tttls1.3 0.2.10 → 0.2.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +32 -0
- data/.rubocop.yml +6 -3
- data/Gemfile +3 -4
- data/README.md +5 -1
- data/Rakefile +66 -7
- data/example/helper.rb +3 -3
- data/example/https_client.rb +1 -1
- data/example/https_client_using_0rtt.rb +3 -3
- data/example/https_client_using_hrr.rb +1 -1
- data/example/https_client_using_hrr_and_ticket.rb +2 -2
- data/example/https_client_using_status_request.rb +31 -0
- data/example/https_client_using_ticket.rb +2 -2
- data/example/https_server.rb +3 -2
- data/interop/client_spec.rb +6 -6
- data/interop/server_spec.rb +6 -6
- data/lib/tttls1.3.rb +1 -0
- data/lib/tttls1.3/client.rb +97 -12
- data/lib/tttls1.3/connection.rb +44 -11
- data/lib/tttls1.3/cryptograph.rb +1 -1
- data/lib/tttls1.3/cryptograph/aead.rb +20 -7
- data/lib/tttls1.3/message.rb +1 -1
- data/lib/tttls1.3/message/alert.rb +2 -2
- data/lib/tttls1.3/message/extension/signature_algorithms.rb +13 -3
- data/lib/tttls1.3/message/extension/signature_algorithms_cert.rb +5 -4
- data/lib/tttls1.3/message/extension/status_request.rb +73 -17
- data/lib/tttls1.3/message/extensions.rb +33 -11
- data/lib/tttls1.3/server.rb +40 -13
- data/lib/tttls1.3/utils.rb +15 -0
- data/lib/tttls1.3/version.rb +1 -1
- data/spec/extensions_spec.rb +16 -0
- data/spec/fixtures/rsa_rsa.crt +15 -15
- data/spec/fixtures/rsa_rsa.key +25 -25
- data/spec/fixtures/rsa_rsa_ocsp.crt +18 -0
- data/spec/fixtures/rsa_rsa_ocsp.key +27 -0
- data/spec/server_hello_spec.rb +1 -1
- data/spec/signature_algorithms_cert_spec.rb +4 -0
- data/spec/signature_algorithms_spec.rb +4 -0
- data/spec/spec_helper.rb +35 -1
- data/spec/status_request_spec.rb +77 -10
- data/tttls1.3.gemspec +0 -1
- metadata +12 -7
- data/.github/workflows/main.yml +0 -25
@@ -24,6 +24,8 @@ RSpec.describe SignatureAlgorithms do
|
|
24
24
|
end
|
25
25
|
|
26
26
|
it 'should be generated' do
|
27
|
+
expect(extension).to be_a(SignatureAlgorithms)
|
28
|
+
|
27
29
|
expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
|
28
30
|
expect(extension.supported_signature_algorithms)
|
29
31
|
.to eq supported_signature_algorithms
|
@@ -76,6 +78,8 @@ RSpec.describe SignatureAlgorithms do
|
|
76
78
|
end
|
77
79
|
|
78
80
|
it 'should generate valid object' do
|
81
|
+
expect(extension).to be_a(SignatureAlgorithms)
|
82
|
+
|
79
83
|
expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
|
80
84
|
expect(extension.supported_signature_algorithms)
|
81
85
|
.to eq supported_signature_algorithms
|
data/spec/spec_helper.rb
CHANGED
@@ -4,6 +4,7 @@
|
|
4
4
|
RSpec.configure(&:disable_monkey_patching!)
|
5
5
|
|
6
6
|
# rubocop: disable Style/MixinUsage
|
7
|
+
require 'date'
|
7
8
|
require 'tttls1.3'
|
8
9
|
include TTTLS13
|
9
10
|
include TTTLS13::Error
|
@@ -41,10 +42,43 @@ TESTBINARY_SERVER_NAME = <<BIN.split.map(&:hex).map(&:chr).join
|
|
41
42
|
00 0d 00 00 0a 67 69 74 68 75 62 2e 63 6f 6d
|
42
43
|
BIN
|
43
44
|
|
44
|
-
|
45
|
+
TESTBINARY_OCSP_STATUS_REQUEST = <<BIN.split.map(&:hex).map(&:chr).join
|
45
46
|
01 00 00 00 00
|
46
47
|
BIN
|
47
48
|
|
49
|
+
TESTBINARY_OCSP_RESPONSE = <<BIN.split.map(&:hex).map(&:chr).join
|
50
|
+
01 00 01 d0 30 82 01 cc 0a 01 00 a0 82 01 c5 30
|
51
|
+
82 01 c1 06 09 2b 06 01 05 05 07 30 01 01 04 82
|
52
|
+
01 b2 30 82 01 ae 30 81 97 a1 16 30 14 31 12 30
|
53
|
+
10 06 03 55 04 03 0c 09 74 65 73 74 2d 6f 63 73
|
54
|
+
70 18 0f 32 30 31 39 31 31 32 38 32 30 34 32 32
|
55
|
+
38 5a 30 6c 30 6a 30 42 30 09 06 05 2b 0e 03 02
|
56
|
+
1a 05 00 04 14 71 02 ca 0e ca 3e be d8 31 e6 37
|
57
|
+
40 80 9e 37 f6 da 9f a5 27 04 14 ac c2 63 89 fe
|
58
|
+
4d c6 08 1f 1f 4d 77 9e 12 7a bf 32 b6 d6 12 02
|
59
|
+
09 00 cf 1a 4c 8a cc cc 78 33 80 00 18 0f 32 30
|
60
|
+
31 39 31 31 32 38 32 30 34 32 32 38 5a a0 11 18
|
61
|
+
0f 32 30 32 39 31 31 32 38 32 30 34 32 32 38 5a
|
62
|
+
30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03
|
63
|
+
82 01 01 00 42 90 e2 2f f0 25 3b cf 11 75 56 83
|
64
|
+
c2 dc 10 d1 e8 d3 74 67 9e df db 0e 03 36 9f 64
|
65
|
+
48 61 8b 50 ca 2c dd fc 82 5b 52 d5 9b 06 64 86
|
66
|
+
70 08 c2 0b ca c9 50 b8 42 42 19 80 8f 6e f0 42
|
67
|
+
92 ac 67 4f 74 fa 2a d2 f4 2f 82 15 11 71 4b bd
|
68
|
+
54 d0 21 fb 0a 91 d3 ba 67 5e cb 7d b2 e6 a2 da
|
69
|
+
30 3d b3 92 3d a9 4e 2c f6 4a 0b 22 96 b2 1d 06
|
70
|
+
c3 0a c7 41 5f 9e 22 c0 e0 3f 52 cc ff be dd 52
|
71
|
+
80 3f 68 36 ce c0 02 df ae ab 96 a9 be d8 51 b2
|
72
|
+
bd ec f9 e7 98 5e 8a 77 69 b6 f1 60 19 49 f0 58
|
73
|
+
26 70 2f 7b 19 cc d0 13 9e 9c ed 8a 5c 87 34 4c
|
74
|
+
fd bd 0f 41 3f 5c d8 1e 26 ce bb dd 17 a7 a4 37
|
75
|
+
8f d8 19 39 5b c9 17 18 ca c3 7a eb 5d e7 ba a1
|
76
|
+
12 23 d6 cb 22 0e e1 bf 9e 40 9b e3 5c b5 6b e3
|
77
|
+
aa 6e 93 56 4f da da a1 c6 79 13 9d 5c d6 87 2b
|
78
|
+
f7 6a 0f fc 2c 03 b2 41 c4 90 b8 3d 50 1c 8a 9b
|
79
|
+
11 1b 41 83
|
80
|
+
BIN
|
81
|
+
|
48
82
|
TESTBINARY_SUPPORTED_GROUPS = <<BIN.split.map(&:hex).map(&:chr).join
|
49
83
|
00 06 00 17 00 18 00 19
|
50
84
|
BIN
|
data/spec/status_request_spec.rb
CHANGED
@@ -4,10 +4,10 @@
|
|
4
4
|
require_relative 'spec_helper'
|
5
5
|
using Refinements
|
6
6
|
|
7
|
-
RSpec.describe
|
8
|
-
context 'default
|
7
|
+
RSpec.describe OCSPStatusRequest do
|
8
|
+
context 'default OCSPStatusRequest' do
|
9
9
|
let(:extension) do
|
10
|
-
|
10
|
+
OCSPStatusRequest.new
|
11
11
|
end
|
12
12
|
|
13
13
|
it 'should be generated' do
|
@@ -21,9 +21,9 @@ RSpec.describe StatusRequest do
|
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
24
|
-
context 'valid
|
24
|
+
context 'valid OCSPStatusRequest' do
|
25
25
|
let(:extension) do
|
26
|
-
|
26
|
+
OCSPStatusRequest.new(responder_id_list: [], request_extensions: [])
|
27
27
|
end
|
28
28
|
|
29
29
|
it 'should be generated' do
|
@@ -37,9 +37,9 @@ RSpec.describe StatusRequest do
|
|
37
37
|
end
|
38
38
|
end
|
39
39
|
|
40
|
-
context 'valid
