tttls1.3 0.2.17 → 0.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c2b9bfcfb3b52aaf74864e31adc9f132ab9ce94f4610bcaaefd8c7a5048666e5
4
- data.tar.gz: 77ccec36eaeec3d0d569a8428209b14749d0d2d80ce33348ed1cdb6f5cbd6ec8
3
+ metadata.gz: 1a07aded25aecad8bd61ff9fd49a70df15c8abf356d4747891486dd81386b68d
4
+ data.tar.gz: 4637b3288dab22caae951cc43c283057fd3ed215fc5fa86e318becc3369ac7b2
5
5
  SHA512:
6
- metadata.gz: 29ffa56dd58069ec5096bc0a19d81d79ee71a34f57d2381f91a1039d33b9ec0ca5cd965904a586d2f342957c3a05e92167e2c249fc2aad0ea4bfe2cebf9dc30f
7
- data.tar.gz: a1cd0087f0d9ab6a2c7adf5245f9acca5756da7cd3084d1e2b79a601c6606b00680291be5fe7fcf442bdb9d90cdb22dc26a241bcf26ac754ff0476e889c3f092
6
+ metadata.gz: 621a8f82c99e21e964cfb6defe14e2f8864f1c42cc94c9af725de2ff73929226d99a694c893ada3fc44c5224be70ec87bfcb291eceab271b33e4759c6c900cd8
7
+ data.tar.gz: 9088db06f998013577eb647d064e97035047a2cef7799010bc91f18384787bdf158357fd33c296b92ec1bc07a2ad1b307c98d0217735dfef5c6acf565f3c9433
@@ -15,10 +15,12 @@ jobs:
15
15
  matrix:
16
16
  ruby-version: ['2.7.x', '3.0.x', '3.1.x']
17
17
  steps:
18
+ - uses: actions/checkout@v3
18
19
  - uses: docker://thekuwayama/openssl:latest
19
20
  - name: Set up Ruby
20
- uses: actions/setup-ruby@v1
21
- - uses: actions/checkout@v1
21
+ uses: ruby/setup-ruby@v1
22
+ with:
23
+ ruby-version: ${{ matrix.ruby }}
22
24
  - name: Install dependencies
23
25
  run: |
24
26
  gem --version
data/.gitignore CHANGED
@@ -14,3 +14,4 @@ Gemfile.lock
14
14
  /coverage/
15
15
  /spec/reports/
16
16
  /tmp/
17
+ .DS_Store
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 3.1.2
data/Gemfile CHANGED
@@ -6,10 +6,12 @@ gem 'logger'
6
6
  gem 'openssl'
7
7
  gem 'rake'
8
8
 
9
- group :test do
9
+ group :development do
10
10
  gem 'byebug'
11
+ gem 'http_parser.rb'
11
12
  gem 'rspec', '3.9.0'
12
13
  gem 'rubocop', '0.78.0'
14
+ gem 'webrick'
13
15
  end
14
16
 
15
17
  gemspec
data/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/tttls1.3.svg)](https://badge.fury.io/rb/tttls1.3)
4
4
  [![Actions Status](https://github.com/thekuwayama/tttls1.3/workflows/CI/badge.svg)](https://github.com/thekuwayama/tttls1.3/actions?workflow=CI)
5
- [![Maintainability](https://api.codeclimate.com/v1/badges/47f3c267d9cfd2c8e388/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
5
+ [![Maintainability](https://api.codeclimate.com/v1/badges/b5ae1b3a43828142d2fa/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
6
6
 
7
7
  tttls1.3 is Ruby implementation of [TLS 1.3](https://tools.ietf.org/html/rfc8446) protocol.
8
8
 
@@ -104,6 +104,7 @@ tttls1.3 client is configurable using keyword arguments.
104
104
  | `:process_certificate_status` | Proc | `TTTLS13::Client.method(:softfail_check_certificate_status)` | Proc(or Method) that checks received OCSPResponse. Its 3 arguments are OpenSSL::OCSP::Response, end-entity certificate(OpenSSL::X509::Certificate) and certificates chain(Array of Certificate) used for verification and it returns Boolean. |
105
105
  | `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
106
106
  | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
107
+ | `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
107
108
  | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
108
109
 
109
110
 
@@ -123,6 +124,7 @@ tttls1.3 server is configurable using keyword arguments.
123
124
  | `:process_ocsp_response` | Proc | nil | Proc that gets OpenSSL::OCSP::Response. If not needed to staple OCSP::Response, set nil. |
124
125
  | `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
125
126
  | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
127
+ | `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
126
128
  | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
127
129
 
128
130
 
@@ -10,7 +10,8 @@ req = simple_http_request(hostname)
10
10
  socket = TCPSocket.new(hostname, port)
11
11
  settings = {
12
12
  ca_file: File.exist?(ca_file) ? ca_file : nil,
13
- alpn: ['http/1.1']
13
+ alpn: ['http/1.1'],
14
+ sslkeylogfile: '/tmp/sslkeylogfile.log'
14
15
  }
15
16
  client = TTTLS13::Client.new(socket, hostname, **settings)
16
17
  client.connect
@@ -12,7 +12,8 @@ settings = {
12
12
  crt_file: __dir__ + '/../tmp/server.crt',
13
13
  chain_files: [__dir__ + '/../tmp/intermediate.crt'],
14
14
  key_file: __dir__ + '/../tmp/server.key',
15
- alpn: ['http/1.1']
15
+ alpn: ['http/1.1'],
16
+ sslkeylogfile: '/tmp/sslkeylogfile.log'
16
17
  }
17
18
 
18
19
  q = Queue.new
@@ -49,7 +50,7 @@ Etc.nprocessors.times do
49
50
  rescue Timeout::Error
50
51
  logger.warn 'Timeout'
51
52
  ensure
52
- s.close
53
+ s&.close
53
54
  end
54
55
  end
55
56
  end
@@ -68,6 +68,7 @@ module TTTLS13
68
68
  process_certificate_status: nil,
69
69
  compress_certificate_algorithms: DEFALUT_CH_COMPRESS_CERTIFICATE_ALGORITHMS,
70
70
  compatibility_mode: true,
71
+ sslkeylogfile: nil,
71
72
  loglevel: Logger::WARN
72
73
  }.freeze
73
74
  private_constant :DEFAULT_CLIENT_SETTINGS
@@ -151,6 +152,15 @@ module TTTLS13
151
152
  hs_wcipher = nil # TTTLS13::Cryptograph::$Object
152
153
  hs_rcipher = nil # TTTLS13::Cryptograph::$Object
153
154
  e_wcipher = nil # TTTLS13::Cryptograph::$Object
155
+ sslkeylogfile = nil # TTTLS13::SslKeyLogFile::Writer
156
+ unless @settings[:sslkeylogfile].nil?
157
+ begin
158
+ sslkeylogfile = SslKeyLogFile::Writer.new(@settings[:sslkeylogfile])
159
+ rescue SystemCallError => e
160
+ msg = "\"#{@settings[:sslkeylogfile]}\" file can NOT open: #{e}"
161
+ logger.warn(msg)
162
+ end
163
+ end
154
164
 
155
165
  @state = ClientState::START
156
166
  loop do
@@ -169,6 +179,10 @@ module TTTLS13
169
179
  key_schedule.early_data_write_key,
170
180
  key_schedule.early_data_write_iv
171
181
  )
182
+ sslkeylogfile&.write_client_early_traffic_secret(
183
+ transcript[CH].first.random,
184
+ key_schedule.client_early_traffic_secret
185
+ )
172
186
  send_early_data(e_wcipher)
173
187
  end
174
188
 
@@ -276,11 +290,19 @@ module TTTLS13
276
290
  key_schedule.client_handshake_write_key,
277
291
  key_schedule.client_handshake_write_iv
278
292
  )
293
+ sslkeylogfile&.write_client_handshake_traffic_secret(
294
+ transcript[CH].first.random,
295
+ key_schedule.client_handshake_traffic_secret
296
+ )
279
297
  hs_rcipher = gen_cipher(
280
298
  @cipher_suite,
281
299
  key_schedule.server_handshake_write_key,
282
300
  key_schedule.server_handshake_write_iv
283
301
  )
302
+ sslkeylogfile&.write_server_handshake_traffic_secret(
303
+ transcript[CH].first.random,
304
+ key_schedule.server_handshake_traffic_secret
305
+ )
284
306
  @state = ClientState::WAIT_EE
285
307
  when ClientState::WAIT_EE
286
308
  logger.debug('ClientState::WAIT_EE')
@@ -388,11 +410,19 @@ module TTTLS13
388
410
  key_schedule.client_application_write_key,
389
411
  key_schedule.client_application_write_iv
390
412
  )
413
+ sslkeylogfile&.write_client_traffic_secret_0(
414
+ transcript[CH].first.random,
415
+ key_schedule.client_application_traffic_secret
416
+ )
391
417
  @ap_rcipher = gen_cipher(
392
418
  @cipher_suite,
393
419
  key_schedule.server_application_write_key,
394
420
  key_schedule.server_application_write_iv
395
421
  )
422
+ sslkeylogfile&.write_server_traffic_secret_0(
423
+ transcript[CH].first.random,
424
+ key_schedule.server_application_traffic_secret
425
+ )
396
426
  @exporter_master_secret = key_schedule.exporter_master_secret
397
427
  @resumption_master_secret = key_schedule.resumption_master_secret
398
428
  @state = ClientState::CONNECTED
@@ -402,6 +432,7 @@ module TTTLS13
402
432
  break
403
433
  end
404
434
  end
435
+ sslkeylogfile&.close
405
436
  end
406
437
  # rubocop: enable Metrics/AbcSize
407
438
  # rubocop: enable Metrics/BlockLength
@@ -60,6 +60,7 @@ module TTTLS13
60
60
  process_ocsp_response: nil,
61
61
  compress_certificate_algorithms: DEFAULT_SP_COMPRESS_CERTIFICATE_ALGORITHMS,
62
62
  compatibility_mode: true,
63
+ sslkeylogfile: nil,
63
64
  loglevel: Logger::WARN
64
65
  }.freeze
65
66
  private_constant :DEFAULT_SERVER_SETTINGS
@@ -148,6 +149,15 @@ module TTTLS13
148
149
  priv_key = nil # OpenSSL::PKey::$Object
149
150
  hs_wcipher = nil # TTTLS13::Cryptograph::$Object
150
151
  hs_rcipher = nil # TTTLS13::Cryptograph::$Object
152
+ sslkeylogfile = nil # TTTLS13::SslKeyLogFile::Writer
153
+ unless @settings[:sslkeylogfile].nil?
154
+ begin
155
+ sslkeylogfile = SslKeyLogFile::Writer.new(@settings[:sslkeylogfile])
156
+ rescue SystemCallError => e
157
+ msg = "\"#{@settings[:sslkeylogfile]}\" file can NOT open: #{e}"
158
+ logger.warn(msg)
159
+ end
160
+ end
151
161
 
