tttls1.3 0.3.4 → 0.3.5

data/lib/tttls1.3/shared_secret.rb

@@ -0,0 +1,118 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  class SharedSecret
+    def initialize
+      @priv_keys = {}
+    end
+
+    # @param group [TTTLS13::NamedGroup]
+    # @param priv_key [OpenSSL::PKey::EC.$Object | OpenSSL::PKey::PKey.$Object]
+    def store!(group, priv_key)
+      @priv_keys[group] = priv_key
+    end
+
+    # @param group [TTTLS13::NamedGroup]
+    # @param key_exchange [String]
+    #
+    # @return String
+    # rubocop: disable Metrics/MethodLength
+    def build(group, key_exchange)
+      case group
+      when NamedGroup::SECP256R1, NamedGroup::SECP384R1, NamedGroup::SECP521R1
+        curve = NamedGroup.curve_name(group)
+        pub_key = OpenSSL::PKey::EC::Point.new(
+          OpenSSL::PKey::EC::Group.new(curve),
+          OpenSSL::BN.new(key_exchange, 2)
+        )
+        @priv_keys[group].dh_compute_key(pub_key)
+      when NamedGroup::X25519
+        asn1_seq = OpenSSL::ASN1.Sequence(
+          [
+            OpenSSL::ASN1.Sequence(
+              [
+                # https://datatracker.ietf.org/doc/html/rfc8410#section-3
+                OpenSSL::ASN1.ObjectId('1.3.101.110')
+              ]
+            ),
+            OpenSSL::ASN1.BitString(key_exchange)
+          ]
+        )
+
+        @priv_keys[group].derive(OpenSSL::PKey.read(asn1_seq.to_der))
+      when NamedGroup::X448
+        asn1_seq = OpenSSL::ASN1.Sequence(
+          [
+            OpenSSL::ASN1.Sequence(
+              [
+                # https://datatracker.ietf.org/doc/html/rfc8410#section-3
+                OpenSSL::ASN1.ObjectId('1.3.101.111')
+              ]
+            ),
+            OpenSSL::ASN1.BitString(key_exchange)
+          ]
+        )
+
+        @priv_keys[group].derive(OpenSSL::PKey.read(asn1_seq.to_der))
+      else
+        # not supported other NamedGroup
+        raise Error::ErrorAlerts, :internal_error
+      end
+    end
+    # rubocop: enable Metrics/MethodLength
+
+    # @return [Array of TTTLS13::Message::Extensions::KeyShare]
+    def key_share_entries
+      @priv_keys.map do |group, priv_key|
+        case group
+        when NamedGroup::SECP256R1, NamedGroup::SECP384R1, NamedGroup::SECP521R1
+          Message::Extension::KeyShareEntry.new(
+            group:,
+            key_exchange: priv_key.public_key.to_octet_string(:uncompressed)
+          )
+        when NamedGroup::X25519, NamedGroup::X448
+          n_pk = NamedGroup.key_exchange_len(group)
+          Message::Extension::KeyShareEntry.new(
+            group:,
+            key_exchange: priv_key.public_to_der[-n_pk, n_pk]
+          )
+        else
+          # not supported other NamedGroup
+          raise Error::ErrorAlerts, :internal_error
+        end
+      end
+    end
+
+    # @param group [TTTLS13::Message::Extension::NamedGroup]
+    #
+    # @return [OpenSSL::PKey::EC.$Object | OpenSSL::PKey::PKey.$Object]]
+    def [](group)
+      @priv_keys[group]
+    end
+
+    # @param groups [Array of TTTLS13::NamedGroup]
+    #
+    # @return [TTTLS13::SharedSecret]
+    def self.gen_from_named_groups(groups)
+      shared_secret = SharedSecret.new
+
+      groups.each do |group|
+        case group
+        when NamedGroup::SECP256R1, NamedGroup::SECP384R1, NamedGroup::SECP521R1
+          curve = NamedGroup.curve_name(group)
+          ec = OpenSSL::PKey::EC.generate(curve)
+          shared_secret.store!(group, ec)
+        when NamedGroup::X25519, NamedGroup::X448
+          pkey = OpenSSL::PKey.generate_key(NamedGroup.curve_name(group))
+          shared_secret.store!(group, pkey)
+        else
+          # not supported other NamedGroup
+          raise Error::ErrorAlerts, :internal_error
+        end
+      end
+
+      shared_secret
+    end
+  end
+end

data/lib/tttls1.3/utils.rb

@@ -69,21 +69,6 @@ module TTTLS13
         length.to_uint64 + self
       end
     end
-
-    refine OpenSSL::X509::Certificate do
-      unless method_defined?(:ocsp_uris)
-        define_method(:ocsp_uris) do
-          aia = extensions.find { |ex| ex.oid == 'authorityInfoAccess' }
-          return nil if aia.nil?
-
-          ostr = OpenSSL::ASN1.decode(aia.to_der).value.last
-          ocsp = OpenSSL::ASN1.decode(ostr.value)
-                              .map(&:value)
-                              .select { |des| des.first.value == 'OCSP' }
-          ocsp&.map { |o| o[1].value }
-        end
-      end
-    end
   end
 
   module Convert

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.3.4'
+  VERSION = '0.3.5'
 end

data/lib/tttls1.3.rb

@@ -2,7 +2,6 @@
 
 require 'openssl'
 require 'net/http'
-require 'pp'
 require 'logger'
 
 require 'ech_config'
@@ -18,6 +17,7 @@ require 'tttls1.3/named_group'
 require 'tttls1.3/cryptograph'
 require 'tttls1.3/transcript'
 require 'tttls1.3/key_schedule'
+require 'tttls1.3/shared_secret'
 require 'tttls1.3/message'
 require 'tttls1.3/sequence_number'
 require 'tttls1.3/sslkeylogfile'

data/spec/certificate_verify_spec.rb

@@ -13,7 +13,7 @@ RSpec.describe CertificateVerify do
     let(:message) do
       CertificateVerify.new(
         signature_scheme: SignatureScheme::RSA_PSS_RSAE_SHA256,
-        signature: signature
+        signature:
       )
     end
 

data/spec/client_hello_spec.rb

@@ -21,9 +21,9 @@ RSpec.describe ClientHello do
     end
 
     let(:message) do
-      ClientHello.new(random: random,
-                      legacy_session_id: legacy_session_id,
-                      cipher_suites: cipher_suites)
+      ClientHello.new(random:,
+                      legacy_session_id:,
+                      cipher_suites:)
     end
 
     it 'should be generated' do
@@ -92,7 +92,7 @@ RSpec.describe ClientHello do
                                         TLS_AES_128_GCM_SHA256])
       ch = ClientHello.new(random: OpenSSL::Random.random_bytes(32),
                            legacy_session_id: Array.new(32, 0).map(&:chr).join,
-                           cipher_suites: cipher_suites)
+                           cipher_suites:)
       ch.extensions[Message::ExtensionType::ENCRYPTED_CLIENT_HELLO] \
         = Message::Extension::ECHClientHello.new_inner
       ch

data/spec/client_spec.rb

@@ -118,8 +118,8 @@ RSpec.describe Client do
     let(:finished_key) do
       key_schedule = KeySchedule.new(
         shared_secret: TESTBINARY_SHARED_SECRET,
-        cipher_suite: cipher_suite,
-        transcript: transcript
+        cipher_suite:,
+        transcript:
       )
       key_schedule.client_finished_key
     end
@@ -130,19 +130,19 @@ RSpec.describe Client do
       digest = CipherSuite.digest(cipher_suite)
       hash = transcript.hash(digest, EOED)
       signature = Endpoint.sign_finished(
-        digest: digest,
-        finished_key: finished_key,
-        hash: hash
+        digest:,
+        finished_key:,
+        hash:
       )
       hs_wcipher = Cryptograph::Aead.new(
-        cipher_suite: cipher_suite,
+        cipher_suite:,
         write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
         write_iv: TESTBINARY_CLIENT_FINISHED_WRITE_IV,
         sequence_number: SequenceNumber.new
       )
       client.send(:send_finished, signature, hs_wcipher)
       hs_rcipher = Cryptograph::Aead.new(
-        cipher_suite: cipher_suite,
+        cipher_suite:,
         write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
         write_iv: TESTBINARY_CLIENT_FINISHED_WRITE_IV,
         sequence_number: SequenceNumber.new
@@ -194,8 +194,8 @@ RSpec.describe Client do
     let(:key_schedule) do
       KeySchedule.new(
         shared_secret: TESTBINARY_SHARED_SECRET,
-        cipher_suite: cipher_suite,
-        transcript: transcript
+        cipher_suite:,
+        transcript:
       )
     end
 
