tttls1.3 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 50df67e1d621da0a19746a7461c07da05856348bdc6eed93048b25e18464d37f
+  data.tar.gz: c9c1b0ae4663816ae8f01695a413674bed8983b059f97717671d41b42e5f1def
+SHA512:
+  metadata.gz: 2e8e5ac87b46489f8e10a9f95a46eb98815bb63aa0d03068cdea0b0f883d9cf77e6b40ffdcc9ad592191b6b6c1ca3788ddfafb21bbef70cd45d547fb50b94bc4
+  data.tar.gz: 553144700d2e68044e8bb6160e100bea9a1e44f46b970cc0cd1200cf0861ea8a05d29d3622e1d73e7928f92a310a9a40bbea057a3a03f3463558302abeff7d34

data/.gitignore

@@ -0,0 +1,16 @@
+*.gem
+*.rbc
+Gemfile.lock
+.config
+.rvmrc
+/.bundle/
+/vendor/
+/lib/bundler/man/
+/pkg/
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+/coverage/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,3 @@
+autotest
+--color
+--format documentation

data/.rubocop.yml

@@ -0,0 +1,16 @@
+AllCops:
+  TargetRubyVersion: 2.6
+
+Style/Documentation:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 30
+
+Metrics/MethodLength:
+  Max: 30
+
+Metrics/BlockLength:
+  Exclude:
+    - 'Rakefile'
+    - 'spec/*.rb'

data/.travis.yml

@@ -0,0 +1,8 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.6.1
+before_install: 
+  - gem install bundler -v 2.0.1
+  - bundle install
+script: bundle exec rake

