tttls1.3 0.1.0

data/lib/tttls1.3/message/extension/pre_shared_key.rb

@@ -0,0 +1,205 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      # NOTE:
+      #     struct {
+      #         select (Handshake.msg_type) {
+      #             case client_hello: OfferedPsks;
+      #             case server_hello: uint16 selected_identity;
+      #         };
+      #     } PreSharedKeyExtension;
+      class PreSharedKey
+        attr_reader :extension_type
+        attr_reader :msg_type
+        attr_reader :offered_psks
+        attr_reader :selected_identity
+
+        # @param msg_type [TTTLS13::Message::ContentType]
+        # @param offered_psks [TTTLS13::Message::Extension::OfferedPsks]
+        # @param selected_identity [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        def initialize(msg_type:, offered_psks: nil, selected_identity: '')
+          @extension_type = ExtensionType::PRE_SHARED_KEY
+          @msg_type = msg_type
+          case @msg_type
+          when HandshakeType::CLIENT_HELLO
+            @offered_psks = offered_psks
+          when HandshakeType::SERVER_HELLO
+            @selected_identity = selected_identity || ''
+            raise Error::ErrorAlerts, :internal_error \
+              unless @selected_identity.length == 2
+          else
+            raise Error::ErrorAlerts, :internal_error
+          end
+        end
+
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [String]
+        def serialize
+          binary = ''
+          case @msg_type
+          when HandshakeType::CLIENT_HELLO
+            binary += @offered_psks.serialize
+          when HandshakeType::SERVER_HELLO
+            binary += @selected_identity
+          else
+            raise Error::ErrorAlerts, :internal_error
+          end
+
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        # @param msg_type [TTTLS13::Message::ContentType]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::PreSharedKey, nil]
+        def self.deserialize(binary, msg_type)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          case msg_type
+          when HandshakeType::CLIENT_HELLO
+            offered_psks = OfferedPsks.deserialize(binary)
+            return nil if offered_psks.nil?
+
+            PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
+                             offered_psks: offered_psks)
+          when HandshakeType::SERVER_HELLO
+            return nil unless binary.length == 2
+
+            selected_identity = binary
+            PreSharedKey.new(msg_type: HandshakeType::SERVER_HELLO,
+                             selected_identity: selected_identity)
+          else
+            raise Error::ErrorAlerts, :internal_error
+          end
+        end
+      end
+
+      # NOTE:
+      #     opaque PskBinderEntry<32..255>;
+      #
+      #     struct {
+      #         PskIdentity identities<7..2^16-1>;
+      #         PskBinderEntry binders<33..2^16-1>;
+      #     } OfferedPsks;
+      class OfferedPsks
+        attr_reader :identities
+        attr_reader :binders
+
+        # @param identities [Array of PskIdentity]
+        # @param binders [Array of String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        def initialize(identities: [], binders: [])
+          @identities = identities || []
+          @binders = binders || []
+          raise Error::ErrorAlerts, :internal_error \
+            if @identities.empty? || @binders.empty?
+        end
+
+        # @return [String]
+        def serialize
+          binary = @identities.map(&:serialize).join
+          identities_bin = binary.prefix_uint16_length
+
+          binary = @binders.map(&:prefix_uint8_length).join
+          binders_bin = binary.prefix_uint16_length
+
+          identities_bin + binders_bin
+        end
+
+        # @param binary [String]
+        #
+        # @return [TTTLS13::Message::Extensions::OfferedPsks, nil]
+        # rubocop: disable Metrics/AbcSize
+        # rubocop: disable Metrics/CyclomaticComplexity
+        # rubocop: disable Metrics/MethodLength
+        # rubocop: disable Metrics/PerceivedComplexity
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+          return nil if binary.length < 2
+
+          pskids_len = Convert.bin2i(binary.slice(0, 2))
+          i = 2
+          identities = [] # Array of PskIdentity
+          while i < pskids_len + 2
+            return nil if i + 2 > binary.length
+
+            id_len = Convert.bin2i(binary.slice(i, 2))
+            return nil if id_len.zero?
+
+            i += 2
+            identity = binary.slice(i, id_len)
+            i += id_len
+
+            return nil if i + 4 > binary.length
+
+            obfuscated_ticket_age = Convert.bin2i(binary.slice(i, 4))
+            i += 4
+            identities << PskIdentity.new(
+              identity: identity,
+              obfuscated_ticket_age: obfuscated_ticket_age
+            )
+          end
+
+          i += 2
+          binders = [] # Array of String
+          while i < binary.length
+            return nil if i > binary.length
+
+            pbe_len = Convert.bin2i(binary[i])
+            return nil if pbe_len < 32
+
+            i += 1
+            binders << binary.slice(i, pbe_len)
+            i += pbe_len
+          end
+          return nil unless i == binary.length
+
+          OfferedPsks.new(identities: identities, binders: binders)
+        end
+        # rubocop: enable Metrics/AbcSize
+        # rubocop: enable Metrics/CyclomaticComplexity
+        # rubocop: enable Metrics/MethodLength
+        # rubocop: enable Metrics/PerceivedComplexity
+      end
+
+      # NOTE:
+      #     struct {
+      #         opaque identity<1..2^16-1>;
+      #         uint32 obfuscated_ticket_age;
+      #     } PskIdentity;
+      class PskIdentity
+        attr_reader :identity
+        attr_reader :obfuscated_ticket_age
+
+        # @param identity [String]
+        # @param obfuscated_ticket_age [Integer]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        def initialize(identity: '', obfuscated_ticket_age: 0)
+          @identity = identity || ''
+          @obfuscated_ticket_age = obfuscated_ticket_age
+          raise Error::ErrorAlerts, :internal_error \
+            if @identity.empty? || @obfuscated_ticket_age.negative?
+        end
+
+        # @return [String]
+        def serialize
+          binary = ''
+          binary += @identity.prefix_uint16_length
+          binary += @obfuscated_ticket_age.to_uint32
+          binary
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/psk_key_exchange_modes.rb

@@ -0,0 +1,54 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      module PskKeyExchangeMode
+        PSK_KE     = "\x00"
+        PSK_DHE_KE = "\x01"
+      end
+
+      class PskKeyExchangeModes
+        attr_reader :extension_type
+        attr_reader :ke_modes
+
+        # @param ke_modes [Array of PskKeyExchangeMode]
+        def initialize(ke_modes = [])
+          @extension_type = ExtensionType::PSK_KEY_EXCHANGE_MODES
+          @ke_modes = ke_modes || []
+        end
+
+        # @return [String]
+        def serialize
+          binary = @ke_modes.join.prefix_uint8_length
+
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::PskKeyExchangeModes, nil]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          return nil if binary.empty?
+
+          kem_len = Convert.bin2i(binary[0])
+          ke_modes = []
+          i = 1
+          while i < kem_len + 1
+            ke_modes << binary[i]
+            i += 1
+          end
+          return nil unless kem_len + 1 == binary.length
+
+          PskKeyExchangeModes.new(ke_modes)
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/record_size_limit.rb

@@ -0,0 +1,46 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      class RecordSizeLimit
+        attr_reader :extension_type
+        attr_reader :record_size_limit
+
+        # @param record_size_limit [Integer]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        def initialize(record_size_limit)
+          @extension_type = ExtensionType::RECORD_SIZE_LIMIT
+          @record_size_limit = record_size_limit
+          raise Error::ErrorAlerts, :internal_error if @record_size_limit < 64
+        end
+
+        # @return [String]
+        def serialize
+          binary = @record_size_limit.to_uint16
+
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::RecordSizeLimit, nil]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          return nil if binary.length != 2
+
+          record_size_limit = Convert.bin2i(binary)
+          raise Error::ErrorAlerts, :illegal_parameter if record_size_limit < 64
+
+          RecordSizeLimit.new(record_size_limit)
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/server_name.rb

@@ -0,0 +1,91 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      module NameType
+        HOST_NAME = "\x00"
+      end
+
+      # NOTE:
+      # The extension_data field SHALL be empty when @server_name is empty.
+      # Then, serialized extension_data is
+      #
+      # 00 00 00 00
+      #
+      # https://tools.ietf.org/html/rfc6066#section-3
+      class ServerName
+        attr_reader :extension_type
+        attr_reader :server_name
+
+        # @param server_name [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @example
+        #   ServerName.new('example.com')
+        def initialize(server_name)
+          @extension_type = ExtensionType::SERVER_NAME
+          @server_name = server_name || ''
+          raise Error::ErrorAlerts, :internal_error \
+            if @server_name.length > 2**16 - 5
+        end
+
+        # @return [String]
+        def serialize
+          return "\x00\x00\x00\x00" if @server_name.empty?
+
+          sn_len = @server_name.length
+          binary = ''
+          binary += @extension_type
+          binary += (sn_len + 5).to_uint16
+          binary += (sn_len + 3).to_uint16
+          binary += NameType::HOST_NAME
+          binary += sn_len.to_uint16
+          binary += @server_name
+          binary
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extension::ServerName, nil]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          return nil if binary.length == 1
+          return ServerName.new('') if binary.empty?
+
+          deserialize_host_name(binary)
+        end
+
+        class << self
+          private
+
+          # @param binary [String]
+          #
+          # @raise [TTTLS13::Error::ErrorAlerts]
+          #
+          # @return [TTTLS13::Message::Extension::ServerName, nil]
+          def deserialize_host_name(binary)
+            raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+            return nil unless binary.length > 5 &&
+                              binary[2] == NameType::HOST_NAME
+
+            snlist_len = Convert.bin2i(binary.slice(0, 2))
+            sn_len = Convert.bin2i(binary.slice(3, 2))
+            server_name = binary.slice(5, sn_len)
+            return nil unless snlist_len + 2 == binary.length &&
+                              sn_len + 5 == binary.length
+
+            ServerName.new(server_name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/signature_algorithms.rb

@@ -0,0 +1,69 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      class SignatureAlgorithms
+        DEFAULT_SIGNATURE_ALGORITHMS = [
+          SignatureScheme::ECDSA_SECP256R1_SHA256,
+          SignatureScheme::ECDSA_SECP384R1_SHA384,
+          SignatureScheme::ECDSA_SECP521R1_SHA512,
+          SignatureScheme::RSA_PSS_PSS_SHA256,
+          SignatureScheme::RSA_PSS_PSS_SHA384,
+          SignatureScheme::RSA_PSS_PSS_SHA512,
+          SignatureScheme::RSA_PSS_RSAE_SHA256,
+          SignatureScheme::RSA_PSS_RSAE_SHA384,
+          SignatureScheme::RSA_PSS_RSAE_SHA512,
+          SignatureScheme::RSA_PKCS1_SHA256,
+          SignatureScheme::RSA_PKCS1_SHA384,
+          SignatureScheme::RSA_PKCS1_SHA512
+        ].freeze
+
+        attr_accessor :extension_type # for signature_algorithms_cert getter
+        attr_reader   :supported_signature_algorithms
+
+        # @param supported_signature_algorithms [Array of SignatureScheme]
+        def initialize(supported_signature_algorithms)
+          @extension_type = ExtensionType::SIGNATURE_ALGORITHMS
+          @supported_signature_algorithms = supported_signature_algorithms || []
+          raise Error::ErrorAlerts, :internal_error \
+            if @supported_signature_algorithms.empty? ||
+               @supported_signature_algorithms.length * 2 > 2**16 - 3
+        end
+
+        # @return [String]
+        def serialize
+          binary = @supported_signature_algorithms.join
+
+          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::SignatureAlgorithms, nil]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          return nil if binary.length < 2
+
+          ssa_len = Convert.bin2i(binary.slice(0, 2))
+          i = 2
+          supported_signature_algorithms = []
+          while i < ssa_len + 2
+            return nil if i + 2 > binary.length
+
+            supported_signature_algorithms << binary.slice(i, 2)
+            i += 2
+          end
+          return nil unless ssa_len + 2 == binary.length
+
+          SignatureAlgorithms.new(supported_signature_algorithms)
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/signature_algorithms_cert.rb

@@ -0,0 +1,25 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  module Message
+    module Extension
+      class SignatureAlgorithmsCert < SignatureAlgorithms
+        # @param versions [Array of SignatureScheme]
+        def initialize(supported_signature_algorithms)
+          super(supported_signature_algorithms)
+          @extension_type = ExtensionType::SIGNATURE_ALGORITHMS_CERT
+        end
+
+        # @param binary [String]
+        #
+        # @return [TTTLS13::Message::Extensions::SignatureAlgorithmsCert]
+        def self.deserialize(binary)
+          extension = SignatureAlgorithms.deserialize(binary)
+          extension.extension_type = ExtensionType::SIGNATURE_ALGORITHMS_CERT
+          extension
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/status_request.rb

@@ -0,0 +1,106 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      module CertificateStatusType
+        OCSP = "\x01"
+      end
+
+      class StatusRequest
+        attr_reader :extension_type
+        attr_reader :responder_id_list
+        attr_reader :request_extensions
+
+        # @param responder_id_list [Array of String]
+        # @param request_extensions [String]
+        #
+        # @example
+        #   StatusRequest.new(
+        #       responder_id_list: [],
+        #       request_extensions: []
+        #   )
+        def initialize(responder_id_list: [], request_extensions: '')
+          @extension_type = ExtensionType::STATUS_REQUEST
+          @responder_id_list = responder_id_list || []
+          @request_extensions = request_extensions || ''
+        end
+
+        # @return [String]
+        def serialize
+          binary = ''
+          binary += CertificateStatusType::OCSP
+          binary += @responder_id_list.length.to_uint16
+          binary += @responder_id_list.map do |id|
+            id.length.to_uint16 + id
+          end.join
+          binary += @request_extensions.prefix_uint16_length
+
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extension::StatusRequest, nil]
+        # rubocop: disable Metrics/CyclomaticComplexity
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+          return nil if binary.length < 5 ||
+                        binary[0] != CertificateStatusType::OCSP
+
+          ril_len = Convert.bin2i(binary.slice(1, 2))
+          i = 3
+          responder_id_list =
+            deserialize_request_ids(binary.slice(i, ril_len))
+          # unparsable responder_id_list
+          return nil if responder_id_list.nil?
+
+          i += ril_len
+          return nil if i + 2 > binary.length
+
+          re_len = Convert.bin2i(binary.slice(i, 2))
+          i += 2
+          request_extensions = binary.slice(i, re_len)
+          i += re_len
+          return nil unless i == binary.length
+
+          StatusRequest.new(responder_id_list: responder_id_list,
+                            request_extensions: request_extensions)
+        end
+        # rubocop: enable Metrics/CyclomaticComplexity
+
+        class << self
+          private
+
+          # @param binary [String]
+          #
+          # @raise [TTTLS13::Error::ErrorAlerts]
+          #
+          # @return [Array of String, nil] received unparsable binary, nil
+          def deserialize_request_ids(binary)
+            raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+            i = 0
+            request_ids = []
+            while i < binary.length
+              return nil if i + 2 > binary.length
+
+              id_len = Convert.bin2i(binary.slice(i, 2))
+              i += 2
+              id = binary.slice(i, id_len)
+              request_ids += id
+              i += id_len
+            end
+            return nil if i != binary.length
+
+            request_ids
+          end
+        end
+      end
+    end
+  end
+end