tttls1.3 0.2.10 → 0.2.15

data/lib/tttls1.3.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'openssl'
+require 'net/http'
 require 'pp'
 require 'logger'
 

data/lib/tttls1.3/client.rb

@@ -59,6 +59,8 @@ module TTTLS13
     ticket_age_add: nil,
     ticket_timestamp: nil,
     record_size_limit: nil,
+    check_certificate_status: false,
+    process_certificate_status: nil,
     compatibility_mode: true,
     loglevel: Logger::WARN
   }.freeze
@@ -300,7 +302,8 @@ module TTTLS13
           message = recv_message(receivable_ccs: true, cipher: hs_rcipher)
           if message.msg_type == Message::HandshakeType::CERTIFICATE
             ct = transcript[CT] = message
-            terminate_invalid_certificate(ct, transcript[CH])
+            alert = check_invalid_certificate(ct, transcript[CH])
+            terminate(alert) unless alert.nil?
 
             @state = ClientState::WAIT_CV
           elsif message.msg_type == Message::HandshakeType::CERTIFICATE_REQUEST
@@ -314,7 +317,8 @@ module TTTLS13
           logger.debug('ClientState::WAIT_CERT')
 
           ct = transcript[CT] = recv_certificate(hs_rcipher)
-          terminate_invalid_certificate(ct, transcript[CH])
+          alert = check_invalid_certificate(ct, transcript[CH])
+          terminate(alert) unless alert.nil?
 
           @state = ClientState::WAIT_CV
         when ClientState::WAIT_CV
@@ -392,6 +396,53 @@ module TTTLS13
       @succeed_early_data
     end
 
+    # @param res [OpenSSL::OCSP::Response]
+    # @param cert [OpenSSL::X509::Certificate]
+    # @param chain [Array of OpenSSL::X509::Certificate, nil]
+    #
+    # @return [Boolean]
+    #
+    # @example
+    #   m = Client.method(:softfail_check_certificate_status)
+    #   Client.new(
+    #     socket,
+    #     hostname,
+    #     check_certificate_status: true,
+    #     process_certificate_status: m
+    #   )
+    def self.softfail_check_certificate_status(res, cert, chain)
+      ocsp_response = res
+      cid = OpenSSL::OCSP::CertificateId.new(cert, chain.first)
+
+      # When NOT received OCSPResponse in TLS handshake, this method will
+      # send OCSPRequest. If ocsp_uri is NOT presented in Certificate, return
+      # true. Also, if it sends OCSPRequest and does NOT receive a HTTPresponse
+      # within 2 seconds, return true.
+      if ocsp_response.nil?
+        uri = cert.ocsp_uris&.find { |u| URI::DEFAULT_PARSER.make_regexp =~ u }
+        return true if uri.nil?
+
+        begin
+          # send OCSP::Request
+          ocsp_request = gen_ocsp_request(cid)
+          Timeout.timeout(2) do
+            ocsp_response = send_ocsp_request(ocsp_request, uri)
+          end
+
+          # check nonce of OCSP::Response
+          check_nonce = ocsp_request.check_nonce(ocsp_response.basic)
+          return true unless [-1, 1].include?(check_nonce)
+        rescue StandardError
+          return true
+        end
+      end
+      return true \
+        if ocsp_response.status != OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
+
+      status = ocsp_response.basic.status.find { |s| s.first.cmp(cid) }
+      status[1] != OpenSSL::OCSP::V_CERTSTATUS_REVOKED
+    end
+
     private
 
     # @return [Boolean]
@@ -423,6 +474,9 @@ module TTTLS13
       rsl = @settings[:record_size_limit]
       return false if !rsl.nil? && (rsl < 64 || rsl > 2**14 + 1)
 
+      return false if @settings[:check_certificate_status] &&
+                      @settings[:process_certificate_status].nil?
+
       true
     end
     # rubocop: enable Metrics/AbcSize
@@ -471,9 +525,10 @@ module TTTLS13
     # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
     # rubocop: disable Metrics/AbcSize
     # rubocop: disable Metrics/CyclomaticComplexity
+    # rubocop: disable Metrics/MethodLength
     # rubocop: disable Metrics/PerceivedComplexity
     def gen_ch_extensions
-      exs = []
+      exs = Message::Extensions.new
       # server_name
       exs << Message::Extension::ServerName.new(@hostname)
 
@@ -519,10 +574,15 @@ module TTTLS13
       exs << Message::Extension::Alpn.new(@settings[:alpn].reject(&:empty?)) \
         if !@settings[:alpn].nil? && !@settings[:alpn].empty?
 
-      [Message::Extensions.new(exs), priv_keys]
+      # status_request
+      exs << Message::Extension::OCSPStatusRequest.new \
+        if @settings[:check_certificate_status]
+
+      [exs, priv_keys]
     end
     # rubocop: enable Metrics/AbcSize
     # rubocop: enable Metrics/CyclomaticComplexity
+    # rubocop: enable Metrics/MethodLength
     # rubocop: enable Metrics/PerceivedComplexity
 
     # @param extensions [TTTLS13::Message::Extensions]
@@ -611,7 +671,7 @@ module TTTLS13
     # @return [TTTLS13::Message::Extensions]
     # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
     def gen_newch_extensions(ch1, hrr)
-      exs = []
+      exs = Message::Extensions.new
       # key_share
       if hrr.extensions.include?(Message::ExtensionType::KEY_SHARE)
         group = hrr.extensions[Message::ExtensionType::KEY_SHARE]
@@ -633,7 +693,7 @@ module TTTLS13
         if hrr.extensions.include?(Message::ExtensionType::COOKIE)
 
       # early_data
-      new_exs = ch1.extensions.merge(Message::Extensions.new(exs))
+      new_exs = ch1.extensions.merge(exs)
       new_exs.delete(Message::ExtensionType::EARLY_DATA)
 
       [new_exs, priv_keys]
@@ -753,16 +813,32 @@ module TTTLS13
 
     # @param ct [TTTLS13::Message::Certificate]
     # @param ch [TTTLS13::Message::ClientHello]
-    def terminate_invalid_certificate(ct, ch)
-      terminate(:illegal_parameter) unless ct.appearable_extensions?
+    #
+    # @return [Symbol, nil] return key of ALERT_DESCRIPTION, if invalid
+    def check_invalid_certificate(ct, ch)
+      return :illegal_parameter unless ct.appearable_extensions?
 
-      terminate(:unsupported_extension) \
+      return :unsupported_extension \
         unless ct.certificate_list.map(&:extensions)
                  .all? { |e| (e.keys - ch.extensions.keys).empty? }
 
-      terminate(:certificate_unknown) \
-        unless trusted_certificate?(ct.certificate_list,
-                                    @settings[:ca_file], @hostname)
+      return :certificate_unknown unless trusted_certificate?(
+        ct.certificate_list,
+        @settings[:ca_file],
+        @hostname
+      )
+
+      if @settings[:check_certificate_status]
+        ee = ct.certificate_list.first
+        ocsp_response = ee.extensions[Message::ExtensionType::STATUS_REQUEST]
+                         &.ocsp_response
+        cert = ee.cert_data
+        chain = ct.certificate_list[1..]&.map(&:cert_data)
+        return :bad_certificate_status_response \
+          unless satisfactory_certificate_status?(ocsp_response, cert, chain)
+      end
+
+      nil
     end
 
     # @param ct [TTTLS13::Message::Certificate]
@@ -784,6 +860,15 @@ module TTTLS13
       )
     end
 
+    # @param ocsp_response [OpenSSL::OCSP::Response]
+    # @param cert [OpenSSL::X509::Certificate]
+    # @param chain [Array of OpenSSL::X509::Certificate, nil]
+    #
+    # @return [Boolean]
+    def satisfactory_certificate_status?(ocsp_response, cert, chain)
+      @settings[:process_certificate_status]&.call(ocsp_response, cert, chain)
+    end
+
     # @param nst [TTTLS13::Message::NewSessionTicket]
     #
     # @raise [TTTLS13::Error::ErrorAlerts]

data/lib/tttls1.3/connection.rb

@@ -273,7 +273,7 @@ module TTTLS13
 
       # Received a protected ccs, peer MUST abort the handshake.
       if record.type == Message::ContentType::APPLICATION_DATA &&
-         record.messages.first.is_a?(Message::ChangeCipherSpec)
+         record.messages.any? { |m| m.is_a?(Message::ChangeCipherSpec) }
         terminate(:unexpected_message)
       end
 
@@ -474,8 +474,10 @@ module TTTLS13
     #
     # @return [Boolean]
     def trusted_certificate?(certificate_list, ca_file = nil, hostname = nil)
-      cert_bin = certificate_list.first.cert_data
-      cert = OpenSSL::X509::Certificate.new(cert_bin)
+      chain = certificate_list.map(&:cert_data).map do |c|
+        OpenSSL::X509::Certificate.new(c)
+      end
+      cert = chain.shift
 
