tttls1.3 0.2.17 → 0.2.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c2b9bfcfb3b52aaf74864e31adc9f132ab9ce94f4610bcaaefd8c7a5048666e5
-  data.tar.gz: 77ccec36eaeec3d0d569a8428209b14749d0d2d80ce33348ed1cdb6f5cbd6ec8
+  metadata.gz: 60aaa0dddc8e01d6ee1c89a81de02e7cd9e05e0169e11381ebb68aa919644f11
+  data.tar.gz: 974b5c89009c2a63a6d99a608b32463cb0b6dc4bb0ed9e915cd03cca45ce2ea9
 SHA512:
-  metadata.gz: 29ffa56dd58069ec5096bc0a19d81d79ee71a34f57d2381f91a1039d33b9ec0ca5cd965904a586d2f342957c3a05e92167e2c249fc2aad0ea4bfe2cebf9dc30f
-  data.tar.gz: a1cd0087f0d9ab6a2c7adf5245f9acca5756da7cd3084d1e2b79a601c6606b00680291be5fe7fcf442bdb9d90cdb22dc26a241bcf26ac754ff0476e889c3f092
+  metadata.gz: b9ab939f9010481de463c2fbf81dc230cdd653dac47286e1fd61f8820da796a09b0675837dc119ebd8f1ddd137383ccc87aec18edd4945312cb0923ebbe77e52
+  data.tar.gz: 74d0635bba0274cfaf9ed980d2f0cef3351ab1f820a17720424dececaeb86c6ea36d6f9c3d7b69c8e81b52c4790b1796ba59d02a95a30d4afe90bad35767d442

data/.github/workflows/ci.yml

@@ -15,18 +15,23 @@ jobs:
       matrix:
         ruby-version: ['2.7.x', '3.0.x', '3.1.x']
     steps:
+      - uses: actions/checkout@v3
       - uses: docker://thekuwayama/openssl:latest
       - name: Set up Ruby
-        uses: actions/setup-ruby@v1
-      - uses: actions/checkout@v1
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
       - name: Install dependencies
         run: |
           gem --version
           gem install bundler
           bundle --version
           bundle install
-      - name: Run test
-        run: |
-          bundle exec rake
-          bundle exec rake interop:client
-          bundle exec rake interop:server
+      - name: Run rubocop
+        run: bundle exec rake rubocop
+      - name: Run rspec
+        run: bundle exec rake spec
+      - name: Run interop client
+        run: bundle exec rake interop:client
+      - name: Run interop server
+        run: bundle exec rake interop:server

data/.gitignore

@@ -14,3 +14,4 @@ Gemfile.lock
 /coverage/
 /spec/reports/
 /tmp/
+.DS_Store

data/.ruby-version

@@ -0,0 +1 @@
+3.1.2

data/Gemfile

@@ -6,10 +6,12 @@ gem 'logger'
 gem 'openssl'
 gem 'rake'
 
-group :test do
+group :development do
   gem 'byebug'
+  gem 'http_parser.rb'
   gem 'rspec', '3.9.0'
   gem 'rubocop', '0.78.0'
+  gem 'webrick'
 end
 
 gemspec

data/README.md

@@ -2,7 +2,7 @@
 
 [![Gem Version](https://badge.fury.io/rb/tttls1.3.svg)](https://badge.fury.io/rb/tttls1.3)
 [![Actions Status](https://github.com/thekuwayama/tttls1.3/workflows/CI/badge.svg)](https://github.com/thekuwayama/tttls1.3/actions?workflow=CI)
-[![Maintainability](https://api.codeclimate.com/v1/badges/47f3c267d9cfd2c8e388/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
+[![Maintainability](https://api.codeclimate.com/v1/badges/b5ae1b3a43828142d2fa/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
 
 tttls1.3 is Ruby implementation of [TLS 1.3](https://tools.ietf.org/html/rfc8446) protocol.
 
@@ -92,9 +92,9 @@ tttls1.3 client is configurable using keyword arguments.
 | `:supported_groups` | Array of TTTLS13::NamedGroup constant | `SECP256R1`, `SECP384R1`, `SECP521R1` | List of named groups offered in ClientHello extensions. |
 | `:key_share_groups` | Array of TTTLS13::NamedGroup constant | nil | List of named groups offered in KeyShareClientHello. In default, KeyShareClientHello has only a KeyShareEntry of most preferred named group in `:supported_groups`. You can set this to send KeyShareClientHello that has multiple KeyShareEntry. |
 | `:alpn` | Array of String | nil | List of application protocols offered in ClientHello extensions. If not needed to be present, set nil. |
-| `:process_new_session_ticket` | Proc | nil | Proc that processes received NewSessionTicket. Its 3 arguments are TTTLS13::Message::NewSessionTicket, resumption master secret and cipher suite. If not needed to process NewSessionTicket, set nil. |
+| `:process_new_session_ticket` | Proc | nil | Proc that processes received NewSessionTicket. Its 3 arguments are TTTLS13::Message::NewSessionTicket, resumption main secret and cipher suite. If not needed to process NewSessionTicket, set nil. |
 | `:ticket` | String | nil | The ticket for PSK. |
-| `:resumption_master_secret` | String | nil | The resumption master secret. |
+| `:resumption_secret` | String | nil | The resumption main secret. |
 | `:psk_cipher_suite` | TTTLS13::CipherSuite constant | nil | The cipher suite for PSK. |
 | `:ticket_nonce` | String | nil | The ticket\_nonce for PSK. |
 | `:ticket_age_add` | String | nil | The ticket\_age\_add for PSK. |
@@ -104,6 +104,7 @@ tttls1.3 client is configurable using keyword arguments.
 | `:process_certificate_status` | Proc | `TTTLS13::Client.method(:softfail_check_certificate_status)` | Proc(or Method) that checks received OCSPResponse. Its 3 arguments are OpenSSL::OCSP::Response, end-entity certificate(OpenSSL::X509::Certificate) and certificates chain(Array of Certificate) used for verification and it returns Boolean. |
 | `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
+| `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 
 
@@ -123,6 +124,7 @@ tttls1.3 server is configurable using keyword arguments.
 | `:process_ocsp_response` | Proc | nil | Proc that gets OpenSSL::OCSP::Response. If not needed to staple OCSP::Response, set nil. |
 | `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
+| `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 
 

data/example/https_client.rb

@@ -10,7 +10,8 @@ req = simple_http_request(hostname)
 socket = TCPSocket.new(hostname, port)
 settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
-  alpn: ['http/1.1']
+  alpn: ['http/1.1'],
+  sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
 client = TTTLS13::Client.new(socket, hostname, **settings)
 client.connect

data/example/https_client_using_0rtt.rb

@@ -15,7 +15,7 @@ process_new_session_ticket = lambda do |nst, rms, cs|
   return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
 
   settings_2nd[:ticket] = nst.ticket
-  settings_2nd[:resumption_master_secret] = rms
+  settings_2nd[:resumption_main_secret] = rms
   settings_2nd[:psk_cipher_suite] = cs
   settings_2nd[:ticket_nonce] = nst.ticket_nonce
   settings_2nd[:ticket_age_add] = nst.ticket_age_add

data/example/https_client_using_hrr_and_ticket.rb

@@ -16,7 +16,7 @@ process_new_session_ticket = lambda do |nst, rms, cs|
 
   settings_2nd[:key_share_groups] = [] # empty KeyShareClientHello.client_shares
   settings_2nd[:ticket] = nst.ticket
-  settings_2nd[:resumption_master_secret] = rms
+  settings_2nd[:resumption_main_secret] = rms
   settings_2nd[:psk_cipher_suite] = cs
   settings_2nd[:ticket_nonce] = nst.ticket_nonce
   settings_2nd[:ticket_age_add] = nst.ticket_age_add

data/example/https_client_using_ticket.rb

@@ -15,7 +15,7 @@ process_new_session_ticket = lambda do |nst, rms, cs|
   return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
 
   settings_2nd[:ticket] = nst.ticket
-  settings_2nd[:resumption_master_secret] = rms
+  settings_2nd[:resumption_main_secret] = rms
   settings_2nd[:psk_cipher_suite] = cs
   settings_2nd[:ticket_nonce] = nst.ticket_nonce
   settings_2nd[:ticket_age_add] = nst.ticket_age_add

data/example/https_server.rb

@@ -12,7 +12,8 @@ settings = {
   crt_file: __dir__ + '/../tmp/server.crt',
   chain_files: [__dir__ + '/../tmp/intermediate.crt'],
   key_file: __dir__ + '/../tmp/server.key',
-  alpn: ['http/1.1']
+  alpn: ['http/1.1'],
+  sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
 
 q = Queue.new
@@ -49,7 +50,7 @@ Etc.nprocessors.times do
     rescue Timeout::Error
       logger.warn 'Timeout'
     ensure
-      s.close
+      s&.close
     end
   end
 end

data/interop/client_spec.rb

@@ -1,10 +1,10 @@
 # encoding: ascii-8bit
 # frozen_string_literal: true
 
-require_relative 'helper'
+require_relative 'spec_helper'
 
 FIXTURES_DIR = __dir__ + '/../spec/fixtures'
-PORT = 4433
+PORT = 14433
 
 RSpec.describe Client do
   # normal [Boolean] Is this nominal scenarios?
@@ -173,6 +173,7 @@ RSpec.describe Client do
               + '-tls1_3 ' \
               + '-www ' \
               + '-quiet ' \
+              + "-accept #{PORT} " \
               + opt
         pid = spawn('docker run ' \
                     + "--volume #{FIXTURES_DIR}:/tmp " \

data/interop/server_spec.rb

@@ -1,7 +1,7 @@
 # encoding: ascii-8bit
 # frozen_string_literal: true
 
-require_relative 'helper'
+require_relative 'spec_helper'
 
 FIXTURES_DIR = __dir__ + '/../spec/fixtures'
 PORT = 4433
@@ -187,8 +187,6 @@ RSpec.describe Server do
 
       let(:client) do
         ip = Socket.ip_address_list.find(&:ipv4_private?).ip_address
-        wait_to_listen(ip, PORT)
-
         cmd = 'echo -n ping | openssl s_client ' \
               + "-connect local:#{PORT} " \
               + '-tls1_3 ' \

data/interop/{helper.rb → spec_helper.rb}

@@ -13,13 +13,20 @@ include TTTLS13::Error
 # rubocop: enable Style/MixinUsage
 
 def wait_to_listen(host, port)
-  loop do
-    s = TCPSocket.open(host, port) # check by TCP handshake
-  rescue # rubocop: disable Style/RescueStandardError
-    sleep(0.2)
+  10.times do
+    soc = TCPSocket.open(host, port)
+    ctx = OpenSSL::SSL::SSLContext.new
+    ctx.max_version = OpenSSL::SSL::TLS1_3_VERSION
+    ssl = OpenSSL::SSL::SSLSocket.new(soc, ctx)
+    ssl.sync_close = true
+    ssl.connect
+  rescue => e # rubocop: disable Style/RescueStandardError
+    p e
+    soc&.close
+    sleep(0.5)
     next
   else
-    s.close
+    ssl.close
     break
   end
 end

data/lib/tttls1.3/client.rb

@@ -58,7 +58,9 @@ module TTTLS13
     alpn: nil,
     process_new_session_ticket: nil,
     ticket: nil,
+    # @deprecated Please use `resumption_secret` instead
     resumption_master_secret: nil,
+    resumption_secret: nil,
     psk_cipher_suite: nil,
     ticket_nonce: nil,
     ticket_age_add: nil,
@@ -68,6 +70,7 @@ module TTTLS13
     process_certificate_status: nil,
     compress_certificate_algorithms: DEFALUT_CH_COMPRESS_CERTIFICATE_ALGORITHMS,
     compatibility_mode: true,
+    sslkeylogfile: nil,
     loglevel: Logger::WARN
   }.freeze
   private_constant :DEFAULT_CLIENT_SETTINGS
@@ -83,6 +86,15 @@ module TTTLS13
       @endpoint = :client
       @hostname = hostname
       @settings = DEFAULT_CLIENT_SETTINGS.merge(settings)
+      # NOTE: backward compatibility
+      if @settings[:resumption_secret].nil? &&
+         !@settings[:resumption_master_secret].nil?
+        @settings[:resumption_secret] =
+          @settings.delete(:resumption_master_secret) \
+      end
+      raise Error::ConfigError if @settings[:resumption_secret] !=
+                                  @settings[:resumption_master_secret]
+
       logger.level = @settings[:loglevel]
 
