Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use plausible TLS messages #3753

Merged
merged 3 commits into from Jun 30, 2020
Merged

Use plausible TLS messages #3753

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9a7ef22
Make the TLS messages plausible
martinthomson Jun 10, 2020
0b46816
Update samples in the draft based on changed content
martinthomson Jun 10, 2020
ab3d19b
Fix bad extension length
martinthomson Jun 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
63 changes: 32 additions & 31 deletions draft-ietf-quic-tls.md
View file
Open in desktop
Expand Up @@ -1978,13 +1978,14 @@ contains the following CRYPTO frame, plus enough PADDING frames to make a 1162
byte payload:

~~~
060040c4010000c003036660261ff947 cea49cce6cfad687f457cf1b14531ba1
4131a0e8f309a1d0b9c4000006130113 031302010000910000000b0009000006
736572766572ff01000100000a001400 12001d00170018001901000101010201
03010400230000003300260024001d00 204cfdfcd178b784bf328cae793b136f
2aedce005ff183d7bb14952072366470 37002b0003020304000d0020001e0403
05030603020308040805080604010501 060102010402050206020202002d0002
0101001c00024001
060040f1010000ed0303ebf8fa56f129 39b9584a3896472ec40bb863cfd3e868
04fe3a47f06a2b69484c000004130113 02010000c000000010000e00000b6578
616d706c652e636f6dff01000100000a 00080006001d00170018001000070005
04616c706e0005000501000000000033 00260024001d00209370b2c9caa47fba
baf4559fedba753de171fa71f50f1ce1 5d43e994ec74d748002b000302030400
0d0010000e0403050306030203080408 050806002d00020101001c00024001ff
a500320408ffffffffffffffff050480 00ffff07048000ffff08011001048000
75300901100f088394c8f03e51570806 048000ffff
~~~

The unprotected header includes the connection ID and a 4 byte packet number
Expand All @@ -1999,30 +2000,30 @@ Because the header uses a 4 byte packet number encoding, the first 16 bytes of
the protected payload is sampled, then applied to the header:

~~~
sample = fb66bc5f93032b7ddd89fe0ff15d9c4f
sample = fb66bc6a93032b50dd8973972d149421

mask = AES-ECB(hp, sample)[0..4]
= d64a952459
= 1e9cdb9909

header[0] ^= mask[0] & 0x0f
= c5
= cd
header[18..21] ^= mask[1..4]
= 4a95245b
header = c5ff00001d088394c8f03e5157080000449e4a95245b
= 9cdb990b
header = cdff00001d088394c8f03e5157080000449e9cdb990b
~~~

The resulting protected packet is:

~~~
c5ff00001d088394c8f03e5157080000 449e4a95245bfb66bc5f93032b7ddd89
fe0ff15d9c4f7050fccdb71c1cd80512 d4431643a53aafa1b0b518b44968b18b
8d3e7a4d04c30b3ed9410325b2abb2da fb1c12f8b70479eb8df98abcaf95dd8f
3d1c78660fbc719f88b23c8aef6771f3 d50e10fdfb4c9d92386d44481b6c52d5
9e5538d3d3942de9f13a7f8b702dc317 24180da9df22714d01003fc5e3d165c9
50e630b8540fbd81c9df0ee63f949970 26c4f2e1887a2def79050ac2d86ba318
e0b3adc4c5aa18bcf63c7cf8e85f5692 49813a2236a7e72269447cd1c755e451
f5e77470eb3de64c8849d29282069802 9cfa18e5d66176fe6e5ba4ed18026f90
900a5b4980e2f58e39151d5cd685b109 29636d4f02e7fad2a5a458249f5c0298
cdff00001d088394c8f03e5157080000 449e9cdb990bfb66bc6a93032b50dd89
73972d149421874d3849e3708d71354e a33bcdc356f3ea6e2a1a1bd7c3d14003
8d3e784d04c30a2cdb40c32523aba2da fe1c1bf3d27a6be38fe38ae033fbb071
3c1c73661bb6639795b42b97f77068ea d51f11fbf9489af2501d09481e6c64d4
b8551cd3cea70d830ce2aeeec789ef55 1a7fbe36b3f7e1549a9f8d8e153b3fac
3fb7b7812c9ed7c20b4be190ebd89956 26e7f0fc887925ec6f0606c5d36aa81b
ebb7aacdc4a31bb5f23d55faef5c5190 5783384f375a43235b5c742c78ab1bae
0a188b75efbde6b3774ed61282f9670a 9dea19e1566103ce675ab4e21081fb58
60340a1e88e4f10e39eae25cd685b109 29636d4f02e7fad2a5a458249f5c0298
a6d53acbe41a7fc83fa7cc01973f7a74 d1237a51974e097636b6203997f921d0
7bc1940a6f2d0de9f5a11432946159ed 6cc21df65c4ddd1115f86427259a196c
7148b25b6478b0dc7766e1c4d1b1f515 9f90eabc61636226244642ee148b464c
Expand Down Expand Up @@ -2051,7 +2052,7 @@ edb42d2af89a9c9122b07acbc29e5e72 2df8615c343702491098478a389c9872
a10b0c9875125e257c7bfdf27eef4060 bd3d00f4c14fd3e3496c38d3c5d1a566
8c39350effbc2d16ca17be4ce29f02ed 969504dda2a8c6b9ff919e693ee79e09
089316e7d1d89ec099db3b2b268725d8 88536a4b8bf9aee8fb43e82a4d919d48
43b1ca70a2d8d3f725ead1391377dcc0
1802771a449b30f3fa2289852607b660
~~~


