aboutsummaryrefslogtreecommitdiff
path: root/doc/notebooks/tls
diff options
context:
space:
mode:
Diffstat (limited to 'doc/notebooks/tls')
-rw-r--r--doc/notebooks/tls/images/handshake_tls12.pngbin65021 -> 0 bytes
-rw-r--r--doc/notebooks/tls/images/handshake_tls13.pngbin54499 -> 0 bytes
-rw-r--r--doc/notebooks/tls/notebook1_x509.ipynb311
-rw-r--r--doc/notebooks/tls/notebook2_tls_protected.ipynb263
-rw-r--r--doc/notebooks/tls/notebook3_tls_compromised.ipynb123
-rw-r--r--doc/notebooks/tls/notebook4_tls13.ipynb143
-rw-r--r--doc/notebooks/tls/raw_data/pki/ca_cert.derbin908 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/pki/ca_key.derbin1191 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/pki/srv_cert.pem22
-rw-r--r--doc/notebooks/tls/raw_data/pki/srv_key.pem28
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_13/01_cli.rawbin179 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_13/02_srv.rawbin19 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_13/03_cli.rawbin212 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_13/04_srv.rawbin120 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_13/05_srv.rawbin661 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_13/06_cli.rawbin58 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_13/07_srv.rawbin24 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_13/08_cli.rawbin24 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_13/cli_key.raw1
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_compromised/01_cli.rawbin58 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_compromised/02_srv.rawbin1012 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_compromised/03_cli.rawbin326 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_compromised/04_srv.rawbin234 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_compromised/05_cli.rawbin122 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_protected/01_cli.rawbin218 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_protected/02_srv.rawbin89 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_protected/03_srv.rawbin2682 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_protected/04_srv.rawbin831 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_protected/05_cli.rawbin126 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_protected/06_srv.rawbin258 -> 0 bytes
-rw-r--r--doc/notebooks/tls/raw_data/tls_session_protected/07_cli.rawbin507 -> 0 bytes
31 files changed, 0 insertions, 891 deletions
diff --git a/doc/notebooks/tls/images/handshake_tls12.png b/doc/notebooks/tls/images/handshake_tls12.png
deleted file mode 100644
index ecfe61a1..00000000
--- a/doc/notebooks/tls/images/handshake_tls12.png
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/images/handshake_tls13.png b/doc/notebooks/tls/images/handshake_tls13.png
deleted file mode 100644
index 1feed39f..00000000
--- a/doc/notebooks/tls/images/handshake_tls13.png
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/notebook1_x509.ipynb b/doc/notebooks/tls/notebook1_x509.ipynb
deleted file mode 100644
index 7c89dc08..00000000
--- a/doc/notebooks/tls/notebook1_x509.ipynb
+++ /dev/null
@@ -1,311 +0,0 @@
-{
- "cells": [
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "# Notebook 1: X.509 certificates"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## Jupyter notebook cheat sheet"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# Use Shift+Enter to run the current cell\n",
- "print 'Hello!'"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# You may also use Alt+Enter to run the current cell, then create a new cell right below\n",
- "from datetime import datetime\n",
- "print 'This is the time right now: %s' % datetime.now()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# If needed, pause the cell edition with Ctrl-M.\n",
- "# Then you can delete the current cell with D+D. You can also undo cell deletion with Z.\n",
