| Abstract | WebRTC 的 DataChannel 和 SCTP 协议 |
|---|---|
| Authors | Walter Fan |
| Category | learning note |
| Status | v1.0 |
| Updated | 2022-4-30 |
| License | CC-BY-NC-ND 4.0 |
DTLS 和 TLS 的理念几乎一样,通过不对称加密算法来交换密钥,再通过对称加密算法来加密数据
不对称加密的原理就是通过张三的公钥加密的数据,只能通过张三自己的私钥来解密
那么,问题来了,公钥从哪里来?一般是通过服务器上下载下来的证书中获取的
openssl genrsa -out server.key 4096
证书一般采用 X.509 格式,扩展名有两种
- .pem – (Privacy-enhanced Electronic Mail) Base64 encoded DER certificate, enclosed between
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
- .cer, .crt, .der – usually in binary DER form, but Base64-encoded certificates are common too
DTLS 实践
- 生成证书
openssl req -new \
-newkey rsa:4096 \
-days 365 -nodes -x509 \
-subj "/C=CN/ST=AH/L=HF/O=HOME/CN=www.fanyamin.com" \
-keyout key.pem \
-out cert.pem
- 抓包
tcpdump -n port 5004 -i lo0 -Xvnp -s0 -w /tmp/dtls_sample.pcap
- 启动 DTLS server
openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 5004
- 启动 DTLS client
openssl s_client -dtls1_2 -connect 127.0.0.1:5004 -debug -cert cert.pem -key key.pem
一旦客户端收到了服务器的所有消息,它就有足够的信息来生成会话密钥。 TLS/DTLS 通过创建一个称为 Pre-Master Secret 的共享随机数据位来实现这一点,该数据位是固定大小的,并且在启用加密后用作生成所有所需密钥的种子。
Pre-Master Secret 使用 Hello 消息中指定的公钥算法(例如 RSA)和服务器在其证书中提供的公钥进行加密。
还有一个称为预共享密钥 (PSK) 的可选 TLS/DTLS 功能,它可以不使用证书而是使用主机之间共享的密码(通常通过物理传输或其他安全方法)的密码套件。 启用 PSK 时,预共享密钥用于生成 Pre-Master Secret。
- 1)启动服务端
$ openssl s_server -dtls1_2 -nocert -port 12345 -cipher PSK -psk 1234
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHMCAQECAwD+/QQCAKsEAAQw7AcZwPFxv3f64V1xpo+iYNszqhbNtSENd8CIrAxx
wHJ+vs6/B87lddBC5HANHDORoQYCBGJyOuKiBAICHCCkBgQEAQAAAKgRBA9DbGll
bnRfaWRlbnRpdHmtAwIBAbMDAgEA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1
CIPHER is DHE-PSK-AES256-GCM-SHA384
Secure Renegotiation IS supported
- 2) 启动客户端
$ openssl s_client -dtls1_2 -connect 127.0.0.1:12345 -cipher PSK -psk 1234
Connecting to 127.0.0.1
CONNECTED(00000003)
Can't use SSL_get_servername
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: DH, 3072 bits
---
SSL handshake has read 1351 bytes and written 1088 bytes
Verification: OK
---
New, TLSv1.2, Cipher is DHE-PSK-AES256-GCM-SHA384
Secure Renegotiation IS supported
No ALPN negotiated
SSL-Session:
Protocol : DTLSv1.2
Cipher : DHE-PSK-AES256-GCM-SHA384
Session-ID: 58257E6C19F47E8E1121F24C7817674D951133D86270451D40230FCE224AC5E5
Session-ID-ctx:
Master-Key: EC0719C0F171BF77FAE15D71A68FA260DB33AA16CDB5210D77C088AC0C71C0727EBECEBF07CEE575D042E4700D1C3391
PSK identity: Client_identity
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 4d 45 c1 fc 70 a5 de 11-4a 45 d5 3d 32 6c aa 94 ME..p...JE.=2l..
0010 - 3a ed 05 82 b1 a9 83 a8-47 18 21 fd d6 4f 1c a7 :.......G.!..O..
0020 - d1 59 03 da fd d7 3c 76-8c 66 71 34 cb 1a 90 28 .Y....<v.fq4...(
0030 - 6d cd 60 3f 3d 06 cf 9d-bc 34 79 a0 14 1b cd 35 m.`?=....4y....5
0040 - 4a fc 68 5d 32 2c c2 c8-01 dc bb dc 65 cc 30 bf J.h]2,......e.0.
0050 - 18 37 1f 10 06 e8 35 b2-f6 8e 31 e8 ee b8 ef 27 .7....5...1....'
0060 - 95 5f 8c a2 3e fc f7 98-5d 66 eb b6 e6 e0 f9 c2 ._..>...]f......
0070 - 07 c3 c7 87 a7 d6 8c a4-65 c7 df 34 33 73 62 6c ........e..43sbl
0080 - 29 50 89 b5 e3 8d 9a bf-64 28 ad 55 77 ad a5 75 )P......d(.Uw..u
0090 - 5c 4b a6 63 12 03 ba c9-38 4b 76 8a 28 13 6f a5 \K.c....8Kv.(.o.
00a0 - ac b1 2b 86 34 c9 b0 2c-67 bc a0 0f d7 19 e4 63 ..+.4..,g......c
00b0 - 36 18 4e 6e 24 73 72 83-34 1a 4e 7e 93 b5 97 11 6.Nn$sr.4.N~....
Start Time: 1651653346
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
未完待续
