echspec 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 942fd582bb741ca465bb5255b458ef3cbf3ff8cd09f20b45957df8c64d32f55a
-  data.tar.gz: e5748a921bc1ab45c053884690fe0e7f5718b8847c6376f87100f22173f8dd9c
+  metadata.gz: 664b02dfe5659032ff19242937be686085ab762f223fd950a1332da55fd69e12
+  data.tar.gz: 0146c242937094ff8a4cb1c494d27af14a55d34e8967c4bf174b6eb76132b8c6
 SHA512:
-  metadata.gz: a9597e9295d2b6a8d2b836a59a9ec1013edb42b2fc605e2dacd9ba274510ccb9982f1971d6aa4d092f1896da19a4d2317386d72f9d690639049e288e96fe1fe5
-  data.tar.gz: d104c73ca8124af91cbaeb172757d8353e3a328668c89a9d1b66f01281ac6d8e5bacd298ac96b05fa27d1b70dadceb9a216c8b873db9607286a7e0767f304c58
+  metadata.gz: ca2add160c37c4997ee2f76172c1b4edc598d85149fecfae5fd6861dce34455916fbee67d02bbf60e8d6f121e583ca284fee4bde73a215c735c05465e30b8704
+  data.tar.gz: 832197c0251d27bf060a4ac774126117eca42fc11615e1078edbf4db84109a24125e6ab2417cba393223a87632701deea876a90e0e1cf5d9a8d7c7b324a40dc8

data/.github/workflows/ci.yml

@@ -15,9 +15,9 @@ jobs:
       matrix:
         ruby-version: ['3.2', '3.3', '3.4']
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@eaecf785f6a34567a6d97f686bbb7bccc1ac1e5c # v1.237.0
         with:
           ruby-version: ${{ matrix.ruby-version }}
       - name: Install dependencies

data/.ruby-version

@@ -1 +1 @@
-3.3.6
+3.4.3

data/README.md

@@ -11,7 +11,7 @@
 - https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22
 
 
-## Initial Setup
+## Installation
 
 The gem is available at [rubygems.org](https://rubygems.org/gems/echspec). You can install it the following:
 
@@ -44,12 +44,20 @@ TLS Encrypted Client Hello Server
         ✔ MUST abort with an "illegal_parameter" alert, if "encrypted_client_hello" is referenced in OuterExtensions. [5.1-10]
         ✔ MUST abort with an "illegal_parameter" alert, if the extensions in ClientHelloOuter corresponding to those in OuterExtensions do not occur in the same order. [5.1-10]
         ✔ MUST abort with an "illegal_parameter" alert, if ECHClientHello.type is not a valid ECHClientHelloType in ClientHelloInner. [7-5]
-        ✔ MUST abort with an "illegal_parameter" alert, if ECHClientHello.type is not a valid ECHClientHelloType in ClientHelloOuter. [7-5]
+        x MUST abort with an "illegal_parameter" alert, if ECHClientHello.type is not a valid ECHClientHelloType in ClientHelloOuter. [7-5]
         ✔ MUST abort with an "illegal_parameter" alert, if ClientHelloInner offers TLS 1.2 or below. [7.1-11]
         ✔ MUST include the "encrypted_client_hello" extension in its EncryptedExtensions with the "retry_configs" field set to one or more ECHConfig. [7.1-14.2.1]
         ✔ MUST abort with a "missing_extension" alert, if 2nd ClientHelloOuter does not contains the "encrypted_client_hello" extension. [7.1.1-2]
         ✔ MUST abort with an "illegal_parameter" alert, if 2nd ClientHelloOuter "encrypted_client_hello" enc is empty. [7.1.1-2]
         ✔ MUST abort with a "decrypt_error" alert, if fails to decrypt 2nd ClientHelloOuter. [7.1.1-5]
+
+Failures:
+
+        1) MUST abort with an "illegal_parameter" alert, if ECHClientHello.type is not a valid ECHClientHelloType in ClientHelloOuter. [7-5]
+                https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22#section-7-5
+                did not send expected alert: illegal_parameter
+
+1 failure
 ```
 
 By default, `echspec` retrieves ECHConfigs via HTTPS records. By using the `-f, --file FILE` option, you can specify an ECHConfig pem file. If you need to test the server on localhost, you can run it the following:

data/echspec.gemspec

@@ -22,5 +22,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler'
   spec.add_dependency             'base64'
   spec.add_dependency             'resolv', '> 0.4.0'
-  spec.add_dependency             'tttls1.3', '~> 0.3.4'
+  spec.add_dependency             'tttls1.3', '~> 0.3.5'
 end

data/lib/echspec/log.rb

@@ -34,12 +34,16 @@ module EchSpec
           'EncryptedExtensions'
         in TTTLS13::Message::Certificate
           'Certificate'
+        in TTTLS13::Message::CompressedCertificate
+          'CompressedCertificate'
         in TTTLS13::Message::CertificateVerify
           'CertificateVerify'
         in TTTLS13::Message::Finished
           'Finished'
         in TTTLS13::Message::EndOfEarlyData
           'EndOfEarlyData'
+        in TTTLS13::Message::NewSessionTicket
+          'NewSessionTicket'
         in TTTLS13::Message::Alert
           'Alert'
         end

data/lib/echspec/spec/5.1-10.rb

@@ -130,7 +130,7 @@ module EchSpec
       end
 
       class MissingReferencedExtensions < TTTLS13::Message::Extensions
-        # @param _ [Array of TTTLS13::Message::ExtensionType]
+        # @param _ [Array<TTTLS13::Message::ExtensionType>]
         #
         # @return [TTTLS13::Message::Extensions] for EncodedClientHelloInner
         def remove_and_replace!(_)
@@ -150,7 +150,7 @@ module EchSpec
       end
 
       class DuplicatedOuterExtensions < TTTLS13::Message::Extensions
-        # @param _ [Array of TTTLS13::Message::ExtensionType]
+        # @param _ [Array<TTTLS13::Message::ExtensionType>]
         #
         # @return [TTTLS13::Message::Extensions] for EncodedClientHelloInner
         def remove_and_replace!(_)
@@ -172,7 +172,7 @@ module EchSpec
       end
 
       class ReferencedEncryptedClientHello < TTTLS13::Message::Extensions
-        # @param _ [Array of TTTLS13::Message::ExtensionType]
+        # @param _ [Array<TTTLS13::Message::ExtensionType>]
         #
         # @return [TTTLS13::Message::Extensions] for EncodedClientHelloInner
         def remove_and_replace!(_)
@@ -194,7 +194,7 @@ module EchSpec
       end
 
       class NotSameOrderExtensions < TTTLS13::Message::Extensions
-        # @param _ [Array of TTTLS13::Message::ExtensionType]
+        # @param _ [Array<TTTLS13::Message::ExtensionType>]
         #
         # @return [TTTLS13::Message::Extensions] for EncodedClientHelloInner
         def remove_and_replace!(_)

data/lib/echspec/spec/7.1-14.2.1.rb

@@ -60,7 +60,7 @@ module EchSpec
         # send ClientHello
         conn = TLS13Client::Connection.new(socket, :client)
         inner_ech = TTTLS13::Message::Extension::ECHClientHello.new_inner
-        exs, priv_keys = TLS13Client.gen_ch_extensions(hostname)
+        exs, shared_secret = TLS13Client.gen_ch_extensions(hostname)
         inner = TTTLS13::Message::ClientHello.new(
           cipher_suites: TTTLS13::CipherSuites.new(
             [
@@ -98,14 +98,9 @@ module EchSpec
         transcript[TTTLS13::SH] = [sh, sh.serialize]
         kse = sh.extensions[TTTLS13::Message::ExtensionType::KEY_SHARE]
                 .key_share_entry.first
-        shared_secret = TTTLS13::Endpoint.gen_shared_secret(
-          kse.key_exchange,
-          priv_keys[kse.group],
-          kse.group
-        )
         key_schedule = TTTLS13::KeySchedule.new(
           psk: nil,
-          shared_secret:,
+          shared_secret: shared_secret.build(kse.group, kse.key_exchange),
           cipher_suite: sh.cipher_suite,
           transcript:
         )

data/lib/echspec/spec/9.rb

@@ -41,9 +41,9 @@ module EchSpec
           end
         end
 
-        # @param ech_configs [Array of ECHConfig]
+        # @param ech_configs [Array<ECHConfig>]
         #
-        # @return [EchSpec::Ok<ECHConfig> | Err]
+        # @return [EchSpec::Ok | Err]
         def validate_compliant_ech_configs(ech_configs)
           ech_config = ech_configs.find do |c|
             kconfig = c.echconfig_contents.key_config
@@ -61,7 +61,7 @@ module EchSpec
 
         # @param hostname [String]
         #
-        # @return [EchSpec::Ok<Array of ECHConfig> | Err]
+        # @return [EchSpec::Ok<Array<ECHConfig>> | Err]
         def resolve_ech_configs(hostname)
           begin
             rr = Resolv::DNS.new.getresource(
@@ -85,7 +85,7 @@ module EchSpec
 
         # @param pem [String]
         #
-        # @return [EchSpec::Ok<Array of ECHConfig> | Err]
+        # @return [EchSpec::Ok<Array<ECHConfig>> | Err]
         def parse_pem(pem)
           s = pem.scan(/-----BEGIN ECHCONFIG-----(.*)-----END ECHCONFIG-----/m)
                  .first

data/lib/echspec/spec.rb

@@ -12,20 +12,20 @@ module EchSpec
           msg.description == TTTLS13::Message::ALERT_DESCRIPTION[desc]
       end
 
-      ResultDesc = Struct.new(:result, :desc)
+      ResultDescURL = Struct.new(:result, :desc, :url)
 
-      # @param rds [Array of ResultDesc] result: EchSpec::Ok | Err, desc: String
+      # @param rds [Array<ResultDescURL>] result: EchSpec::Ok | Err, desc: String
       # @param verbose [Boolean]
-      def print_results(rds, verbose)
-        rds.each { |rd| print_summary(rd.result, rd.desc) }
-        failures = rds.filter { |rd| rd.result.is_a? Err }
+      def print_results(rdus, verbose)
+        rdus.each { |rdu| print_summary(rdu.result, rdu.desc) }
+        failures = rdus.filter { |rdu| rdu.result.is_a? Err }
         return if failures.empty?
 
         puts
         puts 'Failures:'
         puts
         failures.each
-                .with_index { |rd, idx| print_err_details(rd.result, idx, rd.desc, verbose) }
+                .with_index { |rdu, idx| print_err_details(rdu.result, rdu.url, idx, rdu.desc, verbose) }
         puts "#{failures.length} failure".red
       end
 
@@ -36,20 +36,22 @@ module EchSpec
         cross = "\u0078"
         summary = case result
                   in Ok
-                    "\t#{check} #{desc}".green
+                    "#{check} #{desc}".green.indent
                   in Err
-                    "\t#{cross} #{desc}".red
+                    "#{cross} #{desc}".red.indent
                   end
         puts summary
       end
 
       # @param err [EchSpec::Err]
+      # @param url [String]
       # @param idx [Integer]
       # @param desc [String]
       # @param verbose [Boolean]
-      def print_err_details(err, idx, desc, verbose)
-        puts "\t#{idx + 1}) #{desc}"
-        puts "\t\t#{err.details}"
+      def print_err_details(err, url, idx, desc, verbose)
+        puts "#{idx + 1}) #{desc}".indent
+        puts url.indent.indent
+        puts err.details.indent.indent
         warn err.message_stack if verbose && !err.message_stack.nil?
         puts
       end
@@ -103,7 +105,7 @@ module EchSpec
       # @param fpath [String | NilClass]
       # @param port [Integer]
       # @param hostname [String]
-      # @param sections [Array of String]
+      # @param sections [Array<String>]
       # @param verbose [Boolean]
       def run_only(fpath, port, hostname, sections, verbose)
         targets = spec_groups.filter { |g| sections.include?(g.section) }
@@ -119,18 +121,34 @@ module EchSpec
       # @param port [Integer]
       # @param hostname [String]
       # @param ech_config [ECHConfig]
-      # @param targets [Array of EchSpec::SpecGroup]
+      # @param targets [Array<EchSpec::SpecGroup>]
       # @param verbose [Boolean]
       def do_run(port, hostname, ech_config, targets, verbose)
-        rds = targets.flat_map do |g|
+        rdus = targets.flat_map do |g|
           g.spec_cases.map do |sc|
-            r = sc.method.call(hostname, port, ech_config)
-            d = "#{sc.description} [#{g.section}]"
-            ResultDesc.new(result: r, desc: d)
+            result = sc.method.call(hostname, port, ech_config)
+            desc = desc(sc.description, g.section)
+            url = url(g.section)
+            ResultDescURL.new(result:, desc:, url:)
           end
         end
 
-        print_results(rds, verbose)
+        print_results(rdus, verbose)
+      end
+
+      # @param description [String]
+      # @param section [String]
+      #
+      # @return [String]
+      def desc(description, section)
+        "#{description} [#{section}]"
+      end
+
+      # @param section [String]
+      #
+      # @return [String]
+      def url(section)
+        "https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22#section-#{section}"
       end
 
       # @param fpath [String | NilClass]
@@ -140,14 +158,18 @@ module EchSpec
       # @return [ECHConfig]
       def try_get_ech_config(fpath, hostname, force_compliant)
         # https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22#section-9
-        case result = Spec9.try_get_ech_config(fpath, hostname, force_compliant)
-        in Ok(obj) if force_compliant
-          result.tap { |r| print_summary(r, "#{Spec9.description} [#{Spec9.section}]") }
-          obj
-        in Ok(obj)
-          obj
+        result = Spec9.try_get_ech_config(fpath, hostname, force_compliant)
+        desc = desc(Spec9.description, Spec9.section)
+        url = url(Spec9.section)
+
+        case result
+        in Ok(ech_config) if force_compliant
+          print_summary(result, desc)
+          ech_config
+        in Ok(ech_config)
+          ech_config
         in Err(details, _)
-          puts "\t#{details}".red
+          print_results([ResultDescURL.new(result:, desc:, url:)], true)
           exit 1
         end
       end

data/lib/echspec/tls13_client.rb

@@ -66,12 +66,12 @@ module EchSpec
         exs << TTTLS13::Message::Extension::SupportedGroups.new(groups)
 
         # key_share
-        key_share, priv_keys = TTTLS13::Message::Extension::KeyShare.gen_ch_key_share(
+        key_share, shared_secret = TTTLS13::Message::Extension::KeyShare.gen_ch_key_share(
           groups
         )
         exs << key_share
 
-        [exs, priv_keys]
+        [exs, shared_secret]
       end
 
       # @param ch1 [TTTLS13::Message::ClientHello]

data/lib/echspec/utils.rb

@@ -1,6 +1,10 @@
 module EchSpec
   module Refinements
     refine String do
+      def indent
+        "\t#{self}"
+      end
+
       def colorize(code)
         "\e[#{code}m#{self}\e[0m"
       end

data/lib/echspec/version.rb

@@ -1,3 +1,3 @@
 module EchSpec
-  VERSION = '0.0.1'.freeze
+  VERSION = '0.0.2'.freeze
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: echspec
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - thekuwayama
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-01-12 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -58,14 +57,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.4
+        version: 0.3.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.4
+        version: 0.3.5
 description: A conformance testing tool for ECH implementation
 email:
 - thekuwayama@gmail.com
@@ -115,7 +114,6 @@ homepage: https://github.com/thekuwayama/echspec
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -130,8 +128,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: A conformance testing tool for ECH implementation
 test_files: