[erlang-questions] DTLS/SRTP for WebRTC

Andreas Schultz <>
Mon Nov 17 12:10:40 CET 2014


Hi,

I've started some work on the test suite and some other bits and pieces
of the DTLS support.

My current (non working) state is at: https://github.com/RoadRunnr/otp/tree/R17/dtls

what I've done so far:
 * remove all test case that use raw tcp from the DTLS tests
 * change the ssl.erl interface to take pid's for connection socket
   (required for the UDP wrapper)
 * elevate ChangeCipherSpec to an FSM level event (check the commit message for
   the reasoning behind that)
 * forward port changes from the TLS code to the DTLS code

The biggest outstanding pieces of work are:
 * hook DTLS fragment assembler into next_tls_record logic
   (or rewrite/refactor that part)
 * figure out how to (re)implement the DTLS flight logic and
   the associated re-transmission logic

Ingela mentioned a DTLS test suite and I really would love to have one that
goes beyond what TLS currently does. For DTLS the really difficult tests to
write will be the once testing the reassembly and re-transmission logic.

Getting the actual implementation right is already quite difficult, but
getting good test cases that cover all the different permutations of fragment
loss and reordering is IMHO more challenging.

Andreas

----- On 17 Nov, 2014, at 11:30, Ingela Andin  wrote:

> Hi!
> 
> 
> 2014-11-15 8:14 GMT+01:00 Benoit Chesneau <  > :
> 
> 
> 
> 
> On Sunday, November 2, 2014, Ingela Andin <  > wrote:
> 
> 
> 
> Hi!
> 
> 2014-10-30 22:33 GMT+01:00 pablo platt <  > :
> 
> 
> 
> Hi,
> 
> What is the state of DTLS in OTP?
> 
> Alas Ericsson has prioritised quite a few other things higher than DTLS just
> lately so the implementation has been delayed.
> I hope it will get back on track soon but I am afraid you can no count on it in
> a short term perspective.
> 
> Regards Ingela Erlang/OTP team - Ericsson AB
> 
> 
> 
> what is missing currently? is there a list of tasks and known bus available?
> 
> 
> No there is no such public list. The big show stopper is that the implementation
> of the DTLS-connection process is not finished. To try to summarize
> 
> We do not want bugs in DTLS connections to affect TLS-connections so the
> connection processes must be separately implemented. DTLS is
> defined as a diff against TLS and that is how we want to structure the
> implementation.
> 
> The TLS connection process is implemented by tls_connection.erl and the DTLS
> connection shall be in dtls_connection.erl which is only in a sketch state.
> Both implementations use ssl_connection.erl to handle common parts, however some
> calls in the DTLS code might not be quite up to date.
> The same is true for tls_handshake/record/alert, dtls_hanshake/record/alert ,
> ssl_handhake/record/alert. There might be a need of further refactoring
> to make this approach work the whole way.
> 
> Something the we will also will need is the heart beat extension (RFC 6520)
> which is fairly separate so it could be easy for some one to contribute the
> basic support
> for this.
> 
> Our next goal is to make a test suite against openSSL DTLS so that we can have a
> test driven development of the DTLS connection process.
> 
> Regards Ingela Erlang/OTP team - Ericsson A
> 
> 
> 
> 
> - benoit
> 
> 
> 
> 
> 
> 
> 
> I'm interested in using DTLS/SRTP in Erlang for WebRTC.
> 
> I've found two implementations:
> 
> Clean code but I couldn't make it work because it's missing SRTP support.
> https://github.com/RoadRunnr/otp/tree/new_crypto_dtls
> 
> This works quite well. I'm able to connect clients to the server:
> https://groups.google.com/d/msg/discuss-webrtc/MP-1sCrOljA/qAs4VK-18y4J
> 
> The problem is that some clients can't connect and I'm getting HANDSHAKE packets
> while in the CIPHER state in the following order:
> HANDSHAKE, SERVER_HELLO
> HANDSHAKE, CERTIFICATE
> HANDSHAKE, SERVER_KEY_EXCHANGE
> HANDSHAKE, CERTIFICATE_REQUEST
> HANDSHAKE, SERVER_HELLO_DONE
> 
> I'm assuming that is related to wrong state change or retransmission.
> The code only implement retransmission for two packet types and have the
> following comment:
> %% problem remainning: different strategy should be adopted while state==hello
> or cipher.
> 
> Does anyone use DTLS/SRTP in Erlang and help solve this issue or recommend
> another solution?
> 
> Thanks
> 
> 
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
> 
> 
> 
> 
> --
> Sent from my Mobile
> 
> 
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions

-- 
-- 
Dipl. Inform.
Andreas Schultz


More information about the erlang-questions mailing list