tttls1.3 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -0
  3. data/Rakefile +3 -3
  4. data/example/https_client_using_hrr_and_ticket.rb +40 -0
  5. data/interop/client_spec.rb +15 -0
  6. data/interop/server_spec.rb +8 -0
  7. data/lib/tttls1.3/client.rb +265 -272
  8. data/lib/tttls1.3/connection.rb +85 -62
  9. data/lib/tttls1.3/message/certificate.rb +1 -1
  10. data/lib/tttls1.3/message/client_hello.rb +26 -1
  11. data/lib/tttls1.3/message/encrypted_extensions.rb +1 -1
  12. data/lib/tttls1.3/message/new_session_ticket.rb +1 -1
  13. data/lib/tttls1.3/message/server_hello.rb +21 -1
  14. data/lib/tttls1.3/server.rb +179 -157
  15. data/lib/tttls1.3/version.rb +1 -1
  16. data/spec/certificate_spec.rb +4 -4
  17. data/spec/client_hello_spec.rb +3 -0
  18. data/spec/client_spec.rb +96 -157
  19. data/spec/connection_spec.rb +32 -23
  20. data/spec/encrypted_extensions_spec.rb +4 -4
  21. data/spec/fixtures/rsa_ca.crt +16 -27
  22. data/spec/fixtures/rsa_ca.key +25 -49
  23. data/spec/fixtures/rsa_rsa.crt +16 -21
  24. data/spec/fixtures/rsa_rsa.key +25 -25
  25. data/spec/fixtures/rsa_rsassaPss.crt +20 -0
  26. data/spec/fixtures/rsa_rsassaPss.key +27 -0
  27. data/spec/fixtures/rsa_secp256r1.crt +12 -17
  28. data/spec/fixtures/rsa_secp256r1.key +3 -3
  29. data/spec/fixtures/rsa_secp384r1.crt +12 -17
  30. data/spec/fixtures/rsa_secp384r1.key +4 -4
  31. data/spec/fixtures/rsa_secp521r1.crt +13 -18
  32. data/spec/fixtures/rsa_secp521r1.key +5 -5
  33. data/spec/server_hello_spec.rb +60 -0
  34. data/spec/server_spec.rb +79 -60
  35. metadata +7 -2
data/spec/client_spec.rb CHANGED
@@ -9,8 +9,8 @@ RSpec.describe Client do
9
9
  let(:record) do
10
10
  mock_socket = SimpleStream.new
11
11
  client = Client.new(mock_socket, 'localhost')
12
- exs, _priv_keys = client.send(:gen_ch_extensions)
13
- client.send(:send_client_hello, exs)
12
+ extensions, _priv_keys = client.send(:gen_ch_extensions)
13
+ client.send(:send_client_hello, extensions)
14
14
  Record.deserialize(mock_socket.read, Cryptograph::Passer.new)
15
15
  end
16
16
 
@@ -52,52 +52,51 @@ RSpec.describe Client do
52
52
  let(:client) do
53
53
  mock_socket = SimpleStream.new
54
54
  mock_socket.write(TESTBINARY_SERVER_PARAMETERS_RECORD)
55
- client = Client.new(mock_socket, 'localhost')
56
- client.instance_variable_set(:@cipher_suite,
57
- CipherSuite::TLS_AES_128_GCM_SHA256)
58
- read_seq_num = SequenceNumber.new
59
- cipher = Cryptograph::Aead.new(
55
+ Client.new(mock_socket, 'localhost')
56
+ end
57
+
58
+ let(:cipher) do
59
+ Cryptograph::Aead.new(
60
60
  cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
61
61
  write_key: TESTBINARY_SERVER_PARAMETERS_WRITE_KEY,
62
62
  write_iv: TESTBINARY_SERVER_PARAMETERS_WRITE_IV,
63
- sequence_number: read_seq_num
63
+ sequence_number: SequenceNumber.new
64
64
  )
65
- client.instance_variable_set(:@read_cipher, cipher)
66
- client.instance_variable_set(:@read_seq_num, read_seq_num)
67
- client
68
65
  end
69
66
 
70
67
  it 'should receive EncryptedExtensions' do
71
- message = client.send(:recv_encrypted_extensions)
68
+ message = client.send(:recv_encrypted_extensions, cipher)
72
69
  expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
73
70
  end
74
71
 
75
72
  it 'should receive Certificate' do
76
- client.send(:recv_encrypted_extensions) # to skip
77
- message = client.send(:recv_certificate)
73
+ client.send(:recv_encrypted_extensions, cipher) # to skip
74
+ message = client.send(:recv_certificate, cipher)
78
75
  expect(message.msg_type).to eq HandshakeType::CERTIFICATE
79
76
  end
80
77
 
81
78
  it 'should receive CertificateVerify' do
82
- client.send(:recv_encrypted_extensions) # to skip
83
- client.send(:recv_certificate) # to skip
84
- message = client.send(:recv_certificate_verify)
79
+ client.send(:recv_encrypted_extensions, cipher) # to skip
80
+ client.send(:recv_certificate, cipher) # to skip
81
+ message = client.send(:recv_certificate_verify, cipher)
85
82
  expect(message.msg_type).to eq HandshakeType::CERTIFICATE_VERIFY
86
83
  end
87
84
 
88
85
  it 'should receive Finished' do
89
- client.send(:recv_encrypted_extensions) # to skip
90
- client.send(:recv_certificate) # to skip
91
- client.send(:recv_certificate_verify) # to skip
92
- message = client.send(:recv_finished)
86
+ client.send(:recv_encrypted_extensions, cipher) # to skip
87
+ client.send(:recv_certificate, cipher) # to skip
88
+ client.send(:recv_certificate_verify, cipher) # to skip
89
+ message = client.send(:recv_finished, cipher)
93
90
  expect(message.msg_type).to eq HandshakeType::FINISHED
94
91
  end
95
92
  end
96
93
 
97
94
  context 'client' do
98
- let(:record) do
99
- mock_socket = SimpleStream.new
100
- client = Client.new(mock_socket, 'localhost')
95
+ let(:cipher_suite) do
96
+ CipherSuite::TLS_AES_128_GCM_SHA256
97
+ end
98
+
99
+ let(:transcript) do
101
100
  transcript = Transcript.new
102
101
  transcript.merge!(
103
102
  CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
@@ -107,30 +106,41 @@ RSpec.describe Client do
107
106
  CV => CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY),
108
107
  SF => Finished.deserialize(TESTBINARY_SERVER_FINISHED)
109
108
  )
110
- client.instance_variable_set(:@transcript, transcript)
111
- ks = KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
112
- cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
113
- transcript: transcript)
114
- client.instance_variable_set(:@key_schedule, ks)
115
- client.instance_variable_set(:@cipher_suite,
116
- CipherSuite::TLS_AES_128_GCM_SHA256)
117
- write_seq_num = SequenceNumber.new
118
- write_cipher = Cryptograph::Aead.new(
119
- cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
109
+ transcript
110
+ end
111
+
112
+ let(:finished_key) do
113
+ key_schedule = KeySchedule.new(
114
+ shared_secret: TESTBINARY_SHARED_SECRET,
115
+ cipher_suite: cipher_suite,
116
+ transcript: transcript
117
+ )
118
+ key_schedule.client_finished_key
119
+ end
120
+
121
+ let(:record) do
122
+ mock_socket = SimpleStream.new
123
+ client = Client.new(mock_socket, 'localhost')
124
+ digest = CipherSuite.digest(cipher_suite)
125
+ hash = transcript.hash(digest, EOED)
126
+ signature = client.send(:sign_finished,
127
+ digest: digest,
128
+ finished_key: finished_key,
129
+ hash: hash)
130
+ hs_wcipher = Cryptograph::Aead.new(
131
+ cipher_suite: cipher_suite,
120
132
  write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
121
133
  write_iv: TESTBINARY_CLIENT_FINISHED_WRITE_IV,
122
- sequence_number: write_seq_num
134
+ sequence_number: SequenceNumber.new
123
135
  )
124
- client.instance_variable_set(:@write_cipher, write_cipher)
125
- client.instance_variable_set(:@write_seq_num, write_seq_num)
126
- client.send(:send_finished)
127
- read_cipher = Cryptograph::Aead.new(
128
- cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
136
+ client.send(:send_finished, signature, hs_wcipher)
137
+ hs_rcipher = Cryptograph::Aead.new(
138
+ cipher_suite: cipher_suite,
129
139
  write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
130
140
  write_iv: TESTBINARY_CLIENT_FINISHED_WRITE_IV,
131
141
  sequence_number: SequenceNumber.new
132
142
  )
133
- Record.deserialize(mock_socket.read, read_cipher)
143
+ Record.deserialize(mock_socket.read, hs_rcipher)
134
144
  end
135
145
 
136
146
  it 'should send Finished' do
@@ -143,144 +153,73 @@ RSpec.describe Client do
143
153
  end
144
154
 
145
155
  context 'client' do
146
- let(:client) do
147
- client = Client.new(nil, 'localhost')
148
- transcript = Transcript.new
149
- transcript.merge!(
150
- CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
151
- SH => ServerHello.deserialize(TESTBINARY_SERVER_HELLO),
152
- EE => EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS),
153
- CT => Certificate.deserialize(TESTBINARY_CERTIFICATE),
154
- CV => CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY),
155
- SF => Finished.deserialize(TESTBINARY_SERVER_FINISHED)
156
- )
157
- client.instance_variable_set(:@transcript, transcript)
158
- ks = KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
159
- cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
160
- transcript: transcript)
161
- client.instance_variable_set(:@key_schedule, ks)
162
- client.instance_variable_set(:@cipher_suite,
163
- CipherSuite::TLS_AES_128_GCM_SHA256)
164
- client
156
+ let(:cipher_suite) do
157
+ CipherSuite::TLS_AES_128_GCM_SHA256
165
158
  end
166
159
 
167
- let(:client_finished) do
168
- Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
160
+ let(:ct) do
161
+ Certificate.deserialize(TESTBINARY_CERTIFICATE)
169
162
  end
170
163
 
171
- it 'should verify server CertificateVerify' do
172
- expect(client.send(:verified_certificate_verify?)).to be true
164
+ let(:cv) do
165
+ CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
173
166
  end
174
167
 
175
- it 'should verify server Finished' do
176
- expect(client.send(:verified_finished?)).to be true
168
+ let(:sf) do
169
+ Finished.deserialize(TESTBINARY_SERVER_FINISHED)
177
170
  end
178
171
 
179
- it 'should sign client Finished' do
180
- expect(client.send(:sign_finished)).to eq client_finished.verify_data
181
- end
182
- end
183
-
184
- context 'client' do
185
- let(:client) do
186
- client = Client.new(nil, 'localhost')
187
- transcript = {
172
+ let(:transcript) do
173
+ transcript = Transcript.new
174
+ transcript.merge!(
188
175
  CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
189
- SH => ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
190
- }
191
- client.instance_variable_set(:@transcript, transcript)
192
- client
193
- end
194
-
195
- it 'should check that ServerHello.legacy_version matches ' \
196
- 'ClientHello.legacy_version' do
197
- expect(client.send(:valid_sh_legacy_version?)).to be true
198
- end
199
-
200
- it 'should check that ServerHello.legacy_session_id_echo matches ' \
201
- 'ClientHello.legacy_session_id' do
202
- expect(client.send(:valid_sh_legacy_session_id_echo?)).to be true
203
- end
204
-
205
- it 'should check that ServerHello.cipher_suite is included in' \
206
- 'ClientHello.cipher_suites' do
207
- expect(client.send(:valid_sh_cipher_suite?)).to be true
208
- end
209
-
210
- it 'should check that ServerHello.compression_method is valid value' do
211
- expect(client.send(:valid_sh_compression_method?)).to be true
176
+ SH => ServerHello.deserialize(TESTBINARY_SERVER_HELLO),
177
+ EE => EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS),
178
+ CT => ct,
179
+ CV => cv,
180
+ SF => sf
181
+ )
212
182
  end
213
183
 
214
- it 'should check that negotiated protocol_version is TLS 1.3' do
215
- expect(client.send(:negotiated_tls_1_3?)).to be true
184
+ let(:key_schedule) do
185
+ KeySchedule.new(
186
+ shared_secret: TESTBINARY_SHARED_SECRET,
187
+ cipher_suite: cipher_suite,
188
+ transcript: transcript
189
+ )
216
190
  end
217
- end
218
191
 
219
- context 'client, received ServerHello with random[-8..] == ' \
220
- 'downgrade protection value(TLS 1.2),' do
221
192
  let(:client) do
222
- mock_socket = SimpleStream.new
223
- client = Client.new(mock_socket, 'localhost')
224
- sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
225
- random = OpenSSL::Random.random_bytes(24) + \
226
- Client.const_get(:DOWNGRADE_PROTECTION_TLS_1_2)
227
- sh.instance_variable_set(:@random, random)
228
- transcript = {
229
- CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
230
- SH => sh
231
- }
232
- client.instance_variable_set(:@transcript, transcript)
233
- client
234
- end
235
-
236
- it 'should check downgrade protection value' do
237
- expect(client.send(:valid_sh_random?)).to be false
238
- expect(client.send(:negotiated_tls_1_3?)).to be true
193
+ Client.new(nil, 'localhost')
239
194
  end
240
- end
241
195
 
242
- context 'client, received ServerHello with random[-8..] == ' \
243
- 'downgrade protection value(prior to TLS 1.2),' do
244
- let(:client) do
245
- mock_socket = SimpleStream.new
246
- client = Client.new(mock_socket, 'localhost')
247
- sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
248
- random = OpenSSL::Random.random_bytes(24) + \
249
- Client.const_get(:DOWNGRADE_PROTECTION_TLS_1_1)
250
- sh.instance_variable_set(:@random, random)
251
- transcript = {
252
- CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
253
- SH => sh
254
- }
255
- client.instance_variable_set(:@transcript, transcript)
256
- client
196
+ let(:cf) do
197
+ Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
257
198
  end
258
199
 
259
- it 'should check downgrade protection value' do
260
- expect(client.send(:valid_sh_random?)).to be false
261
- expect(client.send(:negotiated_tls_1_3?)).to be true
200
+ it 'should verify server CertificateVerify' do
201
+ hash = transcript.hash(CipherSuite.digest(cipher_suite), CT)
202
+ expect(client.send(:verified_certificate_verify?, ct, cv, hash))
203
+ .to be true
262
204
  end
263
- end
264
205
 
265
- context 'client, received ServerHello with supported_versions not ' \
266
- 'including "\x03\x04",' do
267
- let(:client) do
268
- mock_socket = SimpleStream.new
269
- client = Client.new(mock_socket, 'localhost')
270
- sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
271
- extensions = sh.instance_variable_get(:@extensions)
272
- extensions[ExtensionType::SUPPORTED_VERSIONS] = nil
273
- sh.instance_variable_set(:@extensions, extensions)
274
- transcript = {
275
- CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
276
- SH => sh
277
- }
278
- client.instance_variable_set(:@transcript, transcript)
279
- client
206
+ it 'should verify server Finished' do
207
+ digest = CipherSuite.digest(cipher_suite)
208
+ hash = transcript.hash(digest, CV)
209
+ expect(client.send(:verified_finished?,
210
+ finished: sf,
211
+ digest: digest,
212
+ finished_key: key_schedule.server_finished_key,
213
+ hash: hash)).to be true
280
214
  end
281
215
 
