第2章プロトコル

Transcript

1. ୈ̎ষɹϓϩτίϧ ೥ɹ݄೔
   ϓϩϑΣογϣφϧ44-5-4ྠಡձ Shuya OSAKI (@4huya)
 Keio University

2. 
   
   3FDPSEϓϩτίϧ ֊૚Խ͞Εͨ5-4ϓϩτίϧ 2 ɾ5-4
   3FDPSEϓϩτίϧɹɹɹ
   Š
   
   ҉߸ԽͷॲཧΛ୲͏
   ɾ5-4
   )BOETIBLFϓϩτίϧ
   
   
   
   Š
   
   ҉߸ԽҎ֎ͷॲཧΛ୲͏ɾ̐ͭʹࡉ෼Խ͞ΕΔ )551 5-4
   3FDPSEϓϩτίϧ )BOETIBLF
 ϓϩτίϧ $IBOHF
   $JQIFS
   4QFD


   ϓϩτίϧ "MFSU
 ϓϩτίϧ "QQMJDBUJPO
   %BUB
 ϓϩτίϧ 5-4
   )BOETIBLFϓϩτίϧ 5-4ϓϩτίϧ

3. 
   
   3FDPSEϓϩτίϧ 3 https://hpbn.co/transport-layer-security-tls/ 3FDPSEϓϩτίϧͷ໾ׂ ɾ ϝοηʔδͷసૹ
   ‣ Ϩίʔυ௕ʹ߹Θͤͯϑϥάϝϯτʹͨ͠Γɺෳ਺ͷόοϑΝΛ୯ҰϨίʔυʹ·ͱΊΔ
   ɾ ҉߸Խ͓Αͼ׬શੑͷݕূ
   

   ‣ ωΰγΤʔγϣϯͨ͠ύϥϝʔλʹج͍ͮͨɺϨίʔυ૚ʹΑΔ҉߸Խɾ׬શੑͷݕূ
   ɾ ѹॖ
   ‣ ඇਪ঑ɻ$*3*.&߈ܸ ηογϣϯϋΠδϟοΫ ΍ɺѹॖ͞Εͨίϯςϯπ ը૾౳ ͷ࠶ѹॖ͕ى͖Δɻ
   ɾ ֦ுੑ
   ‣ 3FDPSEϓϩτίϧ͸σʔλసૹͱ҉߸ॲཧΛ୲͏ɻଞͷػೳ͸αϒϓϩτίϧͰ֦ு͢Δɻ 5-4
   3FDPSEͷߏ଄

4. 
   
   )BOETIBLFϓϩτίϧ 4 )BOETIBLFϓϩτίϧͷ໾ׂ ɾ 5-4
   )BOETIBLFϓϩτίϧͷ̍ͭ
   5-4
   )BOETIBLF
   
   )BOETIBLF
   ɾ ڞ༗伴Λੜ੒͠ɺূ໌ॻͷަ׵Λߦ͏
   ‣

   ڞ༗伴ͷੜ੒ɹŠɹ҉߸௨৴Λߦ͏ͨΊ
   ‣ ূ໌ॻͷަ׵ɹŠɹ૬खΛೝূ͢ΔͨΊ
   ɾ )BOETIBLFͷҰൠతͳྲྀΕ
   ᶃ
   αʔόೝূΛ൐͏ϑϧϋϯυγΣΠΫ
   ᶄ
   ηογϣϯΛ࠶։͢Δ৔߹ͷɺҰ෦ϝοηʔδΛলུͨ͠ϋϯυγΣΠΫ
   ᶅ
   ΫϥΠΞϯτͱαʔόͷೝূΛ൐͏ϋϯυγΣΠΫ )BOETIBLFϓϩτίϧ NTH@UZQF MFOHUI )BOETIBLF
 σʔλ όΠτ NTH@UZQF )BOETIBLFσʔλ Y )FMMP3FRVFTU Y $MJFOU)FMMP Y 4FSWFS)FMMP YC $FSUJpDBUF YD 4FSWFS,FZ&YDIBOHF YE $FSUJpDBUF3FRVFTU YF 4FSFWFS)FMMP%POF YG $FSUJpDBUF7FSJGZ Y $MJFOU,FZ&YDIBOHF Y 'JOJTIFE

5. 
   
   ϑϧϋϯυγΣΠΫ 5 5-4ηογϣϯͷཱ֬ 2.2 Handshake Ϋϥ Π Ξϯ τ αʔό

    $MJFOU)FMMP 4FSWFS)FMMP $FSUJpDBUF 4FSWFS)FMMP%POF $MJFOU,FZ&YDIBOHF <$IBOHF$JQIFS4QFD> 'JOJTIFE 4FSWFS,FZ&YDIBOHF        <$IBOHF$JQIFS4QFD> 'JOJTIFE   p.27ΑΓ αʔόೝূΛ൐͏ϑϧϋϯυγΣΠΫ 5$1ϋϯυγΣΠΫ
 Š
   #FGPSF
   Š
 ⁞
   ΫϥΠΞϯτ͕৽نͷϋϯυγΣΠΫ
 ɹ
   Λ։࢝ɺฏจͰಈ࡞࢓༷Λૹ৴
    
   ಈ࡞࢓༷ʹैͬͯ҉߸Խʹඞཁͳ
 ɹ
   ύϥϝʔλΛϨεϙϯε͢Δ
   ⁣
   ҉߸Խʹඞཁͳ৚͕݅߹ҙ͞ΕͨΒ

   
   
   
   ηογϣϯʹඞཁͳڞ௨伴Λੜ੒͢Δ
 ⁦
   ҉߸௨৴ʹ੾Γସ͑."$Λૹ৴͢Δ
 Š
   "GUFS
   Š
 ΞϓϦέʔγϣϯσʔλͷૹड৴ 355

6. 
   
