tttls1.3 0.2.14 → 0.2.17

data/lib/tttls1.3/message/extension/compress_certificate.rb

@@ -0,0 +1,58 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      module CertificateCompressionAlgorithm
+        ZLIB = "\x00\x01"
+        # BROTLI = "\x00\x02" # UNSUPPORTED
+        # ZSTD   = "\x00\x03" # UNSUPPORTED
+      end
+
+      # https://tools.ietf.org/html/rfc8879
+      class CompressCertificate
+        attr_reader :extension_type
+        attr_reader :algorithms
+
+        # @param algorithms [Array of CertificateCompressionAlgorithm]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @example
+        #   CompressCertificate([CertificateCompressionAlgorithm::ZLIB])
+        def initialize(algorithms)
+          @extension_type = ExtensionType::COMPRESS_CERTIFICATE
+          @algorithms = algorithms || []
+          raise Error::ErrorAlerts, :internal_error \
+            if @algorithms.join.length < 2 ||
+               @algorithms.join.length > 2**8 - 2
+        end
+
+        # @return [String]
+        def serialize
+          binary = @algorithms.join.prefix_uint8_length
+
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extension::CompressCertificate, nil]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          return nil if binary.length < 3
+
+          al_len = Convert.bin2i(binary.slice(0, 1))
+          return nil if binary.length != al_len + 1
+
+          CompressCertificate.new(binary.slice(1, al_len + 1).scan(/.{2}/m))
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/signature_algorithms.rb

@@ -35,17 +35,17 @@ module TTTLS13
 
         # @return [String]
         def serialize
-          binary = @supported_signature_algorithms.join
+          binary = @supported_signature_algorithms.join.prefix_uint16_length
 
-          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+          @extension_type + binary.prefix_uint16_length
         end
 
         # @param binary [String]
         #
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
-        # @return [TTTLS13::Message::Extensions::SignatureAlgorithms, nil]
-        def self.deserialize(binary)
+        # @return [Array of SignatureScheme]
+        def self.deserialize_supported_signature_algorithms(binary)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
 
           return nil if binary.length < 2
@@ -61,7 +61,17 @@ module TTTLS13
           end
           return nil unless ssa_len + 2 == binary.length
 
-          SignatureAlgorithms.new(supported_signature_algorithms)
+          supported_signature_algorithms
+        end
+
+        # @param binary [String]
+        #
+        # @return [TTTLS13::Message::Extensions::SignatureAlgorithms, nil]
+        def self.deserialize(binary)
+          ssa = deserialize_supported_signature_algorithms(binary)
+          return nil if ssa.nil?
+
+          SignatureAlgorithms.new(ssa)
         end
       end
     end

data/lib/tttls1.3/message/extension/signature_algorithms_cert.rb

@@ -13,11 +13,12 @@ module TTTLS13
 
         # @param binary [String]
         #
-        # @return [TTTLS13::Message::Extensions::SignatureAlgorithmsCert]
+        # @return [TTTLS13::Message::Extensions::SignatureAlgorithmsCert, nil]
         def self.deserialize(binary)
-          extension = SignatureAlgorithms.deserialize(binary)
-          extension.extension_type = ExtensionType::SIGNATURE_ALGORITHMS_CERT
-          extension
+          ssa = deserialize_supported_signature_algorithms(binary)
+          return nil if ssa.nil?
+
+          SignatureAlgorithmsCert.new(ssa)
         end
       end
     end

data/lib/tttls1.3/message/extension/supported_groups.rb

@@ -21,9 +21,9 @@ module TTTLS13
 
         # @return [String]
         def serialize
-          binary = @named_group_list.join
+          binary = @named_group_list.join.prefix_uint16_length
 
-          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+          @extension_type + binary.prefix_uint16_length
         end
 
