tttls1.3 0.2.4 → 0.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 26abf6610ea39c5b35e874bab7e1226afee77c3209dd2ddde497d731bb6fc64b
-  data.tar.gz: 13a8a522e126dc29993f6bfef96a59556f043910541decf7224c15db84cfb28d
+  metadata.gz: 99aff91ae6a3b3c49b7492320eca02c45372e58e8cc6fcf636363c767e18870b
+  data.tar.gz: 2c2327dbe62382897b92c2a89b3f74a45735d6ec40ac08f5ca62dc4f07ec8df8
 SHA512:
-  metadata.gz: 879a7c9be73deec93e4eff0ee0a0339c2464ad6c4139d5c8da4ad8da06cf8fcdf9bbd6ecef6baeda2f35483d88c91b61deaed17e7ca7a2d25cc105f339d242ce
-  data.tar.gz: 44ad60dff635a9ac7a980605ab736f52b67b94d806fa186e86ff022ff82bc712abf9ce215714052787188b35617e1f527534115d6fbb2cc880d5b32dce9df591
+  metadata.gz: c786c4679ca31d9ac60c1d9954cd2fd4e867cf55126a341409bc1aae294df984534861598d5b22643d2d5ab9acefa18cb85b63d7e5cafb90f04e6b41914bf417
+  data.tar.gz: ec601d3640d8518b0a0d6ae35a1453a9444995db944bfaa48e12c627ca58bc01d31e0ffb0925356d686cd97b7665f556152d3f858a245b501eb981a17ffb8dca

data/.travis.yml

@@ -6,6 +6,11 @@ rvm:
   - 2.6.1
   - 2.6.2
   - 2.6.3
+  - ruby-head
+
+matrix:
+  allow_failures:
+    - rvm: ruby-head
 
 before_install: 
   - gem install bundler -v 2.0.1

data/README.md

@@ -8,10 +8,32 @@ tttls1.3 is Ruby implementation of [TLS 1.3](https://tools.ietf.org/html/rfc8446
 tttls1.3 uses [openssl](https://github.com/ruby/openssl) as backend for crypto and X.509 operations.
 
 It is the purpose of this project to understand the TLS 1.3 protocol and implement the TLS 1.3 protocol using Ruby.
-Backward compatibility and performance are not an objective.
+Backward compatibility and performance are not objective.
 This gem should not be used for production software.
 
 
+## Features
+
+### Client
+
+tttls1.3 provides client API with the following features:
+
+* Simple 1-RTT Handshake
+* HelloRetryRequest
+* Resumed 0-RTT Handshake (with PSK from NST)
+
+**NOT supports** certificate with OID RSASSA-PSS, X25519, X448, FFDHE, AES-CCM, Client Authentication, Post-Handshake Authentication, KeyUpdate, external PSKs.
+
+### Server
+
+tttls1.3 provides server API with the following features:
+
+* Simple 1-RTT Handshake
+* HelloRetryRequest
+
+**NOT supports** certificate with OID RSASSA-PSS, X25519, X448, FFDHE, AES-CCM, Client Authentication, Post-Handshake Authentication, KeyUpdate, external PSKs.
+
+
 ## Getting started
 
 tttls1.3 gem is available at [rubygems.org](https://rubygems.org/gems/tttls1.3). You can install with:
@@ -20,7 +42,7 @@ tttls1.3 gem is available at [rubygems.org](https://rubygems.org/gems/tttls1.3).
 $ gem install tttls1.3
 ```
 
-This implementation provides only minimal API, so your code is responsible for application layer.
+This implementation provides only minimal API, so your code is responsible for the application layer.
 Roughly, this works as follows:
 
 ```ruby
@@ -39,7 +61,11 @@ client.close
 require 'tttls1.3'
 
 socket = YourTransport.new
-server = TTTLS13::Server.new(socket.accept)
+server = TTTLS13::Server.new(
+  socket.accept,
+  crt_file: '/path/to/crt/file',
+  key_file: '/path/to/key/file'
+)
 server.accept
 
 server.read
@@ -50,26 +76,45 @@ server.close
 HTTPS examples are [here](https://github.com/thekuwayama/tttls1.3/tree/master/example).
 
 
-## Features
+## Settings
 
 ### Client
 
-tttls1.3 provides client API with the following features:
-
-* Simple 1-RTT Handshake
-* HelloRetryRequest
-* Resumed 0-RTT Handshake (with PSK from ticket)
-
-**NOT supports** certificate with OID RSASSA-PSS, X25519, X448, FFDHE, AES-CCM, Client Authentication, Post-Handshake Authentication, KeyUpdate, external PSKs.
+tttls1.3 client is configurable using keyword arguments.
+
+| key | type | default value | description |
+|-----|------|---------------|-------------|
+| `:ca_file` | String | nil | Path to the additional root CA certificate files. If not needed to add, set nil. |
+| `:cipher_suites` | Array of TTTLS13::CipherSuite constant | `TLS_AES_256_GCM_SHA384`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_AES_128_GCM_SHA256` | List of cipher suites offered in ClientHello. |
+| `:signature_algorithms` | Array of TTTLS13::SignatureScheme constant | `ECDSA_SECP256R1_SHA256`, `ECDSA_SECP384R1_SHA384`, `ECDSA_SECP521R1_SHA512`, `RSA_PSS_RSAE_SHA256`, `RSA_PSS_RSAE_SHA384`, `RSA_PSS_RSAE_SHA512`, `RSA_PKCS1_SHA256`, `RSA_PKCS1_SHA384`, `RSA_PKCS1_SHA512` | List of signature algorithms offered in ClientHello extensions. |
+| `:signature_algorithms_cert` | Array of TTTLS13::SignatureScheme constant | nil | List of certificate signature algorithms offered in ClientHello extensions. You can set this to signal the difference between the signature algorithm and `:signature_algorithms`. |
+| `:supported_groups` | Array of TTTLS13::NamedGroup constant | `SECP256R1`, `SECP384R1`, `SECP521R1` | List of named groups offered in ClientHello extensions. |
+| `:key_share_groups` | Array of TTTLS13::NamedGroup constant | nil | List of named groups offered in KeyShareClientHello. In default, KeyShareClientHello has only a KeyShareEntry of most preferred named group in `:supported_groups`. You can set this to send KeyShareClientHello that has multiple KeyShareEntry. |
+| `:alpn` | Array of String | nil | List of application protocols offered in ClientHello extensions. If not needed to be present, set nil. |
+| `:process_new_session_ticket` | Proc | nil | Proc that processes received NewSessionTicket. Its 3 arguments are TTTLS13::Message::NewSessionTicket, resumption master secret and cipher suite. If not needed to process NewSessionTicket, set nil. |
+| `:ticket` | String | nil | The ticket for PSK. |
+| `:resumption_master_secret` | String | nil | The resumption master secret. |
+| `:psk_cipher_suite` | TTTLS13::CipherSuite constant | nil | The cipher suite for PSK. |
+| `:ticket_nonce` | String | nil | The ticket\_nonce for PSK. |
+| `:ticket_age_add` | String | nil | The ticket\_age\_add for PSK. |
+| `:ticket_timestamp` | Integer | nil | The ticket\_timestamp for PSK. |
+| `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
+| `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 
 ### Server
 
-tttls1.3 provides server API with the following features:
-
-* Simple 1-RTT Handshake
-* HelloRetryRequest
-
-**NOT supports** certificate with OID RSASSA-PSS, X25519, X448, FFDHE, AES-CCM, Client Authentication, Post-Handshake Authentication, KeyUpdate, external PSKs.
+tttls1.3 server is configurable using keyword arguments.
+
+| key | type | default value | description |
+|-----|------|---------------|-------------|
+| `:crt_file` | String | nil | Path to the certificate file. This is a required setting. |
+| `:key_file` | String | nil | Path to the private key file. This is a required setting. |
+| `:cipher_suites` | Array of TTTLS13::CipherSuite constant | `TLS_AES_256_GCM_SHA384`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_AES_128_GCM_SHA256` | List of supported cipher suites. |
+| `:signature_algorithms` | Array of TTTLS13::SignatureScheme constant | `ECDSA_SECP256R1_SHA256`, `ECDSA_SECP384R1_SHA384`, `ECDSA_SECP521R1_SHA512`, `RSA_PSS_RSAE_SHA256`, `RSA_PSS_RSAE_SHA384`, `RSA_PSS_RSAE_SHA512`, `RSA_PKCS1_SHA256`, `RSA_PKCS1_SHA384`, `RSA_PKCS1_SHA512` | List of supported signature algorithms. |
+| `:supported_groups` | Array of TTTLS13::NamedGroup constant | `SECP256R1`, `SECP384R1`, `SECP521R1` | List of supported named groups. |
+| `:alpn` | Array of String | nil | List of supported application protocols. If not needed to check this extension, set nil. |
+| `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
+| `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 
 
 ## License

data/Rakefile

@@ -129,17 +129,19 @@ end
 RuboCop::RakeTask.new
 RSpec::Core::RakeTask.new(:spec)
 
-desc 'interoperability test: TTTLS13::Client'
-RSpec::Core::RakeTask.new(:interop_client) do |t|
-  t.pattern = Dir.glob('interop/client_spec.rb')
-end
+desc 'interoperability test between openssl'
+task interop: %i[interop:client interop:server]
 
-desc 'interoperability test: TTTLS13::Server'
-RSpec::Core::RakeTask.new(:interop_server) do |t|
-  t.pattern = Dir.glob('interop/server_spec.rb')
-end
+namespace :interop do
+  desc 'interoperability test: TTTLS13::Client'
+  RSpec::Core::RakeTask.new(:client) do |t|
+    t.pattern = Dir.glob('interop/client_spec.rb')
+  end
 
-desc 'interoperability test between openssl'
-task interop: %i[interop_client interop_server]
+  desc 'interoperability test: TTTLS13::Server'
+  RSpec::Core::RakeTask.new(:server) do |t|
+    t.pattern = Dir.glob('interop/server_spec.rb')
+  end
+end
 
 task default: %i[rubocop spec]

data/interop/client_spec.rb

@@ -155,6 +155,13 @@ RSpec.describe Client do
       'rsa_rsa.crt',
       'rsa_rsa.key',
       alpn: ['http/1.1']
+    ],
+    [
+      true,
+      '',
+      'rsa_rsa.crt',
+      'rsa_rsa.key',
+      compatibility_mode: false
     ]
     # rubocop: enable Metrics/LineLength
   ].each do |normal, opt, crt, key, settings|

data/interop/server_spec.rb

@@ -164,6 +164,13 @@ RSpec.describe Server do
       FIXTURES_DIR + '/rsa_rsa.crt',
       FIXTURES_DIR + '/rsa_rsa.key',
       alpn: ['http/1.1']
+    ],
+    [
+      true,
+      '-groups P-256:P-384:P-521',
+      FIXTURES_DIR + '/rsa_rsa.crt',
+      FIXTURES_DIR + '/rsa_rsa.key',
+      compatibility_mode: false
     ]
     # rubocop: enable Metrics/LineLength
   ].each do |normal, opt, crt, key, settings|

data/lib/tttls1.3/client.rb

@@ -58,6 +58,7 @@ module TTTLS13
     ticket_nonce: nil,
     ticket_age_add: nil,
     ticket_timestamp: nil,
+    compatibility_mode: true,
     loglevel: Logger::WARN
   }.freeze
   private_constant :DEFAULT_CLIENT_SETTINGS
@@ -152,7 +153,7 @@ module TTTLS13
           binder_key = (use_psk? ? key_schedule.binder_key_res : nil)
           transcript[CH] = send_client_hello(extensions, binder_key)
 
-          send_ccs # compatibility mode
+          send_ccs if @settings[:compatibility_mode]
           if use_early_data?
             e_wcipher = gen_cipher(
               @settings[:psk_cipher_suite],
@@ -293,16 +294,7 @@ module TTTLS13
           message = recv_message(receivable_ccs: true, cipher: hs_rcipher)
           if message.msg_type == Message::HandshakeType::CERTIFICATE
             ct = transcript[CT] = message
-            terminate(:illegal_parameter) unless ct.appearable_extensions?
-
-            ch = transcript[CH]
-            terminate(:unsupported_extension) \
-              unless ct.certificate_list.map(&:extensions)
-                       .all? { |e| (e.keys - ch.extensions.keys).empty? }
-
-            terminate(:certificate_unknown) \
-              unless trusted_certificate?(ct.certificate_list,
-                                          @settings[:ca_file], @hostname)
+            terminate_invalid_certificate(ct, transcript[CH])
 
             @state = ClientState::WAIT_CV
           elsif message.msg_type == Message::HandshakeType::CERTIFICATE_REQUEST
@@ -316,16 +308,7 @@ module TTTLS13
           logger.debug('ClientState::WAIT_EE')
 
           ct = transcript[CT] = recv_certificate(hs_rcipher)
-          terminate(:illegal_parameter) unless ct.appearable_extensions?
-
-          ch = transcript[CH]
-          terminate(:unsupported_extension) \
-            unless ct.certificate_list.map(&:extensions)
-                     .all? { |e| (e.keys - ch.extensions.keys).empty? }
-
-          terminate(:certificate_unknown) \
-            unless trusted_certificate?(ct.certificate_list,
-                                        @settings[:ca_file], @hostname)
+          terminate_invalid_certificate(ct, transcript[CH])
 
           @state = ClientState::WAIT_CV
         when ClientState::WAIT_CV
@@ -749,6 +732,20 @@ module TTTLS13
       eoed
     end
 
+    # @param ct [TTTLS13::Message::Certificate]
+    # @param ch [TTTLS13::Message::ClientHello]
+    def terminate_invalid_certificate(ct, ch)
+      terminate(:illegal_parameter) unless ct.appearable_extensions?
+
+      terminate(:unsupported_extension) \
+        unless ct.certificate_list.map(&:extensions)
+                 .all? { |e| (e.keys - ch.extensions.keys).empty? }
+
+      terminate(:certificate_unknown) \
+        unless trusted_certificate?(ct.certificate_list,
+                                    @settings[:ca_file], @hostname)
+    end
+
     # @param ct [TTTLS13::Message::Certificate]
     # @param cv [TTTLS13::Message::CertificateVerify]
     # @param hash [String]

data/lib/tttls1.3/message/record.rb

@@ -42,21 +42,18 @@ module TTTLS13
       # @return [String]
       def serialize(record_size_limit = DEFAULT_RECORD_SIZE_LIMIT)
         tlsplaintext = @messages.map(&:serialize).join + @surplus_binary
-        if messages_type == ContentType::APPLICATION_DATA
-          max = cipher.tlsplaintext_length_limit(record_size_limit)
+        if @cipher.is_a?(Cryptograph::Aead)
+          max = @cipher.tlsplaintext_length_limit(record_size_limit)
           fragments = tlsplaintext.scan(/.{1,#{max}}/m)
         else
           fragments = [tlsplaintext]
         end
         fragments = [''] if fragments.empty?
 
-        binary = ''
-        fragments.each do |s|
-          binary += @type + @legacy_record_version
-          binary += @cipher.encrypt(s, messages_type).prefix_uint16_length
-        end
-
-        binary
+        fragments.map do |s|
+          @type + @legacy_record_version \
+          + @cipher.encrypt(s, messages_type).prefix_uint16_length
+        end.join
       end
 
       # NOTE:

data/lib/tttls1.3/server.rb

@@ -51,6 +51,7 @@ module TTTLS13
     signature_algorithms: DEFAULT_SP_SIGNATURE_ALGORITHMS,
     supported_groups: DEFAULT_SP_NAMED_GROUP_LIST,
     alpn: nil,
+    compatibility_mode: true,
     loglevel: Logger::WARN
   }.freeze
   private_constant :DEFAULT_SERVER_SETTINGS
@@ -190,7 +191,7 @@ module TTTLS13
           extensions, priv_key = gen_sh_extensions(@named_group)
           transcript[SH] = send_server_hello(extensions, @cipher_suite,
                                              ch.legacy_session_id)
-          send_ccs # compatibility mode
+          send_ccs if @settings[:compatibility_mode]
 
           # generate shared secret
           ke = ch.extensions[Message::ExtensionType::KEY_SHARE]

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.2.4'
+  VERSION = '0.2.5'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.2.5
 platform: ruby
 authors:
 - thekuwayama
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-12 00:00:00.000000000 Z
+date: 2019-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -191,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: TLS 1.3 implementation in Ruby