tttls1.3 0.2.6 → 0.2.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/tttls1.3/client.rb +7 -8
  3. data/lib/tttls1.3/connection.rb +38 -0
  4. data/lib/tttls1.3/key_schedule.rb +18 -17
  5. data/lib/tttls1.3/server.rb +1 -0
  6. data/lib/tttls1.3/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 434477f28514352dc19f51a5164df0544e4f10c0902726fb6daea7dd6a3b418e
4
- data.tar.gz: 2efb6ab4f448b4e96d733f33475e21df10d0286faa8fde16ead1e88d3a4d09b4
3
+ metadata.gz: c4d612bec845851394778f851e83cd26a402c28b28282eadf1630684781dbfad
4
+ data.tar.gz: 2b2ac159212b899dfd2f0281b756469033ab58ac57276a2c834166e9e1c1a659
5
5
  SHA512:
6
- metadata.gz: 6459d7ac7994d985e6877e599908fd1d18fe35e70f476fc5091a8e59909c08c61ad9d4f9a3356c030fb53ce0a8c10d39d4963bb2f06255f95ae2068e952e88ad
7
- data.tar.gz: 06efcf0f787fb07c88541df0874046c9b81a7e774d012e548f785fa9a8fcb0abe30bf3cf0da1b6e4f315bd4316b438a37d935bf6cc955104bc1c9bc74aeccf64
6
+ metadata.gz: 902358ead54f4e37bcb6921f8ac26cb0d365ff90c96f8b1d148286a08a057af719989ed0b24d34e99e646965ca7dbfbcdf2b07d9f28b84d3e00e62d904d8ff3f
7
+ data.tar.gz: 33781ec8908342d9aa0670c1ce82516bd7a0fafbed7f49f470765b0d053883cee66b913fc14c060c83abe82dca863653ec7632efcbbcbc4b84dce577eef21764
data/lib/tttls1.3/client.rb CHANGED
@@ -294,7 +294,7 @@ module TTTLS13
294
294
  @state = ClientState::WAIT_CERT_CR
295
295
  @state = ClientState::WAIT_FINISHED unless psk.nil?
296
296
  when ClientState::WAIT_CERT_CR
297
- logger.debug('ClientState::WAIT_EE')
297
+ logger.debug('ClientState::WAIT_CERT_CR')
298
298
 
299
299
  message = recv_message(receivable_ccs: true, cipher: hs_rcipher)
300
300
  if message.msg_type == Message::HandshakeType::CERTIFICATE
@@ -310,14 +310,14 @@ module TTTLS13
310
310
  terminate(:unexpected_message)
311
311
  end
312
312
  when ClientState::WAIT_CERT
313
- logger.debug('ClientState::WAIT_EE')
313
+ logger.debug('ClientState::WAIT_CERT')
314
314
 
315
315
  ct = transcript[CT] = recv_certificate(hs_rcipher)
316
316
  terminate_invalid_certificate(ct, transcript[CH])
317
317
 
318
318
  @state = ClientState::WAIT_CV
319
319
  when ClientState::WAIT_CV
320
- logger.debug('ClientState::WAIT_EE')
320
+ logger.debug('ClientState::WAIT_CV')
321
321
 
322
322
  cv = transcript[CV] = recv_certificate_verify(hs_rcipher)
323
323
  digest = CipherSuite.digest(@cipher_suite)
@@ -329,7 +329,7 @@ module TTTLS13
329
329
 
330
330
  @state = ClientState::WAIT_FINISHED
331
331
  when ClientState::WAIT_FINISHED
332
- logger.debug('ClientState::WAIT_EE')
332
+ logger.debug('ClientState::WAIT_FINISHED')
333
333
 
334
334
  sf = transcript[SF] = recv_finished(hs_rcipher)
335
335
  digest = CipherSuite.digest(@cipher_suite)
@@ -361,6 +361,7 @@ module TTTLS13
361
361
  key_schedule.server_application_write_key,
362
362
  key_schedule.server_application_write_iv
363
363
  )
364
+ @exporter_master_secret = key_schedule.exporter_master_secret
364
365
  @resumption_master_secret = key_schedule.resumption_master_secret
365
366
  @state = ClientState::CONNECTED
366
367
  when ClientState::CONNECTED
@@ -456,10 +457,8 @@ module TTTLS13
456
457
  # @return [String]
457
458
  def gen_psk_from_nst(resumption_master_secret, ticket_nonce, digest)
458
459
  hash_len = OpenSSL::Digest.new(digest).digest_length
459
- info = hash_len.to_uint16
460
- info += 'tls13 resumption'.prefix_uint8_length
461
- info += ticket_nonce.prefix_uint8_length
462
- KeySchedule.hkdf_expand(resumption_master_secret, info, hash_len, digest)
460
+ KeySchedule.hkdf_expand_label(resumption_master_secret, 'resumption',
461
+ ticket_nonce, hash_len, digest)
463
462
  end
464
463
 
465
464
  # @return [TTTLS13::Message::Extensions]
data/lib/tttls1.3/connection.rb CHANGED
@@ -24,6 +24,7 @@ module TTTLS13
24
24
  @state = 0 # ClientState or ServerState
25
25
  @send_record_size = Message::DEFAULT_RECORD_SIZE_LIMIT
26
26
  @alpn = nil # String
27
+ @exporter_master_secret = nil # String
27
28
  end
28
29
 
29
30
  # @raise [TTTLS13::Error::ConfigError]
@@ -101,8 +102,45 @@ module TTTLS13
101
102
  @alpn
102
103
  end
103
104
 
105
+ # @param label [String]
106
+ # @param context [String]
107
+ # @param key_length [Integer]
108
+ #
109
+ # @return [String, nil]
110
+ def exporter(label, context, key_length)
111
+ return nil if @exporter_master_secret.nil? || @cipher_suite.nil?
112
+
113
+ digest = CipherSuite.digest(@cipher_suite)
114
+ do_exporter(@exporter_master_secret, digest, label, context, key_length)
115
+ end
116
+
104
117
  private
105
118
 
119
+ # @param secret [String] (early_)exporter_master_secret
120
+ # @param digest [String] name of digest algorithm
121
+ # @param label [String]
122
+ # @param context [String]
123
+ # @param key_length [Integer]
124
+ #
125
+ # @return [String]
126
+ def do_exporter(secret, digest, label, context, key_length)
127
+ derived_secret = KeySchedule.hkdf_expand_label(
128
+ secret,
129
+ label,
130
+ OpenSSL::Digest.digest(digest, ''),
131
+ OpenSSL::Digest.new(digest).digest_length,
132
+ digest
133
+ )
134
+
135
+ KeySchedule.hkdf_expand_label(
136
+ derived_secret,
137
+ 'exporter',
138
+ OpenSSL::Digest.digest(digest, context),
139
+ key_length,
140
+ digest
141
+ )
142
+ end
143
+
106
144
  # @param cipher_suite [TTTLS13::CipherSuite]
107
145
  # @param write_key [String]
108
146
  # @param write_iv [String]
data/lib/tttls1.3/key_schedule.rb CHANGED
@@ -33,14 +33,14 @@ module TTTLS13
33
33
  def binder_key_ext
34
34
  hash = OpenSSL::Digest.digest(@digest, '')
35
35
  base_key = derive_secret(early_secret, 'ext binder', hash)
36
- hkdf_expand_label(base_key, 'finished', '', @hash_len)
36
+ self.class.hkdf_expand_label(base_key, 'finished', '', @hash_len, @digest)
37
37
  end
38
38
 
39
39
  # @return [String]
40
40
  def binder_key_res
41
41
  hash = OpenSSL::Digest.digest(@digest, '')
42
42
  base_key = derive_secret(early_secret, 'res binder', hash)
43
- hkdf_expand_label(base_key, 'finished', '', @hash_len)
43
+ self.class.hkdf_expand_label(base_key, 'finished', '', @hash_len, @digest)
44
44
  end
45
45
 
46
46
  # @return [String]
@@ -52,13 +52,13 @@ module TTTLS13
52
52
  # @return [String]
53
53
  def early_data_write_key
54
54
  secret = client_early_traffic_secret
55
- hkdf_expand_label(secret, 'key', '', @key_len)
55
+ self.class.hkdf_expand_label(secret, 'key', '', @key_len, @digest)
56
56
  end
57
57
 
58
58
  # @return [String]
59
59
  def early_data_write_iv
60
60
  secret = client_early_traffic_secret
61
- hkdf_expand_label(secret, 'iv', '', @iv_len)
61
+ self.class.hkdf_expand_label(secret, 'iv', '', @iv_len, @digest)
62
62
  end
63
63
 
64
64
  # @return [String]
@@ -87,19 +87,19 @@ module TTTLS13
87
87
  # @return [String]
88
88
  def client_finished_key
89
89
  secret = client_handshake_traffic_secret
90
- hkdf_expand_label(secret, 'finished', '', @hash_len)
90
+ self.class.hkdf_expand_label(secret, 'finished', '', @hash_len, @digest)
91
91
  end
92
92
 
93
93
  # @return [String]
94
94
  def client_handshake_write_key
95
95
  secret = client_handshake_traffic_secret
96
- hkdf_expand_label(secret, 'key', '', @key_len)
96
+ self.class.hkdf_expand_label(secret, 'key', '', @key_len, @digest)
97
97
  end
98
98
 
