tttls1.3 0.3.6 → 0.3.7

data/spec/status_request_spec.rb

@@ -1,140 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe OCSPStatusRequest do
-  context 'default OCSPStatusRequest' do
-    let(:extension) do
-      OCSPStatusRequest.new
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
-      expect(extension.responder_id_list).to be_empty
-      expect(extension.request_extensions).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq "\x00\x05\x00\x05\x01\x00\x00\x00\x00"
-    end
-  end
-
-  context 'valid OCSPStatusRequest' do
-    let(:extension) do
-      OCSPStatusRequest.new(responder_id_list: [], request_extensions: [])
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
-      expect(extension.responder_id_list).to be_empty
-      expect(extension.request_extensions).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq "\x00\x05\x00\x05\x01\x00\x00\x00\x00"
-    end
-  end
-
-  context 'valid OCSPStatusRequest, 0 length request ' do
-    let(:extension) do
-      OCSPStatusRequest.new(responder_id_list: nil, request_extensions: nil)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
-      expect(extension.responder_id_list).to be_empty
-      expect(extension.request_extensions).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq "\x00\x05\x00\x05\x01\x00\x00\x00\x00"
-    end
-  end
-
-  context 'valid OCSPStatusRequest binary' do
-    let(:extension) do
-      OCSPStatusRequest.deserialize(TESTBINARY_OCSP_STATUS_REQUEST)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
-      expect(extension.responder_id_list).to be_empty
-      expect(extension.request_extensions).to be_empty
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::STATUS_REQUEST \
-               + TESTBINARY_OCSP_STATUS_REQUEST.prefix_uint16_length
-    end
-  end
-end
-
-RSpec.describe OCSPResponse do
-  context 'valid OCSPResponse whose status is good' do
-    let(:basic_resp) do
-      server_crt = OpenSSL::X509::Certificate.new(
-        File.read(__dir__ + '/fixtures/rsa_rsa.crt')
-      )
-      ca_crt = OpenSSL::X509::Certificate.new(
-        File.read(__dir__ + '/fixtures/rsa_ca.crt')
-      )
-      ocsp_crt = OpenSSL::X509::Certificate.new(
-        File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.crt')
-      )
-      ocsp_key = OpenSSL::PKey.read(
-        File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.key')
-      )
-
-      br = OpenSSL::OCSP::BasicResponse.new
-      cid = OpenSSL::OCSP::CertificateId.new(server_crt, ca_crt)
-      br.add_status(
-        cid,
-        OpenSSL::OCSP::V_CERTSTATUS_GOOD,
-        0,
-        nil,
-        Time.now,
-        DateTime.now.next_day(1).to_time,
-        []
-      )
-      br.sign(ocsp_crt, ocsp_key)
-      br
-    end
-
-    let(:ocsp_response) do
-      OpenSSL::OCSP::Response.create(
-        OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL,
-        basic_resp
-      )
-    end
-
-    let(:extension) do
-      OCSPResponse.new(ocsp_response)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
-      expect(extension.ocsp_response).to eq ocsp_response
-    end
-
-    it 'should be serialized' do
-      binary = CertificateStatusType::OCSP \
-               + ocsp_response.to_der.prefix_uint24_length
-
-      expect(extension.serialize).to eq ExtensionType::STATUS_REQUEST \
-                                        + binary.prefix_uint16_length
-    end
-  end
-
-  context 'valid OCSPResponse binary' do
-    let(:extension) do
-      OCSPResponse.deserialize(TESTBINARY_OCSP_RESPONSE)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
-    end
-  end
-end

data/spec/supported_groups_spec.rb

@@ -1,79 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe SupportedGroups do
-  context 'valid supported_groups' do
-    let(:named_group_list) do
-      [NamedGroup::SECP256R1,
-       NamedGroup::SECP384R1]
-    end
-
-    let(:extension) do
-      SupportedGroups.new(named_group_list)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_GROUPS
-      expect(extension.named_group_list).to eq named_group_list
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::SUPPORTED_GROUPS \
-                                        + 6.to_uint16 \
-                                        + 4.to_uint16 \
-                                        + named_group_list.join
-    end
-  end
-
-  context 'invalid supported_groups, empty,' do
-    let(:extension) do
-      SupportedGroups.new([])
-    end
-
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'invalid supported_groups, too long,' do
-    let(:extension) do
-      SupportedGroups.new((0..2**15 - 1).to_a.map(&:to_uint16))
-    end
-
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid supported_groups binary' do
-    let(:extension) do
-      SupportedGroups.deserialize(TESTBINARY_SUPPORTED_GROUPS)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_GROUPS
-      expect(extension.named_group_list).to eq [NamedGroup::SECP256R1,
-                                                NamedGroup::SECP384R1,
-                                                NamedGroup::SECP521R1]
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::SUPPORTED_GROUPS \
-               + TESTBINARY_SUPPORTED_GROUPS.prefix_uint16_length
-    end
-  end
-
-  context 'invalid supported_groups binary, malformed binary,' do
-    let(:extension) do
-      SupportedGroups.deserialize(TESTBINARY_SUPPORTED_GROUPS[0...-1])
-    end
-
-    it 'should return nil' do
-      expect(extension).to be nil
-    end
-  end
-end

data/spec/supported_versions_spec.rb

@@ -1,136 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe SupportedVersions do
-  context 'valid supported_versions of ClientHello' do
-    let(:extension) do
-      SupportedVersions.new(
-        msg_type: HandshakeType::CLIENT_HELLO,
-        versions: [ProtocolVersion::TLS_1_3, ProtocolVersion::TLS_1_2]
-      )
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
-      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3,
-                                        ProtocolVersion::TLS_1_2]
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::SUPPORTED_VERSIONS \
-                                        + 5.to_uint16 \
-                                        + 4.to_uint8 \
-                                        + ProtocolVersion::TLS_1_3 \
-                                        + ProtocolVersion::TLS_1_2
-    end
-  end
-
-  context 'default supported_versions of ClientHello' do
-    let(:extension) do
-      SupportedVersions.new(msg_type: HandshakeType::CLIENT_HELLO)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
-      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3]
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::SUPPORTED_VERSIONS \
-                                        + 3.to_uint16 \
-                                        + 2.to_uint8 \
-                                        + ProtocolVersion::TLS_1_3
-    end
-  end
-
-  context 'invalid supported_versions of ClientHello, empty,' do
-    let(:extension) do
-      SupportedVersions.new(msg_type: HandshakeType::CLIENT_HELLO,
-                            versions: [])
-    end
-
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'invalid supported_versions of ClientHello, too large,' do
-    let(:extension) do
-      SupportedVersions.new(msg_type: HandshakeType::CLIENT_HELLO,
-                            versions: (0..127).to_a.map(&:to_uint16))
-    end
-
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid supported_versions of ServerHello' do
-    let(:extension) do
-      SupportedVersions.new(msg_type: HandshakeType::SERVER_HELLO,
-                            versions: [ProtocolVersion::TLS_1_3])
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
-      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3]
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq ExtensionType::SUPPORTED_VERSIONS \
-                                        + 2.to_uint16 \
-                                        + ProtocolVersion::TLS_1_3
-    end
-  end
-
-  context 'invalid supported_versions of ServerHello, empty,' do
-    let(:extension) do
-      SupportedVersions.new(msg_type: HandshakeType::SERVER_HELLO,
-                            versions: [])
-    end
-
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'valid supported_versions binary, ClientHello' do
-    let(:extension) do
-      SupportedVersions.deserialize(TESTBINARY_SUPPORTED_VERSIONS_CH,
-                                    HandshakeType::CLIENT_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
-      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3,
-                                        ProtocolVersion::TLS_1_2]
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::SUPPORTED_VERSIONS \
-               + TESTBINARY_SUPPORTED_VERSIONS_CH.prefix_uint16_length
-    end
-  end
-
-  context 'valid supported_versions binary, ServerHello' do
-    let(:extension) do
-      SupportedVersions.deserialize(TESTBINARY_SUPPORTED_VERSIONS_SH,
-                                    HandshakeType::SERVER_HELLO)
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq ExtensionType::SUPPORTED_VERSIONS
-      expect(extension.versions).to eq [ProtocolVersion::TLS_1_3]
-    end
-
-    it 'should generate serializable object' do
-      expect(extension.serialize)
-        .to eq ExtensionType::SUPPORTED_VERSIONS \
-               + TESTBINARY_SUPPORTED_VERSIONS_SH.prefix_uint16_length
-    end
-  end
-end

data/spec/transcript_spec.rb

@@ -1,83 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-
-RSpec.describe Transcript do
-  context 'transcript, not including HRR,' do
-    let(:transcript) do
-      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
-      ct = Certificate.deserialize(TESTBINARY_CERTIFICATE)
-      cv = CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
-      sf = Finished.deserialize(TESTBINARY_SERVER_FINISHED)
-      cf = Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
-      t = Transcript.new
-      t.merge!(
-        CH => [ch, TESTBINARY_CLIENT_HELLO],
-        SH => [sh, TESTBINARY_SERVER_HELLO],
-        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
-        CT => [ct, TESTBINARY_CERTIFICATE],
-        CV => [cv, TESTBINARY_CERTIFICATE_VERIFY],
-        SF => [sf, TESTBINARY_SERVER_FINISHED],
-        CF => [cf, TESTBINARY_CLIENT_FINISHED]
-      )
-    end
-
-    it 'should return valid transcript-hash' do
-      expect(transcript.hash('SHA256', CF))
-        .to eq TESTBINARY_CH_CF_TRANSCRIPT_HASH
-    end
-  end
-
-  context 'transcript, including HRR,' do
-    let(:transcript) do
-      ch1 = ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO1)
-      hrr = ServerHello.deserialize(TESTBINARY_HRR_HELLO_RETRY_REQUEST)
-      ch = ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO)
-      sh = ServerHello.deserialize(TESTBINARY_HRR_SERVER_HELLO)
-      ee = EncryptedExtensions.deserialize(TESTBINARY_HRR_ENCRYPTED_EXTENSIONS)
-      ct = Certificate.deserialize(TESTBINARY_HRR_CERTIFICATE)
-      cv = CertificateVerify.deserialize(TESTBINARY_HRR_CERTIFICATE_VERIFY)
-      sf = Finished.deserialize(TESTBINARY_HRR_SERVER_FINISHED)
-      cf = Finished.deserialize(TESTBINARY_HRR_CLIENT_FINISHED)
-      t = Transcript.new
-      t.merge!(
-        CH1 => [ch1, TESTBINARY_HRR_CLIENT_HELLO1],
-        HRR => [hrr, TESTBINARY_HRR_HELLO_RETRY_REQUEST],
-        CH => [ch, TESTBINARY_HRR_CLIENT_HELLO],
-        SH => [sh, TESTBINARY_HRR_SERVER_HELLO],
-        EE => [ee, TESTBINARY_HRR_ENCRYPTED_EXTENSIONS],
-        CT => [ct, TESTBINARY_HRR_CERTIFICATE],
-        CV => [cv, TESTBINARY_HRR_CERTIFICATE_VERIFY],
-        SF => [sf, TESTBINARY_HRR_SERVER_FINISHED],
-        CF => [cf, TESTBINARY_HRR_CLIENT_FINISHED]
-      )
-    end
-
-    it 'should return valid transcript-hash' do
-      expect(transcript.hash('SHA256', SH))
-        .to eq TESTBINARY_HRR_CH1_SH_TRANSCRIPT_HASH
-      expect(transcript.hash('SHA256', CF))
-        .to eq TESTBINARY_HRR_CH1_CF_TRANSCRIPT_HASH
-    end
-  end
-
-  context 'transcript, Resumed 0-RTT Handshake,' do
-    let(:transcript) do
-      ch = ClientHello.deserialize(TESTBINARY_0_RTT_CLIENT_HELLO)
-      t = Transcript.new
-      t.merge!(CH => [ch, TESTBINARY_0_RTT_CLIENT_HELLO])
-    end
-
-    let(:hash_len) do
-      OpenSSL::Digest.new('SHA256').digest_length
-    end
-
-    it 'should return valid transcript-hash' do
-      expect(transcript.truncate_hash('SHA256', CH, hash_len + 3))
-        .to eq TESTBINARY_0_RTT_BINDER_HASH
-    end
-  end
-end

data/spec/unknown_extension_spec.rb

@@ -1,90 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe UnknownExtension do
-  context 'valid uknown extension, no extension_data' do
-    let(:extension) do
-      UnknownExtension.new(extension_type: "\x8a\x8a")
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq "\x8a\x8a"
-      expect(extension.extension_data).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq "\x8a\x8a" + ''.prefix_uint16_length
-    end
-  end
-
-  context 'valid uknown extension' do
-    let(:random_bytes) do
-      OpenSSL::Random.random_bytes(20)
-    end
-
-    let(:extension) do
-      UnknownExtension.new(extension_type: "\x8a\x8a",
-                           extension_data: random_bytes)
-    end
-
-    it 'should be generated' do
-      expect(extension.extension_type).to eq "\x8a\x8a"
-      expect(extension.extension_data).to eq random_bytes
-    end
-
-    it 'should be serialized' do
-      expect(extension.serialize).to eq "\x8a\x8a" \
-                                        + random_bytes.prefix_uint16_length
-    end
-  end
-
-  context 'invalid uknown extension, no extension_type,' do
-    let(:extension) do
-      UnknownExtension.new
-    end
-
-    it 'should not be generated' do
-      expect { extension }.to raise_error(ArgumentError)
-    end
-  end
-
-  context 'valid uknown extension binary, binary is nil,' do
-    let(:extension) do
-      UnknownExtension.deserialize(nil, "\x8a\x8a")
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq "\x8a\x8a"
-      expect(extension.extension_data).to be_empty
-    end
-  end
-
-  context 'valid uknown extension binary, binary is empty,' do
-    let(:extension) do
-      UnknownExtension.deserialize([], "\x8a\x8a")
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq "\x8a\x8a"
-      expect(extension.extension_data).to be_empty
-    end
-  end
-
-  context 'valid uknown extension binary' do
-    let(:random_bytes) do
-      OpenSSL::Random.random_bytes(20)
-    end
-
-    let(:extension) do
-      UnknownExtension.deserialize(random_bytes, "\x8a\x8a")
-    end
-
-    it 'should generate valid object' do
-      expect(extension.extension_type).to eq "\x8a\x8a"
-      expect(extension.extension_data).to eq random_bytes
-    end
-  end
-end