Simulate TLS 1.3

To understand TLS 1.3, https://tls13.ulfheim.net/ is useful, but unfortunately it contains several discrepancies if you want to follow it in detail (eg. labels are not complete). For the detail, https://tools.ietf.org/html/rfc8448 is better. Unfortunately, Win 8.1 does not support x25519, so the best I could come up with was a simulation without generating the Agreed Secret.

Like previous cryptographic protocols, TLS 1.3 uses a Session Hash. Unlike previous protocols, it uses 2 sets of keys and encrypts part of the handshake. The Session Hash uses the decrypted data, and Write keys on the Server are Read keys on the Client (and visa versa).

The attached program attempts to duplicate the steps in the IETF trace example for the Simple 1-RTT Handshake, separating the Client steps from the Server. In the Client and Server portions, the Hash is not calculated or shown, as it is included in the Info. Clicking "Client" or "Server" takes you to the first step of calculating the "Early Secret". Using the "Enter" key advances through each step until the keys are summarized at the end.

The Key options on the other hand don't show all the information used, the Session Hash is calculated, and calculations are made as soon as the information is available.

The next step will be to add the actual encryption/decryption as well as the application data.

J.A. Coutts

Attached Images

Image may be NSFW.
Clik here to view. 

Attached Files

• Image may be NSFW.
  Clik here to view. TLS13Sim.zip (10.3 KB)