I am studying the QUIC protocol in depth and using Google's QUICHE library to simulate QUIC connections. In the QUICHE repository, there are two example programs: quiche/quiche/quic/tools/toy_client.cc and quiche/quiche/quic/tools/toy_server.cc, which help me simulate a QUIC client and server.
Since, QUICHE needs to be build separately, I used this example implementation of QUICHE https://github.com/bilibili/quiche.
I used these examples to generate connections between the client and server and captured the packets using a Wireshark. Since both programs run on the terminal (and not in a browser), the SSLKEYLOGFILE.log was not generated explicitly, which I need to decrypt the captured packets.
To solve this, I modified the KeylogCallback function in the quiche/gquiche/quic/core/crypto/tls_server_connection.cc QUICHE library to create a file and append the session keys.
// staticvoid TlsServerConnection::KeylogCallback(const SSL *ssl, const char *line) { const char* filePath = "sskleylogfile.log"; std::ofstream keylogFile(filePath, std::ios::app); if (keylogFile.is_open()) { keylogFile << line << std::endl; keylogFile.close(); } else { std::cerr << "Failed to open file: " << filePath << std::endl; } return;}This effectively generates a SSLKEYLOGFILE and populate it with session keys that I can use to decrypt the packets.
This approach works perfectly for IETF QUIC versions draft29 and 00000001. However, it does not work for Google QUIC versions Q043, Q046, and Q050. In case of Google QUIC, no keys are being appended to the log file and thus I cannot decrypt the packets.
I am building the QUICHE library on Ubuntu 18.04. Due to the older dependencies in this environment, I cannot update the QUICHE library to its latest version.
Could someone help me understand why this might be happening or suggest a way to make it work for Google QUIC versions Q043, Q046, and Q050?
These are the flags I am using to configure the server
./build/simple_quic_server --quic_response_cache_dir=./data/quic-root/ --certificate_file=./data/quic-cert/leaf_cert.pem --key_file=./data/quic-cert/leaf_cert.pkcs8and for client I am explicitly mentioning the version of Q043. If I use draft29 or 00000001, then session keys are generated, but I need if for any of the Q043, Q046 or Q050 versions.
./build/simple_quic_client --disable_certificate_verification=true --host=127.0.0.1 --port=6121 "https://www.example.org/index.html" --multi_packet_chlo=true --quic_version="Q043"