tttls1.3 0.2.10 → 0.2.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -0
  3. data/lib/tttls1.3/server.rb +15 -4
  4. data/lib/tttls1.3/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a88e723a99666a675766294bcd4693baad9d49f9d8d2c95e2c9361d74ea74e0a
4
- data.tar.gz: e7c18f7242cf74229ae99232366d18854c898ce18e9f5805af8ca5694666e7bc
3
+ metadata.gz: 8f5aa81468afa7bdfe5706ab689499342070b9ccba1c3407e4aef7e7f5f2a6fc
4
+ data.tar.gz: 62b65e459cb2f1a0f14e1be474ab711aeb83d313e14cfdafc3b75dba44ddaf95
5
5
  SHA512:
6
- metadata.gz: a36f3a4f8dc7884a3927572285773390e0076ff6f154366aeb85dbda10ed1edbdb0964ab2201b236b77f1b7c862cd61796a5eae9574883790da83b5e2c52c375
7
- data.tar.gz: 88688015bd166a0c93bf2c6663eda3649719362228c496a7662bf162e236f1a0a04d7f5aa18d477cb18a3986c97fe9e7cab89fd7c04ba09caa1dd92c70441433
6
+ metadata.gz: f11b5d1dae32d9e9aca363fee567840d0bf2da02a95e4f7930965c03ac3d53b4751d65cfd4eb709ab47a04cb51d4c14a28783e8519ffe0e9a7e479890b017520
7
+ data.tar.gz: e24b2a06489681198c28e1b5def42bd512102591c232fa7ccb847d5742a52cb3c62dd7289bfc4012be45f743f176bf945863f03c785805e2eb53412acbad291f
data/README.md CHANGED
@@ -111,6 +111,7 @@ tttls1.3 server is configurable using keyword arguments.
111
111
  | key | type | default value | description |
112
112
  |-----|------|---------------|-------------|
113
113
  | `:crt_file` | String | nil | Path to the certificate file. This is a required setting. |
114
+ | `:chain_files` | Array of OpenSSL::X509::Certificate | nil | Paths to the itermediate certificate files. |
114
115
  | `:key_file` | String | nil | Path to the private key file. This is a required setting. |
115
116
  | `:cipher_suites` | Array of TTTLS13::CipherSuite constant | `TLS_AES_256_GCM_SHA384`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_AES_128_GCM_SHA256` | List of supported cipher suites. |
116
117
  | `:signature_algorithms` | Array of TTTLS13::SignatureScheme constant | `ECDSA_SECP256R1_SHA256`, `ECDSA_SECP384R1_SHA384`, `ECDSA_SECP521R1_SHA512`, `RSA_PSS_RSAE_SHA256`, `RSA_PSS_RSAE_SHA384`, `RSA_PSS_RSAE_SHA512`, `RSA_PKCS1_SHA256`, `RSA_PKCS1_SHA384`, `RSA_PKCS1_SHA512` | List of supported signature algorithms. |
data/lib/tttls1.3/server.rb CHANGED
@@ -46,6 +46,7 @@ module TTTLS13
46
46
 
47
47
  DEFAULT_SERVER_SETTINGS = {
48
48
  crt_file: nil,
49
+ chain_files: nil,
49
50
  key_file: nil,
50
51
  cipher_suites: DEFAULT_SP_CIPHER_SUITES,
51
52
  signature_algorithms: DEFAULT_SP_SIGNATURE_ALGORITHMS,
@@ -75,6 +76,14 @@ module TTTLS13
75
76
  klass = @crt.public_key.class
76
77
  @key = klass.new(File.read(@settings[:key_file]))
77
78
  raise Error::ConfigError unless @crt.check_private_key(@key)
79
+
80
+ @chain = @settings[:chain_files]&.map do |f|
81
+ OpenSSL::X509::Certificate.new(File.read(f))
82
+ end
83
+ @chain ||= []
84
+ ([@crt] + @chain).each_cons(2) do |cert, sign|
85
+ raise Error::ConfigError unless cert.verify(sign.public_key)
86
+ end
78
87
  end
79
88
 
80
89
  # NOTE:
@@ -230,7 +239,7 @@ module TTTLS13
230
239
  unless ch.extensions[Message::ExtensionType::RECORD_SIZE_LIMIT].nil?
231
240
  ee = transcript[EE] = gen_encrypted_extensions(ch, @alpn, rsl)
232
241
  # TODO: [Send CertificateRequest]
233
- ct = transcript[CT] = gen_certificate(@crt)
242
+ ct = transcript[CT] = gen_certificate(@crt, @chain)
234
243
  digest = CipherSuite.digest(@cipher_suite)
235
244
  cv = transcript[CV] = gen_certificate_verify(
236
245
  @key,
@@ -394,11 +403,13 @@ module TTTLS13
394
403
  end
395
404
 
396
405
  # @param crt [OpenSSL::X509::Certificate]
406
+ # @param chain [Array of OpenSSL::X509::Certificate]
397
407
  #
398
408
  # @return [TTTLS13::Message::Certificate, nil]
399
- def gen_certificate(crt)
400
- ce = Message::CertificateEntry.new(crt)
401
- Message::Certificate.new(certificate_list: [ce])
409
+ def gen_certificate(crt, chain = [])
410
+ ces = [crt] + (chain || [])
411
+ ces.map! { |c| Message::CertificateEntry.new(c) }
412
+ Message::Certificate.new(certificate_list: ces)
402
413
  end
403
414
 
404
415
  # @param key [OpenSSL::PKey::PKey]
data/lib/tttls1.3/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module TTTLS13
4
- VERSION = '0.2.10'
4
+ VERSION = '0.2.11'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tttls1.3
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.10
4
+ version: 0.2.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - thekuwayama
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-09 00:00:00.000000000 Z
11
+ date: 2019-12-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler