tttls1.3 0.1.4 → 0.2.0

data/lib/tttls1.3/connection.rb

@@ -30,10 +30,13 @@ module TTTLS13
     # @raise [TTTLS13::Error::ConfigError]
     #
     # @return [String]
+    # rubocop: disable Metrics/CyclomaticComplexity
+    # rubocop: disable Metrics/PerceivedComplexity
     def read
       # secure channel has not established yet
       raise Error::ConfigError \
-        unless @endpoint == :client && @state == ClientState::CONNECTED
+        unless (@endpoint == :client && @state == ClientState::CONNECTED) ||
+               (@endpoint == :server && @state == ServerState::CONNECTED)
       return '' if @state == EOF
 
       message = nil
@@ -49,6 +52,8 @@ module TTTLS13
 
       message.fragment
     end
+    # rubocop: enable Metrics/CyclomaticComplexity
+    # rubocop: enable Metrics/PerceivedComplexity
 
     # @return [Boolean]
     def eof?
@@ -61,7 +66,8 @@ module TTTLS13
     def write(binary)
       # secure channel has not established yet
       raise Error::ConfigError \
-        unless @endpoint == :client && @state == ClientState::CONNECTED
+        unless (@endpoint == :client && @state == ClientState::CONNECTED) ||
+               (@endpoint == :server && @state == ServerState::CONNECTED)
 
       ap = Message::ApplicationData.new(binary)
       send_application_data(ap, @write_cipher)
@@ -144,7 +150,7 @@ module TTTLS13
 
     # @param record [TTTLS13::Message::Record]
     def send_record(record)
-      logger.debug('send ' + record.inspect)
+      logger.debug("send \n" + record.pretty_inspect)
       @socket.write(record.serialize(@send_record_size))
     end
 
@@ -164,7 +170,7 @@ module TTTLS13
           messages = record.messages
           break unless messages.empty?
         when Message::ContentType::CCS
-          terminate(:unexpected_message) unless ccs_receivable?
+          terminate(:unexpected_message) unless receivable_ccs?
           next
         when Message::ContentType::ALERT
           handle_received_alert(record.messages.first)
@@ -205,23 +211,69 @@ module TTTLS13
         terminate(:unexpected_message)
       end
 
-      logger.debug('receive ' + record.inspect)
+      logger.debug("receive \n" + record.pretty_inspect)
       record
     end
 
     # @param digest [String] name of digest algorithm
+    # @param transcript [TTTLS13::Transcript]
     #
     # @return [String]
-    def do_sign_psk_binder(digest)
+    def do_sign_psk_binder(digest, transcript)
       # TODO: ext binder
       secret = @key_schedule.binder_key_res
       hash_len = OpenSSL::Digest.new(digest).digest_length
       # transcript-hash (CH1 + HRR +) truncated-CH
-      hash = @transcript.truncate_hash(digest, CH, hash_len + 3)
+      hash = transcript.truncate_hash(digest, CH, hash_len + 3)
       OpenSSL::HMAC.digest(digest, secret, hash)
     end
 
-    # @param certificate_pem [String]
+    # @param private_key [OpenSSL::PKey::PKey]
+    # @param signature_scheme [TTTLS13::SignatureScheme]
+    # @param context [String]
+    # @param handshake_context_end [Integer]
+    #
+    # @raise [TTTLS13::Error::ErrorAlerts]
+    #
+    # @return [String]
+    # rubocop: disable Metrics/CyclomaticComplexity
+    def do_sign_certificate_verify(private_key:, signature_scheme:, context:,
+                                   handshake_context_end:)
+      digest = CipherSuite.digest(@cipher_suite)
+      hash = @transcript.hash(digest, handshake_context_end)
+      content = "\x20" * 64 + context + "\x00" + hash
+
+      # RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether
+      # RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".
+      case signature_scheme
+      when SignatureScheme::RSA_PKCS1_SHA256,
+           SignatureScheme::RSA_PSS_RSAE_SHA256,
+           SignatureScheme::RSA_PSS_PSS_SHA256
+        private_key.sign_pss('SHA256', content, salt_length: :digest,
+                                                mgf1_hash: 'SHA256')
+      when SignatureScheme::RSA_PKCS1_SHA384,
+           SignatureScheme::RSA_PSS_RSAE_SHA384,
+           SignatureScheme::RSA_PSS_PSS_SHA384
+        private_key.sign_pss('SHA384', content, salt_length: :digest,
+                                                mgf1_hash: 'SHA384')
+      when SignatureScheme::RSA_PKCS1_SHA512,
+           SignatureScheme::RSA_PSS_RSAE_SHA512,
+           SignatureScheme::RSA_PSS_PSS_SHA512
+        private_key.sign_pss('SHA512', content, salt_length: :digest,
+                                                mgf1_hash: 'SHA512')
+      when SignatureScheme::ECDSA_SECP256R1_SHA256
+        private_key.sign('SHA256', content)
+      when SignatureScheme::ECDSA_SECP384R1_SHA384
+        private_key.sign('SHA384', content)
+      when SignatureScheme::ECDSA_SECP521R1_SHA512
+        private_key.sign('SHA512', content)
+      else # TODO: ED25519, ED448
+        terminate(:internal_error)
+      end
+    end
+    # rubocop: enable Metrics/CyclomaticComplexity
+
+    # @param public_key [OpenSSL::PKey::PKey]
     # @param signature_scheme [TTTLS13::SignatureScheme]
     # @param signature [String]
     # @param context [String]
@@ -231,13 +283,12 @@ module TTTLS13
     #
     # @return [Boolean]
     # rubocop: disable Metrics/CyclomaticComplexity
-    def do_verify_certificate_verify(certificate_pem:, signature_scheme:,
-                                     signature:, context:,
-                                     handshake_context_end:)
+    def do_verified_certificate_verify?(public_key:, signature_scheme:,
+                                        signature:, context:,
+                                        handshake_context_end:)
       digest = CipherSuite.digest(@cipher_suite)
       hash = @transcript.hash(digest, handshake_context_end)
       content = "\x20" * 64 + context + "\x00" + hash
-      public_key = OpenSSL::X509::Certificate.new(certificate_pem).public_key
 
       # RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether
       # RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".
@@ -285,8 +336,8 @@ module TTTLS13
     # @param signature [String]
     #
     # @return [Boolean]
-    def do_verify_finished(digest:, finished_key:, handshake_context_end:,
-                           signature:)
+    def do_verified_finished?(digest:, finished_key:, handshake_context_end:,
+                              signature:)
       do_sign_finished(
         digest: digest,
         finished_key: finished_key,
@@ -296,11 +347,11 @@ module TTTLS13
 
     # @param key_exchange [String]
     # @param priv_key [OpenSSL::PKey::$Object]
-    # @param group [TTTLS13::Message::ExtensionType::NamedGroup]
+    # @param group [TTTLS13::NamedGroup]
     #
     # @return [String]
     def gen_shared_secret(key_exchange, priv_key, group)
-      curve = Message::Extension::NamedGroup.curve_name(group)
+      curve = NamedGroup.curve_name(group)
       terminate(:internal_error) if curve.nil?
 
       pub_key = OpenSSL::PKey::EC::Point.new(
@@ -315,7 +366,7 @@ module TTTLS13
     #
     # Received ccs before the first ClientHello message or after the peer's
     # Finished message, peer MUST abort.
-    def ccs_receivable?
+    def receivable_ccs?
       return false unless @transcript.include?(CH)
       return false if @endpoint == :client && @transcript.include?(SF)
       return false if @endpoint == :server && @transcript.include?(CF)
@@ -352,23 +403,13 @@ module TTTLS13
     # @param hostname [String]
     #
     # @return [Boolean]
-    # rubocop: disable Metrics/AbcSize
-    # rubocop: disable Metrics/CyclomaticComplexity
-    def certified_certificate?(certificate_list, ca_file = nil, hostname = nil)
+    def trusted_certificate?(certificate_list, ca_file = nil, hostname = nil)
       cert_bin = certificate_list.first.cert_data
       cert = OpenSSL::X509::Certificate.new(cert_bin)
 
       # not support CN matching, only support SAN matching
-      unless hostname.nil?
-        san = cert.extensions.find { |ex| ex.oid == 'subjectAltName' }
-        return false if san.nil?
-
-        ostr = OpenSSL::ASN1.decode(san.to_der).value.last
-        san_match = OpenSSL::ASN1.decode(ostr.value).map(&:value)
-                                 .map { |s| s.gsub('.', '\.').gsub('*', '.*') }
-                                 .any? { |s| hostname.match(/#{s}/) }
-        return false unless san_match
-      end
+      return false if !hostname.nil? && !matching_san?(cert, hostname)
+
       store = OpenSSL::X509::Store.new
       store.set_default_paths
       store.add_file(ca_file) unless ca_file.nil?
@@ -380,8 +421,54 @@ module TTTLS13
       now = Time.now
       ctx.verify && cert.not_before < now && now < cert.not_after
     end
-    # rubocop: enable Metrics/AbcSize
-    # rubocop: enable Metrics/CyclomaticComplexity
+
+    # @param cert [OpenSSL::X509::Certificate]
+    # @param name [String]
+    #
+    # @return [Boolean]
+    def matching_san?(cert, name)
+      san = cert.extensions.find { |ex| ex.oid == 'subjectAltName' }
+      return false if san.nil?
+
+      ostr = OpenSSL::ASN1.decode(san.to_der).value.last
+      matching = OpenSSL::ASN1.decode(ostr.value).map(&:value)
+                              .map { |s| s.gsub('.', '\.').gsub('*', '.*') }
+                              .any? { |s| name.match(/#{s}/) }
+
+      matching
+    end
+
+    # @param signature_algorithms [Array of SignatureAlgorithms]
+    # @param crt [OpenSSL::X509::Certificate]
+    #
+    # @return [Array of TTTLS13::Message::Extension::SignatureAlgorithms]
+    def do_select_signature_algorithms(signature_algorithms, crt)
+      spki = OpenSSL::Netscape::SPKI.new
+      spki.public_key = crt.public_key
+      oid_str = spki.to_text.split("\n")
+                    .find { |l| l.include?('Public Key Algorithm:') }
+      signature_algorithms.select do |sa|
+        case sa
+        when SignatureScheme::ECDSA_SECP256R1_SHA256,
+             SignatureScheme::ECDSA_SECP384R1_SHA384,
+             SignatureScheme::ECDSA_SECP521R1_SHA512
+          oid_str.include?('id-ecPublicKey')
+        when SignatureScheme::RSA_PSS_PSS_SHA256,
+             SignatureScheme::RSA_PSS_PSS_SHA384,
+             SignatureScheme::RSA_PSS_PSS_SHA512
+          oid_str.include?('rsassaPss')
+        when SignatureScheme::RSA_PSS_RSAE_SHA256,
+             SignatureScheme::RSA_PSS_RSAE_SHA384,
+             SignatureScheme::RSA_PSS_RSAE_SHA512
+          oid_str.include?('rsaEncryption')
+        else
+          # RSASSA-PKCS1-v1_5 algorithms refer solely to signatures which appear
+          # in certificates and are not defined for use in signed TLS handshake
+          # messages
+          false
+        end
+      end
+    end
   end
   # rubocop: enable Metrics/ClassLength
 end

data/lib/tttls1.3/message/certificate.rb

@@ -4,6 +4,13 @@
 module TTTLS13
   using Refinements
   module Message
+    # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1
+    APPEARABLE_CT_EXTENSIONS = [
+      ExtensionType::STATUS_REQUEST,
+      ExtensionType::SIGNED_CERTIFICATE_TIMESTAMP
+    ].freeze
+    private_constant :APPEARABLE_CT_EXTENSIONS
+
     class Certificate
       attr_reader :msg_type
       attr_reader :certificate_request_context
@@ -58,6 +65,17 @@ module TTTLS13
         )
       end
 
+      # @return [Boolean]
+      def only_appearable_extensions?
+        cl_exs = @certificate_list.map do |e|
+          e.instance_variable_get(:@extensions).keys
+        end
+        exs = cl_exs.uniq.flatten - APPEARABLE_CT_EXTENSIONS
+        return true if exs.empty?
+
+        !(exs - DEFINED_EXTENSIONS).empty?
+      end
+
       class << self
         private
 

data/lib/tttls1.3/message/client_hello.rb

@@ -4,6 +4,36 @@
 module TTTLS13
   using Refinements
   module Message
+    # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1
+    APPEARABLE_CH_EXTENSIONS = [
+      ExtensionType::SERVER_NAME,
+      ExtensionType::MAX_FRAGMENT_LENGTH,
+      ExtensionType::STATUS_REQUEST,
+      ExtensionType::SUPPORTED_GROUPS,
+      ExtensionType::SIGNATURE_ALGORITHMS,
+      ExtensionType::USE_SRTP,
+      ExtensionType::HEARTBEAT,
+      ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION,
+      ExtensionType::SIGNED_CERTIFICATE_TIMESTAMP,
+      ExtensionType::CLIENT_CERTIFICATE_TYPE,
+      ExtensionType::SERVER_CERTIFICATE_TYPE,
+      ExtensionType::PADDING,
+      ExtensionType::RECORD_SIZE_LIMIT,
+      ExtensionType::PWD_PROTECT,
+      ExtensionType::PWD_CLEAR,
+      ExtensionType::PASSWORD_SALT,
+      ExtensionType::PRE_SHARED_KEY,
+      ExtensionType::EARLY_DATA,
+      ExtensionType::SUPPORTED_VERSIONS,
+      ExtensionType::COOKIE,
+      ExtensionType::PSK_KEY_EXCHANGE_MODES,
+      ExtensionType::CERTIFICATE_AUTHORITIES,
+      ExtensionType::POST_HANDSHAKE_AUTH,
+      ExtensionType::SIGNATURE_ALGORITHMS_CERT,
+      ExtensionType::KEY_SHARE
+    ].freeze
+    private_constant :APPEARABLE_CH_EXTENSIONS
+
     class ClientHello
       attr_reader :msg_type
       attr_reader :legacy_version
@@ -95,6 +125,14 @@ module TTTLS13
       end
       # rubocop: enable Metrics/AbcSize
       # rubocop: enable Metrics/MethodLength
+
+      # @return [Boolean]
+      def only_appearable_extensions?
+        exs = @extensions.keys - APPEARABLE_CH_EXTENSIONS
+        return true if exs.empty?
+
+        !(exs - DEFINED_EXTENSIONS).empty?
+      end
     end
   end
 end

data/lib/tttls1.3/message/encrypted_extensions.rb

@@ -4,24 +4,25 @@
 module TTTLS13
   using Refinements
   module Message
+    # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1
+    APPEARABLE_EE_EXTENSIONS = [
+      ExtensionType::SERVER_NAME,
+      ExtensionType::MAX_FRAGMENT_LENGTH,
+      ExtensionType::SUPPORTED_GROUPS,
+      ExtensionType::USE_SRTP,
+      ExtensionType::HEARTBEAT,
+      ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION,
+      ExtensionType::CLIENT_CERTIFICATE_TYPE,
+      ExtensionType::SERVER_CERTIFICATE_TYPE,
+      ExtensionType::RECORD_SIZE_LIMIT,
+      ExtensionType::EARLY_DATA
+    ].freeze
+    private_constant :APPEARABLE_EE_EXTENSIONS
+
     class EncryptedExtensions
       attr_reader :msg_type
       attr_reader :extensions
 
-      # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1
-      ALLOWED_EXTENSIONS = [
-        ExtensionType::SERVER_NAME,
-        ExtensionType::MAX_FRAGMENT_LENGTH,
-        ExtensionType::SUPPORTED_GROUPS,
-        ExtensionType::USE_SRTP,
-        ExtensionType::HEARTBEAT,
-        ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION,
-        ExtensionType::CLIENT_CERTIFICATE_TYPE,
-        ExtensionType::SERVER_CERTIFICATE_TYPE,
-        ExtensionType::RECORD_SIZE_LIMIT,
-        ExtensionType::EARLY_DATA
-      ].freeze
-
       # @param extensions [TTTLS13::Message::Extensions]
       def initialize(extensions = Extensions.new)
         @msg_type = HandshakeType::ENCRYPTED_EXTENSIONS
@@ -57,8 +58,11 @@ module TTTLS13
       end
 
       # @return [Boolean]
-      def any_forbidden_extensions?
-        !(@extensions.keys - ALLOWED_EXTENSIONS).empty?
+      def only_appearable_extensions?
+        exs = @extensions.keys - APPEARABLE_EE_EXTENSIONS
+        return true if exs.empty?
+
+        !(exs - DEFINED_EXTENSIONS).empty?
       end
     end
   end

data/lib/tttls1.3/message/extension/key_share.rb

@@ -83,7 +83,7 @@ module TTTLS13
         end
         # rubocop: enable Metrics/CyclomaticComplexity
 
-        # @param groups [Array of TTTLS13::Message::Extension::NamedGroup]
+        # @param groups [Array of TTTLS13::NamedGroup]
         #
         # @return [TTTLS13::Message::Extensions::KeyShare]
         # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
@@ -109,6 +109,28 @@ module TTTLS13
           [key_share, priv_keys]
         end
 
+        # @param groups [TTTLS13::NamedGroup]
+        #
+        # @return [TTTLS13::Message::Extensions::KeyShare]
+        # @return [OpenSSL::PKey::EC.$Object]
+        def self.gen_sh_key_share(group)
+          curve = NamedGroup.curve_name(group)
+          ec = OpenSSL::PKey::EC.new(curve)
+          ec.generate_key!
+
+          key_share = KeyShare.new(
+            msg_type: HandshakeType::SERVER_HELLO,
+            key_share_entry: [
+              KeyShareEntry.new(
+                group: group,
+                key_exchange: ec.public_key.to_octet_string(:uncompressed)
+              )
+            ]
+          )
+
+          [key_share, ec]
+        end
+
         class << self
           private
 
