diff --git a/src/parser-quic.cpp b/src/parser-quic.cpp index cc90787..c28bf7c 100644 --- a/src/parser-quic.cpp +++ b/src/parser-quic.cpp @@ -573,6 +573,10 @@ static gboolean quic_derive_initial_secrets(const quic_cid_t *cid, guint8 client 0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99 }; + static const guint8 handshake_salt_v1[20] = { + 0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17, + 0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a + }; static const guint8 hanshake_salt_draft_q50[20] = { 0x50, 0x45, 0x74, 0xEF, 0xD0, 0x66, 0xFE, 0x2F, 0x9D, 0x94, 0x5C, 0xFC, 0xDB, 0xD3, 0xA7, 0xF0, 0xD3, 0xB5, 0x6B, 0x45 @@ -590,17 +594,34 @@ static gboolean quic_derive_initial_secrets(const quic_cid_t *cid, guint8 client guint8 secret[HASH_SHA2_256_LENGTH]; if (version == 0x51303530) + { err = hkdf_extract(GCRY_MD_SHA256, hanshake_salt_draft_q50, sizeof(hanshake_salt_draft_q50), cid->cid, cid->len, secret); + } else if (version == 0x54303530) + { err = hkdf_extract(GCRY_MD_SHA256, hanshake_salt_draft_t50, sizeof(hanshake_salt_draft_t50), cid->cid, cid->len, secret); + } else if (version == 0x54303531) + { err = hkdf_extract(GCRY_MD_SHA256, hanshake_salt_draft_t51, sizeof(hanshake_salt_draft_t51), cid->cid, cid->len, secret); + } else if (is_quic_draft_max(version, 22)) + { err = hkdf_extract(GCRY_MD_SHA256, handshake_salt_draft_22, sizeof(handshake_salt_draft_22), cid->cid, cid->len, secret); + } else if (is_quic_draft_max(version, 28)) + { err = hkdf_extract(GCRY_MD_SHA256, handshake_salt_draft_23, sizeof(handshake_salt_draft_23), cid->cid, cid->len, secret); - else + } + else if (is_quic_draft_max(version, 32)) + { err = hkdf_extract(GCRY_MD_SHA256, handshake_salt_draft_29, sizeof(handshake_salt_draft_29), cid->cid, cid->len, secret); + } + else + { + err = hkdf_extract(GCRY_MD_SHA256, handshake_salt_v1, sizeof(handshake_salt_v1), cid->cid, cid->len, secret); + } + if (err) { //printf("Failed to extract secrets: %s\n", gcry_strerror(err)); *error = "Failed to extract secrets"; diff --git a/test/pcap/2-ietf-rfc9000.pcap b/test/pcap/2-ietf-rfc9000.pcap new file mode 100644 index 0000000..84097c8 Binary files /dev/null and b/test/pcap/2-ietf-rfc9000.pcap differ diff --git a/test/quic_result.json b/test/quic_result.json index b536765..21a3a41 100644 --- a/test/quic_result.json +++ b/test/quic_result.json @@ -3,4 +3,11 @@ "VERSION": "IETF QUIC 29", "SNI": "www.facebook.com", "name": "QUIC_RESULT_1" - }] + }, + { + "Tuple4": "192.168.60.32.59699>64.233.164.84.443", + "VERSION": "IETF QUIC RFC9000", + "SNI": "accounts.google.com", + "name": "QUIC_RESULT_2" + } +]