| < draft-thomson-tls-tls13-vectors-00.txt | draft-thomson-tls-tls13-vectors-01.txt > | |||
|---|---|---|---|---|
| HTTP M. Thomson | HTTP M. Thomson | |||
| Internet-Draft Mozilla | Internet-Draft Mozilla | |||
| Intended status: Standards Track October 28, 2016 | Intended status: Standards Track November 13, 2016 | |||
| Expires: May 1, 2017 | Expires: May 17, 2017 | |||
| Example Handshake Traces for TLS 1.3 | Example Handshake Traces for TLS 1.3 | |||
| draft-thomson-tls-tls13-vectors-00 | draft-thomson-tls-tls13-vectors-01 | |||
| Abstract | Abstract | |||
| Examples of TLS 1.3 handshakes are shown. Private keys and inputs | Examples of TLS 1.3 handshakes are shown. Private keys and inputs | |||
| are provided so that these handshakes might be reproduced. | are provided so that these handshakes might be reproduced. | |||
| Intermediate values, including secrets, traffic keys and ivs are | Intermediate values, including secrets, traffic keys and ivs are | |||
| shown so that implementations might be checked incrementally against | shown so that implementations might be checked incrementally against | |||
| these values. | these values. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 1, 2017. | This Internet-Draft will expire on May 17, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 10 ¶ | skipping to change at page 2, line 10 ¶ | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2 | 2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3 | 3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 14 | 4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 15 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 25 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 28 | |||
| 6. Normative References . . . . . . . . . . . . . . . . . . . . 25 | 6. Normative References . . . . . . . . . . . . . . . . . . . . 28 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 25 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 28 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 26 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 1. Introduction | 1. Introduction | |||
| TLS 1.3 [I-D.ietf-tls-tls13] defines a new key schedule and a number | TLS 1.3 [I-D.ietf-tls-tls13] defines a new key schedule and a number | |||
| new cryptographic operations. This document includes sample | new cryptographic operations. This document includes sample | |||
| handshakes that show all intermediate values. This allows an | handshakes that show all intermediate values. This allows an | |||
| implementation to be verified incrementally, examining inputs and | implementation to be verified incrementally, examining inputs and | |||
| outputs of each cryptographic computation independently. | outputs of each cryptographic computation independently. | |||
| Private keys are included with the traces so that implementations can | Private keys are included with the traces so that implementations can | |||
| be checked by importing these values and verifying that the same | be checked by importing these values and verifying that the same | |||
| outputs are produced. | outputs are produced. | |||
| Note: This version of the document shows vectors from version -16 of | ||||
| the draft. It will be updated when NSS is updated to -18 (real | ||||
| soon now). | ||||
| 2. Private Keys | 2. Private Keys | |||
| Ephemeral private keys are shown as they are generated in the traces. | Ephemeral private keys are shown as they are generated in the traces. | |||
| The server in most examples uses an RSA certificate with a private | The server in most examples uses an RSA certificate with a private | |||
| key of: | key of: | |||
| modulus (public): b4bb498f8279303d 980836399b36c698 8c0c68de55e1bdb8 | modulus (public): b4bb498f8279303d 980836399b36c698 8c0c68de55e1bdb8 | |||
| 26d3901a2461eafd 2de49a91d015abbc 9a95137ace6c1af1 | 26d3901a2461eafd 2de49a91d015abbc 9a95137ace6c1af1 | |||
| 9eaa6af98c7ced43 120998e187a80ee0 ccb0524b1b018c3e | 9eaa6af98c7ced43 120998e187a80ee0 ccb0524b1b018c3e | |||
| skipping to change at page 3, line 40 ¶ | skipping to change at page 3, line 38 ¶ | |||
| server is authenticated, but the client remains anonymous. After | server is authenticated, but the client remains anonymous. After | |||
| connecting, a few application data octets are exchanged. The server | connecting, a few application data octets are exchanged. The server | |||
| sends a session ticket that permits the use of 0-RTT in any resumed | sends a session ticket that permits the use of 0-RTT in any resumed | |||
| session. | session. | |||
| Note: This example doesn't include the calculation of the exporter | Note: This example doesn't include the calculation of the exporter | |||
| secret. Support for that will be added to NSS soon. | secret. Support for that will be added to NSS soon. | |||
| {client} create an ephemeral x25519 key pair: | {client} create an ephemeral x25519 key pair: | |||
| private key (32 octets): 075e1d4503195c00 61e75a39738e7f88 | private key (32 octets): 03bd8bca70c19f65 7e897e366dbe21a4 | |||
| 08cdcceb84fc36ec aae01a327d05010b | 66e4924af6082dbd f573827bcdde5def | |||
| public key (32 octets): e122b20099cbe505 9a9bbe5880e02ed6 | public key (32 octets): 2a981db6cdd02a06 c1763102c9e74136 | |||
| 525d6f72f8f7afab b87a32dbe9e23022 | 5ac4e6f72b3176a6 bd6a3523d3ec0f4c | |||
| {client} send a ClientHello handshake message | {client} send a ClientHello handshake message | |||
| {client} send record: | {client} send record: | |||
| cleartext (250 octets): 010000f603034a77 2c764c3313f344b2 | cleartext (512 octets): 010001fc0303ce05 cfa3d92170cbc246 | |||
| f4fae943e816fe5a f3eac74809c21e2c 24989f3e8c520000 | 5cdc3e3a2f577f6e ac809361708ab244 b07d8fad86160000 | |||
| 3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 | 3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 | |||
| 27c014009eccaa00 3300320067003900 38006b0016001300 | 27c014009eccaa00 3300320067003900 38006b0016001300 | |||
| 9c002f003c003500 3d000a0005000401 00008f0000000b00 | 9c002f003c003500 3d000a0005000401 000195001500fc00 | |||
| 0900000673657276 6572ff0100010000 0a00140012001d00 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 1700180019010001 0101020103010400 0b00020100002300 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000280026002400 1d0020e122b20099 cbe5059a9bbe5880 | 0000000000000000 0000000000000000 0000000000000000 | |||
| e02ed6525d6f72f8 f7afabb87a32dbe9 e23022002b000706 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 7f1003030302000d 0020001e04030503 0603020308040805 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0806040105010601 0201040205020602 0202 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000b00 0900000673657276 | ||||
| 6572ff0100010000 0a00140012001d00 1700180019010001 | ||||
| 0101020103010400 0b00020100002300 0000280026002400 | ||||
| 1d00202a981db6cd d02a06c1763102c9 e741365ac4e6f72b | ||||
| 3176a6bd6a3523d3 ec0f4c002b000706 7f1203030302000d | ||||
| 0020001e04030503 0603020308040805 0806040105010601 | ||||
| 0201040205020602 0202002d00020101 | ||||
| ciphertext (255 octets): 16030100fa010000 f603034a772c764c | ciphertext (517 octets): 1603010200010001 fc0303ce05cfa3d9 | |||
| 3313f344b2f4fae9 43e816fe5af3eac7 4809c21e2c24989f | 2170cbc2465cdc3e 3a2f577f6eac8093 61708ab244b07d8f | |||
| 3e8c5200003e1301 13031302c02bc02f cca9cca8c00ac009 | ad861600003e1301 13031302c02bc02f cca9cca8c00ac009 | |||
| c013c023c027c014 009eccaa00330032 006700390038006b | c013c023c027c014 009eccaa00330032 006700390038006b | |||
| 00160013009c002f 003c0035003d000a 000500040100008f | 00160013009c002f 003c0035003d000a 0005000401000195 | |||
| 0000000b00090000 06736572766572ff 01000100000a0014 | 001500fc00000000 0000000000000000 0000000000000000 | |||
| 0012001d00170018 0019010001010102 01030104000b0002 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0100002300000028 00260024001d0020 e122b20099cbe505 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 9a9bbe5880e02ed6 525d6f72f8f7afab b87a32dbe9e23022 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 002b0007067f1003 030302000d002000 1e04030503060302 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0308040805080604 0105010601020104 02050206020202 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | ||||
| {server} create an ephemeral x25519 key pair: | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | ||||
| private key (32 octets): 06730e3ab71702bc 322472986e421ba2 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 320db29fb0c67d7a 1bf21a4f06c9f115 | 0000000000000000 0000000000000000 0000000b00090000 | |||
| 06736572766572ff 01000100000a0014 0012001d00170018 | ||||
| public key (32 octets): e2816da24ed31838 bd876b0a344b2793 | 0019010001010102 01030104000b0002 0100002300000028 | |||
| dead2350adda23fb 5193787ae608f647 | 00260024001d0020 2a981db6cdd02a06 c1763102c9e74136 | |||
| 5ac4e6f72b3176a6 bd6a3523d3ec0f4c 002b0007067f1203 | ||||
| 030302000d002000 1e04030503060302 0308040805080604 | ||||
| 0105010601020104 0205020602020200 2d00020101 | ||||
| {server} extract secret "early": | {server} extract secret "early": | |||
| salt (0 octets): (empty) | salt (0 octets): (empty) | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| {server} create an ephemeral x25519 key pair: | ||||
| private key (32 octets): 0cc3d0a7806ef6bc df69be30c6855597 | ||||
| 7b51e0f5edbf1d1c c7b28eead93b34b4 | ||||
| public key (32 octets): 9c1b0a7421919a73 cb57b3a0ad9d6805 | ||||
| 861a9c47e11df863 9d25323b79ce201c | ||||
| {server} send a ServerHello handshake message | {server} send a ServerHello handshake message | |||
| {server} extract secret "handshake": | {server} extract secret "handshake": | |||
| salt (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | salt (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| ikm (32 octets): ad602096bc9ed914 61b83c950382a9d4 | ikm (32 octets): 0dfa4c5e11a6f606 d4b75f138412d85a | |||
| 1829059264f563a1 59c87cec790b0333 | 4b2da0d5f981ffc1 d2e8ceff2e00a12c | |||
| secret (32 octets): b75d555586220fea 3e6eb1e1243c8f7e | secret (32 octets): 1b3f45dcdc375a9a e91bf34d669f24c7 | |||
| 20e5af8cee1799e0 31b7efefff43c8b1 | 53132f1d394553af bfffe6568a27e22c | |||
| {server} derive secret "client handshake traffic secret": | {server} derive secret "client handshake traffic secret": | |||
