Class: TTTLS13::KeySchedule
- Inherits:
-
Object
- Object
- TTTLS13::KeySchedule
- Defined in:
- lib/tttls1.3/key_schedule.rb
Overview
rubocop: disable Metrics/ClassLength
Class Method Summary collapse
- .hkdf_expand(secret, info, length, digest) ⇒ Object
- .hkdf_expand_label(secret, label, context, length, digest) ⇒ String
Instance Method Summary collapse
- #binder_key_ext ⇒ String
- #binder_key_res ⇒ String
- #client_application_traffic_secret ⇒ String
- #client_application_write_iv ⇒ String
- #client_application_write_key ⇒ String
- #client_early_traffic_secret ⇒ String
- #client_finished_key ⇒ String
- #client_handshake_traffic_secret ⇒ String
- #client_handshake_write_iv ⇒ String
- #client_handshake_write_key ⇒ String
- #derive_secret(secret, label, context) ⇒ String
- #early_data_write_iv ⇒ String
- #early_data_write_key ⇒ String
-
#early_exporter_master_secret ⇒ String
deprecated
Deprecated.
Please use 'early_exporter_secret` instead
- #early_exporter_secret ⇒ String
- #early_salt ⇒ String
- #early_secret ⇒ String
-
#exporter_master_secret ⇒ String
deprecated
Deprecated.
Please use 'exporter_secret` instead
- #exporter_secret ⇒ String
- #handshake_salt ⇒ String
- #handshake_secret ⇒ String
- #hkdf_extract(ikm, salt) ⇒ String
-
#initialize(psk: nil, shared_secret:, cipher_suite:, transcript:) ⇒ KeySchedule
constructor
A new instance of KeySchedule.
- #main_salt ⇒ String
- #main_secret ⇒ String
-
#master_salt ⇒ String
deprecated
Deprecated.
Please use 'main_salt` instead
-
#master_secret ⇒ String
deprecated
Deprecated.
Please use 'main_secret` instead
-
#resumption_master_secret ⇒ String
deprecated
Deprecated.
Please use 'resumption_secret` instead
- #resumption_secret ⇒ String
- #server_application_traffic_secret ⇒ String
- #server_application_write_iv ⇒ String
- #server_application_write_key ⇒ String
- #server_finished_key ⇒ String
- #server_handshake_traffic_secret ⇒ String
- #server_handshake_write_iv ⇒ String
- #server_handshake_write_key ⇒ String
Constructor Details
#initialize(psk: nil, shared_secret:, cipher_suite:, transcript:) ⇒ KeySchedule
Returns a new instance of KeySchedule.
12 13 14 15 16 17 18 19 20 |
# File 'lib/tttls1.3/key_schedule.rb', line 12 def initialize(psk: nil, shared_secret:, cipher_suite:, transcript:) @digest = CipherSuite.digest(cipher_suite) @hash_len = CipherSuite.hash_len(cipher_suite) @key_len = CipherSuite.key_len(cipher_suite) @iv_len = CipherSuite.iv_len(cipher_suite) @psk = psk || "\x00" * @hash_len @shared_secret = shared_secret @transcript = transcript end |
Class Method Details
.hkdf_expand(secret, info, length, digest) ⇒ Object
254 255 256 257 258 259 260 261 262 263 264 265 266 |
# File 'lib/tttls1.3/key_schedule.rb', line 254 def self.(secret, info, length, digest) hash_len = OpenSSL::Digest.new(digest).digest_length raise Error::ErrorAlerts, :internal_error if length > 255 * hash_len n = (length.to_f / hash_len).ceil okm = '' t = '' (1..n).each do |i| t = OpenSSL::HMAC.digest(digest, secret, t + info + i.chr) okm += t end okm[0...length] end |
.hkdf_expand_label(secret, label, context, length, digest) ⇒ String
239 240 241 242 243 244 |
# File 'lib/tttls1.3/key_schedule.rb', line 239 def self.(secret, label, context, length, digest) binary = length.to_uint16 binary += ('tls13 ' + label).prefix_uint8_length binary += context.prefix_uint8_length (secret, binary, length, digest) end |
Instance Method Details
#binder_key_ext ⇒ String
33 34 35 36 37 |
# File 'lib/tttls1.3/key_schedule.rb', line 33 def binder_key_ext hash = OpenSSL::Digest.digest(@digest, '') base_key = derive_secret(early_secret, 'ext binder', hash) self.class.(base_key, 'finished', '', @hash_len, @digest) end |
#binder_key_res ⇒ String
40 41 42 43 44 |
# File 'lib/tttls1.3/key_schedule.rb', line 40 def binder_key_res hash = OpenSSL::Digest.digest(@digest, '') base_key = derive_secret(early_secret, 'res binder', hash) self.class.(base_key, 'finished', '', @hash_len, @digest) end |
#client_application_traffic_secret ⇒ String
163 164 165 166 |
# File 'lib/tttls1.3/key_schedule.rb', line 163 def client_application_traffic_secret hash = @transcript.hash(@digest, SF) derive_secret(main_secret, 'c ap traffic', hash) end |
#client_application_write_iv ⇒ String
175 176 177 178 |
# File 'lib/tttls1.3/key_schedule.rb', line 175 def client_application_write_iv secret = client_application_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#client_application_write_key ⇒ String
169 170 171 172 |
# File 'lib/tttls1.3/key_schedule.rb', line 169 def client_application_write_key secret = client_application_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#client_early_traffic_secret ⇒ String
47 48 49 50 |
# File 'lib/tttls1.3/key_schedule.rb', line 47 def client_early_traffic_secret hash = @transcript.hash(@digest, CH) derive_secret(early_secret, 'c e traffic', hash) end |
#client_finished_key ⇒ String
95 96 97 98 |
# File 'lib/tttls1.3/key_schedule.rb', line 95 def client_finished_key secret = client_handshake_traffic_secret self.class.(secret, 'finished', '', @hash_len, @digest) end |
#client_handshake_traffic_secret ⇒ String
89 90 91 92 |
# File 'lib/tttls1.3/key_schedule.rb', line 89 def client_handshake_traffic_secret hash = @transcript.hash(@digest, SH) derive_secret(handshake_secret, 'c hs traffic', hash) end |
#client_handshake_write_iv ⇒ String
107 108 109 110 |
# File 'lib/tttls1.3/key_schedule.rb', line 107 def client_handshake_write_iv secret = client_handshake_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#client_handshake_write_key ⇒ String
101 102 103 104 |
# File 'lib/tttls1.3/key_schedule.rb', line 101 def client_handshake_write_key secret = client_handshake_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#derive_secret(secret, label, context) ⇒ String
273 274 275 |
# File 'lib/tttls1.3/key_schedule.rb', line 273 def derive_secret(secret, label, context) self.class.(secret, label, context, @hash_len, @digest) end |
#early_data_write_iv ⇒ String
59 60 61 62 |
# File 'lib/tttls1.3/key_schedule.rb', line 59 def early_data_write_iv secret = client_early_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#early_data_write_key ⇒ String
53 54 55 56 |
# File 'lib/tttls1.3/key_schedule.rb', line 53 def early_data_write_key secret = client_early_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#early_exporter_master_secret ⇒ String
Deprecated.
Please use 'early_exporter_secret` instead
67 68 69 |
# File 'lib/tttls1.3/key_schedule.rb', line 67 def early_exporter_master_secret early_exporter_secret end |
#early_exporter_secret ⇒ String
72 73 74 75 |
# File 'lib/tttls1.3/key_schedule.rb', line 72 def early_exporter_secret hash = OpenSSL::Digest.digest(@digest, '') derive_secret(early_secret, 'e exp master', hash) end |
#early_salt ⇒ String
23 24 25 |
# File 'lib/tttls1.3/key_schedule.rb', line 23 def early_salt "\x00" * @hash_len end |
#early_secret ⇒ String
28 29 30 |
# File 'lib/tttls1.3/key_schedule.rb', line 28 def early_secret hkdf_extract(@psk, early_salt) end |
#exporter_master_secret ⇒ String
Deprecated.
Please use 'exporter_secret` instead
201 202 203 |
# File 'lib/tttls1.3/key_schedule.rb', line 201 def exporter_master_secret exporter_secret end |
#exporter_secret ⇒ String
206 207 208 209 |
# File 'lib/tttls1.3/key_schedule.rb', line 206 def exporter_secret hash = @transcript.hash(@digest, SF) derive_secret(main_secret, 'exp master', hash) end |
#handshake_salt ⇒ String
78 79 80 81 |
# File 'lib/tttls1.3/key_schedule.rb', line 78 def handshake_salt hash = OpenSSL::Digest.digest(@digest, '') derive_secret(early_secret, 'derived', hash) end |
#handshake_secret ⇒ String
84 85 86 |
# File 'lib/tttls1.3/key_schedule.rb', line 84 def handshake_secret hkdf_extract(@shared_secret, handshake_salt) end |
#hkdf_extract(ikm, salt) ⇒ String
228 229 230 |
# File 'lib/tttls1.3/key_schedule.rb', line 228 def hkdf_extract(ikm, salt) OpenSSL::HMAC.digest(@digest, salt, ikm) end |
#main_salt ⇒ String
144 145 146 147 |
# File 'lib/tttls1.3/key_schedule.rb', line 144 def main_salt hash = OpenSSL::Digest.digest(@digest, '') derive_secret(handshake_secret, 'derived', hash) end |
#main_secret ⇒ String
157 158 159 160 |
# File 'lib/tttls1.3/key_schedule.rb', line 157 def main_secret ikm = "\x00" * @hash_len hkdf_extract(ikm, main_salt) end |
#master_salt ⇒ String
Deprecated.
Please use 'main_salt` instead
139 140 141 |
# File 'lib/tttls1.3/key_schedule.rb', line 139 def master_salt main_salt end |
#master_secret ⇒ String
Deprecated.
Please use 'main_secret` instead
152 153 154 |
# File 'lib/tttls1.3/key_schedule.rb', line 152 def master_secret main_secret end |
#resumption_master_secret ⇒ String
Deprecated.
Please use 'resumption_secret` instead
214 215 216 |
# File 'lib/tttls1.3/key_schedule.rb', line 214 def resumption_master_secret resumption_secret end |
#resumption_secret ⇒ String
219 220 221 222 |
# File 'lib/tttls1.3/key_schedule.rb', line 219 def resumption_secret hash = @transcript.hash(@digest, CF) derive_secret(main_secret, 'res master', hash) end |
#server_application_traffic_secret ⇒ String
181 182 183 184 |
# File 'lib/tttls1.3/key_schedule.rb', line 181 def server_application_traffic_secret hash = @transcript.hash(@digest, SF) derive_secret(main_secret, 's ap traffic', hash) end |
#server_application_write_iv ⇒ String
193 194 195 196 |
# File 'lib/tttls1.3/key_schedule.rb', line 193 def server_application_write_iv secret = server_application_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#server_application_write_key ⇒ String
187 188 189 190 |
# File 'lib/tttls1.3/key_schedule.rb', line 187 def server_application_write_key secret = server_application_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#server_finished_key ⇒ String
119 120 121 122 |
# File 'lib/tttls1.3/key_schedule.rb', line 119 def server_finished_key secret = server_handshake_traffic_secret self.class.(secret, 'finished', '', @hash_len, @digest) end |
#server_handshake_traffic_secret ⇒ String
113 114 115 116 |
# File 'lib/tttls1.3/key_schedule.rb', line 113 def server_handshake_traffic_secret hash = @transcript.hash(@digest, SH) derive_secret(handshake_secret, 's hs traffic', hash) end |
#server_handshake_write_iv ⇒ String
131 132 133 134 |
# File 'lib/tttls1.3/key_schedule.rb', line 131 def server_handshake_write_iv secret = server_handshake_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#server_handshake_write_key ⇒ String
125 126 127 128 |
# File 'lib/tttls1.3/key_schedule.rb', line 125 def server_handshake_write_key secret = server_handshake_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |