QUIC
下の図がわかりやすいと思う。 https://datatracker.ietf.org/meeting/98/materials/slides-98-edu-sessf-quic-tutorial/
参考url
- https://milestone-of-se.nesuke.com/l7protocol/http/http3-over-quic/#toc7 http2( on TLS1.3)とhttp3( over QUIC)との比較がわかりやすい
- https://quic.xargs.org/
- https://eng-blog.iij.ad.jp/archives/author/kazu 技術的な内容
- https://www.iana.org/assignments/quic/quic.xhtml パラメータ一覧
- https://cstmize.hatenablog.jp/entry/2022/09/21/“openssl_s_client”コマンドでHTTPSの仕組みを理解する(TLS_1_3) 自分のTLS1.3の記事。
- https://asnokaze.hatenablog.com/entry/2019/03/21/235918 keylogの部分で参考になった
- https://blog.redbox.ne.jp/http3-quic.html http2の問題点など挙げられておりわかりやすい説明。
コマンド
# google.comは既にhttp3対応しているので。 # 後述のように復号化するのにkey.logが必要。 touch key.log docker run -it -v $(pwd)/key.log:/opt/key.log --rm ymuski/curl-http3 /bin/bash -c "SSLKEYLOGFILE=key.log curl -IL https://www.google.com --http3 --trace /dev/stdout" == Info: Trying 216.58.220.100:443... == Info: Connect socket 6 over QUIC to 216.58.220.100:443 == Info: Sent QUIC client Initial, ALPN: h3-29,h3-28,h3-27 == Info: Connected to www.google.com () port 443 (#0) == Info: h3 [:method: HEAD] == Info: h3 [:path: /] == Info: h3 [:scheme: https] == Info: h3 [:authority: www.google.com] == Info: h3 [user-agent: curl/7.76.1-DEV] == Info: h3 [accept: */*] == Info: Using HTTP/3 Stream ID: 0 (easy handle 0x55609370f3e0) => Send header, 81 bytes (0x51) 0000: 48 45 41 44 20 2f 20 48 54 54 50 2f 33 0d 0a 48 HEAD / HTTP/3..H 0010: 6f 73 74 3a 20 77 77 77 2e 67 6f 6f 67 6c 65 2e ost: www.google. 0020: 63 6f 6d 0d 0a 75 73 65 72 2d 61 67 65 6e 74 3a com..user-agent: 0030: 20 63 75 72 6c 2f 37 2e 37 36 2e 31 2d 44 45 56 curl/7.76.1-DEV 0040: 0d 0a 61 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 0d ..accept: */*... 0050: 0a . <= Recv header, 11 bytes (0xb) 0000: 48 54 54 50 2f 33 20 32 30 30 0a HTTP/3 200. HTTP/3 200 <= Recv header, 44 bytes (0x2c) 0000: 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 content-type: te 0010: 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 xt/html; charset 0020: 3d 49 53 4f 2d 38 38 35 39 2d 31 0a =ISO-8859-1. content-type: text/html; charset=ISO-8859-1 <= Recv header, 68 bytes (0x44) 0000: 70 33 70 3a 20 43 50 3d 22 54 68 69 73 20 69 73 p3p: CP="This is 0010: 20 6e 6f 74 20 61 20 50 33 50 20 70 6f 6c 69 63 not a P3P polic 0020: 79 21 20 53 65 65 20 67 2e 63 6f 2f 70 33 70 68 y! See g.co/p3ph 0030: 65 6c 70 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 elp for more inf 0040: 6f 2e 22 0a o.". p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." <= Recv header, 36 bytes (0x24) 0000: 64 61 74 65 3a 20 53 61 74 2c 20 32 34 20 53 65 date: Sat, 24 Se 0010: 70 20 32 30 32 32 20 30 39 3a 34 33 3a 34 39 20 p 2022 09:43:49 0020: 47 4d 54 0a GMT. date: Sat, 24 Sep 2022 09:43:49 GMT <= Recv header, 12 bytes (0xc) 0000: 73 65 72 76 65 72 3a 20 67 77 73 0a server: gws. server: gws <= Recv header, 20 bytes (0x14) 0000: 78 2d 78 73 73 2d 70 72 6f 74 65 63 74 69 6f 6e x-xss-protection 0010: 3a 20 30 0a : 0. x-xss-protection: 0 <= Recv header, 28 bytes (0x1c) 0000: 78 2d 66 72 61 6d 65 2d 6f 70 74 69 6f 6e 73 3a x-frame-options: 0010: 20 53 41 4d 45 4f 52 49 47 49 4e 0a SAMEORIGIN. x-frame-options: SAMEORIGIN <= Recv header, 39 bytes (0x27) 0000: 65 78 70 69 72 65 73 3a 20 53 61 74 2c 20 32 34 expires: Sat, 24 0010: 20 53 65 70 20 32 30 32 32 20 30 39 3a 34 33 3a Sep 2022 09:43: 0020: 34 39 20 47 4d 54 0a 49 GMT. expires: Sat, 24 Sep 2022 09:43:49 GMT <= Recv header, 23 bytes (0x17) 0000: 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 3a 20 70 cache-control: p 0010: 72 69 76 61 74 65 0a rivate. cache-control: private <= Recv header, 108 bytes (0x6c) 0000: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 31 50 5f 4a set-cookie: 1P_J 0010: 41 52 3d 32 30 32 32 2d 30 39 2d 32 34 2d 30 39 AR=2022-09-24-09 0020: 3b 20 65 78 70 69 72 65 73 3d 4d 6f 6e 2c 20 32 ; expires=Mon, 2 0030: 34 2d 4f 63 74 2d 32 30 32 32 20 30 39 3a 34 33 4-Oct-2022 09:43 0040: 3a 34 39 20 47 4d 54 3b 20 70 61 74 68 3d 2f 3b :49 GMT; path=/; 0050: 20 64 6f 6d 61 69 6e 3d 2e 67 6f 6f 67 6c 65 2e domain=.google. 0060: 63 6f 6d 3b 20 53 65 63 75 72 65 0a com; Secure. set-cookie: 1P_JAR=2022-09-24-09; expires=Mon, 24-Oct-2022 09:43:49 GMT; path=/; domain=.google.com; Secure <= Recv header, 174 bytes (0xae) 0000: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 41 45 43 3d set-cookie: AEC= 0010: 41 61 6b 6e 69 47 4d 38 37 6b 4d 79 47 67 77 78 AakniGM87kMyGgwx 0020: 39 6d 6c 39 4f 31 76 4f 2d 4c 4b 2d 49 66 58 59 9ml9O1vO-LK-IfXY 0030: 70 79 39 44 38 41 4f 4b 35 6f 46 35 32 70 73 68 py9D8AOK5oF52psh 0040: 4c 6f 4d 58 4f 79 56 76 76 41 3b 20 65 78 70 69 LoMXOyVvvA; expi 0050: 72 65 73 3d 54 68 75 2c 20 32 33 2d 4d 61 72 2d res=Thu, 23-Mar- 0060: 32 30 32 33 20 30 39 3a 34 33 3a 34 39 20 47 4d 2023 09:43:49 GM 0070: 54 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 T; path=/; domai 0080: 6e 3d 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3b 20 53 n=.google.com; S 0090: 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 3b ecure; HttpOnly; 00a0: 20 53 61 6d 65 53 69 74 65 3d 6c 61 78 0a SameSite=lax. set-cookie: AEC=AakniGM87kMyGgwx9ml9O1vO-LK-IfXYpy9D8AOK5oF52pshLoMXOyVvvA; expires=Thu, 23-Mar-2023 09:43:49 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax <= Recv header, 269 bytes (0x10d) 0000: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 4e 49 44 3d set-cookie: NID= 0010: 35 31 31 3d 74 6a 46 55 61 6a 72 7a 64 48 79 6f 511=tjFUajrzdHyo 0020: 6c 47 50 5f 42 68 2d 76 66 2d 34 64 50 53 72 48 lGP_Bh-vf-4dPSrH 0030: 47 73 77 46 4d 45 79 63 38 38 44 30 62 36 31 47 GswFMEyc88D0b61G 0040: 43 39 58 69 50 66 31 62 2d 5f 37 78 36 53 5f 61 C9XiPf1b-_7x6S_a 0050: 48 57 7a 5f 73 43 54 49 41 51 44 39 64 45 66 6f HWz_sCTIAQD9dEfo 0060: 70 78 37 6a 37 43 61 59 4d 2d 4a 57 4f 4b 41 79 px7j7CaYM-JWOKAy 0070: 51 78 56 58 69 31 49 41 5f 30 67 4e 55 63 4b 72 QxVXi1IA_0gNUcKr 0080: 62 57 4d 61 73 2d 65 43 36 7a 78 6a 58 4c 43 50 bWMas-eC6zxjXLCP 0090: 63 57 46 70 70 5a 51 4a 67 51 6f 5a 5a 31 4e 51 cWFppZQJgQoZZ1NQ 00a0: 71 45 47 6d 52 49 55 6c 34 72 6d 5a 79 46 6e 31 qEGmRIUl4rmZyFn1 00b0: 6b 69 7a 49 45 6c 6e 74 74 35 6c 47 67 46 30 3b kizIElntt5lGgF0; 00c0: 20 65 78 70 69 72 65 73 3d 53 75 6e 2c 20 32 36 expires=Sun, 26 00d0: 2d 4d 61 72 2d 32 30 32 33 20 30 39 3a 34 33 3a -Mar-2023 09:43: 00e0: 34 39 20 47 4d 54 3b 20 70 61 74 68 3d 2f 3b 20 49 GMT; path=/; 00f0: 64 6f 6d 61 69 6e 3d 2e 67 6f 6f 67 6c 65 2e 63 domain=.google.c 0100: 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 0a om; HttpOnly. set-cookie: NID=511=tjFUajrzdHyolGP_Bh-vf-4dPSrHGswFMEyc88D0b61GC9XiPf1b-_7x6S_aHWz_sCTIAQD9dEfopx7j7CaYM-JWOKAyQxVXi1IA_0gNUcKrbWMas-eC6zxjXLCPcWFppZQJgQoZZ1NQqEGmRIUl4rmZyFn1kizIElntt5lGgF0; expires=Sun, 26-Mar-2023 09:43:49 GMT; path=/; domain=.google.com; HttpOnly <= Recv header, 172 bytes (0xac) 0000: 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 alt-svc: h3=":44 0010: 33 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 2c 68 3"; ma=2592000,h 0020: 33 2d 32 39 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 3-29=":443"; ma= 0030: 32 35 39 32 30 30 30 2c 68 33 2d 51 30 35 30 3d 2592000,h3-Q050= 0040: 22 3a 34 34 33 22 3b 20 6d 61 3d 32 35 39 32 30 ":443"; ma=25920 0050: 30 30 2c 68 33 2d 51 30 34 36 3d 22 3a 34 34 33 00,h3-Q046=":443 0060: 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 2c 68 33 "; ma=2592000,h3 0070: 2d 51 30 34 33 3d 22 3a 34 34 33 22 3b 20 6d 61 -Q043=":443"; ma 0080: 3d 32 35 39 32 30 30 30 2c 71 75 69 63 3d 22 3a =2592000,quic=": 0090: 34 34 33 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 443"; ma=2592000 00a0: 3b 20 76 3d 22 34 36 2c 34 33 22 0a ; v="46,43". alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" == Info: Connection #0 to host www.google.com left intact # これをwiresharkでみる。条件を"ip.addr == 216.58.220.100"と指定すると良い。
- QUIC handshakeからQUICのpayloadが暗号化されるので、key.logをPreference > Advancedで設定する。(自分はVersion 3.6.7 (v3.6.7-0-g4a304d7ec222)で問題なかったので、新しいバージョンだとできるはず)
- これでhandshake以降のQUICの部分が複合化される
- opensslはopenssl-3.0.5ではまだ。masterブランチ見るとhttps://github.com/openssl/openssl/blob/538ee4e0977492009f8ca39d577d8a1aeb8d27fd/doc/designs/quic-design/quic-overview.md で対応中ぽい
—
- UDPとしてとりあえず送りながらも輻輳制御などの管理はQUIC側で行うという構造になっているっぽい。
- TCP相当の設定をQUICのpayloadに移せるので、この情報も暗号化できるという大きな利点がある
- 他の従来の問題点は https://blog.redbox.ne.jp/http3-quic.html がわかりやすい
- TLS1.3の知識が前提なので、https://cstmize.hatenablog.jp/entry/2022/09/21/%E2%80%9Copenssl_s_client%E2%80%9D%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89%E3%81%A7HTTPS%E3%81%AE%E4%BB%95%E7%B5%84%E3%81%BF%E3%82%92%E7%90%86%E8%A7%A3%E3%81%99%E3%82%8B%28TLS_1_3%29 みてね。
プロトコル
- とりあえず、TLS1.3の部分でQUIC由来と思われる部分をピックアップする
QUIC initial, ClientHello: クライアント → サーバー
- TCPの3 way handshakeはない。
- Payload部分にはCRYPTOフレーム(TLS1.3のClientHello)が入る。
- “—http3”と指定したので、ALPN(Application-Layer Protocol Negotiation)は”h3-29”, “h3-28”, “h3-27”(application_layer_protocol_negotiation)
Extension: application_layer_protocol_negotiation (len=20) Type: application_layer_protocol_negotiation (16) Length: 20 ALPN Extension Length: 18 ALPN Protocol ALPN string length: 5 ALPN Next Protocol: h3-29 ALPN string length: 5 ALPN Next Protocol: h3-28 ALPN string length: 5 ALPN Next Protocol: h3-27
- 通常のTLS1.3とは異なり、このメッセージも実は暗号化されているが、「一手間かけないと覗けない」程度の安全性しかありません、とのこと。鍵交換まだしてないのでそれはそうだね。
- quic_transport_parameters extensionにてQUICの設定要求している。
- quic_transport_parameters 一覧はこちら。 → https://www.iana.org/assignments/quic/quic.xhtml
- UDPのpayloadは1200byteになるように、0埋めされている。
- Any datagram sent by the client that contains an Initial packet must be padded to a length of 1200 bytes.
詳細
- UDP以降の部分のみのパース結果を載せている。