| handshake hash (64 octets): 48d89c6276fa205b 0eb068ac122fb05b | PRK (32 octets): 1b3f45dcdc375a9a e91bf34d669f24c7 | |||
| 1e010350db32eae9 59cbe6addf25a67e 66687aadf862bd77 | 53132f1d394553af bfffe6568a27e22c | |||
| 6c8fc18b8e9f8e20 089714856ee233b3 902a591d0d5f2925 | ||||
| PRK (32 octets): b75d555586220fea 3e6eb1e1243c8f7e | handshake hash (32 octets): 79027f438271dba2 d8e207b6e36a5180 | |||
| 20e5af8cee1799e0 31b7efefff43c8b1 | bdd916869ab43f24 f2e2fa98b2db135c | |||
| info (108 octets): 002028544c532031 2e332c20636c6965 | info (76 octets): 002028544c532031 2e332c20636c6965 | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | 6e742068616e6473 68616b6520747261 6666696320736563 | |||
| 7265744048d89c62 76fa205b0eb068ac 122fb05b1e010350 | 7265742079027f43 8271dba2d8e207b6 e36a5180bdd91686 | |||
| db32eae959cbe6ad df25a67e66687aad f862bd776c8fc18b | 9ab43f24f2e2fa98 b2db135c | |||
| 8e9f8e2008971485 6ee233b3902a591d 0d5f2925 | ||||
| output (32 octets): 7f9ee8ff500bdb58 6780934edddd288e | output (32 octets): f737c2b29be2ef48 9d145dd3df485103 | |||
| 1600a2083ab2ece6 0dc339845e158678 | 86e812edcf799925 27e9ad5479967193 | |||
| {server} derive secret "server handshake traffic secret": | {server} derive secret "server handshake traffic secret": | |||
| handshake hash (64 octets): 48d89c6276fa205b 0eb068ac122fb05b | PRK (32 octets): 1b3f45dcdc375a9a e91bf34d669f24c7 | |||
| 1e010350db32eae9 59cbe6addf25a67e 66687aadf862bd77 | 53132f1d394553af bfffe6568a27e22c | |||
| 6c8fc18b8e9f8e20 089714856ee233b3 902a591d0d5f2925 | ||||
| PRK (32 octets): b75d555586220fea 3e6eb1e1243c8f7e | handshake hash (32 octets): 79027f438271dba2 d8e207b6e36a5180 | |||
| 20e5af8cee1799e0 31b7efefff43c8b1 | bdd916869ab43f24 f2e2fa98b2db135c | |||
| info (108 octets): 002028544c532031 2e332c2073657276 | info (76 octets): 002028544c532031 2e332c2073657276 | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | 65722068616e6473 68616b6520747261 6666696320736563 | |||
| 7265744048d89c62 76fa205b0eb068ac 122fb05b1e010350 | 7265742079027f43 8271dba2d8e207b6 e36a5180bdd91686 | |||
| db32eae959cbe6ad df25a67e66687aad f862bd776c8fc18b | 9ab43f24f2e2fa98 b2db135c | |||
| 8e9f8e2008971485 6ee233b3902a591d 0d5f2925 | ||||
| output (32 octets): d7fa33c70916f980 d2097d211158c6dc | output (32 octets): 3550ca3a8c219272 9cc385313e3bc832 | |||
| b3aaa9899cfe0acf 10bc5334d9083866 | 92a14f4ecb3d2b92 18ea7907c67ab3a7 | |||
| {server} extract secret "master": | {server} extract secret "master": | |||
| salt (32 octets): b75d555586220fea 3e6eb1e1243c8f7e | salt (32 octets): 1b3f45dcdc375a9a e91bf34d669f24c7 | |||
| 20e5af8cee1799e0 31b7efefff43c8b1 | 53132f1d394553af bfffe6568a27e22c | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): 6304ef9c9685cfd5 940af49d657cc6b8 | secret (32 octets): cab4645a3995d0d8 5bea9942596284e7 | |||
| 942889b94a4fafef b0d3f181c440028c | 2058a3d4d8f3e0d9 885aa92c517ad9e4 | |||
| {server} send record: | {server} derive write traffic keys using label "handshake data": | |||
| cleartext (86 octets): 020000527f102ac7 df3c5e246509294f | PRK (32 octets): 3550ca3a8c219272 9cc385313e3bc832 | |||
| 5cd617339959743c 8d34c0f28b6f3c57 c02e77014b901301 | 92a14f4ecb3d2b92 18ea7907c67ab3a7 | |||
| 002c000d00000028 0024001d0020e281 6da24ed31838bd87 | ||||
| 6b0a344b2793dead 2350adda23fb5193 787ae608f647 | ||||
| ciphertext (91 octets): 1603010056020000 527f102ac7df3c5e | key info (16 octets): 00100c544c532031 2e332c206b657900 | |||
| 246509294f5cd617 339959743c8d34c0 f28b6f3c57c02e77 | ||||
| 014b901301002c00 0d00000028002400 1d0020e2816da24e | ||||
| d31838bd876b0a34 4b2793dead2350ad da23fb5193787ae6 08f647 | ||||
| {server} derive write traffic keys using label "handshake key | key output (16 octets): d2dd45f87ad87801 a85ac38187f9023b | |||
| expansion": | ||||
| PRK (32 octets): d7fa33c70916f980 d2097d211158c6dc | iv info (15 octets): 000c0b544c532031 2e332c20697600 | |||
| b3aaa9899cfe0acf 10bc5334d9083866 | ||||
| key info (41 octets): 001025544c532031 2e332c2068616e64 | iv output (12 octets): f0a14f808692cef8 7a3daf70 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c206b6579 00 | ||||
| key output (16 octets): d9e91353d9fc4516 3218909ab937fddb | {server} send record: | |||
| iv info (40 octets): 000c24544c532031 2e332c2068616e64 | cleartext (82 octets): 0200004e7f1220b9 c9201cd171a15abb | |||
| 7368616b65206b65 7920657870616e73 696f6e2c20697600 | a4e7eddcf3e8488e 7192ffe01ea5c19f 3d4b52ffeebe1301 | |||
| 002800280024001d 00209c1b0a742191 9a73cb57b3a0ad9d | ||||
| 6805861a9c47e11d f8639d25323b79ce 201c | ||||
| iv output (12 octets): 7c880c98fe14487b aec110ee | ciphertext (87 octets): 1603010052020000 4e7f1220b9c9201c | |||
| d171a15abba4e7ed dcf3e8488e7192ff e01ea5c19f3d4b52 | ||||
| ffeebe1301002800 280024001d00209c 1b0a7421919a73cb | ||||
| 57b3a0ad9d680586 1a9c47e11df8639d 25323b79ce201c | ||||
| {server} send a EncryptedExtensions handshake message | {server} send a EncryptedExtensions handshake message | |||
| {server} send a Certificate handshake message | {server} send a Certificate handshake message | |||
| {server} send a CertificateVerify handshake message | {server} send a CertificateVerify handshake message | |||
| {server} calculate finished: | ||||
| PRK (32 octets): 3550ca3a8c219272 9cc385313e3bc832 | ||||
| 92a14f4ecb3d2b92 18ea7907c67ab3a7 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 1ba8c586468bb93d cd9264e62929e77d | ||||
| eba36e5bfc5e06ad 029f667448e5e6c8 | ||||
| {server} send a Finished handshake message | {server} send a Finished handshake message | |||
| {server} send record: | {server} send record: | |||
| cleartext (649 octets): 0800001e001c000a 00140012001d0017 | cleartext (651 octets): 0800001e001c000a 00140012001d0017 | |||
| 0018001901000101 0102010301040000 00000b0001b70000 | 0018001901000101 0102010301040000 00000b0001b90000 | |||
| 01b30001b0308201 ac30820115a00302 0102020102300d06 | 01b50001b0308201 ac30820115a00302 0102020102300d06 | |||
| 092a864886f70d01 010b0500300e310c 300a060355040313 | 092a864886f70d01 010b0500300e310c 300a060355040313 | |||
| 03727361301e170d 3136303733303031 323335395a170d32 | 03727361301e170d 3136303733303031 323335395a170d32 | |||
| 3630373330303132 3335395a300e310c 300a060355040313 | 3630373330303132 3335395a300e310c 300a060355040313 | |||
| 0372736130819f30 0d06092a864886f7 0d01010105000381 | 0372736130819f30 0d06092a864886f7 0d01010105000381 | |||
| 8d00308189028181 00b4bb498f827930 3d980836399b36c6 | 8d00308189028181 00b4bb498f827930 3d980836399b36c6 | |||
| 988c0c68de55e1bd b826d3901a2461ea fd2de49a91d015ab | 988c0c68de55e1bd b826d3901a2461ea fd2de49a91d015ab | |||
| bc9a95137ace6c1a f19eaa6af98c7ced 43120998e187a80e | bc9a95137ace6c1a f19eaa6af98c7ced 43120998e187a80e | |||
| e0ccb0524b1b018c 3e0b63264d449a6d 38e22a5fda430846 | e0ccb0524b1b018c 3e0b63264d449a6d 38e22a5fda430846 | |||
| 748030530ef0461c 8ca9d9efbfae8ea6 d1d03e2bd193eff0 | 748030530ef0461c 8ca9d9efbfae8ea6 d1d03e2bd193eff0 | |||
| ab9a8002c47428a6 d35a8d88d79f7f1e 3f0203010001a31a | ab9a8002c47428a6 d35a8d88d79f7f1e 3f0203010001a31a | |||
| 301830090603551d 1304023000300b06 03551d0f04040302 | 301830090603551d 1304023000300b06 03551d0f04040302 | |||
| 05a0300d06092a86 4886f70d01010b05 000381810085aad2 | 05a0300d06092a86 4886f70d01010b05 000381810085aad2 | |||
| a0e5b9276b908c65 f73a7267170618a5 4c5f8a7b337d2df7 | a0e5b9276b908c65 f73a7267170618a5 4c5f8a7b337d2df7 | |||
| a594365417f2eae8 f8a58c8f8172f931 9cf36b7fd6c55b80 | a594365417f2eae8 f8a58c8f8172f931 9cf36b7fd6c55b80 | |||
| f21a030151567260 96fd335e5e67f2db f102702e608ccae6 | f21a030151567260 96fd335e5e67f2db f102702e608ccae6 | |||
| bec1fc63a42a99be 5c3eb7107c3c54e9 b9eb2bd5203b1c3b | bec1fc63a42a99be 5c3eb7107c3c54e9 b9eb2bd5203b1c3b | |||
| 84e0a8b2f759409b a3eac9d91d402dcc 0cc8f8961229ac91 | 84e0a8b2f759409b a3eac9d91d402dcc 0cc8f8961229ac91 | |||
| 87b42b4de10f0000 840804008050421a 381f73d2f29ad569 | 87b42b4de100000f 0000840804008013 4e22eac57321ab47 | |||
| 3f93bc456fd7024f 189b98ddb73be484 0509b16ba4e91973 | db6b38b2992cec2d d79bd065a034a9af 6b9e3d03475e4309 | |||
| 156e97328919568f 6458edae49c0620a 636fb689f53d3eea | e6523ccdf055453f b480804a3a7e9962 29eb28e734f6702b | |||
| 3b6474ba54b2f851 b0ca038bbd1b603e c0a337526fb47ff6 | ea2b32149899ac04 3a4b44468197868d a77147ce9f73c054 | |||
| fd2fdebbfd81a8a4 5da64b115175c243 76c48fbb9fe5e30f | 3c4e3fc33e306cac 8506faa80a959c5f 1edccbee76eda1ad | |||
| be81dce81afc8d33 1b4ec72487f58701 ce979ece6e140000 | 7a4fa440de35dcb8 7e82ec94e8725355 ce7507713a609e14 | |||
| 2005729a74d99f80 61a1e0d75f6d5cef 88d26fa95661aa81 | 0000207304bb7332 1f01b71dd94622fa e98daf634490d220 | |||
| db6cc2bf99a25b75 07 | e4c8f3ffa2559911 a56e51 | |||
| ciphertext (671 octets): 170301029aca54b6 a40203d951b0d14f | ciphertext (673 octets): 170301029c40ae92 071a3a548b26af31 | |||
| 9573fc3b918db939 fe3b7d8d1ca90163 870a9fa0687b7451 | e116dfc0ba454921 0b17e70da16cfbda 9ccdad844d94264a | |||
| 96893091919525a3 586bebddc81d0c64 14ad78a337af2dde | 9ae65b786b3eaf0d e20aa89c6babb448 b6f32d07f2335842 | |||
| 585361126008e5a3 1c377c05056cd994 7fc8682a0d4e12cf | 96eefe19316bd979 659472ee8567cb01 d70b0366cddb3c60 | |||
| eee9b2ba99b7fc6b d7ec8a167be1c675 26395c8486d00ea9 | eb9e1d789a3691dc 254c14de73f4f201 00504544ce184d44 | |||
| b704c6776847d3e2 f5e80a014593116a 8e317aab896a9c24 | 547e124b1f18303b 4859f8f2e2b04423 d23a866b43866374 | |||
| 757069f0a627882f 291dc6c5ad46520c 1c9ddc40ca6c1632 | d54af41649d25f4a 3ec2cecd5d4e6de1 b24953440b46fbb7 | |||
| c38f7d0b6e0e6b56 3094a14ee9da6862 a470d2335e3afcd8 | 4c1dbec6fbb1f16b c21d4aa0e1e936a4 9c07127e19719bc6 | |||
| 146be77ef8477c78 b54bdfeb847dffae ac6a41ce697674a9 | 52a2f0b7f8df4a15 0b2b3c9e9e353d6e d101970ddc611aba | |||
| 24f24006aae67391 bcdc6298a4c267c5 71ba244f92c039fe | d0632c6793f9379c 9d06846c311fcbd6 f85edd569b8782c4 | |||
| 9bbc2ca94d199e20 3b45f6a3f90acbe9 0f48a18c28a2cdfb | c5f62294c4611ae6 0f83230a53aa95e3 bcbed204f19a7a1d | |||
| 3aa376a2d4e8d131 6fae0dee5b0c6317 3726c02c63ad7513 | b83c0fbfec1edd2c 17498fa7b5aa2321 248a92592d891e49 | |||
| 2af36f10c49c33f9 228b8d17abdfd7c2 db649bbb05309095 | 47df6bcef52f4481 797d032ad332046a 384abece6454b3e3 | |||
| 5b71294b9405bec9 f02121a2826de9e3 ed606f92c6a98290 | 56d7249bfa569679 3c7f7d3048dc87fa 7409a4691887caaf | |||
| 7aae17417e75af9f 8f8d20b15623647d 951e4c7e9a0f9423 | 0982c402b902d699 f62dc4d5e153f13e 8589e4a6206c7f74 | |||
| 7a7080b1c50a7d1f ff5a9e827674e02e ca0732f6cbad41d5 | eb26ddefbb92309f b753decfea972dec 7de02eda9c6d26ac | |||
| 021fdf33ca1140fc 37b2f9f92b93c12e f32f1199864c9acc | d7be53a8aa20f1a9 3f082ae6eb927a6a 1b7bd9153551aedf | |||
| c1db416403a51f71 a8a12174cf0fcb96 d7c8301f405bd35f | af94f61dd4cb9355 ad7ab09f615d9f92 c21712c732c0e7e1 | |||
| a454167f27191885 b62a38e9a8610dba 8a12a63ff6ab3ff8 | 17797f38cbdc184e 3a65e15a89f46cb3 624f5fdb8dbbd275 | |||
| 6475fced4bf26460 bd47d5e3a9fc96c8 1a5b95b9710cd699 | f2c8492f8d95bdbd 8d1dc1b9f21107bd 433acbbac247239c | |||
| eb34255fa528d061 4cbd9acac2966635 dea58e1c3174de8b | 073a2f24a4a9f807 4f325f277d579b6b ff0269ff19aed380 | |||
| 46e66cb09a9f0f56 d7fb01e7cbaf3e91 d565482bf1caf6c2 | 9a9ddd21dd29c136 3c9dc44812dd41d2 111f9c2e8342046c | |||
| b6ad6f405c444f6a 9f12b7a26ce59aa9 594fa88319133bcb | 14133b853262676f 15e94de18660e04a e5c0c661ea43559a | |||
| 45fb6808116bb185 f284663cb7a93cf3 7abf77869c29bed6 | f5842e161c83dd29 f64508b2ec3e635a 2134fc0e1a39d3ec | |||
| 531355b921def46c 10a307248deaa5c3 7698d9fa582e9d8a | b51dcddfcf8382c8 8ffe2a737842ad1d e7fe505b6c4d1673 | |||
| dd76bb66a12464a2 593a2f36097bd279 a9d2a33611c835fc | 870f6fc2a0f2f797 2acaee368a1599d6 4ba18798f10333f9 | |||
| b66c47a2d6274f02 9f1dae41075ff72d c490b460e16ce7c0 | 779bd5b05f9b084d 03dab2f3d80c2eb7 4ec70c9866ea31c1 | |||
| 0372cb171c318825 15be0cf49954228b 07ca8df5f1afaeac | 8b491cd597aae3e9 41205fcc38a3a10c e8c0269f02ccc9c5 | |||
| 824a3901f46ba0 | 1278e25f1a0f0731 a9 | |||
| {server} derive secret "client application traffic secret": | {server} derive secret "client application traffic secret": | |||
| handshake hash (64 octets): ff0df9baa81cb6f3 63c49c82a47d1760 | PRK (32 octets): cab4645a3995d0d8 5bea9942596284e7 | |||
| a4f8f3a3ff5e5bc0 908ed79828a2307b 66687aadf862bd77 | 2058a3d4d8f3e0d9 885aa92c517ad9e4 | |||
| 6c8fc18b8e9f8e20 089714856ee233b3 902a591d0d5f2925 | ||||
| PRK (32 octets): 6304ef9c9685cfd5 940af49d657cc6b8 | handshake hash (32 octets): 16756399da565370 337a4ede5774b9e6 | |||
| 942889b94a4fafef b0d3f181c440028c | 0bf328086272dc39 3b8b1d8ba6e6ebbb | |||
| info (110 octets): 00202a544c532031 2e332c20636c6965 | info (78 octets): 00202a544c532031 2e332c20636c6965 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | 6e74206170706c69 636174696f6e2074 7261666669632073 | |||
| 656372657440ff0d f9baa81cb6f363c4 9c82a47d1760a4f8 | 6563726574201675 6399da565370337a 4ede5774b9e60bf3 | |||
| f3a3ff5e5bc0908e d79828a2307b6668 7aadf862bd776c8f | 28086272dc393b8b 1d8ba6e6ebbb | |||
| c18b8e9f8e200897 14856ee233b3902a 591d0d5f2925 | ||||
| output (32 octets): 97e11121ec208603 baf556083a0846a7 | output (32 octets): 2a1d25e6f9f13f92 e4b482fa06bc4447 | |||
| d3865e129dfd431e f58ed67ef3294ea0 | 1218368d2d4e03e0 504d4e342b16ff8f | |||
| {server} derive secret "server application traffic secret": | {server} derive secret "server application traffic secret": | |||
| handshake hash (64 octets): ff0df9baa81cb6f3 63c49c82a47d1760 | PRK (32 octets): cab4645a3995d0d8 5bea9942596284e7 | |||
| a4f8f3a3ff5e5bc0 908ed79828a2307b 66687aadf862bd77 | 2058a3d4d8f3e0d9 885aa92c517ad9e4 | |||
| 6c8fc18b8e9f8e20 089714856ee233b3 902a591d0d5f2925 | ||||
| PRK (32 octets): 6304ef9c9685cfd5 940af49d657cc6b8 | handshake hash (32 octets): 16756399da565370 337a4ede5774b9e6 | |||
| 942889b94a4fafef b0d3f181c440028c | 0bf328086272dc39 3b8b1d8ba6e6ebbb | |||
| info (110 octets): 00202a544c532031 2e332c2073657276 | info (78 octets): 00202a544c532031 2e332c2073657276 | |||
| 6572206170706c69 636174696f6e2074 7261666669632073 | 6572206170706c69 636174696f6e2074 7261666669632073 | |||
| 656372657440ff0d f9baa81cb6f363c4 9c82a47d1760a4f8 | 6563726574201675 6399da565370337a 4ede5774b9e60bf3 | |||
| f3a3ff5e5bc0908e d79828a2307b6668 7aadf862bd776c8f | 28086272dc393b8b 1d8ba6e6ebbb | |||
| c18b8e9f8e200897 14856ee233b3902a 591d0d5f2925 | ||||
| output (32 octets): 99ad63e5f7e3fd34 ac5e25c72d40ccb2 | output (32 octets): 56231ff04300e7f7 4964da88c8bbdf12 | |||
| 0d00b15ac72af67d 45f51b58af21bb6b | 42a31ade351ce974 46598d28632e79ca | |||
| {server} derive write traffic keys using label "application data key | {server} derive secret "exporter master secret": | |||
| expansion": | ||||
| PRK (32 octets): 99ad63e5f7e3fd34 ac5e25c72d40ccb2 | PRK (32 octets): cab4645a3995d0d8 5bea9942596284e7 | |||
| 0d00b15ac72af67d 45f51b58af21bb6b | 2058a3d4d8f3e0d9 885aa92c517ad9e4 | |||
| key info (48 octets): 00102c544c532031 2e332c206170706c | handshake hash (32 octets): 16756399da565370 337a4ede5774b9e6 | |||
| 69636174696f6e20 64617461206b6579 20657870616e7369 | 0bf328086272dc39 3b8b1d8ba6e6ebbb | |||
| 6f6e2c206b657900 | ||||
| key output (16 octets): 6169499247a881de 7229cd410dc39148 | info (67 octets): 00201f544c532031 2e332c206578706f | |||
| 72746572206d6173 7465722073656372 65742016756399da | ||||
| 565370337a4ede57 74b9e60bf3280862 72dc393b8b1d8ba6 e6ebbb | ||||
| iv info (47 octets): 000c2b544c532031 2e332c206170706c | output (32 octets): 407265d811f66c24 30de0832fbc4bd25 | |||
| 69636174696f6e20 64617461206b6579 20657870616e7369 | 719a4736301f1312 98fd9107653a78f2 | |||
| 6f6e2c20697600 | ||||
| iv output (12 octets): e9a71b94ce8a906f 80318b27 | {server} derive write traffic keys using label "application data": | |||
| {server} derive read traffic keys using label "handshake key | PRK (32 octets): 56231ff04300e7f7 4964da88c8bbdf12 | |||
| expansion": | 42a31ade351ce974 46598d28632e79ca | |||
| PRK (32 octets): 7f9ee8ff500bdb58 6780934edddd288e | key info (16 octets): 00100c544c532031 2e332c206b657900 | |||
| 1600a2083ab2ece6 0dc339845e158678 | ||||
| key info (41 octets): 001025544c532031 2e332c2068616e64 | key output (16 octets): 3381f6b3f94500f1 6226de440193e858 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c206b6579 00 | ||||
| key output (16 octets): 3d44490aa0bf7393 15c50de02eb3675b | iv info (15 octets): 000c0b544c532031 2e332c20697600 | |||
| iv info (40 octets): 000c24544c532031 2e332c2068616e64 | iv output (12 octets): 4f1d73cc1d465eb3 0021c41f | |||
| 7368616b65206b65 7920657870616e73 696f6e2c20697600 | ||||
| iv output (12 octets): 82decae60afb84cb 6692e045 | {server} derive read traffic keys using label "handshake data": | |||
| PRK (32 octets): f737c2b29be2ef48 9d145dd3df485103 | ||||
| 86e812edcf799925 27e9ad5479967193 | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | ||||
| key output (16 octets): 40e1201d75d41962 7f04c88530a15c9d | ||||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | ||||
| iv output (12 octets): a0f073f3b35e18f9 6969696b | ||||
| {client} extract secret "early": | {client} extract secret "early": | |||
| salt (0 octets): (empty) | salt (0 octets): (empty) | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| {client} extract secret "handshake": | {client} extract secret "handshake": | |||
| salt (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | salt (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| ikm (32 octets): ad602096bc9ed914 61b83c950382a9d4 | ikm (32 octets): 0dfa4c5e11a6f606 d4b75f138412d85a | |||
| 1829059264f563a1 59c87cec790b0333 | 4b2da0d5f981ffc1 d2e8ceff2e00a12c | |||
| secret (32 octets): b75d555586220fea 3e6eb1e1243c8f7e | secret (32 octets): 1b3f45dcdc375a9a e91bf34d669f24c7 | |||
| 20e5af8cee1799e0 31b7efefff43c8b1 | 53132f1d394553af bfffe6568a27e22c | |||
| {client} derive secret "client handshake traffic secret": | {client} derive secret "client handshake traffic secret": | |||
| handshake hash (64 octets): 48d89c6276fa205b 0eb068ac122fb05b | PRK (32 octets): 1b3f45dcdc375a9a e91bf34d669f24c7 | |||
| 1e010350db32eae9 59cbe6addf25a67e 66687aadf862bd77 | 53132f1d394553af bfffe6568a27e22c | |||
| 6c8fc18b8e9f8e20 089714856ee233b3 902a591d0d5f2925 | ||||
| PRK (32 octets): b75d555586220fea 3e6eb1e1243c8f7e | handshake hash (32 octets): 79027f438271dba2 d8e207b6e36a5180 | |||
| 20e5af8cee1799e0 31b7efefff43c8b1 | bdd916869ab43f24 f2e2fa98b2db135c | |||
| info (108 octets): 002028544c532031 2e332c20636c6965 | info (76 octets): 002028544c532031 2e332c20636c6965 | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | 6e742068616e6473 68616b6520747261 6666696320736563 | |||
| 7265744048d89c62 76fa205b0eb068ac 122fb05b1e010350 | 7265742079027f43 8271dba2d8e207b6 e36a5180bdd91686 | |||
| db32eae959cbe6ad df25a67e66687aad f862bd776c8fc18b | 9ab43f24f2e2fa98 b2db135c | |||
| 8e9f8e2008971485 6ee233b3902a591d 0d5f2925 | ||||
| output (32 octets): 7f9ee8ff500bdb58 6780934edddd288e | output (32 octets): f737c2b29be2ef48 9d145dd3df485103 | |||
| 1600a2083ab2ece6 0dc339845e158678 | 86e812edcf799925 27e9ad5479967193 | |||
| {client} derive secret "server handshake traffic secret": | {client} derive secret "server handshake traffic secret": | |||
| handshake hash (64 octets): 48d89c6276fa205b 0eb068ac122fb05b | PRK (32 octets): 1b3f45dcdc375a9a e91bf34d669f24c7 | |||
| 1e010350db32eae9 59cbe6addf25a67e 66687aadf862bd77 | 53132f1d394553af bfffe6568a27e22c | |||
| 6c8fc18b8e9f8e20 089714856ee233b3 902a591d0d5f2925 | ||||
| PRK (32 octets): b75d555586220fea 3e6eb1e1243c8f7e | handshake hash (32 octets): 79027f438271dba2 d8e207b6e36a5180 | |||
| 20e5af8cee1799e0 31b7efefff43c8b1 | bdd916869ab43f24 f2e2fa98b2db135c | |||
| info (108 octets): 002028544c532031 2e332c2073657276 | info (76 octets): 002028544c532031 2e332c2073657276 | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | 65722068616e6473 68616b6520747261 6666696320736563 | |||
| 7265744048d89c62 76fa205b0eb068ac 122fb05b1e010350 | 7265742079027f43 8271dba2d8e207b6 e36a5180bdd91686 | |||
| db32eae959cbe6ad df25a67e66687aad f862bd776c8fc18b | 9ab43f24f2e2fa98 b2db135c | |||
| 8e9f8e2008971485 6ee233b3902a591d 0d5f2925 | ||||
| output (32 octets): d7fa33c70916f980 d2097d211158c6dc | output (32 octets): 3550ca3a8c219272 9cc385313e3bc832 | |||
| b3aaa9899cfe0acf 10bc5334d9083866 | 92a14f4ecb3d2b92 18ea7907c67ab3a7 | |||
| {client} extract secret "master" (same as server) | {client} extract secret "master" (same as server) | |||
| {client} derive read traffic keys using label "handshake key | {client} derive read traffic keys using label "handshake data": | |||
| expansion": | ||||
| PRK (32 octets): d7fa33c70916f980 d2097d211158c6dc | PRK (32 octets): 3550ca3a8c219272 9cc385313e3bc832 | |||
| b3aaa9899cfe0acf 10bc5334d9083866 | 92a14f4ecb3d2b92 18ea7907c67ab3a7 | |||
| key info (41 octets): 001025544c532031 2e332c2068616e64 | key info (16 octets): 00100c544c532031 2e332c206b657900 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c206b6579 00 | ||||
| key output (16 octets): d9e91353d9fc4516 3218909ab937fddb | key output (16 octets): d2dd45f87ad87801 a85ac38187f9023b | |||
| iv info (40 octets): 000c24544c532031 2e332c2068616e64 | ||||
| 7368616b65206b65 7920657870616e73 696f6e2c20697600 | ||||
| iv output (12 octets): 7c880c98fe14487b aec110ee | iv info (15 octets): 000c0b544c532031 2e332c20697600 | |||
| {client} derive write traffic keys using label "handshake key | iv output (12 octets): f0a14f808692cef8 7a3daf70 | |||
| expansion" (same as server read traffic keys) | ||||
| {client} calculate finished: | ||||
| PRK (32 octets): 3550ca3a8c219272 9cc385313e3bc832 | ||||
| 92a14f4ecb3d2b92 18ea7907c67ab3a7 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 1ba8c586468bb93d cd9264e62929e77d | ||||
| eba36e5bfc5e06ad 029f667448e5e6c8 | ||||
| {client} derive write traffic keys using label "handshake data" | ||||
| (same as server read traffic keys) | ||||
| {client} derive secret "client application traffic secret": | {client} derive secret "client application traffic secret": | |||
| handshake hash (64 octets): ff0df9baa81cb6f3 63c49c82a47d1760 | PRK (32 octets): cab4645a3995d0d8 5bea9942596284e7 | |||
| a4f8f3a3ff5e5bc0 908ed79828a2307b 66687aadf862bd77 | 2058a3d4d8f3e0d9 885aa92c517ad9e4 | |||
| 6c8fc18b8e9f8e20 089714856ee233b3 902a591d0d5f2925 | ||||
| PRK (32 octets): 6304ef9c9685cfd5 940af49d657cc6b8 | handshake hash (32 octets): 16756399da565370 337a4ede5774b9e6 | |||
| 942889b94a4fafef b0d3f181c440028c | 0bf328086272dc39 3b8b1d8ba6e6ebbb | |||
| info (110 octets): 00202a544c532031 2e332c20636c6965 | info (78 octets): 00202a544c532031 2e332c20636c6965 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | 6e74206170706c69 636174696f6e2074 7261666669632073 | |||
| 656372657440ff0d f9baa81cb6f363c4 9c82a47d1760a4f8 | 6563726574201675 6399da565370337a 4ede5774b9e60bf3 | |||
| f3a3ff5e5bc0908e d79828a2307b6668 7aadf862bd776c8f | 28086272dc393b8b 1d8ba6e6ebbb | |||
| c18b8e9f8e200897 14856ee233b3902a 591d0d5f2925 | ||||
| output (32 octets): 97e11121ec208603 baf556083a0846a7 | output (32 octets): 2a1d25e6f9f13f92 e4b482fa06bc4447 | |||
| d3865e129dfd431e f58ed67ef3294ea0 | 1218368d2d4e03e0 504d4e342b16ff8f | |||
| {client} derive secret "server application traffic secret" (same as | {client} derive secret "server application traffic secret": | |||
| server) | ||||
| {client} derive read traffic keys using label "application data key | PRK (32 octets): cab4645a3995d0d8 5bea9942596284e7 | |||
| expansion" (same as server write traffic keys) | 2058a3d4d8f3e0d9 885aa92c517ad9e4 | |||
| handshake hash (32 octets): 16756399da565370 337a4ede5774b9e6 | ||||
| 0bf328086272dc39 3b8b1d8ba6e6ebbb | ||||
| info (78 octets): 00202a544c532031 2e332c2073657276 | ||||
| 6572206170706c69 636174696f6e2074 7261666669632073 | ||||
| 6563726574201675 6399da565370337a 4ede5774b9e60bf3 | ||||
| 28086272dc393b8b 1d8ba6e6ebbb | ||||
| output (32 octets): 56231ff04300e7f7 4964da88c8bbdf12 | ||||
| 42a31ade351ce974 46598d28632e79ca | ||||
| {client} derive secret "exporter master secret" (same as server) | ||||
| {client} derive read traffic keys using label "application data" | ||||
| (same as server write traffic keys) | ||||
| {client} calculate finished: | ||||
| PRK (32 octets): f737c2b29be2ef48 9d145dd3df485103 | ||||
| 86e812edcf799925 27e9ad5479967193 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): ea2fe9596714c959 d1cdd8f8cd893b96 | ||||
| 6429ee678bc7105e a10e6b4c03e2425a | ||||
| {client} send a Finished handshake message | {client} send a Finished handshake message | |||
| {client} send record: | {client} send record: | |||
| cleartext (36 octets): 1400002066eb0ee7 18d53e225f390198 | cleartext (36 octets): 1400002078367856 d3c8cc4e0a95eb98 | |||
| cb11e509fa9b7a47 5631cc4bda677d8d 2cf83bcd | 906ca7a48bd3cc70 29f48bd4ae0dc91a b903ca89 | |||
| ciphertext (58 octets): 1703010035f3a571 37af8ee7be72190f | ciphertext (58 octets): 1703010035fa15e9 2daa21cd05d8f9c3 | |||
| b3e3597bd91f5d47 eae71f3f0ac738bf 27c3352d1994095a | 152a61748d9aaf04 9da559718e583f95 aacecad657b52a65 | |||
| bb3b0237762044b9 c792c6ba692dfe59 4354 | 62da09a5819e864d 86ac2989360a1eb2 2795 | |||
| {client} derive write traffic keys using label "application data key | {client} derive write traffic keys using label "application data": | |||
| expansion": | ||||
| PRK (32 octets): 97e11121ec208603 baf556083a0846a7 | PRK (32 octets): 2a1d25e6f9f13f92 e4b482fa06bc4447 | |||
| d3865e129dfd431e f58ed67ef3294ea0 | 1218368d2d4e03e0 504d4e342b16ff8f | |||
| key info (48 octets): 00102c544c532031 2e332c206170706c | key info (16 octets): 00100c544c532031 2e332c206b657900 | |||
| 69636174696f6e20 64617461206b6579 20657870616e7369 | ||||
| 6f6e2c206b657900 | ||||
| key output (16 octets): e49f80706175ac01 dbbf084bfb4c1e52 | key output (16 octets): eb23a804904b80ba 4fe8399e09b1ce42 | |||
| iv info (47 octets): 000c2b544c532031 2e332c206170706c | iv info (15 octets): 000c0b544c532031 2e332c20697600 | |||
| 69636174696f6e20 64617461206b6579 20657870616e7369 | ||||
| 6f6e2c20697600 | ||||
| iv output (12 octets): 371f77d48eafc897 7f2bc95a | iv output (12 octets): efa8c50c06b9c9b8 c483e174 | |||
| {client} derive secret "resumption master secret": | {client} derive secret "resumption master secret": | |||
| handshake hash (64 octets): 6565a715d091d3e9 b9459f063075589a | PRK (32 octets): cab4645a3995d0d8 5bea9942596284e7 | |||
| 2bc00ba70008cc8f 98aabc8e6820aca1 66687aadf862bd77 | 2058a3d4d8f3e0d9 885aa92c517ad9e4 | |||
| 6c8fc18b8e9f8e20 089714856ee233b3 902a591d0d5f2925 | ||||
| PRK (32 octets): 6304ef9c9685cfd5 940af49d657cc6b8 | handshake hash (32 octets): e74cc34c780d9562 b1b3e7321f2ebcb0 | |||
| 942889b94a4fafef b0d3f181c440028c | e6646246dbae060d 5d1335ac5f8db917 | |||
| info (101 octets): 002021544c532031 2e332c2072657375 | info (69 octets): 002021544c532031 2e332c2072657375 | |||
| 6d7074696f6e206d 6173746572207365 63726574406565a7 | 6d7074696f6e206d 6173746572207365 6372657420e74cc3 | |||
| 15d091d3e9b9459f 063075589a2bc00b a70008cc8f98aabc | 4c780d9562b1b3e7 321f2ebcb0e66462 46dbae060d5d1335 ac5f8db917 | |||
| 8e6820aca166687a adf862bd776c8fc1 8b8e9f8e20089714 | ||||
| 856ee233b3902a59 1d0d5f2925 | ||||
| output (32 octets): 39ba24cd46a6a039 92281635246613af | output (32 octets): 05438edfa0f6e663 0d7a9ffe81dc6773 | |||
| bf91ca4a3f0ec2c9 0aafd99c441f7b5e | 6d753a4ee351a79d 296975918b16039e | |||
| {server} derive read traffic keys using label "application data key | {server} calculate finished: | |||
| expansion" (same as client write traffic keys) | ||||
| {server} derive secret "resumption master secret" (same as client) | PRK (32 octets): f737c2b29be2ef48 9d145dd3df485103 | |||
| 86e812edcf799925 27e9ad5479967193 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): ea2fe9596714c959 d1cdd8f8cd893b96 | ||||
| 6429ee678bc7105e a10e6b4c03e2425a | ||||
| {server} derive read traffic keys using label "application data" | ||||
| (same as client write traffic keys) | ||||
| {server} derive secret "resumption master secret" (same as client) | ||||
| {server} send a SessionTicket handshake message | {server} send a SessionTicket handshake message | |||
| {server} send record: | {server} send record: | |||
| cleartext (170 octets): 040000a60002a300 0101010000924e53 | cleartext (170 octets): 040000a60002a300 4abe594b00924e53 | |||
| 53216ffddf432e46 e04edd3964cda3f3 50651903277c3a25 | 5321cadc96238da0 9caf9b02fecafdd6 5e3e418f03e43772 | |||
| 9ec4661515360050 cf3e329e2bd535a9 62d66cdcaa31777a | cf512ed806610050 3b1c08abbbf298a9 d138ce821dd12fe1 | |||
| 35f8cf6579f194fa d530346815c95bae a68f17c1573aa34c | 710e2137cd12e6a8 5cd3fd7f73706e7f 5dddefb87c1ef838 | |||
| 0b279ce1bfc02c4f f5fef1b022033911 78fadda4b941b657 | 24638464099c9d13 63e3c64ed2075c16 b8ccd8e524a6bbd7 | |||
| 72a1cf139ed70ae2 c178cbd80d5408bb 4e635422667e5d15 | a6a6e34ea1579782 b15bbe7dfed5c0c0 d980fb330f9d8ab2 | |||
| a4065d15687f3b80 9fc5a2682df6f538 57ba2c70cdfbe30a | 52ffe7be1277d418 b6828ead4dae3b30 d448442417ef76af | |||
| 00080001000492f5 741d | 0008002e00040002 0000 | |||
| ciphertext (192 octets): 17030100bb6e9e08 968779b20df43113 | ciphertext (192 octets): 17030100bb45a662 6fa13b66ce2c5b3e | |||
| ae8de08b64ce7399 8c5d172d7c35ead5 05828f494e9f9380 | f807e299a118296f 26a2dd9ec7487a06 73e2460d4c79f400 | |||
| 3d963a50899cd3a9 bf7c8d05c5b6ff31 6d7bd5276f34695c | 87dcd014c59c5137 9c90d26b4e4f9bb2 b78f5b6761594f01 | |||
| 62bd2ae07649b44e 561c892dbcec0e12 589fd86cd100e54a | 3ff3e4c78d836905 229eac811c4ef8b2 faa89867e9ffc586 | |||
| a454edf944bbb37f 471372176e3f42f0 d0743e718bd508a0 | f7f03c216591aa5e 620eac3c62dfe60f 846036bd7ecc4464 | |||
| 1ff4419853d85639 91deaadf7e8f6e87 dea06197a0bd5ee2 | b584af184e9644e9 4ee1d7834dba408a 51cbe4248004796e | |||
| 960a7c7d97354c46 039bb1053cc3bd64 6a4a631fa5dec790 | d9c558e0f5f96115 a6f6ba487e17d16a 2e20a3d3a650a9a0 | |||
| f54315dc613d24f8 49cb8173624056ce 837d602babdb6f03 | 70fb53d9da82864b 5621d77650bd0c79 47e9889917b53d05 | |||
| 7c10d4ff8c0d687c | 15627c72b0ded521 | |||
| {client} send record: | {client} send record: | |||
| cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | |||
| 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | |||
| 28292a2b2c2d2e2f 3031 | 28292a2b2c2d2e2f 3031 | |||
| ciphertext (72 octets): 1703010043b20a2d ed0ab1f75406210a | ciphertext (72 octets): 1703010043e30617 8ad97f74bb64f35e | |||
| 47c90bdc2005accd a938dea9d89ae18f e0d4ee831f31d30c | af3c39846b83aef8 472cbc9046749b81 a949dfb12cfbc65c | |||
| 22dfdf4cd54ef9b5 8d41175801c59f11 2174c4741262d95e | babd20ade92c1f94 4605892ceeb12fde e8a927bce77c8303 | |||
| ebce282c57885a6d | 6ac5a794a8f54a69 | |||
| {server} send record: | {server} send record: | |||
| cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | |||
| 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | |||
| 28292a2b2c2d2e2f 3031 | 28292a2b2c2d2e2f 3031 | |||
| ciphertext (72 octets): 1703010043f3ce38 bdf2d147bc67a732 | ciphertext (72 octets): 1703010043467d99 a807dbf778e6ffd8 | |||
| 86fd7aa19ab042fe 50a6de46fb66f9cd 205ccde487149928 | be52456c70665f89 0811ef2f3c495d5b be983feedab0c251 | |||
| f72e56ab2b345770 6a574fe3964ea45b 5f20ae76e33819f7 | dde596bc7e2b1359 09ec9f9166fb0152 e8c16a84e4b10392 | |||
| c54d7fdbb50bf7aa | 56467f9538be4463 | |||
| {client} send record: | {client} send record: | |||
| cleartext (2 octets): 0100 | cleartext (2 octets): 0100 | |||
| ciphertext (24 octets): 17030100136bdf60 847ba6fb650da36e | ||||
| ciphertext (24 octets): 1703010013d60d81 f25a39b000df86f5 | 872adc684a4af2e8 | |||
| 0a29f040ef22f42a | ||||
| {server} send record: | {server} send record: | |||
| cleartext (2 octets): 0100 | cleartext (2 octets): 0100 | |||
| ciphertext (24 octets): 1703010013b8ba60 16a056a597287382 | ciphertext (24 octets): 1703010013621b7c c1962cd8a70109fe | |||
| 226c61b64b545c87 | e68a52efedf87d2e | |||
| 4. Resumed 0-RTT Handshake | 4. Resumed 0-RTT Handshake | |||
| This handshake resumes from the handshake in Section 3. Since the | This handshake resumes from the handshake in Section 3. Since the | |||
| server provided a session ticket that permitted 0-RTT, and the client | server provided a session ticket that permitted 0-RTT, and the client | |||
| is configured for 0-RTT, the client is able to send 0-RTT data. | is configured for 0-RTT, the client is able to send 0-RTT data. | |||
| {client} create an ephemeral x25519 key pair: | {client} create an ephemeral x25519 key pair: | |||
| private key (32 octets): 01c5c60e33afeed5 a0f82c5e4ca515fa | private key (32 octets): 0944d93ff58c924f a9d8915d05ab99cb | |||
| 6ebcda9c7f50ee64 7414fa1c22728b03 | 48eb9d3c932710a6 e44feb46b1ded481 | |||
| public key (32 octets): 1206a37e316cf704 99d848efd024caaf | ||||
| c4b5050647f8aef2 27d81cf446082515 | ||||
| {client} send a ClientHello handshake message | public key (32 octets): 2c1a71f7cedf5fad 8e8433be7c85533a | |||
| 615a8d1140c8984d bfdf5391e18b4e74 | ||||
| {client} extract secret "early": | {client} extract secret "early": | |||
| salt (0 octets): (empty) | salt (0 octets): (empty) | |||
| ikm (32 octets): afdb6b1d2cc77780 d80026ca6d61b50e | ikm (32 octets): 05438edfa0f6e663 0d7a9ffe81dc6773 | |||
| d7facf76ffd647ae f5565bf072da5420 | 6d753a4ee351a79d 296975918b16039e | |||
| secret (32 octets): 50b55777d9078122 7376f3701a850c21 | secret (32 octets): 99853a47f018f8b2 123e742a14b06549 | |||
| 040983207b0c2469 9580e18ba29bd5f6 | 87fd96262ec8b893 e3dc5c087dc10f4f | |||
| {client} derive secret "client early traffic secret": | {client} derive secret "resumption psk binder key": | |||
| handshake hash (64 octets): 44dd22c46277ede3 eac3a2dc694d8cb4 | PRK (32 octets): 99853a47f018f8b2 123e742a14b06549 | |||
| 20504c75e9aa00ec 418b6ca7d5555b71 ffc65d93ccb7b739 | 87fd96262ec8b893 e3dc5c087dc10f4f | |||
| b3f1ba164a8c1893 4e069aa123889906 2188e39045f3d821 | ||||
| PRK (32 octets): 50b55777d9078122 7376f3701a850c21 | handshake hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | |||
| 040983207b0c2469 9580e18ba29bd5f6 | 27ae41e4649b934c a495991b7852b855 | |||
| info (104 octets): 002024544c532031 2e332c20636c6965 | info (70 octets): 002022544c532031 2e332c2072657375 | |||
| 6e74206561726c79 2074726166666963 2073656372657440 | 6d7074696f6e2070 736b2062696e6465 72206b657920e3b0 | |||
| 44dd22c46277ede3 eac3a2dc694d8cb4 20504c75e9aa00ec | c44298fc1c149afb f4c8996fb92427ae 41e4649b934ca495 991b7852b855 | |||
| 418b6ca7d5555b71 ffc65d93ccb7b739 b3f1ba164a8c1893 | ||||
| 4e069aa123889906 2188e39045f3d821 | ||||
| output (32 octets): af68f3b851db647a 50ccd03afb94d52e | output (32 octets): 1590d475bebda581 fd7d7008a92140d9 | |||
| 8f1349a66f56f54d 683ca3a9900ed295 | baf1b75bfcb7e033 a736591ecba7bb42 | |||
| {client} derive secret "early exporter master secret": | ||||
| PRK (32 octets): 99853a47f018f8b2 123e742a14b06549 | ||||
| 87fd96262ec8b893 e3dc5c087dc10f4f | ||||
| handshake hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | ||||
| 27ae41e4649b934c a495991b7852b855 | ||||
| info (73 octets): 002025544c532031 2e332c206561726c | ||||
| 79206578706f7274 6572206d61737465 7220736563726574 | ||||
| 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | ||||
| 4ca495991b7852b8 55 | ||||
| output (32 octets): 399ca522c8bdbd22 9a1db3f4f97632d4 | ||||
| 250ed6ecd5568419 6ba9953033956f94 | ||||
| {client} send a ClientHello handshake message | ||||
| {client} calculate finished: | ||||
| PRK (32 octets): 1590d475bebda581 fd7d7008a92140d9 | ||||
| baf1b75bfcb7e033 a736591ecba7bb42 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): fe36c444491b0082 e4683625da4dcadf | ||||
| 99aebd2dab5a1621 ae25542ec266d6a7 | ||||
| {client} send record: | {client} send record: | |||
| cleartext (512 octets): 010001fc030346bd 529e51ffb4df6f6b | cleartext (512 octets): 010001fc030302d2 254d2bde0890e202 | |||
| 99049413c1b719d7 be796c195f3ce005 4d2866c5dd370000 | 8ebb36a14a128bce bc498d9ebcc5eaf0 c1d258cc0a290000 | |||
| 3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 | 3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 | |||
| 27c014009eccaa00 3300320067003900 38006b0016001300 | 27c014009eccaa00 3300320067003900 38006b0016001300 | |||
| 9c002f003c003500 3d000a0005000401 0001950000000b00 | 9c002f003c003500 3d000a0005000401 0001950015003b00 | |||
| 0900000673657276 6572ff0100010000 0a00140012001d00 | ||||
| 1700180019010001 0101020103010400 0b00020100002800 | ||||
| 260024001d002012 06a37e316cf70499 d848efd024caafc4 | ||||
| b5050647f8aef227 d81cf44608251500 29009a0098010101 | ||||
| 0000924e5353216f fddf432e46e04edd 3964cda3f3506519 | ||||
| 03277c3a259ec466 1515360050cf3e32 9e2bd535a962d66c | ||||
| dcaa31777a35f8cf 6579f194fad53034 6815c95baea68f17 | ||||
| c1573aa34c0b279c e1bfc02c4ff5fef1 b02203391178fadd | ||||
| a4b941b65772a1cf 139ed70ae2c178cb d80d5408bb4e6354 | ||||
| 22667e5d15a4065d 15687f3b809fc5a2 682df6f53857ba2c | ||||
| 70cdfbe30a002a00 0492f5741d002b00 07067f1003030302 | ||||
| 000d0020001e0403 0503060302030804 0805080604010501 | ||||
| 0601020104020502 0602020200150060 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 00000000000b0009 0000067365727665 | |||
| 72ff01000100000a 00140012001d0017 0018001901000101 | ||||
| 010201030104000b 0002010000280026 0024001d00202c1a | ||||
| 71f7cedf5fad8e84 33be7c85533a615a 8d1140c8984dbfdf | ||||
| 5391e18b4e74002a 0000002b0007067f 1203030302000d00 | ||||
| 20001e0403050306 0302030804080508 0604010501060102 | ||||
| 0104020502060202 02002d0002010100 2900bd009800924e | ||||
| 535321cadc96238d a09caf9b02fecafd d65e3e418f03e437 | ||||
| 72cf512ed8066100 503b1c08abbbf298 a9d138ce821dd12f | ||||
| e1710e2137cd12e6 a85cd3fd7f73706e 7f5dddefb87c1ef8 | ||||
| 3824638464099c9d 1363e3c64ed2075c 16b8ccd8e524a6bb | ||||
| d7a6a6e34ea15797 82b15bbe7dfed5c0 c0d980fb330f9d8a | ||||
| b252ffe7be1277d4 18b6828ead4dae3b 30d448442417ef76 | ||||
| af4abe594b002120 56d264e68d59a053 7d872a47a2f0a72d | ||||
| 5051f1aa5dcbbc5d a1e43ec781580e0a | ||||
| ciphertext (517 octets): 1603010200010001 fc030346bd529e51 | ciphertext (517 octets): 1603010200010001 fc030302d2254d2b | |||
| ffb4df6f6b990494 13c1b719d7be796c 195f3ce0054d2866 | de0890e2028ebb36 a14a128bcebc498d 9ebcc5eaf0c1d258 | |||
| c5dd3700003e1301 13031302c02bc02f cca9cca8c00ac009 | cc0a2900003e1301 13031302c02bc02f cca9cca8c00ac009 | |||
| c013c023c027c014 009eccaa00330032 006700390038006b | c013c023c027c014 009eccaa00330032 006700390038006b | |||
| 00160013009c002f 003c0035003d000a 0005000401000195 | 00160013009c002f 003c0035003d000a 0005000401000195 | |||
| 0000000b00090000 06736572766572ff 01000100000a0014 | 0015003b00000000 0000000000000000 0000000000000000 | |||
| 0012001d00170018 0019010001010102 01030104000b0002 | ||||
| 0100002800260024 001d00201206a37e 316cf70499d848ef | ||||
| d024caafc4b50506 47f8aef227d81cf4 460825150029009a | ||||
| 0098010101000092 4e5353216ffddf43 2e46e04edd3964cd | ||||
| a3f350651903277c 3a259ec466151536 0050cf3e329e2bd5 | ||||
| 35a962d66cdcaa31 777a35f8cf6579f1 94fad530346815c9 | ||||
| 5baea68f17c1573a a34c0b279ce1bfc0 2c4ff5fef1b02203 | ||||
| 391178fadda4b941 b65772a1cf139ed7 0ae2c178cbd80d54 | ||||
| 08bb4e635422667e 5d15a4065d15687f 3b809fc5a2682df6 | ||||
| f53857ba2c70cdfb e30a002a000492f5 741d002b0007067f | ||||
| 1003030302000d00 20001e0403050306 0302030804080508 | ||||
| 0604010501060102 0104020502060202 0200150060000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000 | 0000000000000000 0000000000000000 00000b0009000006 | |||
| 736572766572ff01 000100000a001400 12001d0017001800 | ||||
| 1901000101010201 030104000b000201 0000280026002400 | ||||
| 1d00202c1a71f7ce df5fad8e8433be7c 85533a615a8d1140 | ||||
| c8984dbfdf5391e1 8b4e74002a000000 2b0007067f120303 | ||||
| 0302000d0020001e 0403050306030203 0804080508060401 | ||||
| 0501060102010402 050206020202002d 00020101002900bd | ||||
| 009800924e535321 cadc96238da09caf 9b02fecafdd65e3e | ||||
| 418f03e43772cf51 2ed8066100503b1c 08abbbf298a9d138 | ||||
| ce821dd12fe1710e 2137cd12e6a85cd3 fd7f73706e7f5ddd | ||||
| efb87c1ef8382463 8464099c9d1363e3 c64ed2075c16b8cc | ||||
| d8e524a6bbd7a6a6 e34ea1579782b15b be7dfed5c0c0d980 | ||||
| fb330f9d8ab252ff e7be1277d418b682 8ead4dae3b30d448 | ||||
| 442417ef76af4abe 594b00212056d264 e68d59a0537d872a | ||||
| 47a2f0a72d5051f1 aa5dcbbc5da1e43e c781580e0a | ||||
| {client} derive write traffic keys using label "early handshake key | {client} derive secret "client early traffic secret": | |||
| expansion": | ||||
| PRK (32 octets): af68f3b851db647a 50ccd03afb94d52e | PRK (32 octets): 99853a47f018f8b2 123e742a14b06549 | |||
| 8f1349a66f56f54d 683ca3a9900ed295 | 87fd96262ec8b893 e3dc5c087dc10f4f | |||
| key info (47 octets): 00102b544c532031 2e332c206561726c | handshake hash (32 octets): 5abe42e4bb8e0bcf f118e9e02e78c793 | |||
| 792068616e647368 616b65206b657920 657870616e73696f | c0f8bf0461a62ce4 5a7c541edf06c204 | |||
| 6e2c206b657900 | ||||
| key output (16 octets): eee93d2d1de2b7aa 0939dd335a5389ed | info (72 octets): 002024544c532031 2e332c20636c6965 | |||
| 6e74206561726c79 2074726166666963 2073656372657420 | ||||
| 5abe42e4bb8e0bcf f118e9e02e78c793 c0f8bf0461a62ce4 | ||||
| 5a7c541edf06c204 | ||||
| iv info (46 octets): 000c2a544c532031 2e332c206561726c | output (32 octets): 560df53cb4604f16 954e5f63869fcf11 | |||
| 792068616e647368 616b65206b657920 657870616e73696f 6e2c20697600 | d656be054f92c803 f93017a506032016 | |||
| iv output (12 octets): acef44f1be5aab86 64a9749a | {client} derive write traffic keys using label "early application | |||
| data": | ||||
| {client} send a Finished handshake message | PRK (32 octets): 560df53cb4604f16 954e5f63869fcf11 | |||
| d656be054f92c803 f93017a506032016 | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | ||||
| key output (16 octets): ee1188babbf83c53 5f8fa55f8f8a20a7 | ||||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | ||||
| iv output (12 octets): 22a3d48298c8b820 bef80201 | ||||
| {client} send record: | {client} send record: | |||
| cleartext (36 octets): 140000205b3a3d1b 354919bcea11c379 | cleartext (6 octets): 414243444546 | |||
| edf28d2e780fe28a 0f9d4c5bb3f104b4 30a4ba70 | ||||
| ciphertext (58 octets): 17030100356c5477 611b08bfe7b2493f | ciphertext (28 octets): 1703010017c07b71 c7200dab007e9ebc | |||
| f05e70873262ae65 cb663667b93931b1 93f36c372e3c5483 | 45c182721f06cd88 6bf785ab | |||
| c6a49fc10096b367 09075f2dd5f3f36f 564f | ||||
| {client} derive write traffic keys using label "early application | {server} extract secret "early" (same as client) | |||
| data key expansion": | ||||
| PRK (32 octets): af68f3b851db647a 50ccd03afb94d52e | {server} derive secret "resumption psk binder key": | |||
| 8f1349a66f56f54d 683ca3a9900ed295 | ||||
| key info (54 octets): 001032544c532031 2e332c206561726c | PRK (32 octets): 99853a47f018f8b2 123e742a14b06549 | |||
| 79206170706c6963 6174696f6e206461 7461206b65792065 | 87fd96262ec8b893 e3dc5c087dc10f4f | |||
| 7870616e73696f6e 2c206b657900 | ||||
| key output (16 octets): c713c8bb3ff78315 b982cfb9a07c80b0 | handshake hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | |||
| 27ae41e4649b934c a495991b7852b855 | ||||
| iv info (53 octets): 000c31544c532031 2e332c206561726c | info (70 octets): 002022544c532031 2e332c2072657375 | |||
| 79206170706c6963 6174696f6e206461 7461206b65792065 | 6d7074696f6e2070 736b2062696e6465 72206b657920e3b0 | |||
| 7870616e73696f6e 2c20697600 | c44298fc1c149afb f4c8996fb92427ae 41e4649b934ca495 991b7852b855 | |||
| iv output (12 octets): 3750adac15984d62 31053f36 | output (32 octets): 1590d475bebda581 fd7d7008a92140d9 | |||
| baf1b75bfcb7e033 a736591ecba7bb42 | ||||
| {client} send record: | {server} derive secret "early exporter master secret": | |||
| cleartext (6 octets): 414243444546 | PRK (32 octets): 99853a47f018f8b2 123e742a14b06549 | |||
| ciphertext (28 octets): 17030100170a9923 e64e0860d54570f8 | 87fd96262ec8b893 e3dc5c087dc10f4f | |||
| d31b86197fd67248 d38cd32f | ||||
| {server} create an ephemeral x25519 key pair: | handshake hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | |||
| 27ae41e4649b934c a495991b7852b855 | ||||
| private key (32 octets): 0df26b2e9c055b1f bb96b97718ef6f1a | info (73 octets): 002025544c532031 2e332c206561726c | |||
| 5549839aff3e3f6a 60b6b356ff631611 | 79206578706f7274 6572206d61737465 7220736563726574 | |||
| 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | ||||
| 4ca495991b7852b8 55 | ||||
| public key (32 octets): e6c6574f90c8d810 e002c083efa8d895 | output (32 octets): 399ca522c8bdbd22 9a1db3f4f97632d4 | |||
| 389061c5bcd71c63 6f5ae1daf0b30112 | 250ed6ecd5568419 6ba9953033956f94 | |||
| {server} extract secret "early" (same as client) | {server} calculate finished: | |||
| {server} derive secret "client early traffic secret" (same as | PRK (32 octets): 1590d475bebda581 fd7d7008a92140d9 | |||
| client) | baf1b75bfcb7e033 a736591ecba7bb42 | |||
| {server} derive read traffic keys using label "early handshake key | handshake hash (0 octets): (empty) | |||
| expansion": | ||||
| PRK (32 octets): af68f3b851db647a 50ccd03afb94d52e | info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | |||
| 8f1349a66f56f54d 683ca3a9900ed295 | ||||
| key info (47 octets): 00102b544c532031 2e332c206561726c | output (32 octets): fe36c444491b0082 e4683625da4dcadf | |||
| 792068616e647368 616b65206b657920 657870616e73696f | 99aebd2dab5a1621 ae25542ec266d6a7 | |||
| 6e2c206b657900 | ||||
| key output (16 octets): eee93d2d1de2b7aa 0939dd335a5389ed | {server} create an ephemeral x25519 key pair: | |||
| iv info (46 octets): 000c2a544c532031 2e332c206561726c | private key (32 octets): 084cf2ecb7e94256 f575cd6e3dde2f21 | |||
| 792068616e647368 616b65206b657920 657870616e73696f 6e2c20697600 | 9c4f9029143e4f6a 85e86700b7d5eb77 | |||
| iv output (12 octets): acef44f1be5aab86 64a9749a | public key (32 octets): 7897ec11458a449d 3c73f5e3846c5062 | |||
| 8c35faa8876e602e 996c2620deafbe0d | ||||
| {server} derive secret "client early traffic secret" (same as | ||||
| client) | ||||
| {server} send a ServerHello handshake message | {server} send a ServerHello handshake message | |||
| {server} extract secret "handshake": | {server} extract secret "handshake": | |||
| salt (32 octets): 50b55777d9078122 7376f3701a850c21 | salt (32 octets): 99853a47f018f8b2 123e742a14b06549 | |||
| 040983207b0c2469 9580e18ba29bd5f6 | 87fd96262ec8b893 e3dc5c087dc10f4f | |||
| ikm (32 octets): 5a2925fe53a03d94 3ae4e2c64dc2bc06 | ikm (32 octets): 7edd226788b92bf9 3b2b33396e06ef84 | |||
| 2c916390403174ac fc64892091e56550 | 059693fa9c199da2 3f41224c2b84e97d | |||
| secret (32 octets): eff9edc8b2b872d3 e34214189cb5f10a | secret (32 octets): 6423cd6207ff4ea4 7b73af91b6f8db82 | |||
| 45c873eef248f458 15c693215bbc2277 | 706e5ee4691b27ca 3c743445186ed12c | |||
| {server} derive secret "client handshake traffic secret": | {server} derive secret "client handshake traffic secret": | |||
| handshake hash (64 octets): 4a158002aa771132 1d86db9554a8cac1 | PRK (32 octets): 6423cd6207ff4ea4 7b73af91b6f8db82 | |||
| f27fa052ab3f8356 1aefa6e1eadc336f ffc65d93ccb7b739 | 706e5ee4691b27ca 3c743445186ed12c | |||
| b3f1ba164a8c1893 4e069aa123889906 2188e39045f3d821 | ||||
| PRK (32 octets): eff9edc8b2b872d3 e34214189cb5f10a | handshake hash (32 octets): a80310ec3b531838 1c8db6495965f2fa | |||
| 45c873eef248f458 15c693215bbc2277 | cf9ca85a391fcf37 d85cadd1bc7443d4 | |||
| info (108 octets): 002028544c532031 2e332c20636c6965 | info (76 octets): 002028544c532031 2e332c20636c6965 | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | 6e742068616e6473 68616b6520747261 6666696320736563 | |||
| 726574404a158002 aa7711321d86db95 54a8cac1f27fa052 | 72657420a80310ec 3b5318381c8db649 5965f2facf9ca85a | |||
| ab3f83561aefa6e1 eadc336fffc65d93 ccb7b739b3f1ba16 | 391fcf37d85cadd1 bc7443d4 | |||
| 4a8c18934e069aa1 238899062188e390 45f3d821 | ||||
| output (32 octets): f14973e577eff04c a6795e3f4c1b7752 | output (32 octets): d60ef6f4d7eda53d cc21d02d26ebd575 | |||
| 901b6e4fbde4ac02 e17e067f08d052f1 | f9663f84ef4af32e 5bed4fbb6af833e0 | |||
| {server} derive secret "server handshake traffic secret": | {server} derive secret "server handshake traffic secret": | |||
| handshake hash (64 octets): 4a158002aa771132 1d86db9554a8cac1 | PRK (32 octets): 6423cd6207ff4ea4 7b73af91b6f8db82 | |||
| f27fa052ab3f8356 1aefa6e1eadc336f ffc65d93ccb7b739 | 706e5ee4691b27ca 3c743445186ed12c | |||
| b3f1ba164a8c1893 4e069aa123889906 2188e39045f3d821 | ||||
| PRK (32 octets): eff9edc8b2b872d3 e34214189cb5f10a | handshake hash (32 octets): a80310ec3b531838 1c8db6495965f2fa | |||
| 45c873eef248f458 15c693215bbc2277 | cf9ca85a391fcf37 d85cadd1bc7443d4 | |||
| info (108 octets): 002028544c532031 2e332c2073657276 | info (76 octets): 002028544c532031 2e332c2073657276 | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | 65722068616e6473 68616b6520747261 6666696320736563 | |||
| 726574404a158002 aa7711321d86db95 54a8cac1f27fa052 | 72657420a80310ec 3b5318381c8db649 5965f2facf9ca85a | |||
| ab3f83561aefa6e1 eadc336fffc65d93 ccb7b739b3f1ba16 | 391fcf37d85cadd1 bc7443d4 | |||
| 4a8c18934e069aa1 238899062188e390 45f3d821 | ||||
| output (32 octets): e6e9623c5c3d0023 c64f84145fca6a63 | output (32 octets): c41576b7adda04fb eb128b8cb48e4b46 | |||
| 736f3c8e37ba71da d139daf40f8e4ec0 | e9954abc6dd2dfc3 0856d028dedcfdd7 | |||
| {server} extract secret "master": | {server} extract secret "master": | |||
| salt (32 octets): eff9edc8b2b872d3 e34214189cb5f10a | salt (32 octets): 6423cd6207ff4ea4 7b73af91b6f8db82 | |||
| 45c873eef248f458 15c693215bbc2277 | 706e5ee4691b27ca 3c743445186ed12c | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): faecb2e5b0bef416 13d0ff2ae3441ca9 | secret (32 octets): 838095f760b7ff7a 207ff3c3c818e6f9 | |||
| 408b0074cbbea3a2 c270e1cb4a2578cc | 86c87db36fcf063f 09e8451dc55b97e2 | |||
| {server} send record: | {server} derive write traffic keys using label "handshake data": | |||
| cleartext (88 octets): 020000547f101750 d392fda7530a72ee | PRK (32 octets): c41576b7adda04fb eb128b8cb48e4b46 | |||
| 97ec5c43731022b2 168b2ddd967ed3be 04ddbdee74631301 | e9954abc6dd2dfc3 0856d028dedcfdd7 | |||
| 002e002900020000 00280024001d0020 e6c6574f90c8d810 | ||||
| e002c083efa8d895 389061c5bcd71c63 6f5ae1daf0b30112 | ||||
| ciphertext (93 octets): 1603010058020000 547f101750d392fd | key info (16 octets): 00100c544c532031 2e332c206b657900 | |||
| a7530a72ee97ec5c 43731022b2168b2d dd967ed3be04ddbd | ||||
| ee74631301002e00 2900020000002800 24001d0020e6c657 | ||||
| 4f90c8d810e002c0 83efa8d895389061 c5bcd71c636f5ae1 daf0b30112 | ||||
| {server} derive write traffic keys using label "handshake key | key output (16 octets): 3b6b7a6360a82cf2 5bf22e59e3d170c3 | |||
| expansion": | ||||
| PRK (32 octets): e6e9623c5c3d0023 c64f84145fca6a63 | iv info (15 octets): 000c0b544c532031 2e332c20697600 | |||
| 736f3c8e37ba71da d139daf40f8e4ec0 | ||||
| key info (41 octets): 001025544c532031 2e332c2068616e64 | iv output (12 octets): 3e94717fb3af82cd e82642b9 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c206b6579 00 | ||||
| key output (16 octets): 64cff1125fc9090b b3ebb29cf49b26a1 | {server} send record: | |||
| iv info (40 octets): 000c24544c532031 2e332c2068616e64 | cleartext (88 octets): 020000547f124f9b fff8d7d6e5e445e8 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c20697600 | 67330150aa680274 59e8d59262ac183e a8d7e5b9c4981301 | |||
| 002e002900020000 00280024001d0020 7897ec11458a449d | ||||
| 3c73f5e3846c5062 8c35faa8876e602e 996c2620deafbe0d | ||||
| iv output (12 octets): 6292d575366424a0 80f01a22 | ciphertext (93 octets): 1603010058020000 547f124f9bfff8d7 | |||
| d6e5e445e8673301 50aa68027459e8d5 9262ac183ea8d7e5 | ||||
| b9c4981301002e00 2900020000002800 24001d00207897ec | ||||
| 11458a449d3c73f5 e3846c50628c35fa a8876e602e996c26 20deafbe0d | ||||
| {server} send a EncryptedExtensions handshake message | {server} send a EncryptedExtensions handshake message | |||
| {server} calculate finished: | ||||
| PRK (32 octets): c41576b7adda04fb eb128b8cb48e4b46 | ||||
| e9954abc6dd2dfc3 0856d028dedcfdd7 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 675bd9b07376e6a6 56ef9fbe9297ce8a | ||||
| cabbc804e1001d0d c4a810b918aad2d3 | ||||
| {server} send a Finished handshake message | {server} send a Finished handshake message | |||
| {server} send record: | {server} send record: | |||
| cleartext (74 octets): 080000220020000a 00140012001d0017 | cleartext (74 octets): 080000220020000a 00140012001d0017 | |||
| 0018001901000101 0102010301040000 0000002a00001400 | 0018001901000101 0102010301040000 0000002a00001400 | |||
| 00206a8db5af860c 85fee7da54cf130a 8fbb7d48563b457c | 00206b2d3c33b880 827d22789897cf52 ced3a06fd4a1b927 | |||
| 6c48bf58e649877f 4241 | 106cad93e8145ecf e9ee | |||
| ciphertext (96 octets): 170301005bf374b2 5eb166088968e7d5 | ciphertext (96 octets): 170301005b29076d 479ff50c63291217 | |||
| fdd0a28ed3411f92 7b4e3fa412bde6c5 ce0ed3627c24b60e | 5bc8d31b77425359 8be825a729656425 3acf12baa202f07a | |||
| d67a87dd33444e78 8489c2edcc2b02c5 f520d81e1ab1bdc2 | 29c686489aa76bb5 d8b1bb64d6502ee9 7954302c4a8a528f | |||
| 8c2f9eef9c17a646 0d7043fe958a831b bfe82671b356f6bc | f27506e35fabb67b 7bf7623cfb23ac56 24942c10ffbae8a7 | |||
| d1bf43290b8d05a3 | 79ffcec31860a481 | |||
| {server} derive secret "client application traffic secret": | {server} derive secret "client application traffic secret": | |||
| handshake hash (64 octets): 055666b5e4969791 a49484a3bc0e44db | PRK (32 octets): 838095f760b7ff7a 207ff3c3c818e6f9 | |||
| db8ac3e18a5dfe8b cc3d700a78d04b90 ffc65d93ccb7b739 | 86c87db36fcf063f 09e8451dc55b97e2 | |||
| b3f1ba164a8c1893 4e069aa123889906 2188e39045f3d821 | ||||
| PRK (32 octets): faecb2e5b0bef416 13d0ff2ae3441ca9 | handshake hash (32 octets): 25678f29cd74c323 e2c410f6163f1560 | |||
| 408b0074cbbea3a2 c270e1cb4a2578cc | 8bbe70f367f330f9 f316a3b91a98a5cb | |||
| info (110 octets): 00202a544c532031 2e332c20636c6965 | info (78 octets): 00202a544c532031 2e332c20636c6965 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | 6e74206170706c69 636174696f6e2074 7261666669632073 | |||
| 6563726574400556 66b5e4969791a494 84a3bc0e44dbdb8a | 6563726574202567 8f29cd74c323e2c4 10f6163f15608bbe | |||
| c3e18a5dfe8bcc3d 700a78d04b90ffc6 5d93ccb7b739b3f1 | 70f367f330f9f316 a3b91a98a5cb | |||
| ba164a8c18934e06 9aa1238899062188 e39045f3d821 | ||||
| output (32 octets): 4c9f3438c915bc4d 0a8a66ec606bed75 | output (32 octets): 642d05445f11316d d9f94a0b64af1f07 | |||
| db479d3853d995f1 bc2b97274abf4494 | 37ca6429219cd7fb 1f33c4b2fe3ab632 | |||
| {server} derive secret "server application traffic secret": | {server} derive secret "server application traffic secret": | |||
| handshake hash (64 octets): 055666b5e4969791 a49484a3bc0e44db | PRK (32 octets): 838095f760b7ff7a 207ff3c3c818e6f9 | |||
| db8ac3e18a5dfe8b cc3d700a78d04b90 ffc65d93ccb7b739 | 86c87db36fcf063f 09e8451dc55b97e2 | |||
| b3f1ba164a8c1893 4e069aa123889906 2188e39045f3d821 | ||||
| PRK (32 octets): faecb2e5b0bef416 13d0ff2ae3441ca9 | handshake hash (32 octets): 25678f29cd74c323 e2c410f6163f1560 | |||
| 408b0074cbbea3a2 c270e1cb4a2578cc | 8bbe70f367f330f9 f316a3b91a98a5cb | |||
| info (110 octets): 00202a544c532031 2e332c2073657276 | info (78 octets): 00202a544c532031 2e332c2073657276 | |||
| 6572206170706c69 636174696f6e2074 7261666669632073 | 6572206170706c69 636174696f6e2074 7261666669632073 | |||
| 6563726574400556 66b5e4969791a494 84a3bc0e44dbdb8a | 6563726574202567 8f29cd74c323e2c4 10f6163f15608bbe | |||
| c3e18a5dfe8bcc3d 700a78d04b90ffc6 5d93ccb7b739b3f1 | 70f367f330f9f316 a3b91a98a5cb | |||
| ba164a8c18934e06 9aa1238899062188 e39045f3d821 | ||||
| output (32 octets): 8045d1d46cc35dfa 71b8ded37d54fc72 | output (32 octets): 125f0e573a686d07 92ed788646fedd3e | |||
| afd5ccdaaed73a24 13cdea56a0e363d4 | 4407728929607077 745cd1a98f240daa | |||
| {server} derive write traffic keys using label "application data key | {server} derive secret "exporter master secret": | |||
| expansion": | ||||
| PRK (32 octets): 8045d1d46cc35dfa 71b8ded37d54fc72 | PRK (32 octets): 838095f760b7ff7a 207ff3c3c818e6f9 | |||
| afd5ccdaaed73a24 13cdea56a0e363d4 | 86c87db36fcf063f 09e8451dc55b97e2 | |||
| key info (48 octets): 00102c544c532031 2e332c206170706c | handshake hash (32 octets): 25678f29cd74c323 e2c410f6163f1560 | |||
| 69636174696f6e20 64617461206b6579 20657870616e7369 | 8bbe70f367f330f9 f316a3b91a98a5cb | |||
| 6f6e2c206b657900 | ||||
| key output (16 octets): 8bef5ef0dfa457f1 fcc656c8c187dba9 | info (67 octets): 00201f544c532031 2e332c206578706f | |||
| 72746572206d6173 7465722073656372 65742025678f29cd | ||||
| 74c323e2c410f616 3f15608bbe70f367 f330f9f316a3b91a 98a5cb | ||||
| iv info (47 octets): 000c2b544c532031 2e332c206170706c | output (32 octets): 94afc03877de24ce 1a14ecd098ad891c | |||
| 69636174696f6e20 64617461206b6579 20657870616e7369 | 5d54b37369bc98f8 3c136fb7f56e1490 | |||
| 6f6e2c20697600 | ||||
| iv output (12 octets): d38dc8e37a7c9464 7e4f4cb5 | {server} derive write traffic keys using label "application data": | |||
| PRK (32 octets): 125f0e573a686d07 92ed788646fedd3e | ||||
| 4407728929607077 745cd1a98f240daa | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | ||||
| key output (16 octets): dab117e37b791fec 925a71f88c376fa6 | ||||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | ||||
| iv output (12 octets): bbe980ebee1ba6c0 38a2e244 | ||||
| {server} derive read traffic keys using label "early application | {server} derive read traffic keys using label "early application | |||
| data key expansion" (same as client write traffic keys) | data" (same as client write traffic keys) | |||
| {client} extract secret "handshake": | {client} extract secret "handshake": | |||
| salt (32 octets): 50b55777d9078122 7376f3701a850c21 | salt (32 octets): 99853a47f018f8b2 123e742a14b06549 | |||
| 040983207b0c2469 9580e18ba29bd5f6 | 87fd96262ec8b893 e3dc5c087dc10f4f | |||
| ikm (32 octets): 5a2925fe53a03d94 3ae4e2c64dc2bc06 | ikm (32 octets): 7edd226788b92bf9 3b2b33396e06ef84 | |||
| 2c916390403174ac fc64892091e56550 | 059693fa9c199da2 3f41224c2b84e97d | |||
| secret (32 octets): eff9edc8b2b872d3 e34214189cb5f10a | secret (32 octets): 6423cd6207ff4ea4 7b73af91b6f8db82 | |||
| 45c873eef248f458 15c693215bbc2277 | 706e5ee4691b27ca 3c743445186ed12c | |||
| {client} derive secret "client handshake traffic secret": | {client} derive secret "client handshake traffic secret": | |||
| handshake hash (64 octets): 4a158002aa771132 1d86db9554a8cac1 | PRK (32 octets): 6423cd6207ff4ea4 7b73af91b6f8db82 | |||
| f27fa052ab3f8356 1aefa6e1eadc336f ffc65d93ccb7b739 | 706e5ee4691b27ca 3c743445186ed12c | |||
| b3f1ba164a8c1893 4e069aa123889906 2188e39045f3d821 | ||||
| PRK (32 octets): eff9edc8b2b872d3 e34214189cb5f10a | handshake hash (32 octets): a80310ec3b531838 1c8db6495965f2fa | |||
| 45c873eef248f458 15c693215bbc2277 | cf9ca85a391fcf37 d85cadd1bc7443d4 | |||
| info (108 octets): 002028544c532031 2e332c20636c6965 | info (76 octets): 002028544c532031 2e332c20636c6965 | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | 6e742068616e6473 68616b6520747261 6666696320736563 | |||
| 726574404a158002 aa7711321d86db95 54a8cac1f27fa052 | 72657420a80310ec 3b5318381c8db649 5965f2facf9ca85a | |||
| ab3f83561aefa6e1 eadc336fffc65d93 ccb7b739b3f1ba16 | 391fcf37d85cadd1 bc7443d4 | |||
| 4a8c18934e069aa1 238899062188e390 45f3d821 | ||||
| output (32 octets): f14973e577eff04c a6795e3f4c1b7752 | output (32 octets): d60ef6f4d7eda53d cc21d02d26ebd575 | |||
| 901b6e4fbde4ac02 e17e067f08d052f1 | f9663f84ef4af32e 5bed4fbb6af833e0 | |||
| {client} derive secret "server handshake traffic secret": | {client} derive secret "server handshake traffic secret": | |||
| handshake hash (64 octets): 4a158002aa771132 1d86db9554a8cac1 | PRK (32 octets): 6423cd6207ff4ea4 7b73af91b6f8db82 | |||
| f27fa052ab3f8356 1aefa6e1eadc336f ffc65d93ccb7b739 | 706e5ee4691b27ca 3c743445186ed12c | |||
| b3f1ba164a8c1893 4e069aa123889906 2188e39045f3d821 | ||||
| PRK (32 octets): eff9edc8b2b872d3 e34214189cb5f10a | handshake hash (32 octets): a80310ec3b531838 1c8db6495965f2fa | |||
| 45c873eef248f458 15c693215bbc2277 | cf9ca85a391fcf37 d85cadd1bc7443d4 | |||
| info (108 octets): 002028544c532031 2e332c2073657276 | info (76 octets): 002028544c532031 2e332c2073657276 | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | 65722068616e6473 68616b6520747261 6666696320736563 | |||
| 726574404a158002 aa7711321d86db95 54a8cac1f27fa052 | 72657420a80310ec 3b5318381c8db649 5965f2facf9ca85a | |||
| ab3f83561aefa6e1 eadc336fffc65d93 ccb7b739b3f1ba16 | 391fcf37d85cadd1 bc7443d4 | |||
| 4a8c18934e069aa1 238899062188e390 45f3d821 | ||||
| output (32 octets): e6e9623c5c3d0023 c64f84145fca6a63 | output (32 octets): c41576b7adda04fb eb128b8cb48e4b46 | |||
| 736f3c8e37ba71da d139daf40f8e4ec0 | e9954abc6dd2dfc3 0856d028dedcfdd7 | |||
| {client} extract secret "master" (same as server) | {client} extract secret "master" (same as server) | |||
| {client} derive read traffic keys using label "handshake key | {client} derive read traffic keys using label "handshake data": | |||
| expansion": | ||||
| PRK (32 octets): e6e9623c5c3d0023 c64f84145fca6a63 | PRK (32 octets): c41576b7adda04fb eb128b8cb48e4b46 | |||
| 736f3c8e37ba71da d139daf40f8e4ec0 | e9954abc6dd2dfc3 0856d028dedcfdd7 | |||
| key info (41 octets): 001025544c532031 2e332c2068616e64 | key info (16 octets): 00100c544c532031 2e332c206b657900 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c206b6579 00 | ||||
| key output (16 octets): 64cff1125fc9090b b3ebb29cf49b26a1 | key output (16 octets): 3b6b7a6360a82cf2 5bf22e59e3d170c3 | |||
| iv info (40 octets): 000c24544c532031 2e332c2068616e64 | iv info (15 octets): 000c0b544c532031 2e332c20697600 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c20697600 | ||||
| iv output (12 octets): 6292d575366424a0 80f01a22 | iv output (12 octets): 3e94717fb3af82cd e82642b9 | |||
| {client} calculate finished: | ||||
| PRK (32 octets): c41576b7adda04fb eb128b8cb48e4b46 | ||||
| e9954abc6dd2dfc3 0856d028dedcfdd7 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 675bd9b07376e6a6 56ef9fbe9297ce8a | ||||
| cabbc804e1001d0d c4a810b918aad2d3 | ||||
| {client} send record: | {client} send record: | |||
| cleartext (2 octets): 0101 | cleartext (2 octets): 0101 | |||
| ciphertext (24 octets): 1703010013687eb4 9a969a751172cf83 | ciphertext (24 octets): 17030100130aba56 52f18ac0971329d7 | |||
| fb367fc3e6554ff2 | 5fa54b8d4477f693 | |||
| {client} derive write traffic keys using label "handshake key | ||||
| expansion": | ||||
| PRK (32 octets): f14973e577eff04c a6795e3f4c1b7752 | {client} derive write traffic keys using label "handshake data": | |||
| 901b6e4fbde4ac02 e17e067f08d052f1 | ||||
| key info (41 octets): 001025544c532031 2e332c2068616e64 | PRK (32 octets): d60ef6f4d7eda53d cc21d02d26ebd575 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c206b6579 00 | f9663f84ef4af32e 5bed4fbb6af833e0 | |||
| key output (16 octets): a73add6f2e57fc83 c79573d270cc6509 | key info (16 octets): 00100c544c532031 2e332c206b657900 | |||
| iv info (40 octets): 000c24544c532031 2e332c2068616e64 | key output (16 octets): bd8d8cc78152c42f 15b5d2ae85d85391 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c20697600 | ||||
| iv output (12 octets): d61dd1b8a247c421 c244041f | iv info (15 octets): 000c0b544c532031 2e332c20697600 | |||
| iv output (12 octets): 9e379b5677dda474 9dd45fd5 | ||||
| {client} derive secret "client application traffic secret": | {client} derive secret "client application traffic secret": | |||
| handshake hash (64 octets): 055666b5e4969791 a49484a3bc0e44db | PRK (32 octets): 838095f760b7ff7a 207ff3c3c818e6f9 | |||
| db8ac3e18a5dfe8b cc3d700a78d04b90 ffc65d93ccb7b739 | 86c87db36fcf063f 09e8451dc55b97e2 | |||
| b3f1ba164a8c1893 4e069aa123889906 2188e39045f3d821 | ||||
| PRK (32 octets): faecb2e5b0bef416 13d0ff2ae3441ca9 | handshake hash (32 octets): 25678f29cd74c323 e2c410f6163f1560 | |||
| 408b0074cbbea3a2 c270e1cb4a2578cc | 8bbe70f367f330f9 f316a3b91a98a5cb | |||
| info (110 octets): 00202a544c532031 2e332c20636c6965 | info (78 octets): 00202a544c532031 2e332c20636c6965 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | 6e74206170706c69 636174696f6e2074 7261666669632073 | |||
| 6563726574400556 66b5e4969791a494 84a3bc0e44dbdb8a | 6563726574202567 8f29cd74c323e2c4 10f6163f15608bbe | |||
| c3e18a5dfe8bcc3d 700a78d04b90ffc6 5d93ccb7b739b3f1 | 70f367f330f9f316 a3b91a98a5cb | |||
| ba164a8c18934e06 9aa1238899062188 e39045f3d821 | ||||
| output (32 octets): 4c9f3438c915bc4d 0a8a66ec606bed75 | output (32 octets): 642d05445f11316d d9f94a0b64af1f07 | |||
| db479d3853d995f1 bc2b97274abf4494 | 37ca6429219cd7fb 1f33c4b2fe3ab632 | |||
| {client} derive secret "server application traffic secret" (same as | {client} derive secret "server application traffic secret": | |||
| server) | ||||
| {client} derive read traffic keys using label "application data key | PRK (32 octets): 838095f760b7ff7a 207ff3c3c818e6f9 | |||
| expansion" (same as server write traffic keys) | 86c87db36fcf063f 09e8451dc55b97e2 | |||
| handshake hash (32 octets): 25678f29cd74c323 e2c410f6163f1560 | ||||
| 8bbe70f367f330f9 f316a3b91a98a5cb | ||||
| info (78 octets): 00202a544c532031 2e332c2073657276 | ||||
| 6572206170706c69 636174696f6e2074 7261666669632073 | ||||
| 6563726574202567 8f29cd74c323e2c4 10f6163f15608bbe | ||||
| 70f367f330f9f316 a3b91a98a5cb | ||||
| output (32 octets): 125f0e573a686d07 92ed788646fedd3e | ||||
| 4407728929607077 745cd1a98f240daa | ||||
| {client} derive secret "exporter master secret" (same as server) | ||||
| {client} derive read traffic keys using label "application data" | ||||
| (same as server write traffic keys) | ||||
| {client} calculate finished: | ||||
| PRK (32 octets): d60ef6f4d7eda53d cc21d02d26ebd575 | ||||
| f9663f84ef4af32e 5bed4fbb6af833e0 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 9d18ee7c846ea450 0c9884d3b3741107 | ||||
| 1cb93b42db69a46c 101e65e976a20417 | ||||
| {client} send a Finished handshake message | {client} send a Finished handshake message | |||
| {client} send record: | {client} send record: | |||
| cleartext (36 octets): 140000208a5ff8f5 2a3e97eaaa1feb1c | cleartext (36 octets): 1400002055f849f1 a03006f7ec3d5384 | |||
| 0ee058d9b923c788 592c46fcdd240e5d 17a80d40 | aba84782b4c37df3 d3c7b92543d5e8b0 24b38aea | |||
| ciphertext (58 octets): 170301003551e152 cd27816eb07f79e8 | ciphertext (58 octets): 170301003561ad40 384d8ffd77d6ea42 | |||
| 9c71bf328d373b5b b8390821a319a957 03b3a563f0042de9 | 28ca06247041fccf edc89e8f4f575a3b 79a01e61f6d3961a | |||
| 713c82a48cd42321 4c7efa9806153dec 62de | 5a6251e79594620a 62067c3a245dff64 b2fe | |||
| {client} derive write traffic keys using label "application data key | {client} derive write traffic keys using label "application data": | |||
| expansion": | ||||
| PRK (32 octets): 4c9f3438c915bc4d 0a8a66ec606bed75 | PRK (32 octets): 642d05445f11316d d9f94a0b64af1f07 | |||
| db479d3853d995f1 bc2b97274abf4494 | 37ca6429219cd7fb 1f33c4b2fe3ab632 | |||
| key info (48 octets): 00102c544c532031 2e332c206170706c | key info (16 octets): 00100c544c532031 2e332c206b657900 | |||
| 69636174696f6e20 64617461206b6579 20657870616e7369 | ||||
| 6f6e2c206b657900 | ||||
| key output (16 octets): aeffc85a70981079 9828a861b510d20a | key output (16 octets): ed504bf560f8c1e6 867659dd6527cdfa | |||
| iv info (47 octets): 000c2b544c532031 2e332c206170706c | iv info (15 octets): 000c0b544c532031 2e332c20697600 | |||
| 69636174696f6e20 64617461206b6579 20657870616e7369 | ||||
| 6f6e2c20697600 | ||||
| iv output (12 octets): a240fcfee10fc824 5f977745 | iv output (12 octets): 005434eeaac2d2b6 b3dc186d | |||
| {client} derive secret "resumption master secret": | {client} derive secret "resumption master secret": | |||
| handshake hash (64 octets): 86dd36a494000932 c9f58c7410cff699 | PRK (32 octets): 838095f760b7ff7a 207ff3c3c818e6f9 | |||
| 2b53f90b2e457196 cb0a62a306fabc32 ffc65d93ccb7b739 | 86c87db36fcf063f 09e8451dc55b97e2 | |||
| b3f1ba164a8c1893 4e069aa123889906 2188e39045f3d821 | ||||
| PRK (32 octets): faecb2e5b0bef416 13d0ff2ae3441ca9 | handshake hash (32 octets): 10e631557cc36de9 c9e1698cd932420d | |||
| 408b0074cbbea3a2 c270e1cb4a2578cc | 8388263513d401f0 a8a2d5bbf8ab8500 | |||
| info (101 octets): 002021544c532031 2e332c2072657375 | info (69 octets): 002021544c532031 2e332c2072657375 | |||
| 6d7074696f6e206d 6173746572207365 637265744086dd36 | 6d7074696f6e206d 6173746572207365 637265742010e631 | |||
| a494000932c9f58c 7410cff6992b53f9 0b2e457196cb0a62 | 557cc36de9c9e169 8cd932420d838826 3513d401f0a8a2d5 bbf8ab8500 | |||
| a306fabc32ffc65d 93ccb7b739b3f1ba 164a8c18934e069a | ||||
| a1238899062188e3 9045f3d821 | ||||
| output (32 octets): a42c624281007958 cf5b386cdeea9505 | output (32 octets): ddb7ba1feb09673a ebc36db7e08c410b | |||
| 78f5a4e8ce376e5b 5e1cc521f50a8e13 | de864b2eb7be9bda ded9be89bac6649c | |||
| {server} derive read traffic keys using label "handshake key | {server} derive read traffic keys using label "handshake data": | |||
| expansion": | ||||
| PRK (32 octets): f14973e577eff04c a6795e3f4c1b7752 | PRK (32 octets): d60ef6f4d7eda53d cc21d02d26ebd575 | |||
| 901b6e4fbde4ac02 e17e067f08d052f1 | f9663f84ef4af32e 5bed4fbb6af833e0 | |||
| key info (41 octets): 001025544c532031 2e332c2068616e64 | key info (16 octets): 00100c544c532031 2e332c206b657900 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c206b6579 00 | key output (16 octets): bd8d8cc78152c42f 15b5d2ae85d85391 | |||
| key output (16 octets): a73add6f2e57fc83 c79573d270cc6509 | iv info (15 octets): 000c0b544c532031 2e332c20697600 | |||
| iv info (40 octets): 000c24544c532031 2e332c2068616e64 | iv output (12 octets): 9e379b5677dda474 9dd45fd5 | |||
| 7368616b65206b65 7920657870616e73 696f6e2c20697600 | ||||
| iv output (12 octets): d61dd1b8a247c421 c244041f | {server} calculate finished: | |||
| {server} derive read traffic keys using label "application data key | PRK (32 octets): d60ef6f4d7eda53d cc21d02d26ebd575 | |||
| expansion" (same as client write traffic keys) | f9663f84ef4af32e 5bed4fbb6af833e0 | |||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 9d18ee7c846ea450 0c9884d3b3741107 | ||||
| 1cb93b42db69a46c 101e65e976a20417 | ||||
| {server} derive read traffic keys using label "application data" | ||||
| (same as client write traffic keys) | ||||
| {server} derive secret "resumption master secret" (same as client) | {server} derive secret "resumption master secret" (same as client) | |||
| {client} send record: | {client} send record: | |||
| cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | |||
| 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | |||
| 28292a2b2c2d2e2f 3031 | 28292a2b2c2d2e2f 3031 | |||
| ciphertext (72 octets): 1703010043002960 3d4a0b22d5c35dbe | ciphertext (72 octets): 1703010043215c81 57730ca2101ad6ee | |||
| 6b57d8015fbe1364 a6eb5047be44ddb7 9c52225b97d85854 | 50335a7216d5565e 3391c1d920b4c126 4285994032dbe9bc | |||
| 59322c960eb231a5 99464c714b5a3a5e 06dd664311d9d4ac | f077bfdd6f0fa1c9 e0c610c0b74605b2 a24448e4a7cb45ef | |||
| 182853c7597e7a9d | 8b0193ea95b4d860 | |||
| {server} send record: | {server} send record: | |||
| cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | |||
| 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | |||
| 28292a2b2c2d2e2f 3031 | 28292a2b2c2d2e2f 3031 | |||
| ciphertext (72 octets): 170301004387d132 c8efbcd1bb57be5b | ciphertext (72 octets): 17030100434255b4 8f15b947f760ed76 | |||
| 1b8bdd232247d909 45f87d6076a8f110 addb8c27ba05b107 | 29e130e5d4aaabea 7d06fa74fd3c9901 0997853776caf2c6 | |||
| 28e5b103aaac58ce 4b6693dbf77066ed a8168a4f6df78d8f | 5c8ccc6e33567dc7 f4ac50467eddf42c c76241aeda237a07 | |||
| 4f9a743dc72b3156 | 422ac51a643773e9 | |||
| {client} send record: | {client} send record: | |||
| cleartext (2 octets): 0100 | cleartext (2 octets): 0100 | |||
| ciphertext (24 octets): 1703010013422dd5 2ef4a92aaac69e06 | ||||
| ciphertext (24 octets): 17030100136a2ffa 499ba7a94e2cc32d | 6846b7e507d4a2ca | |||
| e33f03e69da02d0e | ||||
| {server} send record: | {server} send record: | |||
| cleartext (2 octets): 0100 | cleartext (2 octets): 0100 | |||
| ciphertext (24 octets): 1703010013e01536 07df77f766766ee3 | ciphertext (24 octets): 1703010013c6f797 8bf3ce7e86f54ffe | |||
| b61e6746db71bbed | a9edc9e61dfdd967 | |||
| 5. Security Considerations | 5. Security Considerations | |||
| It probably isn't a good idea to use the private key here. If it | It probably isn't a good idea to use the private key here. If it | |||
| weren't for the fact that it is too small to provide any meaningful | weren't for the fact that it is too small to provide any meaningful | |||
| security, it is now very well known. | security, it is now very well known. | |||
| 6. Normative References | 6. Normative References | |||
| [I-D.ietf-tls-tls13] | [I-D.ietf-tls-tls13] | |||
| End of changes. 250 change blocks. | ||||
| 618 lines changed or deleted | 745 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||