282
- it 'should check negotiated protocol_version' do
283
- expect(client.send(:negotiated_tls_1_3?)).to be false
216
+ it 'should sign client Finished' do
217
+ digest = CipherSuite.digest(cipher_suite)
218
+ hash = transcript.hash(digest, EOED)
219
+ expect(client.send(:sign_finished,
220
+ digest: digest,
221
+ finished_key: key_schedule.client_finished_key,
222
+ hash: hash)).to eq cf.verify_data
284
223
  end
285
224
  end
286
225
 
data/spec/connection_spec.rb CHANGED
@@ -5,7 +5,7 @@ require_relative 'spec_helper'
5
5
 
6
6
  RSpec.describe Connection do
7
7
  context 'connection, Simple 1-RTT Handshake,' do
8
- let(:private_key) do
8
+ let(:key) do
9
9
  rsa = OpenSSL::PKey::RSA.new
10
10
  rsa.set_key(OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2),
11
11
  OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2),
@@ -31,8 +31,7 @@ RSpec.describe Connection do
31
31
  Finished.deserialize(TESTBINARY_SERVER_FINISHED)
32
32
  end
33
33
 
34
- let(:connection) do
35
- connection = Connection.new(nil)
34
+ let(:transcript) do
36
35
  transcript = Transcript.new
37
36
  transcript.merge!(
38
37
  CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
@@ -43,39 +42,44 @@ RSpec.describe Connection do
43
42
  CF => cf,
44
43
  SF => sf
45
44
  )
46
- connection.instance_variable_set(:@transcript, transcript)
47
- connection.instance_variable_set(:@cipher_suite,
48
- CipherSuite::TLS_AES_128_GCM_SHA256)
49
- connection
45
+ end
46
+
47
+ let(:digest) do
48
+ CipherSuite.digest(CipherSuite::TLS_AES_128_GCM_SHA256)
49
+ end
50
+
51
+ let(:connection) do
52
+ Connection.new(nil)
50
53
  end
51
54
 
52
55
  it 'should verify server CertificateVerify.signature' do
53
56
  public_key = ct.certificate_list.first.cert_data.public_key
54
57
  signature_scheme = cv.signature_scheme
55
58
  signature = cv.signature
59
+
56
60
  expect(connection.send(:do_verified_certificate_verify?,
57
61
  public_key: public_key,
58
62
  signature_scheme: signature_scheme,
59
63
  signature: signature,
60
64
  context: 'TLS 1.3, server CertificateVerify',
61
- handshake_context_end: CT))
65
+ hash: transcript.hash(digest, CT)))
62
66
  .to be true
63
67
  end
64
68
 
65
69
  it 'should sign client Finished.verify_data' do
66
- expect(connection.send(:do_sign_finished,
70
+ expect(connection.send(:sign_finished,
67
71
  digest: 'SHA256',
68
72
  finished_key: TESTBINARY_CLIENT_FINISHED_KEY,
69
- handshake_context_end: EOED))
73
+ hash: transcript.hash(digest, EOED)))
70
74
  .to eq cf.verify_data
71
75
  end
72
76
 
73
77
  it 'should verify server Finished.verify_data' do
74
- expect(connection.send(:do_verified_finished?,
78
+ expect(connection.send(:verified_finished?,
79
+ finished: sf,
75
80
  digest: 'SHA256',
76
81
  finished_key: TESTBINARY_SERVER_FINISHED_KEY,
77
- handshake_context_end: CV,
78
- signature: sf.verify_data))
82
+ hash: transcript.hash(digest, CV)))
79
83
  .to be true
80
84
  end
81
85
 
@@ -86,16 +90,17 @@ RSpec.describe Connection do
86
90
  # used RSASSA-PSS signature_scheme, salt is a random sequence.
87
91
  # CertificateVerify.signature is random.
88
92
  signature = connection.send(:do_sign_certificate_verify,
89
- private_key: private_key,
93
+ key: key,
90
94
  signature_scheme: signature_scheme,
91
95
  context: 'TLS 1.3, server CertificateVerify',
92
- handshake_context_end: CT)
96
+ hash: transcript.hash(digest, CT))
97
+
93
98
  expect(connection.send(:do_verified_certificate_verify?,
94
99
  public_key: public_key,
95
100
  signature_scheme: signature_scheme,
96
101
  signature: signature,
97
102
  context: 'TLS 1.3, server CertificateVerify',
98
- handshake_context_end: CT))
103
+ hash: transcript.hash(digest, CT)))
99
104
  .to be true
100
105
  end
101
106
  end
@@ -109,8 +114,7 @@ RSpec.describe Connection do
109
114
  CertificateVerify.deserialize(TESTBINARY_HRR_CERTIFICATE_VERIFY)
110
115
  end
111
116
 
112
- let(:connection) do
113
- connection = Connection.new(nil)
117
+ let(:transcript) do
114
118
  transcript = Transcript.new
115
119
  transcript.merge!(
116
120
  CH1 => ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO1),
@@ -122,22 +126,27 @@ RSpec.describe Connection do
122
126
  CT => ct,
123
127
  CV => cv
124
128
  )
125
- connection.instance_variable_set(:@transcript, transcript)
126
- connection.instance_variable_set(:@cipher_suite,
127
- CipherSuite::TLS_AES_128_GCM_SHA256)
128
- connection
129
+ end
130
+
131
+ let(:digest) do
132
+ CipherSuite.digest(CipherSuite::TLS_AES_128_GCM_SHA256)
133
+ end
134
+
135
+ let(:connection) do
136
+ Connection.new(nil)
129
137
  end
130
138
 
131
139
  it 'should verify server CertificateVerify.signature' do
132
140
  public_key = ct.certificate_list.first.cert_data.public_key
133
141
  signature_scheme = cv.signature_scheme
134
142
  signature = cv.signature
143
+
135
144
  expect(connection.send(:do_verified_certificate_verify?,
136
145
  public_key: public_key,
137
146
  signature_scheme: signature_scheme,
138
147
  signature: signature,
139
148
  context: 'TLS 1.3, server CertificateVerify',
140
- handshake_context_end: CT))
149
+ hash: transcript.hash(digest, CT)))
141
150
  .to be true
142
151
  end
143
152
  end
data/spec/encrypted_extensions_spec.rb CHANGED
@@ -31,7 +31,7 @@ RSpec.describe EncryptedExtensions do
31
31
  it 'should be generated' do
32
32
  expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
33
33
  expect(message.extensions).to eq extensions
34
- expect(message.only_appearable_extensions?).to be true
34
+ expect(message.appearable_extensions?).to be true
35
35
  end
36
36
 
37
37
  it 'should be serialized' do
@@ -55,7 +55,7 @@ RSpec.describe EncryptedExtensions do
55
55
  it 'should be generated' do
56
56
  expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
57
57
  expect(message.extensions).to eq extensions
58
- expect(message.only_appearable_extensions?).to be false
58
+ expect(message.appearable_extensions?).to be false
59
59
  end
60
60
  end
61
61
 
@@ -67,7 +67,7 @@ RSpec.describe EncryptedExtensions do
67
67
  it 'should be generated' do
68
68
  expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
69
69
  expect(message.extensions).to eq Extensions.new
70
- expect(message.only_appearable_extensions?).to be true
70
+ expect(message.appearable_extensions?).to be true
71
71
  end
72
72
 
73
73
  it 'should be serialized' do
@@ -84,7 +84,7 @@ RSpec.describe EncryptedExtensions do
84
84
 
85
85
  it 'should generate valid object' do
86
86
  expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
87
- expect(message.only_appearable_extensions?).to be true
87
+ expect(message.appearable_extensions?).to be true
88
88
  end
89
89
 
90
90
  it 'should generate valid serializable object' do
data/spec/fixtures/rsa_ca.crt CHANGED
@@ -1,29 +1,18 @@
1
1
  -----BEGIN CERTIFICATE-----
2
- MIIE4TCCAsmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd0ZXN0
3
- LWNhMB4XDTE5MDUyMTE0MTAyM1oXDTI5MDUxODE0MTAyM1owEjEQMA4GA1UEAwwH
4
- dGVzdC1jYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhDr6JVtpPi
5
- FfRy/1WCfwEEHy1zKDXkrjSUYICdXP2WhaHBfL0k2sk4q2uRxEJl+st7SkGPl307
6
- rFsrVLsWlRumVB7RuQ1ayvRdWTiOaEqRWtsW6f2IxKrv89Trh89gezpenbZ9RyIx
7
- Kr2CMBEHLjxI3ON0x7ok18c/8eIVJzIjSo7cuCiVaSTlMS6Hj+XGtAzjLgKRojeR
8
- meeuRzXatqZ6NGqjyB0u+Fg2Erijm4n5IIQyZrIyuIkMYak4pXZQ/9KMOsAoLHFc
9
- OBKakkLFpRvaYWTg1zilGz7fdJrFHl9B5SKYstXYnjjyXEw91lYKxSO1MgZjqyJ8
10
- G4GX8Lj0vSpCV10zRMPDvuuIUW3G/lyY6dZYWROuUGfRD0ithL6yVnjkFKdJ9YkM
11
- pc/fN1llDEjcvxDY0yfPVRVIJtQ4Xy0txZG2G8Nke9rD1m7+wAegdrgiSP9NlbkR
12
- /ALbw2GrUWVtR86HkrzADDvVsg5vSbSRf2pfgJTr37tl25QJ5EfHk9i2H2v0wcQ8
13
- 6DN7gYtd45jD9N4rqfRgG4qfQ4wIGkSSRBZfE9CBRYwrL6frUga6QZgYkaxMcdQG
14
- PVttF5WQwcR4blsqZ6n14dCjJkNWJ56qsq+bzf4WENB9SAZpKHv4rekfRUw7ZVBB
15
- Secoisg/rbIkWFlnpSwyBWUhdGJ3C6mHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
16
- BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5rnZ4ZxbSKb4Py7wA+/a9zCbj
17
- RDANBgkqhkiG9w0BAQsFAAOCAgEAbVYmzqfBrgl1CsAnTEKQW4WQGuPhrzWuAYm3
18
- joVNDRzC3pkfHzt5/1hSJsqf9GA3HH+bDdStm0IB82SgycvSccqoEN1in8jwC3pi
19
- LJSfqXf5qVonJtotfr4lkr9ay/wbsqsnEYQtkLafhT+n4/2cu72V6OJJBKldlqGz
20
- Iugwx+3Dv8ZidtX7VQWkd0tyioxcTYaXQ3QvQZZXQ+wbuNOvTIlbmhZasR3jhSN0
21
- ytEFS9qWZ5MS95jO1FWdStCvHA5abi5JRW7sGHkkkNXcFB0jgCLbmQlHIXgM3/sF
22
- 3SJQPCil0wNE1wWWemD5BikAIN7F+WN1uAQ21AA8QXlpjDCKj+XAZDmTvS6Ttub6
23
- BUqsxaEmz6A8mkqeL55FDEsQ8KpLHcAa9/RviuGequqiV4mJdP92oebGLaTeOJxD
24
- rxxZjPXFrBkZ5UXjwdFdkNaIgRe7hza1N5SljyxzkXwG5iwA/4/4qoP0kkyC+ReR
25
- 16y0t1papARFR47VPn5IAS9WRHNg7jklBkN1kwFyQR88/hi3zNPKOd4x6EN6HeC7
26
- 8ggPXFKNShSkNz7RF/OxG4kEPaHva/U+tdZzid3/LlXYh6+eIgswFSLPMTAusPcu
27
- Lx9N5nEmeIwTqrZGn0jCodsM7fYmqU4nmuEIUHjPTp+D1Vt0+c8ZxRy34N9mQRyE
28
- PcAi66U=
2
+ MIIC6TCCAdGgAwIBAgIJAPCDjtGMCXxLMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
3
+ BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDEyOTA1WhcNMjkwNTIyMDEyOTA1WjASMRAw
4
+ DgYDVQQDDAd0ZXN0LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
5
+ uL67dHTIZa/Lv+q/k2cTdXUyARn8EjKYWyWCSlJ9ixm9og5OudrqtjncVEf7m8N4
6
+ cZ4BRztZjHnhFSmaezw79siK1e8/ZtNcKy6cQ6CirmZ7JgHhUTJTWVWqW2k3xp10
7
+ Ur+fAUqOqV+v1iYlznbZSFyV9jkOKQd/kJwUSCpcd1KNDgTjeRI7h47ppAss5QdF
8
+ 8GSRnqa+z4yar4cc6zEEHFyvO/MES0rGN+wQ/aZ2Q5RC5tOACLsEndyWjiwnUSYX
9
+ IpivEAb/MUoSsNN3okhBL9VUzIyhy3oLUcvEzUXrdHgXjkimISE74kOSIEqD/Mgh
10
+ YbBOa/7ZZZeXjGu4tfoWpQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
11
+ AQH/BAUwAwEB/zAdBgNVHQ4EFgQUrMJjif5NxggfH013nhJ6vzK21hIwDQYJKoZI
12
+ hvcNAQELBQADggEBAHNSeg80fBBbFmNQaRDCmAratdBVgXPfTwH2LF7OUZh2JJGA
13
+ n/H0m3mLFgfunQhYgWh5/6T71xWx/A0pAI73WDA/v2UnMUkNcJ6DttUEcRmhZJ7+
14
+ nmu2Ym4LN3dTvMtNe0/6Yph+6PR8cP56HvSu1vIxQTjN3Dadjop92k98hxbX5iVp
15
+ I74YZcLyOYqWWp1id3lF0ro7uyW6dcxUJTf53LXHlGNrIiUj07ThX/wCKBS0yw/H
16
+ +TCUdykUoiBCwgrl+RAn9EE1Hjt4D3q/vlZwzzddFds3kvP97CdjyP2M/60Ff9po
17
+ Bdrqsa1vegwvAk+hRgocvrH3TPJslfycAada1zw=
29
18
  -----END CERTIFICATE-----
data/spec/fixtures/rsa_ca.key CHANGED
@@ -1,51 +1,27 @@
1
1
  -----BEGIN RSA PRIVATE KEY-----
2
- MIIJKgIBAAKCAgEAuEOvolW2k+IV9HL/VYJ/AQQfLXMoNeSuNJRggJ1c/ZaFocF8
3
- vSTayTira5HEQmX6y3tKQY+XfTusWytUuxaVG6ZUHtG5DVrK9F1ZOI5oSpFa2xbp
4
- /YjEqu/z1OuHz2B7Ol6dtn1HIjEqvYIwEQcuPEjc43THuiTXxz/x4hUnMiNKjty4
5
- KJVpJOUxLoeP5ca0DOMuApGiN5GZ565HNdq2pno0aqPIHS74WDYSuKObifkghDJm
6
- sjK4iQxhqTildlD/0ow6wCgscVw4EpqSQsWlG9phZODXOKUbPt90msUeX0HlIpiy
7
- 1dieOPJcTD3WVgrFI7UyBmOrInwbgZfwuPS9KkJXXTNEw8O+64hRbcb+XJjp1lhZ
8
- E65QZ9EPSK2EvrJWeOQUp0n1iQylz983WWUMSNy/ENjTJ89VFUgm1DhfLS3FkbYb
9
- w2R72sPWbv7AB6B2uCJI/02VuRH8AtvDYatRZW1HzoeSvMAMO9WyDm9JtJF/al+A
10
- lOvfu2XblAnkR8eT2LYfa/TBxDzoM3uBi13jmMP03iup9GAbip9DjAgaRJJEFl8T
11
- 0IFFjCsvp+tSBrpBmBiRrExx1AY9W20XlZDBxHhuWypnqfXh0KMmQ1Ynnqqyr5vN
12
- /hYQ0H1IBmkoe/it6R9FTDtlUEFJ5yiKyD+tsiRYWWelLDIFZSF0YncLqYcCAwEA
13
- AQKCAgAkAWXibKk+gGEV4RqvlM5IXovRD719um+n6o5o01cGXlFCaFJ9iyQNSbuF
14
- S3h0GQVGmZLK+Mn7OJvXPMJTxHfibT/mvchRKbqawVrbyEfsujZstS+H0R/M3xJg
15
- Op3REeNCZpaewCAUOFNHsJa/3Q1Vzk8LSxhz8RsQ3hffu45rJ6Y8ADkkBP4ErZxM
16
- oUSm+4rXMdUdv2NZRGQ0d0OG7HPgV+TCKbrCqRjx86740U9lSH7oFgknLO4OKZMz
17
- w9PhKLa0Z55bSf5VMFXsnLOTxJccuDFrytuDQA/w2y0nyPjEWFXzyq63Rpq0Ofd7
18
- FmI5ceVPsupRgUxBcsrVKeFp4rjLobx4sEtd568XOf+6QkeEnPSsbgZR3JDlG5g8
19
- 2/aEVAQtk9KZ5DBw3AVj+Hlj6xADCn9hXifafKOFoaSC1RiZRc8MWrfh3PU9px4y
20
- GJqZgHWsrrzqTmyYuvvSOrHVF/XB05xKmquuRnkqhf7P5qFvaRThtebUXhDHrrED
21
- JkY16Y3GI1uQwpQxt+IzjzGKLPLXmP16bP0hFwAg4GeTcmPC9rwypDx0MnFrlLIW
22
- jXyVCESD/dsz8mtI+c3fJFpKzFf2t98jPc0zXmEl9wd+fayNXvr8EwIK0OZqpzpw
23
- Niq3+hv3oq2sTabStxnd4A1HFdcay+ZjW+RTQ/Gzipmke+yHkQKCAQEA8wQcl6vU
24
- CbXRKPIeUQj7kE+xLBh+fy+UscYvXz/pDq22tVRIce3JQOs8WXO+t/3jwigTRote
25
- 4b/JFPSuPRLouvixtrzHJawjq1tBB2c24FeRPnUxvamZ9MklHtJH89ggKkogeiBY
26
- RCGRryPHTSzrOv6WXzyc85BmhuW3anIxMIOKMAIz6NJ8MSYJPr0LxzlJbxaakJUr
27
- fCWml/n3cqR6Ytlw6HWr7HiqIf2ucv4F6ywgLaKGuSx5B7cPIrsAeWIKjI+W0eu+
28
- BC6Ng+1s4q5ahbNWOw0Vdt6Wj0H82sK3XtCkeJl0IKcNjecGuw4X+2UlmAVyld8c
29
- J2oD2Or1qjxI4wKCAQEAwhv9Yk2blcrp+TN8XA4cDnQio9x40dY553wbGdNxHaHF
30
- GerqkARzJHtyLkxAltP68YVIENYvbh9tcOySTHijors9cDvADogtMW64mu+z3OJ6
31
- Phzyo1XPFHjE5j2/rtxZL1uXcaJZ4syy4h8DGKZw7dOS0OB9aNWNvB9yDAwsGs7n
32
- T0QJ001Z9LsZdRRGC7XGCgqx5509O7wpBoTLrb6bzAo5WGj1i5y+uuskidE2zn5B
33
- DlVsOs7IeytSXPbY2Mm8Plq6Av7MAewb0RwFU2NLq5t0cgXre07xF01qQkEup552
34
- dG27z60Fc3HPZbUoybJyVyAFMxgpOWfavYnNmnQSDQKCAQEAzuvyWKcDjh0VcrLu
35
- Y3utkEx7BJv6odtm1hR1Y7osfMYna7DPWsro8XEbWuN2Qn5Zf4nWF9w2NyyxUDmj
