tttls1.3 0.2.15 → 0.2.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba824030b1a295566777d4d12c35e259d379bc9a830b0cb95792356cc547a436
-  data.tar.gz: c3f2e8fd07567133cce7e8f24fcaf02499b8cceff6088ca403ca2e9be9e5ab5f
+  metadata.gz: 7006bce3031f6232ae949b44eb31111562d581e359769952f48a537848d50418
+  data.tar.gz: d332e823eb8c677ff534e46a87e96c039aad2d5538c0f823ac7eb365f372ca88
 SHA512:
-  metadata.gz: 00e939bf927db1923274985cdad6526d16b6d99216f62ff3978b3bae9cdcedf675482b96f49a224f9f982f1d8c6f7ca0b49f282086422e73e93b4b74d13f0722
-  data.tar.gz: 1e523ad0d29d6f29dbd94388f9f895abf69324ceb4336406b13e21793395abdf795a0f043ee89899e888b851d85f2190064e93b70efec092964e34c94b15ac76
+  metadata.gz: ca37fd2570b905759da152932eb2e6f29c3e37f59135353b9e3cfbce0c683f7493fdd360f9a56c50f2ab252f0460728c09585d018d04b8668de4000b1567d249
+  data.tar.gz: 6e37405f3034de1fe648f0882bbc9d9b65baeac8d1ef142fc776010b8480cd987a87060edf6ae85fd20327afc5327aacb23318e460f510259c99056aa76fb389

data/.github/workflows/ci.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['2.6.x', '2.7.x']
+        ruby-version: ['2.6.x', '2.7.x', '3.0.x']
     steps:
       - uses: docker://thekuwayama/openssl:latest
       - name: Set up Ruby

data/README.md

@@ -102,6 +102,7 @@ tttls1.3 client is configurable using keyword arguments.
 | `:record_size_limit` | Integer | nil | The record\_size\_limit offerd in ClientHello extensions. If not needed to be present, set nil. |
 | `:check_certificate_status` | Boolean | false | If needed to check certificate status, set true. |
 | `:process_certificate_status` | Proc | `TTTLS13::Client.method(:softfail_check_certificate_status)` | Proc(or Method) that checks received OCSPResponse. Its 3 arguments are OpenSSL::OCSP::Response, end-entity certificate(OpenSSL::X509::Certificate) and certificates chain(Array of Certificate) used for verification and it returns Boolean. |
+| `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 
@@ -120,6 +121,7 @@ tttls1.3 server is configurable using keyword arguments.
 | `:supported_groups` | Array of TTTLS13::NamedGroup constant | `SECP256R1`, `SECP384R1`, `SECP521R1` | List of supported named groups. |
 | `:alpn` | Array of String | nil | List of supported application protocols. If not needed to check this extension, set nil. |
 | `:process_ocsp_response` | Proc | nil | Proc that gets OpenSSL::OCSP::Response. If not needed to staple OCSP::Response, set nil. |
+| `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 

data/lib/tttls1.3/client.rb

@@ -43,6 +43,11 @@ module TTTLS13
   ].freeze
   private_constant :DEFAULT_CH_NAMED_GROUP_LIST
 
+  DEFALUT_CH_COMPRESS_CERTIFICATE_ALGORITHMS = [
+    Message::Extension::CertificateCompressionAlgorithm::ZLIB
+  ].freeze
+  private_constant :DEFALUT_CH_COMPRESS_CERTIFICATE_ALGORITHMS
+
   DEFAULT_CLIENT_SETTINGS = {
     ca_file: nil,
     cipher_suites: DEFAULT_CH_CIPHER_SUITES,
@@ -61,6 +66,7 @@ module TTTLS13
     record_size_limit: nil,
     check_certificate_status: false,
     process_certificate_status: nil,
+    compress_certificate_algorithms: DEFALUT_CH_COMPRESS_CERTIFICATE_ALGORITHMS,
     compatibility_mode: true,
     loglevel: Logger::WARN
   }.freeze
@@ -154,8 +160,8 @@ module TTTLS13
 
           extensions, priv_keys = gen_ch_extensions
           binder_key = (use_psk? ? key_schedule.binder_key_res : nil)
-          transcript[CH] = send_client_hello(extensions, binder_key)
-
+          ch = send_client_hello(extensions, binder_key)
+          transcript[CH] = [ch, ch.serialize]
           send_ccs if @settings[:compatibility_mode]
           if use_early_data?
             e_wcipher = gen_cipher(
@@ -170,7 +176,7 @@ module TTTLS13
         when ClientState::WAIT_SH
           logger.debug('ClientState::WAIT_SH')
 
-          sh = transcript[SH] = recv_server_hello
+          sh, = transcript[SH] = recv_server_hello
 
           # downgrade protection
           if !sh.negotiated_tls_1_3? && sh.downgraded?
@@ -187,7 +193,7 @@ module TTTLS13
             unless sh.legacy_compression_method == "\x00"
 
           # validate sh using ch
-          ch = transcript[CH]
+          ch, = transcript[CH]
           terminate(:illegal_parameter) \
             unless sh.legacy_version == ch.legacy_version
           terminate(:illegal_parameter) \
@@ -199,7 +205,7 @@ module TTTLS13
 
           # validate sh using hrr
           if transcript.include?(HRR)
-            hrr = transcript[HRR]
+            hrr, = transcript[HRR]
             terminate(:illegal_parameter) \
               unless sh.cipher_suite == hrr.cipher_suite
 
@@ -212,8 +218,9 @@ module TTTLS13
           # handling HRR
           if sh.hrr?
             terminate(:unexpected_message) if transcript.include?(HRR)
-            ch1 = transcript[CH1] = transcript.delete(CH)
-            hrr = transcript[HRR] = transcript.delete(SH)
+
+            ch1, = transcript[CH1] = transcript.delete(CH)
+            hrr, = transcript[HRR] = transcript.delete(SH)
 
             # validate cookie
             diff_sets = sh.extensions.keys - ch1.extensions.keys
@@ -235,8 +242,9 @@ module TTTLS13
             extensions, pk = gen_newch_extensions(ch1, hrr)
             priv_keys = pk.merge(priv_keys)
             binder_key = (use_psk? ? key_schedule.binder_key_res : nil)
-            transcript[CH] = send_new_client_hello(ch1, hrr, extensions,
-                                                   binder_key)
+            ch = send_new_client_hello(ch1, hrr, extensions, binder_key)
+            transcript[CH] = [ch, ch.serialize]
+
             @state = ClientState::WAIT_SH
             next
           end
@@ -277,37 +285,46 @@ module TTTLS13
         when ClientState::WAIT_EE
           logger.debug('ClientState::WAIT_EE')
 
-          ee = transcript[EE] = recv_encrypted_extensions(hs_rcipher)
+          ee, = transcript[EE] = recv_encrypted_extensions(hs_rcipher)
           terminate(:illegal_parameter) unless ee.appearable_extensions?
 
-          ch = transcript[CH]
+          ch, = transcript[CH]
           terminate(:unsupported_extension) \
             unless (ee.extensions.keys - ch.extensions.keys).empty?
 
           rsl = ee.extensions[Message::ExtensionType::RECORD_SIZE_LIMIT]
           @recv_record_size = rsl.record_size_limit unless rsl.nil?
-
           @succeed_early_data = true \
             if ee.extensions.include?(Message::ExtensionType::EARLY_DATA)
-
           @alpn = ee.extensions[
             Message::ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
           ]&.protocol_name_list&.first
-
           @state = ClientState::WAIT_CERT_CR
           @state = ClientState::WAIT_FINISHED unless psk.nil?
         when ClientState::WAIT_CERT_CR
           logger.debug('ClientState::WAIT_CERT_CR')
 
-          message = recv_message(receivable_ccs: true, cipher: hs_rcipher)
-          if message.msg_type == Message::HandshakeType::CERTIFICATE
-            ct = transcript[CT] = message
-            alert = check_invalid_certificate(ct, transcript[CH])
+          message, orig_msg = recv_message(
+            receivable_ccs: true,
+            cipher: hs_rcipher
+          )
+          case message.msg_type
+          when Message::HandshakeType::CERTIFICATE,
+               Message::HandshakeType::COMPRESSED_CERTIFICATE
+            ct, = transcript[CT] = [message, orig_msg]
+            terminate(:bad_certificate) \
+              if ct.is_a?(Message::CompressedCertificate) &&
+                 !@settings[:compress_certificate_algorithms]
+                 .include?(ct.algorithm)
+
+            ct = ct.certificate_message \
+              if ct.is_a?(Message::CompressedCertificate)
+            alert = check_invalid_certificate(ct, transcript[CH].first)
             terminate(alert) unless alert.nil?
 
