tttls1.3 0.2.18 → 0.3.0

data/lib/tttls1.3/message/extensions.rb

@@ -7,6 +7,7 @@ Dir[File.dirname(__FILE__) + '/extension/*.rb'].sort.each { |f| require f }
 module TTTLS13
   using Refinements
   module Message
+    # rubocop: disable Metrics/ClassLength
     class Extensions < Hash
       # @param extensions [Array of TTTLS13::Message::Extension::$Object]
       #
@@ -119,6 +120,7 @@ module TTTLS13
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
         # @return [TTTLS13::Message::Extension::$Object, nil]
+        # rubocop: disable Metrics/AbcSize
         # rubocop: disable Metrics/CyclomaticComplexity
         # rubocop: disable Metrics/MethodLength
         # rubocop: disable Metrics/PerceivedComplexity
@@ -130,14 +132,12 @@ module TTTLS13
             Extension::ServerName.deserialize(binary)
           when ExtensionType::STATUS_REQUEST
             if msg_type == HandshakeType::CLIENT_HELLO
-              return Extension::OCSPStatusRequest.deserialize(binary)
+              Extension::OCSPStatusRequest.deserialize(binary)
+            elsif msg_type == HandshakeType::CERTIFICATE
+              Extension::OCSPResponse.deserialize(binary)
+            else
+              Extension::UnknownExtension.deserialize(binary, extension_type)
             end
-
-            if msg_type == HandshakeType::CERTIFICATE
-              return Extension::OCSPResponse.deserialize(binary)
-            end
-
-            Extension::UnknownExtension.deserialize(binary, extension_type)
           when ExtensionType::SUPPORTED_GROUPS
             Extension::SupportedGroups.deserialize(binary)
           when ExtensionType::SIGNATURE_ALGORITHMS
@@ -162,14 +162,27 @@ module TTTLS13
             Extension::SignatureAlgorithmsCert.deserialize(binary)
           when ExtensionType::KEY_SHARE
             Extension::KeyShare.deserialize(binary, msg_type)
+          when ExtensionType::ENCRYPTED_CLIENT_HELLO
+            case msg_type
+            when HandshakeType::CLIENT_HELLO
+              Extension::ECHClientHello.deserialize(binary)
+            when HandshakeType::ENCRYPTED_EXTENSIONS
+              Extension::ECHEncryptedExtensions.deserialize(binary)
+            when HandshakeType::HELLO_RETRY_REQUEST
+              Extension::ECHHelloRetryRequest.deserialize(binary)
+            else
+              Extension::UnknownExtension.deserialize(binary, extension_type)
+            end
           else
             Extension::UnknownExtension.deserialize(binary, extension_type)
           end
         end
+        # rubocop: enable Metrics/AbcSize
         # rubocop: enable Metrics/CyclomaticComplexity
         # rubocop: enable Metrics/MethodLength
         # rubocop: enable Metrics/PerceivedComplexity
       end
     end
+    # rubocop: enable Metrics/ClassLength
   end
 end

data/lib/tttls1.3/message/record.rb

@@ -3,7 +3,7 @@
 module TTTLS13
   using Refinements
   module Message
-    # https://tools.ietf.org/html/rfc8449#section-4
+    # https://datatracker.ietf.org/doc/html/rfc8449#section-4
     DEFAULT_RECORD_SIZE_LIMIT = 2**14 + 1
 
     # rubocop: disable Metrics/ClassLength

data/lib/tttls1.3/message/server_hello.rb

@@ -17,7 +17,8 @@ module TTTLS13
       ExtensionType::COOKIE,
       ExtensionType::PASSWORD_SALT,
       ExtensionType::SUPPORTED_VERSIONS,
-      ExtensionType::KEY_SHARE
+      ExtensionType::KEY_SHARE,
+      ExtensionType::ENCRYPTED_CLIENT_HELLO
     ].freeze
     private_constant :APPEARABLE_HRR_EXTENSIONS
 
@@ -61,7 +62,6 @@ module TTTLS13
         @cipher_suite = cipher_suite
         @legacy_compression_method = legacy_compression_method
         @extensions = extensions
-        @hrr = (random == HRR_RANDOM)
       end
       # rubocop: enable Metrics/ParameterLists
 
@@ -108,10 +108,8 @@ module TTTLS13
         exs_bin = binary.slice(i, exs_len)
         if random == HRR_RANDOM
           msg_type = HandshakeType::HELLO_RETRY_REQUEST
-          @hrr = true
         else
           msg_type = HandshakeType::SERVER_HELLO
-          @hrr = false
         end
         extensions = Extensions.deserialize(exs_bin, msg_type)
         i += exs_len
@@ -132,7 +130,7 @@ module TTTLS13
 
       # @return [Boolean]
       def hrr?
-        @hrr
+        @random == HRR_RANDOM
       end
 
       # @return [Boolean]

data/lib/tttls1.3/message.rb

@@ -27,7 +27,7 @@ module TTTLS13
       HELLO_VERIFY_REQUEST   = "\x03" # RESERVED
       NEW_SESSION_TICKET     = "\x04"
       END_OF_EARLY_DATA      = "\x05"
-      HELLO_RETRY_REQUEST    = "\x06" # RESERVED
+      HELLO_RETRY_REQUEST    = "\x06"
       ENCRYPTED_EXTENSIONS   = "\x08"
       CERTIFICATE            = "\x0b"
       SERVER_KEY_EXCHANGE    = "\x0c" # RESERVED
@@ -72,6 +72,8 @@ module TTTLS13
       POST_HANDSHAKE_AUTH                    = "\x00\x31"
       SIGNATURE_ALGORITHMS_CERT              = "\x00\x32"
       KEY_SHARE                              = "\x00\x33"
+      # https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-17#section-11.1
+      ENCRYPTED_CLIENT_HELLO                 = "\xfe\x0d"
     end
 
     DEFINED_EXTENSIONS = ExtensionType.constants.map do |c|

data/lib/tttls1.3/named_group.rb

@@ -64,7 +64,7 @@ module TTTLS13
       # secp384r1   |               |   NIST P-384
       # secp521r1   |               |   NIST P-521
       #
-      # https://tools.ietf.org/html/rfc4492#appendix-A
+      # https://datatracker.ietf.org/doc/html/rfc4492#appendix-A
       #
       # @param groups [Array of TTTLS13::Message::Extension::NamedGroup]
       #

data/lib/tttls1.3/server.rb

@@ -136,7 +136,7 @@ module TTTLS13
     #                                v
     #                            CONNECTED
     #
-    # https://tools.ietf.org/html/rfc8446#appendix-A.2
+    # https://datatracker.ietf.org/doc/html/rfc8446#appendix-A.2
     #
     # rubocop: disable Metrics/AbcSize
     # rubocop: disable Metrics/BlockLength
@@ -323,7 +323,7 @@ module TTTLS13
             transcript[CH].first.random,
             key_schedule.client_application_traffic_secret
           )
-          @exporter_master_secret = key_schedule.exporter_master_secret
+          @exporter_secret = key_schedule.exporter_secret
           @state = ServerState::CONNECTED
         when ServerState::CONNECTED
           logger.debug('ServerState::CONNECTED')

data/lib/tttls1.3/utils.rb

@@ -38,6 +38,14 @@ module TTTLS13
 
         [self >> 32, self].pack('N2')
       end
+
+      def zeros
+        if positive?
+          "\x00" * self
+        else
+          ''
+        end
+      end
     end
 
     refine String do

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.2.18'
+  VERSION = '0.3.0'
 end

data/lib/tttls1.3.rb

@@ -5,6 +5,9 @@ require 'net/http'
 require 'pp'
 require 'logger'
 
