RubyGems - tttls1.3 - Versions diffs - 0.2.15 → 0.2.18 - Mend

tttls1.3 0.2.15 → 0.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +6 -4
data/.gitignore +1 -0
data/.rubocop.yml +5 -1
data/.ruby-version +1 -0
data/Gemfile +3 -1
data/README.md +6 -2
data/example/https_client.rb +2 -1
data/example/https_server.rb +3 -2
data/lib/tttls1.3/client.rb +116 -42
data/lib/tttls1.3/connection.rb +24 -19
data/lib/tttls1.3/message/client_hello.rb +1 -0
data/lib/tttls1.3/message/compressed_certificate.rb +82 -0
data/lib/tttls1.3/message/end_of_early_data.rb +8 -1
data/lib/tttls1.3/message/extension/alpn.rb +5 -2
data/lib/tttls1.3/message/extension/compress_certificate.rb +58 -0
data/lib/tttls1.3/message/extension/signature_algorithms.rb +2 -2
data/lib/tttls1.3/message/extension/supported_groups.rb +2 -2
data/lib/tttls1.3/message/extensions.rb +4 -0
data/lib/tttls1.3/message/record.rb +28 -16
data/lib/tttls1.3/message.rb +22 -20
data/lib/tttls1.3/server.rb +89 -27
data/lib/tttls1.3/sslkeylogfile.rb +87 -0
data/lib/tttls1.3/transcript.rb +3 -7
data/lib/tttls1.3/version.rb +1 -1
data/lib/tttls1.3.rb +1 -0
data/spec/client_spec.rb +28 -19
data/spec/compress_certificate_spec.rb +54 -0
data/spec/connection_spec.rb +22 -15
data/spec/end_of_early_data_spec.rb +28 -0
data/spec/key_schedule_spec.rb +48 -25
data/spec/record_spec.rb +2 -2
data/spec/server_spec.rb +23 -11
data/spec/spec_helper.rb +4 -0
data/spec/transcript_spec.rb +34 -20
data/tttls1.3.gemspec +1 -1
metadata +12 -4

data/lib/tttls1.3/message/compressed_certificate.rb ADDED Viewed

@@ -0,0 +1,82 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+module TTTLS13
+  using Refinements
+  module Message
+    class CompressedCertificate
+      attr_reader :msg_type
+      attr_reader :certificate_message
+      attr_reader :algorithm
+      # @param certificate_message [TTTLS13::Message::Certificate]
+      # @param algorithm [CertificateCompressionAlgorithm]
+      def initialize(certificate_message:, algorithm:)
+        @msg_type = HandshakeType::COMPRESSED_CERTIFICATE
+        @certificate_message = certificate_message
+        @algorithm = algorithm
+      end
+      # @return [String]
+      def serialize
+        binary = ''
+        binary += @algorithm
+        ct_bin = @certificate_message.serialize[4..]
+        binary += ct_bin.length.to_uint24
+        case @algorithm
+        when Extension::CertificateCompressionAlgorithm::ZLIB
+          binary += Zlib::Deflate.deflate(ct_bin).prefix_uint24_length
+        else # TODO: orig_msgs, ZSTD
+          raise Error::ErrorAlerts, :internal_error
+        end
+        @msg_type + binary.prefix_uint24_length
+      end
+      alias fragment serialize
+      # @param binary [String]
+      #
+      # @raise [TTTLS13::Error::ErrorAlerts]
+      #
+      # @return [TTTLS13::Message::CompressedCertificate]
+      # rubocop: disable Metrics/AbcSize
+      # rubocop: disable Metrics/CyclomaticComplexity
+      # rubocop: disable Metrics/PerceivedComplexity
+      def self.deserialize(binary)
+        raise Error::ErrorAlerts, :internal_error if binary.nil?
+        raise Error::ErrorAlerts, :decode_error if binary.length < 5
+        raise Error::ErrorAlerts, :internal_error \
+          unless binary[0] == HandshakeType::COMPRESSED_CERTIFICATE
+        msg_len = Convert.bin2i(binary.slice(1, 3))
+        algorithm = binary.slice(4, 2)
+        uncompressed_length = Convert.bin2i(binary.slice(6, 3))
+        ccm_len = Convert.bin2i(binary.slice(9, 3))
+        ct_bin = ''
+        case algorithm
+        when Extension::CertificateCompressionAlgorithm::ZLIB
+          ct_bin = Zlib::Inflate.inflate(binary.slice(12, ccm_len))
+        else # TODO: BROTLI, ZSTD
+          raise Error::ErrorAlerts, :bad_certificate
+        end
+        raise Error::ErrorAlerts, :bad_certificate \
+          unless ct_bin.length == uncompressed_length
+        raise Error::ErrorAlerts, :decode_error \
+          unless ccm_len + 12 == binary.length && msg_len + 4 == binary.length
+        certificate_message = Certificate.deserialize(
+          HandshakeType::CERTIFICATE + ct_bin.prefix_uint24_length
+        )
+        CompressedCertificate.new(
+          certificate_message: certificate_message,
+          algorithm: algorithm
+        )
+      end
+      # rubocop: enable Metrics/AbcSize
+      # rubocop: enable Metrics/CyclomaticComplexity
+      # rubocop: enable Metrics/PerceivedComplexity
+    end
+  end
+end

data/lib/tttls1.3/message/end_of_early_data.rb CHANGED Viewed

@@ -2,11 +2,18 @@
 # frozen_string_literal: true
 module TTTLS13
+  using Refinements
   module Message
     class EndOfEarlyData
+      attr_reader :msg_type
+      def initialize
+        @msg_type = HandshakeType::END_OF_EARLY_DATA
+      end
       # @return [String]
       def serialize
-        ''
+        @msg_type + ''.prefix_uint24_length
       end
       # @param binary [String]

data/lib/tttls1.3/message/extension/alpn.rb CHANGED Viewed

@@ -27,9 +27,12 @@ module TTTLS13
         # @return [String]
         def serialize
-          binary = @protocol_name_list.map(&:prefix_uint8_length).join
+          binary = @protocol_name_list
+                   .map(&:prefix_uint8_length)
+                   .join
+                   .prefix_uint16_length
-          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+          @extension_type + binary.prefix_uint16_length
         end
         # @param binary [String]

data/lib/tttls1.3/message/extension/compress_certificate.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+module TTTLS13
+  using Refinements
+  module Message
+    module Extension
+      module CertificateCompressionAlgorithm
+        ZLIB = "\x00\x01"
+        # BROTLI = "\x00\x02" # UNSUPPORTED
+        # ZSTD   = "\x00\x03" # UNSUPPORTED
+      end
+      # https://tools.ietf.org/html/rfc8879
+      class CompressCertificate
+        attr_reader :extension_type
+        attr_reader :algorithms
+        # @param algorithms [Array of CertificateCompressionAlgorithm]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @example
+        #   CompressCertificate([CertificateCompressionAlgorithm::ZLIB])
+        def initialize(algorithms)
+          @extension_type = ExtensionType::COMPRESS_CERTIFICATE
+          @algorithms = algorithms || []
+          raise Error::ErrorAlerts, :internal_error \
+            if @algorithms.join.length < 2 ||
+               @algorithms.join.length > 2**8 - 2
+        end
+        # @return [String]
+        def serialize
+          binary = @algorithms.join.prefix_uint8_length
+          @extension_type + binary.prefix_uint16_length
+        end
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extension::CompressCertificate, nil]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+          return nil if binary.length < 3
+          al_len = Convert.bin2i(binary.slice(0, 1))
+          return nil if binary.length != al_len + 1
+          CompressCertificate.new(binary.slice(1, al_len + 1).scan(/.{2}/m))
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/signature_algorithms.rb CHANGED Viewed

@@ -35,9 +35,9 @@ module TTTLS13
         # @return [String]
         def serialize
-          binary = @supported_signature_algorithms.join
+          binary = @supported_signature_algorithms.join.prefix_uint16_length
-          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+          @extension_type + binary.prefix_uint16_length
         end
         # @param binary [String]

data/lib/tttls1.3/message/extension/supported_groups.rb CHANGED Viewed

@@ -21,9 +21,9 @@ module TTTLS13
         # @return [String]
         def serialize
-          binary = @named_group_list.join
+          binary = @named_group_list.join.prefix_uint16_length
-          @extension_type + binary.prefix_uint16_length.prefix_uint16_length
+          @extension_type + binary.prefix_uint16_length
         end
         # @param binary [String]

data/lib/tttls1.3/message/extensions.rb CHANGED Viewed

@@ -121,6 +121,7 @@ module TTTLS13
         # @return [TTTLS13::Message::Extension::$Object, nil]
         # rubocop: disable Metrics/CyclomaticComplexity
         # rubocop: disable Metrics/MethodLength
+        # rubocop: disable Metrics/PerceivedComplexity
         def deserialize_extension(binary, extension_type, msg_type)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
@@ -143,6 +144,8 @@ module TTTLS13
             Extension::SignatureAlgorithms.deserialize(binary)
           when ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
             Extension::Alpn.deserialize(binary)
+          when ExtensionType::COMPRESS_CERTIFICATE
+            Extension::CompressCertificate.deserialize(binary)
           when ExtensionType::RECORD_SIZE_LIMIT
             Extension::RecordSizeLimit.deserialize(binary)
           when ExtensionType::PRE_SHARED_KEY
@@ -165,6 +168,7 @@ module TTTLS13
         end
         # rubocop: enable Metrics/CyclomaticComplexity
         # rubocop: enable Metrics/MethodLength
+        # rubocop: enable Metrics/PerceivedComplexity
       end
     end
   end

data/lib/tttls1.3/message/record.rb CHANGED Viewed

@@ -11,23 +11,19 @@ module TTTLS13
       attr_reader :type
       attr_reader :legacy_record_version
       attr_reader :messages
-      attr_reader :surplus_binary
       attr_reader :cipher
       # @param type [TTTLS13::Message::ContentType]
       # @param legacy_record_version [TTTLS13::Message::ProtocolVersion]
       # @param messages [Array of TTTLS13::Message::$Object]
-      # @param surplus_binary [String]
       # @param cipher [TTTLS13::Cryptograph::$Object]
       def initialize(type:,
                      legacy_record_version: ProtocolVersion::TLS_1_2,
                      messages:,
-                     surplus_binary: '',
                      cipher:)
         @type = type
         @legacy_record_version = legacy_record_version
         @messages = messages
-        @surplus_binary = surplus_binary
         @cipher = cipher
       end
@@ -40,7 +36,7 @@ module TTTLS13
       #
       # @return [String]
       def serialize(record_size_limit = DEFAULT_RECORD_SIZE_LIMIT)
-        tlsplaintext = @messages.map(&:serialize).join + @surplus_binary
+        tlsplaintext = @messages.map(&:serialize).join
         if @cipher.is_a?(Cryptograph::Aead)
           max = @cipher.tlsplaintext_length_limit(record_size_limit)
           fragments = tlsplaintext.scan(/.{1,#{max}}/m)
@@ -66,6 +62,8 @@ module TTTLS13
       # @raise [TTTLS13::Error::ErrorAlerts]
       #
       # @return [TTTLS13::Message::Record]
+      # @return [Array of String]
+      # @return [String]
       # rubocop: disable Metrics/AbcSize
       # rubocop: disable Metrics/CyclomaticComplexity
       # rubocop: disable Metrics/PerceivedComplexity
@@ -93,13 +91,17 @@ module TTTLS13
           fragment, inner_type = cipher.decrypt(fragment, binary.slice(0, 5))
         end
-        messages, surplus_binary = deserialize_fragment(buffered + fragment,
-                                                        inner_type || type)
-        Record.new(type: type,
-                   legacy_record_version: legacy_record_version,
-                   messages: messages,
-                   surplus_binary: surplus_binary,
-                   cipher: cipher)
+        messages, orig_msgs, surplus_binary = deserialize_fragment(
+          buffered + fragment,
+          inner_type || type
+        )
+        record = Record.new(
+          type: type,
+          legacy_record_version: legacy_record_version,
+          messages: messages,
+          cipher: cipher
+        )
+        [record, orig_msgs, surplus_binary]
       end
       # rubocop: enable Metrics/AbcSize
       # rubocop: enable Metrics/CyclomaticComplexity
@@ -116,6 +118,7 @@ module TTTLS13
               Message::ServerHello,
               Message::EncryptedExtensions,
               Message::Certificate,
+              Message::CompressedCertificate,
               Message::CertificateVerify,
               Message::Finished,
               Message::EndOfEarlyData,
@@ -152,20 +155,24 @@ module TTTLS13
           raise Error::ErrorAlerts, :internal_error if binary.nil?
           surplus_binary = ''
+          orig_msgs = []
           case type
           when ContentType::HANDSHAKE
-            messages, surplus_binary = deserialize_handshake(binary)
+            messages, orig_msgs, surplus_binary = deserialize_handshake(binary)
           when ContentType::CCS
             messages = [ChangeCipherSpec.deserialize(binary)]
+            orig_msgs = [binary]
           when ContentType::APPLICATION_DATA
             messages = [ApplicationData.deserialize(binary)]
+            orig_msgs = [binary]
           when ContentType::ALERT
             messages = [Alert.deserialize(binary)]
+            orig_msgs = [binary]
           else
             raise Error::ErrorAlerts, :unexpected_message
           end
-          [messages, surplus_binary]
+          [messages, orig_msgs, surplus_binary]
         end
         # @param binary [String]
@@ -173,11 +180,13 @@ module TTTLS13
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
         # @return [Array of TTTLS13::Message::$Object]
+        # @return [Array of String]
         # @return [String]
         def deserialize_handshake(binary)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
           handshakes = []
+          orig_msgs = []
           i = 0
           while i < binary.length
             # Handshake.length is kind of uint24 and Record.length is kind of
@@ -185,18 +194,19 @@ module TTTLS13
             if binary.length < 4 + i ||
                binary.length < 4 + i + Convert.bin2i(binary.slice(i + 1, 3))
               surplus_binary = binary[i..]
-              return [handshakes, surplus_binary]
+              return [handshakes, orig_msgs, surplus_binary]
             end
             msg_len = Convert.bin2i(binary.slice(i + 1, 3))
             msg_bin = binary.slice(i, msg_len + 4)
+            orig_msgs << msg_bin
             message = do_deserialize_handshake(msg_bin)
             i += msg_len + 4
             handshakes << message
           end
           surplus_binary = binary[i..]
-          [handshakes, surplus_binary]
+          [handshakes, orig_msgs, surplus_binary]
         end
         # @param binary [String]
@@ -226,6 +236,8 @@ module TTTLS13
             NewSessionTicket.deserialize(binary)
           when HandshakeType::END_OF_EARLY_DATA
             EndOfEarlyData.deserialize(binary)
+          when HandshakeType::COMPRESSED_CERTIFICATE
+            CompressedCertificate.deserialize(binary)
           else
             raise Error::ErrorAlerts, :unexpected_message
           end