data/Gemfile

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gem 'openssl'
+gem 'rake'
+
+group :test do
+  gem 'pry'
+  gem 'pry-byebug'
+  gem 'rspec', '3.8.0'
+  gem 'rubocop', '0.67.2'
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Tomoya Kuwayama
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,52 @@
+# tttls1.3
+
+[![Build Status](https://travis-ci.org/thekuwayama/tttls1.3.svg?branch=master)](https://travis-ci.org/thekuwayama/tttls1.3) [![Maintainability](https://api.codeclimate.com/v1/badges/47f3c267d9cfd2c8e388/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
+
+tttls1.3 is Ruby implementation of [TLS 1.3](https://tools.ietf.org/html/rfc8446) protocol.
+tttls1.3 uses [openssl](https://github.com/ruby/openssl) as backend for crypto and X.509 operations.
+
+It is the purpose of this project to understand the TLS 1.3 protocol and implement the TLS 1.3 protocol using Ruby.
+Backward compatibility and performance are not an objective.
+This gem should not be used for production software.
+
+
+## Features
+
+tttls1.3 provides client API with the following features:
+
+* Simple 1-RTT Handshake
+* HelloRetryRequest
+* Resumed 0-RTT Handshake (with PSK from ticket)
+
+NOT supports X25519, X448, FFDHE, AES-CCM, Client Authentication, Post-Handshake Authentication, KeyUpdate, external PSKs.
+
+
+## Getting started
+
+tttls1.3 gem is available at [rubygems.org](https://rubygems.org/gems/tttls1.3). You can install with:
+
+```
+$ gem install tttls1.3
+```
+
+This implementation provides only minimal API, so your code is responsible for application layer.
+Roughly, this works as follows:
+
+```
+require 'tttls1.3'
+
+socket = YourTransport.new
+client = TTTLS13::Client.new(socket, YOUR_HOSTNAME)
+client.connect
+
+client.write(YOUR_MESSAGE)
+client.read
+client.close
+```
+
+HTTPS examples are [here](https://github.com/thekuwayama/tttls1.3/tree/master/example).
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rubocop/rake_task'
+require 'rspec/core/rake_task'
+require 'openssl'
+require 'fileutils'
+
+RuboCop::RakeTask.new
+
+TMP_DIR    = __dir__ + '/tmp'
+CA_KEY     = TMP_DIR + '/ca.key'
+CA_CRT     = TMP_DIR + '/ca.crt'
+SERVER_KEY = TMP_DIR + '/server.key'
+SERVER_CRT = TMP_DIR + '/server.crt'
+certs = [CA_KEY, CA_CRT, SERVER_KEY, SERVER_CRT]
+
+directory TMP_DIR
+
+file CA_KEY => TMP_DIR do
+  puts "generate #{CA_KEY}..."
+  ca_key = OpenSSL::PKey::RSA.generate(4096)
+  File.write(CA_KEY, ca_key.to_pem)
+end
+
+file CA_CRT => [TMP_DIR, CA_KEY] do
+  ca_key = OpenSSL::PKey::RSA.new(File.read(CA_KEY))
+
+  puts "generate #{CA_CRT}..."
+  issu = sub = OpenSSL::X509::Name.new
+  sub.add_entry('CN', 'test-ca')
+
+  ca_crt = OpenSSL::X509::Certificate.new
+  ca_crt.not_before = Time.now
+  ca_crt.not_after = Time.now + (60 * 60 * 24 * 365 * 10)
+  ca_crt.public_key = ca_key.public_key
+  ca_crt.serial = 1
+  ca_crt.version = 2
+  ca_crt.issuer = issu
+  ca_crt.subject = sub
+
+  factory = OpenSSL::X509::ExtensionFactory.new
+  factory.subject_certificate = ca_crt
+  factory.issuer_certificate = ca_crt
+  ca_crt.add_extension(
+    factory.create_extension(
+      'keyUsage',
+      'critical, cRLSign, keyCertSign'
+    )
+  )
+  ca_crt.add_extension(
+    factory.create_extension(
+      'basicConstraints',
+      'critical, CA:true'
+    )
+  )
+  ca_crt.add_extension(
+    factory.create_extension(
+      'subjectKeyIdentifier',
+      'hash'
+    )
+  )
+
+  digest = OpenSSL::Digest::SHA256.new
+  ca_crt.sign(ca_key, digest)
+  File.write(CA_CRT, ca_crt.to_pem)
+end
+
+file SERVER_KEY => TMP_DIR do
+  puts "generate #{SERVER_KEY}..."
+  server_key = OpenSSL::PKey::RSA.generate(2048)
+  File.write(SERVER_KEY, server_key.to_pem)
+end
+
+file SERVER_CRT => [TMP_DIR, CA_CRT, SERVER_KEY] do
+  ca_key = OpenSSL::PKey::RSA.new(File.read(CA_KEY))
+  ca_crt = OpenSSL::X509::Certificate.new(File.read(CA_CRT))
+  server_key = OpenSSL::PKey::RSA.new(File.read(SERVER_KEY))
+
+  puts "generate #{SERVER_CRT}..."
+  sub = OpenSSL::X509::Name.new
+  sub.add_entry('CN', 'localhost')
+
+  server_crt = OpenSSL::X509::Certificate.new
+  server_crt.not_before = Time.now
+  server_crt.not_after = Time.now + (60 * 60 * 24 * 365)
+  server_crt.public_key = server_key.public_key
+  server_crt.serial = 2
+  server_crt.version = 2
+  server_crt.issuer = ca_crt.issuer
+  server_crt.subject = sub
+
+  factory = OpenSSL::X509::ExtensionFactory.new
+  factory.subject_certificate = server_crt
+  factory.issuer_certificate = ca_crt
+  server_crt.add_extension(
+    factory.create_extension(
+      'basicConstraints',
+      'CA:FALSE'
+    )
+  )
+  server_crt.add_extension(
+    factory.create_extension(
+      'keyUsage',
+      'digitalSignature, keyEncipherment'
+    )
+  )
+  server_crt.add_extension(
+    factory.create_extension(
+      'subjectAltName',
+      'DNS:localhost'
+    )
+  )
+
+  digest = OpenSSL::Digest::SHA256.new
+  server_crt.sign(ca_key, digest)
+  File.write(SERVER_CRT, server_crt.to_pem)
+end
+
+desc 'generate ' + certs.map { |path| File.basename(path) }.join(', ')
+task gen_certs: certs
+
+desc 'delete ' + certs.map { |path| File.basename(path) }.join(', ')
+task :del_certs do
+  certs.each do |path|
+    puts "delete #{path}..."
+    FileUtils.rm(path, force: true)
+  end
+end
+
+RSpec::Core::RakeTask.new(spec: :gen_certs)
+
+task default: %i[rubocop spec]

data/example/helper.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+$LOAD_PATH << __dir__ + '/../lib'
+
+require 'socket'
+require 'openssl'
+require 'tttls1.3'
+
+def http_get(hostname)
+  <<~BIN
+    GET / HTTP/1.1\r
+    Host: #{hostname}\r
+    User-Agent: https_client\r
+    Accept: */*\r
+    \r
+  BIN
+end

data/example/https_client.rb

@@ -0,0 +1,32 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require_relative 'helper'
+
+hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+http_get = http_get(hostname)
+
+socket = TCPSocket.new(hostname, port)
+settings = { ca_file: __dir__ + '/../tmp/ca.crt' }
+client = TTTLS13::Client.new(socket, hostname, settings)
+client.connect
+client.write(http_get)
+
+# status line, header
+buffer = ''
+buffer += client.read until buffer.include?("\r\n\r\n")
+print header = buffer.split("\r\n\r\n").first
+# header; Content-Length
+cl_line = header.split("\r\n").find { |s| s.match(/Content-Length:/i) }
+
+# body
+unless cl_line.nil?
+  cl = cl_line.split(':').last.to_i
+  print buffer = buffer.split("\r\n\r\n")[1..].join
+  while buffer.length < cl
+    print s = client.read
+    buffer += s
+  end
+end
+
+client.close

data/example/https_client_using_0rtt.rb

@@ -0,0 +1,64 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require_relative 'helper'
+
+hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+http_get = http_get(hostname)
+
+settings_2nd = {
+  ca_file: __dir__ + '/../tmp/ca.crt'
+}
+process_new_session_ticket = proc do |nst, rms, cs|
+  return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
+
+  settings_2nd[:ticket] = nst.ticket
+  settings_2nd[:resumption_master_secret] = rms
+  settings_2nd[:psk_cipher_suite] = cs
+  settings_2nd[:ticket_nonce] = nst.ticket_nonce
+  settings_2nd[:ticket_age_add] = nst.ticket_age_add
+  settings_2nd[:ticket_timestamp] = nst.timestamp
+end
+settings_1st = {
+  ca_file: __dir__ + '/../tmp/ca.crt',
+  process_new_session_ticket: process_new_session_ticket
+}
+accepted_early_data = false
+[
+  # Initial Handshake:
+  settings_1st,
+  # Subsequent Handshake:
+  settings_2nd
+].each_with_index do |settings, i|
+  socket = TCPSocket.new(hostname, port)
+  client = TTTLS13::Client.new(socket, hostname, settings)
+
+  # send message using early data; 0-RTT
+  client.early_data(http_get) if i == 1 && settings.include?(:ticket)
+  client.connect
+  # send message after Simple 1-RTT Handshake
+  client.write(http_get) if i.zero? || !client.accepted_early_data?
+
+  # status line, header
+  buffer = ''
+  buffer += client.read until buffer.include?("\r\n\r\n")
+  print header = buffer.split("\r\n\r\n").first
+  # header; Content-Length
+  cl_line = header.split("\r\n").find { |s| s.match(/Content-Length:/i) }
+
+  # body
+  unless cl_line.nil?
+    cl = cl_line.split(':').last.to_i
+    print buffer = buffer.split("\r\n\r\n")[1..].join
+    while buffer.length < cl
+      print s = client.read
+      buffer += s
+    end
+  end
+
+  client.close
+  accepted_early_data = client.accepted_early_data?
+end
+
+puts "\n" + '-' * 10
+puts "early data of 2nd handshake: #{accepted_early_data}"

data/example/https_client_using_hrr.rb

@@ -0,0 +1,35 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require_relative 'helper'
+
+hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+http_get = http_get(hostname)
+
+socket = TCPSocket.new(hostname, port)
+settings = {
+  ca_file: __dir__ + '/../tmp/ca.crt',
+  key_share_groups: [] # empty KeyShareClientHello.client_shares
+}
+client = TTTLS13::Client.new(socket, hostname, settings)
+client.connect
+client.write(http_get)
+
+# status line, header
+buffer = ''
+buffer += client.read until buffer.include?("\r\n\r\n")
+print header = buffer.split("\r\n\r\n").first
+# header; Content-Length
+cl_line = header.split("\r\n").find { |s| s.match(/Content-Length:/i) }
+
+# body
+unless cl_line.nil?
+  cl = cl_line.split(':').last.to_i
+  print buffer = buffer.split("\r\n\r\n")[1..].join
+  while buffer.length < cl
+    print s = client.read
+    buffer += s
+  end
+end
+
+client.close

data/example/https_client_using_ticket.rb

@@ -0,0 +1,56 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require_relative 'helper'
+
+hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+http_get = http_get(hostname)
+
+settings_2nd = {
+  ca_file: __dir__ + '/../tmp/ca.crt'
+}
+process_new_session_ticket = proc do |nst, rms, cs|
+  return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
+
+  settings_2nd[:ticket] = nst.ticket
+  settings_2nd[:resumption_master_secret] = rms
+  settings_2nd[:psk_cipher_suite] = cs
+  settings_2nd[:ticket_nonce] = nst.ticket_nonce
+  settings_2nd[:ticket_age_add] = nst.ticket_age_add
+  settings_2nd[:ticket_timestamp] = nst.timestamp
+end
+settings_1st = {
+  ca_file: __dir__ + '/../tmp/ca.crt',
+  process_new_session_ticket: process_new_session_ticket
+}
+
+[
+  # Initial Handshake:
+  settings_1st,
+  # Subsequent Handshake:
+  settings_2nd
+].each do |settings|
+  socket = TCPSocket.new(hostname, port)
+  client = TTTLS13::Client.new(socket, hostname, settings)
+  client.connect
+  client.write(http_get)
+
+  # status line, header
+  buffer = ''
+  buffer += client.read until buffer.include?("\r\n\r\n")
+  print header = buffer.split("\r\n\r\n").first
+  # header; Content-Length
+  cl_line = header.split("\r\n").find { |s| s.match(/Content-Length:/i) }
+
+  # body
+  unless cl_line.nil?
+    cl = cl_line.split(':').last.to_i
+    print buffer = buffer.split("\r\n\r\n")[1..].join
+    while buffer.length < cl
+      print s = client.read
+      buffer += s
+    end
+  end
+
+  client.close
+end

data/lib/tttls1.3/cipher_suites.rb

@@ -0,0 +1,102 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module CipherSuite
+    TLS_AES_128_GCM_SHA256       = "\x13\x01"
+    TLS_AES_256_GCM_SHA384       = "\x13\x02"
+    TLS_CHACHA20_POLY1305_SHA256 = "\x13\x03"
+    # TLS_AES_128_CCM_SHA256       = "\x13\x04" # UNSUPPORTED
+    # TLS_AES_128_CCM_8_SHA256     = "\x13\x05" # UNSUPPORTED
+
+    class << self
+      def digest(cipher_suite)
+        case cipher_suite
+        when TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256
+          # , TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256
+          'SHA256'
+        when TLS_AES_256_GCM_SHA384
+          'SHA384'
+        else
+          raise Error::ErrorAlerts, :internal_error
+        end
+      end
+
+      def hash_len(cipher_suite)
+        case cipher_suite
+        when TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256
+          # , TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256
+          32
+        when TLS_AES_256_GCM_SHA384
+          48
+        else
+          raise Error::ErrorAlerts, :internal_error
+        end
+      end
+
+      def key_len(cipher_suite)
+        case cipher_suite
+        when TLS_AES_128_GCM_SHA256
+          # , TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256
+          16
+        when TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256
+          32
+        else
+          raise Error::ErrorAlerts, :internal_error
+        end
+      end
+
+      def iv_len(cipher_suite)
+        case cipher_suite
+        when TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
+             TLS_CHACHA20_POLY1305_SHA256
+          # , TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256
+          12
+        else
+          raise Error::ErrorAlerts, :internal_error
+        end
+      end
+    end
+  end
+
+  class CipherSuites < Array
+    # @param cipher_suites [Array of CipherSuite]
+    #
+    # @example
+    #   CipherSuites.new([
+    #     CipherSuite::TLS_AES_256_GCM_SHA384,
+    #     CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
+    #     CipherSuite::TLS_AES_128_GCM_SHA256
+    #   ])
+    def initialize(cipher_suites)
+      super(cipher_suites)
+    end
+
+    # @return [String]
+    def serialize
+      join.prefix_uint16_length
+    end
+
+    # @param binary [String]
+    #
+    # @raise [TTTLS13::Error::ErrorAlerts]
+    #
+    # @return [TTTLS13::CipherSuites]
+    def self.deserialize(binary)
+      raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+      cipher_suites = []
+      i = 0
+      while i < binary.length
+        raise Error::ErrorAlerts, :decode_error if i + 2 > binary.length
+
+        cipher_suites << binary.slice(i, 2)
+        i += 2
+      end
+      raise Error::ErrorAlerts, :decode_error unless i == binary.length
+
+      CipherSuites.new(cipher_suites)
+    end
+  end
+end