tttls1.3 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -1
- data/interop/Dockerfile +28 -0
- data/interop/client_spec.rb +88 -0
- data/interop/helper.rb +16 -0
- data/lib/tttls1.3/connection.rb +11 -9
- data/lib/tttls1.3/version.rb +1 -1
- data/spec/aead_spec.rb +1 -1
- data/spec/alert_spec.rb +1 -1
- data/spec/alpn_spec.rb +1 -1
- data/spec/application_data_spec.rb +1 -1
- data/spec/certificate_spec.rb +1 -1
- data/spec/certificate_verify_spec.rb +1 -1
- data/spec/change_cipher_spec_spec.rb +1 -1
- data/spec/cipher_suites_spec.rb +1 -1
- data/spec/client_hello_spec.rb +1 -1
- data/spec/client_spec.rb +1 -1
- data/spec/connection_spec.rb +1 -1
- data/spec/cookie_spec.rb +1 -1
- data/spec/early_data_indication_spec.rb +1 -1
- data/spec/encrypted_extensions_spec.rb +1 -1
- data/spec/error_spec.rb +1 -1
- data/spec/extensions_spec.rb +1 -1
- data/spec/finished_spec.rb +1 -1
- data/spec/key_schedule_spec.rb +1 -1
- data/spec/key_share_spec.rb +1 -1
- data/spec/new_session_ticket_spec.rb +1 -1
- data/spec/pre_shared_key_spec.rb +1 -1
- data/spec/psk_key_exchange_modes_spec.rb +1 -1
- data/spec/record_size_limit_spec.rb +1 -1
- data/spec/record_spec.rb +1 -1
- data/spec/server_hello_spec.rb +1 -1
- data/spec/server_name_spec.rb +1 -1
- data/spec/signature_algorithms_cert_spec.rb +1 -1
- data/spec/signature_algorithms_spec.rb +1 -1
- data/spec/status_request_spec.rb +1 -1
- data/spec/supported_groups_spec.rb +1 -1
- data/spec/supported_versions_spec.rb +1 -1
- data/spec/transcript_spec.rb +1 -1
- data/spec/unknown_extension_spec.rb +1 -1
- data/spec/utils_spec.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 600d070cd1e13d0480c362a9e1a38eee26890a55e744f87ba9f3204455aecfe1
|
|
4
|
+
data.tar.gz: 9f5cc406f36d3e746f430fbf6e0fcc6ce2b84f9eb30952cbd672b42475852b43
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '091354c4bdd832b8c705ad3c4349fd0de5a59b68e28bac1f8f82ca70a09b970bf7da0641bad24897aea683698da65bf2a5503b82d3faf7087037123ea33d5d6d'
|
|
7
|
+
data.tar.gz: e98c2774e0cc277a5cee70819aad60d25325de6c29d2328f400873dc8370b534452d9f07582afd0df015ae9be81e2529d9147358098bab75e9b521db7663840b
|
data/README.md
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# tttls1.3
|
|
2
2
|
|
|
3
|
-
[](https://badge.fury.io/rb/tttls1.3)
|
|
4
|
+
[](https://travis-ci.org/thekuwayama/tttls1.3)
|
|
5
|
+
[](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
|
|
4
6
|
|
|
5
7
|
tttls1.3 is Ruby implementation of [TLS 1.3](https://tools.ietf.org/html/rfc8446) protocol.
|
|
6
8
|
tttls1.3 uses [openssl](https://github.com/ruby/openssl) as backend for crypto and X.509 operations.
|
data/interop/Dockerfile
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
FROM ubuntu:18.04
|
|
2
|
+
|
|
3
|
+
ARG version="1.1.1b"
|
|
4
|
+
|
|
5
|
+
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
6
|
+
autoconf \
|
|
7
|
+
bison \
|
|
8
|
+
build-essential \
|
|
9
|
+
ca-certificates \
|
|
10
|
+
curl \
|
|
11
|
+
gzip \
|
|
12
|
+
libreadline-dev \
|
|
13
|
+
patch \
|
|
14
|
+
pkg-config \
|
|
15
|
+
sed \
|
|
16
|
+
zlib1g-dev
|
|
17
|
+
|
|
18
|
+
RUN mkdir -p /build/openssl
|
|
19
|
+
RUN curl -s https://www.openssl.org/source/openssl-${version}.tar.gz | tar -C /build/openssl -xzf - && \
|
|
20
|
+
cd /build/openssl/openssl-${version} && \
|
|
21
|
+
./Configure \
|
|
22
|
+
--prefix=/opt/openssl/openssl-${version} \
|
|
23
|
+
enable-crypto-mdebug enable-crypto-mdebug-backtrace \
|
|
24
|
+
linux-x86_64 && \
|
|
25
|
+
make && make install_sw
|
|
26
|
+
|
|
27
|
+
ENV LD_LIBRARY_PATH /opt/openssl/openssl-${version}/lib
|
|
28
|
+
ENV PATH /opt/openssl/openssl-${version}/bin:$PATH
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
# encoding: ascii-8bit
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require_relative 'helper'
|
|
5
|
+
|
|
6
|
+
TMP_DIR = __dir__ + '/../tmp'
|
|
7
|
+
|
|
8
|
+
# rubocop: disable Metrics/BlockLength
|
|
9
|
+
RSpec.describe Client do
|
|
10
|
+
# testcases
|
|
11
|
+
[
|
|
12
|
+
[
|
|
13
|
+
' -ciphersuites TLS_AES_256_GCM_SHA384',
|
|
14
|
+
cipher_suites: [CipherSuite::TLS_AES_256_GCM_SHA384]
|
|
15
|
+
],
|
|
16
|
+
[
|
|
17
|
+
' -ciphersuites TLS_CHACHA20_POLY1305_SHA256',
|
|
18
|
+
cipher_suites: [CipherSuite::TLS_CHACHA20_POLY1305_SHA256]
|
|
19
|
+
],
|
|
20
|
+
[
|
|
21
|
+
' -ciphersuites TLS_AES_128_GCM_SHA256',
|
|
22
|
+
cipher_suites: [CipherSuite::TLS_AES_128_GCM_SHA256]
|
|
23
|
+
],
|
|
24
|
+
[
|
|
25
|
+
' -groups P-256',
|
|
26
|
+
supported_groups: [NamedGroup::SECP256R1]
|
|
27
|
+
],
|
|
28
|
+
[
|
|
29
|
+
' -groups P-384',
|
|
30
|
+
supported_groups: [NamedGroup::SECP384R1]
|
|
31
|
+
],
|
|
32
|
+
[
|
|
33
|
+
' -groups P-521',
|
|
34
|
+
supported_groups: [NamedGroup::SECP521R1]
|
|
35
|
+
],
|
|
36
|
+
[
|
|
37
|
+
' -sigalgs RSA-PSS+SHA256',
|
|
38
|
+
signature_algorithms_cert: [SignatureScheme::RSA_PKCS1_SHA256],
|
|
39
|
+
signature_algorithms: [SignatureScheme::RSA_PSS_RSAE_SHA256]
|
|
40
|
+
],
|
|
41
|
+
[
|
|
42
|
+
' -sigalgs RSA-PSS+SHA384',
|
|
43
|
+
signature_algorithms_cert: [SignatureScheme::RSA_PKCS1_SHA256],
|
|
44
|
+
signature_algorithms: [SignatureScheme::RSA_PSS_RSAE_SHA384]
|
|
45
|
+
],
|
|
46
|
+
[
|
|
47
|
+
' -sigalgs RSA-PSS+SHA512',
|
|
48
|
+
signature_algorithms_cert: [SignatureScheme::RSA_PKCS1_SHA256],
|
|
49
|
+
signature_algorithms: [SignatureScheme::RSA_PSS_RSAE_SHA512]
|
|
50
|
+
]
|
|
51
|
+
].each do |opt, settings|
|
|
52
|
+
context 'client interop' do
|
|
53
|
+
before do
|
|
54
|
+
cmd = "docker run -v #{TMP_DIR}:/tmp -p 4433:4433 -it openssl " \
|
|
55
|
+
+ 'openssl s_server ' \
|
|
56
|
+
+ '-cert /tmp/server.crt ' \
|
|
57
|
+
+ '-key /tmp/server.key ' \
|
|
58
|
+
+ '-tls1_3 ' \
|
|
59
|
+
+ '-www ' \
|
|
60
|
+
+ opt
|
|
61
|
+
pid = spawn(cmd)
|
|
62
|
+
Process.detach(pid)
|
|
63
|
+
|
|
64
|
+
sleep(2) # waiting for openssl s_server
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
let(:client) do
|
|
68
|
+
hostname = 'localhost'
|
|
69
|
+
@socket = TCPSocket.new(hostname, 4433)
|
|
70
|
+
settings[:ca_file] = TMP_DIR + '/ca.crt'
|
|
71
|
+
Client.new(@socket, hostname, settings)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
after do
|
|
75
|
+
@socket.close
|
|
76
|
+
`docker ps -ql | xargs docker stop`
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
it "should connect with openssl s_server ...#{opt}" do
|
|
80
|
+
expect { client.connect }.to_not raise_error
|
|
81
|
+
expect { client.write("GET / HTTP/1.0\r\n\r\n") }.to_not raise_error
|
|
82
|
+
expect(client.read).to include "HTTP/1.0 200 ok\r\n"
|
|
83
|
+
expect { client.close }.to_not raise_error
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
# rubocop: enable Metrics/BlockLength
|
data/interop/helper.rb
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# encoding: ascii-8bit
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
RSpec.configure(&:disable_monkey_patching!)
|
|
5
|
+
|
|
6
|
+
# rubocop: disable Style/MixinUsage
|
|
7
|
+
require 'openssl'
|
|
8
|
+
require 'tttls1.3'
|
|
9
|
+
include TTTLS13
|
|
10
|
+
include TTTLS13::Error
|
|
11
|
+
include TTTLS13::CipherSuite
|
|
12
|
+
include TTTLS13::SignatureScheme
|
|
13
|
+
include TTTLS13::Cryptograph
|
|
14
|
+
include TTTLS13::Message
|
|
15
|
+
include TTTLS13::Message::Extension
|
|
16
|
+
# rubocop: enable Style/MixinUsage
|
data/lib/tttls1.3/connection.rb
CHANGED
|
@@ -235,27 +235,29 @@ module TTTLS13
|
|
|
235
235
|
content = "\x20" * 64 + context + "\x00" + hash
|
|
236
236
|
public_key = OpenSSL::X509::Certificate.new(certificate_pem).public_key
|
|
237
237
|
|
|
238
|
+
# RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether
|
|
239
|
+
# RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".
|
|
238
240
|
case signature_scheme
|
|
239
|
-
when SignatureScheme::
|
|
241
|
+
when SignatureScheme::RSA_PKCS1_SHA256,
|
|
242
|
+
SignatureScheme::RSA_PSS_RSAE_SHA256,
|
|
240
243
|
SignatureScheme::RSA_PSS_PSS_SHA256
|
|
241
244
|
public_key.verify_pss('SHA256', signature, content, salt_length: :auto,
|
|
242
245
|
mgf1_hash: 'SHA256')
|
|
243
|
-
when SignatureScheme::
|
|
246
|
+
when SignatureScheme::RSA_PKCS1_SHA384,
|
|
247
|
+
SignatureScheme::RSA_PSS_RSAE_SHA384,
|
|
244
248
|
SignatureScheme::RSA_PSS_PSS_SHA384
|
|
245
249
|
public_key.verify_pss('SHA384', signature, content, salt_length: :auto,
|
|
246
250
|
mgf1_hash: 'SHA384')
|
|
247
|
-
when SignatureScheme::
|
|
251
|
+
when SignatureScheme::RSA_PKCS1_SHA512,
|
|
252
|
+
SignatureScheme::RSA_PSS_RSAE_SHA512,
|
|
248
253
|
SignatureScheme::RSA_PSS_PSS_SHA512
|
|
249
254
|
public_key.verify_pss('SHA512', signature, content, salt_length: :auto,
|
|
250
255
|
mgf1_hash: 'SHA512')
|
|
251
|
-
when SignatureScheme::
|
|
252
|
-
SignatureScheme::ECDSA_SECP256R1_SHA256
|
|
256
|
+
when SignatureScheme::ECDSA_SECP256R1_SHA256
|
|
253
257
|
public_key.verify('SHA256', signature, content)
|
|
254
|
-
when SignatureScheme::
|
|
255
|
-
SignatureScheme::ECDSA_SECP384R1_SHA384
|
|
258
|
+
when SignatureScheme::ECDSA_SECP384R1_SHA384
|
|
256
259
|
public_key.verify('SHA384', signature, content)
|
|
257
|
-
when SignatureScheme::
|
|
258
|
-
SignatureScheme::ECDSA_SECP521R1_SHA512
|
|
260
|
+
when SignatureScheme::ECDSA_SECP521R1_SHA512
|
|
259
261
|
public_key.verify('SHA512', signature, content)
|
|
260
262
|
else # TODO: ED25519, ED448
|
|
261
263
|
terminate(:internal_error)
|
data/lib/tttls1.3/version.rb
CHANGED
data/spec/aead_spec.rb
CHANGED
data/spec/alert_spec.rb
CHANGED
data/spec/alpn_spec.rb
CHANGED
data/spec/certificate_spec.rb
CHANGED
data/spec/cipher_suites_spec.rb
CHANGED
data/spec/client_hello_spec.rb
CHANGED
data/spec/client_spec.rb
CHANGED
data/spec/connection_spec.rb
CHANGED
data/spec/cookie_spec.rb
CHANGED
data/spec/error_spec.rb
CHANGED
data/spec/extensions_spec.rb
CHANGED
data/spec/finished_spec.rb
CHANGED
data/spec/key_schedule_spec.rb
CHANGED
data/spec/key_share_spec.rb
CHANGED
data/spec/pre_shared_key_spec.rb
CHANGED
data/spec/record_spec.rb
CHANGED
data/spec/server_hello_spec.rb
CHANGED
data/spec/server_name_spec.rb
CHANGED
data/spec/status_request_spec.rb
CHANGED
data/spec/transcript_spec.rb
CHANGED
data/spec/utils_spec.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tttls1.3
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- thekuwayama
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-04-
|
|
11
|
+
date: 2019-04-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -58,6 +58,9 @@ files:
|
|
|
58
58
|
- example/https_client_using_0rtt.rb
|
|
59
59
|
- example/https_client_using_hrr.rb
|
|
60
60
|
- example/https_client_using_ticket.rb
|
|
61
|
+
- interop/Dockerfile
|
|
62
|
+
- interop/client_spec.rb
|
|
63
|
+
- interop/helper.rb
|
|
61
64
|
- lib/tttls1.3.rb
|
|
62
65
|
- lib/tttls1.3/cipher_suites.rb
|
|
63
66
|
- lib/tttls1.3/client.rb
|