tttls1.3 0.3.1 → 0.3.3

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.3.1'
+  VERSION = '0.3.3'
 end

data/lib/tttls1.3.rb

@@ -21,7 +21,8 @@ require 'tttls1.3/key_schedule'
 require 'tttls1.3/message'
 require 'tttls1.3/sequence_number'
 require 'tttls1.3/sslkeylogfile'
-require 'tttls1.3/hpke'
+require 'tttls1.3/ech'
 require 'tttls1.3/connection'
+require 'tttls1.3/endpoint'
 require 'tttls1.3/client'
 require 'tttls1.3/server'

data/spec/client_spec.rb

@@ -129,10 +129,11 @@ RSpec.describe Client do
       client = Client.new(mock_socket, 'localhost')
       digest = CipherSuite.digest(cipher_suite)
       hash = transcript.hash(digest, EOED)
-      signature = client.send(:sign_finished,
-                              digest: digest,
-                              finished_key: finished_key,
-                              hash: hash)
+      signature = Endpoint.sign_finished(
+        digest: digest,
+        finished_key: finished_key,
+        hash: hash
+      )
       hs_wcipher = Cryptograph::Aead.new(
         cipher_suite: cipher_suite,
         write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
@@ -215,20 +216,22 @@ RSpec.describe Client do
     it 'should verify server Finished' do
       digest = CipherSuite.digest(cipher_suite)
       hash = transcript.hash(digest, CV)
-      expect(client.send(:verified_finished?,
-                         finished: sf,
-                         digest: digest,
-                         finished_key: key_schedule.server_finished_key,
-                         hash: hash)).to be true
+      expect(Endpoint.verified_finished?(
+               finished: sf,
+               digest: digest,
+               finished_key: key_schedule.server_finished_key,
+               hash: hash
+             )).to be true
     end
 
     it 'should sign client Finished' do
       digest = CipherSuite.digest(cipher_suite)
       hash = transcript.hash(digest, EOED)
-      expect(client.send(:sign_finished,
-                         digest: digest,
-                         finished_key: key_schedule.client_finished_key,
-                         hash: hash)).to eq cf.verify_data
+      expect(Endpoint.sign_finished(
+               digest: digest,
+               finished_key: key_schedule.client_finished_key,
+               hash: hash
+             )).to eq cf.verify_data
     end
   end
 
@@ -240,18 +243,16 @@ RSpec.describe Client do
       Certificate.new(certificate_list: [CertificateEntry.new(server_crt)])
     end
 
-    let(:client) do
-      Client.new(nil, 'localhost')
-    end
-
     it 'should not certify certificate' do
-      expect(client.send(:trusted_certificate?, certificate.certificate_list))
+      expect(Endpoint.trusted_certificate?(certificate.certificate_list))
         .to be false
     end
 
     it 'should certify certificate, received path to private ca.crt' do
-      expect(client.send(:trusted_certificate?, certificate.certificate_list,
-                         __dir__ + '/fixtures/rsa_ca.crt')).to be true
+      expect(Endpoint.trusted_certificate?(
+               certificate.certificate_list,
+               __dir__ + '/fixtures/rsa_ca.crt'
+             )).to be true
     end
   end
 
@@ -270,44 +271,4 @@ RSpec.describe Client do
                          'SHA256')).to eq TESTBINARY_0_RTT_PSK
     end
   end
-
-  context 'EncodedClientHelloInner length' do
-    let(:server_name) do
-      'localhost'
-    end
-
-    let(:client) do
-      Client.new(nil, server_name)
-    end
-
-    let(:maximum_name_length) do
-      0
-    end
-
-    let(:encoded) do
-      extensions, = client.send(:gen_ch_extensions)
-      inner_ech = Message::Extension::ECHClientHello.new_inner
-      Message::ClientHello.new(
-        legacy_session_id: '',
-        cipher_suites: CipherSuites.new(DEFAULT_CH_CIPHER_SUITES),
-        extensions: extensions.merge(
-          Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
-        )
-      )
-    end
-
-    let(:padding_encoded_ch_inner) do
-      client.send(
-        :padding_encoded_ch_inner,
-        encoded.serialize[4..],
-        server_name.length,
-        maximum_name_length
-      )
-    end
-
-    it 'should be equal placeholder_encoded_ch_inner_len' do
-      expect(client.send(:placeholder_encoded_ch_inner_len))
-        .to eq padding_encoded_ch_inner.length
-    end
-  end
 end

data/spec/ech_outer_extensions_spec.rb

@@ -0,0 +1,42 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require_relative 'spec_helper'
+using Refinements
+
+RSpec.describe ECHOuterExtensions do
+  context 'valid ech_outer_extensions, [key_share]' do
+    let(:extension) do
+      ECHOuterExtensions.new([ExtensionType::KEY_SHARE])
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::ECH_OUTER_EXTENSIONS
+      expect(extension.outer_extensions).to eq [ExtensionType::KEY_SHARE]
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize).to eq ExtensionType::ECH_OUTER_EXTENSIONS \
+                                        + 3.to_uint16 \
+                                        + 2.to_uint8 \
+                                        + ExtensionType::KEY_SHARE
+    end
+  end
+
+  context 'valid ech_outer_extensions binary' do
+    let(:extension) do
+      ECHOuterExtensions.deserialize(TESTBINARY_ECH_OUTER_EXTENSIONS)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to be ExtensionType::ECH_OUTER_EXTENSIONS
+      expect(extension.outer_extensions).to eq [ExtensionType::KEY_SHARE]
+    end
+
+    it 'should generate serializable object' do
+      expect(extension.serialize)
+        .to eq ExtensionType::ECH_OUTER_EXTENSIONS \
+               + TESTBINARY_ECH_OUTER_EXTENSIONS.prefix_uint16_length
+    end
+  end
+end

data/spec/ech_spec.rb

@@ -79,3 +79,44 @@ RSpec.describe ECHClientHello do
     end
   end
 end
+
+RSpec.describe Ech do
+  context 'EncodedClientHelloInner length' do
+    let(:server_name) do
+      'localhost'
+    end
+
+    let(:client) do
+      Client.new(nil, server_name)
+    end
+
+    let(:maximum_name_length) do
+      0
+    end
+
+    let(:encoded) do
+      extensions, = client.send(:gen_ch_extensions)
+      inner_ech = Message::Extension::ECHClientHello.new_inner
+      Message::ClientHello.new(
+        legacy_session_id: '',
+        cipher_suites: CipherSuites.new(DEFAULT_CH_CIPHER_SUITES),
+        extensions: extensions.merge(
+          Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
+        )
+      )
+    end
+
+    let(:padding_encoded_ch_inner) do
+      Ech.padding_encoded_ch_inner(
+        encoded.serialize[4..],
+        server_name.length,
+        maximum_name_length
+      )
+    end
+
+    it 'should be equal placeholder_encoded_ch_inner_len' do
+      expect(Ech.placeholder_encoded_ch_inner_len)
+        .to eq padding_encoded_ch_inner.length
+    end
+  end
+end

data/spec/{connection_spec.rb → endpoint_spec.rb}

@@ -3,8 +3,8 @@
 
 require_relative 'spec_helper'
 
-RSpec.describe Connection do
-  context 'connection, Simple 1-RTT Handshake,' do
+RSpec.describe Endpoint do
+  context 'endpoint, Simple 1-RTT Handshake,' do
     let(:key) do
       n = OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2)
       e = OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2)
@@ -66,39 +66,35 @@ RSpec.describe Connection do
       CipherSuite.digest(CipherSuite::TLS_AES_128_GCM_SHA256)
     end
 
-    let(:connection) do
-      Connection.new(nil)
-    end
-
     it 'should verify server CertificateVerify.signature' do
       public_key = ct.certificate_list.first.cert_data.public_key
       signature_scheme = cv.signature_scheme
       signature = cv.signature
 
-      expect(connection.send(:do_verified_certificate_verify?,
-                             public_key: public_key,
-                             signature_scheme: signature_scheme,
-                             signature: signature,
-                             context: 'TLS 1.3, server CertificateVerify',
-                             hash: transcript.hash(digest, CT)))
-        .to be true
+      expect(Endpoint.verified_certificate_verify?(
+               public_key: public_key,
+               signature_scheme: signature_scheme,
+               signature: signature,
+               context: 'TLS 1.3, server CertificateVerify',
+               hash: transcript.hash(digest, CT)
+             )).to be true
     end
 
     it 'should sign client Finished.verify_data' do
-      expect(connection.send(:sign_finished,
-                             digest: 'SHA256',
-                             finished_key: TESTBINARY_CLIENT_FINISHED_KEY,
-                             hash: transcript.hash(digest, EOED)))
-        .to eq cf.verify_data
+      expect(Endpoint.sign_finished(
+               digest: 'SHA256',
+               finished_key: TESTBINARY_CLIENT_FINISHED_KEY,
+               hash: transcript.hash(digest, EOED)
+             )).to eq cf.verify_data
     end
 
     it 'should verify server Finished.verify_data' do
-      expect(connection.send(:verified_finished?,
-                             finished: sf,
-                             digest: 'SHA256',
-                             finished_key: TESTBINARY_SERVER_FINISHED_KEY,
-                             hash: transcript.hash(digest, CV)))
-        .to be true
+      expect(Endpoint.verified_finished?(
+               finished: sf,
+               digest: 'SHA256',
+               finished_key: TESTBINARY_SERVER_FINISHED_KEY,
+               hash: transcript.hash(digest, CV)
+             )).to be true
     end
 
     it 'should sign server CertificateVerify.signature' do
@@ -107,23 +103,23 @@ RSpec.describe Connection do
 
       # used RSASSA-PSS signature_scheme, salt is a random sequence.
       # CertificateVerify.signature is random.
-      signature = connection.send(:do_sign_certificate_verify,
-                                  key: key,
-                                  signature_scheme: signature_scheme,
-                                  context: 'TLS 1.3, server CertificateVerify',
-                                  hash: transcript.hash(digest, CT))
-
-      expect(connection.send(:do_verified_certificate_verify?,
-                             public_key: public_key,
-                             signature_scheme: signature_scheme,
-                             signature: signature,
-                             context: 'TLS 1.3, server CertificateVerify',
-                             hash: transcript.hash(digest, CT)))
-        .to be true
+      signature = Endpoint.sign_certificate_verify(
+        key: key,
+        signature_scheme: signature_scheme,
+        context: 'TLS 1.3, server CertificateVerify',
+        hash: transcript.hash(digest, CT)
+      )
+      expect(Endpoint.verified_certificate_verify?(
+               public_key: public_key,
+               signature_scheme: signature_scheme,
+               signature: signature,
+               context: 'TLS 1.3, server CertificateVerify',
+               hash: transcript.hash(digest, CT)
+             )).to be true
     end
   end
 
-  context 'connection, HelloRetryRequest,' do
+  context 'endpoint, HelloRetryRequest,' do
     let(:ct) do
       Certificate.deserialize(TESTBINARY_HRR_CERTIFICATE)
     end
@@ -154,22 +150,18 @@ RSpec.describe Connection do
       CipherSuite.digest(CipherSuite::TLS_AES_128_GCM_SHA256)
     end
 
-    let(:connection) do
-      Connection.new(nil)
-    end
-
     it 'should verify server CertificateVerify.signature' do
       public_key = ct.certificate_list.first.cert_data.public_key
       signature_scheme = cv.signature_scheme
       signature = cv.signature
 
-      expect(connection.send(:do_verified_certificate_verify?,
-                             public_key: public_key,
-                             signature_scheme: signature_scheme,
-                             signature: signature,
-                             context: 'TLS 1.3, server CertificateVerify',
-                             hash: transcript.hash(digest, CT)))
-        .to be true
+      expect(Endpoint.verified_certificate_verify?(
+               public_key: public_key,
+               signature_scheme: signature_scheme,
+               signature: signature,
+               context: 'TLS 1.3, server CertificateVerify',
+               hash: transcript.hash(digest, CT)
+             )).to be true
     end
   end
 end

