[erlang-questions] use_srtp extension for DTLS

Ben Browitt ben.browitt@REDACTED
Tue Oct 9 06:56:20 CEST 2018


I'm trying to do something similar to what suggested in this thread [1].
The suggested API from Andreas was:

> %% Create a new passive SSL connection of given type, return a opaque
> identifier.
> ssl:create_connection(Protocol :: 'stream' | 'datagram', Opts) ->
> ssl_connection_id().
>
> %% Pass received SSL traffic into the connection,
> %% Return error, ok or Data to return on the connection.
> ssl:recv(Connection :: ssl_connection_id(), EncData :: binary()) ->
>    {error, Error} | ok | {ok, {send, Data :: binary()}}.
>
> %% Pass unencrypted traffic into the SSL app
> ssl: send(Connection :: ssl_connection_id(), PlainText :: binary()) ->
>   {error, Error} | ok | {ok, {send, EncData :: binary()}}.
>
> %% The owner of the connection is then getting messages like:
> %% - send encrypted data:
> %%     {ssl, Connection :: connection_id(), {send, EncData :: binary()}}
> %% - got plaintext data:
>
%%     {ssl, Connection :: connection_id(), {recv, PlainText :: binary()}}
> %% - connection event:
> %%     {ssl, Connection :: connection_id(), Event ::
> ssl_connection_event()}
>

Is there a plan to support a this API?
If not, how can I use cb_info option with a custom transport module to be
able to handle DTLS with other protocols on the same socket?

[1]
https://groups.google.com/d/msg/erlang-programming/AQk5qGHahyw/toK8UD9PAgAJ

On Mon, Oct 8, 2018 at 7:04 PM Ingela Andin <ingela.andin@REDACTED> wrote:

> Hi!
>
> Den mån 8 okt. 2018 kl 12:48 skrev Andreas Schultz <
> andreas.schultz@REDACTED>:
>
>> Hi Ingela,
>>
>> Ingela Andin <ingela.andin@REDACTED> schrieb am Mo., 8. Okt. 2018 um
>> 12:27 Uhr:
>>
>>> Hi!
>>>
>>> Sorry for late answer. Yes there are plans to include it. It extension
>>> is also part of TLS-1.3 that has priority over DTLS at the moment. We have
>>> already  done
>>>
>>
>> Can't speak for others, but I would prefer if DTLS-1.3 where give the
>> same priority as TLS-1.3.
>>
>>
> Well as DTLS is described as a diff against TLS we kind of need the
> original first.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
>
>
>
>> Regards
>> Andreas
>>
>> some internal changes to extension handling to facilitate the
>>> implementation of TLS-1.3 and its co-existing with previous versions.  This
>>> is in first hand planned for OTP-22.
>>>
>>> Regards Ingela Erlang/OTP Team - Ericsson AB
>>>
>>>
>>> Den mån 8 okt. 2018 kl 06:58 skrev Ben Browitt <ben.browitt@REDACTED>:
>>>
>>>> USE_SRTP is defined in dtls_handshake.hrl [1] but it says it's not
>>>> supported.
>>>> Are there plans to support it?
>>>>
>>>> [1]
>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/dtls_handshake.hrl#L64
>>>>
>>>> On Mon, Oct 1, 2018 at 11:27 AM Ben Browitt <ben.browitt@REDACTED>
>>>> wrote:
>>>>
>>>>> DTLS is missing the use_srtp extension required for DTLS-SRTP [1].
>>>>> What's the best way to add it?
>>>>>
>>>>> We need to encode the extension in ssl_handshake.erl
>>>>> encode_hello_extensions([use_srtp | Rest], Acc) ->
>>>>>     ExtData = <<0,2,0,1,0>>,
>>>>>     Len = byte_size(ExtData),
>>>>>     encode_hello_extensions(Rest, <<?UINT16(?USE_SRTP_EXT),
>>>>> ?UINT16(Len), ExtData/binary, Acc/binary>>).
>>>>>
>>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L657
>>>>>
>>>>> Define USE_SRTP_EXT in ssl_handshake.hrl
>>>>> -define(USE_SRTP_EXT, 14).
>>>>>
>>>>> Add use_srtp to the hello_extensions record:
>>>>>
>>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.hrl#L100
>>>>>
>>>>> Add use_srtp to hello_extensions_list
>>>>>
>>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L1826
>>>>>
>>>>> Add use_srtp to client_hello_extensions
>>>>>
>>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L968
>>>>>
>>>>> Add use_srtp to the #ssl_options record
>>>>>
>>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_internal.hrl#L111
>>>>>
>>>>> [1] https://tools.ietf.org/html/rfc5764#section-4.1
>>>>>
>>>>> Thanks
>>>>>
>>>> _______________________________________________
>>>> erlang-questions mailing list
>>>> erlang-questions@REDACTED
>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>> --
>> --
>> Dipl.-Inform. Andreas Schultz
>>
>> ----------------------- enabling your networks ----------------------
>> Travelping GmbH                     Phone:  +49-391-81 90 99 0
>> Roentgenstr. 13                     Fax:    +49-391-81 90 99 299
>> 39108 Magdeburg                     Email:  info@REDACTED
>> GERMANY                             Web:    http://www.travelping.com
>>
>> Company Registration: Amtsgericht Stendal        Reg No.:   HRB 10578
>> Geschaeftsfuehrer: Holger Winkelmann          VAT ID No.: DE236673780
>> ---------------------------------------------------------------------
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20181009/48bca687/attachment.htm>


More information about the erlang-questions mailing list