       # not support CN matching, only support SAN matching
       return false if !hostname.nil? && !matching_san?(cert, hostname)
@@ -483,9 +485,6 @@ module TTTLS13
       store = OpenSSL::X509::Store.new
       store.set_default_paths
       store.add_file(ca_file) unless ca_file.nil?
-      chain = certificate_list[1..].map(&:cert_data).map do |c|
-        OpenSSL::X509::Certificate.new(c)
-      end
       # TODO: parse authorityInfoAccess::CA Issuers
       ctx = OpenSSL::X509::StoreContext.new(store, cert, chain)
       now = Time.now
@@ -515,22 +514,22 @@ module TTTLS13
     def do_select_signature_algorithms(signature_algorithms, crt)
       spki = OpenSSL::Netscape::SPKI.new
       spki.public_key = crt.public_key
-      oid_str = spki.to_text.split("\n")
-                    .find { |l| l.include?('Public Key Algorithm:') }
+      pka = OpenSSL::ASN1.decode(spki.to_der)
+                         .value.first.value.first.value.first.value.first.value
       signature_algorithms.select do |sa|
         case sa
         when SignatureScheme::ECDSA_SECP256R1_SHA256,
              SignatureScheme::ECDSA_SECP384R1_SHA384,
              SignatureScheme::ECDSA_SECP521R1_SHA512
-          oid_str.include?('id-ecPublicKey')
+          pka == 'id-ecPublicKey'
         when SignatureScheme::RSA_PSS_PSS_SHA256,
              SignatureScheme::RSA_PSS_PSS_SHA384,
              SignatureScheme::RSA_PSS_PSS_SHA512
-          oid_str.include?('rsassaPss')
+          pka == 'rsassaPss'
         when SignatureScheme::RSA_PSS_RSAE_SHA256,
              SignatureScheme::RSA_PSS_RSAE_SHA384,
              SignatureScheme::RSA_PSS_RSAE_SHA512
-          oid_str.include?('rsaEncryption')
+          pka == 'rsaEncryption'
         else
           # RSASSA-PKCS1-v1_5 algorithms refer solely to signatures which appear
           # in certificates and are not defined for use in signed TLS handshake
@@ -539,6 +538,40 @@ module TTTLS13
         end
       end
     end
+
+    class << self
+      # @param cid [OpenSSL::OCSP::CertificateId]
+      #
+      # @return [OpenSSL::OCSP::Request]
+      def gen_ocsp_request(cid)
+        ocsp_request = OpenSSL::OCSP::Request.new
+        ocsp_request.add_certid(cid)
+        ocsp_request.add_nonce
+        ocsp_request
+      end
+
+      # @param ocsp_request [OpenSSL::OCSP::Request]
+      # @param uri_string [String]
+      #
+      # @raise [Net::OpenTimeout, OpenSSL::OCSP::OCSPError, URI::$Exception]
+      #
+      # @return [OpenSSL::OCSP::Response, n
+      def send_ocsp_request(ocsp_request, uri_string)
+        # send HTTP POST
+        uri = URI.parse(uri_string)
+        path = uri.path
+        path = '/' if path.nil? || path.empty?
+        http_response = Net::HTTP.start(uri.host, uri.port) do |http|
+          http.post(
+            path,
+            ocsp_request.to_der,
+            'content-type' => 'application/ocsp-request'
+          )
+        end
+
+        OpenSSL::OCSP::Response.new(http_response.body)
+      end
+    end
   end
   # rubocop: enable Metrics/ClassLength
 end

data/lib/tttls1.3/cryptograph.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-Dir[File.dirname(__FILE__) + '/cryptograph/*.rb'].each { |f| require f }
+Dir[File.dirname(__FILE__) + '/cryptograph/*.rb'].sort.each { |f| require f }

data/lib/tttls1.3/cryptograph/aead.rb

@@ -44,8 +44,7 @@ module TTTLS13
       #
       # @return [String]
       def encrypt(content, type)
-        reset_cipher
-        cipher = @cipher.encrypt
+        cipher = reset_cipher
         plaintext = content + type + "\x00" * @length_of_padding
         cipher.auth_data = additional_data(plaintext.length)
         encrypted_data = cipher.update(plaintext) + cipher.final
@@ -66,8 +65,7 @@ module TTTLS13
       # @return [String]
       # @return [TTTLS13::Message::ContentType]
       def decrypt(encrypted_record, auth_data)
-        reset_cipher
-        decipher = @cipher.decrypt
+        decipher = reset_decipher
         auth_tag = encrypted_record[-@auth_tag_len..-1]
         decipher.auth_tag = auth_tag
         decipher.auth_data = auth_data # record header of TLSCiphertext
@@ -105,11 +103,26 @@ module TTTLS13
         + ciphertext_len.to_uint16
       end
 
