80faa8b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
icmWf8?w3>Sm#MCvpRbU^%fP@}!T<)moQyC4<O2Yru?0r}
diff --git a/dtls-2.0.9/fuzz/corpus/a0a9328cec82f33420fed388ac10108c5f365847-31 b/dtls-2.0.9/fuzz/corpus/a0a9328cec82f33420fed388ac10108c5f365847-31
deleted file mode 100644
index b9f3e1c2cdc0f477ae37c4421927785f94980fa3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`~#gR!Y80|*#1Fc>(LFj$(Jo0ymy8Cw|oWR{fVq{0LkEP-m6
R7=Ri$N*LH!|1&fI`2d{|62|}l
diff --git a/dtls-2.0.9/fuzz/corpus/a2ef40165d921e7d8b8c622348b0f3ba772bb45b-22 b/dtls-2.0.9/fuzz/corpus/a2ef40165d921e7d8b8c622348b0f3ba772bb45b-22
deleted file mode 100644
index 68fe61afa5a6c0b7d81a2e4bdeca3feb1852fc1e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>S*R8IUpRbU^%fMi4YHC!^0Hlq~O)ShTEltc#OiYc8Eew4!OG<K5UGq{h
a6Y~ssOMps%0H}eZgn^CqKdS?SA_oB7g%Jk;
diff --git a/dtls-2.0.9/fuzz/corpus/a54fc076b4362b89692c19a60cf0a19a8c025ea0-19 b/dtls-2.0.9/fuzz/corpus/a54fc076b4362b89692c19a60cf0a19a8c025ea0-19
deleted file mode 100644
index d69af1ce7a7393c0cf9512f3a33135eedde91e2a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf8?w8Y`kSXvlKVL15mw|z!M1cVWIG7n67#SF}?g0RrkOwXR
diff --git a/dtls-2.0.9/fuzz/corpus/a57426e5962baf2af3c43bfba8bcfe8198aeac69-21 b/dtls-2.0.9/fuzz/corpus/a57426e5962baf2af3c43bfba8bcfe8198aeac69-21
deleted file mode 100644
index bb364ed675089c328173f5681adafdbec2718dfe..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3=XlgUt$FQ$;g&A`A>qQG#M0Z212ure?({bv9Gl~e~8
diff --git a/dtls-2.0.9/fuzz/corpus/a646db15452695437f7b7bc3b65c5748dd9cbee4-36 b/dtls-2.0.9/fuzz/corpus/a646db15452695437f7b7bc3b65c5748dd9cbee4-36
deleted file mode 100644
index b0ddd6c5050acbfc0de3e2b9aace6d71a85c85c9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
P1`dV;`UmuNp(GOk$Yd1N
diff --git a/dtls-2.0.9/fuzz/corpus/a76d4d5e1300a60dd945d28fd5fe2c9968f06871-6 b/dtls-2.0.9/fuzz/corpus/a76d4d5e1300a60dd945d28fd5fe2c9968f06871-6
deleted file mode 100644
index e450cc57f2dcf1f4324682e62126e47be86311b4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
ccmWf;xOe~i{qI4<|Njg?;IRKaLkf@v0LbDDdjJ3c
diff --git a/dtls-2.0.9/fuzz/corpus/a8208daf57a7ba1b8f75ef0a70421d16100668d8-22 b/dtls-2.0.9/fuzz/corpus/a8208daf57a7ba1b8f75ef0a70421d16100668d8-22
deleted file mode 100644
index 6b72d2a8b2cb29c0ee81456423edab2054af1493..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3=XlgUt$FQ$;g&A`A>qQG#M0Z212ure?({m%pdmAwam
diff --git a/dtls-2.0.9/fuzz/corpus/a8e636f3b54cfd873b3d21cff150543a9e10f4de-13 b/dtls-2.0.9/fuzz/corpus/a8e636f3b54cfd873b3d21cff150543a9e10f4de-13
deleted file mode 100644
index 02d6b250c1eed2b0bbc86be2d22fc95c8235d294..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 28
ccmWf8?w3=XlgUt$&%?mL3`8#&zyL%80BQ{d$N&HU
diff --git a/dtls-2.0.9/fuzz/corpus/aa8beeff31520b5cbf509bc5efe4fa194a990fed-31 b/dtls-2.0.9/fuzz/corpus/aa8beeff31520b5cbf509bc5efe4fa194a990fed-31
deleted file mode 100644
index 25db5b5d5c77403a9cfd3bec261c06fcb689190c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
W042bxm>76oFmM31F);8kFaiLhiV_+C
diff --git a/dtls-2.0.9/fuzz/corpus/ac3e9b5146d2220644dbca14d2dec64d23a82fd6-24 b/dtls-2.0.9/fuzz/corpus/ac3e9b5146d2220644dbca14d2dec64d23a82fd6-24
deleted file mode 100644
index 465ee4dc0aa26af667c25ec46595b317783e4a66..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>S*R8IUpRbU^#K2%|YHC!^0Hlq~O&H89Eltc#OiYc8Eew4!OG<K5UGq{H
d7#JCNOMprk7)%-J88}K9*jWFwIw&e~006e&5G4Qr
diff --git a/dtls-2.0.9/fuzz/corpus/ad572827912f2c8b62392a1481af8897837d9b08-25 b/dtls-2.0.9/fuzz/corpus/ad572827912f2c8b62392a1481af8897837d9b08-25
deleted file mode 100644
index d921f0984579ef1c2fa30ce6b85d455832392be6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCUOC}FTPF*h+WH8Qp^^vNtK$w_t1OEF?#
X-~dW6FfcJN@PgTFtp8aZ7!)}G%Jmbi
diff --git a/dtls-2.0.9/fuzz/corpus/afd532a8a55c6c39d9ca66231a96a5678fbe4ad2-27 b/dtls-2.0.9/fuzz/corpus/afd532a8a55c6c39d9ca66231a96a5678fbe4ad2-27
deleted file mode 100644
index c308fa8e0bdfa10be447389fe3b586902eec82ce..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZiQ9T2YHfCVpC}FTPF*h+WH43&c^vNtK$w_t1OECgV
V{0FLGVBlq7V=!efWpx0N901B*6L<gs
diff --git a/dtls-2.0.9/fuzz/corpus/b0f5f4a2d196cded1dbfa87ab65be7122effa0e3-8 b/dtls-2.0.9/fuzz/corpus/b0f5f4a2d196cded1dbfa87ab65be7122effa0e3-8
deleted file mode 100644
index 4676b0591366b2cd30711bd79b8a9ac399de50fd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
ecmWf;xOe~iW$*Vk{Qv)-ON4=e!65}m00989R|(_*
diff --git a/dtls-2.0.9/fuzz/corpus/b226a622228f89f8a6f98b6b09f06fa964a3d4f0-9 b/dtls-2.0.9/fuzz/corpus/b226a622228f89f8a6f98b6b09f06fa964a3d4f0-9
deleted file mode 100644
index 217454ffa4c6fef58b861c8330364072d5d3470f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
dcmWf;xOe;e{pa`YX8-~LAa>aQo*@ND0|1eX2)6(L
diff --git a/dtls-2.0.9/fuzz/corpus/b28051b6fc87a2b74a765b237c697e0728f1bccf-12 b/dtls-2.0.9/fuzz/corpus/b28051b6fc87a2b74a765b237c697e0728f1bccf-12
deleted file mode 100644
index c67a6dd5d52ae4bb684917322ecc9c8d3494448f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 28
fcmWf8?w7-ulgUt$pRd5k!@$7&f&oG^Gspq}XY>U~
diff --git a/dtls-2.0.9/fuzz/corpus/b3c74f6100a87eb3ad15d44be8df465d490fb9bd-32 b/dtls-2.0.9/fuzz/corpus/b3c74f6100a87eb3ad15d44be8df465d490fb9bd-32
deleted file mode 100644
index d5c05f8caccb89cf3c68f53466e106296c5addb2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fOXhnV6Uw8Cw|oWJ0(pMhwCnB@C7j
TRSdig3>*vxxDIgbWncmT%{3H=
diff --git a/dtls-2.0.9/fuzz/corpus/b43bde2b9ea6f9d171156e4ba3d084444294625c-6 b/dtls-2.0.9/fuzz/corpus/b43bde2b9ea6f9d171156e4ba3d084444294625c-6
deleted file mode 100644
index 73df8274d1d1598623fd6c0de6b573b34f39767d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
dcmWf;xOe~i{qI4<{`cGr3=9tY-!r5DX#m9*3^o7&
diff --git a/dtls-2.0.9/fuzz/corpus/b485961b2eb34df99b22d66f377aeaf6bd87e0a6-36 b/dtls-2.0.9/fuzz/corpus/b485961b2eb34df99b22d66f377aeaf6bd87e0a6-36
deleted file mode 100644
index bcdc5169863d624491432c122a0a56cdd75a4598..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xPSlq{qOeziE0H#1_onOQw9()HfAVsC}FTPH8(VBFfz6<^vNtK$w_6f^e{Iu
RF*Rba1gqj=Foi<~1^~I25{m!;
diff --git a/dtls-2.0.9/fuzz/corpus/b4912597376e6edf2985267fe64d170977173481-1 b/dtls-2.0.9/fuzz/corpus/b4912597376e6edf2985267fe64d170977173481-1
deleted file mode 100644
index b809245..0000000
--- a/dtls-2.0.9/fuzz/corpus/b4912597376e6edf2985267fe64d170977173481-1
+++ /dev/null
@@ -1,3 +0,0 @@
-��.local
-
-�&Y
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/b4ee5c1737fe829bfa1c8d6abcb2166c1b74effd-21 b/dtls-2.0.9/fuzz/corpus/b4ee5c1737fe829bfa1c8d6abcb2166c1b74effd-21
deleted file mode 100644
index d8363cac947e7c74f3857bb63243deb139502f14..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
ocmWf8?w3>Sm#MCvpRbU^%fP@}!T<(9CPxVe8|!~o2L?q30ItLbDF6Tf
diff --git a/dtls-2.0.9/fuzz/corpus/b4f24eee8a1d42ac1dc868e4d53b608f3746a2d7-31 b/dtls-2.0.9/fuzz/corpus/b4f24eee8a1d42ac1dc868e4d53b608f3746a2d7-31
deleted file mode 100644
index 728f0f8a2085b12cbf2ac20e71377b9a7690b0fe..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fOXhnV6Uw8Cw|oWJ0(pMhwCnB@C7j
TRSdig3>*vxxb`wIvHk}D%hVLY
diff --git a/dtls-2.0.9/fuzz/corpus/b5c30ace1906dea8c5cf2fb4b7558563a2df978b-19 b/dtls-2.0.9/fuzz/corpus/b5c30ace1906dea8c5cf2fb4b7558563a2df978b-19
deleted file mode 100644
index 5e1b7fe18fb50aca5a7ef9444ce6e7830917981d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf;xOe;e{pWY@X8-~o1_q9j1`vyZgPB2`fsv8n9stJV2weaG
diff --git a/dtls-2.0.9/fuzz/corpus/b64aecc1f27577b6c2efd550a8dd1b0f96054f7c-25 b/dtls-2.0.9/fuzz/corpus/b64aecc1f27577b6c2efd550a8dd1b0f96054f7c-25
deleted file mode 100644
index c0f2676b0020e2202938caa8ca54b9abba86dee1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
qcmWf8?w3>Sm#NPBpOrO-mw|z|gaHhAIT<)hIM`VKGbk`HH~;{wj0Y9~
diff --git a/dtls-2.0.9/fuzz/corpus/b6f83f0c490f9fbea7ea7b9574232e8fd90194aa-18 b/dtls-2.0.9/fuzz/corpus/b6f83f0c490f9fbea7ea7b9574232e8fd90194aa-18
deleted file mode 100644
index b47a4add1a28d994dd25e1a39c7c16ed4b816625..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
icmWf8?w3>Sm#MCvpRbU^%fP@<!T<&wtpESBf>;2Qod+`j
diff --git a/dtls-2.0.9/fuzz/corpus/b7b653694d804d41294e46bb4aff34f2fc93f48d-19 b/dtls-2.0.9/fuzz/corpus/b7b653694d804d41294e46bb4aff34f2fc93f48d-19
deleted file mode 100644
index d51b4090313f7001bf0f2bf23174b4166fa71d42..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlgUt$FQ$;g&A`A>qQC$G91IMs3=B*R_W+3d1{nYV
diff --git a/dtls-2.0.9/fuzz/corpus/b9bd6d81380956a8a8f08c551f7a1c8e4b769f01-33 b/dtls-2.0.9/fuzz/corpus/b9bd6d81380956a8a8f08c551f7a1c8e4b769f01-33
deleted file mode 100644
index 02576bdeab226f3822519272ec2cbeee94788e30..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!Gn6=#Fj$(J8yYnj8Cw|oWR{fVq%v4~n46fG
U8ZlUcRdF$JZ~z%hObj4h0J32b$p8QV
diff --git a/dtls-2.0.9/fuzz/corpus/ba0aeff9d6e84d6d0a54b40f674338489fe86d29-35 b/dtls-2.0.9/fuzz/corpus/ba0aeff9d6e84d6d0a54b40f674338489fe86d29-35
deleted file mode 100644
index dd3d3239aa87e13d6ac836392532211ddeb25f4d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!Gn6=#Fj$(J8yYnj8Cw|oWR{fVq%v4~n46fG
X8ZlS`)fgEV7+G2A8=8T2FfafB#l90n
diff --git a/dtls-2.0.9/fuzz/corpus/ba8f7331369766ec42d305afd13f74bd5c9f7598-26 b/dtls-2.0.9/fuzz/corpus/ba8f7331369766ec42d305afd13f74bd5c9f7598-26
deleted file mode 100644
index b630e830a7215224d50e10dc32a5357fd712ddd5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCUOC}FTPF*h+WH8Qp^^vNtK$w_t1OEF?#
W-~dVh)i5#eg4t}W{~1^q6gdFN>Jw}L
diff --git a/dtls-2.0.9/fuzz/corpus/bab42319f9d989d1344ff4621f82c3eb950f01b8-4 b/dtls-2.0.9/fuzz/corpus/bab42319f9d989d1344ff4621f82c3eb950f01b8-4
deleted file mode 100644
index b5cfc93e575c3ba92ab1748e7cf8660cb439bab6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
fcmWf;xOe~i{qI4<{`c=07#JM(zh~I%uJ;}Q(@GB4
diff --git a/dtls-2.0.9/fuzz/corpus/bacecfa089ed936799b5ec00ab80f2c234ee6488-19 b/dtls-2.0.9/fuzz/corpus/bacecfa089ed936799b5ec00ab80f2c234ee6488-19
deleted file mode 100644
index e954f79a1e95b0f047f29eced1ed8bf059827c3b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
kcmWf8?w3=XlgUt$FQ$;g&A`A>qQC$G91IMsj6iS?0Eq(z8vp<R
diff --git a/dtls-2.0.9/fuzz/corpus/bdd08d152c9b526d07ca2020b5236ee2021ddbf2-9 b/dtls-2.0.9/fuzz/corpus/bdd08d152c9b526d07ca2020b5236ee2021ddbf2-9
deleted file mode 100644
index 44030f6bf997d166856f7e76902602273cbda54e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
bcmWf;xOe;e{pa`YX8-~|Aa+Oru^1Qths_5E
diff --git a/dtls-2.0.9/fuzz/corpus/be2d2ac22a22f3c07bbb03881145ed09d71cc9a3-23 b/dtls-2.0.9/fuzz/corpus/be2d2ac22a22f3c07bbb03881145ed09d71cc9a3-23
deleted file mode 100644
index 35558be15a99eee084a8dda700c1cbeedb715073..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
ocmWf8?w3>Sm#MCvpRbU^%fP@}!T<(9CT9uzAJ+e@4h)J60Je4r9{>OV
diff --git a/dtls-2.0.9/fuzz/corpus/c26326aa05dea63170e6429a64465e9c48fc4ba6-20 b/dtls-2.0.9/fuzz/corpus/c26326aa05dea63170e6429a64465e9c48fc4ba6-20
deleted file mode 100644
index f062a946fd2c23c8a54944db29390533046ade66..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf8?w3=XlgUt$FQ$;g&A`A>qQC$G91IMs3=B;F?*agd_y-pN
diff --git a/dtls-2.0.9/fuzz/corpus/c341f33f77b845bbeb7f2e4cdc20072a370b81bb-19 b/dtls-2.0.9/fuzz/corpus/c341f33f77b845bbeb7f2e4cdc20072a370b81bb-19
deleted file mode 100644
index 7dbee3b0f4654930f4d2e9d3bdff9756d3eb0858..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
kcmWf8?w3>Sm#MCvpRbU^%fP@}!T<(9CMN?YBLv(70Hdh}EC2ui
diff --git a/dtls-2.0.9/fuzz/corpus/c5ab6cb91cad5d95c1eed18fc9055ca5cfa03401-36 b/dtls-2.0.9/fuzz/corpus/c5ab6cb91cad5d95c1eed18fc9055ca5cfa03401-36
deleted file mode 100644
index 79829755869cf65351da81dd472ac47ac7e2cafa..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w9j^|NFiB-|w$hU}Ru0HZ^4c0b^r^5{D87OH*?blLjMW3qzmGl9HTM21^5=
WfT<CKB~T6HTV4hZ22&_xU;qG-{SuA<
diff --git a/dtls-2.0.9/fuzz/corpus/c6266582478c713d071415c5c20f7e17cacbca6b-11 b/dtls-2.0.9/fuzz/corpus/c6266582478c713d071415c5c20f7e17cacbca6b-11
deleted file mode 100644
index f874a4180c433db4eef36e649ae0d6f3a889c8cb..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 28
dcmWf8?w3=XlgUt$pRd5k!@$7&f&oGU831%w2893s
diff --git a/dtls-2.0.9/fuzz/corpus/c69ac8b1c87631059129edfb2bac5504b1f6e1fe-7 b/dtls-2.0.9/fuzz/corpus/c69ac8b1c87631059129edfb2bac5504b1f6e1fe-7
deleted file mode 100644
index 3ab8af2336ce61c1dd06e708e70d2633bec4aa74..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
acmWf8?w3=XlgUt$pRbU^#J~Vy0BHbe=LWt2
diff --git a/dtls-2.0.9/fuzz/corpus/c6fb60ed7606c773c6e381e1eeafa4d2beb0501d-13 b/dtls-2.0.9/fuzz/corpus/c6fb60ed7606c773c6e381e1eeafa4d2beb0501d-13
deleted file mode 100644
index 3795f235e8fe05c5d50296a746ff37321ed58bd1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf8?w3=XlgUt$pRbU^&%nS@BESFw9E^+%Ec^FrGXMaU1P3kv
diff --git a/dtls-2.0.9/fuzz/corpus/c6ff571fac3824ce6314d936ddbe679a4532681a-24 b/dtls-2.0.9/fuzz/corpus/c6ff571fac3824ce6314d936ddbe679a4532681a-24
deleted file mode 100644
index ab62da6eef8d64081509416032ff3699102ba6de..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
ocmWf8?w3>Sm#MCvpRbU^%fP@}!T<(9CMT-{+kaM8*8i*y0I!4x+W-In
diff --git a/dtls-2.0.9/fuzz/corpus/ca7e5b747b90d4cc886c3e68582eb809672f9343-24 b/dtls-2.0.9/fuzz/corpus/ca7e5b747b90d4cc886c3e68582eb809672f9343-24
deleted file mode 100644
index 7cb44c1362918db6a2abe36108eeac9fed48b70c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZiQ9T2YHfCVpC}FTPF*h+WH8Qp^^vNtK$w_t1OEH2-
T0M#%s@PgTFtp8aZ7)&_;yYmxs
diff --git a/dtls-2.0.9/fuzz/corpus/caf20a50754c9f4885ff4872cfdb5badfafa0eab-2 b/dtls-2.0.9/fuzz/corpus/caf20a50754c9f4885ff4872cfdb5badfafa0eab-2
deleted file mode 100644
index 179235b..0000000
--- a/dtls-2.0.9/fuzz/corpus/caf20a50754c9f4885ff4872cfdb5badfafa0eab-2
+++ /dev/null
@@ -1 +0,0 @@
-�\v/��ソソ��Y
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/cc0dfdb3fe2c6c450c8353fb951f0068c2da25c3-24 b/dtls-2.0.9/fuzz/corpus/cc0dfdb3fe2c6c450c8353fb951f0068c2da25c3-24
deleted file mode 100644
index a469df8266ccf3721cc6583095871a500ca0514b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
qcmWf8?w3>Sm#NPBpOrO-mw|z|gaHhAIT<)hIM`VKGcYnRH~;{w5C-=E
diff --git a/dtls-2.0.9/fuzz/corpus/cc57cf224581b2055e3e509f8ddaf10204099d72-29 b/dtls-2.0.9/fuzz/corpus/cc57cf224581b2055e3e509f8ddaf10204099d72-29
deleted file mode 100644
index 7a08e52525825793c67abb92bed492fa0b0e3882..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
X042bxm>75&7&sXC4(w%QVEqpOqYD$W
diff --git a/dtls-2.0.9/fuzz/corpus/cd6fd1f976ae2f9e31733919f070988d5946cf18-25 b/dtls-2.0.9/fuzz/corpus/cd6fd1f976ae2f9e31733919f070988d5946cf18-25
deleted file mode 100644
index 91e35dbdfe3e9663901995c1f41476b9db711683..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZiQ9T2YHfCVpC}FTPF*h+WH8Qp^^vNtK$w_t1OEH2-
U0M#%s@G`Km{%3VyFa==_0KTRZaR2}S
diff --git a/dtls-2.0.9/fuzz/corpus/ce04f52927639b8f845dd01a25ff06d61dbb7736-19 b/dtls-2.0.9/fuzz/corpus/ce04f52927639b8f845dd01a25ff06d61dbb7736-19
deleted file mode 100644
index 16397909a02bfee4dd36e66403f6786c8f128e88..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWe*+`Ik#{`0%{GXMb(0|Q4%L;k-+AkEAm&Tx@|;T{0Tr3xwl
diff --git a/dtls-2.0.9/fuzz/corpus/cfe9539fdc29f9bcdf123394ffb098838a5d8b83-29 b/dtls-2.0.9/fuzz/corpus/cfe9539fdc29f9bcdf123394ffb098838a5d8b83-29
deleted file mode 100644
index f32ed4a61479f5137afe42558dbd77ee5f4b4b94..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Jo0ymy8Cw|oWR{fVq{0LkEP-m6
S7<d^NI7%4USpPFL0Qmr$6%xJx
diff --git a/dtls-2.0.9/fuzz/corpus/d093b42b65836218cc0ce0ad9a898b76f4cde121-7 b/dtls-2.0.9/fuzz/corpus/d093b42b65836218cc0ce0ad9a898b76f4cde121-7
deleted file mode 100644
index 07b53615805c3e7710c165c25d335e04844b23d2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
ccmWf8?w3=XlgUt$pRbU^$H2f431R?g0BN5FuK)l5
diff --git a/dtls-2.0.9/fuzz/corpus/d184e74d92444b23e5c07431ac1901a3460efeef-2 b/dtls-2.0.9/fuzz/corpus/d184e74d92444b23e5c07431ac1901a3460efeef-2
deleted file mode 100644
index 855e06b727dfcd13256118748b3fb352265b250b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 15
XcmWfApS$N|is}A;zZu>$?B5FjL*NLr
diff --git a/dtls-2.0.9/fuzz/corpus/d1fc43b23d31daa77b1c9b4f8930d2f3a9754287-31 b/dtls-2.0.9/fuzz/corpus/d1fc43b23d31daa77b1c9b4f8930d2f3a9754287-31
deleted file mode 100644
index 922dbdf1445c1215d7429ac2888aab99479d660d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!Gn6=#Fj$(Jo0ymy8Cw|oWR{fVq{0LkEP-m6
P7<d^NIKT{s1|S6hrh*Z+
diff --git a/dtls-2.0.9/fuzz/corpus/d5e8de475ba87d0eddd97db6b61ef4621a2e8071-30 b/dtls-2.0.9/fuzz/corpus/d5e8de475ba87d0eddd97db6b61ef4621a2e8071-30
deleted file mode 100644
index a2e9f86947b3e174fe44ca4e030b7257bed30e3f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
a03{e0{xUEyG4L`la4_&4*vr7g`X2zZ+7z(>
diff --git a/dtls-2.0.9/fuzz/corpus/d78ab9295d2782c20cb99674622bde4e92359b16-15 b/dtls-2.0.9/fuzz/corpus/d78ab9295d2782c20cb99674622bde4e92359b16-15
deleted file mode 100644
index 121e13d2930e1a26b254dec968ecca2a6407379f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlgUt$FQ$;g&A`A>qQC$G91IMs3=B*L3;>9I1#18R
diff --git a/dtls-2.0.9/fuzz/corpus/d8f3a31fb0304017eb8466e958c843865a1d0c2b-14 b/dtls-2.0.9/fuzz/corpus/d8f3a31fb0304017eb8466e958c843865a1d0c2b-14
deleted file mode 100644
index 94ac533d481d4c973812a1cb6eb656cff49568bc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 28
dcmWf8?w3=XlgUt$pRd3mz`(%#f&mObGyrqv23P<9
diff --git a/dtls-2.0.9/fuzz/corpus/d97dc4bb804a0d7bcd92f1abf81fb604caeef3db-18 b/dtls-2.0.9/fuzz/corpus/d97dc4bb804a0d7bcd92f1abf81fb604caeef3db-18
deleted file mode 100644
index 50f8931b8da02d4043178e3ef9c205a24b1645eb..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf8?w8Y`kSXvlKVKn^mw|z!M1cVWIG7o77#SF}?g0Rs6bDoQ
diff --git a/dtls-2.0.9/fuzz/corpus/d9c2f5fc766a4d8b70c20b2c7bb17f662821a18d-20 b/dtls-2.0.9/fuzz/corpus/d9c2f5fc766a4d8b70c20b2c7bb17f662821a18d-20
deleted file mode 100644
index fb8b4549e18baa1ee66a6ab3115cdd76774d02ac..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
kcmWf8?w3>Sm#MCvpRbU^%fP@<!T<&wtc;9|4h{?q0EuG-vj6}9
diff --git a/dtls-2.0.9/fuzz/corpus/da39a3ee5e6b4b0d3255bfef95601890afd80709 b/dtls-2.0.9/fuzz/corpus/da39a3ee5e6b4b0d3255bfef95601890afd80709
deleted file mode 100644
index e69de29..0000000
diff --git a/dtls-2.0.9/fuzz/corpus/da75745263fae25217790f4c0f3414a2c2a7426c-30 b/dtls-2.0.9/fuzz/corpus/da75745263fae25217790f4c0f3414a2c2a7426c-30
deleted file mode 100644
index 095dbac16e193a052700dbe5e47d7061a25f7ab1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!YG0|*!csgjbMRM$Kc6H_B&3qzkw2sg!uL71b2!4j;B
SiGi1afrEkTz+MIh*8c$0gcQI4
diff --git a/dtls-2.0.9/fuzz/corpus/dbb83f9c44304f536e5817c4301fe1ebad40b480-29 b/dtls-2.0.9/fuzz/corpus/dbb83f9c44304f536e5817c4301fe1ebad40b480-29
deleted file mode 100644
index c18a842a2af282a44ef93582a5bfdd4ad0a7b0cc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
X042bxm>75&7&sXC4(w%MV*L*QqYV?Z
diff --git a/dtls-2.0.9/fuzz/corpus/dc8dd2c7a89d009af1cc9d1dab9c7f030db09fee-28 b/dtls-2.0.9/fuzz/corpus/dc8dd2c7a89d009af1cc9d1dab9c7f030db09fee-28
deleted file mode 100644
index a794a4fe83f9d467b872da94f1b94746f73ea57b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCUOC}FTPF*h+WH8Qp^^vNtK$w>vuq%a6`
Y040Dd1_mYuUIqpZHdY2k4mLIk0H?AMCjbBd
diff --git a/dtls-2.0.9/fuzz/corpus/dcac1a5ba7d6511532589fbceb771fd71f23ebeb-23 b/dtls-2.0.9/fuzz/corpus/dcac1a5ba7d6511532589fbceb771fd71f23ebeb-23
deleted file mode 100644
index 6d94b237c581f430c47fa278797e5c00bf37802d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
ncmWf8?w3>Sm#MCvpRbU^%fP@}!T<(9CT9r;8|!~oAaVczu;>U9
diff --git a/dtls-2.0.9/fuzz/corpus/dcc90b5ab9129ee3effd438c0a86bfe599ccfe17-8 b/dtls-2.0.9/fuzz/corpus/dcc90b5ab9129ee3effd438c0a86bfe599ccfe17-8
deleted file mode 100644
index 67c4addf8285f6c9c17aede60fee269d309d34d2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
bcmWf8?w3=XlgUt$pRW+g%)kI<<N#>^XvhYr
diff --git a/dtls-2.0.9/fuzz/corpus/dd5c198fd08276fdba3f48884659199dceeaa2ac-2 b/dtls-2.0.9/fuzz/corpus/dd5c198fd08276fdba3f48884659199dceeaa2ac-2
deleted file mode 100644
index 871fdba..0000000
--- a/dtls-2.0.9/fuzz/corpus/dd5c198fd08276fdba3f48884659199dceeaa2ac-2
+++ /dev/null
@@ -1 +0,0 @@
-��.lslice length too larg
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/e0d111660feb6004db7815eb0231fdb369517970-11 b/dtls-2.0.9/fuzz/corpus/e0d111660feb6004db7815eb0231fdb369517970-11
deleted file mode 100644
index 370ba20fbf560b7c61e3e5aba1cea8b253b84c93..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
kcmWf8?w3=XlgUt$pRbU^&%nR|W&ml%{d?c<->c040JV+^?f?J)
diff --git a/dtls-2.0.9/fuzz/corpus/e11fc30ee640e45e8185f384f9a116cf2cb75852-8 b/dtls-2.0.9/fuzz/corpus/e11fc30ee640e45e8185f384f9a116cf2cb75852-8
deleted file mode 100644
index 87bca42eb140d5f6d685b9397bbbd1f90e0f2b5f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
gcmWf;xOe;e{pa`YXV}00Jre^1gTwy!3@Jbw0J5qJ761SM
diff --git a/dtls-2.0.9/fuzz/corpus/e124a66686755a3fe635b2bb6dc05849238ff474-28 b/dtls-2.0.9/fuzz/corpus/e124a66686755a3fe635b2bb6dc05849238ff474-28
deleted file mode 100644
index 7b768363aae4171e7b1fce4fb16df200c72220f0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
T042bxm>75&7&zEi!Nh+6n)wny
diff --git a/dtls-2.0.9/fuzz/corpus/e17dcda547abfa37685bb9d570a7bf9c4a34affc-35 b/dtls-2.0.9/fuzz/corpus/e17dcda547abfa37685bb9d570a7bf9c4a34affc-35
deleted file mode 100644
index 62e99543bccf15856a1bfc55c9e4f87ccdbea669..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
V1`dV;+6T0C84hqA;M&W;1OUiN6%zme
diff --git a/dtls-2.0.9/fuzz/corpus/e1a87e2698fcd50fdee9d425ba22cca94e82e689-31 b/dtls-2.0.9/fuzz/corpus/e1a87e2698fcd50fdee9d425ba22cca94e82e689-31
deleted file mode 100644
index 7f13584cc69a5ccf9b1e8ec300124f53819b333a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!YG0|*!csgjbMRM$Kc6H_B&3qzkw2sg!uL71b2!4j;B
Ri9wcufrEkTz+MI*69Cg*6YBr~
diff --git a/dtls-2.0.9/fuzz/corpus/e1f7de47792fed4f34a0a790cc688d43d75e80fd-34 b/dtls-2.0.9/fuzz/corpus/e1f7de47792fed4f34a0a790cc688d43d75e80fd-34
deleted file mode 100644
index 68423d26b31fa6a8f528ea17c712c84c297b1c09..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!Gn6=#Fj$(J8yYnj8Cw|oWR{fVq%v4~n46fG
Q8ZlUcRdF$Jz}XB80Jk0zC;$Ke
diff --git a/dtls-2.0.9/fuzz/corpus/e4d81d83c175232de004db3750b8509a3dc26cf7-27 b/dtls-2.0.9/fuzz/corpus/e4d81d83c175232de004db3750b8509a3dc26cf7-27
deleted file mode 100644
index f6a9fc106d33ea300e6f3eeb2a8077e1caf6eb44..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCUOC}FTPF*h+WH8Qp^^vNtK$w_t1OEF?#
V-~dVh)i5#eg4t}W|A9P34gks86KDVc
diff --git a/dtls-2.0.9/fuzz/corpus/e5d083d83bb534c47f170509f84be51d847c9d95-2 b/dtls-2.0.9/fuzz/corpus/e5d083d83bb534c47f170509f84be51d847c9d95-2
deleted file mode 100644
index c8b8f38..0000000
--- a/dtls-2.0.9/fuzz/corpus/e5d083d83bb534c47f170509f84be51d847c9d95-2
+++ /dev/null
@@ -1 +0,0 @@
-��1r1rA2���[�
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/e69a5e78519e11f948112f68197d2f0d469c60b2-28 b/dtls-2.0.9/fuzz/corpus/e69a5e78519e11f948112f68197d2f0d469c60b2-28
deleted file mode 100644
index f1c98a0ddb982e152e1bd46974107b9e9fa8d432..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCUOC}FTPH8(LaH8Qp^^vNtK$w`F?FjxZB
TFfs5lFmRMGu(AGUXaMp7!T%F)
diff --git a/dtls-2.0.9/fuzz/corpus/e7e0aec1e8718877cd61405d0b73cb8eea7830dd-2 b/dtls-2.0.9/fuzz/corpus/e7e0aec1e8718877cd61405d0b73cb8eea7830dd-2
deleted file mode 100644
index 0cb0c1c..0000000
--- a/dtls-2.0.9/fuzz/corpus/e7e0aec1e8718877cd61405d0b73cb8eea7830dd-2
+++ /dev/null
@@ -1 +0,0 @@
-��1<JPrior�td�
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/e87d088c1b0796bcbfa649c9118329bf4fabd6f2-29 b/dtls-2.0.9/fuzz/corpus/e87d088c1b0796bcbfa649c9118329bf4fabd6f2-29
deleted file mode 100644
index bc5d2f7ab88c98dc0df29b737ef4ad29610606e2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!Y80|*!!GcY)mFj$(Ho0ymy8Cw|oWR{fVq`Ky%7%>QQ
X042bxm>75&7&sWX4(w%QVEqpOqVE&0
diff --git a/dtls-2.0.9/fuzz/corpus/e8ad70294942e6f8c25bb01fd4443cfba4fb0308-19 b/dtls-2.0.9/fuzz/corpus/e8ad70294942e6f8c25bb01fd4443cfba4fb0308-19
deleted file mode 100644
index f5f4f6a69d4dba3b3b3118de1f9556c32c79982c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
jcmWf8?w3>Sm#MCvpRbU^%fP@}!T<(9CMN?YBNPAtqRa(P
diff --git a/dtls-2.0.9/fuzz/corpus/e9895a39481476548887cbbb88835ba4318e41af-33 b/dtls-2.0.9/fuzz/corpus/e9895a39481476548887cbbb88835ba4318e41af-33
deleted file mode 100644
index 4a1832a8d1e2b63a20959720f0bef5c7a4b79975..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgRv<S0|*!!Gcc5t<fI1VnV6V@7_NCKMhwCnB@C7jc?Mnv
Q1`dV;TnD%y<X#3Q0K_L0tN;K2
diff --git a/dtls-2.0.9/fuzz/corpus/e9f3d28570e1c59dd81975f281b00374ad3f400e-28 b/dtls-2.0.9/fuzz/corpus/e9f3d28570e1c59dd81975f281b00374ad3f400e-28
deleted file mode 100644
index d2ee19c527fe76c0897277a5631b45a7e1601d42..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZiQ9T2YHfCVpC}FTPF*h+WH43&c^vNtK$w_t1OECgV
T{0FLGVBlpi1wmE^5Xk`m%#stQ
diff --git a/dtls-2.0.9/fuzz/corpus/ea855f2d2933b53de04f93ed49d95f5fbc1777df-3 b/dtls-2.0.9/fuzz/corpus/ea855f2d2933b53de04f93ed49d95f5fbc1777df-3
deleted file mode 100644
index c83965176e641e4c1850f6b6c13382912fc400d6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 14
VcmWf!urM*UG%_?&U@$ah1OO6-0zUu%
diff --git a/dtls-2.0.9/fuzz/corpus/eaa0e2396b6d857d3121c691ca35c10f54644ba5-3 b/dtls-2.0.9/fuzz/corpus/eaa0e2396b6d857d3121c691ca35c10f54644ba5-3
deleted file mode 100644
index 5c316d25c799c22a9bf79999e4cf117393967f62..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
ccmWf;xOe~i{qI4<{`c?q?*$=-z3zJN0q-&qzW@LL
diff --git a/dtls-2.0.9/fuzz/corpus/eab6d99255628b1b14f5f565e9f94e9f4042ba25-5 b/dtls-2.0.9/fuzz/corpus/eab6d99255628b1b14f5f565e9f94e9f4042ba25-5
deleted file mode 100644
index 27296687cefe3fbefe091e74685706d8c846edbf..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 25
dcmWf;xOe~i{qI4<{`c=07#JM(zh_7R(g4rK4H^Id
diff --git a/dtls-2.0.9/fuzz/corpus/ed8baf884f660e13648b822dbc20c23ececbb6d9-14 b/dtls-2.0.9/fuzz/corpus/ed8baf884f660e13648b822dbc20c23ececbb6d9-14
deleted file mode 100644
index f1c10cadabd58d37cb20130400936e3be77be928..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w8Y$lPOS=pRbU^%fP@<Qk?%U5lAyIFfs1mt91_mwh#(b
diff --git a/dtls-2.0.9/fuzz/corpus/ee7bc26e98a2e3fc02a8fac80ec94b8fe56d5852-26 b/dtls-2.0.9/fuzz/corpus/ee7bc26e98a2e3fc02a8fac80ec94b8fe56d5852-26
deleted file mode 100644
index bec17c8424f020a3b25b1556b9579d300a26aa53..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf8?w3>S*R8IUpRbU^#K2%|YRUit#zy8Q3}%*=Cgvt4rbfmVhCZ1kB{`|CdFl#j
Y`9%sPKqb5krVRBA93>2FU>&9m0H#q7UjP6A
diff --git a/dtls-2.0.9/fuzz/corpus/f248a7b971b1fd07ea978e776fda73fee276d36d-17 b/dtls-2.0.9/fuzz/corpus/f248a7b971b1fd07ea978e776fda73fee276d36d-17
deleted file mode 100644
index f27cbf5e3483567b3029af75d4a3c7d834668d90..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
mcmWf8?w8Y$lPT~oKVKn-mw|z!M1cVWI2ah1llSk{x(5KM83`Z&
diff --git a/dtls-2.0.9/fuzz/corpus/f3fc999fcd5f3f9f4d4cf2c4151d0bc6ef73c3cb-1 b/dtls-2.0.9/fuzz/corpus/f3fc999fcd5f3f9f4d4cf2c4151d0bc6ef73c3cb-1
deleted file mode 100644
index 7a0244b..0000000
--- a/dtls-2.0.9/fuzz/corpus/f3fc999fcd5f3f9f4d4cf2c4151d0bc6ef73c3cb-1
+++ /dev/null
@@ -1 +0,0 @@
-decoding uint
\ No newline at end of file
diff --git a/dtls-2.0.9/fuzz/corpus/f8781259866be1553ac9625d18ff25ce354776ec-23 b/dtls-2.0.9/fuzz/corpus/f8781259866be1553ac9625d18ff25ce354776ec-23
deleted file mode 100644
index 76fc3f8a9a489f98f4d5ea8a61efd44753895b0d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 76
zcmWf;xOe~i{qI3UwE`mpgR!ZpQ9T2YHfCVpC}FTPF*h+WH8Qp^^vNtK$w_t1OEH2-
T0M#%s@PgTFtp8aZ7!)}Gz*7@*
diff --git a/dtls-2.0.9/fuzz/corpus/fa9ec5dd9ba00a696cb5217fd7455fe79c6610e4-18 b/dtls-2.0.9/fuzz/corpus/fa9ec5dd9ba00a696cb5217fd7455fe79c6610e4-18
deleted file mode 100644
index a8c7d9398983ddee9977fc9724a5f609cf06f7fc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
kcmWf8?w8Y$lPT~oKVKn-mw|z!M1cVWI2ah18G+y)0HLu58vp<R
diff --git a/dtls-2.0.9/fuzz/corpus/fc3952e202a374d090fd4008d43183630a4b8dc2-15 b/dtls-2.0.9/fuzz/corpus/fc3952e202a374d090fd4008d43183630a4b8dc2-15
deleted file mode 100644
index 2957816fac04104864314ebaa09a6527d8d69585..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
lcmWf8?w3=XlgUt$FQ$;g&A`A>qQC$G91IMs3=B-#DFBGq1<C*b
diff --git a/dtls-2.0.9/fuzz/corpus/fdef7b51eb11668569ef1b45ba193becb956b2e7-15 b/dtls-2.0.9/fuzz/corpus/fdef7b51eb11668569ef1b45ba193becb956b2e7-15
deleted file mode 100644
index 6baabc6dc36381943c1491d0ee6cb57ac84cce39..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 33
ncmWf8?w3>Sm#MCvpRbU^%fP@<(vbfz5lAyLFf#1lt91_mtndl}
diff --git a/dtls-2.0.9/go.mod b/dtls-2.0.9/go.mod
deleted file mode 100644
index d3c660a..0000000
--- a/dtls-2.0.9/go.mod
+++ /dev/null
@@ -1,12 +0,0 @@
-module github.com/pion/dtls/v2
-
-require (
- github.com/pion/logging v0.2.2
- github.com/pion/transport v0.12.3
- github.com/pion/udp v0.1.1
- golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
- golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c
- golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
-)
-
-go 1.13
diff --git a/dtls-2.0.9/go.sum b/dtls-2.0.9/go.sum
deleted file mode 100644
index df09e4c..0000000
--- a/dtls-2.0.9/go.sum
+++ /dev/null
@@ -1,40 +0,0 @@
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
-github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
-github.com/pion/transport v0.12.2/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
-github.com/pion/transport v0.12.3 h1:vdBfvfU/0Wq8kd2yhUMSDB/x+O4Z9MYVl2fJ5BT4JZw=
-github.com/pion/transport v0.12.3/go.mod h1:OViWW9SP2peE/HbwBvARicmAVnesphkNkCVZIWJ6q9A=
-github.com/pion/udp v0.1.1 h1:8UAPvyqmsxK8oOjloDk4wUt63TzFe9WEJkg5lChlj7o=
-github.com/pion/udp v0.1.1/go.mod h1:6AFo+CMdKQm7UiA0eUPA8/eVCTx8jBIITLZHc9DWX5M=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 h1:It14KIkyBFYkHkwZ7k45minvA9aorojkyjGk9KJ5B/w=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c h1:KHUzaHIpjWVlVVNh65G3hhuj3KB1HnjY6Cq5cTvRQT8=
-golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/dtls-2.0.9/handshake_cache.go b/dtls-2.0.9/handshake_cache.go
deleted file mode 100644
index 063a858..0000000
--- a/dtls-2.0.9/handshake_cache.go
+++ /dev/null
@@ -1,171 +0,0 @@
-package dtls
-
-import (
- "sync"
-
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
-)
-
-type handshakeCacheItem struct {
- typ handshake.Type
- isClient bool
- epoch uint16
- messageSequence uint16
- data []byte
-}
-
-type handshakeCachePullRule struct {
- typ handshake.Type
- epoch uint16
- isClient bool
- optional bool
-}
-
-type handshakeCache struct {
- cache []*handshakeCacheItem
- mu sync.Mutex
-}
-
-func newHandshakeCache() *handshakeCache {
- return &handshakeCache{}
-}
-
-func (h *handshakeCache) push(data []byte, epoch, messageSequence uint16, typ handshake.Type, isClient bool) bool { //nolint
- h.mu.Lock()
- defer h.mu.Unlock()
-
- for _, i := range h.cache {
- if i.messageSequence == messageSequence &&
- i.isClient == isClient {
- return false
- }
- }
-
- h.cache = append(h.cache, &handshakeCacheItem{
- data: append([]byte{}, data...),
- epoch: epoch,
- messageSequence: messageSequence,
- typ: typ,
- isClient: isClient,
- })
- return true
-}
-
-// returns a list handshakes that match the requested rules
-// the list will contain null entries for rules that can't be satisfied
-// multiple entries may match a rule, but only the last match is returned (ie ClientHello with cookies)
-func (h *handshakeCache) pull(rules ...handshakeCachePullRule) []*handshakeCacheItem {
- h.mu.Lock()
- defer h.mu.Unlock()
-
- out := make([]*handshakeCacheItem, len(rules))
- for i, r := range rules {
- for _, c := range h.cache {
- if c.typ == r.typ && c.isClient == r.isClient && c.epoch == r.epoch {
- switch {
- case out[i] == nil:
- out[i] = c
- case out[i].messageSequence < c.messageSequence:
- out[i] = c
- }
- }
- }
- }
-
- return out
-}
-
-// fullPullMap pulls all handshakes between rules[0] to rules[len(rules)-1] as map.
-func (h *handshakeCache) fullPullMap(startSeq int, rules ...handshakeCachePullRule) (int, map[handshake.Type]handshake.Message, bool) {
- h.mu.Lock()
- defer h.mu.Unlock()
-
- ci := make(map[handshake.Type]*handshakeCacheItem)
- for _, r := range rules {
- var item *handshakeCacheItem
- for _, c := range h.cache {
- if c.typ == r.typ && c.isClient == r.isClient && c.epoch == r.epoch {
- switch {
- case item == nil:
- item = c
- case item.messageSequence < c.messageSequence:
- item = c
- }
- }
- }
- if !r.optional && item == nil {
- // Missing mandatory message.
- return startSeq, nil, false
- }
- ci[r.typ] = item
- }
- out := make(map[handshake.Type]handshake.Message)
- seq := startSeq
- for _, r := range rules {
- t := r.typ
- i := ci[t]
- if i == nil {
- continue
- }
- rawHandshake := &handshake.Handshake{}
- if err := rawHandshake.Unmarshal(i.data); err != nil {
- return startSeq, nil, false
- }
- if uint16(seq) != rawHandshake.Header.MessageSequence {
- // There is a gap. Some messages are not arrived.
- return startSeq, nil, false
- }
- seq++
- out[t] = rawHandshake.Message
- }
- return seq, out, true
-}
-
-// pullAndMerge calls pull and then merges the results, ignoring any null entries
-func (h *handshakeCache) pullAndMerge(rules ...handshakeCachePullRule) []byte {
- merged := []byte{}
-
- for _, p := range h.pull(rules...) {
- if p != nil {
- merged = append(merged, p.data...)
- }
- }
- return merged
-}
-
-// sessionHash returns the session hash for Extended Master Secret support
-// https://tools.ietf.org/html/draft-ietf-tls-session-hash-06#section-4
-func (h *handshakeCache) sessionHash(hf prf.HashFunc, epoch uint16, additional ...[]byte) ([]byte, error) {
- merged := []byte{}
-
- // Order defined by https://tools.ietf.org/html/rfc5246#section-7.3
- handshakeBuffer := h.pull(
- handshakeCachePullRule{handshake.TypeClientHello, epoch, true, false},
- handshakeCachePullRule{handshake.TypeServerHello, epoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, epoch, false, false},
- handshakeCachePullRule{handshake.TypeServerKeyExchange, epoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificateRequest, epoch, false, false},
- handshakeCachePullRule{handshake.TypeServerHelloDone, epoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, epoch, true, false},
- handshakeCachePullRule{handshake.TypeClientKeyExchange, epoch, true, false},
- )
-
- for _, p := range handshakeBuffer {
- if p == nil {
- continue
- }
-
- merged = append(merged, p.data...)
- }
- for _, a := range additional {
- merged = append(merged, a...)
- }
-
- hash := hf()
- if _, err := hash.Write(merged); err != nil {
- return []byte{}, err
- }
-
- return hash.Sum(nil), nil
-}
diff --git a/dtls-2.0.9/handshake_cache_test.go b/dtls-2.0.9/handshake_cache_test.go
deleted file mode 100644
index d985177..0000000
--- a/dtls-2.0.9/handshake_cache_test.go
+++ /dev/null
@@ -1,210 +0,0 @@
-package dtls
-
-import (
- "bytes"
- "testing"
-
- "github.com/pion/dtls/v2/internal/ciphersuite"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
-)
-
-func TestHandshakeCacheSinglePush(t *testing.T) {
- for _, test := range []struct {
- Name string
- Rule []handshakeCachePullRule
- Input []handshakeCacheItem
- Expected []byte
- }{
- {
- Name: "Single Push",
- Input: []handshakeCacheItem{
- {0, true, 0, 0, []byte{0x00}},
- },
- Rule: []handshakeCachePullRule{
- {0, 0, true, false},
- },
- Expected: []byte{0x00},
- },
- {
- Name: "Multi Push",
- Input: []handshakeCacheItem{
- {0, true, 0, 0, []byte{0x00}},
- {1, true, 0, 1, []byte{0x01}},
- {2, true, 0, 2, []byte{0x02}},
- },
- Rule: []handshakeCachePullRule{
- {0, 0, true, false},
- {1, 0, true, false},
- {2, 0, true, false},
- },
- Expected: []byte{0x00, 0x01, 0x02},
- },
- {
- Name: "Multi Push, Rules set order",
- Input: []handshakeCacheItem{
- {2, true, 0, 2, []byte{0x02}},
- {0, true, 0, 0, []byte{0x00}},
- {1, true, 0, 1, []byte{0x01}},
- },
- Rule: []handshakeCachePullRule{
- {0, 0, true, false},
- {1, 0, true, false},
- {2, 0, true, false},
- },
- Expected: []byte{0x00, 0x01, 0x02},
- },
-
- {
- Name: "Multi Push, Dupe Seqnum",
- Input: []handshakeCacheItem{
- {0, true, 0, 0, []byte{0x00}},
- {1, true, 0, 1, []byte{0x01}},
- {1, true, 0, 1, []byte{0x01}},
- },
- Rule: []handshakeCachePullRule{
- {0, 0, true, false},
- {1, 0, true, false},
- },
- Expected: []byte{0x00, 0x01},
- },
- {
- Name: "Multi Push, Dupe Seqnum Client/Server",
- Input: []handshakeCacheItem{
- {0, true, 0, 0, []byte{0x00}},
- {1, true, 0, 1, []byte{0x01}},
- {1, false, 0, 1, []byte{0x02}},
- },
- Rule: []handshakeCachePullRule{
- {0, 0, true, false},
- {1, 0, true, false},
- {1, 0, false, false},
- },
- Expected: []byte{0x00, 0x01, 0x02},
- },
- {
- Name: "Multi Push, Dupe Seqnum with Unique HandshakeType",
- Input: []handshakeCacheItem{
- {1, true, 0, 0, []byte{0x00}},
- {2, true, 0, 1, []byte{0x01}},
- {3, false, 0, 0, []byte{0x02}},
- },
- Rule: []handshakeCachePullRule{
- {1, 0, true, false},
- {2, 0, true, false},
- {3, 0, false, false},
- },
- Expected: []byte{0x00, 0x01, 0x02},
- },
- {
- Name: "Multi Push, Wrong epoch",
- Input: []handshakeCacheItem{
- {1, true, 0, 0, []byte{0x00}},
- {2, true, 1, 1, []byte{0x01}},
- {2, true, 0, 2, []byte{0x11}},
- {3, false, 0, 0, []byte{0x02}},
- {3, false, 1, 0, []byte{0x12}},
- {3, false, 2, 0, []byte{0x12}},
- },
- Rule: []handshakeCachePullRule{
- {1, 0, true, false},
- {2, 1, true, false},
- {3, 0, false, false},
- },
- Expected: []byte{0x00, 0x01, 0x02},
- },
- } {
- h := newHandshakeCache()
- for _, i := range test.Input {
- h.push(i.data, i.epoch, i.messageSequence, i.typ, i.isClient)
- }
- verifyData := h.pullAndMerge(test.Rule...)
- if !bytes.Equal(verifyData, test.Expected) {
- t.Errorf("handshakeCache '%s' exp: % 02x actual % 02x", test.Name, test.Expected, verifyData)
- }
- }
-}
-
-func TestHandshakeCacheSessionHash(t *testing.T) {
- for _, test := range []struct {
- Name string
- Rule []handshakeCachePullRule
- Input []handshakeCacheItem
- Expected []byte
- }{
- {
- Name: "Standard Handshake",
- Input: []handshakeCacheItem{
- {handshake.TypeClientHello, true, 0, 0, []byte{0x00}},
- {handshake.TypeServerHello, false, 0, 1, []byte{0x01}},
- {handshake.TypeCertificate, false, 0, 2, []byte{0x02}},
- {handshake.TypeServerKeyExchange, false, 0, 3, []byte{0x03}},
- {handshake.TypeServerHelloDone, false, 0, 4, []byte{0x04}},
- {handshake.TypeClientKeyExchange, true, 0, 5, []byte{0x05}},
- },
- Expected: []byte{0x17, 0xe8, 0x8d, 0xb1, 0x87, 0xaf, 0xd6, 0x2c, 0x16, 0xe5, 0xde, 0xbf, 0x3e, 0x65, 0x27, 0xcd, 0x00, 0x6b, 0xc0, 0x12, 0xbc, 0x90, 0xb5, 0x1a, 0x81, 0x0c, 0xd8, 0x0c, 0x2d, 0x51, 0x1f, 0x43},
- },
- {
- Name: "Handshake With Client Cert Request",
- Input: []handshakeCacheItem{
- {handshake.TypeClientHello, true, 0, 0, []byte{0x00}},
- {handshake.TypeServerHello, false, 0, 1, []byte{0x01}},
- {handshake.TypeCertificate, false, 0, 2, []byte{0x02}},
- {handshake.TypeServerKeyExchange, false, 0, 3, []byte{0x03}},
- {handshake.TypeCertificateRequest, false, 0, 4, []byte{0x04}},
- {handshake.TypeServerHelloDone, false, 0, 5, []byte{0x05}},
- {handshake.TypeClientKeyExchange, true, 0, 6, []byte{0x06}},
- },
- Expected: []byte{0x57, 0x35, 0x5a, 0xc3, 0x30, 0x3c, 0x14, 0x8f, 0x11, 0xae, 0xf7, 0xcb, 0x17, 0x94, 0x56, 0xb9, 0x23, 0x2c, 0xde, 0x33, 0xa8, 0x18, 0xdf, 0xda, 0x2c, 0x2f, 0xcb, 0x93, 0x25, 0x74, 0x9a, 0x6b},
- },
- {
- Name: "Handshake Ignores after ClientKeyExchange",
- Input: []handshakeCacheItem{
- {handshake.TypeClientHello, true, 0, 0, []byte{0x00}},
- {handshake.TypeServerHello, false, 0, 1, []byte{0x01}},
- {handshake.TypeCertificate, false, 0, 2, []byte{0x02}},
- {handshake.TypeServerKeyExchange, false, 0, 3, []byte{0x03}},
- {handshake.TypeCertificateRequest, false, 0, 4, []byte{0x04}},
- {handshake.TypeServerHelloDone, false, 0, 5, []byte{0x05}},
- {handshake.TypeClientKeyExchange, true, 0, 6, []byte{0x06}},
- {handshake.TypeCertificateVerify, true, 0, 7, []byte{0x07}},
- {handshake.TypeFinished, true, 1, 7, []byte{0x08}},
- {handshake.TypeFinished, false, 1, 7, []byte{0x09}},
- },
- Expected: []byte{0x57, 0x35, 0x5a, 0xc3, 0x30, 0x3c, 0x14, 0x8f, 0x11, 0xae, 0xf7, 0xcb, 0x17, 0x94, 0x56, 0xb9, 0x23, 0x2c, 0xde, 0x33, 0xa8, 0x18, 0xdf, 0xda, 0x2c, 0x2f, 0xcb, 0x93, 0x25, 0x74, 0x9a, 0x6b},
- },
- {
- Name: "Handshake Ignores wrong epoch",
- Input: []handshakeCacheItem{
- {handshake.TypeClientHello, true, 0, 0, []byte{0x00}},
- {handshake.TypeServerHello, false, 0, 1, []byte{0x01}},
- {handshake.TypeCertificate, false, 0, 2, []byte{0x02}},
- {handshake.TypeServerKeyExchange, false, 0, 3, []byte{0x03}},
- {handshake.TypeCertificateRequest, false, 0, 4, []byte{0x04}},
- {handshake.TypeServerHelloDone, false, 0, 5, []byte{0x05}},
- {handshake.TypeClientKeyExchange, true, 0, 6, []byte{0x06}},
- {handshake.TypeCertificateVerify, true, 0, 7, []byte{0x07}},
- {handshake.TypeFinished, true, 0, 7, []byte{0xf0}},
- {handshake.TypeFinished, false, 0, 7, []byte{0xf1}},
- {handshake.TypeFinished, true, 1, 7, []byte{0x08}},
- {handshake.TypeFinished, false, 1, 7, []byte{0x09}},
- {handshake.TypeFinished, true, 0, 7, []byte{0xf0}},
- {handshake.TypeFinished, false, 0, 7, []byte{0xf1}},
- },
- Expected: []byte{0x57, 0x35, 0x5a, 0xc3, 0x30, 0x3c, 0x14, 0x8f, 0x11, 0xae, 0xf7, 0xcb, 0x17, 0x94, 0x56, 0xb9, 0x23, 0x2c, 0xde, 0x33, 0xa8, 0x18, 0xdf, 0xda, 0x2c, 0x2f, 0xcb, 0x93, 0x25, 0x74, 0x9a, 0x6b},
- },
- } {
- h := newHandshakeCache()
- for _, i := range test.Input {
- h.push(i.data, i.epoch, i.messageSequence, i.typ, i.isClient)
- }
-
- cipherSuite := ciphersuite.TLSEcdheEcdsaWithAes128GcmSha256{}
- verifyData, err := h.sessionHash(cipherSuite.HashFunc(), 0)
- if err != nil {
- t.Error(err)
- }
- if !bytes.Equal(verifyData, test.Expected) {
- t.Errorf("handshakeCacheSesssionHassh '%s' exp: % 02x actual % 02x", test.Name, test.Expected, verifyData)
- }
- }
-}
diff --git a/dtls-2.0.9/handshake_test.go b/dtls-2.0.9/handshake_test.go
deleted file mode 100644
index 2174d21..0000000
--- a/dtls-2.0.9/handshake_test.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package dtls
-
-import (
- "reflect"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
-)
-
-func TestHandshakeMessage(t *testing.T) {
- rawHandshakeMessage := []byte{
- 0x01, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0xfe, 0xfd, 0xb6,
- 0x2f, 0xce, 0x5c, 0x42, 0x54, 0xff, 0x86, 0xe1, 0x24, 0x41, 0x91, 0x42, 0x62, 0x15, 0xad,
- 0x16, 0xc9, 0x15, 0x8d, 0x95, 0x71, 0x8a, 0xbb, 0x22, 0xd7, 0x47, 0xec, 0xd8, 0x3d, 0xdc,
- 0x4b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- }
- parsedHandshake := &handshake.Handshake{
- Header: handshake.Header{
- Length: 0x29,
- FragmentLength: 0x29,
- Type: handshake.TypeClientHello,
- },
- Message: &handshake.MessageClientHello{
- Version: protocol.Version{Major: 0xFE, Minor: 0xFD},
- Random: handshake.Random{
- GMTUnixTime: time.Unix(3056586332, 0),
- RandomBytes: [28]byte{0x42, 0x54, 0xff, 0x86, 0xe1, 0x24, 0x41, 0x91, 0x42, 0x62, 0x15, 0xad, 0x16, 0xc9, 0x15, 0x8d, 0x95, 0x71, 0x8a, 0xbb, 0x22, 0xd7, 0x47, 0xec, 0xd8, 0x3d, 0xdc, 0x4b},
- },
- Cookie: []byte{},
- CipherSuiteIDs: []uint16{},
- CompressionMethods: []*protocol.CompressionMethod{},
- Extensions: []extension.Extension{},
- },
- }
-
- h := &handshake.Handshake{}
- if err := h.Unmarshal(rawHandshakeMessage); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(h, parsedHandshake) {
- t.Errorf("handshakeMessageClientHello unmarshal: got %#v, want %#v", h, parsedHandshake)
- }
-
- raw, err := h.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawHandshakeMessage) {
- t.Errorf("handshakeMessageClientHello marshal: got %#v, want %#v", raw, rawHandshakeMessage)
- }
-}
diff --git a/dtls-2.0.9/handshaker.go b/dtls-2.0.9/handshaker.go
deleted file mode 100644
index cea256c..0000000
--- a/dtls-2.0.9/handshaker.go
+++ /dev/null
@@ -1,343 +0,0 @@
-package dtls
-
-import (
- "context"
- "crypto/tls"
- "crypto/x509"
- "fmt"
- "io"
- "sync"
- "time"
-
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/logging"
-)
-
-// [RFC6347 Section-4.2.4]
-// +-----------+
-// +---> | PREPARING | <--------------------+
-// | +-----------+ |
-// | | |
-// | | Buffer next flight |
-// | | |
-// | \|/ |
-// | +-----------+ |
-// | | SENDING |<------------------+ | Send
-// | +-----------+ | | HelloRequest
-// Receive | | | |
-// next | | Send flight | | or
-// flight | +--------+ | |
-// | | | Set retransmit timer | | Receive
-// | | \|/ | | HelloRequest
-// | | +-----------+ | | Send
-// +--)--| WAITING |-------------------+ | ClientHello
-// | | +-----------+ Timer expires | |
-// | | | | |
-// | | +------------------------+ |
-// Receive | | Send Read retransmit |
-// last | | last |
-// flight | | flight |
-// | | |
-// \|/\|/ |
-// +-----------+ |
-// | FINISHED | -------------------------------+
-// +-----------+
-// | /|\
-// | |
-// +---+
-// Read retransmit
-// Retransmit last flight
-
-type handshakeState uint8
-
-const (
- handshakeErrored handshakeState = iota
- handshakePreparing
- handshakeSending
- handshakeWaiting
- handshakeFinished
-)
-
-func (s handshakeState) String() string {
- switch s {
- case handshakeErrored:
- return "Errored"
- case handshakePreparing:
- return "Preparing"
- case handshakeSending:
- return "Sending"
- case handshakeWaiting:
- return "Waiting"
- case handshakeFinished:
- return "Finished"
- default:
- return "Unknown"
- }
-}
-
-type handshakeFSM struct {
- currentFlight flightVal
- flights []*packet
- retransmit bool
- state *State
- cache *handshakeCache
- cfg *handshakeConfig
- closed chan struct{}
-}
-
-type handshakeConfig struct {
- localPSKCallback PSKCallback
- localPSKIdentityHint []byte
- localCiscoCompatCallback PSKCallback // TODO add cisco anyconnect support
- localCipherSuites []CipherSuite // Available CipherSuites
- localSignatureSchemes []signaturehash.Algorithm // Available signature schemes
- extendedMasterSecret ExtendedMasterSecretType // Policy for the Extended Master Support extension
- localSRTPProtectionProfiles []SRTPProtectionProfile // Available SRTPProtectionProfiles, if empty no SRTP support
- serverName string
- clientAuth ClientAuthType // If we are a client should we request a client certificate
- localCertificates []tls.Certificate
- nameToCertificate map[string]*tls.Certificate
- insecureSkipVerify bool
- verifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
- rootCAs *x509.CertPool
- clientCAs *x509.CertPool
- retransmitInterval time.Duration
- customCipherSuites func() []CipherSuite
-
- onFlightState func(flightVal, handshakeState)
- log logging.LeveledLogger
- keyLogWriter io.Writer
-
- initialEpoch uint16
-
- mu sync.Mutex
-}
-
-type flightConn interface {
- notify(ctx context.Context, level alert.Level, desc alert.Description) error
- writePackets(context.Context, []*packet) error
- recvHandshake() <-chan chan struct{}
- setLocalEpoch(epoch uint16)
- handleQueuedPackets(context.Context) error
-}
-
-func (c *handshakeConfig) writeKeyLog(label string, clientRandom, secret []byte) {
- if c.keyLogWriter == nil {
- return
- }
- c.mu.Lock()
- defer c.mu.Unlock()
- _, err := c.keyLogWriter.Write([]byte(fmt.Sprintf("%s %x %x\n", label, clientRandom, secret)))
- if err != nil {
- c.log.Debugf("failed to write key log file: %s", err)
- }
-}
-
-func srvCliStr(isClient bool) string {
- if isClient {
- return "client"
- }
- return "server"
-}
-
-func newHandshakeFSM(
- s *State, cache *handshakeCache, cfg *handshakeConfig,
- initialFlight flightVal,
-) *handshakeFSM {
- return &handshakeFSM{
- currentFlight: initialFlight,
- state: s,
- cache: cache,
- cfg: cfg,
- closed: make(chan struct{}),
- }
-}
-
-func (s *handshakeFSM) Run(ctx context.Context, c flightConn, initialState handshakeState) error {
- state := initialState
- defer func() {
- close(s.closed)
- }()
- for {
- s.cfg.log.Tracef("[handshake:%s] %s: %s", srvCliStr(s.state.isClient), s.currentFlight.String(), state.String())
- if s.cfg.onFlightState != nil {
- s.cfg.onFlightState(s.currentFlight, state)
- }
- var err error
- switch state {
- case handshakePreparing:
- state, err = s.prepare(ctx, c)
- case handshakeSending:
- state, err = s.send(ctx, c)
- case handshakeWaiting:
- state, err = s.wait(ctx, c)
- case handshakeFinished:
- state, err = s.finish(ctx, c)
- default:
- return errInvalidFSMTransition
- }
- if err != nil {
- return err
- }
-
- // TODO 添加 CiscoCompat 支持
- if s.cfg.localCiscoCompatCallback != nil {
- if s.currentFlight == flight4 && state == handshakeWaiting {
- s.currentFlight = flight6
- state = handshakePreparing
- }
- }
- }
-}
-
-func (s *handshakeFSM) Done() <-chan struct{} {
- return s.closed
-}
-
-func (s *handshakeFSM) prepare(ctx context.Context, c flightConn) (handshakeState, error) {
- s.flights = nil
- // Prepare flights
- var (
- a *alert.Alert
- err error
- pkts []*packet
- )
- gen, retransmit, errFlight := s.currentFlight.getFlightGenerator()
- if errFlight != nil {
- err = errFlight
- a = &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}
- } else {
- pkts, a, err = gen(c, s.state, s.cache, s.cfg)
- s.retransmit = retransmit
- }
- if a != nil {
- if alertErr := c.notify(ctx, a.Level, a.Description); alertErr != nil {
- if err != nil {
- err = alertErr
- }
- }
- }
- if err != nil {
- return handshakeErrored, err
- }
-
- s.flights = pkts
- epoch := s.cfg.initialEpoch
- nextEpoch := epoch
- for _, p := range s.flights {
- p.record.Header.Epoch += epoch
- if p.record.Header.Epoch > nextEpoch {
- nextEpoch = p.record.Header.Epoch
- }
- if h, ok := p.record.Content.(*handshake.Handshake); ok {
- h.Header.MessageSequence = uint16(s.state.handshakeSendSequence)
- s.state.handshakeSendSequence++
- }
- }
- if epoch != nextEpoch {
- s.cfg.log.Tracef("[handshake:%s] -> changeCipherSpec (epoch: %d)", srvCliStr(s.state.isClient), nextEpoch)
- c.setLocalEpoch(nextEpoch)
- }
- return handshakeSending, nil
-}
-
-func (s *handshakeFSM) send(ctx context.Context, c flightConn) (handshakeState, error) {
- // Send flights
- if err := c.writePackets(ctx, s.flights); err != nil {
- return handshakeErrored, err
- }
-
- if s.currentFlight.isLastSendFlight() {
- return handshakeFinished, nil
- }
- return handshakeWaiting, nil
-}
-
-func (s *handshakeFSM) wait(ctx context.Context, c flightConn) (handshakeState, error) { //nolint:gocognit
- parse, errFlight := s.currentFlight.getFlightParser()
- if errFlight != nil {
- if alertErr := c.notify(ctx, alert.Fatal, alert.InternalError); alertErr != nil {
- if errFlight != nil {
- return handshakeErrored, alertErr
- }
- }
- return handshakeErrored, errFlight
- }
-
- retransmitTimer := time.NewTimer(s.cfg.retransmitInterval)
- for {
- select {
- case done := <-c.recvHandshake():
- nextFlight, alert, err := parse(ctx, c, s.state, s.cache, s.cfg)
- close(done)
- if alert != nil {
- if alertErr := c.notify(ctx, alert.Level, alert.Description); alertErr != nil {
- if err != nil {
- err = alertErr
- }
- }
- }
- if err != nil {
- return handshakeErrored, err
- }
- if nextFlight == 0 {
- break
- }
- s.cfg.log.Tracef("[handshake:%s] %s -> %s", srvCliStr(s.state.isClient), s.currentFlight.String(), nextFlight.String())
- if nextFlight.isLastRecvFlight() && s.currentFlight == nextFlight {
- return handshakeFinished, nil
- }
- s.currentFlight = nextFlight
- return handshakePreparing, nil
-
- case <-retransmitTimer.C:
- if !s.retransmit {
- return handshakeWaiting, nil
- }
- return handshakeSending, nil
- case <-ctx.Done():
- return handshakeErrored, ctx.Err()
- }
- }
-}
-
-func (s *handshakeFSM) finish(ctx context.Context, c flightConn) (handshakeState, error) {
- parse, errFlight := s.currentFlight.getFlightParser()
- if errFlight != nil {
- if alertErr := c.notify(ctx, alert.Fatal, alert.InternalError); alertErr != nil {
- if errFlight != nil {
- return handshakeErrored, alertErr
- }
- }
- return handshakeErrored, errFlight
- }
-
- retransmitTimer := time.NewTimer(s.cfg.retransmitInterval)
- select {
- case done := <-c.recvHandshake():
- nextFlight, alert, err := parse(ctx, c, s.state, s.cache, s.cfg)
- close(done)
- if alert != nil {
- if alertErr := c.notify(ctx, alert.Level, alert.Description); alertErr != nil {
- if err != nil {
- err = alertErr
- }
- }
- }
- if err != nil {
- return handshakeErrored, err
- }
- if nextFlight == 0 {
- break
- }
- <-retransmitTimer.C
- // Retransmit last flight
- return handshakeSending, nil
-
- case <-ctx.Done():
- return handshakeErrored, ctx.Err()
- }
- return handshakeFinished, nil
-}
diff --git a/dtls-2.0.9/handshaker_test.go b/dtls-2.0.9/handshaker_test.go
deleted file mode 100644
index d26b987..0000000
--- a/dtls-2.0.9/handshaker_test.go
+++ /dev/null
@@ -1,277 +0,0 @@
-package dtls
-
-import (
- "bytes"
- "context"
- "crypto/tls"
- "sync"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
- "github.com/pion/logging"
- "github.com/pion/transport/test"
-)
-
-const nonZeroRetransmitInterval = 100 * time.Millisecond
-
-// Test that writes to the key log are in the correct format and only applies
-// when a key log writer is given.
-func TestWriteKeyLog(t *testing.T) {
- var buf bytes.Buffer
- cfg := handshakeConfig{
- keyLogWriter: &buf,
- }
- cfg.writeKeyLog("LABEL", []byte{0xAA, 0xBB, 0xCC}, []byte{0xDD, 0xEE, 0xFF})
-
- // Secrets follow the format <Label> <space> <ClientRandom> <space> <Secret>
- // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
- want := "LABEL aabbcc ddeeff\n"
- if buf.String() != want {
- t.Fatalf("Got %s want %s", buf.String(), want)
- }
-
- // no key log writer = no writes
- cfg = handshakeConfig{}
- cfg.writeKeyLog("LABEL", []byte{0xAA, 0xBB, 0xCC}, []byte{0xDD, 0xEE, 0xFF})
-}
-
-func TestHandshaker(t *testing.T) {
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- loggerFactory := logging.NewDefaultLoggerFactory()
- logger := loggerFactory.NewLogger("dtls")
-
- cipherSuites, err := parseCipherSuites(nil, nil, true, false)
- if err != nil {
- t.Fatal(err)
- }
- clientCert, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
-
- genFilters := map[string]func() (packetFilter, packetFilter, func(t *testing.T)){
- "PassThrough": func() (packetFilter, packetFilter, func(t *testing.T)) {
- return nil, nil, nil
- },
- "HelloVerifyRequestLost": func() (packetFilter, packetFilter, func(t *testing.T)) {
- var (
- cntHelloVerifyRequest = 0
- cntClientHelloNoCookie = 0
- )
- const helloVerifyDrop = 5
- return func(p *packet) bool {
- h, ok := p.record.Content.(*handshake.Handshake)
- if !ok {
- return true
- }
- if hmch, ok := h.Message.(*handshake.MessageClientHello); ok {
- if len(hmch.Cookie) == 0 {
- cntClientHelloNoCookie++
- }
- }
- return true
- },
- func(p *packet) bool {
- h, ok := p.record.Content.(*handshake.Handshake)
- if !ok {
- return true
- }
- if _, ok := h.Message.(*handshake.MessageHelloVerifyRequest); ok {
- cntHelloVerifyRequest++
- return cntHelloVerifyRequest > helloVerifyDrop
- }
- return true
- },
- func(t *testing.T) {
- if cntHelloVerifyRequest != helloVerifyDrop+1 {
- t.Errorf("Number of HelloVerifyRequest retransmit is wrong, expected: %d times, got: %d times", helloVerifyDrop+1, cntHelloVerifyRequest)
- }
- if cntClientHelloNoCookie != cntHelloVerifyRequest {
- t.Errorf(
- "HelloVerifyRequest must be triggered only by ClientHello, but HelloVerifyRequest was sent %d times and ClientHello was sent %d times",
- cntHelloVerifyRequest, cntClientHelloNoCookie,
- )
- }
- }
- },
- }
-
- for name, filters := range genFilters {
- f1, f2, report := filters()
- t.Run(name, func(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- if report != nil {
- defer report(t)
- }
-
- ca, cb := flightTestPipe(ctx, f1, f2)
- ca.state.isClient = true
-
- var wg sync.WaitGroup
- wg.Add(2)
-
- ctxCliFinished, cancelCli := context.WithCancel(ctx)
- ctxSrvFinished, cancelSrv := context.WithCancel(ctx)
- go func() {
- defer wg.Done()
- cfg := &handshakeConfig{
- localCipherSuites: cipherSuites,
- localCertificates: []tls.Certificate{clientCert},
- localSignatureSchemes: signaturehash.Algorithms(),
- insecureSkipVerify: true,
- log: logger,
- onFlightState: func(f flightVal, s handshakeState) {
- if s == handshakeFinished {
- cancelCli()
- }
- },
- retransmitInterval: nonZeroRetransmitInterval,
- }
-
- fsm := newHandshakeFSM(&ca.state, ca.handshakeCache, cfg, flight1)
- switch err := fsm.Run(ctx, ca, handshakePreparing); err {
- case context.Canceled:
- case context.DeadlineExceeded:
- t.Error("Timeout")
- default:
- t.Error(err)
- }
- }()
-
- go func() {
- defer wg.Done()
- cfg := &handshakeConfig{
- localCipherSuites: cipherSuites,
- localCertificates: []tls.Certificate{clientCert},
- localSignatureSchemes: signaturehash.Algorithms(),
- insecureSkipVerify: true,
- log: logger,
- onFlightState: func(f flightVal, s handshakeState) {
- if s == handshakeFinished {
- cancelSrv()
- }
- },
- retransmitInterval: nonZeroRetransmitInterval,
- }
-
- fsm := newHandshakeFSM(&cb.state, cb.handshakeCache, cfg, flight0)
- switch err := fsm.Run(ctx, cb, handshakePreparing); err {
- case context.Canceled:
- case context.DeadlineExceeded:
- t.Error("Timeout")
- default:
- t.Error(err)
- }
- }()
-
- <-ctxCliFinished.Done()
- <-ctxSrvFinished.Done()
-
- cancel()
- wg.Wait()
- })
- }
-}
-
-type packetFilter func(*packet) bool
-
-func flightTestPipe(ctx context.Context, filter1 packetFilter, filter2 packetFilter) (*flightTestConn, *flightTestConn) {
- ca := newHandshakeCache()
- cb := newHandshakeCache()
- chA := make(chan chan struct{})
- chB := make(chan chan struct{})
- return &flightTestConn{
- handshakeCache: ca,
- otherEndCache: cb,
- recv: chA,
- otherEndRecv: chB,
- done: ctx.Done(),
- filter: filter1,
- }, &flightTestConn{
- handshakeCache: cb,
- otherEndCache: ca,
- recv: chB,
- otherEndRecv: chA,
- done: ctx.Done(),
- filter: filter2,
- }
-}
-
-type flightTestConn struct {
- state State
- handshakeCache *handshakeCache
- recv chan chan struct{}
- done <-chan struct{}
- epoch uint16
-
- filter packetFilter
-
- otherEndCache *handshakeCache
- otherEndRecv chan chan struct{}
-}
-
-func (c *flightTestConn) recvHandshake() <-chan chan struct{} {
- return c.recv
-}
-
-func (c *flightTestConn) setLocalEpoch(epoch uint16) {
- c.epoch = epoch
-}
-
-func (c *flightTestConn) notify(ctx context.Context, level alert.Level, desc alert.Description) error {
- return nil
-}
-
-func (c *flightTestConn) writePackets(ctx context.Context, pkts []*packet) error {
- for _, p := range pkts {
- if c.filter != nil && !c.filter(p) {
- continue
- }
- if h, ok := p.record.Content.(*handshake.Handshake); ok {
- handshakeRaw, err := p.record.Marshal()
- if err != nil {
- return err
- }
-
- c.handshakeCache.push(handshakeRaw[recordlayer.HeaderSize:], p.record.Header.Epoch, h.Header.MessageSequence, h.Header.Type, c.state.isClient)
-
- content, err := h.Message.Marshal()
- if err != nil {
- return err
- }
- h.Header.Length = uint32(len(content))
- h.Header.FragmentLength = uint32(len(content))
- hdr, err := h.Header.Marshal()
- if err != nil {
- return err
- }
- c.otherEndCache.push(
- append(hdr, content...), p.record.Header.Epoch, h.Header.MessageSequence, h.Header.Type, c.state.isClient)
- }
- }
- go func() {
- select {
- case c.otherEndRecv <- make(chan struct{}):
- case <-c.done:
- }
- }()
-
- // Avoid deadlock on JS/WASM environment due to context switch problem.
- time.Sleep(10 * time.Millisecond)
-
- return nil
-}
-
-func (c *flightTestConn) handleQueuedPackets(ctx context.Context) error {
- return nil
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/aes_128_ccm.go b/dtls-2.0.9/internal/ciphersuite/aes_128_ccm.go
deleted file mode 100644
index dcc5379..0000000
--- a/dtls-2.0.9/internal/ciphersuite/aes_128_ccm.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package ciphersuite
-
-import (
- "crypto/sha256"
- "fmt"
- "hash"
- "sync/atomic"
-
- "github.com/pion/dtls/v2/pkg/crypto/ciphersuite"
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-// Aes128Ccm is a base class used by multiple AES-CCM Ciphers
-type Aes128Ccm struct {
- ccm atomic.Value // *cryptoCCM
- clientCertificateType clientcertificate.Type
- id ID
- psk bool
- cryptoCCMTagLen ciphersuite.CCMTagLen
-}
-
-func newAes128Ccm(clientCertificateType clientcertificate.Type, id ID, psk bool, cryptoCCMTagLen ciphersuite.CCMTagLen) *Aes128Ccm {
- return &Aes128Ccm{
- clientCertificateType: clientCertificateType,
- id: id,
- psk: psk,
- cryptoCCMTagLen: cryptoCCMTagLen,
- }
-}
-
-// CertificateType returns what type of certificate this CipherSuite exchanges
-func (c *Aes128Ccm) CertificateType() clientcertificate.Type {
- return c.clientCertificateType
-}
-
-// ID returns the ID of the CipherSuite
-func (c *Aes128Ccm) ID() ID {
- return c.id
-}
-
-func (c *Aes128Ccm) String() string {
- return c.id.String()
-}
-
-// HashFunc returns the hashing func for this CipherSuite
-func (c *Aes128Ccm) HashFunc() func() hash.Hash {
- return sha256.New
-}
-
-// AuthenticationType controls what authentication method is using during the handshake
-func (c *Aes128Ccm) AuthenticationType() AuthenticationType {
- if c.psk {
- return AuthenticationTypePreSharedKey
- }
- return AuthenticationTypeCertificate
-}
-
-// IsInitialized returns if the CipherSuite has keying material and can
-// encrypt/decrypt packets
-func (c *Aes128Ccm) IsInitialized() bool {
- return c.ccm.Load() != nil
-}
-
-// Init initializes the internal Cipher with keying material
-func (c *Aes128Ccm) Init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error {
- const (
- prfMacLen = 0
- prfKeyLen = 16
- prfIvLen = 4
- )
-
- keys, err := prf.GenerateEncryptionKeys(masterSecret, clientRandom, serverRandom, prfMacLen, prfKeyLen, prfIvLen, c.HashFunc())
- if err != nil {
- return err
- }
-
- var ccm *ciphersuite.CCM
- if isClient {
- ccm, err = ciphersuite.NewCCM(c.cryptoCCMTagLen, keys.ClientWriteKey, keys.ClientWriteIV, keys.ServerWriteKey, keys.ServerWriteIV)
- } else {
- ccm, err = ciphersuite.NewCCM(c.cryptoCCMTagLen, keys.ServerWriteKey, keys.ServerWriteIV, keys.ClientWriteKey, keys.ClientWriteIV)
- }
- c.ccm.Store(ccm)
-
- return err
-}
-
-// Encrypt encrypts a single TLS RecordLayer
-func (c *Aes128Ccm) Encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error) {
- ccm := c.ccm.Load()
- if ccm == nil {
- return nil, fmt.Errorf("%w, unable to encrypt", errCipherSuiteNotInit)
- }
-
- return ccm.(*ciphersuite.CCM).Encrypt(pkt, raw)
-}
-
-// Decrypt decrypts a single TLS RecordLayer
-func (c *Aes128Ccm) Decrypt(raw []byte) ([]byte, error) {
- ccm := c.ccm.Load()
- if ccm == nil {
- return nil, fmt.Errorf("%w, unable to decrypt", errCipherSuiteNotInit)
- }
-
- return ccm.(*ciphersuite.CCM).Decrypt(raw)
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/ciphersuite.go b/dtls-2.0.9/internal/ciphersuite/ciphersuite.go
deleted file mode 100644
index 3a4fb43..0000000
--- a/dtls-2.0.9/internal/ciphersuite/ciphersuite.go
+++ /dev/null
@@ -1,71 +0,0 @@
-// Package ciphersuite provides TLS Ciphers as registered with the IANA https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
-package ciphersuite
-
-import (
- "errors"
- "fmt"
-
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-var errCipherSuiteNotInit = &protocol.TemporaryError{Err: errors.New("CipherSuite has not been initialized")} //nolint:goerr113
-
-// ID is an ID for our supported CipherSuites
-type ID uint16
-
-func (i ID) String() string {
- switch i {
- case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
- return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
- case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
- return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
- return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
- return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
- case TLS_PSK_WITH_AES_128_CCM:
- return "TLS_PSK_WITH_AES_128_CCM"
- case TLS_PSK_WITH_AES_128_CCM_8:
- return "TLS_PSK_WITH_AES_128_CCM_8"
- case TLS_PSK_WITH_AES_128_GCM_SHA256:
- return "TLS_PSK_WITH_AES_128_GCM_SHA256"
- case TLS_PSK_WITH_AES_128_CBC_SHA256:
- return "TLS_PSK_WITH_AES_128_CBC_SHA256"
- default:
- return fmt.Sprintf("unknown(%v)", uint16(i))
- }
-}
-
-// Supported Cipher Suites
-const (
- // AES-128-CCM
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM ID = 0xc0ac //nolint:golint,stylecheck
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ID = 0xc0ae //nolint:golint,stylecheck
-
- // AES-128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ID = 0xc02b //nolint:golint,stylecheck
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ID = 0xc02f //nolint:golint,stylecheck
-
- // AES-256-CBC-SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ID = 0xc00a //nolint:golint,stylecheck
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ID = 0xc014 //nolint:golint,stylecheck
-
- TLS_PSK_WITH_AES_128_CCM ID = 0xc0a4 //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_128_CCM_8 ID = 0xc0a8 //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_128_GCM_SHA256 ID = 0x00a8 //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_128_CBC_SHA256 ID = 0x00ae //nolint:golint,stylecheck
-)
-
-// AuthenticationType controls what authentication method is using during the handshake
-type AuthenticationType int
-
-// AuthenticationType Enums
-const (
- AuthenticationTypeCertificate AuthenticationType = iota + 1
- AuthenticationTypePreSharedKey
- AuthenticationTypeAnonymous
-)
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_ccm.go b/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_ccm.go
deleted file mode 100644
index ac73556..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_ccm.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package ciphersuite
-
-import (
- "github.com/pion/dtls/v2/pkg/crypto/ciphersuite"
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
-)
-
-// NewTLSEcdheEcdsaWithAes128Ccm constructs a TLS_ECDHE_ECDSA_WITH_AES_128_CCM Cipher
-func NewTLSEcdheEcdsaWithAes128Ccm() *Aes128Ccm {
- return newAes128Ccm(clientcertificate.ECDSASign, TLS_ECDHE_ECDSA_WITH_AES_128_CCM, false, ciphersuite.CCMTagLength)
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_ccm8.go b/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_ccm8.go
deleted file mode 100644
index 49b1a83..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_ccm8.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package ciphersuite
-
-import (
- "github.com/pion/dtls/v2/pkg/crypto/ciphersuite"
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
-)
-
-// NewTLSEcdheEcdsaWithAes128Ccm8 creates a new TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 CipherSuite
-func NewTLSEcdheEcdsaWithAes128Ccm8() *Aes128Ccm {
- return newAes128Ccm(clientcertificate.ECDSASign, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, false, ciphersuite.CCMTagLength8)
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go b/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go
deleted file mode 100644
index b491320..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package ciphersuite
-
-import (
- "crypto/sha256"
- "fmt"
- "hash"
- "sync/atomic"
-
- "github.com/pion/dtls/v2/pkg/crypto/ciphersuite"
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-// TLSEcdheEcdsaWithAes128GcmSha256 represents a TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 CipherSuite
-type TLSEcdheEcdsaWithAes128GcmSha256 struct {
- gcm atomic.Value // *cryptoGCM
-}
-
-// CertificateType returns what type of certficate this CipherSuite exchanges
-func (c *TLSEcdheEcdsaWithAes128GcmSha256) CertificateType() clientcertificate.Type {
- return clientcertificate.ECDSASign
-}
-
-// ID returns the ID of the CipherSuite
-func (c *TLSEcdheEcdsaWithAes128GcmSha256) ID() ID {
- return TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-}
-
-func (c *TLSEcdheEcdsaWithAes128GcmSha256) String() string {
- return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
-}
-
-// HashFunc returns the hashing func for this CipherSuite
-func (c *TLSEcdheEcdsaWithAes128GcmSha256) HashFunc() func() hash.Hash {
- return sha256.New
-}
-
-// AuthenticationType controls what authentication method is using during the handshake
-func (c *TLSEcdheEcdsaWithAes128GcmSha256) AuthenticationType() AuthenticationType {
- return AuthenticationTypeCertificate
-}
-
-// IsInitialized returns if the CipherSuite has keying material and can
-// encrypt/decrypt packets
-func (c *TLSEcdheEcdsaWithAes128GcmSha256) IsInitialized() bool {
- return c.gcm.Load() != nil
-}
-
-// Init initializes the internal Cipher with keying material
-func (c *TLSEcdheEcdsaWithAes128GcmSha256) Init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error {
- const (
- prfMacLen = 0
- prfKeyLen = 16
- prfIvLen = 4
- )
-
- keys, err := prf.GenerateEncryptionKeys(masterSecret, clientRandom, serverRandom, prfMacLen, prfKeyLen, prfIvLen, c.HashFunc())
- if err != nil {
- return err
- }
-
- var gcm *ciphersuite.GCM
- if isClient {
- gcm, err = ciphersuite.NewGCM(keys.ClientWriteKey, keys.ClientWriteIV, keys.ServerWriteKey, keys.ServerWriteIV)
- } else {
- gcm, err = ciphersuite.NewGCM(keys.ServerWriteKey, keys.ServerWriteIV, keys.ClientWriteKey, keys.ClientWriteIV)
- }
- c.gcm.Store(gcm)
-
- return err
-}
-
-// Encrypt encrypts a single TLS RecordLayer
-func (c *TLSEcdheEcdsaWithAes128GcmSha256) Encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error) {
- gcm := c.gcm.Load()
- if gcm == nil {
- return nil, fmt.Errorf("%w, unable to encrypt", errCipherSuiteNotInit)
- }
-
- return gcm.(*ciphersuite.GCM).Encrypt(pkt, raw)
-}
-
-// Decrypt decrypts a single TLS RecordLayer
-func (c *TLSEcdheEcdsaWithAes128GcmSha256) Decrypt(raw []byte) ([]byte, error) {
- gcm := c.gcm.Load()
- if gcm == nil {
- return nil, fmt.Errorf("%w, unable to decrypt", errCipherSuiteNotInit)
- }
-
- return gcm.(*ciphersuite.GCM).Decrypt(raw)
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_256_cbc_sha.go b/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_256_cbc_sha.go
deleted file mode 100644
index f7a33ad..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_ecdsa_with_aes_256_cbc_sha.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package ciphersuite
-
-import (
- "crypto/sha1" //nolint: gosec,gci
- "crypto/sha256"
- "fmt"
- "hash"
- "sync/atomic"
-
- "github.com/pion/dtls/v2/pkg/crypto/ciphersuite"
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-// TLSEcdheEcdsaWithAes256CbcSha represents a TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CipherSuite
-type TLSEcdheEcdsaWithAes256CbcSha struct {
- cbc atomic.Value // *cryptoCBC
-}
-
-// CertificateType returns what type of certficate this CipherSuite exchanges
-func (c *TLSEcdheEcdsaWithAes256CbcSha) CertificateType() clientcertificate.Type {
- return clientcertificate.ECDSASign
-}
-
-// ID returns the ID of the CipherSuite
-func (c *TLSEcdheEcdsaWithAes256CbcSha) ID() ID {
- return TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-}
-
-func (c *TLSEcdheEcdsaWithAes256CbcSha) String() string {
- return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
-}
-
-// HashFunc returns the hashing func for this CipherSuite
-func (c *TLSEcdheEcdsaWithAes256CbcSha) HashFunc() func() hash.Hash {
- return sha256.New
-}
-
-// AuthenticationType controls what authentication method is using during the handshake
-func (c *TLSEcdheEcdsaWithAes256CbcSha) AuthenticationType() AuthenticationType {
- return AuthenticationTypeCertificate
-}
-
-// IsInitialized returns if the CipherSuite has keying material and can
-// encrypt/decrypt packets
-func (c *TLSEcdheEcdsaWithAes256CbcSha) IsInitialized() bool {
- return c.cbc.Load() != nil
-}
-
-// Init initializes the internal Cipher with keying material
-func (c *TLSEcdheEcdsaWithAes256CbcSha) Init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error {
- const (
- prfMacLen = 20
- prfKeyLen = 32
- prfIvLen = 16
- )
-
- keys, err := prf.GenerateEncryptionKeys(masterSecret, clientRandom, serverRandom, prfMacLen, prfKeyLen, prfIvLen, c.HashFunc())
- if err != nil {
- return err
- }
-
- var cbc *ciphersuite.CBC
- if isClient {
- cbc, err = ciphersuite.NewCBC(
- keys.ClientWriteKey, keys.ClientWriteIV, keys.ClientMACKey,
- keys.ServerWriteKey, keys.ServerWriteIV, keys.ServerMACKey,
- sha1.New,
- )
- } else {
- cbc, err = ciphersuite.NewCBC(
- keys.ServerWriteKey, keys.ServerWriteIV, keys.ServerMACKey,
- keys.ClientWriteKey, keys.ClientWriteIV, keys.ClientMACKey,
- sha1.New,
- )
- }
- c.cbc.Store(cbc)
-
- return err
-}
-
-// Encrypt encrypts a single TLS RecordLayer
-func (c *TLSEcdheEcdsaWithAes256CbcSha) Encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error) {
- cbc := c.cbc.Load()
- if cbc == nil { // !c.isInitialized()
- return nil, fmt.Errorf("%w, unable to encrypt", errCipherSuiteNotInit)
- }
-
- return cbc.(*ciphersuite.CBC).Encrypt(pkt, raw)
-}
-
-// Decrypt decrypts a single TLS RecordLayer
-func (c *TLSEcdheEcdsaWithAes256CbcSha) Decrypt(raw []byte) ([]byte, error) {
- cbc := c.cbc.Load()
- if cbc == nil { // !c.isInitialized()
- return nil, fmt.Errorf("%w, unable to decrypt", errCipherSuiteNotInit)
- }
-
- return cbc.(*ciphersuite.CBC).Decrypt(raw)
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_rsa_with_aes_128_gcm_sha256.go b/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_rsa_with_aes_128_gcm_sha256.go
deleted file mode 100644
index 70400c3..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_rsa_with_aes_128_gcm_sha256.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package ciphersuite
-
-import "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
-
-// TLSEcdheRsaWithAes128GcmSha256 implements the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 CipherSuite
-type TLSEcdheRsaWithAes128GcmSha256 struct {
- TLSEcdheEcdsaWithAes128GcmSha256
-}
-
-// CertificateType returns what type of certificate this CipherSuite exchanges
-func (c *TLSEcdheRsaWithAes128GcmSha256) CertificateType() clientcertificate.Type {
- return clientcertificate.RSASign
-}
-
-// ID returns the ID of the CipherSuite
-func (c *TLSEcdheRsaWithAes128GcmSha256) ID() ID {
- return TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-}
-
-func (c *TLSEcdheRsaWithAes128GcmSha256) String() string {
- return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_rsa_with_aes_256_cbc_sha.go b/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_rsa_with_aes_256_cbc_sha.go
deleted file mode 100644
index 0d82dc3..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_ecdhe_rsa_with_aes_256_cbc_sha.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package ciphersuite
-
-import "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
-
-// TLSEcdheRsaWithAes256CbcSha implements the TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA CipherSuite
-type TLSEcdheRsaWithAes256CbcSha struct {
- TLSEcdheEcdsaWithAes256CbcSha
-}
-
-// CertificateType returns what type of certificate this CipherSuite exchanges
-func (c *TLSEcdheRsaWithAes256CbcSha) CertificateType() clientcertificate.Type {
- return clientcertificate.RSASign
-}
-
-// ID returns the ID of the CipherSuite
-func (c *TLSEcdheRsaWithAes256CbcSha) ID() ID {
- return TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-}
-
-func (c *TLSEcdheRsaWithAes256CbcSha) String() string {
- return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_cbc_sha256.go b/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_cbc_sha256.go
deleted file mode 100644
index 43e5e38..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_cbc_sha256.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package ciphersuite
-
-import (
- "crypto/sha256"
- "fmt"
- "hash"
- "sync/atomic"
-
- "github.com/pion/dtls/v2/pkg/crypto/ciphersuite"
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-// TLSPskWithAes128CbcSha256 implements the TLS_PSK_WITH_AES_128_CBC_SHA256 CipherSuite
-type TLSPskWithAes128CbcSha256 struct {
- cbc atomic.Value // *cryptoCBC
-}
-
-// CertificateType returns what type of certificate this CipherSuite exchanges
-func (c *TLSPskWithAes128CbcSha256) CertificateType() clientcertificate.Type {
- return clientcertificate.Type(0)
-}
-
-// ID returns the ID of the CipherSuite
-func (c *TLSPskWithAes128CbcSha256) ID() ID {
- return TLS_PSK_WITH_AES_128_CBC_SHA256
-}
-
-func (c *TLSPskWithAes128CbcSha256) String() string {
- return "TLS_PSK_WITH_AES_128_CBC_SHA256"
-}
-
-// HashFunc returns the hashing func for this CipherSuite
-func (c *TLSPskWithAes128CbcSha256) HashFunc() func() hash.Hash {
- return sha256.New
-}
-
-// AuthenticationType controls what authentication method is using during the handshake
-func (c *TLSPskWithAes128CbcSha256) AuthenticationType() AuthenticationType {
- return AuthenticationTypePreSharedKey
-}
-
-// IsInitialized returns if the CipherSuite has keying material and can
-// encrypt/decrypt packets
-func (c *TLSPskWithAes128CbcSha256) IsInitialized() bool {
- return c.cbc.Load() != nil
-}
-
-// Init initializes the internal Cipher with keying material
-func (c *TLSPskWithAes128CbcSha256) Init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error {
- const (
- prfMacLen = 32
- prfKeyLen = 16
- prfIvLen = 16
- )
-
- keys, err := prf.GenerateEncryptionKeys(masterSecret, clientRandom, serverRandom, prfMacLen, prfKeyLen, prfIvLen, c.HashFunc())
- if err != nil {
- return err
- }
-
- var cbc *ciphersuite.CBC
- if isClient {
- cbc, err = ciphersuite.NewCBC(
- keys.ClientWriteKey, keys.ClientWriteIV, keys.ClientMACKey,
- keys.ServerWriteKey, keys.ServerWriteIV, keys.ServerMACKey,
- c.HashFunc(),
- )
- } else {
- cbc, err = ciphersuite.NewCBC(
- keys.ServerWriteKey, keys.ServerWriteIV, keys.ServerMACKey,
- keys.ClientWriteKey, keys.ClientWriteIV, keys.ClientMACKey,
- c.HashFunc(),
- )
- }
- c.cbc.Store(cbc)
-
- return err
-}
-
-// Encrypt encrypts a single TLS RecordLayer
-func (c *TLSPskWithAes128CbcSha256) Encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error) {
- cbc := c.cbc.Load()
- if cbc == nil { // !c.isInitialized()
- return nil, fmt.Errorf("%w, unable to decrypt", errCipherSuiteNotInit)
- }
-
- return cbc.(*ciphersuite.CBC).Encrypt(pkt, raw)
-}
-
-// Decrypt decrypts a single TLS RecordLayer
-func (c *TLSPskWithAes128CbcSha256) Decrypt(raw []byte) ([]byte, error) {
- cbc := c.cbc.Load()
- if cbc == nil { // !c.isInitialized()
- return nil, fmt.Errorf("%w, unable to decrypt", errCipherSuiteNotInit)
- }
-
- return cbc.(*ciphersuite.CBC).Decrypt(raw)
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_ccm.go b/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_ccm.go
deleted file mode 100644
index 8c13bb1..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_ccm.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package ciphersuite
-
-import (
- "github.com/pion/dtls/v2/pkg/crypto/ciphersuite"
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
-)
-
-// NewTLSPskWithAes128Ccm returns the TLS_PSK_WITH_AES_128_CCM CipherSuite
-func NewTLSPskWithAes128Ccm() *Aes128Ccm {
- return newAes128Ccm(clientcertificate.Type(0), TLS_PSK_WITH_AES_128_CCM, true, ciphersuite.CCMTagLength)
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_ccm8.go b/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_ccm8.go
deleted file mode 100644
index d04abb4..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_ccm8.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package ciphersuite
-
-import (
- "github.com/pion/dtls/v2/pkg/crypto/ciphersuite"
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
-)
-
-// NewTLSPskWithAes128Ccm8 returns the TLS_PSK_WITH_AES_128_CCM_8 CipherSuite
-func NewTLSPskWithAes128Ccm8() *Aes128Ccm {
- return newAes128Ccm(clientcertificate.Type(0), TLS_PSK_WITH_AES_128_CCM_8, true, ciphersuite.CCMTagLength8)
-}
diff --git a/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_gcm_sha256.go b/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_gcm_sha256.go
deleted file mode 100644
index 5f10335..0000000
--- a/dtls-2.0.9/internal/ciphersuite/tls_psk_with_aes_128_gcm_sha256.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package ciphersuite
-
-import "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
-
-// TLSPskWithAes128GcmSha256 implements the TLS_PSK_WITH_AES_128_GCM_SHA256 CipherSuite
-type TLSPskWithAes128GcmSha256 struct {
- TLSEcdheEcdsaWithAes128GcmSha256
-}
-
-// CertificateType returns what type of certificate this CipherSuite exchanges
-func (c *TLSPskWithAes128GcmSha256) CertificateType() clientcertificate.Type {
- return clientcertificate.Type(0)
-}
-
-// ID returns the ID of the CipherSuite
-func (c *TLSPskWithAes128GcmSha256) ID() ID {
- return TLS_PSK_WITH_AES_128_GCM_SHA256
-}
-
-func (c *TLSPskWithAes128GcmSha256) String() string {
- return "TLS_PSK_WITH_AES_128_GCM_SHA256"
-}
-
-// AuthenticationType controls what authentication method is using during the handshake
-func (c *TLSPskWithAes128GcmSha256) AuthenticationType() AuthenticationType {
- return AuthenticationTypePreSharedKey
-}
diff --git a/dtls-2.0.9/internal/closer/closer.go b/dtls-2.0.9/internal/closer/closer.go
deleted file mode 100644
index b99e13e..0000000
--- a/dtls-2.0.9/internal/closer/closer.go
+++ /dev/null
@@ -1,45 +0,0 @@
-// Package closer provides signaling channel for shutdown
-package closer
-
-import (
- "context"
-)
-
-// Closer allows for each signaling a channel for shutdown
-type Closer struct {
- ctx context.Context
- closeFunc func()
-}
-
-// NewCloser creates a new instance of Closer
-func NewCloser() *Closer {
- ctx, closeFunc := context.WithCancel(context.Background())
- return &Closer{
- ctx: ctx,
- closeFunc: closeFunc,
- }
-}
-
-// NewCloserWithParent creates a new instance of Closer with a parent context
-func NewCloserWithParent(ctx context.Context) *Closer {
- ctx, closeFunc := context.WithCancel(ctx)
- return &Closer{
- ctx: ctx,
- closeFunc: closeFunc,
- }
-}
-
-// Done returns a channel signaling when it is done
-func (c *Closer) Done() <-chan struct{} {
- return c.ctx.Done()
-}
-
-// Err returns an error of the context
-func (c *Closer) Err() error {
- return c.ctx.Err()
-}
-
-// Close sends a signal to trigger the ctx done channel
-func (c *Closer) Close() {
- c.closeFunc()
-}
diff --git a/dtls-2.0.9/internal/net/dpipe/dpipe.go b/dtls-2.0.9/internal/net/dpipe/dpipe.go
deleted file mode 100644
index c68270a..0000000
--- a/dtls-2.0.9/internal/net/dpipe/dpipe.go
+++ /dev/null
@@ -1,144 +0,0 @@
-// Package dpipe provides the pipe works like datagram protocol on memory.
-package dpipe
-
-import (
- "context"
- "io"
- "net"
- "sync"
- "time"
-
- "github.com/pion/transport/deadline"
-)
-
-// Pipe creates pair of non-stream conn on memory.
-// Close of the one end doesn't make effect to the other end.
-func Pipe() (net.Conn, net.Conn) {
- ch0 := make(chan []byte, 1000)
- ch1 := make(chan []byte, 1000)
- return &conn{
- rCh: ch0,
- wCh: ch1,
- closed: make(chan struct{}),
- closing: make(chan struct{}),
- readDeadline: deadline.New(),
- writeDeadline: deadline.New(),
- }, &conn{
- rCh: ch1,
- wCh: ch0,
- closed: make(chan struct{}),
- closing: make(chan struct{}),
- readDeadline: deadline.New(),
- writeDeadline: deadline.New(),
- }
-}
-
-type pipeAddr struct{}
-
-func (pipeAddr) Network() string { return "pipe" }
-func (pipeAddr) String() string { return ":1" }
-
-type conn struct {
- rCh chan []byte
- wCh chan []byte
- closed chan struct{}
- closing chan struct{}
- closeOnce sync.Once
-
- readDeadline *deadline.Deadline
- writeDeadline *deadline.Deadline
-}
-
-func (*conn) LocalAddr() net.Addr { return pipeAddr{} }
-func (*conn) RemoteAddr() net.Addr { return pipeAddr{} }
-
-func (c *conn) SetDeadline(t time.Time) error {
- c.readDeadline.Set(t)
- c.writeDeadline.Set(t)
- return nil
-}
-
-func (c *conn) SetReadDeadline(t time.Time) error {
- c.readDeadline.Set(t)
- return nil
-}
-
-func (c *conn) SetWriteDeadline(t time.Time) error {
- c.writeDeadline.Set(t)
- return nil
-}
-
-func (c *conn) Read(data []byte) (n int, err error) {
- select {
- case <-c.closed:
- return 0, io.EOF
- case <-c.closing:
- if len(c.rCh) == 0 {
- return 0, io.EOF
- }
- case <-c.readDeadline.Done():
- return 0, context.DeadlineExceeded
- default:
- }
-
- for {
- select {
- case d := <-c.rCh:
- if len(d) <= len(data) {
- copy(data, d)
- return len(d), nil
- }
- copy(data, d[:len(data)])
- return len(data), nil
- case <-c.closed:
- return 0, io.EOF
- case <-c.closing:
- if len(c.rCh) == 0 {
- return 0, io.EOF
- }
- case <-c.readDeadline.Done():
- return 0, context.DeadlineExceeded
- }
- }
-}
-
-func (c *conn) cleanWriteBuffer() {
- for {
- select {
- case <-c.wCh:
- default:
- return
- }
- }
-}
-
-func (c *conn) Write(data []byte) (n int, err error) {
- select {
- case <-c.closed:
- return 0, io.ErrClosedPipe
- case <-c.writeDeadline.Done():
- c.cleanWriteBuffer()
- return 0, context.DeadlineExceeded
- default:
- }
-
- cData := make([]byte, len(data))
- copy(cData, data)
-
- select {
- case <-c.closed:
- return 0, io.ErrClosedPipe
- case <-c.writeDeadline.Done():
- c.cleanWriteBuffer()
- return 0, context.DeadlineExceeded
- case c.wCh <- cData:
- return len(cData), nil
- }
-}
-
-func (c *conn) Close() error {
- c.closeOnce.Do(func() {
- close(c.closed)
- })
- return nil
-}
diff --git a/dtls-2.0.9/internal/net/dpipe/dpipe_test.go b/dtls-2.0.9/internal/net/dpipe/dpipe_test.go
deleted file mode 100644
index c9c9a3d..0000000
--- a/dtls-2.0.9/internal/net/dpipe/dpipe_test.go
+++ /dev/null
@@ -1,106 +0,0 @@
-// +build !js
-
-package dpipe
-
-import (
- "bytes"
- "errors"
- "io"
- "net"
- "testing"
- "time"
-
- "golang.org/x/net/nettest"
-)
-
-func TestNetTest(t *testing.T) {
- nettest.TestConn(t, func() (net.Conn, net.Conn, func(), error) {
- ca, cb := Pipe()
- return &closePropagator{ca.(*conn), cb.(*conn)},
- &closePropagator{cb.(*conn), ca.(*conn)},
- func() {
- _ = ca.Close()
- _ = cb.Close()
- }, nil
- })
-}
-
-type closePropagator struct {
- *conn
- otherEnd *conn
-}
-
-func (c *closePropagator) Close() error {
- close(c.otherEnd.closing)
- return c.conn.Close()
-}
-
-func TestPipe(t *testing.T) {
- ca, cb := Pipe()
-
- testData := []byte{0x01, 0x02}
-
- for name, cond := range map[string]struct {
- ca net.Conn
- cb net.Conn
- }{
- "AtoB": {ca, cb},
- "BtoA": {cb, ca},
- } {
- c0 := cond.ca
- c1 := cond.cb
- t.Run(name, func(t *testing.T) {
- switch n, err := c0.Write(testData); {
- case err != nil:
- t.Errorf("Unexpected error on Write: %v", err)
- case n != len(testData):
- t.Errorf("Expected to write %d bytes, wrote %d bytes", len(testData), n)
- }
-
- readData := make([]byte, 4)
- switch n, err := c1.Read(readData); {
- case err != nil:
- t.Errorf("Unexpected error on Write: %v", err)
- case n != len(testData):
- t.Errorf("Expected to read %d bytes, got %d bytes", len(testData), n)
- case !bytes.Equal(testData, readData[0:n]):
- t.Errorf("Expected to read %v, got %v", testData, readData[0:n])
- }
- })
- }
-
- if err := ca.Close(); err != nil {
- t.Errorf("Unexpected error on Close: %v", err)
- }
- if _, err := ca.Write(testData); !errors.Is(err, io.ErrClosedPipe) {
- t.Errorf("Write to closed conn should fail with %v, got %v", io.ErrClosedPipe, err)
- }
-
- // Other side should be writable.
- if _, err := cb.Write(testData); err != nil {
- t.Errorf("Unexpected error on Write: %v", err)
- }
-
- readData := make([]byte, 4)
- if _, err := ca.Read(readData); !errors.Is(err, io.EOF) {
- t.Errorf("Read from closed conn should fail with %v, got %v", io.EOF, err)
- }
-
- // Other side should be readable.
- readDone := make(chan struct{})
- go func() {
- readData := make([]byte, 4)
- if n, err := cb.Read(readData); err == nil {
- t.Errorf("Unexpected data %v was arrived to orphaned conn", readData[:n])
- }
- close(readDone)
- }()
- select {
- case <-readDone:
- t.Errorf("Read should be blocked if the other side is closed")
- case <-time.After(10 * time.Millisecond):
- }
- if err := cb.Close(); err != nil {
- t.Errorf("Unexpected error on Close: %v", err)
- }
-}
diff --git a/dtls-2.0.9/internal/util/util.go b/dtls-2.0.9/internal/util/util.go
deleted file mode 100644
index 746a670..0000000
--- a/dtls-2.0.9/internal/util/util.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Package util contains small helpers used across the repo
-package util
-
-import (
- "encoding/binary"
-)
-
-// BigEndianUint24 returns the value of a big endian uint24
-func BigEndianUint24(raw []byte) uint32 {
- if len(raw) < 3 {
- return 0
- }
-
- rawCopy := make([]byte, 4)
- copy(rawCopy[1:], raw)
- return binary.BigEndian.Uint32(rawCopy)
-}
-
-// PutBigEndianUint24 encodes a uint24 and places into out
-func PutBigEndianUint24(out []byte, in uint32) {
- tmp := make([]byte, 4)
- binary.BigEndian.PutUint32(tmp, in)
- copy(out, tmp[1:])
-}
-
-// PutBigEndianUint48 encodes a uint64 and places into out
-func PutBigEndianUint48(out []byte, in uint64) {
- tmp := make([]byte, 8)
- binary.BigEndian.PutUint64(tmp, in)
- copy(out, tmp[2:])
-}
-
-// Max returns the larger value
-func Max(a, b int) int {
- if a > b {
- return a
- }
- return b
-}
diff --git a/dtls-2.0.9/listener.go b/dtls-2.0.9/listener.go
deleted file mode 100644
index bf80345..0000000
--- a/dtls-2.0.9/listener.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package dtls
-
-import (
- "net"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
- "github.com/pion/udp"
-)
-
-// Listen creates a DTLS listener
-func Listen(network string, laddr *net.UDPAddr, config *Config) (net.Listener, error) {
- if err := validateConfig(config); err != nil {
- return nil, err
- }
-
- lc := udp.ListenConfig{
- AcceptFilter: func(packet []byte) bool {
- pkts, err := recordlayer.UnpackDatagram(packet)
- if err != nil || len(pkts) < 1 {
- return false
- }
- h := &recordlayer.Header{}
- if err := h.Unmarshal(pkts[0]); err != nil {
- return false
- }
- return h.ContentType == protocol.ContentTypeHandshake
- },
- }
- parent, err := lc.Listen(network, laddr)
- if err != nil {
- return nil, err
- }
- return &listener{
- config: config,
- parent: parent,
- }, nil
-}
-
-// NewListener creates a DTLS listener which accepts connections from an inner Listener.
-func NewListener(inner net.Listener, config *Config) (net.Listener, error) {
- if err := validateConfig(config); err != nil {
- return nil, err
- }
-
- return &listener{
- config: config,
- parent: inner,
- }, nil
-}
-
-// listener represents a DTLS listener
-type listener struct {
- config *Config
- parent net.Listener
-}
-
-// Accept waits for and returns the next connection to the listener.
-// You have to either close or read on all connection that are created.
-// Connection handshake will timeout using ConnectContextMaker in the Config.
-// If you want to specify the timeout duration, set ConnectContextMaker.
-func (l *listener) Accept() (net.Conn, error) {
- c, err := l.parent.Accept()
- if err != nil {
- return nil, err
- }
- return Server(c, l.config)
-}
-
-// Close closes the listener.
-// Any blocked Accept operations will be unblocked and return errors.
-// Already Accepted connections are not closed.
-func (l *listener) Close() error {
- return l.parent.Close()
-}
-
-// Addr returns the listener's network address.
-func (l *listener) Addr() net.Addr {
- return l.parent.Addr()
-}
diff --git a/dtls-2.0.9/nettest_test.go b/dtls-2.0.9/nettest_test.go
deleted file mode 100644
index 22bd955..0000000
--- a/dtls-2.0.9/nettest_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// +build !js
-
-package dtls
-
-import (
- "net"
- "testing"
- "time"
-
- "github.com/pion/transport/test"
- "golang.org/x/net/nettest"
-)
-
-func TestNetTest(t *testing.T) {
- lim := test.TimeOut(time.Minute*1 + time.Second*10)
- defer lim.Stop()
-
- nettest.TestConn(t, func() (c1, c2 net.Conn, stop func(), err error) {
- c1, c2, err = pipeMemory()
- if err != nil {
- return nil, nil, nil, err
- }
- stop = func() {
- _ = c1.Close()
- _ = c2.Close()
- }
- return
- })
-}
diff --git a/dtls-2.0.9/packet.go b/dtls-2.0.9/packet.go
deleted file mode 100644
index 8366a3c..0000000
--- a/dtls-2.0.9/packet.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package dtls
-
-import "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-
-type packet struct {
- record *recordlayer.RecordLayer
- shouldEncrypt bool
- resetLocalSequenceNumber bool
-}
diff --git a/dtls-2.0.9/pkg/crypto/ccm/ccm.go b/dtls-2.0.9/pkg/crypto/ccm/ccm.go
deleted file mode 100644
index 20e3436..0000000
--- a/dtls-2.0.9/pkg/crypto/ccm/ccm.go
+++ /dev/null
@@ -1,251 +0,0 @@
-// Package ccm implements a CCM, Counter with CBC-MAC
-// as per RFC 3610.
-//
-// See https://tools.ietf.org/html/rfc3610
-//
-// This code was lifted from https://github.com/bocajim/dtls/blob/a3300364a283fcb490d28a93d7fcfa7ba437fbbe/ccm/ccm.go
-// and as such was not written by the Pions authors. Like Pions this
-// code is licensed under MIT.
-//
-// A request for including CCM into the Go standard library
-// can be found as issue #27484 on the https://github.com/golang/go/
-// repository.
-package ccm
-
-import (
- "crypto/cipher"
- "crypto/subtle"
- "encoding/binary"
- "errors"
- "math"
-)
-
-// ccm represents a Counter with CBC-MAC with a specific key.
-type ccm struct {
- b cipher.Block
- M uint8
- L uint8
-}
-
-const ccmBlockSize = 16
-
-// CCM is a block cipher in Counter with CBC-MAC mode.
-// Providing authenticated encryption with associated data via the cipher.AEAD interface.
-type CCM interface {
- cipher.AEAD
- // MaxLength returns the maxium length of plaintext in calls to Seal.
- // The maximum length of ciphertext in calls to Open is MaxLength()+Overhead().
- // The maximum length is related to CCM's `L` parameter (15-noncesize) and
- // is 1<<(8*L) - 1 (but also limited by the maxium size of an int).
- MaxLength() int
-}
-
-var (
- errInvalidBlockSize = errors.New("ccm: NewCCM requires 128-bit block cipher")
- errInvalidTagSize = errors.New("ccm: tagsize must be 4, 6, 8, 10, 12, 14, or 16")
- errInvalidNonceSize = errors.New("ccm: invalid nonce size")
-)
-
-// NewCCM returns the given 128-bit block cipher wrapped in CCM.
-// The tagsize must be an even integer between 4 and 16 inclusive
-// and is used as CCM's `M` parameter.
-// The noncesize must be an integer between 7 and 13 inclusive,
-// 15-noncesize is used as CCM's `L` parameter.
-func NewCCM(b cipher.Block, tagsize, noncesize int) (CCM, error) {
- if b.BlockSize() != ccmBlockSize {
- return nil, errInvalidBlockSize
- }
- if tagsize < 4 || tagsize > 16 || tagsize&1 != 0 {
- return nil, errInvalidTagSize
- }
- lensize := 15 - noncesize
- if lensize < 2 || lensize > 8 {
- return nil, errInvalidNonceSize
- }
- c := &ccm{b: b, M: uint8(tagsize), L: uint8(lensize)}
- return c, nil
-}
-
-func (c *ccm) NonceSize() int { return 15 - int(c.L) }
-func (c *ccm) Overhead() int { return int(c.M) }
-func (c *ccm) MaxLength() int { return maxlen(c.L, c.Overhead()) }
-
-func maxlen(l uint8, tagsize int) int {
- max := (uint64(1) << (8 * l)) - 1
- if m64 := uint64(math.MaxInt64) - uint64(tagsize); l > 8 || max > m64 {
- max = m64 // The maximum lentgh on a 64bit arch
- }
- if max != uint64(int(max)) {
- return math.MaxInt32 - tagsize // We have only 32bit int's
- }
- return int(max)
-}
-
-// MaxNonceLength returns the maximum nonce length for a given plaintext length.
-// A return value <= 0 indicates that plaintext length is too large for
-// any nonce length.
-func MaxNonceLength(pdatalen int) int {
- const tagsize = 16
- for L := 2; L <= 8; L++ {
- if maxlen(uint8(L), tagsize) >= pdatalen {
- return 15 - L
- }
- }
- return 0
-}
-
-func (c *ccm) cbcRound(mac, data []byte) {
- for i := 0; i < ccmBlockSize; i++ {
- mac[i] ^= data[i]
- }
- c.b.Encrypt(mac, mac)
-}
-
-func (c *ccm) cbcData(mac, data []byte) {
- for len(data) >= ccmBlockSize {
- c.cbcRound(mac, data[:ccmBlockSize])
- data = data[ccmBlockSize:]
- }
- if len(data) > 0 {
- var block [ccmBlockSize]byte
- copy(block[:], data)
- c.cbcRound(mac, block[:])
- }
-}
-
-var errPlaintextTooLong = errors.New("ccm: plaintext too large")
-
-func (c *ccm) tag(nonce, plaintext, adata []byte) ([]byte, error) {
- var mac [ccmBlockSize]byte
-
- if len(adata) > 0 {
- mac[0] |= 1 << 6
- }
- mac[0] |= (c.M - 2) << 2
- mac[0] |= c.L - 1
- if len(nonce) != c.NonceSize() {
- return nil, errInvalidNonceSize
- }
- if len(plaintext) > c.MaxLength() {
- return nil, errPlaintextTooLong
- }
- binary.BigEndian.PutUint64(mac[ccmBlockSize-8:], uint64(len(plaintext)))
- copy(mac[1:ccmBlockSize-c.L], nonce)
- c.b.Encrypt(mac[:], mac[:])
-
- var block [ccmBlockSize]byte
- if n := uint64(len(adata)); n > 0 {
- // First adata block includes adata length
- i := 2
- if n <= 0xfeff {
- binary.BigEndian.PutUint16(block[:i], uint16(n))
- } else {
- block[0] = 0xfe
- block[1] = 0xff
- if n < uint64(1<<32) {
- i = 2 + 4
- binary.BigEndian.PutUint32(block[2:i], uint32(n))
- } else {
- i = 2 + 8
- binary.BigEndian.PutUint64(block[2:i], n)
- }
- }
- i = copy(block[i:], adata)
- c.cbcRound(mac[:], block[:])
- c.cbcData(mac[:], adata[i:])
- }
-
- if len(plaintext) > 0 {
- c.cbcData(mac[:], plaintext)
- }
-
- return mac[:c.M], nil
-}
-
-// sliceForAppend takes a slice and a requested number of bytes. It returns a
-// slice with the contents of the given slice followed by that many bytes and a
-// second slice that aliases into it and contains only the extra bytes. If the
-// original slice has sufficient capacity then no allocation is performed.
-// From crypto/cipher/gcm.go
-func sliceForAppend(in []byte, n int) (head, tail []byte) {
- if total := len(in) + n; cap(in) >= total {
- head = in[:total]
- } else {
- head = make([]byte, total)
- copy(head, in)
- }
- tail = head[len(in):]
- return
-}
-
-// Seal encrypts and authenticates plaintext, authenticates the
-// additional data and appends the result to dst, returning the updated
-// slice. The nonce must be NonceSize() bytes long and unique for all
-// time, for a given key.
-// The plaintext must be no longer than MaxLength() bytes long.
-//
-// The plaintext and dst may alias exactly or not at all.
-func (c *ccm) Seal(dst, nonce, plaintext, adata []byte) []byte {
- tag, err := c.tag(nonce, plaintext, adata)
- if err != nil {
- // The cipher.AEAD interface doesn't allow for an error return.
- panic(err) // nolint
- }
-
- var iv, s0 [ccmBlockSize]byte
- iv[0] = c.L - 1
- copy(iv[1:ccmBlockSize-c.L], nonce)
- c.b.Encrypt(s0[:], iv[:])
- for i := 0; i < int(c.M); i++ {
- tag[i] ^= s0[i]
- }
- iv[len(iv)-1] |= 1
- stream := cipher.NewCTR(c.b, iv[:])
- ret, out := sliceForAppend(dst, len(plaintext)+int(c.M))
- stream.XORKeyStream(out, plaintext)
- copy(out[len(plaintext):], tag)
- return ret
-}
-
-var (
- errOpen = errors.New("ccm: message authentication failed")
- errCiphertextTooShort = errors.New("ccm: ciphertext too short")
- errCiphertextTooLong = errors.New("ccm: ciphertext too long")
-)
-
-func (c *ccm) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) {
- if len(ciphertext) < int(c.M) {
- return nil, errCiphertextTooShort
- }
- if len(ciphertext) > c.MaxLength()+c.Overhead() {
- return nil, errCiphertextTooLong
- }
-
- tag := make([]byte, int(c.M))
- copy(tag, ciphertext[len(ciphertext)-int(c.M):])
- ciphertextWithoutTag := ciphertext[:len(ciphertext)-int(c.M)]
-
- var iv, s0 [ccmBlockSize]byte
- iv[0] = c.L - 1
- copy(iv[1:ccmBlockSize-c.L], nonce)
- c.b.Encrypt(s0[:], iv[:])
- for i := 0; i < int(c.M); i++ {
- tag[i] ^= s0[i]
- }
- iv[len(iv)-1] |= 1
- stream := cipher.NewCTR(c.b, iv[:])
-
- // Cannot decrypt directly to dst since we're not supposed to
- // reveal the plaintext to the caller if authentication fails.
- plaintext := make([]byte, len(ciphertextWithoutTag))
- stream.XORKeyStream(plaintext, ciphertextWithoutTag)
- expectedTag, err := c.tag(nonce, plaintext, adata)
- if err != nil {
- return nil, err
- }
-
- if subtle.ConstantTimeCompare(tag, expectedTag) != 1 {
- return nil, errOpen
- }
- return append(dst, plaintext...), nil
-}
diff --git a/dtls-2.0.9/pkg/crypto/ccm/ccm_test.go b/dtls-2.0.9/pkg/crypto/ccm/ccm_test.go
deleted file mode 100644
index 0784a5a..0000000
--- a/dtls-2.0.9/pkg/crypto/ccm/ccm_test.go
+++ /dev/null
@@ -1,419 +0,0 @@
-package ccm
-
-// Refer to RFC 3610 section 8 for the vectors.
