Move DTLS wire format to pkg

This is allow users to provide their own ciphers in the future. Also it reduces the amonut of code in the root of the repository. Resolves pion#333
Danielius1922 · Jan 16, 2021 · 2e348fc · 2e348fc
1 parent 6e1b0e2
commit 2e348fc
Show file tree

Hide file tree

Showing 145 changed files with 3,737 additions and 3,222 deletions.
diff --git a/alert.go b/alert.go
diff --git a/application_data.go b/application_data.go
diff --git a/change_cipher_spec.go b/change_cipher_spec.go
diff --git a/cipher_suite.go b/cipher_suite.go
@@ -1,9 +1,11 @@
 package dtls
 
 import (
-	"encoding/binary"
 	"fmt"
 	"hash"
+
+	"github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
+	"github.com/pion/dtls/v2/pkg/protocol/recordlayer"
 )
 
 // CipherSuiteID is an ID for our supported CipherSuites
@@ -61,15 +63,15 @@ func (c CipherSuiteID) String() string {
 type cipherSuite interface {
 	String() string
 	ID() CipherSuiteID
-	certificateType() clientCertificateType
+	certificateType() clientcertificate.Type
 	hashFunc() func() hash.Hash
 	isPSK() bool
 	isInitialized() bool
 
 	// Generate the internal encryption state
 	init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error
 
-	encrypt(pkt *recordLayer, raw []byte) ([]byte, error)
+	encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error)
 	decrypt(in []byte) ([]byte, error)
 }
 
@@ -139,32 +141,12 @@ func allCipherSuites() []cipherSuite {
 	}
 }
 
-func decodeCipherSuites(buf []byte) ([]cipherSuite, error) {
-	if len(buf) < 2 {
-		return nil, errDTLSPacketInvalidLength
-	}
-	cipherSuitesCount := int(binary.BigEndian.Uint16(buf[0:])) / 2
-	rtrn := []cipherSuite{}
-	for i := 0; i < cipherSuitesCount; i++ {
-		if len(buf) < (i*2 + 4) {
-			return nil, errBufferTooSmall
-		}
-		id := CipherSuiteID(binary.BigEndian.Uint16(buf[(i*2)+2:]))
-		if c := cipherSuiteForID(id); c != nil {
-			rtrn = append(rtrn, c)
-		}
-	}
-	return rtrn, nil
-}
-
-func encodeCipherSuites(cipherSuites []cipherSuite) []byte {
-	out := []byte{0x00, 0x00}
-	binary.BigEndian.PutUint16(out[len(out)-2:], uint16(len(cipherSuites)*2))
+func cipherSuiteIDs(cipherSuites []cipherSuite) []uint16 {
+	rtrn := []uint16{}
 	for _, c := range cipherSuites {
-		out = append(out, []byte{0x00, 0x00}...)
-		binary.BigEndian.PutUint16(out[len(out)-2:], uint16(c.ID()))
+		rtrn = append(rtrn, uint16(c.ID()))
 	}
-	return out
+	return rtrn
 }
 
 func parseCipherSuites(userSelectedSuites []CipherSuiteID, includeCertificateSuites, includePSKSuites bool) ([]cipherSuite, error) {

diff --git a/cipher_suite_aes_128_ccm.go b/cipher_suite_aes_128_ccm.go
@@ -6,17 +6,20 @@ import (
 	"fmt"
 	"hash"
 	"sync/atomic"
+
+	"github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
+	"github.com/pion/dtls/v2/pkg/protocol/recordlayer"
 )
 
 type cipherSuiteAes128Ccm struct {
 	ccm                   atomic.Value // *cryptoCCM
-	clientCertificateType clientCertificateType
+	clientCertificateType clientcertificate.Type
 	id                    CipherSuiteID
 	psk                   bool
 	cryptoCCMTagLen       cryptoCCMTagLen
 }
 
-func newCipherSuiteAes128Ccm(clientCertificateType clientCertificateType, id CipherSuiteID, psk bool, cryptoCCMTagLen cryptoCCMTagLen) *cipherSuiteAes128Ccm {
+func newCipherSuiteAes128Ccm(clientCertificateType clientcertificate.Type, id CipherSuiteID, psk bool, cryptoCCMTagLen cryptoCCMTagLen) *cipherSuiteAes128Ccm {
 	return &cipherSuiteAes128Ccm{
 		clientCertificateType: clientCertificateType,
 		id:                    id,
@@ -25,7 +28,7 @@ func newCipherSuiteAes128Ccm(clientCertificateType clientCertificateType, id Cip
 	}
 }
 
