Home | History | Annotate | Download | only in tls 
      1 {
      2  "cells": [
      3   {
      4    "cell_type": "markdown",
      5    "metadata": {},
      6    "source": [
      7     "# TLS 1.3 handshake overview\n",
      8     "This is the basic TLS 1.3 handshake:\n",
      9     "\n",
     10     "<img src=\"images/handshake_tls13.png\" alt=\"Handshake TLS 1.3\" width=\"400\"/>"
     11    ]
     12   },
     13   {
     14    "cell_type": "code",
     15    "execution_count": null,
     16    "metadata": {
     17     "collapsed": true
     18    },
     19    "outputs": [],
     20    "source": [
     21     "from scapy.all import *"
     22    ]
     23   },
     24   {
     25    "cell_type": "code",
     26    "execution_count": null,
     27    "metadata": {},
     28    "outputs": [],
     29    "source": [
     30     "record1_str = open('raw_data/tls_session_13/01_cli.raw').read()\n",
     31     "record1 = TLS(record1_str)\n",
     32     "sess = record1.tls_session\n",
     33     "record1.show()"
     34    ]
     35   },
     36   {
     37    "cell_type": "code",
     38    "execution_count": null,
     39    "metadata": {},
     40    "outputs": [],
     41    "source": [
     42     "record2_str = open('raw_data/tls_session_13/02_srv.raw').read()\n",
     43     "record2 = TLS(record2_str, tls_session=sess.mirror())\n",
     44     "record2.show()"
     45    ]
     46   },
     47   {
     48    "cell_type": "code",
     49    "execution_count": null,
     50    "metadata": {},
     51    "outputs": [],
     52    "source": [
     53     "record3_str = open('raw_data/tls_session_13/03_cli.raw').read()\n",
     54     "record3 = TLS(record3_str, tls_session=sess.mirror())\n",
     55     "record3.show()"
     56    ]
     57   },
     58   {
     59    "cell_type": "code",
     60    "execution_count": null,
     61    "metadata": {
     62     "collapsed": true
     63    },
     64    "outputs": [],
     65    "source": [
     66     "# The PFS relies on the ECDH secret below being kept from observers, and deleted right after the key exchange\n",
     67     "#from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateNumbers\n",
     68     "#from cryptography.hazmat.backends import default_backend\n",
     69     "#secp256r1_client_privkey = open('raw_data/tls_session_13/cli_key.raw').read()\n",
     70     "#pubnum = sess.tls13_client_pubshares[\"secp256r1\"].public_numbers()\n",
     71     "#privnum = EllipticCurvePrivateNumbers(pkcs_os2ip(secp256r1_client_privkey), pubnum)\n",
     72     "#privkey = privnum.private_key(default_backend())\n",
     73     "#sess.tls13_client_privshares[\"secp256r1\"] = privkey"
     74    ]
     75   },
     76   {
     77    "cell_type": "code",
     78    "execution_count": null,
     79    "metadata": {
     80     "scrolled": true
     81    },
     82    "outputs": [],
     83    "source": [
     84     "record4_str = open('raw_data/tls_session_13/04_srv.raw').read()\n",
     85     "record4 = TLS(record4_str, tls_session=sess.mirror())\n",
     86     "record4.show()"
     87    ]
     88   },
     89   {
     90    "cell_type": "code",
     91    "execution_count": null,
     92    "metadata": {},
     93    "outputs": [],
     94    "source": [
     95     "record5_str = open('raw_data/tls_session_13/05_srv.raw').read()\n",
     96     "record5 = TLS(record5_str, tls_session=sess)\n",
     97     "record5.show()"
     98    ]
     99   },
    100   {
    101    "cell_type": "code",
    102    "execution_count": null,
    103    "metadata": {},
    104    "outputs": [],
    105    "source": [
    106     "record6_str = open('raw_data/tls_session_13/06_cli.raw').read()\n",
    107     "record6 = TLS(record6_str, tls_session=sess.mirror())\n",
    108     "record6.show()"
    109    ]
    110   },
    111   {
    112    "cell_type": "markdown",
    113    "metadata": {},
    114    "source": [
    115     "## Observations sur TLS 1.3\n",
    116     "* Certificat dsormais chiffr...\n",
    117     "* ...mais pas le Server Name dans le ClientHello\n",
    118     "* Risques du mode 0-RTT"
    119    ]
    120   }
    121  ],
    122  "metadata": {
    123   "kernelspec": {
    124    "display_name": "Python 2",
    125    "language": "python",
    126    "name": "python2"
    127   },
    128   "language_info": {
    129    "codemirror_mode": {
    130     "name": "ipython",
    131     "version": 2
    132    },
    133    "file_extension": ".py",
    134    "mimetype": "text/x-python",
    135    "name": "python",
    136    "nbconvert_exporter": "python",
    137    "pygments_lexer": "ipython2",
    138    "version": "2.7.13"
    139   }
    140  },
    141  "nbformat": 4,
    142  "nbformat_minor": 2
    143 }
    144