tttls1.3 0.3.5 → 0.3.7

data/spec/client_spec.rb

@@ -1,274 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe Client do
-  context 'client' do
-    let(:record) do
-      mock_socket = SimpleStream.new
-      client = Client.new(mock_socket, 'localhost')
-      extensions, _priv_keys = client.send(:gen_ch_extensions)
-      client.send(:send_client_hello, extensions)
-      Record.deserialize(mock_socket.read, Cryptograph::Passer.new).first
-    end
-
-    it 'should send default ClientHello' do
-      expect(record.type).to eq ContentType::HANDSHAKE
-
-      message = record.messages.first
-      expect(message.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.cipher_suites)
-        .to eq [CipherSuite::TLS_AES_256_GCM_SHA384,
-                CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
-                CipherSuite::TLS_AES_128_GCM_SHA256]
-      expect(message.legacy_compression_methods).to eq ["\x00"]
-    end
-  end
-
-  context 'client' do
-    let(:message) do
-      msg_len = TESTBINARY_SERVER_HELLO.length
-      mock_socket = SimpleStream.new
-      mock_socket.write(ContentType::HANDSHAKE \
-                        + ProtocolVersion::TLS_1_2 \
-                        + msg_len.to_uint16 \
-                        + TESTBINARY_SERVER_HELLO)
-      client = Client.new(mock_socket, 'localhost')
-      client.send(:recv_server_hello).first
-    end
-
-    it 'should receive ServerHello' do
-      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
-      expect(message.legacy_compression_method).to eq "\x00"
-    end
-  end
-
-  context 'client' do
-    let(:client) do
-      mock_socket = SimpleStream.new
-      mock_socket.write(TESTBINARY_SERVER_PARAMETERS_RECORD)
-      Client.new(mock_socket, 'localhost')
-    end
-
-    let(:cipher) do
-      Cryptograph::Aead.new(
-        cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-        write_key: TESTBINARY_SERVER_PARAMETERS_WRITE_KEY,
-        write_iv: TESTBINARY_SERVER_PARAMETERS_WRITE_IV,
-        sequence_number: SequenceNumber.new
-      )
-    end
-
-    it 'should receive EncryptedExtensions' do
-      message, = client.send(:recv_encrypted_extensions, cipher)
-      expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
-    end
-
-    it 'should receive Certificate' do
-      client.send(:recv_encrypted_extensions, cipher) # to skip
-      message, = client.send(:recv_certificate, cipher)
-      expect(message.msg_type).to eq HandshakeType::CERTIFICATE
-    end
-
-    it 'should receive CertificateVerify' do
-      client.send(:recv_encrypted_extensions, cipher) # to skip
-      client.send(:recv_certificate, cipher)          # to skip
-      message, = client.send(:recv_certificate_verify, cipher)
-      expect(message.msg_type).to eq HandshakeType::CERTIFICATE_VERIFY
-    end
-
-    it 'should receive Finished' do
-      client.send(:recv_encrypted_extensions, cipher) # to skip
-      client.send(:recv_certificate, cipher)          # to skip
-      client.send(:recv_certificate_verify, cipher)   # to skip
-      message, = client.send(:recv_finished, cipher)
-      expect(message.msg_type).to eq HandshakeType::FINISHED
-    end
-  end
-
-  context 'client' do
-    let(:cipher_suite) do
-      CipherSuite::TLS_AES_128_GCM_SHA256
-    end
-
-    let(:transcript) do
-      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
-      ct = Certificate.deserialize(TESTBINARY_CERTIFICATE)
-      cv = CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
-      sf = Finished.deserialize(TESTBINARY_SERVER_FINISHED)
-      transcript = Transcript.new
-      transcript.merge!(
-        CH => [ch, TESTBINARY_CLIENT_HELLO],
-        SH => [sh, TESTBINARY_SERVER_HELLO],
-        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
-        CT => [ct, TESTBINARY_CERTIFICATE],
-        CV => [cv, TESTBINARY_CERTIFICATE_VERIFY],
-        SF => [sf, TESTBINARY_SERVER_FINISHED]
-      )
-      transcript
-    end
-
-    let(:finished_key) do
-      key_schedule = KeySchedule.new(
-        shared_secret: TESTBINARY_SHARED_SECRET,
-        cipher_suite:,
-        transcript:
-      )
-      key_schedule.client_finished_key
-    end
-
-    let(:record) do
-      mock_socket = SimpleStream.new
-      client = Client.new(mock_socket, 'localhost')
-      digest = CipherSuite.digest(cipher_suite)
-      hash = transcript.hash(digest, EOED)
-      signature = Endpoint.sign_finished(
-        digest:,
-        finished_key:,
-        hash:
-      )
-      hs_wcipher = Cryptograph::Aead.new(
-        cipher_suite:,
-        write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
-        write_iv: TESTBINARY_CLIENT_FINISHED_WRITE_IV,
-        sequence_number: SequenceNumber.new
-      )
-      client.send(:send_finished, signature, hs_wcipher)
-      hs_rcipher = Cryptograph::Aead.new(
-        cipher_suite:,
-        write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
-        write_iv: TESTBINARY_CLIENT_FINISHED_WRITE_IV,
-        sequence_number: SequenceNumber.new
-      )
-      Record.deserialize(mock_socket.read, hs_rcipher).first
-    end
-
-    it 'should send Finished' do
-      expect(record.type).to eq ContentType::APPLICATION_DATA
-
-      message = record.messages.first
-      expect(message.msg_type).to eq HandshakeType::FINISHED
-      expect(message.serialize).to eq TESTBINARY_CLIENT_FINISHED
-    end
-  end
-
-  context 'client' do
-    let(:cipher_suite) do
-      CipherSuite::TLS_AES_128_GCM_SHA256
-    end
-
-    let(:ct) do
-      Certificate.deserialize(TESTBINARY_CERTIFICATE)
-    end
-
-    let(:cv) do
-      CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
-    end
-
-    let(:sf) do
-      Finished.deserialize(TESTBINARY_SERVER_FINISHED)
-    end
-
-    let(:transcript) do
-      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
-      transcript = Transcript.new
-      transcript.merge!(
-        CH => [ch, TESTBINARY_CLIENT_HELLO],
-        SH => [sh, TESTBINARY_SERVER_HELLO],
-        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
-        CT => [ct, TESTBINARY_CERTIFICATE],
-        CV => [cv, TESTBINARY_CERTIFICATE_VERIFY],
-        SF => [sf, TESTBINARY_SERVER_FINISHED]
-      )
-    end
-
-    let(:key_schedule) do
-      KeySchedule.new(
-        shared_secret: TESTBINARY_SHARED_SECRET,
-        cipher_suite:,
-        transcript:
-      )
-    end
-
-    let(:client) do
-      Client.new(nil, 'localhost')
-    end
-
-    let(:cf) do
-      Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
-    end
-
-    it 'should verify server CertificateVerify' do
-      hash = transcript.hash(CipherSuite.digest(cipher_suite), CT)
-      expect(client.send(:verified_certificate_verify?, ct, cv, hash))
-        .to be true
-    end
-
-    it 'should verify server Finished' do
-      digest = CipherSuite.digest(cipher_suite)
-      hash = transcript.hash(digest, CV)
-      expect(Endpoint.verified_finished?(
-               finished: sf,
-               digest:,
-               finished_key: key_schedule.server_finished_key,
-               hash:
-             )).to be true
-    end
-
-    it 'should sign client Finished' do
-      digest = CipherSuite.digest(cipher_suite)
-      hash = transcript.hash(digest, EOED)
-      expect(Endpoint.sign_finished(
-               digest:,
-               finished_key: key_schedule.client_finished_key,
-               hash:
-             )).to eq cf.verify_data
-    end
-  end
-
-  context 'client, received Certificate signed by private CA,' do
-    let(:certificate) do
-      server_crt = OpenSSL::X509::Certificate.new(
-        File.read(__dir__ + '/fixtures/rsa_rsa.crt')
-      )
-      Certificate.new(certificate_list: [CertificateEntry.new(server_crt)])
-    end
-
-    it 'should not certify certificate' do
-      expect(Endpoint.trusted_certificate?(certificate.certificate_list))
-        .to be false
-    end
-
-    it 'should certify certificate, received path to private ca.crt' do
-      expect(Endpoint.trusted_certificate?(
-               certificate.certificate_list,
-               __dir__ + '/fixtures/rsa_ca.crt'
-             )).to be true
-    end
-  end
-
-  context 'client using PSK' do
-    let(:client) do
-      Client.new(nil, 'localhost')
-    end
-
-    let(:ticket_nonce) do
-      nst = NewSessionTicket.deserialize(TESTBINARY_NEW_SESSION_TICKET)
-      nst.ticket_nonce
-    end
-
-    it 'should generate PSK from NewSessionTicket of previous handshake' do
-      expect(client.send(:gen_psk_from_nst, TESTBINARY_RES_MASTER, ticket_nonce,
-                         'SHA256')).to eq TESTBINARY_0_RTT_PSK
-    end
-  end
-end

data/spec/compress_certificate_spec.rb

@@ -1,54 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe Alpn do
-  context 'valid compress_certificate' do
-    let(:algorithms) do
-      [CertificateCompressionAlgorithm::ZLIB]
-    end
-
-    let(:extension) do
-      CompressCertificate.new(algorithms)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::COMPRESS_CERTIFICATE
-      expect(extension.algorithms).to eq algorithms
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize)
-        .to eq ExtensionType::COMPRESS_CERTIFICATE \
-               + 3.to_uint16 \
-               + 2.to_uint8 \
-               + "\x00\x01"
-    end
-  end
-
-  context 'invalid compress_certificate, empty,' do
-    let(:extension) do
-      CompressCertificate.new([])
-    end
-
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid compress_certificate binary' do
-    let(:extension) do
-      CompressCertificate.deserialize(TESTBINARY_COMPRESS_CERTIFICATE)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::COMPRESS_CERTIFICATE
-      expect(extension.algorithms)
-        .to eq [CertificateCompressionAlgorithm::ZLIB]
-    end
-  end
-end

data/spec/cookie_spec.rb

@@ -1,98 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe Cookie do
-  context 'valid cookie' do
-    let(:cookie) do
-      OpenSSL::Random.random_bytes(2**16 - 3)
-    end
-
-    let(:extension) do
-      Cookie.new(cookie)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::COOKIE
-      expect(extension.cookie).to eq cookie
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::COOKIE \
-                                        + (2**16 - 1).to_uint16 \
-                                        + (2**16 - 3).to_uint16 \
-                                        + cookie
-    end
-  end
-
-  context 'ignored cookie, empty,' do
-    let(:extension) do
-      Cookie.new('')
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::COOKIE
-      expect(extension.cookie).to eq ''
-    end
-  end
-
-  context 'ignored cookie, nil,' do
-    let(:extension) do
-      Cookie.new(nil)
-    end
-
-    it 'should not be generated' do
-      expect(extension.extension_type).to eq ExtensionType::COOKIE
-      expect(extension.cookie).to eq ''
-    end
-  end
-
-  context 'invalid cookie, too long,' do
-    let(:extension) do
-      Cookie.new('a' * (2**16 - 2))
-    end
-
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid cookie binary' do
-    let(:extension) do
-      Cookie.deserialize(TESTBINARY_COOKIE)
-    end
-
-    it 'should generate object' do
-      expect(extension.extension_type).to eq ExtensionType::COOKIE
-      expect(extension.cookie).to eq TESTBINARY_COOKIE[2..]
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize).to eq ExtensionType::COOKIE \
-                                        + TESTBINARY_COOKIE.prefix_uint16_length
-    end
-  end
-
-  context 'cookie binary, empty,' do
-    let(:extension) do
-      Cookie.deserialize("\x00\x00")
-    end
-
-    it 'should generat object' do
-      expect(extension.extension_type).to eq ExtensionType::COOKIE
-      expect(extension.cookie).to eq ''
-    end
-  end
-
-  context 'invalid cookie binary, malformed binary,' do
-    let(:extension) do
-      Cookie.deserialize(TESTBINARY_COOKIE[0...-1])
-    end
-
-    it 'should return nil' do
-      expect(extension).to be nil
-    end
-  end
-end

data/spec/early_data_indication_spec.rb

@@ -1,64 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe EarlyDataIndication do
-  context 'valid early_data_indication, NewSessionTicket,' do
-    let(:extension) do
-      EarlyDataIndication.new(2**32 - 1)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::EARLY_DATA
-      expect(extension.max_early_data_size).to eq 2**32 - 1
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::EARLY_DATA \
-                                        + 4.to_uint16 \
-                                        + (2**32 - 1).to_uint32
-    end
-  end
-
-  context 'valid early_data_indication, ClientHello or EncryptedExtensions,' do
-    let(:extension) do
-      EarlyDataIndication.new(nil)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::EARLY_DATA
-      expect(extension.max_early_data_size).to be nil
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::EARLY_DATA \
-                                        + 0.to_uint16
-    end
-  end
-
-  context 'valid early_data_indication binary, NewSessionTicket,' do
-    let(:extension) do
-      EarlyDataIndication.deserialize(TESTBINARY_EARLY_DATA_INDICATION_NST,
-                                      HandshakeType::NEW_SESSION_TICKET)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::EARLY_DATA
-      expect(extension.max_early_data_size).to eq 1024
-    end
-  end
-
-  context 'valid early_data_indication binary, ClientHello,' do
-    let(:extension) do
-      EarlyDataIndication.deserialize(TESTBINARY_EARLY_DATA_INDICATION_CH,
-                                      HandshakeType::CLIENT_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::EARLY_DATA
-      expect(extension.max_early_data_size).to be nil
-    end
-  end
-end

data/spec/ech_outer_extensions_spec.rb

@@ -1,42 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe ECHOuterExtensions do
-  context 'valid ech_outer_extensions, [key_share]' do
-    let(:extension) do
-      ECHOuterExtensions.new([ExtensionType::KEY_SHARE])
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::ECH_OUTER_EXTENSIONS
-      expect(extension.outer_extensions).to eq [ExtensionType::KEY_SHARE]
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::ECH_OUTER_EXTENSIONS \
-                                        + 3.to_uint16 \
-                                        + 2.to_uint8 \
-                                        + ExtensionType::KEY_SHARE
-    end
-  end
-
-  context 'valid ech_outer_extensions binary' do
-    let(:extension) do
-      ECHOuterExtensions.deserialize(TESTBINARY_ECH_OUTER_EXTENSIONS)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to be ExtensionType::ECH_OUTER_EXTENSIONS
-      expect(extension.outer_extensions).to eq [ExtensionType::KEY_SHARE]
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::ECH_OUTER_EXTENSIONS \
-               + TESTBINARY_ECH_OUTER_EXTENSIONS.prefix_uint16_length
-    end
-  end
-end

data/spec/ech_spec.rb

@@ -1,122 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe ECHClientHello do
-  context 'valid ECHClientHello outer binary' do
-    let(:extension) do
-      ECHClientHello.deserialize(TESTBINARY_ECH_OUTER)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
-      expect(extension.type).to eq ECHClientHelloType::OUTER
-      expect(extension.cipher_suite.kdf_id.uint16).to eq 1
-      expect(extension.cipher_suite.aead_id.uint16).to eq 1
-      expect(extension.config_id).to eq 32
-      expect(extension.enc.length).to eq 32
-      expect(extension.payload.length).to eq 239
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize)
-        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO \
-               + 281.to_uint16 \
-               + ECHClientHelloType::OUTER \
-               + 1.to_uint16 \
-               + 1.to_uint16 \
-               + 32.to_uint8 \
-               + extension.enc.prefix_uint16_length \
-               + extension.payload.prefix_uint16_length
-    end
-  end
-
-  context 'valid ECHClientHello inner binary' do
-    let(:extension) do
-      ECHClientHello.deserialize(TESTBINARY_ECH_INNER)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
-      expect(extension.type).to eq ECHClientHelloType::INNER
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize)
-        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO \
-               + 1.to_uint16 \
-               + ECHClientHelloType::INNER \
-    end
-  end
-
-  context 'valid ECHEncryptedExtensions binary' do
-    let(:extension) do
-      ECHEncryptedExtensions.deserialize(TESTBINARY_ECH_EE)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
-      expect(extension.retry_configs.is_a?(Array)).to be_truthy
-      expect(extension.retry_configs.length).to eq 1
-      expect(extension.retry_configs.first.is_a?(ECHConfig)).to be_truthy
-    end
-  end
-
-  context 'valid ECHHelloRetryRequest binary' do
-    let(:extension) do
-      ECHHelloRetryRequest.deserialize(TESTBINARY_ECH_HRR)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
-      expect(extension.confirmation).to eq "\x00" * 8
-    end
-  end
-end
-
-RSpec.describe Ech do
-  context 'EncodedClientHelloInner length' do
-    let(:server_name) do
-      'localhost'
-    end
-
-    let(:client) do
-      Client.new(nil, server_name)
-    end
-
-    let(:maximum_name_length) do
-      0
-    end
-
-    let(:encoded) do
-      extensions, = client.send(:gen_ch_extensions)
-      inner_ech = Message::Extension::ECHClientHello.new_inner
-      Message::ClientHello.new(
-        legacy_session_id: '',
-        cipher_suites: CipherSuites.new(DEFAULT_CH_CIPHER_SUITES),
-        extensions: extensions.merge(
-          Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
-        )
-      )
-    end
-
-    let(:padding_encoded_ch_inner) do
-      Ech.padding_encoded_ch_inner(
-        encoded.serialize[4..],
-        server_name.length,
-        maximum_name_length
-      )
-    end
-
-    it 'should be equal placeholder_encoded_ch_inner_len' do
-      expect(Ech.placeholder_encoded_ch_inner_len)
-        .to eq padding_encoded_ch_inner.length
-    end
-  end
-end