|
40
|
+
context 'valid OCSPStatusRequest, 0 length request ' do
|
41
41
|
let(:extension) do
|
42
|
-
|
42
|
+
OCSPStatusRequest.new(responder_id_list: nil, request_extensions: nil)
|
43
43
|
end
|
44
44
|
|
45
45
|
it 'should be generated' do
|
@@ -53,9 +53,9 @@ RSpec.describe StatusRequest do
|
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
56
|
-
context 'valid
|
56
|
+
context 'valid OCSPStatusRequest binary' do
|
57
57
|
let(:extension) do
|
58
|
-
|
58
|
+
OCSPStatusRequest.deserialize(TESTBINARY_OCSP_STATUS_REQUEST)
|
59
59
|
end
|
60
60
|
|
61
61
|
it 'should generate valid object' do
|
@@ -67,7 +67,74 @@ RSpec.describe StatusRequest do
|
|
67
67
|
it 'should generate serializable object' do
|
68
68
|
expect(extension.serialize)
|
69
69
|
.to eq ExtensionType::STATUS_REQUEST \
|
70
|
-
+
|
70
|
+
+ TESTBINARY_OCSP_STATUS_REQUEST.prefix_uint16_length
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
RSpec.describe OCSPResponse do
|
76
|
+
context 'valid OCSPResponse whose status is good' do
|
77
|
+
let(:basic_resp) do
|
78
|
+
server_crt = OpenSSL::X509::Certificate.new(
|
79
|
+
File.read(__dir__ + '/fixtures/rsa_rsa.crt')
|
80
|
+
)
|
81
|
+
ca_crt = OpenSSL::X509::Certificate.new(
|
82
|
+
File.read(__dir__ + '/fixtures/rsa_ca.crt')
|
83
|
+
)
|
84
|
+
ocsp_crt = OpenSSL::X509::Certificate.new(
|
85
|
+
File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.crt')
|
86
|
+
)
|
87
|
+
ocsp_key = OpenSSL::PKey.read(
|
88
|
+
File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.key')
|
89
|
+
)
|
90
|
+
|
91
|
+
br = OpenSSL::OCSP::BasicResponse.new
|
92
|
+
cid = OpenSSL::OCSP::CertificateId.new(server_crt, ca_crt)
|
93
|
+
br.add_status(
|
94
|
+
cid,
|
95
|
+
OpenSSL::OCSP::V_CERTSTATUS_GOOD,
|
96
|
+
0,
|
97
|
+
nil,
|
98
|
+
Time.now,
|
99
|
+
DateTime.now.next_day(1).to_time,
|
100
|
+
[]
|
101
|
+
)
|
102
|
+
br.sign(ocsp_crt, ocsp_key)
|
103
|
+
br
|
104
|
+
end
|
105
|
+
|
106
|
+
let(:ocsp_response) do
|
107
|
+
OpenSSL::OCSP::Response.create(
|
108
|
+
OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL,
|
109
|
+
basic_resp
|
110
|
+
)
|
111
|
+
end
|
112
|
+
|
113
|
+
let(:extension) do
|
114
|
+
OCSPResponse.new(ocsp_response)
|
115
|
+
end
|
116
|
+
|
117
|
+
it 'should be generated' do
|
118
|
+
expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
|
119
|
+
expect(extension.ocsp_response).to eq ocsp_response
|
120
|
+
end
|
121
|
+
|
122
|
+
it 'should be serialized' do
|
123
|
+
binary = CertificateStatusType::OCSP \
|
124
|
+
+ ocsp_response.to_der.prefix_uint24_length
|
125
|
+
|
126
|
+
expect(extension.serialize).to eq ExtensionType::STATUS_REQUEST \
|
127
|
+
+ binary.prefix_uint16_length
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
context 'valid OCSPResponse binary' do
|
132
|
+
let(:extension) do
|
133
|
+
OCSPResponse.deserialize(TESTBINARY_OCSP_RESPONSE)
|
134
|
+
end
|
135
|
+
|
136
|
+
it 'should generate valid object' do
|
137
|
+
expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
|
71
138
|
end
|
72
139
|
end
|
73
140
|
end
|
data/tttls1.3.gemspec
CHANGED
@@ -16,7 +16,6 @@ Gem::Specification.new do |spec|
|
|
16
16
|
spec.required_ruby_version = '>=2.6.1'
|
17
17
|
|
18
18
|
spec.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
|
19
|
-
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
20
19
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
21
20
|
spec.require_paths = ['lib']
|
22
21
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tttls1.3
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.15
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- thekuwayama
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-11-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -59,7 +59,7 @@ executables: []
|
|
59
59
|
extensions: []
|
60
60
|
extra_rdoc_files: []
|
61
61
|
files:
|
62
|
-
- ".github/workflows/
|
62
|
+
- ".github/workflows/ci.yml"
|
63
63
|
- ".gitignore"
|
64
64
|
- ".rspec"
|
65
65
|
- ".rubocop.yml"
|
@@ -73,6 +73,7 @@ files:
|
|
73
73
|
- example/https_client_using_0rtt.rb
|
74
74
|
- example/https_client_using_hrr.rb
|
75
75
|
- example/https_client_using_hrr_and_ticket.rb
|
76
|
+
- example/https_client_using_status_request.rb
|
76
77
|
- example/https_client_using_ticket.rb
|
77
78
|
- example/https_server.rb
|
78
79
|
- interop/client_spec.rb
|
@@ -144,6 +145,8 @@ files:
|
|
144
145
|
- spec/fixtures/rsa_ca.key
|
145
146
|
- spec/fixtures/rsa_rsa.crt
|
146
147
|
- spec/fixtures/rsa_rsa.key
|
148
|
+
- spec/fixtures/rsa_rsa_ocsp.crt
|
149
|
+
- spec/fixtures/rsa_rsa_ocsp.key
|
147
150
|
- spec/fixtures/rsa_rsassaPss.crt
|
148
151
|
- spec/fixtures/rsa_rsassaPss.key
|
149
152
|
- spec/fixtures/rsa_secp256r1.crt
|
@@ -176,7 +179,7 @@ homepage: https://github.com/thekuwayama/tttls1.3
|
|
176
179
|
licenses:
|
177
180
|
- MIT
|
178
181
|
metadata: {}
|
179
|
-
post_install_message:
|
182
|
+
post_install_message:
|
180
183
|
rdoc_options: []
|
181
184
|
require_paths:
|
182
185
|
- lib
|
@@ -191,8 +194,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
191
194
|
- !ruby/object:Gem::Version
|
192
195
|
version: '0'
|
193
196
|
requirements: []
|
194
|
-
rubygems_version: 3.
|
195
|
-
signing_key:
|
197
|
+
rubygems_version: 3.1.2
|
198
|
+
signing_key:
|
196
199
|
specification_version: 4
|
197
200
|
summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
|
198
201
|
test_files:
|
@@ -217,6 +220,8 @@ test_files:
|
|
217
220
|
- spec/fixtures/rsa_ca.key
|
218
221
|
- spec/fixtures/rsa_rsa.crt
|
219
222
|
- spec/fixtures/rsa_rsa.key
|
223
|
+
- spec/fixtures/rsa_rsa_ocsp.crt
|
224
|
+
- spec/fixtures/rsa_rsa_ocsp.key
|
220
225
|
- spec/fixtures/rsa_rsassaPss.crt
|
221
226
|
- spec/fixtures/rsa_rsassaPss.key
|
222
227
|
- spec/fixtures/rsa_secp256r1.crt
|
data/.github/workflows/main.yml
DELETED
@@ -1,25 +0,0 @@
|
|
1
|
-
name: workflow
|
2
|
-
|
3
|
-
on:
|
4
|
-
push:
|
5
|
-
branches:
|
6
|
-
- master
|
7
|
-
pull_request:
|
8
|
-
branches:
|
9
|
-
- '*'
|
10
|
-
|
11
|
-
jobs:
|
12
|
-
ci:
|
13
|
-
runs-on: ubuntu-latest
|
14
|
-
steps:
|
15
|
-
- uses: actions/checkout@v1
|
16
|
-
- uses: actions/setup-ruby@v1
|
17
|
-
- uses: thekuwayama/openssl@master
|
18
|
-
with:
|
19
|
-
ruby-version: '2.6.x'
|
20
|
-
- run: gem install bundler
|
21
|
-
- run: bundle install
|
22
|
-
- run: docker pull thekuwayama/openssl
|
23
|
-
- run: bundle exec rake
|
24
|
-
- run: bundle exec rake interop:client
|
25
|
-
- run: bundle exec rake interop:server
|