tttls1.3 0.1.4 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -0
- data/README.md +35 -13
- data/Rakefile +2 -4
- data/example/helper.rb +30 -7
- data/example/https_client.rb +3 -20
- data/example/https_client_using_0rtt.rb +10 -24
- data/example/https_client_using_hrr.rb +3 -20
- data/example/https_client_using_ticket.rb +3 -20
- data/example/https_server.rb +43 -0
- data/interop/client_spec.rb +111 -22
- data/interop/helper.rb +1 -0
- data/interop/server_spec.rb +182 -0
- data/lib/tttls1.3/client.rb +115 -98
- data/lib/tttls1.3/connection.rb +119 -32
- data/lib/tttls1.3/message/certificate.rb +18 -0
- data/lib/tttls1.3/message/client_hello.rb +38 -0
- data/lib/tttls1.3/message/encrypted_extensions.rb +20 -16
- data/lib/tttls1.3/message/extension/key_share.rb +24 -2
- data/lib/tttls1.3/message/extension/supported_groups.rb +0 -87
- data/lib/tttls1.3/message/extensions.rb +1 -27
- data/lib/tttls1.3/message/new_session_ticket.rb +14 -0
- data/lib/tttls1.3/message/record.rb +23 -20
- data/lib/tttls1.3/message/server_hello.rb +27 -0
- data/lib/tttls1.3/message.rb +35 -2
- data/lib/tttls1.3/named_group.rb +89 -0
- data/lib/tttls1.3/server.rb +439 -0
- data/lib/tttls1.3/transcript.rb +6 -0
- data/lib/tttls1.3/version.rb +1 -1
- data/lib/tttls1.3.rb +3 -0
- data/spec/certificate_spec.rb +28 -1
- data/spec/client_spec.rb +14 -10
- data/spec/connection_spec.rb +43 -13
- data/spec/encrypted_extensions_spec.rb +4 -4
- data/spec/fixtures/rsa_ca.crt +29 -0
- data/spec/fixtures/rsa_ca.key +51 -0
- data/spec/fixtures/rsa_rsa.crt +23 -0
- data/spec/fixtures/rsa_rsa.key +27 -0
- data/spec/fixtures/rsa_secp256r1.crt +19 -0
- data/spec/fixtures/rsa_secp256r1.key +5 -0
- data/spec/fixtures/rsa_secp384r1.crt +19 -0
- data/spec/fixtures/rsa_secp384r1.key +6 -0
- data/spec/fixtures/rsa_secp521r1.crt +20 -0
- data/spec/fixtures/rsa_secp521r1.key +7 -0
- data/spec/server_spec.rb +186 -0
- data/spec/spec_helper.rb +43 -0
- metadata +28 -2
data/lib/tttls1.3/client.rb
CHANGED
@@ -20,6 +20,7 @@ module TTTLS13
|
|
20
20
|
CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
|
21
21
|
CipherSuite::TLS_AES_128_GCM_SHA256
|
22
22
|
].freeze
|
23
|
+
private_constant :DEFAULT_CH_CIPHER_SUITES
|
23
24
|
|
24
25
|
DEFAULT_CH_SIGNATURE_ALGORITHMS = [
|
25
26
|
SignatureScheme::ECDSA_SECP256R1_SHA256,
|
@@ -32,12 +33,14 @@ module TTTLS13
|
|
32
33
|
SignatureScheme::RSA_PKCS1_SHA384,
|
33
34
|
SignatureScheme::RSA_PKCS1_SHA512
|
34
35
|
].freeze
|
36
|
+
private_constant :DEFAULT_CH_SIGNATURE_ALGORITHMS
|
35
37
|
|
36
38
|
DEFAULT_CH_NAMED_GROUP_LIST = [
|
37
|
-
|
38
|
-
|
39
|
-
|
39
|
+
NamedGroup::SECP256R1,
|
40
|
+
NamedGroup::SECP384R1,
|
41
|
+
NamedGroup::SECP521R1
|
40
42
|
].freeze
|
43
|
+
private_constant :DEFAULT_CH_NAMED_GROUP_LIST
|
41
44
|
|
42
45
|
DEFAULT_CLIENT_SETTINGS = {
|
43
46
|
ca_file: nil,
|
@@ -55,9 +58,15 @@ module TTTLS13
|
|
55
58
|
ticket_timestamp: nil,
|
56
59
|
loglevel: Logger::WARN
|
57
60
|
}.freeze
|
61
|
+
private_constant :DEFAULT_CLIENT_SETTINGS
|
58
62
|
|
59
63
|
# rubocop: disable Metrics/ClassLength
|
60
64
|
class Client < Connection
|
65
|
+
DOWNGRADE_PROTECTION_TLS_1_2 = "\x44\x4F\x57\x4E\x47\x52\x44\x01"
|
66
|
+
private_constant :DOWNGRADE_PROTECTION_TLS_1_2
|
67
|
+
DOWNGRADE_PROTECTION_TLS_1_1 = "\x44\x4F\x57\x4E\x47\x52\x44\x00"
|
68
|
+
private_constant :DOWNGRADE_PROTECTION_TLS_1_1
|
69
|
+
|
61
70
|
# @param socket [Socket]
|
62
71
|
# @param hostname [String]
|
63
72
|
# @param settings [Hash]
|
@@ -71,7 +80,7 @@ module TTTLS13
|
|
71
80
|
|
72
81
|
@early_data = ''
|
73
82
|
@early_data_write_cipher = nil # Cryptograph::$Object
|
74
|
-
@
|
83
|
+
@succeed_early_data = false
|
75
84
|
raise Error::ConfigError unless valid_settings?
|
76
85
|
return unless use_psk?
|
77
86
|
|
@@ -132,7 +141,9 @@ module TTTLS13
|
|
132
141
|
when ClientState::START
|
133
142
|
logger.debug('ClientState::START')
|
134
143
|
|
135
|
-
|
144
|
+
exs, @priv_keys = gen_ch_extensions
|
145
|
+
@transcript[CH] = send_client_hello(exs)
|
146
|
+
send_ccs # compatibility mode
|
136
147
|
if use_early_data?
|
137
148
|
@early_data_write_cipher \
|
138
149
|
= gen_cipher(@settings[:psk_cipher_suite],
|
@@ -145,15 +156,22 @@ module TTTLS13
|
|
145
156
|
when ClientState::WAIT_SH
|
146
157
|
logger.debug('ClientState::WAIT_SH')
|
147
158
|
|
148
|
-
sh = recv_server_hello
|
159
|
+
sh = @transcript[SH] = recv_server_hello
|
160
|
+
terminate(:illegal_parameter) unless sh.only_appearable_extensions?
|
161
|
+
# support only TLS 1.3
|
162
|
+
terminate(:protocol_version) unless negotiated_tls_1_3?
|
163
|
+
|
164
|
+
# validate parameters
|
149
165
|
terminate(:illegal_parameter) unless valid_sh_legacy_version?
|
166
|
+
terminate(:illegal_parameter) unless valid_sh_random?
|
150
167
|
terminate(:illegal_parameter) unless valid_sh_legacy_session_id_echo?
|
151
168
|
terminate(:illegal_parameter) unless valid_sh_cipher_suite?
|
169
|
+
terminate(:illegal_parameter) \
|
170
|
+
if @transcript.include?(HRR) &&
|
171
|
+
neq_hrr_cipher_suite?(sh.cipher_suite)
|
152
172
|
terminate(:illegal_parameter) unless valid_sh_compression_method?
|
153
|
-
# only TLS 1.3
|
154
|
-
terminate(:illegal_parameter) unless valid_sh_random?
|
155
|
-
terminate(:protocol_version) unless negotiated_tls_1_3?
|
156
173
|
|
174
|
+
# handling HRR
|
157
175
|
if sh.hrr?
|
158
176
|
terminate(:unexpected_message) if received_2nd_hrr?
|
159
177
|
|
@@ -163,36 +181,36 @@ module TTTLS13
|
|
163
181
|
unless offered_ch_extensions?(sh.extensions, HRR)
|
164
182
|
terminate(:illegal_parameter) unless valid_hrr_key_share?
|
165
183
|
|
166
|
-
send_new_client_hello
|
184
|
+
ch = send_new_client_hello(@transcript[CH1], @transcript[HRR])
|
185
|
+
@transcript[CH] = ch
|
167
186
|
@state = ClientState::WAIT_SH
|
168
187
|
next
|
169
188
|
end
|
170
189
|
|
190
|
+
# validate extensions
|
171
191
|
terminate(:unsupported_extension) \
|
172
192
|
unless offered_ch_extensions?(sh.extensions)
|
173
|
-
|
174
|
-
if @transcript.include?(HRR) &&
|
175
|
-
neq_hrr_cipher_suite?(sh.cipher_suite)
|
193
|
+
|
176
194
|
versions \
|
177
195
|
= sh.extensions[Message::ExtensionType::SUPPORTED_VERSIONS].versions
|
178
196
|
terminate(:illegal_parameter) \
|
179
197
|
if @transcript.include?(HRR) &&
|
180
198
|
neq_hrr_supported_versions?(versions)
|
181
199
|
|
182
|
-
|
183
|
-
|
184
|
-
|
200
|
+
# generate shared secret
|
201
|
+
@psk = nil unless sh.extensions
|
202
|
+
.include?(Message::ExtensionType::PRE_SHARED_KEY)
|
185
203
|
terminate(:illegal_parameter) unless valid_sh_key_share?
|
186
204
|
|
187
205
|
kse = sh.extensions[Message::ExtensionType::KEY_SHARE]
|
188
206
|
.key_share_entry.first
|
189
|
-
|
207
|
+
ke = kse.key_exchange
|
190
208
|
group = kse.group
|
191
209
|
priv_key = @priv_keys[group]
|
192
|
-
|
210
|
+
shared_secret = gen_shared_secret(ke, priv_key, group)
|
193
211
|
@cipher_suite = sh.cipher_suite
|
194
212
|
@key_schedule = KeySchedule.new(psk: @psk,
|
195
|
-
shared_secret:
|
213
|
+
shared_secret: shared_secret,
|
196
214
|
cipher_suite: @cipher_suite,
|
197
215
|
transcript: @transcript)
|
198
216
|
@write_cipher = gen_cipher(@cipher_suite,
|
@@ -205,15 +223,15 @@ module TTTLS13
|
|
205
223
|
when ClientState::WAIT_EE
|
206
224
|
logger.debug('ClientState::WAIT_EE')
|
207
225
|
|
208
|
-
ee = recv_encrypted_extensions
|
209
|
-
terminate(:illegal_parameter)
|
226
|
+
ee = @transcript[EE] = recv_encrypted_extensions
|
227
|
+
terminate(:illegal_parameter) unless ee.only_appearable_extensions?
|
210
228
|
terminate(:unsupported_extension) \
|
211
229
|
unless offered_ch_extensions?(ee.extensions)
|
212
230
|
|
213
231
|
rsl = ee.extensions[Message::ExtensionType::RECORD_SIZE_LIMIT]
|
214
232
|
@send_record_size = rsl.record_size_limit unless rsl.nil?
|
215
233
|
|
216
|
-
@
|
234
|
+
@succeed_early_data = true \
|
217
235
|
if ee.extensions.include?(Message::ExtensionType::EARLY_DATA)
|
218
236
|
|
219
237
|
@state = ClientState::WAIT_CERT_CR
|
@@ -223,14 +241,15 @@ module TTTLS13
|
|
223
241
|
|
224
242
|
message = recv_message
|
225
243
|
if message.msg_type == Message::HandshakeType::CERTIFICATE
|
226
|
-
@transcript[CT] =
|
244
|
+
ct = @transcript[CT] = message
|
245
|
+
terminate(:illegal_parameter) unless ct.only_appearable_extensions?
|
227
246
|
terminate(:unsupported_extension) \
|
228
247
|
unless ct.certificate_list.map(&:extensions)
|
229
248
|
.all? { |ex| offered_ch_extensions?(ex) }
|
230
249
|
|
231
250
|
terminate(:certificate_unknown) \
|
232
|
-
unless
|
233
|
-
|
251
|
+
unless trusted_certificate?(ct.certificate_list,
|
252
|
+
@settings[:ca_file], @hostname)
|
234
253
|
|
235
254
|
@state = ClientState::WAIT_CV
|
236
255
|
elsif message.msg_type == Message::HandshakeType::CERTIFICATE_REQUEST
|
@@ -243,31 +262,32 @@ module TTTLS13
|
|
243
262
|
when ClientState::WAIT_CERT
|
244
263
|
logger.debug('ClientState::WAIT_EE')
|
245
264
|
|
246
|
-
ct = recv_certificate
|
265
|
+
ct = @transcript[CT] = recv_certificate
|
266
|
+
terminate(:illegal_parameter) unless ct.only_appearable_extensions?
|
247
267
|
terminate(:unsupported_extension) \
|
248
268
|
unless ct.certificate_list.map(&:extensions)
|
249
269
|
.all? { |ex| offered_ch_extensions?(ex) }
|
250
270
|
|
251
271
|
terminate(:certificate_unknown) \
|
252
|
-
unless
|
253
|
-
|
272
|
+
unless trusted_certificate?(ct.certificate_list,
|
273
|
+
@settings[:ca_file], @hostname)
|
254
274
|
|
255
275
|
@state = ClientState::WAIT_CV
|
256
276
|
when ClientState::WAIT_CV
|
257
277
|
logger.debug('ClientState::WAIT_EE')
|
258
278
|
|
259
|
-
recv_certificate_verify
|
260
|
-
terminate(:decrypt_error) unless
|
279
|
+
@transcript[CV] = recv_certificate_verify
|
280
|
+
terminate(:decrypt_error) unless verified_certificate_verify?
|
261
281
|
@state = ClientState::WAIT_FINISHED
|
262
282
|
when ClientState::WAIT_FINISHED
|
263
283
|
logger.debug('ClientState::WAIT_EE')
|
264
284
|
|
265
|
-
recv_finished
|
266
|
-
terminate(:decrypt_error) unless
|
267
|
-
|
268
|
-
|
285
|
+
@transcript[SF] = recv_finished
|
286
|
+
terminate(:decrypt_error) unless verified_finished?
|
287
|
+
@transcript[EOED] = send_eoed \
|
288
|
+
if use_early_data? && succeed_early_data?
|
269
289
|
# TODO: Send Certificate [+ CertificateVerify]
|
270
|
-
send_finished
|
290
|
+
@transcript[CF] = send_finished
|
271
291
|
@write_cipher = gen_cipher(@cipher_suite,
|
272
292
|
@key_schedule.client_application_write_key,
|
273
293
|
@key_schedule.client_application_write_iv)
|
@@ -298,48 +318,39 @@ module TTTLS13
|
|
298
318
|
end
|
299
319
|
|
300
320
|
# @return [Boolean]
|
301
|
-
def
|
302
|
-
@
|
321
|
+
def succeed_early_data?
|
322
|
+
@succeed_early_data
|
303
323
|
end
|
304
324
|
|
305
325
|
private
|
306
326
|
|
307
|
-
DOWNGRADE_PROTECTION_TLS_1_2 = "\x44\x4F\x57\x4E\x47\x52\x44\x01"
|
308
|
-
DOWNGRADE_PROTECTION_TLS_1_1 = "\x44\x4F\x57\x4E\x47\x52\x44\x00"
|
309
|
-
|
310
327
|
# @return [Boolean]
|
311
|
-
# rubocop: disable Metrics/AbcSize
|
312
328
|
# rubocop: disable Metrics/CyclomaticComplexity
|
313
329
|
# rubocop: disable Metrics/PerceivedComplexity
|
314
330
|
def valid_settings?
|
315
|
-
|
316
|
-
defined_cipher_suites =
|
331
|
+
mod = CipherSuite
|
332
|
+
defined_cipher_suites = mod.constants.map { |c| mod.const_get(c) }
|
317
333
|
return false \
|
318
334
|
unless (@settings[:cipher_suites] - defined_cipher_suites).empty?
|
319
335
|
|
320
336
|
sa = @settings[:signature_algorithms]
|
321
|
-
|
322
|
-
defined_signature_schemes =
|
323
|
-
return false
|
324
|
-
unless (sa - defined_signature_schemes).empty?
|
337
|
+
mod = SignatureScheme
|
338
|
+
defined_signature_schemes = mod.constants.map { |c| mod.const_get(c) }
|
339
|
+
return false unless (sa - defined_signature_schemes).empty?
|
325
340
|
|
326
341
|
sac = @settings[:signature_algorithms_cert] || []
|
327
|
-
return false
|
328
|
-
unless (sac - defined_signature_schemes).empty?
|
342
|
+
return false unless (sac - defined_signature_schemes).empty?
|
329
343
|
|
330
344
|
sg = @settings[:supported_groups]
|
331
|
-
|
332
|
-
defined_named_groups = ng.constants.map { |c| ng.const_get(c) }
|
333
|
-
return false \
|
334
|
-
unless (sg - defined_named_groups).empty?
|
345
|
+
return false unless (sac - defined_signature_schemes).empty?
|
335
346
|
|
336
347
|
ksg = @settings[:key_share_groups]
|
337
|
-
return false
|
338
|
-
|
348
|
+
return false \
|
349
|
+
unless ksg.nil? ||
|
350
|
+
((ksg - sg).empty? && sg.select { |g| ksg.include?(g) } == ksg)
|
339
351
|
|
340
352
|
true
|
341
353
|
end
|
342
|
-
# rubocop: enable Metrics/AbcSize
|
343
354
|
# rubocop: enable Metrics/CyclomaticComplexity
|
344
355
|
# rubocop: enable Metrics/PerceivedComplexity
|
345
356
|
|
@@ -383,6 +394,7 @@ module TTTLS13
|
|
383
394
|
end
|
384
395
|
|
385
396
|
# @return [TTTLS13::Message::Extensions]
|
397
|
+
# @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
|
386
398
|
# rubocop: disable Metrics/AbcSize
|
387
399
|
# rubocop: disable Metrics/CyclomaticComplexity
|
388
400
|
def gen_ch_extensions
|
@@ -413,7 +425,6 @@ module TTTLS13
|
|
413
425
|
key_share, priv_keys \
|
414
426
|
= Message::Extension::KeyShare.gen_ch_key_share(ksg)
|
415
427
|
exs << key_share
|
416
|
-
@priv_keys = priv_keys.merge(@priv_keys)
|
417
428
|
|
418
429
|
# server_name
|
419
430
|
exs << Message::Extension::ServerName.new(@hostname) \
|
@@ -422,19 +433,19 @@ module TTTLS13
|
|
422
433
|
# early_data
|
423
434
|
exs << Message::Extension::EarlyDataIndication.new if use_early_data?
|
424
435
|
|
425
|
-
Message::Extensions.new(exs)
|
436
|
+
[Message::Extensions.new(exs), priv_keys]
|
426
437
|
end
|
427
438
|
# rubocop: enable Metrics/AbcSize
|
428
439
|
# rubocop: enable Metrics/CyclomaticComplexity
|
429
440
|
|
441
|
+
# @param exs [TTTLS13::Message::Extensions]
|
442
|
+
#
|
430
443
|
# @return [TTTLS13::Message::ClientHello]
|
431
|
-
def send_client_hello
|
432
|
-
exs = gen_ch_extensions
|
444
|
+
def send_client_hello(exs)
|
433
445
|
ch = Message::ClientHello.new(
|
434
446
|
cipher_suites: CipherSuites.new(@settings[:cipher_suites]),
|
435
447
|
extensions: exs
|
436
448
|
)
|
437
|
-
@transcript[CH] = ch
|
438
449
|
|
439
450
|
if use_psk?
