tttls1.3 0.2.12 → 0.2.16

data/spec/key_schedule_spec.rb

@@ -6,15 +6,22 @@ require_relative 'spec_helper'
 RSpec.describe KeySchedule do
   context 'key_schedule, Simple 1-RTT Handshake,' do
     let(:key_schedule) do
+      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
+      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
+      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
+      ct = Certificate.deserialize(TESTBINARY_CERTIFICATE)
+      cv = CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
+      sf = Finished.deserialize(TESTBINARY_SERVER_FINISHED)
+      cf = Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
       transcript = Transcript.new
       transcript.merge!(
-        CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
-        SH => ServerHello.deserialize(TESTBINARY_SERVER_HELLO),
-        EE => EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS),
-        CT => Certificate.deserialize(TESTBINARY_CERTIFICATE),
-        CV => CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY),
-        SF => Finished.deserialize(TESTBINARY_SERVER_FINISHED),
-        CF => Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
+        CH => [ch, TESTBINARY_CLIENT_HELLO],
+        SH => [sh, TESTBINARY_SERVER_HELLO],
+        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
+        CT => [ct, TESTBINARY_CERTIFICATE],
+        CV => [cv, TESTBINARY_CERTIFICATE_VERIFY],
+        SF => [sf, TESTBINARY_SERVER_FINISHED],
+        CF => [cf, TESTBINARY_CLIENT_FINISHED]
       )
       KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
@@ -77,15 +84,22 @@ RSpec.describe KeySchedule do
 
   context 'key_schedule, Resumed 0-RTT Handshake,' do
     let(:key_schedule) do
+      ch = ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO)
+      sh = ServerHello.deserialize(TESTBINARY_0_RTT_SERVER_HELLO)
+      ee = EncryptedExtensions.deserialize(
+        TESTBINARY_0_RTT_ENCRYPTED_EXTENSIONS
+      )
+      sf = Finished.deserialize(TESTBINARY_0_RTT_SERVER_FINISHED)
+      eoed = EndOfEarlyData.deserialize(TESTBINARY_0_RTT_END_OF_EARLY_DATA)
+      cf = Finished.deserialize(TESTBINARY_0_RTT_CLIENT_FINISHED)
       transcript = Transcript.new
       transcript.merge!(
-        CH => ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO),
-        SH => ServerHello.deserialize(TESTBINARY_0_RTT_SERVER_HELLO),
-        EE =>
-        EncryptedExtensions.deserialize(TESTBINARY_0_RTT_ENCRYPTED_EXTENSIONS),
-        SF => Finished.deserialize(TESTBINARY_0_RTT_SERVER_FINISHED),
-        EOED => EndOfEarlyData.deserialize(TESTBINARY_0_RTT_END_OF_EARLY_DATA),
-        CF => Finished.deserialize(TESTBINARY_0_RTT_CLIENT_FINISHED)
+        CH => [ch, TESTBINARY_0_RTT_CLIENT_HELLO],
+        SH => [sh, TESTBINARY_0_RTT_SERVER_HELLO],
+        EE => [ee, TESTBINARY_0_RTT_ENCRYPTED_EXTENSIONS],
+        SF => [sf, TESTBINARY_0_RTT_SERVER_FINISHED],
+        EOED => [eoed, TESTBINARY_0_RTT_END_OF_EARLY_DATA],
+        CF => [cf, TESTBINARY_0_RTT_CLIENT_FINISHED]
       )
       KeySchedule.new(psk: TESTBINARY_0_RTT_PSK,
                       shared_secret: TESTBINARY_0_RTT_SHARED_SECRET,
@@ -111,8 +125,9 @@ RSpec.describe KeySchedule do
   context 'key_schedule, Resumed 0-RTT Handshake, ' \
           'not negotiated shared_secret yet,' do
     let(:key_schedule) do
+      ch = ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO)
       transcript = Transcript.new
-      transcript[CH] = ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO)
+      transcript[CH] = [ch, TESTBINARY_0_RTT_CLIENT_HELLO]
       KeySchedule.new(psk: TESTBINARY_0_RTT_PSK,
                       shared_secret: nil,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
@@ -139,18 +154,26 @@ RSpec.describe KeySchedule do
 