         # @param binary [String]

data/lib/tttls1.3/message/extensions.rb

@@ -121,6 +121,7 @@ module TTTLS13
         # @return [TTTLS13::Message::Extension::$Object, nil]
         # rubocop: disable Metrics/CyclomaticComplexity
         # rubocop: disable Metrics/MethodLength
+        # rubocop: disable Metrics/PerceivedComplexity
         def deserialize_extension(binary, extension_type, msg_type)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
 
@@ -143,6 +144,8 @@ module TTTLS13
             Extension::SignatureAlgorithms.deserialize(binary)
           when ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
             Extension::Alpn.deserialize(binary)
+          when ExtensionType::COMPRESS_CERTIFICATE
+            Extension::CompressCertificate.deserialize(binary)
           when ExtensionType::RECORD_SIZE_LIMIT
             Extension::RecordSizeLimit.deserialize(binary)
           when ExtensionType::PRE_SHARED_KEY
@@ -165,6 +168,7 @@ module TTTLS13
         end
         # rubocop: enable Metrics/CyclomaticComplexity
         # rubocop: enable Metrics/MethodLength
+        # rubocop: enable Metrics/PerceivedComplexity
       end
     end
   end

data/lib/tttls1.3/message/record.rb

@@ -11,23 +11,19 @@ module TTTLS13
       attr_reader :type
       attr_reader :legacy_record_version
       attr_reader :messages
-      attr_reader :surplus_binary
       attr_reader :cipher
 
       # @param type [TTTLS13::Message::ContentType]
       # @param legacy_record_version [TTTLS13::Message::ProtocolVersion]
       # @param messages [Array of TTTLS13::Message::$Object]
-      # @param surplus_binary [String]
       # @param cipher [TTTLS13::Cryptograph::$Object]
       def initialize(type:,
                      legacy_record_version: ProtocolVersion::TLS_1_2,
                      messages:,
-                     surplus_binary: '',
                      cipher:)
         @type = type
         @legacy_record_version = legacy_record_version
         @messages = messages
-        @surplus_binary = surplus_binary
         @cipher = cipher
       end
 
@@ -40,7 +36,7 @@ module TTTLS13
       #
       # @return [String]
       def serialize(record_size_limit = DEFAULT_RECORD_SIZE_LIMIT)
-        tlsplaintext = @messages.map(&:serialize).join + @surplus_binary
+        tlsplaintext = @messages.map(&:serialize).join
         if @cipher.is_a?(Cryptograph::Aead)
           max = @cipher.tlsplaintext_length_limit(record_size_limit)
           fragments = tlsplaintext.scan(/.{1,#{max}}/m)
@@ -66,6 +62,8 @@ module TTTLS13
       # @raise [TTTLS13::Error::ErrorAlerts]
       #
       # @return [TTTLS13::Message::Record]
+      # @return [Array of String]
+      # @return [String]
       # rubocop: disable Metrics/AbcSize
       # rubocop: disable Metrics/CyclomaticComplexity
       # rubocop: disable Metrics/PerceivedComplexity
@@ -93,13 +91,17 @@ module TTTLS13
           fragment, inner_type = cipher.decrypt(fragment, binary.slice(0, 5))
         end
 
-        messages, surplus_binary = deserialize_fragment(buffered + fragment,
-                                                        inner_type || type)
-        Record.new(type: type,
-                   legacy_record_version: legacy_record_version,
-                   messages: messages,
-                   surplus_binary: surplus_binary,
-                   cipher: cipher)
+        messages, orig_msgs, surplus_binary = deserialize_fragment(
+          buffered + fragment,
+          inner_type || type
+        )
+        record = Record.new(
+          type: type,
+          legacy_record_version: legacy_record_version,
+          messages: messages,
+          cipher: cipher
+        )
+        [record, orig_msgs, surplus_binary]
       end
       # rubocop: enable Metrics/AbcSize
       # rubocop: enable Metrics/CyclomaticComplexity
@@ -116,6 +118,7 @@ module TTTLS13
               Message::ServerHello,
               Message::EncryptedExtensions,
               Message::Certificate,
+              Message::CompressedCertificate,
               Message::CertificateVerify,
               Message::Finished,
               Message::EndOfEarlyData,
@@ -152,20 +155,24 @@ module TTTLS13
           raise Error::ErrorAlerts, :internal_error if binary.nil?
 
           surplus_binary = ''
+          orig_msgs = []
           case type
           when ContentType::HANDSHAKE
-            messages, surplus_binary = deserialize_handshake(binary)
+            messages, orig_msgs, surplus_binary = deserialize_handshake(binary)
           when ContentType::CCS
             messages = [ChangeCipherSpec.deserialize(binary)]
+            orig_msgs = [binary]
           when ContentType::APPLICATION_DATA
             messages = [ApplicationData.deserialize(binary)]
+            orig_msgs = [binary]
           when ContentType::ALERT
             messages = [Alert.deserialize(binary)]
+            orig_msgs = [binary]
           else
             raise Error::ErrorAlerts, :unexpected_message
           end
 
-          [messages, surplus_binary]
+          [messages, orig_msgs, surplus_binary]
         end
 
         # @param binary [String]
@@ -173,11 +180,13 @@ module TTTLS13
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
         # @return [Array of TTTLS13::Message::$Object]
+        # @return [Array of String]
         # @return [String]
         def deserialize_handshake(binary)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
 
           handshakes = []
+          orig_msgs = []
           i = 0
           while i < binary.length
             # Handshake.length is kind of uint24 and Record.length is kind of
@@ -185,18 +194,19 @@ module TTTLS13
             if binary.length < 4 + i ||
                binary.length < 4 + i + Convert.bin2i(binary.slice(i + 1, 3))
               surplus_binary = binary[i..]
-              return [handshakes, surplus_binary]
+              return [handshakes, orig_msgs, surplus_binary]
             end
 
             msg_len = Convert.bin2i(binary.slice(i + 1, 3))
             msg_bin = binary.slice(i, msg_len + 4)
+            orig_msgs << msg_bin
             message = do_deserialize_handshake(msg_bin)
             i += msg_len + 4
             handshakes << message
           end
 
           surplus_binary = binary[i..]
-          [handshakes, surplus_binary]
+          [handshakes, orig_msgs, surplus_binary]
         end
 
         # @param binary [String]
@@ -226,6 +236,8 @@ module TTTLS13
             NewSessionTicket.deserialize(binary)
           when HandshakeType::END_OF_EARLY_DATA
             EndOfEarlyData.deserialize(binary)
+          when HandshakeType::COMPRESSED_CERTIFICATE
+            CompressedCertificate.deserialize(binary)
           else
             raise Error::ErrorAlerts, :unexpected_message
           end

data/lib/tttls1.3/message.rb

@@ -21,26 +21,27 @@ module TTTLS13
     DEFAULT_VERSIONS = [ProtocolVersion::TLS_1_3].freeze
 
     module HandshakeType
-      HELLO_REQUEST        = "\x00" # RESERVED
-      CLIENT_HELLO         = "\x01"
-      SERVER_HELLO         = "\x02"
-      HELLO_VERIFY_REQUEST = "\x03" # RESERVED
-      NEW_SESSION_TICKET   = "\x04"
-      END_OF_EARLY_DATA    = "\x05"
-      HELLO_RETRY_REQUEST  = "\x06" # RESERVED
-      ENCRYPTED_EXTENSIONS = "\x08"
-      CERTIFICATE          = "\x0b"
-      SERVER_KEY_EXCHANGE  = "\x0c" # RESERVED
-      CERTIFICATE_REQUEST  = "\x0d"
-      SERVER_HELLO_DONE    = "\x0e" # RESERVED
-      CERTIFICATE_VERIFY   = "\x0f"
-      CLIENT_KEY_EXCHANGE  = "\x10" # RESERVED
-      FINISHED             = "\x14"
-      CERTIFICATE_URL      = "\x15" # RESERVED
-      CERTIFICATE_STATUS   = "\x16" # RESERVED
-      SUPPLEMENTAL_DATA    = "\x17" # RESERVED
-      KEY_UPDATE           = "\x18"
-      MESSAGE_HASH         = "\xfe"
+      HELLO_REQUEST          = "\x00" # RESERVED
+      CLIENT_HELLO           = "\x01"
+      SERVER_HELLO           = "\x02"
+      HELLO_VERIFY_REQUEST   = "\x03" # RESERVED
+      NEW_SESSION_TICKET     = "\x04"
+      END_OF_EARLY_DATA      = "\x05"
+      HELLO_RETRY_REQUEST    = "\x06" # RESERVED
+      ENCRYPTED_EXTENSIONS   = "\x08"
+      CERTIFICATE            = "\x0b"
+      SERVER_KEY_EXCHANGE    = "\x0c" # RESERVED
+      CERTIFICATE_REQUEST    = "\x0d"
+      SERVER_HELLO_DONE      = "\x0e" # RESERVED
+      CERTIFICATE_VERIFY     = "\x0f"
+      CLIENT_KEY_EXCHANGE    = "\x10" # RESERVED
+      FINISHED               = "\x14"
+      CERTIFICATE_URL        = "\x15" # RESERVED
+      CERTIFICATE_STATUS     = "\x16" # RESERVED
+      SUPPLEMENTAL_DATA      = "\x17" # RESERVED
+      KEY_UPDATE             = "\x18"
+      COMPRESSED_CERTIFICATE = "\x19"
+      MESSAGE_HASH           = "\xfe"
     end
 
     module ExtensionType
@@ -56,6 +57,7 @@ module TTTLS13
       CLIENT_CERTIFICATE_TYPE                = "\x00\x13"
       SERVER_CERTIFICATE_TYPE                = "\x00\x14"
       PADDING                                = "\x00\x15"
+      COMPRESS_CERTIFICATE                   = "\x00\x1b"
       RECORD_SIZE_LIMIT                      = "\x00\x1c"
       PWD_PROTECT                            = "\x00\x1d"
       PWD_CLEAR                              = "\x00\x1e"

data/lib/tttls1.3/server.rb

@@ -44,6 +44,11 @@ module TTTLS13
   ].freeze
   private_constant :DEFAULT_SP_NAMED_GROUP_LIST
 
+  DEFAULT_SP_COMPRESS_CERTIFICATE_ALGORITHMS = [
+    Message::Extension::CertificateCompressionAlgorithm::ZLIB
+  ].freeze
+  private_constant :DEFAULT_SP_COMPRESS_CERTIFICATE_ALGORITHMS
+
   DEFAULT_SERVER_SETTINGS = {
     crt_file: nil,
     chain_files: nil,
@@ -53,6 +58,7 @@ module TTTLS13
     supported_groups: DEFAULT_SP_NAMED_GROUP_LIST,
     alpn: nil,
     process_ocsp_response: nil,
+    compress_certificate_algorithms: DEFAULT_SP_COMPRESS_CERTIFICATE_ALGORITHMS,
     compatibility_mode: true,
     loglevel: Logger::WARN
   }.freeze
@@ -140,7 +146,6 @@ module TTTLS13
       transcript = Transcript.new
       key_schedule = nil # TTTLS13::KeySchedule
       priv_key = nil # OpenSSL::PKey::$Object
-
       hs_wcipher = nil # TTTLS13::Cryptograph::$Object
       hs_rcipher = nil # TTTLS13::Cryptograph::$Object
 
@@ -151,7 +156,7 @@ module TTTLS13
           logger.debug('ServerState::START')
 
           receivable_ccs = transcript.include?(CH1)
-          ch = transcript[CH] = recv_client_hello(receivable_ccs)
+          ch, = transcript[CH] = recv_client_hello(receivable_ccs)
 
           # support only TLS 1.3
           terminate(:protocol_version) unless ch.negotiated_tls_1_3?
@@ -183,7 +188,7 @@ module TTTLS13
           logger.debug('ServerState::RECVD_CH')
 
           # select parameters
-          ch = transcript[CH]
+          ch, = transcript[CH]
           @cipher_suite = select_cipher_suite(ch)
           @named_group = select_named_group(ch)
           @signature_scheme = select_signature_scheme(ch, @crt)
@@ -192,8 +197,9 @@ module TTTLS13
 
           # send HRR
           if @named_group.nil?
-            ch1 = transcript[CH1] = transcript.delete(CH)
-            transcript[HRR] = send_hello_retry_request(ch1, @cipher_suite)
+            ch1, = transcript[CH1] = transcript.delete(CH)
+            hrr = send_hello_retry_request(ch1, @cipher_suite)
+            transcript[HRR] = [hrr, hrr.serialize]
             @state = ServerState::START
             next
           end
@@ -201,10 +207,14 @@ module TTTLS13
         when ServerState::NEGOTIATED
           logger.debug('ServerState::NEGOTIATED')
 
-          ch = transcript[CH]
+          ch, = transcript[CH]
           extensions, priv_key = gen_sh_extensions(@named_group)
-          transcript[SH] = send_server_hello(extensions, @cipher_suite,
-                                             ch.legacy_session_id)
+          sh = send_server_hello(
+            extensions,
+            @cipher_suite,
+            ch.legacy_session_id
+          )
+          transcript[SH] = [sh, sh.serialize]
           send_ccs if @settings[:compatibility_mode]
 
           # generate shared secret
@@ -235,29 +245,30 @@ module TTTLS13
         when ServerState::WAIT_FLIGHT2
           logger.debug('ServerState::WAIT_FLIGHT2')
 
-          ch = transcript[CH]
+          ch, = transcript[CH]
           rsl = @send_record_size \
             if ch.extensions.include?(Message::ExtensionType::RECORD_SIZE_LIMIT)
-          ee = transcript[EE] = gen_encrypted_extensions(ch, @alpn, rsl)
+          ee = gen_encrypted_extensions(ch, @alpn, rsl)
+          transcript[EE] = [ee, ee.serialize]
           # TODO: [Send CertificateRequest]
 
           # status_request
           ocsp_response = fetch_ocsp_response \
             if ch.extensions.include?(Message::ExtensionType::STATUS_REQUEST)
-          ct = transcript[CT] = gen_certificate(@crt, @chain, ocsp_response)
+          ct = gen_certificate(@crt, ch, @chain, ocsp_response)
+          transcript[CT] = [ct, ct.serialize]
           digest = CipherSuite.digest(@cipher_suite)
-          cv = transcript[CV] = gen_certificate_verify(
-            @key,
-            @signature_scheme,
-            transcript.hash(digest, CT)
-          )
+          hash = transcript.hash(digest, CT)
+          cv = gen_certificate_verify(@key, @signature_scheme, hash)
+          transcript[CV] = [cv, cv.serialize]
           finished_key = key_schedule.server_finished_key
           signature = sign_finished(
             digest: digest,
             finished_key: finished_key,
             hash: transcript.hash(digest, CV)
           )
-          sf = transcript[SF] = Message::Finished.new(signature)
+          sf = Message::Finished.new(signature)
+          transcript[SF] = [sf, sf.serialize]
           send_server_parameters([ee, ct, cv, sf], hs_wcipher)
           @state = ServerState::WAIT_FINISHED
         when ServerState::WAIT_CERT
@@ -267,7 +278,7 @@ module TTTLS13
         when ServerState::WAIT_FINISHED
           logger.debug('ServerState::WAIT_FINISHED')
 
-          cf = transcript[CF] = recv_finished(hs_rcipher)
+          cf, = transcript[CF] = recv_finished(hs_rcipher)
           digest = CipherSuite.digest(@cipher_suite)
           verified = verified_finished?(
             finished: cf,
@@ -325,12 +336,15 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::ClientHello]
+    # @return [String]
     def recv_client_hello(receivable_ccs)
-      ch = recv_message(receivable_ccs: receivable_ccs,
-                        cipher: Cryptograph::Passer.new)
+      ch, orig_msg = recv_message(
+        receivable_ccs: receivable_ccs,
+        cipher: Cryptograph::Passer.new
+      )
       terminate(:unexpected_message) unless ch.is_a?(Message::ClientHello)
 
-      ch
+      [ch, orig_msg]
     end
 
     # @param extensions [TTTLS13::Message::Extensions]
@@ -408,19 +422,39 @@ module TTTLS13
     end
 
     # @param crt [OpenSSL::X509::Certificate]
+    # @param ch [TTTLS13::Message::ClientHell]
     # @param chain [Array of OpenSSL::X509::Certificate]
     # @param ocsp_response [OpenSSL::OCSP::Response]
     #
-    # @return [TTTLS13::Message::Certificate, nil]
-    def gen_certificate(crt, chain = [], ocsp_response = nil)
+    # @return [TTTLS13::Message::Certificate, CompressedCertificate, nil]
+    # rubocop: disable Metrics/CyclomaticComplexity
+    def gen_certificate(crt, ch, chain = [], ocsp_response = nil)
       exs = Message::Extensions.new
       # status_request
       exs << Message::Extension::OCSPResponse.new(ocsp_response) \
         unless ocsp_response.nil?
       ces = [Message::CertificateEntry.new(crt, exs)] \
             + (chain || []).map { |c| Message::CertificateEntry.new(c) }
-      Message::Certificate.new(certificate_list: ces)
+      ct = Message::Certificate.new(certificate_list: ces)
+
+      # compress_certificate
+      cc = ch.extensions[Message::ExtensionType::COMPRESS_CERTIFICATE]
+      if !cc.nil? && !cc.algorithms.empty?
+        cca = (@settings[:compress_certificate_algorithms] || []).find do |a|
+          cc.algorithms.include?(a)
+        end
+
+        unless cca.nil?
+          ct = Message::CompressedCertificate.new(
+            certificate_message: ct,
+            algorithm: cca
+          )
+        end
+      end
+
+      ct
     end
+    # rubocop: enable Metrics/CyclomaticComplexity
 
     # @param key [OpenSSL::PKey::PKey]
     # @param signature_scheme [TTTLS13::SignatureScheme]
@@ -442,11 +476,12 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::Finished]
+    # @return [String]
     def recv_finished(cipher)
-      cf = recv_message(receivable_ccs: true, cipher: cipher)
+      cf, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
       terminate(:unexpected_message) unless cf.is_a?(Message::Finished)
 
-      cf
+      [cf, orig_msg]
     end
 
     # @param named_group [TTTLS13::NamedGroup]

data/lib/tttls1.3/transcript.rb

@@ -19,10 +19,6 @@ module TTTLS13
   CF   = 12
 
   class Transcript < Hash
-    def initialize
-      super
-    end
-
     alias super_include? include?
 
     # @param digest [String] name of digest algorithm
@@ -62,12 +58,12 @@ module TTTLS13
         exc_prefix = Message::HandshakeType::MESSAGE_HASH \
                      + "\x00\x00" \
                      + OpenSSL::Digest.new(digest).digest_length.to_uint8 \
-                     + OpenSSL::Digest.digest(digest, self[CH1].serialize) \
-                     + self[HRR].serialize
+                     + OpenSSL::Digest.digest(digest, self[CH1].last) \
+                     + self[HRR].last
       end
 
       messages = (CH..end_index).to_a.map do |m|
-        include?(m) ? self[m].serialize : ''
+        include?(m) ? self[m].last : ''
       end
       exc_prefix + messages.join
     end

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.2.14'
+  VERSION = '0.2.17'
 end