tttls1.3 0.2.10 → 0.2.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +32 -0
- data/.rubocop.yml +6 -3
- data/Gemfile +3 -4
- data/README.md +5 -1
- data/Rakefile +66 -7
- data/example/helper.rb +3 -3
- data/example/https_client.rb +1 -1
- data/example/https_client_using_0rtt.rb +3 -3
- data/example/https_client_using_hrr.rb +1 -1
- data/example/https_client_using_hrr_and_ticket.rb +2 -2
- data/example/https_client_using_status_request.rb +31 -0
- data/example/https_client_using_ticket.rb +2 -2
- data/example/https_server.rb +3 -2
- data/interop/client_spec.rb +6 -6
- data/interop/server_spec.rb +6 -6
- data/lib/tttls1.3.rb +1 -0
- data/lib/tttls1.3/client.rb +97 -12
- data/lib/tttls1.3/connection.rb +44 -11
- data/lib/tttls1.3/cryptograph.rb +1 -1
- data/lib/tttls1.3/cryptograph/aead.rb +20 -7
- data/lib/tttls1.3/message.rb +1 -1
- data/lib/tttls1.3/message/alert.rb +2 -2
- data/lib/tttls1.3/message/extension/signature_algorithms.rb +13 -3
- data/lib/tttls1.3/message/extension/signature_algorithms_cert.rb +5 -4
- data/lib/tttls1.3/message/extension/status_request.rb +73 -17
- data/lib/tttls1.3/message/extensions.rb +33 -11
- data/lib/tttls1.3/server.rb +40 -13
- data/lib/tttls1.3/utils.rb +15 -0
- data/lib/tttls1.3/version.rb +1 -1
- data/spec/extensions_spec.rb +16 -0
- data/spec/fixtures/rsa_rsa.crt +15 -15
- data/spec/fixtures/rsa_rsa.key +25 -25
- data/spec/fixtures/rsa_rsa_ocsp.crt +18 -0
- data/spec/fixtures/rsa_rsa_ocsp.key +27 -0
- data/spec/server_hello_spec.rb +1 -1
- data/spec/signature_algorithms_cert_spec.rb +4 -0
- data/spec/signature_algorithms_spec.rb +4 -0
- data/spec/spec_helper.rb +35 -1
- data/spec/status_request_spec.rb +77 -10
- data/tttls1.3.gemspec +0 -1
- metadata +12 -7
- data/.github/workflows/main.yml +0 -25
@@ -24,6 +24,8 @@ RSpec.describe SignatureAlgorithms do
|
|
24
24
|
end
|
25
25
|
|
26
26
|
it 'should be generated' do
|
27
|
+
expect(extension).to be_a(SignatureAlgorithms)
|
28
|
+
|
27
29
|
expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
|
28
30
|
expect(extension.supported_signature_algorithms)
|
29
31
|
.to eq supported_signature_algorithms
|
@@ -76,6 +78,8 @@ RSpec.describe SignatureAlgorithms do
|
|
76
78
|
end
|
77
79
|
|
78
80
|
it 'should generate valid object' do
|
81
|
+
expect(extension).to be_a(SignatureAlgorithms)
|
82
|
+
|
79
83
|
expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
|
80
84
|
expect(extension.supported_signature_algorithms)
|
81
85
|
.to eq supported_signature_algorithms
|
data/spec/spec_helper.rb
CHANGED
@@ -4,6 +4,7 @@
|
|
4
4
|
RSpec.configure(&:disable_monkey_patching!)
|
5
5
|
|
6
6
|
# rubocop: disable Style/MixinUsage
|
7
|
+
require 'date'
|
7
8
|
require 'tttls1.3'
|
8
9
|
include TTTLS13
|
9
10
|
include TTTLS13::Error
|
@@ -41,10 +42,43 @@ TESTBINARY_SERVER_NAME = <<BIN.split.map(&:hex).map(&:chr).join
|
|
41
42
|
00 0d 00 00 0a 67 69 74 68 75 62 2e 63 6f 6d
|
42
43
|
BIN
|
43
44
|
|
44
|
-
|
45
|
+
TESTBINARY_OCSP_STATUS_REQUEST = <<BIN.split.map(&:hex).map(&:chr).join
|
45
46
|
01 00 00 00 00
|
46
47
|
BIN
|
47
48
|
|
49
|
+
TESTBINARY_OCSP_RESPONSE = <<BIN.split.map(&:hex).map(&:chr).join
|
50
|
+
01 00 01 d0 30 82 01 cc 0a 01 00 a0 82 01 c5 30
|
51
|
+
82 01 c1 06 09 2b 06 01 05 05 07 30 01 01 04 82
|
52
|
+
01 b2 30 82 01 ae 30 81 97 a1 16 30 14 31 12 30
|
53
|
+
10 06 03 55 04 03 0c 09 74 65 73 74 2d 6f 63 73
|
54
|
+
70 18 0f 32 30 31 39 31 31 32 38 32 30 34 32 32
|
55
|
+
38 5a 30 6c 30 6a 30 42 30 09 06 05 2b 0e 03 02
|
56
|
+
1a 05 00 04 14 71 02 ca 0e ca 3e be d8 31 e6 37
|
57
|
+
40 80 9e 37 f6 da 9f a5 27 04 14 ac c2 63 89 fe
|
58
|
+
4d c6 08 1f 1f 4d 77 9e 12 7a bf 32 b6 d6 12 02
|
59
|
+
09 00 cf 1a 4c 8a cc cc 78 33 80 00 18 0f 32 30
|
60
|
+
31 39 31 31 32 38 32 30 34 32 32 38 5a a0 11 18
|
61
|
+
0f 32 30 32 39 31 31 32 38 32 30 34 32 32 38 5a
|
62
|
+
30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03
|
63
|
+
82 01 01 00 42 90 e2 2f f0 25 3b cf 11 75 56 83
|
64
|
+
c2 dc 10 d1 e8 d3 74 67 9e df db 0e 03 36 9f 64
|
65
|
+
48 61 8b 50 ca 2c dd fc 82 5b 52 d5 9b 06 64 86
|
66
|
+
70 08 c2 0b ca c9 50 b8 42 42 19 80 8f 6e f0 42
|
67
|
+
92 ac 67 4f 74 fa 2a d2 f4 2f 82 15 11 71 4b bd
|
68
|
+
54 d0 21 fb 0a 91 d3 ba 67 5e cb 7d b2 e6 a2 da
|
69
|
+
30 3d b3 92 3d a9 4e 2c f6 4a 0b 22 96 b2 1d 06
|
70
|
+
c3 0a c7 41 5f 9e 22 c0 e0 3f 52 cc ff be dd 52
|
71
|
+
80 3f 68 36 ce c0 02 df ae ab 96 a9 be d8 51 b2
|
72
|
+
bd ec f9 e7 98 5e 8a 77 69 b6 f1 60 19 49 f0 58
|
73
|
+
26 70 2f 7b 19 cc d0 13 9e 9c ed 8a 5c 87 34 4c
|
74
|
+
fd bd 0f 41 3f 5c d8 1e 26 ce bb dd 17 a7 a4 37
|
75
|
+
8f d8 19 39 5b c9 17 18 ca c3 7a eb 5d e7 ba a1
|
76
|
+
12 23 d6 cb 22 0e e1 bf 9e 40 9b e3 5c b5 6b e3
|
77
|
+
aa 6e 93 56 4f da da a1 c6 79 13 9d 5c d6 87 2b
|
78
|
+
f7 6a 0f fc 2c 03 b2 41 c4 90 b8 3d 50 1c 8a 9b
|
79
|
+
11 1b 41 83
|
80
|
+
BIN
|
81
|
+
|
48
82
|
TESTBINARY_SUPPORTED_GROUPS = <<BIN.split.map(&:hex).map(&:chr).join
|
49
83
|
00 06 00 17 00 18 00 19
|
50
84
|
BIN
|
data/spec/status_request_spec.rb
CHANGED
@@ -4,10 +4,10 @@
|
|
4
4
|
require_relative 'spec_helper'
|
5
5
|
using Refinements
|
6
6
|
|
7
|
-
RSpec.describe
|
8
|
-
context 'default
|
7
|
+
RSpec.describe OCSPStatusRequest do
|
8
|
+
context 'default OCSPStatusRequest' do
|
9
9
|
let(:extension) do
|
10
|
-
|
10
|
+
OCSPStatusRequest.new
|
11
11
|
end
|
12
12
|
|
13
13
|
it 'should be generated' do
|
@@ -21,9 +21,9 @@ RSpec.describe StatusRequest do
|
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
24
|
-
context 'valid
|
24
|
+
context 'valid OCSPStatusRequest' do
|
25
25
|
let(:extension) do
|
26
|
-
|
26
|
+
OCSPStatusRequest.new(responder_id_list: [], request_extensions: [])
|
27
27
|
end
|
28
28
|
|
29
29
|
it 'should be generated' do
|
@@ -37,9 +37,9 @@ RSpec.describe StatusRequest do
|
|
37
37
|
end
|
38
38
|
end
|
39
39
|
|
40
|
-
context 'valid
|
40
|
+
context 'valid OCSPStatusRequest, 0 length request ' do
|
41
41
|
let(:extension) do
|
42
|
-
|
42
|
+
OCSPStatusRequest.new(responder_id_list: nil, request_extensions: nil)
|
43
43
|
end
|
44
44
|
|
45
45
|
it 'should be generated' do
|
@@ -53,9 +53,9 @@ RSpec.describe StatusRequest do
|
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
56
|
-
context 'valid
|
56
|
+
context 'valid OCSPStatusRequest binary' do
|
57
57
|
let(:extension) do
|
58
|
-
|
58
|
+
OCSPStatusRequest.deserialize(TESTBINARY_OCSP_STATUS_REQUEST)
|
59
59
|
end
|
60
60
|
|
61
61
|
it 'should generate valid object' do
|
@@ -67,7 +67,74 @@ RSpec.describe StatusRequest do
|
|
67
67
|
it 'should generate serializable object' do
|
68
68
|
expect(extension.serialize)
|
69
69
|
.to eq ExtensionType::STATUS_REQUEST \
|
70
|
-
+
|
70
|
+
+ TESTBINARY_OCSP_STATUS_REQUEST.prefix_uint16_length
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
RSpec.describe OCSPResponse do
|
76
|
+
context 'valid OCSPResponse whose status is good' do
|
77
|
+
let(:basic_resp) do
|
78
|
+
server_crt = OpenSSL::X509::Certificate.new(
|
79
|
+
File.read(__dir__ + '/fixtures/rsa_rsa.crt')
|
80
|
+
)
|
81
|
+
ca_crt = OpenSSL::X509::Certificate.new(
|
82
|
+
File.read(__dir__ + '/fixtures/rsa_ca.crt')
|
83
|
+
)
|
84
|
+
ocsp_crt = OpenSSL::X509::Certificate.new(
|
85
|
+
File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.crt')
|
86
|
+
)
|
87
|
+
ocsp_key = OpenSSL::PKey.read(
|
88
|
+
File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.key')
|
89
|
+
)
|
90
|
+
|
91
|
+
br = OpenSSL::OCSP::BasicResponse.new
|
92
|
+
cid = OpenSSL::OCSP::CertificateId.new(server_crt, ca_crt)
|
93
|
+
br.add_status(
|
94
|
+
cid,
|
95
|
+
OpenSSL::OCSP::V_CERTSTATUS_GOOD,
|
96
|
+
0,
|
97
|
+
nil,
|
98
|
+
Time.now,
|
99
|
+
DateTime.now.next_day(1).to_time,
|
100
|
+
[]
|
101
|
+
)
|
102
|
+
br.sign(ocsp_crt, ocsp_key)
|
103
|
+
br
|
104
|
+
end
|
105
|
+
|
106
|
+
let(:ocsp_response) do
|
107
|
+
OpenSSL::OCSP::Response.create(
|
108
|
+
OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL,
|
109
|
+
basic_resp
|
110
|
+
)
|
111
|
+
end
|
112
|
+
|
113
|
+
let(:extension) do
|
114
|
+
OCSPResponse.new(ocsp_response)
|
115
|
+
end
|
116
|
+
|
117
|
+
it 'should be generated' do
|
118
|
+
expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
|
119
|
+
expect(extension.ocsp_response).to eq ocsp_response
|
120
|
+
end
|
121
|
+
|
122
|
+
it 'should be serialized' do
|
123
|
+
binary = CertificateStatusType::OCSP \
|
124
|
+
+ ocsp_response.to_der.prefix_uint24_length
|
125
|
+
|
126
|
+
expect(extension.serialize).to eq ExtensionType::STATUS_REQUEST \
|
127
|
+
+ binary.prefix_uint16_length
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
context 'valid OCSPResponse binary' do
|
132
|
+
let(:extension) do
|
133
|
+
OCSPResponse.deserialize(TESTBINARY_OCSP_RESPONSE)
|
134
|
+
end
|
135
|
+
|
136
|
+
it 'should generate valid object' do
|
137
|
+
expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
|
71
138
|
end
|
72
139
|
end
|
73
140
|
end
|
data/tttls1.3.gemspec
CHANGED
@@ -16,7 +16,6 @@ Gem::Specification.new do |spec|
|
|
16
16
|
spec.required_ruby_version = '>=2.6.1'
|
17
17
|
|
18
18
|
spec.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
|
19
|
-
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
20
19
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
21
20
|
spec.require_paths = ['lib']
|
22
21
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tttls1.3
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.15
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- thekuwayama
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-11-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -59,7 +59,7 @@ executables: []
|
|
59
59
|
extensions: []
|
60
60
|
extra_rdoc_files: []
|
61
61
|
files:
|
62
|
-
- ".github/workflows/
|
62
|
+
- ".github/workflows/ci.yml"
|
63
63
|
- ".gitignore"
|
64
64
|
- ".rspec"
|
65
65
|
- ".rubocop.yml"
|
@@ -73,6 +73,7 @@ files:
|
|
73
73
|
- example/https_client_using_0rtt.rb
|
74
74
|
- example/https_client_using_hrr.rb
|
75
75
|
- example/https_client_using_hrr_and_ticket.rb
|
76
|
+
- example/https_client_using_status_request.rb
|
76
77
|
- example/https_client_using_ticket.rb
|
77
78
|
- example/https_server.rb
|
78
79
|
- interop/client_spec.rb
|
@@ -144,6 +145,8 @@ files:
|
|
144
145
|
- spec/fixtures/rsa_ca.key
|
145
146
|
- spec/fixtures/rsa_rsa.crt
|
146
147
|
- spec/fixtures/rsa_rsa.key
|
148
|
+
- spec/fixtures/rsa_rsa_ocsp.crt
|
149
|
+
- spec/fixtures/rsa_rsa_ocsp.key
|
147
150
|
- spec/fixtures/rsa_rsassaPss.crt
|
148
151
|
- spec/fixtures/rsa_rsassaPss.key
|
149
152
|
- spec/fixtures/rsa_secp256r1.crt
|
@@ -176,7 +179,7 @@ homepage: https://github.com/thekuwayama/tttls1.3
|
|
176
179
|
licenses:
|
177
180
|
- MIT
|
178
181
|
metadata: {}
|
179
|
-
post_install_message:
|
182
|
+
post_install_message:
|
180
183
|
rdoc_options: []
|
181
184
|
require_paths:
|
182
185
|
- lib
|
@@ -191,8 +194,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
191
194
|
- !ruby/object:Gem::Version
|
192
195
|
version: '0'
|
193
196
|
requirements: []
|
194
|
-
rubygems_version: 3.
|
195
|
-
signing_key:
|
197
|
+
rubygems_version: 3.1.2
|
198
|
+
signing_key:
|
196
199
|
specification_version: 4
|
197
200
|
summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
|
198
201
|
test_files:
|
@@ -217,6 +220,8 @@ test_files:
|
|
217
220
|
- spec/fixtures/rsa_ca.key
|
218
221
|
- spec/fixtures/rsa_rsa.crt
|
219
222
|
- spec/fixtures/rsa_rsa.key
|
223
|
+
- spec/fixtures/rsa_rsa_ocsp.crt
|
224
|
+
- spec/fixtures/rsa_rsa_ocsp.key
|
220
225
|
- spec/fixtures/rsa_rsassaPss.crt
|
221
226
|
- spec/fixtures/rsa_rsassaPss.key
|
222
227
|
- spec/fixtures/rsa_secp256r1.crt
|
data/.github/workflows/main.yml
DELETED
@@ -1,25 +0,0 @@
|
|
1
|
-
name: workflow
|
2
|
-
|
3
|
-
on:
|
4
|
-
push:
|
5
|
-
branches:
|
6
|
-
- master
|
7
|
-
pull_request:
|
8
|
-
branches:
|
9
|
-
- '*'
|
10
|
-
|
11
|
-
jobs:
|
12
|
-
ci:
|
13
|
-
runs-on: ubuntu-latest
|
14
|
-
steps:
|
15
|
-
- uses: actions/checkout@v1
|
16
|
-
- uses: actions/setup-ruby@v1
|
17
|
-
- uses: thekuwayama/openssl@master
|
18
|
-
with:
|
19
|
-
ruby-version: '2.6.x'
|
20
|
-
- run: gem install bundler
|
21
|
-
- run: bundle install
|
22
|
-
- run: docker pull thekuwayama/openssl
|
23
|
-
- run: bundle exec rake
|
24
|
-
- run: bundle exec rake interop:client
|
25
|
-
- run: bundle exec rake interop:server
|