tttls1.3 0.3.4 → 0.3.5

data/lib/tttls1.3/endpoint.rb

@@ -26,9 +26,9 @@ module TTTLS13
     def self.gen_cipher(cipher_suite, write_key, write_iv)
       seq_num = SequenceNumber.new
       Cryptograph::Aead.new(
-        cipher_suite: cipher_suite,
-        write_key: write_key,
-        write_iv: write_iv,
+        cipher_suite:,
+        write_key:,
+        write_iv:,
         sequence_number: seq_num
       )
     end
@@ -60,7 +60,6 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [String]
-    # rubocop: disable Metrics/CyclomaticComplexity
     def self.sign_certificate_verify(key:, signature_scheme:, context:, hash:)
       content = "\x20" * 64 + context + "\x00" + hash
 
@@ -92,7 +91,6 @@ module TTTLS13
         terminate(:internal_error)
       end
     end
-    # rubocop: enable Metrics/CyclomaticComplexity
 
     # @param public_key [OpenSSL::PKey::PKey]
     # @param signature_scheme [TTTLS13::SignatureScheme]
@@ -103,7 +101,6 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [Boolean]
-    # rubocop: disable Metrics/CyclomaticComplexity
     def self.verified_certificate_verify?(public_key:, signature_scheme:,
                                           signature:, context:, hash:)
       content = "\x20" * 64 + context + "\x00" + hash
@@ -136,7 +133,6 @@ module TTTLS13
         terminate(:internal_error)
       end
     end
-    # rubocop: enable Metrics/CyclomaticComplexity
 
     # @param digest [String] name of digest algorithm
     # @param finished_key [String]
@@ -154,27 +150,10 @@ module TTTLS13
     #
     # @return [Boolean]
     def self.verified_finished?(finished:, digest:, finished_key:, hash:)
-      sign_finished(digest: digest, finished_key: finished_key, hash: hash) \
+      sign_finished(digest:, finished_key:, hash:) \
       == finished.verify_data
     end
 
-    # @param key_exchange [String]
-    # @param priv_key [OpenSSL::PKey::$Object]
-    # @param group [TTTLS13::NamedGroup]
-    #
-    # @return [String]
-    def self.gen_shared_secret(key_exchange, priv_key, group)
-      curve = NamedGroup.curve_name(group)
-      terminate(:internal_error) if curve.nil?
-
-      pub_key = OpenSSL::PKey::EC::Point.new(
-        OpenSSL::PKey::EC::Group.new(curve),
-        OpenSSL::BN.new(key_exchange, 2)
-      )
-
-      priv_key.dh_compute_key(pub_key)
-    end
-
     # @param certificate_list [Array of CertificateEntry]
     # @param ca_file [String] path to ca.crt
     # @param hostname [String]

data/lib/tttls1.3/key_schedule.rb

@@ -9,7 +9,7 @@ module TTTLS13
     # @param shared_secret [String]
     # @param cipher_suite [TTTLS13::CipherSuite]
     # @param transcript [TTTLS13::Transcript]
-    def initialize(psk: nil, shared_secret:, cipher_suite:, transcript:)
+    def initialize(shared_secret:, cipher_suite:, transcript:, psk: nil)
       @digest = CipherSuite.digest(cipher_suite)
       @hash_len = CipherSuite.hash_len(cipher_suite)
       @key_len = CipherSuite.key_len(cipher_suite)

data/lib/tttls1.3/logging.rb

@@ -8,7 +8,7 @@ module TTTLS13
     end
 
     def self.logger
-      @logger ||= Logger.new(STDERR, Logger::WARN)
+      @logger ||= Logger.new($stderr, Logger::WARN)
     end
   end
 end

data/lib/tttls1.3/message/alert.rb

@@ -42,12 +42,11 @@ module TTTLS13
     # rubocop: enable Layout/HashAlignment
 
     class Alert
-      attr_reader :level
-      attr_reader :description
+      attr_reader :level, :description
 
       # @param level [TTTLS13::Message::AlertLevel]
       # @param description [String] value of ALERT_DESCRIPTION
-      def initialize(level: nil, description:)
+      def initialize(description:, level: nil)
         @level = level
         @description = description
         if @level.nil? && (@description == ALERT_DESCRIPTION[:user_canceled] ||
@@ -74,7 +73,7 @@ module TTTLS13
 
         level = binary[0]
         description = binary[1]
-        Alert.new(level: level, description: description)
+        Alert.new(level:, description:)
       end
 
       # @return [TTTLS13::Error::ErrorAlerts]

data/lib/tttls1.3/message/certificate.rb

@@ -12,9 +12,7 @@ module TTTLS13
     private_constant :APPEARABLE_CT_EXTENSIONS
 
     class Certificate
-      attr_reader :msg_type
-      attr_reader :certificate_request_context
-      attr_reader :certificate_list
+      attr_reader :msg_type, :certificate_request_context, :certificate_list
 
       # @param certificate_request_context [String]
       # @param certificate_list [Array of CertificateEntry]
@@ -60,8 +58,8 @@ module TTTLS13
                                                        i == binary.length
 
         Certificate.new(
-          certificate_request_context: certificate_request_context,
-          certificate_list: certificate_list
+          certificate_request_context:,
+          certificate_list:
         )
       end
 
@@ -115,8 +113,7 @@ module TTTLS13
     end
 
     class CertificateEntry
-      attr_reader :cert_data
-      attr_reader :extensions
+      attr_reader :cert_data, :extensions
 
       # @param cert_data [OpenSSL::X509::Certificate]
       # @param extensions [TTTLS13::Message::Extensions]

data/lib/tttls1.3/message/certificate_verify.rb

@@ -5,9 +5,7 @@ module TTTLS13
   using Refinements
   module Message
     class CertificateVerify
-      attr_reader :msg_type
-      attr_reader :signature_scheme
-      attr_reader :signature
+      attr_reader :msg_type, :signature_scheme, :signature
 
       # @param signature_scheme [TTTLS13::SignatureScheme]
       # @param signature [String]
@@ -51,8 +49,8 @@ module TTTLS13
           unless signature_len + 4 == msg_len &&
                  signature_len + 8 == binary.length
 
-        CertificateVerify.new(signature_scheme: signature_scheme,
-                              signature: signature)
+        CertificateVerify.new(signature_scheme:,
+                              signature:)
       end
     end
   end

data/lib/tttls1.3/message/client_hello.rb

@@ -37,13 +37,8 @@ module TTTLS13
     private_constant :APPEARABLE_CH_EXTENSIONS
 
     class ClientHello
-      attr_reader :msg_type
-      attr_reader :legacy_version
-      attr_reader :random
-      attr_reader :legacy_session_id
-      attr_reader :cipher_suites
-      attr_reader :legacy_compression_methods
-      attr_reader :extensions
+      attr_reader :msg_type, :legacy_version, :random, :legacy_session_id, :cipher_suites, :legacy_compression_methods,
+                  :extensions
 
       # @param legacy_version [String]
       # @param random [String]
@@ -52,10 +47,9 @@ module TTTLS13
       # @param legacy_compression_methods [Array of String]
       # @param extensions [TTTLS13::Message::Extensions]
       # rubocop: disable Metrics/ParameterLists
-      def initialize(legacy_version: ProtocolVersion::TLS_1_2,
+      def initialize(cipher_suites:, legacy_version: ProtocolVersion::TLS_1_2,
                      random: OpenSSL::Random.random_bytes(32),
                      legacy_session_id: OpenSSL::Random.random_bytes(32),
-                     cipher_suites:,
                      legacy_compression_methods: ["\x00"],
                      extensions: Extensions.new)
         @msg_type = HandshakeType::CLIENT_HELLO
@@ -118,12 +112,12 @@ module TTTLS13
         raise Error::ErrorAlerts, :decode_error unless i == msg_len + 4 &&
                                                        i == binary.length
 
-        ClientHello.new(legacy_version: legacy_version,
-                        random: random,
-                        legacy_session_id: legacy_session_id,
-                        cipher_suites: cipher_suites,
-                        legacy_compression_methods: legacy_compression_methods,
-                        extensions: extensions)
+        ClientHello.new(legacy_version:,
+                        random:,
+                        legacy_session_id:,
+                        cipher_suites:,
+                        legacy_compression_methods:,
+                        extensions:)
       end
       # rubocop: enable Metrics/AbcSize
       # rubocop: enable Metrics/MethodLength

data/lib/tttls1.3/message/compressed_certificate.rb

@@ -5,9 +5,7 @@ module TTTLS13
   using Refinements
   module Message
     class CompressedCertificate
-      attr_reader :msg_type
-      attr_reader :certificate_message
-      attr_reader :algorithm
+      attr_reader :msg_type, :certificate_message, :algorithm
 
