tttls1.3 0.1.0

data/spec/aead_spec.rb

@@ -0,0 +1,95 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Aead do
+  context 'aead using CipherSuite::TLS_AES_128_GCM_SHA256' do
+    let(:cipher) do
+      Aead.new(cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
+               write_key: TESTBINARY_SERVER_PARAMETERS_WRITE_KEY,
+               write_iv: TESTBINARY_SERVER_PARAMETERS_WRITE_IV,
+               sequence_number: SequenceNumber.new)
+    end
+
+    let(:content) do
+      TESTBINARY_SERVER_PARAMETERS
+    end
+
+    let(:encrypted_record) do
+      TESTBINARY_SERVER_PARAMETERS_RECORD[5..]
+    end
+
+    let(:record_header) do
+      TESTBINARY_SERVER_PARAMETERS_RECORD[0...5]
+    end
+
+    it 'should encrypt content of server parameters' do
+      expect(cipher.encrypt(content, ContentType::HANDSHAKE))
+        .to eq encrypted_record
+    end
+
+    it 'should decrypt encrypted_record server parameters' do
+      expect(cipher.decrypt(encrypted_record, record_header))
+        .to eq [content, ContentType::HANDSHAKE]
+    end
+  end
+
+  context 'aead using CipherSuite::TLS_AES_128_GCM_SHA256' do
+    let(:cipher) do
+      Aead.new(cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
+               write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
+               write_iv: TESTBINARY_CLIENT_FINISHED_WRITE_IV,
+               sequence_number: SequenceNumber.new)
+    end
+
+    let(:content) do
+      TESTBINARY_CLIENT_FINISHED
+    end
+
+    let(:encrypted_record) do
+      TESTBINARY_CLIENT_FINISHED_RECORD[5..]
+    end
+
+    let(:record_header) do
+      TESTBINARY_CLIENT_FINISHED_RECORD[0...5]
+    end
+
+    it 'should encrypt content of client finished' do
+      expect(cipher.encrypt(content, ContentType::HANDSHAKE))
+        .to eq encrypted_record
+    end
+
+    it 'should decrypt encrypted_record client finished' do
+      expect(cipher.decrypt(encrypted_record, record_header))
+        .to eq [content, ContentType::HANDSHAKE]
+    end
+  end
+
+  context 'aead using CipherSuite::TLS_AES_128_GCM_SHA256, ' \
+          'HelloRetryRequest,' do
+    let(:cipher) do
+      Aead.new(cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
+               write_key: TESTBINARY_HRR_SERVER_PARAMETERS_WRITE_KEY,
+               write_iv: TESTBINARY_HRR_SERVER_PARAMETERS_WRITE_IV,
+               sequence_number: SequenceNumber.new)
+    end
+
+    let(:content) do
+      TESTBINARY_HRR_SERVER_PARAMETERS
+    end
+
+    let(:encrypted_record) do
+      TESTBINARY_HRR_SERVER_PARAMETERS_RECORD[5..]
+    end
+
+    let(:record_header) do
+      TESTBINARY_HRR_SERVER_PARAMETERS_RECORD[0...5]
+    end
+
+    it 'should decrypt encrypted_record server parameters' do
+      expect(cipher.decrypt(encrypted_record, record_header))
+        .to eq [content, ContentType::HANDSHAKE]
+    end
+  end
+end

data/spec/alert_spec.rb

@@ -0,0 +1,54 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Alert do
+  context 'unexpected_message alert' do
+    let(:message) do
+      Alert.new(level: AlertLevel::FATAL,
+                description: ALERT_DESCRIPTION[:unexpected_message])
+    end
+
+    it 'should be serialized' do
+      expect(message.serialize).to eq AlertLevel::FATAL \
+                                      + ALERT_DESCRIPTION[:unexpected_message]
+    end
+
+    it 'should return error' do
+      expect(message.to_error).to be_a_kind_of(ErrorAlerts)
+      expect(message.to_error.message).to eq 'unexpected_message'
+    end
+  end
+
+  context 'unexpected_message alert, not given level' do
+    let(:message) do
+      Alert.new(description: ALERT_DESCRIPTION[:unexpected_message])
+    end
+
+    it 'should be serialized' do
+      expect(message.serialize).to eq AlertLevel::FATAL \
+                                      + ALERT_DESCRIPTION[:unexpected_message]
+    end
+
+    it 'should return error' do
+      expect(message.to_error).to be_a_kind_of(ErrorAlerts)
+      expect(message.to_error.message).to eq 'unexpected_message'
+    end
+  end
+
+  context 'valid alert binary' do
+    let(:message) do
+      Alert.deserialize(TESTBINARY_ALERT)
+    end
+
+    it 'should generate object' do
+      expect(message.level).to eq AlertLevel::WARNING
+      expect(message.description).to eq ALERT_DESCRIPTION[:close_notify]
+    end
+
+    it 'should generate serializable object' do
+      expect(message.serialize).to eq TESTBINARY_ALERT
+    end
+  end
+end

data/spec/alpn_spec.rb

@@ -0,0 +1,55 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe Alpn do
+  context 'valid alpn' do
+    let(:protocol_name_list) do
+      ['h2', 'http/1.1', 'http/1.0']
+    end
+
+    let(:extension) do
+      Alpn.new(protocol_name_list)
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
+      expect(extension.protocol_name_list).to eq protocol_name_list
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize)
+        .to eq ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION \
+               + 23.to_uint16 \
+               + 21.to_uint16 \
+               + 'h2'.prefix_uint8_length \
+               + 'http/1.1'.prefix_uint8_length \
+               + 'http/1.0'.prefix_uint8_length
+    end
+  end
+
+  context 'invalid alpn, empty,' do
+    let(:extension) do
+      Alpn.new([])
+    end
+
+    it 'should not be generated' do
+      expect { extension }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'valid alpn binary' do
+    let(:extension) do
+      Alpn.deserialize(TESTBINARY_ALPN)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
+      expect(extension.protocol_name_list).to eq ['h2', 'http/1.1']
+    end
+  end
+end

data/spec/application_data_spec.rb

@@ -0,0 +1,26 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ApplicationData do
+  context 'application_data' do
+    let(:message) do
+      ApplicationData.new(TESTBINARY_CLIENT_APPLICATION_DATA)
+    end
+
+    it 'should be serialized' do
+      expect(message.serialize).to eq TESTBINARY_CLIENT_APPLICATION_DATA
+    end
+  end
+
+  context 'valid application_data binary' do
+    let(:message) do
+      ApplicationData.deserialize(TESTBINARY_CLIENT_APPLICATION_DATA)
+    end
+
+    it 'should generate valid serializable object' do
+      expect(message.serialize).to eq TESTBINARY_CLIENT_APPLICATION_DATA
+    end
+  end
+end

data/spec/certificate_spec.rb

@@ -0,0 +1,55 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe Certificate do
+  context 'valid certificate' do
+    let(:certificate) do
+      OpenSSL::X509::Certificate.new(File.read(__dir__ + '/../tmp/server.crt'))
+    end
+
+    let(:message) do
+      Certificate.new(certificate_list: [CertificateEntry.new(certificate)])
+    end
+
+    it 'should be generated' do
+      expect(message.msg_type).to eq HandshakeType::CERTIFICATE
+      expect(message.certificate_request_context).to be_empty
+
+      certificate_entry = message.certificate_list.first
+      expect(certificate_entry.cert_data.subject.to_s).to eq '/CN=localhost'
+      expect(certificate_entry.extensions).to be_empty
+    end
+
+    it 'should be serialized' do
+      expect(message.serialize).to eq HandshakeType::CERTIFICATE \
+                                      + 990.to_uint24 \
+                                      + 0.to_uint8 \
+                                      + 986.to_uint24 \
+                                      + 981.to_uint24 \
+                                      + certificate.to_der \
+                                      + 0.to_uint16
+    end
+  end
+
+  context 'valid certificate binary' do
+    let(:message) do
+      Certificate.deserialize(TESTBINARY_CERTIFICATE)
+    end
+
+    it 'should generate valid object' do
+      expect(message.msg_type).to eq HandshakeType::CERTIFICATE
+      expect(message.certificate_request_context).to be_empty
+
+      certificate_entry = message.certificate_list.first
+      expect(certificate_entry.cert_data.subject.to_s).to eq '/CN=rsa'
+      expect(certificate_entry.extensions).to be_empty
+    end
+
+    it 'should generate serializable object' do
+      expect(message.serialize).to eq TESTBINARY_CERTIFICATE
+    end
+  end
+end

data/spec/certificate_verify_spec.rb

@@ -0,0 +1,51 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe CertificateVerify do
+  context 'valid certificate_verify' do
+    let(:signature) do
+      OpenSSL::Random.random_bytes(128)
+    end
+
+    let(:message) do
+      CertificateVerify.new(
+        signature_scheme: SignatureScheme::RSA_PSS_RSAE_SHA256,
+        signature: signature
+      )
+    end
+
+    it 'should be generated' do
+      expect(message.msg_type).to eq HandshakeType::CERTIFICATE_VERIFY
+      expect(message.signature_scheme) \
+        .to eq SignatureScheme::RSA_PSS_RSAE_SHA256
+      expect(message.signature).to eq signature
+    end
+
+    it 'should be serialized' do
+      expect(message.serialize).to eq HandshakeType::CERTIFICATE_VERIFY \
+                                      + 132.to_uint24 \
+                                      + SignatureScheme::RSA_PSS_RSAE_SHA256 \
+                                      + signature.prefix_uint16_length
+    end
+  end
+
+  context 'valid certificate_verify binary' do
+    let(:message) do
+      CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
+    end
+
+    it 'should generate valid object' do
+      expect(message.msg_type).to eq HandshakeType::CERTIFICATE_VERIFY
+      expect(message.signature_scheme) \
+        .to eq SignatureScheme::RSA_PSS_RSAE_SHA256
+      expect(message.signature.length).to eq 128
+    end
+
+    it 'should generate serializable object' do
+      expect(message.serialize).to eq TESTBINARY_CERTIFICATE_VERIFY
+    end
+  end
+end

data/spec/change_cipher_spec_spec.rb

@@ -0,0 +1,26 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ChangeCipherSpec do
+  context 'change_cipher_spec' do
+    let(:message) do
+      ChangeCipherSpec.new
+    end
+
+    it 'should be serialized' do
+      expect(message.serialize).to eq "\x01"
+    end
+  end
+
+  context 'valid change_cipher_spec binary' do
+    let(:message) do
+      ChangeCipherSpec.deserialize(TESTBINARY_CHANGE_CIPHER_SPEC)
+    end
+
+    it 'should generate valid serializable object' do
+      expect(message.serialize).to eq "\x01"
+    end
+  end
+end

data/spec/cipher_suites_spec.rb

@@ -0,0 +1,39 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe CipherSuites do
+  context 'valid cipher suites binary' do
+    let(:cs) do
+      CipherSuites.deserialize(TESTBINARY_CIPHER_SUITES)
+    end
+
+    it 'should generate valid object' do
+      expect(cs).to eq [CipherSuite::TLS_AES_256_GCM_SHA384,
+                        CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
+                        CipherSuite::TLS_AES_128_GCM_SHA256]
+    end
+  end
+
+  context 'invalid cipher suites binary, too short' do
+    let(:cs) do
+      CipherSuites.deserialize(TESTBINARY_CIPHER_SUITES[0...-1])
+    end
+
+    it 'should not generate object' do
+      expect { cs }.to raise_error(ErrorAlerts)
+    end
+  end
+
+  context 'invalid cipher suites binary, binary is nil' do
+    let(:cs) do
+      CipherSuites.deserialize(nil)
+    end
+
+    it 'should not generate object' do
+      expect { cs }.to raise_error(ErrorAlerts)
+    end
+  end
+end

data/spec/client_hello_spec.rb

@@ -0,0 +1,83 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require 'spec_helper'
+using Refinements
+
+RSpec.describe ClientHello do
+  context 'default client_hello' do
+    let(:random) do
+      OpenSSL::Random.random_bytes(32)
+    end
+
+    let(:legacy_session_id) do
+      Array.new(32, 0).map(&:chr).join
+    end
+
+    let(:cipher_suites) do
+      CipherSuites.new([TLS_AES_256_GCM_SHA384,
+                        TLS_CHACHA20_POLY1305_SHA256,
+                        TLS_AES_128_GCM_SHA256])
+    end
+
+    let(:message) do
+      ClientHello.new(random: random,
+                      legacy_session_id: legacy_session_id,
+                      cipher_suites: cipher_suites)
+    end
+
+    it 'should be generated' do
+      expect(message.msg_type).to eq HandshakeType::CLIENT_HELLO
+      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
+      expect(message.random).to eq random
+      expect(message.legacy_session_id).to eq legacy_session_id
+      expect(message.cipher_suites).to eq [TLS_AES_256_GCM_SHA384,
+                                           TLS_CHACHA20_POLY1305_SHA256,
+                                           TLS_AES_128_GCM_SHA256]
+      expect(message.legacy_compression_methods).to eq ["\x00"]
+      expect(message.extensions).to be_empty
+    end
+
+    it 'should be serialized' do
+      expect(message.serialize).to eq HandshakeType::CLIENT_HELLO \
+                                      + 79.to_uint24 \
+                                      + ProtocolVersion::TLS_1_2 \
+                                      + random \
+                                      + legacy_session_id.length.to_uint8 \
+                                      + legacy_session_id \
+                                      + cipher_suites.serialize \
+                                      + "\x01\x00" \
+                                      + Extensions.new.serialize
+    end
+  end
+
+  context 'valid client_hello binary' do
+    let(:message) do
+      ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
+    end
+
+    it 'should generate valid object' do
+      expect(message.msg_type).to eq HandshakeType::CLIENT_HELLO
+      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
+    end
+
+    it 'should generate valid serializable object' do
+      expect(message.serialize).to eq TESTBINARY_CLIENT_HELLO
+    end
+  end
+
+  context 'valid client_hello binary, 0-RTT,' do
+    let(:message) do
+      ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO)
+    end
+
+    it 'should generate valid object' do
+      expect(message.msg_type).to eq HandshakeType::CLIENT_HELLO
+      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
+    end
+
+    it 'should generate valid serializable object' do
+      expect(message.serialize).to eq TESTBINARY_0_RTT_CLIENT_HELLO
+    end
+  end
+end