1{
2 "cells": [
3  {
4   "cell_type": "markdown",
5   "metadata": {},
6   "source": [
7    "# TLS 1.3 handshake overview\n",
8    "This is the basic TLS 1.3 handshake:\n",
9    "\n",
10    "<img src=\"images/handshake_tls13.png\" alt=\"Handshake TLS 1.3\" width=\"400\"/>"
11   ]
12  },
13  {
14   "cell_type": "code",
15   "execution_count": null,
16   "metadata": {
17    "collapsed": true
18   },
19   "outputs": [],
20   "source": [
21    "from scapy.all import *"
22   ]
23  },
24  {
25   "cell_type": "code",
26   "execution_count": null,
27   "metadata": {},
28   "outputs": [],
29   "source": [
30    "record1_str = open('raw_data/tls_session_13/01_cli.raw').read()\n",
31    "record1 = TLS(record1_str)\n",
32    "sess = record1.tls_session\n",
33    "record1.show()"
34   ]
35  },
36  {
37   "cell_type": "code",
38   "execution_count": null,
39   "metadata": {},
40   "outputs": [],
41   "source": [
42    "record2_str = open('raw_data/tls_session_13/02_srv.raw').read()\n",
43    "record2 = TLS(record2_str, tls_session=sess.mirror())\n",
44    "record2.show()"
45   ]
46  },
47  {
48   "cell_type": "code",
49   "execution_count": null,
50   "metadata": {},
51   "outputs": [],
52   "source": [
53    "record3_str = open('raw_data/tls_session_13/03_cli.raw').read()\n",
54    "record3 = TLS(record3_str, tls_session=sess.mirror())\n",
55    "record3.show()"
56   ]
57  },
58  {
59   "cell_type": "code",
60   "execution_count": null,
61   "metadata": {
62    "collapsed": true
63   },
64   "outputs": [],
65   "source": [
66    "# The PFS relies on the ECDH secret below being kept from observers, and deleted right after the key exchange\n",
67    "#from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateNumbers\n",
68    "#from cryptography.hazmat.backends import default_backend\n",
69    "#secp256r1_client_privkey = open('raw_data/tls_session_13/cli_key.raw').read()\n",
70    "#pubnum = sess.tls13_client_pubshares[\"secp256r1\"].public_numbers()\n",
71    "#privnum = EllipticCurvePrivateNumbers(pkcs_os2ip(secp256r1_client_privkey), pubnum)\n",
72    "#privkey = privnum.private_key(default_backend())\n",
73    "#sess.tls13_client_privshares[\"secp256r1\"] = privkey"
74   ]
75  },
76  {
77   "cell_type": "code",
78   "execution_count": null,
79   "metadata": {
80    "scrolled": true
81   },
82   "outputs": [],
83   "source": [
84    "record4_str = open('raw_data/tls_session_13/04_srv.raw').read()\n",
85    "record4 = TLS(record4_str, tls_session=sess.mirror())\n",
86    "record4.show()"
87   ]
88  },
89  {
90   "cell_type": "code",
91   "execution_count": null,
92   "metadata": {},
93   "outputs": [],
94   "source": [
95    "record5_str = open('raw_data/tls_session_13/05_srv.raw').read()\n",
96    "record5 = TLS(record5_str, tls_session=sess)\n",
97    "record5.show()"
98   ]
99  },
100  {
101   "cell_type": "code",
102   "execution_count": null,
103   "metadata": {},
104   "outputs": [],
105   "source": [
106    "record6_str = open('raw_data/tls_session_13/06_cli.raw').read()\n",
107    "record6 = TLS(record6_str, tls_session=sess.mirror())\n",
108    "record6.show()"
109   ]
110  },
111  {
112   "cell_type": "markdown",
113   "metadata": {},
114   "source": [
115    "## Observations sur TLS 1.3\n",
116    "* Certificat désormais chiffré...\n",
117    "* ...mais pas le Server Name dans le ClientHello\n",
118    "* Risques du mode 0-RTT"
119   ]
120  }
121 ],
122 "metadata": {
123  "kernelspec": {
124   "display_name": "Python 2",
125   "language": "python",
126   "name": "python2"
127  },
128  "language_info": {
129   "codemirror_mode": {
130    "name": "ipython",
131    "version": 2
132   },
133   "file_extension": ".py",
134   "mimetype": "text/x-python",
135   "name": "python",
136   "nbconvert_exporter": "python",
137   "pygments_lexer": "ipython2",
138   "version": "2.7.13"
139  }
140 },
141 "nbformat": 4,
142 "nbformat_minor": 2
143}
144