@@ -218,9 +218,9 @@ RSpec.describe Client do
       hash = transcript.hash(digest, CV)
       expect(Endpoint.verified_finished?(
                finished: sf,
-               digest: digest,
+               digest:,
                finished_key: key_schedule.server_finished_key,
-               hash: hash
+               hash:
              )).to be true
     end
 
@@ -228,9 +228,9 @@ RSpec.describe Client do
       digest = CipherSuite.digest(cipher_suite)
       hash = transcript.hash(digest, EOED)
       expect(Endpoint.sign_finished(
-               digest: digest,
+               digest:,
                finished_key: key_schedule.client_finished_key,
-               hash: hash
+               hash:
              )).to eq cf.verify_data
     end
   end

data/spec/endpoint_spec.rb

@@ -72,9 +72,9 @@ RSpec.describe Endpoint do
       signature = cv.signature
 
       expect(Endpoint.verified_certificate_verify?(
-               public_key: public_key,
-               signature_scheme: signature_scheme,
-               signature: signature,
+               public_key:,
+               signature_scheme:,
+               signature:,
                context: 'TLS 1.3, server CertificateVerify',
                hash: transcript.hash(digest, CT)
              )).to be true
@@ -104,15 +104,15 @@ RSpec.describe Endpoint do
       # used RSASSA-PSS signature_scheme, salt is a random sequence.
       # CertificateVerify.signature is random.
       signature = Endpoint.sign_certificate_verify(
-        key: key,
-        signature_scheme: signature_scheme,
+        key:,
+        signature_scheme:,
         context: 'TLS 1.3, server CertificateVerify',
         hash: transcript.hash(digest, CT)
       )
       expect(Endpoint.verified_certificate_verify?(
-               public_key: public_key,
-               signature_scheme: signature_scheme,
-               signature: signature,
+               public_key:,
+               signature_scheme:,
+               signature:,
                context: 'TLS 1.3, server CertificateVerify',
                hash: transcript.hash(digest, CT)
              )).to be true
@@ -156,9 +156,9 @@ RSpec.describe Endpoint do
       signature = cv.signature
 
       expect(Endpoint.verified_certificate_verify?(
-               public_key: public_key,
-               signature_scheme: signature_scheme,
-               signature: signature,
+               public_key:,
+               signature_scheme:,
+               signature:,
                context: 'TLS 1.3, server CertificateVerify',
                hash: transcript.hash(digest, CT)
              )).to be true

data/spec/key_schedule_spec.rb

@@ -25,7 +25,7 @@ RSpec.describe KeySchedule do
       )
       KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-                      transcript: transcript)
+                      transcript:)
     end
 
     it 'should generate secret' do
@@ -104,7 +104,7 @@ RSpec.describe KeySchedule do
       KeySchedule.new(psk: TESTBINARY_0_RTT_PSK,
                       shared_secret: TESTBINARY_0_RTT_SHARED_SECRET,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-                      transcript: transcript)
+                      transcript:)
     end
 
     it 'should generate server parameters write_key, iv' do
@@ -131,7 +131,7 @@ RSpec.describe KeySchedule do
       KeySchedule.new(psk: TESTBINARY_0_RTT_PSK,
                       shared_secret: nil,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-                      transcript: transcript)
+                      transcript:)
     end
 
     it 'should generate binder key for resumption PSKs' do
@@ -177,7 +177,7 @@ RSpec.describe KeySchedule do
       )
       KeySchedule.new(shared_secret: TESTBINARY_HRR_SHARED_SECRET,
                       cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-                      transcript: transcript)
+                      transcript:)
     end
 
     it 'should generate server finished_key' do

data/spec/new_session_ticket_spec.rb

@@ -23,10 +23,10 @@ RSpec.describe NewSessionTicket do
     end
 
     let(:message) do
-      NewSessionTicket.new(ticket_lifetime: ticket_lifetime,
-                           ticket_age_add: ticket_age_add,
-                           ticket_nonce: ticket_nonce,
-                           ticket: ticket)
+      NewSessionTicket.new(ticket_lifetime:,
+                           ticket_age_add:,
+                           ticket_nonce:,
+                           ticket:)
     end
 
     it 'should be generated' do

data/spec/pre_shared_key_spec.rb

@@ -23,22 +23,22 @@ RSpec.describe PreSharedKey do
     let(:identities) do
       [
         PskIdentity.new(
-          identity: identity,
-          obfuscated_ticket_age: obfuscated_ticket_age
+          identity:,
+          obfuscated_ticket_age:
         )
       ]
     end
 
     let(:offered_psks) do
       OfferedPsks.new(
-        identities: identities,
-        binders: binders
+        identities:,
+        binders:
       )
     end
 
     let(:extension) do
       PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
-                       offered_psks: offered_psks)
+                       offered_psks:)
     end
 
     it 'should be generated' do
@@ -98,14 +98,14 @@ RSpec.describe PreSharedKey do
 
     let(:offered_psks) do
       OfferedPsks.new(
-        identities: identities,
-        binders: binders
+        identities:,
+        binders:
       )
     end
 
     let(:extension) do
       PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
-                       offered_psks: offered_psks)
+                       offered_psks:)
     end
 
     it 'should be generated' do

data/spec/record_spec.rb

@@ -39,7 +39,7 @@ RSpec.describe Record do
     end
 
     it 'should generate valid serializable object' do
-      expect(record.serialize).to eq  ContentType::CCS \
+      expect(record.serialize).to eq ContentType::CCS \
                                      + ProtocolVersion::TLS_1_2 \
                                      + 1.to_uint16 \
                                      + ChangeCipherSpec.new.serialize

data/spec/server_hello_spec.rb

@@ -19,9 +19,9 @@ RSpec.describe ServerHello do
     end
 
     let(:message) do
-      ServerHello.new(random: random,
-                      legacy_session_id_echo: legacy_session_id_echo,
-                      cipher_suite: cipher_suite)
+      ServerHello.new(random:,
+                      legacy_session_id_echo:,
+                      cipher_suite:)
     end
 
     it 'should be generated' do
@@ -121,8 +121,8 @@ RSpec.describe ServerHello do
 
     let(:message) do
       ServerHello.new(random: Message::HRR_RANDOM,
-                      legacy_session_id_echo: legacy_session_id_echo,
-                      cipher_suite: cipher_suite)
+                      legacy_session_id_echo:,
+                      cipher_suite:)
     end
 
     it 'should be generated' do

data/spec/server_spec.rb

@@ -34,7 +34,6 @@ RSpec.describe Server do
     let(:ch) do
       ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
 
-      # X25519 is unsupported so @named_group uses SECP256R1.
       key_share = KeyShare.new(
         msg_type: HandshakeType::CLIENT_HELLO,
         key_share_entry: [
@@ -77,7 +76,8 @@ RSpec.describe Server do
       expect(ee.extensions[ExtensionType::SERVER_NAME].server_name).to eq ''
       expect(ee.extensions).to include(ExtensionType::SUPPORTED_GROUPS)
       expect(ee.extensions[ExtensionType::SUPPORTED_GROUPS].named_group_list)
-        .to eq [NamedGroup::SECP256R1,
+        .to eq [NamedGroup::X25519,
+                NamedGroup::SECP256R1,
                 NamedGroup::SECP384R1,
                 NamedGroup::SECP521R1]
     end
@@ -175,9 +175,9 @@ RSpec.describe Server do
       signature = cv.signature
       digest = CipherSuite.digest(cipher_suite)
       expect(Endpoint.verified_certificate_verify?(
-               public_key: public_key,
-               signature_scheme: signature_scheme,
-               signature: signature,
+               public_key:,
+               signature_scheme:,
+               signature:,
                context: 'TLS 1.3, server CertificateVerify',
                hash: transcript.hash(digest, CT)
              )).to be true
@@ -208,14 +208,14 @@ RSpec.describe Server do
 