-
-import (
- "bytes"
- "crypto/aes"
- "encoding/hex"
- "errors"
- "fmt"
- "testing"
-)
-
-func mustHexDecode(s string) []byte {
- r, err := hex.DecodeString(s)
- if err != nil {
- panic(err)
- }
- return r
-}
-
-var (
- aesKey1to12 = mustHexDecode("c0c1c2c3c4c5c6c7c8c9cacbcccdcecf") //nolint:gochecknoglobals
- aesKey13to24 = mustHexDecode("d7828d13b2b0bdc325a76236df93cc6b") //nolint:gochecknoglobals
-)
-
-// AESKey: AES Key
-// CipherText: Authenticated and encrypted output
-// ClearHeaderOctets: Input with X cleartext header octets
-// Data: Input with X cleartext header octets
-// M: length(CBC-MAC)
-// Nonce: Nonce
-type vector struct {
- AESKey []byte
- CipherText []byte
- ClearHeaderOctets int
- Data []byte
- M int
- Nonce []byte
-}
-
-func TestRFC3610Vectors(t *testing.T) {
- cases := []vector{
- // Vectors 1-12
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("0001020304050607588c979a61c663d2f066d0c2c0f989806d5f6b61dac38417e8d12cfdf926e0"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e"),
- M: 8,
- Nonce: mustHexDecode("00000003020100a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("000102030405060772c91a36e135f8cf291ca894085c87e3cc15c439c9e43a3ba091d56e10400916"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"),
- M: 8,
- Nonce: mustHexDecode("00000004030201a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("000102030405060751b1e5f44a197d1da46b0f8e2d282ae871e838bb64da8596574adaa76fbd9fb0c5"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20"),
- M: 8,
- Nonce: mustHexDecode("00000005040302a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("000102030405060708090a0ba28c6865939a9a79faaa5c4c2a9d4a91cdac8c96c861b9c9e61ef1"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e"),
- M: 8,
- Nonce: mustHexDecode("00000006050403a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("000102030405060708090a0bdcf1fb7b5d9e23fb9d4e131253658ad86ebdca3e51e83f077d9c2d93"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"),
- M: 8,
- Nonce: mustHexDecode("00000007060504a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("000102030405060708090a0b6fc1b011f006568b5171a42d953d469b2570a4bd87405a0443ac91cb94"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20"),
- M: 8,
- Nonce: mustHexDecode("00000008070605a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("00010203040506070135d1b2c95f41d5d1d4fec185d166b8094e999dfed96c048c56602c97acbb7490"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e"),
- M: 10,
- Nonce: mustHexDecode("00000009080706a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("00010203040506077b75399ac0831dd2f0bbd75879a2fd8f6cae6b6cd9b7db24c17b4433f434963f34b4"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"),
- M: 10,
- Nonce: mustHexDecode("0000000a090807a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("000102030405060782531a60cc24945a4b8279181ab5c84df21ce7f9b73f42e197ea9c07e56b5eb17e5f4e"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20"),
- M: 10,
- Nonce: mustHexDecode("0000000b0a0908a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("000102030405060708090a0b07342594157785152b074098330abb141b947b566aa9406b4d999988dd"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e"),
- M: 10,
- Nonce: mustHexDecode("0000000c0b0a09a0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("000102030405060708090a0b676bb20380b0e301e8ab79590a396da78b834934f53aa2e9107a8b6c022c"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"),
- M: 10,
- Nonce: mustHexDecode("0000000d0c0b0aa0a1a2a3a4a5"),
- },
- {
- AESKey: aesKey1to12,
- CipherText: mustHexDecode("000102030405060708090a0bc0ffa0d6f05bdb67f24d43a4338d2aa4bed7b20e43cd1aa31662e7ad65d6db"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20"),
- M: 10,
- Nonce: mustHexDecode("0000000e0d0c0ba0a1a2a3a4a5"),
- },
- // Vectors 13-24
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("0be1a88bace018b14cb97f86a2a4689a877947ab8091ef5386a6ffbdd080f8e78cf7cb0cddd7b3"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("0be1a88bace018b108e8cf97d820ea258460e96ad9cf5289054d895ceac47c"),
- M: 8,
- Nonce: mustHexDecode("00412b4ea9cdbe3c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("63018f76dc8a1bcb4ccb1e7ca981befaa0726c55d378061298c85c92814abc33c52ee81d7d77c08a"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("63018f76dc8a1bcb9020ea6f91bdd85afa0039ba4baff9bfb79c7028949cd0ec"),
- M: 8,
- Nonce: mustHexDecode("0033568ef7b2633c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("aa6cfa36cae86b40b1d23a2220ddc0ac900d9aa03c61fcf4a559a4417767089708a776796edb723506"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("aa6cfa36cae86b40b916e0eacc1c00d7dcec68ec0b3bbb1a02de8a2d1aa346132e"),
- M: 8,
- Nonce: mustHexDecode("00103fe41336713c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("d0d0735c531e1becf049c24414d253c3967b70609b7cbb7c499160283245269a6f49975bcadeaf"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("d0d0735c531e1becf049c24412daac5630efa5396f770ce1a66b21f7b2101c"),
- M: 8,
- Nonce: mustHexDecode("00764c63b8058e3c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("77b60f011c03e1525899bcae5545ff1a085ee2efbf52b2e04bee1e2336c73e3f762c0c7744fe7e3c"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("77b60f011c03e1525899bcaee88b6a46c78d63e52eb8c546efb5de6f75e9cc0d"),
- M: 8,
- Nonce: mustHexDecode("00f8b678094e3b3c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("cd9044d2b71fdb8120ea60c0009769ecabdf48625594c59251e6035722675e04c847099e5ae0704551"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("cd9044d2b71fdb8120ea60c06435acbafb11a82e2f071d7ca4a5ebd93a803ba87f"),
- M: 8,
- Nonce: mustHexDecode("00d560912d3f703c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("d85bc7e69f944fb8bc218daa947427b6db386a99ac1aef23ade0b52939cb6a637cf9bec2408897c6ba"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("d85bc7e69f944fb88a19b950bcf71a018e5e6701c91787659809d67dbedd18"),
- M: 10,
- Nonce: mustHexDecode("0042fff8f1951c3c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("74a0ebc9069f5b375810e6fd25874022e80361a478e3e9cf484ab04f447efff6f0a477cc2fc9bf548944"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("74a0ebc9069f5b371761433c37c5a35fc1f39f406302eb907c6163be38c98437"),
- M: 10,
- Nonce: mustHexDecode("00920f40e56cdc3c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("44a3aa3aae6475caf2beed7bc5098e83feb5b31608f8e29c38819a89c8e776f1544d4151a4ed3a8b87b9ce"),
- ClearHeaderOctets: 8,
- Data: mustHexDecode("44a3aa3aae6475caa434a8e58500c6e41530538862d686ea9e81301b5ae4226bfa"),
- M: 10,
- Nonce: mustHexDecode("0027ca0c7120bc3c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("ec46bb63b02520c33c49fd7031d750a09da3ed7fddd49a2032aabf17ec8ebf7d22c8088c666be5c197"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("ec46bb63b02520c33c49fd70b96b49e21d621741632875db7f6c9243d2d7c2"),
- M: 10,
- Nonce: mustHexDecode("005b8ccbcd9af83c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("47a65ac78b3d594227e85e71e882f1dbd38ce3eda7c23f04dd65071eb41342acdf7e00dccec7ae52987d"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("47a65ac78b3d594227e85e71e2fcfbb880442c731bf95167c8ffd7895e337076"),
- M: 10,
- Nonce: mustHexDecode("003ebe94044b9a3c9696766cfa"),
- },
- {
- AESKey: aesKey13to24,
- CipherText: mustHexDecode("6e37a6ef546d955d34ab6059f32905b88a641b04b9c9ffb58cc390900f3da12ab16dce9e82efa16da62059"),
- ClearHeaderOctets: 12,
- Data: mustHexDecode("6e37a6ef546d955d34ab6059abf21c0b02feb88f856df4a37381bce3cc128517d4"),
- M: 10,
- Nonce: mustHexDecode("008d493b30ae8b3c9696766cfa"),
- },
- }
-
- if len(cases) != 24 {
- t.Fatalf("Expected %d test cases, got: %d", 24, len(cases))
- t.FailNow()
- }
-
- for idx, c := range cases {
- c := c
- t.Run(fmt.Sprintf("packet vector #%d", idx+1), func(t *testing.T) {
- t.Parallel()
- blk, err := aes.NewCipher(c.AESKey)
- if err != nil {
- t.Fatalf("could not initialize AES block cipher from key: %v", err)
- }
-
- lccm, err := NewCCM(blk, c.M, len(c.Nonce))
- if err != nil {
- t.Fatalf("could not create CCM: %v", err)
- }
-
- t.Run("seal", func(t *testing.T) {
- var dst []byte
- dst = lccm.Seal(dst, c.Nonce, c.Data[c.ClearHeaderOctets:], c.Data[:c.ClearHeaderOctets])
- if !bytes.Equal(c.CipherText[c.ClearHeaderOctets:], dst) {
- t.Fatalf("ciphertext does not match, wanted %v, got %v",
- c.CipherText[c.ClearHeaderOctets:], dst)
- }
- })
-
- t.Run("open", func(t *testing.T) {
- var dst []byte
- dst, err = lccm.Open(dst, c.Nonce, c.CipherText[c.ClearHeaderOctets:], c.CipherText[:c.ClearHeaderOctets])
- if err != nil {
- t.Fatalf("failed to unseal: %v", err)
- }
- if !bytes.Equal(c.Data[c.ClearHeaderOctets:], dst) {
- t.Fatalf("plaintext does not match, wanted %v, got %v",
- c.Data[c.ClearHeaderOctets:], dst)
- }
- })
- })
- }
-}
-
-func TestNewCCMError(t *testing.T) {
- cases := map[string]struct {
- vector
- err error
- }{
- "ShortNonceLength": {
- vector{
- AESKey: aesKey1to12,
- M: 8,
- Nonce: mustHexDecode("a0a1a2a3a4a5"),
- }, errInvalidNonceSize,
- },
- "LongNonceLength": {
- vector{
- AESKey: aesKey1to12,
- M: 8,
- Nonce: mustHexDecode("0001020304050607080910111213"),
- }, errInvalidNonceSize,
- },
- "ShortTag": {
- vector{
- AESKey: aesKey1to12,
- M: 3,
- Nonce: mustHexDecode("00010203040506070809101112"),
- }, errInvalidTagSize,
- },
- "LongTag": {
- vector{
- AESKey: aesKey1to12,
- M: 17,
- Nonce: mustHexDecode("00010203040506070809101112"),
- }, errInvalidTagSize,
- },
- }
-
- for name, c := range cases {
- c := c
- t.Run(name, func(t *testing.T) {
- blk, err := aes.NewCipher(c.AESKey)
- if err != nil {
- t.Fatalf("could not initialize AES block cipher from key: %v", err)
- }
-
- if _, err := NewCCM(blk, c.M, len(c.Nonce)); !errors.Is(err, c.err) {
- t.Fatalf("expected error '%v', got '%v'", c.err, err)
- }
- })
- }
-}
-
-func TestSealError(t *testing.T) {
- cases := map[string]struct {
- vector
- err error
- }{
- "InvalidNonceLength": {
- vector{
- Data: mustHexDecode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e"),
- M: 8,
- Nonce: mustHexDecode("00000003020100a0a1a2a3a4"), // short
- }, errInvalidNonceSize,
- },
- "PlaintextTooLong": {
- vector{
- Data: make([]byte, 100000),
- M: 8,
- Nonce: mustHexDecode("00000003020100a0a1a2a3a4a5"),
- }, errPlaintextTooLong,
- },
- }
-
- blk, err := aes.NewCipher(aesKey1to12)
- if err != nil {
- t.Fatalf("could not initialize AES block cipher from key: %v", err)
- }
-
- lccm, err := NewCCM(blk, 8, 13)
- if err != nil {
- t.Fatalf("could not create CCM: %v", err)
- }
-
- for name, c := range cases {
- c := c
- t.Run(name, func(t *testing.T) {
- defer func() {
- if err := recover(); !errors.Is(err.(error), c.err) {
- t.Errorf("expected panic '%v', got '%v'", c.err, err)
- }
- }()
- var dst []byte
- _ = lccm.Seal(dst, c.Nonce, c.Data[c.ClearHeaderOctets:], c.Data[:c.ClearHeaderOctets])
- })
- }
-}
-
-func TestOpenError(t *testing.T) {
- cases := map[string]struct {
- vector
- err error
- }{
- "CiphertextTooShort": {
- vector{
- CipherText: make([]byte, 10),
- ClearHeaderOctets: 8,
- Nonce: mustHexDecode("00000003020100a0a1a2a3a4a5"),
- }, errCiphertextTooShort,
- },
- "CiphertextTooLong": {
- vector{
- CipherText: make([]byte, 100000),
- ClearHeaderOctets: 8,
- Nonce: mustHexDecode("00000003020100a0a1a2a3a4a5"),
- }, errCiphertextTooLong,
- },
- }
-
- blk, err := aes.NewCipher(aesKey1to12)
- if err != nil {
- t.Fatalf("could not initialize AES block cipher from key: %v", err)
- }
-
- lccm, err := NewCCM(blk, 8, 13)
- if err != nil {
- t.Fatalf("could not create CCM: %v", err)
- }
-
- for name, c := range cases {
- c := c
- t.Run(name, func(t *testing.T) {
- var dst []byte
- _, err = lccm.Open(dst, c.Nonce, c.CipherText[c.ClearHeaderOctets:], c.CipherText[:c.ClearHeaderOctets])
- if !errors.Is(err, c.err) {
- t.Errorf("expected error '%v', got '%v'", c.err, err)
- }
- })
- }
-}
diff --git a/dtls-2.0.9/pkg/crypto/ciphersuite/cbc.go b/dtls-2.0.9/pkg/crypto/ciphersuite/cbc.go
deleted file mode 100644
index 8ff1634..0000000
--- a/dtls-2.0.9/pkg/crypto/ciphersuite/cbc.go
+++ /dev/null
@@ -1,164 +0,0 @@
-package ciphersuite
-
-import ( //nolint:gci
- "crypto/aes"
- "crypto/cipher"
- "crypto/hmac"
- "crypto/rand"
- "encoding/binary"
- "hash"
-
- "github.com/pion/dtls/v2/internal/util"
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-// block ciphers using cipher block chaining.
-type cbcMode interface {
- cipher.BlockMode
- SetIV([]byte)
-}
-
-// CBC Provides an API to Encrypt/Decrypt DTLS 1.2 Packets
-type CBC struct {
- writeCBC, readCBC cbcMode
- writeMac, readMac []byte
- h prf.HashFunc
-}
-
-// NewCBC creates a DTLS CBC Cipher
-func NewCBC(localKey, localWriteIV, localMac, remoteKey, remoteWriteIV, remoteMac []byte, h prf.HashFunc) (*CBC, error) {
- writeBlock, err := aes.NewCipher(localKey)
- if err != nil {
- return nil, err
- }
-
- readBlock, err := aes.NewCipher(remoteKey)
- if err != nil {
- return nil, err
- }
-
- return &CBC{
- writeCBC: cipher.NewCBCEncrypter(writeBlock, localWriteIV).(cbcMode),
- writeMac: localMac,
-
- readCBC: cipher.NewCBCDecrypter(readBlock, remoteWriteIV).(cbcMode),
- readMac: remoteMac,
- h: h,
- }, nil
-}
-
-// Encrypt encrypt a DTLS RecordLayer message
-func (c *CBC) Encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error) {
- payload := raw[recordlayer.HeaderSize:]
- raw = raw[:recordlayer.HeaderSize]
- blockSize := c.writeCBC.BlockSize()
-
- // Generate + Append MAC
- h := pkt.Header
-
- MAC, err := c.hmac(h.Epoch, h.SequenceNumber, h.ContentType, h.Version, payload, c.writeMac, c.h)
- if err != nil {
- return nil, err
- }
- payload = append(payload, MAC...)
-
- // Generate + Append padding
- padding := make([]byte, blockSize-len(payload)%blockSize)
- paddingLen := len(padding)
- for i := 0; i < paddingLen; i++ {
- padding[i] = byte(paddingLen - 1)
- }
- payload = append(payload, padding...)
-
- // Generate IV
- iv := make([]byte, blockSize)
- if _, err := rand.Read(iv); err != nil {
- return nil, err
- }
-
- // Set IV + Encrypt + Prepend IV
- c.writeCBC.SetIV(iv)
- c.writeCBC.CryptBlocks(payload, payload)
- payload = append(iv, payload...)
-
- // Prepend unencrypte header with encrypted payload
- raw = append(raw, payload...)
-
- // Update recordLayer size to include IV+MAC+Padding
- binary.BigEndian.PutUint16(raw[recordlayer.HeaderSize-2:], uint16(len(raw)-recordlayer.HeaderSize))
-
- return raw, nil
-}
-
-// Decrypt decrypts a DTLS RecordLayer message
-func (c *CBC) Decrypt(in []byte) ([]byte, error) {
- body := in[recordlayer.HeaderSize:]
- blockSize := c.readCBC.BlockSize()
- mac := c.h()
-
- var h recordlayer.Header
- err := h.Unmarshal(in)
- switch {
- case err != nil:
- return nil, err
- case h.ContentType == protocol.ContentTypeChangeCipherSpec:
- // Nothing to encrypt with ChangeCipherSpec
- return in, nil
- case len(body)%blockSize != 0 || len(body) < blockSize+util.Max(mac.Size()+1, blockSize):
- return nil, errNotEnoughRoomForNonce
- }
-
- // Set + remove per record IV
- c.readCBC.SetIV(body[:blockSize])
- body = body[blockSize:]
-
- // Decrypt
- c.readCBC.CryptBlocks(body, body)
-
- // Padding+MAC needs to be checked in constant time
- // Otherwise we reveal information about the level of correctness
- paddingLen, paddingGood := examinePadding(body)
- if paddingGood != 255 {
- return nil, errInvalidMAC
- }
-
- macSize := mac.Size()
- if len(body) < macSize {
- return nil, errInvalidMAC
- }
-
- dataEnd := len(body) - macSize - paddingLen
-
- expectedMAC := body[dataEnd : dataEnd+macSize]
- actualMAC, err := c.hmac(h.Epoch, h.SequenceNumber, h.ContentType, h.Version, body[:dataEnd], c.readMac, c.h)
-
- // Compute Local MAC and compare
- if err != nil || !hmac.Equal(actualMAC, expectedMAC) {
- return nil, errInvalidMAC
- }
-
- return append(in[:recordlayer.HeaderSize], body[:dataEnd]...), nil
-}
-
-func (c *CBC) hmac(epoch uint16, sequenceNumber uint64, contentType protocol.ContentType, protocolVersion protocol.Version, payload []byte, key []byte, hf func() hash.Hash) ([]byte, error) {
- h := hmac.New(hf, key)
-
- msg := make([]byte, 13)
-
- binary.BigEndian.PutUint16(msg, epoch)
- util.PutBigEndianUint48(msg[2:], sequenceNumber)
- msg[8] = byte(contentType)
- msg[9] = protocolVersion.Major
- msg[10] = protocolVersion.Minor
- binary.BigEndian.PutUint16(msg[11:], uint16(len(payload)))
-
- if _, err := h.Write(msg); err != nil {
- return nil, err
- } else if _, err := h.Write(payload); err != nil {
- return nil, err
- }
-
- return h.Sum(nil), nil
-}
diff --git a/dtls-2.0.9/pkg/crypto/ciphersuite/ccm.go b/dtls-2.0.9/pkg/crypto/ciphersuite/ccm.go
deleted file mode 100644
index 354b1cc..0000000
--- a/dtls-2.0.9/pkg/crypto/ciphersuite/ccm.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package ciphersuite
-
-import (
- "crypto/aes"
- "crypto/rand"
- "encoding/binary"
- "fmt"
-
- "github.com/pion/dtls/v2/pkg/crypto/ccm"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-// CCMTagLen is the length of Authentication Tag
-type CCMTagLen int
-
-// CCM Enums
-const (
- CCMTagLength8 CCMTagLen = 8
- CCMTagLength CCMTagLen = 16
- ccmNonceLength = 12
-)
-
-// CCM Provides an API to Encrypt/Decrypt DTLS 1.2 Packets
-type CCM struct {
- localCCM, remoteCCM ccm.CCM
- localWriteIV, remoteWriteIV []byte
- tagLen CCMTagLen
-}
-
-// NewCCM creates a DTLS GCM Cipher
-func NewCCM(tagLen CCMTagLen, localKey, localWriteIV, remoteKey, remoteWriteIV []byte) (*CCM, error) {
- localBlock, err := aes.NewCipher(localKey)
- if err != nil {
- return nil, err
- }
- localCCM, err := ccm.NewCCM(localBlock, int(tagLen), ccmNonceLength)
- if err != nil {
- return nil, err
- }
-
- remoteBlock, err := aes.NewCipher(remoteKey)
- if err != nil {
- return nil, err
- }
- remoteCCM, err := ccm.NewCCM(remoteBlock, int(tagLen), ccmNonceLength)
- if err != nil {
- return nil, err
- }
-
- return &CCM{
- localCCM: localCCM,
- localWriteIV: localWriteIV,
- remoteCCM: remoteCCM,
- remoteWriteIV: remoteWriteIV,
- tagLen: tagLen,
- }, nil
-}
-
-// Encrypt encrypt a DTLS RecordLayer message
-func (c *CCM) Encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error) {
- payload := raw[recordlayer.HeaderSize:]
- raw = raw[:recordlayer.HeaderSize]
-
- nonce := append(append([]byte{}, c.localWriteIV[:4]...), make([]byte, 8)...)
- if _, err := rand.Read(nonce[4:]); err != nil {
- return nil, err
- }
-
- additionalData := generateAEADAdditionalData(&pkt.Header, len(payload))
- encryptedPayload := c.localCCM.Seal(nil, nonce, payload, additionalData)
-
- encryptedPayload = append(nonce[4:], encryptedPayload...)
- raw = append(raw, encryptedPayload...)
-
- // Update recordLayer size to include explicit nonce
- binary.BigEndian.PutUint16(raw[recordlayer.HeaderSize-2:], uint16(len(raw)-recordlayer.HeaderSize))
- return raw, nil
-}
-
-// Decrypt decrypts a DTLS RecordLayer message
-func (c *CCM) Decrypt(in []byte) ([]byte, error) {
- var h recordlayer.Header
- err := h.Unmarshal(in)
- switch {
- case err != nil:
- return nil, err
- case h.ContentType == protocol.ContentTypeChangeCipherSpec:
- // Nothing to encrypt with ChangeCipherSpec
- return in, nil
- case len(in) <= (8 + recordlayer.HeaderSize):
- return nil, errNotEnoughRoomForNonce
- }
-
- nonce := append(append([]byte{}, c.remoteWriteIV[:4]...), in[recordlayer.HeaderSize:recordlayer.HeaderSize+8]...)
- out := in[recordlayer.HeaderSize+8:]
-
- additionalData := generateAEADAdditionalData(&h, len(out)-int(c.tagLen))
- out, err = c.remoteCCM.Open(out[:0], nonce, out, additionalData)
- if err != nil {
- return nil, fmt.Errorf("%w: %v", errDecryptPacket, err)
- }
- return append(in[:recordlayer.HeaderSize], out...), nil
-}
diff --git a/dtls-2.0.9/pkg/crypto/ciphersuite/ciphersuite.go b/dtls-2.0.9/pkg/crypto/ciphersuite/ciphersuite.go
deleted file mode 100644
index 72beffd..0000000
--- a/dtls-2.0.9/pkg/crypto/ciphersuite/ciphersuite.go
+++ /dev/null
@@ -1,72 +0,0 @@
-// Package ciphersuite provides the crypto operations needed for a DTLS CipherSuite
-package ciphersuite
-
-import (
- "encoding/binary"
- "errors"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-var (
- errNotEnoughRoomForNonce = &protocol.InternalError{Err: errors.New("buffer not long enough to contain nonce")} //nolint:goerr113
- errDecryptPacket = &protocol.TemporaryError{Err: errors.New("failed to decrypt packet")} //nolint:goerr113
- errInvalidMAC = &protocol.TemporaryError{Err: errors.New("invalid mac")} //nolint:goerr113
-)
-
-func generateAEADAdditionalData(h *recordlayer.Header, payloadLen int) []byte {
- var additionalData [13]byte
- // SequenceNumber MUST be set first
- // we only want uint48, clobbering an extra 2 (using uint64, Golang doesn't have uint48)
- binary.BigEndian.PutUint64(additionalData[:], h.SequenceNumber)
- binary.BigEndian.PutUint16(additionalData[:], h.Epoch)
- additionalData[8] = byte(h.ContentType)
- additionalData[9] = h.Version.Major
- additionalData[10] = h.Version.Minor
- binary.BigEndian.PutUint16(additionalData[len(additionalData)-2:], uint16(payloadLen))
-
- return additionalData[:]
-}
-
-// examinePadding returns, in constant time, the length of the padding to remove
-// from the end of payload. It also returns a byte which is equal to 255 if the
-// padding was valid and 0 otherwise. See RFC 2246, Section 6.2.3.2.
-//
-// https://github.com/golang/go/blob/039c2081d1178f90a8fa2f4e6958693129f8de33/src/crypto/tls/conn.go#L245
-func examinePadding(payload []byte) (toRemove int, good byte) {
- if len(payload) < 1 {
- return 0, 0
- }
-
- paddingLen := payload[len(payload)-1]
- t := uint(len(payload)-1) - uint(paddingLen)
- // if len(payload) >= (paddingLen - 1) then the MSB of t is zero
- good = byte(int32(^t) >> 31)
-
- // The maximum possible padding length plus the actual length field
- toCheck := 256
- // The length of the padded data is public, so we can use an if here
- if toCheck > len(payload) {
- toCheck = len(payload)
- }
-
- for i := 0; i < toCheck; i++ {
- t := uint(paddingLen) - uint(i)
- // if i <= paddingLen then the MSB of t is zero
- mask := byte(int32(^t) >> 31)
- b := payload[len(payload)-1-i]
- good &^= mask&paddingLen ^ mask&b
- }
-
- // We AND together the bits of good and replicate the result across
- // all the bits.
- good &= good << 4
- good &= good << 2
- good &= good << 1
- good = uint8(int8(good) >> 7)
-
- toRemove = int(paddingLen) + 1
-
- return toRemove, good
-}
diff --git a/dtls-2.0.9/pkg/crypto/ciphersuite/gcm.go b/dtls-2.0.9/pkg/crypto/ciphersuite/gcm.go
deleted file mode 100644
index af986d4..0000000
--- a/dtls-2.0.9/pkg/crypto/ciphersuite/gcm.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package ciphersuite
-
-import (
- "crypto/aes"
- "crypto/cipher"
- "crypto/rand"
- "encoding/binary"
- "fmt"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/recordlayer"
-)
-
-const (
- gcmTagLength = 16
- gcmNonceLength = 12
-)
-
-// GCM Provides an API to Encrypt/Decrypt DTLS 1.2 Packets
-type GCM struct {
- localGCM, remoteGCM cipher.AEAD
- localWriteIV, remoteWriteIV []byte
-}
-
-// NewGCM creates a DTLS GCM Cipher
-func NewGCM(localKey, localWriteIV, remoteKey, remoteWriteIV []byte) (*GCM, error) {
- localBlock, err := aes.NewCipher(localKey)
- if err != nil {
- return nil, err
- }
- localGCM, err := cipher.NewGCM(localBlock)
- if err != nil {
- return nil, err
- }
-
- remoteBlock, err := aes.NewCipher(remoteKey)
- if err != nil {
- return nil, err
- }
- remoteGCM, err := cipher.NewGCM(remoteBlock)
- if err != nil {
- return nil, err
- }
-
- return &GCM{
- localGCM: localGCM,
- localWriteIV: localWriteIV,
- remoteGCM: remoteGCM,
- remoteWriteIV: remoteWriteIV,
- }, nil
-}
-
-// Encrypt encrypt a DTLS RecordLayer message
-func (g *GCM) Encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error) {
- payload := raw[recordlayer.HeaderSize:]
- raw = raw[:recordlayer.HeaderSize]
-
- nonce := make([]byte, gcmNonceLength)
- copy(nonce, g.localWriteIV[:4])
- if _, err := rand.Read(nonce[4:]); err != nil {
- return nil, err
- }
-
- additionalData := generateAEADAdditionalData(&pkt.Header, len(payload))
- encryptedPayload := g.localGCM.Seal(nil, nonce, payload, additionalData)
- r := make([]byte, len(raw)+len(nonce[4:])+len(encryptedPayload))
- copy(r, raw)
- copy(r[len(raw):], nonce[4:])
- copy(r[len(raw)+len(nonce[4:]):], encryptedPayload)
-
- // Update recordLayer size to include explicit nonce
- binary.BigEndian.PutUint16(r[recordlayer.HeaderSize-2:], uint16(len(r)-recordlayer.HeaderSize))
- return r, nil
-}
-
-// Decrypt decrypts a DTLS RecordLayer message
-func (g *GCM) Decrypt(in []byte) ([]byte, error) {
- var h recordlayer.Header
- err := h.Unmarshal(in)
- switch {
- case err != nil:
- return nil, err
- case h.ContentType == protocol.ContentTypeChangeCipherSpec:
- // Nothing to encrypt with ChangeCipherSpec
- return in, nil
- case len(in) <= (8 + recordlayer.HeaderSize):
- return nil, errNotEnoughRoomForNonce
- }
-
- nonce := make([]byte, 0, gcmNonceLength)
- nonce = append(append(nonce, g.remoteWriteIV[:4]...), in[recordlayer.HeaderSize:recordlayer.HeaderSize+8]...)
- out := in[recordlayer.HeaderSize+8:]
-
- additionalData := generateAEADAdditionalData(&h, len(out)-gcmTagLength)
- out, err = g.remoteGCM.Open(out[:0], nonce, out, additionalData)
- if err != nil {
- return nil, fmt.Errorf("%w: %v", errDecryptPacket, err)
- }
- return append(in[:recordlayer.HeaderSize], out...), nil
-}
diff --git a/dtls-2.0.9/pkg/crypto/clientcertificate/client_certificate.go b/dtls-2.0.9/pkg/crypto/clientcertificate/client_certificate.go
deleted file mode 100644
index c222c01..0000000
--- a/dtls-2.0.9/pkg/crypto/clientcertificate/client_certificate.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Package clientcertificate provides all the support Client Certificate types
-package clientcertificate
-
-// Type is used to communicate what
-// type of certificate is being transported
-//
-//https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2
-type Type byte
-
-// ClientCertificateType enums
-const (
- RSASign Type = 1
- ECDSASign Type = 64
-)
-
-// Types returns all valid ClientCertificate Types
-func Types() map[Type]bool {
- return map[Type]bool{
- RSASign: true,
- ECDSASign: true,
- }
-}
diff --git a/dtls-2.0.9/pkg/crypto/elliptic/elliptic.go b/dtls-2.0.9/pkg/crypto/elliptic/elliptic.go
deleted file mode 100644
index 5b0e4fa..0000000
--- a/dtls-2.0.9/pkg/crypto/elliptic/elliptic.go
+++ /dev/null
@@ -1,99 +0,0 @@
-// Package elliptic provides elliptic curve cryptography for DTLS
-package elliptic
-
-import (
- "crypto/elliptic"
- "crypto/rand"
- "errors"
-
- "golang.org/x/crypto/curve25519"
-)
-
-var errInvalidNamedCurve = errors.New("invalid named curve")
-
-// CurvePointFormat is used to represent the IANA registered curve points
-//
-// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
-type CurvePointFormat byte
-
-// CurvePointFormat enums
-const (
- CurvePointFormatUncompressed CurvePointFormat = 0
-)
-
-// Keypair is a Curve with a Private/Public Keypair
-type Keypair struct {
- Curve Curve
- PublicKey []byte
- PrivateKey []byte
-}
-
-// CurveType is used to represent the IANA registered curve types for TLS
-//
-// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-10
-type CurveType byte
-
-// CurveType enums
-const (
- CurveTypeNamedCurve CurveType = 0x03
-)
-
-// CurveTypes returns all known curves
-func CurveTypes() map[CurveType]struct{} {
- return map[CurveType]struct{}{
- CurveTypeNamedCurve: {},
- }
-}
-
-// Curve is used to represent the IANA registered curves for TLS
-//
-// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
-type Curve uint16
-
-// Curve enums
-const (
- P256 Curve = 0x0017
- P384 Curve = 0x0018
- X25519 Curve = 0x001d
-)
-
-// Curves returns all curves we implement
-func Curves() map[Curve]bool {
- return map[Curve]bool{
- X25519: true,
- P256: true,
- P384: true,
- }
-}
-
-// GenerateKeypair generates a keypair for the given Curve
-func GenerateKeypair(c Curve) (*Keypair, error) {
- switch c { //nolint:golint
- case X25519:
- tmp := make([]byte, 32)
- if _, err := rand.Read(tmp); err != nil {
- return nil, err
- }
-
- var public, private [32]byte
- copy(private[:], tmp)
-
- curve25519.ScalarBaseMult(&public, &private)
- return &Keypair{X25519, public[:], private[:]}, nil
- case P256:
- return ellipticCurveKeypair(P256, elliptic.P256(), elliptic.P256())
- case P384:
- return ellipticCurveKeypair(P384, elliptic.P384(), elliptic.P384())
- default:
- return nil, errInvalidNamedCurve
- }
-}
-
-func ellipticCurveKeypair(nc Curve, c1, c2 elliptic.Curve) (*Keypair, error) {
- privateKey, x, y, err := elliptic.GenerateKey(c1, rand.Reader)
- if err != nil {
- return nil, err
- }
-
- return &Keypair{nc, elliptic.Marshal(c2, x, y), privateKey}, nil
-}
diff --git a/dtls-2.0.9/pkg/crypto/fingerprint/fingerprint.go b/dtls-2.0.9/pkg/crypto/fingerprint/fingerprint.go
deleted file mode 100644
index 215b44e..0000000
--- a/dtls-2.0.9/pkg/crypto/fingerprint/fingerprint.go
+++ /dev/null
@@ -1,50 +0,0 @@
-// Package fingerprint provides a helper to create fingerprint string from certificate
-package fingerprint
-
-import (
- "crypto"
- "crypto/x509"
- "errors"
- "fmt"
-)
-
-var (
- errHashUnavailable = errors.New("fingerprint: hash algorithm is not linked into the binary")
- errInvalidFingerprintLength = errors.New("fingerprint: invalid fingerprint length")
-)
-
-// Fingerprint creates a fingerprint for a certificate using the specified hash algorithm
-func Fingerprint(cert *x509.Certificate, algo crypto.Hash) (string, error) {
- if !algo.Available() {
- return "", errHashUnavailable
- }
- h := algo.New()
- for i := 0; i < len(cert.Raw); {
- n, _ := h.Write(cert.Raw[i:])
- // Hash.Writer is specified to be never returning an error.
- // https://golang.org/pkg/hash/#Hash
- i += n
- }
- digest := []byte(fmt.Sprintf("%x", h.Sum(nil)))
-
- digestlen := len(digest)
- if digestlen == 0 {
- return "", nil
- }
- if digestlen%2 != 0 {
- return "", errInvalidFingerprintLength
- }
- res := make([]byte, digestlen>>1+digestlen-1)
-
- pos := 0
- for i, c := range digest {
- res[pos] = c
- pos++
- if (i)%2 != 0 && i < digestlen-1 {
- res[pos] = byte(':')
- pos++
- }
- }
-
- return string(res), nil
-}
diff --git a/dtls-2.0.9/pkg/crypto/fingerprint/fingerprint_test.go b/dtls-2.0.9/pkg/crypto/fingerprint/fingerprint_test.go
deleted file mode 100644
index 1a7a11f..0000000
--- a/dtls-2.0.9/pkg/crypto/fingerprint/fingerprint_test.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package fingerprint
-
-import (
- "crypto"
- "crypto/x509"
- "errors"
- "testing"
-)
-
-var errInvalidHashID = errors.New("invalid hash ID")
-
-func TestFingerprint(t *testing.T) {
- rawCertificate := []byte{
- 0x30, 0x82, 0x01, 0x98, 0x30, 0x82, 0x01, 0x3d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x11, 0x00, 0xa9, 0x91, 0x76, 0x0a, 0xcd, 0x97, 0x4c, 0x36, 0xba,
- 0xc9, 0xc2, 0x66, 0x91, 0x47, 0x6c, 0xac, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27,
- 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
- 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x31, 0x31, 0x30, 0x30,
- 0x39, 0x30, 0x34, 0x32, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32, 0x31, 0x30, 0x30, 0x39, 0x30, 0x34, 0x32, 0x33, 0x5a, 0x30, 0x2b, 0x31, 0x29,
- 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
- 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48,
- 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x9c, 0x12, 0x8e, 0xb5, 0x21, 0x23, 0x9f,
- 0x35, 0x5d, 0x39, 0x64, 0xc3, 0x75, 0x81, 0xa4, 0xc8, 0xc8, 0x08, 0x8a, 0xa8, 0x42, 0x30, 0x30, 0x65, 0xb8, 0xb1, 0x3e, 0x4a, 0x51, 0x86, 0xeb, 0xad,
- 0x03, 0x02, 0x35, 0x83, 0xc4, 0x19, 0x3a, 0x5b, 0x79, 0x83, 0xec, 0x59, 0x0e, 0x4f, 0x99, 0xb1, 0xd2, 0xf0, 0x50, 0xfa, 0xb8, 0x5f, 0xfc, 0x88, 0xf3,
- 0x15, 0xed, 0xb8, 0x14, 0xf0, 0xba, 0xcd, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02,
- 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08,
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
- 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xcd, 0x44, 0xb1, 0xf2, 0x09,
- 0xe5, 0xf1, 0xf4, 0xc9, 0x26, 0x95, 0x9a, 0x2d, 0x6d, 0xf3, 0x0c, 0xb8, 0xeb, 0x27, 0x2d, 0x81, 0x19, 0xe9, 0x51, 0xf7, 0xad, 0x64, 0x7d, 0x42, 0x32,
- 0x9e, 0xf8, 0x02, 0x21, 0x00, 0xee, 0xad, 0x96, 0x41, 0xf1, 0x12, 0xd0, 0x6b, 0xcd, 0x09, 0xf0, 0x3c, 0x67, 0xb3, 0xdd, 0xed, 0x0a, 0xf1, 0xd8, 0x41,
- 0x4f, 0x61, 0xfd, 0x53, 0x1d, 0xf5, 0x27, 0xbe, 0x6d, 0x0b, 0xe2, 0x0d,
- }
-
- cert, err := x509.ParseCertificate(rawCertificate)
- if err != nil {
- t.Fatal(err)
- }
-
- const expectedSHA256 = "60:ef:f5:79:ad:8d:3e:d7:e8:4d:5a:5a:d6:1e:71:2d:47:52:a5:cb:df:34:37:87:10:a5:4e:d7:2a:2c:37:34"
- actualSHA256, err := Fingerprint(cert, crypto.SHA256)
- if err != nil {
- t.Fatal(err)
- } else if actualSHA256 != expectedSHA256 {
- t.Fatalf("Fingerprint SHA256 mismatch expected(%s) actual(%s)", expectedSHA256, actualSHA256)
- }
-}
-
-func TestFingerprint_UnavailableHash(t *testing.T) {
- _, err := Fingerprint(&x509.Certificate{}, crypto.Hash(0xFFFFFFFF))
- if !errors.Is(err, errHashUnavailable) {
- t.Errorf("%w: Expected error '%v' for invalid hash ID, got '%v'", errInvalidHashID, errHashUnavailable, err)
- }
-}
diff --git a/dtls-2.0.9/pkg/crypto/fingerprint/hash.go b/dtls-2.0.9/pkg/crypto/fingerprint/hash.go
deleted file mode 100644
index 09107db..0000000
--- a/dtls-2.0.9/pkg/crypto/fingerprint/hash.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package fingerprint
-
-import (
- "crypto"
- "errors"
-)
-
-var errInvalidHashAlgorithm = errors.New("fingerprint: invalid hash algorithm")
-
-func nameToHash() map[string]crypto.Hash {
- return map[string]crypto.Hash{
- "md5": crypto.MD5, // [RFC3279]
- "sha-1": crypto.SHA1, // [RFC3279]
- "sha-224": crypto.SHA224, // [RFC4055]
- "sha-256": crypto.SHA256, // [RFC4055]
- "sha-384": crypto.SHA384, // [RFC4055]
- "sha-512": crypto.SHA512, // [RFC4055]
- }
-}
-
-// HashFromString allows looking up a hash algorithm by it's string representation
-func HashFromString(s string) (crypto.Hash, error) {
- if h, ok := nameToHash()[s]; ok {
- return h, nil
- }
- return 0, errInvalidHashAlgorithm
-}
-
-// StringFromHash allows looking up a string representation of the crypto.Hash.
-func StringFromHash(hash crypto.Hash) (string, error) {
- for s, h := range nameToHash() {
- if h == hash {
- return s, nil
- }
- }
- return "", errInvalidHashAlgorithm
-}
diff --git a/dtls-2.0.9/pkg/crypto/fingerprint/hash_test.go b/dtls-2.0.9/pkg/crypto/fingerprint/hash_test.go
deleted file mode 100644
index 09ed969..0000000
--- a/dtls-2.0.9/pkg/crypto/fingerprint/hash_test.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package fingerprint
-
-import (
- "crypto"
- "errors"
- "testing"
-)
-
-func TestHashFromString(t *testing.T) {
- t.Run("InvalidHashAlgorithm", func(t *testing.T) {
- _, err := HashFromString("invalid-hash-algorithm")
- if !errors.Is(err, errInvalidHashAlgorithm) {
- t.Errorf("Expected error '%v' for invalid hash name, got '%v'", errInvalidHashAlgorithm, err)
- }
- })
- t.Run("ValidHashAlgorithm", func(t *testing.T) {
- h, err := HashFromString("sha-512")
- if err != nil {
- t.Fatalf("Unexpected error for valid hash name, got '%v'", err)
- }
- if h != crypto.SHA512 {
- t.Errorf("Expected hash ID of %d, got %d", int(crypto.SHA512), int(h))
- }
- })
-}
-
-func TestStringFromHash_Roundtrip(t *testing.T) {
- for _, h := range nameToHash() {
- s, err := StringFromHash(h)
- if err != nil {
- t.Fatalf("Unexpected error for valid hash algorithm, got '%v'", err)
- }
- h2, err := HashFromString(s)
- if err != nil {
- t.Fatalf("Unexpected error for valid hash name, got '%v'", err)
- }
- if h != h2 {
- t.Errorf("Hash value doesn't match, expected: 0x%x, got 0x%x", h, h2)
- }
- }
-}
diff --git a/dtls-2.0.9/pkg/crypto/hash/hash.go b/dtls-2.0.9/pkg/crypto/hash/hash.go
deleted file mode 100644
index 660326f..0000000
--- a/dtls-2.0.9/pkg/crypto/hash/hash.go
+++ /dev/null
@@ -1,126 +0,0 @@
-// Package hash provides TLS HashAlgorithm as defined in TLS 1.2
-package hash
-
-import ( //nolint:gci
- "crypto"
- "crypto/md5" //nolint:gosec
- "crypto/sha1" //nolint:gosec
- "crypto/sha256"
- "crypto/sha512"
-)
-
-// Algorithm is used to indicate the hash algorithm used
-// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18
-type Algorithm uint16
-
-// Supported hash algorithms
-const (
- None Algorithm = 0 // Blacklisted
- MD5 Algorithm = 1 // Blacklisted
- SHA1 Algorithm = 2 // Blacklisted
- SHA224 Algorithm = 3
- SHA256 Algorithm = 4
- SHA384 Algorithm = 5
- SHA512 Algorithm = 6
- Ed25519 Algorithm = 8
-)
-
-// String makes hashAlgorithm printable
-func (a Algorithm) String() string {
- switch a {
- case None:
- return "none"
- case MD5:
- return "md5" // [RFC3279]
- case SHA1:
- return "sha-1" // [RFC3279]
- case SHA224:
- return "sha-224" // [RFC4055]
- case SHA256:
- return "sha-256" // [RFC4055]
- case SHA384:
- return "sha-384" // [RFC4055]
- case SHA512:
- return "sha-512" // [RFC4055]
- case Ed25519:
- return "null"
- default:
- return "unknown or unsupported hash algorithm"
- }
-}
-
-// Digest performs a digest on the passed value
-func (a Algorithm) Digest(b []byte) []byte {
- switch a {
- case None:
- return nil
- case MD5:
- hash := md5.Sum(b) // #nosec
- return hash[:]
- case SHA1:
- hash := sha1.Sum(b) // #nosec
- return hash[:]
- case SHA224:
- hash := sha256.Sum224(b)
- return hash[:]
- case SHA256:
- hash := sha256.Sum256(b)
- return hash[:]
- case SHA384:
- hash := sha512.Sum384(b)
- return hash[:]
- case SHA512:
- hash := sha512.Sum512(b)
- return hash[:]
- default:
- return nil
- }
-}
-
-// Insecure returns if the given HashAlgorithm is considered secure in DTLS 1.2
-func (a Algorithm) Insecure() bool {
- switch a {
- case None, MD5, SHA1:
- return true
- default:
- return false
- }
-}
-
-// CryptoHash returns the crypto.Hash implementation for the given HashAlgorithm
-func (a Algorithm) CryptoHash() crypto.Hash {
- switch a {
- case None:
- return crypto.Hash(0)
- case MD5:
- return crypto.MD5
- case SHA1:
- return crypto.SHA1
- case SHA224:
- return crypto.SHA224
- case SHA256:
- return crypto.SHA256
- case SHA384:
- return crypto.SHA384
- case SHA512:
- return crypto.SHA512
- case Ed25519:
- return crypto.Hash(0)
- default:
- return crypto.Hash(0)
- }
-}
-
-// Algorithms returns all the supported Hash Algorithms
-func Algorithms() map[Algorithm]struct{} {
- return map[Algorithm]struct{}{
- None: {},
- MD5: {},
- SHA1: {},
- SHA224: {},
- SHA256: {},
- SHA384: {},
- SHA512: {},
- Ed25519: {},
- }
-}
diff --git a/dtls-2.0.9/pkg/crypto/hash/hash_test.go b/dtls-2.0.9/pkg/crypto/hash/hash_test.go
deleted file mode 100644
index 145d6d8..0000000
--- a/dtls-2.0.9/pkg/crypto/hash/hash_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package hash
-
-import (
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/fingerprint"
-)
-
-func TestHashAlgorithm_StringRoundtrip(t *testing.T) {
- for algo := range Algorithms() {
- if algo == Ed25519 || algo == None {
- continue
- }
-
- str := algo.String()
- hash1 := algo.CryptoHash()
- hash2, err := fingerprint.HashFromString(str)
- if err != nil {
- t.Fatalf("fingerprint.HashFromString failed: %v", err)
- }
- if hash1 != hash2 {
- t.Errorf("Hash algorithm mismatch, input: %d, after roundtrip: %d", int(hash1), int(hash2))
- }
- }
-}
diff --git a/dtls-2.0.9/pkg/crypto/prf/prf.go b/dtls-2.0.9/pkg/crypto/prf/prf.go
deleted file mode 100644
index d33df19..0000000
--- a/dtls-2.0.9/pkg/crypto/prf/prf.go
+++ /dev/null
@@ -1,224 +0,0 @@
-// Package prf implements TLS 1.2 Pseudorandom functions
-package prf
-
-import ( //nolint:gci
- ellipticStdlib "crypto/elliptic"
- "crypto/hmac"
- "encoding/binary"
- "errors"
- "fmt"
- "hash"
- "math"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/protocol"
- "golang.org/x/crypto/curve25519"
-)
-
-const (
- masterSecretLabel = "master secret"
- extendedMasterSecretLabel = "extended master secret"
- keyExpansionLabel = "key expansion"
- verifyDataClientLabel = "client finished"
- verifyDataServerLabel = "server finished"
-)
-
-// HashFunc allows callers to decide what hash is used in PRF
-type HashFunc func() hash.Hash
-
-// EncryptionKeys is all the state needed for a TLS CipherSuite
-type EncryptionKeys struct {
- MasterSecret []byte
- ClientMACKey []byte
- ServerMACKey []byte
- ClientWriteKey []byte
- ServerWriteKey []byte
- ClientWriteIV []byte
- ServerWriteIV []byte
-}
-
-var errInvalidNamedCurve = &protocol.FatalError{Err: errors.New("invalid named curve")} //nolint:goerr113
-
-func (e *EncryptionKeys) String() string {
- return fmt.Sprintf(`encryptionKeys:
-- masterSecret: %#v
-- clientMACKey: %#v
-- serverMACKey: %#v
-- clientWriteKey: %#v
-- serverWriteKey: %#v
-- clientWriteIV: %#v
-- serverWriteIV: %#v
-`,
- e.MasterSecret,
- e.ClientMACKey,
- e.ServerMACKey,
- e.ClientWriteKey,
- e.ServerWriteKey,
- e.ClientWriteIV,
- e.ServerWriteIV)
-}
-
-// PSKPreMasterSecret generates the PSK Premaster Secret
-// The premaster secret is formed as follows: if the PSK is N octets
-// long, concatenate a uint16 with the value N, N zero octets, a second
-// uint16 with the value N, and the PSK itself.
-//
-// https://tools.ietf.org/html/rfc4279#section-2
-func PSKPreMasterSecret(psk []byte) []byte {
- pskLen := uint16(len(psk))
-
- out := append(make([]byte, 2+pskLen+2), psk...)
- binary.BigEndian.PutUint16(out, pskLen)
- binary.BigEndian.PutUint16(out[2+pskLen:], pskLen)
-
- return out
-}
-
-// PreMasterSecret implements TLS 1.2 Premaster Secret generation given a keypair and a curve
-func PreMasterSecret(publicKey, privateKey []byte, curve elliptic.Curve) ([]byte, error) {
- switch curve {
- case elliptic.X25519:
- return curve25519.X25519(privateKey, publicKey)
- case elliptic.P256:
- return ellipticCurvePreMasterSecret(publicKey, privateKey, ellipticStdlib.P256(), ellipticStdlib.P256())
- case elliptic.P384:
- return ellipticCurvePreMasterSecret(publicKey, privateKey, ellipticStdlib.P384(), ellipticStdlib.P384())
- default:
- return nil, errInvalidNamedCurve
- }
-}
-
-func ellipticCurvePreMasterSecret(publicKey, privateKey []byte, c1, c2 ellipticStdlib.Curve) ([]byte, error) {
- x, y := ellipticStdlib.Unmarshal(c1, publicKey)
- if x == nil || y == nil {
- return nil, errInvalidNamedCurve
- }
-
- result, _ := c2.ScalarMult(x, y, privateKey)
- preMasterSecret := make([]byte, (c2.Params().BitSize+7)>>3)
- resultBytes := result.Bytes()
- copy(preMasterSecret[len(preMasterSecret)-len(resultBytes):], resultBytes)
- return preMasterSecret, nil
-}
-
-// PHash is PRF is the SHA-256 hash function is used for all cipher suites
-// defined in this TLS 1.2 document and in TLS documents published prior to this
-// document when TLS 1.2 is negotiated. New cipher suites MUST explicitly
-// specify a PRF and, in general, SHOULD use the TLS PRF with SHA-256 or a
-// stronger standard hash function.
