RubyGems - tttls1.3 - Versions diffs - 0.2.19 → 0.3.0 - Mend

tttls1.3 0.2.19 → 0.3.0

Files changed (35) hide show

checksums.yaml +4 -4
data/Gemfile +2 -0
data/README.md +4 -1
data/example/helper.rb +5 -2
data/example/https_client_using_ech.rb +32 -0
data/example/https_client_using_grease_ech.rb +26 -0
data/example/https_client_using_grease_psk.rb +66 -0
data/example/https_client_using_hrr_and_ech.rb +32 -0
data/lib/tttls1.3/client.rb +534 -24
data/lib/tttls1.3/connection.rb +3 -0
data/lib/tttls1.3/cryptograph/aead.rb +1 -1
data/lib/tttls1.3/error.rb +1 -1
data/lib/tttls1.3/hpke.rb +91 -0
data/lib/tttls1.3/key_schedule.rb +71 -3
data/lib/tttls1.3/message/alert.rb +2 -1
data/lib/tttls1.3/message/client_hello.rb +2 -1
data/lib/tttls1.3/message/encrypted_extensions.rb +2 -1
data/lib/tttls1.3/message/extension/alpn.rb +4 -5
data/lib/tttls1.3/message/extension/compress_certificate.rb +1 -1
data/lib/tttls1.3/message/extension/ech.rb +241 -0
data/lib/tttls1.3/message/extension/server_name.rb +1 -1
data/lib/tttls1.3/message/extensions.rb +20 -7
data/lib/tttls1.3/message/record.rb +1 -1
data/lib/tttls1.3/message/server_hello.rb +3 -5
data/lib/tttls1.3/message.rb +3 -1
data/lib/tttls1.3/named_group.rb +1 -1
data/lib/tttls1.3/server.rb +1 -1
data/lib/tttls1.3/utils.rb +8 -0
data/lib/tttls1.3/version.rb +1 -1
data/lib/tttls1.3.rb +4 -0
data/spec/client_spec.rb +40 -0
data/spec/ech_spec.rb +81 -0
data/spec/spec_helper.rb +41 -5
data/tttls1.3.gemspec +2 -0
metadata +38 -2

data/lib/tttls1.3/utils.rb CHANGED Viewed

@@ -38,6 +38,14 @@ module TTTLS13
         [self >> 32, self].pack('N2')
       end
+      def zeros
+        if positive?
+          "\x00" * self
+        else
+          ''
+        end
+      end
     end
     refine String do

data/lib/tttls1.3/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module TTTLS13
-  VERSION = '0.2.19'
+  VERSION = '0.3.0'
 end

data/lib/tttls1.3.rb CHANGED Viewed

@@ -5,6 +5,9 @@ require 'net/http'
 require 'pp'
 require 'logger'
+require 'ech_config'
+require 'hpke'
 require 'tttls1.3/version'
 require 'tttls1.3/utils'
 require 'tttls1.3/logging'
@@ -18,6 +21,7 @@ require 'tttls1.3/key_schedule'
 require 'tttls1.3/message'
 require 'tttls1.3/sequence_number'
 require 'tttls1.3/sslkeylogfile'
+require 'tttls1.3/hpke'
 require 'tttls1.3/connection'
 require 'tttls1.3/client'
 require 'tttls1.3/server'

data/spec/client_spec.rb CHANGED Viewed

@@ -270,4 +270,44 @@ RSpec.describe Client do
                          'SHA256')).to eq TESTBINARY_0_RTT_PSK
     end
   end
+  context 'EncodedClientHelloInner length' do
+    let(:server_name) do
+      'localhost'
+    end
+    let(:client) do
+      Client.new(nil, server_name)
+    end
+    let(:maximum_name_length) do
+      0
+    end
+    let(:encoded) do
+      extensions, = client.send(:gen_ch_extensions)
+      inner_ech = Message::Extension::ECHClientHello.new_inner
+      Message::ClientHello.new(
+        legacy_session_id: '',
+        cipher_suites: CipherSuites.new(DEFAULT_CH_CIPHER_SUITES),
+        extensions: extensions.merge(
+          Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
+        )
+      )
+    end
+    let(:padding_encoded_ch_inner) do
+      client.send(
+        :padding_encoded_ch_inner,
+        encoded.serialize[4..],
+        server_name.length,
+        maximum_name_length
+      )
+    end
+    it 'should be equal placeholder_encoded_ch_inner_len' do
+      expect(client.send(:placeholder_encoded_ch_inner_len))
+        .to eq padding_encoded_ch_inner.length
+    end
+  end
 end

data/spec/ech_spec.rb ADDED Viewed

@@ -0,0 +1,81 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+require_relative 'spec_helper'
+using Refinements
+RSpec.describe ECHClientHello do
+  context 'valid ECHClientHello outer binary' do
+    let(:extension) do
+      ECHClientHello.deserialize(TESTBINARY_ECH_OUTER)
+    end
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.type).to eq ECHClientHelloType::OUTER
+      expect(extension.cipher_suite.kdf_id.uint16).to eq 1
+      expect(extension.cipher_suite.aead_id.uint16).to eq 1
+      expect(extension.config_id).to eq 32
+      expect(extension.enc.length).to eq 32
+      expect(extension.payload.length).to eq 239
+    end
+    it 'should be serialized' do
+      expect(extension.serialize)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO \
+               + 281.to_uint16 \
+               + ECHClientHelloType::OUTER \
+               + 1.to_uint16 \
+               + 1.to_uint16 \
+               + 32.to_uint8 \
+               + extension.enc.prefix_uint16_length \
+               + extension.payload.prefix_uint16_length
+    end
+  end
+  context 'valid ECHClientHello inner binary' do
+    let(:extension) do
+      ECHClientHello.deserialize(TESTBINARY_ECH_INNER)
+    end
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.type).to eq ECHClientHelloType::INNER
+    end
+    it 'should be serialized' do
+      expect(extension.serialize)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO \
+               + 1.to_uint16 \
+               + ECHClientHelloType::INNER \
+    end
+  end
+  context 'valid ECHEncryptedExtensions binary' do
+    let(:extension) do
+      ECHEncryptedExtensions.deserialize(TESTBINARY_ECH_EE)
+    end
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.retry_configs.is_a?(Array)).to be_truthy
+      expect(extension.retry_configs.length).to eq 1
+      expect(extension.retry_configs.first.is_a?(ECHConfig)).to be_truthy
+    end
+  end
+  context 'valid ECHHelloRetryRequest binary' do
+    let(:extension) do
+      ECHHelloRetryRequest.deserialize(TESTBINARY_ECH_HRR)
+    end
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.confirmation).to eq "\x00" * 8
+    end
+  end
+end

data/spec/spec_helper.rb CHANGED Viewed

@@ -167,7 +167,7 @@ TESTBINARY_COMPRESS_CERTIFICATE = <<BIN.split.map(&:hex).map(&:chr).join
   02 00 01
 BIN
-# https://tools.ietf.org/html/rfc8448#section-3
+# https://datatracker.ietf.org/doc/html/rfc8448#section-3
 # 2.  Private Keys
 TESTBINARY_PKEY_MODULUS = <<BIN.split.map(&:hex).map(&:chr).join
   b4 bb 49 8f 82 79 30 3d     98 08 36 39 9b 36 c6 98
@@ -209,7 +209,43 @@ TESTBINARY_PKEY_PRIVATE_EXPONENT = <<BIN.split.map(&:hex).map(&:chr).join
   c3 08 8d f2 5a e6 79 23     3d f8 a3 bd a2 ff 99 41
 BIN
-# https://tools.ietf.org/html/rfc8448#section-3
+TESTBINARY_ECH_OUTER = <<BIN.split.map(&:hex).map(&:chr).join
+  00 00 01 00 01 20 00 20     00 01 02 03 04 05 06 07
+  08 09 0a 0b 0c 0d 0e 0f     10 11 12 13 14 15 16 17
+  18 19 1a 1b 1c 1d 1e 1f     00 ef 00 01 02 03 04 05
+  06 07 08 09 0a 0b 0c 0d     0e 0f 10 11 12 13 14 15
+  16 17 18 19 1a 1b 1c 1d     1e 1f 20 21 22 23 24 25
+  26 27 28 29 2a 2b 2c 2d     2e 2f 30 31 32 33 34 35
+  36 37 38 39 3a 3b 3c 3d     3e 3f 40 41 42 43 44 45
+  46 47 48 49 4a 4b 4c 4d     4e 4f 50 51 52 53 54 55
+  56 57 58 59 5a 5b 5c 5d     5e 5f 60 61 62 63 64 65
+  66 67 68 69 6a 6b 6c 6d     6e 6f 70 71 72 73 74 75
+  76 77 78 79 7a 7b 7c 7d     7e 7f 80 81 82 83 84 85
+  86 87 88 89 8a 8b 8c 8d     8e 8f 90 91 92 93 94 95
+  96 97 98 99 9a 9b 9c 9d     9e 9f a0 a1 a2 a3 a4 a5
+  a6 a7 a8 a9 aa ab ac ad     ae af b0 b1 b2 b3 b4 b5
+  b6 b7 b8 b9 ba bb bc bd     be bf c0 c1 c2 c3 c4 c5
+  c6 c7 c8 c9 ca cb cc cd     ce cf d0 d1 d2 d3 d4 d5
+  d6 d7 d8 d9 da db dc dd     de df e0 e1 e2 e3 e4 e5
+  e6 e7 e8 e9 ea eb ec ed     ee
+BIN
+TESTBINARY_ECH_INNER = <<BIN.split.map(&:hex).map(&:chr).join
+  01
+BIN
+TESTBINARY_ECH_EE = <<BIN.split.map(&:hex).map(&:chr).join
+  00 3a fe 0d 00 36 00 00     20 00 1e 00 00 00 00 00
+  00 00 00 00 00 00 00 00     00 00 00 00 00 00 00 00
+  00 00 00 00 00 00 00 00     00 00 04 00 01 00 01 00
+  09 6c 6f 63 61 6c 68 6f     73 74 00 00
+BIN
+TESTBINARY_ECH_HRR = <<BIN.split.map(&:hex).map(&:chr).join
+  00 00 00 00 00 00 00 00
+BIN
+# https://datatracker.ietf.org/doc/html/rfc8448#section-3
 # 3.  Simple 1-RTT Handshake
 TESTBINARY_CLIENT_HELLO = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 00 c0 03 03 cb 34     ec b1 e7 81 63 ba 1c 38
@@ -517,7 +553,7 @@ TESTBINARY_CH_CF_TRANSCRIPT_HASH = <<BIN.split.map(&:hex).map(&:chr).join
   84 65 8d 60 49 e8 64 29     42 6d b8 7c 54 ad 14 3d
 BIN
-# https://tools.ietf.org/html/rfc8448#section-4
+# https://datatracker.ietf.org/doc/html/rfc8448#section-4
 # 4.  Resumed 0-RTT Handshake
 TESTBINARY_0_RTT_CLIENT_HELLO = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 01 fc 03 03 1b c3     ce b6 bb e3 9c ff 93 83
@@ -642,7 +678,7 @@ BIN
 TESTBINARY_0_RTT_CLIENT_APPLICATION_WRITE_IV \
 = testbinary.split.map(&:hex).map(&:chr).join
-# https://tools.ietf.org/html/rfc8448#section-5
+# https://datatracker.ietf.org/doc/html/rfc8448#section-5
 # 5.  HelloRetryRequest
 TESTBINARY_HRR_CLIENT_HELLO1 = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 00 b0 03 03 b0 b1     c5 a5 aa 37 c5 91 9f 2e
@@ -939,7 +975,7 @@ TESTBINARY_HRR_CH1_CF_TRANSCRIPT_HASH = <<BIN.split.map(&:hex).map(&:chr).join
   3c aa 6e 48 3c 6c 65 df     53 15 18 88 e5 01 65 f4
 BIN
-# https://tools.ietf.org/html/rfc8448#section-7
+# https://datatracker.ietf.org/doc/html/rfc8448#section-7
 # 7.  Compatibility Mode
 TESTBINARY_RECORD_CCS = <<BIN.split.map(&:hex).map(&:chr).join
   14 03 03 00 01 01

data/tttls1.3.gemspec CHANGED Viewed

@@ -20,6 +20,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
   spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_dependency             'ech_config', '~> 0.0.3'
+  spec.add_dependency             'hpke'
   spec.add_dependency             'logger'
   spec.add_dependency             'openssl'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.19
+  version: 0.3.0
 platform: ruby
 authors:
 - thekuwayama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-28 00:00:00.000000000 Z
+date: 2023-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -24,6 +24,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: ech_config
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+- !ruby/object:Gem::Dependency
+  name: hpke
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: logger
   requirement: !ruby/object:Gem::Requirement
@@ -72,7 +100,11 @@ files:
 - example/helper.rb
 - example/https_client.rb
 - example/https_client_using_0rtt.rb
+- example/https_client_using_ech.rb
+- example/https_client_using_grease_ech.rb
+- example/https_client_using_grease_psk.rb
 - example/https_client_using_hrr.rb
+- example/https_client_using_hrr_and_ech.rb
 - example/https_client_using_hrr_and_ticket.rb
 - example/https_client_using_status_request.rb
 - example/https_client_using_ticket.rb
@@ -88,6 +120,7 @@ files:
 - lib/tttls1.3/cryptograph/aead.rb
 - lib/tttls1.3/cryptograph/passer.rb
 - lib/tttls1.3/error.rb
+- lib/tttls1.3/hpke.rb
 - lib/tttls1.3/key_schedule.rb
 - lib/tttls1.3/logging.rb
 - lib/tttls1.3/message.rb
@@ -104,6 +137,7 @@ files:
 - lib/tttls1.3/message/extension/compress_certificate.rb
 - lib/tttls1.3/message/extension/cookie.rb
 - lib/tttls1.3/message/extension/early_data_indication.rb
+- lib/tttls1.3/message/extension/ech.rb
 - lib/tttls1.3/message/extension/key_share.rb
 - lib/tttls1.3/message/extension/pre_shared_key.rb
 - lib/tttls1.3/message/extension/psk_key_exchange_modes.rb
@@ -142,6 +176,7 @@ files:
 - spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb
+- spec/ech_spec.rb
 - spec/encrypted_extensions_spec.rb
 - spec/end_of_early_data_spec.rb
 - spec/error_spec.rb
@@ -219,6 +254,7 @@ test_files:
 - spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb
+- spec/ech_spec.rb
 - spec/encrypted_extensions_spec.rb
 - spec/end_of_early_data_spec.rb
 - spec/error_spec.rb