-func (c *cipherSuiteAes128Ccm) certificateType() clientCertificateType {
+func (c *cipherSuiteAes128Ccm) certificateType() clientcertificate.Type {
 	return c.clientCertificateType
 }
 
@@ -74,7 +77,7 @@ func (c *cipherSuiteAes128Ccm) init(masterSecret, clientRandom, serverRandom []b
 
 var errCipherSuiteNotInit = errors.New("CipherSuite has not been initialized")
 
-func (c *cipherSuiteAes128Ccm) encrypt(pkt *recordLayer, raw []byte) ([]byte, error) {
+func (c *cipherSuiteAes128Ccm) encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error) {
 	ccm := c.ccm.Load()
 	if ccm == nil { // !c.isInitialized()
 		return nil, fmt.Errorf("%w, unable to encrypt", errCipherSuiteNotInit)

diff --git a/cipher_suite_go114.go b/cipher_suite_go114.go
@@ -6,6 +6,10 @@ import (
 	"crypto/tls"
 )
 
+// VersionDTLS12 is the DTLS version in the same style as
+// VersionTLSXX from crypto/tls
+const VersionDTLS12 = 0xfefd
+
 // Convert from our cipherSuite interface to a tls.CipherSuite struct
 func toTLSCipherSuite(c cipherSuite) *tls.CipherSuite {
 	return &tls.CipherSuite{

diff --git a/cipher_suite_test.go b/cipher_suite_test.go
@@ -1,27 +1,9 @@
 package dtls
 
 import (
-	"errors"
 	"testing"
 )
 
-func TestDecodeCipherSuites(t *testing.T) {
-	testCases := []struct {
-		buf    []byte
-		result []*cipherSuite
-		err    error
-	}{
-		{[]byte{}, nil, errDTLSPacketInvalidLength},
-	}
-
-	for _, testCase := range testCases {
-		_, err := decodeCipherSuites(testCase.buf)
-		if !errors.Is(err, testCase.err) {
-			t.Fatal("Unexpected error", err)
-		}
-	}
-}
-
 func TestCipherSuiteName(t *testing.T) {
 	testCases := []struct {
 		suite    CipherSuiteID

diff --git a/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm.go b/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm.go
@@ -1,5 +1,7 @@
 package dtls
 
+import "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
+
 func newCipherSuiteTLSEcdheEcdsaWithAes128Ccm() *cipherSuiteAes128Ccm {
-	return newCipherSuiteAes128Ccm(clientCertificateTypeECDSASign, TLS_ECDHE_ECDSA_WITH_AES_128_CCM, false, cryptoCCMTagLength)
+	return newCipherSuiteAes128Ccm(clientcertificate.ECDSASign, TLS_ECDHE_ECDSA_WITH_AES_128_CCM, false, cryptoCCMTagLength)
 }
diff --git a/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm8.go b/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm8.go
@@ -1,5 +1,7 @@
 package dtls
 
+import "github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
+
 func newCipherSuiteTLSEcdheEcdsaWithAes128Ccm8() *cipherSuiteAes128Ccm {
-	return newCipherSuiteAes128Ccm(clientCertificateTypeECDSASign, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, false, cryptoCCM8TagLength)
+	return newCipherSuiteAes128Ccm(clientcertificate.ECDSASign, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, false, cryptoCCM8TagLength)
 }
diff --git a/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go b/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go
@@ -5,14 +5,17 @@ import (
 	"fmt"
 	"hash"
 	"sync/atomic"
+
+	"github.com/pion/dtls/v2/pkg/crypto/clientcertificate"
+	"github.com/pion/dtls/v2/pkg/protocol/recordlayer"
 )
 
 type cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 struct {
 	gcm atomic.Value // *cryptoGCM
 }
 
-func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) certificateType() clientCertificateType {
-	return clientCertificateTypeECDSASign
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) certificateType() clientcertificate.Type {
+	return clientcertificate.ECDSASign
 }
 
 func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) ID() CipherSuiteID {
@@ -58,7 +61,7 @@ func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) init(masterSecret, clientR
 	return err
 }
 
-func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) encrypt(pkt *recordLayer, raw []byte) ([]byte, error) {
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) encrypt(pkt *recordlayer.RecordLayer, raw []byte) ([]byte, error) {
 	gcm := c.gcm.Load()
 	if gcm == nil { // !c.isInitialized()
 		return nil, fmt.Errorf("%w, unable to encrypt", errCipherSuiteNotInit)