ddn.net.dtls.server12

DTLS 1.2 server handshake state machine (RFC 6347).

Drives the DTLS 1.2 server handshake as a resumable state machine. The server handles multiple concurrent handshakes from different clients, each identified by their DatagramEndpoint. For each peer, the server:

  • Receives ClientHello and optionally performs cookie exchange
  • Sends ServerHello, Certificate, ServerKeyExchange, ServerHelloDone
  • Receives ClientKeyExchange, ChangeCipherSpec, Finished
  • Sends ChangeCipherSpec and Finished

Reuses cryptographic primitives from the TLS 1.2 implementation: PRF (Tls12Prf), AEAD (TlsAead), key exchange (X25519, ECDH P-256), certificate parsing, and signature generation.

var DTLS_1_2_RECORD_VERSION
class Dtls12Server

Types 1

classDtls12Server

DTLS 1.2 server handshake engine.

Drives the server side of a DTLS 1.2 handshake over a datagram transport for a single peer. Uses flight-based retransmission with exponential backoff and supports the HelloVerifyRequest cookie exchange for DoS mitigation.

Call processDatagram() when data arrives from a client. The server will advance its state machine and send responses as needed.

Fields
DtlsTransport transport_
DtlsTimerSink timer_
DatagramEndpoint clientAddr_
Dtls12ServerPhase phase_
ushort messageSeq_
ushort epoch_
ulong recordSeq_
SecureRandom rng_
DtlsFlight pendingFlight_
int retryCount_
ubyte[32] clientRandom_
ubyte[32] serverRandom_
ubyte[] preMasterSecret_
ubyte[] masterSecret_
ubyte[] receivedCookie_
X25519PrivateKey ecdhePrivate_
NamedGroup selectedGroup_
DtlsVersion minVersion_
DtlsVersion maxVersion_
string[] alpnProtocols_
SrtpProfile[] srtpProfiles_
string negotiatedAlpn_
CipherSuiteId negotiatedCipher_
DtlsVersion negotiatedVersion_
SrtpProfile negotiatedSrtpProfile_
const(ubyte)[][] certChainDer_
string privateKeyPem_
Tls12Prf prf_
TranscriptHash transcript_
TlsAead writeAead_
TlsAead readAead_
ubyte[] cookieSecret_
DtlsFragmentBuffer reassembly_
ubyte[] pendingDatagram_
Methods
void setMinVersion(DtlsVersion ver) @safe pure nothrow @nogcSets the minimum DTLS version.
void setMaxVersion(DtlsVersion ver) @safe pure nothrow @nogcSets the maximum DTLS version.
void setAlpnProtocols(string[] protocols) @safe pure nothrowSets the ALPN protocols.
void setSrtpProfiles(SrtpProfile[] profiles) @safe pure nothrow
TlsProgress processDatagram(const(ubyte)[] data) @trustedProcess a received datagram and advance the handshake.
bool processClientHello(const(ubyte)[] datagram)Process a ClientHello datagram.
bool parseClientHelloPayload(const(ubyte)[] payload)Parse a ClientHello handshake payload.
void selectCipherSuite(const(ubyte)[] cipherSuites)Select a cipher suite from the client's offered list.
void parseClientHelloExtensions(const(ubyte)[] extData)Parse extensions from a ClientHello.
void negotiateAlpn(const(ubyte)[] alpnData)Negotiate ALPN from the client's extension data.
void parseSupportedGroups(const(ubyte)[] groupsData)Parse supported groups extension to select ECDHE group.
ubyte[] buildServerHello()Build a ServerHello handshake message.
ubyte[] buildCertificate()Build a Certificate handshake message.
ubyte[] buildServerKeyExchange()Build a ServerKeyExchange handshake message.
void generateEphemeralKey(NamedGroup group, ref ubyte[] pubKeyBytes)Generate an ephemeral ECDHE key pair.
ubyte[] signKeyExchange(const(ubyte)[] params)Sign the key exchange parameters.
ubyte[] buildServerHelloDone()Build a ServerHelloDone handshake message.
bool processClientResponse(const(ubyte)[] datagram)Process a client response datagram.
bool processHandshakePayload(const(ubyte)[] payload)Process a handshake payload from a DTLS record.
bool dispatchHandshakeType(HandshakeType msgType, const(ubyte)[] body)Dispatch a handshake message by type.
void processClientKeyExchange(const(ubyte)[] body)Process a ClientKeyExchange message.
ubyte[] buildChangeCipherSpec()Build a ChangeCipherSpec record.
void deriveKeys()Derive master secret and key material.
ubyte[] buildFinished()Build a Finished handshake message.
void updateTranscript(HandshakeType msgType, const(ubyte)[] body)Update the handshake transcript hash.
ubyte[] wrapHandshakeMessage(HandshakeType msgType, const(ubyte)[] body)Wrap a handshake message in a DTLS handshake header.
ubyte[] wrapInRecord(ContentType contentType, const(ubyte)[] payload)Wrap a handshake message in a DTLS record.
ubyte[] buildDtlsRecord(ContentType contentType, const(ubyte)[] payload)Build a complete DTLS record with 13-byte header.
ubyte[] encryptRecord(ContentType contentType, const(ubyte)[] plaintext)Encrypt a record payload using the write AEAD.
const(ubyte)[] receiveDatagram()Receive a datagram from pending buffer or transport.
void sendDatagram(const(ubyte)[] data)Send a datagram via the transport.
void sendFlight(ubyte[][] records)Send a flight of records as a single datagram.
void scheduleRetransmit()Schedule retransmission timer.
void retransmitFlight()Retransmit the pending flight.
Dtls12ServerPhase phase() @property const @safe pure nothrow @nogcReturns: The current handshake phase.
CipherSuiteId negotiatedCipher() @property const @safe pure nothrow @nogcReturns: The negotiated cipher suite.
DtlsVersion negotiatedVersion() @property const @safe pure nothrow @nogcReturns: The negotiated DTLS version.
string alpnProtocol() @property const @safe pure nothrowReturns: The negotiated ALPN protocol.
ushort epoch() @property const @safe pure nothrow @nogcReturns: The current epoch.
SrtpProfile negotiatedSrtpProfile() @property const @safe pure nothrow @nogc
ubyte[] srtpMasterSecret() @property @safe pure nothrow @nogc
ubyte[] srtpClientRandom() @property @safe pure nothrow @nogc
ubyte[] srtpServerRandom() @property @safe pure nothrow @nogc
TlsAead writeAead() @propertyReturns: The write AEAD cipher.
TlsAead readAead() @propertyReturns: The read AEAD cipher.
Constructors
this(DtlsTransport transport, DtlsTimerSink timer, DatagramEndpoint clientAddr, const(ubyte)[] cookieSecret, const(ubyte)[][] certChainDer, string privateKeyPem)Constructs a DTLS 1.2 server handshake engine.

Variables 1

enumvarDTLS_1_2_RECORD_VERSION = [0xFE, 0xFD]

DTLS 1.2 record version used on the wire.