+require 'ech_config'
+require 'hpke'
+
 require 'tttls1.3/version'
 require 'tttls1.3/utils'
 require 'tttls1.3/logging'
@@ -18,6 +21,7 @@ require 'tttls1.3/key_schedule'
 require 'tttls1.3/message'
 require 'tttls1.3/sequence_number'
 require 'tttls1.3/sslkeylogfile'
+require 'tttls1.3/hpke'
 require 'tttls1.3/connection'
 require 'tttls1.3/client'
 require 'tttls1.3/server'

data/spec/client_spec.rb

@@ -270,4 +270,44 @@ RSpec.describe Client do
                          'SHA256')).to eq TESTBINARY_0_RTT_PSK
     end
   end
+
+  context 'EncodedClientHelloInner length' do
+    let(:server_name) do
+      'localhost'
+    end
+
+    let(:client) do
+      Client.new(nil, server_name)
+    end
+
+    let(:maximum_name_length) do
+      0
+    end
+
+    let(:encoded) do
+      extensions, = client.send(:gen_ch_extensions)
+      inner_ech = Message::Extension::ECHClientHello.new_inner
+      Message::ClientHello.new(
+        legacy_session_id: '',
+        cipher_suites: CipherSuites.new(DEFAULT_CH_CIPHER_SUITES),
+        extensions: extensions.merge(
+          Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
+        )
+      )
+    end
+
+    let(:padding_encoded_ch_inner) do
+      client.send(
+        :padding_encoded_ch_inner,
+        encoded.serialize[4..],
+        server_name.length,
+        maximum_name_length
+      )
+    end
+
+    it 'should be equal placeholder_encoded_ch_inner_len' do
+      expect(client.send(:placeholder_encoded_ch_inner_len))
+        .to eq padding_encoded_ch_inner.length
+    end
+  end
 end

data/spec/connection_spec.rb

@@ -6,13 +6,28 @@ require_relative 'spec_helper'
 RSpec.describe Connection do
   context 'connection, Simple 1-RTT Handshake,' do
     let(:key) do
-      rsa = OpenSSL::PKey::RSA.new
-      rsa.set_key(OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2),
-                  OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2),
-                  OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2))
-      rsa.set_factors(OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2),
-                      OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2))
-      rsa
+      n = OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2)
+      e = OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2)
+      d = OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2)
+      p = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2)
+      q = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2)
+      dmp1 = d % (p - 1.to_bn)
+      dmq1 = d % (q - 1.to_bn)
+      iqmp = q**-1.to_bn % p
+      asn1 = OpenSSL::ASN1::Sequence(
+        [
+          OpenSSL::ASN1::Integer(0),
+          OpenSSL::ASN1::Integer(n),
+          OpenSSL::ASN1::Integer(e),
+          OpenSSL::ASN1::Integer(d),
+          OpenSSL::ASN1::Integer(p),
+          OpenSSL::ASN1::Integer(q),
+          OpenSSL::ASN1::Integer(dmp1),
+          OpenSSL::ASN1::Integer(dmq1),
+          OpenSSL::ASN1::Integer(iqmp)
+        ]
+      )
+      OpenSSL::PKey::RSA.new(asn1)
     end
 
     let(:ct) do

data/spec/ech_spec.rb

@@ -0,0 +1,81 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+require_relative 'spec_helper'
+using Refinements
+
+RSpec.describe ECHClientHello do
+  context 'valid ECHClientHello outer binary' do
+    let(:extension) do
+      ECHClientHello.deserialize(TESTBINARY_ECH_OUTER)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.type).to eq ECHClientHelloType::OUTER
+      expect(extension.cipher_suite.kdf_id.uint16).to eq 1
+      expect(extension.cipher_suite.aead_id.uint16).to eq 1
+      expect(extension.config_id).to eq 32
+      expect(extension.enc.length).to eq 32
+      expect(extension.payload.length).to eq 239
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO \
+               + 281.to_uint16 \
+               + ECHClientHelloType::OUTER \
+               + 1.to_uint16 \
+               + 1.to_uint16 \
+               + 32.to_uint8 \
+               + extension.enc.prefix_uint16_length \
+               + extension.payload.prefix_uint16_length
+    end
+  end
+
+  context 'valid ECHClientHello inner binary' do
+    let(:extension) do
+      ECHClientHello.deserialize(TESTBINARY_ECH_INNER)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.type).to eq ECHClientHelloType::INNER
+    end
+
+    it 'should be serialized' do
+      expect(extension.serialize)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO \
+               + 1.to_uint16 \
+               + ECHClientHelloType::INNER \
+    end
+  end
+
+  context 'valid ECHEncryptedExtensions binary' do
+    let(:extension) do
+      ECHEncryptedExtensions.deserialize(TESTBINARY_ECH_EE)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.retry_configs.is_a?(Array)).to be_truthy
+      expect(extension.retry_configs.length).to eq 1
+      expect(extension.retry_configs.first.is_a?(ECHConfig)).to be_truthy
+    end
+  end
+
+  context 'valid ECHHelloRetryRequest binary' do
+    let(:extension) do
+      ECHHelloRetryRequest.deserialize(TESTBINARY_ECH_HRR)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type)
+        .to eq ExtensionType::ENCRYPTED_CLIENT_HELLO
+      expect(extension.confirmation).to eq "\x00" * 8
+    end
+  end
+end

data/spec/extensions_spec.rb

@@ -35,8 +35,7 @@ RSpec.describe Extensions do
   end
 
   let(:key_share) do
-    ec = OpenSSL::PKey::EC.new('prime256v1')
-    ec.generate_key!
+    ec = OpenSSL::PKey::EC.generate('prime256v1')
     KeyShare.new(
       msg_type: HandshakeType::CLIENT_HELLO,
       key_share_entry: [

data/spec/key_schedule_spec.rb

@@ -37,9 +37,9 @@ RSpec.describe KeySchedule do
         .to eq TESTBINARY_C_AP_TRAFFIC
       expect(key_schedule.server_application_traffic_secret)
         .to eq TESTBINARY_S_AP_TRAFFIC
-      expect(key_schedule.exporter_master_secret)
+      expect(key_schedule.exporter_secret)
         .to eq TESTBINARY_EXP_MASTER
-      expect(key_schedule.resumption_master_secret)
+      expect(key_schedule.resumption_secret)
         .to eq TESTBINARY_RES_MASTER
     end
 

data/spec/server_spec.rb

@@ -109,13 +109,28 @@ RSpec.describe Server do
 
   context 'server' do
     let(:key) do
-      rsa = OpenSSL::PKey::RSA.new
-      rsa.set_key(OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2),
-                  OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2),
-                  OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2))
-      rsa.set_factors(OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2),
-                      OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2))
-      rsa
+      n = OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2)
+      e = OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2)
+      d = OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2)
+      p = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2)
+      q = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2)
+      dmp1 = d % (p - 1.to_bn)
+      dmq1 = d % (q - 1.to_bn)
+      iqmp = q**-1.to_bn % p
+      asn1 = OpenSSL::ASN1::Sequence(
+        [
+          OpenSSL::ASN1::Integer(0),
+          OpenSSL::ASN1::Integer(n),
+          OpenSSL::ASN1::Integer(e),
+          OpenSSL::ASN1::Integer(d),
+          OpenSSL::ASN1::Integer(p),
+          OpenSSL::ASN1::Integer(q),
+          OpenSSL::ASN1::Integer(dmp1),
+          OpenSSL::ASN1::Integer(dmq1),
+          OpenSSL::ASN1::Integer(iqmp)
+        ]
+      )
+      OpenSSL::PKey::RSA.new(asn1)
     end
 
     let(:ct) do

data/spec/spec_helper.rb

@@ -167,7 +167,7 @@ TESTBINARY_COMPRESS_CERTIFICATE = <<BIN.split.map(&:hex).map(&:chr).join
   02 00 01
 BIN
 
-# https://tools.ietf.org/html/rfc8448#section-3
+# https://datatracker.ietf.org/doc/html/rfc8448#section-3
 # 2.  Private Keys
 TESTBINARY_PKEY_MODULUS = <<BIN.split.map(&:hex).map(&:chr).join
   b4 bb 49 8f 82 79 30 3d     98 08 36 39 9b 36 c6 98
@@ -209,7 +209,43 @@ TESTBINARY_PKEY_PRIVATE_EXPONENT = <<BIN.split.map(&:hex).map(&:chr).join
   c3 08 8d f2 5a e6 79 23     3d f8 a3 bd a2 ff 99 41
 BIN
 
-# https://tools.ietf.org/html/rfc8448#section-3
+TESTBINARY_ECH_OUTER = <<BIN.split.map(&:hex).map(&:chr).join
+  00 00 01 00 01 20 00 20     00 01 02 03 04 05 06 07
+  08 09 0a 0b 0c 0d 0e 0f     10 11 12 13 14 15 16 17
+  18 19 1a 1b 1c 1d 1e 1f     00 ef 00 01 02 03 04 05
+  06 07 08 09 0a 0b 0c 0d     0e 0f 10 11 12 13 14 15
+  16 17 18 19 1a 1b 1c 1d     1e 1f 20 21 22 23 24 25
+  26 27 28 29 2a 2b 2c 2d     2e 2f 30 31 32 33 34 35
+  36 37 38 39 3a 3b 3c 3d     3e 3f 40 41 42 43 44 45
+  46 47 48 49 4a 4b 4c 4d     4e 4f 50 51 52 53 54 55
+  56 57 58 59 5a 5b 5c 5d     5e 5f 60 61 62 63 64 65
+  66 67 68 69 6a 6b 6c 6d     6e 6f 70 71 72 73 74 75
+  76 77 78 79 7a 7b 7c 7d     7e 7f 80 81 82 83 84 85
+  86 87 88 89 8a 8b 8c 8d     8e 8f 90 91 92 93 94 95
+  96 97 98 99 9a 9b 9c 9d     9e 9f a0 a1 a2 a3 a4 a5
+  a6 a7 a8 a9 aa ab ac ad     ae af b0 b1 b2 b3 b4 b5
+  b6 b7 b8 b9 ba bb bc bd     be bf c0 c1 c2 c3 c4 c5
+  c6 c7 c8 c9 ca cb cc cd     ce cf d0 d1 d2 d3 d4 d5
+  d6 d7 d8 d9 da db dc dd     de df e0 e1 e2 e3 e4 e5
+  e6 e7 e8 e9 ea eb ec ed     ee
+BIN
+
+TESTBINARY_ECH_INNER = <<BIN.split.map(&:hex).map(&:chr).join
+  01
+BIN
+
+TESTBINARY_ECH_EE = <<BIN.split.map(&:hex).map(&:chr).join
+  00 3a fe 0d 00 36 00 00     20 00 1e 00 00 00 00 00
+  00 00 00 00 00 00 00 00     00 00 00 00 00 00 00 00
+  00 00 00 00 00 00 00 00     00 00 04 00 01 00 01 00
+  09 6c 6f 63 61 6c 68 6f     73 74 00 00
+BIN
+
+TESTBINARY_ECH_HRR = <<BIN.split.map(&:hex).map(&:chr).join
+  00 00 00 00 00 00 00 00
+BIN
+
+# https://datatracker.ietf.org/doc/html/rfc8448#section-3
 # 3.  Simple 1-RTT Handshake
 TESTBINARY_CLIENT_HELLO = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 00 c0 03 03 cb 34     ec b1 e7 81 63 ba 1c 38
@@ -517,7 +553,7 @@ TESTBINARY_CH_CF_TRANSCRIPT_HASH = <<BIN.split.map(&:hex).map(&:chr).join
   84 65 8d 60 49 e8 64 29     42 6d b8 7c 54 ad 14 3d
 BIN
 
-# https://tools.ietf.org/html/rfc8448#section-4
+# https://datatracker.ietf.org/doc/html/rfc8448#section-4
 # 4.  Resumed 0-RTT Handshake
 TESTBINARY_0_RTT_CLIENT_HELLO = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 01 fc 03 03 1b c3     ce b6 bb e3 9c ff 93 83
@@ -642,7 +678,7 @@ BIN
 TESTBINARY_0_RTT_CLIENT_APPLICATION_WRITE_IV \
 = testbinary.split.map(&:hex).map(&:chr).join
 