+      # @return [OpenSSL::Cipher]
       def reset_cipher
-        @cipher.reset
-        @cipher.key = @write_key
+        cipher = @cipher.encrypt
+        cipher.reset
+        cipher.key = @write_key
         iv_len = CipherSuite.iv_len(@cipher_suite)
-        @cipher.iv = @sequence_number.xor(@write_iv, iv_len)
+        cipher.iv = @sequence_number.xor(@write_iv, iv_len)
+
+        cipher
+      end
+
+      # @return [OpenSSL::Cipher]
+      def reset_decipher
+        decipher = @cipher.decrypt
+        decipher.reset
+        decipher.key = @write_key
+        iv_len = CipherSuite.iv_len(@cipher_suite)
+        decipher.iv = @sequence_number.xor(@write_iv, iv_len)
+
+        decipher
       end
 
       # @param clear [String]

data/lib/tttls1.3/message.rb

@@ -78,4 +78,4 @@ module TTTLS13
   end
 end
 
-Dir[File.dirname(__FILE__) + '/message/*.rb'].each { |f| require f }
+Dir[File.dirname(__FILE__) + '/message/*.rb'].sort.each { |f| require f }

data/lib/tttls1.3/message/alert.rb

@@ -8,7 +8,7 @@ module TTTLS13
       FATAL   = "\x02"
     end
 
-    # rubocop: disable Layout/AlignHash
+    # rubocop: disable Layout/HashAlignment
     ALERT_DESCRIPTION = {
       close_notify:                    "\x00",
       unexpected_message:              "\x0a",
@@ -38,7 +38,7 @@ module TTTLS13
       certificate_required:            "\x74",
       no_application_protocol:         "\x78"
     }.freeze
-    # rubocop: enable Layout/AlignHash
+    # rubocop: enable Layout/HashAlignment
 
     class Alert
       attr_reader :level

data/lib/tttls1.3/message/extension/signature_algorithms.rb

@@ -44,8 +44,8 @@ module TTTLS13
         #
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
-        # @return [TTTLS13::Message::Extensions::SignatureAlgorithms, nil]
-        def self.deserialize(binary)
+        # @return [Array of SignatureScheme]
+        def self.deserialize_supported_signature_algorithms(binary)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
 
           return nil if binary.length < 2
@@ -61,7 +61,17 @@ module TTTLS13
           end
           return nil unless ssa_len + 2 == binary.length
 
-          SignatureAlgorithms.new(supported_signature_algorithms)
+          supported_signature_algorithms
+        end
+
+        # @param binary [String]
+        #
+        # @return [TTTLS13::Message::Extensions::SignatureAlgorithms, nil]
+        def self.deserialize(binary)
+          ssa = deserialize_supported_signature_algorithms(binary)
+          return nil if ssa.nil?
+
+          SignatureAlgorithms.new(ssa)
         end
       end
     end

data/lib/tttls1.3/message/extension/signature_algorithms_cert.rb

@@ -13,11 +13,12 @@ module TTTLS13
 
         # @param binary [String]
         #
-        # @return [TTTLS13::Message::Extensions::SignatureAlgorithmsCert]
+        # @return [TTTLS13::Message::Extensions::SignatureAlgorithmsCert, nil]
         def self.deserialize(binary)
-          extension = SignatureAlgorithms.deserialize(binary)
-          extension.extension_type = ExtensionType::SIGNATURE_ALGORITHMS_CERT
-          extension
+          ssa = deserialize_supported_signature_algorithms(binary)
+          return nil if ssa.nil?
+
+          SignatureAlgorithmsCert.new(ssa)
         end
       end
     end

data/lib/tttls1.3/message/extension/status_request.rb

@@ -9,23 +9,20 @@ module TTTLS13
         OCSP = "\x01"
       end
 
-      class StatusRequest
+      class OCSPStatusRequest
         attr_reader :extension_type
         attr_reader :responder_id_list
         attr_reader :request_extensions
 
