DTLS-PSK算法抓包解析
一、DTLS -PSK
PSK 是DTLS 定义的密钥交换方案之一,相对于公钥证书方案(如 ECDHA_RSA) 来说,其具备更加轻量化、高效的优点;
而目前 PSK方案应用也比较广泛。 关于DTLS协议可以看看前面的文章 DTLS要点解析
本次通过模拟的DTLS程序,对DTLS-PSK 握手流程进行抓包分析,以期加深对协议本身的理解。
二、完整握手
流程
Client Server
------ ------
1.ClientHello -------->
<-------- 2..HelloVerifyRequest
(contains cookie)
3.ClientHello -------->
(with cookie)
4.ServerHello
<-------- 5.ServerHelloDone
6.ClientKeyExchange
7.ChangeCipherSpec
8.Finished -------->
9.ChangeCipherSpec
<-------- 10.Finished
Application Data <-------> Application Data
步骤解析
~1. Client 发送ClientHello
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: localhost/127.0.0.1:5684
Version: 254, 253
Epoch: 0
Sequence Number: 0
Length: 82
Fragment:
Handshake Protocol
Type: CLIENT_HELLO (1)
Peer: localhost/127.0.0.1:5684
Message Sequence No: 0
Fragment Offset: 0
Fragment Length: 70
Length: 70
Version: 254, 253
Random:
GMT Unix Time: Mon Jan 30 22:45:32 CST 2017
Random Bytes: 4B 8B 3C CF 0F 62 57 99 94 E9 86 0A 46 68 BF 44 00 D1 34 45 FC 81 C3 AC BC 55 7E DB
Session ID Length: 0
Cookie Length: 0
Cipher Suites Length: 4
Cipher Suites (2 suites)
Cipher Suite: TLS_PSK_WITH_AES_128_CCM_8
Cipher Suite: TLS_PSK_WITH_AES_128_CBC_SHA256
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: NULL
Extensions Length: 24
Extension: elliptic_curves (10)
Length: 8
Elliptic Curves Length: 6
Elliptic Curves (3 curves):
Elliptic Curve: secp256r1 (23)
Elliptic Curve: secp384r1 (24)
Elliptic Curve: secp521r1 (25)
Extension: ec_point_formats (11)
Length: 2
EC point formats length: 1
Elliptic Curves Point Formats (1):
EC point format: uncompressed (0)
Extension: server_certificate_type (20)
Server certificate type: RAW_PUBLIC_KEY
===============================================================
此时没有携带Cookie,SessionID未生成;
Cipher Suites 携带了用于协商的算法集。
~2. Server 回复HelloVerifyRequest
Handshake Protocol
Type: HELLO_VERIFY_REQUEST (3)
Peer: localhost/127.0.0.1:5684
Message Sequence No: 0
Fragment Offset: 0
Fragment Length: 35
Length: 35
Server Version: 254, 253
Cookie Length: 32
Cookie: 77 25 7E 96 9E BD 39 42 94 5F 27 6C 8A 6D 9D D2 1A C9 A3 B8 62 1A 34 86 76 1D D7 AA F4 28 98 6D
Request中携带了32字节的Cookie。
~3. Client 再次发送ClientHello
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: localhost/127.0.0.1:5684
Version: 254, 253
Epoch: 0
Sequence Number: 1
Length: 114
Fragment:
Handshake Protocol
Type: CLIENT_HELLO (1)
Peer: localhost/127.0.0.1:5684
Message Sequence No: 1
Fragment Offset: 0
Fragment Length: 102
Length: 102
Version: 254, 253
Random:
GMT Unix Time: Mon Jan 30 22:45:32 CST 2017
Random Bytes: 4B 8B 3C CF 0F 62 57 99 94 E9 86 0A 46 68 BF 44 00 D1 34 45 FC 81 C3 AC BC 55 7E DB
Session ID Length: 0
Cookie Length: 32
Cookie: 77 25 7E 96 9E BD 39 42 94 5F 27 6C 8A 6D 9D D2 1A C9 A3 B8 62 1A 34 86 76 1D D7 AA F4 28 98 6D
Cipher Suites Length: 4
Cipher Suites (2 suites)
Cipher Suite: TLS_PSK_WITH_AES_128_CCM_8
Cipher Suite: TLS_PSK_WITH_AES_128_CBC_SHA256
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: NULL
Extensions Length: 24
Extension: elliptic_curves (10)
Length: 8
Elliptic Curves Length: 6
Elliptic Curves (3 curves):
Elliptic Curve: secp256r1 (23)
Elliptic Curve: secp384r1 (24)
Elliptic Curve: secp521r1 (25)
Extension: ec_point_formats (11)
Length: 2
EC point formats length: 1
Elliptic Curves Point Formats (1):
EC point format: uncompressed (0)
Extension: server_certificate_type (20)
Server certificate type: RAW_PUBLIC_KEY
===============================================================
本次携带了服务端返回的Cookie值。
~4. Server 回复ServerHello
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: /127.0.0.1:64688
Version: 254, 253
Epoch: 0
Sequence Number: 1
Length: 82
Fragment:
Handshake Protocol
Type: SERVER_HELLO (2)
Peer: /127.0.0.1:64688
Message Sequence No: 1
Fragment Offset: 0
Fragment Length: 70
Length: 70
Server Version: 254, 253
Random:
GMT Unix Time: Mon Jan 30 22:45:32 CST 2017
Random Bytes: AB AB 69 55 C4 2E 1F B0 8D B7 FE 7F EA 36 E5 18 6A FD 4D C8 19 4C 73 63 D3 19 B5 E0
Session ID Length: 32
Session ID: 58 8F 51 8C 2A 2A B5 DC 14 9C AB D3 F2 EE BA 25 78 80 47 25 A7 93 35 34 00 D5 CD 53 2C EC B3 D4
Cipher Suite: TLS_PSK_WITH_AES_128_CCM_8
Compression Method: NULL
Extensions Length: 0
===============================================================
此时生成了32字节的 SessionID;
CipherSute 指明了即将采用的密钥算法集;
~5. Server 回复ServerHelloDone
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: /127.0.0.1:64688
Version: 254, 253
Epoch: 0
Sequence Number: 2
Length: 12
Fragment:
Handshake Protocol
Type: SERVER_HELLO_DONE (14)
Peer: /127.0.0.1:64688
Message Sequence No: 2
Fragment Offset: 0
Fragment Length: 0
Length: 0
===============================================================
Server 通知ServerHello结束。
~6. Client 发送ClientKeyExchange
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: localhost/127.0.0.1:5684
Version: 254, 253
Epoch: 0
Sequence Number: 2
Length: 23
Fragment:
Handshake Protocol
Type: CLIENT_KEY_EXCHANGE (16)
Peer: localhost/127.0.0.1:5684
Message Sequence No: 2
Fragment Offset: 0
Fragment Length: 11
Length: 11
PSK Identity: 012345678
===============================================================
PSK Identity 用于标识终端ID,后续双方根据该ID找到终端预置的PSK用于计算密钥;
~7. Client 发送ChangeCipherSpec
==[ DTLS Record ]==============================================
Content Type: Change Cipher Spec (20)
Peer address: localhost/127.0.0.1:5684
Version: 254, 253
Epoch: 0
Sequence Number: 3
Length: 1
Fragment:
Change Cipher Spec Message
===============================================================
Client 表示已经确认算法和密钥。
~8. Client 发送Finish
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: localhost/127.0.0.1:5684
Version: 254, 253
Epoch: 1
Sequence Number: 0
Length: 40
Fragment:
Handshake Protocol
Type: FINISHED (20)
Peer: localhost/127.0.0.1:5684
Message Sequence No: 3
Fragment Offset: 0
Fragment Length: 12
Length: 12
Verify Data: BC 00 D7 F6 6F E5 A4 B4 0D 8B 5C 8A
===============================================================
Client 表示握手完成,其中Verify Data是由动态密钥计算得出的摘要,用于Server端验证。
~9. Server 发送ChangeCipherSpec
==[ DTLS Record ]==============================================
Content Type: Change Cipher Spec (20)
Peer address: /127.0.0.1:64688
Version: 254, 253
Epoch: 0
Sequence Number: 3
Length: 1
Fragment:
Change Cipher Spec Message
===============================================================
Server 表示已经确认算法和密钥。
~10. Server 发送Finish
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: /127.0.0.1:64688
Version: 254, 253
Epoch: 1
Sequence Number: 0
Length: 40
Fragment:
Handshake Protocol
Type: FINISHED (20)
Peer: /127.0.0.1:64688
Message Sequence No: 3
Fragment Offset: 0
Fragment Length: 12
Length: 12
Verify Data: EC C9 5E 4E 24 BE 77 78 CB F5 20 54
===============================================================
Server 表示握手完成,其中Verify Data是由动态密钥计算得出的摘要,用于Client端验证。
至此,完整的PSK 握手流程已经结束,接下来执行会话恢复的场景。
三、会话恢复
流程
Client Server
------ ------
1.ClientHello -------->
<-------- 2..HelloVerifyRequest
(contains cookie)
3.ClientHello -------->
(with cookie)
4.ServerHello
5.ChangeCipherSpec
<-------- 6.Finished
7.ChangeCipherSpec
8.Finished -------->
Application Data <-------> Application Data
步骤解析
~1. Client 发送ClientHello
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: /127.0.0.1:5684
Version: 254, 253
Epoch: 0
Sequence Number: 0
Length: 115
Fragment:
Handshake Protocol
Type: CLIENT_HELLO (1)
Peer: /127.0.0.1:5684
Message Sequence No: 0
Fragment Offset: 0
Fragment Length: 103
Length: 103
Version: 254, 253
Random:
GMT Unix Time: Tue Jan 31 00:02:05 CST 2017
Random Bytes: B6 28 F7 76 FE C1 B9 7A 87 CE D9 81 2D C3 9A AA 07 F8 69 2D 36 A3 B3 A2 1F 47 E1 FF
Session ID Length: 32
Session ID: 58 8F 63 71 DE B4 87 9A C0 0B 67 BB 16 7F 33 1C B6 FF E2 74 74 D9 EB 58 D4 78 44 BA 4C 22 42 38
Cookie Length: 0
Cipher Suites Length: 4
Cipher Suites (2 suites)
Cipher Suite: TLS_NULL_WITH_NULL_NULL
Cipher Suite: TLS_PSK_WITH_AES_128_CCM_8
Compression Methods Length: 2
Compression Methods (2 method)
Compression Method: NULL
Compression Method: NULL
Extensions Length: 24
Extension: elliptic_curves (10)
Length: 8
Elliptic Curves Length: 6
Elliptic Curves (3 curves):
Elliptic Curve: secp256r1 (23)
Elliptic Curve: secp384r1 (24)
Elliptic Curve: secp521r1 (25)
Extension: ec_point_formats (11)
Length: 2
EC point formats length: 1
Elliptic Curves Point Formats (1):
EC point format: uncompressed (0)
Extension: server_certificate_type (20)
Server certificate type: RAW_PUBLIC_KEY
===============================================================
此时SessionID已经存在,但Cookie为空,仍然需要经过一次HelloVerify。
~2.Server 发送HelloVerifyRequest
Handshake Protocol
Type: HELLO_VERIFY_REQUEST (3)
Peer: /127.0.0.1:5684
Message Sequence No: 0
Fragment Offset: 0
Fragment Length: 35
Length: 35
Server Version: 254, 253
Cookie Length: 32
Cookie: 67 6B 86 62 06 F6 A4 3D 31 59 B1 82 80 39 23 76 C6 2C E2 FC E1 7F 41 E8 EE 13 6C 12 A6 76 7B C5
Server 发送了32字节的Cookie值
~3. Client 再次发送ClientHello
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: /127.0.0.1:5684
Version: 254, 253
Epoch: 0
Sequence Number: 1
Length: 147
Fragment:
Handshake Protocol
Type: CLIENT_HELLO (1)
Peer: /127.0.0.1:5684
Message Sequence No: 1
Fragment Offset: 0
Fragment Length: 135
Length: 135
Version: 254, 253
Random:
GMT Unix Time: Tue Jan 31 00:02:05 CST 2017
Random Bytes: B6 28 F7 76 FE C1 B9 7A 87 CE D9 81 2D C3 9A AA 07 F8 69 2D 36 A3 B3 A2 1F 47 E1 FF
Session ID Length: 32
Session ID: 58 8F 63 71 DE B4 87 9A C0 0B 67 BB 16 7F 33 1C B6 FF E2 74 74 D9 EB 58 D4 78 44 BA 4C 22 42 38
Cookie Length: 32
Cookie: 67 6B 86 62 06 F6 A4 3D 31 59 B1 82 80 39 23 76 C6 2C E2 FC E1 7F 41 E8 EE 13 6C 12 A6 76 7B C5
Cipher Suites Length: 4
Cipher Suites (2 suites)
Cipher Suite: TLS_NULL_WITH_NULL_NULL
Cipher Suite: TLS_PSK_WITH_AES_128_CCM_8
Compression Methods Length: 2
Compression Methods (2 method)
Compression Method: NULL
Compression Method: NULL
Extensions Length: 24
