Class: TTTLS13::KeySchedule
- Inherits:
-
Object
- Object
- TTTLS13::KeySchedule
- Defined in:
- lib/tttls1.3/key_schedule.rb
Overview
rubocop: disable Metrics/ClassLength
Class Method Summary collapse
- .hkdf_expand(secret, info, length, digest) ⇒ Object
- .hkdf_expand_label(secret, label, context, length, digest) ⇒ String
Instance Method Summary collapse
- #accept_confirmation ⇒ String
- #accept_ech? ⇒ Boolean
- #binder_key_ext ⇒ String
- #binder_key_res ⇒ String
- #client_application_traffic_secret ⇒ String
- #client_application_write_iv ⇒ String
- #client_application_write_key ⇒ String
- #client_early_traffic_secret ⇒ String
- #client_finished_key ⇒ String
- #client_handshake_traffic_secret ⇒ String
- #client_handshake_write_iv ⇒ String
- #client_handshake_write_key ⇒ String
- #derive_secret(secret, label, context) ⇒ String
- #early_data_write_iv ⇒ String
- #early_data_write_key ⇒ String
-
#early_exporter_master_secret ⇒ String
deprecated
Deprecated.
Please use 'early_exporter_secret` instead
- #early_exporter_secret ⇒ String
- #early_salt ⇒ String
- #early_secret ⇒ String
-
#exporter_master_secret ⇒ String
deprecated
Deprecated.
Please use 'exporter_secret` instead
- #exporter_secret ⇒ String
- #handshake_salt ⇒ String
- #handshake_secret ⇒ String
- #hkdf_extract(ikm, salt) ⇒ String
- #hrr_accept_confirmation ⇒ String
- #hrr_accept_ech? ⇒ Boolean
-
#initialize(psk: nil, shared_secret:, cipher_suite:, transcript:) ⇒ KeySchedule
constructor
A new instance of KeySchedule.
- #main_salt ⇒ String
- #main_secret ⇒ String
-
#master_salt ⇒ String
deprecated
Deprecated.
Please use 'main_salt` instead
-
#master_secret ⇒ String
deprecated
Deprecated.
Please use 'main_secret` instead
-
#resumption_master_secret ⇒ String
deprecated
Deprecated.
Please use 'resumption_secret` instead
- #resumption_secret ⇒ String
- #server_application_traffic_secret ⇒ String
- #server_application_write_iv ⇒ String
- #server_application_write_key ⇒ String
- #server_finished_key ⇒ String
- #server_handshake_traffic_secret ⇒ String
- #server_handshake_write_iv ⇒ String
- #server_handshake_write_key ⇒ String
Constructor Details
#initialize(psk: nil, shared_secret:, cipher_suite:, transcript:) ⇒ KeySchedule
Returns a new instance of KeySchedule.
12 13 14 15 16 17 18 19 20 |
# File 'lib/tttls1.3/key_schedule.rb', line 12 def initialize(psk: nil, shared_secret:, cipher_suite:, transcript:) @digest = CipherSuite.digest(cipher_suite) @hash_len = CipherSuite.hash_len(cipher_suite) @key_len = CipherSuite.key_len(cipher_suite) @iv_len = CipherSuite.iv_len(cipher_suite) @psk = psk || @hash_len.zeros @shared_secret = shared_secret @transcript = transcript end |
Class Method Details
.hkdf_expand(secret, info, length, digest) ⇒ Object
254 255 256 257 258 259 260 261 262 263 264 265 266 |
# File 'lib/tttls1.3/key_schedule.rb', line 254 def self.(secret, info, length, digest) hash_len = OpenSSL::Digest.new(digest).digest_length raise Error::ErrorAlerts, :internal_error if length > 255 * hash_len n = (length.to_f / hash_len).ceil okm = '' t = '' (1..n).each do |i| t = OpenSSL::HMAC.digest(digest, secret, t + info + i.chr) okm += t end okm[0...length] end |
.hkdf_expand_label(secret, label, context, length, digest) ⇒ String
239 240 241 242 243 244 |
# File 'lib/tttls1.3/key_schedule.rb', line 239 def self.(secret, label, context, length, digest) binary = length.to_uint16 binary += ('tls13 ' + label).prefix_uint8_length binary += context.prefix_uint8_length (secret, binary, length, digest) end |
Instance Method Details
#accept_confirmation ⇒ String
278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 |
# File 'lib/tttls1.3/key_schedule.rb', line 278 def accept_confirmation ch_inner_random = @transcript[CH].first.random sh = @transcript[SH].first sh = Message::ServerHello.new( random: sh.random[...-8] + 8.zeros, legacy_session_id_echo: sh.legacy_session_id_echo, cipher_suite: sh.cipher_suite, extensions: sh.extensions ) transcript = @transcript.clone transcript[SH] = [sh, sh.serialize] transcript_ech_conf = transcript.hash(@digest, SH) self.class.( hkdf_extract(ch_inner_random, ''), 'ech accept confirmation', transcript_ech_conf, 8, @digest ) end |
#accept_ech? ⇒ Boolean
301 302 303 |
# File 'lib/tttls1.3/key_schedule.rb', line 301 def accept_ech? accept_confirmation == @transcript[SH].first.random[-8..] end |
#binder_key_ext ⇒ String
33 34 35 36 37 |
# File 'lib/tttls1.3/key_schedule.rb', line 33 def binder_key_ext hash = OpenSSL::Digest.digest(@digest, '') base_key = derive_secret(early_secret, 'ext binder', hash) self.class.(base_key, 'finished', '', @hash_len, @digest) end |
#binder_key_res ⇒ String
40 41 42 43 44 |
# File 'lib/tttls1.3/key_schedule.rb', line 40 def binder_key_res hash = OpenSSL::Digest.digest(@digest, '') base_key = derive_secret(early_secret, 'res binder', hash) self.class.(base_key, 'finished', '', @hash_len, @digest) end |
#client_application_traffic_secret ⇒ String
163 164 165 166 |
# File 'lib/tttls1.3/key_schedule.rb', line 163 def client_application_traffic_secret hash = @transcript.hash(@digest, SF) derive_secret(main_secret, 'c ap traffic', hash) end |
#client_application_write_iv ⇒ String
175 176 177 178 |
# File 'lib/tttls1.3/key_schedule.rb', line 175 def client_application_write_iv secret = client_application_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#client_application_write_key ⇒ String
169 170 171 172 |
# File 'lib/tttls1.3/key_schedule.rb', line 169 def client_application_write_key secret = client_application_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#client_early_traffic_secret ⇒ String
47 48 49 50 |
# File 'lib/tttls1.3/key_schedule.rb', line 47 def client_early_traffic_secret hash = @transcript.hash(@digest, CH) derive_secret(early_secret, 'c e traffic', hash) end |
#client_finished_key ⇒ String
95 96 97 98 |
# File 'lib/tttls1.3/key_schedule.rb', line 95 def client_finished_key secret = client_handshake_traffic_secret self.class.(secret, 'finished', '', @hash_len, @digest) end |
#client_handshake_traffic_secret ⇒ String
89 90 91 92 |
# File 'lib/tttls1.3/key_schedule.rb', line 89 def client_handshake_traffic_secret hash = @transcript.hash(@digest, SH) derive_secret(handshake_secret, 'c hs traffic', hash) end |
#client_handshake_write_iv ⇒ String
107 108 109 110 |
# File 'lib/tttls1.3/key_schedule.rb', line 107 def client_handshake_write_iv secret = client_handshake_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#client_handshake_write_key ⇒ String
101 102 103 104 |
# File 'lib/tttls1.3/key_schedule.rb', line 101 def client_handshake_write_key secret = client_handshake_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#derive_secret(secret, label, context) ⇒ String
273 274 275 |
# File 'lib/tttls1.3/key_schedule.rb', line 273 def derive_secret(secret, label, context) self.class.(secret, label, context, @hash_len, @digest) end |
#early_data_write_iv ⇒ String
59 60 61 62 |
# File 'lib/tttls1.3/key_schedule.rb', line 59 def early_data_write_iv secret = client_early_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#early_data_write_key ⇒ String
53 54 55 56 |
# File 'lib/tttls1.3/key_schedule.rb', line 53 def early_data_write_key secret = client_early_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#early_exporter_master_secret ⇒ String
Deprecated.
Please use 'early_exporter_secret` instead
67 68 69 |
# File 'lib/tttls1.3/key_schedule.rb', line 67 def early_exporter_master_secret early_exporter_secret end |
#early_exporter_secret ⇒ String
72 73 74 75 |
# File 'lib/tttls1.3/key_schedule.rb', line 72 def early_exporter_secret hash = OpenSSL::Digest.digest(@digest, '') derive_secret(early_secret, 'e exp master', hash) end |
#early_salt ⇒ String
23 24 25 |
# File 'lib/tttls1.3/key_schedule.rb', line 23 def early_salt @hash_len.zeros end |
#early_secret ⇒ String
28 29 30 |
# File 'lib/tttls1.3/key_schedule.rb', line 28 def early_secret hkdf_extract(@psk, early_salt) end |
#exporter_master_secret ⇒ String
Deprecated.
Please use 'exporter_secret` instead
201 202 203 |
# File 'lib/tttls1.3/key_schedule.rb', line 201 def exporter_master_secret exporter_secret end |
#exporter_secret ⇒ String
206 207 208 209 |
# File 'lib/tttls1.3/key_schedule.rb', line 206 def exporter_secret hash = @transcript.hash(@digest, SF) derive_secret(main_secret, 'exp master', hash) end |
#handshake_salt ⇒ String
78 79 80 81 |
# File 'lib/tttls1.3/key_schedule.rb', line 78 def handshake_salt hash = OpenSSL::Digest.digest(@digest, '') derive_secret(early_secret, 'derived', hash) end |
#handshake_secret ⇒ String
84 85 86 |
# File 'lib/tttls1.3/key_schedule.rb', line 84 def handshake_secret hkdf_extract(@shared_secret, handshake_salt) end |
#hkdf_extract(ikm, salt) ⇒ String
228 229 230 |
# File 'lib/tttls1.3/key_schedule.rb', line 228 def hkdf_extract(ikm, salt) OpenSSL::HMAC.digest(@digest, salt, ikm) end |
#hrr_accept_confirmation ⇒ String
306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 |
# File 'lib/tttls1.3/key_schedule.rb', line 306 def hrr_accept_confirmation ch1_inner_random = @transcript[CH1].first.random hrr = @transcript[HRR].first ech = Message::Extension::ECHHelloRetryRequest.new("\x00" * 8) hrr = Message::ServerHello.new( random: hrr.random, legacy_session_id_echo: hrr.legacy_session_id_echo, cipher_suite: hrr.cipher_suite, extensions: hrr.extensions.merge( Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => ech ) ) # It then computes the transcript hash for the first ClientHelloInner, # denoted ClientHelloInner1, up to and including the modified # HelloRetryRequest. # # https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-17#section-7.2.1-2 transcript = @transcript.clone transcript[HRR] = [hrr, hrr.serialize] transcript_hrr_ech_conf = transcript.hash(@digest, HRR) self.class.( hkdf_extract(ch1_inner_random, ''), 'hrr ech accept confirmation', transcript_hrr_ech_conf, 8, @digest ) end |
#hrr_accept_ech? ⇒ Boolean
338 339 340 341 342 343 |
# File 'lib/tttls1.3/key_schedule.rb', line 338 def hrr_accept_ech? hrr_ech = @transcript[HRR] .first .extensions[Message::ExtensionType::ENCRYPTED_CLIENT_HELLO] hrr_accept_confirmation == hrr_ech.confirmation end |
#main_salt ⇒ String
144 145 146 147 |
# File 'lib/tttls1.3/key_schedule.rb', line 144 def main_salt hash = OpenSSL::Digest.digest(@digest, '') derive_secret(handshake_secret, 'derived', hash) end |
#main_secret ⇒ String
157 158 159 160 |
# File 'lib/tttls1.3/key_schedule.rb', line 157 def main_secret ikm = @hash_len.zeros hkdf_extract(ikm, main_salt) end |
#master_salt ⇒ String
Deprecated.
Please use 'main_salt` instead
139 140 141 |
# File 'lib/tttls1.3/key_schedule.rb', line 139 def master_salt main_salt end |
#master_secret ⇒ String
Deprecated.
Please use 'main_secret` instead
152 153 154 |
# File 'lib/tttls1.3/key_schedule.rb', line 152 def master_secret main_secret end |
#resumption_master_secret ⇒ String
Deprecated.
Please use 'resumption_secret` instead
214 215 216 |
# File 'lib/tttls1.3/key_schedule.rb', line 214 def resumption_master_secret resumption_secret end |
#resumption_secret ⇒ String
219 220 221 222 |
# File 'lib/tttls1.3/key_schedule.rb', line 219 def resumption_secret hash = @transcript.hash(@digest, CF) derive_secret(main_secret, 'res master', hash) end |
#server_application_traffic_secret ⇒ String
181 182 183 184 |
# File 'lib/tttls1.3/key_schedule.rb', line 181 def server_application_traffic_secret hash = @transcript.hash(@digest, SF) derive_secret(main_secret, 's ap traffic', hash) end |
#server_application_write_iv ⇒ String
193 194 195 196 |
# File 'lib/tttls1.3/key_schedule.rb', line 193 def server_application_write_iv secret = server_application_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#server_application_write_key ⇒ String
187 188 189 190 |
# File 'lib/tttls1.3/key_schedule.rb', line 187 def server_application_write_key secret = server_application_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |
#server_finished_key ⇒ String
119 120 121 122 |
# File 'lib/tttls1.3/key_schedule.rb', line 119 def server_finished_key secret = server_handshake_traffic_secret self.class.(secret, 'finished', '', @hash_len, @digest) end |
#server_handshake_traffic_secret ⇒ String
113 114 115 116 |
# File 'lib/tttls1.3/key_schedule.rb', line 113 def server_handshake_traffic_secret hash = @transcript.hash(@digest, SH) derive_secret(handshake_secret, 's hs traffic', hash) end |
#server_handshake_write_iv ⇒ String
131 132 133 134 |
# File 'lib/tttls1.3/key_schedule.rb', line 131 def server_handshake_write_iv secret = server_handshake_traffic_secret self.class.(secret, 'iv', '', @iv_len, @digest) end |
#server_handshake_write_key ⇒ String
125 126 127 128 |
# File 'lib/tttls1.3/key_schedule.rb', line 125 def server_handshake_write_key secret = server_handshake_traffic_secret self.class.(secret, 'key', '', @key_len, @digest) end |