tttls1.3 0.1.0

data/lib/tttls1.3/message/encrypted_extensions.rb

@@ -0,0 +1,65 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    class EncryptedExtensions
+      attr_reader :msg_type
+      attr_reader :extensions
+
+      # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1
+      ALLOWED_EXTENSIONS = [
+        ExtensionType::SERVER_NAME,
+        ExtensionType::MAX_FRAGMENT_LENGTH,
+        ExtensionType::SUPPORTED_GROUPS,
+        ExtensionType::USE_SRTP,
+        ExtensionType::HEARTBEAT,
+        ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION,
+        ExtensionType::CLIENT_CERTIFICATE_TYPE,
+        ExtensionType::SERVER_CERTIFICATE_TYPE,
+        ExtensionType::RECORD_SIZE_LIMIT,
+        ExtensionType::EARLY_DATA
+      ].freeze
+
+      # @param extensions [TTTLS13::Message::Extensions]
+      def initialize(extensions = Extensions.new)
+        @msg_type = HandshakeType::ENCRYPTED_EXTENSIONS
+        @extensions = extensions || Extensions.new
+      end
+
+      # @return [String]
+      def serialize
+        @msg_type + @extensions.serialize.prefix_uint24_length
+      end
+
+      alias fragment serialize
+
+      # @param binary [String]
+      #
+      # @raise [TTTLS13::Error::ErrorAlerts]
+      #
+      # @return [TTTLS13::Message::EncryptedExtensions]
+      def self.deserialize(binary)
+        raise Error::ErrorAlerts, :internal_error if binary.nil?
+        raise Error::ErrorAlerts, :decode_error if binary.length < 6
+        raise Error::ErrorAlerts, :internal_error \
+          unless binary[0] == HandshakeType::ENCRYPTED_EXTENSIONS
+
+        ee_len = Convert.bin2i(binary.slice(1, 3))
+        exs_len = Convert.bin2i(binary.slice(4, 2))
+        extensions = Extensions.deserialize(binary.slice(6, exs_len),
+                                            HandshakeType::ENCRYPTED_EXTENSIONS)
+        raise Error::ErrorAlerts, :decode_error \
+          unless exs_len + 2 == ee_len && exs_len + 6 == binary.length
+
+        EncryptedExtensions.new(extensions)
+      end
+
+      # @return [Boolean]
+      def any_forbidden_extensions?
+        !(@extensions.keys - ALLOWED_EXTENSIONS).empty?
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/end_of_early_data.rb

@@ -0,0 +1,29 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  module Message
+    class EndOfEarlyData
+      # @return [String]
+      def serialize
+        ''
+      end
+
+      # @param binary [String]
+      #
+      # @raise [TTTLS13::Error::ErrorAlerts]
+      #
+      # @return [TTTLS13::Message::EndOfEarlyData]
+      def self.deserialize(binary)
+        raise Error::ErrorAlerts, :internal_error if binary.nil?
+        raise Error::ErrorAlerts, :decode_error unless binary.length == 4
+        raise Error::ErrorAlerts, :unexpected_message \
+          unless binary[0] == HandshakeType::END_OF_EARLY_DATA
+        raise Error::ErrorAlerts, :decode_error \
+          unless binary == "\x05\x00\x00\x00"
+
+        EndOfEarlyData.new
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/alpn.rb

@@ -0,0 +1,70 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      class Alpn
+        attr_reader :extension_type
+        attr_reader :protocol_name_list
+
+        # @param named_group_list [Array of String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @example
+        #     Alpn.new(['h2', 'http/1.1'])
+        #
+        # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
+        def initialize(protocol_name_list)
+          @extension_type \
+          = ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
+          @protocol_name_list = protocol_name_list || []
+          raise Error::ErrorAlerts, :internal_error \
+            if @protocol_name_list.empty?
+        end
+
+        # @return [String]
+        def serialize
+          binary = @protocol_name_list.map(&:prefix_uint8_length).join
+
+          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extension::Alpn, nil]
+        # rubocop: disable Metrics/CyclomaticComplexity
+        # rubocop: disable Metrics/PerceivedComplexity
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          return nil if binary.length < 2
+
+          pnlist_len = Convert.bin2i(binary.slice(0, 2))
+          i = 2
+          protocol_name_list = []
+          while i < pnlist_len + 2
+            return nil if i + 1 > binary.length
+
+            pn_len = Convert.bin2i(binary.slice(i, 1))
+            i += 1
+            return nil if i + pn_len > binary.length
+
+            protocol_name_list << binary.slice(i, pn_len)
+            i += pn_len
+          end
+          return nil unless i == binary.length &&
+                            pnlist_len + 2 == binary.length
+
+          Alpn.new(protocol_name_list)
+        end
+        # rubocop: enable Metrics/CyclomaticComplexity
+        # rubocop: enable Metrics/PerceivedComplexity
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/cookie.rb

@@ -0,0 +1,47 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      class Cookie
+        attr_reader :extension_type
+        attr_reader :cookie
+
+        # @param cookie [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        def initialize(cookie)
+          @extension_type = ExtensionType::COOKIE
+          @cookie = cookie || ''
+          raise Error::ErrorAlerts, :internal_error \
+            if @cookie.length > 2**16 - 3
+        end
+
+        # @return [String]
+        def serialize
+          @extension_type + @cookie.prefix_uint16_length.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::Cookie, nil]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          return nil if binary.length < 2
+
+          cookie_len = Convert.bin2i(binary.slice(0, 2))
+          cookie = binary.slice(2, cookie_len)
+          return nil unless cookie_len + 2 == binary.length &&
+                            cookie_len <= 2**16 - 3
+
+          Cookie.new(cookie)
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/early_data_indication.rb

@@ -0,0 +1,58 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      class EarlyDataIndication
+        attr_reader :extension_type
+        attr_reader :max_early_data_size
+
+        # @param max_early_data_size [Integer, nil]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        def initialize(max_early_data_size = nil)
+          @extension_type = ExtensionType::EARLY_DATA
+          @max_early_data_size = max_early_data_size
+          raise Error::ErrorAlerts, :internal_error \
+            unless @max_early_data_size.nil? || @max_early_data_size < 2**32
+        end
+
+        # @return [String]
+        def serialize
+          binary = ''
+          binary = @max_early_data_size.to_uint32 \
+            unless @max_early_data_size.nil?
+
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        # @param msg_type [TTTLS13::Message::ContentType]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::EarlyDataIndication, nil]
+        def self.deserialize(binary, msg_type)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          case msg_type
+          when HandshakeType::CLIENT_HELLO, HandshakeType::ENCRYPTED_EXTENSIONS
+            return nil unless binary.empty?
+
+            max_early_data_size = nil
+          when HandshakeType::NEW_SESSION_TICKET
+            return nil unless binary.length == 4
+
+            max_early_data_size = Convert.bin2i(binary)
+          else
+            raise Error::ErrorAlerts, :internal_error
+          end
+
+          EarlyDataIndication.new(max_early_data_size)
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/key_share.rb

@@ -0,0 +1,236 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      # rubocop: disable Metrics/ClassLength
+      class KeyShare
+        attr_reader :extension_type
+        attr_reader :msg_type
+        attr_reader :key_share_entry
+
+        # @param msg_type [TTTLS13::Message::ContentType]
+        # @param key_share_entry [Array of KeyShareEntry]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        # rubocop: disable Metrics/CyclomaticComplexity
+        # rubocop: disable Metrics/PerceivedComplexity
+        def initialize(msg_type:, key_share_entry: [])
+          @extension_type = ExtensionType::KEY_SHARE
+          @msg_type = msg_type
+          @key_share_entry = key_share_entry || []
+          raise Error::ErrorAlerts, :internal_error \
+            unless (@msg_type == HandshakeType::CLIENT_HELLO &&
+                    @key_share_entry.length >= 0 &&
+                    @key_share_entry.all?(&:valid_key_share_client_hello?)) ||
+                   (@msg_type == HandshakeType::SERVER_HELLO &&
+                    @key_share_entry.length == 1 &&
+                    @key_share_entry.first.valid_key_share_server_hello?) ||
+                   (@msg_type == HandshakeType::HELLO_RETRY_REQUEST &&
+                    @key_share_entry.length == 1 &&
+                    @key_share_entry.first.valid_key_share_hello_retry_request?)
+        end
+        # rubocop: enable Metrics/CyclomaticComplexity
+        # rubocop: enable Metrics/PerceivedComplexity
+
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [String]
+        def serialize
+          case @msg_type
+          when HandshakeType::CLIENT_HELLO
+            binary = @key_share_entry.map(&:serialize).join.prefix_uint16_length
+          when HandshakeType::SERVER_HELLO, HandshakeType::HELLO_RETRY_REQUEST
+            binary = @key_share_entry.first.serialize
+          else
+            raise Error::ErrorAlerts, :internal_error
+          end
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        # @param msg_type [TTTLS13::Message::HandshakeType]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::KeyShare, nil]
+        # rubocop: disable Metrics/CyclomaticComplexity
+        def self.deserialize(binary, msg_type)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          case msg_type
+          when HandshakeType::CLIENT_HELLO
+            key_share_entry = deserialize_keyshare_ch(binary)
+            return nil \
+              unless key_share_entry.all?(&:valid_key_share_client_hello?)
+          when HandshakeType::SERVER_HELLO
+            key_share_entry = deserialize_keyshare_sh(binary)
+            return nil \
+              unless key_share_entry.first.valid_key_share_server_hello?
+          when HandshakeType::HELLO_RETRY_REQUEST
+            key_share_entry = deserialize_keyshare_hrr(binary)
+            return nil \
+              unless key_share_entry.first.valid_key_share_hello_retry_request?
+          else
+            raise Error::ErrorAlerts, :internal_error
+          end
+          return nil if key_share_entry.nil?
+
+          KeyShare.new(msg_type: msg_type,
+                       key_share_entry: key_share_entry)
+        end
+        # rubocop: enable Metrics/CyclomaticComplexity
+
+        # @param groups [Array of TTTLS13::Message::Extension::NamedGroup]
+        #
+        # @return [TTTLS13::Message::Extensions::KeyShare]
+        # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
+        def self.gen_ch_key_share(groups)
+          priv_keys = {}
+          kse = groups.map do |group|
+            curve = NamedGroup.curve_name(group)
+            ec = OpenSSL::PKey::EC.new(curve)
+            ec.generate_key!
+            # store private key to do the key-exchange
+            priv_keys.store(group, ec)
+            KeyShareEntry.new(
+              group: group,
+              key_exchange: ec.public_key.to_octet_string(:uncompressed)
+            )
+          end
+
+          key_share = KeyShare.new(
+            msg_type: HandshakeType::CLIENT_HELLO,
+            key_share_entry: kse
+          )
+
+          [key_share, priv_keys]
+        end
+
+        class << self
+          private
+
+          # NOTE:
+          #     struct {
+          #         KeyShareEntry client_shares<0..2^16-1>;
+          #     } KeyShareClientHello;
+          #
+          # @param binary [String]
+          #
+          # @raise [TTTLS13::Error::ErrorAlerts]
+          #
+          # @return [Array of KeyShareEntry, nil]
+          def deserialize_keyshare_ch(binary)
+            raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+            return nil if binary.length < 2
+
+            cs_len = Convert.bin2i(binary.slice(0, 2))
+            key_share_entry = []
+            itr = 2
+            while itr < cs_len + 2
+              return nil if itr + 4 > binary.length
+
+              group = binary.slice(itr, 2)
+              itr += 2
+              ke_len = Convert.bin2i(binary.slice(itr, 2))
+              itr += 2
+              key_exchange = binary.slice(itr, ke_len)
+              key_share_entry << KeyShareEntry.new(group: group,
+                                                   key_exchange: key_exchange)
+              itr += ke_len
+            end
+            return nil unless itr == binary.length
+
+            key_share_entry
+          end
+
+          # NOTE:
+          #     struct {
+          #         KeyShareEntry server_share;
+          #     } KeyShareServerHello;
+          #
+          # @param binary [String]
+          #
+          # @raise [TTTLS13::Error::ErrorAlerts]
+          #
+          # @return [Array of KeyShareEntry, nil]
+          def deserialize_keyshare_sh(binary)
+            raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+            return nil if binary.length < 4
+
+            group = binary.slice(0, 2)
+            ke_len = Convert.bin2i(binary.slice(2, 2))
+            key_exchange = binary.slice(4, ke_len)
+            return nil unless ke_len + 4 == binary.length
+
+            [KeyShareEntry.new(group: group, key_exchange: key_exchange)]
+          end
+
+          # NOTE:
+          #     struct {
+          #         NamedGroup selected_group;
+          #     } KeyShareHelloRetryRequest;
+          #
+          # @param binary [String]
+          #
+          # @raise [TTTLS13::Error::ErrorAlerts]
+          #
+          # @return [Array of KeyShareEntry, nil]
+          def deserialize_keyshare_hrr(binary)
+            raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+            return nil unless binary.length == 2
+
+            group = binary.slice(0, 2)
+            [KeyShareEntry.new(group: group)]
+          end
+        end
+      end
+      # rubocop: enable Metrics/ClassLength
+
+      class KeyShareEntry
+        attr_reader :group
+        attr_reader :key_exchange
+
+        # @param group [TTTLS13::Message::Extension::NamedGroup]
+        # @param key_exchange [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        def initialize(group:, key_exchange: nil)
+          @group = group || ''
+          @key_exchange = key_exchange || ''
+          raise Error::ErrorAlerts, :internal_error unless @group.length == 2
+        end
+
+        # @return [Boolean]
+        def valid_key_share_client_hello?
+          @group.length == 2 && @key_exchange.length.positive?
+        end
+
+        # @return [Boolean]
+        def valid_key_share_server_hello?
+          @group.length == 2 && @key_exchange.length.positive?
+        end
+
+        # @return [Boolean]
+        def valid_key_share_hello_retry_request?
+          @group.length == 2 && @key_exchange.empty?
+        end
+
+        # @return [String]
+        def serialize
+          binary = ''
+          binary += @group
+          # KeyShareHelloRetryRequest doesn't have key_exchange.
+          binary += @key_exchange.prefix_uint16_length \
+            unless @key_exchange.empty?
+          binary
+        end
+      end
+    end
+  end
+end