Extension: elliptic_curves (10)
Length: 8
Elliptic Curves Length: 6
Elliptic Curves (3 curves):
Elliptic Curve: secp256r1 (23)
Elliptic Curve: secp384r1 (24)
Elliptic Curve: secp521r1 (25)
Extension: ec_point_formats (11)
Length: 2
EC point formats length: 1
Elliptic Curves Point Formats (1):
EC point format: uncompressed (0)
Extension: server_certificate_type (20)
Server certificate type: RAW_PUBLIC_KEY
===============================================================
此时Cookie和SessionID都不为空。
~4. Server 发送ServerHello
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: /127.0.0.1:54595
Version: 254, 253
Epoch: 0
Sequence Number: 1
Length: 82
Fragment:
Handshake Protocol
Type: SERVER_HELLO (2)
Peer: /127.0.0.1:54595
Message Sequence No: 1
Fragment Offset: 0
Fragment Length: 70
Length: 70
Server Version: 254, 253
Random:
GMT Unix Time: Tue Jan 31 00:02:05 CST 2017
Random Bytes: 6B 21 0D B0 A3 33 A3 49 65 0E D9 D1 DB 0E 62 74 51 EE 1B E1 CC 37 1E FD 8C 67 39 00
Session ID Length: 32
Session ID: 58 8F 63 71 DE B4 87 9A C0 0B 67 BB 16 7F 33 1C B6 FF E2 74 74 D9 EB 58 D4 78 44 BA 4C 22 42 38
Cipher Suite: TLS_PSK_WITH_AES_128_CCM_8
Compression Method: NULL
===============================================================
~5. Server 发送ChangeCipherSpec
==[ DTLS Record ]==============================================
Content Type: Change Cipher Spec (20)
Peer address: /127.0.0.1:54595
Version: 254, 253
Epoch: 0
Sequence Number: 2
Length: 1
Fragment:
Change Cipher Spec Message
===============================================================
Server 表示已经确认算法和密钥。
~6. Server 发送Finish
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: /127.0.0.1:54595
Version: 254, 253
Epoch: 1
Sequence Number: 0
Length: 40
Fragment:
Handshake Protocol
Type: FINISHED (20)
Peer: /127.0.0.1:54595
Message Sequence No: 2
Fragment Offset: 0
Fragment Length: 12
Length: 12
Verify Data: D7 8F CA EC 97 B7 96 A3 CD 5E 5C 97
===============================================================
Server 表示握手完成,其中VerifyData 用于Client端验证。
~7. Client 发送ChangeCipherSpec
==[ DTLS Record ]==============================================
Content Type: Change Cipher Spec (20)
Peer address: /127.0.0.1:5684
Version: 254, 253
Epoch: 0
Sequence Number: 2
Length: 1
Fragment:
Change Cipher Spec Message
===============================================================
Client 表示已经确认算法和密钥。
~8. Client 发送Finish
==[ DTLS Record ]==============================================
Content Type: Handshake (22)
Peer address: /127.0.0.1:5684
Version: 254, 253
Epoch: 1
Sequence Number: 0
Length: 40
Fragment:
Handshake Protocol
Type: FINISHED (20)
Peer: /127.0.0.1:5684
Message Sequence No: 2
Fragment Offset: 0
Fragment Length: 12
Length: 12
Verify Data: 3F 86 FC 45 D8 41 A6 BE BD 54 C2 7A
===============================================================
Client 表示握手完成,其中VerifyData 用于Server端验证。
至此,会话恢复(Resuming)流程分析完毕。
四、相关参考
Scadium 是一个纯Java语言的DTLS实现,可支持DTLS 1.2版本。
目前其被纳入 Californium项目(Coap技术框架),项目地址为:
https://github.com/eclipse/californium/tree/master/scandium-core
关于DTLS的技术纪要:
http://www.cnblogs.com/littleatp/p/6358261.html
TLS_PSK 标准定义:
https://tools.ietf.org/html/rfc4279
DTLS-PSK算法抓包解析的更多相关文章
- 使用Charles进行网络请求抓包解析
使用Charles进行网络请求抓包解析 0. 懒人的福音(⌐■_■)(破解版下载地址,记得安装java库支持) http://pan.baidu.com/s/1c08ksMW 1. 查看电脑的ip地址 ...