     let(:key_schedule) do
       KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
-                      cipher_suite: cipher_suite,
-                      transcript: transcript)
+                      cipher_suite:,
+                      transcript:)
     end
 
     let(:signature) do
       digest = CipherSuite.digest(cipher_suite)
       Endpoint.sign_finished(
-        digest: digest,
+        digest:,
         finished_key: key_schedule.server_finished_key,
         hash: transcript.hash(digest, CV)
       )

data/tttls1.3.gemspec

@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
   spec.description   = spec.summary
   spec.homepage      = 'https://github.com/thekuwayama/tttls1.3'
   spec.license       = 'MIT'
-  spec.required_ruby_version = '>=3.1'
+  spec.required_ruby_version = '>= 3.1.0'
 
   spec.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
@@ -23,5 +23,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency             'ech_config', '~> 0.0.3'
   spec.add_dependency             'hpke'
   spec.add_dependency             'logger'
-  spec.add_dependency             'openssl'
+  spec.add_dependency             'openssl', '>= 3'
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.3.5
 platform: ruby
 authors:
 - thekuwayama
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-29 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -72,14 +71,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3'
 description: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
 email:
 - thekuwayama@gmail.com
@@ -102,7 +101,6 @@ files:
 - example/https_client_using_0rtt.rb
 - example/https_client_using_ech.rb
 - example/https_client_using_grease_ech.rb
-- example/https_client_using_grease_psk.rb
 - example/https_client_using_hrr.rb
 - example/https_client_using_hrr_and_ech.rb
 - example/https_client_using_hrr_and_ticket.rb
@@ -160,6 +158,7 @@ files:
 - lib/tttls1.3/named_group.rb
 - lib/tttls1.3/sequence_number.rb
 - lib/tttls1.3/server.rb
+- lib/tttls1.3/shared_secret.rb
 - lib/tttls1.3/signature_scheme.rb
 - lib/tttls1.3/sslkeylogfile.rb
 - lib/tttls1.3/transcript.rb
@@ -224,7 +223,6 @@ homepage: https://github.com/thekuwayama/tttls1.3
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -232,15 +230,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.1'
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.3
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
 test_files:

data/example/https_client_using_grease_psk.rb

@@ -1,58 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'helper'
-HpkeSymmetricCipherSuite = \
-  ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
-
-uri = URI.parse(ARGV[0] || 'https://localhost:4433')
-ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(uri.host, uri.path)
-
-rr = Resolv::DNS.new.getresources(
-  uri.host,
-  Resolv::DNS::Resource::IN::HTTPS
-)
-settings_2nd = {
-  ca_file: File.exist?(ca_file) ? ca_file : nil,
-  alpn: ['http/1.1'],
-  ech_config: rr.first.svc_params['ech'].echconfiglist.first,
-  ech_hpke_cipher_suites:
-    TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
-  sslkeylogfile: '/tmp/sslkeylogfile.log'
-}
-process_new_session_ticket = lambda do |nst, rms, cs|
-  return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
-
-  settings_2nd[:ticket] = nst.ticket
-  settings_2nd[:resumption_main_secret] = rms
-  settings_2nd[:psk_cipher_suite] = cs
-  settings_2nd[:ticket_nonce] = nst.ticket_nonce
-  settings_2nd[:ticket_age_add] = nst.ticket_age_add
-  settings_2nd[:ticket_timestamp] = nst.timestamp
-end
-settings_1st = {
-  ca_file: File.exist?(ca_file) ? ca_file : nil,
-  alpn: ['http/1.1'],
-  process_new_session_ticket: process_new_session_ticket,
-  ech_config: rr.first.svc_params['ech'].echconfiglist.first,
-  ech_hpke_cipher_suites:
-    TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
-  sslkeylogfile: '/tmp/sslkeylogfile.log'
-}
-
-[
-  # Initial Handshake:
-  settings_1st,
-  # Subsequent Handshake:
-  settings_2nd
-].each do |settings|
-  socket = TCPSocket.new(uri.host, uri.port)
-  client = TTTLS13::Client.new(socket, uri.host, **settings)
-  client.connect
-  client.write(req)
-
-  print recv_http_response(client)
-  client.close unless client.eof?
-  socket.close
-end