tttls1.3 0.1.0

data/lib/tttls1.3/message/record.rb

@@ -0,0 +1,232 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    # https://tools.ietf.org/html/rfc8449#section-4
+    DEFAULT_RECORD_SIZE_LIMIT = 2**14 + 1
+
+    # rubocop: disable Metrics/ClassLength
+    class Record
+      attr_reader :type
+      attr_reader :legacy_record_version
+      attr_reader :messages
+      attr_reader :surplus_binary
+      attr_reader :cipher
+
+      # @param type [TTTLS13::Message::ContentType]
+      # @param legacy_record_version [TTTLS13::Message::ProtocolVersion]
+      # @param messages [Array of TTTLS13::Message::$Object]
+      # @param surplus_binary [String]
+      # @param cipher [TTTLS13::Cryptograph::$Object]
+      def initialize(type:,
+                     legacy_record_version: ProtocolVersion::TLS_1_2,
+                     messages: [],
+                     surplus_binary: '',
+                     cipher:)
+        @type = type
+        @legacy_record_version = legacy_record_version
+        @messages = messages
+        @surplus_binary = surplus_binary
+        @cipher = cipher
+      end
+
+      # NOTE:
+      # serialize joins messages.
+      # If serialize is received Server Parameters(EE, CT, CV),
+      # it returns one binary.
+      #
+      # @param record_size_limit [Integer]
+      #
+      # @return [String]
+      def serialize(record_size_limit = DEFAULT_RECORD_SIZE_LIMIT)
+        tlsplaintext = @messages.map(&:serialize).join + @surplus_binary
+        if messages_type == ContentType::APPLICATION_DATA
+          max = cipher.tlsplaintext_length_limit(record_size_limit)
+          fragments = tlsplaintext.scan(/.{1,#{max}}/m)
+        else
+          fragments = [tlsplaintext]
+        end
+        fragments = [''] if fragments.empty?
+
+        binary = ''
+        fragments.each do |s|
+          binary += @type + @legacy_record_version
+          binary += @cipher.encrypt(s, messages_type).prefix_uint16_length
+        end
+
+        binary
+      end
+
+      # NOTE:
+      # If previous Record has surplus_binary,
+      # surplus_binary should is given to Record.deserialize as buffered.
+      #
+      # @param binary [String]
+      # @param cipher [TTTLS13::Cryptograph::$Object]
+      # @param buffered [String] surplus_binary
+      #
+      # @raise [TTTLS13::Error::ErrorAlerts]
+      #
+      # @return [TTTLS13::Message::Record, String]
+      # rubocop: disable Metrics/CyclomaticComplexity
+      # rubocop: disable Metrics/PerceivedComplexity
+      def self.deserialize(binary, cipher, buffered = '')
+        raise Error::ErrorAlerts, :internal_error if binary.nil?
+        raise Error::ErrorAlerts, :decode_error if binary.length < 5
+
+        type = binary[0]
+        legacy_record_version = binary.slice(1, 2)
+        fragment_len = Convert.bin2i(binary.slice(3, 2))
+        raise Error::ErrorAlerts, :record_overflow \
+          if (cipher.is_a?(Cryptograph::Passer) && fragment_len > 2**14) ||
+             (cipher.is_a?(Cryptograph::Aead) && fragment_len > 2**14 + 256)
+
+        fragment = binary.slice(5, fragment_len)
+        raise Error::ErrorAlerts, :decode_error \
+          unless binary.length == 5 + fragment_len
+
+        if type == ContentType::APPLICATION_DATA
+          fragment, inner_type = cipher.decrypt(fragment, binary.slice(0, 5))
+        end
+        messages, surplus_binary = deserialize_fragment(buffered + fragment,
+                                                        inner_type || type)
+
+        Record.new(type: type,
+                   legacy_record_version: legacy_record_version,
+                   messages: messages,
+                   surplus_binary: surplus_binary,
+                   cipher: cipher)
+      end
+      # rubocop: enable Metrics/CyclomaticComplexity
+      # rubocop: enable Metrics/PerceivedComplexity
+
+      private
+
+      # @raise [TTTLS13::Error::ErrorAlerts]
+      #
+      # @return [TTTLS13::Message::ContentType]
+      def messages_type
+        types = @messages.map(&:class).uniq
+        raise Error::ErrorAlerts, :internal_error unless types.length == 1
+
+        type = types.first
+        if [Message::ClientHello,
+            Message::ServerHello,
+            Message::EncryptedExtensions,
+            Message::Certificate,
+            Message::CertificateVerify,
+            Message::Finished,
+            Message::EndOfEarlyData,
+            Message::NewSessionTicket].include?(type)
+          ContentType::HANDSHAKE
+        elsif type == ChangeCipherSpec
+          ContentType::CCS
+        elsif type == Message::ApplicationData
+          ContentType::APPLICATION_DATA
+        elsif type == Message::Alert
+          ContentType::ALERT
+        else
+          raise Error::ErrorAlerts, :internal_error
+        end
+      end
+
+      class << self
+        private
+
+        # @param binary [String]
+        # @param type [TTTLS13::Message::ContentType]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [Array of TTTLS13::Message::$Object, String]
+        # @return [String]
+        def deserialize_fragment(binary, type)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          surplus_binary = ''
+          case type
+          when ContentType::HANDSHAKE
+            messages, surplus_binary = deserialize_handshake(binary)
+          when ContentType::CCS
+            messages = [ChangeCipherSpec.deserialize(binary)]
+          when ContentType::APPLICATION_DATA
+            messages = [ApplicationData.deserialize(binary)]
+          when ContentType::ALERT
+            messages = [Alert.deserialize(binary)]
+          else
+            raise Error::ErrorAlerts, :unexpected_message
+          end
+
+          [messages, surplus_binary]
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [Array of TTTLS13::Message::$Object]
+        # @return [String]
+        def deserialize_handshake(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          handshakes = []
+          i = 0
+          while i < binary.length
+            # Handshake.length is kind of uint24 and Record.length is kind of
+            # uint16, so Handshake can be longer than Record capacity.
+            if binary.length < 4 + i ||
+               binary.length < 4 + i + Convert.bin2i(binary.slice(i + 1, 3))
+              surplus_binary = binary[i..]
+              return [handshakes, surplus_binary]
+            end
+
+            msg_len = Convert.bin2i(binary.slice(i + 1, 3))
+            msg_bin = binary.slice(i, msg_len + 4)
+            message = do_deserialize_handshake(msg_bin)
+            i += msg_len + 4
+            handshakes << message
+          end
+
+          surplus_binary = binary[i..]
+          [handshakes, surplus_binary]
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [Array of TTTLS13::Message::$Object]
+        # rubocop: disable Metrics/CyclomaticComplexity
+        def do_deserialize_handshake(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+          raise Error::ErrorAlerts, :decode_error if binary.empty?
+
+          case binary[0]
+          when HandshakeType::CLIENT_HELLO
+            ClientHello.deserialize(binary)
+          when HandshakeType::SERVER_HELLO
+            ServerHello.deserialize(binary)
+          when HandshakeType::ENCRYPTED_EXTENSIONS
+            EncryptedExtensions.deserialize(binary)
+          when HandshakeType::CERTIFICATE
+            Certificate.deserialize(binary)
+          when HandshakeType::CERTIFICATE_VERIFY
+            CertificateVerify.deserialize(binary)
+          when HandshakeType::FINISHED
+            Finished.deserialize(binary)
+          when HandshakeType::NEW_SESSION_TICKET
+            NewSessionTicket.deserialize(binary)
+          when HandshakeType::END_OF_EARLY_DATA
+            EndOfEarlyData.deserialize(binary)
+          else
+            raise Error::ErrorAlerts, :unexpected_message
+          end
+        end
+        # rubocop: enable Metrics/CyclomaticComplexity
+      end
+    end
+    # rubocop: enable Metrics/ClassLength
+  end
+end

data/lib/tttls1.3/message/server_hello.rb

@@ -0,0 +1,116 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    class ServerHello
+      # special value of the SHA-256 of "HelloRetryRequest"
+      HRR_RANDOM \
+      = "\xcf\x21\xad\x74\xe5\x9a\x61\x11\xbe\x1d\x8c\x02\x1e\x65\xb8\x91" \
+        "\xc2\xa2\x11\x16\x7a\xbb\x8c\x5e\x07\x9e\x09\xe2\xc8\xa8\x33\x9c"
+
+      attr_reader :msg_type
+      attr_reader :legacy_version
+      attr_reader :random
+      attr_reader :legacy_session_id_echo
+      attr_reader :cipher_suite
+      attr_reader :legacy_compression_method
+      attr_reader :extensions
+
+      # @param legacy_version [String]
+      # @param random [String]
+      # @param legacy_session_id_echo [String]
+      # @param cipher_suite [TTTLS13::CipherSuite]
+      # @param legacy_compression_method [String]
+      # @param extensions [TTTLS13::Message::Extensions]
+      # rubocop: disable Metrics/ParameterLists
+      def initialize(legacy_version: ProtocolVersion::TLS_1_2,
+                     random: OpenSSL::Random.random_bytes(32),
+                     legacy_session_id_echo:,
+                     cipher_suite:,
+                     legacy_compression_method: "\x00",
+                     extensions: Extensions.new)
+        @msg_type = HandshakeType::SERVER_HELLO
+        @legacy_version = legacy_version
+        @random = random
+        @legacy_session_id_echo = legacy_session_id_echo
+        @cipher_suite = cipher_suite
+        @legacy_compression_method = legacy_compression_method
+        @extensions = extensions
+        @hrr = (random == HRR_RANDOM)
+      end
+      # rubocop: enable Metrics/ParameterLists
+
+      # @return [String]
+      def serialize
+        binary = ''
+        binary += @legacy_version
+        binary += @random
+        binary += @legacy_session_id_echo.prefix_uint8_length
+        binary += @cipher_suite
+        binary += @legacy_compression_method
+        binary += @extensions.serialize
+
+        @msg_type + binary.prefix_uint24_length
+      end
+
+      # @param binary [String]
+      #
+      # @raise [TTTLS13::Error::ErrorAlerts]
+      #
+      # @return [TTTLS13::Message::ServerHello]
+      # rubocop: disable Metrics/AbcSize
+      # rubocop: disable Metrics/CyclomaticComplexity
+      # rubocop: disable Metrics/MethodLength
+      # rubocop: disable Metrics/PerceivedComplexity
+      def self.deserialize(binary)
+        raise Error::ErrorAlerts, :internal_error if binary.nil?
+        raise Error::ErrorAlerts, :decode_error if binary.length < 39
+        raise Error::ErrorAlerts, :internal_error \
+          unless binary[0] == HandshakeType::SERVER_HELLO
+
+        msg_len = Convert.bin2i(binary.slice(1, 3))
+        legacy_version = binary.slice(4, 2)
+        random = binary.slice(6, 32)
+        lsid_len = Convert.bin2i(binary[38])
+        legacy_session_id_echo = binary.slice(39, lsid_len)
+        i = 39 + lsid_len
+        cipher_suite = binary.slice(i, 2)
+        i += 2
+        legacy_compression_method = binary[i]
+        i += 1
+        exs_len = Convert.bin2i(binary.slice(i, 2))
+        i += 2
+        exs_bin = binary.slice(i, exs_len)
+        if random == HRR_RANDOM
+          msg_type = HandshakeType::HELLO_RETRY_REQUEST
+          @hrr = true
+        else
+          msg_type = HandshakeType::SERVER_HELLO
+          @hrr = false
+        end
+        extensions = Extensions.deserialize(exs_bin, msg_type)
+        i += exs_len
+        raise Error::ErrorAlerts, :decode_error unless i == msg_len + 4 &&
+                                                       i == binary.length
+
+        ServerHello.new(legacy_version: legacy_version,
+                        random: random,
+                        legacy_session_id_echo: legacy_session_id_echo,
+                        cipher_suite: cipher_suite,
+                        legacy_compression_method: legacy_compression_method,
+                        extensions: extensions)
+      end
+      # rubocop: enable Metrics/AbcSize
+      # rubocop: enable Metrics/CyclomaticComplexity
+      # rubocop: enable Metrics/MethodLength
+      # rubocop: enable Metrics/PerceivedComplexity
+
+      # @return [Boolean]
+      def hrr?
+        @hrr
+      end
+    end
+  end
+end

data/lib/tttls1.3/message.rb

@@ -0,0 +1,48 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+Dir[File.dirname(__FILE__) + '/message/*.rb'].each { |f| require f }
+
+module TTTLS13
+  module Message
+    module ContentType
+      INVALID          = "\x00"
+      CCS              = "\x14"
+      ALERT            = "\x15"
+      HANDSHAKE        = "\x16"
+      APPLICATION_DATA = "\x17"
+    end
+
+    module ProtocolVersion
+      TLS_1_0 = "\x03\x01"
+      TLS_1_1 = "\x03\x02"
+      TLS_1_2 = "\x03\x03"
+      TLS_1_3 = "\x03\x04"
+    end
+
+    DEFAULT_VERSIONS = [ProtocolVersion::TLS_1_3].freeze
+
+    module HandshakeType
+      HELLO_REQUEST        = "\x00" # RESERVED
+      CLIENT_HELLO         = "\x01"
+      SERVER_HELLO         = "\x02"
+      HELLO_VERIFY_REQUEST = "\x03" # RESERVED
+      NEW_SESSION_TICKET   = "\x04"
+      END_OF_EARLY_DATA    = "\x05"
+      HELLO_RETRY_REQUEST  = "\x06" # RESERVED
+      ENCRYPTED_EXTENSIONS = "\x08"
+      CERTIFICATE          = "\x0b"
+      SERVER_KEY_EXCHANGE  = "\x0c" # RESERVED
+      CERTIFICATE_REQUEST  = "\x0d"
+      SERVER_HELLO_DONE    = "\x0e" # RESERVED
+      CERTIFICATE_VERIFY   = "\x0f"
+      CLIENT_KEY_EXCHANGE  = "\x10" # RESERVED
+      FINISHED             = "\x14"
+      CERTIFICATE_URL      = "\x15" # RESERVED
+      CERTIFICATE_STATUS   = "\x16" # RESERVED
+      SUPPLEMENTAL_DATA    = "\x17" # RESERVED
+      KEY_UPDATE           = "\x18"
+      MESSAGE_HASH         = "\xfe"
+    end
+  end
+end

data/lib/tttls1.3/sequence_number.rb

@@ -0,0 +1,31 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  class SequenceNumber
+    def initialize
+      @seq_num = 0
+    end
+
+    # @param str [String]
+    # @param iv_len [Integer]
+    #
+    # @return [String]
+    def xor(str, iv_len)
+      l = @seq_num.to_uint64.unpack('C*')
+      l.unshift(0) while l.length < iv_len
+      r = str.unpack('C*')
+      l.zip(r).map { |x, y| (x ^ y).chr }.join
+    end
+
+    def succ
+      @seq_num += 1
+    end
+
+    # @return [Boolean]
+    def next?
+      @seq_num < 2**64 - 1
+    end
+  end
+end

data/lib/tttls1.3/signature_scheme.rb

@@ -0,0 +1,31 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  module SignatureScheme
+    # RSASSA-PKCS1-v1_5 algorithms
+    RSA_PKCS1_SHA256       = "\x04\x01"
+    RSA_PKCS1_SHA384       = "\x05\x01"
+    RSA_PKCS1_SHA512       = "\x06\x01"
+    # ECDSA algorithms
+    ECDSA_SECP256R1_SHA256 = "\x04\x03"
+    ECDSA_SECP384R1_SHA384 = "\x05\x03"
+    ECDSA_SECP521R1_SHA512 = "\x06\x03"
+    # RSASSA-PSS algorithms with public key OID rsaEncryption
+    RSA_PSS_RSAE_SHA256    = "\x08\x04"
+    RSA_PSS_RSAE_SHA384    = "\x08\x05"
+    RSA_PSS_RSAE_SHA512    = "\x08\x06"
+    # EdDSA algorithms
+    # ED25519                = "\x08\x07" # UNSUPPORTED
+    # ED448                  = "\x08\x08" # UNSUPPORTED
+    # RSASSA-PSS algorithms with public key OID RSASSA-PSS
+    RSA_PSS_PSS_SHA256     = "\x08\x09"
+    RSA_PSS_PSS_SHA384     = "\x08\x0a"
+    RSA_PSS_PSS_SHA512     = "\x08\x0b"
+    # Legacy algorithms
+    # RSA_PKCS1_SHA1         = "\x02\x01" # UNSUPPORTED
+    # ECDSA_SHA1             = "\x02\x03" # UNSUPPORTED
+    # Reserved Code Points
+    # private_use "\xfe\x00" ~ "\xff\xff"
+  end
+end

