Class: TTTLS13::KeySchedule
- Inherits:
-
Object
- Object
- TTTLS13::KeySchedule
- Defined in:
- lib/tttls1.3/key_schedule.rb
Overview
rubocop: disable Metrics/ClassLength
Class Method Summary collapse
- .hkdf_expand(secret, info, length, digest) ⇒ Object
- .hkdf_expand_label(secret, label, context, length, digest) ⇒ String
Instance Method Summary collapse
- #binder_key_ext ⇒ String
- #binder_key_res ⇒ String
- #client_application_traffic_secret ⇒ String
- #client_application_write_iv ⇒ String
- #client_application_write_key ⇒ String
- #client_early_traffic_secret ⇒ String
- #client_finished_key ⇒ String
- #client_handshake_traffic_secret ⇒ String
- #client_handshake_write_iv ⇒ String
- #client_handshake_write_key ⇒ String
- #derive_secret(secret, label, context) ⇒ String
- #early_data_write_iv ⇒ String
- #early_data_write_key ⇒ String
- #early_exporter_master_secret ⇒ String
- #early_salt ⇒ String
- #early_secret ⇒ String
- #exporter_master_secret ⇒ String
- #handshake_salt ⇒ String
- #handshake_secret ⇒ String
- #hkdf_extract(ikm, salt) ⇒ String
-
#initialize(psk: nil, shared_secret:, cipher_suite:, transcript:) ⇒ KeySchedule
constructor
A new instance of KeySchedule.
- #master_salt ⇒ String
- #master_secret ⇒ String
- #resumption_master_secret ⇒ String
- #server_application_traffic_secret ⇒ String
- #server_application_write_iv ⇒ String
- #server_application_write_key ⇒ String
- #server_finished_key ⇒ String
- #server_handshake_traffic_secret ⇒ String
- #server_handshake_write_iv ⇒ String
- #server_handshake_write_key ⇒ String
Constructor Details
#initialize(psk: nil, shared_secret:, cipher_suite:, transcript:) ⇒ KeySchedule
Returns a new instance of KeySchedule.
12 13 14 15 16 17 18 19 20 |
# File 'lib/tttls1.3/key_schedule.rb', line 12 def initialize(psk: nil, shared_secret:, cipher_suite:, transcript:) @digest = CipherSuite.digest(cipher_suite) @hash_len = CipherSuite.hash_len(cipher_suite) @key_len = CipherSuite.key_len(cipher_suite) @iv_len = CipherSuite.iv_len(cipher_suite) @psk = psk || "\x00" * @hash_len @shared_secret = shared_secret @transcript = transcript end |
Class Method Details
.hkdf_expand(secret, info, length, digest) ⇒ Object
219 220 221 222 223 224 225 226 227 228 229 230 231 |
# File 'lib/tttls1.3/key_schedule.rb', line 219 def self.(secret, info, length, digest) hash_len = OpenSSL::Digest.new(digest).digest_length raise Error::ErrorAlerts, :internal_error if length > 255 * hash_len n = (length.to_f / hash_len).ceil okm = '' t = '' (1..n).each do |i| t = OpenSSL::HMAC.digest(digest, secret, t + info + i.chr) okm += t end okm[0...length] end |
.hkdf_expand_label(secret, label, context, length, digest) ⇒ String
204 205 206 207 208 209 |
# File 'lib/tttls1.3/key_schedule.rb', line 204 def self.(secret, label, context, length, digest) binary = length.to_uint16 binary += ('tls13 ' + label).prefix_uint8_length binary += context.prefix_uint8_length (secret, binary, length, digest) end |
Instance Method Details
#binder_key_ext ⇒ String
33 34 35 36 37 |
# File 'lib/tttls1.3/key_schedule.rb', line 33 def binder_key_ext hash = OpenSSL::Digest.digest(@digest, '') base_key = derive_secret(early_secret, 'ext binder', hash) self.class.(base_key, 'finished', '', @hash_len, @digest) end |
#binder_key_res ⇒ String
40 41 42 43 44 |
# File 'lib/tttls1.3/key_schedule.rb', line 40 def binder_key_res hash = OpenSSL::Digest.digest(@digest, '') base_key = derive_secret(early_secret, 'res binder', hash) self.class.(base_key, 'finished', '', @hash_len, @digest) end |
#client_application_traffic_secret ⇒ String
142 143 144 145 |
# File 'lib/tttls1.3/key_schedule.rb', line 142 def client_application_traffic_secret hash = @transcript.hash(@digest, SF) derive_secret(master_secret, 'c ap traffic', hash) end |
#client_application_write_iv ⇒ String
154 155 156 157 |
# File 'lib/tttls1.3/key_schedule.rb', line 154 def client_application_write_iv secret = client_application_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#client_application_write_key ⇒ String
148 149 150 151 |
# File 'lib/tttls1.3/key_schedule.rb', line 148 def client_application_write_key secret = client_application_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#client_early_traffic_secret ⇒ String
47 48 49 50 |
# File 'lib/tttls1.3/key_schedule.rb', line 47 def client_early_traffic_secret hash = @transcript.hash(@digest, CH) derive_secret(early_secret, 'c e traffic', hash) end |
#client_finished_key ⇒ String
88 89 90 91 |
# File 'lib/tttls1.3/key_schedule.rb', line 88 def client_finished_key secret = client_handshake_traffic_secret self.class.(secret, 'finished', '', @hash_len, @digest) end |
#client_handshake_traffic_secret ⇒ String
82 83 84 85 |
# File 'lib/tttls1.3/key_schedule.rb', line 82 def client_handshake_traffic_secret hash = @transcript.hash(@digest, SH) derive_secret(handshake_secret, 'c hs traffic', hash) end |
#client_handshake_write_iv ⇒ String
100 101 102 103 |
# File 'lib/tttls1.3/key_schedule.rb', line 100 def client_handshake_write_iv secret = client_handshake_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#client_handshake_write_key ⇒ String
94 95 96 97 |
# File 'lib/tttls1.3/key_schedule.rb', line 94 def client_handshake_write_key secret = client_handshake_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#derive_secret(secret, label, context) ⇒ String
238 239 240 |
# File 'lib/tttls1.3/key_schedule.rb', line 238 def derive_secret(secret, label, context) self.class.(secret, label, context, @hash_len, @digest) end |
#early_data_write_iv ⇒ String
59 60 61 62 |
# File 'lib/tttls1.3/key_schedule.rb', line 59 def early_data_write_iv secret = client_early_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#early_data_write_key ⇒ String
53 54 55 56 |
# File 'lib/tttls1.3/key_schedule.rb', line 53 def early_data_write_key secret = client_early_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#early_exporter_master_secret ⇒ String
65 66 67 68 |
# File 'lib/tttls1.3/key_schedule.rb', line 65 def early_exporter_master_secret hash = OpenSSL::Digest.digest(@digest, '') derive_secret(early_secret, 'e exp master', hash) end |
#early_salt ⇒ String
23 24 25 |
# File 'lib/tttls1.3/key_schedule.rb', line 23 def early_salt "\x00" * @hash_len end |
#early_secret ⇒ String
28 29 30 |
# File 'lib/tttls1.3/key_schedule.rb', line 28 def early_secret hkdf_extract(@psk, early_salt) end |
#exporter_master_secret ⇒ String
178 179 180 181 |
# File 'lib/tttls1.3/key_schedule.rb', line 178 def exporter_master_secret hash = @transcript.hash(@digest, SF) derive_secret(master_secret, 'exp master', hash) end |
#handshake_salt ⇒ String
71 72 73 74 |
# File 'lib/tttls1.3/key_schedule.rb', line 71 def handshake_salt hash = OpenSSL::Digest.digest(@digest, '') derive_secret(early_secret, 'derived', hash) end |
#handshake_secret ⇒ String
77 78 79 |
# File 'lib/tttls1.3/key_schedule.rb', line 77 def handshake_secret hkdf_extract(@shared_secret, handshake_salt) end |
#hkdf_extract(ikm, salt) ⇒ String
193 194 195 |
# File 'lib/tttls1.3/key_schedule.rb', line 193 def hkdf_extract(ikm, salt) OpenSSL::HMAC.digest(@digest, salt, ikm) end |
#master_salt ⇒ String
130 131 132 133 |
# File 'lib/tttls1.3/key_schedule.rb', line 130 def master_salt hash = OpenSSL::Digest.digest(@digest, '') derive_secret(handshake_secret, 'derived', hash) end |
#master_secret ⇒ String
136 137 138 139 |
# File 'lib/tttls1.3/key_schedule.rb', line 136 def master_secret ikm = "\x00" * @hash_len hkdf_extract(ikm, master_salt) end |
#resumption_master_secret ⇒ String
184 185 186 187 |
# File 'lib/tttls1.3/key_schedule.rb', line 184 def resumption_master_secret hash = @transcript.hash(@digest, CF) derive_secret(master_secret, 'res master', hash) end |
#server_application_traffic_secret ⇒ String
160 161 162 163 |
# File 'lib/tttls1.3/key_schedule.rb', line 160 def server_application_traffic_secret hash = @transcript.hash(@digest, SF) derive_secret(master_secret, 's ap traffic', hash) end |
#server_application_write_iv ⇒ String
172 173 174 175 |
# File 'lib/tttls1.3/key_schedule.rb', line 172 def server_application_write_iv secret = server_application_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#server_application_write_key ⇒ String
166 167 168 169 |
# File 'lib/tttls1.3/key_schedule.rb', line 166 def server_application_write_key secret = server_application_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#server_finished_key ⇒ String
112 113 114 115 |
# File 'lib/tttls1.3/key_schedule.rb', line 112 def server_finished_key secret = server_handshake_traffic_secret self.class.(secret, 'finished', '', @hash_len, @digest) end |
#server_handshake_traffic_secret ⇒ String
106 107 108 109 |
# File 'lib/tttls1.3/key_schedule.rb', line 106 def server_handshake_traffic_secret hash = @transcript.hash(@digest, SH) derive_secret(handshake_secret, 's hs traffic', hash) end |
#server_handshake_write_iv ⇒ String
124 125 126 127 |
# File 'lib/tttls1.3/key_schedule.rb', line 124 def server_handshake_write_iv secret = server_handshake_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#server_handshake_write_key ⇒ String
118 119 120 121 |
# File 'lib/tttls1.3/key_schedule.rb', line 118 def server_handshake_write_key secret = server_handshake_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |