tttls1.3 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -1
- data/interop/Dockerfile +28 -0
- data/interop/client_spec.rb +88 -0
- data/interop/helper.rb +16 -0
- data/lib/tttls1.3/connection.rb +11 -9
- data/lib/tttls1.3/version.rb +1 -1
- data/spec/aead_spec.rb +1 -1
- data/spec/alert_spec.rb +1 -1
- data/spec/alpn_spec.rb +1 -1
- data/spec/application_data_spec.rb +1 -1
- data/spec/certificate_spec.rb +1 -1
- data/spec/certificate_verify_spec.rb +1 -1
- data/spec/change_cipher_spec_spec.rb +1 -1
- data/spec/cipher_suites_spec.rb +1 -1
- data/spec/client_hello_spec.rb +1 -1
- data/spec/client_spec.rb +1 -1
- data/spec/connection_spec.rb +1 -1
- data/spec/cookie_spec.rb +1 -1
- data/spec/early_data_indication_spec.rb +1 -1
- data/spec/encrypted_extensions_spec.rb +1 -1
- data/spec/error_spec.rb +1 -1
- data/spec/extensions_spec.rb +1 -1
- data/spec/finished_spec.rb +1 -1
- data/spec/key_schedule_spec.rb +1 -1
- data/spec/key_share_spec.rb +1 -1
- data/spec/new_session_ticket_spec.rb +1 -1
- data/spec/pre_shared_key_spec.rb +1 -1
- data/spec/psk_key_exchange_modes_spec.rb +1 -1
- data/spec/record_size_limit_spec.rb +1 -1
- data/spec/record_spec.rb +1 -1
- data/spec/server_hello_spec.rb +1 -1
- data/spec/server_name_spec.rb +1 -1
- data/spec/signature_algorithms_cert_spec.rb +1 -1
- data/spec/signature_algorithms_spec.rb +1 -1
- data/spec/status_request_spec.rb +1 -1
- data/spec/supported_groups_spec.rb +1 -1
- data/spec/supported_versions_spec.rb +1 -1
- data/spec/transcript_spec.rb +1 -1
- data/spec/unknown_extension_spec.rb +1 -1
- data/spec/utils_spec.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 600d070cd1e13d0480c362a9e1a38eee26890a55e744f87ba9f3204455aecfe1
|
|
4
|
+
data.tar.gz: 9f5cc406f36d3e746f430fbf6e0fcc6ce2b84f9eb30952cbd672b42475852b43
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '091354c4bdd832b8c705ad3c4349fd0de5a59b68e28bac1f8f82ca70a09b970bf7da0641bad24897aea683698da65bf2a5503b82d3faf7087037123ea33d5d6d'
|
|
7
|
+
data.tar.gz: e98c2774e0cc277a5cee70819aad60d25325de6c29d2328f400873dc8370b534452d9f07582afd0df015ae9be81e2529d9147358098bab75e9b521db7663840b
|
data/README.md
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# tttls1.3
|
|
2
2
|
|
|
3
|
-
[](https://badge.fury.io/rb/tttls1.3)
|
|
4
|
+
[](https://travis-ci.org/thekuwayama/tttls1.3)
|
|
5
|
+
[](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
|
|
4
6
|
|
|
5
7
|
tttls1.3 is Ruby implementation of [TLS 1.3](https://tools.ietf.org/html/rfc8446) protocol.
|
|
6
8
|
tttls1.3 uses [openssl](https://github.com/ruby/openssl) as backend for crypto and X.509 operations.
|
data/interop/Dockerfile
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
FROM ubuntu:18.04
|
|
2
|
+
|
|
3
|
+
ARG version="1.1.1b"
|
|
4
|
+
|
|
5
|
+
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
6
|
+
autoconf \
|
|
7
|
+
bison \
|
|
8
|
+
build-essential \
|
|
9
|
+
ca-certificates \
|
|
10
|
+
curl \
|
|
11
|
+
gzip \
|
|
12
|
+
libreadline-dev \
|
|
13
|
+
patch \
|
|
14
|
+
pkg-config \
|
|
15
|
+
sed \
|
|
16
|
+
zlib1g-dev
|
|
17
|
+
|
|
18
|
+
RUN mkdir -p /build/openssl
|
|
19
|
+
RUN curl -s https://www.openssl.org/source/openssl-${version}.tar.gz | tar -C /build/openssl -xzf - && \
|
|
20
|
+
cd /build/openssl/openssl-${version} && \
|
|
21
|
+
./Configure \
|
|
22
|
+
--prefix=/opt/openssl/openssl-${version} \
|
|
23
|
+
enable-crypto-mdebug enable-crypto-mdebug-backtrace \
|
|
24
|
+
linux-x86_64 && \
|
|
25
|
+
make && make install_sw
|
|
26
|
+
|
|
27
|
+
ENV LD_LIBRARY_PATH /opt/openssl/openssl-${version}/lib
|
|
28
|
+
ENV PATH /opt/openssl/openssl-${version}/bin:$PATH
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
# encoding: ascii-8bit
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require_relative 'helper'
|
|
5
|
+
|
|
6
|
+
TMP_DIR = __dir__ + '/../tmp'
|
|
7
|
+
|
|
8
|
+
# rubocop: disable Metrics/BlockLength
|
|
9
|
+
RSpec.describe Client do
|
|
10
|
+
# testcases
|
|
11
|
+
[
|
|
12
|
+
[
|
|
13
|
+
' -ciphersuites TLS_AES_256_GCM_SHA384',
|
|
14
|
+
cipher_suites: [CipherSuite::TLS_AES_256_GCM_SHA384]
|
|
15
|
+
],
|
|
16
|
+
[
|
|
17
|
+
' -ciphersuites TLS_CHACHA20_POLY1305_SHA256',
|
|
18
|
+
cipher_suites: [CipherSuite::TLS_CHACHA20_POLY1305_SHA256]
|
|
19
|
+
],
|
|
20
|
+
[
|
|
21
|
+
' -ciphersuites TLS_AES_128_GCM_SHA256',
|
|
22
|
+
cipher_suites: [CipherSuite::TLS_AES_128_GCM_SHA256]
|
|
23
|
+
],
|
|
24
|
+
[
|
|
25
|
+
' -groups P-256',
|
|
26
|
+
supported_groups: [NamedGroup::SECP256R1]
|
|
27
|
+
],
|
|
28
|
+
[
|
|
29
|
+
' -groups P-384',
|
|
30
|
+
supported_groups: [NamedGroup::SECP384R1]
|
|
31
|
+
],
|
|
32
|
+
[
|
|
33
|
+
' -groups P-521',
|
|
34
|
+
supported_groups: [NamedGroup::SECP521R1]
|
|
35
|
+
],
|
|
36
|
+
[
|
|
37
|
+
' -sigalgs RSA-PSS+SHA256',
|
|
38
|
+
signature_algorithms_cert: [SignatureScheme::RSA_PKCS1_SHA256],
|
|
39
|
+
signature_algorithms: [SignatureScheme::RSA_PSS_RSAE_SHA256]
|
|
40
|
+
],
|
|
41
|
+
[
|
|
42
|
+
' -sigalgs RSA-PSS+SHA384',
|
|
43
|
+
signature_algorithms_cert: [SignatureScheme::RSA_PKCS1_SHA256],
|
|
44
|
+
signature_algorithms: [SignatureScheme::RSA_PSS_RSAE_SHA384]
|
|
45
|
+
],
|
|
46
|
+
[
|
|
47
|
+
' -sigalgs RSA-PSS+SHA512',
|
|
48
|
+
signature_algorithms_cert: [SignatureScheme::RSA_PKCS1_SHA256],
|
|
49
|
+
signature_algorithms: [SignatureScheme::RSA_PSS_RSAE_SHA512]
|
|
50
|
+
]
|
|
51
|
+
].each do |opt, settings|
|
|
52
|
+
context 'client interop' do
|
|
53
|
+
before do
|
|
54
|
+
cmd = "docker run -v #{TMP_DIR}:/tmp -p 4433:4433 -it openssl " \
|
|
55
|
+
+ 'openssl s_server ' \
|
|
56
|
+
+ '-cert /tmp/server.crt ' \
|
|
57
|
+
+ '-key /tmp/server.key ' \
|
|
58
|
+
+ '-tls1_3 ' \
|
|
59
|
+
+ '-www ' \
|
|
60
|
+
+ opt
|
|
61
|
+
pid = spawn(cmd)
|
|
62
|
+
Process.detach(pid)
|
|
63
|
+
|
|
64
|
+
sleep(2) # waiting for openssl s_server
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
let(:client) do
|
|
68
|
+
hostname = 'localhost'
|
|
69
|
+
@socket = TCPSocket.new(hostname, 4433)
|
|
70
|
+
settings[:ca_file] = TMP_DIR + '/ca.crt'
|
|
71
|
+
Client.new(@socket, hostname, settings)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
after do
|
|
75
|
+
@socket.close
|
|
76
|
+
`docker ps -ql | xargs docker stop`
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
it "should connect with openssl s_server ...#{opt}" do
|
|
80
|
+
expect { client.connect }.to_not raise_error
|
|
81
|
+
expect { client.write("GET / HTTP/1.0\r\n\r\n") }.to_not raise_error
|
|
82
|
+
expect(client.read).to include "HTTP/1.0 200 ok\r\n"
|
|
83
|
+
expect { client.close }.to_not raise_error
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
# rubocop: enable Metrics/BlockLength
|
data/interop/helper.rb
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# encoding: ascii-8bit
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
RSpec.configure(&:disable_monkey_patching!)