             @state = ClientState::WAIT_CV
-          elsif message.msg_type == Message::HandshakeType::CERTIFICATE_REQUEST
-            transcript[CR] = message
+          when Message::HandshakeType::CERTIFICATE_REQUEST
+            transcript[CR] = [message, orig_msg]
             # TODO: client authentication
             @state = ClientState::WAIT_CERT
           else
@@ -316,46 +333,56 @@ module TTTLS13
         when ClientState::WAIT_CERT
           logger.debug('ClientState::WAIT_CERT')
 
-          ct = transcript[CT] = recv_certificate(hs_rcipher)
-          alert = check_invalid_certificate(ct, transcript[CH])
+          ct, = transcript[CT] = recv_certificate(hs_rcipher)
+          if ct.is_a?(Message::CompressedCertificate) &&
+             !@settings[:compress_certificate_algorithms].include?(ct.algorithm)
+            terminate(:bad_certificate)
+          elsif ct.is_a?(Message::CompressedCertificate)
+            ct = ct.certificate_message
+          end
+
+          alert = check_invalid_certificate(ct, transcript[CH].first)
           terminate(alert) unless alert.nil?
 
           @state = ClientState::WAIT_CV
         when ClientState::WAIT_CV
           logger.debug('ClientState::WAIT_CV')
 
-          cv = transcript[CV] = recv_certificate_verify(hs_rcipher)
+          cv, = transcript[CV] = recv_certificate_verify(hs_rcipher)
           digest = CipherSuite.digest(@cipher_suite)
           hash = transcript.hash(digest, CT)
+          ct, = transcript[CT]
+          ct = ct.certificate_message \
+            if ct.is_a?(Message::CompressedCertificate)
           terminate(:decrypt_error) \
-            unless verified_certificate_verify?(transcript[CT], cv, hash)
+            unless verified_certificate_verify?(ct, cv, hash)
 
           @signature_scheme = cv.signature_scheme
-
           @state = ClientState::WAIT_FINISHED
         when ClientState::WAIT_FINISHED
           logger.debug('ClientState::WAIT_FINISHED')
 
-          sf = transcript[SF] = recv_finished(hs_rcipher)
+          sf, = transcript[SF] = recv_finished(hs_rcipher)
           digest = CipherSuite.digest(@cipher_suite)
-          verified = verified_finished?(
+          terminate(:decrypt_error) unless verified_finished?(
             finished: sf,
             digest: digest,
             finished_key: key_schedule.server_finished_key,
             hash: transcript.hash(digest, CV)
           )
-          terminate(:decrypt_error) unless verified
-
-          transcript[EOED] = send_eoed(e_wcipher) \
-            if use_early_data? && succeed_early_data?
 
+          if use_early_data? && succeed_early_data?
+            eoed = send_eoed(e_wcipher)
+            transcript[EOED] = [eoed, eoed.serialize]
+          end
           # TODO: Send Certificate [+ CertificateVerify]
           signature = sign_finished(
             digest: digest,
             finished_key: key_schedule.client_finished_key,
             hash: transcript.hash(digest, EOED)
           )
-          transcript[CF] = send_finished(signature, hs_wcipher)
+          cf = send_finished(signature, hs_wcipher)
+          transcript[CF] = [cf, cf.serialize]
           @alert_wcipher = @ap_wcipher = gen_cipher(
             @cipher_suite,
             key_schedule.client_application_write_key,
@@ -578,6 +605,14 @@ module TTTLS13
       exs << Message::Extension::OCSPStatusRequest.new \
         if @settings[:check_certificate_status]
 
+      # compress_certificate
+      if !@settings[:compress_certificate_algorithms].nil? &&
+         !@settings[:compress_certificate_algorithms].empty?
+        exs << Message::Extension::CompressCertificate.new(
+          @settings[:compress_certificate_algorithms]
+        )
+      end
+
       [exs, priv_keys]
     end
     # rubocop: enable Metrics/AbcSize
@@ -735,11 +770,15 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::ServerHello]
+    # @return [String]
     def recv_server_hello
-      sh = recv_message(receivable_ccs: true, cipher: Cryptograph::Passer.new)
+      sh, orig_msg = recv_message(
+        receivable_ccs: true,
+        cipher: Cryptograph::Passer.new
+      )
       terminate(:unexpected_message) unless sh.is_a?(Message::ServerHello)
 
-      sh
+      [sh, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]
@@ -747,12 +786,13 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::EncryptedExtensions]
+    # @return [String]
     def recv_encrypted_extensions(cipher)
-      ee = recv_message(receivable_ccs: true, cipher: cipher)
+      ee, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
       terminate(:unexpected_message) \
         unless ee.is_a?(Message::EncryptedExtensions)
 
-      ee
+      [ee, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]
@@ -760,11 +800,12 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::Certificate]
+    # @return [String]
     def recv_certificate(cipher)
-      ct = recv_message(receivable_ccs: true, cipher: cipher)
+      ct, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
       terminate(:unexpected_message) unless ct.is_a?(Message::Certificate)
 
-      ct
+      [ct, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]
@@ -772,11 +813,12 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::CertificateVerify]
+    # @return [String]
     def recv_certificate_verify(cipher)
-      cv = recv_message(receivable_ccs: true, cipher: cipher)
+      cv, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
       terminate(:unexpected_message) unless cv.is_a?(Message::CertificateVerify)
 
-      cv
+      [cv, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]
@@ -784,11 +826,12 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::Finished]
+    # @return [String]
     def recv_finished(cipher)
-      sf = recv_message(receivable_ccs: true, cipher: cipher)
+      sf, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
       terminate(:unexpected_message) unless sf.is_a?(Message::Finished)
 
-      sf
+      [sf, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]

data/lib/tttls1.3/connection.rb

@@ -16,7 +16,7 @@ module TTTLS13
       @ap_wcipher = Cryptograph::Passer.new
       @ap_rcipher = Cryptograph::Passer.new
       @alert_wcipher = Cryptograph::Passer.new
-      @message_queue = [] # Array of TTTLS13::Message::$Object
+      @message_queue = [] # Array of [TTTLS13::Message::$Object, String]
       @binary_buffer = '' # deposit Record.surplus_binary
       @cipher_suite = nil # TTTLS13::CipherSuite
       @named_group = nil # TTTLS13::NamedGroup
@@ -42,7 +42,7 @@ module TTTLS13
 
       message = nil
       loop do
-        message = recv_message(receivable_ccs: false, cipher: @ap_rcipher)
+        message, = recv_message(receivable_ccs: false, cipher: @ap_rcipher)
         # At any time after the server has received the client Finished
         # message, it MAY send a NewSessionTicket message.
         break unless message.is_a?(Message::NewSessionTicket)
@@ -220,13 +220,15 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts
     #
     # @return [TTTLS13::Message::$Object]
+    # @return [String]
     # rubocop: disable Metrics/CyclomaticComplexity
     def recv_message(receivable_ccs:, cipher:)
       return @message_queue.shift unless @message_queue.empty?
 
       messages = nil
+      orig_msgs = []
       loop do
-        record = recv_record(cipher)
+        record, orig_msgs = recv_record(cipher)
         case record.type
         when Message::ContentType::HANDSHAKE,
              Message::ContentType::APPLICATION_DATA
@@ -243,20 +245,22 @@ module TTTLS13
         end
       end
 
-      @message_queue += messages[1..]
+      @message_queue += messages[1..].zip(orig_msgs[1..])
       message = messages.first
+      orig_msg = orig_msgs.first
       if message.is_a?(Message::Alert)
         handle_received_alert(message)
         return nil
       end
 
-      message
+      [message, orig_msg]
     end
     # rubocop: enable Metrics/CyclomaticComplexity
 
     # @param cipher [TTTLS13::Cryptograph::Aead, Passer]
     #
     # @return [TTTLS13::Message::Record]
+    # @return [Array of String]
     def recv_record(cipher)
       binary = @socket.read(5)
       record_len = Convert.bin2i(binary.slice(3, 2))
@@ -264,9 +268,13 @@ module TTTLS13
 
       begin
         buffer = @binary_buffer
-        record = Message::Record.deserialize(binary, cipher, buffer,
-                                             @recv_record_size)
-        @binary_buffer = record.surplus_binary
+        record, orig_msgs, surplus_binary = Message::Record.deserialize(
+          binary,
+          cipher,
+          buffer,
+          @recv_record_size
+        )
+        @binary_buffer = surplus_binary
       rescue Error::ErrorAlerts => e
         terminate(e.message.to_sym)
       end
@@ -278,7 +286,7 @@ module TTTLS13
       end
 
       logger.debug("receive \n" + record.pretty_inspect)
-      record
+      [record, orig_msgs]
     end
 
     # @param ch1 [TTTLS13::Message::ClientHello]
@@ -292,11 +300,9 @@ module TTTLS13
       # TODO: ext binder
       hash_len = OpenSSL::Digest.new(digest).digest_length
       tt = Transcript.new
-      tt.merge!(
-        CH1 => ch1,
-        HRR => hrr,
-        CH => ch
-      )
+      tt[CH1] = [ch1, ch1.serialize] unless ch1.nil?
+      tt[HRR] = [hrr, hrr.serialize] unless hrr.nil?
+      tt[CH] = [ch, ch.serialize]
       # transcript-hash (CH1 + HRR +) truncated-CH
       hash = tt.truncate_hash(digest, CH, hash_len + 3)
       OpenSSL::HMAC.digest(digest, binder_key, hash)
@@ -500,11 +506,10 @@ module TTTLS13
       return false if san.nil?
 
       ostr = OpenSSL::ASN1.decode(san.to_der).value.last
-      matching = OpenSSL::ASN1.decode(ostr.value).map(&:value)
-                              .map { |s| s.gsub('.', '\.').gsub('*', '.*') }
-                              .any? { |s| name.match(/#{s}/) }
-
-      matching
+      OpenSSL::ASN1.decode(ostr.value)
+                   .map(&:value)
+                   .map { |s| s.gsub('.', '\.').gsub('*', '.*') }
+                   .any? { |s| name.match(/#{s}/) }
     end
 
     # @param signature_algorithms [Array of SignatureAlgorithms]

data/lib/tttls1.3/message/client_hello.rb

@@ -18,6 +18,7 @@ module TTTLS13
       ExtensionType::CLIENT_CERTIFICATE_TYPE,
       ExtensionType::SERVER_CERTIFICATE_TYPE,
       ExtensionType::PADDING,
+      ExtensionType::COMPRESS_CERTIFICATE,
       ExtensionType::RECORD_SIZE_LIMIT,
       ExtensionType::PWD_PROTECT,
       ExtensionType::PWD_CLEAR,

data/lib/tttls1.3/message/compressed_certificate.rb

@@ -0,0 +1,82 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    class CompressedCertificate
+      attr_reader :msg_type
+      attr_reader :certificate_message
+      attr_reader :algorithm
+
+      # @param certificate_message [TTTLS13::Message::Certificate]
+      # @param algorithm [CertificateCompressionAlgorithm]
+      def initialize(certificate_message:, algorithm:)
+        @msg_type = HandshakeType::COMPRESSED_CERTIFICATE
+        @certificate_message = certificate_message
+        @algorithm = algorithm
+      end
+
+      # @return [String]
+      def serialize
+        binary = ''
+        binary += @algorithm
+        ct_bin = @certificate_message.serialize[4..]
+        binary += ct_bin.length.to_uint24
+        case @algorithm
+        when Extension::CertificateCompressionAlgorithm::ZLIB
+          binary += Zlib::Deflate.deflate(ct_bin).prefix_uint24_length
+        else # TODO: orig_msgs, ZSTD
+          raise Error::ErrorAlerts, :internal_error
+        end
+
+        @msg_type + binary.prefix_uint24_length
+      end
+
+      alias fragment serialize
+
+      # @param binary [String]
+      #
+      # @raise [TTTLS13::Error::ErrorAlerts]
+      #
+      # @return [TTTLS13::Message::CompressedCertificate]
+      # rubocop: disable Metrics/AbcSize
+      # rubocop: disable Metrics/CyclomaticComplexity
+      # rubocop: disable Metrics/PerceivedComplexity
+      def self.deserialize(binary)
+        raise Error::ErrorAlerts, :internal_error if binary.nil?
+        raise Error::ErrorAlerts, :decode_error if binary.length < 5
+        raise Error::ErrorAlerts, :internal_error \
+          unless binary[0] == HandshakeType::COMPRESSED_CERTIFICATE
+
+        msg_len = Convert.bin2i(binary.slice(1, 3))
+        algorithm = binary.slice(4, 2)
+        uncompressed_length = Convert.bin2i(binary.slice(6, 3))
+        ccm_len = Convert.bin2i(binary.slice(9, 3))
+        ct_bin = ''
+        case algorithm
+        when Extension::CertificateCompressionAlgorithm::ZLIB
+          ct_bin = Zlib::Inflate.inflate(binary.slice(12, ccm_len))
+        else # TODO: BROTLI, ZSTD
+          raise Error::ErrorAlerts, :bad_certificate
+        end
+
+        raise Error::ErrorAlerts, :bad_certificate \
+          unless ct_bin.length == uncompressed_length
+        raise Error::ErrorAlerts, :decode_error \
+          unless ccm_len + 12 == binary.length && msg_len + 4 == binary.length
+
+        certificate_message = Certificate.deserialize(
+          HandshakeType::CERTIFICATE + ct_bin.prefix_uint24_length
+        )
+        CompressedCertificate.new(
+          certificate_message: certificate_message,
+          algorithm: algorithm
+        )
+      end
+      # rubocop: enable Metrics/AbcSize
+      # rubocop: enable Metrics/CyclomaticComplexity
+      # rubocop: enable Metrics/PerceivedComplexity
+    end
+  end
+end

data/lib/tttls1.3/message/extension/alpn.rb

@@ -27,9 +27,12 @@ module TTTLS13
 
         # @return [String]
         def serialize
-          binary = @protocol_name_list.map(&:prefix_uint8_length).join
+          binary = @protocol_name_list
+                   .map(&:prefix_uint8_length)
+                   .join
+                   .prefix_uint16_length
 
-          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+          @extension_type + binary.prefix_uint16_length
         end
 
         # @param binary [String]

data/lib/tttls1.3/message/extension/compress_certificate.rb

@@ -0,0 +1,58 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      module CertificateCompressionAlgorithm
+        ZLIB = "\x00\x01"
+        # BROTLI = "\x00\x02" # UNSUPPORTED
+        # ZSTD   = "\x00\x03" # UNSUPPORTED
+      end
+
+      # https://tools.ietf.org/html/rfc8879
+      class CompressCertificate
+        attr_reader :extension_type
+        attr_reader :algorithms
+
+        # @param algorithms [Array of CertificateCompressionAlgorithm]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @example
+        #   CompressCertificate([CertificateCompressionAlgorithm::ZLIB])
+        def initialize(algorithms)
+          @extension_type = ExtensionType::COMPRESS_CERTIFICATE
+          @algorithms = algorithms || []
+          raise Error::ErrorAlerts, :internal_error \
+            if @algorithms.join.length < 2 ||
+               @algorithms.join.length > 2**8 - 2
+        end
+
+        # @return [String]
+        def serialize
+          binary = @algorithms.join.prefix_uint8_length
+
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extension::CompressCertificate, nil]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+
+          return nil if binary.length < 3
+
+          al_len = Convert.bin2i(binary.slice(0, 1))
+          return nil if binary.length != al_len + 1
+
+          CompressCertificate.new(binary.slice(1, al_len + 1).scan(/.{2}/m))
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/signature_algorithms.rb

@@ -35,9 +35,9 @@ module TTTLS13
 
         # @return [String]
         def serialize
-          binary = @supported_signature_algorithms.join
+          binary = @supported_signature_algorithms.join.prefix_uint16_length
 
-          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+          @extension_type + binary.prefix_uint16_length
         end
 
         # @param binary [String]

data/lib/tttls1.3/message/extension/supported_groups.rb

@@ -21,9 +21,9 @@ module TTTLS13
 
         # @return [String]
         def serialize
-          binary = @named_group_list.join
+          binary = @named_group_list.join.prefix_uint16_length
 
-          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+          @extension_type + binary.prefix_uint16_length
         end
 
         # @param binary [String]

data/lib/tttls1.3/message/extensions.rb

@@ -121,6 +121,7 @@ module TTTLS13
         # @return [TTTLS13::Message::Extension::$Object, nil]
         # rubocop: disable Metrics/CyclomaticComplexity
         # rubocop: disable Metrics/MethodLength
+        # rubocop: disable Metrics/PerceivedComplexity
         def deserialize_extension(binary, extension_type, msg_type)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
 
@@ -143,6 +144,8 @@ module TTTLS13
             Extension::SignatureAlgorithms.deserialize(binary)
           when ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
             Extension::Alpn.deserialize(binary)
+          when ExtensionType::COMPRESS_CERTIFICATE
+            Extension::CompressCertificate.deserialize(binary)
           when ExtensionType::RECORD_SIZE_LIMIT
             Extension::RecordSizeLimit.deserialize(binary)
           when ExtensionType::PRE_SHARED_KEY
@@ -165,6 +168,7 @@ module TTTLS13
         end
         # rubocop: enable Metrics/CyclomaticComplexity
         # rubocop: enable Metrics/MethodLength
+        # rubocop: enable Metrics/PerceivedComplexity
       end
     end
   end