       @early_data = ''
@@ -136,7 +148,7 @@ module TTTLS13
       priv_keys = {} # Hash of NamedGroup => OpenSSL::PKey::$Object
       if use_psk?
         psk = gen_psk_from_nst(
-          @settings[:resumption_master_secret],
+          @settings[:resumption_secret],
           @settings[:ticket_nonce],
           CipherSuite.digest(@settings[:psk_cipher_suite])
         )
@@ -151,6 +163,15 @@ module TTTLS13
       hs_wcipher = nil # TTTLS13::Cryptograph::$Object
       hs_rcipher = nil # TTTLS13::Cryptograph::$Object
       e_wcipher = nil # TTTLS13::Cryptograph::$Object
+      sslkeylogfile = nil # TTTLS13::SslKeyLogFile::Writer
+      unless @settings[:sslkeylogfile].nil?
+        begin
+          sslkeylogfile = SslKeyLogFile::Writer.new(@settings[:sslkeylogfile])
+        rescue SystemCallError => e
+          msg = "\"#{@settings[:sslkeylogfile]}\" file can NOT open: #{e}"
+          logger.warn(msg)
+        end
+      end
 
       @state = ClientState::START
       loop do
@@ -169,6 +190,10 @@ module TTTLS13
               key_schedule.early_data_write_key,
               key_schedule.early_data_write_iv
             )
+            sslkeylogfile&.write_client_early_traffic_secret(
+              transcript[CH].first.random,
+              key_schedule.client_early_traffic_secret
+            )
             send_early_data(e_wcipher)
           end
 
@@ -276,11 +301,19 @@ module TTTLS13
             key_schedule.client_handshake_write_key,
             key_schedule.client_handshake_write_iv
           )
+          sslkeylogfile&.write_client_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.client_handshake_traffic_secret
+          )
           hs_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.server_handshake_write_key,
             key_schedule.server_handshake_write_iv
           )
+          sslkeylogfile&.write_server_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.server_handshake_traffic_secret
+          )
           @state = ClientState::WAIT_EE
         when ClientState::WAIT_EE
           logger.debug('ClientState::WAIT_EE')
@@ -388,13 +421,21 @@ module TTTLS13
             key_schedule.client_application_write_key,
             key_schedule.client_application_write_iv
           )
+          sslkeylogfile&.write_client_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.client_application_traffic_secret
+          )
           @ap_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.server_application_write_key,
             key_schedule.server_application_write_iv
           )
-          @exporter_master_secret = key_schedule.exporter_master_secret
-          @resumption_master_secret = key_schedule.resumption_master_secret
+          sslkeylogfile&.write_server_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.server_application_traffic_secret
+          )
+          @exporter_secret = key_schedule.exporter_secret
+          @resumption_secret = key_schedule.resumption_secret
           @state = ClientState::CONNECTED
         when ClientState::CONNECTED
           logger.debug('ClientState::CONNECTED')
@@ -402,6 +443,7 @@ module TTTLS13
           break
         end
       end
+      sslkeylogfile&.close
     end
     # rubocop: enable Metrics/AbcSize
     # rubocop: enable Metrics/BlockLength
@@ -513,7 +555,7 @@ module TTTLS13
     # @return [Boolean]
     def use_psk?
       !@settings[:ticket].nil? &&
-        !@settings[:resumption_master_secret].nil? &&
+        !@settings[:resumption_secret].nil? &&
         !@settings[:psk_cipher_suite].nil? &&
         !@settings[:ticket_nonce].nil? &&
         !@settings[:ticket_age_add].nil? &&
@@ -537,14 +579,14 @@ module TTTLS13
       send_record(ap_record)
     end
 
-    # @param resumption_master_secret [String]
+    # @param resumption_secret [String]
     # @param ticket_nonce [String]
     # @param digest [String] name of digest algorithm
     #
     # @return [String]
-    def gen_psk_from_nst(resumption_master_secret, ticket_nonce, digest)
+    def gen_psk_from_nst(resumption_secret, ticket_nonce, digest)
       hash_len = OpenSSL::Digest.new(digest).digest_length
-      KeySchedule.hkdf_expand_label(resumption_master_secret, 'resumption',
+      KeySchedule.hkdf_expand_label(resumption_secret, 'resumption',
                                     ticket_nonce, hash_len, digest)
     end
 
@@ -918,7 +960,7 @@ module TTTLS13
     def process_new_session_ticket(nst)
       super(nst)
 
-      rms = @resumption_master_secret
+      rms = @resumption_secret
       cs = @cipher_suite
       @settings[:process_new_session_ticket]&.call(nst, rms, cs)
     end

data/lib/tttls1.3/connection.rb

@@ -25,7 +25,7 @@ module TTTLS13
       @send_record_size = Message::DEFAULT_RECORD_SIZE_LIMIT
       @recv_record_size = Message::DEFAULT_RECORD_SIZE_LIMIT
       @alpn = nil # String
-      @exporter_master_secret = nil # String
+      @exporter_secret = nil # String
     end
 
     # @raise [TTTLS13::Error::ConfigError]
@@ -109,15 +109,15 @@ module TTTLS13
     #
     # @return [String, nil]
     def exporter(label, context, key_length)
-      return nil if @exporter_master_secret.nil? || @cipher_suite.nil?
+      return nil if @exporter_secret.nil? || @cipher_suite.nil?
 
       digest = CipherSuite.digest(@cipher_suite)
-      do_exporter(@exporter_master_secret, digest, label, context, key_length)
+      do_exporter(@exporter_secret, digest, label, context, key_length)
     end
 
     private
 
-    # @param secret [String] (early_)exporter_master_secret
+    # @param secret [String] (early_)exporter_secret
     # @param digest [String] name of digest algorithm
     # @param label [String]
     # @param context [String]
@@ -517,10 +517,8 @@ module TTTLS13
     #
     # @return [Array of TTTLS13::Message::Extension::SignatureAlgorithms]
     def do_select_signature_algorithms(signature_algorithms, crt)
-      spki = OpenSSL::Netscape::SPKI.new
-      spki.public_key = crt.public_key
-      pka = OpenSSL::ASN1.decode(spki.to_der)
-                         .value.first.value.first.value.first.value.first.value
+      pka = OpenSSL::ASN1.decode(crt.public_key.to_der)
+                         .value.first.value.first.value
       signature_algorithms.select do |sa|
         case sa
         when SignatureScheme::ECDSA_SECP256R1_SHA256,

data/lib/tttls1.3/key_schedule.rb

@@ -61,8 +61,15 @@ module TTTLS13
       self.class.hkdf_expand_label(secret, 'iv', '', @iv_len, @digest)
     end
 
+    # @deprecated Please use `early_exporter_secret` instead
+    #
     # @return [String]
     def early_exporter_master_secret
+      early_exporter_secret
+    end
+
+    # @return [String]
+    def early_exporter_secret
       hash = OpenSSL::Digest.digest(@digest, '')
       derive_secret(early_secret, 'e exp master', hash)
     end
@@ -126,22 +133,36 @@ module TTTLS13
       self.class.hkdf_expand_label(secret, 'iv', '', @iv_len, @digest)
     end
 
+    # @deprecated Please use `main_salt` instead
+    #
     # @return [String]
     def master_salt
+      main_salt
+    end
+
+    # @return [String]
+    def main_salt
       hash = OpenSSL::Digest.digest(@digest, '')
       derive_secret(handshake_secret, 'derived', hash)
     end
 
+    # @deprecated Please use `main_secret` instead
+    #
     # @return [String]
     def master_secret
+      main_secret
+    end
+
+    # @return [String]
+    def main_secret
       ikm = "\x00" * @hash_len
-      hkdf_extract(ikm, master_salt)
+      hkdf_extract(ikm, main_salt)
     end
 
     # @return [String]
     def client_application_traffic_secret
       hash = @transcript.hash(@digest, SF)
-      derive_secret(master_secret, 'c ap traffic', hash)
+      derive_secret(main_secret, 'c ap traffic', hash)
     end
 
     # @return [String]
@@ -159,7 +180,7 @@ module TTTLS13
     # @return [String]
     def server_application_traffic_secret
       hash = @transcript.hash(@digest, SF)
-      derive_secret(master_secret, 's ap traffic', hash)
+      derive_secret(main_secret, 's ap traffic', hash)
     end
 
     # @return [String]
@@ -174,16 +195,30 @@ module TTTLS13
       self.class.hkdf_expand_label(secret, 'iv', '', @iv_len, @digest)
     end
 
