ssl: Implement DTLS state machine

Beta DTLS, not production ready. Only very basically tested, and not everything in the SPEC is implemented and some things are hard coded that should not be, so this implementation can not be consider secure. Refactor "TLS connection state" and socket handling, to facilitate DTLS implementation. Create dtls "listner" (multiplexor) process that spawns DTLS connection process handlers. Handle DTLS fragmentation. Framework for handling retransmissions. Replay Detection is not implemented yet. Alerts currently always handled as in TLS.
erlang · Dec 5, 2016 · 1e6942e · 1e6942e
1 parent 39fef8e
commit 1e6942e
Show file tree

Hide file tree

Showing 27 changed files with 1,818 additions and 1,189 deletions.
diff --git a/lib/ssl/src/Makefile b/lib/ssl/src/Makefile
@@ -50,6 +50,7 @@ MODULES= \
 	ssl_app \
 	ssl_dist_sup\
 	ssl_sup \
+	dtls_udp_sup \
 	inet_tls_dist \
 	inet6_tls_dist \
 	ssl_certificate\
@@ -71,7 +72,9 @@ MODULES= \
 	ssl_crl\
 	ssl_crl_cache \
 	ssl_crl_hash_dir \
-	ssl_socket \
+	tls_socket \
+	dtls_socket \
+	dtls_udp_listener\
 	ssl_listen_tracker_sup \
 	tls_record \
 	dtls_record \

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
diff --git a/lib/ssl/src/dtls_connection.hrl b/lib/ssl/src/dtls_connection.hrl
@@ -29,20 +29,14 @@
 -include("ssl_connection.hrl").
 
 -record(protocol_buffers, {
-	  dtls_packets = [],              %%::[binary()],  % Not yet handled decode ssl/tls packets.
-          dtls_record_buffer = <<>>,      %%:: binary(),   % Buffer of incomplete records
-	  dtls_fragment_state,            %%:: [],         % DTLS fragments
-          dtls_handshake_buffer = <<>>,   %%:: binary(),   % Buffer of incomplete handshakes
-	  dtls_cipher_texts = [],         %%:: [binary()],
-	  dtls_cipher_texts_next          %%:: [binary()]  % Received for Epoch not yet active
+          dtls_record_buffer = <<>>,      %% Buffer of incomplete records
+	  dtls_handshake_next_seq = 0,
+	  dtls_flight_last,
+	  dtls_handshake_next_fragments = [], %% Fragments of the next handshake message
+	  dtls_handshake_later_fragments = [], %% Fragments of handsake messages come after the one in next buffer
+	  dtls_cipher_texts = []         %%:: [binary()],
 	 }).
 
--record(flight, {
-	  last_retransmit,
-	  last_read_seq,
-	  msl_timer,
-	  state,
-	  buffer        % buffer of not yet ACKed TLS records
-	 }).
+-define(INITIAL_RETRANSMIT_TIMEOUT, 1000). %1 sec
 
 -endif. % -ifdef(dtls_connection).
diff --git a/lib/ssl/src/dtls_connection_sup.erl b/lib/ssl/src/dtls_connection_sup.erl
@@ -60,7 +60,7 @@ init(_O) ->
     StartFunc = {dtls_connection, start_link, []},
     Restart = temporary, % E.g. should not be restarted
     Shutdown = 4000,
-    Modules = [dtls_connection],
+    Modules = [dtls_connection, ssl_connection],
     Type = worker,
 
     ChildSpec = {Name, StartFunc, Restart, Shutdown, Type, Modules},

diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl
diff --git a/lib/ssl/src/dtls_handshake.hrl b/lib/ssl/src/dtls_handshake.hrl
@@ -46,12 +46,13 @@
 	  cookie
 	 }).
 
--record(dtls_hs_state,
-	{current_read_seq,
-	 starting_read_seq,
-	 highest_record_seq,
-	 fragments,
-	 completed
-	}).
+-record(handshake_fragment, {
+	  type,
+	  length,
+	  message_seq,               
+	  fragment_offset,           
+	  fragment_length,
+	  fragment
+	 }).
 
 -endif. % -ifdef(dtls_handshake).