tttls1.3 0.1.4 → 0.2.0

data/lib/tttls1.3/message/server_hello.rb

@@ -4,11 +4,29 @@
 module TTTLS13
   using Refinements
   module Message
+    # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1
+    APPEARABLE_SH_EXTENSIONS = [
+      ExtensionType::PRE_SHARED_KEY,
+      ExtensionType::PASSWORD_SALT,
+      ExtensionType::SUPPORTED_VERSIONS,
+      ExtensionType::KEY_SHARE
+    ].freeze
+    private_constant :APPEARABLE_SH_EXTENSIONS
+
+    APPEARABLE_HRR_EXTENSIONS = [
+      ExtensionType::COOKIE,
+      ExtensionType::PASSWORD_SALT,
+      ExtensionType::SUPPORTED_VERSIONS,
+      ExtensionType::KEY_SHARE
+    ].freeze
+    private_constant :APPEARABLE_HRR_EXTENSIONS
+
     class ServerHello
       # special value of the SHA-256 of "HelloRetryRequest"
       HRR_RANDOM \
       = "\xcf\x21\xad\x74\xe5\x9a\x61\x11\xbe\x1d\x8c\x02\x1e\x65\xb8\x91" \
         "\xc2\xa2\x11\x16\x7a\xbb\x8c\x5e\x07\x9e\x09\xe2\xc8\xa8\x33\x9c"
+      private_constant :HRR_RANDOM
 
       attr_reader :msg_type
       attr_reader :legacy_version
@@ -111,6 +129,15 @@ module TTTLS13
       def hrr?
         @hrr
       end
+
+      # @return [Boolean]
+      def only_appearable_extensions?
+        exs = @extensions.keys - APPEARABLE_SH_EXTENSIONS
+        exs = @extensions.keys - APPEARABLE_HRR_EXTENSIONS if hrr?
+        return true if exs.empty?
+
+        !(exs - DEFINED_EXTENSIONS).empty?
+      end
     end
   end
 end

data/lib/tttls1.3/message.rb

@@ -1,8 +1,6 @@
 # encoding: ascii-8bit
 # frozen_string_literal: true
 
-Dir[File.dirname(__FILE__) + '/message/*.rb'].each { |f| require f }
-
 module TTTLS13
   module Message
     module ContentType
@@ -44,5 +42,40 @@ module TTTLS13
       KEY_UPDATE           = "\x18"
       MESSAGE_HASH         = "\xfe"
     end
+
+    module ExtensionType
+      SERVER_NAME                            = "\x00\x00"
+      MAX_FRAGMENT_LENGTH                    = "\x00\x01"
+      STATUS_REQUEST                         = "\x00\x05"
+      SUPPORTED_GROUPS                       = "\x00\x0a"
+      SIGNATURE_ALGORITHMS                   = "\x00\x0d"
+      USE_SRTP                               = "\x00\x0e"
+      HEARTBEAT                              = "\x00\x0f"
+      APPLICATION_LAYER_PROTOCOL_NEGOTIATION = "\x00\x10"
+      SIGNED_CERTIFICATE_TIMESTAMP           = "\x00\x12"
+      CLIENT_CERTIFICATE_TYPE                = "\x00\x13"
+      SERVER_CERTIFICATE_TYPE                = "\x00\x14"
+      PADDING                                = "\x00\x15"
+      RECORD_SIZE_LIMIT                      = "\x00\x1c"
+      PWD_PROTECT                            = "\x00\x1d"
+      PWD_CLEAR                              = "\x00\x1e"
+      PASSWORD_SALT                          = "\x00\x1f"
+      PRE_SHARED_KEY                         = "\x00\x29"
+      EARLY_DATA                             = "\x00\x2a"
+      SUPPORTED_VERSIONS                     = "\x00\x2b"
+      COOKIE                                 = "\x00\x2c"
+      PSK_KEY_EXCHANGE_MODES                 = "\x00\x2d"
+      CERTIFICATE_AUTHORITIES                = "\x00\x2f"
+      OID_FILTERS                            = "\x00\x30"
+      POST_HANDSHAKE_AUTH                    = "\x00\x31"
+      SIGNATURE_ALGORITHMS_CERT              = "\x00\x32"
+      KEY_SHARE                              = "\x00\x33"
+    end
+
+    DEFINED_EXTENSIONS = ExtensionType.constants.map do |c|
+      ExtensionType.const_get(c)
+    end.freeze
   end
 end
+
+Dir[File.dirname(__FILE__) + '/message/*.rb'].each { |f| require f }

data/lib/tttls1.3/named_group.rb

@@ -0,0 +1,89 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  module NamedGroup
+    SECP256R1 = "\x00\x17"
+    SECP384R1 = "\x00\x18"
+    SECP521R1 = "\x00\x19"
+    # X25519    = "\x00\x1d" # UNSUPPORTED
+    # X448      = "\x00\x1e" # UNSUPPORTED
+    # FFDHE2048 = "\x01\x00" # UNSUPPORTED
+    # FFDHE3072 = "\x01\x01" # UNSUPPORTED
+    # FFDHE4096 = "\x01\x02" # UNSUPPORTED
+    # FFDHE6144 = "\x01\x03" # UNSUPPORTED
+    # FFDHE8192 = "\x01\x04" # UNSUPPORTED
+    # ffdhe_private_use "\x01\xfc" ~ "\x01\xff"
+    # ecdhe_private_use "\xfe\x00" ~ "\xfe\xff"
+
+    class << self
+      # NOTE:
+      # For secp256r1, secp384r1, and secp521r1
+      #
+      #     struct {
+      #         uint8 legacy_form = 4;
+      #         opaque X[coordinate_length];
+      #         opaque Y[coordinate_length];
+      #     } UncompressedPointRepresentation;
+      #
+      # @param group [TTTLS13::Message::Extension::NamedGroup]
+      #
+      # @raise [TTTLS13::Error::ErrorAlerts]
+      #
+      # @return [Integer]
+      def key_exchange_len(group)
+        case group
+        when SECP256R1
+          65
+        when SECP384R1
+          97
+        when SECP521R1
+          133
+        # not supported other NamedGroup
+        # when X25519
+        #   32
+        # when X448
+        #   56
+        # when FFDHE2048
+        #   256
+        # when FFDHE4096
+        #   512
+        # when FFDHE6144
+        #   768
+        # when FFDHE8192
+        #   1024
+        else
+          raise Error::ErrorAlerts, :internal_error
+        end
+      end
+
+      # NOTE:
+      # SECG        |  ANSI X9.62   |  NIST
+      # ------------+---------------+-------------
+      # secp256r1   |  prime256v1   |   NIST P-256
+      # secp384r1   |               |   NIST P-384
+      # secp521r1   |               |   NIST P-521
+      #
+      # https://tools.ietf.org/html/rfc4492#appendix-A
+      #
+      # @param groups [Array of TTTLS13::Message::Extension::NamedGroup]
+      #
+      # @raise [TTTLS13::Error::ErrorAlerts]
+      #
+      # @return [String] EC_builtin_curves
+      def curve_name(group)
+        case group
+        when SECP256R1
+          'prime256v1'
+        when SECP384R1
+          'secp384r1'
+        when SECP521R1
+          'secp521r1'
+        else
+          # not supported other NamedGroup
+          raise Error::ErrorAlerts, :internal_error
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/server.rb

@@ -0,0 +1,439 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module ServerState
+    # initial value is 0, eof value is -1
+    START         = 1
+    RECVD_CH      = 2
+    NEGOTIATED    = 3
+    WAIT_EOED     = 4
+    WAIT_FLIGHT2  = 5
+    WAIT_CERT     = 6
+    WAIT_CV       = 7
+    WAIT_FINISHED = 8
+    CONNECTED     = 9
+  end
+
+  DEFAULT_SP_CIPHER_SUITES = [
+    CipherSuite::TLS_AES_256_GCM_SHA384,
+    CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
+    CipherSuite::TLS_AES_128_GCM_SHA256
+  ].freeze
+  private_constant :DEFAULT_SP_CIPHER_SUITES
+
+  DEFAULT_SP_SIGNATURE_ALGORITHMS = [
+    SignatureScheme::ECDSA_SECP256R1_SHA256,
+    SignatureScheme::ECDSA_SECP384R1_SHA384,
+    SignatureScheme::ECDSA_SECP521R1_SHA512,
+    SignatureScheme::RSA_PSS_RSAE_SHA256,
+    SignatureScheme::RSA_PSS_RSAE_SHA384,
+    SignatureScheme::RSA_PSS_RSAE_SHA512,
+    SignatureScheme::RSA_PKCS1_SHA256,
+    SignatureScheme::RSA_PKCS1_SHA384,
+    SignatureScheme::RSA_PKCS1_SHA512
+  ].freeze
+  private_constant :DEFAULT_SP_SIGNATURE_ALGORITHMS
+
+  DEFAULT_SP_NAMED_GROUP_LIST = [
+    NamedGroup::SECP256R1,
+    NamedGroup::SECP384R1,
+    NamedGroup::SECP521R1
+  ].freeze
+  private_constant :DEFAULT_SP_NAMED_GROUP_LIST
+
+  DEFAULT_SERVER_SETTINGS = {
+    crt_file: nil,
+    key_file: nil,
+    cipher_suites: DEFAULT_SP_CIPHER_SUITES,
+    signature_algorithms: DEFAULT_SP_SIGNATURE_ALGORITHMS,
+    supported_groups: DEFAULT_SP_NAMED_GROUP_LIST,
+    loglevel: Logger::WARN
+  }.freeze
+  private_constant :DEFAULT_SERVER_SETTINGS
+
+  # rubocop: disable Metrics/ClassLength
+  class Server < Connection
+    # @param socket [Socket]
+    # @param settings [Hash]
+    def initialize(socket, **settings)
+      super(socket)
+
+      @endpoint = :server
+      @settings = DEFAULT_SERVER_SETTINGS.merge(settings)
+      logger.level = @settings[:loglevel]
+
+      raise Error::ConfigError unless valid_settings?
+      return if @settings[:crt_file].nil?
+
+      crt_str = File.read(@settings[:crt_file])
+      @crt = OpenSSL::X509::Certificate.new(crt_str) # TODO: spki rsassaPss
+      klass = @crt.public_key.class
+      @key = klass.new(File.read(@settings[:key_file]))
+      raise Error::ConfigError unless @crt.check_private_key(@key)
+    end
+
+    # NOTE:
+    #                              START <-----+
+    #               Recv ClientHello |         | Send HelloRetryRequest
+    #                                v         |
+    #                             RECVD_CH ----+
+    #                                | Select parameters
+    #                                v
+    #                             NEGOTIATED
+    #                                | Send ServerHello
+    #                                | K_send = handshake
+    #                                | Send EncryptedExtensions
+    #                                | [Send CertificateRequest]
+    # Can send                       | [Send Certificate + CertificateVerify]
+    # app data                       | Send Finished
+    # after   -->                    | K_send = application
+    # here                  +--------+--------+
+    #              No 0-RTT |                 | 0-RTT
+    #                       |                 |
+    #   K_recv = handshake  |                 | K_recv = early data
+    # [Skip decrypt errors] |    +------> WAIT_EOED -+
+    #                       |    |       Recv |      | Recv EndOfEarlyData
+    #                       |    | early data |      | K_recv = handshake
+    #                       |    +------------+      |
+    #                       |                        |
+    #                       +> WAIT_FLIGHT2 <--------+
+    #                                |
+    #                       +--------+--------+
+    #               No auth |                 | Client auth
+    #                       |                 |
+    #                       |                 v
+    #                       |             WAIT_CERT
+    #                       |        Recv |       | Recv Certificate
+    #                       |       empty |       v
+    #                       | Certificate |    WAIT_CV
+    #                       |             |       | Recv
+    #                       |             v       | CertificateVerify
+    #                       +-> WAIT_FINISHED <---+
+    #                                | Recv Finished
+    #                                | K_recv = application
+    #                                v
+    #                            CONNECTED
+    #
+    # https://tools.ietf.org/html/rfc8446#appendix-A.2
+    #
+    # rubocop: disable Metrics/AbcSize
+    # rubocop: disable Metrics/BlockLength
+    # rubocop: disable Metrics/CyclomaticComplexity
+    # rubocop: disable Metrics/MethodLength
+    # rubocop: disable Metrics/PerceivedComplexity
+    def accept
+      @state = ServerState::START
+      loop do
+        case @state
+        when ServerState::START
+          logger.debug('ServerState::START')
+
+          ch = @transcript[CH] = recv_client_hello
+          terminate(:illegal_parameter) unless ch.only_appearable_extensions?
+          @state = ServerState::RECVD_CH
+        when ServerState::RECVD_CH
+          logger.debug('ServerState::RECVD_CH')
+
+          # support only TLS 1.3
+          terminate(:protocol_version) unless negotiated_tls_1_3?
+
+          # validate/select parameters
+          @cipher_suite = select_cipher_suite
+          @named_group = select_named_group
+          @signature_scheme = select_signature_scheme
+          terminate(:handshake_failure) \
+            if @cipher_suite.nil? || @named_group.nil? || @signature_scheme.nil?
+          terminamte(:illegal_parameter) unless valid_ch_compression_methods?
+          terminate(:unrecognized_name) unless recognized_server_name?
+
+          @state = ServerState::NEGOTIATED
+        when ServerState::NEGOTIATED
+          logger.debug('ServerState::NEGOTIATED')
+
+          exs, @priv_key = gen_sh_extensions
+          @transcript[SH] = send_server_hello(exs)
+          send_ccs # compatibility mode
+
+          # generate shared secret
+          terminate(:illegal_parameter) unless valid_ch_key_share?
+          ke = @transcript[CH].extensions[Message::ExtensionType::KEY_SHARE]
+                              &.key_share_entry
+                              &.find { |e| e.group == @named_group }
+                              &.key_exchange
+          # TODO: Send HelloRetryRequest
+          shared_secret = gen_shared_secret(ke, @priv_key, @named_group)
+          @key_schedule = KeySchedule.new(psk: @psk,
+                                          shared_secret: shared_secret,
+                                          cipher_suite: @cipher_suite,
+                                          transcript: @transcript)
+          @write_cipher = gen_cipher(@cipher_suite,
+                                     @key_schedule.server_handshake_write_key,
+                                     @key_schedule.server_handshake_write_iv)
+          @read_cipher = gen_cipher(@cipher_suite,
+                                    @key_schedule.client_handshake_write_key,
+                                    @key_schedule.client_handshake_write_iv)
+          @state = ServerState::WAIT_FLIGHT2
+        when ServerState::WAIT_EOED
+          logger.debug('ServerState::WAIT_EOED')
+        when ServerState::WAIT_FLIGHT2
+          logger.debug('ServerState::WAIT_FLIGHT2')
+
+          ee = @transcript[EE] = gen_encrypted_extensions
+          # TODO: [Send CertificateRequest]
+          ct = @transcript[CT] = gen_certificate
+          cv = @transcript[CV] = gen_certificate_verify
+          sf = @transcript[SF] = gen_finished
+          send_server_parameters([ee, ct, cv, sf])
+          @state = ServerState::WAIT_FINISHED
+        when ServerState::WAIT_CERT
+          logger.debug('ServerState::WAIT_CERT')
+        when ServerState::WAIT_CV
+          logger.debug('ServerState::WAIT_CV')
+        when ServerState::WAIT_FINISHED
+          logger.debug('ServerState::WAIT_FINISHED')
+
+          @transcript[CF] = recv_finished
+          terminate(:decrypt_error) unless verified_finished?
+          @write_cipher = gen_cipher(@cipher_suite,
+                                     @key_schedule.server_application_write_key,
+                                     @key_schedule.server_application_write_iv)
+          @read_cipher = gen_cipher(@cipher_suite,
+                                    @key_schedule.client_application_write_key,
+                                    @key_schedule.client_application_write_iv)
+          @state = ServerState::CONNECTED
+        when ServerState::CONNECTED
+          logger.debug('ServerState::CONNECTED')
+
+          break
+        end
+      end
+    end
+    # rubocop: enable Metrics/AbcSize
+    # rubocop: enable Metrics/BlockLength
+    # rubocop: enable Metrics/CyclomaticComplexity
+    # rubocop: enable Metrics/MethodLength
+    # rubocop: enable Metrics/PerceivedComplexity
+
+    private
+
+    # @return [Boolean]
+    def valid_settings?
+      mod = CipherSuite
+      defined = mod.constants.map { |c| mod.const_get(c) }
+      return false unless (@settings[:cipher_suites] - defined).empty?
+
+      mod = SignatureScheme
+      defined = mod.constants.map { |c| mod.const_get(c) }
+      return false unless (@settings[:signature_algorithms] - defined).empty?
+
+      mod = NamedGroup
+      defined = mod.constants.map { |c| mod.const_get(c) }
+      return false unless (@settings[:supported_groups] - defined).empty?
+
+      true
+    end
+
+    # @raise [TTTLS13::Error::ErrorAlerts]
+    #
+    # @return [TTTLS13::Message::ClientHello]
+    def recv_client_hello
+      ch = recv_message
+      terminate(:unexpected_message) unless ch.is_a?(Message::ClientHello)
+
+      ch
+    end
+
+    # @param exs [TTTLS13::Message::Extensions]
+    #
+    # @return [TTTLS13::Message::ServerHello]
+    def send_server_hello(exs)
+      ch_session_id = @transcript[CH].legacy_session_id
+      sh = Message::ServerHello.new(
+        legacy_session_id_echo: ch_session_id,
+        cipher_suite: @cipher_suite,
+        extensions: exs
+      )
+      send_handshakes(Message::ContentType::HANDSHAKE, [sh], @write_cipher)
+
+      sh
+    end
+
+    # @param messages [Array of TTTLS13::Message::$Object]
+    #
+    # @return [Array of TTTLS13::Message::$Object]
+    def send_server_parameters(messages)
+      send_handshakes(Message::ContentType::APPLICATION_DATA,
+                      messages.reject(&:nil?),
+                      @write_cipher)
+
+      messages
+    end
+
+    # @return [TTTLS13::Message::EncryptedExtensions]
+    def gen_encrypted_extensions
+      Message::EncryptedExtensions.new(gen_ee_extensions)
+    end
+
+    # @return [TTTLS13::Message::Certificate, nil]
+    def gen_certificate
+      return nil if @crt.nil?
+
+      ce = Message::CertificateEntry.new(@crt)
+      Message::Certificate.new(certificate_list: [ce])
+    end
+
+    # @return [TTTLS13::Message::CertificateVerify, nil]
+    def gen_certificate_verify
+      return nil if @key.nil?
+
+      Message::CertificateVerify.new(signature_scheme: @signature_scheme,
+                                     signature: sign_certificate_verify)
+    end
+
+    # @return [TTTLS13::Message::Finished]
+    def gen_finished
+      Message::Finished.new(sign_finished)
+    end
+
+    # @raise [TTTLS13::Error::ErrorAlerts]
+    #
+    # @return [TTTLS13::Message::Finished]
+    def recv_finished
+      cf = recv_message
+      terminate(:unexpected_message) unless cf.is_a?(Message::Finished)
+
+      cf
+    end
+
+    # @return [TTTLS13::Message::Extensions]
+    # @return [OpenSSL::PKey::EC.$Object]
+    def gen_sh_extensions
+      exs = []
+      # supported_versions: only TLS 1.3
+      exs << Message::Extension::SupportedVersions.new(
+        msg_type: Message::HandshakeType::SERVER_HELLO
+      )
+
+      # key_share
+      key_share, priv_key \
+                 = Message::Extension::KeyShare.gen_sh_key_share(@named_group)
+      exs << key_share
+
+      [Message::Extensions.new(exs), priv_key]
+    end
+
+    # @return [TTTLS13::Message::Extensions]
+    def gen_ee_extensions
+      exs = []
+
+      # server_name
+      exs << Message::Extension::ServerName.new('') \
+        if @transcript[CH].extensions
+                          .include?(Message::ExtensionType::SERVER_NAME)
+
+      # supported_groups
+      exs \
+      << Message::Extension::SupportedGroups.new(@settings[:supported_groups])
+
+      Message::Extensions.new(exs)
+    end
+
+    # @return [String]
+    def sign_certificate_verify
+      context = 'TLS 1.3, server CertificateVerify'
+      do_sign_certificate_verify(private_key: @key,
+                                 signature_scheme: @signature_scheme,
+                                 context: context,
+                                 handshake_context_end: CT)
+    end
+
+    # @return [String]
+    def sign_finished
+      digest = CipherSuite.digest(@cipher_suite)
+      finished_key = @key_schedule.server_finished_key
+      do_sign_finished(digest: digest,
+                       finished_key: finished_key,
+                       handshake_context_end: CV)
+    end
+
+    # @return [Boolean]
+    def verified_finished?
+      digest = CipherSuite.digest(@cipher_suite)
+      finished_key = @key_schedule.client_finished_key
+      signature = @transcript[CF].verify_data
+      do_verified_finished?(digest: digest,
+                            finished_key: finished_key,
+                            handshake_context_end: EOED,
+                            signature: signature)
+    end
+
+    # @return [Boolean]
+    def negotiated_tls_1_3?
+      ch = @transcript[CH]
+      ch_lv = ch.legacy_version
+      ch_sv = ch.extensions[Message::ExtensionType::SUPPORTED_VERSIONS]
+                &.versions || []
+
+      ch_lv == Message::ProtocolVersion::TLS_1_2 &&
+        ch_sv.include?(Message::ProtocolVersion::TLS_1_3)
+    end
+
+    # @return [TTTLS13::CipherSuite, nil]
+    def select_cipher_suite
+      @transcript[CH].cipher_suites.find do |cs|
+        @settings[:cipher_suites].include?(cs)
+      end
+    end
+
+    # @return [TTTLS13::NamedGroup, nil]
+    def select_named_group
+      groups \
+      = @transcript[CH].extensions[Message::ExtensionType::SUPPORTED_GROUPS]
+                       &.named_group_list || []
+
+      groups.find do |sg|
+        @settings[:supported_groups].include?(sg)
+      end
+    end
+
+    # @return [TTTLS13::SignatureScheme, nil]
+    def select_signature_scheme
+      algorithms \
+      = @transcript[CH].extensions[Message::ExtensionType::SIGNATURE_ALGORITHMS]
+                       &.supported_signature_algorithms || []
+
+      do_select_signature_algorithms(algorithms, @crt).find do |ss|
+        @settings[:signature_algorithms].include?(ss)
+      end
+    end
+
+    # @return [Boolean]
+    def valid_ch_compression_methods?
+      @transcript[CH].legacy_compression_methods == ["\x00"]
+    end
+
+    # @return [Boolean]
+    def recognized_server_name?
+      server_name \
+      = @transcript[CH].extensions[Message::ExtensionType::SERVER_NAME]
+                       &.server_name
+
+      return true if server_name.nil?
+
+      matching_san?(@crt, server_name)
+    end
+
+    # @return [Boolean]
+    def valid_ch_key_share?
+      ks = @transcript[CH].extensions[Message::ExtensionType::KEY_SHARE]
+      ks_groups = ks&.key_share_entry&.map(&:group) || []
+      sg = @transcript[CH].extensions[Message::ExtensionType::SUPPORTED_GROUPS]
+      sp_groups = sg&.named_group_list || []
+
+      ks_groups.uniq == ks_groups && (ks_groups - sp_groups).empty?
+    end
+  end
+  # rubocop: enable Metrics/ClassLength
+end

data/lib/tttls1.3/transcript.rb

@@ -23,6 +23,8 @@ module TTTLS13
       super
     end
 
+    alias super_include? include?
+
     # @param digest [String] name of digest algorithm
     # @param end_index [Integer]
     #
@@ -43,6 +45,10 @@ module TTTLS13
       OpenSSL::Digest.digest(digest, truncated)
     end
 
+    def include?(key)
+      super_include?(key) && !self[key].nil?
+    end
+
     private
 
     # @param digest [String] name of digest algorithm

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.1.4'
+  VERSION = '0.2.0'
 end

data/lib/tttls1.3.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'openssl'
+require 'pp'
 require 'logger'
 
 require 'tttls1.3/version'
@@ -9,6 +10,7 @@ require 'tttls1.3/logging'
 require 'tttls1.3/error'
 require 'tttls1.3/cipher_suites'
 require 'tttls1.3/signature_scheme'
+require 'tttls1.3/named_group'
 require 'tttls1.3/cryptograph'
 require 'tttls1.3/transcript'
 require 'tttls1.3/key_schedule'
@@ -16,3 +18,4 @@ require 'tttls1.3/message'
 require 'tttls1.3/sequence_number'
 require 'tttls1.3/connection'
 require 'tttls1.3/client'
+require 'tttls1.3/server'