36
- XveJ2SJHV9zYCVjQqmiyL1aQYGfPkYoCh4cxQ0A+bkcI4zVk9f1WOAbwgVrADIv/
37
- eNRFm18JtSAMWEvdMQHKskV3YuKuOIC3qIgJHWRQvO4FaGZ8A64QgAm0FCqO9pru
38
- OtyYJTEWtaj0cg6wdu7lqp5ndb6Fy7W211dp2srhhWYLWk/DwbnF5wq/Khplfy8b
39
- 5swk4fE4/GEApM2VD3hVkAP6VS58zP+E5QS5QtmzXnT6sKGIaDBDSB/IfjsD+aDe
40
- +0wHlwKCAQEAvwCbzGdheXw5zyWCcXLQ2Mgebe88U/7g64+Le1Y8MFRGhsJKHXzD
41
- cFqoeDZAOCpO++mSiD66XTo/jqa7LtRm8HIeepnQ2nvVPJcewBaufeO9NfF2MJL3
42
- OcW8unJ4c7APcjJGS2Ld3/Zc73Rkr5TX+q3+AdtkjAvXdA3dQ02W+KovoifpIysy
43
- IUcaPcK9SjiLrsXnWWm4H1d/ZxK0+TpeQ+CrnPtq4v5SD8viIFrl+zrw+RHFdfiT
44
- /d8bJK8hofCgcxsDfn8Kb7nNhW51LyC+DRbi9nAszyFWyv86WAebyQR8uwRfknNG
45
- sdqDoikpAY++Q00W0LgtmHdBHtDCqAEe4QKCAQEApjCoVd/WiN15LjORmRunJky4
46
- F8tZuyNw1U4Ig89TAQp467IZPFuLiMao+cGf7AropYH3hAG+MnBfbwfgznA5kvTi
47
- anj/dknQcN6z0LIvJxMv+eXWfX50T1h6WXb4SJtfo+NyVuvudF/4mJhhOAMhJQkv
48
- 1THR6qopbeW/Ovf5Sf12xizOhTOJWhsfwXfp5HFo4VBLZkZqFdBgJXCBTiw0YBij
49
- 1BgC1RL8lyC1fuNT00y6ion+O7YYBK4N5JEZ7wMIiC1ToeB9gfDxGTaS7pIoDN4o
50
- KmC/X1MbYqjR4xkyvaz5BAnlqUoyRb9QAgPZlEIT4xVzL89xm9uMyh90sTP61g==
2
+ MIIEowIBAAKCAQEAuL67dHTIZa/Lv+q/k2cTdXUyARn8EjKYWyWCSlJ9ixm9og5O
3
+ udrqtjncVEf7m8N4cZ4BRztZjHnhFSmaezw79siK1e8/ZtNcKy6cQ6CirmZ7JgHh
4
+ UTJTWVWqW2k3xp10Ur+fAUqOqV+v1iYlznbZSFyV9jkOKQd/kJwUSCpcd1KNDgTj
5
+ eRI7h47ppAss5QdF8GSRnqa+z4yar4cc6zEEHFyvO/MES0rGN+wQ/aZ2Q5RC5tOA
6
+ CLsEndyWjiwnUSYXIpivEAb/MUoSsNN3okhBL9VUzIyhy3oLUcvEzUXrdHgXjkim
7
+ ISE74kOSIEqD/MghYbBOa/7ZZZeXjGu4tfoWpQIDAQABAoIBAFlvC/QubKy9U5dO
8
+ nvtOlN7xowlheOOeVp8ZI1+zW08xYNnIr1fNoH4iuIScbDNVh0MJSHkhRBJ7FflW
9
+ sJAj8qtfHca/ESRIAYBuCfu7EcX3mnolwtu5zxuaGuQxpWyi4KMGXIUVgMaBqe+z
10
+ e+3dHwamu3n82NwH4zswM6lTyHuCScvLr0d/Bbjq6v1pNfRhU58L3RNKDrhETrSA
11
+ aQNEb7Z185q/B/dbDB810pcLaZ5ALbrM89sr7wD4ULPiAgDI7fX/0tK1/Dg4nQzJ
12
+ 6j3qrPoR6KdMmiTdtd2/jc3sRbNCBvzsakcGH/8V/47+8ysYGey4T7zBruvJlqY6
13
+ tNkGEGkCgYEA61TM5paQhtzP62cK3b68KhBXFqxov0uV4kVuQFK5jBVVslpExnWl
14
+ Zi+/YXJOOMt8oXkkWeyR2GmBl5BYYiUYfwZHkVWyImDfkYA5dyIpgoB6kGPANaqi
15
+ 5J+NCdj3PKgdYSZ7HPnm/pTen9m3Q/Dv5hjMj50Dd+CkJP7qKBavUDcCgYEAyPiM
16
+ k1TgIvSvoVxCXi1yyuxOQgiiAaCBACiEyBpJYu13lVl4H9ziRMnhsXUv22ZsMd+Z
17
+ HW05gMsn+EKifDBWnQqZT8ziRiFXoPylHOOOYbDVBjYMyTOT+ma9OZhJbL+bfTyC
18
+ SjPkiZgIkPRUtqEYsgXZhrQd1qux03rrjUSGCgMCgYBWM3vSwzgxjlTC/72lOCao
19
+ qc+cyI6d88v1VEVsXmEFBROc/x/OKm3pnnfV9A7fEvqWE0/TeKp7wTntELyvRrNQ
20
+ ZDZ28BMOMLn0DCoAj4zw9qrulPtlLRn58M+y2bzGhTYtzfCuzoNkoZdiqldNFcZq
21
+ XI8h0/vfP3Qg8RdIk/anxQKBgG64UGpTFnDrsV8Kvx23mEiny62hp++Rh8CYkh7U
22
+ LJ4uCfXkJsQXIymWt5rW3xjW4sDPWUHXDRkh09F4lKAq2W0Hi9NlIzxT3j05M5Yo
23
+ 4CZ+D76uRHkMy3fm5lU2yyz4mydyEK3kzQHpGr8RfSJounxJsL//t3ivevbx/5gC
24
+ qn4VAoGBAIX4k2ugHMPs2R7XVeieURm+otH9QJX81CgVyiLTN67je/0h3bVzmqcI
25
+ SinujOpR6x+Xvc1fMfLEhDkKfO9L+iBAdIb7kd8lQXAdIrgUGhORmvAl99aRFLCC
26
+ 1FxaU9P9lk/WMXhuIkq1DmUAHzZGAz+/JzPiXezdo6POcPLoRri4
51
27
  -----END RSA PRIVATE KEY-----