tttls1.3 0.1.0

data/spec/status_request_spec.rb

@@ -0,0 +1,73 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe StatusRequest do
+  context 'default status_request' do
+    let(:extension) do
+      StatusRequest.new
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
+      expect(extension.responder_id_list).to be_empty
+      expect(extension.request_extensions).to be_empty
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq "\x00\x05\x00\x05\x01\x00\x00\x00\x00"
+    end
+  end
+
+  context 'valid status_request' do
+    let(:extension) do
+      StatusRequest.new(responder_id_list: [], request_extensions: '')
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
+      expect(extension.responder_id_list).to be_empty
+      expect(extension.request_extensions).to be_empty
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq "\x00\x05\x00\x05\x01\x00\x00\x00\x00"
+    end
+  end
+
+  context 'valid status_request, 0 length request ' do
+    let(:extension) do
+      StatusRequest.new(responder_id_list: nil, request_extensions: nil)
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
+      expect(extension.responder_id_list).to be_empty
+      expect(extension.request_extensions).to be_empty
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq "\x00\x05\x00\x05\x01\x00\x00\x00\x00"
+    end
+  end
+
+  context 'valid status_request binary' do
+    let(:extension) do
+      StatusRequest.deserialize(TESTBINARY_STATUS_REQUEST)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
+      expect(extension.responder_id_list).to be_empty
+      expect(extension.request_extensions).to be_empty
+    end
+
+    it 'should generate serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::STATUS_REQUEST \
+               + TESTBINARY_STATUS_REQUEST.prefix_uint16_length
+    end
+  end
+end

data/spec/supported_groups_spec.rb

@@ -0,0 +1,79 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe SupportedGroups do
+  context 'valid supported_groups' do
+    let(:named_group_list) do
+      [NamedGroup::SECP256R1,
+       NamedGroup::SECP384R1]
+    end
+
+    let(:extension) do
+      SupportedGroups.new(named_group_list)
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_GROUPS
+      expect(extension.named_group_list).to eq named_group_list
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::SUPPORTED_GROUPS \
+                                        + 6.to_uint16 \
+                                        + 4.to_uint16 \
+                                        + named_group_list.join
+    end
+  end
+
+  context 'invalid supported_groups, empty,' do
+    let(:extension) do
+      SupportedGroups.new([])
+    end
+
+    it 'should not be generated' do
+      expect { extension }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'invalid supported_groups, too long,' do
+    let(:extension) do
+      SupportedGroups.new((0..2**15 - 1).to_a.map(&:to_uint16))
+    end
+
+    it 'should not be generated' do
+      expect { extension }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'valid supported_groups binary' do
+    let(:extension) do
+      SupportedGroups.deserialize(TESTBINARY_SUPPORTED_GROUPS)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_GROUPS
+      expect(extension.named_group_list).to eq [NamedGroup::SECP256R1,
+                                                NamedGroup::SECP384R1,
+                                                NamedGroup::SECP521R1]
+    end
+
+    it 'should generate serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::SUPPORTED_GROUPS \
+               + TESTBINARY_SUPPORTED_GROUPS.prefix_uint16_length
+    end
+  end
+
+  context 'invalid supported_groups binary, malformed binary,' do
+    let(:extension) do
+      SupportedGroups.deserialize(TESTBINARY_SUPPORTED_GROUPS[0...-1])
+    end
+
+    it 'should return nil' do
+      expect(extension).to be nil
+    end
+  end
+end

data/spec/supported_versions_spec.rb

@@ -0,0 +1,136 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe SupportedVersions do
+  context 'valid supported_versions of ClientHello' do
+    let(:extension) do
+      SupportedVersions.new(
+        msg_type: HandshakeType::CLIENT_HELLO,
+        versions: [ProtocolVersion::TLS_1_3, ProtocolVersion::TLS_1_2]
+      )
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
+      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3,
+                                        ProtocolVersion::TLS_1_2]
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::SUPPORTED_VERSIONS \
+                                        + 5.to_uint16 \
+                                        + 4.to_uint8 \
+                                        + ProtocolVersion::TLS_1_3 \
+                                        + ProtocolVersion::TLS_1_2
+    end
+  end
+
+  context 'default supported_versions of ClientHello' do
+    let(:extension) do
+      SupportedVersions.new(msg_type: HandshakeType::CLIENT_HELLO)
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
+      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3]
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::SUPPORTED_VERSIONS \
+                                        + 3.to_uint16 \
+                                        + 2.to_uint8 \
+                                        + ProtocolVersion::TLS_1_3
+    end
+  end
+
+  context 'invalid supported_versions of ClientHello, empty,' do
+    let(:extension) do
+      SupportedVersions.new(msg_type: HandshakeType::CLIENT_HELLO,
+                            versions: [])
+    end
+
+    it 'should not be generated' do
+      expect { extension }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'invalid supported_versions of ClientHello, too large,' do
+    let(:extension) do
+      SupportedVersions.new(msg_type: HandshakeType::CLIENT_HELLO,
+                            versions: (0..127).to_a.map(&:to_uint16))
+    end
+
+    it 'should not be generated' do
+      expect { extension }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'valid supported_versions of ServerHello' do
+    let(:extension) do
+      SupportedVersions.new(msg_type: HandshakeType::SERVER_HELLO,
+                            versions: [ProtocolVersion::TLS_1_3])
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
+      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3]
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::SUPPORTED_VERSIONS \
+                                        + 2.to_uint16 \
+                                        + ProtocolVersion::TLS_1_3
+    end
+  end
+
+  context 'invalid supported_versions of ServerHello, empty,' do
+    let(:extension) do
+      SupportedVersions.new(msg_type: HandshakeType::SERVER_HELLO,
+                            versions: [])
+    end
+
+    it 'should not be generated' do
+      expect { extension }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'valid supported_versions binary, ClientHello' do
+    let(:extension) do
+      SupportedVersions.deserialize(TESTBINARY_SUPPORTED_VERSIONS_CH,
+                                    HandshakeType::CLIENT_HELLO)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
+      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3,
+                                        ProtocolVersion::TLS_1_2]
+    end
+
+    it 'should generate serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::SUPPORTED_VERSIONS \
+               + TESTBINARY_SUPPORTED_VERSIONS_CH.prefix_uint16_length
+    end
+  end
+
+  context 'valid supported_versions binary, ServerHello' do
+    let(:extension) do
+      SupportedVersions.deserialize(TESTBINARY_SUPPORTED_VERSIONS_SH,
+                                    HandshakeType::SERVER_HELLO)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
+      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3]
+    end
+
+    it 'should generate serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::SUPPORTED_VERSIONS \
+               + TESTBINARY_SUPPORTED_VERSIONS_SH.prefix_uint16_length
+    end
+  end
+end

data/spec/transcript_spec.rb

@@ -0,0 +1,69 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Transcript do
+  context 'transcript, not including HRR,' do
+    let(:transcript) do
+      t = Transcript.new
+      t.merge!(
+        CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
+        SH => ServerHello.deserialize(TESTBINARY_SERVER_HELLO),
+        EE => EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS),
+        CT => Certificate.deserialize(TESTBINARY_CERTIFICATE),
+        CV => CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY),
+        SF => Finished.deserialize(TESTBINARY_SERVER_FINISHED),
+        CF => Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
+      )
+    end
+
+    it 'should return valid transcript-hash' do
+      expect(transcript.hash('SHA256', CF))
+        .to eq TESTBINARY_CH_CF_TRANSCRIPT_HASH
+    end
+  end
+
+  context 'transcript, including HRR,' do
+    let(:transcript) do
+      t = Transcript.new
+      t.merge!(
+        CH1 => ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO1),
+        HRR => ServerHello.deserialize(TESTBINARY_HRR_HELLO_RETRY_REQUEST),
+        CH => ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO),
+        SH => ServerHello.deserialize(TESTBINARY_HRR_SERVER_HELLO),
+        EE =>
+        EncryptedExtensions.deserialize(TESTBINARY_HRR_ENCRYPTED_EXTENSIONS),
+        CT => Certificate.deserialize(TESTBINARY_HRR_CERTIFICATE),
+        CV => CertificateVerify.deserialize(TESTBINARY_HRR_CERTIFICATE_VERIFY),
+        SF => Finished.deserialize(TESTBINARY_HRR_SERVER_FINISHED),
+        CF => Finished.deserialize(TESTBINARY_HRR_CLIENT_FINISHED)
+      )
+    end
+
+    it 'should return valid transcript-hash' do
+      expect(transcript.hash('SHA256', SH))
+        .to eq TESTBINARY_HRR_CH1_SH_TRANSCRIPT_HASH
+      expect(transcript.hash('SHA256', CF))
+        .to eq TESTBINARY_HRR_CH1_CF_TRANSCRIPT_HASH
+    end
+  end
+
+  context 'transcript, Resumed 0-RTT Handshake,' do
+    let(:transcript) do
+      t = Transcript.new
+      t.merge!(
+        CH => ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO)
+      )
+    end
+
+    let(:hash_len) do
+      OpenSSL::Digest.new('SHA256').digest_length
+    end
+
+    it 'should return valid transcript-hash' do
+      expect(transcript.truncate_hash('SHA256', CH, hash_len + 3))
+        .to eq TESTBINARY_0_RTT_BINDER_HASH
+    end
+  end
+end

data/spec/unknown_extension_spec.rb

@@ -0,0 +1,90 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe UnknownExtension do
+  context 'valid uknown extension, no extension_data' do
+    let(:extension) do
+      UnknownExtension.new(extension_type: "\x8a\x8a")
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq "\x8a\x8a"
+      expect(extension.extension_data).to be_empty
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq "\x8a\x8a" + ''.prefix_uint16_length
+    end
+  end
+
+  context 'valid uknown extension' do
+    let(:random_bytes) do
+      OpenSSL::Random.random_bytes(20)
+    end
+
+    let(:extension) do
+      UnknownExtension.new(extension_type: "\x8a\x8a",
+                           extension_data: random_bytes)
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq "\x8a\x8a"
+      expect(extension.extension_data).to eq random_bytes
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq "\x8a\x8a" \
+                                        + random_bytes.prefix_uint16_length
+    end
+  end
+
+  context 'invalid uknown extension, no extension_type,' do
+    let(:extension) do
+      UnknownExtension.new
+    end
+
+    it 'should not be generated' do
+      expect { extension }.to raise_error(ArgumentError)
+    end
+  end
+
+  context 'valid uknown extension binary, binary is nil,' do
+    let(:extension) do
+      UnknownExtension.deserialize(nil, "\x8a\x8a")
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq "\x8a\x8a"
+      expect(extension.extension_data).to be_empty
+    end
+  end
+
+  context 'valid uknown extension binary, binary is empty,' do
+    let(:extension) do
+      UnknownExtension.deserialize([], "\x8a\x8a")
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq "\x8a\x8a"
+      expect(extension.extension_data).to be_empty
+    end
+  end
+
+  context 'valid uknown extension binary' do
+    let(:random_bytes) do
+      OpenSSL::Random.random_bytes(20)
+    end
+
+    let(:extension) do
+      UnknownExtension.deserialize(random_bytes, "\x8a\x8a")
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq "\x8a\x8a"
+      expect(extension.extension_data).to eq random_bytes
+    end
+  end
+end

data/spec/utils_spec.rb

@@ -0,0 +1,215 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe TTTLS13::Refinements do
+  context '0' do
+    let(:integer) do
+      0
+    end
+
+    it 'should return uint8' do
+      expect(integer.to_uint8).to eq "\x00"
+    end
+
+    it 'should return uint16' do
+      expect(integer.to_uint16).to eq "\x00\x00"
+    end
+
+    it 'should return uint24' do
+      expect(integer.to_uint24).to eq "\x00\x00\x00"
+    end
+
+    it 'should return uint32' do
+      expect(integer.to_uint32).to eq "\x00\x00\x00\x00"
+    end
+
+    it 'should return uint64' do
+      expect(integer.to_uint64).to eq "\x00\x00\x00\x00\x00"
+    end
+  end
+
+  context '-1' do
+    let(:integer) do
+      -1
+    end
+
+    it 'should not return uint8' do
+      expect { integer.to_uint8 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint16' do
+      expect { integer.to_uint16 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint24' do
+      expect { integer.to_uint24 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint32' do
+      expect { integer.to_uint32 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint64' do
+      expect { integer.to_uint64 }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context '1 << 8' do
+    let(:integer) do
+      1 << 8
+    end
+
+    it 'should not return uint8' do
+      expect { integer.to_uint8 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should return uint16' do
+      expect(integer.to_uint16).to eq "\x01\x00"
+    end
+
+    it 'should return uint24' do
+      expect(integer.to_uint24).to eq "\x00\x01\x00"
+    end
+
+    it 'should return uint32' do
+      expect(integer.to_uint32).to eq "\x00\x00\x01\x00"
+    end
+
+    it 'should return uint64' do
+      expect(integer.to_uint64).to eq "\x00\x00\x00\x01\x00"
+    end
+  end
+
+  context '1 << 16' do
+    let(:integer) do
+      1 << 16
+    end
+
+    it 'should not return uint8' do
+      expect { integer.to_uint8 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint16' do
+      expect { integer.to_uint16 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should return uint24' do
+      expect(integer.to_uint24).to eq "\x01\x00\x00"
+    end
+
+    it 'should return uint32' do
+      expect(integer.to_uint32).to eq "\x00\x01\x00\x00"
+    end
+
+    it 'should return uint64' do
+      expect(integer.to_uint64).to eq "\x00\x00\x01\x00\x00"
+    end
+  end
+
+  context '1 << 24' do
+    let(:integer) do
+      1 << 24
+    end
+
+    it 'should not return uint8' do
+      expect { integer.to_uint8 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint16' do
+      expect { integer.to_uint16 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint24' do
+      expect { integer.to_uint24 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should return uint32' do
+      expect(integer.to_uint32).to eq "\x01\x00\x00\x00"
+    end
+
+    it 'should return uint64' do
+      expect(integer.to_uint64).to eq "\x00\x01\x00\x00\x00"
+    end
+  end
+
+  context '1 << 32' do
+    let(:integer) do
+      1 << 32
+    end
+
+    it 'should not return uint8' do
+      expect { integer.to_uint8 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint16' do
+      expect { integer.to_uint16 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint24' do
+      expect { integer.to_uint24 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint32' do
+      expect { integer.to_uint32 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should return uint64' do
+      expect(integer.to_uint64).to eq "\x01\x00\x00\x00\x00"
+    end
+  end
+
+  context '1 << 64' do
+    let(:integer) do
+      1 << 64
+    end
+
+    it 'should not return uint8' do
+      expect { integer.to_uint8 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint16' do
+      expect { integer.to_uint16 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint24' do
+      expect { integer.to_uint24 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint32' do
+      expect { integer.to_uint32 }.to raise_error(ErrorAlerts)
+    end
+
+    it 'should not return uint64' do
+      expect { integer.to_uint64 }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'string' do
+    let(:string) do
+      'string'
+    end
+
+    it 'should be prefixed' do
+      expect(string.prefix_uint8_length).to eq "\x06string"
+      expect(string.prefix_uint16_length).to eq "\x00\x06string"
+      expect(string.prefix_uint24_length).to eq "\x00\x00\x06string"
+      expect(string.prefix_uint32_length).to eq "\x00\x00\x00\x06string"
+      expect(string.prefix_uint64_length).to eq "\x00\x00\x00\x00\x06string"
+    end
+  end
+end
+
+RSpec.describe Convert do
+  context 'binary' do
+    let(:binary) do
+      "\x01\x23\x45\x67\x89"
+    end
+
+    it 'should be converted to integer' do
+      expect(Convert.bin2i(binary)).to eq 4_886_718_345
+    end
+  end
+end

data/tttls1.3.gemspec

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'tttls1.3/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'tttls1.3'
+  spec.version       = TTTLS13::VERSION
+  spec.authors       = ['thekuwayama']
+  spec.email         = ['thekuwayama@gmail.com']
+  spec.summary       = 'TLS 1.3 implementation in Ruby'
+  spec.description   = spec.summary
+  spec.homepage      = 'https://github.com/thekuwayama/tttls1.3'
+  spec.license       = 'MIT'
+  spec.required_ruby_version = '>=2.6.1'
+
+  spec.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_dependency             'openssl'
+end