   ϑϧϋϯυγΣΠΫ 6 $MJFOU)FMMP ɾ৽نͷϋϯυγΣΠΫͰ࠷ॳʹૹ৴͞ΕΔϝοηʔδ
   ɾΫϥΠΞϯτ͸͜ΕͰಈ࡞࢓༷Λαʔόʹ఻͑Δ 28 ୈ2ষ ϓϩτίϧ Լهʹ ClientHello

   ͷϝοηʔδྫΛࣔ͠·͢ɻݟ΍͍͢Α͏ʹ༨෼ͳ৘ใ͸औΓআ͍ͯ ͋Γ·͕͢ɺॏཁͳϙΠϯτ͸͢΂ؚͯ·Ε͍ͯ·͢ɻ Handshake protocol: ClientHello Version: TLS 1.2 Random Client time: May 22, 2030 02:43:46 GMT Random bytes: b76b0e61829557eb4c611adfd2d36eb232dc1332fe29802e321ee871 Session ID: (ۭ) Cipher Suites Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite: TLS_RSA_WITH_RC4_128_SHA Compression methods Method: null Extensions Extension: server_name Hostname: www.feistyduck.com Extension: renegotiation_info Extension: elliptic_curves Named curve: secp256r1 Named curve: secp384r1 Extension: signature_algorithms Algorithm: sha1/rsa Algorithm: sha256/rsa Algorithm: sha1/ecdsa Algorithm: sha256/ecdsa p.28ΑΓ w 7FSTJPO
   ‣ αϙʔτ͢Δ5-4ͷόʔδϣϯ
   w 3BOEPN
   ‣ ϋϯυγΣΠΫΛҰҙʹ͢Δཚ਺
   w 4FTTJPO
   *%
   ‣ ࠷ॳͷ઀ଓͰ͸৽ن઀ଓΛۭࣔ͢
   w $JQIFS
   4VJUF
   ‣ ରԠՄೳͳ҉߸εΠʔτ
   w $PNQSFTTJPO
   NFUIPET
   ‣ ѹॖํࣜͷࢦఆɺઈରOVMM
   w &YUFOTJPOT
   ‣ ֦ு৘ใͷεϖʔε ClientHello
 ϝοηʔδྫ

7. 
   
   ϑϧϋϯυγΣΠΫ 7 4FSWFS)FMMP ɾαʔό͕઀ଓͰ࢖͏ύϥϝʔλΛΫϥΠΞϯτʹฦ౴͢Δɻ
   ɾߏ଄͸$MJFOU)FMMPͱಉ͡ɺ஋͸αʔό͕ΫϥΠΞϯτʹఏҊ͢Δ΋ͷ͕ೖΔɻ $FSUJpDBUF ɾαʔό͔ΒΫϥΠΞϯτ΁9ূ໌ॻνΣʔϯΛҾ͖౉͢ɻ
   ɾূ໌ॻνΣʔϯʹ͸αʔόͷূ໌ॻ͔Βূ໌ॻʹॺ໊͢Δೝূہͷূ໌ॻ͕࿈ͳΔɻ 4FSWFS,FZ&YDIBOHF ɾ伴ަ׵ʹඞཁͳ෇ՃతͳσʔλΛૹΔɻ$FUJpDBUFͷิ଍ɻ

   4FSWFS)FMMP%POF ɾ4FSWFS)FMMP͔ΒͷҰ࿈ͷϝοηʔδͷऴΘΓΛࣔ͢ɻ

8. 
   
   ϑϧϋϯυγΣΠΫ 8 $MJFOU,FZ&YDIBOHF ɾ伴ަ׵ʹඞཁͳ৘ใΛΫϥΠΞϯτ͔Βૹ৴
   ɾ&Y
   ϓϨϚελʔγʔΫϨοτ 34" ɺ%J⒏F)FMMNBOެ։஋ %)伴ަ׵ $IBOHF$JQIFS4QFD ɾ)BOETIBLFϝοηʔδͰ͸ͳ͘ɺ5-4
   )BOETIBLFͷαϒϓϩτίϧ
   

   ɾ)BOETIBLFϓϩτίϧͰܾఆͨ͠ಈ࡞࢓༷ΛΫϥΠΞϯτʹ௨஌ 'JOJTIFE ɾϋϯυγΣΠΫͷ׬ྃΛࣔ͠ɺ҉߸Խ͞ΕͨϝοηʔδͰ͋Δ
   ɾWFSJGZ@EBUBϑΟʔϧυͰμΠδΣετΛͱΓɺվ͟ΜΛ೉͘͢͠Δ

9. 
   
   ΫϥΠΞϯτೝূ 9 ૬ޓೝূΛߦ͏ p.32ΑΓ ΫϥΠΞϯτೝূͷ৔߹ͷϑϧϋϯυγΣΠΫ 355 ͠ɺࣗ਎ͷ Certificate ϝοηʔδΛૹΓʢ͜ͷͱ͖ͷϑΥʔϚοτ͸αʔ ૹΔͷʹ࢖͏

   Certificate ϝοηʔδͱಉ͡Ͱ͢ʣ ɺରԠ͢ΔൿີݤΛ࣋ͬ CertificateVerify ϝοηʔδΛ࢖ͬͯূ໌͠·͢ʢਤ2.3ʣ ɻ Ϋϥ Π Ξϯ τ αʔό  $MJFOU)FMMP 4FSWFS)FMMP $FSUJpDBUF 4FSWFS)FMMP%POF $MJFOU,FZ&YDIBOHF <$IBOHF$JQIFS4QFD> $FSUJpDBUF 4FSWFS,FZ&YDIBOHF      <$IBOHF$JQIFS4QFD> 'JOJTIFE   $FSUJpDBUF3FRVFTU   'JOJTIFE $FSUJpDBUF7FSJGZ    ɾαʔό͕ΫϥΠΞϯτʹೝূΛٻΊΔ
   ɾ$FSUJpDBUF3FRVFTUϝοηʔδͰ
 ҎԼʹै͏ূ໌ॻΛཁٻ͢Δ
   ‣ αʔό͕ཧղͰ͖Δূ໌ॻͷλΠϓ
   ‣ αʔό͕ཧղͰ͖Δೝূہͷ໊લ
   ɾΫϥΠΞϯτ͸$FSUJpDBUFϝοηʔδ ͰԠ౴͢Δ
   ɾ$FSUJpDBUF7FSJGZϝοηʔδͰରԠ͢Δ ൿີ伴ͷॴ༗Λࣔ͢

10. 
    
    ϑϧϋϯυγΣΠΫ 10 $FSUJpDBUF3FRVFTU ɾΫϥΠΞϯτʹରͯ͠ೝূͷཁٻΛߦ͏
    ɾαʔό͕ର৅ͱ͢Δূ໌ॻͷެ։伴͓Αͼॺ໊ΞϧΰϦζϜͷ఻ୡʹ༻͍ΒΕΔ $FSUJpDBUF7FSJGZ ɾΫϥΠΞϯτূ໌ॻͷൿີ伴ͷอ༗Λࣔ͢

11. 
    
    ηογϣϯϦβϯϓγϣϯ 11 ཱ֬ࡁΈͷηογϣϯͷ࠶։ ɾϑϧϋϯυγΣΠΫʹ͸Φʔόʔϔου͕൐͏
    ɾ4FTTJPO
    *%Λ༻͍ͯηογϣϯͷ࠶։ΛՄೳʹ͢Δ࢓૊Έ Session ID ϑΟʔϧυΛࢀরʣ ɻΫϥΠΞϯτͱαʔό͸ɺ׬શͳωΰγΤʔγ ཱ֬ͨ͠઀ଓ͕ऴྃͨ͋͠ͱ΋ɺ͜ͷSession

    ID ΛҰఆظؒ͸อ࣋͠·͢ɻ ΫϥΠΞϯτ͸ɺҎલͷηογϣϯΛ࠶։͠Α͏ͱ͢Δ৔߹ɺClientHell ద੾ͳ Session ID ΛؚΊͯૹ৴͠·͢ɻαʔό͸ɺ౰֘ͷηογϣϯΛ࠶։͢ ৔߹ɺಉ͡Session ID ΛServerHello ϝοηʔδʹؚΊͯૹΓฦ͠·͢ɻͦ͠ ͨ͠ϚελʔγʔΫϨοτΛ࢖ͬͯ৽͍͠҉߸ݤʢ҉߸Խʹ࢖͏ݤ΍MACݤͳ ҉߸௨৴΁ͱҠߦ͔ͯ͠ΒɺFinished ϝοηʔδΛૹΓ·͢ɻΫϥΠΞϯτ͸ ͕࠶։͞Εͨ͜ͱΛ֬ೝͨ͠Βɺαʔόͱಉ͜͡ͱΛ͠·͢ɻ݁Ռతʹϋϯυγ ͳΓɺωοτϫʔΫ্ͷ΍ΓऔΓ͕Ұԟ෮͚ͩͰࡁΈ·͢ʢਤ2.4ʣ ɻ Ϋϥ Π Ξϯ τ αʔό  $MJFOU)FMMP 4FSWFS)FMMP <$IBOHF$JQIFS4QFD> 'JOJTIFE      <$IBOHF$JQIFS4QFD> 'JOJTIFE $IBOHF$JQIFS4QFDϓϩ τ ίϧͷϝ ο ηʔ δ <
    > p.33ΑΓ লུ͞Εͨ5-4ϋϯυγΣΠΫ ɾ αʔό͸ηογϣϯʹ4FTTJPO
    *%Λ
 ׂΓ౰ͯΔ
    ɾ 4FTTJPO
    *%͸4FSWFS)FMMPͰૹ৴͢Δ
    ɾ ηογϣϯΛ࠶։࣌͸ΫϥΠΞϯτ͕
 $MJFOU)FMMPʹҎલͷ4FTTJPO
    *%Λૠೖ
    ɾ ηογϣϯνέοτͱݺ͹ΕΔํ๏΋͋Δ 355

12. 
    
    伴ަ׵ 12 5-4Ͱ༻͍ΒΕΔ伴ަ׵ΞϧΰϦζϜ ɾ 5-4Ͱ͸ଟ͘ͷ伴ަ׵ΞϧΰϦζϜΛαϙʔτ͢Δ
    ɾ Ͳͷ҉߸εΠʔτ͕࢖ΘΕΔ͔͸ωΰγΤʔγϣϯʹΑΓܾ·Δ
    ओͳ伴ަ׵ΞϧΰϦζϜ
    ɾ 34"
    

    ‣ σϑΝΫτελϯμʔυɻαʔόͷൿີ伴Λ༻͍ΔͨΊɺ1'4 1FSGFDU
    'PSXBSE
    4FDSFZ Ͱͳ͍ɻ
    ɾ %)&@34"
    ‣ ΫϥΠΞϯτɾαʔόͷ྆ऀͰڞ௨ͷ伴Λੜ੒͢Δɻ34"ʹΑΔೝূΛซ༻͢Δɻ1'4͕͋Δɻ
    ɾ &$%)&@34"ɾ&$%)&@&$%4"
    ‣ ପԁۂઢ҉߸ &$ ʹجͮ͘伴ަ׵ΞϧΰϦζϜɻ
    ‣ ֓೦తʹ͸%)&ͱಉ͡伴ಉҙΞϧΰϦζϜ͕ͩɺॲཧ͕ߴ଎ɻ

13. 
    
    34"伴ަ׵ 13 34"ͷ҉߸Խɾ෮߸ʹར༻Մೳͳੑ࣭Λ༻͍Δ 34"伴ަ׵ͷखॱ
    ‣ ΫϥΠΞϯτ͸ϓϦϚελʔγʔΫϨοτΛੜ੒ όΠτͷཚ਺
    ‣ ͦΕΛαʔόͷެ։伴Ͱॺ໊͠ɺ$MJFOU&YDIBOHFϝοηʔδͰૹ৴
    

    ‣ αʔό͸ϝοηʔδͷϓϦϚελʔγʔΫϨοτΛαʔόͷൿີ伴Ͱ෮߸͠ೖख
    ɾ ൿີ伴͕ೖख͞ΕΔͱɺ߈ܸऀ΋ϓϦϚελʔγʔΫϨοτΛੜ੒Ͱ͖Δ໰୊
    ɾ ཁ͸τϥϑΟοΫΛஷΊ͓͚ͯ͹5-4௨৴Ͱ΋伴ׂ͕ΕͨॠؒʹղಡͰ͖Δ
    ɾ /4"͸աڈͷτϥϑΟοΫΛ5-4ͷ··อ؅͍ͯ͠Δͱ·͜ͱ͠΍͔ʹ͞͞΍͔ΕΔʜ
    ɾ ͔ͩΒࠓͰ͸1'4 લํൿಗੑ ͕͋Δଞͷ伴ަ׵ΞϧΰϦζϜ͕ਪ঑͞ΕΔ
    ‣ 34"ͷΑ͏ʹ伴͕࿙Εͯ΋ɺηογϣϯͷ෮߸͕Ͱ͖ͳ͍͜ͱ

14. 
    
    %J⒏F)FMMNBO伴ަ׵ 14 ڞ༗͢Δ伴ΛܭࢉʹΑͬͯಋग़ ɾ %)伴ަ׵ͷखॱ
    ‣ লུʂ ͳΜͱͳ͔͘͠෼͔ΒΜʜ
    ‣

    ҉߸ٕज़ೖ໳ͷQΛಡΜͰ͘Ε
    %)伴ަ׵ͷ໰୊఺
    ɾ %)ύϥϝʔλͷηΩϡϦςΟ
    ‣ ύϥϝʔλͷڧ͞ʹηογϣϯͷ҆શੑ͕ࠨӈ͞ΕΔ
    ɾ %)ύϥϝʔλͷωΰγΤʔγϣϯ
    ‣ ωΰγΤʔγϣϯͷ݁ՌʹΑͬͯ͸ɺظ଴͢Δڧ౓ͷύϥϝʔλ͕࢖༻Ͱ͖ͳ͍
    ɾ ෆे෼ͳύϥϝʔλͷڧ౓
    ‣ -PHKBN߈ܸʹΑΓύϥϝʔλʹ͋Δఔ౓ͷڧ౓͕ඞཁͰ͋Δ͜ͱ͕ࣔ͞Εͨ

15. 
    
    ପԁۂઢ%J⒏F)FMMNBO伴ަ׵ 15 ପԁۂઢ্ͷ཭ࢄର਺໰୊ ɾ %)伴ަ׵ͷखॱ
    ‣ লུʂ ͬͪ͜͸ϚδͰ෼͔ΒΜʜ
    ‣

    ҉߸ٕज़ೖ໳ͷQΛಡΜͰ͘Ε
    ɾ &$%)&ͷํ͕୹͍伴௕͔ͭߴ͍ηΩϡϦςΟ͕࣮ݱͰ͖Δ
    ‣ ύϥϝʔλͷڧ͞ʹηογϣϯͷ҆શੑ͕ࠨӈ͞ΕΔ

16. 
    
    ೝূ 16 ೝূͱ伴ަ׵͸Ұମ ɾ 5-4Ͱ͸ίετΛ࡟ݮ͢ΔͨΊɺೝূͱ伴ަ׵͸ҰମͰߦΘΕΔ
    ɾ ೝূ͸ূ໌ॻΛར༻ͨ͠ެ։伴҉߸ํ͕ࣜҰൠ
    ɾ 34"ʹΑΔ伴ަ׵
    ‣

    ΫϥΠΞϯτ͕ϥϯμϜͳ஋ΛϓϦϚελʔγʔΫϨοτͯ͠ੜ੒
    ‣ ͦΕΛαʔόͷެ։伴Ͱॺ໊͠ૹ৴
    ɾ %)&͓Αͼ&$%)&ʹΑΔ伴ަ׵
    ‣ αʔό͸ύϥϝʔλʹॺ໊Λߦ͏
    ‣ ΫϥΠΞϯτ͸ݕূ͞Εͨূ໌ॻ͔ΒରԠ͢Δެ։伴Λऔಘ
    ‣ ެ։伴Λ༻͍ͯॺ໊͞ΕͨύϥϝʔλΛݕূ͢Δ
    ‣ ύϥϝʔλ͸ηογϣϯ͝ͱʹҰҙ͕ͩɺಛఆͷঢ়گԼͰ߈ܸऀ͕ϥϯμϜͳ஋Λಉظͤͯ͞αʔόͷ
 ॺ໊Λ࠶ར༻͢Δ-PHKBN߈ܸ͕͋Δ

17. 
    
    ҉߸Խ 17 ଟ਺ͷ҉߸ΞϧΰϦζϜΛαϙʔτ͢Δ5-4 ɾ 5-4Ͱ͸༷ʑͳΞϧΰϦζϜΛ༻͍ͯɺΞϓϦέʔγϣϯσʔλΛ҉߸ԽͰ͖Δ
    ‣ ݱࡏɺ࠷΋Ұൠతͳͷ͸"&4 3JKOEBFM
    ɾ

    5-4Ͱར༻Ͱ͖Δ҉߸Խ͸छྨʹ෼ྨͰ͖Δ
    ‣ ετϦʔϜ҉߸Խํࣜ
    ‣ ϒϩοΫ҉߸Խํࣜ
    ‣ "&"% ೝূ෇͖҉߸

18. 
    
    ετϦʔϜ҉߸Խํࣜ 18 ҉߸Խ͸ஈ֊ͰߦΘΕΔ ɾ Ϩίʔυͷγʔέϯε൪߸ɾ3FDPSEϔομɾฏจσʔλͷ݁߹ͷ."$ΛͱΔ
    ‣ ."$ͷܭࢉʹ3FDPSEϔομؚ͕·Ε͍ͯΔͨΊɺσʔλ͕վ͟Μ͞Ε͍ͯͳ͍͜ͱΛࣔͤΔ
    ‣ ."$ͷܭࢉʹγʔέϯε൪߸ؚ͕·Ε͍ͯΔͨΊɺਖ਼͍͠ύέοτ ϦϓϨΠ߈ܸͰͳ͍

    Ͱ͋Δ
    ɾ ."$ͱฏจσʔλͱΛ҉߸Խ͢Δ 2.5 ҉߸Խ 41 ҉߸จ ೝূ ."$ ҉߸Խ ϔο μ γʔέϯε൪߸ ϔο μ ฏจ ฏจ ετϦʔϜ҉߸Խํࣜ p.41ΑΓ

19. 
    
    ϒϩοΫ҉߸Խํࣜ 19 42 ୈ2ষ ϓϩτίϧ ฏจ ೝূ ."$ ҉߸Խ ϔο

    μ γʔέϯε൪߸ ϔο μ ฏจ ฏจ ύσ Ο ϯ ά *7 ਤ 2.6 ϒϩοΫ҉߸Խํࣜ NOTE CBC ϞʔυɺύσΟϯάɺ͓ΑͼIV ʹ͍ͭͯ͸1.4.1 અΛࢀর͍ͯͩ͘͠͞ɻ ϒϩοΫ҉߸Խํࣜ ҉߸ԽલͷϒϩοΫ௕ ͷ੔਺ഒʹͳΔΑ͏ʹ ҉߸ԽϒϩοΫͱ
 ಉ͡௕͞ $#$ϞʔυͰ҉߸Խ ͞Ε*7ͱόΠϯυ ɾ ͜ͷաఔ͸."$UIFOFODSZQUͱݺ͹ΕΔ
    ‣ ."$ͷಋग़ʹύσΟϯάΛؚΊͯͳ͍ͨΊɺύσΟϯάΦϥΫϧ߈ܸͷةݥੑ
    ɾ &ODSZQUUIFO."$ͱݺ͹ΕΔ5-4֦ுͷొ৔
    ‣ ฏจσʔλͱύσΟϯάΛ࠷ॳʹ҉߸Խ͢ΔͷͰೳಈత߈ܸ͕೉͍͠ p.42ΑΓ ❶ ❷ ❸ ҉߸จ

20. 
    
