QUIC: update to draft-33 (#1104)

QUIC (final!?) constants for v1 are defined in draft-33
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2021-01-04 15:50:14 +0100
committer: GitHub <noreply@github.com> 2021-01-04 15:50:14 +0100
commit: 1b524f553886bdd37aea4a3e04e00d9949f979e7 (patch)
tree: 29d15683322397d2f6b7ab526fccba984714999b
parent: 3aa16b63e834026003d57d5328adf2ec9a69a9b5 (diff)
4 files changed, 27 insertions, 4 deletions
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index a15cdaf7a..dc3341a2b 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -50,6 +50,7 @@ extern int http_process_user_agent(struct ndpi_detection_module_struct *ndpi_str
                                    const u_int8_t *ua_ptr, u_int16_t ua_ptr_len);
 
 /* Versions */
+#define V_1		0x00000001
 #define V_Q024		0x51303234
 #define V_Q025		0x51303235
 #define V_Q030		0x51303330
@@ -79,7 +80,8 @@ static int is_version_gquic(uint32_t version)
 }
 static int is_version_quic(uint32_t version)
 {
-  return ((version & 0xFFFFFF00) == 0xFF000000) /* IETF */ ||
+  return version == V_1 ||
+    ((version & 0xFFFFFF00) == 0xFF000000) /* IETF Drafts*/ ||
     ((version & 0xFFFFF000) == 0xfaceb000) /* Facebook */ ||
     ((version & 0x0F0F0F0F) == 0x0a0a0a0a) /* Forcing Version Negotiation */;
 }
@@ -89,8 +91,13 @@ static int is_version_valid(uint32_t version)
 }
 static uint8_t get_u8_quic_ver(uint32_t version)
 {
+  /* IETF Draft versions */
   if((version >> 8) == 0xff0000)
     return (uint8_t)version;
+  /* QUIC (final?) constants for v1 are defined in draft-33 */
+  if (version == 0x00000001) {
+    return 33;
+  }
   /* "Versions that follow the pattern 0x?a?a?a?a are reserved for use in
      forcing version negotiation to be exercised".
      It is tricky to return a correct draft version: such number is primarly
@@ -847,7 +854,10 @@ static int quic_derive_initial_secrets(uint32_t version,
 						      0x7a, 0x4e, 0xde, 0xf4, 0xe7, 0xcc, 0xee, 0x5f, 0xa4, 0x50,
 						      0x6c, 0x19, 0x12, 0x4f, 0xc8, 0xcc, 0xda, 0x6e, 0x03, 0x3d
   };
-
+  static const uint8_t handshake_salt_v1[20] = {
+						0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17,
+						0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a
+  };
   gcry_error_t err;
   uint8_t secret[HASH_SHA2_256_LENGTH];
 #ifdef DEBUG_CRYPT
@@ -877,10 +887,14 @@ static int quic_derive_initial_secrets(uint32_t version,
     err = hkdf_extract(GCRY_MD_SHA256, handshake_salt_draft_23,
 		       sizeof(handshake_salt_draft_23),
                        cid, cid_len, secret);
-  } else {
+  } else if(is_quic_ver_less_than(version, 32)) {
     err = hkdf_extract(GCRY_MD_SHA256, handshake_salt_draft_29,
 		       sizeof(handshake_salt_draft_29),
                        cid, cid_len, secret);
+  } else {
+    err = hkdf_extract(GCRY_MD_SHA256, handshake_salt_v1,
+		       sizeof(handshake_salt_v1),
+                       cid, cid_len, secret);
   }
   if(err) {
 #ifdef DEBUG_CRYPT
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 8b70dc44d..311532c7f 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1432,7 +1432,8 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		    }
 		  }
 		}
-	      } else if(extension_id == 65445 /* QUIC transport parameters */) {
+	      } else if(extension_id == 65445 || /* QUIC transport parameters (drafts version) */
+		        extension_id == 57) { /* QUIC transport parameters (final version) */
 		u_int16_t s_offset = offset+extension_offset;
 		uint16_t final_offset;
 		int using_var_int = is_version_with_var_int_transport_params(quic_version);
diff --git a/tests/pcap/quic-33.pcapng b/tests/pcap/quic-33.pcapng
new file mode 100644
index 000000000..7008bdd89
--- /dev/null
+++ b/tests/pcap/quic-33.pcapng
diff --git a/tests/result/quic-33.pcapng.out b/tests/result/quic-33.pcapng.out
new file mode 100644
index 000000000..b99b22e1c
--- /dev/null
+++ b/tests/result/quic-33.pcapng.out
@@ -0,0 +1,8 @@
+QUIC	992	1340722	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 ::1                      	 1      
+
+
+	1	UDP [::1]:51430 <-> [::1]:4443 [proto: 188/QUIC][cat: Web/5][99 pkts/14736 bytes <-> 893 pkts/1325986 bytes][Goodput ratio: 58/96][0.01 sec][ALPN: h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 3/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/93 149/1485 1502/1502 183/146][Risk: ** SNI TLS extension was missing **][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][PLAIN TEXT (NLZzZw)][Plen Bins: 0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,72,0,0]
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2021-01-04 15:50:14 +0100
committer	GitHub <noreply@github.com>	2021-01-04 15:50:14 +0100
commit	1b524f553886bdd37aea4a3e04e00d9949f979e7 (patch)
tree	29d15683322397d2f6b7ab526fccba984714999b
parent	3aa16b63e834026003d57d5328adf2ec9a69a9b5 (diff)