tttls1.3 0.1.4 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +3 -0
  3. data/README.md +35 -13
  4. data/Rakefile +2 -4
  5. data/example/helper.rb +30 -7
  6. data/example/https_client.rb +3 -20
  7. data/example/https_client_using_0rtt.rb +10 -24
  8. data/example/https_client_using_hrr.rb +3 -20
  9. data/example/https_client_using_ticket.rb +3 -20
  10. data/example/https_server.rb +43 -0
  11. data/interop/client_spec.rb +111 -22
  12. data/interop/helper.rb +1 -0
  13. data/interop/server_spec.rb +182 -0
  14. data/lib/tttls1.3/client.rb +115 -98
  15. data/lib/tttls1.3/connection.rb +119 -32
  16. data/lib/tttls1.3/message/certificate.rb +18 -0
  17. data/lib/tttls1.3/message/client_hello.rb +38 -0
  18. data/lib/tttls1.3/message/encrypted_extensions.rb +20 -16
  19. data/lib/tttls1.3/message/extension/key_share.rb +24 -2
  20. data/lib/tttls1.3/message/extension/supported_groups.rb +0 -87
  21. data/lib/tttls1.3/message/extensions.rb +1 -27
  22. data/lib/tttls1.3/message/new_session_ticket.rb +14 -0
  23. data/lib/tttls1.3/message/record.rb +23 -20
  24. data/lib/tttls1.3/message/server_hello.rb +27 -0
  25. data/lib/tttls1.3/message.rb +35 -2
  26. data/lib/tttls1.3/named_group.rb +89 -0
  27. data/lib/tttls1.3/server.rb +439 -0
  28. data/lib/tttls1.3/transcript.rb +6 -0
  29. data/lib/tttls1.3/version.rb +1 -1
  30. data/lib/tttls1.3.rb +3 -0
  31. data/spec/certificate_spec.rb +28 -1
  32. data/spec/client_spec.rb +14 -10
  33. data/spec/connection_spec.rb +43 -13
  34. data/spec/encrypted_extensions_spec.rb +4 -4
  35. data/spec/fixtures/rsa_ca.crt +29 -0
  36. data/spec/fixtures/rsa_ca.key +51 -0
  37. data/spec/fixtures/rsa_rsa.crt +23 -0
  38. data/spec/fixtures/rsa_rsa.key +27 -0
  39. data/spec/fixtures/rsa_secp256r1.crt +19 -0
  40. data/spec/fixtures/rsa_secp256r1.key +5 -0
  41. data/spec/fixtures/rsa_secp384r1.crt +19 -0
  42. data/spec/fixtures/rsa_secp384r1.key +6 -0
  43. data/spec/fixtures/rsa_secp521r1.crt +20 -0
  44. data/spec/fixtures/rsa_secp521r1.key +7 -0
  45. data/spec/server_spec.rb +186 -0
  46. data/spec/spec_helper.rb +43 -0
  47. metadata +28 -2
@@ -20,6 +20,7 @@ module TTTLS13
20
20
  CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
21
21
  CipherSuite::TLS_AES_128_GCM_SHA256
22
22
  ].freeze
23
+ private_constant :DEFAULT_CH_CIPHER_SUITES
23
24
 
24
25
  DEFAULT_CH_SIGNATURE_ALGORITHMS = [
25
26
  SignatureScheme::ECDSA_SECP256R1_SHA256,
@@ -32,12 +33,14 @@ module TTTLS13
32
33
  SignatureScheme::RSA_PKCS1_SHA384,
33
34
  SignatureScheme::RSA_PKCS1_SHA512
34
35
  ].freeze
36
+ private_constant :DEFAULT_CH_SIGNATURE_ALGORITHMS
35
37
 
36
38
  DEFAULT_CH_NAMED_GROUP_LIST = [
37
- Message::Extension::NamedGroup::SECP256R1,
38
- Message::Extension::NamedGroup::SECP384R1,
39
- Message::Extension::NamedGroup::SECP521R1
39
+ NamedGroup::SECP256R1,
40
+ NamedGroup::SECP384R1,
41
+ NamedGroup::SECP521R1
40
42
  ].freeze
43
+ private_constant :DEFAULT_CH_NAMED_GROUP_LIST
41
44
 
42
45
  DEFAULT_CLIENT_SETTINGS = {
43
46
  ca_file: nil,
@@ -55,9 +58,15 @@ module TTTLS13
55
58
  ticket_timestamp: nil,
56
59
  loglevel: Logger::WARN
57
60
  }.freeze
61
+ private_constant :DEFAULT_CLIENT_SETTINGS
58
62
 
59
63
  # rubocop: disable Metrics/ClassLength
60
64
  class Client < Connection
65
+ DOWNGRADE_PROTECTION_TLS_1_2 = "\x44\x4F\x57\x4E\x47\x52\x44\x01"
66
+ private_constant :DOWNGRADE_PROTECTION_TLS_1_2
67
+ DOWNGRADE_PROTECTION_TLS_1_1 = "\x44\x4F\x57\x4E\x47\x52\x44\x00"
68
+ private_constant :DOWNGRADE_PROTECTION_TLS_1_1
69
+
61
70
  # @param socket [Socket]
62
71
  # @param hostname [String]
63
72
  # @param settings [Hash]
@@ -71,7 +80,7 @@ module TTTLS13
71
80
 
72
81
  @early_data = ''
73
82
  @early_data_write_cipher = nil # Cryptograph::$Object
74
- @accepted_early_data = false
83
+ @succeed_early_data = false
75
84
  raise Error::ConfigError unless valid_settings?
76
85
  return unless use_psk?
77
86
 
@@ -132,7 +141,9 @@ module TTTLS13
132
141
  when ClientState::START
133
142
  logger.debug('ClientState::START')
134
143
 
135
- send_client_hello
144
+ exs, @priv_keys = gen_ch_extensions
145
+ @transcript[CH] = send_client_hello(exs)
146
+ send_ccs # compatibility mode
136
147
  if use_early_data?
137
148
  @early_data_write_cipher \
138
149
  = gen_cipher(@settings[:psk_cipher_suite],
@@ -145,15 +156,22 @@ module TTTLS13
145
156
  when ClientState::WAIT_SH
146
157
  logger.debug('ClientState::WAIT_SH')
147
158
 
148
- sh = recv_server_hello
159
+ sh = @transcript[SH] = recv_server_hello
160
+ terminate(:illegal_parameter) unless sh.only_appearable_extensions?
161
+ # support only TLS 1.3
162
+ terminate(:protocol_version) unless negotiated_tls_1_3?
163
+
164
+ # validate parameters
149
165
  terminate(:illegal_parameter) unless valid_sh_legacy_version?
166
+ terminate(:illegal_parameter) unless valid_sh_random?
150
167
  terminate(:illegal_parameter) unless valid_sh_legacy_session_id_echo?
151
168
  terminate(:illegal_parameter) unless valid_sh_cipher_suite?
169
+ terminate(:illegal_parameter) \
170
+ if @transcript.include?(HRR) &&
171
+ neq_hrr_cipher_suite?(sh.cipher_suite)
152
172
  terminate(:illegal_parameter) unless valid_sh_compression_method?
153
- # only TLS 1.3
154
- terminate(:illegal_parameter) unless valid_sh_random?
155
- terminate(:protocol_version) unless negotiated_tls_1_3?
156
173
 
174
+ # handling HRR
157
175
  if sh.hrr?
158
176
  terminate(:unexpected_message) if received_2nd_hrr?
159
177
 
@@ -163,36 +181,36 @@ module TTTLS13
163
181
  unless offered_ch_extensions?(sh.extensions, HRR)
164
182
  terminate(:illegal_parameter) unless valid_hrr_key_share?
165
183
 
166
- send_new_client_hello
184
+ ch = send_new_client_hello(@transcript[CH1], @transcript[HRR])
185
+ @transcript[CH] = ch
167
186
  @state = ClientState::WAIT_SH
168
187
  next
169
188
  end
170
189
 
