RubyGems - tttls1.3 - Versions diffs - 0.2.17 → 0.2.18 - Mend

tttls1.3 0.2.17 → 0.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +4 -2
data/.gitignore +1 -0
data/.ruby-version +1 -0
data/Gemfile +3 -1
data/README.md +3 -1
data/example/https_client.rb +2 -1
data/example/https_server.rb +3 -2
data/lib/tttls1.3/client.rb +31 -0
data/lib/tttls1.3/server.rb +28 -1
data/lib/tttls1.3/sslkeylogfile.rb +87 -0
data/lib/tttls1.3/version.rb +1 -1
data/lib/tttls1.3.rb +1 -0
metadata +5 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c2b9bfcfb3b52aaf74864e31adc9f132ab9ce94f4610bcaaefd8c7a5048666e5
-  data.tar.gz: 77ccec36eaeec3d0d569a8428209b14749d0d2d80ce33348ed1cdb6f5cbd6ec8
+  metadata.gz: 1a07aded25aecad8bd61ff9fd49a70df15c8abf356d4747891486dd81386b68d
+  data.tar.gz: 4637b3288dab22caae951cc43c283057fd3ed215fc5fa86e318becc3369ac7b2
 SHA512:
-  metadata.gz: 29ffa56dd58069ec5096bc0a19d81d79ee71a34f57d2381f91a1039d33b9ec0ca5cd965904a586d2f342957c3a05e92167e2c249fc2aad0ea4bfe2cebf9dc30f
-  data.tar.gz: a1cd0087f0d9ab6a2c7adf5245f9acca5756da7cd3084d1e2b79a601c6606b00680291be5fe7fcf442bdb9d90cdb22dc26a241bcf26ac754ff0476e889c3f092
+  metadata.gz: 621a8f82c99e21e964cfb6defe14e2f8864f1c42cc94c9af725de2ff73929226d99a694c893ada3fc44c5224be70ec87bfcb291eceab271b33e4759c6c900cd8
+  data.tar.gz: 9088db06f998013577eb647d064e97035047a2cef7799010bc91f18384787bdf158357fd33c296b92ec1bc07a2ad1b307c98d0217735dfef5c6acf565f3c9433

data/.github/workflows/ci.yml CHANGED Viewed

@@ -15,10 +15,12 @@ jobs:
       matrix:
         ruby-version: ['2.7.x', '3.0.x', '3.1.x']
     steps:
+      - uses: actions/checkout@v3
       - uses: docker://thekuwayama/openssl:latest
       - name: Set up Ruby
-        uses: actions/setup-ruby@v1
-      - uses: actions/checkout@v1
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
       - name: Install dependencies
         run: |
           gem --version

data/.gitignore CHANGED Viewed

@@ -14,3 +14,4 @@ Gemfile.lock
 /coverage/
 /spec/reports/
 /tmp/
+.DS_Store

data/.ruby-version ADDED Viewed

	@@ -0,0 +1 @@
1	+ 3.1.2

data/Gemfile CHANGED Viewed

@@ -6,10 +6,12 @@ gem 'logger'
 gem 'openssl'
 gem 'rake'
-group :test do
+group :development do
   gem 'byebug'
+  gem 'http_parser.rb'
   gem 'rspec', '3.9.0'
   gem 'rubocop', '0.78.0'
+  gem 'webrick'
 end
 gemspec

