tttls1.3 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,23 +1,18 @@
1
1
  -----BEGIN CERTIFICATE-----
2
- MIID0TCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd0ZXN0
3
- LWNhMB4XDTE5MDUyMTE0MTAyM1oXDTI5MDUxODE0MTAyM1owFDESMBAGA1UEAwwJ
4
- bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy21id1l6
5
- qLzJ+f6GdBhFeJWZ2w2AQaWCVzUHnBbfd1myPpGRMoHZfpESaI6TIrj6uIWAFDOj
6
- EWTvmbfbxGZyElXvqRO6dipb5KBQGMHB+lgR53YxQp6D3DI7e58/YqKKnc2iwEaK
7
- f7ax75lJZIyWJXimw1Gi/kUr60POdsRH6DmTzcW1cui6FMnBRHXkeOwudzTKJAOl
8
- Zs4y9LuqkQbBN/mrgkraBu7XxmOhgWb+ejflzh98tLiCuNct/LIOPSwrVWDD1yE6
9
- uOnEYo0zXaAN5TgJZLEvlfr3nZ/zDg2ifv9IJJoEdF9xwwFGFt2vAsCcP8NPDYFJ
10
- QOUkEFPhHIfLgQIDAQABozAwLjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAUBgNV
11
- HREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggIBAH8eKO0uRCh3GjDT
12
- SsVBC6KIkqGibW1vdSzSIm/mMfRzhc0L5FD8vv4+gqeUD0hQr461oE8syTy/MnMY
13
- cnj6W6G45pitF3PQUPxIUsAU0u/OcVkZpEy8B+uozm4Zem7KpRD7N18YUwJLT4Dd
14
- FHeOCHu41aKxIcu/nFmklYRFp4v9WPOZiIktgMtub7RAYkb0+SXY3pNyPsUK0NL8
15
- 70yI0WaA5b2cxw0R3KUdwwyjuDctq+VYuLgAzeoWNmbhDBA2pIwsgndnUD9n0VWf
16
- JMYHNInyOiwkMTSVc0OI5nsYNs3sTX++rIIgsd0kA4T4hcfnx0fqiZCjUYRomXIR
17
- jDKOpDs8JVMFEiUS+uKAwHfEjBRM6IvrvhB+s1wNDyw1OafKATUmINRheKFMRg9s
18
- 02Ihr2eYAIfYtwADV3NvjEReBBJOg0VHyG1lUQyhji0EQIsZB2qaeExxAmPHxLvn
19
- Au8qhHz8tKGQAsCzq41EAIJHOEXoP2+WzH/tOio7G7Pv3vrCpi/ALpkBbL7FL4l2
20
- FfDzYGTibmOsKkeDf+h58uVOYSEDJLsWcr+dkAtZNxE2X8PCYs0G3S07QBEldcjO
21
- a0S65vIALLJFGnLJw6bJd2xLNH1xRkMQK4n0UvzPP7Q8b1c7w+XsYs9WG1s2R8Lo
22
- GcVsYp2SnqonWcM6V2pXcKCIFY3K
2
+ MIIC2TCCAcGgAwIBAgIJAM8aTIrMzHgzMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
3
+ BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDEzODAyWhcNMjAwNTI0MDEzODAyWjAUMRIw
4
+ EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
5
+ AQDb9cGc2hOrLp3VWpxw8WgDqEL3LzZ5a6iYwibeR4AEB5FJLhS3Wvxa1xOS510C
6
+ Kyfk/0znJvN9y+C8tFpB1BAN1OpPvaMPcYWx9CfEeoXaA5+QtU0MWJV7uYMtEUEx
7
+ mEOvDKK1ZvHhw7xUzwcJTFRo6ZY6LqjiozlSPkTrVRIWoy7qEzXnOza36xX18xVt
8
+ azvJBBudtTrjjBfQv2DJdF44icWqOBvAwg54BAbaH3bZ1WOg5oRnOPeVumYbPBsl
9
+ dCDs67S1+RHKMEjRTk7gzuGog9lxJVMluU7iyreROD9+GvJEY3ra2KH96rtIgzo6
10
+ KFHlC4Ih18zRfJZePgMGi5zVAgMBAAGjMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQD
11
+ AgWgMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAjDs
12
+ 4PgPL2Tn8+TxFWEPjh3VUB2kNyYK4LFA/ooN81pDLmm9/qc0FcUs16YQIqYdZICc
13
+ vE83z3RlTmSjsynaRXxYh0VGVE2g2pWiPzEGTGE5HJy2JOtidMiacskmvetbTyYd
14
+ TLdTEFiAlXF9e24OanglmFr9QnA/Z/zQkuIb4t7KN8Dufsi3ljkoJ+puuPxrEQj0
15
+ 4BfBo381jK5WULHJ2G9pz5pvy1GZLfj1tQyG2wkI/vV2tjFN+LLO7NCY3V6RjvEZ
16
+ bH4ZdAQz9fbbp7eCXImP+OJYt97Q3RZFJjUWhmh4qFebelkeN3RnmWSFrgjh0O67
17
+ pyNwVv0//MYIEhMUVQ==
23
18
  -----END CERTIFICATE-----
@@ -1,27 +1,27 @@
1
1
  -----BEGIN RSA PRIVATE KEY-----
2
- MIIEogIBAAKCAQEAy21id1l6qLzJ+f6GdBhFeJWZ2w2AQaWCVzUHnBbfd1myPpGR
3
- MoHZfpESaI6TIrj6uIWAFDOjEWTvmbfbxGZyElXvqRO6dipb5KBQGMHB+lgR53Yx
4
- Qp6D3DI7e58/YqKKnc2iwEaKf7ax75lJZIyWJXimw1Gi/kUr60POdsRH6DmTzcW1
5
- cui6FMnBRHXkeOwudzTKJAOlZs4y9LuqkQbBN/mrgkraBu7XxmOhgWb+ejflzh98
6
- tLiCuNct/LIOPSwrVWDD1yE6uOnEYo0zXaAN5TgJZLEvlfr3nZ/zDg2ifv9IJJoE
7
- dF9xwwFGFt2vAsCcP8NPDYFJQOUkEFPhHIfLgQIDAQABAoIBACPC4fl7OG3ralJR
8
- ZU+JaMUO/5IbqH1h3Cz6fJD7EGPJ1+TZ8D2ByDtQw3yv+7ux6xl/Fon2necT6G8M
9
- fEzleY4xn0UI29GkFq11ZT9E6JXa36LiCzzb4vBVwFE2KI1tZ5LgMIk+nWBgPJ2T
10
- Q+yyLj7+G8rgUhgDDvp33BbS4JU5IVQptwdC198e0/ISwSKt04XCQ0zyq7rEvwNj
11
- 0DV+rTPnpvpiguNvqva31BFZOmFD0DyIkacX/SXdpVv1I8RDduF2c5aLyAQMcIVR
12
- 8AM2dXV6kuJHW0IugTw8ljea9ph0m3TGQrrT5dbIb1qWSwSGFIwMiRk9qaA5XXc3
13
- SdXdK8ECgYEA/L87aFb+i5EjB+uC/W9rEUc3jM6mu6AjxqLdYtZYCaMTc60z0OdA
14
- aU37sGf9pClSYB0zhrYQl4IzLcKbzb9ULy41H38NwVgi1h2AwPzHAoDdMou326DJ
15
- zwgYmRHAr8MG8cup2z6Ymn4K479RX9N2Si1H6yywJ1GHdJ/oUPtmqlkCgYEAzgum
16
- j6jLVkRlkpjzL8yIYCV72XiEHfCEp0oYVBldnqjmmTNtLXoxyfy11CRtHTMBh+fJ
17
- tx5qrJ9CI0FAw/XIoKbGNIgV/qi9DWIrU1r+ULLQYGT6icNsf+pkWC5yoRwc3pJR
18
- NUBiUt2hydf3jaC5BUD3CvUhryASst7Q6JtztWkCgYBmSZJmYMa1fzB5NRQXMy9W
19
- l8bggoWx61ZvPlxwcqTAibIGn7MXuW807u2McBmThXGkGk1PGIHQf03tGBRsCSGt
20
- 0nqHW6kadWvr0ZbZA7QazEI5AZiQFxt1YSZrVGbx+vDljHIam9Owuo/3qebp7C+0
21
- R20SvUwxLWqvhUPE+mmLSQKBgG51tH+DoC7JUCK9OHJBlkLlFXZKs5lRXexJPq2n
22
- Q5dROP6coUUmIxcEEX5/YLespn9zdaJj/hA4+L3pt4zWcQ4fGlcDNbdmQqOwI0X2
23
- nCwrEKb8u4urZrlUsSLNE8rnRVrU2hBQSeXex2NsElys80OrxkTrkXlPGncmGJz6
24
- 6ZcxAoGAbFH7tKXJyNRXYdW7hcElCVSsFS3gaSwoBXIvXNOVlYEx2T1TpRE4HESc
25
- a7PvXYr0UvkwHFk1Af0AX++/MlTWUWbftufMOcB55hI7Kf7OId+NTTtufY2sRTVt
26
- RKLyfV7mPPmJS4HqksGvueiX4rfl4N4/WRVVWyEgIyrXkYgMmQQ=
2
+ MIIEpAIBAAKCAQEA2/XBnNoTqy6d1VqccPFoA6hC9y82eWuomMIm3keABAeRSS4U
3
+ t1r8WtcTkuddAisn5P9M5ybzfcvgvLRaQdQQDdTqT72jD3GFsfQnxHqF2gOfkLVN
4
+ DFiVe7mDLRFBMZhDrwyitWbx4cO8VM8HCUxUaOmWOi6o4qM5Uj5E61USFqMu6hM1
5
+ 5zs2t+sV9fMVbWs7yQQbnbU644wX0L9gyXReOInFqjgbwMIOeAQG2h922dVjoOaE
6
+ Zzj3lbpmGzwbJXQg7Ou0tfkRyjBI0U5O4M7hqIPZcSVTJblO4sq3kTg/fhryRGN6
7
+ 2tih/eq7SIM6OihR5QuCIdfM0XyWXj4DBouc1QIDAQABAoIBAA6EEGvuhF/Gqsna
8
+ ufpGJCwhnZG8fubScQTrwy7mHw+lBDSFIv7atU61ZOhL9npfKLnXE1cp3eXOX510
9
+ dYRkn06aX4A1rp4lSsJsr3cq8sxpcs1U+am36t2IZ5zAx8GjH8xclBxOl+XjSfl6
10
+ 1CcL74Ig8DYUwDZ8uRqxW1EAgzoVGXTMjXqEtP+X3WcFP/XNdzGWeFheowk0iwOn
11
+ DIM6tIELbExbSK8RxhTrKQKv+rTm373ntwSrtvDLlAz1kR9p0a6XeeAn3VVkVYaE
12
+ cu6MRuA2b24EYcEDQgbU2KsUke2vZ1i5hl5ptuc8+iubXCj2SICilBeVQNXLIr2j
13
+ sIzd8x0CgYEA+nH5IIt9pnlqRkFm8Y4bH4cvTk7xMWKj1tuRvP0Vdmw+KsqCxWNR
14
+ w1KuUZ0tj6lzQez0o/jpFWqtxDTV5r3vj/6nrFcLXClENe65pQMByaduoKUGn6VK
15
+ lE7xO0JMRRIqPwRH3vyazcUuVnFtPToBfV82fSvKt9R/xb7lTA8cWk8CgYEA4Naw
16
+ LLwIaL8Drq8BCwJUIrSuZCKcS8542AA+Qz3ivTIMbZshiSE27cLTurFQhpjC7fu3
17
+ V3DQWbQLk3wdg3wAVA7uADlqwCY9SdKo8HstUBaM/GVgPSfxEIRohSHN6KY5NP0r
18
+ tAWKDEcvfuiiV+YFtwz1tXVZl0OpvRpRxzYHYZsCgYEAsziqkjqgYWiTv9D/zS7n
19
+ hAlmtgBSJAg1vQUF5xupp0RQvKiNKponocJiUq9LMnqNq4jZjRoMGrJrxXQV+njD
20
+ neUbsn3b+EjjskCzAz4Con858KYH9mj/1OAlS0XndKpKJyx2DkHwuf44ac3j4aPH
21
+ +yMOyEZ1XFYqVaWFS4eov4sCgYEAppvwaPXddWE2pVdhenr7RcyF/gX3s+UIf2eO
22
+ u908C97ufroaG7fVMFLS+uEyPsssh5WjwtQCULaubVfntutIgwGdM+VYSZMMj4vf
23
+ THS6m0Jarx2gNzFF3WuA2Ea4gtHKSo3guMHyDi8h7vUMd/4n9gFQgmq3PPQS7+J0
24
+ /x32UkkCgYBboPnH4jVSqN0vfFtvsGhxXW4lxJQab6bMQ58DvhitKh8O1r+WCbCY
25
+ ynhyc7ne7DCLfyH1Blv8jG+tjBNaDQgoGIuJ+Bpmwon0T2hUqCQbts12a3ZEffP9
26
+ Wmk8MKKy7fu4RDFh0KHai1Fqa3AmVn8Jhq+kCGbueSOMkRwy0tCetg==
27
27
  -----END RSA PRIVATE KEY-----
@@ -0,0 +1,20 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIIDOTCCAfGgAwIBAgIJAIRaPtlbsnO/MD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
3
+ AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMBIxEDAOBgNV
4
+ BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDE0MjM2WhcNMjkwNTIyMDE0MjM2WjAUMRIw
5
+ EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
6
+ AQDW7BNlVE8xg7M1VND+HwpmDF5v2F4GtKhD/c79Ge6bnXa1GPyvLV7FpVZdCtkz
7
+ VfNF50urICV2TzlRzaTu4uoM9DeZRfmI/YIk9PSqLXiqmjpd382B5BD6EzDmHKNr
8
+ 6HrkcMHrMfsif7hJkCIofYh98Kh5L5c/kS6fzNXIbOeexq62cVB+835+xCXQHNGN
9
+ iLijlmhi3sEbBoI+GF/aiYt+Nz0X6mfPjHdSoZrbY5biiBeYG91fw9nmli/eV3nV
10
+ VMlOD3O+tDZo/A2QlZlG0UcIn4no0KFKCZNZm0H5jF9Q/S3o+HcjvWAtg7phk8qH
11
+ OVlzrgaLH8RVERIUJHflSQOlAgMBAAGjMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQD
12
+ AgKEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDA9BgkqhkiG9w0BAQowMKANMAsGCWCG
13
+ SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAayq/
14
+ jL1hEkL+tguCdfn80mYQKxeteFstJt+cHKKrfpqPmxm/ponGsUK/64tziPIazWgI
15
+ jkoNH9JZhZ+H4Gy3hcUr5emK+o2swqWT1xzT4/6QtCmtSJeXPD6Jap2v7HpG+xeM
16
+ V3tIuSrIwv5Tg80p1waDWodlXJH1G1raXZ/wzBlx+QH7BRPuUrOMkYQlVPTvXfjD
17
+ SRSz7zHe5o4zv5nQMU8qA4e7X8ZE8nFUjptSwg1nx1TSdGAMHiZG/QBAH3CKqQ4p
18
+ jzJJS3cemsjrW7dq4TfeFGHWD1oE3/Q6LzvtLVIyRGU+GTjP3ltJ17KxSHraGg8V
19
+ Na3zecUHuS+C02ovFw==
20
+ -----END CERTIFICATE-----
@@ -0,0 +1,27 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIIEowIBAAKCAQEA1uwTZVRPMYOzNVTQ/h8KZgxeb9heBrSoQ/3O/Rnum512tRj8
3
+ ry1exaVWXQrZM1XzRedLqyAldk85Uc2k7uLqDPQ3mUX5iP2CJPT0qi14qpo6Xd/N
4
+ geQQ+hMw5hyja+h65HDB6zH7In+4SZAiKH2IffCoeS+XP5Eun8zVyGznnsautnFQ
5
+ fvN+fsQl0BzRjYi4o5ZoYt7BGwaCPhhf2omLfjc9F+pnz4x3UqGa22OW4ogXmBvd
6
+ X8PZ5pYv3ld51VTJTg9zvrQ2aPwNkJWZRtFHCJ+J6NChSgmTWZtB+YxfUP0t6Ph3
7
+ I71gLYO6YZPKhzlZc64Gix/EVRESFCR35UkDpQIDAQABAoIBAQCh3+Nn8Y1IPOqw
8
+ Y3aZwCVj4TMLyIphQJZvx22sYmi+GmZ7VhuTkXeNI8+dentHWBhH8UKj3C17I4aH
9
+ n3z3VD92jEaIEhU1YcMxNLJGrsLwtAL8C4HMsEs9H1E4MB/CObK99lOIYvfE7y+N
10
+ cJrZpls0iBtMU1T20tGsGGp4b9YwVhDx7TI7E8Gn/gCtc9aMfBTnCSTqlq6RaFoF
11
+ hIYMczBW9mHB40PPbwBtNUyT7+xo1nkyTpI24iUR6UNOKyUVQXgZQ4IAclvvXFIe
12
+ TBQfzi3O6LP+OY+jawkeZho+KvNds3jU/bDkHyHqimtVkkhZFwSe8yf+TDskdVgm
13
+ LF4iJa+tAoGBAPjYmt2vT3ck/1rGJ7eq6VaJWic821h+LjwrGpBCVz9rqndZsREM
14
+ Ww04Zs9aGUEVKXUB5ecSERWO2r+IITXw/QniZWxFTF+iVn+xjNcPBEUIW8/sZit7
15
+ VA2fXppW80gzWCUbY5GAp1lP7HmCf5AYtSEAE2NR5pQdiRZmT6hCn1QXAoGBAN0Z
16
+ zlDJpT0OT2NHoUfK4wvui8AC8MoBYEgeRiLHBFkJkZY1m1si1Y5H5sc+8eL0Cgf4
17
+ JQASdXB+7alg4Lisr5injVz9tgEuMdSJSdV8ULCCMEidQU7JNpsqUlnURBmWFiT3
18
+ o8BKp5cHw5DNaqHReqyP7BvyidUttgYV0EQsc++jAoGAKsf6X/Baxg37RJzaiS39
19
+ 7Z2xfRtuTllrE3cJmxF8tG+LH/ewhFDOeohezHkd7F16Ah6warhlbYJgwxrhMsfa
20
+ iM9+Rk3nom1jV5KrtvFi94dHWYi3y/Po8GqctgYKzzfciIyb4pDutGEUM5Om4JwO
21
+ z7yWmLWk4YPuZIZ0XWYOxEMCgYBS0Su6jw1ZxVZvNZFvtss82Ol3zqIqyEEsQkq7
22
+ FBjI0RC7VvEOPgoH9V64Gxe3jvmC6qvRTxi2PpT+8M673dMYNwp4XoAiCQ+ZMKN7
23
+ V8lRlDJJwL2JqUzO6hdWlm+7tcAtsKShjlUf+USDpK3gVvrAUFh8T2jZdPnNZbZR
24
+ EuWKSQKBgAgDE7sgZZteyyZObaoVFgZIQtgAVR6VoWgrruMmBU4t01Axr5+wmtPU
25
+ w7uutWkPemGf+MbfqjWyjdfR7gIlaPshmRLfcTcEtodUaMGO8PEbqOqENXRrhDag
26
+ OMtrcu6HNKV0YwAjW+r37A4HVRYkzGkF3COnseUIH3sISHklade9
27
+ -----END RSA PRIVATE KEY-----
@@ -1,19 +1,14 @@
1
1
  -----BEGIN CERTIFICATE-----
2
- MIIDBTCB7qADAgECAgEDMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB3Rlc3Qt
3
- Y2EwHhcNMTkwNTIxMjEzMTI0WhcNMjkwNTE4MjEzMTI0WjAUMRIwEAYDVQQDDAls
4
- b2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASCnjcLbROI51SD5Cqv
5
- k7vK5NqfuQY5jJEX9Zvhw0XBQfnpxkUkauFFF7YhWcKkCeMD7iOavg7SdbI8ZsfH
6
- hc1UozAwLjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIChDAUBgNVHREEDTALgglsb2Nh
7
- bGhvc3QwDQYJKoZIhvcNAQELBQADggIBAAAMIex6Q3Quh+ZeO1LeZKPPHrG1rp2C
8
- l9/YzeBfwPR7q8bS0g3TW9XJXsVPrgeQZU6WbsUin4B9ELSKEhpgDCPsAwXO5wIj
9
- a+J0NdB3rX4Dfx/i7Q+EH2fR2Ap7jp0w2xnS0J1dodxTHUip+/lSKMbe4M1Xl2ZC
10
- 6niubXkNTrOH6nOJc46zF5IIEvSnQNRac2fuDNWQJQTN7ZVCgremx33VIcjp7HU5
11
- AEATvhEgV+wmmuG1ZH2PjlXkZSCMqUsdjtwwrtUOIfqm3AilrMP03XYwgHBhBuo/
12
- tzso80ZM5tdE2uBRdh8gUD7pZq+qt3uC1kHnOBq2LSrwBZCiD2v1v6eQxZACYSTR
13
- TYpDpknT6wwrRXfR2c23hwNgLVd+jZqaxB7NkuDNBACzpwPuYYtR5Au+LIQc2tSi
14
- dXbXXo/vlGsh5tGfg7mP3kmtgu7oXBPJwRUWmwPAqXTaqCUuCNpyiHzeKXNXB2ci
15
- gh1ss/dODO/wmJJI8GjsK/2iZ9Nsc26OwCQ98LWkfvQIePP6vP12AOfzsHO74zxA
16
- 4rjUHpuENDp4HKrkxJ5B8O0xypychNrbe70PRV4bbyuqisMWm2kRRjIkkF83BCv4
17
- Up4rq2UgtC9kJQLufkrNfAaRnKGAf4Uox86Hwz9yBV486+SRTuUu2aJxZUFgnlRR
18
- dcfCc/o8347y
2
+ MIICDTCB9qADAgECAgkA0i+ulU4TnLIwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
3
+ AwwHdGVzdC1jYTAeFw0xOTA1MjUwMTQyMzZaFw0yOTA1MjIwMTQyMzZaMBQxEjAQ
4
+ BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKiwh2oW
5
+ 7PTxGbN5oO82jxEwQ1ZVweWviU4gwAnms8RVNTYBKj/ZCuuWCGtsB91zhzrOkATt
6
+ mMTGrKHJzMGjP4ajMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgKEMBQGA1UdEQQN
7
+ MAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAColT35sqr72ge00Sm9Ww
8
+ YolLHhGcdCWXH0AnuxMUdMwUBx9tLd4CQUVSS2OYeiKigbYYgBcPelzo7Vka0mNy
9
+ /mSYW1cCDe3Lh7qKyBbf4bGKviag2KZzpOHD858BzWmX40moSxzwhh4HJoy4OsGp
10
+ QXheM3Zgv4CD4GleUerK1OsHoDnA8QLqZ0DPpCGUhb1Nfqce5+ecQHdELNqTt3hD
11
+ m7z4hc06NYoel4HQTWRt1UXQivkkrFkOiuzT6DOYF5CMy5BwPKxMlCqiE5ObxwVl
12
+ AAB9A6XGxeUa2ZJUdtAzESzm6Azy7evGh+3b/QO3rlcd7mMHHvNXl1EpX3upvhK9
13
+ LA==
19
14
  -----END CERTIFICATE-----
@@ -1,5 +1,5 @@
1
1
  -----BEGIN EC PRIVATE KEY-----
2
- MHcCAQEEIJed2ge/IS5cymZrs2yT94388aTvdzYj0A49VVCl3E2YoAoGCCqGSM49
3
- AwEHoUQDQgAEgp43C20TiOdUg+Qqr5O7yuTan7kGOYyRF/Wb4cNFwUH56cZFJGrh
4
- RRe2IVnCpAnjA+4jmr4O0nWyPGbHx4XNVA==
2
+ MHcCAQEEIHf3C/ryQ5xIBbSj+OfwSLXGFEh9WT5HbklavzjJ2aD3oAoGCCqGSM49
3
+ AwEHoUQDQgAEqLCHahbs9PEZs3mg7zaPETBDVlXB5a+JTiDACeazxFU1NgEqP9kK
4
+ 65YIa2wH3XOHOs6QBO2YxMasocnMwaM/hg==
5
5
  -----END EC PRIVATE KEY-----
@@ -1,19 +1,14 @@
1
1
  -----BEGIN CERTIFICATE-----
2
- MIIDIzCCAQugAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd0ZXN0
3
- LWNhMB4XDTE5MDUyMTIxMzE0MloXDTI5MDUxODIxMzE0MlowFDESMBAGA1UEAwwJ
4
- bG9jYWxob3N0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3fbzFYYAPdEIi8wNtYfl
5
- cjl5C5ewTn9fxP4O4Nzn47Hp0YRYC8E5z/bC4FHyKAAVO9axNSeEbtRAHkIMvzve
6
- WlWB3Em5UxTmxNBcKwt1uY0HqIeQEO8fIjeYxrTslrfMozAwLjAJBgNVHRMEAjAA
7
- MAsGA1UdDwQEAwIChDAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQEL
8
- BQADggIBAJpz6zp4yCxAHho+rurIrj5JklOcRS44r4XGtBsHMkP7NwnX3xfSdqdx
9
- aePkH29DuPd8N849lhu5FXBraHU7xzj6PVp0WZ5krCaShDEMm/CLro5U1imqCRpN
10
- g/xNfWYi+hGFeknYJFwGyWIHRcnTL+QKrtmPuXkK3Q19WJvh960kqQ3DMBYGhlUL
11
- 5E1bCKiAIiW+PP++AwQK5bzSKVTNB2tW7heznhU9lv3OOC3MuG/T48hbVaSSHV0X
12
- NNFo3U1pwvMg4/AHgvVvyT2HSuEtPgnSAC9FZ9YFprFfSk+evZoFPBQ/8BXamB2h
13
- t/MjpQGIo712plAbMyk+0rrAiAKey1P9AM6RkVHIeGETDu5lLCUDS9t6/mlAOtrt
14
- t4z5WOxqpXPLEJSLwuAIchDSHktUirBeALGkG8+ro7uwURRyrCYTNuD8lVM8Gwib
15
- 9mlsuzUs8ZDPrUX4BXnGgv2fIC+yWAlur9lSQtwcWkGkWki1d4QdjwPjV9WZ+87D
16
- LiUSsMShWS5g1npyEuIje4SvsGN5RQWAk/sBG1i9EoGIWiUzwLlNR10UAmW9uuav
17
- wkSstdu3OwRkR7wi70wN2pC7/IT6/Wow2mfRs3OhCCeg0739GzyVYCiL/geWiFri
18
- nUMBYoULATkQeCw6iXyQR2697AISn3pUW1DXBfuTRaOOn7xyE2oQ
2
+ MIICKzCCAROgAwIBAgIJAILLdBXeo7wWMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
3
+ BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDE0MjM2WhcNMjkwNTIyMDE0MjM2WjAUMRIw
4
+ EAYDVQQDDAlsb2NhbGhvc3QwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARnaVUUcy6O
5
+ TbFJyF9qTNhwH54qYGab+9hLTitZ1rDw6DL31aVmh1aOC9+Cn8yGESL26Pt7LfeU
6
+ GnexSIT0+Igmim501WjfHa+KwpWPsRqiGnIKzXy6MVTbxJdTZvJ9agmjMDAuMAkG
7
+ A1UdEwQCMAAwCwYDVR0PBAQDAgKEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkq
8
+ hkiG9w0BAQsFAAOCAQEAUJ0Av0mdfaJHF09bc77cFBcokrfkXa9dR0SEjcGIzevk
9
+ kf/dsErR9wHmDR6nmYW6dA41equDFNAEDCosRvAW0RIe4TegwSLmcnZr6w9+2gfU
10
+ yXqvaEkJsks3COZeiH6Is0SXiC6IuL3w2Y+M9IptjgqYukFz15Bv434NYup+Zr9T
11
+ Eq0dQp5p+pM/NNjRekEQOiJq4P+98D3bR689byDwkdlXkpUmvoYBXkoqqtXE22T0
12
+ cAAAVA+qj8jGVg0HH/acnpXyWZuQaG3gpY9vkyskVcGc4Q8qN9U53IpyI8QMeRJy
13
+ pGUnRLCltIIT0WyIVucvCzJ0v9M88yU8Qyx4Tm2fAg==
19
14
  -----END CERTIFICATE-----
@@ -1,6 +1,6 @@
1
1
  -----BEGIN EC PRIVATE KEY-----
2
- MIGkAgEBBDAqi/qJgcuxcTF8cNJvK+kNRvm4xnB0WFYETI3ZVFQbX1g46S40honE
3
- Vj+KoGtuN32gBwYFK4EEACKhZANiAATd9vMVhgA90QiLzA21h+VyOXkLl7BOf1/E
4
- /g7g3OfjsenRhFgLwTnP9sLgUfIoABU71rE1J4Ru1EAeQgy/O95aVYHcSblTFObE
5
- 0FwrC3W5jQeoh5AQ7x8iN5jGtOyWt8w=
2
+ MIGkAgEBBDCyZusDHIZWr1uWefvcMticNHQYSHJ456lB6z0qKQKy7HPA6k8Tp/9E
3
+ bwyyJSS7/sCgBwYFK4EEACKhZANiAARnaVUUcy6OTbFJyF9qTNhwH54qYGab+9hL
4
+ TitZ1rDw6DL31aVmh1aOC9+Cn8yGESL26Pt7LfeUGnexSIT0+Igmim501WjfHa+K
5
+ wpWPsRqiGnIKzXy6MVTbxJdTZvJ9agk=
6
6
  -----END EC PRIVATE KEY-----
@@ -1,20 +1,15 @@
1
1
  -----BEGIN CERTIFICATE-----
2
- MIIDSTCCATGgAwIBAgIBBTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd0ZXN0
3
- LWNhMB4XDTE5MDUyMTIxMzIwMFoXDTI5MDUxODIxMzIwMFowFDESMBAGA1UEAwwJ
4
- bG9jYWxob3N0MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAjVT+nUIx3UB2eR9e
5
- sjC3+oloaJARVlcjJc2f/JzvOsitJbK2/EdVyvLxt3V485p7Ljh8My/lcN2ZU9/s
6
- 6VOTfd0BWxmXsP7PfSig2sE1ELJcCdtAJlv8vrP4OW8BQInERfJ3Nf5WZIrahYVL
7
- PtAqvfkCnvVXuufeqFu3J1Yy9T/weo6jMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQD
8
- AgKEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAgEAjhUX
9
- 3YHkYs+FXZryP2iJ18QCKLUl5q3/kOOSbRyjPQTFWJa1AyyudFyLGi4JUK/0fRIm
10
- hq0Ns9h6yglVk0R7/X/rlbhF3c2kOl2ekhaJeo8RRHyuH1w49kTfXJYtNmTp+ZMB
11
- bQwAXlmmFOTArdf4j4nbVqB3fYIyGTWll7190eUu5c9gS6FYNnVniIQhTFINh5ZK
12
- pxW9w5CnUpVdRsCj1I/aFWGhDwCQap5ZDTD09HaV4xFuvnCWobSOaKfox2hmdwZk
13
- JvsGWpGwTIO9kitF1L9tc9mzJr6cc/64wIwMPkYrM68kUcZn/FBxN4SEZJ1Y6yFI
14
- wufeFP1rzVlD/9PZMDVN0Cpz1elmgo2kJSx+TxqF2LnymFfKxj4uo/aodU7MoQ5a
15
- 6RRTxIC6SQmDLpwka7L30qvzLzB0u1FzdZPvxwH3+7eJOB9O231B+K+d+lN7uMaz
16
- DsDIOa/3rLCHIZW2q48n0Bkm5HT1ZtroHI9xQMvTF8oSFUUB5tqE+owwRN/fWuyd
17
- 3GiNp8y3WpKRXvCDqaJ8BiQxjXBjrtMbBLC73lIuQqMQiPzAeeEFOIlvwQ2qKi/M
18
- pu88pahnI5th752GPv64zJsOQppe2wUuycMHgIIWX6RCgXbUod8rZOmeoYnkkjNZ
19
- rY8omp53evRvLdPE2uTEnv3y4NiEGI36Pqny30o=
2
+ MIICUTCCATmgAwIBAgIJAKkpp78+S8JUMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
3
+ BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDE0MjM2WhcNMjkwNTIyMDE0MjM2WjAUMRIw
4
+ EAYDVQQDDAlsb2NhbGhvc3QwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAA2hmEd
5
+ +V4JM974u/DSPW7uGafw5mF9XngzGU2HeIhY4vXDzt884Rt4kjpcAByAjxtbVhB9
6
+ byPwc5FN6LrZiatB+gBDIija5Fq6d1gn3nXESirdZrMyLAlykXhS7nywOx0HDCYq
7
+ 2sD0lIMZXB04kFVC+XQsLqwA5J1k87oQ3EwEjwJVzKMwMC4wCQYDVR0TBAIwADAL
8
+ BgNVHQ8EBAMCAoQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUA
9
+ A4IBAQBOUnOHUsJPNO56nvFLbIn1COnyRPo3C1BpGpV9uk6mzGuQ0jvDUhN01A5m
10
+ F/OZ4wmeOBRkzPgUbbcTeUVNtZX3V9Js6V9MFwNQjgLgYPC0soGJbexVWpg5ZEUu
11
+ ishnmsllej4cMD3XNO1UFSUzjqE0OHIYzp38wIiI7Jx4nBnFTUw4EneACbj1ZCJM
12
+ 5BP8c6522FCYgsA+97itp7sSjCYqD6u4IIwi0GhcISrn2DPwAsWhAYf5AadL5+Di
13
+ jaoKheW5xjs3jbK6w62yGkmaECKIq9kKv7d1rqdgn3FB4NP+KP6UPxPeFDaiqcr6
14
+ f8K7pV48fGr0TNhPPWwGbZEejhHF
20
15
  -----END CERTIFICATE-----
@@ -1,7 +1,7 @@
1
1
  -----BEGIN EC PRIVATE KEY-----
2
- MIHcAgEBBEIBBJjLo07KrpdNcQAg2fEyPciF6nTVIhM3vbHH9t/ym+B9Q2nD0g+u
3
- NZIL0S6x0xLdxhT94MMa961PbtD2OSuPpVegBwYFK4EEACOhgYkDgYYABACNVP6d
4
- QjHdQHZ5H16yMLf6iWhokBFWVyMlzZ/8nO86yK0lsrb8R1XK8vG3dXjzmnsuOHwz
5
- L+Vw3ZlT3+zpU5N93QFbGZew/s99KKDawTUQslwJ20AmW/y+s/g5bwFAicRF8nc1
6
- /lZkitqFhUs+0Cq9+QKe9Ve6596oW7cnVjL1P/B6jg==
2
+ MIHcAgEBBEIBpLFBw5Z/X6SoBwA8uOZczz8UB3uiQv2LpVhIp4GFOyRJKx5x3YL7
3
+ jrx2zaaIdaGFi82tJ8UEAcdEknCXkWFhKfKgBwYFK4EEACOhgYkDgYYABAA2hmEd
4
+ +V4JM974u/DSPW7uGafw5mF9XngzGU2HeIhY4vXDzt884Rt4kjpcAByAjxtbVhB9
5
+ byPwc5FN6LrZiatB+gBDIija5Fq6d1gn3nXESirdZrMyLAlykXhS7nywOx0HDCYq
6
+ 2sD0lIMZXB04kFVC+XQsLqwA5J1k87oQ3EwEjwJVzA==
7
7
  -----END EC PRIVATE KEY-----
@@ -32,6 +32,9 @@ RSpec.describe ServerHello do
32
32
  expect(message.cipher_suite).to eq CipherSuite::TLS_AES_256_GCM_SHA384
33
33
  expect(message.legacy_compression_method).to eq "\x00"
34
34
  expect(message.extensions).to be_empty
35
+ expect(message.hrr?).to be false
36
+ expect(message.appearable_extensions?).to be true
37
+ expect(message.negotiated_tls_1_3?).to be false
35
38
  end
36
39
 
37
40
  it 'should be serialized' do
@@ -57,6 +60,9 @@ RSpec.describe ServerHello do
57
60
  expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
58
61
  expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
59
62
  expect(message.legacy_compression_method).to eq "\x00"
63
+ expect(message.hrr?).to be false
64
+ expect(message.appearable_extensions?).to be true
65
+ expect(message.negotiated_tls_1_3?).to be true
60
66
  end
61
67
 
62
68
  it 'should generate valid serializable object' do
@@ -75,6 +81,8 @@ RSpec.describe ServerHello do
75
81
  expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
76
82
  expect(message.legacy_compression_method).to eq "\x00"
77
83
  expect(message.hrr?).to be true
84
+ expect(message.appearable_extensions?).to be true
85
+ expect(message.negotiated_tls_1_3?).to be true
78
86
  end
79
87
 
80
88
  it 'should generate valid serializable object' do
@@ -92,6 +100,9 @@ RSpec.describe ServerHello do
92
100
  expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
93
101
  expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
94
102
  expect(message.legacy_compression_method).to eq "\x00"
103
+ expect(message.hrr?).to be false
104
+ expect(message.appearable_extensions?).to be true
105
+ expect(message.negotiated_tls_1_3?).to be true
95
106
  end
96
107
 
97
108
  it 'should generate valid serializable object' do
@@ -123,6 +134,8 @@ RSpec.describe ServerHello do
123
134
  expect(message.legacy_compression_method).to eq "\x00"
124
135
  expect(message.extensions).to be_empty
125
136
  expect(message.hrr?).to eq true
137
+ expect(message.appearable_extensions?).to be true
138
+ expect(message.negotiated_tls_1_3?).to be false
126
139
  end
127
140
 
128
141
  it 'should be serialized' do
@@ -137,4 +150,51 @@ RSpec.describe ServerHello do
137
150
  + Extensions.new.serialize
138
151
  end
139
152
  end
153
+
154
+ context 'server_hello with random[-8..] == downgrade protection ' \
155
+ 'value(TLS 1.2)' do
156
+ let(:message) do
157
+ sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
158
+ random = OpenSSL::Random.random_bytes(24) + \
159
+ ServerHello.const_get(:DOWNGRADE_PROTECTION_TLS_1_2)
160
+ sh.instance_variable_set(:@random, random)
161
+ sh
162
+ end
163
+
164
+ it 'should check downgrade protection value' do
165
+ expect(message.negotiated_tls_1_3?).to be true
166
+ expect(message.downgraded?).to be true
167
+ end
168
+ end
169
+
170
+ context 'server_hello with random[-8..] == downgrade protection ' \
171
+ 'value(TLS 1.2)' do
172
+ let(:message) do
173
+ sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
174
+ random = OpenSSL::Random.random_bytes(24) + \
175
+ ServerHello.const_get(:DOWNGRADE_PROTECTION_TLS_1_1)
176
+ sh.instance_variable_set(:@random, random)
177
+ sh
178
+ end
179
+
180
+ it 'should check downgrade protection value' do
181
+ expect(message.negotiated_tls_1_3?).to be true
182
+ expect(message.downgraded?).to be true
183
+ end
184
+ end
185
+
186
+ context 'server_hello with supported_versions not including "\x03\x04"' do
187
+ let(:message) do
188
+ sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
189
+ extensions = sh.instance_variable_get(:@extensions)
190
+ extensions[ExtensionType::SUPPORTED_VERSIONS] = nil
191
+ sh.instance_variable_set(:@extensions, extensions)
192
+ sh
193
+ end
194
+
195
+ it 'should check downgrade protection value' do
196
+ expect(message.negotiated_tls_1_3?).to be false
197
+ expect(message.downgraded?).to be false
198
+ end
199
+ end
140
200
  end
data/spec/server_spec.rb CHANGED
@@ -14,7 +14,7 @@ RSpec.describe Server do
14
14
  + msg_len.to_uint16 \
15
15
  + TESTBINARY_CLIENT_HELLO)
16
16
  server = Server.new(mock_socket)
17
- server.send(:recv_client_hello)
17
+ server.send(:recv_client_hello, true)
18
18
  end
19
19
 
20
20
  it 'should receive ClientHello' do
@@ -31,45 +31,47 @@ RSpec.describe Server do
31
31
  )
32
32
  end
33
33
 
34
- let(:record) do
35
- mock_socket = SimpleStream.new
36
- server = Server.new(mock_socket)
37
- server.instance_variable_set(:@crt, crt)
38
- transcript = Transcript.new
39
- transcript[CH] = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
40
- server.instance_variable_set(:@transcript, transcript)
41
- cipher_suite = server.send(:select_cipher_suite)
42
- server.instance_variable_set(:@cipher_suite, cipher_suite)
34
+ let(:ch) do
35
+ ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
36
+
43
37
  # X25519 is unsupported so @named_group uses SECP256R1.
44
- server.instance_variable_set(:@named_group, NamedGroup::SECP256R1)
45
- signature_scheme = server.send(:select_signature_scheme)
46
- server.instance_variable_set(:@signature_scheme, signature_scheme)
47
- exs, _priv_key = server.send(:gen_sh_extensions)
48
- server.send(:send_server_hello, exs)
49
- Record.deserialize(mock_socket.read, Cryptograph::Passer.new)
38
+ key_share = KeyShare.new(
39
+ msg_type: HandshakeType::CLIENT_HELLO,
40
+ key_share_entry: [
41
+ KeyShareEntry.new(
42
+ group: NamedGroup::SECP256R1,
43
+ key_exchange: "\x04" + OpenSSL::Random.random_bytes(64)
44
+ )
45
+ ]
46
+ )
47
+ ch.extensions[ExtensionType::KEY_SHARE] = key_share
48
+ ch
50
49
  end
51
50
 
52
- it 'should send ServerHello' do
53
- expect(record.type).to eq ContentType::HANDSHAKE
51
+ let(:server) do
52
+ Server.new(nil)
53
+ end
54
54
 
55
- message = record.messages.first
56
- expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
57
- expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
58
- expect(message.legacy_compression_method).to eq "\x00"
55
+ it 'should select parameters' do
56
+ expect(server.send(:select_cipher_suite, ch))
57
+ .to eq CipherSuite::TLS_AES_128_GCM_SHA256
58
+ expect(server.send(:select_named_group, ch)).to eq NamedGroup::SECP256R1
59
+ expect(server.send(:select_signature_scheme, ch, crt))
60
+ .to eq SignatureScheme::RSA_PSS_RSAE_SHA256
59
61
  end
60
62
  end
61
63
 
62
64
  context 'server' do
65
+ let(:ch) do
66
+ ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
67
+ end
68
+
63
69
  let(:server) do
64
- server = Server.new(nil)
65
- transcript = Transcript.new
66
- transcript[CH] = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
67
- server.instance_variable_set(:@transcript, transcript)
68
- server
70
+ Server.new(nil)
69
71
  end
70
72
 
71
73
  it 'should generate EncryptedExtensions' do
72
- ee = server.send(:gen_encrypted_extensions)
74
+ ee = server.send(:gen_encrypted_extensions, ch)
73
75
  expect(ee).to be_a_kind_of(EncryptedExtensions)
74
76
  expect(ee.extensions).to include(ExtensionType::SERVER_NAME)
75
77
  expect(ee.extensions[ExtensionType::SERVER_NAME].server_name).to eq ''
@@ -82,17 +84,18 @@ RSpec.describe Server do
82
84
  end
83
85
 
84
86
  context 'server' do
85
- let(:server) do
86
- server = Server.new(nil)
87
- crt = OpenSSL::X509::Certificate.new(
87
+ let(:crt) do
88
+ OpenSSL::X509::Certificate.new(
88
89
  File.read(__dir__ + '/fixtures/rsa_rsa.crt')
89
90
  )
90
- server.instance_variable_set(:@crt, crt)
91
- server
91
+ end
92
+
93
+ let(:server) do
94
+ Server.new(nil)
92
95
  end
93
96
 