Frame 145: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0 Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d) User Datagram Protocol, Src Port: 60282, Dst Port: 443 Source Port: 60282 Destination Port: 443 Length: 1208 Checksum: 0x8e90 [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (1200 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 336] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..00 .... = Packet Type: Initial (0) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 16 Destination Connection ID: 88758606f0322a5bbb4ab785d77f9224 Source Connection ID Length: 20 Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Token Length: 0 Length: 290 Packet Number: 0 Payload: 639ec334c1035e39d656aca14f49b521a148d4bd2fc8f27a40232bbc50f166df2cb24a87… CRYPTO Frame Type: CRYPTO (0x0000000000000006) Offset: 0 Length: 269 Crypto Data TLSv1.3 Record Layer: Handshake Protocol: Client Hello Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 265 Version: TLS 1.2 (0x0303) Random: 664ffabc2a24c1410327c812202fd53bc874c5fa67724f0f3c84a2d05971d130 Session ID Length: 0 Cipher Suites Length: 6 Cipher Suites (3 suites) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 218 Extension: server_name (len=19) Type: server_name (0) Length: 19 Server Name Indication extension Server Name list length: 17 Server Name Type: host_name (0) Server Name length: 14 Server Name: www.google.com Extension: supported_groups (len=8) Type: supported_groups (10) Length: 8 Supported Groups List Length: 6 Supported Groups (3 groups) Supported Group: x25519 (0x001d) Supported Group: secp256r1 (0x0017) Supported Group: secp384r1 (0x0018) Extension: application_layer_protocol_negotiation (len=20) Type: application_layer_protocol_negotiation (16) Length: 20 ALPN Extension Length: 18 ALPN Protocol ALPN string length: 5 ALPN Next Protocol: h3-29 ALPN string length: 5 ALPN Next Protocol: h3-28 ALPN string length: 5 ALPN Next Protocol: h3-27 Extension: signature_algorithms (len=20) Type: signature_algorithms (13) Length: 20 Signature Hash Algorithms Length: 18 Signature Hash Algorithms (9 algorithms) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: SM2 (4) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Extension: key_share (len=38) Type: key_share (51) Length: 38 Key Share extension Client Key Share Length: 36 Key Share Entry: Group: x25519, Key Exchange length: 32 Group: x25519 (29) Key Exchange Length: 32 Key Exchange: 128f5580196c43a62ff26bc4164109a05e5136abf8bb02e39eadd61945b6d104 Extension: psk_key_exchange_modes (len=2) Type: psk_key_exchange_modes (45) Length: 2 PSK Key Exchange Modes Length: 1 PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1) Extension: supported_versions (len=3) Type: supported_versions (43) Length: 3 Supported Versions length: 2 Supported Version: TLS 1.3 (0x0304) Extension: quic_transport_parameters (drafts version) (len=76) Type: quic_transport_parameters (drafts version) (65445) Length: 76 Parameter: max_idle_timeout (len=4) 60000 ms Type: max_idle_timeout (0x01) Length: 4 Value: 8000ea60 max_idle_timeout: 60000 Parameter: max_udp_payload_size (len=4) 65527 Type: max_udp_payload_size (0x03) Length: 4 Value: 8000fff7 max_udp_payload_size: 65527 Parameter: initial_max_data (len=4) 1048576 Type: initial_max_data (0x04) Length: 4 Value: 80100000 initial_max_data: 1048576 Parameter: initial_max_stream_data_bidi_local (len=4) 1048576 Type: initial_max_stream_data_bidi_local (0x05) Length: 4 Value: 80100000 initial_max_stream_data_bidi_local: 1048576 Parameter: initial_max_stream_data_bidi_remote (len=4) 1048576 Type: initial_max_stream_data_bidi_remote (0x06) Length: 4 Value: 80100000 initial_max_stream_data_bidi_remote: 1048576 Parameter: initial_max_stream_data_uni (len=4) 1048576 Type: initial_max_stream_data_uni (0x07) Length: 4 Value: 80100000 initial_max_stream_data_uni: 1048576 Parameter: initial_max_streams_bidi (len=4) 262144 Type: initial_max_streams_bidi (0x08) Length: 4 Value: 80040000 initial_max_streams_bidi: 262144 Parameter: initial_max_streams_uni (len=4) 262144 Type: initial_max_streams_uni (0x09) Length: 4 Value: 80040000 initial_max_streams_uni: 262144 Parameter: ack_delay_exponent (len=1) Type: ack_delay_exponent (0x0a) Length: 1 Value: 03 ack_delay_exponent: 3 Parameter: GREASE (len=1) 25 Type: GREASE (0x0b) Length: 1 Value: 19 max_ack_delay: 25 Parameter: initial_source_connection_id (len=20) Type: initial_source_connection_id (0x0f) Length: 20 Value: 199f225869a15581ea105e2683da3e4e977db844 Initial Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844 [JA3 Fullstring: 771,4865-4866-4867,0-10-16-13-51-45-43-65445,29-23-24,] [JA3: 92e76078d514999cd950474995dab2b5] QUIC IETF [Expert Info (Note/Protocol): (Random) padding data appended to the datagram] [(Random) padding data appended to the datagram] [Severity level: Note] [Group: Protocol]
QUIC Initial, ServerHello: サーバー → クライアント
- versionはVersion: draft-29 (0xff00001d), h3-29で合意した
Destination Connection ID
はClientHelloのSource ConnectionIDと一致してる- Payload部分にはQUICのACKフレームとCRYPTOフレーム(TLS1.3のServerHello)が入る。
- ACKについてはRFC9000で Receivers send ACK frames (types 0x02 and 0x03) to inform senders of packets they have received and processed. とある
- PADDINGもされてる(1200byteにするための0埋め)
- これ以降QUICのpayload部分は暗号化される
詳細
Frame 146: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0 Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6 User Datagram Protocol, Src Port: 443, Dst Port: 60282 Source Port: 443 Destination Port: 60282 Length: 1208 Checksum: 0xa2fe [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.007535000 seconds] [Time since previous frame: 0.007535000 seconds] UDP payload (1200 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 1200] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..00 .... = Packet Type: Initial (0) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 20 Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Source Connection ID Length: 8 Source Connection ID: 88758606f0322a5b Token Length: 0 Length: 1162 Packet Number: 1 Payload: bfd2e6357a2dc0a1975253c58d2d7ea71bda66c2bde206ec06d805146f30c7844c838a67… ACK Frame Type: ACK (0x0000000000000002) Largest Acknowledged: 0 ACK Delay: 0 ACK Range Count: 0 First ACK Range: 0 CRYPTO Frame Type: CRYPTO (0x0000000000000006) Offset: 0 Length: 90 Crypto Data TLSv1.3 Record Layer: Handshake Protocol: Server Hello Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 86 Version: TLS 1.2 (0x0303) Random: 7eb236141fa8f4daa7f6caf17b0974dac0fbcbe3264194cb3779ebefe86bbc63 Session ID Length: 0 Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Compression Method: null (0) Extensions Length: 46 Extension: key_share (len=36) Type: key_share (51) Length: 36 Key Share extension Key Share Entry: Group: x25519, Key Exchange length: 32 Group: x25519 (29) Key Exchange Length: 32 Key Exchange: cbc40b773b9dbfc7bfde852c7c43742094d4d0c53957e0e5f68804bb626e190b Extension: supported_versions (len=2) Type: supported_versions (43) Length: 2 Supported Version: TLS 1.3 (0x0304) [JA3S Fullstring: 771,4865,51-43] [JA3S: eb1d94daa7e0344597e756a1fb6e7054] PADDING Length: 1046 Frame Type: PADDING (0x0000000000000000) [Padding Length: 1046]
QUICInitial, ACK: クライアント → サーバー
- ACKを送っている。
- Payloadが暗号化されていないので、ServerHelloが来たらすぐに返送するようになっているのだと思う。
- DestinationIDもこの時点でわかっているので3b533bbc52e5fd4eとしてる
詳細
Frame 147: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0 Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d) Internet Protocol Version 4, Src: 192.168.1.6, Dst: 216.58.220.100 User Datagram Protocol, Src Port: 60282, Dst Port: 443 Source Port: 60282 Destination Port: 443 Length: 1208 Checksum: 0x49d4 [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.008098000 seconds] [Time since previous frame: 0.000563000 seconds] UDP payload (1200 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 60] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..00 .... = Packet Type: Initial (0) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 8 Destination Connection ID: 88758606f0322a5b Source Connection ID Length: 20 Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Token Length: 0 Length: 22 Packet Number: 1 Payload: 850f3279f9fef8fd7c213ea116c4c5e19f1b488c7f ACK Frame Type: ACK (0x0000000000000002) Largest Acknowledged: 1 ACK Delay: 15 ACK Range Count: 0 First ACK Range: 0 QUIC IETF [Expert Info (Note/Protocol): (Random) padding data appended to the datagram] [(Random) padding data appended to the datagram] [Severity level: Note] [Group: Protocol]
QUIC handshake, (Ping): クライアント → サーバー
- ServerHelloの時点で鍵交換は完了しているので、この先のメッセージはAES_128_GCMで暗号化(AEAD)される
- QUICのpayloadが暗号化されているようだ
- 上のkey.logを与えないと、下のようにdecryptできないと警告がでるので
- QUICのpayloadが暗号化されているようだ
[Expert Info (Warning/Decryption): Failed to create decryption context: Secrets are not available] [Failed to create decryption context: Secrets are not available] [Severity level: Warning] [Group: Decryption] Remaining Payload: 45732f4e9130531ad4fa666b29f0913829cee72a23aa339fc27f2d290b99cff7052de9df…
- PINGフレームのみ
詳細
Frame 148: 100 bytes on wire (800 bits), 100 bytes captured (800 bits) on interface en0, id 0 Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d) User Datagram Protocol, Src Port: 60282, Dst Port: 443 Source Port: 60282 Destination Port: 443 Length: 66 Checksum: 0x2dc2 [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.033620000 seconds] [Time since previous frame: 0.025522000 seconds] UDP payload (58 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 58] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..10 .... = Packet Type: Handshake (2) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 8 Destination Connection ID: 88758606f0322a5b Source Connection ID Length: 20 Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Length: 21 Packet Number: 0 Payload: 9f3c4005313d571999f64786ac2c11235c07773b PING Frame Type: PING (0x0000000000000001) PADDING Length: 3 Frame Type: PADDING (0x0000000000000000) [Padding Length: 3]
QUIC handshake, EncryptedExtensions, Certificate(部分): サーバー → クライアント)
- ServerHelloの時点で鍵交換は完了しているので、この先のメッセージはAES_128_GCMで暗号化(AEAD)される
- TLS1.3のEncryptedExtensionsを送っている
- ServerHelloでは暗号化されていないので、安全に情報を伝えるためにextensionを別で送るようになっている。
- application_layer_protocol_negotiation extensionでh3-29で同意した
- FF73DBはversion_informationとのこと。
- Certificateも部分的に送っている
- Handshake Protocol: Certificate (fragment)とあるとおり
詳細
Frame 149: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0 Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) User Datagram Protocol, Src Port: 443, Dst Port: 60282 Source Port: 443 Destination Port: 60282 Length: 1208 Checksum: 0x0bc7 [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.040445000 seconds] [Time since previous frame: 0.006825000 seconds] UDP payload (1200 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 1200] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..10 .... = Packet Type: Handshake (2) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 20 Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Source Connection ID Length: 8 Source Connection ID: 88758606f0322a5b Length: 1163 Packet Number: 2 Payload: deb51a9b57814b23ba467fb1c7156be8aab0de1a2d2b25c2a5ead62f02f971fbcd2b8cf9… CRYPTO Frame Type: CRYPTO (0x0000000000000006) Offset: 0 Length: 1142 Crypto Data TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages Handshake Protocol: c Handshake Type: Encrypted Extensions (8) Length: 195 Extensions Length: 193 Extension: server_name (len=0) Type: server_name (0) Length: 0 Extension: application_layer_protocol_negotiation (len=8) Type: application_layer_protocol_negotiation (16) Length: 8 ALPN Extension Length: 6 ALPN Protocol ALPN string length: 5 ALPN Next Protocol: h3-29 Extension: quic_transport_parameters (drafts version) (len=173) Type: quic_transport_parameters (drafts version) (65445) Length: 173 Parameter: google_quic_version (len=25) Type: google_quic_version (0x4752) Length: 25 Value: ff00001d1400000001ff00001d513035305130343651303433 Google QUIC version: draft-29 (0xff00001d) Google Supported Versions Length: 20 Google Supported Version: 1 (0x00000001) Google Supported Version: draft-29 (0xff00001d) Google Supported Version: Google Q050 (0x51303530) Google Supported Version: Google Q046 (0x51303436) Google Supported Version: Google Q043 (0x51303433) Parameter: Unknown 0xff73db (len=28) Type: Unknown (0xff73db) Length: 28 Value: ff00001d00000001ff00001d5130353051303436ea8a7a0a51303433 Parameter: initial_max_streams_bidi (len=2) 100 Type: initial_max_streams_bidi (0x08) Length: 2 Value: 4064 initial_max_streams_bidi: 100 Parameter: initial_max_data (len=4) 196608 Type: initial_max_data (0x04) Length: 4 Value: 80030000 initial_max_data: 196608 Parameter: initial_max_streams_uni (len=2) 103 Type: initial_max_streams_uni (0x09) Length: 2 Value: 4067 initial_max_streams_uni: 103 Parameter: stateless_reset_token (len=16) Type: stateless_reset_token (0x02) Length: 16 Value: 9362f5507acd9bef9196657827b2e56e stateless_reset_token: 9362f5507acd9bef9196657827b2e56e Parameter: max_udp_payload_size (len=2) 1472 Type: max_udp_payload_size (0x03) Length: 2 Value: 45c0 max_udp_payload_size: 1472 Parameter: GREASE (len=5) Type: GREASE (0x35de07450b493654) Length: 5 Value: d86782fdef Parameter: max_idle_timeout (len=4) 240000 ms Type: max_idle_timeout (0x01) Length: 4 Value: 8003a980 max_idle_timeout: 240000 Parameter: disable_active_migration (len=0) Type: disable_active_migration (0x0c) Length: 0 Value: <MISSING> Parameter: initial_max_stream_data_bidi_local (len=4) 131072 Type: initial_max_stream_data_bidi_local (0x05) Length: 4 Value: 80020000 initial_max_stream_data_bidi_local: 131072 Parameter: initial_max_stream_data_uni (len=4) 131072 Type: initial_max_stream_data_uni (0x07) Length: 4 Value: 80020000 initial_max_stream_data_uni: 131072 Parameter: original_destination_connection_id (len=16) Type: original_destination_connection_id (0x00) Length: 16 Value: 88758606f0322a5bbb4ab785d77f9224 original_destination_connection_id: 88758606f0322a5bbb4ab785d77f9224 Parameter: initial_source_connection_id (len=8) Type: initial_source_connection_id (0x0f) Length: 8 Value: 88758606f0322a5b Initial Source Connection ID: 88758606f0322a5b Parameter: initial_max_stream_data_bidi_remote (len=4) 131072 Type: initial_max_stream_data_bidi_remote (0x06) Length: 4 Value: 80020000 initial_max_stream_data_bidi_remote: 131072 Parameter: max_datagram_frame_size (len=4) 65536 Type: max_datagram_frame_size (0x20) Length: 4 Value: 80010000 max_datagram_frame_size: 65536 Handshake Protocol: Certificate (fragment) Reassembled Handshake Message in frame: 155
QUIC handshake, ACK(クライアント → サーバー)
- ACKだが、これは何に対する合意なんだろうか?
- TLS1.3ではEncryptedExtensions → Certificate → CertificateVerifyと立て続けに送るので。
詳細