- BLE广播数据的抓包解析
前言: 报文由数据字节组成同时是按比特传输的,这就免不了牵涉到字节序的问题. 对于各个字节的传输,总是从最低位开始传输.如0x80是按00000001发送的,0x01是按10000000发送的. 同时 ...
- Android抓包解析全过程
需求原因 在android开发中,遇到socket编程,无法从log日志中查看到与之通讯的socket发送和返回的数据包是什么,这里介绍一个工具,tcpdump工具和wireshark工具查看抓到的内 ...
- 【Android测试工具】Android抓包解析全过程
需求原因 在android开发中,遇到socket编程,无法从log日志中查看到与之通讯的socket发送和返回的数据包是什么,这里介绍一个工具,tcpdump工具和wireshark工具查看抓到的内 ...
- Asp.Net_抓包解析xml文件为json
protected void Button1_Click(object sender, EventArgs e) { string Phone = this.Txt_Con.Text; string ...
- Fiddler抓包工具使用详解
一.Fiddler简介 Fiddler是最强大最好用的Web调试工具之一, 它能记录所有客户端和服务器的http和https请求.允许你监视.设置断点.甚至修改输入输出数据.Fiddler包含了一个强 ...
- fiddler抓包时显示Tunnel to......443是怎么回事
之前公司的app使用的http协议,因此不需要安装证书也能够转包. 后来改成https协议后,在使用fiddler进行抓包时,一直出现tunnel to 443. 百度了好久也没有具体的解决办法,后来 ...
- Fiddler抓包工具使用方法
Fiddler是最强大最好用的Web调试工具之一, 它能记录所有客户端和服务器的http和https请求.允许你监视.设置断点.甚至修改输入输出数据.Fiddler包含了一个强大的基于事件脚本的子系统 ...
- 玩转Fiddler抓包工具
一.Fiddler简述 Fiddler是最强大最好用的Web调试工具之一, 它能记录所有客户端和服务器的http和https请求.允许你监视.设置断点.甚至修改输入输出数据.Fiddler包含了一个强 ...
随机推荐
- 品牌笔记本预装windows的OEM分区解决方案(联想)
我的Y480出厂预装的win7,现在过了好久了,系统早就格盘重装成win8.1了,但是分区表里面还有个OEM分区.里面存的应该是预装的系统备份,跟笔记本电源键旁边的恢复键直接绑定......不过系统既 ...
- ecos的app机制
底层->支持层->业务 底层base 数据库访问 service管理 app管理 kvstore存储 kvcache缓存 支持层 pam登录验证 dbeav数据库扩展功能 site前台 d ...
- Android 的Camera架构介绍
http://java-admin.iteye.com/blog/452464 第一部分 Camera概述Android的Camera包含取景器(viewfinder)和拍摄照片的功能.目前And ...
- [Unity AssetBundle]Asset资源处理
什么是AssetBundle 在很多类型游戏的制作过程中,开发者都会考虑一个非常重要的问题,即如何在游戏运行过程中对资源进行动态的下载和加载.因此,Unity引擎引入了AssetBundle这一技术来 ...
- linux 驱动入门5
慢慢的开始转驱动,目前比较有时间,一定要把驱动学会.哎.人生慢慢路,一回头.已经工作了八九年了.努力.在买套房.改退休了.学驱动.个人认为首先要熟悉驱动框架.慢慢来.心急吃不了热豆腐. 看网上都说的设 ...
- CodeForces 622D Optimal Number Permutation
是一个简单构造题. 请观察公式: 绝对值里面的就是 |di-(n-i)|,即di与(n-i)的差值的绝对值. 事实上,对于任何n,我们都可以构造出来每一个i的di与(n-i)的差值为0. 换句话说,就 ...
- MIPI-3
上一篇文章讲了以下D_PHY层,这只是最底层的,针对于显示,上层由分出了四种,由专门的工作组进行定义,显示器方面叫做display wrok group,主要分为 DSC(display comman ...
- iOS通过代码关闭程序
//-------------------------------- 退出程序 -----------------------------------------// - (void)exitAppl ...
- MVC笔记2:mvc+jquery.validate.js 进行前端验证
1.引用如下js和css 代码 <link href="@Url.Content("~/Content/Site.css")" rel="sty ...
- imageX批量安裝windows7
以一臺電腦爲sample,安裝完成windows os及其全部update,安裝全部常用軟件,打印機驅動,網絡磁碟機等. 關閉安全控制"UAC"和"維護解決方案" ...