tttls1.3 0.3.1 → 0.3.2

data/lib/tttls1.3/connection.rb

@@ -5,42 +5,42 @@ module TTTLS13
   INITIAL = 0
   EOF     = -1
 
-  SUPPORTED_ECHCONFIG_VERSIONS = ["\xfe\x0d"].freeze
-  private_constant :SUPPORTED_ECHCONFIG_VERSIONS
-
   # rubocop: disable Metrics/ClassLength
   class Connection
     include Logging
 
+    attr_accessor :state
+    attr_accessor :ap_wcipher
+    attr_accessor :ap_rcipher
+    attr_accessor :alert_wcipher
+
     # @param socket [Socket]
-    def initialize(socket)
+    # @param side [:client or :server]
+    def initialize(socket, side)
       @socket = socket
-      @endpoint = nil # Symbol or String, :client or :server
+      @side = side
+      @state = INITIAL
       @ap_wcipher = Cryptograph::Passer.new
       @ap_rcipher = Cryptograph::Passer.new
       @alert_wcipher = Cryptograph::Passer.new
       @message_queue = [] # Array of [TTTLS13::Message::$Object, String]
       @binary_buffer = '' # deposit Record.surplus_binary
-      @cipher_suite = nil # TTTLS13::CipherSuite
-      @named_group = nil # TTTLS13::NamedGroup
-      @signature_scheme = nil # TTTLS13::SignatureScheme
-      @state = 0 # ClientState or ServerState
       @send_record_size = Message::DEFAULT_RECORD_SIZE_LIMIT
       @recv_record_size = Message::DEFAULT_RECORD_SIZE_LIMIT
-      @alpn = nil # String
-      @exporter_secret = nil # String
     end
 
+    # @param nst_process [Method]
+    #
     # @raise [TTTLS13::Error::ConfigError]
     #
     # @return [String]
     # rubocop: disable Metrics/CyclomaticComplexity
     # rubocop: disable Metrics/PerceivedComplexity
-    def read
+    def read(nst_process)
       # secure channel has not established yet
       raise Error::ConfigError \
-        unless (@endpoint == :client && @state == ClientState::CONNECTED) ||
-               (@endpoint == :server && @state == ServerState::CONNECTED)
+        unless (@side == :client && @state == ClientState::CONNECTED) ||
+               (@side == :server && @state == ServerState::CONNECTED)
       return '' if @state == EOF
 
       message = nil
@@ -50,7 +50,9 @@ module TTTLS13
         # message, it MAY send a NewSessionTicket message.
         break unless message.is_a?(Message::NewSessionTicket)
 
-        process_new_session_ticket(message)
+        terminate(:unexpected_message) if @side == :server
+
+        nst_process.call(message)
       end
       return '' if message.nil?
 
@@ -70,8 +72,8 @@ module TTTLS13
     def write(binary)
       # secure channel has not established yet
       raise Error::ConfigError \
-        unless (@endpoint == :client && @state == ClientState::CONNECTED) ||
-               (@endpoint == :server && @state == ServerState::CONNECTED)
+        unless (@side == :client && @state == ClientState::CONNECTED) ||
+               (@side == :server && @state == ServerState::CONNECTED)
 
       ap = Message::ApplicationData.new(binary)
       send_application_data(ap, @ap_wcipher)
@@ -82,82 +84,6 @@ module TTTLS13
 
       send_alert(:close_notify)
       @state = EOF
-
-      nil
-    end
-
-    # @return [TTTLS13::CipherSuite, nil]
-    def negotiated_cipher_suite
-      @cipher_suite
-    end
-
-    # @return [TTTLS13::NamedGroup, nil]
-    def negotiated_named_group
-      @named_group
-    end
-
-    # @return [TTTLS13::SignatureScheme, nil]
-    def negotiated_signature_scheme
-      @signature_scheme
-    end
-
-    # @return [String]
-    def negotiated_alpn
-      @alpn
-    end
-
-    # @param label [String]
-    # @param context [String]
-    # @param key_length [Integer]
-    #
-    # @return [String, nil]
-    def exporter(label, context, key_length)
-      return nil if @exporter_secret.nil? || @cipher_suite.nil?
-
-      digest = CipherSuite.digest(@cipher_suite)
-      do_exporter(@exporter_secret, digest, label, context, key_length)
-    end
-
-    private
-
-    # @param secret [String] (early_)exporter_secret
-    # @param digest [String] name of digest algorithm
-    # @param label [String]
-    # @param context [String]
-    # @param key_length [Integer]
-    #
-    # @return [String]
-    def do_exporter(secret, digest, label, context, key_length)
-      derived_secret = KeySchedule.hkdf_expand_label(
-        secret,
-        label,
-        OpenSSL::Digest.digest(digest, ''),
-        OpenSSL::Digest.new(digest).digest_length,
-        digest
-      )
-
-      KeySchedule.hkdf_expand_label(
-        derived_secret,
-        'exporter',
-        OpenSSL::Digest.digest(digest, context),
-        key_length,
-        digest
-      )
-    end
-
-    # @param cipher_suite [TTTLS13::CipherSuite]
-    # @param write_key [String]
-    # @param write_iv [String]
-    #
-    # @return [TTTLS13::Cryptograph::Aead]
-    def gen_cipher(cipher_suite, write_key, write_iv)
-      seq_num = SequenceNumber.new
-      Cryptograph::Aead.new(
-        cipher_suite: cipher_suite,
-        write_key: write_key,
-        write_iv: write_iv,
-        sequence_number: seq_num
-      )
     end
 
     # @param type [TTTLS13::Message::ContentType]
@@ -213,7 +139,7 @@ module TTTLS13
 
     # @param record [TTTLS13::Message::Record]
     def send_record(record)
-      logger.debug("send \n" + record.pretty_inspect)
+      logger.info(Convert.obj2html(record))
       @socket.write(record.serialize(@send_record_size))
     end
 
@@ -288,167 +214,10 @@ module TTTLS13
         terminate(:unexpected_message)
       end
 
-      logger.debug("receive \n" + record.pretty_inspect)
+      logger.info(Convert.obj2html(record))
       [record, orig_msgs]
     end
 
-    # @param ch1 [TTTLS13::Message::ClientHello]
-    # @param hrr [TTTLS13::Message::ServerHello]
-    # @param ch [TTTLS13::Message::ClientHello]
-    # @param binder_key [String]
-    # @param digest [String] name of digest algorithm
-    #
-    # @return [String]
-    def do_sign_psk_binder(ch1:, hrr:, ch:, binder_key:, digest:)
-      # TODO: ext binder
-      hash_len = OpenSSL::Digest.new(digest).digest_length
-      tt = Transcript.new
-      tt[CH1] = [ch1, ch1.serialize] unless ch1.nil?
-      tt[HRR] = [hrr, hrr.serialize] unless hrr.nil?
-      tt[CH] = [ch, ch.serialize]
-      # transcript-hash (CH1 + HRR +) truncated-CH
-      hash = tt.truncate_hash(digest, CH, hash_len + 3)
-      OpenSSL::HMAC.digest(digest, binder_key, hash)
-    end
-
-    # @param key [OpenSSL::PKey::PKey]
-    # @param signature_scheme [TTTLS13::SignatureScheme]
-    # @param context [String]
-    # @param hash [String]
-    #
-    # @raise [TTTLS13::Error::ErrorAlerts]
-    #
-    # @return [String]
-    # rubocop: disable Metrics/CyclomaticComplexity
-    def do_sign_certificate_verify(key:, signature_scheme:, context:, hash:)
-      content = "\x20" * 64 + context + "\x00" + hash
-
-      # RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether
-      # RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".
-      case signature_scheme
-      when SignatureScheme::RSA_PKCS1_SHA256,
-           SignatureScheme::RSA_PSS_RSAE_SHA256,
-           SignatureScheme::RSA_PSS_PSS_SHA256
-        key.sign_pss('SHA256', content, salt_length: :digest,
-                                        mgf1_hash: 'SHA256')
-      when SignatureScheme::RSA_PKCS1_SHA384,
-           SignatureScheme::RSA_PSS_RSAE_SHA384,
-           SignatureScheme::RSA_PSS_PSS_SHA384
-        key.sign_pss('SHA384', content, salt_length: :digest,
-                                        mgf1_hash: 'SHA384')
-      when SignatureScheme::RSA_PKCS1_SHA512,
-           SignatureScheme::RSA_PSS_RSAE_SHA512,
-           SignatureScheme::RSA_PSS_PSS_SHA512
-        key.sign_pss('SHA512', content, salt_length: :digest,
-                                        mgf1_hash: 'SHA512')
-      when SignatureScheme::ECDSA_SECP256R1_SHA256
-        key.sign('SHA256', content)
-      when SignatureScheme::ECDSA_SECP384R1_SHA384
-        key.sign('SHA384', content)
-      when SignatureScheme::ECDSA_SECP521R1_SHA512
-        key.sign('SHA512', content)
-      else # TODO: ED25519, ED448
-        terminate(:internal_error)
-      end
-    end
-    # rubocop: enable Metrics/CyclomaticComplexity
-
-    # @param public_key [OpenSSL::PKey::PKey]
-    # @param signature_scheme [TTTLS13::SignatureScheme]
-    # @param signature [String]
-    # @param context [String]
-    # @param hash [String]
-    #
-    # @raise [TTTLS13::Error::ErrorAlerts]
-    #
-    # @return [Boolean]
-    # rubocop: disable Metrics/CyclomaticComplexity
-    def do_verified_certificate_verify?(public_key:, signature_scheme:,
-                                        signature:, context:, hash:)
-      content = "\x20" * 64 + context + "\x00" + hash
-
-      # RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether
-      # RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".
-      case signature_scheme
-      when SignatureScheme::RSA_PKCS1_SHA256,
-           SignatureScheme::RSA_PSS_RSAE_SHA256,
-           SignatureScheme::RSA_PSS_PSS_SHA256
-        public_key.verify_pss('SHA256', signature, content, salt_length: :auto,
-                                                            mgf1_hash: 'SHA256')
-      when SignatureScheme::RSA_PKCS1_SHA384,
-           SignatureScheme::RSA_PSS_RSAE_SHA384,
-           SignatureScheme::RSA_PSS_PSS_SHA384
-        public_key.verify_pss('SHA384', signature, content, salt_length: :auto,
-                                                            mgf1_hash: 'SHA384')
-      when SignatureScheme::RSA_PKCS1_SHA512,
-           SignatureScheme::RSA_PSS_RSAE_SHA512,
-           SignatureScheme::RSA_PSS_PSS_SHA512
-        public_key.verify_pss('SHA512', signature, content, salt_length: :auto,
-                                                            mgf1_hash: 'SHA512')
-      when SignatureScheme::ECDSA_SECP256R1_SHA256
-        public_key.verify('SHA256', signature, content)
-      when SignatureScheme::ECDSA_SECP384R1_SHA384
-        public_key.verify('SHA384', signature, content)
-      when SignatureScheme::ECDSA_SECP521R1_SHA512
-        public_key.verify('SHA512', signature, content)
-      else # TODO: ED25519, ED448
-        terminate(:internal_error)
-      end
-    end
-    # rubocop: enable Metrics/CyclomaticComplexity
-
-    # @param digest [String] name of digest algorithm
-    # @param finished_key [String]
-    # @param hash [String]
-    #
-    # @return [String]
-    def sign_finished(digest:, finished_key:, hash:)
-      OpenSSL::HMAC.digest(digest, finished_key, hash)
-    end
-
-    # @param finished [TTTLS13::Message::Finished]
-    # @param digest [String] name of digest algorithm
-    # @param finished_key [String]
-    # @param hash [String]
-    #
-    # @return [Boolean]
-    def verified_finished?(finished:, digest:, finished_key:, hash:)
-      sign_finished(digest: digest, finished_key: finished_key, hash: hash) \
-      == finished.verify_data
-    end
-
-    # @param key_exchange [String]
-    # @param priv_key [OpenSSL::PKey::$Object]
-    # @param group [TTTLS13::NamedGroup]
-    #
-    # @return [String]
-    def gen_shared_secret(key_exchange, priv_key, group)
-      curve = NamedGroup.curve_name(group)
-      terminate(:internal_error) if curve.nil?
-
-      pub_key = OpenSSL::PKey::EC::Point.new(
-        OpenSSL::PKey::EC::Group.new(curve),
-        OpenSSL::BN.new(key_exchange, 2)
-      )
-
-      priv_key.dh_compute_key(pub_key)
-    end
-
-    # @param transcript [TTTLS13::Transcript]
-    #
-    # @return [Boolean]
-    def receivable_ccs?(transcript)
-      # Received ccs before the first ClientHello message or after the peer's
-      # Finished message, peer MUST abort.
-      #
-      # Server may receive an unprotected record of type change_cipher_spec
-      # between the first and second ClientHello
-      finished = (@endpoint == :client ? SF : CF)
-
-      (transcript.include?(CH) || transcript.include?(CH1)) &&
-        !transcript.include?(finished)
-    end
-
     # @param symbol [Symbol] key of ALERT_DESCRIPTION
     #
     # @raise [TTTLS13::Error::ErrorAlerts]
@@ -467,116 +236,6 @@ module TTTLS13
       end
 
       @state = EOF
-      nil
-    end
-
-    # @param _nst [TTTLS13::Message::NewSessionTicket]
-    #
-    # @raise [TTTLS13::Error::ErrorAlerts]
-    def process_new_session_ticket(_nst)
-      terminate(:unexpected_message) if @endpoint == :server
-    end
-
-    # @param certificate_list [Array of CertificateEntry]
-    # @param ca_file [String] path to ca.crt
-    # @param hostname [String]
-    #
-    # @return [Boolean]
-    def trusted_certificate?(certificate_list, ca_file = nil, hostname = nil)
-      chain = certificate_list.map(&:cert_data).map do |c|
-        OpenSSL::X509::Certificate.new(c)
-      end
-      cert = chain.shift
-
-      # not support CN matching, only support SAN matching
-      return false if !hostname.nil? && !matching_san?(cert, hostname)
-
-      store = OpenSSL::X509::Store.new
-      store.set_default_paths
-      store.add_file(ca_file) unless ca_file.nil?
-      # TODO: parse authorityInfoAccess::CA Issuers
-      ctx = OpenSSL::X509::StoreContext.new(store, cert, chain)
-      now = Time.now
-      ctx.verify && cert.not_before < now && now < cert.not_after
-    end
-
-    # @param cert [OpenSSL::X509::Certificate]
-    # @param name [String]
-    #
-    # @return [Boolean]
-    def matching_san?(cert, name)
-      san = cert.extensions.find { |ex| ex.oid == 'subjectAltName' }
-      return false if san.nil?
-
-      ostr = OpenSSL::ASN1.decode(san.to_der).value.last
-      OpenSSL::ASN1.decode(ostr.value)
-                   .map(&:value)
-                   .map { |s| s.gsub('.', '\.').gsub('*', '.*') }
-                   .any? { |s| name.match(/#{s}/) }
-    end
-
-    # @param signature_algorithms [Array of SignatureAlgorithms]
-    # @param crt [OpenSSL::X509::Certificate]
-    #
-    # @return [Array of TTTLS13::Message::Extension::SignatureAlgorithms]
-    def do_select_signature_algorithms(signature_algorithms, crt)
-      pka = OpenSSL::ASN1.decode(crt.public_key.to_der)
-                         .value.first.value.first.value
-      signature_algorithms.select do |sa|
-        case sa
-        when SignatureScheme::ECDSA_SECP256R1_SHA256,
-             SignatureScheme::ECDSA_SECP384R1_SHA384,
-             SignatureScheme::ECDSA_SECP521R1_SHA512
-          pka == 'id-ecPublicKey'
-        when SignatureScheme::RSA_PSS_PSS_SHA256,
-             SignatureScheme::RSA_PSS_PSS_SHA384,
-             SignatureScheme::RSA_PSS_PSS_SHA512
-          pka == 'rsassaPss'
-        when SignatureScheme::RSA_PSS_RSAE_SHA256,
-             SignatureScheme::RSA_PSS_RSAE_SHA384,
-             SignatureScheme::RSA_PSS_RSAE_SHA512
-          pka == 'rsaEncryption'
-        else
-          # RSASSA-PKCS1-v1_5 algorithms refer solely to signatures which appear
-          # in certificates and are not defined for use in signed TLS handshake
-          # messages
-          false
-        end
-      end
-    end
-
-    class << self
-      # @param cid [OpenSSL::OCSP::CertificateId]
-      #
-      # @return [OpenSSL::OCSP::Request]
-      def gen_ocsp_request(cid)
-        ocsp_request = OpenSSL::OCSP::Request.new
-        ocsp_request.add_certid(cid)
-        ocsp_request.add_nonce
-        ocsp_request
-      end
-
-      # @param ocsp_request [OpenSSL::OCSP::Request]
-      # @param uri_string [String]
-      #
-      # @raise [Net::OpenTimeout, OpenSSL::OCSP::OCSPError, URI::$Exception]
-      #
-      # @return [OpenSSL::OCSP::Response, n
-      def send_ocsp_request(ocsp_request, uri_string)
-        # send HTTP POST
-        uri = URI.parse(uri_string)
-        path = uri.path
-        path = '/' if path.nil? || path.empty?
-        http_response = Net::HTTP.start(uri.host, uri.port) do |http|
-          http.post(
-            path,
-            ocsp_request.to_der,
-            'content-type' => 'application/ocsp-request'
-          )
-        end
-
-        OpenSSL::OCSP::Response.new(http_response.body)
-      end
     end
   end
   # rubocop: enable Metrics/ClassLength