tttls1.3 0.3.0 → 0.3.2

data/lib/tttls1.3/message/extension/ech.rb

@@ -99,9 +99,10 @@ module TTTLS13
           # @raise [TTTLS13::Error::ErrorAlerts]
           #
           # @return [TTTLS13::Message::Extensions::ECHClientHello]
+          # rubocop: disable Metrics/AbcSize
           def deserialize_outer_ech(binary)
-            raise Error::ErrorAlerts, :internal_error \
-              if binary.nil? || binary.length < 5
+            raise Error::ErrorAlerts, :internal_error if binary.nil?
+            raise Error::ErrorAlerts, :decode_error if binary.length < 5
 
             kdf_id = \
               HpkeSymmetricCipherSuite::HpkeKdfId.decode(binary.slice(0, 2))
@@ -111,16 +112,16 @@ module TTTLS13
             cid = Convert.bin2i(binary.slice(4, 1))
             enc_len = Convert.bin2i(binary.slice(5, 2))
             i = 7
-            raise Error::ErrorAlerts, :internal_error \
+            raise Error::ErrorAlerts, :decode_error \
               if i + enc_len > binary.length
 
             enc = binary.slice(i, enc_len)
             i += enc_len
-            raise Error::ErrorAlerts, :internal_error \
+            raise Error::ErrorAlerts, :decode_error \
               if i + 2 > binary.length
 
             payload_len = Convert.bin2i(binary.slice(i, 2))
-            raise Error::ErrorAlerts, :internal_error \
+            raise Error::ErrorAlerts, :decode_error \
               if i + payload_len > binary.length
 
             payload = binary.slice(i, payload_len)
@@ -132,6 +133,7 @@ module TTTLS13
               payload: payload
             )
           end
+          # rubocop: enable Metrics/AbcSize
 
           # @param binary [String]
           #
@@ -139,7 +141,7 @@ module TTTLS13
           #
           # @return [TTTLS13::Message::Extensions::ECHClientHello]
           def deserialize_inner_ech(binary)
-            raise Error::ErrorAlerts, :internal_error unless binary.empty?
+            raise Error::ErrorAlerts, :illegal_parameter unless binary.empty?
 
             ECHClientHello.new(type: ECHClientHelloType::INNER)
           end
@@ -195,9 +197,9 @@ module TTTLS13
         #
         # @return [TTTLS13::Message::Extensions::ECHEncryptedExtensions]
         def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
           raise Error::ErrorAlerts, :decode_error \
-            if binary.nil? ||
-               binary.length != binary.slice(0, 2).unpack1('n') + 2
+            if binary.length != binary.slice(0, 2).unpack1('n') + 2
 
           ECHEncryptedExtensions.new(
             ECHConfig.decode_vectors(binary.slice(2..))
@@ -230,8 +232,8 @@ module TTTLS13
         #
         # @return [TTTLS13::Message::Extensions::ECHHelloRetryRequest]
         def self.deserialize(binary)
-          raise Error::ErrorAlerts, :decode_error \
-            if binary.nil? || binary.length != 8
+          raise Error::ErrorAlerts, :internal_error if binary.nil?
+          raise Error::ErrorAlerts, :decode_error if binary.length != 8
 
           ECHHelloRetryRequest.new(binary)
         end

data/lib/tttls1.3/message/extension/signature_algorithms.rb

@@ -21,8 +21,8 @@ module TTTLS13
           SignatureScheme::RSA_PKCS1_SHA512
         ].freeze
 
-        attr_accessor :extension_type # for signature_algorithms_cert getter
-        attr_reader   :supported_signature_algorithms
+        attr_reader :extension_type # for signature_algorithms_cert getter
+        attr_reader :supported_signature_algorithms
 
         # @param supported_signature_algorithms [Array of SignatureScheme]
         def initialize(supported_signature_algorithms)

data/lib/tttls1.3/message/extension/supported_versions.rb

@@ -6,9 +6,9 @@ module TTTLS13
   module Message
     module Extension
       class SupportedVersions
-        attr_reader   :extension_type
-        attr_accessor :msg_type
-        attr_accessor :versions
+        attr_reader :extension_type
+        attr_reader :msg_type
+        attr_reader :versions
 
