Class: EchSpec::Spec::Spec7_1_11

Inherits:
WithSocket show all
Defined in:
lib/echspec/spec/7.1-11.rb

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from WithSocket

#initialize, #message_stack, #with_socket

Constructor Details

This class inherits a constructor from EchSpec::Spec::WithSocket

Class Method Details

.spec_groupSpecGroup

Returns:



13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/echspec/spec/7.1-11.rb', line 13

def self.spec_group
  SpecGroup.new(
    '7.1-11',
    [
      SpecCase.new(
        'MUST abort with an "illegal_parameter" alert, if ClientHelloInner offers TLS 1.2 or below.',
        method(:validate_ech_with_tls12)
      )
    ]
  )
end

.validate_ech_with_tls12(hostname, port, ech_config) ⇒ EchSpec::Ok | Err

Parameters:

  • hostname (String)
  • port (Integer)
  • ech_config (ECHConfig)

Returns:



30
31
32
 
# File 'lib/echspec/spec/7.1-11.rb', line 30

def self.validate_ech_with_tls12(hostname, port, ech_config)
  Spec7_1_11.new.do_validate_ech_with_tls12(hostname, port, ech_config)
end

Instance Method Details

#do_validate_ech_with_tls12(hostname, port, ech_config) ⇒ EchSpec::Ok | Err

Parameters:

  • hostname (String)
  • port (Integer)
  • ech_config (ECHConfig)

Returns:



39
40
41
42
43
44
45
46
47
 
# File 'lib/echspec/spec/7.1-11.rb', line 39

def do_validate_ech_with_tls12(hostname, port, ech_config)
  with_socket(hostname, port) do |socket|
    recv = send_ch_ech_with_tls12(socket, hostname, ech_config)
    return Err.new('did not send expected alert: illegal_parameter', message_stack) \
      unless Spec.expect_alert(recv, :illegal_parameter)

    Ok.new(nil)
  end
end

#send_ch_ech_with_tls12(socket, hostname, ech_config) ⇒ Object

rubocop: disable Metrics/MethodLength



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/echspec/spec/7.1-11.rb', line 50

def send_ch_ech_with_tls12(socket, hostname, ech_config)
  conn = TLS13Client::Connection.new(socket, :client)
  inner_ech = TTTLS13::Message::Extension::ECHClientHello.new_inner
  exs, = TLS13Client.gen_ch_extensions(hostname)
  # supported_versions: only TLS 1.2
  versions = TTTLS13::Message::Extension::SupportedVersions.new(
    msg_type: TTTLS13::Message::HandshakeType::CLIENT_HELLO,
    versions: [TTTLS13::Message::ProtocolVersion::TLS_1_2]
  )
  exs[TTTLS13::Message::ExtensionType::SUPPORTED_VERSIONS] = versions
  inner = TTTLS13::Message::ClientHello.new(
    cipher_suites: TTTLS13::CipherSuites.new(
      [
        TTTLS13::CipherSuite::TLS_AES_256_GCM_SHA384,
        TTTLS13::CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
        TTTLS13::CipherSuite::TLS_AES_128_GCM_SHA256
      ]
    ),
    extensions: exs.merge(
      TTTLS13::Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
    )
  )

  selector = proc { |x| TLS13Client.select_ech_hpke_cipher_suite(x) }
  ch, inner, = TTTLS13::Ech.offer_ech(inner, ech_config, selector)
  conn.send_record(
    TTTLS13::Message::Record.new(
      type: TTTLS13::Message::ContentType::HANDSHAKE,
      messages: [ch],
      cipher: TTTLS13::Cryptograph::Passer.new
    )
  )
  @stack << inner
  @stack << ch

  recv, = conn.recv_message(TTTLS13::Cryptograph::Passer.new)
  @stack << recv

  recv
end