   context 'key_schedule, HelloRetryRequest,' do
     let(:key_schedule) do
+      ch1 = ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO1)
+      hrr = ServerHello.deserialize(TESTBINARY_HRR_HELLO_RETRY_REQUEST)
+      ch = ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO)
+      sh = ServerHello.deserialize(TESTBINARY_HRR_SERVER_HELLO)
+      ee = EncryptedExtensions.deserialize(TESTBINARY_HRR_ENCRYPTED_EXTENSIONS)
+      ct = Certificate.deserialize(TESTBINARY_HRR_CERTIFICATE)
+      cv = CertificateVerify.deserialize(TESTBINARY_HRR_CERTIFICATE_VERIFY)
+      sf = Finished.deserialize(TESTBINARY_HRR_SERVER_FINISHED)
+      cf = Finished.deserialize(TESTBINARY_HRR_CLIENT_FINISHED)
       transcript = Transcript.new
       transcript.merge!(
-        CH1 => ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO1),
-        HRR => ServerHello.deserialize(TESTBINARY_HRR_HELLO_RETRY_REQUEST),
-        CH => ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO),
-        SH => ServerHello.deserialize(TESTBINARY_HRR_SERVER_HELLO),
-        EE =>
-        EncryptedExtensions.deserialize(TESTBINARY_HRR_ENCRYPTED_EXTENSIONS),
-        CT => Certificate.deserialize(TESTBINARY_HRR_CERTIFICATE),
-        CV => CertificateVerify.deserialize(TESTBINARY_HRR_CERTIFICATE_VERIFY),
-        SF => Finished.deserialize(TESTBINARY_HRR_SERVER_FINISHED),
-        CF => Finished.deserialize(TESTBINARY_HRR_CLIENT_FINISHED)
+        CH1 => [ch1, TESTBINARY_HRR_CLIENT_HELLO1],
+        HRR => [hrr, TESTBINARY_HRR_HELLO_RETRY_REQUEST],
+        CH => [ch, TESTBINARY_HRR_CLIENT_HELLO],
+        SH => [sh, TESTBINARY_HRR_SERVER_HELLO],
+        EE => [ee, TESTBINARY_HRR_ENCRYPTED_EXTENSIONS],
+        CT => [ct, TESTBINARY_HRR_CERTIFICATE],
+        CV => [cv, TESTBINARY_HRR_CERTIFICATE_VERIFY],
+        SF => [sf, TESTBINARY_HRR_SERVER_FINISHED],
+        CF => [cf, TESTBINARY_HRR_CLIENT_FINISHED]
       )
       KeySchedule.new(shared_secret: TESTBINARY_HRR_SHARED_SECRET,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,

data/spec/record_spec.rb

@@ -30,7 +30,7 @@ RSpec.describe Record do
 
   context 'valid record binary' do
     let(:record) do
-      Record.deserialize(TESTBINARY_RECORD_CCS, Passer.new)
+      Record.deserialize(TESTBINARY_RECORD_CCS, Passer.new).first
     end
 
     it 'should generate valid record header and ChangeCipherSpec' do
@@ -75,7 +75,7 @@ RSpec.describe Record do
         write_iv: TESTBINARY_SERVER_PARAMETERS_WRITE_IV,
         sequence_number: SequenceNumber.new
       )
-      Record.deserialize(TESTBINARY_SERVER_PARAMETERS_RECORD, cipher)
+      Record.deserialize(TESTBINARY_SERVER_PARAMETERS_RECORD, cipher).first
     end
 
     it 'should generate valid record header' do

data/spec/server_hello_spec.rb

@@ -187,7 +187,7 @@ RSpec.describe ServerHello do
     let(:message) do
       sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
       extensions = sh.instance_variable_get(:@extensions)
-      extensions[ExtensionType::SUPPORTED_VERSIONS] = nil
+      extensions.delete(ExtensionType::SUPPORTED_VERSIONS)
       sh.instance_variable_set(:@extensions, extensions)
       sh
     end

data/spec/server_spec.rb

@@ -14,7 +14,7 @@ RSpec.describe Server do
                         + msg_len.to_uint16 \
                         + TESTBINARY_CLIENT_HELLO)
       server = Server.new(mock_socket)
-      server.send(:recv_client_hello, true)
+      server.send(:recv_client_hello, true).first
     end
 
     it 'should receive ClientHello' do
@@ -90,12 +90,16 @@ RSpec.describe Server do
       )
     end
 
+    let(:ch) do
+      ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
+    end
+
     let(:server) do
       Server.new(nil)
     end
 
     it 'should generate Certificate' do
-      ct = server.send(:gen_certificate, crt)
+      ct = server.send(:gen_certificate, crt, ch)
       expect(ct).to be_a_kind_of(Certificate)
 
       certificate_entry = ct.certificate_list.first
@@ -119,12 +123,15 @@ RSpec.describe Server do
     end
 
     let(:transcript) do
+      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
+      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
+      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
       transcript = Transcript.new
       transcript.merge!(
-        CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
-        SH => ServerHello.deserialize(TESTBINARY_SERVER_HELLO),
-        EE => EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS),
-        CT => ct
+        CH => [ch, TESTBINARY_CLIENT_HELLO],
+        SH => [sh, TESTBINARY_SERVER_HELLO],
+        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
+        CT => [ct, TESTBINARY_CERTIFICATE]
       )
     end
 
@@ -168,13 +175,18 @@ RSpec.describe Server do
     end
 
     let(:transcript) do
+      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
+      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
+      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
+      ct = Certificate.deserialize(TESTBINARY_CERTIFICATE)
+      cv = CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
       transcript = Transcript.new
       transcript.merge!(
-        CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
-        SH => ServerHello.deserialize(TESTBINARY_SERVER_HELLO),
-        EE => EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS),
-        CT => Certificate.deserialize(TESTBINARY_CERTIFICATE),
-        CV => CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
+        CH => [ch, TESTBINARY_CLIENT_HELLO],
+        SH => [sh, TESTBINARY_SERVER_HELLO],
+        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
+        CT => [ct, TESTBINARY_CERTIFICATE],
+        CV => [cv, TESTBINARY_CERTIFICATE_VERIFY]
       )
       transcript
     end

data/spec/signature_algorithms_cert_spec.rb

@@ -24,6 +24,8 @@ RSpec.describe SignatureAlgorithmsCert do
     end
 
     it 'should be generated' do
+      expect(extension).to be_a(SignatureAlgorithmsCert)
+
       expect(extension.extension_type)
         .to eq ExtensionType::SIGNATURE_ALGORITHMS_CERT
       expect(extension.supported_signature_algorithms)
@@ -58,6 +60,8 @@ RSpec.describe SignatureAlgorithmsCert do
     end
 
     it 'should generate valid object' do
+      expect(extension).to be_a(SignatureAlgorithmsCert)
+
       expect(extension.extension_type)
         .to eq ExtensionType::SIGNATURE_ALGORITHMS_CERT
       expect(extension.supported_signature_algorithms)

data/spec/signature_algorithms_spec.rb

@@ -24,6 +24,8 @@ RSpec.describe SignatureAlgorithms do
     end
 
     it 'should be generated' do
+      expect(extension).to be_a(SignatureAlgorithms)
+
       expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
       expect(extension.supported_signature_algorithms)
         .to eq supported_signature_algorithms
@@ -76,6 +78,8 @@ RSpec.describe SignatureAlgorithms do
     end
 
     it 'should generate valid object' do
+      expect(extension).to be_a(SignatureAlgorithms)
+
       expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
       expect(extension.supported_signature_algorithms)
         .to eq supported_signature_algorithms

data/spec/spec_helper.rb

@@ -163,6 +163,10 @@ BIN
 
 TESTBINARY_EARLY_DATA_INDICATION_CH = ''
 
+TESTBINARY_COMPRESS_CERTIFICATE = <<BIN.split.map(&:hex).map(&:chr).join
+  02 00 01
+BIN
+
 # https://tools.ietf.org/html/rfc8448#section-3
 # 2.  Private Keys
 TESTBINARY_PKEY_MODULUS = <<BIN.split.map(&:hex).map(&:chr).join

data/spec/transcript_spec.rb

@@ -6,15 +6,22 @@ require_relative 'spec_helper'
 RSpec.describe Transcript do
   context 'transcript, not including HRR,' do
     let(:transcript) do
+      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
+      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
+      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
+      ct = Certificate.deserialize(TESTBINARY_CERTIFICATE)
+      cv = CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
+      sf = Finished.deserialize(TESTBINARY_SERVER_FINISHED)
+      cf = Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
       t = Transcript.new
       t.merge!(
-        CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
-        SH => ServerHello.deserialize(TESTBINARY_SERVER_HELLO),
-        EE => EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS),
-        CT => Certificate.deserialize(TESTBINARY_CERTIFICATE),
-        CV => CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY),
-        SF => Finished.deserialize(TESTBINARY_SERVER_FINISHED),
-        CF => Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
+        CH => [ch, TESTBINARY_CLIENT_HELLO],
+        SH => [sh, TESTBINARY_SERVER_HELLO],
+        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
+        CT => [ct, TESTBINARY_CERTIFICATE],
+        CV => [cv, TESTBINARY_CERTIFICATE_VERIFY],
+        SF => [sf, TESTBINARY_SERVER_FINISHED],
+        CF => [cf, TESTBINARY_CLIENT_FINISHED]
       )
     end
 
@@ -26,18 +33,26 @@ RSpec.describe Transcript do
 
   context 'transcript, including HRR,' do
     let(:transcript) do
+      ch1 = ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO1)
+      hrr = ServerHello.deserialize(TESTBINARY_HRR_HELLO_RETRY_REQUEST)
+      ch = ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO)
+      sh = ServerHello.deserialize(TESTBINARY_HRR_SERVER_HELLO)
+      ee = EncryptedExtensions.deserialize(TESTBINARY_HRR_ENCRYPTED_EXTENSIONS)
+      ct = Certificate.deserialize(TESTBINARY_HRR_CERTIFICATE)
+      cv = CertificateVerify.deserialize(TESTBINARY_HRR_CERTIFICATE_VERIFY)
+      sf = Finished.deserialize(TESTBINARY_HRR_SERVER_FINISHED)
+      cf = Finished.deserialize(TESTBINARY_HRR_CLIENT_FINISHED)
       t = Transcript.new
       t.merge!(
-        CH1 => ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO1),
-        HRR => ServerHello.deserialize(TESTBINARY_HRR_HELLO_RETRY_REQUEST),
-        CH => ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO),
-        SH => ServerHello.deserialize(TESTBINARY_HRR_SERVER_HELLO),
-        EE =>
-        EncryptedExtensions.deserialize(TESTBINARY_HRR_ENCRYPTED_EXTENSIONS),
-        CT => Certificate.deserialize(TESTBINARY_HRR_CERTIFICATE),
-        CV => CertificateVerify.deserialize(TESTBINARY_HRR_CERTIFICATE_VERIFY),
-        SF => Finished.deserialize(TESTBINARY_HRR_SERVER_FINISHED),
-        CF => Finished.deserialize(TESTBINARY_HRR_CLIENT_FINISHED)
+        CH1 => [ch1, TESTBINARY_HRR_CLIENT_HELLO1],
+        HRR => [hrr, TESTBINARY_HRR_HELLO_RETRY_REQUEST],
+        CH => [ch, TESTBINARY_HRR_CLIENT_HELLO],
+        SH => [sh, TESTBINARY_HRR_SERVER_HELLO],
+        EE => [ee, TESTBINARY_HRR_ENCRYPTED_EXTENSIONS],
+        CT => [ct, TESTBINARY_HRR_CERTIFICATE],
+        CV => [cv, TESTBINARY_HRR_CERTIFICATE_VERIFY],
+        SF => [sf, TESTBINARY_HRR_SERVER_FINISHED],
+        CF => [cf, TESTBINARY_HRR_CLIENT_FINISHED]
       )
     end
 
@@ -51,10 +66,9 @@ RSpec.describe Transcript do
 
   context 'transcript, Resumed 0-RTT Handshake,' do
     let(:transcript) do
+      ch = ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO)
       t = Transcript.new
-      t.merge!(
-        CH => ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO)
-      )
+      t.merge!(CH => [ch, TESTBINARY_0_RTT_CLIENT_HELLO])
     end
 
     let(:hash_len) do

data/tttls1.3.gemspec

@@ -16,7 +16,6 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>=2.6.1'
 
   spec.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.12
+  version: 0.2.16
 platform: ruby
 authors:
 - thekuwayama
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-04 00:00:00.000000000 Z
+date: 2021-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -59,7 +59,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/main.yml"
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -96,9 +96,11 @@ files:
 - lib/tttls1.3/message/certificate_verify.rb
 - lib/tttls1.3/message/change_cipher_spec.rb
 - lib/tttls1.3/message/client_hello.rb
+- lib/tttls1.3/message/compressed_certificate.rb
 - lib/tttls1.3/message/encrypted_extensions.rb
 - lib/tttls1.3/message/end_of_early_data.rb
 - lib/tttls1.3/message/extension/alpn.rb
+- lib/tttls1.3/message/extension/compress_certificate.rb
 - lib/tttls1.3/message/extension/cookie.rb
 - lib/tttls1.3/message/extension/early_data_indication.rb
 - lib/tttls1.3/message/extension/key_share.rb
@@ -134,6 +136,7 @@ files:
 - spec/cipher_suites_spec.rb
 - spec/client_hello_spec.rb
 - spec/client_spec.rb
+- spec/compress_certificate_spec.rb
 - spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb
@@ -179,7 +182,7 @@ homepage: https://github.com/thekuwayama/tttls1.3
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -194,8 +197,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
 test_files:
@@ -209,6 +212,7 @@ test_files:
 - spec/cipher_suites_spec.rb
 - spec/client_hello_spec.rb
 - spec/client_spec.rb
+- spec/compress_certificate_spec.rb
 - spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb

data/.github/workflows/main.yml

@@ -1,25 +0,0 @@
-name: workflow
-
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-    branches:
-      - '*'
-
-jobs:
-  ci:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-ruby@v1
-      - uses: thekuwayama/openssl@master
-        with:
-          ruby-version: '2.6.x'
-      - run: gem install bundler
-      - run: bundle install
-      - run: docker pull thekuwayama/openssl
-      - run: bundle exec rake
-      - run: bundle exec rake interop:client
-      - run: bundle exec rake interop:server