       # @param certificate_message [TTTLS13::Message::Certificate]
       # @param algorithm [CertificateCompressionAlgorithm]
@@ -41,8 +39,6 @@ module TTTLS13
       #
       # @return [TTTLS13::Message::CompressedCertificate]
       # rubocop: disable Metrics/AbcSize
-      # rubocop: disable Metrics/CyclomaticComplexity
-      # rubocop: disable Metrics/PerceivedComplexity
       def self.deserialize(binary)
         raise Error::ErrorAlerts, :internal_error if binary.nil?
         raise Error::ErrorAlerts, :decode_error if binary.length < 5
@@ -70,13 +66,11 @@ module TTTLS13
           HandshakeType::CERTIFICATE + ct_bin.prefix_uint24_length
         )
         CompressedCertificate.new(
-          certificate_message: certificate_message,
-          algorithm: algorithm
+          certificate_message:,
+          algorithm:
         )
       end
       # rubocop: enable Metrics/AbcSize
-      # rubocop: enable Metrics/CyclomaticComplexity
-      # rubocop: enable Metrics/PerceivedComplexity
     end
   end
 end

data/lib/tttls1.3/message/encrypted_extensions.rb

@@ -21,8 +21,7 @@ module TTTLS13
     private_constant :APPEARABLE_EE_EXTENSIONS
 
     class EncryptedExtensions
-      attr_reader :msg_type
-      attr_reader :extensions
+      attr_reader :msg_type, :extensions
 
       # @param extensions [TTTLS13::Message::Extensions]
       def initialize(extensions = Extensions.new)

data/lib/tttls1.3/message/extension/alpn.rb

@@ -6,8 +6,7 @@ module TTTLS13
   module Message
     module Extension
       class Alpn
-        attr_reader :extension_type
-        attr_reader :protocol_name_list
+        attr_reader :extension_type, :protocol_name_list
 
         # @param protocol_name_list [Array] Array of String
         #
@@ -39,8 +38,6 @@ module TTTLS13
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
         # @return [TTTLS13::Message::Extension::Alpn, nil]
-        # rubocop: disable Metrics/CyclomaticComplexity
-        # rubocop: disable Metrics/PerceivedComplexity
         def self.deserialize(binary)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
 
@@ -64,8 +61,6 @@ module TTTLS13
 
           Alpn.new(protocol_name_list)
         end
-        # rubocop: enable Metrics/CyclomaticComplexity
-        # rubocop: enable Metrics/PerceivedComplexity
       end
     end
   end

data/lib/tttls1.3/message/extension/compress_certificate.rb

@@ -13,8 +13,7 @@ module TTTLS13
 
       # https://datatracker.ietf.org/doc/html/rfc8879
       class CompressCertificate
-        attr_reader :extension_type
-        attr_reader :algorithms
+        attr_reader :extension_type, :algorithms
 
         # @param algorithms [Array of CertificateCompressionAlgorithm]
         #

data/lib/tttls1.3/message/extension/cookie.rb

@@ -6,8 +6,7 @@ module TTTLS13
   module Message
     module Extension
       class Cookie
-        attr_reader :extension_type
-        attr_reader :cookie
+        attr_reader :extension_type, :cookie
 
         # @param cookie [String]
         #

data/lib/tttls1.3/message/extension/early_data_indication.rb

@@ -6,8 +6,7 @@ module TTTLS13
   module Message
     module Extension
       class EarlyDataIndication
-        attr_reader :extension_type
-        attr_reader :max_early_data_size
+        attr_reader :extension_type, :max_early_data_size
 
         # @param max_early_data_size [Integer, nil]
         #

data/lib/tttls1.3/message/extension/ech.rb

@@ -25,12 +25,7 @@ module TTTLS13
       #         };
       #     } ECHClientHello;
       class ECHClientHello
-        attr_reader :extension_type
-        attr_reader :type
-        attr_reader :cipher_suite
-        attr_reader :config_id
-        attr_reader :enc
-        attr_reader :payload
+        attr_reader :extension_type, :type, :cipher_suite, :config_id, :enc, :payload
 