    ϒϩοΫ҉߸Խํࣜ 20 "&"% ೝূ෇͖҉߸ ɾ ҉߸Խͱಉ࣌ʹೝূ΋ߦ͏
    ɾ ҉߸จࣗମʹೝূจؚ͕·ΕΔ
    ɾ φϯεͱݺ͹ΕΔҰҙͷཚ਺Λ҉߸จͱͱ΋ʹૹΔ

    p.43ΑΓ Ճతͳσʔλͱͯ͠ɺγʔέϯε൪߸ͱRecord ϔομ΋҉߸ԽΞϧΰϦζϜʹ౉͢ 3. φϯεͱ҉߸จΛҰॹʹૹΔ ҉߸Խ ϔο μ γʔέϯε൪߸ ϔο μ ฏจ φϯε ҉߸จ ೝূ ਤ 2.7 AEADʢೝূ෇͖҉߸ʣ AEAD ͸MAC-then-Encrypt ʹ·ͭΘΔ໰୊ΛճආͰ͖ΔͷͰɺݱࡏͷͱ͜Ζ TLS Ͱར༻Ͱ ͖Δ࠷ྑͷ҉߸Խར༻Ϟʔυͩͱ͍͑·͢ɻݱࡏͷ TLS Ͱ͸ɺೝূํࣜͷબ୒ࢶͱͯ͠ GCM

21. 
    
    ࠶ωΰγΤʔγϣϯ 21 ৽͍͠઀ଓͱͯ͠ϋϯυγΣΠΫΛ΍Γ௚͢ ɾ 5-4Ͱ͸ഇࢭ͞ΕΔ༧ఆɻ
    ɾ ηΩϡΞ͡Όͳ͍ɺ੬ऑੑΛ๊͑Δ
    ɾ ΫϥΠΞϯτ͸$MJFOU)FMMPɺαʔό͸)FMMP3FRVFTU͕࠶ωΰγΤʔγϣϯͷ߹ਤ
    ࠶ωΰγΤʔγϣϯͷར༻ྫ
    

    ɾ ΫϥΠΞϯτূ໌ॻ
    ‣ 8FCαΠτͷτοϓ͸ೝূͳ͠ɺ͔ͦ͜Βূ໌ॻ͕ඞཁͳϖʔδʹ༠ಋ͢Δ ͜͜Ͱ࠶ωΰγΤʔγϣϯ
    ɾ ৘ใͷӅṭ
    ‣ ஈ֊ͰΫϥΠΞϯτূ໌ॻΛ༗ޮʹ͢Δ͜ͱͰɺճ໨ͷϋϯυγΣΠΫΛӅͤΔ
    ɾ ҉߸ڧ౓ͷมߋ
    ‣ ճ໨ͱճ໨Ͱ҉߸ڧ౓Λมߋ͢Δ ෛՙରࡦ

22. 
    
    "QQMJDBUJPO
    %BUB
    "MFSU
    ઀ଓΛด͡Δ 22 "QQMJDBUJPO
    %BUBϓϩτίϧ ɾΞϓϦέʔγϣϯͷσʔλΛӡͿ
    ɾ5-4ʹ͓͍ͯ͸୯ͳΔσʔλͷόοϑΝ "MFSUϓϩτίϧ ɾ௨৴தʹྫ֎͕ൃੜͨ࣌͠ͷ௨஌ͷػߏ
    ɾ"MFSU͸ͭͷϑΟʔϧυͰදݱ͞ΕΔ
    

    ‣ "MFSU-FWFM
    
    
    
    
    
    
    
    
    
    
    
    
    Š
    
    XBSOJOH·ͨ͸GBUBM ଈ࣌ःஅ
    ‣ "MFSU%FTDSJQUJPO
    
    Š
    
    Ξϥʔτͷ಺༰Λࣔ͢ ઀ଓΛด͡Δ ɾDMPTF@OPUJGZΞϥʔτͰ஌ΒͤΔɺ͜ΕΛड͚औͬͨΒૹΓฦ͢
    ɾγϟοτμ΢ϯͷϓϩτίϧΛ༻ҙ͢Δ͜ͱͰڧ੍੾அ߈ܸʹඋ͑Δ

23. 
    
