RubyGems - tttls1.3 - Versions diffs - 0.2.9 → 0.2.14 - Mend

tttls1.3 0.2.9 → 0.2.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +32 -0
data/.rubocop.yml +9 -2
data/Gemfile +1 -1
data/README.md +5 -1
data/Rakefile +66 -7
data/example/helper.rb +6 -8
data/example/https_client.rb +1 -1
data/example/https_client_using_0rtt.rb +3 -3
data/example/https_client_using_hrr.rb +1 -1
data/example/https_client_using_hrr_and_ticket.rb +2 -2
data/example/https_client_using_status_request.rb +31 -0
data/example/https_client_using_ticket.rb +2 -2
data/example/https_server.rb +6 -5
data/interop/client_spec.rb +8 -8
data/interop/helper.rb +10 -2
data/interop/server_spec.rb +14 -10
data/lib/tttls1.3.rb +1 -0
data/lib/tttls1.3/client.rb +97 -12
data/lib/tttls1.3/connection.rb +45 -12
data/lib/tttls1.3/cryptograph.rb +1 -1
data/lib/tttls1.3/cryptograph/aead.rb +20 -7
data/lib/tttls1.3/message.rb +1 -1
data/lib/tttls1.3/message/alert.rb +2 -2
data/lib/tttls1.3/message/extension/status_request.rb +73 -17
data/lib/tttls1.3/message/extensions.rb +35 -12
data/lib/tttls1.3/server.rb +40 -13
data/lib/tttls1.3/utils.rb +15 -0
data/lib/tttls1.3/version.rb +1 -1
data/spec/extensions_spec.rb +16 -0
data/spec/fixtures/rsa_rsa.crt +15 -15
data/spec/fixtures/rsa_rsa.key +25 -25
data/spec/fixtures/rsa_rsa_ocsp.crt +18 -0
data/spec/fixtures/rsa_rsa_ocsp.key +27 -0
data/spec/server_hello_spec.rb +1 -1
data/spec/spec_helper.rb +35 -1
data/spec/status_request_spec.rb +77 -10
data/tttls1.3.gemspec +1 -1
metadata +14 -10
data/.travis.yml +0 -18
data/interop/Dockerfile +0 -28

data/interop/helper.rb CHANGED

@@ -12,6 +12,14 @@ include TTTLS13::Message::Extension
 include TTTLS13::Error
 # rubocop: enable Style/MixinUsage
-def wait_to_listen(port)
-  sleep(0.2) while `lsof -ni :#{port}`.empty?
+def wait_to_listen(host, port)
+  loop do
+    s = TCPSocket.open(host, port) # check by TCP handshake
+  rescue # rubocop: disable Style/RescueStandardError
+    sleep(0.2)
+    next
+  else
+    s.close
+    break
+  end
 end

data/interop/server_spec.rb CHANGED

@@ -9,14 +9,13 @@ PORT = 4433
 tcpserver = TCPServer.open(PORT)
 RSpec.describe Server do
-  # testcases
   # normal [Boolean] Is this nominal scenarios?
   # opt [String] openssl s_client options
   # crt [String] server crt file path
   # key [String] server key file path
   # settings [Hash] TTTLS13::Client settins
-  [
-    # rubocop: disable Metrics/LineLength
+  # rubocop: disable Layout/LineLength
+  testcases = [
     [
       true,
       '-groups P-256:P-384:P-521 -ciphersuites TLS_AES_256_GCM_SHA384',
@@ -172,20 +171,24 @@ RSpec.describe Server do
       FIXTURES_DIR + '/rsa_rsa.key',
       compatibility_mode: false
     ]
-    # rubocop: enable Metrics/LineLength
-  ].each do |normal, opt, crt, key, settings|
+  ]
+  # rubocop: enable Layout/LineLength
+  testcases.each do |normal, opt, crt, key, settings|
     context 'server interop' do
       let(:server) do
-        @socket = tcpserver.accept
+        loop do
+          @socket = tcpserver.accept
+          break unless @socket.eof?
+        end
         settings[:crt_file] = crt
         settings[:key_file] = key
-        Server.new(@socket, settings)
+        Server.new(@socket, **settings)
       end
       let(:client) do
-        wait_to_listen(PORT)
         ip = Socket.ip_address_list.find(&:ipv4_private?).ip_address
+        wait_to_listen(ip, PORT)
         cmd = 'echo -n ping | openssl s_client ' \
               + "-connect local:#{PORT} " \
               + '-tls1_3 ' \
@@ -195,7 +198,7 @@ RSpec.describe Server do
               + opt
         'docker run ' \
         + "--volume #{FIXTURES_DIR}:/tmp " \
-        + "--add-host=local:#{ip} -it openssl " \
+        + "--add-host=local:#{ip} thekuwayama/openssl " \
         + "sh -c \"#{cmd}\" 2>&1 >/dev/null"
       end
@@ -216,6 +219,7 @@ RSpec.describe Server do
         it "should NOT accept request from openssl s_client ...#{opt}" do
           spawn(client)
           expect { server.accept }.to raise_error ErrorAlerts
+          expect { server.close }.to_not raise_error
         end
       end
     end

data/lib/tttls1.3.rb CHANGED

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require 'openssl'
+require 'net/http'
 require 'pp'
 require 'logger'

data/lib/tttls1.3/client.rb CHANGED

@@ -59,6 +59,8 @@ module TTTLS13
     ticket_age_add: nil,
     ticket_timestamp: nil,
     record_size_limit: nil,
+    check_certificate_status: false,
+    process_certificate_status: nil,
     compatibility_mode: true,
     loglevel: Logger::WARN
   }.freeze
@@ -300,7 +302,8 @@ module TTTLS13
           message = recv_message(receivable_ccs: true, cipher: hs_rcipher)
           if message.msg_type == Message::HandshakeType::CERTIFICATE
             ct = transcript[CT] = message
-            terminate_invalid_certificate(ct, transcript[CH])
+            alert = check_invalid_certificate(ct, transcript[CH])
+            terminate(alert) unless alert.nil?
             @state = ClientState::WAIT_CV
           elsif message.msg_type == Message::HandshakeType::CERTIFICATE_REQUEST
@@ -314,7 +317,8 @@ module TTTLS13
           logger.debug('ClientState::WAIT_CERT')
           ct = transcript[CT] = recv_certificate(hs_rcipher)
-          terminate_invalid_certificate(ct, transcript[CH])
+          alert = check_invalid_certificate(ct, transcript[CH])
+          terminate(alert) unless alert.nil?
           @state = ClientState::WAIT_CV
         when ClientState::WAIT_CV
@@ -392,6 +396,53 @@ module TTTLS13
       @succeed_early_data
     end
+    # @param res [OpenSSL::OCSP::Response]
+    # @param cert [OpenSSL::X509::Certificate]
+    # @param chain [Array of OpenSSL::X509::Certificate, nil]
+    #
+    # @return [Boolean]
+    #
+    # @example
+    #   m = Client.method(:softfail_check_certificate_status)
+    #   Client.new(
+    #     socket,
+    #     hostname,
+    #     check_certificate_status: true,
+    #     process_certificate_status: m
+    #   )
+    def self.softfail_check_certificate_status(res, cert, chain)
+      ocsp_response = res
+      cid = OpenSSL::OCSP::CertificateId.new(cert, chain.first)
+      # When NOT received OCSPResponse in TLS handshake, this method will
+      # send OCSPRequest. If ocsp_uri is NOT presented in Certificate, return
+      # true. Also, if it sends OCSPRequest and does NOT receive a HTTPresponse
+      # within 2 seconds, return true.
+      if ocsp_response.nil?
+        uri = cert.ocsp_uris&.find { |u| URI::DEFAULT_PARSER.make_regexp =~ u }
+        return true if uri.nil?
+        begin
+          # send OCSP::Request
+          ocsp_request = gen_ocsp_request(cid)
+          Timeout.timeout(2) do
+            ocsp_response = send_ocsp_request(ocsp_request, uri)
+          end
+          # check nonce of OCSP::Response
+          check_nonce = ocsp_request.check_nonce(ocsp_response.basic)
+          return true unless [-1, 1].include?(check_nonce)
+        rescue StandardError
+          return true
+        end
+      end
+      return true \
+        if ocsp_response.status != OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
+      status = ocsp_response.basic.status.find { |s| s.first.cmp(cid) }
+      status[1] != OpenSSL::OCSP::V_CERTSTATUS_REVOKED
+    end
     private
     # @return [Boolean]
@@ -423,6 +474,9 @@ module TTTLS13
       rsl = @settings[:record_size_limit]
       return false if !rsl.nil? && (rsl < 64 || rsl > 2**14 + 1)
+      return false if @settings[:check_certificate_status] &&
+                      @settings[:process_certificate_status].nil?
       true
     end
     # rubocop: enable Metrics/AbcSize
@@ -471,9 +525,10 @@ module TTTLS13
     # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
     # rubocop: disable Metrics/AbcSize
     # rubocop: disable Metrics/CyclomaticComplexity
+    # rubocop: disable Metrics/MethodLength
     # rubocop: disable Metrics/PerceivedComplexity
     def gen_ch_extensions
-      exs = []
+      exs = Message::Extensions.new
       # server_name
       exs << Message::Extension::ServerName.new(@hostname)
@@ -519,10 +574,15 @@ module TTTLS13
       exs << Message::Extension::Alpn.new(@settings[:alpn].reject(&:empty?)) \
         if !@settings[:alpn].nil? && !@settings[:alpn].empty?
-      [Message::Extensions.new(exs), priv_keys]
+      # status_request
+      exs << Message::Extension::OCSPStatusRequest.new \
+        if @settings[:check_certificate_status]
+      [exs, priv_keys]
     end
     # rubocop: enable Metrics/AbcSize
     # rubocop: enable Metrics/CyclomaticComplexity
+    # rubocop: enable Metrics/MethodLength
     # rubocop: enable Metrics/PerceivedComplexity
     # @param extensions [TTTLS13::Message::Extensions]
@@ -611,7 +671,7 @@ module TTTLS13
     # @return [TTTLS13::Message::Extensions]
     # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
     def gen_newch_extensions(ch1, hrr)
-      exs = []
+      exs = Message::Extensions.new
       # key_share
       if hrr.extensions.include?(Message::ExtensionType::KEY_SHARE)
         group = hrr.extensions[Message::ExtensionType::KEY_SHARE]
@@ -633,7 +693,7 @@ module TTTLS13
         if hrr.extensions.include?(Message::ExtensionType::COOKIE)
       # early_data
-      new_exs = ch1.extensions.merge(Message::Extensions.new(exs))
+      new_exs = ch1.extensions.merge(exs)
       new_exs.delete(Message::ExtensionType::EARLY_DATA)
       [new_exs, priv_keys]
@@ -753,16 +813,32 @@ module TTTLS13
     # @param ct [TTTLS13::Message::Certificate]
     # @param ch [TTTLS13::Message::ClientHello]
-    def terminate_invalid_certificate(ct, ch)
-      terminate(:illegal_parameter) unless ct.appearable_extensions?
+    #
+    # @return [Symbol, nil] return key of ALERT_DESCRIPTION, if invalid
+    def check_invalid_certificate(ct, ch)
+      return :illegal_parameter unless ct.appearable_extensions?
-      terminate(:unsupported_extension) \
+      return :unsupported_extension \
         unless ct.certificate_list.map(&:extensions)
                  .all? { |e| (e.keys - ch.extensions.keys).empty? }
-      terminate(:certificate_unknown) \
-        unless trusted_certificate?(ct.certificate_list,
-                                    @settings[:ca_file], @hostname)
+      return :certificate_unknown unless trusted_certificate?(
+        ct.certificate_list,
+        @settings[:ca_file],
+        @hostname
+      )
+      if @settings[:check_certificate_status]
+        ee = ct.certificate_list.first
+        ocsp_response = ee.extensions[Message::ExtensionType::STATUS_REQUEST]
+                         &.ocsp_response
+        cert = ee.cert_data
+        chain = ct.certificate_list[1..]&.map(&:cert_data)
+        return :bad_certificate_status_response \
+          unless satisfactory_certificate_status?(ocsp_response, cert, chain)
+      end
+      nil
     end
     # @param ct [TTTLS13::Message::Certificate]
@@ -784,6 +860,15 @@ module TTTLS13
       )
     end
+    # @param ocsp_response [OpenSSL::OCSP::Response]
+    # @param cert [OpenSSL::X509::Certificate]
+    # @param chain [Array of OpenSSL::X509::Certificate, nil]
+    #
+    # @return [Boolean]
+    def satisfactory_certificate_status?(ocsp_response, cert, chain)
+      @settings[:process_certificate_status]&.call(ocsp_response, cert, chain)
+    end
     # @param nst [TTTLS13::Message::NewSessionTicket]
     #
     # @raise [TTTLS13::Error::ErrorAlerts]

data/lib/tttls1.3/connection.rb CHANGED

@@ -254,7 +254,7 @@ module TTTLS13
     end
     # rubocop: enable Metrics/CyclomaticComplexity
-    # @param wcipher [TTTLS13::Cryptograph::Aead, Passer]
+    # @param cipher [TTTLS13::Cryptograph::Aead, Passer]
     #
     # @return [TTTLS13::Message::Record]
     def recv_record(cipher)
@@ -273,7 +273,7 @@ module TTTLS13
       # Received a protected ccs, peer MUST abort the handshake.
       if record.type == Message::ContentType::APPLICATION_DATA &&
-         record.messages.first.is_a?(Message::ChangeCipherSpec)
+         record.messages.any? { |m| m.is_a?(Message::ChangeCipherSpec) }
         terminate(:unexpected_message)
       end
@@ -474,8 +474,10 @@ module TTTLS13
     #
     # @return [Boolean]
     def trusted_certificate?(certificate_list, ca_file = nil, hostname = nil)
-      cert_bin = certificate_list.first.cert_data
-      cert = OpenSSL::X509::Certificate.new(cert_bin)
+      chain = certificate_list.map(&:cert_data).map do |c|
+        OpenSSL::X509::Certificate.new(c)
+      end
+      cert = chain.shift
       # not support CN matching, only support SAN matching
       return false if !hostname.nil? && !matching_san?(cert, hostname)
@@ -483,9 +485,6 @@ module TTTLS13
       store = OpenSSL::X509::Store.new
       store.set_default_paths
       store.add_file(ca_file) unless ca_file.nil?
-      chain = certificate_list[1..].map(&:cert_data).map do |c|
-        OpenSSL::X509::Certificate.new(c)
-      end
       # TODO: parse authorityInfoAccess::CA Issuers
       ctx = OpenSSL::X509::StoreContext.new(store, cert, chain)
       now = Time.now
@@ -515,22 +514,22 @@ module TTTLS13
     def do_select_signature_algorithms(signature_algorithms, crt)
       spki = OpenSSL::Netscape::SPKI.new
       spki.public_key = crt.public_key
-      oid_str = spki.to_text.split("\n")
-                    .find { |l| l.include?('Public Key Algorithm:') }
+      pka = OpenSSL::ASN1.decode(spki.to_der)
+                         .value.first.value.first.value.first.value.first.value
       signature_algorithms.select do |sa|
         case sa
         when SignatureScheme::ECDSA_SECP256R1_SHA256,
              SignatureScheme::ECDSA_SECP384R1_SHA384,
              SignatureScheme::ECDSA_SECP521R1_SHA512
-          oid_str.include?('id-ecPublicKey')
+          pka == 'id-ecPublicKey'
         when SignatureScheme::RSA_PSS_PSS_SHA256,
              SignatureScheme::RSA_PSS_PSS_SHA384,
              SignatureScheme::RSA_PSS_PSS_SHA512
-          oid_str.include?('rsassaPss')
+          pka == 'rsassaPss'
         when SignatureScheme::RSA_PSS_RSAE_SHA256,
              SignatureScheme::RSA_PSS_RSAE_SHA384,
              SignatureScheme::RSA_PSS_RSAE_SHA512
-          oid_str.include?('rsaEncryption')
+          pka == 'rsaEncryption'
         else
           # RSASSA-PKCS1-v1_5 algorithms refer solely to signatures which appear
           # in certificates and are not defined for use in signed TLS handshake
@@ -539,6 +538,40 @@ module TTTLS13
         end
       end
     end
+    class << self
+      # @param cid [OpenSSL::OCSP::CertificateId]
+      #
+      # @return [OpenSSL::OCSP::Request]
+      def gen_ocsp_request(cid)
+        ocsp_request = OpenSSL::OCSP::Request.new
+        ocsp_request.add_certid(cid)
+        ocsp_request.add_nonce
+        ocsp_request
+      end
+      # @param ocsp_request [OpenSSL::OCSP::Request]
+      # @param uri_string [String]
+      #
+      # @raise [Net::OpenTimeout, OpenSSL::OCSP::OCSPError, URI::$Exception]
+      #
+      # @return [OpenSSL::OCSP::Response, n
+      def send_ocsp_request(ocsp_request, uri_string)
+        # send HTTP POST
+        uri = URI.parse(uri_string)
+        path = uri.path
+        path = '/' if path.nil? || path.empty?
+        http_response = Net::HTTP.start(uri.host, uri.port) do |http|
+          http.post(
+            path,
+            ocsp_request.to_der,
+            'content-type' => 'application/ocsp-request'
+          )
+        end
+        OpenSSL::OCSP::Response.new(http_response.body)
+      end
+    end
   end
   # rubocop: enable Metrics/ClassLength
 end

data/lib/tttls1.3/cryptograph.rb CHANGED

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
-Dir[File.dirname(__FILE__) + '/cryptograph/*.rb'].each { |f| require f }
+Dir[File.dirname(__FILE__) + '/cryptograph/*.rb'].sort.each { |f| require f }

data/lib/tttls1.3/cryptograph/aead.rb CHANGED

@@ -44,8 +44,7 @@ module TTTLS13
       #
       # @return [String]
       def encrypt(content, type)
-        reset_cipher
-        cipher = @cipher.encrypt
+        cipher = reset_cipher
         plaintext = content + type + "\x00" * @length_of_padding
         cipher.auth_data = additional_data(plaintext.length)
         encrypted_data = cipher.update(plaintext) + cipher.final
@@ -66,8 +65,7 @@ module TTTLS13
       # @return [String]
       # @return [TTTLS13::Message::ContentType]
       def decrypt(encrypted_record, auth_data)
-        reset_cipher
-        decipher = @cipher.decrypt
+        decipher = reset_decipher
         auth_tag = encrypted_record[-@auth_tag_len..-1]
         decipher.auth_tag = auth_tag
         decipher.auth_data = auth_data # record header of TLSCiphertext
@@ -105,11 +103,26 @@ module TTTLS13
         + ciphertext_len.to_uint16
       end
+      # @return [OpenSSL::Cipher]
       def reset_cipher
-        @cipher.reset
-        @cipher.key = @write_key
+        cipher = @cipher.encrypt
+        cipher.reset
+        cipher.key = @write_key
         iv_len = CipherSuite.iv_len(@cipher_suite)
-        @cipher.iv = @sequence_number.xor(@write_iv, iv_len)
+        cipher.iv = @sequence_number.xor(@write_iv, iv_len)
+        cipher
+      end
+      # @return [OpenSSL::Cipher]
+      def reset_decipher
+        decipher = @cipher.decrypt
+        decipher.reset
+        decipher.key = @write_key
+        iv_len = CipherSuite.iv_len(@cipher_suite)
+        decipher.iv = @sequence_number.xor(@write_iv, iv_len)
+        decipher
       end
       # @param clear [String]

data/lib/tttls1.3/message.rb CHANGED

@@ -78,4 +78,4 @@ module TTTLS13
   end
 end
-Dir[File.dirname(__FILE__) + '/message/*.rb'].each { |f| require f }
+Dir[File.dirname(__FILE__) + '/message/*.rb'].sort.each { |f| require f }