|
|
5
|
+
|
|
6
|
+
# rubocop: disable Style/MixinUsage
|
|
7
|
+
require 'openssl'
|
|
8
|
+
require 'tttls1.3'
|
|
9
|
+
include TTTLS13
|
|
10
|
+
include TTTLS13::Error
|
|
11
|
+
include TTTLS13::CipherSuite
|
|
12
|
+
include TTTLS13::SignatureScheme
|
|
13
|
+
include TTTLS13::Cryptograph
|
|
14
|
+
include TTTLS13::Message
|
|
15
|
+
include TTTLS13::Message::Extension
|
|
16
|
+
# rubocop: enable Style/MixinUsage
|
data/lib/tttls1.3/connection.rb
CHANGED
|
@@ -235,27 +235,29 @@ module TTTLS13
|
|
|
235
235
|
content = "\x20" * 64 + context + "\x00" + hash
|
|
236
236
|
public_key = OpenSSL::X509::Certificate.new(certificate_pem).public_key
|
|
237
237
|
|
|
238
|
+
# RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether
|
|
239
|
+
# RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".
|
|
238
240
|
case signature_scheme
|
|
239
|
-
when SignatureScheme::
|
|
241
|
+
when SignatureScheme::RSA_PKCS1_SHA256,
|
|
242
|
+
SignatureScheme::RSA_PSS_RSAE_SHA256,
|
|
240
243
|
SignatureScheme::RSA_PSS_PSS_SHA256
|
|
241
244
|
public_key.verify_pss('SHA256', signature, content, salt_length: :auto,
|
|
242
245
|
mgf1_hash: 'SHA256')
|
|
243
|
-
when SignatureScheme::
|
|
246
|
+
when SignatureScheme::RSA_PKCS1_SHA384,
|
|
247
|
+
SignatureScheme::RSA_PSS_RSAE_SHA384,
|
|
244
248
|
SignatureScheme::RSA_PSS_PSS_SHA384
|
|
245
249
|
public_key.verify_pss('SHA384', signature, content, salt_length: :auto,
|
|
246
250
|
mgf1_hash: 'SHA384')
|
|
247
|
-
when SignatureScheme::
|
|
251
|
+
when SignatureScheme::RSA_PKCS1_SHA512,
|
|
252
|
+
SignatureScheme::RSA_PSS_RSAE_SHA512,
|
|
248
253
|
SignatureScheme::RSA_PSS_PSS_SHA512
|
|
249
254
|
public_key.verify_pss('SHA512', signature, content, salt_length: :auto,
|
|
250
255
|
mgf1_hash: 'SHA512')
|
|
251
|
-
when SignatureScheme::
|
|
252
|
-
SignatureScheme::ECDSA_SECP256R1_SHA256
|
|
256
|
+
when SignatureScheme::ECDSA_SECP256R1_SHA256
|
|
253
257
|
public_key.verify('SHA256', signature, content)
|
|
254
|
-
when SignatureScheme::
|
|
255
|
-
SignatureScheme::ECDSA_SECP384R1_SHA384
|
|
258
|
+
when SignatureScheme::ECDSA_SECP384R1_SHA384
|
|
256
259
|
public_key.verify('SHA384', signature, content)
|
|
257
|
-
when SignatureScheme::
|
|
258
|
-
SignatureScheme::ECDSA_SECP521R1_SHA512
|
|
260
|
+
when SignatureScheme::ECDSA_SECP521R1_SHA512
|
|
259
261
|
public_key.verify('SHA512', signature, content)
|
|
260
262
|
else # TODO: ED25519, ED448
|
|
261
263
|
terminate(:internal_error)
|
data/lib/tttls1.3/version.rb
CHANGED
data/spec/aead_spec.rb
CHANGED
data/spec/alert_spec.rb
CHANGED
data/spec/alpn_spec.rb
CHANGED
data/spec/certificate_spec.rb
CHANGED
data/spec/cipher_suites_spec.rb
CHANGED
data/spec/client_hello_spec.rb
CHANGED
data/spec/client_spec.rb
CHANGED
data/spec/connection_spec.rb
CHANGED
data/spec/cookie_spec.rb
CHANGED
data/spec/error_spec.rb
CHANGED
data/spec/extensions_spec.rb
CHANGED
data/spec/finished_spec.rb
CHANGED
data/spec/key_schedule_spec.rb
CHANGED
data/spec/key_share_spec.rb
CHANGED
data/spec/pre_shared_key_spec.rb
CHANGED
data/spec/record_spec.rb
CHANGED
data/spec/server_hello_spec.rb
CHANGED
data/spec/server_name_spec.rb
CHANGED
data/spec/status_request_spec.rb
CHANGED
data/spec/transcript_spec.rb
CHANGED
data/spec/utils_spec.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tttls1.3
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- thekuwayama
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-04-
|
|
11
|
+
date: 2019-04-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -58,6 +58,9 @@ files:
|
|
|
58
58
|
- example/https_client_using_0rtt.rb
|
|
59
59
|
- example/https_client_using_hrr.rb
|
|
60
60
|
- example/https_client_using_ticket.rb
|
|
61
|
+
- interop/Dockerfile
|
|
62
|
+
- interop/client_spec.rb
|
|
63
|
+
- interop/helper.rb
|
|
61
64
|
- lib/tttls1.3.rb
|
|
62
65
|
- lib/tttls1.3/cipher_suites.rb
|
|
63
66
|
- lib/tttls1.3/client.rb
|