Module: EchSpec::TLS13Client

Defined in:
lib/echspec/tls13_client.rb

Defined Under Namespace

Classes: Connection

Class Method Summary collapse

Class Method Details

.gen_ch_extensions(hostname) ⇒ TTTLS13::Message::Extensions, Hash of NamedGroup => OpenSSL::PKey::EC.$Object

Parameters:

  • hostname (String)

Returns:

  • (TTTLS13::Message::Extensions)
  • (Hash of NamedGroup => OpenSSL::PKey::EC.$Object) 


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/echspec/tls13_client.rb', line 35

def gen_ch_extensions(hostname)
  exs = TTTLS13::Message::Extensions.new
  # server_name
  exs << TTTLS13::Message::Extension::ServerName.new(hostname)

  # supported_versions: only TLS 1.3
  exs << TTTLS13::Message::Extension::SupportedVersions.new(
    msg_type: TTTLS13::Message::HandshakeType::CLIENT_HELLO
  )

  # signature_algorithms
  exs << TTTLS13::Message::Extension::SignatureAlgorithms.new(
    [
      TTTLS13::SignatureScheme::ECDSA_SECP256R1_SHA256,
      TTTLS13::SignatureScheme::ECDSA_SECP384R1_SHA384,
      TTTLS13::SignatureScheme::ECDSA_SECP521R1_SHA512,
      TTTLS13::SignatureScheme::RSA_PSS_RSAE_SHA256,
      TTTLS13::SignatureScheme::RSA_PSS_RSAE_SHA384,
      TTTLS13::SignatureScheme::RSA_PSS_RSAE_SHA512,
      TTTLS13::SignatureScheme::RSA_PKCS1_SHA256,
      TTTLS13::SignatureScheme::RSA_PKCS1_SHA384,
      TTTLS13::SignatureScheme::RSA_PKCS1_SHA512
    ]
  )

  # supported_groups
  groups = [
    TTTLS13::NamedGroup::SECP256R1,
    TTTLS13::NamedGroup::SECP384R1,
    TTTLS13::NamedGroup::SECP521R1
  ]
  exs << TTTLS13::Message::Extension::SupportedGroups.new(groups)

  # key_share
  key_share, shared_secret = TTTLS13::Message::Extension::KeyShare.gen_ch_key_share(
    groups
  )
  exs << key_share

  [exs, shared_secret]
end

.gen_newch_extensions(ch1, hrr) ⇒ TTTLS13::Message::Extensions

Parameters:

  • ch1 (TTTLS13::Message::ClientHello)
  • hrr (TTTLS13::Message::ServerHello)

Returns:

  • (TTTLS13::Message::Extensions) 


81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/echspec/tls13_client.rb', line 81

def gen_newch_extensions(ch1, hrr)
  exs = TTTLS13::Message::Extensions.new
  # key_share
  if hrr.extensions.include?(TTTLS13::Message::ExtensionType::KEY_SHARE)
    group = hrr.extensions[TTTLS13::Message::ExtensionType::KEY_SHARE]
               .key_share_entry.first.group
    key_share, = TTTLS13::Message::Extension::KeyShare.gen_ch_key_share([group])
    exs << key_share
  end

  # cookie
  exs << hrr.extensions[TTTLS13::Message::ExtensionType::COOKIE] \
    if hrr.extensions.include?(TTTLS13::Message::ExtensionType::COOKIE)

  ch1.extensions.merge(exs)
end

.recv_hrr(socket, hostname, ech_config, stack) ⇒ EchSpec::TLS13Client::Connection, ...

rubocop: disable Metrics/MethodLength

Parameters:

Returns:

  • (EchSpec::TLS13Client::Connection)
  • (TTTLS13::Message::ClientHello)

    ClientHelloInner

  • (TTTLS13::Message::ClientHello)
  • (TTTLS13::Message::ServerHello)

    HelloRetryRequest

  • (TTTLS13::EchState)

Raises:



120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
 
# File 'lib/echspec/tls13_client.rb', line 120

def recv_hrr(socket, hostname, ech_config, stack)
  # send 1st ClientHello
  conn = TLS13Client::Connection.new(socket, :client)
  inner_ech = TTTLS13::Message::Extension::ECHClientHello.new_inner
  exs, = TLS13Client.gen_ch_extensions(hostname)
  # for HRR
  key_share = TTTLS13::Message::Extension::KeyShare.new(
    msg_type: TTTLS13::Message::HandshakeType::CLIENT_HELLO,
    key_share_entry: [] # empty client_shares vector
  )
  exs[TTTLS13::Message::ExtensionType::KEY_SHARE] = key_share
  inner = TTTLS13::Message::ClientHello.new(
    cipher_suites: TTTLS13::CipherSuites.new(
      [
        TTTLS13::CipherSuite::TLS_AES_256_GCM_SHA384,
        TTTLS13::CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
        TTTLS13::CipherSuite::TLS_AES_128_GCM_SHA256
      ]
    ),
    extensions: exs.merge(
      TTTLS13::Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
    )
  )
  stack << inner

  selector = proc { |x| TLS13Client.select_ech_hpke_cipher_suite(x) }
  ch, _inner, ech_state = TTTLS13::Ech.offer_ech(inner, ech_config, selector)
  conn.send_record(
    TTTLS13::Message::Record.new(
      type: TTTLS13::Message::ContentType::HANDSHAKE,
      messages: [ch],
      cipher: TTTLS13::Cryptograph::Passer.new
    )
  )
  stack << ch

  # receive HelloRetryRequest
  recv, = conn.recv_message(TTTLS13::Cryptograph::Passer.new)
  stack << recv
  raise Error::BeforeTargetSituationError, 'did not send expected handshake message: HelloRetryRequest' \
    unless recv.is_a?(TTTLS13::Message::ServerHello) && recv.hrr?

  [conn, inner, ch, recv, ech_state]
end

.select_ech_hpke_cipher_suite(conf) ⇒ Boolean

Parameters:

  • conf (ECHConfig::ECHConfigContents::HpkeKeyConfig)

Returns:

  • (Boolean) 


101
102
103
104
105
 
# File 'lib/echspec/tls13_client.rb', line 101

def select_ech_hpke_cipher_suite(conf)
  TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES.find do |cs|
    conf.cipher_suites.include?(cs)
  end
end