Class: EchSpec::Spec::Spec5_1_10

Inherits:
WithSocket show all
Defined in:
lib/echspec/spec/5.1-10.rb

Defined Under Namespace

Classes: DuplicatedOuterExtensions, MissingReferencedExtensions, NotSameOrderExtensions, ReferencedEncryptedClientHello

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from WithSocket

#initialize, #message_stack, #with_socket

Constructor Details

This class inherits a constructor from EchSpec::Spec::WithSocket

Class Method Details

.spec_groupEchSpec::SpecGroup

Returns:



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/echspec/spec/5.1-10.rb', line 20

def self.spec_group
  SpecGroup.new(
    '5.1-10',
    [
      SpecCase.new(
        'MUST abort with an "illegal_parameter" alert, if any referenced extension is missing in ClientHelloOuter.',
        method(:validate_missing_referenced_extensions)
      ),
      SpecCase.new(
        'MUST abort with an "illegal_parameter" alert, if any extension is referenced in OuterExtensions more than once.',
        method(:validate_duplicated_outer_extensions)
      ),
      SpecCase.new(
        'MUST abort with an "illegal_parameter" alert, if "encrypted_client_hello" is referenced in OuterExtensions.',
        method(:validate_referenced_encrypted_client_hello)
      ),
      SpecCase.new(
        'MUST abort with an "illegal_parameter" alert, if the extensions in ClientHelloOuter corresponding to those in OuterExtensions do not occur in the same order.',
        method(:validate_not_same_order_extensions)
      )
    ]
  )
end

.validate_duplicated_outer_extensions(hostname, port, ech_config) ⇒ EchSpec::Ok | Err

Parameters:

  • hostname (String)
  • port (Integer)
  • ech_config (ECHConfig)

Returns:



58
59
60
 
# File 'lib/echspec/spec/5.1-10.rb', line 58

def self.validate_duplicated_outer_extensions(hostname, port, ech_config)
  Spec5_1_10.new.validate_invalid_ech_outer_extensions(hostname, port, ech_config, DuplicatedOuterExtensions)
end

.validate_missing_referenced_extensions(hostname, port, ech_config) ⇒ EchSpec::Ok | Err

Parameters:

  • hostname (String)
  • port (Integer)
  • ech_config (ECHConfig)

Returns:



49
50
51
 
# File 'lib/echspec/spec/5.1-10.rb', line 49

def self.validate_missing_referenced_extensions(hostname, port, ech_config)
  Spec5_1_10.new.validate_invalid_ech_outer_extensions(hostname, port, ech_config, MissingReferencedExtensions)
end

.validate_not_same_order_extensions(hostname, port, ech_config) ⇒ EchSpec::Ok | Err

Parameters:

  • hostname (String)
  • port (Integer)
  • ech_config (ECHConfig)

Returns:



76
77
78
 
# File 'lib/echspec/spec/5.1-10.rb', line 76

def self.validate_not_same_order_extensions(hostname, port, ech_config)
  Spec5_1_10.new.validate_invalid_ech_outer_extensions(hostname, port, ech_config, NotSameOrderExtensions)
end

.validate_referenced_encrypted_client_hello(hostname, port, ech_config) ⇒ EchSpec::Ok | Err

Parameters:

  • hostname (String)
  • port (Integer)
  • ech_config (ECHConfig)

Returns:



67
68
69
 
# File 'lib/echspec/spec/5.1-10.rb', line 67

def self.validate_referenced_encrypted_client_hello(hostname, port, ech_config)
  Spec5_1_10.new.validate_invalid_ech_outer_extensions(hostname, port, ech_config, ReferencedEncryptedClientHello)
end

Instance Method Details

#send_invalid_ech_outer_extensions(socket, hostname, ech_config, super_extensions) ⇒ Object 



96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'lib/echspec/spec/5.1-10.rb', line 96

def send_invalid_ech_outer_extensions(socket, hostname, ech_config, super_extensions)
  conn = TLS13Client::Connection.new(socket, :client)
  inner_ech = TTTLS13::Message::Extension::ECHClientHello.new_inner
  exs, = TLS13Client.gen_ch_extensions(hostname)
  exs = super_extensions.new(exs.values)
  inner = TTTLS13::Message::ClientHello.new(
    cipher_suites: TTTLS13::CipherSuites.new(
      [
        TTTLS13::CipherSuite::TLS_AES_256_GCM_SHA384,
        TTTLS13::CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
        TTTLS13::CipherSuite::TLS_AES_128_GCM_SHA256
      ]
    ),
    extensions: exs.merge(
      TTTLS13::Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
    )
  )

  selector = proc { |x| TLS13Client.select_ech_hpke_cipher_suite(x) }
  ch, inner, = TTTLS13::Ech.offer_ech(inner, ech_config, selector)
  conn.send_record(
    TTTLS13::Message::Record.new(
      type: TTTLS13::Message::ContentType::HANDSHAKE,
      messages: [ch],
      cipher: TTTLS13::Cryptograph::Passer.new
    )
  )
  @stack << inner
  @stack << ch

  recv, = conn.recv_message(TTTLS13::Cryptograph::Passer.new)
  @stack << recv

  recv
end

#validate_invalid_ech_outer_extensions(hostname, port, ech_config, super_extensions) ⇒ EchSpec::Ok | Err

Parameters:

  • hostname (String)
  • port (Integer)
  • ech_config (ECHConfig)
  • super_extensions (TTTLS13::Message::Extension::$Object)

Returns:



86
87
88
89
90
91
92
93
94
 
# File 'lib/echspec/spec/5.1-10.rb', line 86

def validate_invalid_ech_outer_extensions(hostname, port, ech_config, super_extensions)
  with_socket(hostname, port) do |socket|
    recv = send_invalid_ech_outer_extensions(socket, hostname, ech_config, super_extensions)
    return Err.new('did not send expected alert: illegal_parameter', message_stack) \
      unless Spec.expect_alert(recv, :illegal_parameter)

    Ok.new(nil)
  end
end