-        # @param responder_id_list [Array of String]
-        # @param request_extensions [String]
+        # @param responder_id_list [Array of OpenSSL::ASN1::ASN1Data]
+        # @param request_extensions [Array of OpenSSL::ASN1::ASN1Data]
         #
         # @example
-        #   StatusRequest.new(
-        #       responder_id_list: [],
-        #       request_extensions: []
-        #   )
-        def initialize(responder_id_list: [], request_extensions: '')
+        #   OCSPStatusRequest.new
+        def initialize(responder_id_list: [], request_extensions: [])
           @extension_type = ExtensionType::STATUS_REQUEST
           @responder_id_list = responder_id_list || []
-          @request_extensions = request_extensions || ''
+          @request_extensions = request_extensions || []
         end
 
         # @return [String]
@@ -34,9 +31,9 @@ module TTTLS13
           binary += CertificateStatusType::OCSP
           binary += @responder_id_list.length.to_uint16
           binary += @responder_id_list.map do |id|
-            id.length.to_uint16 + id
+            id.to_der.prefix_uint16_length
           end.join
-          binary += @request_extensions.prefix_uint16_length
+          binary += @request_extensions.map(&:to_der).join.prefix_uint16_length
 
           @extension_type + binary.prefix_uint16_length
         end
@@ -45,8 +42,9 @@ module TTTLS13
         #
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
-        # @return [TTTLS13::Message::Extension::StatusRequest, nil]
+        # @return [TTTLS13::Message::Extension::OCSPStatusRequest, nil]
         # rubocop: disable Metrics/CyclomaticComplexity
+        # rubocop: disable Metrics/PerceivedComplexity
         def self.deserialize(binary)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
           return nil if binary.length < 5 ||
@@ -64,14 +62,20 @@ module TTTLS13
 
           re_len = Convert.bin2i(binary.slice(i, 2))
           i += 2
-          request_extensions = binary.slice(i, re_len)
+          exs_bin = binary.slice(i, re_len)
+          begin
+            request_extensions = OpenSSL::ASN1.decode_all(exs_bin)
+          rescue OpenSSL::ASN1::ASN1Error
+            return nil
+          end
           i += re_len
           return nil unless i == binary.length
 
-          StatusRequest.new(responder_id_list: responder_id_list,
-                            request_extensions: request_extensions)
+          OCSPStatusRequest.new(responder_id_list: responder_id_list,
+                                request_extensions: request_extensions)
         end
         # rubocop: enable Metrics/CyclomaticComplexity
+        # rubocop: enable Metrics/PerceivedComplexity
 
         class << self
           private
@@ -80,7 +84,7 @@ module TTTLS13
           #
           # @raise [TTTLS13::Error::ErrorAlerts]
           #
-          # @return [Array of String, nil] received unparsable binary, nil
+          # @return [Array of ASN1Data, nil] received unparsable binary, nil
           def deserialize_request_ids(binary)
             raise Error::ErrorAlerts, :internal_error if binary.nil?
 
@@ -92,7 +96,11 @@ module TTTLS13
               id_len = Convert.bin2i(binary.slice(i, 2))
               i += 2
               id = binary.slice(i, id_len)
-              request_ids += id
+              begin
+                request_ids += OpenSSL::ASN1.decode(id)
+              rescue OpenSSL::ASN1::ASN1Error
+                return nil
+              end
               i += id_len
             end
             return nil if i != binary.length
@@ -101,6 +109,54 @@ module TTTLS13
           end
         end
       end
+
+      class OCSPResponse
+        attr_reader :extension_type
+        attr_reader :ocsp_response
+
+        # @param ocsp_response [OpenSSL::OCSP::Response]
+        #
+        # @example
+        #   OCSPResponse.new(
+        #     OpenSSL::OCSP::Response.create(status, basic_resp)
+        #   )
+        def initialize(ocsp_response)
+          @extension_type = ExtensionType::STATUS_REQUEST
+          @ocsp_response = ocsp_response
+        end
+
+        # @return [String]
+        def serialize
+          binary = ''
+          binary += CertificateStatusType::OCSP
+          binary += @ocsp_response.to_der.prefix_uint24_length
+
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extension::OCSPResponse, nil]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+          return nil if binary.length < 4 ||
+                        binary[0] != CertificateStatusType::OCSP
+
+          res_len = Convert.bin2i(binary.slice(1, 3))
+          res = binary.slice(4, res_len)
+          ocsp_response = nil
+          begin
+            ocsp_response = OpenSSL::OCSP::Response.new(res)
+          rescue OpenSSL::OCSP::OCSPError
+            return nil
+          end
+          return nil if 4 + res_len != binary.length
+
+          OCSPResponse.new(ocsp_response)
+        end
+      end
     end
   end
 end