data/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 [![Gem Version](https://badge.fury.io/rb/tttls1.3.svg)](https://badge.fury.io/rb/tttls1.3)
 [![Actions Status](https://github.com/thekuwayama/tttls1.3/workflows/CI/badge.svg)](https://github.com/thekuwayama/tttls1.3/actions?workflow=CI)
-[![Maintainability](https://api.codeclimate.com/v1/badges/47f3c267d9cfd2c8e388/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
+[![Maintainability](https://api.codeclimate.com/v1/badges/b5ae1b3a43828142d2fa/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
 tttls1.3 is Ruby implementation of [TLS 1.3](https://tools.ietf.org/html/rfc8446) protocol.
@@ -104,6 +104,7 @@ tttls1.3 client is configurable using keyword arguments.
 | `:process_certificate_status` | Proc | `TTTLS13::Client.method(:softfail_check_certificate_status)` | Proc(or Method) that checks received OCSPResponse. Its 3 arguments are OpenSSL::OCSP::Response, end-entity certificate(OpenSSL::X509::Certificate) and certificates chain(Array of Certificate) used for verification and it returns Boolean. |
 | `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
+| `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
@@ -123,6 +124,7 @@ tttls1.3 server is configurable using keyword arguments.
 | `:process_ocsp_response` | Proc | nil | Proc that gets OpenSSL::OCSP::Response. If not needed to staple OCSP::Response, set nil. |
 | `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
+| `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |

data/example/https_client.rb CHANGED Viewed

@@ -10,7 +10,8 @@ req = simple_http_request(hostname)
 socket = TCPSocket.new(hostname, port)
 settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
-  alpn: ['http/1.1']
+  alpn: ['http/1.1'],
+  sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
 client = TTTLS13::Client.new(socket, hostname, **settings)
 client.connect

data/example/https_server.rb CHANGED Viewed

@@ -12,7 +12,8 @@ settings = {
   crt_file: __dir__ + '/../tmp/server.crt',
   chain_files: [__dir__ + '/../tmp/intermediate.crt'],
   key_file: __dir__ + '/../tmp/server.key',
-  alpn: ['http/1.1']
+  alpn: ['http/1.1'],
+  sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
 q = Queue.new
@@ -49,7 +50,7 @@ Etc.nprocessors.times do
     rescue Timeout::Error
       logger.warn 'Timeout'
     ensure
-      s.close
+      s&.close
     end
   end
 end

data/lib/tttls1.3/client.rb CHANGED Viewed

@@ -68,6 +68,7 @@ module TTTLS13
     process_certificate_status: nil,
     compress_certificate_algorithms: DEFALUT_CH_COMPRESS_CERTIFICATE_ALGORITHMS,
     compatibility_mode: true,
+    sslkeylogfile: nil,
     loglevel: Logger::WARN
   }.freeze
   private_constant :DEFAULT_CLIENT_SETTINGS
@@ -151,6 +152,15 @@ module TTTLS13
       hs_wcipher = nil # TTTLS13::Cryptograph::$Object
       hs_rcipher = nil # TTTLS13::Cryptograph::$Object
       e_wcipher = nil # TTTLS13::Cryptograph::$Object
+      sslkeylogfile = nil # TTTLS13::SslKeyLogFile::Writer
+      unless @settings[:sslkeylogfile].nil?
+        begin
+          sslkeylogfile = SslKeyLogFile::Writer.new(@settings[:sslkeylogfile])
+        rescue SystemCallError => e
+          msg = "\"#{@settings[:sslkeylogfile]}\" file can NOT open: #{e}"
+          logger.warn(msg)
+        end
+      end
       @state = ClientState::START
       loop do
@@ -169,6 +179,10 @@ module TTTLS13
               key_schedule.early_data_write_key,
               key_schedule.early_data_write_iv
             )
+            sslkeylogfile&.write_client_early_traffic_secret(
+              transcript[CH].first.random,
+              key_schedule.client_early_traffic_secret
+            )
             send_early_data(e_wcipher)
           end
@@ -276,11 +290,19 @@ module TTTLS13
             key_schedule.client_handshake_write_key,
             key_schedule.client_handshake_write_iv
           )
+          sslkeylogfile&.write_client_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.client_handshake_traffic_secret
+          )
           hs_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.server_handshake_write_key,
             key_schedule.server_handshake_write_iv
           )
+          sslkeylogfile&.write_server_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.server_handshake_traffic_secret
+          )
           @state = ClientState::WAIT_EE
         when ClientState::WAIT_EE
           logger.debug('ClientState::WAIT_EE')
@@ -388,11 +410,19 @@ module TTTLS13
             key_schedule.client_application_write_key,
             key_schedule.client_application_write_iv
           )
+          sslkeylogfile&.write_client_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.client_application_traffic_secret
+          )
           @ap_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.server_application_write_key,
             key_schedule.server_application_write_iv
           )
+          sslkeylogfile&.write_server_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.server_application_traffic_secret
+          )
           @exporter_master_secret = key_schedule.exporter_master_secret
           @resumption_master_secret = key_schedule.resumption_master_secret
           @state = ClientState::CONNECTED
@@ -402,6 +432,7 @@ module TTTLS13
           break
         end
       end
+      sslkeylogfile&.close
     end
     # rubocop: enable Metrics/AbcSize
     # rubocop: enable Metrics/BlockLength

data/lib/tttls1.3/server.rb CHANGED Viewed

@@ -60,6 +60,7 @@ module TTTLS13
     process_ocsp_response: nil,
     compress_certificate_algorithms: DEFAULT_SP_COMPRESS_CERTIFICATE_ALGORITHMS,
     compatibility_mode: true,
+    sslkeylogfile: nil,
     loglevel: Logger::WARN
   }.freeze
   private_constant :DEFAULT_SERVER_SETTINGS
@@ -148,6 +149,15 @@ module TTTLS13
       priv_key = nil # OpenSSL::PKey::$Object
       hs_wcipher = nil # TTTLS13::Cryptograph::$Object
       hs_rcipher = nil # TTTLS13::Cryptograph::$Object
+      sslkeylogfile = nil # TTTLS13::SslKeyLogFile::Writer
+      unless @settings[:sslkeylogfile].nil?
+        begin
+          sslkeylogfile = SslKeyLogFile::Writer.new(@settings[:sslkeylogfile])
+        rescue SystemCallError => e
+          msg = "\"#{@settings[:sslkeylogfile]}\" file can NOT open: #{e}"
+          logger.warn(msg)
+        end
+      end
       @state = ServerState::START
       loop do
@@ -220,7 +230,7 @@ module TTTLS13
           # generate shared secret
           ke = ch.extensions[Message::ExtensionType::KEY_SHARE]
                 &.key_share_entry
-                &.find { |e| e.group == @named_group }
+                &.find { |kse| kse.group == @named_group }
                 &.key_exchange
           shared_secret = gen_shared_secret(ke, priv_key, @named_group)
           key_schedule = KeySchedule.new(
@@ -234,11 +244,19 @@ module TTTLS13
             key_schedule.server_handshake_write_key,
             key_schedule.server_handshake_write_iv
           )
+          sslkeylogfile&.write_server_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.server_handshake_traffic_secret
+          )
           hs_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.client_handshake_write_key,
             key_schedule.client_handshake_write_iv
           )
+          sslkeylogfile&.write_client_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.client_handshake_traffic_secret
+          )
           @state = ServerState::WAIT_FLIGHT2
         when ServerState::WAIT_EOED
           logger.debug('ServerState::WAIT_EOED')
@@ -292,11 +310,19 @@ module TTTLS13
             key_schedule.server_application_write_key,
             key_schedule.server_application_write_iv
           )
+          sslkeylogfile&.write_server_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.server_application_traffic_secret
+          )
           @ap_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.client_application_write_key,
             key_schedule.client_application_write_iv
           )
+          sslkeylogfile&.write_client_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.client_application_traffic_secret
+          )
           @exporter_master_secret = key_schedule.exporter_master_secret
           @state = ServerState::CONNECTED
         when ServerState::CONNECTED
@@ -305,6 +331,7 @@ module TTTLS13
           break
         end
       end
+      sslkeylogfile&.close
     end
     # rubocop: enable Metrics/AbcSize
     # rubocop: enable Metrics/BlockLength

data/lib/tttls1.3/sslkeylogfile.rb ADDED Viewed

@@ -0,0 +1,87 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+module TTTLS13
+  module SslKeyLogFile
+    module Label
+      CLIENT_EARLY_TRAFFIC_SECRET     = 'CLIENT_EARLY_TRAFFIC_SECRET'
+      CLIENT_HANDSHAKE_TRAFFIC_SECRET = 'CLIENT_HANDSHAKE_TRAFFIC_SECRET'
+      SERVER_HANDSHAKE_TRAFFIC_SECRET = 'SERVER_HANDSHAKE_TRAFFIC_SECRET'
+      CLIENT_TRAFFIC_SECRET_0         = 'CLIENT_TRAFFIC_SECRET_0'
+      SERVER_TRAFFIC_SECRET_0         = 'SERVER_TRAFFIC_SECRET_0'
+    end
+    class Writer
+      # @param path [String]
+      #
+      # @raise [SystemCallError]
+      def initialize(path)
+        @file = File.new(path, 'a+')
+      end
+      # @param client_random [String]
+      # @param secret [String]
+      def write_client_early_traffic_secret(client_random, secret)
+        write_key_log(
+          Label::CLIENT_EARLY_TRAFFIC_SECRET,
+          client_random,
+          secret
+        )
+      end
+      # @param client_random [String]
+      # @param secret [String]
+      def write_client_handshake_traffic_secret(client_random, secret)
+        write_key_log(
+          Label::CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+          client_random,
+          secret
+        )
+      end
+      # @param client_random [String]
+      # @param secret [String]
+      def write_server_handshake_traffic_secret(client_random, secret)
+        write_key_log(
+          Label::SERVER_HANDSHAKE_TRAFFIC_SECRET,
+          client_random,
+          secret
+        )
+      end
+      # @param client_random [String]
+      # @param secret [String]
+      def write_client_traffic_secret_0(client_random, secret)
+        write_key_log(
+          Label::CLIENT_TRAFFIC_SECRET_0,
+          client_random,
+          secret
+        )
+      end
+      # @param client_random [String]
+      # @param secret [String]
+      def write_server_traffic_secret_0(client_random, secret)
+        write_key_log(
+          Label::SERVER_TRAFFIC_SECRET_0,
+          client_random,
+          secret
+        )
+      end
+      def close
+        @file&.close
+      end
+      private
+      # @param label [TTTLS13::SslKeyLogFile::Label]
+      # @param client_random [String]
+      # @param secret [String]
+      def write_key_log(label, client_random, secret)
+        s = "#{label} #{client_random.unpack1('H*')} #{secret.unpack1('H*')}\n"
+        @file&.print(s)
+      end
+    end
+  end
+end

data/lib/tttls1.3/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module TTTLS13
-  VERSION = '0.2.17'
+  VERSION = '0.2.18'
 end

data/lib/tttls1.3.rb CHANGED Viewed

@@ -17,6 +17,7 @@ require 'tttls1.3/transcript'
 require 'tttls1.3/key_schedule'
 require 'tttls1.3/message'
 require 'tttls1.3/sequence_number'
+require 'tttls1.3/sslkeylogfile'
 require 'tttls1.3/connection'
 require 'tttls1.3/client'
 require 'tttls1.3/server'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.17
+  version: 0.2.18
 platform: ruby
 authors:
 - thekuwayama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-14 00:00:00.000000000 Z
+date: 2022-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -63,6 +63,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".ruby-version"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -123,6 +124,7 @@ files:
 - lib/tttls1.3/sequence_number.rb
 - lib/tttls1.3/server.rb
 - lib/tttls1.3/signature_scheme.rb
+- lib/tttls1.3/sslkeylogfile.rb
 - lib/tttls1.3/transcript.rb
 - lib/tttls1.3/utils.rb
 - lib/tttls1.3/version.rb
@@ -198,7 +200,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)