94
97
  it 'should generate Certificate' do
95
- ct = server.send(:gen_certificate)
98
+ ct = server.send(:gen_certificate, crt)
96
99
  expect(ct).to be_a_kind_of(Certificate)
97
100
 
98
101
  certificate_entry = ct.certificate_list.first
@@ -115,9 +118,7 @@ RSpec.describe Server do
115
118
  Certificate.deserialize(TESTBINARY_CERTIFICATE)
116
119
  end
117
120
 
118
- let(:server) do
119
- server = Server.new(nil)
120
- server.instance_variable_set(:@key, key)
121
+ let(:transcript) do
121
122
  transcript = Transcript.new
122
123
  transcript.merge!(
123
124
  CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
@@ -125,16 +126,24 @@ RSpec.describe Server do
125
126
  EE => EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS),
126
127
  CT => ct
127
128
  )
128
- server.instance_variable_set(:@transcript, transcript)
129
- server.instance_variable_set(:@cipher_suite,
130
- CipherSuite::TLS_AES_128_GCM_SHA256)
131
- server.instance_variable_set(:@signature_scheme,
132
- SignatureScheme::RSA_PSS_RSAE_SHA256)
133
- server
129
+ end
130
+
131
+ let(:cipher_suite) do
132
+ CipherSuite::TLS_AES_128_GCM_SHA256
133
+ end
134
+
135
+ let(:signature_scheme) do
136
+ SignatureScheme::RSA_PSS_RSAE_SHA256
137
+ end
138
+
139
+ let(:server) do
140
+ Server.new(nil)
134
141
  end
135
142
 
136
143
  it 'should generate CertificateVerify' do
137
- cv = server.send(:gen_certificate_verify)
144
+ digest = CipherSuite.digest(cipher_suite)
145
+ hash = transcript.hash(digest, CT)
146
+ cv = server.send(:gen_certificate_verify, key, signature_scheme, hash)
138
147
  expect(cv).to be_a_kind_of(CertificateVerify)
139
148
 
140
149
  # used RSASSA-PSS signature_scheme, salt is a random sequence.
@@ -142,19 +151,23 @@ RSpec.describe Server do
142
151
  public_key = ct.certificate_list.first.cert_data.public_key
143
152
  signature_scheme = cv.signature_scheme
144
153
  signature = cv.signature
154
+ digest = CipherSuite.digest(cipher_suite)
145
155
  expect(server.send(:do_verified_certificate_verify?,
146
156
  public_key: public_key,
147
157
  signature_scheme: signature_scheme,
148
158
  signature: signature,
149
159
  context: 'TLS 1.3, server CertificateVerify',
150
- handshake_context_end: CT))
160
+ hash: transcript.hash(digest, CT)))
151
161
  .to be true
152
162
  end
153
163
  end
154
164
 
155
165
  context 'server' do
156
- let(:server) do
157
- server = Server.new(nil)
166
+ let(:cipher_suite) do
167
+ CipherSuite::TLS_AES_128_GCM_SHA256
168
+ end
169
+
170
+ let(:transcript) do
158
171
  transcript = Transcript.new
159
172
  transcript.merge!(
160
173
  CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
@@ -163,24 +176,30 @@ RSpec.describe Server do
163
176
  CT => Certificate.deserialize(TESTBINARY_CERTIFICATE),
164
177
  CV => CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
165
178
  )
166
- server.instance_variable_set(:@transcript, transcript)
167
- ks = KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
168
- cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
169
- transcript: transcript)
170
- server.instance_variable_set(:@key_schedule, ks)
171
- server.instance_variable_set(:@cipher_suite,
172
- CipherSuite::TLS_AES_128_GCM_SHA256)
173
- server
179
+ transcript
180
+ end
181
+
182
+ let(:key_schedule) do
183
+ KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
184
+ cipher_suite: cipher_suite,
185
+ transcript: transcript)
186
+ end
187
+
188
+ let(:signature) do
189
+ server = Server.new(nil)
190
+ digest = CipherSuite.digest(cipher_suite)
191
+ server.send(:sign_finished,
192
+ digest: digest,
193
+ finished_key: key_schedule.server_finished_key,
194
+ hash: transcript.hash(digest, CV))
174
195
  end
175
196
 
176
- let(:verify_data) do
177
- Finished.deserialize(TESTBINARY_SERVER_FINISHED).verify_data
197
+ let(:sf) do
198
+ Finished.deserialize(TESTBINARY_SERVER_FINISHED)
178
199
  end
179
200
 
180
201
  it 'should generate Finished' do
181
- sf = server.send(:gen_finished)
182
- expect(sf).to be_a_kind_of(Finished)
183
- expect(sf.verify_data).to eq verify_data
202
+ expect(signature).to eq sf.verify_data
184
203
  end
185
204
  end
186
205
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tttls1.3
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - thekuwayama
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-05-23 00:00:00.000000000 Z
11
+ date: 2019-05-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -71,6 +71,7 @@ files:
71
71
  - example/https_client.rb
72
72
  - example/https_client_using_0rtt.rb
73
73
  - example/https_client_using_hrr.rb
74
+ - example/https_client_using_hrr_and_ticket.rb
74
75
  - example/https_client_using_ticket.rb
75
76
  - example/https_server.rb
76
77
  - interop/Dockerfile
@@ -143,6 +144,8 @@ files:
143
144
  - spec/fixtures/rsa_ca.key
144
145
  - spec/fixtures/rsa_rsa.crt
145
146
  - spec/fixtures/rsa_rsa.key
147
+ - spec/fixtures/rsa_rsassaPss.crt
148
+ - spec/fixtures/rsa_rsassaPss.key
146
149
  - spec/fixtures/rsa_secp256r1.crt
147
150
  - spec/fixtures/rsa_secp256r1.key
148
151
  - spec/fixtures/rsa_secp384r1.crt
@@ -214,6 +217,8 @@ test_files:
214
217
  - spec/fixtures/rsa_ca.key
215
218
  - spec/fixtures/rsa_rsa.crt
216
219
  - spec/fixtures/rsa_rsa.key
220
+ - spec/fixtures/rsa_rsassaPss.crt
221
+ - spec/fixtures/rsa_rsassaPss.key
217
222
  - spec/fixtures/rsa_secp256r1.crt
218
223
  - spec/fixtures/rsa_secp256r1.key
219
224
  - spec/fixtures/rsa_secp384r1.crt