-//
-// P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
-// HMAC_hash(secret, A(2) + seed) +
-// HMAC_hash(secret, A(3) + seed) + ...
-//
-// A() is defined as:
-//
-// A(0) = seed
-// A(i) = HMAC_hash(secret, A(i-1))
-//
-// P_hash can be iterated as many times as necessary to produce the
-// required quantity of data. For example, if P_SHA256 is being used to
-// create 80 bytes of data, it will have to be iterated three times
-// (through A(3)), creating 96 bytes of output data; the last 16 bytes
-// of the final iteration will then be discarded, leaving 80 bytes of
-// output data.
-//
-// https://tools.ietf.org/html/rfc4346w
-func PHash(secret, seed []byte, requestedLength int, h HashFunc) ([]byte, error) {
- hmacSHA256 := func(key, data []byte) ([]byte, error) {
- mac := hmac.New(h, key)
- if _, err := mac.Write(data); err != nil {
- return nil, err
- }
- return mac.Sum(nil), nil
- }
-
- var err error
- lastRound := seed
- out := []byte{}
-
- iterations := int(math.Ceil(float64(requestedLength) / float64(h().Size())))
- for i := 0; i < iterations; i++ {
- lastRound, err = hmacSHA256(secret, lastRound)
- if err != nil {
- return nil, err
- }
- withSecret, err := hmacSHA256(secret, append(lastRound, seed...))
- if err != nil {
- return nil, err
- }
- out = append(out, withSecret...)
- }
-
- return out[:requestedLength], nil
-}
-
-// ExtendedMasterSecret generates a Extended MasterSecret as defined in
-// https://tools.ietf.org/html/rfc7627
-func ExtendedMasterSecret(preMasterSecret, sessionHash []byte, h HashFunc) ([]byte, error) {
- seed := append([]byte(extendedMasterSecretLabel), sessionHash...)
- return PHash(preMasterSecret, seed, 48, h)
-}
-
-// MasterSecret generates a TLS 1.2 MasterSecret
-func MasterSecret(preMasterSecret, clientRandom, serverRandom []byte, h HashFunc) ([]byte, error) {
- seed := append(append([]byte(masterSecretLabel), clientRandom...), serverRandom...)
- return PHash(preMasterSecret, seed, 48, h)
-}
-
-// GenerateEncryptionKeys is the final step TLS 1.2 PRF. Given all state generated so far generates
-// the final keys need for encryption
-func GenerateEncryptionKeys(masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int, h HashFunc) (*EncryptionKeys, error) {
- seed := append(append([]byte(keyExpansionLabel), serverRandom...), clientRandom...)
- keyMaterial, err := PHash(masterSecret, seed, (2*macLen)+(2*keyLen)+(2*ivLen), h)
- if err != nil {
- return nil, err
- }
-
- clientMACKey := keyMaterial[:macLen]
- keyMaterial = keyMaterial[macLen:]
-
- serverMACKey := keyMaterial[:macLen]
- keyMaterial = keyMaterial[macLen:]
-
- clientWriteKey := keyMaterial[:keyLen]
- keyMaterial = keyMaterial[keyLen:]
-
- serverWriteKey := keyMaterial[:keyLen]
- keyMaterial = keyMaterial[keyLen:]
-
- clientWriteIV := keyMaterial[:ivLen]
- keyMaterial = keyMaterial[ivLen:]
-
- serverWriteIV := keyMaterial[:ivLen]
-
- return &EncryptionKeys{
- MasterSecret: masterSecret,
- ClientMACKey: clientMACKey,
- ServerMACKey: serverMACKey,
- ClientWriteKey: clientWriteKey,
- ServerWriteKey: serverWriteKey,
- ClientWriteIV: clientWriteIV,
- ServerWriteIV: serverWriteIV,
- }, nil
-}
-
-func prfVerifyData(masterSecret, handshakeBodies []byte, label string, hashFunc HashFunc) ([]byte, error) {
- h := hashFunc()
- if _, err := h.Write(handshakeBodies); err != nil {
- return nil, err
- }
-
- seed := append([]byte(label), h.Sum(nil)...)
- return PHash(masterSecret, seed, 12, hashFunc)
-}
-
-// VerifyDataClient is caled on the Client Side to either verify or generate the VerifyData message
-func VerifyDataClient(masterSecret, handshakeBodies []byte, h HashFunc) ([]byte, error) {
- return prfVerifyData(masterSecret, handshakeBodies, verifyDataClientLabel, h)
-}
-
-// VerifyDataServer is caled on the Server Side to either verify or generate the VerifyData message
-func VerifyDataServer(masterSecret, handshakeBodies []byte, h HashFunc) ([]byte, error) {
- return prfVerifyData(masterSecret, handshakeBodies, verifyDataServerLabel, h)
-}
diff --git a/dtls-2.0.9/pkg/crypto/prf/prf_test.go b/dtls-2.0.9/pkg/crypto/prf/prf_test.go
deleted file mode 100644
index 1152216..0000000
--- a/dtls-2.0.9/pkg/crypto/prf/prf_test.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package prf
-
-import (
- "bytes"
- "crypto/sha256"
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
-)
-
-func TestPreMasterSecret(t *testing.T) {
- privateKey := []byte{0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}
- publicKey := []byte{0x9f, 0xd7, 0xad, 0x6d, 0xcf, 0xf4, 0x29, 0x8d, 0xd3, 0xf9, 0x6d, 0x5b, 0x1b, 0x2a, 0xf9, 0x10, 0xa0, 0x53, 0x5b, 0x14, 0x88, 0xd7, 0xf8, 0xfa, 0xbb, 0x34, 0x9a, 0x98, 0x28, 0x80, 0xb6, 0x15}
- expectedPreMasterSecret := []byte{0xdf, 0x4a, 0x29, 0x1b, 0xaa, 0x1e, 0xb7, 0xcf, 0xa6, 0x93, 0x4b, 0x29, 0xb4, 0x74, 0xba, 0xad, 0x26, 0x97, 0xe2, 0x9f, 0x1f, 0x92, 0x0d, 0xcc, 0x77, 0xc8, 0xa0, 0xa0, 0x88, 0x44, 0x76, 0x24}
-
- preMasterSecret, err := PreMasterSecret(publicKey, privateKey, elliptic.X25519)
- if err != nil {
- t.Fatal(err)
- } else if !bytes.Equal(expectedPreMasterSecret, preMasterSecret) {
- t.Fatalf("PremasterSecret exp: % 02x actual: % 02x", expectedPreMasterSecret, preMasterSecret)
- }
-}
-
-func TestMasterSecret(t *testing.T) {
- preMasterSecret := []byte{0xdf, 0x4a, 0x29, 0x1b, 0xaa, 0x1e, 0xb7, 0xcf, 0xa6, 0x93, 0x4b, 0x29, 0xb4, 0x74, 0xba, 0xad, 0x26, 0x97, 0xe2, 0x9f, 0x1f, 0x92, 0x0d, 0xcc, 0x77, 0xc8, 0xa0, 0xa0, 0x88, 0x44, 0x76, 0x24}
- clientRandom := []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}
- serverRandom := []byte{0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f}
- expectedMasterSecret := []byte{0x91, 0x6a, 0xbf, 0x9d, 0xa5, 0x59, 0x73, 0xe1, 0x36, 0x14, 0xae, 0x0a, 0x3f, 0x5d, 0x3f, 0x37, 0xb0, 0x23, 0xba, 0x12, 0x9a, 0xee, 0x02, 0xcc, 0x91, 0x34, 0x33, 0x81, 0x27, 0xcd, 0x70, 0x49, 0x78, 0x1c, 0x8e, 0x19, 0xfc, 0x1e, 0xb2, 0xa7, 0x38, 0x7a, 0xc0, 0x6a, 0xe2, 0x37, 0x34, 0x4c}
-
- masterSecret, err := MasterSecret(preMasterSecret, clientRandom, serverRandom, sha256.New)
- if err != nil {
- t.Fatal(err)
- } else if !bytes.Equal(expectedMasterSecret, masterSecret) {
- t.Fatalf("masterSecret exp: % 02x actual: % 02x", expectedMasterSecret, masterSecret)
- }
-}
-
-func TestEncryptionKeys(t *testing.T) {
- clientRandom := []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}
- serverRandom := []byte{0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f}
- masterSecret := []byte{0x91, 0x6a, 0xbf, 0x9d, 0xa5, 0x59, 0x73, 0xe1, 0x36, 0x14, 0xae, 0x0a, 0x3f, 0x5d, 0x3f, 0x37, 0xb0, 0x23, 0xba, 0x12, 0x9a, 0xee, 0x02, 0xcc, 0x91, 0x34, 0x33, 0x81, 0x27, 0xcd, 0x70, 0x49, 0x78, 0x1c, 0x8e, 0x19, 0xfc, 0x1e, 0xb2, 0xa7, 0x38, 0x7a, 0xc0, 0x6a, 0xe2, 0x37, 0x34, 0x4c}
-
- expectedEncryptionKeys := &EncryptionKeys{
- MasterSecret: masterSecret,
- ClientMACKey: []byte{},
- ServerMACKey: []byte{},
- ClientWriteKey: []byte{0x1b, 0x7d, 0x11, 0x7c, 0x7d, 0x5f, 0x69, 0x0b, 0xc2, 0x63, 0xca, 0xe8, 0xef, 0x60, 0xaf, 0x0f},
- ServerWriteKey: []byte{0x18, 0x78, 0xac, 0xc2, 0x2a, 0xd8, 0xbd, 0xd8, 0xc6, 0x01, 0xa6, 0x17, 0x12, 0x6f, 0x63, 0x54},
- ClientWriteIV: []byte{0x0e, 0xb2, 0x09, 0x06},
- ServerWriteIV: []byte{0xf7, 0x81, 0xfa, 0xd2},
- }
- keys, err := GenerateEncryptionKeys(masterSecret, clientRandom, serverRandom, 0, 16, 4, sha256.New)
-
- if err != nil {
- t.Fatal(err)
- } else if !reflect.DeepEqual(expectedEncryptionKeys, keys) {
- t.Fatalf("masterSecret exp: %q actual: %q", expectedEncryptionKeys, keys)
- }
-}
-
-func TestVerifyData(t *testing.T) {
- clientHello := []byte{0x01, 0x00, 0x00, 0xa1, 0x03, 0x03, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x00, 0x20, 0xcc, 0xa8, 0xcc, 0xa9, 0xc0, 0x2f, 0xc0, 0x30, 0xc0, 0x2b, 0xc0, 0x2c, 0xc0, 0x13, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0xc0, 0x12, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00, 0x18, 0x00, 0x16, 0x00, 0x00, 0x13, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x75, 0x6c, 0x66, 0x68, 0x65, 0x69, 0x6d, 0x2e, 0x6e, 0x65, 0x74, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x04, 0x03, 0x05, 0x01, 0x05, 0x03, 0x06, 0x01, 0x06, 0x03, 0x02, 0x01, 0x02, 0x03, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x12, 0x00, 0x00}
- serverHello := []byte{0x02, 0x00, 0x00, 0x2d, 0x03, 0x03, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x00, 0xc0, 0x13, 0x00, 0x00, 0x05, 0xff, 0x01, 0x00, 0x01, 0x00}
- serverCertificate := []byte{0x0b, 0x00, 0x03, 0x2b, 0x00, 0x03, 0x28, 0x00, 0x03, 0x25, 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x09, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x15, 0x5a, 0x92, 0xad, 0xc2, 0x04, 0x8f, 0x90, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x22, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x31, 0x30, 0x30, 0x35, 0x30, 0x31, 0x33, 0x38, 0x31, 0x37, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x30, 0x30, 0x35, 0x30, 0x31, 0x33, 0x38, 0x31, 0x37, 0x5a, 0x30, 0x2b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x75, 0x6c, 0x66, 0x68, 0x65, 0x69, 0x6d, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0x80, 0x36, 0x06, 0xba, 0xe7, 0x47, 0x6b, 0x08, 0x94, 0x04, 0xec, 0xa7, 0xb6, 0x91, 0x04, 0x3f, 0xf7, 0x92, 0xbc, 0x19, 0xee, 0xfb, 0x7d, 0x74, 0xd7, 0xa8, 0x0d, 0x00, 0x1e, 0x7b, 0x4b, 0x3a, 0x4a, 0xe6, 0x0f, 0xe8, 0xc0, 0x71, 0xfc, 0x73, 0xe7, 0x02, 0x4c, 0x0d, 0xbc, 0xf4, 0xbd, 0xd1, 0x1d, 0x39, 0x6b, 0xba, 0x70, 0x46, 0x4a, 0x13, 0xe9, 0x4a, 0xf8, 0x3d, 0xf3, 0xe1, 0x09, 0x59, 0x54, 0x7b, 0xc9, 0x55, 0xfb, 0x41, 0x2d, 0xa3, 0x76, 0x52, 0x11, 0xe1, 0xf3, 0xdc, 0x77, 0x6c, 0xaa, 0x53, 0x37, 0x6e, 0xca, 0x3a, 0xec, 0xbe, 0xc3, 0xaa, 0xb7, 0x3b, 0x31, 0xd5, 0x6c, 0xb6, 0x52, 0x9c, 0x80, 0x98, 0xbc, 0xc9, 0xe0, 0x28, 0x18, 0xe2, 0x0b, 0xf7, 0xf8, 0xa0, 0x3a, 0xfd, 0x17, 0x04, 0x50, 0x9e, 0xce, 0x79, 0xbd, 0x9f, 0x39, 0xf1, 0xea, 0x69, 0xec, 0x47, 0x97, 0x2e, 0x83, 0x0f, 0xb5, 0xca, 0x95, 0xde, 0x95, 0xa1, 0xe6, 0x04, 0x22, 0xd5, 0xee, 0xbe, 0x52, 0x79, 0x54, 0xa1, 0xe7, 0xbf, 0x8a, 0x86, 0xf6, 0x46, 0x6d, 0x0d, 0x9f, 0x16, 0x95, 0x1a, 0x4c, 0xf7, 0xa0, 0x46, 0x92, 0x59, 0x5c, 0x13, 0x52, 0xf2, 0x54, 0x9e, 0x5a, 0xfb, 0x4e, 0xbf, 0xd7, 0x7a, 0x37, 0x95, 0x01, 0x44, 0xe4, 0xc0, 0x26, 0x87, 0x4c, 0x65, 0x3e, 0x40, 0x7d, 0x7d, 0x23, 0x07, 0x44, 0x01, 0xf4, 0x84, 0xff, 0xd0, 0x8f, 0x7a, 0x1f, 0xa0, 0x52, 0x10, 0xd1, 0xf4, 0xf0, 0xd5, 0xce, 0x79, 0x70, 0x29, 0x32, 0xe2, 0xca, 0xbe, 0x70, 0x1f, 0xdf, 0xad, 0x6b, 0x4b, 0xb7, 0x11, 0x01, 0xf4, 0x4b, 0xad, 0x66, 0x6a, 0x11, 0x13, 0x0f, 0xe2, 0xee, 0x82, 0x9e, 0x4d, 0x02, 0x9d, 0xc9, 0x1c, 0xdd, 0x67, 0x16, 0xdb, 0xb9, 0x06, 0x18, 0x86, 0xed, 0xc1, 0xba, 0x94, 0x21, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x52, 0x30, 0x50, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x89, 0x4f, 0xde, 0x5b, 0xcc, 0x69, 0xe2, 0x52, 0xcf, 0x3e, 0xa3, 0x00, 0xdf, 0xb1, 0x97, 0xb8, 0x1d, 0xe1, 0xc1, 0x46, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x16, 0x45, 0xa6, 0x9a, 0x2e, 0x37, 0x79, 0xe4, 0xf6, 0xdd, 0x27, 0x1a, 0xba, 0x1c, 0x0b, 0xfd, 0x6c, 0xd7, 0x55, 0x99, 0xb5, 0xe7, 0xc3, 0x6e, 0x53, 0x3e, 0xff, 0x36, 0x59, 0x08, 0x43, 0x24, 0xc9, 0xe7, 0xa5, 0x04, 0x07, 0x9d, 0x39, 0xe0, 0xd4, 0x29, 0x87, 0xff, 0xe3, 0xeb, 0xdd, 0x09, 0xc1, 0xcf, 0x1d, 0x91, 0x44, 0x55, 0x87, 0x0b, 0x57, 0x1d, 0xd1, 0x9b, 0xdf, 0x1d, 0x24, 0xf8, 0xbb, 0x9a, 0x11, 0xfe, 0x80, 0xfd, 0x59, 0x2b, 0xa0, 0x39, 0x8c, 0xde, 0x11, 0xe2, 0x65, 0x1e, 0x61, 0x8c, 0xe5, 0x98, 0xfa, 0x96, 0xe5, 0x37, 0x2e, 0xef, 0x3d, 0x24, 0x8a, 0xfd, 0xe1, 0x74, 0x63, 0xeb, 0xbf, 0xab, 0xb8, 0xe4, 0xd1, 0xab, 0x50, 0x2a, 0x54, 0xec, 0x00, 0x64, 0xe9, 0x2f, 0x78, 0x19, 0x66, 0x0d, 0x3f, 0x27, 0xcf, 0x20, 0x9e, 0x66, 0x7f, 0xce, 0x5a, 0xe2, 0xe4, 0xac, 0x99, 0xc7, 0xc9, 0x38, 0x18, 0xf8, 0xb2, 0x51, 0x07, 0x22, 0xdf, 0xed, 0x97, 0xf3, 0x2e, 0x3e, 0x93, 0x49, 0xd4, 0xc6, 0x6c, 0x9e, 0xa6, 0x39, 0x6d, 0x74, 0x44, 0x62, 0xa0, 0x6b, 0x42, 0xc6, 0xd5, 0xba, 0x68, 0x8e, 0xac, 0x3a, 0x01, 0x7b, 0xdd, 0xfc, 0x8e, 0x2c, 0xfc, 0xad, 0x27, 0xcb, 0x69, 0xd3, 0xcc, 0xdc, 0xa2, 0x80, 0x41, 0x44, 0x65, 0xd3, 0xae, 0x34, 0x8c, 0xe0, 0xf3, 0x4a, 0xb2, 0xfb, 0x9c, 0x61, 0x83, 0x71, 0x31, 0x2b, 0x19, 0x10, 0x41, 0x64, 0x1c, 0x23, 0x7f, 0x11, 0xa5, 0xd6, 0x5c, 0x84, 0x4f, 0x04, 0x04, 0x84, 0x99, 0x38, 0x71, 0x2b, 0x95, 0x9e, 0xd6, 0x85, 0xbc, 0x5c, 0x5d, 0xd6, 0x45, 0xed, 0x19, 0x90, 0x94, 0x73, 0x40, 0x29, 0x26, 0xdc, 0xb4, 0x0e, 0x34, 0x69, 0xa1, 0x59, 0x41, 0xe8, 0xe2, 0xcc, 0xa8, 0x4b, 0xb6, 0x08, 0x46, 0x36, 0xa0}
- serverKeyExchange := []byte{0x0c, 0x00, 0x01, 0x28, 0x03, 0x00, 0x1d, 0x20, 0x9f, 0xd7, 0xad, 0x6d, 0xcf, 0xf4, 0x29, 0x8d, 0xd3, 0xf9, 0x6d, 0x5b, 0x1b, 0x2a, 0xf9, 0x10, 0xa0, 0x53, 0x5b, 0x14, 0x88, 0xd7, 0xf8, 0xfa, 0xbb, 0x34, 0x9a, 0x98, 0x28, 0x80, 0xb6, 0x15, 0x04, 0x01, 0x01, 0x00, 0x04, 0x02, 0xb6, 0x61, 0xf7, 0xc1, 0x91, 0xee, 0x59, 0xbe, 0x45, 0x37, 0x66, 0x39, 0xbd, 0xc3, 0xd4, 0xbb, 0x81, 0xe1, 0x15, 0xca, 0x73, 0xc8, 0x34, 0x8b, 0x52, 0x5b, 0x0d, 0x23, 0x38, 0xaa, 0x14, 0x46, 0x67, 0xed, 0x94, 0x31, 0x02, 0x14, 0x12, 0xcd, 0x9b, 0x84, 0x4c, 0xba, 0x29, 0x93, 0x4a, 0xaa, 0xcc, 0xe8, 0x73, 0x41, 0x4e, 0xc1, 0x1c, 0xb0, 0x2e, 0x27, 0x2d, 0x0a, 0xd8, 0x1f, 0x76, 0x7d, 0x33, 0x07, 0x67, 0x21, 0xf1, 0x3b, 0xf3, 0x60, 0x20, 0xcf, 0x0b, 0x1f, 0xd0, 0xec, 0xb0, 0x78, 0xde, 0x11, 0x28, 0xbe, 0xba, 0x09, 0x49, 0xeb, 0xec, 0xe1, 0xa1, 0xf9, 0x6e, 0x20, 0x9d, 0xc3, 0x6e, 0x4f, 0xff, 0xd3, 0x6b, 0x67, 0x3a, 0x7d, 0xdc, 0x15, 0x97, 0xad, 0x44, 0x08, 0xe4, 0x85, 0xc4, 0xad, 0xb2, 0xc8, 0x73, 0x84, 0x12, 0x49, 0x37, 0x25, 0x23, 0x80, 0x9e, 0x43, 0x12, 0xd0, 0xc7, 0xb3, 0x52, 0x2e, 0xf9, 0x83, 0xca, 0xc1, 0xe0, 0x39, 0x35, 0xff, 0x13, 0xa8, 0xe9, 0x6b, 0xa6, 0x81, 0xa6, 0x2e, 0x40, 0xd3, 0xe7, 0x0a, 0x7f, 0xf3, 0x58, 0x66, 0xd3, 0xd9, 0x99, 0x3f, 0x9e, 0x26, 0xa6, 0x34, 0xc8, 0x1b, 0x4e, 0x71, 0x38, 0x0f, 0xcd, 0xd6, 0xf4, 0xe8, 0x35, 0xf7, 0x5a, 0x64, 0x09, 0xc7, 0xdc, 0x2c, 0x07, 0x41, 0x0e, 0x6f, 0x87, 0x85, 0x8c, 0x7b, 0x94, 0xc0, 0x1c, 0x2e, 0x32, 0xf2, 0x91, 0x76, 0x9e, 0xac, 0xca, 0x71, 0x64, 0x3b, 0x8b, 0x98, 0xa9, 0x63, 0xdf, 0x0a, 0x32, 0x9b, 0xea, 0x4e, 0xd6, 0x39, 0x7e, 0x8c, 0xd0, 0x1a, 0x11, 0x0a, 0xb3, 0x61, 0xac, 0x5b, 0xad, 0x1c, 0xcd, 0x84, 0x0a, 0x6c, 0x8a, 0x6e, 0xaa, 0x00, 0x1a, 0x9d, 0x7d, 0x87, 0xdc, 0x33, 0x18, 0x64, 0x35, 0x71, 0x22, 0x6c, 0x4d, 0xd2, 0xc2, 0xac, 0x41, 0xfb}
- serverHelloDone := []byte{0x0e, 0x00, 0x00, 0x00}
- clientKeyExchange := []byte{0x10, 0x00, 0x00, 0x21, 0x20, 0x35, 0x80, 0x72, 0xd6, 0x36, 0x58, 0x80, 0xd1, 0xae, 0xea, 0x32, 0x9a, 0xdf, 0x91, 0x21, 0x38, 0x38, 0x51, 0xed, 0x21, 0xa2, 0x8e, 0x3b, 0x75, 0xe9, 0x65, 0xd0, 0xd2, 0xcd, 0x16, 0x62, 0x54}
-
- finalMsg := append(append(append(append(append(clientHello, serverHello...), serverCertificate...), serverKeyExchange...), serverHelloDone...), clientKeyExchange...)
- masterSecret := []byte{0x91, 0x6a, 0xbf, 0x9d, 0xa5, 0x59, 0x73, 0xe1, 0x36, 0x14, 0xae, 0x0a, 0x3f, 0x5d, 0x3f, 0x37, 0xb0, 0x23, 0xba, 0x12, 0x9a, 0xee, 0x02, 0xcc, 0x91, 0x34, 0x33, 0x81, 0x27, 0xcd, 0x70, 0x49, 0x78, 0x1c, 0x8e, 0x19, 0xfc, 0x1e, 0xb2, 0xa7, 0x38, 0x7a, 0xc0, 0x6a, 0xe2, 0x37, 0x34, 0x4c}
-
- expectedVerifyData := []byte{0xcf, 0x91, 0x96, 0x26, 0xf1, 0x36, 0x0c, 0x53, 0x6a, 0xaa, 0xd7, 0x3a}
- verifyData, err := VerifyDataClient(masterSecret, finalMsg, sha256.New)
- if err != nil {
- t.Fatal(err)
- } else if !bytes.Equal(expectedVerifyData, verifyData) {
- t.Fatalf("verifyData exp: %q actual: %q", expectedVerifyData, verifyData)
- }
-}
diff --git a/dtls-2.0.9/pkg/crypto/selfsign/selfsign.go b/dtls-2.0.9/pkg/crypto/selfsign/selfsign.go
deleted file mode 100644
index f8c814c..0000000
--- a/dtls-2.0.9/pkg/crypto/selfsign/selfsign.go
+++ /dev/null
@@ -1,103 +0,0 @@
-// Package selfsign is a test helper that generates self signed certificate.
-package selfsign
-
-import (
- "crypto"
- "crypto/ecdsa"
- "crypto/ed25519"
- "crypto/elliptic"
- "crypto/rand"
- "crypto/tls"
- "crypto/x509"
- "crypto/x509/pkix"
- "encoding/hex"
- "errors"
- "math/big"
- "time"
-)
-
-var errInvalidPrivateKey = errors.New("selfsign: invalid private key type")
-
-// GenerateSelfSigned creates a self-signed certificate
-func GenerateSelfSigned() (tls.Certificate, error) {
- priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
- if err != nil {
- return tls.Certificate{}, err
- }
-
- return SelfSign(priv)
-}
-
-// GenerateSelfSignedWithDNS creates a self-signed certificate
-func GenerateSelfSignedWithDNS(cn string, sans ...string) (tls.Certificate, error) {
- priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
- if err != nil {
- return tls.Certificate{}, err
- }
-
- return WithDNS(priv, cn, sans...)
-}
-
-// SelfSign creates a self-signed certificate from a elliptic curve key
-func SelfSign(key crypto.PrivateKey) (tls.Certificate, error) {
- return WithDNS(key, hex.EncodeToString(make([]byte, 16)))
-}
-
-// WithDNS creates a self-signed certificate from a elliptic curve key
-func WithDNS(key crypto.PrivateKey, cn string, sans ...string) (tls.Certificate, error) {
- var (
- pubKey crypto.PublicKey
- maxBigInt = new(big.Int) // Max random value, a 130-bits integer, i.e 2^130 - 1
- )
-
- switch k := key.(type) {
- case ed25519.PrivateKey:
- pubKey = k.Public()
- case *ecdsa.PrivateKey:
- pubKey = k.Public()
- default:
- return tls.Certificate{}, errInvalidPrivateKey
- }
-
- /* #nosec */
- maxBigInt.Exp(big.NewInt(2), big.NewInt(130), nil).Sub(maxBigInt, big.NewInt(1))
- /* #nosec */
- serialNumber, err := rand.Int(rand.Reader, maxBigInt)
- if err != nil {
- return tls.Certificate{}, err
- }
-
- names := []string{cn}
- names = append(names, sans...)
-
- template := x509.Certificate{
- Subject: pkix.Name{
- // TODO anylink
- Organization: []string{cn},
- OrganizationalUnit: names,
- },
- ExtKeyUsage: []x509.ExtKeyUsage{
- x509.ExtKeyUsageClientAuth,
- x509.ExtKeyUsageServerAuth,
- },
- BasicConstraintsValid: true,
- NotBefore: time.Now(),
- KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
- NotAfter: time.Now().AddDate(0, 1, 0),
- SerialNumber: serialNumber,
- Version: 2,
- IsCA: true,
- DNSNames: names,
- }
-
- raw, err := x509.CreateCertificate(rand.Reader, &template, &template, pubKey, key)
- if err != nil {
- return tls.Certificate{}, err
- }
-
- return tls.Certificate{
- Certificate: [][]byte{raw},
- PrivateKey: key,
- Leaf: &template,
- }, nil
-}
diff --git a/dtls-2.0.9/pkg/crypto/signature/signature.go b/dtls-2.0.9/pkg/crypto/signature/signature.go
deleted file mode 100644
index d9150eb..0000000
--- a/dtls-2.0.9/pkg/crypto/signature/signature.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// Package signature provides our implemented Signature Algorithms
-package signature
-
-// Algorithm as defined in TLS 1.2
-// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16
-type Algorithm uint16
-
-// SignatureAlgorithm enums
-const (
- Anonymous Algorithm = 0
- RSA Algorithm = 1
- ECDSA Algorithm = 3
- Ed25519 Algorithm = 7
-)
-
-// Algorithms returns all implemented Signature Algorithms
-func Algorithms() map[Algorithm]struct{} {
- return map[Algorithm]struct{}{
- Anonymous: {},
- RSA: {},
- ECDSA: {},
- Ed25519: {},
- }
-}
diff --git a/dtls-2.0.9/pkg/crypto/signaturehash/errors.go b/dtls-2.0.9/pkg/crypto/signaturehash/errors.go
deleted file mode 100644
index 9d9d3b3..0000000
--- a/dtls-2.0.9/pkg/crypto/signaturehash/errors.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package signaturehash
-
-import "errors"
-
-var (
- errNoAvailableSignatureSchemes = errors.New("connection can not be created, no SignatureScheme satisfy this Config")
- errInvalidSignatureAlgorithm = errors.New("invalid signature algorithm")
- errInvalidHashAlgorithm = errors.New("invalid hash algorithm")
-)
diff --git a/dtls-2.0.9/pkg/crypto/signaturehash/signaturehash.go b/dtls-2.0.9/pkg/crypto/signaturehash/signaturehash.go
deleted file mode 100644
index f2017bc..0000000
--- a/dtls-2.0.9/pkg/crypto/signaturehash/signaturehash.go
+++ /dev/null
@@ -1,93 +0,0 @@
-// Package signaturehash provides the SignatureHashAlgorithm as defined in TLS 1.2
-package signaturehash
-
-import (
- "crypto"
- "crypto/ecdsa"
- "crypto/ed25519"
- "crypto/rsa"
- "crypto/tls"
-
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
- "golang.org/x/xerrors"
-)
-
-// Algorithm is a signature/hash algorithm pairs which may be used in
-// digital signatures.
-//
-// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
-type Algorithm struct {
- Hash hash.Algorithm
- Signature signature.Algorithm
-}
-
-// Algorithms are all the know SignatureHash Algorithms
-func Algorithms() []Algorithm {
- return []Algorithm{
- {hash.SHA256, signature.ECDSA},
- {hash.SHA384, signature.ECDSA},
- {hash.SHA512, signature.ECDSA},
- {hash.SHA256, signature.RSA},
- {hash.SHA384, signature.RSA},
- {hash.SHA512, signature.RSA},
- {hash.Ed25519, signature.Ed25519},
- }
-}
-
-// SelectSignatureScheme returns most preferred and compatible scheme.
-func SelectSignatureScheme(sigs []Algorithm, privateKey crypto.PrivateKey) (Algorithm, error) {
- for _, ss := range sigs {
- if ss.isCompatible(privateKey) {
- return ss, nil
- }
- }
- return Algorithm{}, errNoAvailableSignatureSchemes
-}
-
-// isCompatible checks that given private key is compatible with the signature scheme.
-func (a *Algorithm) isCompatible(privateKey crypto.PrivateKey) bool {
- switch privateKey.(type) {
- case ed25519.PrivateKey:
- return a.Signature == signature.Ed25519
- case *ecdsa.PrivateKey:
- return a.Signature == signature.ECDSA
- case *rsa.PrivateKey:
- return a.Signature == signature.RSA
- default:
- return false
- }
-}
-
-// ParseSignatureSchemes translates []tls.SignatureScheme to []signatureHashAlgorithm.
-// It returns default signature scheme list if no SignatureScheme is passed.
-func ParseSignatureSchemes(sigs []tls.SignatureScheme, insecureHashes bool) ([]Algorithm, error) {
- if len(sigs) == 0 {
- return Algorithms(), nil
- }
- out := []Algorithm{}
- for _, ss := range sigs {
- sig := signature.Algorithm(ss & 0xFF)
- if _, ok := signature.Algorithms()[sig]; !ok {
- return nil,
- xerrors.Errorf("SignatureScheme %04x: %w", ss, errInvalidSignatureAlgorithm)
- }
- h := hash.Algorithm(ss >> 8)
- if _, ok := hash.Algorithms()[h]; !ok || (ok && h == hash.None) {
- return nil, xerrors.Errorf("SignatureScheme %04x: %w", ss, errInvalidHashAlgorithm)
- }
- if h.Insecure() && !insecureHashes {
- continue
- }
- out = append(out, Algorithm{
- Hash: h,
- Signature: sig,
- })
- }
-
- if len(out) == 0 {
- return nil, errNoAvailableSignatureSchemes
- }
-
- return out, nil
-}
diff --git a/dtls-2.0.9/pkg/crypto/signaturehash/signaturehash_go113_test.go b/dtls-2.0.9/pkg/crypto/signaturehash/signaturehash_go113_test.go
deleted file mode 100644
index 45230e3..0000000
--- a/dtls-2.0.9/pkg/crypto/signaturehash/signaturehash_go113_test.go
+++ /dev/null
@@ -1,46 +0,0 @@
-// +build go1.13
-
-package signaturehash
-
-import (
- "crypto/tls"
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
- "golang.org/x/xerrors"
-)
-
-func TestParseSignatureSchemes_Ed25519(t *testing.T) {
- cases := map[string]struct {
- input []tls.SignatureScheme
- expected []Algorithm
- err error
- insecureHashes bool
- }{
- "Translate": {
- input: []tls.SignatureScheme{
- tls.Ed25519,
- },
- expected: []Algorithm{
- {hash.Ed25519, signature.Ed25519},
- },
- err: nil,
- insecureHashes: false,
- },
- }
-
- for name, testCase := range cases {
- testCase := testCase
- t.Run(name, func(t *testing.T) {
- output, err := ParseSignatureSchemes(testCase.input, testCase.insecureHashes)
- if testCase.err != nil && !xerrors.Is(err, testCase.err) {
- t.Fatalf("Expected error: %v, got: %v", testCase.err, err)
- }
- if !reflect.DeepEqual(testCase.expected, output) {
- t.Errorf("Expected signatureHashAlgorithm:\n%+v\ngot:\n%+v", testCase.expected, output)
- }
- })
- }
-}
diff --git a/dtls-2.0.9/pkg/crypto/signaturehash/signaturehash_test.go b/dtls-2.0.9/pkg/crypto/signaturehash/signaturehash_test.go
deleted file mode 100644
index ff01add..0000000
--- a/dtls-2.0.9/pkg/crypto/signaturehash/signaturehash_test.go
+++ /dev/null
@@ -1,102 +0,0 @@
-package signaturehash
-
-import (
- "crypto/tls"
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
- "golang.org/x/xerrors"
-)
-
-func TestParseSignatureSchemes(t *testing.T) {
- cases := map[string]struct {
- input []tls.SignatureScheme
- expected []Algorithm
- err error
- insecureHashes bool
- }{
- "Translate": {
- input: []tls.SignatureScheme{
- tls.ECDSAWithP256AndSHA256,
- tls.ECDSAWithP384AndSHA384,
- tls.ECDSAWithP521AndSHA512,
- tls.PKCS1WithSHA256,
- tls.PKCS1WithSHA384,
- tls.PKCS1WithSHA512,
- },
- expected: []Algorithm{
- {hash.SHA256, signature.ECDSA},
- {hash.SHA384, signature.ECDSA},
- {hash.SHA512, signature.ECDSA},
- {hash.SHA256, signature.RSA},
- {hash.SHA384, signature.RSA},
- {hash.SHA512, signature.RSA},
- },
- insecureHashes: false,
- err: nil,
- },
- "InvalidSignatureAlgorithm": {
- input: []tls.SignatureScheme{
- tls.ECDSAWithP256AndSHA256, // Valid
- 0x04FF, // Invalid: unknown signature with SHA-256
- },
- expected: nil,
- insecureHashes: false,
- err: errInvalidSignatureAlgorithm,
- },
- "InvalidHashAlgorithm": {
- input: []tls.SignatureScheme{
- tls.ECDSAWithP256AndSHA256, // Valid
- 0x0003, // Invalid: ECDSA with None
- },
- expected: nil,
- insecureHashes: false,
- err: errInvalidHashAlgorithm,
- },
- "InsecureHashAlgorithmDenied": {
- input: []tls.SignatureScheme{
- tls.ECDSAWithP256AndSHA256, // Valid
- tls.ECDSAWithSHA1, // Insecure
- },
- expected: []Algorithm{
- {hash.SHA256, signature.ECDSA},
- },
- insecureHashes: false,
- err: nil,
- },
- "InsecureHashAlgorithmAllowed": {
- input: []tls.SignatureScheme{
- tls.ECDSAWithP256AndSHA256, // Valid
- tls.ECDSAWithSHA1, // Insecure
- },
- expected: []Algorithm{
- {hash.SHA256, signature.ECDSA},
- {hash.SHA1, signature.ECDSA},
- },
- insecureHashes: true,
- err: nil,
- },
- "OnlyInsecureHashAlgorithm": {
- input: []tls.SignatureScheme{
- tls.ECDSAWithSHA1, // Insecure
- },
- insecureHashes: false,
- err: errNoAvailableSignatureSchemes,
- },
- }
-
- for name, testCase := range cases {
- testCase := testCase
- t.Run(name, func(t *testing.T) {
- output, err := ParseSignatureSchemes(testCase.input, testCase.insecureHashes)
- if testCase.err != nil && !xerrors.Is(err, testCase.err) {
- t.Fatalf("Expected error: %v, got: %v", testCase.err, err)
- }
- if !reflect.DeepEqual(testCase.expected, output) {
- t.Errorf("Expected signatureHashAlgorithm:\n%+v\ngot:\n%+v", testCase.expected, output)
- }
- })
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/alert/alert.go b/dtls-2.0.9/pkg/protocol/alert/alert.go
deleted file mode 100644
index 9eb2e6a..0000000
--- a/dtls-2.0.9/pkg/protocol/alert/alert.go
+++ /dev/null
@@ -1,160 +0,0 @@
-// Package alert implements TLS alert protocol https://tools.ietf.org/html/rfc5246#section-7.2
-package alert
-
-import (
- "errors"
- "fmt"
-
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-var errBufferTooSmall = &protocol.TemporaryError{Err: errors.New("buffer is too small")} //nolint:goerr113
-
-// Level is the level of the TLS Alert
-type Level byte
-
-// Level enums
-const (
- Warning Level = 1
- Fatal Level = 2
-)
-
-func (l Level) String() string {
- switch l {
- case Warning:
- return "Warning"
- case Fatal:
- return "Fatal"
- default:
- return "Invalid alert level"
- }
-}
-
-// Description is the extended info of the TLS Alert
-type Description byte
-
-// Description enums
-const (
- CloseNotify Description = 0
- UnexpectedMessage Description = 10
- BadRecordMac Description = 20
- DecryptionFailed Description = 21
- RecordOverflow Description = 22
- DecompressionFailure Description = 30
- HandshakeFailure Description = 40
- NoCertificate Description = 41
- BadCertificate Description = 42
- UnsupportedCertificate Description = 43
- CertificateRevoked Description = 44
- CertificateExpired Description = 45
- CertificateUnknown Description = 46
- IllegalParameter Description = 47
- UnknownCA Description = 48
- AccessDenied Description = 49
- DecodeError Description = 50
- DecryptError Description = 51
- ExportRestriction Description = 60
- ProtocolVersion Description = 70
- InsufficientSecurity Description = 71
- InternalError Description = 80
- UserCanceled Description = 90
- NoRenegotiation Description = 100
- UnsupportedExtension Description = 110
-)
-
-func (d Description) String() string {
- switch d {
- case CloseNotify:
- return "CloseNotify"
- case UnexpectedMessage:
- return "UnexpectedMessage"
- case BadRecordMac:
- return "BadRecordMac"
- case DecryptionFailed:
- return "DecryptionFailed"
- case RecordOverflow:
- return "RecordOverflow"
- case DecompressionFailure:
- return "DecompressionFailure"
- case HandshakeFailure:
- return "HandshakeFailure"
- case NoCertificate:
- return "NoCertificate"
- case BadCertificate:
- return "BadCertificate"
- case UnsupportedCertificate:
- return "UnsupportedCertificate"
- case CertificateRevoked:
- return "CertificateRevoked"
- case CertificateExpired:
- return "CertificateExpired"
- case CertificateUnknown:
- return "CertificateUnknown"
- case IllegalParameter:
- return "IllegalParameter"
- case UnknownCA:
- return "UnknownCA"
- case AccessDenied:
- return "AccessDenied"
- case DecodeError:
- return "DecodeError"
- case DecryptError:
- return "DecryptError"
- case ExportRestriction:
- return "ExportRestriction"
- case ProtocolVersion:
- return "ProtocolVersion"
- case InsufficientSecurity:
- return "InsufficientSecurity"
- case InternalError:
- return "InternalError"
- case UserCanceled:
- return "UserCanceled"
- case NoRenegotiation:
- return "NoRenegotiation"
- case UnsupportedExtension:
- return "UnsupportedExtension"
- default:
- return "Invalid alert description"
- }
-}
-
-// Alert is one of the content types supported by the TLS record layer.
-// Alert messages convey the severity of the message
-// (warning or fatal) and a description of the alert. Alert messages
-// with a level of fatal result in the immediate termination of the
-// connection. In this case, other connections corresponding to the
-// session may continue, but the session identifier MUST be invalidated,
-// preventing the failed session from being used to establish new
-// connections. Like other messages, alert messages are encrypted and
-// compressed, as specified by the current connection state.
-// https://tools.ietf.org/html/rfc5246#section-7.2
-type Alert struct {
- Level Level
- Description Description
-}
-
-// ContentType returns the ContentType of this Content
-func (a Alert) ContentType() protocol.ContentType {
- return protocol.ContentTypeAlert
-}
-
-// Marshal returns the encoded alert
-func (a *Alert) Marshal() ([]byte, error) {
- return []byte{byte(a.Level), byte(a.Description)}, nil
-}
-
-// Unmarshal populates the alert from binary data
-func (a *Alert) Unmarshal(data []byte) error {
- if len(data) != 2 {
- return errBufferTooSmall
- }
-
- a.Level = Level(data[0])
- a.Description = Description(data[1])
- return nil
-}
-
-func (a *Alert) String() string {
- return fmt.Sprintf("Alert %s: %s", a.Level, a.Description)
-}
diff --git a/dtls-2.0.9/pkg/protocol/alert/alert_test.go b/dtls-2.0.9/pkg/protocol/alert/alert_test.go
deleted file mode 100644
index d0a4c70..0000000
--- a/dtls-2.0.9/pkg/protocol/alert/alert_test.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package alert
-
-import (
- "errors"
- "reflect"
- "testing"
-)
-
-func TestAlert(t *testing.T) {
- for _, test := range []struct {
- Name string
- Data []byte
- Want *Alert
- WantUnmarshalError error
- }{
- {
- Name: "Valid Alert",
- Data: []byte{0x02, 0x0A},
- Want: &Alert{
- Level: Fatal,
- Description: UnexpectedMessage,
- },
- },
- {
- Name: "Invalid alert length",
- Data: []byte{0x00},
- Want: &Alert{},
- WantUnmarshalError: errBufferTooSmall,
- },
- } {
- a := &Alert{}
- if err := a.Unmarshal(test.Data); !errors.Is(err, test.WantUnmarshalError) {
- t.Errorf("Unexpected Error %v: exp: %v got: %v", test.Name, test.WantUnmarshalError, err)
- } else if !reflect.DeepEqual(test.Want, a) {
- t.Errorf("%q alert.unmarshal: got %v, want %v", test.Name, a, test.Want)
- }
-
- if test.WantUnmarshalError != nil {
- return
- }
-
- data, marshalErr := a.Marshal()
- if marshalErr != nil {
- t.Errorf("Unexpected Error %v: got: %v", test.Name, marshalErr)
- } else if !reflect.DeepEqual(test.Data, data) {
- t.Errorf("%q alert.marshal: got % 02x, want % 02x", test.Name, data, test.Data)
- }
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/application_data.go b/dtls-2.0.9/pkg/protocol/application_data.go
deleted file mode 100644
index e5fd6f5..0000000
--- a/dtls-2.0.9/pkg/protocol/application_data.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package protocol
-
-// ApplicationData messages are carried by the record layer and are
-// fragmented, compressed, and encrypted based on the current connection
-// state. The messages are treated as transparent data to the record
-// layer.
-// https://tools.ietf.org/html/rfc5246#section-10
-type ApplicationData struct {
- Data []byte
-}
-
-// ContentType returns the ContentType of this content
-func (a ApplicationData) ContentType() ContentType {
- return ContentTypeApplicationData
-}
-
-// Marshal encodes the ApplicationData to binary
-func (a *ApplicationData) Marshal() ([]byte, error) {
- return append([]byte{}, a.Data...), nil
-}
-
-// Unmarshal populates the ApplicationData from binary
-func (a *ApplicationData) Unmarshal(data []byte) error {
- a.Data = append([]byte{}, data...)
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/change_cipher_spec.go b/dtls-2.0.9/pkg/protocol/change_cipher_spec.go
deleted file mode 100644
index 67b0052..0000000
--- a/dtls-2.0.9/pkg/protocol/change_cipher_spec.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package protocol
-
-// ChangeCipherSpec protocol exists to signal transitions in
-// ciphering strategies. The protocol consists of a single message,
-// which is encrypted and compressed under the current (not the pending)
-// connection state. The message consists of a single byte of value 1.
-// https://tools.ietf.org/html/rfc5246#section-7.1
-type ChangeCipherSpec struct {
-}
-
-// ContentType returns the ContentType of this content
-func (c ChangeCipherSpec) ContentType() ContentType {
- return ContentTypeChangeCipherSpec
-}
-
-// Marshal encodes the ChangeCipherSpec to binary
-func (c *ChangeCipherSpec) Marshal() ([]byte, error) {
- return []byte{0x01}, nil
-}
-
-// Unmarshal populates the ChangeCipherSpec from binary
-func (c *ChangeCipherSpec) Unmarshal(data []byte) error {
- if len(data) == 1 && data[0] == 0x01 {
- return nil
- }
-
- return errInvalidCipherSpec
-}
diff --git a/dtls-2.0.9/pkg/protocol/change_cipher_spec_test.go b/dtls-2.0.9/pkg/protocol/change_cipher_spec_test.go
deleted file mode 100644
index 9c862a0..0000000
--- a/dtls-2.0.9/pkg/protocol/change_cipher_spec_test.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package protocol
-
-import (
- "errors"
- "reflect"
- "testing"
-)
-
-func TestChangeCipherSpecRoundTrip(t *testing.T) {
- c := ChangeCipherSpec{}
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- }
-
- var cNew ChangeCipherSpec
- if err := cNew.Unmarshal(raw); err != nil {
- t.Error(err)
- }
-
- if !reflect.DeepEqual(c, cNew) {
- t.Errorf("ChangeCipherSpec round trip: got %#v, want %#v", cNew, c)
- }
-}
-
-func TestChangeCipherSpecInvalid(t *testing.T) {
- c := ChangeCipherSpec{}
- if err := c.Unmarshal([]byte{0x00}); !errors.Is(err, errInvalidCipherSpec) {
- t.Errorf("ChangeCipherSpec invalid assert: got %#v, want %#v", err, errInvalidCipherSpec)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/compression_method.go b/dtls-2.0.9/pkg/protocol/compression_method.go
deleted file mode 100644
index 678e816..0000000
--- a/dtls-2.0.9/pkg/protocol/compression_method.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package protocol
-
-// CompressionMethodID is the ID for a CompressionMethod
-type CompressionMethodID byte
-
-const (
- compressionMethodNull CompressionMethodID = 0
-)
-
-// CompressionMethod represents a TLS Compression Method
-type CompressionMethod struct {
- ID CompressionMethodID
-}
-
-// CompressionMethods returns all supported CompressionMethods
-func CompressionMethods() map[CompressionMethodID]*CompressionMethod {
- return map[CompressionMethodID]*CompressionMethod{
- compressionMethodNull: {ID: compressionMethodNull},
- }
-}
-
-// DecodeCompressionMethods the given compression methods
-func DecodeCompressionMethods(buf []byte) ([]*CompressionMethod, error) {
- if len(buf) < 1 {
- return nil, errBufferTooSmall
- }
- compressionMethodsCount := int(buf[0])
- c := []*CompressionMethod{}
- for i := 0; i < compressionMethodsCount; i++ {
- if len(buf) <= i+1 {
- return nil, errBufferTooSmall
- }
- id := CompressionMethodID(buf[i+1])
- if compressionMethod, ok := CompressionMethods()[id]; ok {
- c = append(c, compressionMethod)
- }
- }
- return c, nil
-}
-
-// EncodeCompressionMethods the given compression methods
-func EncodeCompressionMethods(c []*CompressionMethod) []byte {
- out := []byte{byte(len(c))}
- for i := len(c); i > 0; i-- {
- out = append(out, byte(c[i-1].ID))
- }
- return out
-}
diff --git a/dtls-2.0.9/pkg/protocol/compression_method_test.go b/dtls-2.0.9/pkg/protocol/compression_method_test.go
deleted file mode 100644
index 5121dfc..0000000
--- a/dtls-2.0.9/pkg/protocol/compression_method_test.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package protocol
-
-import (
- "errors"
- "testing"
-)
-
-func TestDecodeCompressionMethods(t *testing.T) {
- testCases := []struct {
- buf []byte
- result []*CompressionMethod
- err error
- }{
- {[]byte{}, nil, errBufferTooSmall},
- }
-
- for _, testCase := range testCases {
- _, err := DecodeCompressionMethods(testCase.buf)
- if !errors.Is(err, testCase.err) {
- t.Fatal("Unexpected error", err)
- }
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/content.go b/dtls-2.0.9/pkg/protocol/content.go
deleted file mode 100644
index 47e5c96..0000000
--- a/dtls-2.0.9/pkg/protocol/content.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package protocol
-
-// ContentType represents the IANA Registered ContentTypes
-//
-// https://tools.ietf.org/html/rfc4346#section-6.2.1
-type ContentType uint8
-
-// ContentType enums
-const (
- ContentTypeChangeCipherSpec ContentType = 20
- ContentTypeAlert ContentType = 21
- ContentTypeHandshake ContentType = 22
- ContentTypeApplicationData ContentType = 23
-)
-
-// Content is the top level distinguisher for a DTLS Datagram
-type Content interface {
- ContentType() ContentType
- Marshal() ([]byte, error)
- Unmarshal(data []byte) error
-}
diff --git a/dtls-2.0.9/pkg/protocol/errors.go b/dtls-2.0.9/pkg/protocol/errors.go
deleted file mode 100644
index e52014a..0000000
--- a/dtls-2.0.9/pkg/protocol/errors.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package protocol
-
-import (
- "errors"
- "fmt"
- "net"
-)
-
-var (
- errBufferTooSmall = &TemporaryError{Err: errors.New("buffer is too small")} //nolint:goerr113
- errInvalidCipherSpec = &FatalError{Err: errors.New("cipher spec invalid")} //nolint:goerr113
-)
-
-// FatalError indicates that the DTLS connection is no longer available.
-// It is mainly caused by wrong configuration of server or client.
-type FatalError struct {
- Err error
-}
-
-// InternalError indicates and internal error caused by the implementation, and the DTLS connection is no longer available.
-// It is mainly caused by bugs or tried to use unimplemented features.
-type InternalError struct {
- Err error
-}
-
-// TemporaryError indicates that the DTLS connection is still available, but the request was failed temporary.
-type TemporaryError struct {
- Err error
-}
-
-// TimeoutError indicates that the request was timed out.
-type TimeoutError struct {
- Err error
-}
-
-// HandshakeError indicates that the handshake failed.
-type HandshakeError struct {
- Err error
-}
-
-// Timeout implements net.Error.Timeout()
-func (*FatalError) Timeout() bool { return false }
-
-// Temporary implements net.Error.Temporary()
-func (*FatalError) Temporary() bool { return false }
-
-// Unwrap implements Go1.13 error unwrapper.
-func (e *FatalError) Unwrap() error { return e.Err }
-
-func (e *FatalError) Error() string { return fmt.Sprintf("dtls fatal: %v", e.Err) }
-
-// Timeout implements net.Error.Timeout()
-func (*InternalError) Timeout() bool { return false }
-
-// Temporary implements net.Error.Temporary()
-func (*InternalError) Temporary() bool { return false }
-
-// Unwrap implements Go1.13 error unwrapper.
-func (e *InternalError) Unwrap() error { return e.Err }
-
-func (e *InternalError) Error() string { return fmt.Sprintf("dtls internal: %v", e.Err) }
-
-// Timeout implements net.Error.Timeout()
-func (*TemporaryError) Timeout() bool { return false }
-
-// Temporary implements net.Error.Temporary()
-func (*TemporaryError) Temporary() bool { return true }
-
-// Unwrap implements Go1.13 error unwrapper.
-func (e *TemporaryError) Unwrap() error { return e.Err }
-
-func (e *TemporaryError) Error() string { return fmt.Sprintf("dtls temporary: %v", e.Err) }
-
-// Timeout implements net.Error.Timeout()
-func (*TimeoutError) Timeout() bool { return true }
-
-// Temporary implements net.Error.Temporary()
-func (*TimeoutError) Temporary() bool { return true }
-
-// Unwrap implements Go1.13 error unwrapper.
-func (e *TimeoutError) Unwrap() error { return e.Err }
-
-func (e *TimeoutError) Error() string { return fmt.Sprintf("dtls timeout: %v", e.Err) }
-
-// Timeout implements net.Error.Timeout()
-func (e *HandshakeError) Timeout() bool {
- if netErr, ok := e.Err.(net.Error); ok {
- return netErr.Timeout()
- }
- return false
-}
-
-// Temporary implements net.Error.Temporary()
-func (e *HandshakeError) Temporary() bool {
- if netErr, ok := e.Err.(net.Error); ok {
- return netErr.Temporary()
- }
- return false
-}
-
-// Unwrap implements Go1.13 error unwrapper.
-func (e *HandshakeError) Unwrap() error { return e.Err }
-
-func (e *HandshakeError) Error() string { return fmt.Sprintf("handshake error: %v", e.Err) }
diff --git a/dtls-2.0.9/pkg/protocol/extension/errors.go b/dtls-2.0.9/pkg/protocol/extension/errors.go
deleted file mode 100644
index 23ed9b2..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/errors.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package extension
-
-import (
- "errors"
-
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-var (
- errBufferTooSmall = &protocol.TemporaryError{Err: errors.New("buffer is too small")} //nolint:goerr113
- errInvalidExtensionType = &protocol.FatalError{Err: errors.New("invalid extension type")} //nolint:goerr113
- errInvalidSNIFormat = &protocol.FatalError{Err: errors.New("invalid server name format")} //nolint:goerr113
- errLengthMismatch = &protocol.InternalError{Err: errors.New("data length and declared length do not match")} //nolint:goerr113
-)
diff --git a/dtls-2.0.9/pkg/protocol/extension/extension.go b/dtls-2.0.9/pkg/protocol/extension/extension.go
deleted file mode 100644
index 39b1fc8..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/extension.go
+++ /dev/null
@@ -1,96 +0,0 @@
-// Package extension implements the extension values in the ClientHello/ServerHello
-package extension
-
-import "encoding/binary"
-
-// TypeValue is the 2 byte value for a TLS Extension as registered in the IANA
-//
-// https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
-type TypeValue uint16
-
-// TypeValue constants
-const (
- ServerNameTypeValue TypeValue = 0
- SupportedEllipticCurvesTypeValue TypeValue = 10
- SupportedPointFormatsTypeValue TypeValue = 11
- SupportedSignatureAlgorithmsTypeValue TypeValue = 13
- UseSRTPTypeValue TypeValue = 14
- UseExtendedMasterSecretTypeValue TypeValue = 23
- RenegotiationInfoTypeValue TypeValue = 65281
-)
-
-// Extension represents a single TLS extension
-type Extension interface {
- Marshal() ([]byte, error)
- Unmarshal(data []byte) error
- TypeValue() TypeValue
-}
-
-// Unmarshal many extensions at once
-func Unmarshal(buf []byte) ([]Extension, error) {
- switch {
- case len(buf) == 0:
- return []Extension{}, nil
- case len(buf) < 2:
- return nil, errBufferTooSmall
- }
-
- declaredLen := binary.BigEndian.Uint16(buf)
- if len(buf)-2 != int(declaredLen) {
- return nil, errLengthMismatch
- }
-
- extensions := []Extension{}
- unmarshalAndAppend := func(data []byte, e Extension) error {
- err := e.Unmarshal(data)
- if err != nil {
- return err
- }
- extensions = append(extensions, e)
- return nil
- }
-
- for offset := 2; offset < len(buf); {
- if len(buf) < (offset + 2) {
- return nil, errBufferTooSmall
- }
- var err error
- switch TypeValue(binary.BigEndian.Uint16(buf[offset:])) {
- case ServerNameTypeValue:
- err = unmarshalAndAppend(buf[offset:], &ServerName{})
- case SupportedEllipticCurvesTypeValue:
- err = unmarshalAndAppend(buf[offset:], &SupportedEllipticCurves{})
- case UseSRTPTypeValue:
- err = unmarshalAndAppend(buf[offset:], &UseSRTP{})
- case UseExtendedMasterSecretTypeValue:
- err = unmarshalAndAppend(buf[offset:], &UseExtendedMasterSecret{})
- case RenegotiationInfoTypeValue:
- err = unmarshalAndAppend(buf[offset:], &RenegotiationInfo{})
- default:
- }
- if err != nil {
- return nil, err
- }
- if len(buf) < (offset + 4) {
- return nil, errBufferTooSmall
- }
- extensionLength := binary.BigEndian.Uint16(buf[offset+2:])
- offset += (4 + int(extensionLength))
- }
- return extensions, nil
-}
-
-// Marshal many extensions at once
-func Marshal(e []Extension) ([]byte, error) {
- extensions := []byte{}
- for _, e := range e {
- raw, err := e.Marshal()
- if err != nil {
- return nil, err
- }
- extensions = append(extensions, raw...)
- }
- out := []byte{0x00, 0x00}
- binary.BigEndian.PutUint16(out, uint16(len(extensions)))
- return append(out, extensions...), nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/extension_test.go b/dtls-2.0.9/pkg/protocol/extension/extension_test.go
deleted file mode 100644
index 3617c27..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/extension_test.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package extension
-
-import (
- "errors"
- "testing"
-)
-
-func TestExtensions(t *testing.T) {
- t.Run("Zero", func(t *testing.T) {
- extensions, err := Unmarshal([]byte{})
- if err != nil || len(extensions) != 0 {
- t.Fatal("Failed to decode zero extensions")
- }
- })
-
- t.Run("Invalid", func(t *testing.T) {
- extensions, err := Unmarshal([]byte{0x00})
- if !errors.Is(err, errBufferTooSmall) || len(extensions) != 0 {
- t.Fatal("Failed to error on invalid extension")
- }
- })
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/renegotiation_info.go b/dtls-2.0.9/pkg/protocol/extension/renegotiation_info.go
deleted file mode 100644
index 8378c3d..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/renegotiation_info.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package extension
-
-import "encoding/binary"
-
-const (
- renegotiationInfoHeaderSize = 5
-)
-
-// RenegotiationInfo allows a Client/Server to
-// communicate their renegotation support
-//
-// https://tools.ietf.org/html/rfc5746
-type RenegotiationInfo struct {
- RenegotiatedConnection uint8
-}
-
-// TypeValue returns the extension TypeValue
-func (r RenegotiationInfo) TypeValue() TypeValue {
- return RenegotiationInfoTypeValue
-}
-
-// Marshal encodes the extension
-func (r *RenegotiationInfo) Marshal() ([]byte, error) {
- out := make([]byte, renegotiationInfoHeaderSize)
-
- binary.BigEndian.PutUint16(out, uint16(r.TypeValue()))
- binary.BigEndian.PutUint16(out[2:], uint16(1)) // length
- out[4] = r.RenegotiatedConnection
- return out, nil
-}
-
-// Unmarshal populates the extension from encoded data
-func (r *RenegotiationInfo) Unmarshal(data []byte) error {
- if len(data) < renegotiationInfoHeaderSize {
- return errBufferTooSmall
- } else if TypeValue(binary.BigEndian.Uint16(data)) != r.TypeValue() {
- return errInvalidExtensionType
- }
-
- r.RenegotiatedConnection = data[4]
-
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/renegotiation_info_test.go b/dtls-2.0.9/pkg/protocol/extension/renegotiation_info_test.go
deleted file mode 100644
index 0b86125..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/renegotiation_info_test.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package extension
-
-import "testing"
-
-func TestRenegotiationInfo(t *testing.T) {
- extension := RenegotiationInfo{RenegotiatedConnection: 0}
-
- raw, err := extension.Marshal()
- if err != nil {
- t.Fatal(err)
- }
-
- newExtension := RenegotiationInfo{}
- err = newExtension.Unmarshal(raw)
- if err != nil {
- t.Fatal(err)
- }
-
- if newExtension.RenegotiatedConnection != extension.RenegotiatedConnection {
- t.Errorf("extensionRenegotiationInfo marshal: got %d expected %d", newExtension.RenegotiatedConnection, extension.RenegotiatedConnection)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/server_name.go b/dtls-2.0.9/pkg/protocol/extension/server_name.go
deleted file mode 100644
index a08033f..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/server_name.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package extension
-
-import (
- "strings"
-
- "golang.org/x/crypto/cryptobyte"
-)
-
-const serverNameTypeDNSHostName = 0
-
-// ServerName allows the client to inform the server the specific
-// name it wishs to contact. Useful if multiple DNS names resolve
-// to one IP
-//
-// https://tools.ietf.org/html/rfc6066#section-3
-type ServerName struct {
- ServerName string
-}
-
-// TypeValue returns the extension TypeValue
-func (s ServerName) TypeValue() TypeValue {
- return ServerNameTypeValue
-}
-
-// Marshal encodes the extension
-func (s *ServerName) Marshal() ([]byte, error) {
- var b cryptobyte.Builder
- b.AddUint16(uint16(s.TypeValue()))
- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
- b.AddUint8(serverNameTypeDNSHostName)
- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
- b.AddBytes([]byte(s.ServerName))
- })
- })
- })
- return b.Bytes()
-}
-
-// Unmarshal populates the extension from encoded data
-func (s *ServerName) Unmarshal(data []byte) error {
- val := cryptobyte.String(data)
- var extension uint16
- val.ReadUint16(&extension)
- if TypeValue(extension) != s.TypeValue() {
- return errInvalidExtensionType
- }
-
- var extData cryptobyte.String
- val.ReadUint16LengthPrefixed(&extData)
-
- var nameList cryptobyte.String
- if !extData.ReadUint16LengthPrefixed(&nameList) || nameList.Empty() {
- return errInvalidSNIFormat
- }
- for !nameList.Empty() {
- var nameType uint8
- var serverName cryptobyte.String
- if !nameList.ReadUint8(&nameType) ||
- !nameList.ReadUint16LengthPrefixed(&serverName) ||
- serverName.Empty() {
- return errInvalidSNIFormat
- }
- if nameType != serverNameTypeDNSHostName {
- continue
- }
- if len(s.ServerName) != 0 {
- // Multiple names of the same name_type are prohibited.
- return errInvalidSNIFormat
- }
- s.ServerName = string(serverName)
- // An SNI value may not include a trailing dot.
- if strings.HasSuffix(s.ServerName, ".") {
- return errInvalidSNIFormat
- }
- }
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/server_name_test.go b/dtls-2.0.9/pkg/protocol/extension/server_name_test.go
deleted file mode 100644
index 4a3e3ae..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/server_name_test.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package extension
-
-import "testing"
-
-func TestServerName(t *testing.T) {
- extension := ServerName{ServerName: "test.domain"}
-
- raw, err := extension.Marshal()
- if err != nil {
- t.Fatal(err)
- }
-
- newExtension := ServerName{}
- err = newExtension.Unmarshal(raw)
- if err != nil {
- t.Fatal(err)
- }
-
- if newExtension.ServerName != extension.ServerName {
- t.Errorf("extensionServerName marshal: got %s expected %s", newExtension.ServerName, extension.ServerName)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/srtp_protection_profile.go b/dtls-2.0.9/pkg/protocol/extension/srtp_protection_profile.go
deleted file mode 100644
index 2c4d1d4..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/srtp_protection_profile.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package extension
-
-// SRTPProtectionProfile defines the parameters and options that are in effect for the SRTP processing
-// https://tools.ietf.org/html/rfc5764#section-4.1.2
-type SRTPProtectionProfile uint16
-
-const (
- SRTP_AES128_CM_HMAC_SHA1_80 SRTPProtectionProfile = 0x0001 // nolint
- SRTP_AES128_CM_HMAC_SHA1_32 SRTPProtectionProfile = 0x0002 // nolint
- SRTP_AEAD_AES_128_GCM SRTPProtectionProfile = 0x0007 // nolint
- SRTP_AEAD_AES_256_GCM SRTPProtectionProfile = 0x0008 // nolint
-)
-
-func srtpProtectionProfiles() map[SRTPProtectionProfile]bool {
- return map[SRTPProtectionProfile]bool{
- SRTP_AES128_CM_HMAC_SHA1_80: true,
- SRTP_AES128_CM_HMAC_SHA1_32: true,
- SRTP_AEAD_AES_128_GCM: true,
- SRTP_AEAD_AES_256_GCM: true,
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/supported_elliptic_curves.go b/dtls-2.0.9/pkg/protocol/extension/supported_elliptic_curves.go
deleted file mode 100644
index 8f077fc..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/supported_elliptic_curves.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package extension
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
-)
-
-const (
- supportedGroupsHeaderSize = 6
-)
-
-// SupportedEllipticCurves allows a Client/Server to communicate
-// what curves they both support
-//
-// https://tools.ietf.org/html/rfc8422#section-5.1.1
-type SupportedEllipticCurves struct {
- EllipticCurves []elliptic.Curve
-}
-
-// TypeValue returns the extension TypeValue
-func (s SupportedEllipticCurves) TypeValue() TypeValue {
- return SupportedEllipticCurvesTypeValue
-}
-
-// Marshal encodes the extension
-func (s *SupportedEllipticCurves) Marshal() ([]byte, error) {
- out := make([]byte, supportedGroupsHeaderSize)
-
- binary.BigEndian.PutUint16(out, uint16(s.TypeValue()))
- binary.BigEndian.PutUint16(out[2:], uint16(2+(len(s.EllipticCurves)*2)))
- binary.BigEndian.PutUint16(out[4:], uint16(len(s.EllipticCurves)*2))
-
- for _, v := range s.EllipticCurves {
- out = append(out, []byte{0x00, 0x00}...)
- binary.BigEndian.PutUint16(out[len(out)-2:], uint16(v))
- }
-
- return out, nil
-}
-
-// Unmarshal populates the extension from encoded data
-func (s *SupportedEllipticCurves) Unmarshal(data []byte) error {
- if len(data) <= supportedGroupsHeaderSize {
- return errBufferTooSmall
- } else if TypeValue(binary.BigEndian.Uint16(data)) != s.TypeValue() {
- return errInvalidExtensionType
- }
-
- groupCount := int(binary.BigEndian.Uint16(data[4:]) / 2)
- if supportedGroupsHeaderSize+(groupCount*2) > len(data) {
- return errLengthMismatch
- }
-
- for i := 0; i < groupCount; i++ {
- supportedGroupID := elliptic.Curve(binary.BigEndian.Uint16(data[(supportedGroupsHeaderSize + (i * 2)):]))
- if _, ok := elliptic.Curves()[supportedGroupID]; ok {
- s.EllipticCurves = append(s.EllipticCurves, supportedGroupID)
- }
- }
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/supported_elliptic_curves_test.go b/dtls-2.0.9/pkg/protocol/extension/supported_elliptic_curves_test.go
deleted file mode 100644
index c5a35d0..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/supported_elliptic_curves_test.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package extension
-
-import (
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
-)
-
-func TestExtensionSupportedGroups(t *testing.T) {
- rawSupportedGroups := []byte{0x0, 0xa, 0x0, 0x4, 0x0, 0x2, 0x0, 0x1d}
- parsedSupportedGroups := &SupportedEllipticCurves{
- EllipticCurves: []elliptic.Curve{elliptic.X25519},
- }
-
- raw, err := parsedSupportedGroups.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawSupportedGroups) {
- t.Errorf("extensionSupportedGroups marshal: got %#v, want %#v", raw, rawSupportedGroups)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/supported_point_formats.go b/dtls-2.0.9/pkg/protocol/extension/supported_point_formats.go
deleted file mode 100644
index 873d078..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/supported_point_formats.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package extension
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
-)
-
-const (
- supportedPointFormatsSize = 5
-)
-
-// SupportedPointFormats allows a Client/Server to negotiate
-// the EllipticCurvePointFormats
-//
-// https://tools.ietf.org/html/rfc4492#section-5.1.2
-type SupportedPointFormats struct {
- PointFormats []elliptic.CurvePointFormat
-}
-
-// TypeValue returns the extension TypeValue
-func (s SupportedPointFormats) TypeValue() TypeValue {
- return SupportedPointFormatsTypeValue
-}
-
-// Marshal encodes the extension
-func (s *SupportedPointFormats) Marshal() ([]byte, error) {
- out := make([]byte, supportedPointFormatsSize)
-
- binary.BigEndian.PutUint16(out, uint16(s.TypeValue()))
- binary.BigEndian.PutUint16(out[2:], uint16(1+(len(s.PointFormats))))
- out[4] = byte(len(s.PointFormats))
-
- for _, v := range s.PointFormats {
- out = append(out, byte(v))
- }
- return out, nil
-}
-
-// Unmarshal populates the extension from encoded data
-func (s *SupportedPointFormats) Unmarshal(data []byte) error {
- if len(data) <= supportedPointFormatsSize {
- return errBufferTooSmall
- } else if TypeValue(binary.BigEndian.Uint16(data)) != s.TypeValue() {
- return errInvalidExtensionType
- }
-
- pointFormatCount := int(binary.BigEndian.Uint16(data[4:]))
- if supportedGroupsHeaderSize+(pointFormatCount) > len(data) {
- return errLengthMismatch
- }
-
- for i := 0; i < pointFormatCount; i++ {
- p := elliptic.CurvePointFormat(data[supportedPointFormatsSize+i])
- switch p {
- case elliptic.CurvePointFormatUncompressed:
- s.PointFormats = append(s.PointFormats, p)
- default:
- }
- }
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/supported_point_formats_test.go b/dtls-2.0.9/pkg/protocol/extension/supported_point_formats_test.go
deleted file mode 100644
index 86dfc1b..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/supported_point_formats_test.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package extension
-
-import (
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
-)
-
-func TestExtensionSupportedPointFormats(t *testing.T) {
- rawExtensionSupportedPointFormats := []byte{0x00, 0x0b, 0x00, 0x02, 0x01, 0x00}
- parsedExtensionSupportedPointFormats := &SupportedPointFormats{
- PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
- }
-
- raw, err := parsedExtensionSupportedPointFormats.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawExtensionSupportedPointFormats) {
- t.Errorf("extensionSupportedPointFormats marshal: got %#v, want %#v", raw, rawExtensionSupportedPointFormats)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/supported_signature_algorithms.go b/dtls-2.0.9/pkg/protocol/extension/supported_signature_algorithms.go
deleted file mode 100644
index ee284f6..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/supported_signature_algorithms.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package extension
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
-)
-
-const (
- supportedSignatureAlgorithmsHeaderSize = 6
-)
-
-// SupportedSignatureAlgorithms allows a Client/Server to
-// negotiate what SignatureHash Algorithms they both support
-//
-// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
-type SupportedSignatureAlgorithms struct {
- SignatureHashAlgorithms []signaturehash.Algorithm
-}
-
-// TypeValue returns the extension TypeValue
-func (s SupportedSignatureAlgorithms) TypeValue() TypeValue {
- return SupportedSignatureAlgorithmsTypeValue
-}
-
-// Marshal encodes the extension
-func (s *SupportedSignatureAlgorithms) Marshal() ([]byte, error) {
- out := make([]byte, supportedSignatureAlgorithmsHeaderSize)
-
- binary.BigEndian.PutUint16(out, uint16(s.TypeValue()))
- binary.BigEndian.PutUint16(out[2:], uint16(2+(len(s.SignatureHashAlgorithms)*2)))
- binary.BigEndian.PutUint16(out[4:], uint16(len(s.SignatureHashAlgorithms)*2))
- for _, v := range s.SignatureHashAlgorithms {
- out = append(out, []byte{0x00, 0x00}...)
- out[len(out)-2] = byte(v.Hash)
- out[len(out)-1] = byte(v.Signature)
- }
-
- return out, nil
-}
-
-// Unmarshal populates the extension from encoded data
-func (s *SupportedSignatureAlgorithms) Unmarshal(data []byte) error {
- if len(data) <= supportedSignatureAlgorithmsHeaderSize {
- return errBufferTooSmall
- } else if TypeValue(binary.BigEndian.Uint16(data)) != s.TypeValue() {
- return errInvalidExtensionType
- }
-
- algorithmCount := int(binary.BigEndian.Uint16(data[4:]) / 2)
- if supportedSignatureAlgorithmsHeaderSize+(algorithmCount*2) > len(data) {
- return errLengthMismatch
- }
- for i := 0; i < algorithmCount; i++ {
- supportedHashAlgorithm := hash.Algorithm(data[supportedSignatureAlgorithmsHeaderSize+(i*2)])
- supportedSignatureAlgorithm := signature.Algorithm(data[supportedSignatureAlgorithmsHeaderSize+(i*2)+1])
- if _, ok := hash.Algorithms()[supportedHashAlgorithm]; ok {
- if _, ok := signature.Algorithms()[supportedSignatureAlgorithm]; ok {
- s.SignatureHashAlgorithms = append(s.SignatureHashAlgorithms, signaturehash.Algorithm{
- Hash: supportedHashAlgorithm,
- Signature: supportedSignatureAlgorithm,
- })
- }
- }
- }
-
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/supported_signature_algorithms_test.go b/dtls-2.0.9/pkg/protocol/extension/supported_signature_algorithms_test.go
deleted file mode 100644
index 52200ce..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/supported_signature_algorithms_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package extension
-
-import (
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
-)
-
-func TestExtensionSupportedSignatureAlgorithms(t *testing.T) {
- rawExtensionSupportedSignatureAlgorithms := []byte{
- 0x00, 0x0d,
- 0x00, 0x08,
- 0x00, 0x06,
- 0x04, 0x03,
- 0x05, 0x03,
- 0x06, 0x03,
- }
- parsedExtensionSupportedSignatureAlgorithms := &SupportedSignatureAlgorithms{
- SignatureHashAlgorithms: []signaturehash.Algorithm{
- {Hash: hash.SHA256, Signature: signature.ECDSA},
- {Hash: hash.SHA384, Signature: signature.ECDSA},
- {Hash: hash.SHA512, Signature: signature.ECDSA},
- },
- }
-
- raw, err := parsedExtensionSupportedSignatureAlgorithms.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawExtensionSupportedSignatureAlgorithms) {
- t.Errorf("extensionSupportedSignatureAlgorithms marshal: got %#v, want %#v", raw, rawExtensionSupportedSignatureAlgorithms)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/use_master_secret.go b/dtls-2.0.9/pkg/protocol/extension/use_master_secret.go
deleted file mode 100644
index 04ddc95..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/use_master_secret.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package extension
-
-import "encoding/binary"
-
-const (
- useExtendedMasterSecretHeaderSize = 4
-)
-
-// UseExtendedMasterSecret defines a TLS extension that contextually binds the
-// master secret to a log of the full handshake that computes it, thus
-// preventing MITM attacks.
-type UseExtendedMasterSecret struct {
- Supported bool
-}
-
-// TypeValue returns the extension TypeValue
-func (u UseExtendedMasterSecret) TypeValue() TypeValue {
- return UseExtendedMasterSecretTypeValue
-}
-
-// Marshal encodes the extension
-func (u *UseExtendedMasterSecret) Marshal() ([]byte, error) {
- if !u.Supported {
- return []byte{}, nil
- }
-
- out := make([]byte, useExtendedMasterSecretHeaderSize)
-
- binary.BigEndian.PutUint16(out, uint16(u.TypeValue()))
- binary.BigEndian.PutUint16(out[2:], uint16(0)) // length
- return out, nil
-}
-
-// Unmarshal populates the extension from encoded data
-func (u *UseExtendedMasterSecret) Unmarshal(data []byte) error {
- if len(data) < useExtendedMasterSecretHeaderSize {
- return errBufferTooSmall
- } else if TypeValue(binary.BigEndian.Uint16(data)) != u.TypeValue() {
- return errInvalidExtensionType
- }
-
- u.Supported = true
-
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/use_srtp.go b/dtls-2.0.9/pkg/protocol/extension/use_srtp.go
deleted file mode 100644
index 729fa3a..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/use_srtp.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package extension
-
-import "encoding/binary"
-
-const (
- useSRTPHeaderSize = 6
-)
-
-// UseSRTP allows a Client/Server to negotiate what SRTPProtectionProfiles
-// they both support
-//
-// https://tools.ietf.org/html/rfc8422
-type UseSRTP struct {
- ProtectionProfiles []SRTPProtectionProfile
-}
-
-// TypeValue returns the extension TypeValue
-func (u UseSRTP) TypeValue() TypeValue {
- return UseSRTPTypeValue
-}
-
-// Marshal encodes the extension
-func (u *UseSRTP) Marshal() ([]byte, error) {
- out := make([]byte, useSRTPHeaderSize)
-
- binary.BigEndian.PutUint16(out, uint16(u.TypeValue()))
- binary.BigEndian.PutUint16(out[2:], uint16(2+(len(u.ProtectionProfiles)*2)+ /* MKI Length */ 1))
- binary.BigEndian.PutUint16(out[4:], uint16(len(u.ProtectionProfiles)*2))
-
- for _, v := range u.ProtectionProfiles {
- out = append(out, []byte{0x00, 0x00}...)
- binary.BigEndian.PutUint16(out[len(out)-2:], uint16(v))
- }
-
- out = append(out, 0x00) /* MKI Length */
- return out, nil
-}
-
-// Unmarshal populates the extension from encoded data
-func (u *UseSRTP) Unmarshal(data []byte) error {
- if len(data) <= useSRTPHeaderSize {
- return errBufferTooSmall
- } else if TypeValue(binary.BigEndian.Uint16(data)) != u.TypeValue() {
- return errInvalidExtensionType
- }
-
- profileCount := int(binary.BigEndian.Uint16(data[4:]) / 2)
- if supportedGroupsHeaderSize+(profileCount*2) > len(data) {
- return errLengthMismatch
- }
-
- for i := 0; i < profileCount; i++ {
- supportedProfile := SRTPProtectionProfile(binary.BigEndian.Uint16(data[(useSRTPHeaderSize + (i * 2)):]))
- if _, ok := srtpProtectionProfiles()[supportedProfile]; ok {
- u.ProtectionProfiles = append(u.ProtectionProfiles, supportedProfile)
- }
- }
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/extension/use_srtp_test.go b/dtls-2.0.9/pkg/protocol/extension/use_srtp_test.go
deleted file mode 100644
index 36a5d68..0000000
--- a/dtls-2.0.9/pkg/protocol/extension/use_srtp_test.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package extension
-
-import (
- "reflect"
- "testing"
-)
-
-func TestExtensionUseSRTP(t *testing.T) {
- rawUseSRTP := []byte{0x00, 0x0e, 0x00, 0x05, 0x00, 0x02, 0x00, 0x01, 0x00}
- parsedUseSRTP := &UseSRTP{
- ProtectionProfiles: []SRTPProtectionProfile{SRTP_AES128_CM_HMAC_SHA1_80},
- }
-
- raw, err := parsedUseSRTP.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawUseSRTP) {
- t.Errorf("extensionUseSRTP marshal: got %#v, want %#v", raw, rawUseSRTP)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/cipher_suite.go b/dtls-2.0.9/pkg/protocol/handshake/cipher_suite.go
deleted file mode 100644
index e8fbdea..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/cipher_suite.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package handshake
-
-import "encoding/binary"
-
-func decodeCipherSuiteIDs(buf []byte) ([]uint16, error) {
- if len(buf) < 2 {
- return nil, errBufferTooSmall
- }
- cipherSuitesCount := int(binary.BigEndian.Uint16(buf[0:])) / 2
- rtrn := make([]uint16, cipherSuitesCount)
- for i := 0; i < cipherSuitesCount; i++ {
- if len(buf) < (i*2 + 4) {
- return nil, errBufferTooSmall
- }
-
- rtrn[i] = binary.BigEndian.Uint16(buf[(i*2)+2:])
- }
- return rtrn, nil
-}
-
-func encodeCipherSuiteIDs(cipherSuiteIDs []uint16) []byte {
- out := []byte{0x00, 0x00}
- binary.BigEndian.PutUint16(out[len(out)-2:], uint16(len(cipherSuiteIDs)*2))
- for _, id := range cipherSuiteIDs {
- out = append(out, []byte{0x00, 0x00}...)
- binary.BigEndian.PutUint16(out[len(out)-2:], id)
- }
- return out
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/cipher_suite_test.go b/dtls-2.0.9/pkg/protocol/handshake/cipher_suite_test.go
deleted file mode 100644
index 9197255..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/cipher_suite_test.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package handshake
-
-import (
- "errors"
- "testing"
-)
-
-func TestDecodeCipherSuiteIDs(t *testing.T) {
- testCases := []struct {
- buf []byte
- result []uint16
- err error
- }{
- {[]byte{}, nil, errBufferTooSmall},
- }
-
- for _, testCase := range testCases {
- _, err := decodeCipherSuiteIDs(testCase.buf)
- if !errors.Is(err, testCase.err) {
- t.Fatal("Unexpected error", err)
- }
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/errors.go b/dtls-2.0.9/pkg/protocol/handshake/errors.go
deleted file mode 100644
index ac77c04..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/errors.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package handshake
-
-import (
- "errors"
-
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-// Typed errors
-var (
- errUnableToMarshalFragmented = &protocol.InternalError{Err: errors.New("unable to marshal fragmented handshakes")} //nolint:goerr113
- errHandshakeMessageUnset = &protocol.InternalError{Err: errors.New("handshake message unset, unable to marshal")} //nolint:goerr113
- errBufferTooSmall = &protocol.TemporaryError{Err: errors.New("buffer is too small")} //nolint:goerr113
- errLengthMismatch = &protocol.InternalError{Err: errors.New("data length and declared length do not match")} //nolint:goerr113
- errInvalidClientKeyExchange = &protocol.FatalError{Err: errors.New("unable to determine if ClientKeyExchange is a public key or PSK Identity")} //nolint:goerr113
- errInvalidHashAlgorithm = &protocol.FatalError{Err: errors.New("invalid hash algorithm")} //nolint:goerr113
- errInvalidSignatureAlgorithm = &protocol.FatalError{Err: errors.New("invalid signature algorithm")} //nolint:goerr113
- errCookieTooLong = &protocol.FatalError{Err: errors.New("cookie must not be longer then 255 bytes")} //nolint:goerr113
- errInvalidEllipticCurveType = &protocol.FatalError{Err: errors.New("invalid or unknown elliptic curve type")} //nolint:goerr113
- errInvalidNamedCurve = &protocol.FatalError{Err: errors.New("invalid named curve")} //nolint:goerr113
- errCipherSuiteUnset = &protocol.FatalError{Err: errors.New("server hello can not be created without a cipher suite")} //nolint:goerr113
- errCompressionMethodUnset = &protocol.FatalError{Err: errors.New("server hello can not be created without a compression method")} //nolint:goerr113
- errInvalidCompressionMethod = &protocol.FatalError{Err: errors.New("invalid or unknown compression method")} //nolint:goerr113
- errNotImplemented = &protocol.InternalError{Err: errors.New("feature has not been implemented yet")} //nolint:goerr113
-)
diff --git a/dtls-2.0.9/pkg/protocol/handshake/handshake.go b/dtls-2.0.9/pkg/protocol/handshake/handshake.go
deleted file mode 100644
index 4aa493e..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/handshake.go
+++ /dev/null
@@ -1,145 +0,0 @@
-// Package handshake provides the DTLS wire protocol for handshakes
-package handshake
-
-import (
- "github.com/pion/dtls/v2/internal/util"
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-// Type is the unique identifier for each handshake message
-// https://tools.ietf.org/html/rfc5246#section-7.4
-type Type uint8
-
-// Types of DTLS Handshake messages we know about
-const (
- TypeHelloRequest Type = 0
- TypeClientHello Type = 1
- TypeServerHello Type = 2
- TypeHelloVerifyRequest Type = 3
- TypeCertificate Type = 11
- TypeServerKeyExchange Type = 12
- TypeCertificateRequest Type = 13
- TypeServerHelloDone Type = 14
- TypeCertificateVerify Type = 15
- TypeClientKeyExchange Type = 16
- TypeFinished Type = 20
-)
-
-// String returns the string representation of this type
-func (t Type) String() string {
- switch t {
- case TypeHelloRequest:
- return "HelloRequest"
- case TypeClientHello:
- return "ClientHello"
- case TypeServerHello:
- return "ServerHello"
- case TypeHelloVerifyRequest:
- return "HelloVerifyRequest"
- case TypeCertificate:
- return "TypeCertificate"
- case TypeServerKeyExchange:
- return "ServerKeyExchange"
- case TypeCertificateRequest:
- return "CertificateRequest"
- case TypeServerHelloDone:
- return "ServerHelloDone"
- case TypeCertificateVerify:
- return "CertificateVerify"
- case TypeClientKeyExchange:
- return "ClientKeyExchange"
- case TypeFinished:
- return "Finished"
- }
- return ""
-}
-
-// Message is the body of a Handshake datagram
-type Message interface {
- Marshal() ([]byte, error)
- Unmarshal(data []byte) error
-
- Type() Type
-}
-
-// Handshake protocol is responsible for selecting a cipher spec and
-// generating a master secret, which together comprise the primary
-// cryptographic parameters associated with a secure session. The
-// handshake protocol can also optionally authenticate parties who have
-// certificates signed by a trusted certificate authority.
-// https://tools.ietf.org/html/rfc5246#section-7.3
-type Handshake struct {
- Header Header
- Message Message
-}
-
-// ContentType returns what kind of content this message is carying
-func (h Handshake) ContentType() protocol.ContentType {
- return protocol.ContentTypeHandshake
-}
-
-// Marshal encodes a handshake into a binary message
-func (h *Handshake) Marshal() ([]byte, error) {
- if h.Message == nil {
- return nil, errHandshakeMessageUnset
- } else if h.Header.FragmentOffset != 0 {
- return nil, errUnableToMarshalFragmented
- }
-
- msg, err := h.Message.Marshal()
- if err != nil {
- return nil, err
- }
-
- h.Header.Length = uint32(len(msg))
- h.Header.FragmentLength = h.Header.Length
- h.Header.Type = h.Message.Type()
- header, err := h.Header.Marshal()
- if err != nil {
- return nil, err
- }
-
- return append(header, msg...), nil
-}
-
-// Unmarshal decodes a handshake from a binary message
-func (h *Handshake) Unmarshal(data []byte) error {
- if err := h.Header.Unmarshal(data); err != nil {
- return err
- }
-
- reportedLen := util.BigEndianUint24(data[1:])
- if uint32(len(data)-HeaderLength) != reportedLen {
- return errLengthMismatch
- } else if reportedLen != h.Header.FragmentLength {
- return errLengthMismatch
- }
-
- switch Type(data[0]) {
- case TypeHelloRequest:
- return errNotImplemented
- case TypeClientHello:
- h.Message = &MessageClientHello{}
- case TypeHelloVerifyRequest:
- h.Message = &MessageHelloVerifyRequest{}
- case TypeServerHello:
- h.Message = &MessageServerHello{}
- case TypeCertificate:
- h.Message = &MessageCertificate{}
- case TypeServerKeyExchange:
- h.Message = &MessageServerKeyExchange{}
- case TypeCertificateRequest:
- h.Message = &MessageCertificateRequest{}
- case TypeServerHelloDone:
- h.Message = &MessageServerHelloDone{}
- case TypeClientKeyExchange:
- h.Message = &MessageClientKeyExchange{}
- case TypeFinished:
- h.Message = &MessageFinished{}
- case TypeCertificateVerify:
- h.Message = &MessageCertificateVerify{}
- default:
- return errNotImplemented
- }
- return h.Message.Unmarshal(data[HeaderLength:])
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/header.go b/dtls-2.0.9/pkg/protocol/handshake/header.go
deleted file mode 100644
index cb6a224..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/header.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package handshake
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/internal/util"
-)
-
-// HeaderLength msg_len for Handshake messages assumes an extra
-// 12 bytes for sequence, fragment and version information vs TLS
-const HeaderLength = 12
-
-// Header is the static first 12 bytes of each RecordLayer
-// of type Handshake. These fields allow us to support message loss, reordering, and
-// message fragmentation,
-//
-// https://tools.ietf.org/html/rfc6347#section-4.2.2
-type Header struct {
- Type Type
- Length uint32 // uint24 in spec
- MessageSequence uint16
- FragmentOffset uint32 // uint24 in spec
- FragmentLength uint32 // uint24 in spec
-}
-
-// Marshal encodes the Header
-func (h *Header) Marshal() ([]byte, error) {
- out := make([]byte, HeaderLength)
-
- out[0] = byte(h.Type)
- util.PutBigEndianUint24(out[1:], h.Length)
- binary.BigEndian.PutUint16(out[4:], h.MessageSequence)
- util.PutBigEndianUint24(out[6:], h.FragmentOffset)
- util.PutBigEndianUint24(out[9:], h.FragmentLength)
- return out, nil
-}
-
-// Unmarshal populates the header from encoded data
-func (h *Header) Unmarshal(data []byte) error {
- if len(data) < HeaderLength {
- return errBufferTooSmall
- }
-
- h.Type = Type(data[0])
- h.Length = util.BigEndianUint24(data[1:])
- h.MessageSequence = binary.BigEndian.Uint16(data[4:])
- h.FragmentOffset = util.BigEndianUint24(data[6:])
- h.FragmentLength = util.BigEndianUint24(data[9:])
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_certificate.go b/dtls-2.0.9/pkg/protocol/handshake/message_certificate.go
deleted file mode 100644
index 05fb746..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_certificate.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package handshake
-
-import (
- "github.com/pion/dtls/v2/internal/util"
-)
-
-// MessageCertificate is a DTLS Handshake Message
-// it can contain either a Client or Server Certificate
-//
-// https://tools.ietf.org/html/rfc5246#section-7.4.2
-type MessageCertificate struct {
- Certificate [][]byte
-}
-
-// Type returns the Handshake Type
-func (m MessageCertificate) Type() Type {
- return TypeCertificate
-}
-
-const (
- handshakeMessageCertificateLengthFieldSize = 3
-)
-
-// Marshal encodes the Handshake
-func (m *MessageCertificate) Marshal() ([]byte, error) {
- out := make([]byte, handshakeMessageCertificateLengthFieldSize)
-
- for _, r := range m.Certificate {
- // Certificate Length
- out = append(out, make([]byte, handshakeMessageCertificateLengthFieldSize)...)
- util.PutBigEndianUint24(out[len(out)-handshakeMessageCertificateLengthFieldSize:], uint32(len(r)))
-
- // Certificate body
- out = append(out, append([]byte{}, r...)...)
- }
-
- // Total Payload Size
- util.PutBigEndianUint24(out[0:], uint32(len(out[handshakeMessageCertificateLengthFieldSize:])))
- return out, nil
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageCertificate) Unmarshal(data []byte) error {
- if len(data) < handshakeMessageCertificateLengthFieldSize {
- return errBufferTooSmall
- }
-
- if certificateBodyLen := int(util.BigEndianUint24(data)); certificateBodyLen+handshakeMessageCertificateLengthFieldSize != len(data) {
- return errLengthMismatch
- }
-
- offset := handshakeMessageCertificateLengthFieldSize
- for offset < len(data) {
- certificateLen := int(util.BigEndianUint24(data[offset:]))
- offset += handshakeMessageCertificateLengthFieldSize
-
- if offset+certificateLen > len(data) {
- return errLengthMismatch
- }
-
- m.Certificate = append(m.Certificate, append([]byte{}, data[offset:offset+certificateLen]...))
- offset += certificateLen
- }
-
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_request.go b/dtls-2.0.9/pkg/protocol/handshake/message_certificate_request.go
deleted file mode 100644
index e711f39..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_request.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package handshake
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
-)
-
-/*
-MessageCertificateRequest is so a non-anonymous server can optionally
-request a certificate from the client, if appropriate for the selected cipher
-suite. This message, if sent, will immediately follow the ServerKeyExchange
-message (if it is sent; otherwise, this message follows the
-server's Certificate message).
-
-https://tools.ietf.org/html/rfc5246#section-7.4.4
-*/
-type MessageCertificateRequest struct {
- CertificateTypes []clientcertificate.Type
- SignatureHashAlgorithms []signaturehash.Algorithm
-}
-
-const (
- messageCertificateRequestMinLength = 5
-)
-
-// Type returns the Handshake Type
-func (m MessageCertificateRequest) Type() Type {
- return TypeCertificateRequest
-}
-
-// Marshal encodes the Handshake
-func (m *MessageCertificateRequest) Marshal() ([]byte, error) {
- out := []byte{byte(len(m.CertificateTypes))}
- for _, v := range m.CertificateTypes {
- out = append(out, byte(v))
- }
-
- out = append(out, []byte{0x00, 0x00}...)
- binary.BigEndian.PutUint16(out[len(out)-2:], uint16(len(m.SignatureHashAlgorithms)*2))
- for _, v := range m.SignatureHashAlgorithms {
- out = append(out, byte(v.Hash))
- out = append(out, byte(v.Signature))
- }
-
- out = append(out, []byte{0x00, 0x00}...) // Distinguished Names Length
- return out, nil
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageCertificateRequest) Unmarshal(data []byte) error {
- if len(data) < messageCertificateRequestMinLength {
- return errBufferTooSmall
- }
-
- offset := 0
- certificateTypesLength := int(data[0])
- offset++
-
- if (offset + certificateTypesLength) > len(data) {
- return errBufferTooSmall
- }
-
- for i := 0; i < certificateTypesLength; i++ {
- certType := clientcertificate.Type(data[offset+i])
- if _, ok := clientcertificate.Types()[certType]; ok {
- m.CertificateTypes = append(m.CertificateTypes, certType)
- }
- }
- offset += certificateTypesLength
- if len(data) < offset+2 {
- return errBufferTooSmall
- }
- signatureHashAlgorithmsLength := int(binary.BigEndian.Uint16(data[offset:]))
- offset += 2
-
- if (offset + signatureHashAlgorithmsLength) > len(data) {
- return errBufferTooSmall
- }
-
- for i := 0; i < signatureHashAlgorithmsLength; i += 2 {
- if len(data) < (offset + i + 2) {
- return errBufferTooSmall
- }
- h := hash.Algorithm(data[offset+i])
- s := signature.Algorithm(data[offset+i+1])
-
- if _, ok := hash.Algorithms()[h]; !ok {
- continue
- } else if _, ok := signature.Algorithms()[s]; !ok {
- continue
- }
- m.SignatureHashAlgorithms = append(m.SignatureHashAlgorithms, signaturehash.Algorithm{Signature: s, Hash: h})
- }
-
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_request_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_certificate_request_test.go
deleted file mode 100644
index 1d73ae5..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_request_test.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package handshake
-
-import (
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
-)
-
-func TestHandshakeMessageCertificateRequest(t *testing.T) {
- rawCertificateRequest := []byte{
- 0x02, 0x01, 0x40, 0x00, 0x0C, 0x04, 0x03, 0x04, 0x01, 0x05,
- 0x03, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01, 0x00, 0x00,
- }
- parsedCertificateRequest := &MessageCertificateRequest{
- CertificateTypes: []clientcertificate.Type{
- clientcertificate.RSASign,
- clientcertificate.ECDSASign,
- },
- SignatureHashAlgorithms: []signaturehash.Algorithm{
- {Hash: hash.SHA256, Signature: signature.ECDSA},
- {Hash: hash.SHA256, Signature: signature.RSA},
- {Hash: hash.SHA384, Signature: signature.ECDSA},
- {Hash: hash.SHA384, Signature: signature.RSA},
- {Hash: hash.SHA512, Signature: signature.RSA},
- {Hash: hash.SHA1, Signature: signature.RSA},
- },
- }
-
- c := &MessageCertificateRequest{}
- if err := c.Unmarshal(rawCertificateRequest); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(c, parsedCertificateRequest) {
- t.Errorf("parsedCertificateRequest unmarshal: got %#v, want %#v", c, parsedCertificateRequest)
- }
-
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawCertificateRequest) {
- t.Errorf("parsedCertificateRequest marshal: got %#v, want %#v", raw, rawCertificateRequest)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_certificate_test.go
deleted file mode 100644
index aafb09f..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_test.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package handshake
-
-import (
- "crypto/x509"
- "reflect"
- "testing"
-)
-
-func TestHandshakeMessageCertificate(t *testing.T) {
- // Not easy to mock out these members, just copy for now (since everything else matches)
- copyCertificatePrivateMembers := func(src, dst *x509.Certificate) {
- dst.PublicKey = src.PublicKey
- dst.SerialNumber = src.SerialNumber
- dst.Issuer = src.Issuer
- dst.Subject = src.Subject
- dst.NotBefore = src.NotBefore
- dst.NotAfter = src.NotAfter
- }
-
- rawCertificate := []byte{
- 0x00, 0x01, 0x8c, 0x00, 0x01, 0x89, 0x30, 0x82, 0x01, 0x85, 0x30, 0x82, 0x01, 0x2b, 0x02, 0x14,
- 0x7d, 0x00, 0xcf, 0x07, 0xfc, 0xe2, 0xb6, 0xb8, 0x3f, 0x72, 0xeb, 0x11, 0x36, 0x1b, 0xf6, 0x39,
- 0xf1, 0x3c, 0x33, 0x41, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
- 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31,
- 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53,
- 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
- 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20,
- 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x31, 0x30, 0x32,
- 0x35, 0x30, 0x38, 0x35, 0x31, 0x31, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x30, 0x32, 0x35,
- 0x30, 0x38, 0x35, 0x31, 0x31, 0x32, 0x5a, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
- 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
- 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06,
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
- 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x59,
- 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
- 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xf9, 0xb1, 0x62, 0xd6, 0x07, 0xae, 0xc3,
- 0x36, 0x34, 0xf5, 0xa3, 0x09, 0x39, 0x86, 0xe7, 0x3b, 0x59, 0xf7, 0x4a, 0x1d, 0xf4, 0x97, 0x4f,
- 0x91, 0x40, 0x56, 0x1b, 0x3d, 0x6c, 0x5a, 0x38, 0x10, 0x15, 0x58, 0xf5, 0xa4, 0xcc, 0xdf, 0xd5,
- 0xf5, 0x4a, 0x35, 0x40, 0x0f, 0x9f, 0x54, 0xb7, 0xe9, 0xe2, 0xae, 0x63, 0x83, 0x6a, 0x4c, 0xfc,
- 0xc2, 0x5f, 0x78, 0xa0, 0xbb, 0x46, 0x54, 0xa4, 0xda, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48,
- 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x47, 0x1a, 0x5f, 0x58,
- 0x2a, 0x74, 0x33, 0x6d, 0xed, 0xac, 0x37, 0x21, 0xfa, 0x76, 0x5a, 0x4d, 0x78, 0x68, 0x1a, 0xdd,
- 0x80, 0xa4, 0xd4, 0xb7, 0x7f, 0x7d, 0x78, 0xb3, 0xfb, 0xf3, 0x95, 0xfb, 0x02, 0x21, 0x00, 0xc0,
- 0x73, 0x30, 0xda, 0x2b, 0xc0, 0x0c, 0x9e, 0xb2, 0x25, 0x0d, 0x46, 0xb0, 0xbc, 0x66, 0x7f, 0x71,
- 0x66, 0xbf, 0x16, 0xb3, 0x80, 0x78, 0xd0, 0x0c, 0xef, 0xcc, 0xf5, 0xc1, 0x15, 0x0f, 0x58,
- }
-
- parsedCertificate := &x509.Certificate{
- Raw: rawCertificate[6:],
- RawTBSCertificate: rawCertificate[10:313],
- RawSubjectPublicKeyInfo: rawCertificate[222:313],
- RawSubject: rawCertificate[48:119],
- RawIssuer: rawCertificate[48:119],
- Signature: rawCertificate[328:],
- SignatureAlgorithm: x509.ECDSAWithSHA256,
- PublicKeyAlgorithm: x509.ECDSA,
- Version: 1,
- }
-
- c := &MessageCertificate{}
- if err := c.Unmarshal(rawCertificate); err != nil {
- t.Error(err)
- } else {
- certificate, err := x509.ParseCertificate(c.Certificate[0])
- if err != nil {
- t.Error(err)
- }
- copyCertificatePrivateMembers(certificate, parsedCertificate)
- if !reflect.DeepEqual(certificate, parsedCertificate) {
- t.Errorf("handshakeMessageCertificate unmarshal: got %#v, want %#v", c, parsedCertificate)
- }
- }
-
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawCertificate) {
- t.Errorf("handshakeMessageCertificate marshal: got %#v, want %#v", raw, rawCertificate)
- }
-}
-
-func TestEmptyHandshakeMessageCertificate(t *testing.T) {
- rawCertificate := []byte{
- 0x00, 0x00, 0x00,
- }
-
- expectedCertificate := &MessageCertificate{
- Certificate: nil,
- }
-
- c := &MessageCertificate{}
- if err := c.Unmarshal(rawCertificate); err != nil {
- t.Error(err)
- }
-
- if !reflect.DeepEqual(c, expectedCertificate) {
- t.Errorf("handshakeMessageCertificate unmarshal: got %#v, want %#v", c, expectedCertificate)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_verify.go b/dtls-2.0.9/pkg/protocol/handshake/message_certificate_verify.go
deleted file mode 100644
index fb5e463..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_verify.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package handshake
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
-)
-
-// MessageCertificateVerify provide explicit verification of a
-// client certificate.
-//
-// https://tools.ietf.org/html/rfc5246#section-7.4.8
-type MessageCertificateVerify struct {
- HashAlgorithm hash.Algorithm
- SignatureAlgorithm signature.Algorithm
- Signature []byte
-}
-
-const handshakeMessageCertificateVerifyMinLength = 4
-
-// Type returns the Handshake Type
-func (m MessageCertificateVerify) Type() Type {
- return TypeCertificateVerify
-}
-
-// Marshal encodes the Handshake
-func (m *MessageCertificateVerify) Marshal() ([]byte, error) {
- out := make([]byte, 1+1+2+len(m.Signature))
-
- out[0] = byte(m.HashAlgorithm)
- out[1] = byte(m.SignatureAlgorithm)
- binary.BigEndian.PutUint16(out[2:], uint16(len(m.Signature)))
- copy(out[4:], m.Signature)
- return out, nil
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageCertificateVerify) Unmarshal(data []byte) error {
- if len(data) < handshakeMessageCertificateVerifyMinLength {
- return errBufferTooSmall
- }
-
- m.HashAlgorithm = hash.Algorithm(data[0])
- if _, ok := hash.Algorithms()[m.HashAlgorithm]; !ok {
- return errInvalidHashAlgorithm
- }
-
- m.SignatureAlgorithm = signature.Algorithm(data[1])
- if _, ok := signature.Algorithms()[m.SignatureAlgorithm]; !ok {
- return errInvalidSignatureAlgorithm
- }
-
- signatureLength := int(binary.BigEndian.Uint16(data[2:]))
- if (signatureLength + 4) != len(data) {
- return errBufferTooSmall
- }
-
- m.Signature = append([]byte{}, data[4:]...)
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_verify_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_certificate_verify_test.go
deleted file mode 100644
index 5e55dc5..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_certificate_verify_test.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package handshake
-
-import (
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
-)
-
-func TestHandshakeMessageCertificateVerify(t *testing.T) {
- rawCertificateVerify := []byte{
- 0x04, 0x03, 0x00, 0x47, 0x30, 0x45, 0x02, 0x20, 0x6b, 0x63, 0x17, 0xad, 0xbe, 0xb7, 0x7b, 0x0f,
- 0x86, 0x73, 0x39, 0x1e, 0xba, 0xb3, 0x50, 0x9c, 0xce, 0x9c, 0xe4, 0x8b, 0xe5, 0x13, 0x07, 0x59,
- 0x18, 0x1f, 0xe5, 0xa0, 0x2b, 0xca, 0xa6, 0xad, 0x02, 0x21, 0x00, 0xd3, 0xb5, 0x01, 0xbe, 0x87,
- 0x6c, 0x04, 0xa1, 0xdc, 0x28, 0xaa, 0x5f, 0xf7, 0x1e, 0x9c, 0xc0, 0x1e, 0x00, 0x2c, 0xe5, 0x94,
- 0xbb, 0x03, 0x0e, 0xf1, 0xcb, 0x28, 0x22, 0x33, 0x23, 0x88, 0xad,
- }
- parsedCertificateVerify := &MessageCertificateVerify{
- HashAlgorithm: hash.Algorithm(rawCertificateVerify[0]),
- SignatureAlgorithm: signature.Algorithm(rawCertificateVerify[1]),
- Signature: rawCertificateVerify[4:],
- }
-
- c := &MessageCertificateVerify{}
- if err := c.Unmarshal(rawCertificateVerify); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(c, parsedCertificateVerify) {
- t.Errorf("handshakeMessageCertificate unmarshal: got %#v, want %#v", c, parsedCertificateVerify)
- }
-
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawCertificateVerify) {
- t.Errorf("handshakeMessageCertificateVerify marshal: got %#v, want %#v", raw, rawCertificateVerify)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_client_hello.go b/dtls-2.0.9/pkg/protocol/handshake/message_client_hello.go
deleted file mode 100644
index 7afad6b..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_client_hello.go
+++ /dev/null
@@ -1,130 +0,0 @@
-package handshake
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
-)
-
-/*
-MessageClientHello is for when a client first connects to a server it is
-required to send the client hello as its first message. The client can also send a
-client hello in response to a hello request or on its own
-initiative in order to renegotiate the security parameters in an
-existing connection.
-*/
-type MessageClientHello struct {
- Version protocol.Version
- Random Random
- Cookie []byte
-
- SessionID []byte // TODO 添加anylink支持
-
- CipherSuiteIDs []uint16
- CompressionMethods []*protocol.CompressionMethod
- Extensions []extension.Extension
-}
-
-const handshakeMessageClientHelloVariableWidthStart = 34
-
-// Type returns the Handshake Type
-func (m MessageClientHello) Type() Type {
- return TypeClientHello
-}
-
-// Marshal encodes the Handshake
-func (m *MessageClientHello) Marshal() ([]byte, error) {
- if len(m.Cookie) > 255 {
- return nil, errCookieTooLong
- }
-
- out := make([]byte, handshakeMessageClientHelloVariableWidthStart)
- out[0] = m.Version.Major
- out[1] = m.Version.Minor
-
- rand := m.Random.MarshalFixed()
- copy(out[2:], rand[:])
-
- out = append(out, 0x00) // SessionID
-
- out = append(out, byte(len(m.Cookie)))
- out = append(out, m.Cookie...)
- out = append(out, encodeCipherSuiteIDs(m.CipherSuiteIDs)...)
- out = append(out, protocol.EncodeCompressionMethods(m.CompressionMethods)...)
-
- extensions, err := extension.Marshal(m.Extensions)
- if err != nil {
- return nil, err
- }
-
- return append(out, extensions...), nil
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageClientHello) Unmarshal(data []byte) error {
- if len(data) < 2+RandomLength {
- return errBufferTooSmall
- }
-
- m.Version.Major = data[0]
- m.Version.Minor = data[1]
-
- var random [RandomLength]byte
- copy(random[:], data[2:])
- m.Random.UnmarshalFixed(random)
-
- // rest of packet has variable width sections
- currOffset := handshakeMessageClientHelloVariableWidthStart
- currOffset += int(data[currOffset]) + 1 // SessionID
-
- // TODO 添加SessionID
- m.SessionID = data[handshakeMessageClientHelloVariableWidthStart+1 : currOffset]
-
- currOffset++
- if len(data) <= currOffset {
- return errBufferTooSmall
- }
- n := int(data[currOffset-1])
- if len(data) <= currOffset+n {
- return errBufferTooSmall
- }
- m.Cookie = append([]byte{}, data[currOffset:currOffset+n]...)
- currOffset += len(m.Cookie)
-
- // Cipher Suites
- if len(data) < currOffset {
- return errBufferTooSmall
- }
- cipherSuiteIDs, err := decodeCipherSuiteIDs(data[currOffset:])
- if err != nil {
- return err
- }
- m.CipherSuiteIDs = cipherSuiteIDs
- if len(data) < currOffset+2 {
- return errBufferTooSmall
- }
- currOffset += int(binary.BigEndian.Uint16(data[currOffset:])) + 2
-
- // Compression Methods
- if len(data) < currOffset {
- return errBufferTooSmall
- }
- compressionMethods, err := protocol.DecodeCompressionMethods(data[currOffset:])
- if err != nil {
- return err
- }
- m.CompressionMethods = compressionMethods
- if len(data) < currOffset {
- return errBufferTooSmall
- }
- currOffset += int(data[currOffset]) + 1
-
- // Extensions
- extensions, err := extension.Unmarshal(data[currOffset:])
- if err != nil {
- return err
- }
- m.Extensions = extensions
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_client_hello_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_client_hello_test.go
deleted file mode 100644
index bf75287..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_client_hello_test.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package handshake
-
-import (
- "reflect"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
-)
-
-func TestHandshakeMessageClientHello(t *testing.T) {
- rawClientHello := []byte{
- 0xfe, 0xfd, 0xb6, 0x2f, 0xce, 0x5c, 0x42, 0x54, 0xff, 0x86, 0xe1, 0x24, 0x41, 0x91, 0x42,
- 0x62, 0x15, 0xad, 0x16, 0xc9, 0x15, 0x8d, 0x95, 0x71, 0x8a, 0xbb, 0x22, 0xd7, 0x47, 0xec,
- 0xd8, 0x3d, 0xdc, 0x4b, 0x00, 0x14, 0xe6, 0x14, 0x3a, 0x1b, 0x04, 0xea, 0x9e, 0x7a, 0x14,
- 0xd6, 0x6c, 0x57, 0xd0, 0x0e, 0x32, 0x85, 0x76, 0x18, 0xde, 0xd8, 0x00, 0x04, 0xc0, 0x2b,
- 0xc0, 0x0a, 0x01, 0x00, 0x00, 0x08, 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x1d,
- }
- parsedClientHello := &MessageClientHello{
- Version: protocol.Version{Major: 0xFE, Minor: 0xFD},
- Random: Random{
- GMTUnixTime: time.Unix(3056586332, 0),
- RandomBytes: [28]byte{0x42, 0x54, 0xff, 0x86, 0xe1, 0x24, 0x41, 0x91, 0x42, 0x62, 0x15, 0xad, 0x16, 0xc9, 0x15, 0x8d, 0x95, 0x71, 0x8a, 0xbb, 0x22, 0xd7, 0x47, 0xec, 0xd8, 0x3d, 0xdc, 0x4b},
- },
- Cookie: []byte{0xe6, 0x14, 0x3a, 0x1b, 0x04, 0xea, 0x9e, 0x7a, 0x14, 0xd6, 0x6c, 0x57, 0xd0, 0x0e, 0x32, 0x85, 0x76, 0x18, 0xde, 0xd8},
- CipherSuiteIDs: []uint16{
- 0xc02b,
- 0xc00a,
- },
- CompressionMethods: []*protocol.CompressionMethod{
- {},
- },
- Extensions: []extension.Extension{
- &extension.SupportedEllipticCurves{EllipticCurves: []elliptic.Curve{elliptic.X25519}},
- },
- }
-
- c := &MessageClientHello{}
- if err := c.Unmarshal(rawClientHello); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(c, parsedClientHello) {
- t.Errorf("handshakeMessageClientHello unmarshal: got %#v, want %#v", c, parsedClientHello)
- }
-
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawClientHello) {
- t.Errorf("handshakeMessageClientHello marshal: got %#v, want %#v", raw, rawClientHello)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_client_key_exchange.go b/dtls-2.0.9/pkg/protocol/handshake/message_client_key_exchange.go
deleted file mode 100644
index f8fc369..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_client_key_exchange.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package handshake
-
-import (
- "encoding/binary"
-)
-
-// MessageClientKeyExchange is a DTLS Handshake Message
-// With this message, the premaster secret is set, either by direct
-// transmission of the RSA-encrypted secret or by the transmission of
-// Diffie-Hellman parameters that will allow each side to agree upon
-// the same premaster secret.
-//
-// https://tools.ietf.org/html/rfc5246#section-7.4.7
-type MessageClientKeyExchange struct {
- IdentityHint []byte
- PublicKey []byte
-}
-
-// Type returns the Handshake Type
-func (m MessageClientKeyExchange) Type() Type {
- return TypeClientKeyExchange
-}
-
-// Marshal encodes the Handshake
-func (m *MessageClientKeyExchange) Marshal() ([]byte, error) {
- switch {
- case (m.IdentityHint != nil && m.PublicKey != nil) || (m.IdentityHint == nil && m.PublicKey == nil):
- return nil, errInvalidClientKeyExchange
- case m.PublicKey != nil:
- return append([]byte{byte(len(m.PublicKey))}, m.PublicKey...), nil
- default:
- out := append([]byte{0x00, 0x00}, m.IdentityHint...)
- binary.BigEndian.PutUint16(out, uint16(len(out)-2))
- return out, nil
- }
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageClientKeyExchange) Unmarshal(data []byte) error {
- if len(data) < 2 {
- return errBufferTooSmall
- }
-
- // If parsed as PSK return early and only populate PSK Identity Hint
- if pskLength := binary.BigEndian.Uint16(data); len(data) == int(pskLength+2) {
- m.IdentityHint = append([]byte{}, data[2:]...)
- return nil
- }
-
- if publicKeyLength := int(data[0]); len(data) != publicKeyLength+1 {
- return errBufferTooSmall
- }
-
- m.PublicKey = append([]byte{}, data[1:]...)
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_client_key_exchange_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_client_key_exchange_test.go
deleted file mode 100644
index d1b938a..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_client_key_exchange_test.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package handshake
-
-import (
- "reflect"
- "testing"
-)
-
-func TestHandshakeMessageClientKeyExchange(t *testing.T) {
- rawClientKeyExchange := []byte{
- 0x20, 0x26, 0x78, 0x4a, 0x78, 0x70, 0xc1, 0xf9, 0x71, 0xea, 0x50, 0x4a, 0xb5, 0xbb, 0x00, 0x76,
- 0x02, 0x05, 0xda, 0xf7, 0xd0, 0x3f, 0xe3, 0xf7, 0x4e, 0x8a, 0x14, 0x6f, 0xb7, 0xe0, 0xc0, 0xff,
- 0x54,
- }
- parsedClientKeyExchange := &MessageClientKeyExchange{
- PublicKey: rawClientKeyExchange[1:],
- }
-
- c := &MessageClientKeyExchange{}
- if err := c.Unmarshal(rawClientKeyExchange); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(c, parsedClientKeyExchange) {
- t.Errorf("handshakeMessageClientKeyExchange unmarshal: got %#v, want %#v", c, parsedClientKeyExchange)
- }
-
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawClientKeyExchange) {
- t.Errorf("handshakeMessageClientKeyExchange marshal: got %#v, want %#v", raw, rawClientKeyExchange)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_finished.go b/dtls-2.0.9/pkg/protocol/handshake/message_finished.go
deleted file mode 100644
index c65d42a..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_finished.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package handshake
-
-// MessageFinished is a DTLS Handshake Message
-// this message is the first one protected with the just
-// negotiated algorithms, keys, and secrets. Recipients of Finished
-// messages MUST verify that the contents are correct.
-//
-// https://tools.ietf.org/html/rfc5246#section-7.4.9
-type MessageFinished struct {
- VerifyData []byte
-}
-
-// Type returns the Handshake Type
-func (m MessageFinished) Type() Type {
- return TypeFinished
-}
-
-// Marshal encodes the Handshake
-func (m *MessageFinished) Marshal() ([]byte, error) {
- return append([]byte{}, m.VerifyData...), nil
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageFinished) Unmarshal(data []byte) error {
- m.VerifyData = append([]byte{}, data...)
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_finished_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_finished_test.go
deleted file mode 100644
index bdc6564..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_finished_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package handshake
-
-import (
- "reflect"
- "testing"
-)
-
-func TestHandshakeMessageFinished(t *testing.T) {
- rawFinished := []byte{
- 0x01, 0x01, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- }
- parsedFinished := &MessageFinished{
- VerifyData: rawFinished,
- }
-
- c := &MessageFinished{}
- if err := c.Unmarshal(rawFinished); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(c, parsedFinished) {
- t.Errorf("handshakeMessageFinished unmarshal: got %#v, want %#v", c, parsedFinished)
- }
-
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawFinished) {
- t.Errorf("handshakeMessageFinished marshal: got %#v, want %#v", raw, rawFinished)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_hello_verify_request.go b/dtls-2.0.9/pkg/protocol/handshake/message_hello_verify_request.go
deleted file mode 100644
index ef834dc..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_hello_verify_request.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package handshake
-
-import (
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-// MessageHelloVerifyRequest is as follows:
-//
-// struct {
-// ProtocolVersion server_version;
-// opaque cookie<0..2^8-1>;
-// } HelloVerifyRequest;
-//
-// The HelloVerifyRequest message type is hello_verify_request(3).
-//
-// When the client sends its ClientHello message to the server, the server
-// MAY respond with a HelloVerifyRequest message. This message contains
-// a stateless cookie generated using the technique of [PHOTURIS]. The
-// client MUST retransmit the ClientHello with the cookie added.
-//
-// https://tools.ietf.org/html/rfc6347#section-4.2.1
-type MessageHelloVerifyRequest struct {
- Version protocol.Version
- Cookie []byte
-}
-
-// Type returns the Handshake Type
-func (m MessageHelloVerifyRequest) Type() Type {
- return TypeHelloVerifyRequest
-}
-
-// Marshal encodes the Handshake
-func (m *MessageHelloVerifyRequest) Marshal() ([]byte, error) {
- if len(m.Cookie) > 255 {
- return nil, errCookieTooLong
- }
-
- out := make([]byte, 3+len(m.Cookie))
- out[0] = m.Version.Major
- out[1] = m.Version.Minor
- out[2] = byte(len(m.Cookie))
- copy(out[3:], m.Cookie)
-
- return out, nil
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageHelloVerifyRequest) Unmarshal(data []byte) error {
- if len(data) < 3 {
- return errBufferTooSmall
- }
- m.Version.Major = data[0]
- m.Version.Minor = data[1]
- cookieLength := data[2]
- if len(data) < (int(cookieLength) + 3) {
- return errBufferTooSmall
- }
- m.Cookie = make([]byte, cookieLength)
-
- copy(m.Cookie, data[3:3+cookieLength])
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_hello_verify_request_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_hello_verify_request_test.go
deleted file mode 100644
index 0b15eee..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_hello_verify_request_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package handshake
-
-import (
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-func TestHandshakeMessageHelloVerifyRequest(t *testing.T) {
- rawHelloVerifyRequest := []byte{
- 0xfe, 0xff, 0x14, 0x25, 0xfb, 0xee, 0xb3, 0x7c, 0x95, 0xcf, 0x00,
- 0xeb, 0xad, 0xe2, 0xef, 0xc7, 0xfd, 0xbb, 0xed, 0xf7, 0x1f, 0x6c, 0xcd,
- }
- parsedHelloVerifyRequest := &MessageHelloVerifyRequest{
- Version: protocol.Version{Major: 0xFE, Minor: 0xFF},
- Cookie: []byte{0x25, 0xfb, 0xee, 0xb3, 0x7c, 0x95, 0xcf, 0x00, 0xeb, 0xad, 0xe2, 0xef, 0xc7, 0xfd, 0xbb, 0xed, 0xf7, 0x1f, 0x6c, 0xcd},
- }
-
- h := &MessageHelloVerifyRequest{}
- if err := h.Unmarshal(rawHelloVerifyRequest); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(h, parsedHelloVerifyRequest) {
- t.Errorf("handshakeMessageClientHello unmarshal: got %#v, want %#v", h, parsedHelloVerifyRequest)
- }
-
- raw, err := h.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawHelloVerifyRequest) {
- t.Errorf("handshakeMessageClientHello marshal: got %#v, want %#v", raw, rawHelloVerifyRequest)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_server_hello.go b/dtls-2.0.9/pkg/protocol/handshake/message_server_hello.go
deleted file mode 100644
index f21fb49..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_server_hello.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package handshake
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
-)
-
-// MessageServerHello is sent in response to a ClientHello
-// message when it was able to find an acceptable set of algorithms.
-// If it cannot find such a match, it will respond with a handshake
-// failure alert.
-//
-// https://tools.ietf.org/html/rfc5246#section-7.4.1.3
-type MessageServerHello struct {
- Version protocol.Version
- Random Random
-
- SessionID []byte // TODO 添加anylink支持
-
- CipherSuiteID *uint16
- CompressionMethod *protocol.CompressionMethod
- Extensions []extension.Extension
-}
-
-const messageServerHelloVariableWidthStart = 2 + RandomLength
-
-// Type returns the Handshake Type
-func (m MessageServerHello) Type() Type {
- return TypeServerHello
-}
-
-// Marshal encodes the Handshake
-func (m *MessageServerHello) Marshal() ([]byte, error) {
- if m.CipherSuiteID == nil {
- return nil, errCipherSuiteUnset
- } else if m.CompressionMethod == nil {
- return nil, errCompressionMethodUnset
- }
-
- out := make([]byte, messageServerHelloVariableWidthStart)
- out[0] = m.Version.Major
- out[1] = m.Version.Minor
-
- rand := m.Random.MarshalFixed()
- copy(out[2:], rand[:])
-
- // out = append(out, 0x00) // SessionID
- // TODO 添加SessionID
- out = append(out, byte(len(m.SessionID))) // SessionID
- out = append(out, m.SessionID...)
-
- out = append(out, []byte{0x00, 0x00}...)
- binary.BigEndian.PutUint16(out[len(out)-2:], *m.CipherSuiteID)
-
- out = append(out, byte(m.CompressionMethod.ID))
-
- extensions, err := extension.Marshal(m.Extensions)
- if err != nil {
- return nil, err
- }
-
- return append(out, extensions...), nil
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageServerHello) Unmarshal(data []byte) error {
- if len(data) < 2+RandomLength {
- return errBufferTooSmall
- }
-
- m.Version.Major = data[0]
- m.Version.Minor = data[1]
-
- var random [RandomLength]byte
- copy(random[:], data[2:])
- m.Random.UnmarshalFixed(random)
-
- currOffset := messageServerHelloVariableWidthStart
- currOffset += int(data[currOffset]) + 1 // SessionID
- if len(data) < (currOffset + 2) {
- return errBufferTooSmall
- }
-
- m.CipherSuiteID = new(uint16)
- *m.CipherSuiteID = binary.BigEndian.Uint16(data[currOffset:])
- currOffset += 2
-
- if len(data) < currOffset {
- return errBufferTooSmall
- }
- if compressionMethod, ok := protocol.CompressionMethods()[protocol.CompressionMethodID(data[currOffset])]; ok {
- m.CompressionMethod = compressionMethod
- currOffset++
- } else {
- return errInvalidCompressionMethod
- }
-
- if len(data) <= currOffset {
- m.Extensions = []extension.Extension{}
- return nil
- }
-
- extensions, err := extension.Unmarshal(data[currOffset:])
- if err != nil {
- return err
- }
- m.Extensions = extensions
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_server_hello_done.go b/dtls-2.0.9/pkg/protocol/handshake/message_server_hello_done.go
deleted file mode 100644
index a004802..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_server_hello_done.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package handshake
-
-// MessageServerHelloDone is final non-encrypted message from server
-// this communicates server has sent all its handshake messages and next
-// should be MessageFinished
-type MessageServerHelloDone struct {
-}
-
-// Type returns the Handshake Type
-func (m MessageServerHelloDone) Type() Type {
- return TypeServerHelloDone
-}
-
-// Marshal encodes the Handshake
-func (m *MessageServerHelloDone) Marshal() ([]byte, error) {
- return []byte{}, nil
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageServerHelloDone) Unmarshal(data []byte) error {
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_server_hello_done_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_server_hello_done_test.go
deleted file mode 100644
index a9043e3..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_server_hello_done_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package handshake
-
-import (
- "reflect"
- "testing"
-)
-
-func TestHandshakeMessageServerHelloDone(t *testing.T) {
- rawServerHelloDone := []byte{}
- parsedServerHelloDone := &MessageServerHelloDone{}
-
- c := &MessageServerHelloDone{}
- if err := c.Unmarshal(rawServerHelloDone); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(c, parsedServerHelloDone) {
- t.Errorf("handshakeMessageServerHelloDone unmarshal: got %#v, want %#v", c, parsedServerHelloDone)
- }
-
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawServerHelloDone) {
- t.Errorf("handshakeMessageServerHelloDone marshal: got %#v, want %#v", raw, rawServerHelloDone)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_server_hello_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_server_hello_test.go
deleted file mode 100644
index 99e7f05..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_server_hello_test.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package handshake
-
-import (
- "reflect"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/extension"
-)
-
-func TestHandshakeMessageServerHello(t *testing.T) {
- rawServerHello := []byte{
- 0xfe, 0xfd, 0x21, 0x63, 0x32, 0x21, 0x81, 0x0e, 0x98, 0x6c,
- 0x85, 0x3d, 0xa4, 0x39, 0xaf, 0x5f, 0xd6, 0x5c, 0xcc, 0x20,
- 0x7f, 0x7c, 0x78, 0xf1, 0x5f, 0x7e, 0x1c, 0xb7, 0xa1, 0x1e,
- 0xcf, 0x63, 0x84, 0x28, 0x00, 0xc0, 0x2b, 0x00, 0x00, 0x00,
- }
-
- cipherSuiteID := uint16(0xc02b)
-
- parsedServerHello := &MessageServerHello{
- Version: protocol.Version{Major: 0xFE, Minor: 0xFD},
- Random: Random{
- GMTUnixTime: time.Unix(560149025, 0),
- RandomBytes: [28]byte{0x81, 0x0e, 0x98, 0x6c, 0x85, 0x3d, 0xa4, 0x39, 0xaf, 0x5f, 0xd6, 0x5c, 0xcc, 0x20, 0x7f, 0x7c, 0x78, 0xf1, 0x5f, 0x7e, 0x1c, 0xb7, 0xa1, 0x1e, 0xcf, 0x63, 0x84, 0x28},
- },
- CipherSuiteID: &cipherSuiteID,
- CompressionMethod: &protocol.CompressionMethod{},
- Extensions: []extension.Extension{},
- }
-
- c := &MessageServerHello{}
- if err := c.Unmarshal(rawServerHello); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(c, parsedServerHello) {
- t.Errorf("handshakeMessageServerHello unmarshal: got %#v, want %#v", c, parsedServerHello)
- }
-
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawServerHello) {
- t.Errorf("handshakeMessageServerHello marshal: got %#v, want %#v", raw, rawServerHello)
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_server_key_exchange.go b/dtls-2.0.9/pkg/protocol/handshake/message_server_key_exchange.go
deleted file mode 100644
index 4148fe0..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_server_key_exchange.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package handshake
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
-)
-
-// MessageServerKeyExchange supports ECDH and PSK
-type MessageServerKeyExchange struct {
- IdentityHint []byte
-
- EllipticCurveType elliptic.CurveType
- NamedCurve elliptic.Curve
- PublicKey []byte
- HashAlgorithm hash.Algorithm
- SignatureAlgorithm signature.Algorithm
- Signature []byte
-}
-
-// Type returns the Handshake Type
-func (m MessageServerKeyExchange) Type() Type {
- return TypeServerKeyExchange
-}
-
-// Marshal encodes the Handshake
-func (m *MessageServerKeyExchange) Marshal() ([]byte, error) {
- if m.IdentityHint != nil {
- out := append([]byte{0x00, 0x00}, m.IdentityHint...)
- binary.BigEndian.PutUint16(out, uint16(len(out)-2))
- return out, nil
- }
-
- out := []byte{byte(m.EllipticCurveType), 0x00, 0x00}
- binary.BigEndian.PutUint16(out[1:], uint16(m.NamedCurve))
-
- out = append(out, byte(len(m.PublicKey)))
- out = append(out, m.PublicKey...)
-
- if m.HashAlgorithm == hash.None && m.SignatureAlgorithm == signature.Anonymous && len(m.Signature) == 0 {
- return out, nil
- }
-
- out = append(out, []byte{byte(m.HashAlgorithm), byte(m.SignatureAlgorithm), 0x00, 0x00}...)
- binary.BigEndian.PutUint16(out[len(out)-2:], uint16(len(m.Signature)))
- out = append(out, m.Signature...)
-
- return out, nil
-}
-
-// Unmarshal populates the message from encoded data
-func (m *MessageServerKeyExchange) Unmarshal(data []byte) error {
- if len(data) < 2 {
- return errBufferTooSmall
- }
-
- // If parsed as PSK return early and only populate PSK Identity Hint
- if pskLength := binary.BigEndian.Uint16(data); len(data) == int(pskLength+2) {
- m.IdentityHint = append([]byte{}, data[2:]...)
- return nil
- }
-
- if _, ok := elliptic.CurveTypes()[elliptic.CurveType(data[0])]; ok {
- m.EllipticCurveType = elliptic.CurveType(data[0])
- } else {
- return errInvalidEllipticCurveType
- }
-
- if len(data[1:]) < 2 {
- return errBufferTooSmall
- }
- m.NamedCurve = elliptic.Curve(binary.BigEndian.Uint16(data[1:3]))
- if _, ok := elliptic.Curves()[m.NamedCurve]; !ok {
- return errInvalidNamedCurve
- }
- if len(data) < 4 {
- return errBufferTooSmall
- }
-
- publicKeyLength := int(data[3])
- offset := 4 + publicKeyLength
- if len(data) < offset {
- return errBufferTooSmall
- }
- m.PublicKey = append([]byte{}, data[4:offset]...)
-
- // Anon connection doesn't contains hashAlgorithm, signatureAlgorithm, signature
- if len(data) == offset {
- return nil
- } else if len(data) <= offset {
- return errBufferTooSmall
- }
-
- m.HashAlgorithm = hash.Algorithm(data[offset])
- if _, ok := hash.Algorithms()[m.HashAlgorithm]; !ok {
- return errInvalidHashAlgorithm
- }
- offset++
- if len(data) <= offset {
- return errBufferTooSmall
- }
- m.SignatureAlgorithm = signature.Algorithm(data[offset])
- if _, ok := signature.Algorithms()[m.SignatureAlgorithm]; !ok {
- return errInvalidSignatureAlgorithm
- }
- offset++
- if len(data) < offset+2 {
- return errBufferTooSmall
- }
- signatureLength := int(binary.BigEndian.Uint16(data[offset:]))
- offset += 2
- if len(data) < offset+signatureLength {
- return errBufferTooSmall
- }
- m.Signature = append([]byte{}, data[offset:offset+signatureLength]...)
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/message_server_key_exchange_test.go b/dtls-2.0.9/pkg/protocol/handshake/message_server_key_exchange_test.go
deleted file mode 100644
index dfe7d1f..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/message_server_key_exchange_test.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package handshake
-
-import (
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/crypto/hash"
- "github.com/pion/dtls/v2/pkg/crypto/signature"
-)
-
-func TestHandshakeMessageServerKeyExchange(t *testing.T) {
- test := func(rawServerKeyExchange []byte, parsedServerKeyExchange *MessageServerKeyExchange) {
- c := &MessageServerKeyExchange{}
- if err := c.Unmarshal(rawServerKeyExchange); err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(c, parsedServerKeyExchange) {
- t.Errorf("handshakeMessageServerKeyExchange unmarshal: got %#v, want %#v", c, parsedServerKeyExchange)
- }
-
- raw, err := c.Marshal()
- if err != nil {
- t.Error(err)
- } else if !reflect.DeepEqual(raw, rawServerKeyExchange) {
- t.Errorf("handshakeMessageServerKeyExchange marshal: got %#v, want %#v", raw, rawServerKeyExchange)
- }
- }
-
- t.Run("Hash+Signature", func(t *testing.T) {
- rawServerKeyExchange := []byte{
- 0x03, 0x00, 0x1d, 0x41, 0x04, 0x0c, 0xb9, 0xa3, 0xb9, 0x90, 0x71, 0x35, 0x4a, 0x08, 0x66, 0xaf,
- 0xd6, 0x88, 0x58, 0x29, 0x69, 0x98, 0xf1, 0x87, 0x0f, 0xb5, 0xa8, 0xcd, 0x92, 0xf6, 0x2b, 0x08,
- 0x0c, 0xd4, 0x16, 0x5b, 0xcc, 0x81, 0xf2, 0x58, 0x91, 0x8e, 0x62, 0xdf, 0xc1, 0xec, 0x72, 0xe8,
- 0x47, 0x24, 0x42, 0x96, 0xb8, 0x7b, 0xee, 0xe7, 0x0d, 0xdc, 0x44, 0xec, 0xf3, 0x97, 0x6b, 0x1b,
- 0x45, 0x28, 0xac, 0x3f, 0x35, 0x02, 0x03, 0x00, 0x47, 0x30, 0x45, 0x02, 0x21, 0x00, 0xb2, 0x0b,
- 0x22, 0x95, 0x3d, 0x56, 0x57, 0x6a, 0x3f, 0x85, 0x30, 0x6f, 0x55, 0xc3, 0xf4, 0x24, 0x1b, 0x21,
- 0x07, 0xe5, 0xdf, 0xba, 0x24, 0x02, 0x68, 0x95, 0x1f, 0x6e, 0x13, 0xbd, 0x9f, 0xaa, 0x02, 0x20,
- 0x49, 0x9c, 0x9d, 0xdf, 0x84, 0x60, 0x33, 0x27, 0x96, 0x9e, 0x58, 0x6d, 0x72, 0x13, 0xe7, 0x3a,
- 0xe8, 0xdf, 0x43, 0x75, 0xc7, 0xb9, 0x37, 0x6e, 0x90, 0xe5, 0x3b, 0x81, 0xd4, 0xda, 0x68, 0xcd,
- }
- parsedServerKeyExchange := &MessageServerKeyExchange{
- EllipticCurveType: elliptic.CurveTypeNamedCurve,
- NamedCurve: elliptic.X25519,
- PublicKey: rawServerKeyExchange[4:69],
- HashAlgorithm: hash.SHA1,
- SignatureAlgorithm: signature.ECDSA,
- Signature: rawServerKeyExchange[73:144],
- }
-
- test(rawServerKeyExchange, parsedServerKeyExchange)
- })
-
- t.Run("Anonymous", func(t *testing.T) {
- rawServerKeyExchange := []byte{
- 0x03, 0x00, 0x1d, 0x41, 0x04, 0x0c, 0xb9, 0xa3, 0xb9, 0x90, 0x71, 0x35, 0x4a, 0x08, 0x66, 0xaf,
- 0xd6, 0x88, 0x58, 0x29, 0x69, 0x98, 0xf1, 0x87, 0x0f, 0xb5, 0xa8, 0xcd, 0x92, 0xf6, 0x2b, 0x08,
- 0x0c, 0xd4, 0x16, 0x5b, 0xcc, 0x81, 0xf2, 0x58, 0x91, 0x8e, 0x62, 0xdf, 0xc1, 0xec, 0x72, 0xe8,
- 0x47, 0x24, 0x42, 0x96, 0xb8, 0x7b, 0xee, 0xe7, 0x0d, 0xdc, 0x44, 0xec, 0xf3, 0x97, 0x6b, 0x1b,
- 0x45, 0x28, 0xac, 0x3f, 0x35,
- }
- parsedServerKeyExchange := &MessageServerKeyExchange{
- EllipticCurveType: elliptic.CurveTypeNamedCurve,
- NamedCurve: elliptic.X25519,
- PublicKey: rawServerKeyExchange[4:69],
- HashAlgorithm: hash.None,
- SignatureAlgorithm: signature.Anonymous,
- }
-
- test(rawServerKeyExchange, parsedServerKeyExchange)
- })
-}
diff --git a/dtls-2.0.9/pkg/protocol/handshake/random.go b/dtls-2.0.9/pkg/protocol/handshake/random.go
deleted file mode 100644
index 0ade936..0000000
--- a/dtls-2.0.9/pkg/protocol/handshake/random.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package handshake
-
-import (
- "crypto/rand"
- "encoding/binary"
- "time"
-)
-
-// Consts for Random in Handshake
-const (
- RandomBytesLength = 28
- RandomLength = RandomBytesLength + 4
-)
-
-// Random value that is used in ClientHello and ServerHello
-//
-// https://tools.ietf.org/html/rfc4346#section-7.4.1.2
-type Random struct {
- GMTUnixTime time.Time
- RandomBytes [RandomBytesLength]byte
-}
-
-// MarshalFixed encodes the Handshake
-func (r *Random) MarshalFixed() [RandomLength]byte {
- var out [RandomLength]byte
-
- binary.BigEndian.PutUint32(out[0:], uint32(r.GMTUnixTime.Unix()))
- copy(out[4:], r.RandomBytes[:])
-
- return out
-}
-
-// UnmarshalFixed populates the message from encoded data
-func (r *Random) UnmarshalFixed(data [RandomLength]byte) {
- r.GMTUnixTime = time.Unix(int64(binary.BigEndian.Uint32(data[0:])), 0)
- copy(r.RandomBytes[:], data[4:])
-}
-
-// Populate fills the handshakeRandom with random values
-// may be called multiple times
-func (r *Random) Populate() error {
- r.GMTUnixTime = time.Now()
-
- tmp := make([]byte, RandomBytesLength)
- _, err := rand.Read(tmp)
- copy(r.RandomBytes[:], tmp)
-
- return err
-}
diff --git a/dtls-2.0.9/pkg/protocol/recordlayer/errors.go b/dtls-2.0.9/pkg/protocol/recordlayer/errors.go
deleted file mode 100644
index 7033d40..0000000
--- a/dtls-2.0.9/pkg/protocol/recordlayer/errors.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Package recordlayer implements the TLS Record Layer https://tools.ietf.org/html/rfc5246#section-6
-package recordlayer
-
-import (
- "errors"
-
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-var (
- errBufferTooSmall = &protocol.TemporaryError{Err: errors.New("buffer is too small")} //nolint:goerr113
- errInvalidPacketLength = &protocol.TemporaryError{Err: errors.New("packet length and declared length do not match")} //nolint:goerr113
- errSequenceNumberOverflow = &protocol.InternalError{Err: errors.New("sequence number overflow")} //nolint:goerr113
- errUnsupportedProtocolVersion = &protocol.FatalError{Err: errors.New("unsupported protocol version")} //nolint:goerr113
- errInvalidContentType = &protocol.TemporaryError{Err: errors.New("invalid content type")} //nolint:goerr113
-)
diff --git a/dtls-2.0.9/pkg/protocol/recordlayer/header.go b/dtls-2.0.9/pkg/protocol/recordlayer/header.go
deleted file mode 100644
index 65047d7..0000000
--- a/dtls-2.0.9/pkg/protocol/recordlayer/header.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package recordlayer
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/internal/util"
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-// Header implements a TLS RecordLayer header
-type Header struct {
- ContentType protocol.ContentType
- ContentLen uint16
- Version protocol.Version
- Epoch uint16
- SequenceNumber uint64 // uint48 in spec
-}
-
-// RecordLayer enums
-const (
- HeaderSize = 13
- MaxSequenceNumber = 0x0000FFFFFFFFFFFF
-)
-
-// Marshal encodes a TLS RecordLayer Header to binary
-func (h *Header) Marshal() ([]byte, error) {
- if h.SequenceNumber > MaxSequenceNumber {
- return nil, errSequenceNumberOverflow
- }
-
- out := make([]byte, HeaderSize)
- out[0] = byte(h.ContentType)
- out[1] = h.Version.Major
- out[2] = h.Version.Minor
- binary.BigEndian.PutUint16(out[3:], h.Epoch)
- util.PutBigEndianUint48(out[5:], h.SequenceNumber)
- binary.BigEndian.PutUint16(out[HeaderSize-2:], h.ContentLen)
- return out, nil
-}
-
-// Unmarshal populates a TLS RecordLayer Header from binary
-func (h *Header) Unmarshal(data []byte) error {
- if len(data) < HeaderSize {
- return errBufferTooSmall
- }
- h.ContentType = protocol.ContentType(data[0])
- h.Version.Major = data[1]
- h.Version.Minor = data[2]
- h.Epoch = binary.BigEndian.Uint16(data[3:])
-
- // SequenceNumber is stored as uint48, make into uint64
- seqCopy := make([]byte, 8)
- copy(seqCopy[2:], data[5:11])
- h.SequenceNumber = binary.BigEndian.Uint64(seqCopy)
-
- if !h.Version.Equal(protocol.Version1_0) && !h.Version.Equal(protocol.Version1_2) {
- return errUnsupportedProtocolVersion
- }
-
- return nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/recordlayer/recordlayer.go b/dtls-2.0.9/pkg/protocol/recordlayer/recordlayer.go
deleted file mode 100644
index 67e5a72..0000000
--- a/dtls-2.0.9/pkg/protocol/recordlayer/recordlayer.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package recordlayer
-
-import (
- "encoding/binary"
-
- "github.com/pion/dtls/v2/pkg/protocol"
- "github.com/pion/dtls/v2/pkg/protocol/alert"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
-)
-
-// RecordLayer which handles all data transport.
-// The record layer is assumed to sit directly on top of some
-// reliable transport such as TCP. The record layer can carry four types of content:
-//
-// 1. Handshake messages—used for algorithm negotiation and key establishment.
-// 2. ChangeCipherSpec messages—really part of the handshake but technically a separate kind of message.
-// 3. Alert messages—used to signal that errors have occurred
-// 4. Application layer data
-//
-// The DTLS record layer is extremely similar to that of TLS 1.1. The
-// only change is the inclusion of an explicit sequence number in the
-// record. This sequence number allows the recipient to correctly
-// verify the TLS MAC.
-//
-// https://tools.ietf.org/html/rfc4347#section-4.1
-type RecordLayer struct {
- Header Header
- Content protocol.Content
-}
-
-// Marshal encodes the RecordLayer to binary
-func (r *RecordLayer) Marshal() ([]byte, error) {
- contentRaw, err := r.Content.Marshal()
- if err != nil {
- return nil, err
- }
-
- r.Header.ContentLen = uint16(len(contentRaw))
- r.Header.ContentType = r.Content.ContentType()
-
- headerRaw, err := r.Header.Marshal()
- if err != nil {
- return nil, err
- }
-
- return append(headerRaw, contentRaw...), nil
-}
-
-// Unmarshal populates the RecordLayer from binary
-func (r *RecordLayer) Unmarshal(data []byte) error {
- if len(data) < HeaderSize {
- return errBufferTooSmall
- }
- if err := r.Header.Unmarshal(data); err != nil {
- return err
- }
-
- switch protocol.ContentType(data[0]) {
- case protocol.ContentTypeChangeCipherSpec:
- r.Content = &protocol.ChangeCipherSpec{}
- case protocol.ContentTypeAlert:
- r.Content = &alert.Alert{}
- case protocol.ContentTypeHandshake:
- r.Content = &handshake.Handshake{}
- case protocol.ContentTypeApplicationData:
- r.Content = &protocol.ApplicationData{}
- default:
- return errInvalidContentType
- }
-
- return r.Content.Unmarshal(data[HeaderSize:])
-}
-
-// UnpackDatagram extracts all RecordLayer messages from a single datagram.
-// Note that as with TLS, multiple handshake messages may be placed in
-// the same DTLS record, provided that there is room and that they are
-// part of the same flight. Thus, there are two acceptable ways to pack
-// two DTLS messages into the same datagram: in the same record or in
-// separate records.
-// https://tools.ietf.org/html/rfc6347#section-4.2.3
-func UnpackDatagram(buf []byte) ([][]byte, error) {
- out := [][]byte{}
-
- for offset := 0; len(buf) != offset; {
- if len(buf)-offset <= HeaderSize {
- return nil, errInvalidPacketLength
- }
-
- pktLen := (HeaderSize + int(binary.BigEndian.Uint16(buf[offset+11:])))
- if offset+pktLen > len(buf) {
- return nil, errInvalidPacketLength
- }
-
- out = append(out, buf[offset:offset+pktLen])
- offset += pktLen
- }
-
- return out, nil
-}
diff --git a/dtls-2.0.9/pkg/protocol/recordlayer/recordlayer_test.go b/dtls-2.0.9/pkg/protocol/recordlayer/recordlayer_test.go
deleted file mode 100644
index fed9731..0000000
--- a/dtls-2.0.9/pkg/protocol/recordlayer/recordlayer_test.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package recordlayer
-
-import (
- "errors"
- "reflect"
- "testing"
-
- "github.com/pion/dtls/v2/pkg/protocol"
-)
-
-func TestUDPDecode(t *testing.T) {
- for _, test := range []struct {
- Name string
- Data []byte
- Want [][]byte
- WantError error
- }{
- {
- Name: "Change Cipher Spec, single packet",
- Data: []byte{0x14, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x01},
- Want: [][]byte{
- {0x14, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x01},
- },
- },
- {
- Name: "Change Cipher Spec, multi packet",
- Data: []byte{
- 0x14, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x01,
- 0x14, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x01,
- },
- Want: [][]byte{
- {0x14, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x01},
- {0x14, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x01},
- },
- },
- {
- Name: "Invalid packet length",
- Data: []byte{0x14, 0xfe},
- WantError: errInvalidPacketLength,
- },
- {
- Name: "Packet declared invalid length",
- Data: []byte{0x14, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0xFF, 0x01},
- WantError: errInvalidPacketLength,
- },
- } {
- dtlsPkts, err := UnpackDatagram(test.Data)
- if !errors.Is(err, test.WantError) {
- t.Errorf("Unexpected Error %q: exp: %v got: %v", test.Name, test.WantError, err)
- } else if !reflect.DeepEqual(test.Want, dtlsPkts) {
- t.Errorf("%q UDP decode: got %q, want %q", test.Name, dtlsPkts, test.Want)
- }
- }
-}
-
-func TestRecordLayerRoundTrip(t *testing.T) {
- for _, test := range []struct {
- Name string
- Data []byte
- Want *RecordLayer
- WantMarshalError error
- WantUnmarshalError error
- }{
- {
- Name: "Change Cipher Spec, single packet",
- Data: []byte{0x14, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x01},
- Want: &RecordLayer{
- Header: Header{
- ContentType: protocol.ContentTypeChangeCipherSpec,
- Version: protocol.Version{Major: 0xfe, Minor: 0xff},
- Epoch: 0,
- SequenceNumber: 18,
- },
- Content: &protocol.ChangeCipherSpec{},
- },
- },
- } {
- r := &RecordLayer{}
- if err := r.Unmarshal(test.Data); !errors.Is(err, test.WantUnmarshalError) {
- t.Errorf("Unexpected Error %q: exp: %v got: %v", test.Name, test.WantUnmarshalError, err)
- } else if !reflect.DeepEqual(test.Want, r) {
- t.Errorf("%q recordLayer.unmarshal: got %q, want %q", test.Name, r, test.Want)
- }
-
- data, marshalErr := r.Marshal()
- if !errors.Is(marshalErr, test.WantMarshalError) {
- t.Errorf("Unexpected Error %q: exp: %v got: %v", test.Name, test.WantMarshalError, marshalErr)
- } else if !reflect.DeepEqual(test.Data, data) {
- t.Errorf("%q recordLayer.marshal: got % 02x, want % 02x", test.Name, data, test.Data)
- }
- }
-}
diff --git a/dtls-2.0.9/pkg/protocol/version.go b/dtls-2.0.9/pkg/protocol/version.go
deleted file mode 100644
index d5ddb1d..0000000
--- a/dtls-2.0.9/pkg/protocol/version.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Package protocol provides the DTLS wire format
-package protocol
-
-// Version enums
-var (
- Version1_0 = Version{Major: 0xfe, Minor: 0xff} //nolint:gochecknoglobals
- Version1_2 = Version{Major: 0xfe, Minor: 0xfd} //nolint:gochecknoglobals
-)
-
-// Version is the minor/major value in the RecordLayer
-// and ClientHello/ServerHello
-//
-// https://tools.ietf.org/html/rfc4346#section-6.2.1
-type Version struct {
- Major, Minor uint8
-}
-
-// Equal determines if two protocol versions are equal
-func (v Version) Equal(x Version) bool {
- return v.Major == x.Major && v.Minor == x.Minor
-}
diff --git a/dtls-2.0.9/renovate.json b/dtls-2.0.9/renovate.json
deleted file mode 100644
index f84608c..0000000
--- a/dtls-2.0.9/renovate.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
- "extends": [
- "config:base"
- ],
- "postUpdateOptions": [
- "gomodTidy"
- ],
- "commitBody": "Generated by renovateBot",
- "packageRules": [
- {
- "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
- "automerge": true
- },
- {
- "packagePatterns": ["^golang.org/x/"],
- "schedule": ["on the first day of the month"]
- }
- ]
-}
diff --git a/dtls-2.0.9/replayprotection_test.go b/dtls-2.0.9/replayprotection_test.go
deleted file mode 100644
index 3175895..0000000
--- a/dtls-2.0.9/replayprotection_test.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package dtls
-
-import (
- "context"
- "net"
- "reflect"
- "sync"
- "sync/atomic"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/internal/net/dpipe"
- "github.com/pion/transport/test"
-)
-
-func TestReplayProtection(t *testing.T) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(5 * time.Second)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- c0, c1 := dpipe.Pipe()
- c2, c3 := dpipe.Pipe()
- conn := []net.Conn{c0, c1, c2, c3}
-
- var wgRoutines sync.WaitGroup
- var cntReplays int32 = 1
-
- ctxReplayDone, replayDone := context.WithCancel(context.Background())
-
- replaySendDone := func() {
- cnt := atomic.AddInt32(&cntReplays, -1)
- if cnt == 0 {
- replayDone()
- }
- }
-
- replayer := func(ca, cb net.Conn) {
- defer wgRoutines.Done()
- // Man in the middle
- for {
- b := make([]byte, 2048)
- n, rerr := ca.Read(b)
- if rerr != nil {
- return
- }
- if _, werr := cb.Write(b[:n]); werr != nil {
- t.Error(werr)
- return
- }
-
- atomic.AddInt32(&cntReplays, 1)
- go func() {
- defer replaySendDone()
- // Replay bit later
- time.Sleep(time.Millisecond)
- if _, werr := cb.Write(b[:n]); werr != nil {
- t.Error(werr)
- }
- }()
- }
- }
- wgRoutines.Add(2)
- go replayer(conn[1], conn[2])
- go replayer(conn[2], conn[1])
-
- ca, cb, err := pipeConn(conn[0], conn[3])
- if err != nil {
- t.Fatal(err)
- }
-
- const numMsgs = 10
-
- var received [2][][]byte
- for i, c := range []net.Conn{ca, cb} {
- i := i
- c := c
- wgRoutines.Add(1)
- atomic.AddInt32(&cntReplays, 1) // Keep locked until the final message
- var lastMsgDone sync.Once
- go func() {
- defer wgRoutines.Done()
- for {
- b := make([]byte, 2048)
- n, rerr := c.Read(b)
- if rerr != nil {
- return
- }
- received[i] = append(received[i], b[:n])
- if b[0] == numMsgs-1 {
- // Final message received
- lastMsgDone.Do(func() {
- defer replaySendDone()
- })
- }
- }
- }()
- }
-
- var sent [][]byte
- for i := 0; i < numMsgs; i++ {
- data := []byte{byte(i)}
- sent = append(sent, data)
- if _, werr := ca.Write(data); werr != nil {
- t.Error(werr)
- return
- }
- if _, werr := cb.Write(data); werr != nil {
- t.Error(werr)
- return
- }
- }
-
- replaySendDone()
- <-ctxReplayDone.Done()
- time.Sleep(10 * time.Millisecond) // Ensure all replayed packets are sent
-
- for i := 0; i < 4; i++ {
- if err := conn[i].Close(); err != nil {
- t.Error(err)
- }
- }
- if err := ca.Close(); err != nil {
- t.Error(err)
- }
- if err := cb.Close(); err != nil {
- t.Error(err)
- }
- wgRoutines.Wait()
-
- for _, r := range received {
- if !reflect.DeepEqual(sent, r) {
- t.Errorf("Received data differs, expected: %v, got: %v", sent, r)
- }
- }
-}
diff --git a/dtls-2.0.9/resume.go b/dtls-2.0.9/resume.go
deleted file mode 100644
index 40e55e4..0000000
--- a/dtls-2.0.9/resume.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package dtls
-
-import (
- "context"
- "net"
-)
-
-// Resume imports an already established dtls connection using a specific dtls state
-func Resume(state *State, conn net.Conn, config *Config) (*Conn, error) {
- if err := state.initCipherSuite(); err != nil {
- return nil, err
- }
- c, err := createConn(context.Background(), conn, config, state.isClient, state)
- if err != nil {
- return nil, err
- }
-
- return c, nil
-}
diff --git a/dtls-2.0.9/resume_test.go b/dtls-2.0.9/resume_test.go
deleted file mode 100644
index cad3d2d..0000000
--- a/dtls-2.0.9/resume_test.go
+++ /dev/null
@@ -1,208 +0,0 @@
-package dtls
-
-import (
- "bytes"
- "crypto/tls"
- "errors"
- "fmt"
- "net"
- "sync"
- "testing"
- "time"
-
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
- "github.com/pion/transport/test"
-)
-
-var errMessageMissmatch = errors.New("messages missmatch")
-
-func TestResumeClient(t *testing.T) {
- DoTestResume(t, Client, Server)
-}
-
-func TestResumeServer(t *testing.T) {
- DoTestResume(t, Server, Client)
-}
-
-func fatal(t *testing.T, errChan chan error, err error) {
- close(errChan)
- t.Fatal(err)
-}
-
-func DoTestResume(t *testing.T, newLocal, newRemote func(net.Conn, *Config) (*Conn, error)) {
- // Limit runtime in case of deadlocks
- lim := test.TimeOut(time.Second * 20)
- defer lim.Stop()
-
- // Check for leaking routines
- report := test.CheckRoutines(t)
- defer report()
-
- certificate, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
-
- // Generate connections
- localConn1, rc1 := net.Pipe()
- localConn2, rc2 := net.Pipe()
- remoteConn := &backupConn{curr: rc1, next: rc2}
-
- // Launch remote in another goroutine
- errChan := make(chan error, 1)
- defer func() {
- err = <-errChan
- if err != nil {
- t.Fatal(err)
- }
- }()
- config := &Config{
- Certificates: []tls.Certificate{certificate},
- InsecureSkipVerify: true,
- ExtendedMasterSecret: RequireExtendedMasterSecret,
- }
- go func() {
- var remote *Conn
- var errR error
- remote, errR = newRemote(remoteConn, config)
- if errR != nil {
- errChan <- errR
- }
-
- // Loop of read write
- for i := 0; i < 2; i++ {
- recv := make([]byte, 1024)
- var n int
- n, errR = remote.Read(recv)
- if errR != nil {
- errChan <- errR
- }
-
- if _, errR = remote.Write(recv[:n]); errR != nil {
- errChan <- errR
- }
- }
- errChan <- nil
- }()
-
- var local *Conn
- local, err = newLocal(localConn1, config)
- if err != nil {
- fatal(t, errChan, err)
- }
- defer func() {
- _ = local.Close()
- }()
-
- // Test write and read
- message := []byte("Hello")
- if _, err = local.Write(message); err != nil {
- fatal(t, errChan, err)
- }
-
- recv := make([]byte, 1024)
- var n int
- n, err = local.Read(recv)
- if err != nil {
- fatal(t, errChan, err)
- }
-
- if !bytes.Equal(message, recv[:n]) {
- fatal(t, errChan, fmt.Errorf("%w: %s != %s", errMessageMissmatch, message, recv[:n]))
- }
-
- if err = localConn1.Close(); err != nil {
- fatal(t, errChan, err)
- }
-
- // Serialize and deserialize state
- state := local.ConnectionState()
- var b []byte
- b, err = state.MarshalBinary()
- if err != nil {
- fatal(t, errChan, err)
- }
- deserialized := &State{}
- if err = deserialized.UnmarshalBinary(b); err != nil {
- fatal(t, errChan, err)
- }
-
- // Resume dtls connection
- var resumed net.Conn
- resumed, err = Resume(deserialized, localConn2, config)
- if err != nil {
- fatal(t, errChan, err)
- }
- defer func() {
- _ = resumed.Close()
- }()
-
- // Test write and read on resumed connection
- if _, err = resumed.Write(message); err != nil {
- fatal(t, errChan, err)
- }
-
- recv = make([]byte, 1024)
- n, err = resumed.Read(recv)
- if err != nil {
- fatal(t, errChan, err)
- }
-
- if !bytes.Equal(message, recv[:n]) {
- fatal(t, errChan, fmt.Errorf("%w: %s != %s", errMessageMissmatch, message, recv[:n]))
- }
-}
-
-type backupConn struct {
- curr net.Conn
- next net.Conn
- mux sync.Mutex
-}
-
-func (b *backupConn) Read(data []byte) (n int, err error) {
- n, err = b.curr.Read(data)
- if err != nil && b.next != nil {
- b.mux.Lock()
- b.curr = b.next
- b.next = nil
- b.mux.Unlock()
- return b.Read(data)
- }
- return n, err
-}
-
-func (b *backupConn) Write(data []byte) (n int, err error) {
- n, err = b.curr.Write(data)
- if err != nil && b.next != nil {
- b.mux.Lock()
- b.curr = b.next
- b.next = nil
- b.mux.Unlock()
- return b.Write(data)
- }
- return n, err
-}
-
-func (b *backupConn) Close() error {
- return nil
-}
-
-func (b *backupConn) LocalAddr() net.Addr {
- return nil
-}
-
-func (b *backupConn) RemoteAddr() net.Addr {
- return nil
-}
-
-func (b *backupConn) SetDeadline(t time.Time) error {
- return nil
-}
-
-func (b *backupConn) SetReadDeadline(t time.Time) error {
- return nil
-}
-
-func (b *backupConn) SetWriteDeadline(t time.Time) error {
- return nil
-}
diff --git a/dtls-2.0.9/srtp_protection_profile.go b/dtls-2.0.9/srtp_protection_profile.go
deleted file mode 100644
index 1c3ae55..0000000
--- a/dtls-2.0.9/srtp_protection_profile.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package dtls
-
-import "github.com/pion/dtls/v2/pkg/protocol/extension"
-
-// SRTPProtectionProfile defines the parameters and options that are in effect for the SRTP processing
-// https://tools.ietf.org/html/rfc5764#section-4.1.2
-type SRTPProtectionProfile = extension.SRTPProtectionProfile
-
-const (
- SRTP_AES128_CM_HMAC_SHA1_80 SRTPProtectionProfile = extension.SRTP_AES128_CM_HMAC_SHA1_80 // nolint
- SRTP_AES128_CM_HMAC_SHA1_32 SRTPProtectionProfile = extension.SRTP_AES128_CM_HMAC_SHA1_32 // nolint
- SRTP_AEAD_AES_128_GCM SRTPProtectionProfile = extension.SRTP_AEAD_AES_128_GCM // nolint
- SRTP_AEAD_AES_256_GCM SRTPProtectionProfile = extension.SRTP_AEAD_AES_256_GCM // nolint
-)
diff --git a/dtls-2.0.9/state.go b/dtls-2.0.9/state.go
deleted file mode 100644
index 6a686a4..0000000
--- a/dtls-2.0.9/state.go
+++ /dev/null
@@ -1,198 +0,0 @@
-package dtls
-
-import (
- "bytes"
- "encoding/gob"
- "sync/atomic"
-
- "github.com/pion/dtls/v2/pkg/crypto/elliptic"
- "github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/protocol/handshake"
- "github.com/pion/transport/replaydetector"
-)
-
-// State holds the dtls connection state and implements both encoding.BinaryMarshaler and encoding.BinaryUnmarshaler
-type State struct {
- localEpoch, remoteEpoch atomic.Value
- localSequenceNumber []uint64 // uint48
- localRandom, remoteRandom handshake.Random
- masterSecret []byte
- cipherSuite CipherSuite // nil if a cipherSuite hasn't been chosen
-
- srtpProtectionProfile SRTPProtectionProfile // Negotiated SRTPProtectionProfile
- PeerCertificates [][]byte
- IdentityHint []byte
- SessionID []byte
-
- isClient bool
-
- preMasterSecret []byte
- extendedMasterSecret bool
-
- namedCurve elliptic.Curve
- localKeypair *elliptic.Keypair
- cookie []byte
- handshakeSendSequence int
- handshakeRecvSequence int
- serverName string
- remoteRequestedCertificate bool // Did we get a CertificateRequest
- localCertificatesVerify []byte // cache CertificateVerify
- localVerifyData []byte // cached VerifyData
- localKeySignature []byte // cached keySignature
- peerCertificatesVerified bool
-
- replayDetector []replaydetector.ReplayDetector
-}
-
-type serializedState struct {
- LocalEpoch uint16
- RemoteEpoch uint16
- LocalRandom [handshake.RandomLength]byte
- RemoteRandom [handshake.RandomLength]byte
- CipherSuiteID uint16
- MasterSecret []byte
- SessionID []byte // TODO 添加 SessionID 支持
- SequenceNumber uint64
- SRTPProtectionProfile uint16
- PeerCertificates [][]byte
- IdentityHint []byte
- IsClient bool
-}
-
-func (s *State) clone() *State {
- serialized := s.serialize()
- state := &State{}
- state.deserialize(*serialized)
-
- return state
-}
-
-func (s *State) serialize() *serializedState {
- // Marshal random values
- localRnd := s.localRandom.MarshalFixed()
- remoteRnd := s.remoteRandom.MarshalFixed()
-
- epoch := s.localEpoch.Load().(uint16)
- return &serializedState{
- LocalEpoch: epoch,
- RemoteEpoch: s.remoteEpoch.Load().(uint16),
- CipherSuiteID: uint16(s.cipherSuite.ID()),
- MasterSecret: s.masterSecret,
- SessionID: s.SessionID, // TODO 添加 SessionID 支持
- SequenceNumber: atomic.LoadUint64(&s.localSequenceNumber[epoch]),
- LocalRandom: localRnd,
- RemoteRandom: remoteRnd,
- SRTPProtectionProfile: uint16(s.srtpProtectionProfile),
- PeerCertificates: s.PeerCertificates,
- IdentityHint: s.IdentityHint,
- IsClient: s.isClient,
- }
-}
-
-func (s *State) deserialize(serialized serializedState) {
- // Set epoch values
- epoch := serialized.LocalEpoch
- s.localEpoch.Store(serialized.LocalEpoch)
- s.remoteEpoch.Store(serialized.RemoteEpoch)
-
- for len(s.localSequenceNumber) <= int(epoch) {
- s.localSequenceNumber = append(s.localSequenceNumber, uint64(0))
- }
-
- // Set random values
- localRandom := &handshake.Random{}
- localRandom.UnmarshalFixed(serialized.LocalRandom)
- s.localRandom = *localRandom
-
- remoteRandom := &handshake.Random{}
- remoteRandom.UnmarshalFixed(serialized.RemoteRandom)
- s.remoteRandom = *remoteRandom
-
- s.isClient = serialized.IsClient
-
- // Set master secret
- s.masterSecret = serialized.MasterSecret
- s.SessionID = serialized.SessionID // TODO 添加 SessionID 支持
-
- // Set cipher suite
- s.cipherSuite = cipherSuiteForID(CipherSuiteID(serialized.CipherSuiteID), nil)
-
- atomic.StoreUint64(&s.localSequenceNumber[epoch], serialized.SequenceNumber)
- s.srtpProtectionProfile = SRTPProtectionProfile(serialized.SRTPProtectionProfile)
-
- // Set remote certificate
- s.PeerCertificates = serialized.PeerCertificates
- s.IdentityHint = serialized.IdentityHint
-}
-
-func (s *State) initCipherSuite() error {
- if s.cipherSuite.IsInitialized() {
- return nil
- }
-
- localRandom := s.localRandom.MarshalFixed()
- remoteRandom := s.remoteRandom.MarshalFixed()
-
- var err error
- if s.isClient {
- err = s.cipherSuite.Init(s.masterSecret, localRandom[:], remoteRandom[:], true)
- } else {
- err = s.cipherSuite.Init(s.masterSecret, remoteRandom[:], localRandom[:], false)
- }
- if err != nil {
- return err
- }
- return nil
-}
-
-// MarshalBinary is a binary.BinaryMarshaler.MarshalBinary implementation
-func (s *State) MarshalBinary() ([]byte, error) {
- serialized := s.serialize()
-
- var buf bytes.Buffer
- enc := gob.NewEncoder(&buf)
- if err := enc.Encode(*serialized); err != nil {
- return nil, err
- }
- return buf.Bytes(), nil
-}
-
-// UnmarshalBinary is a binary.BinaryUnmarshaler.UnmarshalBinary implementation
-func (s *State) UnmarshalBinary(data []byte) error {
- enc := gob.NewDecoder(bytes.NewBuffer(data))
- var serialized serializedState
- if err := enc.Decode(&serialized); err != nil {
- return err
- }
-
- s.deserialize(serialized)
- if err := s.initCipherSuite(); err != nil {
- return err
- }
- return nil
-}
-
-// ExportKeyingMaterial returns length bytes of exported key material in a new
-// slice as defined in RFC 5705.
-// This allows protocols to use DTLS for key establishment, but
-// then use some of the keying material for their own purposes
-func (s *State) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error) {
- if s.localEpoch.Load().(uint16) == 0 {
- return nil, errHandshakeInProgress
- } else if len(context) != 0 {
- return nil, errContextUnsupported
- } else if _, ok := invalidKeyingLabels()[label]; ok {
- return nil, errReservedExportKeyingMaterial
- }
-
- localRandom := s.localRandom.MarshalFixed()
- remoteRandom := s.remoteRandom.MarshalFixed()
-
- seed := []byte(label)
- if s.isClient {
- seed = append(append(seed, localRandom[:]...), remoteRandom[:]...)
- } else {
- seed = append(append(seed, remoteRandom[:]...), localRandom[:]...)
- }
- return prf.PHash(s.masterSecret, seed, length, s.cipherSuite.HashFunc())
-}
diff --git a/dtls-2.0.9/util.go b/dtls-2.0.9/util.go
deleted file mode 100644
index 745182d..0000000
--- a/dtls-2.0.9/util.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package dtls
-
-func findMatchingSRTPProfile(a, b []SRTPProtectionProfile) (SRTPProtectionProfile, bool) {
- for _, aProfile := range a {
- for _, bProfile := range b {
- if aProfile == bProfile {
- return aProfile, true
- }
- }
- }
- return 0, false
-}
-
-func findMatchingCipherSuite(a, b []CipherSuite) (CipherSuite, bool) { //nolint
- for _, aSuite := range a {
- for _, bSuite := range b {
- if aSuite.ID() == bSuite.ID() {
- return aSuite, true
- }
- }
- }
- return nil, false
-}
-
-func splitBytes(bytes []byte, splitLen int) [][]byte {
- splitBytes := make([][]byte, 0)
- numBytes := len(bytes)
- for i := 0; i < numBytes; i += splitLen {
- j := i + splitLen
- if j > numBytes {
- j = numBytes
- }
-
- splitBytes = append(splitBytes, bytes[i:j])
- }
-
- return splitBytes
-}
diff --git a/server/go.mod b/server/go.mod
index e6fa303..8830805 100644
--- a/server/go.mod
+++ b/server/go.mod
@@ -14,7 +14,7 @@ require (
github.com/lib/pq v1.10.2
github.com/mattn/go-sqlite3 v1.14.8
github.com/orcaman/concurrent-map v1.0.0
- github.com/pion/dtls/v2 v2.0.9
+ github.com/pion/dtls/v2 v2.1.5
github.com/pion/logging v0.2.2
github.com/shirou/gopsutil v3.21.7+incompatible
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
@@ -26,12 +26,10 @@ require (
github.com/tklauser/go-sysconf v0.3.7 // indirect
github.com/xhit/go-simple-mail/v2 v2.10.0
github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
- golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29
- golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2
+ golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f
+ golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
xorm.io/xorm v1.2.2
)
-
-replace github.com/pion/dtls/v2 => ../dtls-2.0.9
diff --git a/server/go.sum b/server/go.sum
index 089a38c..d641793 100644
--- a/server/go.sum
+++ b/server/go.sum
@@ -113,6 +113,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
+github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
@@ -125,6 +127,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
+github.com/go-ldap/ldap v3.0.3+incompatible h1:HTeSZO8hWMS1Rgb2Ziku6b8a7qRIZZMHjsvuZyatzwk=
+github.com/go-ldap/ldap v3.0.3+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
@@ -134,6 +138,8 @@ github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG
github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570 h1:n4E8KiBgNvYdtjgJbAqKov2IFv7tDkULV/2Ld3wj5Hg=
+github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570/go.mod h1:5YoVOkjYAQumqlV356Hj3xeYh4BdZuLE0/nRkf2NKkI=
github.com/goccy/go-json v0.7.4 h1:B44qRUFwz/vxPKPISQ1KhvzRi9kZ28RAf6YtjriBZ5k=
github.com/goccy/go-json v0.7.4/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -217,6 +223,8 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
+github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
@@ -401,6 +409,8 @@ github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxS
github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
+github.com/orcaman/concurrent-map v1.0.0 h1:I/2A2XPCb4IuQWcQhBhSwGfiuybl/J0ev9HDbW65HOY=
+github.com/orcaman/concurrent-map v1.0.0/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI=
github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
@@ -409,11 +419,13 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko
github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pion/dtls/v2 v2.1.5 h1:jlh2vtIyUBShchoTDqpCCqiYCyRFJ/lvf/gQ8TALs+c=
+github.com/pion/dtls/v2 v2.1.5/go.mod h1:BqCE7xPZbPSubGasRoDFJeTsyJtdD1FanJYL0JGheqY=
github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
github.com/pion/transport v0.12.2/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
-github.com/pion/transport v0.12.3 h1:vdBfvfU/0Wq8kd2yhUMSDB/x+O4Z9MYVl2fJ5BT4JZw=
-github.com/pion/transport v0.12.3/go.mod h1:OViWW9SP2peE/HbwBvARicmAVnesphkNkCVZIWJ6q9A=
+github.com/pion/transport v0.13.0 h1:KWTA5ZrQogizzYwPEciGtHPLwpAjE91FgXnyu+Hv2uY=
+github.com/pion/transport v0.13.0/go.mod h1:yxm9uXpK9bpBBWkITk13cLo1y5/ur5VQpG22ny6EP7g=
github.com/pion/udp v0.1.1 h1:8UAPvyqmsxK8oOjloDk4wUt63TzFe9WEJkg5lChlj7o=
github.com/pion/udp v0.1.1/go.mod h1:6AFo+CMdKQm7UiA0eUPA8/eVCTx8jBIITLZHc9DWX5M=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -569,8 +581,8 @@ golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f h1:OeJjE6G4dgCY4PIXvIRQbE8+RX+uXZyGhUy/ksMGJoc=
+golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -649,10 +661,11 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d h1:20cMwl2fHAzkJMEA+8J4JgqBQcQGzbisXo31MIeenXI=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -735,10 +748,12 @@ golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -746,8 +761,9 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -932,6 +948,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/server/handler/dtls.go b/server/handler/dtls.go
index d897923..441c18a 100644
--- a/server/handler/dtls.go
+++ b/server/handler/dtls.go
@@ -4,7 +4,6 @@ import (
"context"
"crypto/tls"
"encoding/hex"
- "fmt"
"net"
"time"
@@ -15,11 +14,6 @@ import (
"github.com/pion/logging"
)
-// 因本项目对 github.com/pion/dtls 的代码,进行了大量的修改
-// 且短时间内无法合并到上游项目
-// 所以本项目暂时copy了一份代码
-// 最后,感谢 github.com/pion/dtls 对golang生态做出的贡献
-
func startDtls() {
if !base.Cfg.ServerDTLS {
return
@@ -34,6 +28,9 @@ func startDtls() {
// logf.DefaultLogLevel = logging.LogLevelTrace
logf.DefaultLogLevel = logging.LogLevelInfo
+ // https://github.com/pion/dtls/pull/369
+ sessStore := &sessionStore{}
+
config := &dtls.Config{
Certificates: []tls.Certificate{certificate},
InsecureSkipVerify: true,
@@ -41,13 +38,7 @@ func startDtls() {
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
LoggerFactory: logf,
MTU: BufferSize,
- CiscoCompat: func(sessid []byte) ([]byte, error) {
- masterSecret := sessdata.Dtls2MasterSecret(hex.EncodeToString(sessid))
- if masterSecret == "" {
- return nil, fmt.Errorf("masterSecret is err")
- }
- return hex.DecodeString(masterSecret)
- },
+ SessionStore: sessStore,
ConnectContextMaker: func() (context.Context, func()) {
return context.WithTimeout(context.Background(), 5*time.Second)
},
@@ -80,3 +71,25 @@ func startDtls() {
}()
}
}
+
+// https://github.com/pion/dtls/blob/master/session.go
+type sessionStore struct{}
+
+func (ms *sessionStore) Set(key []byte, s dtls.Session) error {
+ return nil
+}
+
+func (ms *sessionStore) Get(key []byte) (dtls.Session, error) {
+ k := hex.EncodeToString(key)
+ secret := sessdata.Dtls2MasterSecret(k)
+ if secret != "" {
+ masterSecret, _ := hex.DecodeString(secret)
+ return dtls.Session{ID: key, Secret: masterSecret}, nil
+ }
+
+ return dtls.Session{}, nil
+}
+
+func (ms *sessionStore) Del(key []byte) error {
+ return nil
+}