         # @param type [TTTLS13::Message::Extension::ECHClientHelloType]
         # @param cipher_suite [HpkeSymmetricCipherSuite]
@@ -125,8 +120,8 @@ module TTTLS13
               type: ECHClientHelloType::OUTER,
               cipher_suite: cs,
               config_id: cid,
-              enc: enc,
-              payload: payload
+              enc:,
+              payload:
             )
           end
 
@@ -156,10 +151,10 @@ module TTTLS13
         def self.new_outer(cipher_suite:, config_id:, enc:, payload:)
           ECHClientHello.new(
             type: ECHClientHelloType::OUTER,
-            cipher_suite: cipher_suite,
-            config_id: config_id,
-            enc: enc,
-            payload: payload
+            cipher_suite:,
+            config_id:,
+            enc:,
+            payload:
           )
         end
       end
@@ -168,8 +163,7 @@ module TTTLS13
       #         ECHConfigList retry_configs;
       #     } ECHEncryptedExtensions;
       class ECHEncryptedExtensions
-        attr_reader :extension_type
-        attr_reader :retry_configs
+        attr_reader :extension_type, :retry_configs
 
         # @param retry_configs [Array of ECHConfig]
         def initialize(retry_configs)
@@ -204,8 +198,7 @@ module TTTLS13
       #         opaque confirmation[8];
       #     } ECHHelloRetryRequest;
       class ECHHelloRetryRequest
-        attr_reader :extension_type
-        attr_reader :confirmation
+        attr_reader :extension_type, :confirmation
 
         # @param confirmation [String]
         def initialize(confirmation)

data/lib/tttls1.3/message/extension/ech_outer_extensions.rb

@@ -7,8 +7,7 @@ module TTTLS13
     module Extension
       #     ExtensionType OuterExtensions<2..254>;
       class ECHOuterExtensions
-        attr_reader :extension_type
-        attr_reader :outer_extensions
+        attr_reader :extension_type, :outer_extensions
 
         # @param outer_extensions [Array of TTTLS13::Message::ExtensionType]
         def initialize(outer_extensions)

data/lib/tttls1.3/message/extension/key_share.rb

@@ -7,16 +7,12 @@ module TTTLS13
     module Extension
       # rubocop: disable Metrics/ClassLength
       class KeyShare
-        attr_reader :extension_type
-        attr_reader :msg_type
-        attr_reader :key_share_entry
+        attr_reader :extension_type, :msg_type, :key_share_entry
 
         # @param msg_type [TTTLS13::Message::HandshakeType]
         # @param key_share_entry [Array of KeyShareEntry]
         #
         # @raise [TTTLS13::Error::ErrorAlerts]
-        # rubocop: disable Metrics/CyclomaticComplexity
-        # rubocop: disable Metrics/PerceivedComplexity
         def initialize(msg_type:, key_share_entry: [])
           @extension_type = ExtensionType::KEY_SHARE
           @msg_type = msg_type
@@ -32,8 +28,6 @@ module TTTLS13
                     @key_share_entry.length == 1 &&
                     @key_share_entry.first.valid_key_share_hello_retry_request?)
         end
-        # rubocop: enable Metrics/CyclomaticComplexity
-        # rubocop: enable Metrics/PerceivedComplexity
 
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
@@ -56,7 +50,6 @@ module TTTLS13
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
         # @return [TTTLS13::Message::Extensions::KeyShare, nil]
-        # rubocop: disable Metrics/CyclomaticComplexity
         def self.deserialize(binary, msg_type)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
 
@@ -78,62 +71,44 @@ module TTTLS13
           end
           return nil if key_share_entry.nil?
 
-          KeyShare.new(msg_type: msg_type,
-                       key_share_entry: key_share_entry)
+          KeyShare.new(msg_type:,
+                       key_share_entry:)
         end
-        # rubocop: enable Metrics/CyclomaticComplexity
 
         # @param groups [Array of TTTLS13::NamedGroup]
         #
         # @return [TTTLS13::Message::Extensions::KeyShare]
-        # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
+        # @return [TTTLS13::SharedSecret]
         def self.gen_ch_key_share(groups)
-          priv_keys = {}
-          kse = groups.map do |group|
-            curve = NamedGroup.curve_name(group)
-            ec = OpenSSL::PKey::EC.generate(curve)
-            # store private key to do the key-exchange
-            priv_keys.store(group, ec)
-            KeyShareEntry.new(
-              group: group,
-              key_exchange: ec.public_key.to_octet_string(:uncompressed)
-            )
-          end
-
+          shared_secret = SharedSecret.gen_from_named_groups(groups)
           key_share = KeyShare.new(
             msg_type: HandshakeType::CLIENT_HELLO,
-            key_share_entry: kse
+            key_share_entry: shared_secret.key_share_entries
           )
 
-          [key_share, priv_keys]
+          [key_share, shared_secret]
         end
 
         # @param group [TTTLS13::NamedGroup]
         #
         # @return [TTTLS13::Message::Extensions::KeyShare]
-        # @return [OpenSSL::PKey::EC.$Object]
+        # @return [TTTLS13::SharedSecret]
         def self.gen_sh_key_share(group)
-          curve = NamedGroup.curve_name(group)
-          ec = OpenSSL::PKey::EC.generate(curve)
+          shared_secret = SharedSecret.gen_from_named_groups([group])
 
           key_share = KeyShare.new(
             msg_type: HandshakeType::SERVER_HELLO,
-            key_share_entry: [
-              KeyShareEntry.new(
-                group: group,
-                key_exchange: ec.public_key.to_octet_string(:uncompressed)
-              )
-            ]
+            key_share_entry: shared_secret.key_share_entries
           )
 
-          [key_share, ec]
+          [key_share, shared_secret]
         end
 
         # @param group [TTTLS13::NamedGroup]
         #
         # @return [TTTLS13::Message::Extensions::KeyShare]
         def self.gen_hrr_key_share(group)
-          kse = KeyShareEntry.new(group: group)
+          kse = KeyShareEntry.new(group:)
           KeyShare.new(
             msg_type: HandshakeType::HELLO_RETRY_REQUEST,
             key_share_entry: [kse]
@@ -168,8 +143,8 @@ module TTTLS13
               ke_len = Convert.bin2i(binary.slice(itr, 2))
               itr += 2
               key_exchange = binary.slice(itr, ke_len)
-              key_share_entry << KeyShareEntry.new(group: group,
-                                                   key_exchange: key_exchange)
+              key_share_entry << KeyShareEntry.new(group:,
+                                                   key_exchange:)
               itr += ke_len
             end
             return nil unless itr == binary.length
@@ -196,7 +171,7 @@ module TTTLS13
             key_exchange = binary.slice(4, ke_len)
             return nil unless ke_len + 4 == binary.length
 
-            [KeyShareEntry.new(group: group, key_exchange: key_exchange)]
+            [KeyShareEntry.new(group:, key_exchange:)]
           end
 
           #     struct {
@@ -214,15 +189,14 @@ module TTTLS13
             return nil unless binary.length == 2
 
             group = binary.slice(0, 2)
-            [KeyShareEntry.new(group: group)]
+            [KeyShareEntry.new(group:)]
           end
         end
       end
       # rubocop: enable Metrics/ClassLength
 
       class KeyShareEntry
-        attr_reader :group
-        attr_reader :key_exchange
+        attr_reader :group, :key_exchange
 
         # @param group [TTTLS13::NamedGroup]
         # @param key_exchange [String]

data/lib/tttls1.3/message/extension/pre_shared_key.rb

@@ -12,10 +12,7 @@ module TTTLS13
       #         };
       #     } PreSharedKeyExtension;
       class PreSharedKey
-        attr_reader :extension_type
-        attr_reader :msg_type
-        attr_reader :offered_psks
-        attr_reader :selected_identity
+        attr_reader :extension_type, :msg_type, :offered_psks, :selected_identity
 
         # @param msg_type [TTTLS13::Message::ContentType]
         # @param offered_psks [TTTLS13::Message::Extension::OfferedPsks]
@@ -69,13 +66,13 @@ module TTTLS13
             return nil if offered_psks.nil?
 
             PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
-                             offered_psks: offered_psks)
+                             offered_psks:)
           when HandshakeType::SERVER_HELLO
             return nil unless binary.length == 2
 
             selected_identity = binary
             PreSharedKey.new(msg_type: HandshakeType::SERVER_HELLO,
-                             selected_identity: selected_identity)
+                             selected_identity:)
           else
             raise Error::ErrorAlerts, :internal_error
           end
@@ -89,8 +86,7 @@ module TTTLS13
       #         PskBinderEntry binders<33..2^16-1>;
       #     } OfferedPsks;
       class OfferedPsks
-        attr_reader :identities
-        attr_reader :binders
+        attr_reader :identities, :binders
 
         # @param identities [Array of PskIdentity]
         # @param binders [Array of String]
@@ -118,9 +114,7 @@ module TTTLS13
         #
         # @return [TTTLS13::Message::Extensions::OfferedPsks, nil]
         # rubocop: disable Metrics/AbcSize
-        # rubocop: disable Metrics/CyclomaticComplexity
         # rubocop: disable Metrics/MethodLength
-        # rubocop: disable Metrics/PerceivedComplexity
         def self.deserialize(binary)
           raise Error::ErrorAlerts, :internal_error if binary.nil?
           return nil if binary.length < 2
@@ -143,8 +137,8 @@ module TTTLS13
             obfuscated_ticket_age = Convert.bin2i(binary.slice(i, 4))
             i += 4
             identities << PskIdentity.new(
-              identity: identity,
-              obfuscated_ticket_age: obfuscated_ticket_age
+              identity:,
+              obfuscated_ticket_age:
             )
           end
 
@@ -162,12 +156,10 @@ module TTTLS13
           end
           return nil unless i == binary.length
 
-          OfferedPsks.new(identities: identities, binders: binders)
+          OfferedPsks.new(identities:, binders:)
         end
         # rubocop: enable Metrics/AbcSize
-        # rubocop: enable Metrics/CyclomaticComplexity
         # rubocop: enable Metrics/MethodLength
-        # rubocop: enable Metrics/PerceivedComplexity
       end
 
       #     struct {
@@ -175,8 +167,7 @@ module TTTLS13
       #         uint32 obfuscated_ticket_age;
       #     } PskIdentity;
       class PskIdentity
-        attr_reader :identity
-        attr_reader :obfuscated_ticket_age
+        attr_reader :identity, :obfuscated_ticket_age
 
         # @param identity [String]
         # @param obfuscated_ticket_age [Integer]

data/lib/tttls1.3/message/extension/psk_key_exchange_modes.rb

@@ -11,8 +11,7 @@ module TTTLS13
       end
 
       class PskKeyExchangeModes
-        attr_reader :extension_type
-        attr_reader :ke_modes
+        attr_reader :extension_type, :ke_modes
 
         # @param ke_modes [Array of PskKeyExchangeMode]
         def initialize(ke_modes = [])

data/lib/tttls1.3/message/extension/record_size_limit.rb

@@ -6,8 +6,7 @@ module TTTLS13
   module Message
     module Extension
       class RecordSizeLimit
-        attr_reader :extension_type
-        attr_reader :record_size_limit
+        attr_reader :extension_type, :record_size_limit
 
         # @param record_size_limit [Integer]
         #

data/lib/tttls1.3/message/extension/server_name.rb

@@ -16,8 +16,7 @@ module TTTLS13
       #
       # https://datatracker.ietf.org/doc/html/rfc6066#section-3
       class ServerName
-        attr_reader :extension_type
-        attr_reader :server_name
+        attr_reader :extension_type, :server_name
 
         # @param server_name [String]
         #

data/lib/tttls1.3/message/extension/signature_algorithms.rb

@@ -21,8 +21,7 @@ module TTTLS13
           SignatureScheme::RSA_PKCS1_SHA512
         ].freeze
 
-        attr_reader :extension_type # for signature_algorithms_cert getter
-        attr_reader :supported_signature_algorithms
+        attr_reader :extension_type, :supported_signature_algorithms # for signature_algorithms_cert getter
 
         # @param supported_signature_algorithms [Array of SignatureScheme]
         def initialize(supported_signature_algorithms)