tttls1.3 0.1.0

data/spec/new_session_ticket_spec.rb

@@ -0,0 +1,80 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe NewSessionTicket do
+  context 'new_session_ticket' do
+    let(:ticket_lifetime) do
+      7200 # two_hours
+    end
+
+    let(:ticket_age_add) do
+      OpenSSL::Random.random_bytes(4)
+    end
+
+    let(:ticket_nonce) do
+      "\x00" * 255
+    end
+
+    let(:ticket) do
+      OpenSSL::Random.random_bytes(255)
+    end
+
+    let(:message) do
+      NewSessionTicket.new(ticket_lifetime: ticket_lifetime,
+                           ticket_age_add: ticket_age_add,
+                           ticket_nonce: ticket_nonce,
+                           ticket: ticket)
+    end
+
+    it 'should be generated' do
+      expect(message.msg_type).to eq HandshakeType::NEW_SESSION_TICKET
+      expect(message.ticket_lifetime).to eq ticket_lifetime
+      expect(message.ticket_age_add).to eq ticket_age_add
+      expect(message.ticket_nonce).to eq ticket_nonce
+      expect(message.ticket).to eq ticket
+      expect(message.extensions).to be_empty
+    end
+
+    it 'should be serialized' do
+      expect(message.serialize).to eq HandshakeType::NEW_SESSION_TICKET \
+                                      + 523.to_uint24 \
+                                      + ticket_lifetime.to_uint32 \
+                                      + ticket_age_add \
+                                      + ticket_nonce.prefix_uint8_length \
+                                      + ticket.prefix_uint16_length \
+                                      + Extensions.new.serialize
+    end
+  end
+
+  context 'new_session_ticket, invalid ticket_age_add,' do
+    let(:message) do
+      NewSessionTicket.new(ticket_lifetime: 60 * 60 * 2, # 2 hours
+                           ticket_age_add: OpenSSL::Random.random_bytes(32),
+                           ticket_nonce: "\x00" * 255,
+                           ticket: OpenSSL::Random.random_bytes(255))
+    end
+
+    it 'should not be generated' do
+      expect { message }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'valid new_session_ticket binary' do
+    let(:message) do
+      NewSessionTicket.deserialize(TESTBINARY_NEW_SESSION_TICKET)
+    end
+
+    it 'should generate object' do
+      expect(message.msg_type).to eq HandshakeType::NEW_SESSION_TICKET
+      expect(message.ticket_lifetime).to eq 30
+      expect(message.ticket_nonce).to eq "\x00\x00"
+    end
+
+    it 'should generate serializable object' do
+      expect(message.serialize).to eq TESTBINARY_NEW_SESSION_TICKET
+    end
+  end
+end

data/spec/pre_shared_key_spec.rb

@@ -0,0 +1,167 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe PreSharedKey do
+  context 'valid pre_shared_key of ClientHello' do
+    let(:identity) do
+      OpenSSL::Random.random_bytes(32)
+    end
+
+    let(:obfuscated_ticket_age) do
+      OpenSSL::BN.rand_range(1 << 32).to_i
+    end
+
+    let(:binders) do
+      [
+        OpenSSL::Random.random_bytes(32)
+      ]
+    end
+
+    let(:identities) do
+      [
+        PskIdentity.new(
+          identity: identity,
+          obfuscated_ticket_age: obfuscated_ticket_age
+        )
+      ]
+    end
+
+    let(:offered_psks) do
+      OfferedPsks.new(
+        identities: identities,
+        binders: binders
+      )
+    end
+
+    let(:extension) do
+      PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
+                       offered_psks: offered_psks)
+    end
+
+    it 'should be generated' do
+      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
+      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
+      expect(extension.offered_psks).to eq offered_psks
+      expect(extension.selected_identity).to be_nil
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::PRE_SHARED_KEY \
+                                        + 75.to_uint16 \
+                                        + 38.to_uint16 \
+                                        + 32.to_uint16 \
+                                        + identity \
+                                        + obfuscated_ticket_age.to_uint32 \
+                                        + 33.to_uint16 \
+                                        + "\x20" \
+                                        + binders.join
+    end
+  end
+
+  context 'valid pre_shared_key, ClientHello,' do
+    let(:identity_1) do
+      OpenSSL::Random.random_bytes(32)
+    end
+    let(:identity_2) do
+      OpenSSL::Random.random_bytes(32)
+    end
+
+    let(:obfuscated_ticket_age_1) do
+      OpenSSL::BN.rand_range(1 << 32).to_i
+    end
+    let(:obfuscated_ticket_age_2) do
+      OpenSSL::BN.rand_range(1 << 32).to_i
+    end
+
+    let(:binders) do
+      [
+        OpenSSL::Random.random_bytes(32),
+        OpenSSL::Random.random_bytes(32)
+      ]
+    end
+
+    let(:identities) do
+      [
+        PskIdentity.new(
+          identity: identity_1,
+          obfuscated_ticket_age: obfuscated_ticket_age_1
+        ),
+        PskIdentity.new(
+          identity: identity_2,
+          obfuscated_ticket_age: obfuscated_ticket_age_2
+        )
+      ]
+    end
+
+    let(:offered_psks) do
+      OfferedPsks.new(
+        identities: identities,
+        binders: binders
+      )
+    end
+
+    let(:extension) do
+      PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
+                       offered_psks: offered_psks)
+    end
+
+    it 'should be generated' do
+      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
+      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
+      expect(extension.offered_psks).to eq offered_psks
+      expect(extension.selected_identity).to be_nil
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::PRE_SHARED_KEY \
+                                        + 146.to_uint16 \
+                                        + 76.to_uint16 \
+                                        + identity_1.prefix_uint16_length \
+                                        + obfuscated_ticket_age_1.to_uint32 \
+                                        + identity_2.prefix_uint16_length \
+                                        + obfuscated_ticket_age_2.to_uint32 \
+                                        + 66.to_uint16 \
+                                        + binders[0].prefix_uint8_length \
+                                        + binders[1].prefix_uint8_length
+    end
+  end
+
+  context 'valid pre_shared_key binary, ClientHello,' do
+    let(:extension) do
+      PreSharedKey.deserialize(TESTBINARY_PRE_SHARED_KEY_CH,
+                               HandshakeType::CLIENT_HELLO)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
+      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
+    end
+
+    it 'should generate valid serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::PRE_SHARED_KEY \
+               + TESTBINARY_PRE_SHARED_KEY_CH.prefix_uint16_length
+    end
+  end
+
+  context 'valid pre_shared_key binary, ServerHello,' do
+    let(:extension) do
+      PreSharedKey.deserialize(TESTBINARY_PRE_SHARED_KEY_SH,
+                               HandshakeType::SERVER_HELLO)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.msg_type).to eq HandshakeType::SERVER_HELLO
+      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
+    end
+
+    it 'should generate valid serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::PRE_SHARED_KEY \
+               + TESTBINARY_PRE_SHARED_KEY_SH.prefix_uint16_length
+    end
+  end
+end

data/spec/psk_key_exchange_modes_spec.rb

@@ -0,0 +1,45 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe PskKeyExchangeModes do
+  context 'valid psk_key_exchange_modes' do
+    let(:extension) do
+      PskKeyExchangeModes.new([PskKeyExchangeMode::PSK_KE,
+                               PskKeyExchangeMode::PSK_DHE_KE])
+    end
+
+    it 'should generate valid psk_key_exchange_modes' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES
+      expect(extension.ke_modes).to eq [PskKeyExchangeMode::PSK_KE,
+                                        PskKeyExchangeMode::PSK_DHE_KE]
+      expect(extension.serialize)
+        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES \
+               + 3.to_uint16 \
+               + [PskKeyExchangeMode::PSK_KE,
+                  PskKeyExchangeMode::PSK_DHE_KE].join.prefix_uint8_length
+    end
+  end
+
+  context 'valid psk_key_exchange_modes binary' do
+    let(:extension) do
+      PskKeyExchangeModes.deserialize(TESTBINARY_PSK_KEY_EXCHANGE_MODES)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES
+      expect(extension.ke_modes).to eq [PskKeyExchangeMode::PSK_KE,
+                                        PskKeyExchangeMode::PSK_DHE_KE]
+    end
+
+    it 'should generate serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES \
+               + TESTBINARY_PSK_KEY_EXCHANGE_MODES.prefix_uint16_length
+    end
+  end
+end

data/spec/record_size_limit_spec.rb

@@ -0,0 +1,61 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe RecordSizeLimit do
+  context 'vailid record_size_limit' do
+    let(:extension) do
+      RecordSizeLimit.new(2**14)
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::RECORD_SIZE_LIMIT
+      expect(extension.record_size_limit).to eq 2**14
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::RECORD_SIZE_LIMIT \
+                                        + 2.to_uint16 \
+                                        + (2**14).to_uint16
+    end
+  end
+
+  context 'invalid record_size_limit' do
+    let(:extension) do
+      RecordSizeLimit.new(63)
+    end
+
+    it 'should not generated' do
+      expect { extension }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'valid record_size_limit binary' do
+    let(:extension) do
+      RecordSizeLimit.deserialize(TESTBINARY_RECORD_SIZE_LIMIT)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq ExtensionType::RECORD_SIZE_LIMIT
+      expect(extension.record_size_limit).to eq 2**14
+    end
+
+    it 'should generate serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::RECORD_SIZE_LIMIT \
+               + TESTBINARY_RECORD_SIZE_LIMIT.prefix_uint16_length
+    end
+  end
+
+  context 'invalid record_size_limit binary, too short record_size_limit,' do
+    let(:extension) do
+      RecordSizeLimit.deserialize(63.to_uint16)
+    end
+
+    it 'should not generate object' do
+      expect { extension }.to raise_error(ErrorAlerts)
+    end
+  end
+end

data/spec/record_spec.rb

@@ -0,0 +1,105 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe Record do
+  context 'valid record' do
+    let(:record) do
+      Record.new(
+        type: ContentType::CCS,
+        legacy_record_version: ProtocolVersion::TLS_1_2,
+        messages: [ChangeCipherSpec.new],
+        cipher: Passer.new
+      )
+    end
+
+    it 'should be generated' do
+      expect(record.type).to eq ContentType::CCS
+      expect(record.legacy_record_version).to eq ProtocolVersion::TLS_1_2
+    end
+
+    it 'should be serialized' do
+      expect(record.serialize).to eq ContentType::CCS \
+                                     + ProtocolVersion::TLS_1_2 \
+                                     + 1.to_uint16 \
+                                     + ChangeCipherSpec.new.serialize
+    end
+  end
+
+  context 'valid record binary' do
+    let(:record) do
+      Record.deserialize(TESTBINARY_RECORD_CCS, Passer.new)
+    end
+
+    it 'should generate valid record header and ChangeCipherSpec' do
+      expect(record.type).to eq ContentType::CCS
+      expect(record.legacy_record_version).to eq ProtocolVersion::TLS_1_2
+    end
+
+    it 'should generate valid serializable object' do
+      expect(record.serialize).to eq  ContentType::CCS \
+                                     + ProtocolVersion::TLS_1_2 \
+                                     + 1.to_uint16 \
+                                     + ChangeCipherSpec.new.serialize
+    end
+  end
+
+  context 'invalid record binary, too short,' do
+    let(:record) do
+      Record.deserialize(TESTBINARY_RECORD_CCS[0...-1],
+                         Passer.new)
+    end
+
+    it 'should not generate object' do
+      expect { record }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'invalid record binary, nil,' do
+    let(:record) do
+      Record.deserialize(nil, Passer.new)
+    end
+
+    it 'should not generate object' do
+      expect { record }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'server parameters record binary' do
+    let(:record) do
+      cipher = Cryptograph::Aead.new(
+        cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
+        write_key: TESTBINARY_SERVER_PARAMETERS_WRITE_KEY,
+        write_iv: TESTBINARY_SERVER_PARAMETERS_WRITE_IV,
+        sequence_number: SequenceNumber.new
+      )
+      Record.deserialize(TESTBINARY_SERVER_PARAMETERS_RECORD, cipher)
+    end
+
+    it 'should generate valid record header' do
+      expect(record.type).to eq ContentType::APPLICATION_DATA
+      expect(record.legacy_record_version).to eq ProtocolVersion::TLS_1_2
+    end
+
+    it 'should generate valid server parameters' do
+      expect(record.messages[0].msg_type)
+        .to eq HandshakeType::ENCRYPTED_EXTENSIONS
+      expect(record.messages[0].serialize)
+        .to eq TESTBINARY_ENCRYPTED_EXTENSIONS
+      expect(record.messages[1].msg_type)
+        .to eq HandshakeType::CERTIFICATE
+      expect(record.messages[1].serialize)
+        .to eq TESTBINARY_CERTIFICATE
+      expect(record.messages[2].msg_type)
+        .to eq HandshakeType::CERTIFICATE_VERIFY
+      expect(record.messages[2].serialize)
+        .to eq TESTBINARY_CERTIFICATE_VERIFY
+      expect(record.messages[3].msg_type)
+        .to eq HandshakeType::FINISHED
+      expect(record.messages[3].serialize)
+        .to eq TESTBINARY_SERVER_FINISHED
+    end
+  end
+end

data/spec/server_hello_spec.rb

@@ -0,0 +1,101 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe ServerHello do
+  context 'default server_hello' do
+    let(:random) do
+      OpenSSL::Random.random_bytes(32)
+    end
+
+    let(:legacy_session_id_echo) do
+      Array.new(32, 0).map(&:chr).join
+    end
+
+    let(:cipher_suite) do
+      CipherSuite::TLS_AES_256_GCM_SHA384
+    end
+
+    let(:message) do
+      ServerHello.new(random: random,
+                      legacy_session_id_echo: legacy_session_id_echo,
+                      cipher_suite: cipher_suite)
+    end
+
+    it 'should be generated' do
+      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
+      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
+      expect(message.random).to eq random
+      expect(message.legacy_session_id_echo).to eq legacy_session_id_echo
+      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_256_GCM_SHA384
+      expect(message.legacy_compression_method).to eq "\x00"
+      expect(message.extensions).to be_empty
+    end
+
+    it 'should be serialized' do
+      expect(message.serialize).to eq HandshakeType::SERVER_HELLO \
+                                      + 72.to_uint24 \
+                                      + ProtocolVersion::TLS_1_2 \
+                                      + random \
+                                      + legacy_session_id_echo.length.to_uint8 \
+                                      + legacy_session_id_echo \
+                                      + cipher_suite \
+                                      + "\x00" \
+                                      + Extensions.new.serialize
+    end
+  end
+
+  context 'valid server_hello binary' do
+    let(:message) do
+      ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
+    end
+
+    it 'should generate valid object' do
+      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
+      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
+      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
+      expect(message.legacy_compression_method).to eq "\x00"
+    end
+
+    it 'should generate valid serializable object' do
+      expect(message.serialize).to eq TESTBINARY_SERVER_HELLO
+    end
+  end
+
+  context 'hello_retry_request binary' do
+    let(:message) do
+      ServerHello.deserialize(TESTBINARY_HRR_HELLO_RETRY_REQUEST)
+    end
+
+    it 'should generate valid object' do
+      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
+      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
+      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
+      expect(message.legacy_compression_method).to eq "\x00"
+      expect(message.hrr?).to be true
+    end
+
+    it 'should generate valid serializable object' do
+      expect(message.serialize).to eq TESTBINARY_HRR_HELLO_RETRY_REQUEST
+    end
+  end
+
+  context 'valid server_hello binary, 0-RTT,' do
+    let(:message) do
+      ServerHello.deserialize(TESTBINARY_0_RTT_SERVER_HELLO)
+    end
+
+    it 'should generate valid object' do
+      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
+      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
+      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
+      expect(message.legacy_compression_method).to eq "\x00"
+    end
+
+    it 'should generate valid serializable object' do
+      expect(message.serialize).to eq TESTBINARY_0_RTT_SERVER_HELLO
+    end
+  end
+end

data/spec/server_name_spec.rb

@@ -0,0 +1,110 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe ServerName do
+  context 'valid server_name, example.com,' do
+    let(:extension) do
+      ServerName.new('example.com')
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::SERVER_NAME
+      expect(extension.server_name).to eq 'example.com'
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::SERVER_NAME \
+                                        + 16.to_uint16 \
+                                        + 14.to_uint16 \
+                                        + NameType::HOST_NAME \
+                                        + 11.to_uint16 \
+                                        + 'example.com'
+    end
+  end
+
+  context 'valid server_name, empty HostName,' do
+    let(:extension) do
+      ServerName.new('')
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::SERVER_NAME
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::SERVER_NAME \
+                                        + 0.to_uint16
+    end
+  end
+
+  context 'invalid server_name, too long HostName,' do
+    let(:extension) do
+      ServerName.new('a' * (2**16 - 4))
+    end
+
+    it 'should not be generated' do
+      expect { extension }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'valid server_name binary' do
+    let(:extension) do
+      ServerName.deserialize(TESTBINARY_SERVER_NAME)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq ExtensionType::SERVER_NAME
+      expect(extension.server_name).to eq 'github.com'
+    end
+
+    it 'should generate serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::SERVER_NAME \
+               + TESTBINARY_SERVER_NAME.prefix_uint16_length
+    end
+  end
+
+  context 'invalid server_name binary, malformed binary,' do
+    let(:extension) do
+      ServerName.deserialize(TESTBINARY_SERVER_NAME[0...-1])
+    end
+
+    it 'should return nil' do
+      expect(extension).to be nil
+    end
+  end
+
+  context 'invalid server_name binary, unknown NameType,' do
+    let(:testbinary) do
+      name_type = "\xff"
+      binary = name_type + 'example.com'.prefix_uint16_length
+      binary.prefix_uint16_length.prefix_uint16_length
+    end
+
+    let(:extension) do
+      ServerName.deserialize(testbinary)
+    end
+
+    it 'should return nil' do
+      expect(extension).to be nil
+    end
+  end
+
+  context 'invalid server_name binary, empty HostName,' do
+    let(:testbinary) do
+      binary = NameType::HOST_NAME + ''.prefix_uint16_length
+      binary.prefix_uint16_length.prefix_uint16_length
+    end
+
+    let(:extension) do
+      ServerName.deserialize(testbinary)
+    end
+
+    it 'should return nil' do
+      expect(extension).to be nil
+    end
+  end
+end