[erlang-questions] DTLS example

pablo platt pablo.platt@REDACTED
Thu Mar 6 01:04:56 CET 2014


This code works in R16B01 and throws and exception in the new_crypto_dtls
branch.

Size = 128,
IVec = <<240,2,55,217,6,222,90,182,131,77,108,124,205,94>>,
MasterKey = <<37,119,224,9,196,4,28,97,252,51,130,229,170,203,18,65>>,
State = crypto:stream_init(aes_ctr, MasterKey, <<IVec/binary, 0:16>>),
crypto:stream_encrypt(State, <<0:Size>>).

** exception error: no match of right hand side value

{{<<37,119,224,9,196,4,28,97,252,51,130,229,170,203,18,65>>,

<<240,2,55,217,6,222,90,182,131,77,108,124,205,94,0,1>>,

<<253,130,61,97,94,199,237,208,157,100,10,240,73,47,199,
                        159>>,
                      0},

<<253,130,61,97,94,199,237,208,157,100,10,240,73,47,199,
                       159>>}
     in function  crypto:stream_encrypt/2 (crypto.erl, line 776)

Am I missing something?

Thanks



On Wed, Mar 5, 2014 at 10:11 PM, pablo platt <pablo.platt@REDACTED> wrote:

> I first tried to copy just the ssl app from your new_crypto_dtls branch
> and got the error in the previous email.
> Now I tried to use your complete branch and it works
> but I'm getting a bad match error somewhere else in my code when trying to
> encrypt a media stream:
>
> State = crypto:stream_init(aes_ctr, MasterKey, <<IVec/binary, 0:16>>),
> {_State2, CipherText} = crypto:stream_encrypt(State, <<0:Size>>),
>
> line error:
> {crypto,stream_encrypt,2,[{file,"crypto.erl"},{line,776}
>
> You said your ssl app prototype should be compatible with R16B01.
> Shouldn't I be able to just copy the ssl app and use the crypto app in
> R16B01?
>
> Thanks
>
>
>
>
> On Wed, Mar 5, 2014 at 6:22 PM, pablo platt <pablo.platt@REDACTED> wrote:
>
>> Hi,
>>
>> I'm using R16B01.
>>
>> I'm getting an error even when adding the Ciphers:
>>
>> {{badmatch,{error,{options,{ciphers,[{ecdhe_rsa,aes_128_cbc,sha},{dhe_rsa,aes_128_cbc,sha},{rsa,aes_128_cbc,sha},{ecdhe_rsa,aes_256_cbc,sha},{dhe_rsa,aes_256_cbc,sha},{rsa,aes_256_cbc,sha},{ecdhe_psk,aes_128_cbc,sha},{dhe_psk,aes_128_cbc,sha},{ecdhe_psk,aes_256_cbc,sha},{dhe_psk,aes_256_cbc,sha}]}}}}
>>
>> Port = 5070,
>> Ciphers = [{ecdhe_rsa, aes_128_cbc, sha},
>>
>>                 {dhe_rsa, aes_128_cbc, sha},
>>                 {rsa, aes_128_cbc, sha},
>>                 {ecdhe_rsa, aes_256_cbc, sha},
>>                 {dhe_rsa, aes_256_cbc, sha},
>>                 {rsa, aes_256_cbc, sha},
>>                 {ecdhe_psk, aes_128_cbc, sha},
>>                 {dhe_psk, aes_128_cbc,sha},
>>                 {ecdhe_psk, aes_256_cbc, sha},
>>                 {dhe_psk, aes_256_cbc,sha}],
>>
>> Options = [{versions, ['dtlsv1.2', dtlsv1]},
>>                 {cb_info, ssl_udp},
>>                 {reuseaddr, true},
>>                 {active, false},
>>                 {ciphers, Ciphers},
>>
>>                 {certfile,Cert},
>>                 {keyfile, Key}],
>> {ok, LSocket} = ssl:listen(Port, Options)
>>
>> Pablo
>>
>>
>> On Wed, Mar 5, 2014 at 6:02 PM, Andreas Schultz <aschultz@REDACTED>wrote:
>>
>>> Hi Pablo,
>>>
>>>
>>> ----- Original Message -----
>>> > Now I'm getting an error:
>>> > {error,{options,{ciphers,[]}}}
>>> >
>>> > When calling:
>>> >
>>> > Options = [{versions, ['dtlsv1.2', dtlsv1]},
>>> > {cb_info, ssl_udp},
>>> > {reuseaddr, true},
>>> > {active, false},
>>> > {certfile,Cert},
>>> > {keyfile, Key}],
>>> > {ok, LSocket} = ssl:listen(Port, Options).
>>> >
>>> > Do I need to pass ciphers to the ssl options?
>>>
>>>
>>> I seems that DTLS was never tested without the ciphers.
>>> option. In my project I use this list:
>>>
>>>      {ciphers,[{ecdhe_rsa, aes_128_cbc, sha},
>>>                {dhe_rsa, aes_128_cbc, sha},
>>>                {rsa, aes_128_cbc, sha},
>>>                {ecdhe_rsa, aes_256_cbc, sha},
>>>                {dhe_rsa, aes_256_cbc, sha},
>>>                {rsa, aes_256_cbc, sha},
>>>                {ecdhe_psk, aes_128_cbc, sha},
>>>                {dhe_psk, aes_128_cbc,sha},
>>>                {ecdhe_psk, aes_256_cbc, sha},
>>>                {dhe_psk, aes_256_cbc,sha}]}
>>>
>>> > On Wed, Mar 5, 2014 at 12:46 AM, pablo platt < pablo.platt@REDACTED> wrote:
>>> >