    ٖࣅཚ਺ੜ੒ث 23 ೚ҙͷ௕͞ͷٖࣅཚ਺ͷੜ੒ ɾ 5-4Ͱ͸೚ҙͷ௕͞ͷٖࣅཚ਺Λੜ੒͢ΔͨΊʹ13' ٖࣅཚ਺ੜ੒ث Λ༻͍Δ
    ɾ 13'͸Ҿ਺ͱͯ͠ɺγʔΫϨοτɾγʔυɾҰҙͳϥϕϧΛͱΔ
    ɾ

    5-4Ҏ߱ɺ)."$ͱTIBʹجͮ͘13'ͷར༻͕ࢦఆ͞ΕΔ P_hash(Secret, seed) = HMAC_hash(secret, A(1) + 1) + HMAC_hash(secret, A(2) + 2) + HMAC_hash(secret, A(3) + 3) + A(0) = HMAC_hash(secret, seed) A(i) = HMAC_hash(secret, A(i-1)) PRF(secret, label, seed) = P_hash(secret, label + seed) 13'͸1@IBTIͷ ϥούʔ

24. 
    
    ϚελʔγʔΫϨοτ
    
    伴ੜ੒ 24 ϚελʔγʔΫϨοτ ɾ ϓϦϚελγʔΫϨοτʹ13'Λט·ͤͯ࡞Δ όΠτ
    ɾ 伴ަ׵ͷํ๏ʹΑͬͯϓϦϚελʔγʔΫϨοτͷ௕͕͞มΘΔ͔Β͜ͷॲཧ͕ඞཁ master_secret

    = PRF(pre_master_secret, “master secret”, client_random + server_random) 伴ੜ੒ ɾ 伴ૉࡐ͸ϚελʔγʔΫϨοτͱγʔυ͔Β࡞ΒΕΔ
    ɾ 伴ϒϩοΫΛ෼ׂ͠ɺ."$伴ɾ҉߸伴ɾ*7Λಋग़͢Δ
    ɾ ηογϣϯ࠶։࣌͸γʔυͷΈ৽نऔಘ͢Δ key_block = PRF(master_secret, “key expansion”, server_random + client_random)

25. 
    
    ҉߸εΠʔτ 25 ҉߸εΩʔϜ΍ύϥϝʔλͷ૯শ͕҉߸εΠʔτ ɾ ҉߸εΠʔτ͸໊લ͔Βத਎͕ͳΜͱͳ͘Θ͔Δ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 伴ަ׵ ೝূ ΞϧΰϦζϜ ௕͞

    Ϟʔυ ҉߸ ."$·ͨ͸13'

26. 
    
    ֦ு 26 ػೳΛ௥Ճ͢Δ5-4֦ு ɾ ϓϩτίϧΛमਖ਼͢Δ͜ͱͳ͘ɺ5-4ʹػೳΛ௥Ճ͢Δ࢓૊Έ
    ɾ 5-4֦ு͸$MJFOU)FMMP
    4FSWFS)FMMPͷޙʹ഑ஔ͞ΕΔ "-1/ ɾ5-4઀ଓ্ͰΞϓϦέʔγϣϯ૚ʹҟͳΔϓϩτίϧͷ࢖༻ΛՄೳʹ͢Δ
    

    ɾ)551ͱ41%:ͷซ༻ͷΑ͏ͳ͜ͱ͕Մೳʹɺ"-1/ͷૹ৴͸ฏจ $5 ɾύϒϦοΫ$"ʹΑͬͯαʔόূ໌ॻΛશͯه࿥͠ɺ1,*ΛΑ͘͠Α͏ͱ͍͏ࢥ૝ ପԁۂઢͷར༻Մೳੑ ɾΫϥΠΞϯτͰར༻Մೳͳପԁۂઢ҉߸ΛϋϯυγΣΠΫதʹ΍ΓऔΓ
    ɾରԠ͍ͯ͠Δ҉߸ΛϦετԽɾପԁۂઢ্ͷ఺ͷѹॖΦϓγϣϯ ѹॖΠϚΠν

27. 
    
    ֦ு 27 )FBSUCFBU ɾ 6%1ͷΑ͏ͳϓϩτίϧʹLFFQ
    BMJWFػೳͷఏڙ
    ɾ ਂࠁͳ੬ऑੑ )FBSUCMFFE ͕ݟ͔ͭΓ࢖ΘΕ͍ͯͳ͍ /FYU
    1SPUPDPM
    /FHPUJBUJPO

    ɾ41%:ͷͨΊʹ࡞ΒΕ͕ͨɺࠓ͸"-1/ʹҰຊԽ
    ɾൿಗԽͷͨΊʹωΰγΤʔγϣϯͯ͠Δϓϩτίϧ͕ػث͔Βݟ͑ͳ͍໰୊ ҆શͳ࠶ωΰγΤʔγϣϯ ɾҎલͷ'JOJTIFEϝοηʔδͷWFSJGZ@EBUBΛૹड
    'JOJTIFE͸҉߸ܦ࿏্Ͱ҆શ 4/* ɾ઀ଓ͍ͨ͠αʔόͷ໊લΛΫϥΠΞϯτ͕ࢦఆՄೳʹ͢Δ
    ɾಉҰϗετͷෳ਺αΠτͰ5-4Λ؆୯ʹѻ͑Δ

28. 
    
    ֦ு 28 ηογϣϯνέοτ ɾ ηογϣϯσʔλΛΫϥΠΞϯτଆͰ؅ཧ͢Δ࢓૊Έ
    ɾ $MJFOU)FMMPͷ4FTTJPO5JDLFU಺ʹؚ·ΕΔ
    ɾ ηογϣϯσʔλ͸αʔόͷൿີ伴Ͱ҉߸Խ͞ΕΔ ॺ໊ΞϧΰϦζϜ

    ɾΫϥΠΞϯτ͕ରԠ͍ͯ͠Δॺ໊ΞϧΰϦζϜͱϋογϡؔ਺
    ɾͳ͔ͬͨΒαʔό͕ਪଌ͢Δ 0$41εςʔϓϧ ɾαʔό͔ΒΫϥΠΞϯτʹূ໌ॻͷࣦޮ৘ใΛૹ৴͢Δ
    ɾೝূہʹ໰͍߹Θͤ͢Δඞཁ͕ͳ͘ͳΔ

29. 
    
    ϓϩτίϧͷݶք 29 ଞͷϨΠϠʔͷηΩϡϦςΟ͸Θ͔ΒΜ ɾ 5$1ͷϝλσʔλɾԼҐϨΠϠʔ͸ฏจͷ··
    ‣ *1TFD࢖͏ͳΓͳΜͳΓ͢Δ
    ɾ ࠷ॳͷϋϯυγΣΠΫ͸ฏจͰ݁͹ΕΔ
    ‣

    26*$ͳੈͷதΛ࠲ͯ͠଴ͯ
    ɾ ҉߸ԽҎ߱΋࿐ग़͢Δ৘ใ͸͋Δ
    ‣ αϒϓϩτίϧɾ֤ϝοηʔδͷ௕͞
    ‣ ϝοηʔδͷ௕͞ΛӅͤͳ͍ͳΒѹॖ͢Δ

30. 
    
    ϓϩτίϧͷόʔδϣϯʹΑΔࠩҟ 30 44- ɾ ωοτεέʔϓ͕ؤுͬͯ࡞ͬͨ࠷ޙͷ44- 5-4 ɾ ΊͰͨ͘ඪ४Խ͞Ε·ͨ͠
    ɾ ."$ʹඪ४Խ͞Εͨ)."$Λ࢖༻
    

    ɾ ඪ४Խ͞Εͨ)."$ʹΑΓ13'Λنఆ
    ɾ ϚελʔγʔΫϨοτ͕13'ʹΑͬͯੜ੒
    ɾ WFSJGZ@EBUB͕13'ʹΑͬͯੜ੒
    ɾ ύσΟϯάͷϑΥʔϚοτ͕มߋ͞ΕηΩϡΞʹ
    Š
    100%-&߈ܸʜ
    ɾ ҉߸εΠʔτ͔Β'035&;"͕֎ΕΔ

31. 
    
    ϓϩτίϧͷόʔδϣϯʹΑΔࠩҟ 31 5-4 ɾ $#$҉߸Խར༻ϞʔυͰ໌ࣔతͳ*7Λ࢖༻ɹŠ
    #&"45߈ܸ
    ɾ ύσΟϯϯά߈ܸʹର͢Δ๷ޚ
    ɾ 5-4֦ுΛࢀর 5-4

    ɾ "&"%ɾ)."$4)"ͷαϙʔτ
    ɾ .%ɾTIB͕େ෯ʹ࡟আ
    ‣ 5-4ͰωΰγΤʔγϣϯ͞ΕͨΒ13'ͷTIB΋TIBΛ࢖͏
    ‣ σδλϧॺ໊ͷ.%ɾTIBͷ૊Έ߹ΘͤΛ୯Ұͷϋογϡؔ਺ʹஔ׵
    ɾ ΫϥΠΞϯτ͕ϋογϡɾॺ໊ͷΞϧΰϦζϜͷر๬Λ௨஌
    TJHOBUVSF@BMHPSJUIN
    ɾ 'JOJTIFEϝοηʔδͷWFSJGZ@EBUBͷ௕͞Λ໌ࣔతʹࢦఆՄೳʹ

32. ࢀߟ

33. ࢀߟจݙ 33 ɾ
    ݁৓ߒ
    ҉߸ٕज़ೖ໳
    ൿີͷࠃͷΞϦε
    ιϑτόϯΫΫϦΤΠςΟϒ
    
    ɾ
    0QFO44-ͷ੬ऑੑ $7& Ͱ5-4ϓϩτίϧͷجૅΛֶͿ
    ɹ
    IUUQEIBUFOBOFKQKPWJ
    ɾ
    ෆਖ਼ΞΫηεΛ๷ࢭ͢Δ44-5-4ʢʣ
    ɹ
    IUUQXXXBUNBSLJUDPKQBJUBSUJDMFTOFXT@IUNM
    

    ɾ
    44-5-4ʢ44-ʙ5-4ʣͷϋϯυγΣΠΫΛ෮श͢Δ
    ɹ
    IUUQTRJJUBDPNOJFJUFNTGEECEB