RubyGems - tttls1.3 - Versions diffs - 0.2.19 → 0.3.0 - Mend

tttls1.3 0.2.19 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

checksums.yaml +4 -4
data/Gemfile +2 -0
data/README.md +4 -1
data/example/helper.rb +5 -2
data/example/https_client_using_ech.rb +32 -0
data/example/https_client_using_grease_ech.rb +26 -0
data/example/https_client_using_grease_psk.rb +66 -0
data/example/https_client_using_hrr_and_ech.rb +32 -0
data/lib/tttls1.3/client.rb +534 -24
data/lib/tttls1.3/connection.rb +3 -0
data/lib/tttls1.3/cryptograph/aead.rb +1 -1
data/lib/tttls1.3/error.rb +1 -1
data/lib/tttls1.3/hpke.rb +91 -0
data/lib/tttls1.3/key_schedule.rb +71 -3
data/lib/tttls1.3/message/alert.rb +2 -1
data/lib/tttls1.3/message/client_hello.rb +2 -1
data/lib/tttls1.3/message/encrypted_extensions.rb +2 -1
data/lib/tttls1.3/message/extension/alpn.rb +4 -5
data/lib/tttls1.3/message/extension/compress_certificate.rb +1 -1
data/lib/tttls1.3/message/extension/ech.rb +241 -0
data/lib/tttls1.3/message/extension/server_name.rb +1 -1
data/lib/tttls1.3/message/extensions.rb +20 -7
data/lib/tttls1.3/message/record.rb +1 -1
data/lib/tttls1.3/message/server_hello.rb +3 -5
data/lib/tttls1.3/message.rb +3 -1
data/lib/tttls1.3/named_group.rb +1 -1
data/lib/tttls1.3/server.rb +1 -1
data/lib/tttls1.3/utils.rb +8 -0
data/lib/tttls1.3/version.rb +1 -1
data/lib/tttls1.3.rb +4 -0
data/spec/client_spec.rb +40 -0
data/spec/ech_spec.rb +81 -0
data/spec/spec_helper.rb +41 -5
data/tttls1.3.gemspec +2 -0
metadata +38 -2

data/lib/tttls1.3/utils.rb CHANGED Viewed

@@ -38,6 +38,14 @@ module TTTLS13
         [self >> 32, self].pack('N2')
       end
+      def zeros
+        if positive?
+          "\x00" * self
+        else
+          ''
+        end
+      end
     end
     refine String do

data/lib/tttls1.3/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module TTTLS13
-  VERSION = '0.2.19'
+  VERSION = '0.3.0'
 end

data/lib/tttls1.3.rb CHANGED Viewed

@@ -5,6 +5,9 @@ require 'net/http'
 require 'pp'
 require 'logger'
+require 'ech_config'
+require 'hpke'
 require 'tttls1.3/version'
 require 'tttls1.3/utils'
 require 'tttls1.3/logging'
@@ -18,6 +21,7 @@ require 'tttls1.3/key_schedule'
 require 'tttls1.3/message'
 require 'tttls1.3/sequence_number'
 require 'tttls1.3/sslkeylogfile'
+require 'tttls1.3/hpke'
 require 'tttls1.3/connection'
 require 'tttls1.3/client'
 require 'tttls1.3/server'

data/spec/client_spec.rb CHANGED Viewed

@@ -270,4 +270,44 @@ RSpec.describe Client do
                          'SHA256')).to eq TESTBINARY_0_RTT_PSK
     end
   end
+  context 'EncodedClientHelloInner length' do
+    let(:server_name) do
+      'localhost'
+    end
+    let(:client) do
+      Client.new(nil, server_name)
+    end
+    let(:maximum_name_length) do
+      0
+    end
+    let(:encoded) do
+      extensions, = client.send(:gen_ch_extensions)
+      inner_ech = Message::Extension::ECHClientHello.new_inner
+      Message::ClientHello.new(
+        legacy_session_id: '',
+        cipher_suites: CipherSuites.new(DEFAULT_CH_CIPHER_SUITES),
+        extensions: extensions.merge(
+          Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
+        )
+      )
+    end
+    let(:padding_encoded_ch_inner) do
+      client.send(
+        :padding_encoded_ch_inner,
+        encoded.serialize[4..],
+        server_name.length,
+        maximum_name_length
+      )
+    end
+    it 'should be equal placeholder_encoded_ch_inner_len' do
+      expect(client.send(:placeholder_encoded_ch_inner_len))
+        .to eq padding_encoded_ch_inner.length
+    end
+  end
 end