152
162
  @state = ServerState::START
153
163
  loop do
@@ -220,7 +230,7 @@ module TTTLS13
220
230
  # generate shared secret
221
231
  ke = ch.extensions[Message::ExtensionType::KEY_SHARE]
222
232
  &.key_share_entry
223
- &.find { |e| e.group == @named_group }
233
+ &.find { |kse| kse.group == @named_group }
224
234
  &.key_exchange
225
235
  shared_secret = gen_shared_secret(ke, priv_key, @named_group)
226
236
  key_schedule = KeySchedule.new(
@@ -234,11 +244,19 @@ module TTTLS13
234
244
  key_schedule.server_handshake_write_key,
235
245
  key_schedule.server_handshake_write_iv
236
246
  )
247
+ sslkeylogfile&.write_server_handshake_traffic_secret(
248
+ transcript[CH].first.random,
249
+ key_schedule.server_handshake_traffic_secret
250
+ )
237
251
  hs_rcipher = gen_cipher(
238
252
  @cipher_suite,
239
253
  key_schedule.client_handshake_write_key,
240
254
  key_schedule.client_handshake_write_iv
241
255
  )
256
+ sslkeylogfile&.write_client_handshake_traffic_secret(
257
+ transcript[CH].first.random,
258
+ key_schedule.client_handshake_traffic_secret
259
+ )
242
260
  @state = ServerState::WAIT_FLIGHT2
243
261
  when ServerState::WAIT_EOED
244
262
  logger.debug('ServerState::WAIT_EOED')
@@ -292,11 +310,19 @@ module TTTLS13
292
310
  key_schedule.server_application_write_key,
293
311
  key_schedule.server_application_write_iv
294
312
  )
313
+ sslkeylogfile&.write_server_traffic_secret_0(
314
+ transcript[CH].first.random,
315
+ key_schedule.server_application_traffic_secret
316
+ )
295
317
  @ap_rcipher = gen_cipher(
296
318
  @cipher_suite,
297
319
  key_schedule.client_application_write_key,
298
320
  key_schedule.client_application_write_iv
299
321
  )
322
+ sslkeylogfile&.write_client_traffic_secret_0(
323
+ transcript[CH].first.random,
324
+ key_schedule.client_application_traffic_secret
325
+ )
300
326
  @exporter_master_secret = key_schedule.exporter_master_secret
301
327
  @state = ServerState::CONNECTED
302
328
  when ServerState::CONNECTED
@@ -305,6 +331,7 @@ module TTTLS13
305
331
  break
306
332
  end
307
333
  end
334
+ sslkeylogfile&.close
308
335
  end
309
336
  # rubocop: enable Metrics/AbcSize
310
337
  # rubocop: enable Metrics/BlockLength
@@ -0,0 +1,87 @@
1
+ # encoding: ascii-8bit
2
+ # frozen_string_literal: true
3
+
4
+ module TTTLS13
5
+ module SslKeyLogFile
6
+ module Label
7
+ CLIENT_EARLY_TRAFFIC_SECRET = 'CLIENT_EARLY_TRAFFIC_SECRET'
8
+ CLIENT_HANDSHAKE_TRAFFIC_SECRET = 'CLIENT_HANDSHAKE_TRAFFIC_SECRET'
9
+ SERVER_HANDSHAKE_TRAFFIC_SECRET = 'SERVER_HANDSHAKE_TRAFFIC_SECRET'
10
+ CLIENT_TRAFFIC_SECRET_0 = 'CLIENT_TRAFFIC_SECRET_0'
11
+ SERVER_TRAFFIC_SECRET_0 = 'SERVER_TRAFFIC_SECRET_0'
12
+ end
13
+
14
+ class Writer
15
+ # @param path [String]
16
+ #
17
+ # @raise [SystemCallError]
18
+ def initialize(path)
19
+ @file = File.new(path, 'a+')
20
+ end
21
+
22
+ # @param client_random [String]
23
+ # @param secret [String]
24
+ def write_client_early_traffic_secret(client_random, secret)
25
+ write_key_log(
26
+ Label::CLIENT_EARLY_TRAFFIC_SECRET,
27
+ client_random,
28
+ secret
29
+ )
30
+ end
31
+
32
+ # @param client_random [String]
33
+ # @param secret [String]
34
+ def write_client_handshake_traffic_secret(client_random, secret)
35
+ write_key_log(
36
+ Label::CLIENT_HANDSHAKE_TRAFFIC_SECRET,
37
+ client_random,
38
+ secret
39
+ )
40
+ end
41
+
42
+ # @param client_random [String]
43
+ # @param secret [String]
44
+ def write_server_handshake_traffic_secret(client_random, secret)
45
+ write_key_log(
46
+ Label::SERVER_HANDSHAKE_TRAFFIC_SECRET,
47
+ client_random,
48
+ secret
49
+ )
50
+ end
51
+
52
+ # @param client_random [String]
53
+ # @param secret [String]
54
+ def write_client_traffic_secret_0(client_random, secret)
55
+ write_key_log(
56
+ Label::CLIENT_TRAFFIC_SECRET_0,
57
+ client_random,
58
+ secret
59
+ )
60
+ end
61
+
62
+ # @param client_random [String]
63
+ # @param secret [String]
64
+ def write_server_traffic_secret_0(client_random, secret)
65
+ write_key_log(
66
+ Label::SERVER_TRAFFIC_SECRET_0,
67
+ client_random,
68
+ secret
69
+ )
70
+ end
71
+
72
+ def close
73
+ @file&.close
74
+ end
75
+
76
+ private
77
+
78
+ # @param label [TTTLS13::SslKeyLogFile::Label]
79
+ # @param client_random [String]
80
+ # @param secret [String]
81
+ def write_key_log(label, client_random, secret)
82
+ s = "#{label} #{client_random.unpack1('H*')} #{secret.unpack1('H*')}\n"
83
+ @file&.print(s)
84
+ end
85
+ end
86
+ end
87
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module TTTLS13
4
- VERSION = '0.2.17'
4
+ VERSION = '0.2.18'
5
5
  end
data/lib/tttls1.3.rb CHANGED
@@ -17,6 +17,7 @@ require 'tttls1.3/transcript'
17
17
  require 'tttls1.3/key_schedule'
18
18
  require 'tttls1.3/message'
19
19
  require 'tttls1.3/sequence_number'
20
+ require 'tttls1.3/sslkeylogfile'
20
21
  require 'tttls1.3/connection'
21
22
  require 'tttls1.3/client'
22
23
  require 'tttls1.3/server'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tttls1.3
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.17
4
+ version: 0.2.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - thekuwayama
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-14 00:00:00.000000000 Z
11
+ date: 2022-08-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -63,6 +63,7 @@ files:
63
63
  - ".gitignore"
64
64
  - ".rspec"
65
65
  - ".rubocop.yml"
66
+ - ".ruby-version"
66
67
  - Gemfile
67
68
  - LICENSE.txt
68
69
  - README.md
@@ -123,6 +124,7 @@ files:
123
124
  - lib/tttls1.3/sequence_number.rb
124
125
  - lib/tttls1.3/server.rb
125
126
  - lib/tttls1.3/signature_scheme.rb
127
+ - lib/tttls1.3/sslkeylogfile.rb
126
128
  - lib/tttls1.3/transcript.rb
127
129
  - lib/tttls1.3/utils.rb
128
130
  - lib/tttls1.3/version.rb
@@ -198,7 +200,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
198
200
  - !ruby/object:Gem::Version
199
201
  version: '0'
200
202
  requirements: []
201
- rubygems_version: 3.2.22
203
+ rubygems_version: 3.3.7
202
204
  signing_key:
203
205
  specification_version: 4
204
206
  summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)