>>> > Hi,
>>> >
>>> > I'm trying to use the dtls prototype from:
>>> > https://github.com/RoadRunnr/otp/tree/new_crypto_dtls
>>> >
>>> > I'm getting an exception when trying to use a simple example.
>>> > What am I doing wrong?
>>> >
>>> > Is there an example how to use this modified ssl app with R16 or R17?
>>> > I see that the branch adds crypto:algorithms/0
>>> > Is it the only modification needed except for the ssl app?
>>>
>>> No, Ingela started refactoring the SSL application and incorporating
>>> bits of my
>>> DTLS stuff after R16B01. So, you can not apply my modifications to
>>> anything after
>>> R16B01.
>>>
>>> Andreas
>>>
>>> >
>>> > Thanks
>>> >
>>> > test
>>> > ---------------
>>> >
>>> > init() ->
>>> > Port = 5070,
>>> > Cert = filename:join([dtls:priv_dir(webrtc), "cert.pem"]),
>>> > Key = filename:join([dtls:priv_dir(webrtc), "key.pem"]),
>>> > Options = [{versions, ['dtlsv1.2', dtlsv1]},
>>> > {cb_info, ssl_udp},
>>> > {reuseaddr, true},
>>> > {active, false},
>>> > {certfile,Cert},
>>> > {keyfile, Key}],
>>> > {ok, LSocket} = ssl:listen(Port,Options),
>>> > spawn(?MODULE, accept, [LSocket]),
>>> > {ok, #state{}}.
>>> >
>>> > accept(LSocket) ->
>>> > {ok, Socket} = ssl_udp:accept(LSocket, 5000),
>>> > Pid = spawn(?MODULE, loop, [Socket]),
>>> > ssl:controlling_process(Socket, Pid),
>>> > accept(LSocket).
>>> >
>>> > loop(Socket) ->
>>> > inet:setopts(Socket, [{active, once}]),
>>> > receive
>>> > R ->
>>> > error_logger:info_msg("~p~n", [R]),
>>> > loop(Socket)
>>> > end.
>>> >
>>> >
>>> > exception
>>> > ---------------------------
>>> > {'EXIT',
>>> > {function_clause,
>>> > [{ssl_udp,call,
>>> > [{sslsocket,nil,
>>> > {<0.103.0>,
>>> > {config,
>>> > {ssl_options,
>>> > [{254,253},{254,255}],
>>> > verify_none,
>>> > {#Fun<ssl.1.555667>,[]},
>>> > false,false,false,undefined,1,
>>> > <<"cert.pem">>,
>>> > undefined,
>>> > <<"key.pem">>,
>>> > undefined,[],undefined,<<>>,undefined,undefined,
>>> > undefined,undefined,undefined,
>>> > [<<"À$">>,<<"À(">>,<<"À&">>,<<"À*">>,
>>> > <<0,107>>,
>>> > <<0,106>>,
>>> > <<0,61>>,
>>> > <<"À#">>,<<"À'">>,<<"À%">>,<<"À)">>,
>>> > <<0,103>>,
>>> > <<0,64>>,
>>> > <<0,60>>,
>>> > <<"À\n">>,
>>> > <<192,20>>,
>>> > <<0,57>>,
>>> > <<0,56>>,
>>> > <<192,5>>,
>>> > <<192,15>>,
>>> > <<0,53>>,
>>> > <<"À\b">>,
>>> > <<192,18>>,
>>> > <<0,22>>,
>>> > <<0,19>>,
>>> > <<192,3>>,
>>> > <<"À\r">>,
>>> > <<0,10>>,
>>> > <<"À\t">>,
>>> > <<192,19>>,
>>> > <<0,51>>,
>>> > <<0,50>>,
>>> > <<192,4>>,
>>> > <<192,14>>,
>>> > <<0,47>>,
>>> > <<192,7>>,
>>> > <<192,17>>,
>>> > <<0,5>>,
>>> > <<0,4>>,
>>> > <<0,21>>,
>>> > <<192,2>>,
>>> > <<"À\f">>,
>>> > <<0,9>>],
>>> > #Fun<ssl.0.555667>,true,268435456,false,undefined,
>>> > undefined,false,undefined,undefined},
>>> > [{reuseaddr,true},{active,false}],
>>> > {socket_options,list,0,0,0,false},
>>> > [{reuseaddr,true},
>>> > {packet_size,0},
>>> > {packet,0},
>>> > {header,0},
>>> > {active,false},
>>> > {mode,binary}],
>>> > {ssl_udp,ssl_udp,udp_closed,udp_error}}}},
>>> > accept,10000,infinity],
>>> > [{file,"ssl_udp.erl"},{line,149}]},
>>> > {dtls_test,accept,1,
>>> > [{file,"src/dtls_test.erl"},{line,70}]}]}}
>>> >
>>> >
>>> > _______________________________________________
>>> > erlang-questions mailing list
>>> > erlang-questions@REDACTED
>>> > http://erlang.org/mailman/listinfo/erlang-questions
>>> >
>>>
>>> --
>>> --
>>> Dipl. Inform.
>>> Andreas Schultz
>>>
>>> email: as@REDACTED
>>> phone: +49-391-819099-224
>>> mobil: +49-170-2226073
>>>
>>> ------------------- enabling your networks -------------------
>>>
>>> Travelping GmbH               phone:         +49-391-819099229
>>> Roentgenstr. 13               fax:           +49-391-819099299
>>> D-39108 Magdeburg             email:       info@REDACTED
>>> GERMANY                       web:   http://www.travelping.com
>>>
>>> Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
>>> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
>>> --------------------------------------------------------------
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140306/7ac2011b/attachment.htm>


More information about the erlang-questions mailing list