data/lib/tttls1.3/message.rb CHANGED Viewed

@@ -21,26 +21,27 @@ module TTTLS13
     DEFAULT_VERSIONS = [ProtocolVersion::TLS_1_3].freeze
     module HandshakeType
-      HELLO_REQUEST        = "\x00" # RESERVED
-      CLIENT_HELLO         = "\x01"
-      SERVER_HELLO         = "\x02"
-      HELLO_VERIFY_REQUEST = "\x03" # RESERVED
-      NEW_SESSION_TICKET   = "\x04"
-      END_OF_EARLY_DATA    = "\x05"
-      HELLO_RETRY_REQUEST  = "\x06" # RESERVED
-      ENCRYPTED_EXTENSIONS = "\x08"
-      CERTIFICATE          = "\x0b"
-      SERVER_KEY_EXCHANGE  = "\x0c" # RESERVED
-      CERTIFICATE_REQUEST  = "\x0d"
-      SERVER_HELLO_DONE    = "\x0e" # RESERVED
-      CERTIFICATE_VERIFY   = "\x0f"
-      CLIENT_KEY_EXCHANGE  = "\x10" # RESERVED
-      FINISHED             = "\x14"
-      CERTIFICATE_URL      = "\x15" # RESERVED
-      CERTIFICATE_STATUS   = "\x16" # RESERVED
-      SUPPLEMENTAL_DATA    = "\x17" # RESERVED
-      KEY_UPDATE           = "\x18"
-      MESSAGE_HASH         = "\xfe"
+      HELLO_REQUEST          = "\x00" # RESERVED
+      CLIENT_HELLO           = "\x01"
+      SERVER_HELLO           = "\x02"
+      HELLO_VERIFY_REQUEST   = "\x03" # RESERVED
+      NEW_SESSION_TICKET     = "\x04"
+      END_OF_EARLY_DATA      = "\x05"
+      HELLO_RETRY_REQUEST    = "\x06" # RESERVED
+      ENCRYPTED_EXTENSIONS   = "\x08"
+      CERTIFICATE            = "\x0b"
+      SERVER_KEY_EXCHANGE    = "\x0c" # RESERVED
+      CERTIFICATE_REQUEST    = "\x0d"
+      SERVER_HELLO_DONE      = "\x0e" # RESERVED
+      CERTIFICATE_VERIFY     = "\x0f"
+      CLIENT_KEY_EXCHANGE    = "\x10" # RESERVED
+      FINISHED               = "\x14"
+      CERTIFICATE_URL        = "\x15" # RESERVED
+      CERTIFICATE_STATUS     = "\x16" # RESERVED
+      SUPPLEMENTAL_DATA      = "\x17" # RESERVED
+      KEY_UPDATE             = "\x18"
+      COMPRESSED_CERTIFICATE = "\x19"
+      MESSAGE_HASH           = "\xfe"
     end
     module ExtensionType
@@ -56,6 +57,7 @@ module TTTLS13
       CLIENT_CERTIFICATE_TYPE                = "\x00\x13"
       SERVER_CERTIFICATE_TYPE                = "\x00\x14"
       PADDING                                = "\x00\x15"
+      COMPRESS_CERTIFICATE                   = "\x00\x1b"
       RECORD_SIZE_LIMIT                      = "\x00\x1c"
       PWD_PROTECT                            = "\x00\x1d"
       PWD_CLEAR                              = "\x00\x1e"