tttls1.3 0.3.6 → 0.3.7

data/spec/key_share_spec.rb

@@ -1,199 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe KeyShare do
-  context 'valid key_share, KeyShareClientHello,' do
-    let(:public_key_secp384r1) do
-      "\x04" + OpenSSL::Random.random_bytes(96)
-    end
-
-    let(:public_key_secp256r1) do
-      "\x04" + OpenSSL::Random.random_bytes(64)
-    end
-
-    let(:extension) do
-      KeyShare.new(
-        msg_type: HandshakeType::CLIENT_HELLO,
-        key_share_entry: [
-          KeyShareEntry.new(
-            group: NamedGroup::SECP384R1,
-            key_exchange: public_key_secp384r1
-          ),
-          KeyShareEntry.new(
-            group: NamedGroup::SECP256R1,
-            key_exchange: public_key_secp256r1
-          )
-        ]
-      )
-    end
-
-    it 'should be generated' do
-      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(extension.extension_type).to eq ExtensionType::KEY_SHARE
-      expect(extension.key_share_entry[0].group).to eq NamedGroup::SECP384R1
-      expect(extension.key_share_entry[0].key_exchange)
-        .to eq public_key_secp384r1
-      expect(extension.key_share_entry[1].group).to eq NamedGroup::SECP256R1
-      expect(extension.key_share_entry[1].key_exchange)
-        .to eq public_key_secp256r1
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize)
-        .to eq ExtensionType::KEY_SHARE \
-               + 172.to_uint16 \
-               + 170.to_uint16 \
-               + NamedGroup::SECP384R1 \
-               + NamedGroup.key_exchange_len(NamedGroup::SECP384R1).to_uint16 \
-               + public_key_secp384r1 \
-               + NamedGroup::SECP256R1 \
-               + NamedGroup.key_exchange_len(NamedGroup::SECP256R1).to_uint16 \
-               + public_key_secp256r1
-    end
-  end
-
-  context 'valid key_share, empty KeyShare.client_shares vector' do
-    let(:extension) do
-      KeyShare.new(
-        msg_type: HandshakeType::CLIENT_HELLO,
-        key_share_entry: []
-      )
-    end
-
-    it 'should be generated' do
-      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(extension.extension_type).to eq ExtensionType::KEY_SHARE
-      expect(extension.key_share_entry).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::KEY_SHARE \
-                                        + 2.to_uint16 \
-                                        + 0.to_uint16
-    end
-  end
-
-  context 'valid key_share, KeyShareServerHello,' do
-    let(:public_key_secp256r1) do
-      "\x04" + OpenSSL::Random.random_bytes(64)
-    end
-
-    let(:extension) do
-      KeyShare.new(
-        msg_type: HandshakeType::SERVER_HELLO,
-        key_share_entry: [
-          KeyShareEntry.new(
-            group: NamedGroup::SECP256R1,
-            key_exchange: public_key_secp256r1
-          )
-        ]
-      )
-    end
-
-    it 'should be generated' do
-      expect(extension.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(extension.extension_type).to eq ExtensionType::KEY_SHARE
-      expect(extension.key_share_entry[0].group).to eq NamedGroup::SECP256R1
-      expect(extension.key_share_entry[0].key_exchange)
-        .to eq public_key_secp256r1
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize)
-        .to eq ExtensionType::KEY_SHARE \
-               + 69.to_uint16 \
-               + NamedGroup::SECP256R1 \
-               + public_key_secp256r1.prefix_uint16_length
-    end
-  end
-
-  context 'valid key_share, KeyShareHelloRetryRequest,' do
-    let(:extension) do
-      KeyShare.new(
-        msg_type: HandshakeType::HELLO_RETRY_REQUEST,
-        key_share_entry: [
-          KeyShareEntry.new(
-            group: NamedGroup::SECP256R1,
-            key_exchange: nil
-          )
-        ]
-      )
-    end
-
-    it 'should be generated' do
-      expect(extension.msg_type).to eq HandshakeType::HELLO_RETRY_REQUEST
-      expect(extension.extension_type).to eq ExtensionType::KEY_SHARE
-      expect(extension.key_share_entry[0].group).to eq NamedGroup::SECP256R1
-      expect(extension.key_share_entry[0].key_exchange).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize)
-        .to eq ExtensionType::KEY_SHARE \
-               + NamedGroup::SECP256R1.prefix_uint16_length
-    end
-  end
-
-  context 'valid key_share binary, KeyShareClientHello,' do
-    let(:extension) do
-      KeyShare.deserialize(TESTBINARY_KEY_SHARE_CH, HandshakeType::CLIENT_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(extension.extension_type).to eq ExtensionType::KEY_SHARE
-      expect(extension.key_share_entry[0].group).to eq NamedGroup::SECP256R1
-      expect(extension.key_share_entry[0].key_exchange.length)
-        .to eq NamedGroup.key_exchange_len(NamedGroup::SECP256R1)
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::KEY_SHARE \
-               + TESTBINARY_KEY_SHARE_CH.prefix_uint16_length
-    end
-  end
-
-  context 'valid key_share binary, KeyShareServerHello,' do
-    let(:extension) do
-      KeyShare.deserialize(TESTBINARY_KEY_SHARE_SH, HandshakeType::SERVER_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(extension.extension_type).to eq ExtensionType::KEY_SHARE
-      expect(extension.key_share_entry[0].group).to eq NamedGroup::SECP256R1
-      expect(extension.key_share_entry[0].key_exchange.length)
-        .to eq NamedGroup.key_exchange_len(NamedGroup::SECP256R1)
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::KEY_SHARE \
-               + TESTBINARY_KEY_SHARE_SH.prefix_uint16_length
-    end
-  end
-
-  context 'valid key_share binary, KeyShareHelloRetryRequest,' do
-    let(:extension) do
-      KeyShare.deserialize(TESTBINARY_KEY_SHARE_HRR,
-                           HandshakeType::HELLO_RETRY_REQUEST)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.msg_type).to eq HandshakeType::HELLO_RETRY_REQUEST
-      expect(extension.extension_type).to eq ExtensionType::KEY_SHARE
-      expect(extension.key_share_entry[0].group).to eq NamedGroup::SECP256R1
-      expect(extension.key_share_entry[0].key_exchange).to be_empty
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::KEY_SHARE \
-               + TESTBINARY_KEY_SHARE_HRR.prefix_uint16_length
-    end
-  end
-end

