tttls1.3 0.3.3 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +4 -2
- data/.rubocop.yml +16 -11
- data/.ruby-version +1 -1
- data/Gemfile +5 -4
- data/README.md +4 -4
- data/Rakefile +3 -3
- data/example/helper.rb +14 -5
- data/example/https_client_using_0rtt.rb +1 -1
- data/example/https_client_using_ech.rb +1 -1
- data/example/https_client_using_hrr_and_ech.rb +1 -1
- data/example/https_client_using_hrr_and_ticket.rb +1 -1
- data/example/https_client_using_status_request.rb +1 -1
- data/example/https_client_using_ticket.rb +1 -1
- data/example/https_client_using_ticket_and_ech.rb +3 -3
- data/example/https_server.rb +1 -1
- data/interop/client_spec.rb +57 -31
- data/interop/server_spec.rb +74 -46
- data/interop/spec_helper.rb +2 -2
- data/lib/tttls1.3/cipher_suites.rb +21 -16
- data/lib/tttls1.3/client.rb +89 -78
- data/lib/tttls1.3/connection.rb +6 -15
- data/lib/tttls1.3/cryptograph/aead.rb +26 -21
- data/lib/tttls1.3/ech.rb +13 -17
- data/lib/tttls1.3/endpoint.rb +4 -25
- data/lib/tttls1.3/key_schedule.rb +2 -2
- data/lib/tttls1.3/logging.rb +1 -1
- data/lib/tttls1.3/message/alert.rb +3 -4
- data/lib/tttls1.3/message/application_data.rb +1 -1
- data/lib/tttls1.3/message/certificate.rb +4 -7
- data/lib/tttls1.3/message/certificate_verify.rb +3 -5
- data/lib/tttls1.3/message/client_hello.rb +17 -15
- data/lib/tttls1.3/message/compressed_certificate.rb +3 -9
- data/lib/tttls1.3/message/encrypted_extensions.rb +1 -2
- data/lib/tttls1.3/message/extension/alpn.rb +2 -7
- data/lib/tttls1.3/message/extension/compress_certificate.rb +1 -2
- data/lib/tttls1.3/message/extension/cookie.rb +1 -2
- data/lib/tttls1.3/message/extension/early_data_indication.rb +1 -2
- data/lib/tttls1.3/message/extension/ech.rb +9 -19
- data/lib/tttls1.3/message/extension/ech_outer_extensions.rb +1 -3
- data/lib/tttls1.3/message/extension/key_share.rb +20 -49
- data/lib/tttls1.3/message/extension/pre_shared_key.rb +8 -20
- data/lib/tttls1.3/message/extension/psk_key_exchange_modes.rb +1 -2
- data/lib/tttls1.3/message/extension/record_size_limit.rb +1 -2
- data/lib/tttls1.3/message/extension/server_name.rb +1 -3
- data/lib/tttls1.3/message/extension/signature_algorithms.rb +1 -2
- data/lib/tttls1.3/message/extension/signature_algorithms_cert.rb +1 -1
- data/lib/tttls1.3/message/extension/status_request.rb +4 -12
- data/lib/tttls1.3/message/extension/supported_groups.rb +1 -4
- data/lib/tttls1.3/message/extension/supported_versions.rb +2 -8
- data/lib/tttls1.3/message/extension/unknown_extension.rb +2 -4
- data/lib/tttls1.3/message/extensions.rb +1 -9
- data/lib/tttls1.3/message/finished.rb +1 -2
- data/lib/tttls1.3/message/new_session_ticket.rb +6 -12
- data/lib/tttls1.3/message/record.rb +10 -25
- data/lib/tttls1.3/message/server_hello.rb +10 -21
- data/lib/tttls1.3/named_group.rb +13 -9
- data/lib/tttls1.3/server.rb +39 -35
- data/lib/tttls1.3/shared_secret.rb +118 -0
- data/lib/tttls1.3/utils.rb +0 -15
- data/lib/tttls1.3/version.rb +1 -1
- data/lib/tttls1.3.rb +1 -1
- data/spec/certificate_verify_spec.rb +1 -1
- data/spec/client_hello_spec.rb +22 -3
- data/spec/client_spec.rb +13 -13
- data/spec/endpoint_spec.rb +11 -11
- data/spec/key_schedule_spec.rb +4 -4
- data/spec/new_session_ticket_spec.rb +4 -4
- data/spec/pre_shared_key_spec.rb +8 -8
- data/spec/record_spec.rb +1 -1
- data/spec/server_hello_spec.rb +5 -5
- data/spec/server_spec.rb +8 -8
- data/tttls1.3.gemspec +2 -2
- metadata +7 -10
- data/example/https_client_using_grease_psk.rb +0 -58
data/lib/tttls1.3/ech.rb
CHANGED
|
@@ -19,7 +19,7 @@ module TTTLS13
|
|
|
19
19
|
# @param hpke_cipher_suite_selector [Method]
|
|
20
20
|
#
|
|
21
21
|
# @return [TTTLS13::Message::ClientHello]
|
|
22
|
-
# @return [TTTLS13::Message::ClientHello]
|
|
22
|
+
# @return [TTTLS13::Message::ClientHello] ClientHelloInner
|
|
23
23
|
# @return [TTTLS13::EchState]
|
|
24
24
|
# rubocop: disable Metrics/AbcSize
|
|
25
25
|
def self.offer_ech(inner, ech_config, hpke_cipher_suite_selector)
|
|
@@ -110,7 +110,7 @@ module TTTLS13
|
|
|
110
110
|
# @param ech_state [TTTLS13::EchState]
|
|
111
111
|
#
|
|
112
112
|
# @return [TTTLS13::Message::ClientHello]
|
|
113
|
-
# @return [TTTLS13::Message::ClientHello]
|
|
113
|
+
# @return [TTTLS13::Message::ClientHello] ClientHelloInner
|
|
114
114
|
def self.offer_new_ech(inner, ech_state)
|
|
115
115
|
# for ech_outer_extensions
|
|
116
116
|
replaced = \
|
|
@@ -209,9 +209,9 @@ module TTTLS13
|
|
|
209
209
|
payload_len,
|
|
210
210
|
server_name)
|
|
211
211
|
aad_ech = Message::Extension::ECHClientHello.new_outer(
|
|
212
|
-
cipher_suite
|
|
213
|
-
config_id
|
|
214
|
-
enc
|
|
212
|
+
cipher_suite:,
|
|
213
|
+
config_id:,
|
|
214
|
+
enc:,
|
|
215
215
|
payload: payload_len.zeros
|
|
216
216
|
)
|
|
217
217
|
Message::ClientHello.new(
|
|
@@ -237,10 +237,10 @@ module TTTLS13
|
|
|
237
237
|
# @return [TTTLS13::Message::ClientHello]
|
|
238
238
|
def self.new_ch_outer(aad, cipher_suite, config_id, enc, payload)
|
|
239
239
|
outer_ech = Message::Extension::ECHClientHello.new_outer(
|
|
240
|
-
cipher_suite
|
|
241
|
-
config_id
|
|
242
|
-
enc
|
|
243
|
-
payload:
|
|
240
|
+
cipher_suite:,
|
|
241
|
+
config_id:,
|
|
242
|
+
enc:,
|
|
243
|
+
payload:
|
|
244
244
|
)
|
|
245
245
|
Message::ClientHello.new(
|
|
246
246
|
legacy_version: aad.legacy_version,
|
|
@@ -284,16 +284,16 @@ module TTTLS13
|
|
|
284
284
|
+ aead_id2overhead_len(AeadId::AES_128_GCM)
|
|
285
285
|
|
|
286
286
|
Message::Extension::ECHClientHello.new_outer(
|
|
287
|
-
cipher_suite
|
|
287
|
+
cipher_suite:,
|
|
288
288
|
config_id: Convert.bin2i(OpenSSL::Random.random_bytes(1)),
|
|
289
|
-
enc
|
|
289
|
+
enc:,
|
|
290
290
|
payload: OpenSSL::Random.random_bytes(payload_len)
|
|
291
291
|
)
|
|
292
292
|
end
|
|
293
293
|
|
|
294
294
|
# @return [Integer]
|
|
295
295
|
def self.placeholder_encoded_ch_inner_len
|
|
296
|
-
|
|
296
|
+
480
|
|
297
297
|
end
|
|
298
298
|
|
|
299
299
|
# @param inner [TTTLS13::Message::ClientHello]
|
|
@@ -399,11 +399,7 @@ module TTTLS13
|
|
|
399
399
|
end
|
|
400
400
|
|
|
401
401
|
class EchState
|
|
402
|
-
attr_reader :maximum_name_length
|
|
403
|
-
attr_reader :config_id
|
|
404
|
-
attr_reader :cipher_suite
|
|
405
|
-
attr_reader :public_name
|
|
406
|
-
attr_reader :ctx
|
|
402
|
+
attr_reader :maximum_name_length, :config_id, :cipher_suite, :public_name, :ctx
|
|
407
403
|
|
|
408
404
|
# @param maximum_name_length [Integer]
|
|
409
405
|
# @param config_id [Integer]
|
data/lib/tttls1.3/endpoint.rb
CHANGED
|
@@ -26,9 +26,9 @@ module TTTLS13
|
|
|
26
26
|
def self.gen_cipher(cipher_suite, write_key, write_iv)
|
|
27
27
|
seq_num = SequenceNumber.new
|
|
28
28
|
Cryptograph::Aead.new(
|
|
29
|
-
cipher_suite
|
|
30
|
-
write_key
|
|
31
|
-
write_iv
|
|
29
|
+
cipher_suite:,
|
|
30
|
+
write_key:,
|
|
31
|
+
write_iv:,
|
|
32
32
|
sequence_number: seq_num
|
|
33
33
|
)
|
|
34
34
|
end
|
|
@@ -60,7 +60,6 @@ module TTTLS13
|
|
|
60
60
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
|
61
61
|
#
|
|
62
62
|
# @return [String]
|
|
63
|
-
# rubocop: disable Metrics/CyclomaticComplexity
|
|
64
63
|
def self.sign_certificate_verify(key:, signature_scheme:, context:, hash:)
|
|
65
64
|
content = "\x20" * 64 + context + "\x00" + hash
|
|
66
65
|
|
|
@@ -92,7 +91,6 @@ module TTTLS13
|
|
|
92
91
|
terminate(:internal_error)
|
|
93
92
|
end
|
|
94
93
|
end
|
|
95
|
-
# rubocop: enable Metrics/CyclomaticComplexity
|
|
96
94
|
|
|
97
95
|
# @param public_key [OpenSSL::PKey::PKey]
|
|
98
96
|
# @param signature_scheme [TTTLS13::SignatureScheme]
|
|
@@ -103,7 +101,6 @@ module TTTLS13
|
|
|
103
101
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
|
104
102
|
#
|
|
105
103
|
# @return [Boolean]
|
|
106
|
-
# rubocop: disable Metrics/CyclomaticComplexity
|
|
107
104
|
def self.verified_certificate_verify?(public_key:, signature_scheme:,
|
|
108
105
|
signature:, context:, hash:)
|
|
109
106
|
content = "\x20" * 64 + context + "\x00" + hash
|
|
@@ -136,7 +133,6 @@ module TTTLS13
|
|
|
136
133
|
terminate(:internal_error)
|
|
137
134
|
end
|
|
138
135
|
end
|
|
139
|
-
# rubocop: enable Metrics/CyclomaticComplexity
|
|
140
136
|
|
|
141
137
|
# @param digest [String] name of digest algorithm
|
|
142
138
|
# @param finished_key [String]
|
|
@@ -154,27 +150,10 @@ module TTTLS13
|
|
|
154
150
|
#
|
|
155
151
|
# @return [Boolean]
|
|
156
152
|
def self.verified_finished?(finished:, digest:, finished_key:, hash:)
|
|
157
|
-
sign_finished(digest
|
|
153
|
+
sign_finished(digest:, finished_key:, hash:) \
|
|
158
154
|
== finished.verify_data
|
|
159
155
|
end
|
|
160
156
|
|
|
161
|
-
# @param key_exchange [String]
|
|
162
|
-
# @param priv_key [OpenSSL::PKey::$Object]
|
|
163
|
-
# @param group [TTTLS13::NamedGroup]
|
|
164
|
-
#
|
|
165
|
-
# @return [String]
|
|
166
|
-
def self.gen_shared_secret(key_exchange, priv_key, group)
|
|
167
|
-
curve = NamedGroup.curve_name(group)
|
|
168
|
-
terminate(:internal_error) if curve.nil?
