tttls1.3 0.3.3 → 0.3.5

data/spec/endpoint_spec.rb

@@ -72,9 +72,9 @@ RSpec.describe Endpoint do
       signature = cv.signature
 
       expect(Endpoint.verified_certificate_verify?(
-               public_key: public_key,
-               signature_scheme: signature_scheme,
-               signature: signature,
+               public_key:,
+               signature_scheme:,
+               signature:,
                context: 'TLS 1.3, server CertificateVerify',
                hash: transcript.hash(digest, CT)
              )).to be true
@@ -104,15 +104,15 @@ RSpec.describe Endpoint do
       # used RSASSA-PSS signature_scheme, salt is a random sequence.
       # CertificateVerify.signature is random.
       signature = Endpoint.sign_certificate_verify(
-        key: key,
-        signature_scheme: signature_scheme,
+        key:,
+        signature_scheme:,
         context: 'TLS 1.3, server CertificateVerify',
         hash: transcript.hash(digest, CT)
       )
       expect(Endpoint.verified_certificate_verify?(
-               public_key: public_key,
-               signature_scheme: signature_scheme,
-               signature: signature,
+               public_key:,
+               signature_scheme:,
+               signature:,
                context: 'TLS 1.3, server CertificateVerify',
                hash: transcript.hash(digest, CT)
              )).to be true
@@ -156,9 +156,9 @@ RSpec.describe Endpoint do
       signature = cv.signature
 
       expect(Endpoint.verified_certificate_verify?(
-               public_key: public_key,
-               signature_scheme: signature_scheme,
-               signature: signature,
+               public_key:,
+               signature_scheme:,
+               signature:,
                context: 'TLS 1.3, server CertificateVerify',
                hash: transcript.hash(digest, CT)
              )).to be true

data/spec/key_schedule_spec.rb

@@ -25,7 +25,7 @@ RSpec.describe KeySchedule do
       )
       KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-                      transcript: transcript)
+                      transcript:)
     end
 
     it 'should generate secret' do
@@ -104,7 +104,7 @@ RSpec.describe KeySchedule do
       KeySchedule.new(psk: TESTBINARY_0_RTT_PSK,
                       shared_secret: TESTBINARY_0_RTT_SHARED_SECRET,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-                      transcript: transcript)
+                      transcript:)
     end
 
     it 'should generate server parameters write_key, iv' do
@@ -131,7 +131,7 @@ RSpec.describe KeySchedule do
       KeySchedule.new(psk: TESTBINARY_0_RTT_PSK,
                       shared_secret: nil,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-                      transcript: transcript)
+                      transcript:)
     end
 
     it 'should generate binder key for resumption PSKs' do
@@ -177,7 +177,7 @@ RSpec.describe KeySchedule do
       )
       KeySchedule.new(shared_secret: TESTBINARY_HRR_SHARED_SECRET,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-                      transcript: transcript)
+                      transcript:)
     end
 
     it 'should generate server finished_key' do

data/spec/new_session_ticket_spec.rb

@@ -23,10 +23,10 @@ RSpec.describe NewSessionTicket do
     end
 
     let(:message) do
-      NewSessionTicket.new(ticket_lifetime: ticket_lifetime,
-                           ticket_age_add: ticket_age_add,
-                           ticket_nonce: ticket_nonce,
-                           ticket: ticket)
+      NewSessionTicket.new(ticket_lifetime:,
+                           ticket_age_add:,
+                           ticket_nonce:,
+                           ticket:)
     end
 
     it 'should be generated' do

data/spec/pre_shared_key_spec.rb

@@ -23,22 +23,22 @@ RSpec.describe PreSharedKey do
     let(:identities) do
       [
         PskIdentity.new(
-          identity: identity,
-          obfuscated_ticket_age: obfuscated_ticket_age
+          identity:,
+          obfuscated_ticket_age:
         )
       ]
     end
 
     let(:offered_psks) do
       OfferedPsks.new(
-        identities: identities,
-        binders: binders
+        identities:,
+        binders:
       )
     end
 
     let(:extension) do
       PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
-                       offered_psks: offered_psks)
+                       offered_psks:)
     end
 
     it 'should be generated' do
@@ -98,14 +98,14 @@ RSpec.describe PreSharedKey do
 
     let(:offered_psks) do
       OfferedPsks.new(
-        identities: identities,
-        binders: binders
+        identities:,
+        binders:
       )
     end
 
     let(:extension) do
       PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
-                       offered_psks: offered_psks)
+                       offered_psks:)
     end
 
     it 'should be generated' do

data/spec/record_spec.rb

@@ -39,7 +39,7 @@ RSpec.describe Record do
     end
 
     it 'should generate valid serializable object' do
-      expect(record.serialize).to eq  ContentType::CCS \
+      expect(record.serialize).to eq ContentType::CCS \
                                      + ProtocolVersion::TLS_1_2 \
                                      + 1.to_uint16 \
                                      + ChangeCipherSpec.new.serialize

data/spec/server_hello_spec.rb

@@ -19,9 +19,9 @@ RSpec.describe ServerHello do
     end
 
     let(:message) do
-      ServerHello.new(random: random,
-                      legacy_session_id_echo: legacy_session_id_echo,
-                      cipher_suite: cipher_suite)
+      ServerHello.new(random:,
+                      legacy_session_id_echo:,
+                      cipher_suite:)
     end
 
     it 'should be generated' do
@@ -121,8 +121,8 @@ RSpec.describe ServerHello do
 
     let(:message) do
       ServerHello.new(random: Message::HRR_RANDOM,
-                      legacy_session_id_echo: legacy_session_id_echo,
-                      cipher_suite: cipher_suite)
+                      legacy_session_id_echo:,
+                      cipher_suite:)
     end
 
     it 'should be generated' do

data/spec/server_spec.rb

@@ -34,7 +34,6 @@ RSpec.describe Server do
     let(:ch) do
       ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
 
-      # X25519 is unsupported so @named_group uses SECP256R1.
       key_share = KeyShare.new(
         msg_type: HandshakeType::CLIENT_HELLO,
         key_share_entry: [
@@ -77,7 +76,8 @@ RSpec.describe Server do
       expect(ee.extensions[ExtensionType::SERVER_NAME].server_name).to eq ''
       expect(ee.extensions).to include(ExtensionType::SUPPORTED_GROUPS)
       expect(ee.extensions[ExtensionType::SUPPORTED_GROUPS].named_group_list)
-        .to eq [NamedGroup::SECP256R1,
+        .to eq [NamedGroup::X25519,
+                NamedGroup::SECP256R1,
                 NamedGroup::SECP384R1,
                 NamedGroup::SECP521R1]
     end
@@ -175,9 +175,9 @@ RSpec.describe Server do
       signature = cv.signature
       digest = CipherSuite.digest(cipher_suite)
       expect(Endpoint.verified_certificate_verify?(
-               public_key: public_key,
-               signature_scheme: signature_scheme,
-               signature: signature,
+               public_key:,
+               signature_scheme:,
+               signature:,
                context: 'TLS 1.3, server CertificateVerify',
                hash: transcript.hash(digest, CT)
              )).to be true
@@ -208,14 +208,14 @@ RSpec.describe Server do
 
     let(:key_schedule) do
       KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
-                      cipher_suite: cipher_suite,
-                      transcript: transcript)
+                      cipher_suite:,
+                      transcript:)
     end
 
     let(:signature) do
       digest = CipherSuite.digest(cipher_suite)
       Endpoint.sign_finished(
-        digest: digest,
+        digest:,
         finished_key: key_schedule.server_finished_key,
         hash: transcript.hash(digest, CV)
       )

data/tttls1.3.gemspec

@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
   spec.description   = spec.summary
   spec.homepage      = 'https://github.com/thekuwayama/tttls1.3'
   spec.license       = 'MIT'
-  spec.required_ruby_version = '>=3.1'
+  spec.required_ruby_version = '>= 3.1.0'
 
   spec.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
@@ -23,5 +23,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency             'ech_config', '~> 0.0.3'
   spec.add_dependency             'hpke'
   spec.add_dependency             'logger'
-  spec.add_dependency             'openssl'
+  spec.add_dependency             'openssl', '>= 3'
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.3.5
 platform: ruby
 authors:
 - thekuwayama
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-19 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -72,14 +71,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3'
 description: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
 email:
 - thekuwayama@gmail.com
@@ -102,7 +101,6 @@ files:
 - example/https_client_using_0rtt.rb
 - example/https_client_using_ech.rb
 - example/https_client_using_grease_ech.rb
-- example/https_client_using_grease_psk.rb
 - example/https_client_using_hrr.rb
 - example/https_client_using_hrr_and_ech.rb
 - example/https_client_using_hrr_and_ticket.rb
@@ -160,6 +158,7 @@ files:
 - lib/tttls1.3/named_group.rb
 - lib/tttls1.3/sequence_number.rb
 - lib/tttls1.3/server.rb
+- lib/tttls1.3/shared_secret.rb
 - lib/tttls1.3/signature_scheme.rb
 - lib/tttls1.3/sslkeylogfile.rb
 - lib/tttls1.3/transcript.rb
@@ -224,7 +223,6 @@ homepage: https://github.com/thekuwayama/tttls1.3
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -232,15 +230,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.1'
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.3
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
 test_files:

data/example/https_client_using_grease_psk.rb

@@ -1,58 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'helper'
-HpkeSymmetricCipherSuite = \
-  ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
-
-uri = URI.parse(ARGV[0] || 'https://localhost:4433')
-ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(uri.host, uri.path)
-
-rr = Resolv::DNS.new.getresources(
-  uri.host,
-  Resolv::DNS::Resource::IN::HTTPS
-)
-settings_2nd = {
-  ca_file: File.exist?(ca_file) ? ca_file : nil,
-  alpn: ['http/1.1'],
-  ech_config: rr.first.svc_params['ech'].echconfiglist.first,
-  ech_hpke_cipher_suites:
-    TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
-  sslkeylogfile: '/tmp/sslkeylogfile.log'
-}
-process_new_session_ticket = lambda do |nst, rms, cs|
-  return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
-
-  settings_2nd[:ticket] = nst.ticket
-  settings_2nd[:resumption_main_secret] = rms
-  settings_2nd[:psk_cipher_suite] = cs
-  settings_2nd[:ticket_nonce] = nst.ticket_nonce
-  settings_2nd[:ticket_age_add] = nst.ticket_age_add
-  settings_2nd[:ticket_timestamp] = nst.timestamp
-end
-settings_1st = {
-  ca_file: File.exist?(ca_file) ? ca_file : nil,
-  alpn: ['http/1.1'],
-  process_new_session_ticket: process_new_session_ticket,
-  ech_config: rr.first.svc_params['ech'].echconfiglist.first,
-  ech_hpke_cipher_suites:
-    TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
-  sslkeylogfile: '/tmp/sslkeylogfile.log'
-}
-
-[
-  # Initial Handshake:
-  settings_1st,
-  # Subsequent Handshake:
-  settings_2nd
-].each do |settings|
-  socket = TCPSocket.new(uri.host, uri.port)
-  client = TTTLS13::Client.new(socket, uri.host, **settings)
-  client.connect
-  client.write(req)
-
-  print recv_http_response(client)
-  client.close unless client.eof?
-  socket.close
-end