{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# TLS 1.3 handshake overview\n", "This is the basic TLS 1.3 handshake:\n", "\n", "\"Handshake" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true }, "outputs": [], "source": [ "from scapy.all import *" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "record1_str = open('raw_data/tls_session_13/01_cli.raw').read()\n", "record1 = TLS(record1_str)\n", "sess = record1.tls_session\n", "record1.show()" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "record2_str = open('raw_data/tls_session_13/02_srv.raw').read()\n", "record2 = TLS(record2_str, tls_session=sess.mirror())\n", "record2.show()" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "record3_str = open('raw_data/tls_session_13/03_cli.raw').read()\n", "record3 = TLS(record3_str, tls_session=sess.mirror())\n", "record3.show()" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true }, "outputs": [], "source": [ "# The PFS relies on the ECDH secret below being kept from observers, and deleted right after the key exchange\n", "#from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateNumbers\n", "#from cryptography.hazmat.backends import default_backend\n", "#secp256r1_client_privkey = open('raw_data/tls_session_13/cli_key.raw').read()\n", "#pubnum = sess.tls13_client_pubshares[\"secp256r1\"].public_numbers()\n", "#privnum = EllipticCurvePrivateNumbers(pkcs_os2ip(secp256r1_client_privkey), pubnum)\n", "#privkey = privnum.private_key(default_backend())\n", "#sess.tls13_client_privshares[\"secp256r1\"] = privkey" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "scrolled": true }, "outputs": [], "source": [ "record4_str = open('raw_data/tls_session_13/04_srv.raw').read()\n", "record4 = TLS(record4_str, tls_session=sess.mirror())\n", "record4.show()" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "record5_str = open('raw_data/tls_session_13/05_srv.raw').read()\n", "record5 = TLS(record5_str, tls_session=sess)\n", "record5.show()" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "record6_str = open('raw_data/tls_session_13/06_cli.raw').read()\n", "record6 = TLS(record6_str, tls_session=sess.mirror())\n", "record6.show()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Observations sur TLS 1.3\n", "* Certificat désormais chiffré...\n", "* ...mais pas le Server Name dans le ClientHello\n", "* Risques du mode 0-RTT" ] } ], "metadata": { "kernelspec": { "display_name": "Python 2", "language": "python", "name": "python2" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 2 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython2", "version": "2.7.13" } }, "nbformat": 4, "nbformat_minor": 2 }