IETF Logo Mail Archive

Re: [TLS] Transcript-Hash during Handshake

Andrei Popov <Andrei.Popov@microsoft.com> Thu, 23 November 2017 19:42 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17AE6126DFE for <tls@ietfa.amsl.com>; Thu, 23 Nov 2017 11:42:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fHWUMswVV4Lf for <tls@ietfa.amsl.com>; Thu, 23 Nov 2017 11:42:13 -0800 (PST)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0099.outbound.protection.outlook.com [104.47.34.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C67DA120724 for <tls@ietf.org>; Thu, 23 Nov 2017 11:42:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=58YHeyFZNwTtN+Gd4SxmVr4OkTb2W2oRpfHJKLEnXig=; b=DIptIrP7Htxf5m+kveBL2el8y1wh1/03y6lrd9t9VsLLaPoggkihk2uSL+/ZeCXH+AT/7LPqh8EYxdzNotzP4w0C1TP0OoZoNJQdJ9jPwS3R3ZfGb11ywDwpYT5GY05GL3lC5iHC7J34DmLP1Eckr5JgB3ktCfx0L3uqbjiCbxg=
Received: from CY4PR21MB0120.namprd21.prod.outlook.com (10.173.189.14) by CY4PR21MB0166.namprd21.prod.outlook.com (10.173.192.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.3; Thu, 23 Nov 2017 19:42:12 +0000
Received: from CY4PR21MB0120.namprd21.prod.outlook.com ([10.173.189.14]) by CY4PR21MB0120.namprd21.prod.outlook.com ([10.173.189.14]) with mapi id 15.20.0260.003; Thu, 23 Nov 2017 19:42:12 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Peter Wu <peter@lekensteyn.nl>, "Le Van Gong, Hubert" <hubert@levangong.org>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Transcript-Hash during Handshake
Thread-Index: AQHTY0NdZhue01kvP0GuzyEZJSYmNaMfxf+AgAKUW4A=
Date: Thu, 23 Nov 2017 19:42:12 +0000
Message-ID: <CY4PR21MB012013A8387575C18CB117D58C210@CY4PR21MB0120.namprd21.prod.outlook.com>
References: <94ced158-63b1-e7a3-024c-44d1149e7202@levangong.org> <20171122035915.GD18321@al>
In-Reply-To: <20171122035915.GD18321@al>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:3::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0166; 6:dRgKSFU5sIz91yrA8lxI1zLdR+L2pd1bUjWzbeFKriXihZnU78n4/KPzL2XFs74RdJK1MZfw8NN3H6ncpB+qkKtsy3uh199EOBfpJ4grKJFztGkzmc8VjAkEq5zNFkL1HBwueoYtPiyafbRsZmcLKFoLQJ/FA1ia4gs4kKVK7RqG26lulYZ3v5m2cfFw/MWo4L7weAB9qfBZy7RIqGn3n9yjomvzPwNVVNu3GMETXVnlc5DHZ7sdPBBuLYPafqGOADEH76UIhwsPaRKWeW5q8jHS6Edf2m5+wDFRqvWqPHAFLNjElykfzG8W9vE6ePNYEygWOflD/wtoKIV+w6U0BCnMBsSwB05ZDRinVyuN4D4=; 5:mzZeHvqV2t9cswzkklER/g0Hvlk6wCUNPnPtjqBPMZoCrhfkQ/GU5XSSjo7B6xjSwMN0HYXWGQ/5OpVQJDWD/nQOj1pO5jxk3H00n+rl/Ut+U4tKd+FnZGWUBdhP0uiYB2xvaprsFcIPUlzuvN7ZV4TPZuOm7SAU0VpNillYMw0=; 24:KcUfZOfcI/D+vQRn2EgSlVW3OBWHCaQtrp9NQXUcn85FnEParEgVYcHFNMavh80XhakcpCWdgKpiiyE/sKQtqJmmhaYwkAY8Z9L9WIXvgrQ=; 7:b6J1N3J4MDA2FAh4/4x7KM9xd97uDdgiKDnYt9MO+DAudb/07u+2ErbT+i6xZsHV/wR2rS7OQlCmPd6Ah0VX6nNwFHMKsTWMAjmYZ7HC/j+T/H3Qdexs9K/4BkynaZmwe1Dbq9lQBK0zMv+GTlhxRHKedKOezEJXlRMQyNYrmtWeAyWdY1PSwXIl6P/zdsG7KqfsY/ObO7lSDvsz+dtKhaz5SuYfmDe/dnxxYagjll8E+lgQ9t9Th+AvM1HmQVA6
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 8202de05-ce35-4ebf-d630-08d532aa4b00
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603258); SRVR:CY4PR21MB0166;
x-ms-traffictypediagnostic: CY4PR21MB0166:
x-microsoft-antispam-prvs: <CY4PR21MB01665528A65477D08B078FA98C210@CY4PR21MB0166.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(93006095)(93001095)(3231022)(10201501046)(6055026)(61426038)(61427038)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(20161123562025)(20161123560025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0166; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0166;
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(366004)(346002)(376002)(39860400002)(47760400005)(199003)(13464003)(24454002)(189002)(81156014)(8676002)(2906002)(81166006)(99286004)(2900100001)(53936002)(6246003)(105586002)(22452003)(102836003)(316002)(101416001)(7696005)(3660700001)(110136005)(97736004)(3280700002)(305945005)(86362001)(575784001)(189998001)(7736002)(6116002)(10090500001)(74316002)(86612001)(478600001)(966005)(72206003)(55016002)(53546010)(25786009)(4326008)(8990500004)(6436002)(10290500003)(14454004)(229853002)(76176999)(33656002)(68736007)(6306002)(9686003)(106356001)(50986999)(54356999)(6506006)(8936002)(77096006)(2950100002)(5660300001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0166; H:CY4PR21MB0120.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8202de05-ce35-4ebf-d630-08d532aa4b00
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 19:42:12.5405 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0166
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/AtaPlDjMIR8IiWxs6ig6ig4dnkQ>
Subject: Re: [TLS] Transcript-Hash during Handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 19:42:16 -0000

To confirm, TLSInnerPlaintext.type and TLSInnerPlaintext.zeros are not part of the handshake messages, and therefore are not included in the transcript hash?

Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Peter Wu
Sent: Tuesday, November 21, 2017 7:59 PM
To: Le Van Gong, Hubert <hubert@levangong.org>
Cc: tls@ietf.org
Subject: Re: [TLS] Transcript-Hash during Handshake

Hi Hubert,

On Tue, Nov 21, 2017 at 07:38:16PM -0800, Le Van Gong, Hubert wrote:
> Greetings,
> 
> Probably a trivial question but is the transcript hash (during 
> handhsake) calculated over decrypted versions of messages like 
> EncryptedExtensions or certificate or is it done over the raw/encrypted messages?
> I could not find an exact confirmation in the spec.

It covers the decrypted handshake messages, see
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-tls-tls13-21%23section-4.4.1&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C5f27ddaec3b4434c6d8c08d5315d6d6b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636469199703666199&sdata=KKJRCPF%2BNTbh0LGMZG2zRZQW9NK8tgeP1Ws07n4Wanc%3D&reserved=0

    This value is computed by hashing the concatenation
    of each included handshake message, including the handshake message
    header carrying the handshake message type and length fields, but not
    including record layer headers

(The only way to know the message type is to have it in cleartext.)
--
Kind regards,
Peter Wu
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flekensteyn.nl&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C5f27ddaec3b4434c6d8c08d5315d6d6b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636469199703666199&sdata=aRZZ0GYkqQEaHN1lsEXjAjetzsXgfnRiITpqulNoFYk%3D&reserved=0

_______________________________________________
TLS mailing list
TLS@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C5f27ddaec3b4434c6d8c08d5315d6d6b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636469199703666199&sdata=IDfdpwgg1JsBr%2BijxbZvRRzVVb5i5D3aIuEttiR0eDk%3D&reserved=0

v2.23.0 | Report a Bug | By Email