RubyGems - tttls1.3 - Versions diffs - 0.3.5 → 0.3.7 - Mend

tttls1.3 0.3.5 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

checksums.yaml +4 -4
data/.ruby-version +1 -1
data/Gemfile +2 -2
data/README.md +1 -1
data/lib/tttls1.3/client.rb +11 -5
data/lib/tttls1.3/ech.rb +31 -90
data/lib/tttls1.3/message/alert.rb +1 -0
data/lib/tttls1.3/sslkeylogfile.rb +22 -0
data/lib/tttls1.3/version.rb +1 -1
data/lib/tttls1.3.rb +1 -0
data/tttls1.3.gemspec +7 -4
metadata +11 -121
data/.github/workflows/ci.yml +0 -39
data/.gitignore +0 -17
data/spec/aead_spec.rb +0 -95
data/spec/alert_spec.rb +0 -54
data/spec/alpn_spec.rb +0 -55
data/spec/application_data_spec.rb +0 -26
data/spec/certificate_spec.rb +0 -82
data/spec/certificate_verify_spec.rb +0 -51
data/spec/change_cipher_spec_spec.rb +0 -26
data/spec/cipher_suites_spec.rb +0 -39
data/spec/client_hello_spec.rb +0 -105
data/spec/client_spec.rb +0 -274
data/spec/compress_certificate_spec.rb +0 -54
data/spec/cookie_spec.rb +0 -98
data/spec/early_data_indication_spec.rb +0 -64
data/spec/ech_outer_extensions_spec.rb +0 -42
data/spec/ech_spec.rb +0 -122
data/spec/encrypted_extensions_spec.rb +0 -94
data/spec/end_of_early_data_spec.rb +0 -28
data/spec/endpoint_spec.rb +0 -167
data/spec/error_spec.rb +0 -18
data/spec/extensions_spec.rb +0 -250
data/spec/finished_spec.rb +0 -55
data/spec/fixtures/rsa_ca.crt +0 -18
data/spec/fixtures/rsa_ca.key +0 -27
data/spec/fixtures/rsa_rsa.crt +0 -18
data/spec/fixtures/rsa_rsa.key +0 -27
data/spec/fixtures/rsa_rsa_ocsp.crt +0 -18
data/spec/fixtures/rsa_rsa_ocsp.key +0 -27
data/spec/fixtures/rsa_rsassaPss.crt +0 -20
data/spec/fixtures/rsa_rsassaPss.key +0 -27
data/spec/fixtures/rsa_secp256r1.crt +0 -14
data/spec/fixtures/rsa_secp256r1.key +0 -5
data/spec/fixtures/rsa_secp384r1.crt +0 -14
data/spec/fixtures/rsa_secp384r1.key +0 -6
data/spec/fixtures/rsa_secp521r1.crt +0 -15
data/spec/fixtures/rsa_secp521r1.key +0 -7
data/spec/key_schedule_spec.rb +0 -221
data/spec/key_share_spec.rb +0 -199
data/spec/new_session_ticket_spec.rb +0 -80
data/spec/pre_shared_key_spec.rb +0 -167
data/spec/psk_key_exchange_modes_spec.rb +0 -45
data/spec/record_size_limit_spec.rb +0 -61
data/spec/record_spec.rb +0 -105
data/spec/server_hello_spec.rb +0 -200
data/spec/server_name_spec.rb +0 -110
data/spec/server_spec.rb +0 -232
data/spec/signature_algorithms_cert_spec.rb +0 -77
data/spec/signature_algorithms_spec.rb +0 -104
data/spec/spec_helper.rb +0 -990
data/spec/status_request_spec.rb +0 -140
data/spec/supported_groups_spec.rb +0 -79
data/spec/supported_versions_spec.rb +0 -136
data/spec/transcript_spec.rb +0 -83
data/spec/unknown_extension_spec.rb +0 -90
data/spec/utils_spec.rb +0 -235