data/spec/extensions_spec.rb

@@ -182,4 +182,69 @@ RSpec.describe Extensions do
         .to raise_error(ErrorAlerts)
     end
   end
+
+  context 'removing and replacing extensions from EncodedClientHelloInner' do
+    let(:extensions) do
+      extensions, = Client.new(nil, 'localhost').send(:gen_ch_extensions)
+      extensions
+    end
+
+    let(:no_key_share_exs) do
+      Extensions.new(
+        extensions.filter { |k, _| k != ExtensionType::KEY_SHARE }.values
+      )
+    end
+
+    it 'should be equal remove_and_replace! with []' do
+      expected = extensions.clone
+      got = extensions.remove_and_replace!([])
+
+      expect(got.keys).to eq expected.keys
+      expect(got[ExtensionType::ECH_OUTER_EXTENSIONS]).to eq nil
+      expect(extensions.keys - got.keys).to eq []
+    end
+
+    it 'should be equal remove_and_replace! with [key_share]' do
+      expected = extensions.filter { |k, _| k != ExtensionType::KEY_SHARE }
+      expected[ExtensionType::ECH_OUTER_EXTENSIONS] = \
+        Extension::ECHOuterExtensions.new([ExtensionType::KEY_SHARE])
+      got = extensions.remove_and_replace!([ExtensionType::KEY_SHARE])
+
+      expect(got.keys).to eq expected.keys
+      expect(got[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions)
+        .to eq expected[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions
+      expect(extensions.keys - got.keys)
+        .to eq expected[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions
+    end
+
+    it 'should be equal remove_and_replace! with' \
+       ' [key_share,supported_versions]' do
+      outer_extensions = [
+        ExtensionType::KEY_SHARE,
+        ExtensionType::SUPPORTED_VERSIONS
+      ]
+      expected = extensions.filter { |k, _| !outer_extensions.include?(k) }
+      expected[ExtensionType::ECH_OUTER_EXTENSIONS] = \
+        Extension::ECHOuterExtensions.new(
+          extensions.filter { |k, _| outer_extensions.include?(k) }.keys
+        )
+      got = extensions.remove_and_replace!(outer_extensions)
+
+      expect(got.keys).to eq expected.keys
+      expect(got[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions)
+        .to eq expected[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions
+      expect(extensions.keys - got.keys)
+        .to eq expected[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions
+    end
+
+    it 'should be equal remove_and_replace! with no key_share extensions' \
+       ' & [key_share]' do
+      expected = no_key_share_exs.clone
+      got = no_key_share_exs.remove_and_replace!([ExtensionType::KEY_SHARE])
+
+      expect(got).to eq expected
+      expect(got[ExtensionType::ECH_OUTER_EXTENSIONS]).to eq nil
+      expect(no_key_share_exs.keys - got.keys).to eq []
+    end
+  end
 end

data/spec/server_spec.rb

@@ -174,13 +174,13 @@ RSpec.describe Server do
       signature_scheme = cv.signature_scheme
       signature = cv.signature
       digest = CipherSuite.digest(cipher_suite)
-      expect(server.send(:do_verified_certificate_verify?,
-                         public_key: public_key,
-                         signature_scheme: signature_scheme,
-                         signature: signature,
-                         context: 'TLS 1.3, server CertificateVerify',
-                         hash: transcript.hash(digest, CT)))
-        .to be true
+      expect(Endpoint.verified_certificate_verify?(
+               public_key: public_key,
+               signature_scheme: signature_scheme,
+               signature: signature,
+               context: 'TLS 1.3, server CertificateVerify',
+               hash: transcript.hash(digest, CT)
+             )).to be true
     end
   end
 
@@ -213,12 +213,12 @@ RSpec.describe Server do
     end
 
     let(:signature) do
-      server = Server.new(nil)
       digest = CipherSuite.digest(cipher_suite)
-      server.send(:sign_finished,
-                  digest: digest,
-                  finished_key: key_schedule.server_finished_key,
-                  hash: transcript.hash(digest, CV))
+      Endpoint.sign_finished(
+        digest: digest,
+        finished_key: key_schedule.server_finished_key,
+        hash: transcript.hash(digest, CV)
+      )
     end
 
     let(:sf) do

data/spec/spec_helper.rb

@@ -245,6 +245,10 @@ TESTBINARY_ECH_HRR = <<BIN.split.map(&:hex).map(&:chr).join
   00 00 00 00 00 00 00 00
 BIN
 
+TESTBINARY_ECH_OUTER_EXTENSIONS = <<BIN.split.map(&:hex).map(&:chr).join
+  02 00 33
+BIN
+
 # https://datatracker.ietf.org/doc/html/rfc8448#section-3
 # 3.  Simple 1-RTT Handshake
 TESTBINARY_CLIENT_HELLO = <<BIN.split.map(&:hex).map(&:chr).join

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.3
 platform: ruby
 authors:
 - thekuwayama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-29 00:00:00.000000000 Z
+date: 2024-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -108,6 +108,7 @@ files:
 - example/https_client_using_hrr_and_ticket.rb
 - example/https_client_using_status_request.rb
 - example/https_client_using_ticket.rb
+- example/https_client_using_ticket_and_ech.rb
 - example/https_server.rb
 - interop/client_spec.rb
 - interop/server_spec.rb
@@ -119,8 +120,9 @@ files:
 - lib/tttls1.3/cryptograph.rb
 - lib/tttls1.3/cryptograph/aead.rb
 - lib/tttls1.3/cryptograph/passer.rb
+- lib/tttls1.3/ech.rb
+- lib/tttls1.3/endpoint.rb
 - lib/tttls1.3/error.rb
-- lib/tttls1.3/hpke.rb
 - lib/tttls1.3/key_schedule.rb
 - lib/tttls1.3/logging.rb
 - lib/tttls1.3/message.rb
@@ -138,6 +140,7 @@ files:
 - lib/tttls1.3/message/extension/cookie.rb
 - lib/tttls1.3/message/extension/early_data_indication.rb
 - lib/tttls1.3/message/extension/ech.rb
+- lib/tttls1.3/message/extension/ech_outer_extensions.rb
 - lib/tttls1.3/message/extension/key_share.rb
 - lib/tttls1.3/message/extension/pre_shared_key.rb
 - lib/tttls1.3/message/extension/psk_key_exchange_modes.rb
@@ -173,12 +176,13 @@ files:
 - spec/client_hello_spec.rb
 - spec/client_spec.rb
 - spec/compress_certificate_spec.rb
-- spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb
+- spec/ech_outer_extensions_spec.rb
 - spec/ech_spec.rb
 - spec/encrypted_extensions_spec.rb
 - spec/end_of_early_data_spec.rb
+- spec/endpoint_spec.rb
 - spec/error_spec.rb
 - spec/extensions_spec.rb
 - spec/finished_spec.rb
@@ -235,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
@@ -251,12 +255,13 @@ test_files:
 - spec/client_hello_spec.rb
 - spec/client_spec.rb
 - spec/compress_certificate_spec.rb
-- spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb
+- spec/ech_outer_extensions_spec.rb
 - spec/ech_spec.rb
 - spec/encrypted_extensions_spec.rb
 - spec/end_of_early_data_spec.rb
+- spec/endpoint_spec.rb
 - spec/error_spec.rb
 - spec/extensions_spec.rb
 - spec/finished_spec.rb

data/lib/tttls1.3/hpke.rb

@@ -1,91 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-module TTTLS13
-  # NOTE: Hpke module is the adapter for ech_config using hpke-rb.
-  module Hpke
-    module KemId
-      # https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-kem-ids
-      P_256_SHA256  = 0x0010
-      P_384_SHA384  = 0x0011
-      P_521_SHA512  = 0x0012
-      X25519_SHA256 = 0x0020
-      X448_SHA512   = 0x0021
-    end
-
-    def self.kem_id2dhkem(kem_id)
-      case kem_id
-      when KemId::P_256_SHA256
-        %i[p_256 sha256]
-      when KemId::P_384_SHA384
-        %i[p_384 sha384]
-      when KemId::P_521_SHA512
-        %i[p_521 sha512]
-      when KemId::X25519_SHA256
-        %i[x25519 sha256]
-      when KemId::X448_SHA512
-        %i[x448 sha512]
-      end
-    end
-
-    def self.kem_curve_name2dhkem(kem_curve_name)
-      case kem_curve_name
-      when :p_256
-        HPKE::DHKEM::EC::P_256
-      when :p_384
-        HPKE::DHKEM::EC::P_384
-      when :p_521
-        HPKE::DHKEM::EC::P_521
-      when :x25519
-        HPKE::DHKEM::X25519
-      when :x448
-        HPKE::DHKEM::X448
-      end
-    end
-
-    module KdfId
-      # https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-kdf-ids
-      HKDF_SHA256 = 0x0001
-      HKDF_SHA384 = 0x0002
-      HKDF_SHA512 = 0x0003
-    end
-
-    def self.kdf_id2kdf_hash(kdf_id)
-      case kdf_id
-      when KdfId::HKDF_SHA256
-        :sha256
-      when KdfId::HKDF_SHA384
-        :sha384
-      when KdfId::HKDF_SHA512
-        :sha512
-      end
-    end
-
-    module AeadId
-      # https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-aead-ids
-      AES_128_GCM       = 0x0001
-      AES_256_GCM       = 0x0002
-      CHACHA20_POLY1305 = 0x0003
-    end
-
-    def self.aead_id2overhead_len(aead_id)
-      case aead_id
-      when AeadId::AES_128_GCM, AeadId::CHACHA20_POLY1305
-        16
-      when AeadId::AES_256_GCM
-        32
-      end
-    end
-
-    def self.aead_id2aead_cipher(aead_id)
-      case aead_id
-      when AeadId::AES_128_GCM
-        :aes_128_gcm
-      when AeadId::AES_256_GCM
-        :aes_256_gcm
-      when AeadId::CHACHA20_POLY1305
-        :chacha20_poly1305
-      end
-    end
-  end
-end