dcsimg
Results 1 to 3 of 3

Thread: (VB6) - Personal Chat using TLS 1.3 Encryption

  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    601

    (VB6) - Personal Chat using TLS 1.3 Encryption

    Attached is a One-To-One Chat program that utilizes the same encryption scheme as TLS 1.3.

    So why would I choose to use this encryption scheme? TLS 1.3 offers some distinct advantages over previous Security schemes. SSL is a dead issue, and many sites no longer consider TLS 1.0/1.1 secure. So that leaves TLS 1.2/1.3. TLS 1.2 is currently a safe and secure protocol, but how long that will last remains to be seen. TLS 1.3 uses Forward Secrecy to calculate the Input Keying Material (IKM), and part of the Handshake Negotiation is now encrypted as well. There is some controversy over the NIST ECC Curve (P-256) that I chose to use . After the NSA had a vulnerability (some call it a backdoor) rigged into the Dual EC DRBG protocol, there is a distrust of NIST. But there is no actual evidence to indicate that the NIST P curves have been rigged.

    The scheme used here is not compatible with public Web Server sites, as most of the options available with such a connection have been stripped. The Hello packets only contain the public ECC key, and since there is only one thing in the packet, there is no need for the individual headers. As well the calculated Agreed Secret is actually an SHA256 Hash of the Agreed Secret. And there is only one encryption algorithm provided (AES-128-GCM). A private communication system does not need all the options that a public service does. I have provided for a version number to be implemented in the packet header of the Hello packets, and a version check has been added in case any of the protocols used become deprecated. That is the major advantage in using a well used public encryption protocol, as potential problems seem to surface there first.

    As far as the programs themselves, I have attempted to remove as much clutter as possible, and still keep them functional. The dropdown box on the Client program only contains two URLs. A fully functional program would probably provide for other locations to be added to the registry. There is only the one ALERT message provided (Version). A fully functional program would provide for more. There are no command buttons. A message is sent from the Input box simply by hitting the "ENTER" key. InkEdit control boxes have been used instead of Text boxes. In theory, this would allow for non-Latin character sets (eg. Chinese/Arabic) to be used. Although SimpleSock supports IPv6, these programs do not take advantage of that capability.

    To use the programs, you can operate both in separate IDEs, or you can compile one or both and move one to another machine. If you move one to another network, remember to configure your NAT router to forward the connection request on port 443 to the machine running the Server program. That is the port I am using for the Server program to listen on, but you can change it to whatever you desire. On the Client program, the dropdown box contains a URL for the "localhost", and a fictitious domain name. To connect to an IP address for example, attempt a connect with the fictitious domain name, and when that fails change the domain name to an IP address and hit "ENTER".

    Once connected, type in your message and hit "ENTER". I also enabled Spell Checking on the Input box.

    J.A. Coutts
    Attached Images Attached Images  
    Attached Files Attached Files

  2. #2

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    601

    Re: (VB6) - Personal Chat using TLS 1.3 Encryption

    This version combines the 2 classes (clsCrypt & clsHKDF) into a single clsCrypt. As well, some of the functions performed in the calling form were moved to the class. This was done to eliminate storage of the encryption keys in the form itself. The creation of the keys, the selection of keys, and the updating of the Session Hash is now done in the Class itself. Because allocation of the encryption keys is reversed for use in the Client, a ClientFlg was added to the Client.

    J.A. Coutts
    Attached Files Attached Files

  3. #3

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    601

    Re: (VB6) - Personal Chat using TLS 1.3 Encryption

    In this version, the Crypt Class was converted to a DLL to make it simpler and easier to use. This involved several more changes that would allow us to work with a compiled Library file. I also created a test program that would allow the Library file to be tested. As attached, the test program (prjTestDLL.vbp) contains the entire DLL code as a standard module. To use it with a Library file, copy the DLL to the Application directory, delete the .bas module, and remove the comment characters on the Private Declaration statements. I used DanSoft's DLL compiler to create a standard library file rather than an ActiveX DLL, because it does not require registration. The downside is that the routines used must be declared in the same way API calls are declared. The standard DLL must be placed in the application directory, the Windows directory, or the Windows Sytem32/SysWOW64 directory.

    Changes:
    1. All keys are not returned from the DLL, and most are not kept in memory.
    2. Get and Let functions were changed to standard functions and subs.
    3. Complex routines such as GetKeys, GetECCKey, and CryptData now return a non zero long upon failure to identify the failed part of the routine.
    4. The sequence numbers are automatically advanced on all Crypt/Decrypt functions.
    5. Since the DLL was designed to be used in a Client/Server type of application, some juggling was required to use it in a one sided test.
    6. At the present time, no allowance has been made for the use of Pre Shared Keys. All connections require Forward Secrecy.

    One should note that the use of a Hashed Agreed Secret allows a certain amount of key customization, as the raw Agreed Secret can be Appended and Prepended with values (either fixed or random) before being hashed.
    KDF_SECRET_PREPEND = 1
    KDF_SECRET_APPEND = 2
    This requires adding buffers to the ParameterList.

    J.A. Coutts

    Addendum: I have added the Client/Server programs that utilize the library file
    Attached Files Attached Files
    Last edited by couttsj; Oct 14th, 2018 at 12:45 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width