RubyGems - tttls1.3 - Versions diffs - 0.2.2 → 0.2.3 - Mend

tttls1.3 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 356ce310f2323bede1cdfd21f6c18050d2ce9aca6da4c8ed67b439b597c92ba0
-  data.tar.gz: d1bcb99ae830df4c8c40688d85e5c7efcda76e0c608ef0707b5201862a5baff8
+  metadata.gz: 9b99157535ca4f2b06f4fc6d374116fbc6e496a7807184c56b31be11852d6e5f
+  data.tar.gz: 33ff8b94d80529bcabd7c4b3d8fe5ea9ee6513d1d90f4efe307f4edf7bbfb1ac
 SHA512:
-  metadata.gz: ae23baf431d2908aceae8e411deb2b8ebf33f8696e67602081c3f07b2d9dad523f8a21a251d5333243e2f44405e8efa0e6595e0af7a744c9fda05c026a824346
-  data.tar.gz: '0978b73204cc49a3fac033904c98c17eb05f45a2793a5f326298414db09599d065ab599ce34e4cc73bbd928abed9cb988a35ef7248ec9af1ff8a121f6378da61'
+  metadata.gz: 29f4cd4e505e33ef0b6f03265a3ecdc8e988a32a965a9079b8c92ee57e50a6ad7e7864fb24d07a14b0ec956fce6ce1c85d9d8072e908e202393c1bd73ad54c1f
+  data.tar.gz: c5ed00504bbdb7ee0b051a3534ab2c51bbfdbadbd703ca761fb06367b85798217b04ba7b7d1a8003aeff756d3e9b8e7b6f7c375872250de4139e7400760608d4

data/.travis.yml CHANGED Viewed

@@ -1,8 +1,14 @@
 sudo: false
 language: ruby
 rvm:
   - 2.6.1
+  - 2.6.2
+  - 2.6.3
 before_install:
   - gem install bundler -v 2.0.1
   - bundle install
 script: bundle exec rake

data/Rakefile CHANGED Viewed

@@ -128,4 +128,18 @@ end
 RuboCop::RakeTask.new
 RSpec::Core::RakeTask.new(:spec)
+desc 'interoperability test: TTTLS13::Client'
+RSpec::Core::RakeTask.new(:interop_client) do |t|
+  t.pattern = Dir.glob('interop/client_spec.rb')
+end
+desc 'interoperability test: TTTLS13::Server'
+RSpec::Core::RakeTask.new(:interop_server) do |t|
+  t.pattern = Dir.glob('interop/server_spec.rb')
+end
+desc 'interoperability test between openssl'
+task interop: %i[interop_client interop_server]
 task default: %i[rubocop spec]

data/interop/Dockerfile CHANGED Viewed

@@ -1,6 +1,6 @@
 FROM ubuntu:18.04
-ARG version="1.1.1b"
+ARG version="1.1.1c"
 RUN apt-get update && apt-get install -y --no-install-recommends \
         autoconf \

data/interop/client_spec.rb CHANGED Viewed

@@ -4,6 +4,7 @@
 require_relative 'helper'
 FIXTURES_DIR = __dir__ + '/../spec/fixtures'
+PORT = 4433
 RSpec.describe Client do
   # testcases
@@ -147,28 +148,37 @@ RSpec.describe Client do
       'rsa_rsa.crt',
       'rsa_rsa.key',
       key_share_groups: []
+    ],
+    [
+      true,
+      '-alpn http/1.1',
+      'rsa_rsa.crt',
+      'rsa_rsa.key',
+      alpn: ['http/1.1']
     ]
     # rubocop: enable Metrics/LineLength
   ].each do |normal, opt, crt, key, settings|
     context 'client interop' do
       before do
-        cmd = "docker run -v #{FIXTURES_DIR}:/tmp -p 4433:4433 -it openssl " \
-              + 'openssl s_server ' \
+        cmd = 'openssl s_server ' \
               + "-cert /tmp/#{crt} " \
               + "-key /tmp/#{key} " \
               + '-tls1_3 ' \
               + '-www ' \
               + '-quiet ' \
               + opt
-        pid = spawn(cmd)
+        pid = spawn('docker run ' \
+                    + "--volume #{FIXTURES_DIR}:/tmp " \
+                    + "--publish #{PORT}:#{PORT} " \
+                    + 'openssl ' + cmd)
         Process.detach(pid)
-        sleep(2.5) # waiting for openssl s_server
+        wait_to_listen(PORT)
       end
       let(:client) do
         hostname = 'localhost'
-        @socket = TCPSocket.new(hostname, 4433)
+        @socket = TCPSocket.new(hostname, PORT)
         settings[:ca_file] = FIXTURES_DIR + '/rsa_ca.crt'
         Client.new(@socket, hostname, settings)
       end