|
440
451
|
# pre_shared_key && psk_key_exchange_modes
|
@@ -448,14 +459,18 @@ module TTTLS13
|
|
448
459
|
)
|
449
460
|
ch.extensions[Message::ExtensionType::PSK_KEY_EXCHANGE_MODES] = pkem
|
450
461
|
# at the end, sign PSK binder
|
451
|
-
sign_psk_binder
|
462
|
+
sign_psk_binder(ch)
|
452
463
|
end
|
453
464
|
|
454
465
|
send_handshakes(Message::ContentType::HANDSHAKE, [ch], @write_cipher)
|
466
|
+
|
467
|
+
ch
|
455
468
|
end
|
456
469
|
|
470
|
+
# @param ch [TTTLS13::Message::ClientHello]
|
471
|
+
#
|
457
472
|
# @return [String]
|
458
|
-
def sign_psk_binder
|
473
|
+
def sign_psk_binder(ch)
|
459
474
|
# pre_shared_key
|
460
475
|
#
|
461
476
|
# binder is computed as an HMAC over a transcript hash containing a
|
@@ -476,10 +491,11 @@ module TTTLS13
|
|
476
491
|
binders: dummy_binders
|
477
492
|
)
|
478
493
|
)
|
479
|
-
|
494
|
+
ch.extensions[Message::ExtensionType::PRE_SHARED_KEY] = psk
|
480
495
|
|
481
|
-
|
482
|
-
|
496
|
+
transcript = @transcript.clone
|
497
|
+
transcript[CH] = ch
|
498
|
+
psk.offered_psks.binders[0] = do_sign_psk_binder(digest, transcript)
|
483
499
|
end
|
484
500
|
|
485
501
|
# @return [Integer]
|
@@ -493,15 +509,17 @@ module TTTLS13
|
|
493
509
|
# NOTE:
|
494
510
|
# https://tools.ietf.org/html/rfc8446#section-4.1.2
|
495
511
|
#
|
512
|
+
# @param ch1 [TTTLS13::Message::ClientHello]
|
513
|
+
# @param hrr [TTTLS13::Message::ServerHello]
|
514
|
+
#
|
496
515
|
# @return [TTTLS13::Message::ClientHello]
|
497
|
-
def send_new_client_hello
|
498
|
-
hrr_exs = @transcript[HRR].extensions
|
516
|
+
def send_new_client_hello(ch1, hrr)
|
499
517
|
arr = []
|
500
518
|
|
501
519
|
# key_share
|
502
|
-
if
|
503
|
-
group =
|
504
|
-
|
520
|
+
if hrr.extensions.include?(Message::ExtensionType::KEY_SHARE)
|
521
|
+
group = hrr.extensions[Message::ExtensionType::KEY_SHARE]
|
522
|
+
.key_share_entry.first.group
|
505
523
|
key_share, priv_keys \
|
506
524
|
= Message::Extension::KeyShare.gen_ch_key_share([group])
|
507
525
|
arr << key_share
|
@@ -511,17 +529,15 @@ module TTTLS13
|
|
511
529
|
# cookie
|
512
530
|
#
|
513
531
|
# When sending a HelloRetryRequest, the server MAY provide a "cookie"
|
514
|
-
# extension to the client
|
532
|
+
# extension to the client. When sending the new ClientHello, the client
|
515
533
|
# MUST copy the contents of the extension received in the
|
516
534
|
# HelloRetryRequest into a "cookie" extension in the new ClientHello.
|
517
535
|
#
|
518
536
|
# https://tools.ietf.org/html/rfc8446#section-4.2.2
|
519
|
-
|
520
|
-
|
521
|
-
end
|
537
|
+
arr << hrr.extensions[Message::ExtensionType::COOKIE] \
|
538
|
+
if hrr.extensions.include?(Message::ExtensionType::COOKIE)
|
522
539
|
|
523
540
|
# early_data
|
524
|
-
ch1 = @transcript[CH1]
|
525
541
|
new_exs = ch1.extensions.merge(Message::Extensions.new(arr))
|
526
542
|
new_exs.delete(Message::ExtensionType::EARLY_DATA)
|
527
543
|
ch = Message::ClientHello.new(
|
@@ -533,7 +549,8 @@ module TTTLS13
|
|
533
549
|
extensions: new_exs
|
534
550
|
)
|
535
551
|
send_handshakes(Message::ContentType::HANDSHAKE, [ch], @write_cipher)
|
536
|
-
|
552
|
+
|
553
|
+
ch
|
537
554
|
end
|
538
555
|
|
539
556
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
@@ -543,7 +560,7 @@ module TTTLS13
|
|
543
560
|
sh = recv_message
|
544
561
|
terminate(:unexpected_message) unless sh.is_a?(Message::ServerHello)
|
545
562
|
|
546
|
-
|
563
|
+
sh
|
547
564
|
end
|
548
565
|
|
549
566
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
@@ -554,7 +571,7 @@ module TTTLS13
|
|
554
571
|
terminate(:unexpected_message) \
|
555
572
|
unless ee.is_a?(Message::EncryptedExtensions)
|
556
573
|
|
557
|
-
|
574
|
+
ee
|
558
575
|
end
|
559
576
|
|
560
577
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
@@ -564,7 +581,7 @@ module TTTLS13
|
|
564
581
|
ct = recv_message
|
565
582
|
terminate(:unexpected_message) unless ct.is_a?(Message::Certificate)
|
566
583
|
|
567
|
-
|
584
|
+
ct
|
568
585
|
end
|
569
586
|
|
570
587
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
@@ -574,7 +591,7 @@ module TTTLS13
|
|
574
591
|
cv = recv_message
|
575
592
|
terminate(:unexpected_message) unless cv.is_a?(Message::CertificateVerify)
|
576
593
|
|
577
|
-
|
594
|
+
cv
|
578
595
|
end
|
579
596
|
|
580
597
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
@@ -584,7 +601,7 @@ module TTTLS13
|
|
584
601
|
sf = recv_message
|
585
602
|
terminate(:unexpected_message) unless sf.is_a?(Message::Finished)
|
586
603
|
|
587
|
-
|
604
|
+
sf
|
588
605
|
end
|
589
606
|
|
590
607
|
# @return [TTTLS13::Message::Finished]
|
@@ -593,7 +610,7 @@ module TTTLS13
|
|
593
610
|
send_handshakes(Message::ContentType::APPLICATION_DATA, [cf],
|
594
611
|
@write_cipher)
|
595
612
|
|
596
|
-
|
613
|
+
cf
|
597
614
|
end
|
598
615
|
|
599
616
|
# @return [TTTLS13::Message::EndOfEarlyData]
|
@@ -602,22 +619,22 @@ module TTTLS13
|
|
602
619
|
send_handshakes(Message::ContentType::APPLICATION_DATA, [eoed],
|
603
620
|
@early_data_write_cipher)
|
604
621
|
|
605
|
-
|
622
|
+
eoed
|
606
623
|
end
|
607
624
|
|
608
625
|
# @return [Boolean]
|
609
|
-
def
|
626
|
+
def verified_certificate_verify?
|
610
627
|
ct = @transcript[CT]
|
611
|
-
|
628
|
+
public_key = ct.certificate_list.first.cert_data.public_key
|
612
629
|
cv = @transcript[CV]
|
613
630
|
signature_scheme = cv.signature_scheme
|
614
631
|
signature = cv.signature
|
615
632
|
context = 'TLS 1.3, server CertificateVerify'
|
616
|
-
|
617
|
-
|
618
|
-
|
619
|
-
|
620
|
-
|
633
|
+
do_verified_certificate_verify?(public_key: public_key,
|
634
|
+
signature_scheme: signature_scheme,
|
635
|
+
signature: signature,
|
636
|
+
context: context,
|
637
|
+
handshake_context_end: CT)
|
621
638
|
end
|
622
639
|
|
623
640
|
# @return [String]
|
@@ -630,14 +647,14 @@ module TTTLS13
|
|
630
647
|
end
|
631
648
|
|
632
649
|
# @return [Boolean]
|
633
|
-
def
|
650
|
+
def verified_finished?
|
634
651
|
digest = CipherSuite.digest(@cipher_suite)
|
635
652
|
finished_key = @key_schedule.server_finished_key
|
636
653
|
signature = @transcript[SF].verify_data
|
637
|
-
|
638
|
-
|
639
|
-
|
640
|
-
|
654
|
+
do_verified_finished?(digest: digest,
|
655
|
+
finished_key: finished_key,
|
656
|
+
handshake_context_end: CV,
|
657
|
+
signature: signature)
|
641
658
|
end
|
642
659
|
|
643
660
|
# NOTE:
|
@@ -651,10 +668,10 @@ module TTTLS13
|
|
651
668
|
sh = @transcript[SH]
|
652
669
|
sh_lv = sh.legacy_version
|
653
670
|
sh_sv = sh.extensions[Message::ExtensionType::SUPPORTED_VERSIONS]
|
654
|
-
&.versions
|
671
|
+
&.versions || []
|
655
672
|
|
656
673
|
sh_lv == Message::ProtocolVersion::TLS_1_2 &&
|
657
|
-
sh_sv
|
674
|
+
sh_sv.first == Message::ProtocolVersion::TLS_1_3
|
658
675
|
end
|
659
676
|
|
660
677
|
# @return [Boolean]
|