190
+ # validate extensions
171
191
  terminate(:unsupported_extension) \
172
192
  unless offered_ch_extensions?(sh.extensions)
173
- terminate(:illegal_parameter) \
174
- if @transcript.include?(HRR) &&
175
- neq_hrr_cipher_suite?(sh.cipher_suite)
193
+
176
194
  versions \
177
195
  = sh.extensions[Message::ExtensionType::SUPPORTED_VERSIONS].versions
178
196
  terminate(:illegal_parameter) \
179
197
  if @transcript.include?(HRR) &&
180
198
  neq_hrr_supported_versions?(versions)
181
199
 
182
- @psk = nil \
183
- unless sh.extensions
184
- .include?(Message::ExtensionType::PRE_SHARED_KEY)
200
+ # generate shared secret
201
+ @psk = nil unless sh.extensions
202
+ .include?(Message::ExtensionType::PRE_SHARED_KEY)
185
203
  terminate(:illegal_parameter) unless valid_sh_key_share?
186
204
 
187
205
  kse = sh.extensions[Message::ExtensionType::KEY_SHARE]
188
206
  .key_share_entry.first
189
- key_exchange = kse.key_exchange
207
+ ke = kse.key_exchange
190
208
  group = kse.group
191
209
  priv_key = @priv_keys[group]
192
- shared_key = gen_shared_secret(key_exchange, priv_key, group)
210
+ shared_secret = gen_shared_secret(ke, priv_key, group)
193
211
  @cipher_suite = sh.cipher_suite
194
212
  @key_schedule = KeySchedule.new(psk: @psk,
195
- shared_secret: shared_key,
213
+ shared_secret: shared_secret,
196
214
  cipher_suite: @cipher_suite,
197
215
  transcript: @transcript)
198
216
  @write_cipher = gen_cipher(@cipher_suite,
@@ -205,15 +223,15 @@ module TTTLS13
205
223
  when ClientState::WAIT_EE
206
224
  logger.debug('ClientState::WAIT_EE')
207
225
 
208
- ee = recv_encrypted_extensions
209
- terminate(:illegal_parameter) if ee.any_forbidden_extensions?
226
+ ee = @transcript[EE] = recv_encrypted_extensions
227
+ terminate(:illegal_parameter) unless ee.only_appearable_extensions?
210
228
  terminate(:unsupported_extension) \
211
229
  unless offered_ch_extensions?(ee.extensions)
212
230
 
213
231
  rsl = ee.extensions[Message::ExtensionType::RECORD_SIZE_LIMIT]
214
232
  @send_record_size = rsl.record_size_limit unless rsl.nil?
215
233
 
216
- @accepted_early_data = true \
234
+ @succeed_early_data = true \
217
235
  if ee.extensions.include?(Message::ExtensionType::EARLY_DATA)
218
236
 
219
237
  @state = ClientState::WAIT_CERT_CR
@@ -223,14 +241,15 @@ module TTTLS13
223
241
 
224
242
  message = recv_message
225
243
  if message.msg_type == Message::HandshakeType::CERTIFICATE
226
- @transcript[CT] = ct = message
244
+ ct = @transcript[CT] = message
245
+ terminate(:illegal_parameter) unless ct.only_appearable_extensions?
227
246
  terminate(:unsupported_extension) \
228
247
  unless ct.certificate_list.map(&:extensions)
229
248
  .all? { |ex| offered_ch_extensions?(ex) }
230
249
 
231
250
  terminate(:certificate_unknown) \
232
- unless certified_certificate?(ct.certificate_list,
233
- @settings[:ca_file], @hostname)
251
+ unless trusted_certificate?(ct.certificate_list,
252
+ @settings[:ca_file], @hostname)
234
253
 
235
254
  @state = ClientState::WAIT_CV
236
255
  elsif message.msg_type == Message::HandshakeType::CERTIFICATE_REQUEST
@@ -243,31 +262,32 @@ module TTTLS13
243
262
  when ClientState::WAIT_CERT
244
263
  logger.debug('ClientState::WAIT_EE')
245
264
 
246
- ct = recv_certificate
265
+ ct = @transcript[CT] = recv_certificate
266
+ terminate(:illegal_parameter) unless ct.only_appearable_extensions?
247
267
  terminate(:unsupported_extension) \
248
268
  unless ct.certificate_list.map(&:extensions)
249
269
  .all? { |ex| offered_ch_extensions?(ex) }
250
270
 
251
271
  terminate(:certificate_unknown) \
252
- unless certified_certificate?(ct.certificate_list,
253
- @settings[:ca_file], @hostname)
272
+ unless trusted_certificate?(ct.certificate_list,
273
+ @settings[:ca_file], @hostname)
254
274
 
255
275
  @state = ClientState::WAIT_CV
256
276
  when ClientState::WAIT_CV
257
277
  logger.debug('ClientState::WAIT_EE')
258
278
 
259
- recv_certificate_verify
260
- terminate(:decrypt_error) unless verify_certificate_verify
279
+ @transcript[CV] = recv_certificate_verify
280
+ terminate(:decrypt_error) unless verified_certificate_verify?
261
281
  @state = ClientState::WAIT_FINISHED
262
282
  when ClientState::WAIT_FINISHED
263
283
  logger.debug('ClientState::WAIT_EE')
264
284
 
265
- recv_finished
266
- terminate(:decrypt_error) unless verify_finished
267
- send_ccs # compatibility mode
268
- send_eoed if use_early_data? && accepted_early_data?
285
+ @transcript[SF] = recv_finished
286
+ terminate(:decrypt_error) unless verified_finished?
287
+ @transcript[EOED] = send_eoed \
288
+ if use_early_data? && succeed_early_data?
269
289
  # TODO: Send Certificate [+ CertificateVerify]
270
- send_finished
290
+ @transcript[CF] = send_finished
271
291
  @write_cipher = gen_cipher(@cipher_suite,
272
292
  @key_schedule.client_application_write_key,
273
293
  @key_schedule.client_application_write_iv)
@@ -298,48 +318,39 @@ module TTTLS13
298
318
  end
299
319
 
300
320
  # @return [Boolean]
301
- def accepted_early_data?
302
- @accepted_early_data
321
+ def succeed_early_data?
322
+ @succeed_early_data
303
323
  end
304
324
 
305
325
  private
306
326
 
307
- DOWNGRADE_PROTECTION_TLS_1_2 = "\x44\x4F\x57\x4E\x47\x52\x44\x01"
308
- DOWNGRADE_PROTECTION_TLS_1_1 = "\x44\x4F\x57\x4E\x47\x52\x44\x00"
309
-
310
327
  # @return [Boolean]
311
- # rubocop: disable Metrics/AbcSize
312
328
  # rubocop: disable Metrics/CyclomaticComplexity
313
329
  # rubocop: disable Metrics/PerceivedComplexity
314
330
  def valid_settings?
315
- cs = CipherSuite
316
- defined_cipher_suites = cs.constants.map { |c| cs.const_get(c) }
331
+ mod = CipherSuite
332
+ defined_cipher_suites = mod.constants.map { |c| mod.const_get(c) }
317
333
  return false \
318
334
  unless (@settings[:cipher_suites] - defined_cipher_suites).empty?
319
335
 
320
336
  sa = @settings[:signature_algorithms]
321
- ss = SignatureScheme
322
- defined_signature_schemes = ss.constants.map { |c| ss.const_get(c) }
323
- return false \
324
- unless (sa - defined_signature_schemes).empty?
337
+ mod = SignatureScheme
338
+ defined_signature_schemes = mod.constants.map { |c| mod.const_get(c) }
339
+ return false unless (sa - defined_signature_schemes).empty?
325
340
 
326
341
  sac = @settings[:signature_algorithms_cert] || []
327
- return false \
328
- unless (sac - defined_signature_schemes).empty?
342
+ return false unless (sac - defined_signature_schemes).empty?
329
343
 
330
344
  sg = @settings[:supported_groups]
331
- ng = Message::Extension::NamedGroup
332
- defined_named_groups = ng.constants.map { |c| ng.const_get(c) }
333
- return false \
334
- unless (sg - defined_named_groups).empty?
345
+ return false unless (sac - defined_signature_schemes).empty?
335
346
 
336
347
  ksg = @settings[:key_share_groups]
337
- return false unless ksg.nil? || ((ksg - sg).empty? &&
338
- sg.select { |g| ksg.include?(g) } == ksg)
348
+ return false \
349
+ unless ksg.nil? ||
350
+ ((ksg - sg).empty? && sg.select { |g| ksg.include?(g) } == ksg)
339
351
 
340
352
  true
341
353
  end
342
- # rubocop: enable Metrics/AbcSize
343
354
  # rubocop: enable Metrics/CyclomaticComplexity
344
355
  # rubocop: enable Metrics/PerceivedComplexity
345
356
 
@@ -383,6 +394,7 @@ module TTTLS13
383
394
  end
384
395
 
385
396
  # @return [TTTLS13::Message::Extensions]
397
+ # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
386
398
  # rubocop: disable Metrics/AbcSize
387
399
  # rubocop: disable Metrics/CyclomaticComplexity
388
400
  def gen_ch_extensions
@@ -413,7 +425,6 @@ module TTTLS13
413
425
  key_share, priv_keys \
414
426
  = Message::Extension::KeyShare.gen_ch_key_share(ksg)
415
427
  exs << key_share
416
- @priv_keys = priv_keys.merge(@priv_keys)
417
428
 
418
429
  # server_name
419
430
  exs << Message::Extension::ServerName.new(@hostname) \
@@ -422,19 +433,19 @@ module TTTLS13
422
433
  # early_data
423
434
  exs << Message::Extension::EarlyDataIndication.new if use_early_data?
424
435
 
425
- Message::Extensions.new(exs)
436
+ [Message::Extensions.new(exs), priv_keys]
426
437
  end
427
438
  # rubocop: enable Metrics/AbcSize
428
439
  # rubocop: enable Metrics/CyclomaticComplexity
429
440
 
441
+ # @param exs [TTTLS13::Message::Extensions]
442
+ #
430
443
  # @return [TTTLS13::Message::ClientHello]
431
- def send_client_hello
432
- exs = gen_ch_extensions
444
+ def send_client_hello(exs)
433
445
  ch = Message::ClientHello.new(
434
446
  cipher_suites: CipherSuites.new(@settings[:cipher_suites]),
435
447
  extensions: exs
436
448
  )
437
- @transcript[CH] = ch
438
449
 
439
450
  if use_psk?
440
451
  # pre_shared_key && psk_key_exchange_modes
@@ -448,14 +459,18 @@ module TTTLS13
448
459
  )
449
460
  ch.extensions[Message::ExtensionType::PSK_KEY_EXCHANGE_MODES] = pkem
450
461
  # at the end, sign PSK binder
451
- sign_psk_binder
462
+ sign_psk_binder(ch)
452
463
  end
453
464
 
454
465
  send_handshakes(Message::ContentType::HANDSHAKE, [ch], @write_cipher)
466
+
467
+ ch
455
468
  end
456
469
 
470
+ # @param ch [TTTLS13::Message::ClientHello]
471
+ #
457
472
  # @return [String]
458
- def sign_psk_binder
473
+ def sign_psk_binder(ch)
459
474
  # pre_shared_key
460
475
  #
461
476
  # binder is computed as an HMAC over a transcript hash containing a
@@ -476,10 +491,11 @@ module TTTLS13
476
491
  binders: dummy_binders
477
492
  )
478
493
  )
479
- @transcript[CH].extensions[Message::ExtensionType::PRE_SHARED_KEY] = psk
494
+ ch.extensions[Message::ExtensionType::PRE_SHARED_KEY] = psk
480
495
 
481
- # TODO: ext binder
482
- psk.offered_psks.binders[0] = do_sign_psk_binder(digest)
496
+ transcript = @transcript.clone
497
+ transcript[CH] = ch
498
+ psk.offered_psks.binders[0] = do_sign_psk_binder(digest, transcript)
483
499
  end
484
500
 
485
501
  # @return [Integer]
@@ -493,15 +509,17 @@ module TTTLS13
493
509
  # NOTE:
494
510
  # https://tools.ietf.org/html/rfc8446#section-4.1.2
495
511
  #
512
+ # @param ch1 [TTTLS13::Message::ClientHello]
513
+ # @param hrr [TTTLS13::Message::ServerHello]
514
+ #
496
515
  # @return [TTTLS13::Message::ClientHello]
497
- def send_new_client_hello
498
- hrr_exs = @transcript[HRR].extensions
516
+ def send_new_client_hello(ch1, hrr)
499
517
  arr = []
500
518
 
501
519
  # key_share
502
- if hrr_exs.include?(Message::ExtensionType::KEY_SHARE)
503
- group = hrr_exs[Message::ExtensionType::KEY_SHARE].key_share_entry
504
- .first.group
520
+ if hrr.extensions.include?(Message::ExtensionType::KEY_SHARE)
521
+ group = hrr.extensions[Message::ExtensionType::KEY_SHARE]
522
+ .key_share_entry.first.group
505
523
  key_share, priv_keys \
506
524
  = Message::Extension::KeyShare.gen_ch_key_share([group])
507
525
  arr << key_share
@@ -511,17 +529,15 @@ module TTTLS13
511
529
  # cookie
512
530
  #
513
531
  # When sending a HelloRetryRequest, the server MAY provide a "cookie"
514
- # extension to the client... When sending the new ClientHello, the client
532
+ # extension to the client. When sending the new ClientHello, the client
515
533
  # MUST copy the contents of the extension received in the
516
534
  # HelloRetryRequest into a "cookie" extension in the new ClientHello.
517
535
  #
518
536
  # https://tools.ietf.org/html/rfc8446#section-4.2.2
519
- if hrr_exs.include?(Message::ExtensionType::COOKIE)
520
- arr << hrr_exs[Message::ExtensionType::COOKIE]
521
- end
537
+ arr << hrr.extensions[Message::ExtensionType::COOKIE] \
538
+ if hrr.extensions.include?(Message::ExtensionType::COOKIE)
522
539
 
523
540
  # early_data
524
- ch1 = @transcript[CH1]
525
541
  new_exs = ch1.extensions.merge(Message::Extensions.new(arr))
526
542
  new_exs.delete(Message::ExtensionType::EARLY_DATA)
527
543
  ch = Message::ClientHello.new(
@@ -533,7 +549,8 @@ module TTTLS13
533
549
  extensions: new_exs
534
550
  )
535
551
  send_handshakes(Message::ContentType::HANDSHAKE, [ch], @write_cipher)
536
- @transcript[CH] = ch
552
+
553
+ ch
537
554
  end
538
555
 
539
556
  # @raise [TTTLS13::Error::ErrorAlerts]
@@ -543,7 +560,7 @@ module TTTLS13
543
560
  sh = recv_message
544
561
  terminate(:unexpected_message) unless sh.is_a?(Message::ServerHello)
545
562
 
546
- @transcript[SH] = sh
563
+ sh
547
564
  end
548
565
 
549
566
  # @raise [TTTLS13::Error::ErrorAlerts]
@@ -554,7 +571,7 @@ module TTTLS13
554
571
  terminate(:unexpected_message) \
555
572
  unless ee.is_a?(Message::EncryptedExtensions)
556
573
 
557
- @transcript[EE] = ee
574
+ ee
558
575
  end
559
576
 
560
577
  # @raise [TTTLS13::Error::ErrorAlerts]
@@ -564,7 +581,7 @@ module TTTLS13
564
581
  ct = recv_message
565
582
  terminate(:unexpected_message) unless ct.is_a?(Message::Certificate)
566
583
 
567
- @transcript[CT] = ct
584
+ ct
568
585
  end
569
586
 
570
587
  # @raise [TTTLS13::Error::ErrorAlerts]
@@ -574,7 +591,7 @@ module TTTLS13
574
591
  cv = recv_message
575
592
  terminate(:unexpected_message) unless cv.is_a?(Message::CertificateVerify)
576
593
 
577
- @transcript[CV] = cv
594
+ cv
578
595
  end
579
596
 
580
597
  # @raise [TTTLS13::Error::ErrorAlerts]
@@ -584,7 +601,7 @@ module TTTLS13
584
601
  sf = recv_message
585
602
  terminate(:unexpected_message) unless sf.is_a?(Message::Finished)
586
603
 
587
- @transcript[SF] = sf
604
+ sf
588
605
  end
589
606
 
590
607
  # @return [TTTLS13::Message::Finished]
@@ -593,7 +610,7 @@ module TTTLS13
593
610
  send_handshakes(Message::ContentType::APPLICATION_DATA, [cf],
594
611
  @write_cipher)
595
612
 
596
- @transcript[CF] = cf
613
+ cf
597
614
  end
598
615
 
599
616
  # @return [TTTLS13::Message::EndOfEarlyData]
@@ -602,22 +619,22 @@ module TTTLS13
602
619
  send_handshakes(Message::ContentType::APPLICATION_DATA, [eoed],
603
620
  @early_data_write_cipher)
604
621
 
605
- @transcript[EOED] = eoed
622
+ eoed
606
623
  end
607
624
 
608
625
  # @return [Boolean]
609
- def verify_certificate_verify
626
+ def verified_certificate_verify?
610
627
  ct = @transcript[CT]
611
- certificate_pem = ct.certificate_list.first.cert_data.to_pem
628
+ public_key = ct.certificate_list.first.cert_data.public_key
612
629
  cv = @transcript[CV]
613
630
  signature_scheme = cv.signature_scheme
614
631
  signature = cv.signature
615
632
  context = 'TLS 1.3, server CertificateVerify'
616
- do_verify_certificate_verify(certificate_pem: certificate_pem,
617
- signature_scheme: signature_scheme,
618
- signature: signature,
619
- context: context,
620
- handshake_context_end: CT)
633
+ do_verified_certificate_verify?(public_key: public_key,
634
+ signature_scheme: signature_scheme,
635
+ signature: signature,
636
+ context: context,
637
+ handshake_context_end: CT)
621
638
  end
622
639
 
623
640
  # @return [String]
@@ -630,14 +647,14 @@ module TTTLS13
630
647
  end
631
648
 
632
649
  # @return [Boolean]
633
- def verify_finished
650
+ def verified_finished?
634
651
  digest = CipherSuite.digest(@cipher_suite)
635
652
  finished_key = @key_schedule.server_finished_key
636
653
  signature = @transcript[SF].verify_data
637
- do_verify_finished(digest: digest,
638
- finished_key: finished_key,
639
- handshake_context_end: CV,
640
- signature: signature)
654
+ do_verified_finished?(digest: digest,
655
+ finished_key: finished_key,
656
+ handshake_context_end: CV,
657
+ signature: signature)
641
658
  end
642
659
 
643
660
  # NOTE:
@@ -651,10 +668,10 @@ module TTTLS13
651
668
  sh = @transcript[SH]
652
669
  sh_lv = sh.legacy_version
653
670
  sh_sv = sh.extensions[Message::ExtensionType::SUPPORTED_VERSIONS]
654
- &.versions
671
+ &.versions || []
655
672
 
656
673
  sh_lv == Message::ProtocolVersion::TLS_1_2 &&
657
- sh_sv&.first == Message::ProtocolVersion::TLS_1_3
674
+ sh_sv.first == Message::ProtocolVersion::TLS_1_3
658
675
  end
659
676
 
660
677
  # @return [Boolean]