public DtlsSrtpClient(Certificate certificateChain, AsymmetricKeyParameter privateKey, UseSrtpData clientSrtpData) { if (certificateChain == null && privateKey == null) { (certificateChain, privateKey) = DtlsUtils.CreateSelfSignedTlsCert(); } if (clientSrtpData == null) { SecureRandom random = new SecureRandom(); int[] protectionProfiles = { SrtpProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_80 }; byte[] mki = new byte[(SrtpParameters.SRTP_AES128_CM_HMAC_SHA1_80.GetCipherKeyLength() + SrtpParameters.SRTP_AES128_CM_HMAC_SHA1_80.GetCipherSaltLength()) / 8]; random.NextBytes(mki); // Reusing our secure random for generating the key. this.clientSrtpData = new UseSrtpData(protectionProfiles, mki); } else { this.clientSrtpData = clientSrtpData; } this.mPrivateKey = privateKey; mCertificateChain = certificateChain; //Generate FingerPrint var certificate = mCertificateChain.GetCertificateAt(0); Fingerprint = certificate != null?DtlsUtils.Fingerprint(certificate) : null; }
public DtlsSrtpServer(Certificate certificateChain, AsymmetricKeyParameter privateKey) { this.cipherSuites = base.GetCipherSuites(); this.mPrivateKey = privateKey; mCertificateChain = certificateChain; //Generate FingerPrint var certificate = mCertificateChain.GetCertificateAt(0); this.mFingerPrint = certificate != null?DtlsUtils.Fingerprint(certificate) : null; }
public DtlsSrtpServer(Certificate certificateChain, AsymmetricKeyParameter privateKey) { if (certificateChain == null && privateKey == null) { (certificateChain, privateKey) = DtlsUtils.CreateSelfSignedTlsCert(); } this.cipherSuites = base.GetCipherSuites(); this.mPrivateKey = privateKey; mCertificateChain = certificateChain; //Generate FingerPrint var certificate = mCertificateChain.GetCertificateAt(0); this.mFingerPrint = certificate != null?DtlsUtils.Fingerprint(certificate) : null; }
/// <summary> /// DtlsHandshake requires DtlsSrtpTransport to work. /// DtlsSrtpTransport is similar to C++ DTLS class combined with Srtp class and can perform /// Handshake as Server or Client in same call. The constructor of transport require a DtlsStrpClient /// or DtlsSrtpServer to work. /// </summary> /// <param name="dtlsHandle">The DTLS transport handle to perform the handshake with.</param> /// <returns></returns> private bool DoDtlsHandshake(DtlsSrtpTransport dtlsHandle) { logger.LogDebug("RTCPeerConnection DoDtlsHandshake started."); var rtpChannel = GetRtpChannel(SDPMediaTypesEnum.audio); dtlsHandle.OnDataReady += (buf) => { //logger.LogDebug($"DTLS transport sending {buf.Length} bytes to {AudioDestinationEndPoint}."); rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, AudioDestinationEndPoint, buf); }; var handshakeResult = dtlsHandle.DoHandshake(); if (!handshakeResult) { logger.LogWarning($"RTCPeerConnection DTLS handshake failed."); return(false); } else { logger.LogDebug($"RTCPeerConnection DTLS handshake result {handshakeResult}, is handshake complete {dtlsHandle.IsHandshakeComplete()}."); var expectedFp = RemotePeerDtlsFingerprint; var remoteFingerprint = DtlsUtils.Fingerprint(expectedFp.algorithm, dtlsHandle.GetRemoteCertificate().GetCertificateAt(0)); if (remoteFingerprint.value != expectedFp.value) { logger.LogWarning($"RTCPeerConnection remote certificate fingerprint mismatch, expected {expectedFp}, actual {remoteFingerprint}."); return(false); } else { logger.LogDebug($"RTCPeerConnection remote certificate fingerprint matched expected value of {remoteFingerprint.value} for {remoteFingerprint.algorithm}."); base.SetSecurityContext( dtlsHandle.ProtectRTP, dtlsHandle.UnprotectRTP, dtlsHandle.ProtectRTCP, dtlsHandle.UnprotectRTCP); return(true); } } }
public List <RTCDtlsFingerprint> getFingerprints() { return(new List <RTCDtlsFingerprint> { DtlsUtils.Fingerprint(Certificate) }); }