Frame 150: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface en0, id 0 Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d) User Datagram Protocol, Src Port: 60282, Dst Port: 443 QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 59] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..10 .... = Packet Type: Handshake (2) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 8 Destination Connection ID: 88758606f0322a5b Source Connection ID Length: 20 Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Length: 22 Packet Number: 1 Payload: e2107615b0a987057ad4c7b0d7c994d1d09c28ef1f ACK Frame Type: ACK (0x0000000000000002) Largest Acknowledged: 2 ACK Delay: 4 ACK Range Count: 0 First ACK Range: 0
QUIC handshake, Certificate(途中まで): サーバー → クライアント
- Certificateメッセージ(部分)を送っている
詳細
Frame 151: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0 Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6 User Datagram Protocol, Src Port: 443, Dst Port: 60282 Source Port: 443 Destination Port: 60282 Length: 1208 Checksum: 0xe02f [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.041845000 seconds] [Time since previous frame: 0.000777000 seconds] UDP payload (1200 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 1200] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..10 .... = Packet Type: Handshake (2) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 20 Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Source Connection ID Length: 8 Source Connection ID: 88758606f0322a5b Length: 1163 Packet Number: 3 Payload: 8e85572215410eef23779d420678785fa5515913fa8750d9203980ca8d68b48371a49fe4… CRYPTO Frame Type: CRYPTO (0x0000000000000006) Offset: 1142 Length: 1141 Crypto Data TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages Handshake Protocol: Certificate (fragment) Reassembled Handshake Message in frame: 155
Frame 152: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0 Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6 User Datagram Protocol, Src Port: 443, Dst Port: 60282 Source Port: 443 Destination Port: 60282 Length: 1208 Checksum: 0x864a [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.042046000 seconds] [Time since previous frame: 0.000201000 seconds] UDP payload (1200 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 1200] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..10 .... = Packet Type: Handshake (2) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 20 Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Source Connection ID Length: 8 Source Connection ID: 88758606f0322a5b Length: 1163 Packet Number: 4 Payload: 3c9fef53071ee7746ff8a187670caffa0bcde13bf839f21fc90f4cae7ceab089ba7313d2… CRYPTO Frame Type: CRYPTO (0x0000000000000006) Offset: 2283 Length: 1141 Crypto Data TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages Handshake Protocol: Certificate (fragment) Reassembled Handshake Message in frame: 155
Frame 153: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0 Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) User Datagram Protocol, Src Port: 443, Dst Port: 60282 Source Port: 443 Destination Port: 60282 Length: 1208 Checksum: 0x6566 [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.042254000 seconds] [Time since previous frame: 0.000208000 seconds] UDP payload (1200 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 1200] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..10 .... = Packet Type: Handshake (2) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 20 Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Source Connection ID Length: 8 Source Connection ID: 88758606f0322a5b Length: 1163 Packet Number: 5 Payload: 97a28227b26e45c442b17bc354b09eedf9c7a228fd81c199aa20ae49b9b4366d203d4371… CRYPTO Frame Type: CRYPTO (0x0000000000000006) Offset: 3424 Length: 1141 Crypto Data TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages Handshake Protocol: Certificate (fragment) Reassembled Handshake Message in frame: 155
Frame 154: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0 Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) User Datagram Protocol, Src Port: 443, Dst Port: 60282 Source Port: 443 Destination Port: 60282 Length: 1208 Checksum: 0x8109 [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.042438000 seconds] [Time since previous frame: 0.000184000 seconds] UDP payload (1200 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 1200] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..10 .... = Packet Type: Handshake (2) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 20 Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Source Connection ID Length: 8 Source Connection ID: 88758606f0322a5b Length: 1163 Packet Number: 6 Payload: 54668a9013616ae98728b3f64da406586b8a3de3bff928a5bbd1e7b605e6b4e51ccee342… CRYPTO Frame Type: CRYPTO (0x0000000000000006) Offset: 4565 Length: 1141 Crypto Data TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages Handshake Protocol: Certificate (fragment) Reassembled Handshake Message in frame: 155
