tttls1.3 0.3.5 → 0.3.7

data/spec/aead_spec.rb

@@ -1,95 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-
-RSpec.describe Aead do
-  context 'aead using CipherSuite::TLS_AES_128_GCM_SHA256' do
-    let(:cipher) do
-      Aead.new(cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-               write_key: TESTBINARY_SERVER_PARAMETERS_WRITE_KEY,
-               write_iv: TESTBINARY_SERVER_PARAMETERS_WRITE_IV,
-               sequence_number: SequenceNumber.new)
-    end
-
-    let(:content) do
-      TESTBINARY_SERVER_PARAMETERS
-    end
-
-    let(:encrypted_record) do
-      TESTBINARY_SERVER_PARAMETERS_RECORD[5..]
-    end
-
-    let(:record_header) do
-      TESTBINARY_SERVER_PARAMETERS_RECORD[0...5]
-    end
-
-    it 'should encrypt content of server parameters' do
-      expect(cipher.encrypt(content, ContentType::HANDSHAKE))
-        .to eq encrypted_record
-    end
-
-    it 'should decrypt encrypted_record server parameters' do
-      expect(cipher.decrypt(encrypted_record, record_header))
-        .to eq [content, ContentType::HANDSHAKE]
-    end
-  end
-
-  context 'aead using CipherSuite::TLS_AES_128_GCM_SHA256' do
-    let(:cipher) do
-      Aead.new(cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-               write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
-               write_iv: TESTBINARY_CLIENT_FINISHED_WRITE_IV,
-               sequence_number: SequenceNumber.new)
-    end
-
-    let(:content) do
-      TESTBINARY_CLIENT_FINISHED
-    end
-
-    let(:encrypted_record) do
-      TESTBINARY_CLIENT_FINISHED_RECORD[5..]
-    end
-
-    let(:record_header) do
-      TESTBINARY_CLIENT_FINISHED_RECORD[0...5]
-    end
-
-    it 'should encrypt content of client finished' do
-      expect(cipher.encrypt(content, ContentType::HANDSHAKE))
-        .to eq encrypted_record
-    end
-
-    it 'should decrypt encrypted_record client finished' do
-      expect(cipher.decrypt(encrypted_record, record_header))
-        .to eq [content, ContentType::HANDSHAKE]
-    end
-  end
-
-  context 'aead using CipherSuite::TLS_AES_128_GCM_SHA256, ' \
-          'HelloRetryRequest,' do
-    let(:cipher) do
-      Aead.new(cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-               write_key: TESTBINARY_HRR_SERVER_PARAMETERS_WRITE_KEY,
-               write_iv: TESTBINARY_HRR_SERVER_PARAMETERS_WRITE_IV,
-               sequence_number: SequenceNumber.new)
-    end
-
-    let(:content) do
-      TESTBINARY_HRR_SERVER_PARAMETERS
-    end
-
-    let(:encrypted_record) do
-      TESTBINARY_HRR_SERVER_PARAMETERS_RECORD[5..]
-    end
-
-    let(:record_header) do
-      TESTBINARY_HRR_SERVER_PARAMETERS_RECORD[0...5]
-    end
-
-    it 'should decrypt encrypted_record server parameters' do
-      expect(cipher.decrypt(encrypted_record, record_header))
-        .to eq [content, ContentType::HANDSHAKE]
-    end
-  end
-end

data/spec/alert_spec.rb

@@ -1,54 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-
-RSpec.describe Alert do
-  context 'unexpected_message alert' do
-    let(:message) do
-      Alert.new(level: AlertLevel::FATAL,
-                description: ALERT_DESCRIPTION[:unexpected_message])
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq AlertLevel::FATAL \
-                                      + ALERT_DESCRIPTION[:unexpected_message]
-    end
-
-    it 'should return error' do
-      expect(message.to_error).to be_a_kind_of(ErrorAlerts)
-      expect(message.to_error.message).to eq 'unexpected_message'
-    end
-  end
-
-  context 'unexpected_message alert, not given level' do
-    let(:message) do
-      Alert.new(description: ALERT_DESCRIPTION[:unexpected_message])
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq AlertLevel::FATAL \
-                                      + ALERT_DESCRIPTION[:unexpected_message]
-    end
-
-    it 'should return error' do
-      expect(message.to_error).to be_a_kind_of(ErrorAlerts)
-      expect(message.to_error.message).to eq 'unexpected_message'
-    end
-  end
-
-  context 'valid alert binary' do
-    let(:message) do
-      Alert.deserialize(TESTBINARY_ALERT)
-    end
-
-    it 'should generate object' do
-      expect(message.level).to eq AlertLevel::WARNING
-      expect(message.description).to eq ALERT_DESCRIPTION[:close_notify]
-    end
-
-    it 'should generate serializable object' do
-      expect(message.serialize).to eq TESTBINARY_ALERT
-    end
-  end
-end

data/spec/alpn_spec.rb

@@ -1,55 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe Alpn do
-  context 'valid alpn' do
-    let(:protocol_name_list) do
-      ['h2', 'http/1.1', 'http/1.0']
-    end
-
-    let(:extension) do
-      Alpn.new(protocol_name_list)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
-      expect(extension.protocol_name_list).to eq protocol_name_list
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize)
-        .to eq ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION \
-               + 23.to_uint16 \
-               + 21.to_uint16 \
-               + 'h2'.prefix_uint8_length \
-               + 'http/1.1'.prefix_uint8_length \
-               + 'http/1.0'.prefix_uint8_length
-    end
-  end
-
-  context 'invalid alpn, empty,' do
-    let(:extension) do
-      Alpn.new([])
-    end
-
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid alpn binary' do
-    let(:extension) do
-      Alpn.deserialize(TESTBINARY_ALPN)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
-      expect(extension.protocol_name_list).to eq ['h2', 'http/1.1']
-    end
-  end
-end

data/spec/application_data_spec.rb

@@ -1,26 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-
-RSpec.describe ApplicationData do
-  context 'application_data' do
-    let(:message) do
-      ApplicationData.new(TESTBINARY_CLIENT_APPLICATION_DATA)
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq TESTBINARY_CLIENT_APPLICATION_DATA
-    end
-  end
-
-  context 'valid application_data binary' do
-    let(:message) do
-      ApplicationData.deserialize(TESTBINARY_CLIENT_APPLICATION_DATA)
-    end
-
-    it 'should generate valid serializable object' do
-      expect(message.serialize).to eq TESTBINARY_CLIENT_APPLICATION_DATA
-    end
-  end
-end

data/spec/certificate_spec.rb

@@ -1,82 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe Certificate do
-  context 'valid certificate' do
-    let(:certificate) do
-      OpenSSL::X509::Certificate.new(
-        File.read(__dir__ + '/fixtures/rsa_rsa.crt')
-      )
-    end
-
-    let(:message) do
-      Certificate.new(certificate_list: [CertificateEntry.new(certificate)])
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::CERTIFICATE
-      expect(message.certificate_request_context).to be_empty
-
-      certificate_entry = message.certificate_list.first
-      expect(certificate_entry.cert_data.subject.to_s).to eq '/CN=localhost'
-      expect(certificate_entry.extensions).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq HandshakeType::CERTIFICATE \
-                                      + 742.to_uint24 \
-                                      + 0.to_uint8 \
-                                      + 738.to_uint24 \
-                                      + 733.to_uint24 \
-                                      + certificate.to_der \
-                                      + 0.to_uint16
-    end
-  end
-
-  context 'valid certificate binary' do
-    let(:message) do
-      Certificate.deserialize(TESTBINARY_CERTIFICATE)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::CERTIFICATE
-      expect(message.certificate_request_context).to be_empty
-
-      certificate_entry = message.certificate_list.first
-      expect(certificate_entry.cert_data.subject.to_s).to eq '/CN=rsa'
-      expect(certificate_entry.extensions).to be_empty
-    end
-
-    it 'should generate serializable object' do
-      expect(message.serialize).to eq TESTBINARY_CERTIFICATE
-    end
-  end
-
-  context 'invalid certificate, including forbidden extension type,' do
-    let(:certificate) do
-      OpenSSL::X509::Certificate.new(
-        File.read(__dir__ + '/fixtures/rsa_rsa.crt')
-      )
-    end
-
-    let(:server_name) do
-      ServerName.new('')
-    end
-
-    let(:message) do
-      Certificate.new(
-        certificate_list: [
-          CertificateEntry.new(certificate, Extensions.new([server_name]))
-        ]
-      )
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::CERTIFICATE
-      expect(message.appearable_extensions?).to be false
-    end
-  end
-end

data/spec/certificate_verify_spec.rb

@@ -1,51 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe CertificateVerify do
-  context 'valid certificate_verify' do
-    let(:signature) do
-      OpenSSL::Random.random_bytes(128)
-    end
-
-    let(:message) do
-      CertificateVerify.new(
-        signature_scheme: SignatureScheme::RSA_PSS_RSAE_SHA256,
-        signature:
-      )
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::CERTIFICATE_VERIFY
-      expect(message.signature_scheme) \
-        .to eq SignatureScheme::RSA_PSS_RSAE_SHA256
-      expect(message.signature).to eq signature
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq HandshakeType::CERTIFICATE_VERIFY \
-                                      + 132.to_uint24 \
-                                      + SignatureScheme::RSA_PSS_RSAE_SHA256 \
-                                      + signature.prefix_uint16_length
-    end
-  end
-
-  context 'valid certificate_verify binary' do
-    let(:message) do
-      CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::CERTIFICATE_VERIFY
-      expect(message.signature_scheme) \
-        .to eq SignatureScheme::RSA_PSS_RSAE_SHA256
-      expect(message.signature.length).to eq 128
-    end
-
-    it 'should generate serializable object' do
-      expect(message.serialize).to eq TESTBINARY_CERTIFICATE_VERIFY
-    end
-  end
-end

