NTS-KE: NTS Key Establishment

NTS-KE is the TLS v1.3 based first phase of NTS used to acquire parameters for the following NTPv4 phase securely.

Due to its TLS v1.3 nature it is hard to watch in Wireshark.

Wireshark Dissector

There is an excellent one at https://github.com/vgiotsas/NTS-KE-Dissector. Only problems:

it's for Draft version 28 - the protocol used is 4430 instead of the 4460 from the final RFC 8915
its showing the NTS Cookies as strings instead of hex strings

So - this repo contains the original version + my patches.

make the TLS library used record the ephemeral keys and parameters
depends on the NTS client used (my chrony used GnuTLS, ntpd used OpenSSL)
- sometimes you can use environment variable SSLKEYLOGFILE out-of-the box
- if this doesn't work, create a shared library that instruments the TLS library used to record this file and then preload it via LD_PRELOAD
  - OpenSSL: SSL_CTX_set_keylog_callback from here
  - GnuTLS: gnutls_global_set_log_function from here
after you did this, the TLS parameters are written to this file
make Wireshark use this file as TLS (Pre)-Master Secret Log File under Settings | Protocols | TLS
invoke the NTS client and record the whole TLSv1.3 handshake
with the dissector loaded (put it into your Lua plugins directory, see Help | About | Folders), you can now dissect NTS-KE

Repository contains a nts-ke.pcapng and tls-secrets.txt to load into your Wireshark.

Should look like this

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
dissector		dissector
recording		recording
README.md		README.md
nts-ke_request.png		nts-ke_request.png
nts-ke_response.png		nts-ke_response.png