data/spec/server_name_spec.rb DELETED Viewed

@@ -1,110 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-require_relative 'spec_helper'
-using Refinements
-RSpec.describe ServerName do
-  context 'valid server_name, example.com,' do
-    let(:extension) do
-      ServerName.new('example.com')
-    end
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::SERVER_NAME
-      expect(extension.server_name).to eq 'example.com'
-    end
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::SERVER_NAME \
-                                        + 16.to_uint16 \
-                                        + 14.to_uint16 \
-                                        + NameType::HOST_NAME \
-                                        + 11.to_uint16 \
-                                        + 'example.com'
-    end
-  end
-  context 'valid server_name, empty HostName,' do
-    let(:extension) do
-      ServerName.new('')
-    end
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::SERVER_NAME
-    end
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::SERVER_NAME \
-                                        + 0.to_uint16
-    end
-  end
-  context 'invalid server_name, too long HostName,' do
-    let(:extension) do
-      ServerName.new('a' * (2**16 - 4))
-    end
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-  context 'valid server_name binary' do
-    let(:extension) do
-      ServerName.deserialize(TESTBINARY_SERVER_NAME)
-    end
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::SERVER_NAME
-      expect(extension.server_name).to eq 'github.com'
-    end
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::SERVER_NAME \
-               + TESTBINARY_SERVER_NAME.prefix_uint16_length
-    end
-  end
-  context 'invalid server_name binary, malformed binary,' do
-    let(:extension) do
-      ServerName.deserialize(TESTBINARY_SERVER_NAME[0...-1])
-    end
-    it 'should return nil' do
-      expect(extension).to be nil
-    end
-  end
-  context 'invalid server_name binary, unknown NameType,' do
-    let(:testbinary) do
-      name_type = "\xff"
-      binary = name_type + 'example.com'.prefix_uint16_length
-      binary.prefix_uint16_length.prefix_uint16_length
-    end
-    let(:extension) do
-      ServerName.deserialize(testbinary)
-    end
-    it 'should return nil' do
-      expect(extension).to be nil
-    end
-  end
-  context 'invalid server_name binary, empty HostName,' do
-    let(:testbinary) do
-      binary = NameType::HOST_NAME + ''.prefix_uint16_length
-      binary.prefix_uint16_length.prefix_uint16_length
-    end
-    let(:extension) do
-      ServerName.deserialize(testbinary)
-    end
-    it 'should return nil' do
-      expect(extension).to be nil
-    end
-  end
-end

data/spec/server_spec.rb DELETED Viewed

@@ -1,232 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-require_relative 'spec_helper'
-using Refinements
-RSpec.describe Server do
-  context 'server' do
-    let(:message) do
-      msg_len = TESTBINARY_CLIENT_HELLO.length
-      mock_socket = SimpleStream.new
-      mock_socket.write(ContentType::HANDSHAKE \
-                        + ProtocolVersion::TLS_1_2 \
-                        + msg_len.to_uint16 \
-                        + TESTBINARY_CLIENT_HELLO)
-      server = Server.new(mock_socket)
-      server.send(:recv_client_hello, true).first
-    end
-    it 'should receive ClientHello' do
-      expect(message.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.legacy_compression_methods).to eq ["\x00"]
-    end
-  end
-  context 'server' do
-    let(:crt) do
-      OpenSSL::X509::Certificate.new(
-        File.read(__dir__ + '/fixtures/rsa_rsa.crt')
-      )
-    end
-    let(:ch) do
-      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-      key_share = KeyShare.new(
-        msg_type: HandshakeType::CLIENT_HELLO,
-        key_share_entry: [
-          KeyShareEntry.new(
-            group: NamedGroup::SECP256R1,
-            key_exchange: "\x04" + OpenSSL::Random.random_bytes(64)
-          )
-        ]
-      )
-      ch.extensions[ExtensionType::KEY_SHARE] = key_share
-      ch
-    end
-    let(:server) do
-      Server.new(nil)
-    end
-    it 'should select parameters' do
-      expect(server.send(:select_cipher_suite, ch))
-        .to eq CipherSuite::TLS_AES_128_GCM_SHA256
-      expect(server.send(:select_named_group, ch)).to eq NamedGroup::SECP256R1
-      expect(server.send(:select_signature_scheme, ch, crt))
-        .to eq SignatureScheme::RSA_PSS_RSAE_SHA256
-    end
-  end
-  context 'server' do
-    let(:ch) do
-      ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-    end
-    let(:server) do
-      Server.new(nil)
-    end
-    it 'should generate EncryptedExtensions' do
-      ee = server.send(:gen_encrypted_extensions, ch)
-      expect(ee).to be_a_kind_of(EncryptedExtensions)
-      expect(ee.extensions).to include(ExtensionType::SERVER_NAME)
-      expect(ee.extensions[ExtensionType::SERVER_NAME].server_name).to eq ''
-      expect(ee.extensions).to include(ExtensionType::SUPPORTED_GROUPS)
-      expect(ee.extensions[ExtensionType::SUPPORTED_GROUPS].named_group_list)
-        .to eq [NamedGroup::X25519,
-                NamedGroup::SECP256R1,
-                NamedGroup::SECP384R1,
-                NamedGroup::SECP521R1]
-    end
-  end
-  context 'server' do
-    let(:crt) do
-      OpenSSL::X509::Certificate.new(
-        File.read(__dir__ + '/fixtures/rsa_rsa.crt')
-      )
-    end
-    let(:ch) do
-      ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-    end
-    let(:server) do
-      Server.new(nil)
-    end
-    it 'should generate Certificate' do
-      ct = server.send(:gen_certificate, crt, ch)
-      expect(ct).to be_a_kind_of(Certificate)
-      certificate_entry = ct.certificate_list.first
-      expect(certificate_entry.cert_data.subject.to_s).to eq '/CN=localhost'
-    end
-  end
-  context 'server' do
-    let(:key) do
-      n = OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2)
-      e = OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2)
-      d = OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2)
-      p = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2)
-      q = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2)
-      dmp1 = d % (p - 1.to_bn)
-      dmq1 = d % (q - 1.to_bn)
-      iqmp = q**-1.to_bn % p
-      asn1 = OpenSSL::ASN1::Sequence(
-        [
-          OpenSSL::ASN1::Integer(0),
-          OpenSSL::ASN1::Integer(n),
-          OpenSSL::ASN1::Integer(e),
-          OpenSSL::ASN1::Integer(d),
-          OpenSSL::ASN1::Integer(p),
-          OpenSSL::ASN1::Integer(q),
-          OpenSSL::ASN1::Integer(dmp1),
-          OpenSSL::ASN1::Integer(dmq1),
-          OpenSSL::ASN1::Integer(iqmp)
-        ]
-      )
-      OpenSSL::PKey::RSA.new(asn1)
-    end
-    let(:ct) do
-      Certificate.deserialize(TESTBINARY_CERTIFICATE)
-    end
-    let(:transcript) do
-      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
-      transcript = Transcript.new
-      transcript.merge!(
-        CH => [ch, TESTBINARY_CLIENT_HELLO],
-        SH => [sh, TESTBINARY_SERVER_HELLO],
-        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
-        CT => [ct, TESTBINARY_CERTIFICATE]
-      )
-    end
-    let(:cipher_suite) do
-      CipherSuite::TLS_AES_128_GCM_SHA256
-    end
-    let(:signature_scheme) do
-      SignatureScheme::RSA_PSS_RSAE_SHA256
-    end
-    let(:server) do
-      Server.new(nil)
-    end
-    it 'should generate CertificateVerify' do
-      digest = CipherSuite.digest(cipher_suite)
-      hash = transcript.hash(digest, CT)
-      cv = server.send(:gen_certificate_verify, key, signature_scheme, hash)
-      expect(cv).to be_a_kind_of(CertificateVerify)
-      # used RSASSA-PSS signature_scheme, salt is a random sequence.
-      # CertificateVerify.signature is random.
-      public_key = ct.certificate_list.first.cert_data.public_key
-      signature_scheme = cv.signature_scheme
-      signature = cv.signature
-      digest = CipherSuite.digest(cipher_suite)
-      expect(Endpoint.verified_certificate_verify?(
-               public_key:,
-               signature_scheme:,
-               signature:,
-               context: 'TLS 1.3, server CertificateVerify',
-               hash: transcript.hash(digest, CT)
-             )).to be true
-    end
-  end
-  context 'server' do
-    let(:cipher_suite) do
-      CipherSuite::TLS_AES_128_GCM_SHA256
-    end
-    let(:transcript) do
-      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
-      ct = Certificate.deserialize(TESTBINARY_CERTIFICATE)
-      cv = CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
-      transcript = Transcript.new
-      transcript.merge!(
-        CH => [ch, TESTBINARY_CLIENT_HELLO],
-        SH => [sh, TESTBINARY_SERVER_HELLO],
-        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
-        CT => [ct, TESTBINARY_CERTIFICATE],
-        CV => [cv, TESTBINARY_CERTIFICATE_VERIFY]
-      )
-      transcript
-    end
-    let(:key_schedule) do
-      KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
-                      cipher_suite:,
-                      transcript:)
-    end
-    let(:signature) do
-      digest = CipherSuite.digest(cipher_suite)
-      Endpoint.sign_finished(
-        digest:,
-        finished_key: key_schedule.server_finished_key,
-        hash: transcript.hash(digest, CV)
-      )
-    end
-    let(:sf) do
-      Finished.deserialize(TESTBINARY_SERVER_FINISHED)
-    end
-    it 'should generate Finished' do
-      expect(signature).to eq sf.verify_data
-    end
-  end
-end

data/spec/signature_algorithms_cert_spec.rb DELETED Viewed

@@ -1,77 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-require_relative 'spec_helper'
-using Refinements
-RSpec.describe SignatureAlgorithmsCert do
-  context 'valid signature_algorithms' do
-    let(:supported_signature_algorithms) do
-      [
-        SignatureScheme::ECDSA_SECP256R1_SHA256,
-        SignatureScheme::RSA_PSS_RSAE_SHA256,
-        SignatureScheme::RSA_PKCS1_SHA256,
-        SignatureScheme::ECDSA_SECP384R1_SHA384,
-        SignatureScheme::RSA_PSS_RSAE_SHA384,
-        SignatureScheme::RSA_PKCS1_SHA384,
-        SignatureScheme::RSA_PSS_RSAE_SHA512,
-        SignatureScheme::RSA_PKCS1_SHA512
-      ]
-    end
-    let(:extension) do
-      SignatureAlgorithmsCert.new(supported_signature_algorithms)
-    end
-    it 'should be generated' do
-      expect(extension).to be_a(SignatureAlgorithmsCert)
-      expect(extension.extension_type)
-        .to eq ExtensionType::SIGNATURE_ALGORITHMS_CERT
-      expect(extension.supported_signature_algorithms)
-        .to eq supported_signature_algorithms
-    end
-    it 'should be serialized' do
-      expect(extension.serialize)
-        .to eq ExtensionType::SIGNATURE_ALGORITHMS_CERT \
-               + 18.to_uint16 \
-               + 16.to_uint16 \
-               + supported_signature_algorithms.join
-    end
-  end
-  context 'valid signature_algorithms binary' do
-    let(:extension) do
-      SignatureAlgorithmsCert.deserialize(TESTBINARY_SIGNATURE_ALGORITHMS_CERT)
-    end
-    let(:supported_signature_algorithms) do
-      [
-        SignatureScheme::ECDSA_SECP256R1_SHA256,
-        SignatureScheme::RSA_PSS_RSAE_SHA256,
-        SignatureScheme::RSA_PKCS1_SHA256,
-        SignatureScheme::ECDSA_SECP384R1_SHA384,
-        SignatureScheme::RSA_PSS_RSAE_SHA384,
-        SignatureScheme::RSA_PKCS1_SHA384,
-        SignatureScheme::RSA_PSS_RSAE_SHA512,
-        SignatureScheme::RSA_PKCS1_SHA512
-      ]
-    end
-    it 'should generate valid object' do
-      expect(extension).to be_a(SignatureAlgorithmsCert)
-      expect(extension.extension_type)
-        .to eq ExtensionType::SIGNATURE_ALGORITHMS_CERT
-      expect(extension.supported_signature_algorithms)
-        .to eq supported_signature_algorithms
-    end
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::SIGNATURE_ALGORITHMS_CERT \
-               + TESTBINARY_SIGNATURE_ALGORITHMS_CERT.prefix_uint16_length
-    end
-  end
-end

data/spec/signature_algorithms_spec.rb DELETED Viewed

@@ -1,104 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-require_relative 'spec_helper'
-using Refinements
-RSpec.describe SignatureAlgorithms do
-  context 'valid signature_algorithms' do
-    let(:supported_signature_algorithms) do
-      [
-        SignatureScheme::ECDSA_SECP256R1_SHA256,
-        SignatureScheme::RSA_PSS_RSAE_SHA256,
-        SignatureScheme::RSA_PKCS1_SHA256,
-        SignatureScheme::ECDSA_SECP384R1_SHA384,
-        SignatureScheme::RSA_PSS_RSAE_SHA384,
-        SignatureScheme::RSA_PKCS1_SHA384,
-        SignatureScheme::RSA_PSS_RSAE_SHA512,
-        SignatureScheme::RSA_PKCS1_SHA512
-      ]
-    end
-    let(:extension) do
-      SignatureAlgorithms.new(supported_signature_algorithms)
-    end
-    it 'should be generated' do
-      expect(extension).to be_a(SignatureAlgorithms)
-      expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
-      expect(extension.supported_signature_algorithms)
-        .to eq supported_signature_algorithms
-    end
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::SIGNATURE_ALGORITHMS \
-                                        + 18.to_uint16 \
-                                        + 16.to_uint16 \
-                                        + supported_signature_algorithms.join
-    end
-  end
-  context 'invalid signature_algorithms, empty,' do
-    let(:extension) do
-      SignatureAlgorithms.new([])
-    end
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-  context 'invalid signature_algorithms, too long,' do
-    let(:extension) do
-      SignatureAlgorithms.new((0..2**15 - 2).to_a.map(&:to_uint16))
-    end
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-  context 'valid signature_algorithms binary' do
-    let(:extension) do
-      SignatureAlgorithms.deserialize(TESTBINARY_SIGNATURE_ALGORITHMS)
-    end
-    let(:supported_signature_algorithms) do
-      [
-        SignatureScheme::ECDSA_SECP256R1_SHA256,
-        SignatureScheme::RSA_PSS_RSAE_SHA256,
-        SignatureScheme::RSA_PKCS1_SHA256,
-        SignatureScheme::ECDSA_SECP384R1_SHA384,
-        SignatureScheme::RSA_PSS_RSAE_SHA384,
-        SignatureScheme::RSA_PKCS1_SHA384,
-        SignatureScheme::RSA_PSS_RSAE_SHA512,
-        SignatureScheme::RSA_PKCS1_SHA512
-      ]
-    end
-    it 'should generate valid object' do
-      expect(extension).to be_a(SignatureAlgorithms)
-      expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
-      expect(extension.supported_signature_algorithms)
-        .to eq supported_signature_algorithms
-    end
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::SIGNATURE_ALGORITHMS \
-               + TESTBINARY_SIGNATURE_ALGORITHMS.prefix_uint16_length
-    end
-  end
-  context 'invalid signature_algorithms binary, malformed binary,' do
-    let(:extension) do
-      SignatureAlgorithms.deserialize(TESTBINARY_SIGNATURE_ALGORITHMS[0...-1])
-    end
-    it 'should return nil' do
-      expect(extension).to be nil
-    end
-  end
-end