2024-05-15 23:15:00 +00:00
|
|
|
// SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
|
|
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
|
2022-03-10 09:44:48 +00:00
|
|
|
package dtls
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
|
|
|
"github.com/pion/dtls/v2/pkg/crypto/elliptic"
|
|
|
|
"github.com/pion/dtls/v2/pkg/protocol"
|
|
|
|
"github.com/pion/dtls/v2/pkg/protocol/alert"
|
|
|
|
"github.com/pion/dtls/v2/pkg/protocol/extension"
|
|
|
|
"github.com/pion/dtls/v2/pkg/protocol/handshake"
|
|
|
|
"github.com/pion/dtls/v2/pkg/protocol/recordlayer"
|
|
|
|
)
|
|
|
|
|
|
|
|
func flight1Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert.Alert, error) {
|
|
|
|
// HelloVerifyRequest can be skipped by the server,
|
|
|
|
// so allow ServerHello during flight1 also
|
2024-05-15 23:15:00 +00:00
|
|
|
seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence, state.cipherSuite,
|
2022-03-10 09:44:48 +00:00
|
|
|
handshakeCachePullRule{handshake.TypeHelloVerifyRequest, cfg.initialEpoch, false, true},
|
|
|
|
handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, true},
|
|
|
|
)
|
|
|
|
if !ok {
|
|
|
|
// No valid message received. Keep reading
|
|
|
|
return 0, nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, ok := msgs[handshake.TypeServerHello]; ok {
|
|
|
|
// Flight1 and flight2 were skipped.
|
|
|
|
// Parse as flight3.
|
|
|
|
return flight3Parse(ctx, c, state, cache, cfg)
|
|
|
|
}
|
|
|
|
|
|
|
|
if h, ok := msgs[handshake.TypeHelloVerifyRequest].(*handshake.MessageHelloVerifyRequest); ok {
|
|
|
|
// DTLS 1.2 clients must not assume that the server will use the protocol version
|
|
|
|
// specified in HelloVerifyRequest message. RFC 6347 Section 4.2.1
|
|
|
|
if !h.Version.Equal(protocol.Version1_0) && !h.Version.Equal(protocol.Version1_2) {
|
|
|
|
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.ProtocolVersion}, errUnsupportedProtocolVersion
|
|
|
|
}
|
|
|
|
state.cookie = append([]byte{}, h.Cookie...)
|
|
|
|
state.handshakeRecvSequence = seq
|
|
|
|
return flight3, nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, nil
|
|
|
|
}
|
|
|
|
|
2024-05-15 23:15:00 +00:00
|
|
|
func flight1Generate(c flightConn, state *State, _ *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert.Alert, error) {
|
2022-03-10 09:44:48 +00:00
|
|
|
var zeroEpoch uint16
|
|
|
|
state.localEpoch.Store(zeroEpoch)
|
|
|
|
state.remoteEpoch.Store(zeroEpoch)
|
|
|
|
state.namedCurve = defaultNamedCurve
|
|
|
|
state.cookie = nil
|
|
|
|
|
|
|
|
if err := state.localRandom.Populate(); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
extensions := []extension.Extension{
|
|
|
|
&extension.SupportedSignatureAlgorithms{
|
|
|
|
SignatureHashAlgorithms: cfg.localSignatureSchemes,
|
|
|
|
},
|
|
|
|
&extension.RenegotiationInfo{
|
|
|
|
RenegotiatedConnection: 0,
|
|
|
|
},
|
|
|
|
}
|
2024-05-15 23:15:00 +00:00
|
|
|
|
|
|
|
var setEllipticCurveCryptographyClientHelloExtensions bool
|
|
|
|
for _, c := range cfg.localCipherSuites {
|
|
|
|
if c.ECC() {
|
|
|
|
setEllipticCurveCryptographyClientHelloExtensions = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if setEllipticCurveCryptographyClientHelloExtensions {
|
2022-03-10 09:44:48 +00:00
|
|
|
extensions = append(extensions, []extension.Extension{
|
|
|
|
&extension.SupportedEllipticCurves{
|
2024-05-15 23:15:00 +00:00
|
|
|
EllipticCurves: cfg.ellipticCurves,
|
2022-03-10 09:44:48 +00:00
|
|
|
},
|
|
|
|
&extension.SupportedPointFormats{
|
|
|
|
PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
|
|
|
|
},
|
|
|
|
}...)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(cfg.localSRTPProtectionProfiles) > 0 {
|
|
|
|
extensions = append(extensions, &extension.UseSRTP{
|
|
|
|
ProtectionProfiles: cfg.localSRTPProtectionProfiles,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
if cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
|
|
|
|
cfg.extendedMasterSecret == RequireExtendedMasterSecret {
|
|
|
|
extensions = append(extensions, &extension.UseExtendedMasterSecret{
|
|
|
|
Supported: true,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(cfg.serverName) > 0 {
|
|
|
|
extensions = append(extensions, &extension.ServerName{ServerName: cfg.serverName})
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(cfg.supportedProtocols) > 0 {
|
|
|
|
extensions = append(extensions, &extension.ALPN{ProtocolNameList: cfg.supportedProtocols})
|
|
|
|
}
|
|
|
|
|
|
|
|
if cfg.sessionStore != nil {
|
|
|
|
cfg.log.Tracef("[handshake] try to resume session")
|
|
|
|
if s, err := cfg.sessionStore.Get(c.sessionKey()); err != nil {
|
|
|
|
return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
|
|
|
|
} else if s.ID != nil {
|
|
|
|
cfg.log.Tracef("[handshake] get saved session: %x", s.ID)
|
|
|
|
|
|
|
|
state.SessionID = s.ID
|
|
|
|
state.masterSecret = s.Secret
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return []*packet{
|
|
|
|
{
|
|
|
|
record: &recordlayer.RecordLayer{
|
|
|
|
Header: recordlayer.Header{
|
|
|
|
Version: protocol.Version1_2,
|
|
|
|
},
|
|
|
|
Content: &handshake.Handshake{
|
|
|
|
Message: &handshake.MessageClientHello{
|
|
|
|
Version: protocol.Version1_2,
|
|
|
|
SessionID: state.SessionID,
|
|
|
|
Cookie: state.cookie,
|
|
|
|
Random: state.localRandom,
|
|
|
|
CipherSuiteIDs: cipherSuiteIDs(cfg.localCipherSuites),
|
|
|
|
CompressionMethods: defaultCompressionMethods(),
|
|
|
|
Extensions: extensions,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}, nil, nil
|
|
|
|
}
|