- "# Finally, should Jupyter become stuck in execution, use Kernel/Interrupt from the menu bar.\n",
- "print 'Got it!'"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## Data manipulation with Scapy"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": true
- },
- "outputs": [],
- "source": [
- "from scapy.all import *\n",
- "load_layer('tls')"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "keystr = open('raw_data/pki/ca_key.der', 'rb').read()\n",
- "print repr(keystr)\n",
- "# (btw, you can hide the output of a cell by double-clicking on the left of the output)"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "privkey = RSAPrivateKey(keystr)\n",
- "privkey.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "v = privkey.version\n",
- "print 'The \\'version\\' stripped from any ASN.1 encoding is 0x%02x.' % v.val\n",
- "print 'The \\'version\\' field corresponds to bytes %r.' % raw(v)"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "privkey.version = ASN1_INTEGER(1)\n",
- "privkey.modulus.val *= 2\n",
- "privkey.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "print 'Original data: %r...' % keystr[:13]\n",
- "print 'New version bytes: %r' % raw(privkey.version)\n",
- "print 'New modulus bytes: %r...' % raw(privkey.modulus)[:6]\n",
- "print 'Rebuilt data: %r...' % raw(privkey)[:13]"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {
- "collapsed": true
- },
- "source": [
- "## X.509 certificate features"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# Let's reload the original key, then let's load a certificate associated with it\n",
- "privkey = RSAPrivateKey(keystr)\n",
- "cert = X509_Cert(open('raw_data/pki/ca_cert.der', 'rb').read())\n",
- "cert.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "cert.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.show()\n",
- "cert.tbsCertificate.subject[-1].rdn[0].show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false,
- "scrolled": true
- },
- "outputs": [],
- "source": [
- "cert.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.modulus == privkey.modulus"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "cert.tbsCertificate.extensions[2].show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "cert.signatureAlgorithm.algorithm"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## Scapy crypto tools"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": true
- },
- "outputs": [],
- "source": [
- "# Let's reload the key with Scapy's crypto-enhanced wrapper\n",
- "privkey = PrivKey('raw_data/pki/ca_key.der')"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "privkey.der == keystr"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "print privkey.key\n",
- "print privkey.pubkey"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# We can compute the RSA signature over the part of the certificate which is to be signed\n",
- "privkey.sign(raw(cert.tbsCertificate))"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "cert.signatureValue"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# We can quickly modify a certificate field and update the signature accordingly\n",
- "cert.tbsCertificate.serialNumber.val = 0xdeadcafe\n",
- "cert.tbsCertificate.subject[-1].rdn[0].value.val = 'my new deadcafe CA' \n",
- "cert2 = privkey.resignCert(cert)\n",
- "cert2.show()"
- ]
- }
- ],
- "metadata": {
- "kernelspec": {
- "display_name": "Python 2",
- "language": "python",
- "name": "python2"
- },
- "language_info": {
- "codemirror_mode": {
- "name": "ipython",
- "version": 2
- },
- "file_extension": ".py",
- "mimetype": "text/x-python",
- "name": "python",
- "nbconvert_exporter": "python",
- "pygments_lexer": "ipython2",
- "version": "2.7.13"
- }
- },
- "nbformat": 4,
- "nbformat_minor": 2
-}
diff --git a/doc/notebooks/tls/notebook2_tls_protected.ipynb b/doc/notebooks/tls/notebook2_tls_protected.ipynb
deleted file mode 100644
index 726581e8..00000000
--- a/doc/notebooks/tls/notebook2_tls_protected.ipynb
+++ /dev/null
@@ -1,263 +0,0 @@
-{
- "cells": [
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "# TLS handshake overview\n",
- "This is the standard, modern TLS 1.2 handshake:\n",
- "\n",
- "<img src=\"images/handshake_tls12.png\" alt=\"Handshake TLS 1.2\" width=\"400\"/>"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": true
- },
- "outputs": [],
- "source": [
- "# We're going to parse several successive records from the passive listening of a standard TLS handshake\n",
- "from scapy.all import *"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## (C) ---> (S) ClientHello"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record1 = TLS(open('raw_data/tls_session_protected/01_cli.raw').read())\n",
- "record1.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "for extension in record1.msg[0].ext:\n",
- " print ''\n",
- " extension.show()"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## (C) <--- (S) ServerHello"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record2 = TLS(open('raw_data/tls_session_protected/02_srv.raw').read())\n",
- "record2.show()"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## (C) <--- (S) Certificate"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record3 = TLS(open('raw_data/tls_session_protected/03_srv.raw').read())\n",
- "record3.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# The Certificate message actually contains a *chain* of certificates\n",
- "for cert in record3.msg[0].certs:\n",
- " print type(cert[1])\n",
- " cert[1].show()\n",
- " print ''"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# Let's recall the domain that the client wants to access\n",
- "record1.msg[0].ext[0].show()\n",
- "\n",
- "# Indeed the certificate may be used with other domains than its CN 'www.github.com'\n",
- "x509c = record3.msg[0].certs[0][1].x509Cert\n",
- "print type(x509c)\n",
- "x509c.tbsCertificate.extensions[2].show()"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## (C) <--- (S) CertificateStatus, ServerKeyExchange, ServerHelloDone"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# Here the server sent three TLS records in the same TCP segment\n",
- "record4 = TLS(open('raw_data/tls_session_protected/04_srv.raw').read())\n",
- "record4.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# Let's verify the signature in the ServerKeyExchange\n",
- "# First, we need to assemble the whole data being signed\n",
- "cli_random = pkcs_i2osp(record1.msg[0].gmt_unix_time, 4) + record1.msg[0].random_bytes\n",
- "srv_random = pkcs_i2osp(record2.msg[0].gmt_unix_time, 4) + record2.msg[0].random_bytes\n",
- "ecdh_params = str(record4[TLSServerKeyExchange].params)\n",
- "\n",
- "# Then we retrieve the server's Cert and verify the signature\n",
- "cert_srv = record3.msg[0].certs[0][1]\n",
- "cert_srv.verify(cli_random + srv_random + ecdh_params, record4[TLSServerKeyExchange].sig.sig_val, h='sha512')"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {
- "collapsed": true
- },
- "source": [
- "## (C) ---> (S) ClientKeyExchange, ChangeCipherSpec, Finished"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record5_str = open('raw_data/tls_session_protected/05_cli.raw').read()\n",
- "record5 = TLS(record5_str)\n",
- "record5.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "# Every record has a 'tls_session' context which may enhance the parsing of later records\n",
- "record5 = TLS(record5_str, tls_session=record2.tls_session.mirror())\n",
- "record5.show()"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## (C) <--- (S) NewSessionTicket, ChangeCipherSpec, Finished"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record6_str = open('raw_data/tls_session_protected/06_srv.raw').read()\n",
- "record6 = TLS(record6_str, tls_session=record5.tls_session.mirror())\n",
- "record6.show()"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## (C) ---> (S) ApplicationData"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record7_str = open('raw_data/tls_session_protected/07_cli.raw').read()\n",
- "record7 = TLS(record7_str, tls_session=record6.tls_session.mirror())\n",
- "record7.show()"
- ]
- }
- ],
- "metadata": {
- "kernelspec": {
- "display_name": "Python 2",
- "language": "python",
- "name": "python2"
- },
- "language_info": {
- "codemirror_mode": {
- "name": "ipython",
- "version": 2
- },
- "file_extension": ".py",
- "mimetype": "text/x-python",
- "name": "python",
- "nbconvert_exporter": "python",
- "pygments_lexer": "ipython2",
- "version": "2.7.13"
- }
- },
- "nbformat": 4,
- "nbformat_minor": 2
-}
diff --git a/doc/notebooks/tls/notebook3_tls_compromised.ipynb b/doc/notebooks/tls/notebook3_tls_compromised.ipynb
deleted file mode 100644
index 4a879a3c..00000000
--- a/doc/notebooks/tls/notebook3_tls_compromised.ipynb
+++ /dev/null
@@ -1,123 +0,0 @@
-{
- "cells": [
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "# The lack of PFS: a danger to privacy"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": true
- },
- "outputs": [],
- "source": [
- "from scapy.all import *"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record1_str = open('raw_data/tls_session_compromised/01_cli.raw').read()\n",
- "record1 = TLS(record1_str)\n",
- "record1.msg[0].show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false,
- "scrolled": true
- },
- "outputs": [],
- "source": [
- "record2_str = open('raw_data/tls_session_compromised/02_srv.raw').read()\n",
- "record2 = TLS(record2_str, tls_session=record1.tls_session.mirror())\n",
- "record2.msg[0].show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": true
- },
- "outputs": [],
- "source": [
- "# Suppose we possess the private key of the server\n",
- "# Try registering it to the session\n",
- "#key = PrivKey('raw_data/pki/srv_key.pem')\n",
- "#record2.tls_session.server_rsa_key = key"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record3_str = open('raw_data/tls_session_compromised/03_cli.raw').read()\n",
- "record3 = TLS(record3_str, tls_session=record2.tls_session.mirror())\n",
- "record3.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record4_str = open('raw_data/tls_session_compromised/04_srv.raw').read()\n",
- "record4 = TLS(record4_str, tls_session=record3.tls_session.mirror())\n",
- "record4.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": false
- },
- "outputs": [],
- "source": [
- "record5_str = open('raw_data/tls_session_compromised/05_cli.raw').read()\n",
- "record5 = TLS(record5_str, tls_session=record4.tls_session.mirror())\n",
- "record5.show()"
- ]
- }
- ],
- "metadata": {
- "kernelspec": {
- "display_name": "Python 2",
- "language": "python",
- "name": "python2"
- },
- "language_info": {
- "codemirror_mode": {
- "name": "ipython",
- "version": 2
- },
- "file_extension": ".py",
- "mimetype": "text/x-python",
- "name": "python",
- "nbconvert_exporter": "python",
- "pygments_lexer": "ipython2",
- "version": "2.7.13"
- }
- },
- "nbformat": 4,
- "nbformat_minor": 2
-}
diff --git a/doc/notebooks/tls/notebook4_tls13.ipynb b/doc/notebooks/tls/notebook4_tls13.ipynb
deleted file mode 100644
index 39dbd2d2..00000000
--- a/doc/notebooks/tls/notebook4_tls13.ipynb
+++ /dev/null
@@ -1,143 +0,0 @@
-{
- "cells": [
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "# TLS 1.3 handshake overview\n",
- "This is the basic TLS 1.3 handshake:\n",
- "\n",
- "<img src=\"images/handshake_tls13.png\" alt=\"Handshake TLS 1.3\" width=\"400\"/>"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": true
- },
- "outputs": [],
- "source": [
- "from scapy.all import *"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {},
- "outputs": [],
- "source": [
- "record1_str = open('raw_data/tls_session_13/01_cli.raw').read()\n",
- "record1 = TLS(record1_str)\n",
- "sess = record1.tls_session\n",
- "record1.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {},
- "outputs": [],
- "source": [
- "record2_str = open('raw_data/tls_session_13/02_srv.raw').read()\n",
- "record2 = TLS(record2_str, tls_session=sess.mirror())\n",
- "record2.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {},
- "outputs": [],
- "source": [
- "record3_str = open('raw_data/tls_session_13/03_cli.raw').read()\n",
- "record3 = TLS(record3_str, tls_session=sess.mirror())\n",
- "record3.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "collapsed": true
- },
- "outputs": [],
- "source": [
- "# The PFS relies on the ECDH secret below being kept from observers, and deleted right after the key exchange\n",
- "#from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateNumbers\n",
- "#from cryptography.hazmat.backends import default_backend\n",
- "#secp256r1_client_privkey = open('raw_data/tls_session_13/cli_key.raw').read()\n",
- "#pubnum = sess.tls13_client_pubshares[\"secp256r1\"].public_numbers()\n",
- "#privnum = EllipticCurvePrivateNumbers(pkcs_os2ip(secp256r1_client_privkey), pubnum)\n",
- "#privkey = privnum.private_key(default_backend())\n",
- "#sess.tls13_client_privshares[\"secp256r1\"] = privkey"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {
- "scrolled": true
- },
- "outputs": [],
- "source": [
- "record4_str = open('raw_data/tls_session_13/04_srv.raw').read()\n",
- "record4 = TLS(record4_str, tls_session=sess.mirror())\n",
- "record4.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {},
- "outputs": [],
- "source": [
- "record5_str = open('raw_data/tls_session_13/05_srv.raw').read()\n",
- "record5 = TLS(record5_str, tls_session=sess)\n",
- "record5.show()"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {},
- "outputs": [],
- "source": [
- "record6_str = open('raw_data/tls_session_13/06_cli.raw').read()\n",
- "record6 = TLS(record6_str, tls_session=sess.mirror())\n",
- "record6.show()"
- ]
- },
- {
- "cell_type": "markdown",
- "metadata": {},
- "source": [
- "## Observations sur TLS 1.3\n",
- "* Certificat désormais chiffré...\n",
- "* ...mais pas le Server Name dans le ClientHello\n",
- "* Risques du mode 0-RTT"
- ]
- }
- ],
- "metadata": {
- "kernelspec": {
- "display_name": "Python 2",
- "language": "python",
- "name": "python2"
- },
- "language_info": {
- "codemirror_mode": {
- "name": "ipython",
- "version": 2
- },
- "file_extension": ".py",
- "mimetype": "text/x-python",
- "name": "python",
- "nbconvert_exporter": "python",
- "pygments_lexer": "ipython2",
- "version": "2.7.13"
- }
- },
- "nbformat": 4,
- "nbformat_minor": 2
-}
diff --git a/doc/notebooks/tls/raw_data/pki/ca_cert.der b/doc/notebooks/tls/raw_data/pki/ca_cert.der
deleted file mode 100644
index ff9ea20b..00000000
--- a/doc/notebooks/tls/raw_data/pki/ca_cert.der
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/pki/ca_key.der b/doc/notebooks/tls/raw_data/pki/ca_key.der
deleted file mode 100644
index 675124e9..00000000
--- a/doc/notebooks/tls/raw_data/pki/ca_key.der
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/pki/srv_cert.pem b/doc/notebooks/tls/raw_data/pki/srv_cert.pem
deleted file mode 100644
index e559f326..00000000
--- a/doc/notebooks/tls/raw_data/pki/srv_cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIJAP4EVw3HJ+n2MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV
-BAYTAk1OMRQwEgYDVQQHDAtVbGFhbmJhYXRhcjEXMBUGA1UECwwOU2NhcHkgVGVz
-dCBQS0kxFjAUBgNVBAMMDVNjYXB5IFRlc3QgQ0EwHhcNMTYwOTE2MTAyODExWhcN
-MjYwOTE1MTAyODExWjBYMQswCQYDVQQGEwJNTjEUMBIGA1UEBwwLVWxhYW5iYWF0
-YXIxFzAVBgNVBAsMDlNjYXB5IFRlc3QgUEtJMRowGAYDVQQDDBFTY2FweSBUZXN0
-IFNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzx8ZtgLWCu
-8pgNJynZwAlZTA9KMKhS3+WxIZ9Pwz1Wk91fxvez9lWL55Li3vKFSbShLPT9dqhn
-ygQgYBEYpvKptqYd2arl2duv5q9VV5//Uoll5oBigCGUvM+BG8tnwp21BXcEpseI
-GIB4aJU23pcbtmGHQhp1mEWC6z4yEcibhkI5jU0St1gbGfOdK6GYgsrXOyT7CTmw
-vMKVz4IpdRYpP0IgFytNQIxWbK26DzSFsX9AeXF4t6UEu5T3tUGV7nzrjQx5aFnv
-y7P6Pnge7mdMet3gme/a5++yCV2+gCAhBYMsRNtdKnYppbAjiHQHVCLWKXqS9W8t
-nuf4JiucWGUCAwEAAaNvMG0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O
-BBYEFKErIHDSa4DlZbzrAw+In3St3fYTMB8GA1UdIwQYMBaAFGZTlPQV0b1naLBR
-NzI14aSq3gd8MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IB
-AQCBiJJza5PnldbdQe6OHr2jSFinQTU/e33QN5gOuCyUd8hRNkCtWQkoyFbW6lus
-tNg/aLdmyuFWN6kAZepRyeyyaUld+ePA7WFUyRKfxrAKc1XoVTVg7xw28NrRkHdW
-BLirOO73CcWlmJAj6h/bFX8yKIGrm4UCS5XnN1F7G0gu+z5Sow20RqmSOhwf1woe
-WEr6LlGPKcYeuA4xDnPxJ4gXyshpDPqDzbN5DhSwuJsvOi0J4/wG8Dpu/TY7KxoJ
-KuirX4xA5IGyvPeDZxFuTpPqIq//o5p3V3bQCzis+IqUNY7X1GHMAf8ktI9hI7qI
-11nk6boqTrUVD5zQ6gaR2d6r
------END CERTIFICATE-----
diff --git a/doc/notebooks/tls/raw_data/pki/srv_key.pem b/doc/notebooks/tls/raw_data/pki/srv_key.pem
deleted file mode 100644
index 62248e3e..00000000
--- a/doc/notebooks/tls/raw_data/pki/srv_key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDM8fGbYC1grvKY
-DScp2cAJWUwPSjCoUt/lsSGfT8M9VpPdX8b3s/ZVi+eS4t7yhUm0oSz0/XaoZ8oE
-IGARGKbyqbamHdmq5dnbr+avVVef/1KJZeaAYoAhlLzPgRvLZ8KdtQV3BKbHiBiA
-eGiVNt6XG7Zhh0IadZhFgus+MhHIm4ZCOY1NErdYGxnznSuhmILK1zsk+wk5sLzC
-lc+CKXUWKT9CIBcrTUCMVmytug80hbF/QHlxeLelBLuU97VBle58640MeWhZ78uz
-+j54Hu5nTHrd4Jnv2ufvsgldvoAgIQWDLETbXSp2KaWwI4h0B1Qi1il6kvVvLZ7n
-+CYrnFhlAgMBAAECggEAIPA9uZAimuhjOwbaJYLGt3nvnIF7AoKXU449biJeqawR
-hcHP852r2KHsrRHjbSz45JwG4rUd7gEIWdNuPTEuG9Ak99vSUQIyGnnR5JodxCw/
-8q869aVfHIaQNfV1JyLdB4XBhBhuSaFY9sTjYh/4dGbS0Cfx+titiXZ6InvfmdMD
-eLd/ZO35/BwtWN3J2ntRziTTREKLeEYFEe7FtXKGwDGIsvVn7egckefKMnflhMFA
-SuoPn2VvTqmhiwSuATdx1TP4XOVdVzuL2wT7brS7qHvabRDBKdVOfrNGOoMdnnua
-ursIQjQindNT8kVK8EGxws9eFr/dooYYFR72IusTfQKBgQDuQBzzKEtt86uRCbZX
-Y3lu0MJnR5OOodfGBBYF9Ue+W3OJTd9EvXLSgLBLvwirB7lsNXgXf8LHCTQOtF3H
-lnB8jE5OFSDGeSKWmUwZS+KVzq8vy7Qylp9i6x4pElwGUeba6AqeZZ+jUUn/HzdB
-s2pO8YWqyOp/Zo/m8P+vPZN4fwKBgQDcNqJ4Dutt/i60E9kaktGQVQODRNMhYCEq
-E5fhwJiZ0E9FBeuKPKjo7dGIux3KPQPBv3T0zjmB+M5QERVe5/ID8iytgbHGlnsg
-916iTN9rvi1Gk518vyFPsYjX9pPiQIayRBQKOXSYIkY+6rj2384XPRlZrN8D9n3Q
-+An1JXfdGwKBgDs3YjqpnD3i35S4BkMoLUl2x6rl5m4AGeJUp6ipc0CD+G57FXA/
-aieZ5rec7qmbzOFxVLz6e03/Ipo5CEoQQTsjoF7V74SFHSyzQ2/SJao4aeCGT+52
-83yhlah9sLO9bZShMep2tbvg+3RWrOQ+lMC0VRXCxE4QDtpGsjY7Jsk/AoGAPstV
-iOa4O6U/rBn8zpcPKxkS51u42MuQqW7s4HMLENFVyVjm0YR6pfEqztKMrB6584Wk
-1Cn6PBW2vx4f+fAqEvX7x340M2y1r7DaS22gSBjy0C1Hu0rFNPRrESo/AUVlI3BG
-RqQbm0YqwcYs+DjZi8bgc7HX5kljlzMjo8QLagECgYA1DHAWv4WVrHt4I8V4ZCth
-9DZEtEOFpYjuoFh/xSIMZLsnvWRuyYVWcQwAqmK0Ew4m5opHFsQzABeGLVsK5aHX
-zmbYiRUuZGVpyc7c5XXomw50X8ajfQ+P21OPPc33h96cdHi2qbJIejZPia6A6ThU
-u13D93hAM6bzH6Ds5FPUQw==
------END PRIVATE KEY-----
diff --git a/doc/notebooks/tls/raw_data/tls_session_13/01_cli.raw b/doc/notebooks/tls/raw_data/tls_session_13/01_cli.raw
deleted file mode 100644
index 72026944..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_13/01_cli.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_13/02_srv.raw b/doc/notebooks/tls/raw_data/tls_session_13/02_srv.raw
deleted file mode 100644
index 3c119721..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_13/02_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_13/03_cli.raw b/doc/notebooks/tls/raw_data/tls_session_13/03_cli.raw
deleted file mode 100644
index b526cd70..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_13/03_cli.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_13/04_srv.raw b/doc/notebooks/tls/raw_data/tls_session_13/04_srv.raw
deleted file mode 100644
index 469e99d5..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_13/04_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_13/05_srv.raw b/doc/notebooks/tls/raw_data/tls_session_13/05_srv.raw
deleted file mode 100644
index 03253fcc..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_13/05_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_13/06_cli.raw b/doc/notebooks/tls/raw_data/tls_session_13/06_cli.raw
deleted file mode 100644