data/spec/change_cipher_spec_spec.rb

@@ -1,26 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-
-RSpec.describe ChangeCipherSpec do
-  context 'change_cipher_spec' do
-    let(:message) do
-      ChangeCipherSpec.new
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq "\x01"
-    end
-  end
-
-  context 'valid change_cipher_spec binary' do
-    let(:message) do
-      ChangeCipherSpec.deserialize(TESTBINARY_CHANGE_CIPHER_SPEC)
-    end
-
-    it 'should generate valid serializable object' do
-      expect(message.serialize).to eq "\x01"
-    end
-  end
-end

data/spec/cipher_suites_spec.rb

@@ -1,39 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe CipherSuites do
-  context 'valid cipher suites binary' do
-    let(:cs) do
-      CipherSuites.deserialize(TESTBINARY_CIPHER_SUITES)
-    end
-
-    it 'should generate valid object' do
-      expect(cs).to eq [CipherSuite::TLS_AES_256_GCM_SHA384,
-                        CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
-                        CipherSuite::TLS_AES_128_GCM_SHA256]
-    end
-  end
-
-  context 'invalid cipher suites binary, too short' do
-    let(:cs) do
-      CipherSuites.deserialize(TESTBINARY_CIPHER_SUITES[0...-1])
-    end
-
-    it 'should not generate object' do
-      expect { cs }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'invalid cipher suites binary, binary is nil' do
-    let(:cs) do
-      CipherSuites.deserialize(nil)
-    end
-
-    it 'should not generate object' do
-      expect { cs }.to raise_error(ErrorAlerts)
-    end
-  end
-end

data/spec/client_hello_spec.rb

@@ -1,105 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe ClientHello do
-  context 'default client_hello' do
-    let(:random) do
-      OpenSSL::Random.random_bytes(32)
-    end
-
-    let(:legacy_session_id) do
-      Array.new(32, 0).map(&:chr).join
-    end
-
-    let(:cipher_suites) do
-      CipherSuites.new([TLS_AES_256_GCM_SHA384,
-                        TLS_CHACHA20_POLY1305_SHA256,
-                        TLS_AES_128_GCM_SHA256])
-    end
-
-    let(:message) do
-      ClientHello.new(random:,
-                      legacy_session_id:,
-                      cipher_suites:)
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.random).to eq random
-      expect(message.legacy_session_id).to eq legacy_session_id
-      expect(message.cipher_suites).to eq [TLS_AES_256_GCM_SHA384,
-                                           TLS_CHACHA20_POLY1305_SHA256,
-                                           TLS_AES_128_GCM_SHA256]
-      expect(message.legacy_compression_methods).to eq ["\x00"]
-      expect(message.extensions).to be_empty
-      expect(message.negotiated_tls_1_3?).to be false
-      expect(message.ch_inner?).to be false
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq HandshakeType::CLIENT_HELLO \
-                                      + 79.to_uint24 \
-                                      + ProtocolVersion::TLS_1_2 \
-                                      + random \
-                                      + legacy_session_id.length.to_uint8 \
-                                      + legacy_session_id \
-                                      + cipher_suites.serialize \
-                                      + "\x01\x00" \
-                                      + Extensions.new.serialize
-    end
-  end
-
-  context 'valid client_hello binary' do
-    let(:message) do
-      ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.negotiated_tls_1_3?).to be true
-    end
-
-    it 'should generate valid serializable object' do
-      expect(message.serialize).to eq TESTBINARY_CLIENT_HELLO
-    end
-  end
-
-  context 'valid client_hello binary, 0-RTT,' do
-    let(:message) do
-      ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.negotiated_tls_1_3?).to be true
-    end
-
-    it 'should generate valid serializable object' do
-      expect(message.serialize).to eq TESTBINARY_0_RTT_CLIENT_HELLO
-    end
-  end
-
-  context 'valid inner client_hello' do
-    let(:message) do
-      cipher_suites = CipherSuites.new([TLS_AES_256_GCM_SHA384,
-                                        TLS_CHACHA20_POLY1305_SHA256,
-                                        TLS_AES_128_GCM_SHA256])
-      ch = ClientHello.new(random: OpenSSL::Random.random_bytes(32),
-                           legacy_session_id: Array.new(32, 0).map(&:chr).join,
-                           cipher_suites:)
-      ch.extensions[Message::ExtensionType::ENCRYPTED_CLIENT_HELLO] \
-        = Message::Extension::ECHClientHello.new_inner
-      ch
-    end
-
-    it 'should generate ClientHelloInner' do
-      expect(message.ch_inner?).to be true
-    end
-  end
-end