Class: TTTLS13::Server

Inherits:

Connection

• Object
• Connection
• TTTLS13::Server

Defined in:

lib/tttls1.3/server.rb

Overview

rubocop: disable Metrics/ClassLength

Instance Method Summary

• #accept ⇒ Object

  NOTE: START <—–+ Recv ClientHello | | Send HelloRetryRequest v | RECVD_CH —-+ | Select parameters v NEGOTIATED | Send ServerHello | K_send = handshake | Send EncryptedExtensions | [Send CertificateRequest] Can send | [Send Certificate + CertificateVerify] app data | Send Finished after –> | K_send = application here --------——–+ No 0-RTT | | 0-RTT | | K_recv = handshake | | K_recv = early data [Skip decrypt errors] | ——> WAIT_EOED - | | Recv | | Recv EndOfEarlyData | | early data | | K_recv = handshake | ------------ | | | > WAIT_FLIGHT2 <——– | --------——–+ No auth | | Client auth | | | v | WAIT_CERT | Recv | | Recv Certificate | empty | v | Certificate | WAIT_CV | | | Recv | v | CertificateVerify -> WAIT_FINISHED <— | Recv Finished | K_recv = application v CONNECTED.

• #initialize(socket, **settings) ⇒ Server constructor

  A new instance of Server.

Methods inherited from Connection

#close, #eof?, #exporter, gen_ocsp_request, #negotiated_alpn, #negotiated_cipher_suite, #negotiated_named_group, #negotiated_signature_scheme, #read, send_ocsp_request, #write

Methods included from Logging

#logger, logger

Constructor Details

#initialize(socket, **settings) ⇒ Server

Returns a new instance of Server.

Parameters:

• socket (Socket)
• settings (Hash)

Raises:

• (Error::ConfigError)

# File 'lib/tttls1.3/server.rb', line 65

def initialize(socket, **settings)
  super(socket)

  @endpoint = :server
  @settings = DEFAULT_SERVER_SETTINGS.merge(settings)
  logger.level = @settings[:loglevel]

  raise Error::ConfigError unless valid_settings?
  return if @settings[:crt_file].nil?

  crt_str = File.read(@settings[:crt_file])
  @crt = OpenSSL::X509::Certificate.new(crt_str) # TODO: spki rsassaPss
  klass = @crt.public_key.class
  @key = klass.new(File.read(@settings[:key_file]))
  raise Error::ConfigError unless @crt.check_private_key(@key)

  @chain = @settings[:chain_files]&.map do |f|
    OpenSSL::X509::Certificate.new(File.read(f))
  end
  @chain ||= []
  ([@crt] + @chain).each_cons(2) do |cert, sign|
    raise Error::ConfigError unless cert.verify(sign.public_key)
  end
end

Instance Method Details

#accept ⇒ Object

NOTE:

               START <-----+
Recv ClientHello |         | Send HelloRetryRequest
                 v         |
              RECVD_CH ----+
                 | Select parameters
                 v
              NEGOTIATED
                 | Send ServerHello
                 | K_send = handshake
                 | Send EncryptedExtensions
                 | [Send CertificateRequest]

Can send | [Send Certificate + CertificateVerify] app data | Send Finished after –> | K_send = application here --------——–+

           No 0-RTT |                 | 0-RTT
                    |                 |
K_recv = handshake  |                 | K_recv = early data

Skip decrypt errors

| ——> WAIT_EOED - | | Recv | | Recv EndOfEarlyData | | early data | | K_recv = handshake | ------------ | | | > WAIT_FLIGHT2 <——–

|

--------——–+

No auth |                 | Client auth
        |                 |
        |                 v
        |             WAIT_CERT
        |        Recv |       | Recv Certificate
        |       empty |       v
        | Certificate |    WAIT_CV
        |             |       | Recv
        |             v       | CertificateVerify
        +-> WAIT_FINISHED <---+
                 | Recv Finished
                 | K_recv = application
                 v
             CONNECTED

tools.ietf.org/html/rfc8446#appendix-A.2

rubocop: disable Metrics/AbcSize rubocop: disable Metrics/BlockLength rubocop: disable Metrics/CyclomaticComplexity rubocop: disable Metrics/MethodLength rubocop: disable Metrics/PerceivedComplexity

# File 'lib/tttls1.3/server.rb', line 139

def accept
  transcript = Transcript.new
  key_schedule = nil # TTTLS13::KeySchedule
  priv_key = nil # OpenSSL::PKey::$Object

  hs_wcipher = nil # TTTLS13::Cryptograph::$Object
  hs_rcipher = nil # TTTLS13::Cryptograph::$Object

  @state = ServerState::START
  loop do
    case @state
    when ServerState::START
      logger.debug('ServerState::START')

      receivable_ccs = transcript.include?(CH1)
      ch = transcript[CH] = recv_client_hello(receivable_ccs)

      # support only TLS 1.3
      terminate(:protocol_version) unless ch.negotiated_tls_1_3?

      # validate parameters
      terminate(:illegal_parameter) unless ch.appearable_extensions?
      terminamte(:illegal_parameter) \
        unless ch.legacy_compression_methods == ["\x00"]
      terminate(:illegal_parameter) unless ch.valid_key_share?
      terminate(:unrecognized_name) unless recognized_server_name?(ch, @crt)

      # alpn
      ch_alpn = ch.extensions[
        Message::ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
      ]
      if !@settings[:alpn].nil? && !@settings[:alpn].empty? && !ch_alpn.nil?
        @alpn = ch_alpn.protocol_name_list
                       .find { |p| @settings[:alpn].include?(p) }

        terminate(:no_application_protocol) if @alpn.nil?
      end

      # record_size_limit
      ch_rsl = ch.extensions[Message::ExtensionType::RECORD_SIZE_LIMIT]
      @send_record_size = ch_rsl.record_size_limit unless ch_rsl.nil?

      @state = ServerState::RECVD_CH
    when ServerState::RECVD_CH
      logger.debug('ServerState::RECVD_CH')

      # select parameters
      ch = transcript[CH]
      @cipher_suite = select_cipher_suite(ch)
      @named_group = select_named_group(ch)
      @signature_scheme = select_signature_scheme(ch, @crt)
      terminate(:handshake_failure) \
        if @cipher_suite.nil? || @signature_scheme.nil?

      # send HRR
      if @named_group.nil?
        ch1 = transcript[CH1] = transcript.delete(CH)
        transcript[HRR] = send_hello_retry_request(ch1, @cipher_suite)
        @state = ServerState::START
        next
      end
      @state = ServerState::NEGOTIATED
    when ServerState::NEGOTIATED
      logger.debug('ServerState::NEGOTIATED')

      ch = transcript[CH]
      extensions, priv_key = gen_sh_extensions(@named_group)
      transcript[SH] = send_server_hello(extensions, @cipher_suite,
                                         ch.legacy_session_id)
      send_ccs if @settings[:compatibility_mode]

      # generate shared secret
      ke = ch.extensions[Message::ExtensionType::KEY_SHARE]
            &.key_share_entry
            &.find { |e| e.group == @named_group }
            &.key_exchange
      shared_secret = gen_shared_secret(ke, priv_key, @named_group)
      key_schedule = KeySchedule.new(
        psk: @psk,
        shared_secret: shared_secret,
        cipher_suite: @cipher_suite,
        transcript: transcript
      )
      @alert_wcipher = hs_wcipher = gen_cipher(
        @cipher_suite,
        key_schedule.server_handshake_write_key,
        key_schedule.server_handshake_write_iv
      )
      hs_rcipher = gen_cipher(
        @cipher_suite,
        key_schedule.client_handshake_write_key,
        key_schedule.client_handshake_write_iv
      )
      @state = ServerState::WAIT_FLIGHT2
    when ServerState::WAIT_EOED
      logger.debug('ServerState::WAIT_EOED')
    when ServerState::WAIT_FLIGHT2
      logger.debug('ServerState::WAIT_FLIGHT2')

      ch = transcript[CH]
      rsl = @send_record_size \
        if ch.extensions.include?(Message::ExtensionType::RECORD_SIZE_LIMIT)
      ee = transcript[EE] = gen_encrypted_extensions(ch, @alpn, rsl)
      # TODO: [Send CertificateRequest]

      # status_request
      ocsp_response = fetch_ocsp_response \
        if ch.extensions.include?(Message::ExtensionType::STATUS_REQUEST)
      ct = transcript[CT] = gen_certificate(@crt, @chain, ocsp_response)
      digest = CipherSuite.digest(@cipher_suite)
      cv = transcript[CV] = gen_certificate_verify(
        @key,
        @signature_scheme,
        transcript.hash(digest, CT)
      )
      finished_key = key_schedule.server_finished_key
      signature = sign_finished(
        digest: digest,
        finished_key: finished_key,
        hash: transcript.hash(digest, CV)
      )
      sf = transcript[SF] = Message::Finished.new(signature)
      send_server_parameters([ee, ct, cv, sf], hs_wcipher)
      @state = ServerState::WAIT_FINISHED
    when ServerState::WAIT_CERT
      logger.debug('ServerState::WAIT_CERT')
    when ServerState::WAIT_CV
      logger.debug('ServerState::WAIT_CV')
    when ServerState::WAIT_FINISHED
      logger.debug('ServerState::WAIT_FINISHED')

      cf = transcript[CF] = recv_finished(hs_rcipher)
      digest = CipherSuite.digest(@cipher_suite)
      verified = verified_finished?(
        finished: cf,
        digest: digest,
        finished_key: key_schedule.client_finished_key,
        hash: transcript.hash(digest, EOED)
      )
      terminate(:decrypt_error) unless verified
      @alert_wcipher = @ap_wcipher = gen_cipher(
        @cipher_suite,
        key_schedule.server_application_write_key,
        key_schedule.server_application_write_iv
      )
      @ap_rcipher = gen_cipher(
        @cipher_suite,
        key_schedule.client_application_write_key,
        key_schedule.client_application_write_iv
      )
      @exporter_master_secret = key_schedule.exporter_master_secret
      @state = ServerState::CONNECTED
    when ServerState::CONNECTED
      logger.debug('ServerState::CONNECTED')

      break
    end
  end
end