index 127631c0..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_13/06_cli.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_13/07_srv.raw b/doc/notebooks/tls/raw_data/tls_session_13/07_srv.raw
deleted file mode 100644
index 99f5f8dd..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_13/07_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_13/08_cli.raw b/doc/notebooks/tls/raw_data/tls_session_13/08_cli.raw
deleted file mode 100644
index 7d2a14f1..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_13/08_cli.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_13/cli_key.raw b/doc/notebooks/tls/raw_data/tls_session_13/cli_key.raw
deleted file mode 100644
index 46873d54..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_13/cli_key.raw
+++ /dev/null
@@ -1 +0,0 @@
-HS؝`6&]9-vmBN \ No newline at end of file
diff --git a/doc/notebooks/tls/raw_data/tls_session_compromised/01_cli.raw b/doc/notebooks/tls/raw_data/tls_session_compromised/01_cli.raw
deleted file mode 100644
index 1b795921..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_compromised/01_cli.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_compromised/02_srv.raw b/doc/notebooks/tls/raw_data/tls_session_compromised/02_srv.raw
deleted file mode 100644
index 229cb52b..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_compromised/02_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_compromised/03_cli.raw b/doc/notebooks/tls/raw_data/tls_session_compromised/03_cli.raw
deleted file mode 100644
index ef4ce690..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_compromised/03_cli.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_compromised/04_srv.raw b/doc/notebooks/tls/raw_data/tls_session_compromised/04_srv.raw
deleted file mode 100644
index f7989555..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_compromised/04_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_compromised/05_cli.raw b/doc/notebooks/tls/raw_data/tls_session_compromised/05_cli.raw
deleted file mode 100644
index 5093c28c..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_compromised/05_cli.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_protected/01_cli.raw b/doc/notebooks/tls/raw_data/tls_session_protected/01_cli.raw
deleted file mode 100644
index a9080e84..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_protected/01_cli.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_protected/02_srv.raw b/doc/notebooks/tls/raw_data/tls_session_protected/02_srv.raw
deleted file mode 100644
index 54191d0b..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_protected/02_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_protected/03_srv.raw b/doc/notebooks/tls/raw_data/tls_session_protected/03_srv.raw
deleted file mode 100644
index 282b5884..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_protected/03_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_protected/04_srv.raw b/doc/notebooks/tls/raw_data/tls_session_protected/04_srv.raw
deleted file mode 100644
index 3af6ae2e..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_protected/04_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_protected/05_cli.raw b/doc/notebooks/tls/raw_data/tls_session_protected/05_cli.raw
deleted file mode 100644
index 8033eecc..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_protected/05_cli.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_protected/06_srv.raw b/doc/notebooks/tls/raw_data/tls_session_protected/06_srv.raw
deleted file mode 100644
index 05787298..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_protected/06_srv.raw
+++ /dev/null
Binary files differ
diff --git a/doc/notebooks/tls/raw_data/tls_session_protected/07_cli.raw b/doc/notebooks/tls/raw_data/tls_session_protected/07_cli.raw
deleted file mode 100644
index 133d484b..00000000
--- a/doc/notebooks/tls/raw_data/tls_session_protected/07_cli.raw
+++ /dev/null
Binary files differ
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 23:02:21 +0000