@@ -196,7 +218,7 @@ module TTTLS13
         attr_reader :group
         attr_reader :key_exchange
 
-        # @param group [TTTLS13::Message::Extension::NamedGroup]
+        # @param group [TTTLS13::NamedGroup]
         # @param key_exchange [String]
         #
         # @raise [TTTLS13::Error::ErrorAlerts]

data/lib/tttls1.3/message/extension/supported_groups.rb

@@ -5,93 +5,6 @@ module TTTLS13
   using Refinements
   module Message
     module Extension
-      module NamedGroup
-        SECP256R1 = "\x00\x17"
-        SECP384R1 = "\x00\x18"
-        SECP521R1 = "\x00\x19"
-        # X25519    = "\x00\x1d" # UNSUPPORTED
-        # X448      = "\x00\x1e" # UNSUPPORTED
-        # FFDHE2048 = "\x01\x00" # UNSUPPORTED
-        # FFDHE3072 = "\x01\x01" # UNSUPPORTED
-        # FFDHE4096 = "\x01\x02" # UNSUPPORTED
-        # FFDHE6144 = "\x01\x03" # UNSUPPORTED
-        # FFDHE8192 = "\x01\x04" # UNSUPPORTED
-        # ffdhe_private_use "\x01\xfc" ~ "\x01\xff"
-        # ecdhe_private_use "\xfe\x00" ~ "\xfe\xff"
-
-        class << self
-          # NOTE:
-          # For secp256r1, secp384r1, and secp521r1
-          #
-          #     struct {
-          #         uint8 legacy_form = 4;
-          #         opaque X[coordinate_length];
-          #         opaque Y[coordinate_length];
-          #     } UncompressedPointRepresentation;
-          #
-          # @param group [TTTLS13::Message::Extension::NamedGroup]
-          #
-          # @raise [TTTLS13::Error::ErrorAlerts]
-          #
-          # @return [Integer]
-          def key_exchange_len(group)
-            case group
-            when SECP256R1
-              65
-            when SECP384R1
-              97
-            when SECP521R1
-              133
-            # NOTE:
-            # not supported other NamedGroup
-            # when X25519
-            #   32
-            # when X448
-            #   56
-            # when FFDHE2048
-            #   256
-            # when FFDHE4096
-            #   512
-            # when FFDHE6144
-            #   768
-            # when FFDHE8192
-            #   1024
-            else
-              raise Error::ErrorAlerts, :internal_error
-            end
-          end
-
-          # NOTE:
-          # SECG        |  ANSI X9.62   |  NIST
-          # ------------+---------------+-------------
-          # secp256r1   |  prime256v1   |   NIST P-256
-          # secp384r1   |               |   NIST P-384
-          # secp521r1   |               |   NIST P-521
-          #
-          # https://tools.ietf.org/html/rfc4492#appendix-A
-          #
-          # @param groups [Array of TTTLS13::Message::Extension::NamedGroup]
-          #
-          # @raise [TTTLS13::Error::ErrorAlerts]
-          #
-          # @return [String] EC_builtin_curves
-          def curve_name(group)
-            case group
-            when NamedGroup::SECP256R1
-              'prime256v1'
-            when NamedGroup::SECP384R1
-              'secp384r1'
-            when NamedGroup::SECP521R1
-              'secp521r1'
-            else
-              # NOTE:
-              # not supported other NamedGroup
-              raise Error::ErrorAlerts, :internal_error
-            end
-          end
-        end
-      end
-
       class SupportedGroups
         attr_reader :extension_type
         attr_reader :named_group_list

data/lib/tttls1.3/message/extensions.rb

@@ -6,32 +6,6 @@ Dir[File.dirname(__FILE__) + '/extension/*.rb'].each { |f| require f }
 module TTTLS13
   using Refinements
   module Message
-    module ExtensionType
-      SERVER_NAME                            = "\x00\x00"
-      MAX_FRAGMENT_LENGTH                    = "\x00\x01"
-      STATUS_REQUEST                         = "\x00\x05"
-      SUPPORTED_GROUPS                       = "\x00\x0a"
-      SIGNATURE_ALGORITHMS                   = "\x00\x0d"
-      USE_SRTP                               = "\x00\x0e"
-      HEARTBEAT                              = "\x00\x0f"
-      APPLICATION_LAYER_PROTOCOL_NEGOTIATION = "\x00\x10"
-      SIGNED_CERTIFICATE_TIMESTAMP           = "\x00\x12"
-      CLIENT_CERTIFICATE_TYPE                = "\x00\x13"
-      SERVER_CERTIFICATE_TYPE                = "\x00\x14"
-      PADDING                                = "\x00\x15"
-      RECORD_SIZE_LIMIT                      = "\x00\x1c"
-      PRE_SHARED_KEY                         = "\x00\x29"
-      EARLY_DATA                             = "\x00\x2a"
-      SUPPORTED_VERSIONS                     = "\x00\x2b"
-      COOKIE                                 = "\x00\x2c"
-      PSK_KEY_EXCHANGE_MODES                 = "\x00\x2d"
-      CERTIFICATE_AUTHORITIES                = "\x00\x2f"
-      OID_FILTERS                            = "\x00\x30"
-      POST_HANDSHAKE_AUTH                    = "\x00\x31"
-      SIGNATURE_ALGORITHMS_CERT              = "\x00\x32"
-      KEY_SHARE                              = "\x00\x33"
-    end
-
     class Extensions < Hash
       # @param extensions [Array of TTTLS13::Message::Extension::$Object]
       #
@@ -145,7 +119,7 @@ module TTTLS13
           when ExtensionType::SIGNATURE_ALGORITHMS
             Extension::SignatureAlgorithms.deserialize(binary)
           when ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
-            Extension::Alpn..deserialize(binary)
+            Extension::Alpn.deserialize(binary)
           when ExtensionType::RECORD_SIZE_LIMIT
             Extension::RecordSizeLimit.deserialize(binary)
           when ExtensionType::PRE_SHARED_KEY

data/lib/tttls1.3/message/new_session_ticket.rb

@@ -4,6 +4,12 @@
 module TTTLS13
   using Refinements
   module Message
+    # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1
+    APPEARABLE_NST_EXTENSIONS = [
+      ExtensionType::EARLY_DATA
+    ].freeze
+    private_constant :APPEARABLE_NST_EXTENSIONS
+
     class NewSessionTicket
       attr_reader :msg_type
       attr_reader :ticket_lifetime
@@ -84,6 +90,14 @@ module TTTLS13
                              extensions: extensions)
       end
       # rubocop: enable Metrics/AbcSize
+
+      # @return [Boolean]
+      def only_appearable_extensions?
+        exs = @extensions.keys - APPEARABLE_NST_EXTENSIONS
+        return true if exs.empty?
+
+        !(exs - DEFINED_EXTENSIONS).empty?
+      end
     end
   end
 end

data/lib/tttls1.3/message/record.rb

@@ -108,28 +108,31 @@ module TTTLS13
       #
       # @return [TTTLS13::Message::ContentType]
       def messages_type
-        types = @messages.map(&:class).uniq
+        types = @messages.map do |m|
+          if [Message::ClientHello,
+              Message::ServerHello,
+              Message::EncryptedExtensions,
+              Message::Certificate,
+              Message::CertificateVerify,
+              Message::Finished,
+              Message::EndOfEarlyData,
+              Message::NewSessionTicket].include?(m.class)
+            ContentType::HANDSHAKE
+          elsif m.class == ChangeCipherSpec
+            ContentType::CCS
+          elsif m.class == Message::ApplicationData
+            ContentType::APPLICATION_DATA
+          elsif m.class == Message::Alert
+            ContentType::ALERT
+          else
+            raise Error::ErrorAlerts, :internal_error
+          end
+        end
+
+        types.uniq!
         raise Error::ErrorAlerts, :internal_error unless types.length == 1
 
-        type = types.first
-        if [Message::ClientHello,
-            Message::ServerHello,
-            Message::EncryptedExtensions,
-            Message::Certificate,
-            Message::CertificateVerify,
-            Message::Finished,
-            Message::EndOfEarlyData,
-            Message::NewSessionTicket].include?(type)
-          ContentType::HANDSHAKE
-        elsif type == ChangeCipherSpec
-          ContentType::CCS
-        elsif type == Message::ApplicationData
-          ContentType::APPLICATION_DATA
-        elsif type == Message::Alert
-          ContentType::ALERT
-        else
-          raise Error::ErrorAlerts, :internal_error
-        end
+        types.first
       end
 
       class << self