QUIC HandShake, Certificate(終わり), CertificateVerify, Finished, http3: サーバー → クライアント
- QUIC HandShake
- ココでCertificate (last fragment)とあるように最後のCertificateメッセージのようだ
- 1フレームにQUICパケットが2つくっついてきていることに注意。
- 一つはHandshakeのパケット、もう一つはhttp3(data send)のパケット
- 1フレームにQUICパケットが2つくっついてきていることに注意。
- Certificateは全て送ったので、WireSharkのPacket Detailsの画面では証明書チェーンに関するものがパースされている。とはいえ流石に長いので、下のリンクに移した
- CertificateVerify, FinishedはTLS1.3と同じ。
- ココでCertificate (last fragment)とあるように最後のCertificateメッセージのようだ
- http3
- STREAMフレームについては https://www.rfc-editor.org/rfc/rfc9000.html#section-19.8
- Stream Dataの中にhttp3のレスポンスが内包されている
- Control Stream: https://www.ietf.org/archive/id/draft-ietf-quic-http-34.html#control-streams
- SETTINGS: https://www.ietf.org/archive/id/draft-ietf-quic-http-34.html#name-settings
- The SETTINGS frame (type=0x4) conveys configuration parameters
- SETTINGS: https://www.ietf.org/archive/id/draft-ietf-quic-http-34.html#name-settings
- Control Stream: https://www.ietf.org/archive/id/draft-ietf-quic-http-34.html#control-streams
- Stream Dataの中にhttp3のレスポンスが内包されている
- STREAMフレームについては https://www.rfc-editor.org/rfc/rfc9000.html#section-19.8
詳細
Frame 155: 1206 bytes on wire (9648 bits), 1206 bytes captured (9648 bits) on interface en0, id 0 Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) User Datagram Protocol, Src Port: 443, Dst Port: 60282 Source Port: 443 Destination Port: 60282 Length: 1172 Checksum: 0x95bc [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.042439000 seconds] [Time since previous frame: 0.000001000 seconds] UDP payload (1164 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 1081] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..10 .... = Packet Type: Handshake (2) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 20 Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Source Connection ID Length: 8 Source Connection ID: 88758606f0322a5b Length: 1044 Packet Number: 7 Payload: b843825498ec80988e11a333465f8a656933a19f2becb27e0171a31c3cd7ed85cf8e9807… ACK Frame Type: ACK (0x0000000000000002) Largest Acknowledged: 0 ACK Delay: 0 ACK Range Count: 0 First ACK Range: 0 CRYPTO Frame Type: CRYPTO (0x0000000000000006) Offset: 5706 Length: 1017 Crypto Data TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages Handshake Protocol: Certificate (last fragment) [6 Reassembled Handshake Fragments (6409 bytes): #149(943), #151(1141), #152(1141), #153(1141), #154(1141), #155(902)] [Frame: 149, payload: 0-942 (943 bytes)] [Frame: 151, payload: 943-2083 (1141 bytes)] [Frame: 152, payload: 2084-3224 (1141 bytes)] [Frame: 153, payload: 3225-4365 (1141 bytes)] [Frame: 154, payload: 4366-5506 (1141 bytes)] [Frame: 155, payload: 5507-6408 (902 bytes)] [Handshake Fragment count: 6] Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 6405 Certificate Request Context Length: 0 Certificates Length: 6401 Certificates (6401 bytes) # 中略(gistにある) Handshake Protocol: Certificate Verify Handshake Type: Certificate Verify (15) Length: 75 Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature length: 71 Signature: 3045022100c578cbd952845bea5a35b4e096324c1cfc837a2d54b6ca2de4fa3ed90af68a… Handshake Protocol: Finished Handshake Type: Finished (20) Length: 32 Verify Data QUIC IETF [Packet Length: 83] QUIC Short Header DCID=199f225869a15581ea105e2683da3e4e977db844 PKN=8 0... .... = Header Form: Short Header (0) .1.. .... = Fixed Bit: True ..0. .... = Spin Bit: False ...0 0... = Reserved: 0 .... .0.. = Key Phase Bit: False .... ..01 = Packet Number Length: 2 bytes (1) Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Packet Number: 8 Protected Payload: f5063ae0523fb6b8732e5fb2e47c61ecb9e824656c59692bc8c1a52723df24573fc255b7… STREAM id=3 fin=0 off=0 len=42 dir=Unidirectional origin=Server-initiated Frame Type: STREAM (0x0000000000000008) .... ...0 = Fin: False .... ..0. = Len(gth): False .... .0.. = Off(set): False Stream ID: 3 .... .... .... .... .... .... .... .... .... .... .... .... .... .... .... ...1 = Stream initiator: Server-initiated (1) .... .... .... .... .... .... .... .... .... .... .... .... .... .... .... ..1. = Stream direction: Unidirectional (1) Stream Data: 00041d01800100000680010000074064c000000c54574536c00000004ca77d7cc0000006… Hypertext Transfer Protocol Version 3 Stream Type: Control Stream (0x0000000000000000) Type: SETTINGS (0x0000000000000004) Length: 29 Frame Payload: 01800100000680010000074064c000000c54574536c00000004ca77d7c Settings - Max Table Capacity: 65536 Settings Identifier: Max Table Capacity (0x0000000000000001) Settings Value: 65536 Max Table Capacity: 65536 Settings - Max Field Section Size: 65536 Settings Identifier: Max Field Section Size (0x0000000000000006) Settings Value: 65536 Max header list size: 65536 Settings - Blocked Streams: 100 Settings Identifier: Blocked Streams (0x0000000000000007) Settings Value: 100 Blocked Streams: 100 Settings - GREASE Type: GREASE (0xc54574536) Settings Value: 1286045052 Type: Reserved (0x62bfe3694) Length: 1 Frame Payload: e2
QUIC HandShake: クライアント → サーバー
- ACKしてる
Frame 156: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface en0, id 0 Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d) Internet Protocol Version 4, Src: 192.168.1.6, Dst: 216.58.220.100 User Datagram Protocol, Src Port: 60282, Dst Port: 443 Source Port: 60282 Destination Port: 443 Length: 67 Checksum: 0xc784 [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.042565000 seconds] [Time since previous frame: 0.000126000 seconds] UDP payload (59 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 59] 1... .... = Header Form: Long Header (1) .1.. .... = Fixed Bit: True ..10 .... = Packet Type: Handshake (2) .... 00.. = Reserved: 0 .... ..00 = Packet Number Length: 1 bytes (0) Version: draft-29 (0xff00001d) Destination Connection ID Length: 8 Destination Connection ID: 88758606f0322a5b Source Connection ID Length: 20 Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Length: 22 Packet Number: 2 Payload: 4a6f2448253c8f1dad2ffc611894cdce26977b62f1 ACK Frame Type: ACK (0x0000000000000002) Largest Acknowledged: 3 ACK Delay: 6 ACK Range Count: 0 First ACK Range: 1
- ここから先はTODO
- PKNはpacKet Number
- PKN 9でNewSessionTIcketがきてる
Frame 163: 680 bytes on wire (5440 bits), 680 bytes captured (5440 bits) on interface en0, id 0 Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6 User Datagram Protocol, Src Port: 443, Dst Port: 60282 Source Port: 443 Destination Port: 60282 Length: 646 Checksum: 0xf954 [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.049471000 seconds] [Time since previous frame: 0.005372000 seconds] UDP payload (638 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 638] QUIC Short Header DCID=199f225869a15581ea105e2683da3e4e977db844 PKN=9 0... .... = Header Form: Short Header (0) .1.. .... = Fixed Bit: True ..0. .... = Spin Bit: False ...0 0... = Reserved: 0 .... .0.. = Key Phase Bit: False .... ..00 = Packet Number Length: 1 bytes (0) Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Packet Number: 9 Protected Payload: a2c25fdeb71ae6bc0d83b004d2afc2dae449f31b682dcd620f208c8a43a07054b1ef7236… CRYPTO Frame Type: CRYPTO (0x0000000000000006) Offset: 0 Length: 596 Crypto Data TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages Handshake Protocol: New Session Ticket Handshake Protocol: New Session Ticket
- PKN10でhandshake done
Frame 164: 171 bytes on wire (1368 bits), 171 bytes captured (1368 bits) on interface en0, id 0 Interface id: 0 (en0) Interface name: en0 Interface description: Wi-Fi Encapsulation type: Ethernet (1) Arrival Time: Sep 24, 2022 18:43:49.084911000 JST [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1664012629.084911000 seconds [Time delta from previous captured frame: 0.000002000 seconds] [Time delta from previous displayed frame: 0.000002000 seconds] [Time since reference or first frame: 45.235804000 seconds] Frame Number: 164 Frame Length: 171 bytes (1368 bits) Capture Length: 171 bytes (1368 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:quic] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) Destination: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) Address: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Mitsubis_84:95:2d (10:4b:46:84:95:2d) Address: Mitsubis_84:95:2d (10:4b:46:84:95:2d) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 157 Identification: 0x0000 (0) Flags: 0x40, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 58 Protocol: UDP (17) Header Checksum: 0xca02 [validation disabled] [Header checksum status: Unverified] Source Address: 216.58.220.100 Destination Address: 192.168.1.6 User Datagram Protocol, Src Port: 443, Dst Port: 60282 Source Port: 443 Destination Port: 60282 Length: 137 Checksum: 0xa954 [unverified] [Checksum Status: Unverified] [Stream index: 11] [Timestamps] [Time since first frame: 0.049473000 seconds] [Time since previous frame: 0.000002000 seconds] UDP payload (129 bytes) QUIC IETF QUIC Connection information [Connection Number: 2] [Packet Length: 129] QUIC Short Header DCID=199f225869a15581ea105e2683da3e4e977db844 PKN=10 0... .... = Header Form: Short Header (0) .1.. .... = Fixed Bit: True ..0. .... = Spin Bit: False ...0 0... = Reserved: 0 .... .0.. = Key Phase Bit: False .... ..01 = Packet Number Length: 2 bytes (1) Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844 Packet Number: 10 Protected Payload: dd42be65bd1b82cddf4ca192e22552933962a503bbda6a7fb1c654d85fd64d64591c7e6f… HANDSHAKE_DONE Frame Type: HANDSHAKE_DONE (0x000000000000001e) NEW_TOKEN Frame Type: NEW_TOKEN (0x0000000000000007) (Token) Length: 86 Token: 00beee223273e35e7dc2d3a91664bd1894f1bdcf4daadc94e6ed56919ffc01d18218fbb0