data/spec/new_session_ticket_spec.rb

@@ -1,80 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe NewSessionTicket do
-  context 'new_session_ticket' do
-    let(:ticket_lifetime) do
-      7200 # two_hours
-    end
-
-    let(:ticket_age_add) do
-      OpenSSL::Random.random_bytes(4)
-    end
-
-    let(:ticket_nonce) do
-      "\x00" * 255
-    end
-
-    let(:ticket) do
-      OpenSSL::Random.random_bytes(255)
-    end
-
-    let(:message) do
-      NewSessionTicket.new(ticket_lifetime:,
-                           ticket_age_add:,
-                           ticket_nonce:,
-                           ticket:)
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::NEW_SESSION_TICKET
-      expect(message.ticket_lifetime).to eq ticket_lifetime
-      expect(message.ticket_age_add).to eq ticket_age_add
-      expect(message.ticket_nonce).to eq ticket_nonce
-      expect(message.ticket).to eq ticket
-      expect(message.extensions).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq HandshakeType::NEW_SESSION_TICKET \
-                                      + 523.to_uint24 \
-                                      + ticket_lifetime.to_uint32 \
-                                      + ticket_age_add \
-                                      + ticket_nonce.prefix_uint8_length \
-                                      + ticket.prefix_uint16_length \
-                                      + Extensions.new.serialize
-    end
-  end
-
-  context 'new_session_ticket, invalid ticket_age_add,' do
-    let(:message) do
-      NewSessionTicket.new(ticket_lifetime: 60 * 60 * 2, # 2 hours
-                           ticket_age_add: OpenSSL::Random.random_bytes(32),
-                           ticket_nonce: "\x00" * 255,
-                           ticket: OpenSSL::Random.random_bytes(255))
-    end
-
-    it 'should not be generated' do
-      expect { message }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid new_session_ticket binary' do
-    let(:message) do
-      NewSessionTicket.deserialize(TESTBINARY_NEW_SESSION_TICKET)
-    end
-
-    it 'should generate object' do
-      expect(message.msg_type).to eq HandshakeType::NEW_SESSION_TICKET
-      expect(message.ticket_lifetime).to eq 30
-      expect(message.ticket_nonce).to eq "\x00\x00"
-    end
-
-    it 'should generate serializable object' do
-      expect(message.serialize).to eq TESTBINARY_NEW_SESSION_TICKET
-    end
-  end
-end

data/spec/pre_shared_key_spec.rb

@@ -1,167 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe PreSharedKey do
-  context 'valid pre_shared_key of ClientHello' do
-    let(:identity) do
-      OpenSSL::Random.random_bytes(32)
-    end
-
-    let(:obfuscated_ticket_age) do
-      OpenSSL::BN.rand_range(1 << 32).to_i
-    end
-
-    let(:binders) do
-      [
-        OpenSSL::Random.random_bytes(32)
-      ]
-    end
-
-    let(:identities) do
-      [
-        PskIdentity.new(
-          identity:,
-          obfuscated_ticket_age:
-        )
-      ]
-    end
-
-    let(:offered_psks) do
-      OfferedPsks.new(
-        identities:,
-        binders:
-      )
-    end
-
-    let(:extension) do
-      PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
-                       offered_psks:)
-    end
-
-    it 'should be generated' do
-      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
-      expect(extension.offered_psks).to eq offered_psks
-      expect(extension.selected_identity).to be_nil
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::PRE_SHARED_KEY \
-                                        + 75.to_uint16 \
-                                        + 38.to_uint16 \
-                                        + 32.to_uint16 \
-                                        + identity \
-                                        + obfuscated_ticket_age.to_uint32 \
-                                        + 33.to_uint16 \
-                                        + "\x20" \
-                                        + binders.join
-    end
-  end
-
-  context 'valid pre_shared_key, ClientHello,' do
-    let(:identity_1) do
-      OpenSSL::Random.random_bytes(32)
-    end
-    let(:identity_2) do
-      OpenSSL::Random.random_bytes(32)
-    end
-
-    let(:obfuscated_ticket_age_1) do
-      OpenSSL::BN.rand_range(1 << 32).to_i
-    end
-    let(:obfuscated_ticket_age_2) do
-      OpenSSL::BN.rand_range(1 << 32).to_i
-    end
-
-    let(:binders) do
-      [
-        OpenSSL::Random.random_bytes(32),
-        OpenSSL::Random.random_bytes(32)
-      ]
-    end
-
-    let(:identities) do
-      [
-        PskIdentity.new(
-          identity: identity_1,
-          obfuscated_ticket_age: obfuscated_ticket_age_1
-        ),
-        PskIdentity.new(
-          identity: identity_2,
-          obfuscated_ticket_age: obfuscated_ticket_age_2
-        )
-      ]
-    end
-
-    let(:offered_psks) do
-      OfferedPsks.new(
-        identities:,
-        binders:
-      )
-    end
-
-    let(:extension) do
-      PreSharedKey.new(msg_type: HandshakeType::CLIENT_HELLO,
-                       offered_psks:)
-    end
-
-    it 'should be generated' do
-      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
-      expect(extension.offered_psks).to eq offered_psks
-      expect(extension.selected_identity).to be_nil
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::PRE_SHARED_KEY \
-                                        + 146.to_uint16 \
-                                        + 76.to_uint16 \
-                                        + identity_1.prefix_uint16_length \
-                                        + obfuscated_ticket_age_1.to_uint32 \
-                                        + identity_2.prefix_uint16_length \
-                                        + obfuscated_ticket_age_2.to_uint32 \
-                                        + 66.to_uint16 \
-                                        + binders[0].prefix_uint8_length \
-                                        + binders[1].prefix_uint8_length
-    end
-  end
-
-  context 'valid pre_shared_key binary, ClientHello,' do
-    let(:extension) do
-      PreSharedKey.deserialize(TESTBINARY_PRE_SHARED_KEY_CH,
-                               HandshakeType::CLIENT_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.msg_type).to eq HandshakeType::CLIENT_HELLO
-      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
-    end
-
-    it 'should generate valid serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::PRE_SHARED_KEY \
-               + TESTBINARY_PRE_SHARED_KEY_CH.prefix_uint16_length
-    end
-  end
-
-  context 'valid pre_shared_key binary, ServerHello,' do
-    let(:extension) do
-      PreSharedKey.deserialize(TESTBINARY_PRE_SHARED_KEY_SH,
-                               HandshakeType::SERVER_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(extension.extension_type).to eq ExtensionType::PRE_SHARED_KEY
-    end
-
-    it 'should generate valid serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::PRE_SHARED_KEY \
-               + TESTBINARY_PRE_SHARED_KEY_SH.prefix_uint16_length
-    end
-  end
-end

data/spec/psk_key_exchange_modes_spec.rb

@@ -1,45 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe PskKeyExchangeModes do
-  context 'valid psk_key_exchange_modes' do
-    let(:extension) do
-      PskKeyExchangeModes.new([PskKeyExchangeMode::PSK_KE,
-                               PskKeyExchangeMode::PSK_DHE_KE])
-    end
-
-    it 'should generate valid psk_key_exchange_modes' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES
-      expect(extension.ke_modes).to eq [PskKeyExchangeMode::PSK_KE,
-                                        PskKeyExchangeMode::PSK_DHE_KE]
-      expect(extension.serialize)
-        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES \
-               + 3.to_uint16 \
-               + [PskKeyExchangeMode::PSK_KE,
-                  PskKeyExchangeMode::PSK_DHE_KE].join.prefix_uint8_length
-    end
-  end
-
-  context 'valid psk_key_exchange_modes binary' do
-    let(:extension) do
-      PskKeyExchangeModes.deserialize(TESTBINARY_PSK_KEY_EXCHANGE_MODES)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type)
-        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES
-      expect(extension.ke_modes).to eq [PskKeyExchangeMode::PSK_KE,
-                                        PskKeyExchangeMode::PSK_DHE_KE]
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::PSK_KEY_EXCHANGE_MODES \
-               + TESTBINARY_PSK_KEY_EXCHANGE_MODES.prefix_uint16_length
-    end
-  end
-end

data/spec/record_size_limit_spec.rb

@@ -1,61 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe RecordSizeLimit do
-  context 'vailid record_size_limit' do
-    let(:extension) do
-      RecordSizeLimit.new(2**14)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::RECORD_SIZE_LIMIT
-      expect(extension.record_size_limit).to eq 2**14
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::RECORD_SIZE_LIMIT \
-                                        + 2.to_uint16 \
-                                        + (2**14).to_uint16
-    end
-  end
-
-  context 'invalid record_size_limit' do
-    let(:extension) do
-      RecordSizeLimit.new(63)
-    end
-
-    it 'should not generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid record_size_limit binary' do
-    let(:extension) do
-      RecordSizeLimit.deserialize(TESTBINARY_RECORD_SIZE_LIMIT)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::RECORD_SIZE_LIMIT
-      expect(extension.record_size_limit).to eq 2**14
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::RECORD_SIZE_LIMIT \
-               + TESTBINARY_RECORD_SIZE_LIMIT.prefix_uint16_length
-    end
-  end
-
-  context 'invalid record_size_limit binary, too short record_size_limit,' do
-    let(:extension) do
-      RecordSizeLimit.deserialize(63.to_uint16)
-    end
-
-    it 'should not generate object' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-end

data/spec/record_spec.rb

@@ -1,105 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe Record do
-  context 'valid record' do
-    let(:record) do
-      Record.new(
-        type: ContentType::CCS,
-        legacy_record_version: ProtocolVersion::TLS_1_2,
-        messages: [ChangeCipherSpec.new],
-        cipher: Passer.new
-      )
-    end
-
-    it 'should be generated' do
-      expect(record.type).to eq ContentType::CCS
-      expect(record.legacy_record_version).to eq ProtocolVersion::TLS_1_2
-    end
-
-    it 'should be serialized' do
-      expect(record.serialize).to eq ContentType::CCS \
-                                     + ProtocolVersion::TLS_1_2 \
-                                     + 1.to_uint16 \
-                                     + ChangeCipherSpec.new.serialize
-    end
-  end
-
-  context 'valid record binary' do
-    let(:record) do
-      Record.deserialize(TESTBINARY_RECORD_CCS, Passer.new).first
-    end
-
-    it 'should generate valid record header and ChangeCipherSpec' do
-      expect(record.type).to eq ContentType::CCS
-      expect(record.legacy_record_version).to eq ProtocolVersion::TLS_1_2
-    end
-
-    it 'should generate valid serializable object' do
-      expect(record.serialize).to eq ContentType::CCS \
-                                     + ProtocolVersion::TLS_1_2 \
-                                     + 1.to_uint16 \
-                                     + ChangeCipherSpec.new.serialize
-    end
-  end
-
-  context 'invalid record binary, too short,' do
-    let(:record) do
-      Record.deserialize(TESTBINARY_RECORD_CCS[0...-1],
-                         Passer.new)
-    end
-
-    it 'should not generate object' do
-      expect { record }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'invalid record binary, nil,' do
-    let(:record) do
-      Record.deserialize(nil, Passer.new)
-    end
-
-    it 'should not generate object' do
-      expect { record }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'server parameters record binary' do
-    let(:record) do
-      cipher = Cryptograph::Aead.new(
-        cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-        write_key: TESTBINARY_SERVER_PARAMETERS_WRITE_KEY,
-        write_iv: TESTBINARY_SERVER_PARAMETERS_WRITE_IV,
-        sequence_number: SequenceNumber.new
-      )
-      Record.deserialize(TESTBINARY_SERVER_PARAMETERS_RECORD, cipher).first
-    end
-
-    it 'should generate valid record header' do
-      expect(record.type).to eq ContentType::APPLICATION_DATA
-      expect(record.legacy_record_version).to eq ProtocolVersion::TLS_1_2
-    end
-
-    it 'should generate valid server parameters' do
-      expect(record.messages[0].msg_type)
-        .to eq HandshakeType::ENCRYPTED_EXTENSIONS
-      expect(record.messages[0].serialize)
-        .to eq TESTBINARY_ENCRYPTED_EXTENSIONS
-      expect(record.messages[1].msg_type)
-        .to eq HandshakeType::CERTIFICATE
-      expect(record.messages[1].serialize)
-        .to eq TESTBINARY_CERTIFICATE
-      expect(record.messages[2].msg_type)
-        .to eq HandshakeType::CERTIFICATE_VERIFY
-      expect(record.messages[2].serialize)
-        .to eq TESTBINARY_CERTIFICATE_VERIFY
-      expect(record.messages[3].msg_type)
-        .to eq HandshakeType::FINISHED
-      expect(record.messages[3].serialize)
-        .to eq TESTBINARY_SERVER_FINISHED
-    end
-  end
-end