data/lib/tttls1.3/transcript.rb

@@ -0,0 +1,69 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+
+  CH1  = 0
+  HRR  = 1
+  CH   = 2
+  SH   = 3
+  EE   = 4
+  CR   = 5
+  CT   = 6
+  CV   = 7
+  SF   = 8
+  EOED = 9
+  CCT  = 10
+  CCV  = 11
+  CF   = 12
+
+  class Transcript < Hash
+    def initialize
+      super
+    end
+
+    # @param digest [String] name of digest algorithm
+    # @param end_index [Integer]
+    #
+    # @return [String]
+    def hash(digest, end_index)
+      s = concat_messages(digest, end_index)
+      OpenSSL::Digest.digest(digest, s)
+    end
+
+    # @param digest [String] name of digest algorithm
+    # @param end_index [Integer]
+    # @param truncate_bytes [Integer]
+    #
+    # @return [String]
+    def truncate_hash(digest, end_index, truncate_bytes)
+      s = concat_messages(digest, end_index)
+      truncated = s[0...-truncate_bytes]
+      OpenSSL::Digest.digest(digest, truncated)
+    end
+
+    private
+
+    # @param digest [String] name of digest algorithm
+    # @param end_index [Integer]
+    #
+    # @return [String]
+    def concat_messages(digest, end_index)
+      exc_prefix = ''
+      if include?(HRR)
+        # as an exception to the general rule
+        exc_prefix = Message::HandshakeType::MESSAGE_HASH \
+                     + "\x00\x00" \
+                     + OpenSSL::Digest.new(digest).digest_length.to_uint8 \
+                     + OpenSSL::Digest.digest(digest, self[CH1].serialize) \
+                     + self[HRR].serialize
+      end
+
+      messages = (CH..end_index).to_a.map do |m|
+        include?(m) ? self[m].serialize : ''
+      end
+      exc_prefix + messages.join
+    end
+  end
+end

data/lib/tttls1.3/utils.rb

@@ -0,0 +1,91 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  module Refinements
+    refine Integer do
+      def to_uint8
+        raise Error::ErrorAlerts, :internal_error \
+          if negative? || self >= (1 << 8)
+
+        chr
+      end
+
+      def to_uint16
+        raise Error::ErrorAlerts, :internal_error \
+          if negative? || self >= (1 << 16)
+
+        [
+          self / (1 << 8),
+          self % (1 << 8)
+        ].map(&:chr).join
+      end
+
+      def to_uint24
+        raise Error::ErrorAlerts, :internal_error \
+          if negative? || self >= (1 << 24)
+
+        [
+          self / (1 << 16),
+          self % (1 << 16) / (1 << 8),
+          self % (1 << 8)
+        ].map(&:chr).join
+      end
+
+      def to_uint32
+        raise Error::ErrorAlerts, :internal_error \
+          if negative? || self >= (1 << 32)
+
+        [
+          self / (1 << 24),
+          self % (1 << 24) / (1 << 16),
+          self % (1 << 16) / (1 << 8),
+          self % (1 << 8)
+        ].map(&:chr).join
+      end
+
+      def to_uint64
+        raise Error::ErrorAlerts, :internal_error \
+          if negative? || self >= (1 << 64)
+
+        [
+          self / (1 << 32),
+          self % (1 << 32) / (1 << 24),
+          self % (1 << 24) / (1 << 16),
+          self % (1 << 16) / (1 << 8),
+          self % (1 << 8)
+        ].map(&:chr).join
+      end
+    end
+
+    refine String do
+      def prefix_uint8_length
+        length.to_uint8 + self
+      end
+
+      def prefix_uint16_length
+        length.to_uint16 + self
+      end
+
+      def prefix_uint24_length
+        length.to_uint24 + self
+      end
+
+      def prefix_uint32_length
+        length.to_uint32 + self
+      end
+
+      def prefix_uint64_length
+        length.to_uint64 + self
+      end
+    end
+  end
+
+  module Convert
+    class << self
+      def bin2i(binary)
+        binary.unpack('C*').reverse.map.with_index { |x, i| x << 8 * i }.sum
+      end
+    end
+  end
+end

data/lib/tttls1.3/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module TTTLS13
+  VERSION = '0.1.0'
+end

data/lib/tttls1.3.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+require 'tttls1.3/version'
+require 'tttls1.3/utils'
+require 'tttls1.3/error'
+require 'tttls1.3/cipher_suites'
+require 'tttls1.3/signature_scheme'
+require 'tttls1.3/cryptograph'
+require 'tttls1.3/transcript'
+require 'tttls1.3/key_schedule'
+require 'tttls1.3/message'
+require 'tttls1.3/sequence_number'
+require 'tttls1.3/connection'
+require 'tttls1.3/client'