-# https://tools.ietf.org/html/rfc8448#section-5
+# https://datatracker.ietf.org/doc/html/rfc8448#section-5
 # 5.  HelloRetryRequest
 TESTBINARY_HRR_CLIENT_HELLO1 = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 00 b0 03 03 b0 b1     c5 a5 aa 37 c5 91 9f 2e
@@ -939,7 +975,7 @@ TESTBINARY_HRR_CH1_CF_TRANSCRIPT_HASH = <<BIN.split.map(&:hex).map(&:chr).join
   3c aa 6e 48 3c 6c 65 df     53 15 18 88 e5 01 65 f4
 BIN
 
-# https://tools.ietf.org/html/rfc8448#section-7
+# https://datatracker.ietf.org/doc/html/rfc8448#section-7
 # 7.  Compatibility Mode
 TESTBINARY_RECORD_CCS = <<BIN.split.map(&:hex).map(&:chr).join
   14 03 03 00 01 01

data/tttls1.3.gemspec

@@ -20,6 +20,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_dependency             'ech_config', '~> 0.0.3'
+  spec.add_dependency             'hpke'
   spec.add_dependency             'logger'
   spec.add_dependency             'openssl'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.18
+  version: 0.3.0
 platform: ruby
 authors:
 - thekuwayama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-18 00:00:00.000000000 Z
+date: 2023-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -24,6 +24,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: ech_config
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+- !ruby/object:Gem::Dependency
+  name: hpke
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: logger
   requirement: !ruby/object:Gem::Requirement
@@ -72,14 +100,18 @@ files:
 - example/helper.rb
 - example/https_client.rb
 - example/https_client_using_0rtt.rb
+- example/https_client_using_ech.rb
+- example/https_client_using_grease_ech.rb
+- example/https_client_using_grease_psk.rb
 - example/https_client_using_hrr.rb
+- example/https_client_using_hrr_and_ech.rb
 - example/https_client_using_hrr_and_ticket.rb
 - example/https_client_using_status_request.rb
 - example/https_client_using_ticket.rb
 - example/https_server.rb
 - interop/client_spec.rb
-- interop/helper.rb
 - interop/server_spec.rb
+- interop/spec_helper.rb
 - lib/tttls1.3.rb
 - lib/tttls1.3/cipher_suites.rb
 - lib/tttls1.3/client.rb
@@ -88,6 +120,7 @@ files:
 - lib/tttls1.3/cryptograph/aead.rb
 - lib/tttls1.3/cryptograph/passer.rb
 - lib/tttls1.3/error.rb
+- lib/tttls1.3/hpke.rb
 - lib/tttls1.3/key_schedule.rb
 - lib/tttls1.3/logging.rb
 - lib/tttls1.3/message.rb
@@ -104,6 +137,7 @@ files:
 - lib/tttls1.3/message/extension/compress_certificate.rb
 - lib/tttls1.3/message/extension/cookie.rb
 - lib/tttls1.3/message/extension/early_data_indication.rb
+- lib/tttls1.3/message/extension/ech.rb
 - lib/tttls1.3/message/extension/key_share.rb
 - lib/tttls1.3/message/extension/pre_shared_key.rb
 - lib/tttls1.3/message/extension/psk_key_exchange_modes.rb
@@ -142,6 +176,7 @@ files:
 - spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb
+- spec/ech_spec.rb
 - spec/encrypted_extensions_spec.rb
 - spec/end_of_early_data_spec.rb
 - spec/error_spec.rb
@@ -219,6 +254,7 @@ test_files:
 - spec/connection_spec.rb
 - spec/cookie_spec.rb
 - spec/early_data_indication_spec.rb
+- spec/ech_spec.rb
 - spec/encrypted_extensions_spec.rb
 - spec/end_of_early_data_spec.rb
 - spec/error_spec.rb