data/spec/ech_spec.rb ADDED Viewed

@@ -0,0 +1,81 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+require_relative 'spec_helper'
+using Refinements
+RSpec.describe ECHClientHello do
+  context 'valid ECHClientHello outer binary' do
+    let(:extension) do
+      ECHClientHello.deserialize(TESTBINARY_ECH_OUTER)
+    end
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.type).to eq ECHClientHelloType::OUTER
+      expect(extension.cipher_suite.kdf_id.uint16).to eq 1
+      expect(extension.cipher_suite.aead_id.uint16).to eq 1
+      expect(extension.config_id).to eq 32
+      expect(extension.enc.length).to eq 32
+      expect(extension.payload.length).to eq 239
+    end
+    it 'should be serialized' do
+      expect(extension.serialize)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO \
+               + 281.to_uint16 \
+               + ECHClientHelloType::OUTER \
+               + 1.to_uint16 \
+               + 1.to_uint16 \
+               + 32.to_uint8 \
+               + extension.enc.prefix_uint16_length \
+               + extension.payload.prefix_uint16_length
+    end
+  end
+  context 'valid ECHClientHello inner binary' do
+    let(:extension) do
+      ECHClientHello.deserialize(TESTBINARY_ECH_INNER)
+    end
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.type).to eq ECHClientHelloType::INNER
+    end
+    it 'should be serialized' do
+      expect(extension.serialize)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO \
+               + 1.to_uint16 \
+               + ECHClientHelloType::INNER \
+    end
+  end
+  context 'valid ECHEncryptedExtensions binary' do
+    let(:extension) do
+      ECHEncryptedExtensions.deserialize(TESTBINARY_ECH_EE)
+    end
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.retry_configs.is_a?(Array)).to be_truthy
+      expect(extension.retry_configs.length).to eq 1
+      expect(extension.retry_configs.first.is_a?(ECHConfig)).to be_truthy
+    end
+  end
+  context 'valid ECHHelloRetryRequest binary' do
+    let(:extension) do
+      ECHHelloRetryRequest.deserialize(TESTBINARY_ECH_HRR)
+    end
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.confirmation).to eq "\x00" * 8
+    end
+  end
+end

data/spec/spec_helper.rb CHANGED Viewed

@@ -167,7 +167,7 @@ TESTBINARY_COMPRESS_CERTIFICATE = <<BIN.split.map(&:hex).map(&:chr).join
   02 00 01
 BIN
-# https://tools.ietf.org/html/rfc8448#section-3
+# https://datatracker.ietf.org/doc/html/rfc8448#section-3
 # 2.  Private Keys
 TESTBINARY_PKEY_MODULUS = <<BIN.split.map(&:hex).map(&:chr).join
   b4 bb 49 8f 82 79 30 3d     98 08 36 39 9b 36 c6 98
@@ -209,7 +209,43 @@ TESTBINARY_PKEY_PRIVATE_EXPONENT = <<BIN.split.map(&:hex).map(&:chr).join
   c3 08 8d f2 5a e6 79 23     3d f8 a3 bd a2 ff 99 41
 BIN
-# https://tools.ietf.org/html/rfc8448#section-3
+TESTBINARY_ECH_OUTER = <<BIN.split.map(&:hex).map(&:chr).join
+  00 00 01 00 01 20 00 20     00 01 02 03 04 05 06 07
+  08 09 0a 0b 0c 0d 0e 0f     10 11 12 13 14 15 16 17
+  18 19 1a 1b 1c 1d 1e 1f     00 ef 00 01 02 03 04 05
+  06 07 08 09 0a 0b 0c 0d     0e 0f 10 11 12 13 14 15
+  16 17 18 19 1a 1b 1c 1d     1e 1f 20 21 22 23 24 25
+  26 27 28 29 2a 2b 2c 2d     2e 2f 30 31 32 33 34 35
+  36 37 38 39 3a 3b 3c 3d     3e 3f 40 41 42 43 44 45
+  46 47 48 49 4a 4b 4c 4d     4e 4f 50 51 52 53 54 55
+  56 57 58 59 5a 5b 5c 5d     5e 5f 60 61 62 63 64 65
+  66 67 68 69 6a 6b 6c 6d     6e 6f 70 71 72 73 74 75
+  76 77 78 79 7a 7b 7c 7d     7e 7f 80 81 82 83 84 85
+  86 87 88 89 8a 8b 8c 8d     8e 8f 90 91 92 93 94 95
+  96 97 98 99 9a 9b 9c 9d     9e 9f a0 a1 a2 a3 a4 a5
+  a6 a7 a8 a9 aa ab ac ad     ae af b0 b1 b2 b3 b4 b5
+  b6 b7 b8 b9 ba bb bc bd     be bf c0 c1 c2 c3 c4 c5
+  c6 c7 c8 c9 ca cb cc cd     ce cf d0 d1 d2 d3 d4 d5
+  d6 d7 d8 d9 da db dc dd     de df e0 e1 e2 e3 e4 e5
+  e6 e7 e8 e9 ea eb ec ed     ee
+BIN
+TESTBINARY_ECH_INNER = <<BIN.split.map(&:hex).map(&:chr).join
+  01
+BIN
+TESTBINARY_ECH_EE = <<BIN.split.map(&:hex).map(&:chr).join
+  00 3a fe 0d 00 36 00 00     20 00 1e 00 00 00 00 00
+  00 00 00 00 00 00 00 00     00 00 00 00 00 00 00 00
+  00 00 00 00 00 00 00 00     00 00 04 00 01 00 01 00
+  09 6c 6f 63 61 6c 68 6f     73 74 00 00
+BIN
+TESTBINARY_ECH_HRR = <<BIN.split.map(&:hex).map(&:chr).join
+  00 00 00 00 00 00 00 00
+BIN
+# https://datatracker.ietf.org/doc/html/rfc8448#section-3
 # 3.  Simple 1-RTT Handshake
 TESTBINARY_CLIENT_HELLO = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 00 c0 03 03 cb 34     ec b1 e7 81 63 ba 1c 38
@@ -517,7 +553,7 @@ TESTBINARY_CH_CF_TRANSCRIPT_HASH = <<BIN.split.map(&:hex).map(&:chr).join
   84 65 8d 60 49 e8 64 29     42 6d b8 7c 54 ad 14 3d
 BIN
-# https://tools.ietf.org/html/rfc8448#section-4
+# https://datatracker.ietf.org/doc/html/rfc8448#section-4
 # 4.  Resumed 0-RTT Handshake
 TESTBINARY_0_RTT_CLIENT_HELLO = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 01 fc 03 03 1b c3     ce b6 bb e3 9c ff 93 83
@@ -642,7 +678,7 @@ BIN
 TESTBINARY_0_RTT_CLIENT_APPLICATION_WRITE_IV \
 = testbinary.split.map(&:hex).map(&:chr).join
-# https://tools.ietf.org/html/rfc8448#section-5
+# https://datatracker.ietf.org/doc/html/rfc8448#section-5
 # 5.  HelloRetryRequest
 TESTBINARY_HRR_CLIENT_HELLO1 = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 00 b0 03 03 b0 b1     c5 a5 aa 37 c5 91 9f 2e
@@ -939,7 +975,7 @@ TESTBINARY_HRR_CH1_CF_TRANSCRIPT_HASH = <<BIN.split.map(&:hex).map(&:chr).join
   3c aa 6e 48 3c 6c 65 df     53 15 18 88 e5 01 65 f4
 BIN
-# https://tools.ietf.org/html/rfc8448#section-7
+# https://datatracker.ietf.org/doc/html/rfc8448#section-7
 # 7.  Compatibility Mode
 TESTBINARY_RECORD_CCS = <<BIN.split.map(&:hex).map(&:chr).join
   14 03 03 00 01 01

data/tttls1.3.gemspec CHANGED Viewed

@@ -20,6 +20,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
   spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_dependency             'ech_config', '~> 0.0.3'
+  spec.add_dependency             'hpke'
   spec.add_dependency             'logger'
   spec.add_dependency             'openssl'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.19
+  version: 0.3.0
 platform: ruby
 authors:
 - thekuwayama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-28 00:00:00.000000000 Z
+date: 2023-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -24,6 +24,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: ech_config
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+- !ruby/object:Gem::Dependency
+  name: hpke
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: logger
   requirement: !ruby/object:Gem::Requirement
@@ -72,7 +100,11 @@ files:
 - example/helper.rb
 - example/https_client.rb
 - example/https_client_using_0rtt.rb
+- example/https_client_using_ech.rb
+- example/https_client_using_grease_ech.rb
+- example/https_client_using_grease_psk.rb
 - example/https_client_using_hrr.rb
+- example/https_client_using_hrr_and_ech.rb
 - example/https_client_using_hrr_and_ticket.rb
 - example/https_client_using_status_request.rb
 - example/https_client_using_ticket.rb
@@ -88,6 +120,7 @@ files:
 - lib/tttls1.3/cryptograph/aead.rb
 - lib/tttls1.3/cryptograph/passer.rb
 - lib/tttls1.3/error.rb
+- lib/tttls1.3/hpke.rb
 - lib/tttls1.3/key_schedule.rb
 - lib/tttls1.3/logging.rb
 - lib/tttls1.3/message.rb
@@ -104,6 +137,7 @@ files:
 - lib/tttls1.3/message/extension/compress_certificate.rb
 - lib/tttls1.3/message/extension/cookie.rb
 - lib/tttls1.3/message/extension/early_data_indication.rb
+- lib/tttls1.3/message/extension/ech.rb
 - lib/tttls1.3/message/extension/key_share.rb
 - lib/tttls1.3/message/extension/pre_shared_key.rb
 - lib/tttls1.3/message/extension/psk_key_exchange_modes.rb
@@ -142,6 +176,7 @@ files:
 - spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb
+- spec/ech_spec.rb
 - spec/encrypted_extensions_spec.rb
 - spec/end_of_early_data_spec.rb
 - spec/error_spec.rb
@@ -219,6 +254,7 @@ test_files:
 - spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb
+- spec/ech_spec.rb
 - spec/encrypted_extensions_spec.rb
 - spec/end_of_early_data_spec.rb
 - spec/error_spec.rb