Expand All @@ -2061,10 +2062,10 @@ The server sends the following payload in response, including an ACK frame, a
CRYPTO frame, and no PADDING frames:

~~~
0d0000000018410a020000560303eefc e7f7b37ba1d1632e96677825ddf73988
cfc79825df566dc5430b9a045a120013 0100002e00330024001d00209d3c940d
89690b84d08a60993c144eca684d1081 287c834d5311bcf32bb9da1a002b0002
0304
02000000000600405a020000560303ee fce7f7b37ba1d1632e96677825ddf739
88cfc79825df566dc5430b9a045a1200 130100002e00330024001d00209d3c94
0d89690b84d08a60993c144eca684d10 81287c834d5311bcf32bb9da1a002b00
020304
~~~

The header from the server includes a new connection ID and a 2-byte packet
Expand All @@ -2086,11 +2087,11 @@ header = caff00001d0008f067a5502a4262b5004074aaf2
The final protected packet is then:

~~~
caff00001d0008f067a5502a4262b500 4074aaf2f007823a5d3a1207c86ee491
32824f0465243d082d868b107a38092b c80528664cbf9456ebf27673fb5fa506
1ab573c9f001b81da028a00d52ab00b1 5bebaa70640e106cf2acd043e9c6b441
1c0a79637134d8993701fe779e58c2fe 753d14b0564021565ea92e57bc6faf56
dfc7a40870e6
c7ff00001d0008f067a5502a4262b500 4075fb12ff07823a5d24534d906ce4c7
6782a2167e3479c0f7f6395dc2c91676 302fe6d70bb7cbeb117b4ddb7d173498
44fd61dae200b8338e1b932976b61d91 e64a02e9e0ee72e3a6f63aba4ceeeec5
be2f24f2d86027572943533846caa13e 6f163fb257473dcca25396e88724f1e5
d964dedee9b633
~~~


Expand Down
20 changes: 11 additions & 9 deletions protection-samples.js
View file
Open in desktop
Expand Up @@ -337,18 +337,20 @@ var cid = '8394c8f03e515708';
var ci_hdr = 'c3' + version + hex_cid(cid) + '0000';
// This is a client Initial. Unfortunately, the ClientHello currently omits
// the transport_parameters extension.
var crypto_frame = '060040c4' +
'010000c003036660261ff947cea49cce6cfad687f457cf1b14531ba14131a0e8' +
'f309a1d0b9c4000006130113031302010000910000000b000900000673657276' +
'6572ff01000100000a00140012001d0017001800190100010101020103010400' +
'230000003300260024001d00204cfdfcd178b784bf328cae793b136f2aedce00' +
'5ff183d7bb1495207236647037002b0003020304000d0020001e040305030603' +
'020308040805080604010501060102010402050206020202002d00020101001c' +
'00024001';
var crypto_frame = '060040f1' +
'010000ed0303ebf8fa56f12939b9584a3896472ec40bb863cfd3e86804fe3a47' +
'f06a2b69484c00000413011302010000c000000010000e00000b6578616d706c' +
'652e636f6dff01000100000a00080006001d0017001800100007000504616c70' +
'6e000500050100000000003300260024001d00209370b2c9caa47fbabaf4559f' +
'edba753de171fa71f50f1ce15d43e994ec74d748002b0003020304000d001000' +
'0e0403050306030203080408050806002d00020101001c00024001ffa5003204' +
'08ffffffffffffffff05048000ffff07048000ffff0801100104800075300901' +
'100f088394c8f03e51570806048000ffff';

test('client', cid, ci_hdr, 2, crypto_frame);

// This should be a valid server Initial.
var frames = '0d0000000018410a' +
var frames = '02000000000600405a' +
'020000560303eefce7f7b37ba1d163' +
'2e96677825ddf73988cfc79825df566dc5430b9a04' +
'5a1200130100002e00330024001d00209d3c940d89' +
Expand Down