tttls1.3 0.3.5 → 0.3.7

data/spec/new_session_ticket_spec.rb

@@ -1,80 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe NewSessionTicket do
-  context 'new_session_ticket' do
-    let(:ticket_lifetime) do
-      7200 # two_hours
-    end
-
-    let(:ticket_age_add) do
-      OpenSSL::Random.random_bytes(4)
-    end
-
-    let(:ticket_nonce) do
-      "\x00" * 255
-    end
-
-    let(:ticket) do
-      OpenSSL::Random.random_bytes(255)
-    end
-
-    let(:message) do
-      NewSessionTicket.new(ticket_lifetime:,
-                           ticket_age_add:,
-                           ticket_nonce:,
-                           ticket:)
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::NEW_SESSION_TICKET
-      expect(message.ticket_lifetime).to eq ticket_lifetime
-      expect(message.ticket_age_add).to eq ticket_age_add
-      expect(message.ticket_nonce).to eq ticket_nonce
-      expect(message.ticket).to eq ticket
-      expect(message.extensions).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq HandshakeType::NEW_SESSION_TICKET \
-                                      + 523.to_uint24 \
-                                      + ticket_lifetime.to_uint32 \
-                                      + ticket_age_add \
-                                      + ticket_nonce.prefix_uint8_length \
-                                      + ticket.prefix_uint16_length \
-                                      + Extensions.new.serialize
-    end
-  end
-
-  context 'new_session_ticket, invalid ticket_age_add,' do
-    let(:message) do
-      NewSessionTicket.new(ticket_lifetime: 60 * 60 * 2, # 2 hours
-                           ticket_age_add: OpenSSL::Random.random_bytes(32),
-                           ticket_nonce: "\x00" * 255,
-                           ticket: OpenSSL::Random.random_bytes(255))
-    end
-
-    it 'should not be generated' do
-      expect { message }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid new_session_ticket binary' do
-    let(:message) do
-      NewSessionTicket.deserialize(TESTBINARY_NEW_SESSION_TICKET)
-    end
-
-    it 'should generate object' do
-      expect(message.msg_type).to eq HandshakeType::NEW_SESSION_TICKET
-      expect(message.ticket_lifetime).to eq 30
-      expect(message.ticket_nonce).to eq "\x00\x00"
-    end
-
-    it 'should generate serializable object' do
-      expect(message.serialize).to eq TESTBINARY_NEW_SESSION_TICKET
-    end
-  end
-end

data/spec/pre_shared_key_spec.rb

@@ -1,167 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe PreSharedKey do
-  context 'valid pre_shared_key of ClientHello' do
-    let(:identity) do
-      OpenSSL::Random.random_bytes(32)
-    end
-
-    let(:obfuscated_ticket_age) do
-      OpenSSL::BN.rand_range(1 << 32).to_i
-    end
-
-    let(:binders) do
-      [
-        OpenSSL::Random.random_bytes(32)
-      ]
-    end
-
-    let(:identities) do
-      [
-        PskIdentity.new(
-          identity:,
-          obfuscated_ticket_age:
-        )
-      ]
-    end
-
-    let(:offered_psks) do
-      OfferedPsks.new(
-        identities:,
-        binders:
-      )
-    end
-
-    let(:extension) do
-      PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
-                       offered_psks:)
-    end
-
-    it 'should be generated' do
-      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
-      expect(extension.offered_psks).to eq offered_psks
-      expect(extension.selected_identity).to be_nil
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::PRE_SHARED_KEY \
-                                        + 75.to_uint16 \
-                                        + 38.to_uint16 \
-                                        + 32.to_uint16 \
-                                        + identity \
-                                        + obfuscated_ticket_age.to_uint32 \
-                                        + 33.to_uint16 \
-                                        + "\x20" \
-                                        + binders.join
-    end
-  end
-
-  context 'valid pre_shared_key, ClientHello,' do
-    let(:identity_1) do
-      OpenSSL::Random.random_bytes(32)
-    end
-    let(:identity_2) do
-      OpenSSL::Random.random_bytes(32)
-    end
-
-    let(:obfuscated_ticket_age_1) do
-      OpenSSL::BN.rand_range(1 << 32).to_i
-    end
-    let(:obfuscated_ticket_age_2) do
-      OpenSSL::BN.rand_range(1 << 32).to_i
-    end
-
-    let(:binders) do
-      [
-        OpenSSL::Random.random_bytes(32),
-        OpenSSL::Random.random_bytes(32)
-      ]
-    end
-
-    let(:identities) do
-      [
-        PskIdentity.new(
-          identity: identity_1,
-          obfuscated_ticket_age: obfuscated_ticket_age_1
-        ),
-        PskIdentity.new(
-          identity: identity_2,
-          obfuscated_ticket_age: obfuscated_ticket_age_2
-        )
-      ]
-    end
-
-    let(:offered_psks) do
-      OfferedPsks.new(
-        identities:,
-        binders:
-      )
-    end
-
-    let(:extension) do
-      PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
-                       offered_psks:)
-    end
-
-    it 'should be generated' do
-      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
-      expect(extension.offered_psks).to eq offered_psks
-      expect(extension.selected_identity).to be_nil
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::PRE_SHARED_KEY \
-                                        + 146.to_uint16 \
-                                        + 76.to_uint16 \
-                                        + identity_1.prefix_uint16_length \
-                                        + obfuscated_ticket_age_1.to_uint32 \
-                                        + identity_2.prefix_uint16_length \
-                                        + obfuscated_ticket_age_2.to_uint32 \
-                                        + 66.to_uint16 \
-                                        + binders[0].prefix_uint8_length \
-                                        + binders[1].prefix_uint8_length
-    end
-  end
-
-  context 'valid pre_shared_key binary, ClientHello,' do
-    let(:extension) do
-      PreSharedKey.deserialize(TESTBINARY_PRE_SHARED_KEY_CH,
-                               HandshakeType::CLIENT_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
-    end
-
-    it 'should generate valid serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::PRE_SHARED_KEY \
-               + TESTBINARY_PRE_SHARED_KEY_CH.prefix_uint16_length
-    end
-  end
-
-  context 'valid pre_shared_key binary, ServerHello,' do
-    let(:extension) do
-      PreSharedKey.deserialize(TESTBINARY_PRE_SHARED_KEY_SH,
-                               HandshakeType::SERVER_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
-    end
-
-    it 'should generate valid serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::PRE_SHARED_KEY \
-               + TESTBINARY_PRE_SHARED_KEY_SH.prefix_uint16_length
-    end
-  end
-end

data/spec/psk_key_exchange_modes_spec.rb

@@ -1,45 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe PskKeyExchangeModes do
-  context 'valid psk_key_exchange_modes' do
-    let(:extension) do
-      PskKeyExchangeModes.new([PskKeyExchangeMode::PSK_KE,
-                               PskKeyExchangeMode::PSK_DHE_KE])
-    end
-
-    it 'should generate valid psk_key_exchange_modes' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES
-      expect(extension.ke_modes).to eq [PskKeyExchangeMode::PSK_KE,
-                                        PskKeyExchangeMode::PSK_DHE_KE]
-      expect(extension.serialize)
-        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES \
-               + 3.to_uint16 \
-               + [PskKeyExchangeMode::PSK_KE,
-                  PskKeyExchangeMode::PSK_DHE_KE].join.prefix_uint8_length
-    end
-  end
-
-  context 'valid psk_key_exchange_modes binary' do
-    let(:extension) do
-      PskKeyExchangeModes.deserialize(TESTBINARY_PSK_KEY_EXCHANGE_MODES)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES
-      expect(extension.ke_modes).to eq [PskKeyExchangeMode::PSK_KE,
-                                        PskKeyExchangeMode::PSK_DHE_KE]
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES \
-               + TESTBINARY_PSK_KEY_EXCHANGE_MODES.prefix_uint16_length
-    end
-  end
-end

data/spec/record_size_limit_spec.rb

@@ -1,61 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe RecordSizeLimit do
-  context 'vailid record_size_limit' do
-    let(:extension) do
-      RecordSizeLimit.new(2**14)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::RECORD_SIZE_LIMIT
-      expect(extension.record_size_limit).to eq 2**14
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::RECORD_SIZE_LIMIT \
-                                        + 2.to_uint16 \
-                                        + (2**14).to_uint16
-    end
-  end
-
-  context 'invalid record_size_limit' do
-    let(:extension) do
-      RecordSizeLimit.new(63)
-    end
-
-    it 'should not generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid record_size_limit binary' do
-    let(:extension) do
-      RecordSizeLimit.deserialize(TESTBINARY_RECORD_SIZE_LIMIT)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::RECORD_SIZE_LIMIT
-      expect(extension.record_size_limit).to eq 2**14
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::RECORD_SIZE_LIMIT \
-               + TESTBINARY_RECORD_SIZE_LIMIT.prefix_uint16_length
-    end
-  end
-
-  context 'invalid record_size_limit binary, too short record_size_limit,' do
-    let(:extension) do
-      RecordSizeLimit.deserialize(63.to_uint16)
-    end
-
-    it 'should not generate object' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-end

data/spec/record_spec.rb

@@ -1,105 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe Record do
-  context 'valid record' do
-    let(:record) do
-      Record.new(
-        type: ContentType::CCS,
-        legacy_record_version: ProtocolVersion::TLS_1_2,
-        messages: [ChangeCipherSpec.new],
-        cipher: Passer.new
-      )
-    end
-
-    it 'should be generated' do
-      expect(record.type).to eq ContentType::CCS
-      expect(record.legacy_record_version).to eq ProtocolVersion::TLS_1_2
-    end
-
-    it 'should be serialized' do
-      expect(record.serialize).to eq ContentType::CCS \
-                                     + ProtocolVersion::TLS_1_2 \
-                                     + 1.to_uint16 \
-                                     + ChangeCipherSpec.new.serialize
-    end
-  end
-
-  context 'valid record binary' do
-    let(:record) do
-      Record.deserialize(TESTBINARY_RECORD_CCS, Passer.new).first
-    end
-
-    it 'should generate valid record header and ChangeCipherSpec' do
-      expect(record.type).to eq ContentType::CCS
-      expect(record.legacy_record_version).to eq ProtocolVersion::TLS_1_2
-    end
-
-    it 'should generate valid serializable object' do
-      expect(record.serialize).to eq ContentType::CCS \
-                                     + ProtocolVersion::TLS_1_2 \
-                                     + 1.to_uint16 \
-                                     + ChangeCipherSpec.new.serialize
-    end
-  end
-
-  context 'invalid record binary, too short,' do
-    let(:record) do
-      Record.deserialize(TESTBINARY_RECORD_CCS[0...-1],
-                         Passer.new)
-    end
-
-    it 'should not generate object' do
-      expect { record }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'invalid record binary, nil,' do
-    let(:record) do
-      Record.deserialize(nil, Passer.new)
-    end
-
-    it 'should not generate object' do
-      expect { record }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'server parameters record binary' do
-    let(:record) do
-      cipher = Cryptograph::Aead.new(
-        cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-        write_key: TESTBINARY_SERVER_PARAMETERS_WRITE_KEY,
-        write_iv: TESTBINARY_SERVER_PARAMETERS_WRITE_IV,
-        sequence_number: SequenceNumber.new
-      )
-      Record.deserialize(TESTBINARY_SERVER_PARAMETERS_RECORD, cipher).first
-    end
-
-    it 'should generate valid record header' do
-      expect(record.type).to eq ContentType::APPLICATION_DATA
-      expect(record.legacy_record_version).to eq ProtocolVersion::TLS_1_2
-    end
-
-    it 'should generate valid server parameters' do
-      expect(record.messages[0].msg_type)
-        .to eq HandshakeType::ENCRYPTED_EXTENSIONS
-      expect(record.messages[0].serialize)
-        .to eq TESTBINARY_ENCRYPTED_EXTENSIONS
-      expect(record.messages[1].msg_type)
-        .to eq HandshakeType::CERTIFICATE
-      expect(record.messages[1].serialize)
-        .to eq TESTBINARY_CERTIFICATE
-      expect(record.messages[2].msg_type)
-        .to eq HandshakeType::CERTIFICATE_VERIFY
-      expect(record.messages[2].serialize)
-        .to eq TESTBINARY_CERTIFICATE_VERIFY
-      expect(record.messages[3].msg_type)
-        .to eq HandshakeType::FINISHED
-      expect(record.messages[3].serialize)
-        .to eq TESTBINARY_SERVER_FINISHED
-    end
-  end
-end

data/spec/server_hello_spec.rb

@@ -1,200 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe ServerHello do
-  context 'default server_hello' do
-    let(:random) do
-      OpenSSL::Random.random_bytes(32)
-    end
-
-    let(:legacy_session_id_echo) do
-      Array.new(32, 0).map(&:chr).join
-    end
-
-    let(:cipher_suite) do
-      CipherSuite::TLS_AES_256_GCM_SHA384
-    end
-
-    let(:message) do
-      ServerHello.new(random:,
-                      legacy_session_id_echo:,
-                      cipher_suite:)
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.random).to eq random
-      expect(message.legacy_session_id_echo).to eq legacy_session_id_echo
-      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_256_GCM_SHA384
-      expect(message.legacy_compression_method).to eq "\x00"
-      expect(message.extensions).to be_empty
-      expect(message.hrr?).to be false
-      expect(message.appearable_extensions?).to be true
-      expect(message.negotiated_tls_1_3?).to be false
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq HandshakeType::SERVER_HELLO \
-                                      + 72.to_uint24 \
-                                      + ProtocolVersion::TLS_1_2 \
-                                      + random \
-                                      + legacy_session_id_echo.length.to_uint8 \
-                                      + legacy_session_id_echo \
-                                      + cipher_suite \
-                                      + "\x00" \
-                                      + Extensions.new.serialize
-    end
-  end
-
-  context 'valid server_hello binary' do
-    let(:message) do
-      ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
-      expect(message.legacy_compression_method).to eq "\x00"
-      expect(message.hrr?).to be false
-      expect(message.appearable_extensions?).to be true
-      expect(message.negotiated_tls_1_3?).to be true
-    end
-
-    it 'should generate valid serializable object' do
-      expect(message.serialize).to eq TESTBINARY_SERVER_HELLO
-    end
-  end
-
-  context 'hello_retry_request binary' do
-    let(:message) do
-      ServerHello.deserialize(TESTBINARY_HRR_HELLO_RETRY_REQUEST)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
-      expect(message.legacy_compression_method).to eq "\x00"
-      expect(message.hrr?).to be true
-      expect(message.appearable_extensions?).to be true
-      expect(message.negotiated_tls_1_3?).to be true
-    end
-
-    it 'should generate valid serializable object' do
-      expect(message.serialize).to eq TESTBINARY_HRR_HELLO_RETRY_REQUEST
-    end
-  end
-
-  context 'valid server_hello binary, 0-RTT,' do
-    let(:message) do
-      ServerHello.deserialize(TESTBINARY_0_RTT_SERVER_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
-      expect(message.legacy_compression_method).to eq "\x00"
-      expect(message.hrr?).to be false
-      expect(message.appearable_extensions?).to be true
-      expect(message.negotiated_tls_1_3?).to be true
-    end
-
-    it 'should generate valid serializable object' do
-      expect(message.serialize).to eq TESTBINARY_0_RTT_SERVER_HELLO
-    end
-  end
-
-  context 'default hello_retry_request' do
-    let(:legacy_session_id_echo) do
-      Array.new(32, 0).map(&:chr).join
-    end
-
-    let(:cipher_suite) do
-      CipherSuite::TLS_AES_256_GCM_SHA384
-    end
-
-    let(:message) do
-      ServerHello.new(random: Message::HRR_RANDOM,
-                      legacy_session_id_echo:,
-                      cipher_suite:)
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.random).to eq Message::HRR_RANDOM
-      expect(message.legacy_session_id_echo).to eq legacy_session_id_echo
-      expect(message.cipher_suite).to eq CipherSuite::TLS_AES_256_GCM_SHA384
-      expect(message.legacy_compression_method).to eq "\x00"
-      expect(message.extensions).to be_empty
-      expect(message.hrr?).to eq true
-      expect(message.appearable_extensions?).to be true
-      expect(message.negotiated_tls_1_3?).to be false
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq HandshakeType::SERVER_HELLO \
-                                      + 72.to_uint24 \
-                                      + ProtocolVersion::TLS_1_2 \
-                                      + Message::HRR_RANDOM \
-                                      + legacy_session_id_echo.length.to_uint8 \
-                                      + legacy_session_id_echo \
-                                      + cipher_suite \
-                                      + "\x00" \
-                                      + Extensions.new.serialize
-    end
-  end
-
-  context 'server_hello with random[-8..] == downgrade protection ' \
-          'value(TLS 1.2)' do
-    let(:message) do
-      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-      random = OpenSSL::Random.random_bytes(24) + \
-               ServerHello.const_get(:DOWNGRADE_PROTECTION_TLS_1_2)
-      sh.instance_variable_set(:@random, random)
-      sh
-    end
-
-    it 'should check downgrade protection value' do
-      expect(message.negotiated_tls_1_3?).to be true
-      expect(message.downgraded?).to be true
-    end
-  end
-
-  context 'server_hello with random[-8..] == downgrade protection ' \
-          'value(TLS 1.2)' do
-    let(:message) do
-      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-      random = OpenSSL::Random.random_bytes(24) + \
-               ServerHello.const_get(:DOWNGRADE_PROTECTION_TLS_1_1)
-      sh.instance_variable_set(:@random, random)
-      sh
-    end
-
-    it 'should check downgrade protection value' do
-      expect(message.negotiated_tls_1_3?).to be true
-      expect(message.downgraded?).to be true
-    end
-  end
-
-  context 'server_hello with supported_versions not including "\x03\x04"' do
-    let(:message) do
-      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-      extensions = sh.instance_variable_get(:@extensions)
-      extensions.delete(ExtensionType::SUPPORTED_VERSIONS)
-      sh.instance_variable_set(:@extensions, extensions)
-      sh
-    end
-
-    it 'should check downgrade protection value' do
-      expect(message.negotiated_tls_1_3?).to be false
-      expect(message.downgraded?).to be false
-    end
-  end
-end