99
99
  # @return [String]
100
100
  def client_handshake_write_iv
101
101
  secret = client_handshake_traffic_secret
102
- hkdf_expand_label(secret, 'iv', '', @iv_len)
102
+ self.class.hkdf_expand_label(secret, 'iv', '', @iv_len, @digest)
103
103
  end
104
104
 
105
105
  # @return [String]
@@ -111,19 +111,19 @@ module TTTLS13
111
111
  # @return [String]
112
112
  def server_finished_key
113
113
  secret = server_handshake_traffic_secret
114
- hkdf_expand_label(secret, 'finished', '', @hash_len)
114
+ self.class.hkdf_expand_label(secret, 'finished', '', @hash_len, @digest)
115
115
  end
116
116
 
117
117
  # @return [String]
118
118
  def server_handshake_write_key
119
119
  secret = server_handshake_traffic_secret
120
- hkdf_expand_label(secret, 'key', '', @key_len)
120
+ self.class.hkdf_expand_label(secret, 'key', '', @key_len, @digest)
121
121
  end
122
122
 
123
123
  # @return [String]
124
124
  def server_handshake_write_iv
125
125
  secret = server_handshake_traffic_secret
126
- hkdf_expand_label(secret, 'iv', '', @iv_len)
126
+ self.class.hkdf_expand_label(secret, 'iv', '', @iv_len, @digest)
127
127
  end
128
128
 
129
129
  # @return [String]
@@ -147,13 +147,13 @@ module TTTLS13
147
147
  # @return [String]
148
148
  def client_application_write_key
149
149
  secret = client_application_traffic_secret
150
- hkdf_expand_label(secret, 'key', '', @key_len)
150
+ self.class.hkdf_expand_label(secret, 'key', '', @key_len, @digest)
151
151
  end
152
152
 
153
153
  # @return [String]
154
154
  def client_application_write_iv
155
155
  secret = client_application_traffic_secret
156
- hkdf_expand_label(secret, 'iv', '', @iv_len)
156
+ self.class.hkdf_expand_label(secret, 'iv', '', @iv_len, @digest)
157
157
  end
158
158
 
159
159
  # @return [String]
@@ -165,13 +165,13 @@ module TTTLS13
165
165
  # @return [String]
166
166
  def server_application_write_key
167
167
  secret = server_application_traffic_secret
168
- hkdf_expand_label(secret, 'key', '', @key_len)
168
+ self.class.hkdf_expand_label(secret, 'key', '', @key_len, @digest)
169
169
  end
170
170
 
171
171
  # @return [String]
172
172
  def server_application_write_iv
173
173
  secret = server_application_traffic_secret
174
- hkdf_expand_label(secret, 'iv', '', @iv_len)
174
+ self.class.hkdf_expand_label(secret, 'iv', '', @iv_len, @digest)
175
175
  end
176
176
 
177
177
  # @return [String]
@@ -198,13 +198,14 @@ module TTTLS13
198
198
  # @param label [String]
199
199
  # @param context [String]
200
200
  # @param length [Integer]
201
+ # @param digest [String] name of digest algorithm
201
202
  #
202
203
  # @return [String]
203
- def hkdf_expand_label(secret, label, context, length)
204
+ def self.hkdf_expand_label(secret, label, context, length, digest)
204
205
  binary = length.to_uint16
205
206
  binary += ('tls13 ' + label).prefix_uint8_length
206
207
  binary += context.prefix_uint8_length
207
- self.class.hkdf_expand(secret, binary, length, @digest)
208
+ hkdf_expand(secret, binary, length, digest)
208
209
  end
209
210
 
210
211
  # @param secret [String]
@@ -235,7 +236,7 @@ module TTTLS13
235
236
  #
236
237
  # @return [String]
237
238
  def derive_secret(secret, label, context)
238
- hkdf_expand_label(secret, label, context, @hash_len)
239
+ self.class.hkdf_expand_label(secret, label, context, @hash_len, @digest)
239
240
  end
240
241
  end
241
242
  # rubocop: enable Metrics/ClassLength
data/lib/tttls1.3/server.rb CHANGED
@@ -266,6 +266,7 @@ module TTTLS13
266
266
  key_schedule.client_application_write_key,
267
267
  key_schedule.client_application_write_iv
268
268
  )
269
+ @exporter_master_secret = key_schedule.exporter_master_secret
269
270
  @state = ServerState::CONNECTED
270
271
  when ServerState::CONNECTED
271
272
  logger.debug('ServerState::CONNECTED')
data/lib/tttls1.3/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module TTTLS13
4
- VERSION = '0.2.6'
4
+ VERSION = '0.2.7'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tttls1.3
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.6
4
+ version: 0.2.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - thekuwayama
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-07-04 00:00:00.000000000 Z
11
+ date: 2019-07-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler