public static byte[] CreateUseSrtpExtension(UseSrtpData useSrtpData)
{
if (useSrtpData == null)
{
throw new ArgumentNullException("useSrtpData");
}
MemoryStream buf = new MemoryStream();
// SRTPProtectionProfiles
TlsUtilities.WriteUint16ArrayWithUint16Length(useSrtpData.ProtectionProfiles, buf);
// srtp_mki
TlsUtilities.WriteOpaque8(useSrtpData.Mki, buf);
return(buf.ToArray());
}
protected virtual void SendClientHelloMessage()
{
if (HTTPManager.Logger.Level <= Loglevels.All)
{
HTTPManager.Logger.Verbose("TlsClientProtocol", "SendClientHelloMessage", this.LoggingContext);
}
this.mRecordStream.SetWriteVersion(this.mTlsClient.ClientHelloRecordLayerVersion);
ProtocolVersion client_version = this.mTlsClient.ClientVersion;
if (client_version.IsDtls)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
ContextAdmin.SetClientVersion(client_version);
/*
* TODO RFC 5077 3.4. When presenting a ticket, the client MAY generate and include a
* Session ID in the TLS ClientHello.
*/
byte[] session_id = TlsUtilities.EmptyBytes;
if (this.mTlsSession != null)
{
session_id = this.mTlsSession.SessionID;
if (session_id == null || session_id.Length > 32)
{
session_id = TlsUtilities.EmptyBytes;
}
}
bool fallback = this.mTlsClient.IsFallback;
this.mOfferedCipherSuites = this.mTlsClient.GetCipherSuites();
this.mOfferedCompressionMethods = this.mTlsClient.GetCompressionMethods();
if (session_id.Length > 0 && this.mSessionParameters != null)
{
if (!mSessionParameters.IsExtendedMasterSecret ||
!Arrays.Contains(this.mOfferedCipherSuites, mSessionParameters.CipherSuite) ||
!Arrays.Contains(this.mOfferedCompressionMethods, mSessionParameters.CompressionAlgorithm))
{
session_id = TlsUtilities.EmptyBytes;
}
}
this.mClientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(this.mTlsClient.GetClientExtensions());
if (!client_version.IsSsl)
{
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(this.mClientExtensions);
}
HandshakeMessage message = new HandshakeMessage(HandshakeType.client_hello);
TlsUtilities.WriteVersion(client_version, message);
message.Write(this.mSecurityParameters.ClientRandom);
TlsUtilities.WriteOpaque8(session_id, message);
// Cipher Suites (and SCSV)
{
/*
* RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
* or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
* ClientHello. Including both is NOT RECOMMENDED.
*/
byte[] renegExtData = TlsUtilities.GetExtensionData(mClientExtensions, ExtensionType.renegotiation_info);
bool noRenegExt = (null == renegExtData);
bool noRenegScsv = !Arrays.Contains(mOfferedCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
if (noRenegExt && noRenegScsv)
{
// TODO Consider whether to default to a client extension instead
this.mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
}
/*
* RFC 7507 4. If a client sends a ClientHello.client_version containing a lower value
* than the latest (highest-valued) version supported by the client, it SHOULD include
* the TLS_FALLBACK_SCSV cipher suite value in ClientHello.cipher_suites [..]. (The
* client SHOULD put TLS_FALLBACK_SCSV after all cipher suites that it actually intends
* to negotiate.)
*/
if (fallback && !Arrays.Contains(mOfferedCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
{
this.mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(mOfferedCipherSuites, message);
}
TlsUtilities.WriteUint8ArrayWithUint8Length(mOfferedCompressionMethods, message);
WriteExtensions(message, mClientExtensions);
message.WriteToRecordStream(this);
}
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
{
ProtocolVersion client_version = client.ClientVersion;
if (!client_version.IsDtls)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
TlsClientContextImpl context = state.clientContext;
context.SetClientVersion(client_version);
SecurityParameters securityParameters = context.SecurityParameters;
// Session ID
byte[] session_id = TlsUtilities.EmptyBytes;
if (state.tlsSession != null)
{
session_id = state.tlsSession.SessionID;
if (session_id == null || session_id.Length > 32)
{
session_id = TlsUtilities.EmptyBytes;
}
}
bool fallback = client.IsFallback;
state.offeredCipherSuites = client.GetCipherSuites();
if (session_id.Length > 0 && state.sessionParameters != null)
{
if (!state.sessionParameters.IsExtendedMasterSecret ||
!Arrays.Contains(state.offeredCipherSuites, state.sessionParameters.CipherSuite) ||
CompressionMethod.cls_null != state.sessionParameters.CompressionAlgorithm)
{
session_id = TlsUtilities.EmptyBytes;
}
}
state.clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(client.GetClientExtensions());
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.clientExtensions);
MemoryStream buf = new MemoryStream();
TlsUtilities.WriteVersion(client_version, buf);
buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
TlsUtilities.WriteOpaque8(session_id, buf);
// Cookie
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);
// Cipher Suites (and SCSV)
{
/*
* RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
* or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
* ClientHello. Including both is NOT RECOMMENDED.
*/
byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info);
bool noRenegExt = (null == renegExtData);
bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
if (noRenegExt && noRenegSCSV)
{
// TODO Consider whether to default to a client extension instead
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
}
/*
* RFC 7507 4. If a client sends a ClientHello.client_version containing a lower value
* than the latest (highest-valued) version supported by the client, it SHOULD include
* the TLS_FALLBACK_SCSV cipher suite value in ClientHello.cipher_suites [..]. (The
* client SHOULD put TLS_FALLBACK_SCSV after all cipher suites that it actually intends
* to negotiate.)
*/
if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
{
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf);
}
TlsUtilities.WriteUint8ArrayWithUint8Length(new byte[] { CompressionMethod.cls_null }, buf);
TlsProtocol.WriteExtensions(buf, state.clientExtensions);
return(buf.ToArray());
}
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
{
MemoryStream buf = new MemoryStream();
ProtocolVersion client_version = client.ClientVersion;
if (!client_version.IsDtls)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
TlsClientContextImpl context = state.clientContext;
context.SetClientVersion(client_version);
TlsUtilities.WriteVersion(client_version, buf);
SecurityParameters securityParameters = context.SecurityParameters;
buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
// Session ID
byte[] session_id = TlsUtilities.EmptyBytes;
if (state.tlsSession != null)
{
session_id = state.tlsSession.SessionID;
if (session_id == null || session_id.Length > 32)
{
session_id = TlsUtilities.EmptyBytes;
}
}
TlsUtilities.WriteOpaque8(session_id, buf);
// Cookie
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);
bool fallback = client.IsFallback;
/*
* Cipher suites
*/
state.offeredCipherSuites = client.GetCipherSuites();
// Integer -> byte[]
state.clientExtensions = client.GetClientExtensions();
// Cipher Suites (and SCSV)
{
/*
* RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
* or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
* ClientHello. Including both is NOT RECOMMENDED.
*/
byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info);
bool noRenegExt = (null == renegExtData);
bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
if (noRenegExt && noRenegSCSV)
{
// TODO Consider whether to default to a client extension instead
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
}
/*
* draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version
* containing a lower value than the latest (highest-valued) version supported by the
* client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in
* ClientHello.cipher_suites.
*/
if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
{
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf);
}
// TODO Add support for compression
// Compression methods
// state.offeredCompressionMethods = client.getCompressionMethods();
state.offeredCompressionMethods = new byte[] { CompressionMethod.cls_null };
TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, buf);
// Extensions
if (state.clientExtensions != null)
{
TlsProtocol.WriteExtensions(buf, state.clientExtensions);
}
return(buf.ToArray());
}