|
|
169
|
-
|
|
170
|
-
pub_key = OpenSSL::PKey::EC::Point.new(
|
|
171
|
-
OpenSSL::PKey::EC::Group.new(curve),
|
|
172
|
-
OpenSSL::BN.new(key_exchange, 2)
|
|
173
|
-
)
|
|
174
|
-
|
|
175
|
-
priv_key.dh_compute_key(pub_key)
|
|
176
|
-
end
|
|
177
|
-
|
|
178
157
|
# @param certificate_list [Array of CertificateEntry]
|
|
179
158
|
# @param ca_file [String] path to ca.crt
|
|
180
159
|
# @param hostname [String]
|
|
@@ -9,7 +9,7 @@ module TTTLS13
|
|
|
9
9
|
# @param shared_secret [String]
|
|
10
10
|
# @param cipher_suite [TTTLS13::CipherSuite]
|
|
11
11
|
# @param transcript [TTTLS13::Transcript]
|
|
12
|
-
def initialize(
|
|
12
|
+
def initialize(shared_secret:, cipher_suite:, transcript:, psk: nil)
|
|
13
13
|
@digest = CipherSuite.digest(cipher_suite)
|
|
14
14
|
@hash_len = CipherSuite.hash_len(cipher_suite)
|
|
15
15
|
@key_len = CipherSuite.key_len(cipher_suite)
|
|
@@ -250,7 +250,7 @@ module TTTLS13
|
|
|
250
250
|
#
|
|
251
251
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
|
252
252
|
#
|
|
253
|
-
# @
|
|
253
|
+
# @return [String]
|
|
254
254
|
def self.hkdf_expand(secret, info, length, digest)
|
|
255
255
|
hash_len = OpenSSL::Digest.new(digest).digest_length
|
|
256
256
|
raise Error::ErrorAlerts, :internal_error if length > 255 * hash_len
|
data/lib/tttls1.3/logging.rb
CHANGED
|
@@ -42,12 +42,11 @@ module TTTLS13
|
|
|
42
42
|
# rubocop: enable Layout/HashAlignment
|
|
43
43
|
|
|
44
44
|
class Alert
|
|
45
|
-
attr_reader :level
|
|
46
|
-
attr_reader :description
|
|
45
|
+
attr_reader :level, :description
|
|
47
46
|
|
|
48
47
|
# @param level [TTTLS13::Message::AlertLevel]
|
|
49
48
|
# @param description [String] value of ALERT_DESCRIPTION
|
|
50
|
-
def initialize(level: nil
|
|
49
|
+
def initialize(description:, level: nil)
|
|
51
50
|
@level = level
|
|
52
51
|
@description = description
|
|
53
52
|
if @level.nil? && (@description == ALERT_DESCRIPTION[:user_canceled] ||
|
|
@@ -74,7 +73,7 @@ module TTTLS13
|
|
|
74
73
|
|
|
75
74
|
level = binary[0]
|
|
76
75
|
description = binary[1]
|
|
77
|
-
Alert.new(level
|
|
76
|
+
Alert.new(level:, description:)
|
|
78
77
|
end
|
|
79
78
|
|
|
80
79
|
# @return [TTTLS13::Error::ErrorAlerts]
|
|
@@ -12,9 +12,7 @@ module TTTLS13
|
|
|
12
12
|
private_constant :APPEARABLE_CT_EXTENSIONS
|
|
13
13
|
|
|
14
14
|
class Certificate
|
|
15
|
-
attr_reader :msg_type
|
|
16
|
-
attr_reader :certificate_request_context
|
|
17
|
-
attr_reader :certificate_list
|
|
15
|
+
attr_reader :msg_type, :certificate_request_context, :certificate_list
|
|
18
16
|
|
|
19
17
|
# @param certificate_request_context [String]
|
|
20
18
|
# @param certificate_list [Array of CertificateEntry]
|
|
@@ -60,8 +58,8 @@ module TTTLS13
|
|
|
60
58
|
i == binary.length
|
|
61
59
|
|
|
62
60
|
Certificate.new(
|
|
63
|
-
certificate_request_context
|
|
64
|
-
certificate_list:
|
|
61
|
+
certificate_request_context:,
|
|
62
|
+
certificate_list:
|
|
65
63
|
)
|
|
66
64
|
end
|
|
67
65
|
|
|
@@ -115,8 +113,7 @@ module TTTLS13
|
|
|
115
113
|
end
|
|
116
114
|
|
|
117
115
|
class CertificateEntry
|
|
118
|
-
attr_reader :cert_data
|
|
119
|
-
attr_reader :extensions
|
|
116
|
+
attr_reader :cert_data, :extensions
|
|
120
117
|
|
|
121
118
|
# @param cert_data [OpenSSL::X509::Certificate]
|
|
122
119
|
# @param extensions [TTTLS13::Message::Extensions]
|
|
@@ -5,9 +5,7 @@ module TTTLS13
|
|
|
5
5
|
using Refinements
|
|
6
6
|
module Message
|
|
7
7
|
class CertificateVerify
|
|
8
|
-
attr_reader :msg_type
|
|
9
|
-
attr_reader :signature_scheme
|
|
10
|
-
attr_reader :signature
|
|
8
|
+
attr_reader :msg_type, :signature_scheme, :signature
|
|
11
9
|
|
|
12
10
|
# @param signature_scheme [TTTLS13::SignatureScheme]
|
|
13
11
|
# @param signature [String]
|
|
@@ -51,8 +49,8 @@ module TTTLS13
|
|
|
51
49
|
unless signature_len + 4 == msg_len &&
|
|
52
50
|
signature_len + 8 == binary.length
|
|
53
51
|
|
|
54
|
-
CertificateVerify.new(signature_scheme
|
|
55
|
-
signature:
|
|
52
|
+
CertificateVerify.new(signature_scheme:,
|
|
53
|
+
signature:)
|
|
56
54
|
end
|
|
57
55
|
end
|
|
58
56
|
end
|
|
@@ -37,13 +37,8 @@ module TTTLS13
|
|
|
37
37
|
private_constant :APPEARABLE_CH_EXTENSIONS
|
|
38
38
|
|
|
39
39
|
class ClientHello
|
|
40
|
-
attr_reader :msg_type
|
|
41
|
-
|
|
42
|
-
attr_reader :random
|
|
43
|
-
attr_reader :legacy_session_id
|
|
44
|
-
attr_reader :cipher_suites
|
|
45
|
-
attr_reader :legacy_compression_methods
|
|
46
|
-
attr_reader :extensions
|
|
40
|
+
attr_reader :msg_type, :legacy_version, :random, :legacy_session_id, :cipher_suites, :legacy_compression_methods,
|
|
41
|
+
:extensions
|
|
47
42
|
|
|
48
43
|
# @param legacy_version [String]
|
|
49
44
|
# @param random [String]
|
|
@@ -52,10 +47,9 @@ module TTTLS13
|
|
|
52
47
|
# @param legacy_compression_methods [Array of String]
|
|
53
48
|
# @param extensions [TTTLS13::Message::Extensions]
|
|
54
49
|
# rubocop: disable Metrics/ParameterLists
|
|
55
|
-
def initialize(legacy_version: ProtocolVersion::TLS_1_2,
|
|
50
|
+
def initialize(cipher_suites:, legacy_version: ProtocolVersion::TLS_1_2,
|
|
56
51
|
random: OpenSSL::Random.random_bytes(32),
|
|
57
52
|
legacy_session_id: OpenSSL::Random.random_bytes(32),
|
|
58
|
-
cipher_suites:,
|
|
59
53
|
legacy_compression_methods: ["\x00"],
|
|
60
54
|
extensions: Extensions.new)
|
|
61
55
|
@msg_type = HandshakeType::CLIENT_HELLO
|
|
@@ -118,12 +112,12 @@ module TTTLS13
|
|
|
118
112
|
raise Error::ErrorAlerts, :decode_error unless i == msg_len + 4 &&
|
|
119
113
|
i == binary.length
|
|
120
114
|
|
|
121
|
-
ClientHello.new(legacy_version
|
|
122
|
-
random
|
|
123
|
-
legacy_session_id
|
|
124
|
-
cipher_suites
|
|
125
|
-
legacy_compression_methods
|
|
126
|
-
extensions:
|
|
115
|
+
ClientHello.new(legacy_version:,
|
|
116
|
+
random:,
|
|
117
|
+
legacy_session_id:,
|
|
118
|
+
cipher_suites:,
|
|
119
|
+
legacy_compression_methods:,
|
|
120
|
+
extensions:)
|
|
127
121
|
end
|
|
128
122
|
# rubocop: enable Metrics/AbcSize
|
|
129
123
|
# rubocop: enable Metrics/MethodLength
|
|
@@ -160,6 +154,14 @@ module TTTLS13
|
|
|
160
154
|
sg_groups.filter { |g| ks_groups.include?(g) } == ks_groups &&
|
|
161
155
|
ks_groups.uniq == ks_groups
|
|
162
156
|
end
|
|
157
|
+
|
|
158
|
+
# @return [Boolean]
|
|
159
|
+
def ch_inner?
|
|
160
|
+
ech = @extensions[Message::ExtensionType::ENCRYPTED_CLIENT_HELLO]
|
|
161
|
+
return false if ech.nil?
|
|
162
|
+
|
|
163
|
+
ech.type == Message::Extension::ECHClientHelloType::INNER
|
|
164
|
+
end
|
|
163
165
|
end
|
|
164
166
|
end
|
|
165
167
|
end
|
|
@@ -5,9 +5,7 @@ module TTTLS13
|
|
|
5
5
|
using Refinements
|
|
6
6
|
module Message
|
|
7
7
|
class CompressedCertificate
|
|
8
|
-
attr_reader :msg_type
|
|
9
|
-
attr_reader :certificate_message
|
|
10
|
-
attr_reader :algorithm
|
|
8
|
+
attr_reader :msg_type, :certificate_message, :algorithm
|
|
11
9
|
|
|
12
10
|
# @param certificate_message [TTTLS13::Message::Certificate]
|
|
13
11
|
# @param algorithm [CertificateCompressionAlgorithm]
|
|
@@ -41,8 +39,6 @@ module TTTLS13
|
|
|
41
39
|
#
|
|
42
40
|
# @return [TTTLS13::Message::CompressedCertificate]
|
|
43
41
|
# rubocop: disable Metrics/AbcSize
|
|
44
|
-
# rubocop: disable Metrics/CyclomaticComplexity
|
|
45
|
-
# rubocop: disable Metrics/PerceivedComplexity
|
|
46
42
|
def self.deserialize(binary)
|
|
47
43
|
raise Error::ErrorAlerts, :internal_error if binary.nil?
|
|
48
44
|
raise Error::ErrorAlerts, :decode_error if binary.length < 5
|
|
@@ -70,13 +66,11 @@ module TTTLS13
|
|
|
70
66
|
HandshakeType::CERTIFICATE + ct_bin.prefix_uint24_length
|
|
71
67
|
)
|
|
72
68
|
CompressedCertificate.new(
|
|
73
|
-
certificate_message
|
|
74
|
-
algorithm:
|
|
69
|
+
certificate_message:,
|
|
70
|
+
algorithm:
|
|
75
71
|
)
|
|
76
72
|
end
|
|
77
73
|
# rubocop: enable Metrics/AbcSize
|
|
78
|
-
# rubocop: enable Metrics/CyclomaticComplexity
|
|
79
|
-
# rubocop: enable Metrics/PerceivedComplexity
|
|
80
74
|
end
|
|
81
75
|
end
|
|
82
76
|
end
|
|
@@ -21,8 +21,7 @@ module TTTLS13
|
|
|
21
21
|
private_constant :APPEARABLE_EE_EXTENSIONS
|
|
22
22
|
|
|
23
23
|
class EncryptedExtensions
|
|
24
|
-
attr_reader :msg_type
|
|
25
|
-
attr_reader :extensions
|
|
24
|
+
attr_reader :msg_type, :extensions
|
|
26
25
|
|
|
27
26
|
# @param extensions [TTTLS13::Message::Extensions]
|
|
28
27
|
def initialize(extensions = Extensions.new)
|
|
@@ -6,10 +6,9 @@ module TTTLS13
|
|
|
6
6
|
module Message
|
|
7
7
|
module Extension
|
|
8
8
|
class Alpn
|
|
9
|
-
attr_reader :extension_type
|
|
10
|
-
attr_reader :protocol_name_list
|
|
9
|
+
attr_reader :extension_type, :protocol_name_list
|
|
11
10
|
|
|
12
|
-
# @param
|
|
11
|
+
# @param protocol_name_list [Array] Array of String
|
|
13
12
|
#
|
|
14
13
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
|
15
14
|
#
|
|
@@ -39,8 +38,6 @@ module TTTLS13
|
|
|
39
38
|
# @raise [TTTLS13::Error::ErrorAlerts]
|
|
40
39
|
#
|
|
41
40
|
# @return [TTTLS13::Message::Extension::Alpn, nil]
|
|
42
|
-
# rubocop: disable Metrics/CyclomaticComplexity
|
|
43
|
-
# rubocop: disable Metrics/PerceivedComplexity
|
|
44
41
|
def self.deserialize(binary)
|
|
45
42
|
raise Error::ErrorAlerts, :internal_error if binary.nil?
|
|
46
43
|
|
|
@@ -64,8 +61,6 @@ module TTTLS13
|
|
|
64
61
|
|
|
65
62
|
Alpn.new(protocol_name_list)
|
|
66
63
|
end
|
|
67
|
-
# rubocop: enable Metrics/CyclomaticComplexity
|
|
68
|
-
# rubocop: enable Metrics/PerceivedComplexity
|
|
69
64
|
end
|
|
70
65
|
end
|
|
71
66
|
end
|
|
@@ -13,8 +13,7 @@ module TTTLS13
|
|
|
13
13
|
|
|
14
14
|
# https://datatracker.ietf.org/doc/html/rfc8879
|
|
15
15
|
class CompressCertificate
|
|
16
|
-
attr_reader :extension_type
|
|
17
|
-
attr_reader :algorithms
|
|
16
|
+
attr_reader :extension_type, :algorithms
|
|
18
17
|
|
|
19
18
|
# @param algorithms [Array of CertificateCompressionAlgorithm]
|
|
20
19
|
#
|
|
@@ -12,7 +12,6 @@ module TTTLS13
|
|
|
12
12
|
INNER = "\x01"
|
|
13
13
|
end
|
|
14
14
|
|
|
15
|
-
# NOTE:
|
|
16
15
|
# struct {
|
|
17
16
|
# ECHClientHelloType type;
|
|
18
17
|
# select (ECHClientHello.type) {
|
|
@@ -26,12 +25,7 @@ module TTTLS13
|
|
|
26
25
|
# };
|
|
27
26
|
# } ECHClientHello;
|
|
28
27
|
class ECHClientHello
|
|
29
|
-
attr_reader :extension_type
|
|
30
|
-
attr_reader :type
|
|
31
|
-
attr_reader :cipher_suite
|
|
32
|
-
attr_reader :config_id
|
|
33
|
-
attr_reader :enc
|
|
34
|
-
attr_reader :payload
|
|
28
|
+
attr_reader :extension_type, :type, :cipher_suite, :config_id, :enc, :payload
|
|
35
29
|
|
|
36
30
|
# @param type [TTTLS13::Message::Extension::ECHClientHelloType]
|
|
37
31
|
# @param cipher_suite [HpkeSymmetricCipherSuite]
|
|
@@ -126,8 +120,8 @@ module TTTLS13
|
|
|
126
120
|
type: ECHClientHelloType::OUTER,
|
|
127
121
|
cipher_suite: cs,
|
|
128
122
|
config_id: cid,
|
|
129
|
-
enc
|
|
130
|
-
payload:
|
|
123
|
+
enc:,
|
|
124
|
+
payload:
|
|
131
125
|
)
|
|
132
126
|
end
|
|
133
127
|
|
|
@@ -157,21 +151,19 @@ module TTTLS13
|
|
|
157
151
|
def self.new_outer(cipher_suite:, config_id:, enc:, payload:)
|
|
158
152
|
ECHClientHello.new(
|
|
159
153
|
type: ECHClientHelloType::OUTER,
|
|
160
|
-
cipher_suite
|
|
161
|
-
config_id
|
|
162
|
-
enc
|
|
163
|
-
payload:
|
|
154
|
+
cipher_suite:,
|
|
155
|
+
config_id:,
|
|
156
|
+
enc:,
|
|
157
|
+
payload:
|
|
164
158
|
)
|
|
165
159
|
end
|
|
166
160
|
end
|
|
167
161
|
|
|
168
|
-
# NOTE:
|
|
169
162
|
# struct {
|
|
170
163
|
# ECHConfigList retry_configs;
|
|
171
164
|
# } ECHEncryptedExtensions;
|
|
172
165
|
class ECHEncryptedExtensions
|
|
173
|
-
attr_reader :extension_type
|
|
174
|
-
attr_reader :retry_configs
|
|
166
|
+
attr_reader :extension_type, :retry_configs
|
|
175
167
|
|
|
176
168
|
# @param retry_configs [Array of ECHConfig]
|
|
177
169
|
def initialize(retry_configs)
|
|
@@ -202,13 +194,11 @@ module TTTLS13
|
|
|
202
194
|
end
|
|
203
195
|
end
|
|
204
196
|
|
|
205
|
-
# NOTE:
|
|
206
197
|
# struct {
|
|
207
198
|
# opaque confirmation[8];
|
|
208
199
|
# } ECHHelloRetryRequest;
|
|
209
200
|
class ECHHelloRetryRequest
|
|
210
|
-
attr_reader :extension_type
|
|
211
|
-
attr_reader :confirmation
|
|
201
|
+
attr_reader :extension_type, :confirmation
|
|
212
202
|
|
|
213
203
|
# @param confirmation [String]
|
|
214
204
|
def initialize(confirmation)
|
|
@@ -5,11 +5,9 @@ module TTTLS13
|
|
|
5
5
|
using Refinements
|
|
6
6
|
module Message
|
|
7
7
|
module Extension
|
|
8
|
-
# NOTE:
|
|
9
8
|
# ExtensionType OuterExtensions<2..254>;
|
|
10
9
|
class ECHOuterExtensions
|
|
11
|
-
attr_reader :extension_type
|
|
12
|
-
attr_reader :outer_extensions
|
|
10
|
+
attr_reader :extension_type, :outer_extensions
|
|
13
11
|
|
|
14
12
|
# @param outer_extensions [Array of TTTLS13::Message::ExtensionType]
|
|
15
13
|
def initialize(outer_extensions)
|