+    # @deprecated Please use `exporter_secret` instead
+    #
     # @return [String]
     def exporter_master_secret
+      exporter_secret
+    end
+
+    # @return [String]
+    def exporter_secret
       hash = @transcript.hash(@digest, SF)
-      derive_secret(master_secret, 'exp master', hash)
+      derive_secret(main_secret, 'exp master', hash)
     end
 
+    # @deprecated Please use `resumption_secret` instead
+    #
     # @return [String]
     def resumption_master_secret
+      resumption_secret
+    end
+
+    # @return [String]
+    def resumption_secret
       hash = @transcript.hash(@digest, CF)
-      derive_secret(master_secret, 'res master', hash)
+      derive_secret(main_secret, 'res master', hash)
     end
 
     # @param ikm [String]

data/lib/tttls1.3/message/extension/key_share.rb

@@ -91,8 +91,7 @@ module TTTLS13
           priv_keys = {}
           kse = groups.map do |group|
             curve = NamedGroup.curve_name(group)
-            ec = OpenSSL::PKey::EC.new(curve)
-            ec.generate_key!
+            ec = OpenSSL::PKey::EC.generate(curve)
             # store private key to do the key-exchange
             priv_keys.store(group, ec)
             KeyShareEntry.new(
@@ -115,8 +114,7 @@ module TTTLS13
         # @return [OpenSSL::PKey::EC.$Object]
         def self.gen_sh_key_share(group)
           curve = NamedGroup.curve_name(group)
-          ec = OpenSSL::PKey::EC.new(curve)
-          ec.generate_key!
+          ec = OpenSSL::PKey::EC.generate(curve)
 
           key_share = KeyShare.new(
             msg_type: HandshakeType::SERVER_HELLO,

data/lib/tttls1.3/server.rb

@@ -60,6 +60,7 @@ module TTTLS13
     process_ocsp_response: nil,
     compress_certificate_algorithms: DEFAULT_SP_COMPRESS_CERTIFICATE_ALGORITHMS,
     compatibility_mode: true,
+    sslkeylogfile: nil,
     loglevel: Logger::WARN
   }.freeze
   private_constant :DEFAULT_SERVER_SETTINGS
@@ -148,6 +149,15 @@ module TTTLS13
       priv_key = nil # OpenSSL::PKey::$Object
       hs_wcipher = nil # TTTLS13::Cryptograph::$Object
       hs_rcipher = nil # TTTLS13::Cryptograph::$Object
+      sslkeylogfile = nil # TTTLS13::SslKeyLogFile::Writer
+      unless @settings[:sslkeylogfile].nil?
+        begin
+          sslkeylogfile = SslKeyLogFile::Writer.new(@settings[:sslkeylogfile])
+        rescue SystemCallError => e
+          msg = "\"#{@settings[:sslkeylogfile]}\" file can NOT open: #{e}"
+          logger.warn(msg)
+        end
+      end
 
       @state = ServerState::START
       loop do
@@ -220,7 +230,7 @@ module TTTLS13
           # generate shared secret
           ke = ch.extensions[Message::ExtensionType::KEY_SHARE]
                 &.key_share_entry
-                &.find { |e| e.group == @named_group }
+                &.find { |kse| kse.group == @named_group }
                 &.key_exchange
           shared_secret = gen_shared_secret(ke, priv_key, @named_group)
           key_schedule = KeySchedule.new(
@@ -234,11 +244,19 @@ module TTTLS13
             key_schedule.server_handshake_write_key,
             key_schedule.server_handshake_write_iv
           )
+          sslkeylogfile&.write_server_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.server_handshake_traffic_secret
+          )
           hs_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.client_handshake_write_key,
             key_schedule.client_handshake_write_iv
           )
+          sslkeylogfile&.write_client_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.client_handshake_traffic_secret
+          )
           @state = ServerState::WAIT_FLIGHT2
         when ServerState::WAIT_EOED
           logger.debug('ServerState::WAIT_EOED')
@@ -292,12 +310,20 @@ module TTTLS13
             key_schedule.server_application_write_key,
             key_schedule.server_application_write_iv
           )
+          sslkeylogfile&.write_server_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.server_application_traffic_secret
+          )
           @ap_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.client_application_write_key,
             key_schedule.client_application_write_iv
           )
-          @exporter_master_secret = key_schedule.exporter_master_secret
+          sslkeylogfile&.write_client_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.client_application_traffic_secret
+          )
+          @exporter_secret = key_schedule.exporter_secret
           @state = ServerState::CONNECTED
         when ServerState::CONNECTED
           logger.debug('ServerState::CONNECTED')
@@ -305,6 +331,7 @@ module TTTLS13
           break
         end
       end
+      sslkeylogfile&.close
     end
     # rubocop: enable Metrics/AbcSize
     # rubocop: enable Metrics/BlockLength

data/lib/tttls1.3/sslkeylogfile.rb

@@ -0,0 +1,87 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  module SslKeyLogFile
+    module Label
+      CLIENT_EARLY_TRAFFIC_SECRET     = 'CLIENT_EARLY_TRAFFIC_SECRET'
+      CLIENT_HANDSHAKE_TRAFFIC_SECRET = 'CLIENT_HANDSHAKE_TRAFFIC_SECRET'
+      SERVER_HANDSHAKE_TRAFFIC_SECRET = 'SERVER_HANDSHAKE_TRAFFIC_SECRET'
+      CLIENT_TRAFFIC_SECRET_0         = 'CLIENT_TRAFFIC_SECRET_0'
+      SERVER_TRAFFIC_SECRET_0         = 'SERVER_TRAFFIC_SECRET_0'
+    end
+
+    class Writer
+      # @param path [String]
+      #
+      # @raise [SystemCallError]
+      def initialize(path)
+        @file = File.new(path, 'a+')
+      end
+
+      # @param client_random [String]
+      # @param secret [String]
+      def write_client_early_traffic_secret(client_random, secret)
+        write_key_log(
+          Label::CLIENT_EARLY_TRAFFIC_SECRET,
+          client_random,
+          secret
+        )
+      end
+
+      # @param client_random [String]
+      # @param secret [String]
+      def write_client_handshake_traffic_secret(client_random, secret)
+        write_key_log(
+          Label::CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+          client_random,
+          secret
+        )
+      end
+
+      # @param client_random [String]
+      # @param secret [String]
+      def write_server_handshake_traffic_secret(client_random, secret)
+        write_key_log(
+          Label::SERVER_HANDSHAKE_TRAFFIC_SECRET,
+          client_random,
+          secret
+        )
+      end
+
+      # @param client_random [String]
+      # @param secret [String]
+      def write_client_traffic_secret_0(client_random, secret)
+        write_key_log(
+          Label::CLIENT_TRAFFIC_SECRET_0,
+          client_random,
+          secret
+        )
+      end
+
+      # @param client_random [String]
+      # @param secret [String]
+      def write_server_traffic_secret_0(client_random, secret)
+        write_key_log(
+          Label::SERVER_TRAFFIC_SECRET_0,
+          client_random,
+          secret
+        )
+      end
+
+      def close
+        @file&.close
+      end
+
+      private
+
+      # @param label [TTTLS13::SslKeyLogFile::Label]
+      # @param client_random [String]
+      # @param secret [String]
+      def write_key_log(label, client_random, secret)
+        s = "#{label} #{client_random.unpack1('H*')} #{secret.unpack1('H*')}\n"
+        @file&.print(s)
+      end
+    end
+  end
+end

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.2.17'
+  VERSION = '0.2.19'
 end

data/lib/tttls1.3.rb

@@ -17,6 +17,7 @@ require 'tttls1.3/transcript'
 require 'tttls1.3/key_schedule'
 require 'tttls1.3/message'
 require 'tttls1.3/sequence_number'
+require 'tttls1.3/sslkeylogfile'
 require 'tttls1.3/connection'
 require 'tttls1.3/client'
 require 'tttls1.3/server'

data/spec/connection_spec.rb

@@ -6,13 +6,28 @@ require_relative 'spec_helper'
 RSpec.describe Connection do
   context 'connection, Simple 1-RTT Handshake,' do
     let(:key) do
-      rsa = OpenSSL::PKey::RSA.new
-      rsa.set_key(OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2),
-                  OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2),
-                  OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2))
-      rsa.set_factors(OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2),
-                      OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2))
-      rsa
+      n = OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2)
+      e = OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2)
+      d = OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2)
+      p = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2)
+      q = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2)
+      dmp1 = d % (p - 1.to_bn)
+      dmq1 = d % (q - 1.to_bn)
+      iqmp = q**-1.to_bn % p
+      asn1 = OpenSSL::ASN1::Sequence(
+        [
+          OpenSSL::ASN1::Integer(0),
+          OpenSSL::ASN1::Integer(n),
+          OpenSSL::ASN1::Integer(e),
+          OpenSSL::ASN1::Integer(d),
+          OpenSSL::ASN1::Integer(p),
+          OpenSSL::ASN1::Integer(q),
+          OpenSSL::ASN1::Integer(dmp1),
+          OpenSSL::ASN1::Integer(dmq1),
+          OpenSSL::ASN1::Integer(iqmp)
+        ]
+      )
+      OpenSSL::PKey::RSA.new(asn1)
     end
 
     let(:ct) do

data/spec/extensions_spec.rb

@@ -35,8 +35,7 @@ RSpec.describe Extensions do
   end
 
   let(:key_share) do
-    ec = OpenSSL::PKey::EC.new('prime256v1')
-    ec.generate_key!
+    ec = OpenSSL::PKey::EC.generate('prime256v1')
     KeyShare.new(
       msg_type: HandshakeType::CLIENT_HELLO,
       key_share_entry: [

data/spec/key_schedule_spec.rb

@@ -37,9 +37,9 @@ RSpec.describe KeySchedule do
         .to eq TESTBINARY_C_AP_TRAFFIC
       expect(key_schedule.server_application_traffic_secret)
         .to eq TESTBINARY_S_AP_TRAFFIC
-      expect(key_schedule.exporter_master_secret)
+      expect(key_schedule.exporter_secret)
         .to eq TESTBINARY_EXP_MASTER
-      expect(key_schedule.resumption_master_secret)
+      expect(key_schedule.resumption_secret)
         .to eq TESTBINARY_RES_MASTER
     end
 

data/spec/server_spec.rb

@@ -109,13 +109,28 @@ RSpec.describe Server do
 
   context 'server' do
     let(:key) do
-      rsa = OpenSSL::PKey::RSA.new
-      rsa.set_key(OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2),
-                  OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2),
-                  OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2))
-      rsa.set_factors(OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2),
-                      OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2))
-      rsa
+      n = OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2)
+      e = OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2)
+      d = OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2)
+      p = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2)
+      q = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2)
+      dmp1 = d % (p - 1.to_bn)
+      dmq1 = d % (q - 1.to_bn)
+      iqmp = q**-1.to_bn % p
+      asn1 = OpenSSL::ASN1::Sequence(
+        [
+          OpenSSL::ASN1::Integer(0),
+          OpenSSL::ASN1::Integer(n),
+          OpenSSL::ASN1::Integer(e),
+          OpenSSL::ASN1::Integer(d),
+          OpenSSL::ASN1::Integer(p),
+          OpenSSL::ASN1::Integer(q),
+          OpenSSL::ASN1::Integer(dmp1),
+          OpenSSL::ASN1::Integer(dmq1),
+          OpenSSL::ASN1::Integer(iqmp)
+        ]
+      )
+      OpenSSL::PKey::RSA.new(asn1)
     end
 
     let(:ct) do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.17
+  version: 0.2.19
 platform: ruby
 authors:
 - thekuwayama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-14 00:00:00.000000000 Z
+date: 2023-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -63,6 +63,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".ruby-version"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -77,8 +78,8 @@ files:
 - example/https_client_using_ticket.rb
 - example/https_server.rb
 - interop/client_spec.rb
-- interop/helper.rb
 - interop/server_spec.rb
+- interop/spec_helper.rb
 - lib/tttls1.3.rb
 - lib/tttls1.3/cipher_suites.rb
 - lib/tttls1.3/client.rb
@@ -123,6 +124,7 @@ files:
 - lib/tttls1.3/sequence_number.rb
 - lib/tttls1.3/server.rb
 - lib/tttls1.3/signature_scheme.rb
+- lib/tttls1.3/sslkeylogfile.rb
 - lib/tttls1.3/transcript.rb
 - lib/tttls1.3/utils.rb
 - lib/tttls1.3/version.rb
@@ -198,7 +200,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)