doc/notebooks/tls/notebook4_tls13.ipynb - platform/external/scapy - Git at Google

 {
  "cells": [
   {
    "cell_type": "markdown",
    "metadata": {},
    "source": [
     "# TLS 1.3 handshake overview\n",
     "This is the basic TLS 1.3 handshake:\n",
     "\n",
     "<img src=\"images/handshake_tls13.png\" alt=\"Handshake TLS 1.3\" width=\"400\"/>"
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {
     "collapsed": true
    },
    "outputs": [],
    "source": [
     "from scapy.all import *"
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {},
    "outputs": [],
    "source": [
     "record1_str = open('raw_data/tls_session_13/01_cli.raw').read()\n",
     "record1 = TLS(record1_str)\n",
     "sess = record1.tls_session\n",
     "record1.show()"
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {},
    "outputs": [],
    "source": [
     "record2_str = open('raw_data/tls_session_13/02_srv.raw').read()\n",
     "record2 = TLS(record2_str, tls_session=sess.mirror())\n",
     "record2.show()"
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {},
    "outputs": [],
    "source": [
     "record3_str = open('raw_data/tls_session_13/03_cli.raw').read()\n",
     "record3 = TLS(record3_str, tls_session=sess.mirror())\n",
     "record3.show()"
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {
     "collapsed": true
    },
    "outputs": [],
    "source": [
     "# The PFS relies on the ECDH secret below being kept from observers, and deleted right after the key exchange\n",
     "#from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateNumbers\n",
     "#from cryptography.hazmat.backends import default_backend\n",
     "#secp256r1_client_privkey = open('raw_data/tls_session_13/cli_key.raw').read()\n",
     "#pubnum = sess.tls13_client_pubshares[\"secp256r1\"].public_numbers()\n",
     "#privnum = EllipticCurvePrivateNumbers(pkcs_os2ip(secp256r1_client_privkey), pubnum)\n",
     "#privkey = privnum.private_key(default_backend())\n",
     "#sess.tls13_client_privshares[\"secp256r1\"] = privkey"
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {
     "scrolled": true
    },
    "outputs": [],
    "source": [
     "record4_str = open('raw_data/tls_session_13/04_srv.raw').read()\n",
     "record4 = TLS(record4_str, tls_session=sess.mirror())\n",
     "record4.show()"
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {},
    "outputs": [],
    "source": [
     "record5_str = open('raw_data/tls_session_13/05_srv.raw').read()\n",
     "record5 = TLS(record5_str, tls_session=sess)\n",
     "record5.show()"
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {},
    "outputs": [],
    "source": [
     "record6_str = open('raw_data/tls_session_13/06_cli.raw').read()\n",
     "record6 = TLS(record6_str, tls_session=sess.mirror())\n",
     "record6.show()"
    ]
   },
   {
    "cell_type": "markdown",
    "metadata": {},
    "source": [
     "## Observations sur TLS 1.3\n",
     "* Certificat désormais chiffré...\n",
     "* ...mais pas le Server Name dans le ClientHello\n",
     "* Risques du mode 0-RTT"
    ]
   }
  ],
  "metadata": {
   "kernelspec": {
    "display_name": "Python 2",
    "language": "python",
    "name": "python2"
   },
   "language_info": {
    "codemirror_mode": {
     "name": "ipython",
     "version": 2
    },
    "file_extension": ".py",
    "mimetype": "text/x-python",
    "name": "python",
    "nbconvert_exporter": "python",
    "pygments_lexer": "ipython2",
    "version": "2.7.13"
   }
  },
  "nbformat": 4,
  "nbformat_minor": 2
 }
	{
	"cells": [
	{
	"cell_type": "markdown",
	"metadata": {},
	"source": [
	"# TLS 1.3 handshake overview\n",
	"This is the basic TLS 1.3 handshake:\n",
	"\n",
	"<img src=\"images/handshake_tls13.png\" alt=\"Handshake TLS 1.3\" width=\"400\"/>"
	]
	},
	{
	"cell_type": "code",
	"execution_count": null,
	"metadata": {
	"collapsed": true
	},
	"outputs": [],
	"source": [
	"from scapy.all import *"
	]
	},
	{
	"cell_type": "code",
	"execution_count": null,
	"metadata": {},
	"outputs": [],
	"source": [
	"record1_str = open('raw_data/tls_session_13/01_cli.raw').read()\n",
	"record1 = TLS(record1_str)\n",
	"sess = record1.tls_session\n",
	"record1.show()"
	]
	},
	{
	"cell_type": "code",
	"execution_count": null,
	"metadata": {},
	"outputs": [],
	"source": [
	"record2_str = open('raw_data/tls_session_13/02_srv.raw').read()\n",
	"record2 = TLS(record2_str, tls_session=sess.mirror())\n",
	"record2.show()"
	]
	},
	{
	"cell_type": "code",
	"execution_count": null,
	"metadata": {},
	"outputs": [],
	"source": [
	"record3_str = open('raw_data/tls_session_13/03_cli.raw').read()\n",
	"record3 = TLS(record3_str, tls_session=sess.mirror())\n",
	"record3.show()"
	]
	},
	{
	"cell_type": "code",
	"execution_count": null,
	"metadata": {
	"collapsed": true
	},
	"outputs": [],
	"source": [
	"# The PFS relies on the ECDH secret below being kept from observers, and deleted right after the key exchange\n",
	"#from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateNumbers\n",
	"#from cryptography.hazmat.backends import default_backend\n",
	"#secp256r1_client_privkey = open('raw_data/tls_session_13/cli_key.raw').read()\n",
	"#pubnum = sess.tls13_client_pubshares[\"secp256r1\"].public_numbers()\n",
	"#privnum = EllipticCurvePrivateNumbers(pkcs_os2ip(secp256r1_client_privkey), pubnum)\n",
	"#privkey = privnum.private_key(default_backend())\n",
	"#sess.tls13_client_privshares[\"secp256r1\"] = privkey"
	]
	},
	{
	"cell_type": "code",
	"execution_count": null,
	"metadata": {
	"scrolled": true
	},
	"outputs": [],
	"source": [
	"record4_str = open('raw_data/tls_session_13/04_srv.raw').read()\n",
	"record4 = TLS(record4_str, tls_session=sess.mirror())\n",
	"record4.show()"
	]
	},
	{
	"cell_type": "code",
	"execution_count": null,
	"metadata": {},
	"outputs": [],
	"source": [
	"record5_str = open('raw_data/tls_session_13/05_srv.raw').read()\n",
	"record5 = TLS(record5_str, tls_session=sess)\n",
	"record5.show()"
	]
	},
	{
	"cell_type": "code",
	"execution_count": null,
	"metadata": {},
	"outputs": [],
	"source": [
	"record6_str = open('raw_data/tls_session_13/06_cli.raw').read()\n",
	"record6 = TLS(record6_str, tls_session=sess.mirror())\n",
	"record6.show()"
	]
	},
	{
	"cell_type": "markdown",
	"metadata": {},
	"source": [
	"## Observations sur TLS 1.3\n",
	"* Certificat désormais chiffré...\n",
	"* ...mais pas le Server Name dans le ClientHello\n",
	"* Risques du mode 0-RTT"
	]
	}
	],
	"metadata": {
	"kernelspec": {
	"display_name": "Python 2",
	"language": "python",
	"name": "python2"
	},
	"language_info": {
	"codemirror_mode": {
	"name": "ipython",
	"version": 2
	},
	"file_extension": ".py",
	"mimetype": "text/x-python",
	"name": "python",
	"nbconvert_exporter": "python",
	"pygments_lexer": "ipython2",
	"version": "2.7.13"
	}
	},
	"nbformat": 4,
	"nbformat_minor": 2
	}