data/interop/helper.rb CHANGED Viewed

@@ -11,3 +11,7 @@ include TTTLS13::SignatureScheme
 include TTTLS13::Message::Extension
 include TTTLS13::Error
 # rubocop: enable Style/MixinUsage
+def wait_to_listen(port)
+  sleep(0.2) while `lsof -ni :#{port}`.empty?
+end

data/interop/server_spec.rb CHANGED Viewed

@@ -4,7 +4,9 @@
 require_relative 'helper'
 FIXTURES_DIR = __dir__ + '/../spec/fixtures'
-tcpserver = TCPServer.open(4433)
+PORT = 4433
+tcpserver = TCPServer.open(PORT)
 RSpec.describe Server do
   # testcases
@@ -141,6 +143,20 @@ RSpec.describe Server do
       FIXTURES_DIR + '/rsa_rsa.crt',
       FIXTURES_DIR + '/rsa_rsa.key',
       {}
+    ],
+    [
+      true,
+      '-groups P-256:P-384:P-521 -alpn http/1.1',
+      FIXTURES_DIR + '/rsa_rsa.crt',
+      FIXTURES_DIR + '/rsa_rsa.key',
+      alpn: 'http/1.1'
+    ],
+    [
+      false,
+      '-groups P-256:P-384:P-521 -alpn foo',
+      FIXTURES_DIR + '/rsa_rsa.crt',
+      FIXTURES_DIR + '/rsa_rsa.key',
+      alpn: 'http/1.1'
     ]
     # rubocop: enable Metrics/LineLength
   ].each do |normal, opt, crt, key, settings|
@@ -153,15 +169,18 @@ RSpec.describe Server do
       end
       let(:client) do
+        wait_to_listen(PORT)
         ip = Socket.ip_address_list.find(&:ipv4_private?).ip_address
         cmd = 'echo -n ping | openssl s_client ' \
-              + '-connect local:4433 ' \
+              + "-connect local:#{PORT} " \
               + '-tls1_3 ' \
               + '-CAfile /tmp/rsa_ca.crt ' \
               + '-servername localhost ' \
               + '-quiet ' \
               + opt
-        "docker run -v #{FIXTURES_DIR}:/tmp " \
+        'docker run ' \
+        + "--volume #{FIXTURES_DIR}:/tmp " \
         + "--add-host=local:#{ip} -it openssl " \
         + "sh -c \"#{cmd}\" 2>&1 >/dev/null"
       end
@@ -173,7 +192,7 @@ RSpec.describe Server do
       if normal
         it "should accept request from openssl s_client ...#{opt}" do
-          spawn('sleep 2; ' + client)
+          spawn(client)
           expect { server.accept }.to_not raise_error
           expect(server.read).to include 'ping'
           expect { server.write('pong') }.to_not raise_error
@@ -181,7 +200,7 @@ RSpec.describe Server do
         end
       else # exceptions scenarios
         it "should NOT accept request from openssl s_client ...#{opt}" do
-          spawn('sleep 2; ' + client)
+          spawn(client)
           expect { server.accept }.to raise_error ErrorAlerts
         end
       end

data/lib/tttls1.3/client.rb CHANGED Viewed

@@ -50,6 +50,7 @@ module TTTLS13
     signature_algorithms_cert: nil,
     supported_groups: DEFAULT_CH_NAMED_GROUP_LIST,
     key_share_groups: nil,
+    alpn: nil,
     process_new_session_ticket: nil,
     ticket: nil,
     resumption_master_secret: nil,
@@ -280,6 +281,10 @@ module TTTLS13
           @succeed_early_data = true \
             if ee.extensions.include?(Message::ExtensionType::EARLY_DATA)
+          @alpn = ee.extensions[
+            Message::ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
+          ]&.protocol_name_list&.first
           @state = ClientState::WAIT_CERT_CR
           @state = ClientState::WAIT_FINISHED unless psk.nil?
         when ClientState::WAIT_CERT_CR
@@ -397,6 +402,11 @@ module TTTLS13
       @succeed_early_data
     end
+    # @return [String]
+    def negotiated_alpn
+      @alpn
+    end
     private
     # @return [Boolean]
@@ -471,6 +481,8 @@ module TTTLS13
     # @return [TTTLS13::Message::Extensions]
     # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
+    # rubocop: disable Metrics/AbcSize
+    # rubocop: disable Metrics/CyclomaticComplexity
     def gen_ch_extensions
       exs = []
       # supported_versions: only TLS 1.3
@@ -507,8 +519,14 @@ module TTTLS13
       # early_data
       exs << Message::Extension::EarlyDataIndication.new if use_early_data?
+      # alpn
+      exs << Message::Extension::Alpn.new(@settings[:alpn].reject(&:empty?)) \
+        if !@settings[:alpn].nil? && !@settings[:alpn].empty?
       [Message::Extensions.new(exs), priv_keys]
     end
+    # rubocop: enable Metrics/AbcSize
+    # rubocop: enable Metrics/CyclomaticComplexity
     # @param extensions [TTTLS13::Message::Extensions]
     # @param binder_key [String, nil]

data/lib/tttls1.3/server.rb CHANGED Viewed

@@ -50,6 +50,7 @@ module TTTLS13
     cipher_suites: DEFAULT_SP_CIPHER_SUITES,
     signature_algorithms: DEFAULT_SP_SIGNATURE_ALGORITHMS,
     supported_groups: DEFAULT_SP_NAMED_GROUP_LIST,
+    alpn: nil,
     loglevel: Logger::WARN
   }.freeze
   private_constant :DEFAULT_SERVER_SETTINGS
@@ -151,6 +152,16 @@ module TTTLS13
           terminate(:illegal_parameter) unless ch.valid_key_share?
           terminate(:unrecognized_name) unless recognized_server_name?(ch, @crt)
+          # alpn
+          if !@settings[:alpn].nil? && !@settings[:alpn].empty?
+            pnl = ch.extensions[
+              Message::ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
+            ]&.protocol_name_list || []
+            @alpn = pnl.find { |p| @settings[:alpn].include?(p) }
+            terminate(:no_application_protocol) if @alpn.nil?
+          end
           @state = ServerState::RECVD_CH
         when ServerState::RECVD_CH
           logger.debug('ServerState::RECVD_CH')
@@ -209,7 +220,7 @@ module TTTLS13
           logger.debug('ServerState::WAIT_FLIGHT2')
           ch = transcript[CH]
-          ee = transcript[EE] = gen_encrypted_extensions(ch)
+          ee = transcript[EE] = gen_encrypted_extensions(ch, @alpn)
           # TODO: [Send CertificateRequest]
           ct = transcript[CT] = gen_certificate(@crt)
           digest = CipherSuite.digest(@cipher_suite)
@@ -335,9 +346,9 @@ module TTTLS13
       ksg = sp_groups.find do |g|
         !ks_groups.include?(g) && @settings[:supported_groups].include?(g)
       end
+      exs << Message::Extension::KeyShare.gen_hrr_key_share(ksg)
       # TODO: cookie
-      exs << Message::Extension::KeyShare.gen_hrr_key_share(ksg)
       sh = Message::ServerHello.new(
         random: Message::HRR_RANDOM,
@@ -363,10 +374,11 @@ module TTTLS13
     end
     # @param ch [TTTLS13::Message::ClientHello]
+    # @param alpn [String]
     #
     # @return [TTTLS13::Message::EncryptedExtensions]
-    def gen_encrypted_extensions(ch)
-      Message::EncryptedExtensions.new(gen_ee_extensions(ch))
+    def gen_encrypted_extensions(ch, alpn = nil)
+      Message::EncryptedExtensions.new(gen_ee_extensions(ch, alpn))
     end
     # @param crt [OpenSSL::X509::Certificate]
@@ -424,9 +436,10 @@ module TTTLS13
     end
     # @param ch [TTTLS13::Message::ClientHello]
+    # @param alpn [String]
     #
     # @return [TTTLS13::Message::Extensions]
-    def gen_ee_extensions(ch)
+    def gen_ee_extensions(ch, alpn)
       exs = []
       # server_name
@@ -437,6 +450,9 @@ module TTTLS13
       exs \
       << Message::Extension::SupportedGroups.new(@settings[:supported_groups])
+      # alpn
+      exs << Message::Extension::Alpn.new([alpn]) unless alpn.nil?
       Message::Extensions.new(exs)
     end

data/lib/tttls1.3/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module TTTLS13
-  VERSION = '0.2.2'
+  VERSION = '0.2.3'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - thekuwayama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-29 00:00:00.000000000 Z
+date: 2019-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler