tttls1.3 0.2.5 → 0.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99aff91ae6a3b3c49b7492320eca02c45372e58e8cc6fcf636363c767e18870b
-  data.tar.gz: 2c2327dbe62382897b92c2a89b3f74a45735d6ec40ac08f5ca62dc4f07ec8df8
+  metadata.gz: 434477f28514352dc19f51a5164df0544e4f10c0902726fb6daea7dd6a3b418e
+  data.tar.gz: 2efb6ab4f448b4e96d733f33475e21df10d0286faa8fde16ead1e88d3a4d09b4
 SHA512:
-  metadata.gz: c786c4679ca31d9ac60c1d9954cd2fd4e867cf55126a341409bc1aae294df984534861598d5b22643d2d5ab9acefa18cb85b63d7e5cafb90f04e6b41914bf417
-  data.tar.gz: ec601d3640d8518b0a0d6ae35a1453a9444995db944bfaa48e12c627ca58bc01d31e0ffb0925356d686cd97b7665f556152d3f858a245b501eb981a17ffb8dca
+  metadata.gz: 6459d7ac7994d985e6877e599908fd1d18fe35e70f476fc5091a8e59909c08c61ad9d4f9a3356c030fb53ce0a8c10d39d4963bb2f06255f95ae2068e952e88ad
+  data.tar.gz: 06efcf0f787fb07c88541df0874046c9b81a7e774d012e548f785fa9a8fcb0abe30bf3cf0da1b6e4f315bd4316b438a37d935bf6cc955104bc1c9bc74aeccf64

data/.rubocop.yml

@@ -1,6 +1,9 @@
 AllCops:
   TargetRubyVersion: 2.6
 
+Style/NumericLiterals:
+  Enabled: false
+
 Style/Documentation:
   Enabled: false
 

data/example/README.md

@@ -0,0 +1,25 @@
+## Usage
+
+The examples use PEM files in `../tmp/`.
+
+If you needed those, you could generate example PEM files, `ca.crt`, `ca.key`, `server.crt` and `server.key`, using `rake`.
+
+```bash
+$ rake gen_certs
+```
+
+The examples run as follows:
+
+```bash
+$ ruby https_client.rb
+
+$ ruby https_client.rb localhost:4433
+```
+
+Note that `https_server.rb` requires PEM files of certificate and private key.
+
+```bash
+$ ruby https_server.rb
+
+$ ruby https_server.rb 4433
+```

data/example/helper.rb

@@ -5,35 +5,58 @@ $LOAD_PATH << __dir__ + '/../lib'
 require 'socket'
 require 'tttls1.3'
 require 'webrick'
+require 'http/parser'
+require 'time'
 
-def simple_http_request(hostname)
-  s = <<~BIN
-    GET / HTTP/1.1
+def simple_http_request(hostname, path = '/')
+  s = <<~REQUEST
+    GET #{path} HTTP/1.1
     Host: #{hostname}
-    User-Agent: https_client
+    User-Agent: tttls1.3/examples
     Accept: */*
 
-  BIN
-  s.gsub("\n", "\r\n")
+  REQUEST
+
+  s.gsub(WEBrick::LF, WEBrick::CRLF)
+end
+
+def simple_http_response(body)
+  s = <<~RESPONSE
+    HTTP/1.1 200 OK
+    Date: #{Time.now.httpdate}
+    Content-Type: text/html
+    Content-Length: #{body.length}
+    Server: tttls1.3/examples
+
+    #{body}
+  RESPONSE
+
+  s.gsub(WEBrick::LF, WEBrick::CRLF)
 end
 
 def recv_http_response(client)
-  # status line, header
-  buf = ''
-  buf += client.read until buf.include?(WEBrick::CRLF * 2)
-  header = buf.split(WEBrick::CRLF * 2).first
-  # header; Content-Length
-  cl_line = header.split(WEBrick::CRLF).find { |s| s.match(/Content-Length:/i) }
-
-  # body
-  unless cl_line.nil?
-    cl = cl_line.split(':').last.to_i
-    buf = buf.split(WEBrick::CRLF * 2)[1..].join
-    while buf.length < cl
-      s = client.read
-      buf += s
-    end
+  parser = HTTP::Parser.new
+  buf = nil
+
+  parser.on_headers_complete = proc do |headers|
+    buf =
+      [
+        'HTTP/' + parser.http_version.join('.'),
+        parser.status_code,
+        WEBrick::HTTPStatus.reason_phrase(parser.status_code)
+      ].join(' ') + "\r\n" \
+      + headers.map { |k, v| k + ': ' + v + WEBrick::CRLF }.join \
+      + WEBrick::CRLF
+  end
+
+  parser.on_body = proc do |chunk|
+    buf += chunk
+  end
+
+  parser.on_message_complete = proc do
+    client.close
   end
 
-  header + WEBrick::CRLF * 2 + buf
+  parser << client.read until client.eof?
+  buf
 end

data/example/https_client.rb

@@ -4,15 +4,18 @@
 require_relative 'helper'
 
 hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+ca_file = __dir__ + '/../tmp/ca.crt'
 req = simple_http_request(hostname)
 
 socket = TCPSocket.new(hostname, port)
 settings = {
-  ca_file: __dir__ + '/../tmp/ca.crt',
-  alpn: ['http/1.1', 'http/1.0']
+  ca_file: File.exist?(ca_file) ? ca_file : nil,
+  alpn: ['http/1.1']
 }
 client = TTTLS13::Client.new(socket, hostname, settings)
 client.connect
 client.write(req)
+
 print recv_http_response(client)
-client.close
+client.close unless client.eof?
+socket.close

data/example/https_client_using_0rtt.rb

@@ -4,11 +4,12 @@
 require_relative 'helper'
 
 hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+ca_file = __dir__ + '/../tmp/ca.crt'
 req = simple_http_request(hostname)
 
 settings_2nd = {
-  ca_file: __dir__ + '/../tmp/ca.crt',
-  alpn: ['http/1.1', 'http/1.0']
+  ca_file: File.exist?(ca_file) ? ca_file : nil,
+  alpn: ['http/1.1']
 }
 process_new_session_ticket = proc do |nst, rms, cs|
   return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
@@ -21,8 +22,8 @@ process_new_session_ticket = proc do |nst, rms, cs|
   settings_2nd[:ticket_timestamp] = nst.timestamp
 end
 settings_1st = {
-  ca_file: __dir__ + '/../tmp/ca.crt',
-  alpn: ['http/1.1', 'http/1.0'],
+  ca_file: FileTest.exists?(ca_file) ? ca_file : nil,
+  alpn: ['http/1.1'],
   process_new_session_ticket: process_new_session_ticket
 }
 
@@ -43,7 +44,8 @@ succeed_early_data = false
   # send message after Simple 1-RTT Handshake
   client.write(req) if i.zero? || !client.succeed_early_data?
   print recv_http_response(client)
-  client.close
+  client.close unless client.eof?
+  socket.close
 
   succeed_early_data = client.succeed_early_data?
 end

data/example/https_client_using_hrr.rb

@@ -4,16 +4,18 @@
 require_relative 'helper'
 
 hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+ca_file = __dir__ + '/../tmp/ca.crt'
 req = simple_http_request(hostname)
 
 socket = TCPSocket.new(hostname, port)
 settings = {
-  ca_file: __dir__ + '/../tmp/ca.crt',
+  ca_file: File.exist?(ca_file) ? ca_file : nil,
   key_share_groups: [], # empty KeyShareClientHello.client_shares
-  alpn: ['http/1.1', 'http/1.0']
+  alpn: ['http/1.1']
 }
 client = TTTLS13::Client.new(socket, hostname, settings)
 client.connect
 client.write(req)
 print recv_http_response(client)
-client.close
+client.close unless client.eof?
+socket.close

data/example/https_client_using_hrr_and_ticket.rb

@@ -4,11 +4,12 @@
 require_relative 'helper'
 
 hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+ca_file = __dir__ + '/../tmp/ca.crt'
 req = simple_http_request(hostname)
 
 settings_2nd = {
-  ca_file: __dir__ + '/../tmp/ca.crt',
-  alpn: ['http/1.1', 'http/1.0']
+  ca_file: File.exist?(ca_file) ? ca_file : nil,
+  alpn: ['http/1.1']
 }
 process_new_session_ticket = proc do |nst, rms, cs|
   return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
@@ -22,8 +23,8 @@ process_new_session_ticket = proc do |nst, rms, cs|
   settings_2nd[:ticket_timestamp] = nst.timestamp
 end
 settings_1st = {
-  ca_file: __dir__ + '/../tmp/ca.crt',
-  alpn: ['http/1.1', 'http/1.0'],
+  ca_file: File.exist?(ca_file) ? ca_file : nil,
+  alpn: ['http/1.1'],
   process_new_session_ticket: process_new_session_ticket
 }
 
@@ -38,5 +39,6 @@ settings_1st = {
   client.connect
   client.write(req)
   print recv_http_response(client)
-  client.close
+  client.close unless client.eof?
+  socket.close
 end

data/example/https_client_using_ticket.rb

@@ -4,11 +4,12 @@
 require_relative 'helper'
 
 hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+ca_file = __dir__ + '/../tmp/ca.crt'
 req = simple_http_request(hostname)
 
 settings_2nd = {
-  ca_file: __dir__ + '/../tmp/ca.crt',
-  alpn: ['http/1.1', 'http/1.0']
+  ca_file: File.exist?(ca_file) ? ca_file : nil,
+  alpn: ['http/1.1']
 }
 process_new_session_ticket = proc do |nst, rms, cs|
   return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
@@ -21,8 +22,8 @@ process_new_session_ticket = proc do |nst, rms, cs|
   settings_2nd[:ticket_timestamp] = nst.timestamp
 end
 settings_1st = {
-  ca_file: __dir__ + '/../tmp/ca.crt',
-  alpn: ['http/1.1', 'http/1.0'],
+  ca_file: File.exist?(ca_file) ? ca_file : nil,
+  alpn: ['http/1.1'],
   process_new_session_ticket: process_new_session_ticket
 }
 
@@ -37,5 +38,6 @@ settings_1st = {
   client.connect
   client.write(req)
   print recv_http_response(client)
-  client.close
+  client.close unless client.eof?
+  socket.close
 end

data/example/https_server.rb

@@ -2,6 +2,8 @@
 # frozen_string_literal: true
 
 require_relative 'helper'
+require 'etc'
+require 'logger'
 
 port = ARGV[0] || 4433
 
@@ -9,38 +11,50 @@ tcpserver = TCPServer.open(port)
 settings = {
   crt_file: __dir__ + '/../tmp/server.crt',
   key_file: __dir__ + '/../tmp/server.key',
-  alpn: ['http/1.1', 'http/1.0']
+  alpn: ['http/1.1']
 }
 
+q = Queue.new
+logger = Logger.new(STDERR, Logger::WARN)
 # rubocop: disable Metrics/BlockLength
-loop do
-  socket = tcpserver.accept
-  Thread.start(socket) do |s|
-    Timeout.timeout(5) do
-      server = TTTLS13::Server.new(s, settings)
-      server.accept
-      buffer = ''
-      buffer += server.read until buffer.include?(WEBrick::CRLF * 2)
-      req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
-      req.parse(StringIO.new(buffer))
-      puts req.to_s
-      res = WEBrick::HTTPResponse.new(WEBrick::Config::HTTP)
-      res.status = 200
-      res.body = 'Hello'
-      res.content_length = 5
-      res.content_type = 'text/html'
-      server.write(
-        res.status_line \
-        + res.header.map { |k, v| k + ': ' + v }.join(WEBrick::CRLF) \
-        + WEBrick::CRLF * 2 \
-        + res.body
-      )
-      server.close
+Etc.nprocessors.times do
+  Thread.start do
+    loop do
+      s = q.pop
+      Timeout.timeout(1) do
+        server = TTTLS13::Server.new(s, settings)
+        parser = HTTP::Parser.new
+
+        parser.on_message_complete = proc do
+          if !parser.http_method.nil?
+            logger.info 'Receive Request'
+            server.write(simple_http_response('TEST'))
+            server.close
+          else
+            logger.warn 'Not Request'
+          end
+        end
+
+        begin
+          server.accept
+          parser << server.read until server.eof?
+        rescue HTTP::Parser::Error, TTTLS13::Error::ErrorAlerts
+          logger.warn 'Parser Error'
+        ensure
+          server.close unless server.eof?
+          parser.reset!
+        end
+      end
+    rescue Timeout::Error
+      logger.warn 'Timeout'
+    ensure
+      s.close
     end
-  rescue Timeout::Error => e
-    puts e.to_s + "\n\n"
-  ensure
-    s.close
   end
 end
 # rubocop: enable Metrics/BlockLength
+
+loop do
+  socket = tcpserver.accept
+  q << socket
+end

data/interop/client_spec.rb

@@ -151,10 +151,10 @@ RSpec.describe Client do
     ],
     [
       true,
-      '-alpn http/1.1',
+      '-alpn http/1.0',
       'rsa_rsa.crt',
       'rsa_rsa.key',
-      alpn: ['http/1.1']
+      alpn: ['http/1.0']
     ],
     [
       true,

data/interop/server_spec.rb

@@ -146,24 +146,24 @@ RSpec.describe Server do
     ],
     [
       true,
-      '-groups P-256:P-384:P-521 -alpn http/1.1',
+      '-groups P-256:P-384:P-521 -alpn pingpong',
       FIXTURES_DIR + '/rsa_rsa.crt',
       FIXTURES_DIR + '/rsa_rsa.key',
-      alpn: ['http/1.1']
+      alpn: ['pingpong']
     ],
     [
       true,
       '-groups P-256:P-384:P-521',
       FIXTURES_DIR + '/rsa_rsa.crt',
       FIXTURES_DIR + '/rsa_rsa.key',
-      alpn: ['http/1.1']
+      alpn: ['pingpong']
     ],
     [
       false,
       '-groups P-256:P-384:P-521 -alpn foo',
       FIXTURES_DIR + '/rsa_rsa.crt',
       FIXTURES_DIR + '/rsa_rsa.key',
-      alpn: ['http/1.1']
+      alpn: ['pingpong']
     ],
     [
       true,

data/lib/tttls1.3/client.rb

@@ -169,12 +169,17 @@ module TTTLS13
 
           sh = transcript[SH] = recv_server_hello
 
+          # downgrade protection
+          if !sh.negotiated_tls_1_3? && sh.downgraded?
+            terminate(:illegal_parameter)
           # support only TLS 1.3
-          terminate(:protocol_version) unless sh.negotiated_tls_1_3?
+          elsif !sh.negotiated_tls_1_3?
+            terminate(:protocol_version)
+          end
 
           # validate parameters
-          terminate(:illegal_parameter) unless sh.appearable_extensions?
-          terminate(:illegal_parameter) if sh.downgraded?
+          terminate(:illegal_parameter) \
+            unless sh.appearable_extensions?
           terminate(:illegal_parameter) \
             unless sh.legacy_compression_method == "\x00"
 

data/lib/tttls1.3/message/record.rb

@@ -66,7 +66,7 @@ module TTTLS13
       #
       # @raise [TTTLS13::Error::ErrorAlerts]
       #
-      # @return [TTTLS13::Message::Record, String]
+      # @return [TTTLS13::Message::Record]
       # rubocop: disable Metrics/CyclomaticComplexity
       # rubocop: disable Metrics/PerceivedComplexity
       def self.deserialize(binary, cipher, buffered = '')
@@ -140,7 +140,7 @@ module TTTLS13
         #
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
-        # @return [Array of TTTLS13::Message::$Object, String]
+        # @return [Array of TTTLS13::Message::$Object]
         # @return [String]
         def deserialize_fragment(binary, type)
           raise Error::ErrorAlerts, :internal_error if binary.nil?

data/lib/tttls1.3/utils.rb

@@ -15,46 +15,28 @@ module TTTLS13
         raise Error::ErrorAlerts, :internal_error \
           if negative? || self >= (1 << 16)
 
-        [
-          self / (1 << 8),
-          self % (1 << 8)
-        ].map(&:chr).join
+        [self].pack('n')
       end
 
       def to_uint24
         raise Error::ErrorAlerts, :internal_error \
           if negative? || self >= (1 << 24)
 
-        [
-          self / (1 << 16),
-          self % (1 << 16) / (1 << 8),
-          self % (1 << 8)
-        ].map(&:chr).join
+        [self].pack('N1')[1..]
       end
 
       def to_uint32
         raise Error::ErrorAlerts, :internal_error \
           if negative? || self >= (1 << 32)
 
-        [
-          self / (1 << 24),
-          self % (1 << 24) / (1 << 16),
-          self % (1 << 16) / (1 << 8),
-          self % (1 << 8)
-        ].map(&:chr).join
+        [self].pack('N1')
       end
 
       def to_uint64
         raise Error::ErrorAlerts, :internal_error \
           if negative? || self >= (1 << 64)
 
-        [
-          self / (1 << 32),
-          self % (1 << 32) / (1 << 24),
-          self % (1 << 24) / (1 << 16),
-          self % (1 << 16) / (1 << 8),
-          self % (1 << 8)
-        ].map(&:chr).join
+        [self >> 32, self].pack('N2')
       end
     end
 
@@ -84,7 +66,7 @@ module TTTLS13
   module Convert
     class << self
       def bin2i(binary)
-        binary.unpack('C*').reverse.map.with_index { |x, i| x << 8 * i }.sum
+        OpenSSL::BN.new(binary, 2).to_i
       end
     end
   end

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.2.5'
+  VERSION = '0.2.6'
 end

data/spec/utils_spec.rb

@@ -11,23 +11,28 @@ RSpec.describe TTTLS13::Refinements do
     end
 
     it 'should return uint8' do
+      expect(integer.to_uint8.length).to eq 1
       expect(integer.to_uint8).to eq "\x00"
     end
 
     it 'should return uint16' do
+      expect(integer.to_uint16.length).to eq 2
       expect(integer.to_uint16).to eq "\x00\x00"
     end
 
     it 'should return uint24' do
+      expect(integer.to_uint24.length).to eq 3
       expect(integer.to_uint24).to eq "\x00\x00\x00"
     end
 
     it 'should return uint32' do
+      expect(integer.to_uint32.length).to eq 4
       expect(integer.to_uint32).to eq "\x00\x00\x00\x00"
     end
 
     it 'should return uint64' do
-      expect(integer.to_uint64).to eq "\x00\x00\x00\x00\x00"
+      expect(integer.to_uint64.length).to eq 8
+      expect(integer.to_uint64).to eq "\x00\x00\x00\x00\x00\x00\x00\x00"
     end
   end
 
@@ -67,19 +72,23 @@ RSpec.describe TTTLS13::Refinements do
     end
 
     it 'should return uint16' do
+      expect(integer.to_uint16.length).to eq 2
       expect(integer.to_uint16).to eq "\x01\x00"
     end
 
     it 'should return uint24' do
+      expect(integer.to_uint24.length).to eq 3
       expect(integer.to_uint24).to eq "\x00\x01\x00"
     end
 
     it 'should return uint32' do
+      expect(integer.to_uint32.length).to eq 4
       expect(integer.to_uint32).to eq "\x00\x00\x01\x00"
     end
 
     it 'should return uint64' do
-      expect(integer.to_uint64).to eq "\x00\x00\x00\x01\x00"
+      expect(integer.to_uint64.length).to eq 8
+      expect(integer.to_uint64).to eq "\x00\x00\x00\x00\x00\x00\x01\x00"
     end
   end
 
@@ -97,15 +106,18 @@ RSpec.describe TTTLS13::Refinements do
     end
 
     it 'should return uint24' do
+      expect(integer.to_uint24.length).to eq 3
       expect(integer.to_uint24).to eq "\x01\x00\x00"
     end
 
     it 'should return uint32' do
+      expect(integer.to_uint32.length).to eq 4
       expect(integer.to_uint32).to eq "\x00\x01\x00\x00"
     end
 
     it 'should return uint64' do
-      expect(integer.to_uint64).to eq "\x00\x00\x01\x00\x00"
+      expect(integer.to_uint64.length).to eq 8
+      expect(integer.to_uint64).to eq "\x00\x00\x00\x00\x00\x01\x00\x00"
     end
   end
 
@@ -127,11 +139,13 @@ RSpec.describe TTTLS13::Refinements do
     end
 
     it 'should return uint32' do
+      expect(integer.to_uint32.length).to eq 4
       expect(integer.to_uint32).to eq "\x01\x00\x00\x00"
     end
 
     it 'should return uint64' do
-      expect(integer.to_uint64).to eq "\x00\x01\x00\x00\x00"
+      expect(integer.to_uint64.length).to eq 8
+      expect(integer.to_uint64).to eq "\x00\x00\x00\x00\x01\x00\x00\x00"
     end
   end
 
@@ -157,7 +171,8 @@ RSpec.describe TTTLS13::Refinements do
     end
 
     it 'should return uint64' do
-      expect(integer.to_uint64).to eq "\x01\x00\x00\x00\x00"
+      expect(integer.to_uint64.length).to eq 8
+      expect(integer.to_uint64).to eq "\x00\x00\x00\x01\x00\x00\x00\x00"
     end
   end
 
@@ -193,11 +208,16 @@ RSpec.describe TTTLS13::Refinements do
     end
 
     it 'should be prefixed' do
-      expect(string.prefix_uint8_length).to eq "\x06string"
-      expect(string.prefix_uint16_length).to eq "\x00\x06string"
-      expect(string.prefix_uint24_length).to eq "\x00\x00\x06string"
-      expect(string.prefix_uint32_length).to eq "\x00\x00\x00\x06string"
-      expect(string.prefix_uint64_length).to eq "\x00\x00\x00\x00\x06string"
+      expect(string.prefix_uint8_length)
+        .to eq "\x06string"
+      expect(string.prefix_uint16_length)
+        .to eq "\x00\x06string"
+      expect(string.prefix_uint24_length)
+        .to eq "\x00\x00\x06string"
+      expect(string.prefix_uint32_length)
+        .to eq "\x00\x00\x00\x06string"
+      expect(string.prefix_uint64_length)
+        .to eq "\x00\x00\x00\x00\x00\x00\x00\x06string"
     end
   end
 end
@@ -209,7 +229,7 @@ RSpec.describe Convert do
     end
 
     it 'should be converted to integer' do
-      expect(Convert.bin2i(binary)).to eq 4_886_718_345
+      expect(Convert.bin2i(binary)).to eq 4886718345
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.5
+  version: 0.2.6
 platform: ruby
 authors:
 - thekuwayama
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-24 00:00:00.000000000 Z
+date: 2019-07-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -67,6 +67,7 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- example/README.md
 - example/helper.rb
 - example/https_client.rb
 - example/https_client_using_0rtt.rb