Add support for ESNIExtension

[divadres]

Hi. I'm trying to add support for ESNIExtension in tlslite-ng. I'm getting the information here: https://tools.ietf.org/html/draft-ietf-tls-esni-02 At the moment I can get the information of the dns domain registry, extract the data and create the extension data to send it together with the ClientHello, but I have doubts about the encryption of the data, I am not an expert in cryptography and there are some concepts I do not understand.

Let Z be the DH shared secret derived from a key share in ESNIKeys
   and the corresponding client share in ClientEncryptedSNI.key_share.
   The SNI encryption key is computed from Z as follows:

   Zx = HKDF-Extract(0, Z)
   key = HKDF-Expand-Label(Zx, "esni key", Hash(ESNIContents), key_length)
   iv = HKDF-Expand-Label(Zx, "esni iv", Hash(ESNIContents), iv_length)

I have the KeyShare obtained from the ESNIKeys, I have created the value ClientEncryptedSNI.key_share but I do not understand how to get the Z value, I am also not sure how to obtain the Zx value once these two are achieved I believe that key and iv can be created.

Is there someone who can help me in this step?

Thank you

[tomato42]

IIRC, "Z" is the canonical name for the shared secret agreed to using the DH key exchange, the calculation for it using regular FFDHE key exchange is here: https://github.com/tomato42/tlslite-ng/blob/029425144f6b26d5ab8acc3a79e3ead79253ad71/tlslite/keyexchange.py#L424-L439 (ECDHE is few lines below)

if this is not clear enough, asking on IETF TLS work-group mailinglist for amendments/clarifications to the draft would likely be fruitful

[Lekensteyn]

Hi @divadres, are you still working on this? It is worth noting that draft -01 (as currently implemented by Firefox/NSS and Cloudflare) is not compatible with newer draft versions (-03). The ESNIKeys.public_name field was added since draft -03.

Draft -03 also changed how the ESNI extension in the EncryptedExtensions message is encoded.