         # @param msg_type [TTTLS13::Message::ContentType]
         # @param versions [Array of ProtocolVersion]

data/lib/tttls1.3/message/extension/unknown_extension.rb

@@ -9,8 +9,8 @@ module TTTLS13
       # Client/Server MUST ignore unrecognized extensions,
       # but transcript MUST include unrecognized extensions.
       class UnknownExtension
-        attr_accessor :extension_type
-        attr_accessor :extension_data
+        attr_reader :extension_type
+        attr_reader :extension_data
 
         # @param extension_type [String]
         # @param extension_data [String]

data/lib/tttls1.3/server.rb

@@ -66,13 +66,15 @@ module TTTLS13
   private_constant :DEFAULT_SERVER_SETTINGS
 
   # rubocop: disable Metrics/ClassLength
-  class Server < Connection
+  class Server
+    include Logging
+
+    attr_reader :transcript
+
     # @param socket [Socket]
     # @param settings [Hash]
     def initialize(socket, **settings)
-      super(socket)
-
-      @endpoint = :server
+      @connection = Connection.new(socket, :server)
       @settings = DEFAULT_SERVER_SETTINGS.merge(settings)
       logger.level = @settings[:loglevel]
 
@@ -144,7 +146,7 @@ module TTTLS13
     # rubocop: disable Metrics/MethodLength
     # rubocop: disable Metrics/PerceivedComplexity
     def accept
-      transcript = Transcript.new
+      @transcript = Transcript.new
       key_schedule = nil # TTTLS13::KeySchedule
       priv_key = nil # OpenSSL::PKey::$Object
       hs_wcipher = nil # TTTLS13::Cryptograph::$Object
@@ -159,24 +161,27 @@ module TTTLS13
         end
       end
 
-      @state = ServerState::START
+      @connection.state = ServerState::START
       loop do
-        case @state
+        case @connection.state
         when ServerState::START
           logger.debug('ServerState::START')
 
-          receivable_ccs = transcript.include?(CH1)
-          ch, = transcript[CH] = recv_client_hello(receivable_ccs)
+          receivable_ccs = @transcript.include?(CH1)
+          ch, = @transcript[CH] = recv_client_hello(receivable_ccs)
 
           # support only TLS 1.3
-          terminate(:protocol_version) unless ch.negotiated_tls_1_3?
+          @connection.terminate(:protocol_version) unless ch.negotiated_tls_1_3?
 
           # validate parameters
-          terminate(:illegal_parameter) unless ch.appearable_extensions?
-          terminamte(:illegal_parameter) \
+          @connection.terminate(:illegal_parameter) \
+            unless ch.appearable_extensions?
+          @connection.terminate(:illegal_parameter) \
             unless ch.legacy_compression_methods == ["\x00"]
-          terminate(:illegal_parameter) unless ch.valid_key_share?
-          terminate(:unrecognized_name) unless recognized_server_name?(ch, @crt)
+          @connection.terminate(:illegal_parameter) \
+            unless ch.valid_key_share?
+          @connection.terminate(:unrecognized_name) \
+            unless recognized_server_name?(ch, @crt)
 
           # alpn
           ch_alpn = ch.extensions[
@@ -186,109 +191,109 @@ module TTTLS13
             @alpn = ch_alpn.protocol_name_list
                            .find { |p| @settings[:alpn].include?(p) }
 
-            terminate(:no_application_protocol) if @alpn.nil?
+            @connection.terminate(:no_application_protocol) if @alpn.nil?
           end
 
           # record_size_limit
           ch_rsl = ch.extensions[Message::ExtensionType::RECORD_SIZE_LIMIT]
           @send_record_size = ch_rsl.record_size_limit unless ch_rsl.nil?
 
-          @state = ServerState::RECVD_CH
+          @connection.state = ServerState::RECVD_CH
         when ServerState::RECVD_CH
           logger.debug('ServerState::RECVD_CH')
 
           # select parameters
-          ch, = transcript[CH]
+          ch, = @transcript[CH]
           @cipher_suite = select_cipher_suite(ch)
           @named_group = select_named_group(ch)
           @signature_scheme = select_signature_scheme(ch, @crt)
-          terminate(:handshake_failure) \
+          @connection.terminate(:handshake_failure) \
             if @cipher_suite.nil? || @signature_scheme.nil?
 
           # send HRR
           if @named_group.nil?
-            ch1, = transcript[CH1] = transcript.delete(CH)
+            ch1, = @transcript[CH1] = @transcript.delete(CH)
             hrr = send_hello_retry_request(ch1, @cipher_suite)
-            transcript[HRR] = [hrr, hrr.serialize]
-            @state = ServerState::START
+            @transcript[HRR] = [hrr, hrr.serialize]
+            @connection.state = ServerState::START
             next
           end
-          @state = ServerState::NEGOTIATED
+          @connection.state = ServerState::NEGOTIATED
         when ServerState::NEGOTIATED
           logger.debug('ServerState::NEGOTIATED')
 
-          ch, = transcript[CH]
+          ch, = @transcript[CH]
           extensions, priv_key = gen_sh_extensions(@named_group)
           sh = send_server_hello(
             extensions,
             @cipher_suite,
             ch.legacy_session_id
           )
-          transcript[SH] = [sh, sh.serialize]
-          send_ccs if @settings[:compatibility_mode]
+          @transcript[SH] = [sh, sh.serialize]
+          @connection.send_ccs if @settings[:compatibility_mode]
 
           # generate shared secret
           ke = ch.extensions[Message::ExtensionType::KEY_SHARE]
                 &.key_share_entry
                 &.find { |kse| kse.group == @named_group }
                 &.key_exchange
-          shared_secret = gen_shared_secret(ke, priv_key, @named_group)
+          shared_secret = Endpoint.gen_shared_secret(ke, priv_key, @named_group)
           key_schedule = KeySchedule.new(
             psk: @psk,
             shared_secret: shared_secret,
             cipher_suite: @cipher_suite,
-            transcript: transcript
+            transcript: @transcript
           )
-          @alert_wcipher = hs_wcipher = gen_cipher(
+          @connection.alert_wcipher = hs_wcipher = Endpoint.gen_cipher(
             @cipher_suite,
             key_schedule.server_handshake_write_key,
             key_schedule.server_handshake_write_iv
           )
           sslkeylogfile&.write_server_handshake_traffic_secret(
-            transcript[CH].first.random,
+            @transcript[CH].first.random,
             key_schedule.server_handshake_traffic_secret
           )
-          hs_rcipher = gen_cipher(
+          hs_rcipher = Endpoint.gen_cipher(
             @cipher_suite,
             key_schedule.client_handshake_write_key,
             key_schedule.client_handshake_write_iv
           )
           sslkeylogfile&.write_client_handshake_traffic_secret(
-            transcript[CH].first.random,
+            @transcript[CH].first.random,
             key_schedule.client_handshake_traffic_secret
           )
-          @state = ServerState::WAIT_FLIGHT2
+          @connection.state = ServerState::WAIT_FLIGHT2
         when ServerState::WAIT_EOED
           logger.debug('ServerState::WAIT_EOED')
         when ServerState::WAIT_FLIGHT2
           logger.debug('ServerState::WAIT_FLIGHT2')
 
-          ch, = transcript[CH]
+          ch, = @transcript[CH]
           rsl = @send_record_size \
             if ch.extensions.include?(Message::ExtensionType::RECORD_SIZE_LIMIT)
           ee = gen_encrypted_extensions(ch, @alpn, rsl)
-          transcript[EE] = [ee, ee.serialize]
+          @transcript[EE] = [ee, ee.serialize]
           # TODO: [Send CertificateRequest]
 
           # status_request
           ocsp_response = fetch_ocsp_response \
             if ch.extensions.include?(Message::ExtensionType::STATUS_REQUEST)
           ct = gen_certificate(@crt, ch, @chain, ocsp_response)
-          transcript[CT] = [ct, ct.serialize]
+          @transcript[CT] = [ct, ct.serialize]
           digest = CipherSuite.digest(@cipher_suite)
-          hash = transcript.hash(digest, CT)
+          hash = @transcript.hash(digest, CT)
           cv = gen_certificate_verify(@key, @signature_scheme, hash)
-          transcript[CV] = [cv, cv.serialize]
+          @transcript[CV] = [cv, cv.serialize]
           finished_key = key_schedule.server_finished_key
-          signature = sign_finished(
+          signature = Endpoint.sign_finished(
             digest: digest,
             finished_key: finished_key,
-            hash: transcript.hash(digest, CV)
+            hash: @transcript.hash(digest, CV)
           )
           sf = Message::Finished.new(signature)
-          transcript[SF] = [sf, sf.serialize]
+          @transcript[SF] = [sf, sf.serialize]
           send_server_parameters([ee, ct, cv, sf], hs_wcipher)
-          @state = ServerState::WAIT_FINISHED
+          @connection.state = ServerState::WAIT_FINISHED
         when ServerState::WAIT_CERT
           logger.debug('ServerState::WAIT_CERT')
         when ServerState::WAIT_CV
@@ -296,35 +301,36 @@ module TTTLS13
         when ServerState::WAIT_FINISHED
           logger.debug('ServerState::WAIT_FINISHED')
 
-          cf, = transcript[CF] = recv_finished(hs_rcipher)
+          cf, = @transcript[CF] = recv_finished(hs_rcipher)
           digest = CipherSuite.digest(@cipher_suite)
-          verified = verified_finished?(
+          verified = Endpoint.verified_finished?(
             finished: cf,
             digest: digest,
             finished_key: key_schedule.client_finished_key,
-            hash: transcript.hash(digest, EOED)
+            hash: @transcript.hash(digest, EOED)
           )
-          terminate(:decrypt_error) unless verified
-          @alert_wcipher = @ap_wcipher = gen_cipher(
+          @connection.terminate(:decrypt_error) unless verified
+          @connection.ap_wcipher = Endpoint.gen_cipher(
             @cipher_suite,
             key_schedule.server_application_write_key,
             key_schedule.server_application_write_iv
           )
+          @connection.alert_wcipher = @connection.ap_wcipher
           sslkeylogfile&.write_server_traffic_secret_0(
-            transcript[CH].first.random,
+            @transcript[CH].first.random,
             key_schedule.server_application_traffic_secret
           )
-          @ap_rcipher = gen_cipher(
+          @connection.ap_rcipher = Endpoint.gen_cipher(
             @cipher_suite,
             key_schedule.client_application_write_key,
             key_schedule.client_application_write_iv
           )
           sslkeylogfile&.write_client_traffic_secret_0(
-            transcript[CH].first.random,
+            @transcript[CH].first.random,
             key_schedule.client_application_traffic_secret
           )
           @exporter_secret = key_schedule.exporter_secret
-          @state = ServerState::CONNECTED
+          @connection.state = ServerState::CONNECTED
         when ServerState::CONNECTED
           logger.debug('ServerState::CONNECTED')
 
@@ -339,6 +345,59 @@ module TTTLS13
     # rubocop: enable Metrics/MethodLength
     # rubocop: enable Metrics/PerceivedComplexity
 
+    # @raise [TTTLS13::Error::ConfigError]
+    #
+    # @return [String]
+    def read
+      @connection.read(nil)
+    end
+
+    # @param binary [String]
+    def write(binary)
+      @connection.write(binary)
+    end
+
+    # @return [Boolean]
+    def eof?
+      @connection.eof?
+    end
+
+    def close
+      @connection.close
+    end
+
+    # @return [TTTLS13::CipherSuite, nil]
+    def negotiated_cipher_suite
+      @cipher_suite
+    end
+
+    # @return [TTTLS13::NamedGroup, nil]
+    def negotiated_named_group
+      @named_group
+    end
+
+    # @return [TTTLS13::SignatureScheme, nil]
+    def negotiated_signature_scheme
+      @signature_scheme
+    end
+
+    # @return [String]
+    def negotiated_alpn
+      @alpn
+    end
+
+    # @param label [String]
+    # @param context [String]
+    # @param key_length [Integer]
+    #
+    # @return [String, nil]
+    def exporter(label, context, key_length)
+      return nil if @exporter_secret.nil? || @cipher_suite.nil?
+
+      digest = CipherSuite.digest(@cipher_suite)
+      Endpoint.exporter(@exporter_secret, digest, label, context, key_length)
+    end
+
     private
 
     # @return [Boolean]
@@ -365,11 +424,12 @@ module TTTLS13
     # @return [TTTLS13::Message::ClientHello]
     # @return [String]
     def recv_client_hello(receivable_ccs)
-      ch, orig_msg = recv_message(
+      ch, orig_msg = @connection.recv_message(
         receivable_ccs: receivable_ccs,
         cipher: Cryptograph::Passer.new
       )
-      terminate(:unexpected_message) unless ch.is_a?(Message::ClientHello)
+      @connection.terminate(:unexpected_message) \
+        unless ch.is_a?(Message::ClientHello)
 
       [ch, orig_msg]
     end
@@ -385,8 +445,8 @@ module TTTLS13
         cipher_suite: cipher_suite,
         extensions: extensions
       )
-      send_handshakes(Message::ContentType::HANDSHAKE, [sh],
-                      Cryptograph::Passer.new)
+      @connection.send_handshakes(Message::ContentType::HANDSHAKE, [sh],
+                                  Cryptograph::Passer.new)
 
       sh
     end
@@ -420,8 +480,8 @@ module TTTLS13
         cipher_suite: cipher_suite,
         extensions: exs
       )
-      send_handshakes(Message::ContentType::HANDSHAKE, [sh],
-                      Cryptograph::Passer.new)
+      @connection.send_handshakes(Message::ContentType::HANDSHAKE, [sh],
+                                  Cryptograph::Passer.new)
 
       sh
     end
@@ -431,8 +491,8 @@ module TTTLS13
     #
     # @return [Array of TTTLS13::Message::$Object]
     def send_server_parameters(messages, cipher)
-      send_handshakes(Message::ContentType::APPLICATION_DATA,
-                      messages.reject(&:nil?), cipher)
+      @connection.send_handshakes(Message::ContentType::APPLICATION_DATA,
+                                  messages.reject(&:nil?), cipher)
 
       messages
     end
@@ -505,8 +565,10 @@ module TTTLS13
     # @return [TTTLS13::Message::Finished]
     # @return [String]
     def recv_finished(cipher)
-      cf, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
-      terminate(:unexpected_message) unless cf.is_a?(Message::Finished)
+      cf, orig_msg \
+        = @connection.recv_message(receivable_ccs: true, cipher: cipher)
+      @connection.terminate(:unexpected_message) \
+        unless cf.is_a?(Message::Finished)
 
       [cf, orig_msg]
     end
@@ -563,7 +625,7 @@ module TTTLS13
     #
     # @return [String]
     def sign_certificate_verify(key:, signature_scheme:, hash:)
-      do_sign_certificate_verify(
+      Endpoint.sign_certificate_verify(
         key: key,
         signature_scheme: signature_scheme,
         context: 'TLS 1.3, server CertificateVerify',
@@ -600,7 +662,7 @@ module TTTLS13
       algorithms = ch.extensions[Message::ExtensionType::SIGNATURE_ALGORITHMS]
                     &.supported_signature_algorithms || []
 
-      do_select_signature_algorithms(algorithms, crt).find do |ss|
+      Endpoint.select_signature_algorithms(algorithms, crt).find do |ss|
         @settings[:signature_algorithms].include?(ss)
       end
     end
@@ -614,7 +676,7 @@ module TTTLS13
                      &.server_name
       return true if server_name.nil?
 
-      matching_san?(crt, server_name)
+      Endpoint.matching_san?(crt, server_name)
     end
 
     # @return [OpenSSL::OCSP::Response, nil]

data/lib/tttls1.3/utils.rb

@@ -91,6 +91,43 @@ module TTTLS13
       def bin2i(binary)
         OpenSSL::BN.new(binary, 2).to_i
       end
+
+      # rubocop: disable Metrics/AbcSize
+      # rubocop: disable Metrics/CyclomaticComplexity
+      # rubocop: disable Metrics/PerceivedComplexity
+      def obj2html(obj)
+        if obj.is_a?(OpenSSL::X509::Certificate)
+          obj.to_pem.gsub("\n", '<br>')
+        elsif obj.is_a?(Numeric) ||
+              obj.is_a?(TrueClass) || obj.is_a?(FalseClass)
+          obj.pretty_print_inspect
+        elsif obj.is_a?(String) && obj.empty?
+          ''
+        elsif obj.is_a? String
+          '0x' + obj.unpack1('H*')
+        elsif obj.is_a? NilClass
+          ''
+        elsif obj.is_a? Array
+          '<ul>' + obj.map { |i| '<li>' + obj2html(i) + '</li>' }.join + '</ul>'
+        elsif obj.is_a? Hash
+          obj.map do |k, v|
+            '<details><summary>' + obj2html(k) + '</summary>' \
+            + obj2html(v) \
+            + '</details>'
+          end.join
+        elsif obj.is_a?(Object) && !obj.instance_variables.empty?
+          obj.instance_variables.map do |i|
+            '<details><summary>' + i[1..] + '</summary>' \
+            + obj2html(obj.instance_variable_get(i)) \
+            + '</details>'
+          end.join
+        else
+          obj.class.name
+        end
+      end
+      # rubocop: enable Metrics/AbcSize
+      # rubocop: enable Metrics/CyclomaticComplexity
+      # rubocop: enable Metrics/PerceivedComplexity
     end
   end
 end

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.3.0'
+  VERSION = '0.3.2'
 end

data/lib/tttls1.3.rb

@@ -21,7 +21,8 @@ require 'tttls1.3/key_schedule'
 require 'tttls1.3/message'
 require 'tttls1.3/sequence_number'
 require 'tttls1.3/sslkeylogfile'
-require 'tttls1.3/hpke'
+require 'tttls1.3/ech'
 require 'tttls1.3/connection'
+require 'tttls1.3/endpoint'
 require 'tttls1.3/client'
 require 'tttls1.3/server'

data/spec/client_spec.rb

@@ -129,10 +129,11 @@ RSpec.describe Client do
       client = Client.new(mock_socket, 'localhost')
       digest = CipherSuite.digest(cipher_suite)
       hash = transcript.hash(digest, EOED)
-      signature = client.send(:sign_finished,
-                              digest: digest,
-                              finished_key: finished_key,
-                              hash: hash)
+      signature = Endpoint.sign_finished(
+        digest: digest,
+        finished_key: finished_key,
+        hash: hash
+      )
       hs_wcipher = Cryptograph::Aead.new(
         cipher_suite: cipher_suite,
         write_key: TESTBINARY_CLIENT_FINISHED_WRITE_KEY,
@@ -215,20 +216,22 @@ RSpec.describe Client do
     it 'should verify server Finished' do
       digest = CipherSuite.digest(cipher_suite)
       hash = transcript.hash(digest, CV)
-      expect(client.send(:verified_finished?,
-                         finished: sf,
-                         digest: digest,
-                         finished_key: key_schedule.server_finished_key,
-                         hash: hash)).to be true
+      expect(Endpoint.verified_finished?(
+               finished: sf,
+               digest: digest,
+               finished_key: key_schedule.server_finished_key,
+               hash: hash
+             )).to be true
     end
 
     it 'should sign client Finished' do
       digest = CipherSuite.digest(cipher_suite)
       hash = transcript.hash(digest, EOED)
-      expect(client.send(:sign_finished,
-                         digest: digest,
-                         finished_key: key_schedule.client_finished_key,
-                         hash: hash)).to eq cf.verify_data
+      expect(Endpoint.sign_finished(
+               digest: digest,
+               finished_key: key_schedule.client_finished_key,
+               hash: hash
+             )).to eq cf.verify_data
     end
   end
 
@@ -240,18 +243,16 @@ RSpec.describe Client do
       Certificate.new(certificate_list: [CertificateEntry.new(server_crt)])
     end
 
-    let(:client) do
-      Client.new(nil, 'localhost')
-    end
-
     it 'should not certify certificate' do
-      expect(client.send(:trusted_certificate?, certificate.certificate_list))
+      expect(Endpoint.trusted_certificate?(certificate.certificate_list))
         .to be false
     end
 
     it 'should certify certificate, received path to private ca.crt' do
-      expect(client.send(:trusted_certificate?, certificate.certificate_list,
-                         __dir__ + '/fixtures/rsa_ca.crt')).to be true
+      expect(Endpoint.trusted_certificate?(
+               certificate.certificate_list,
+               __dir__ + '/fixtures/rsa_ca.crt'
+             )).to be true
     end
   end
 
@@ -270,44 +271,4 @@ RSpec.describe Client do
                          'SHA256')).to eq TESTBINARY_0_RTT_PSK
     end
   end
-
-  context 'EncodedClientHelloInner length' do
-    let(:server_name) do
-      'localhost'
-    end
-
-    let(:client) do
-      Client.new(nil, server_name)
-    end
-
-    let(:maximum_name_length) do
-      0
-    end
-
-    let(:encoded) do
-      extensions, = client.send(:gen_ch_extensions)
-      inner_ech = Message::Extension::ECHClientHello.new_inner
-      Message::ClientHello.new(
-        legacy_session_id: '',
-        cipher_suites: CipherSuites.new(DEFAULT_CH_CIPHER_SUITES),
-        extensions: extensions.merge(
-          Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => inner_ech
-        )
-      )
-    end
-
-    let(:padding_encoded_ch_inner) do
-      client.send(
-        :padding_encoded_ch_inner,
-        encoded.serialize[4..],
-        server_name.length,
-        maximum_name_length
-      )
-    end
-
-    it 'should be equal placeholder_encoded_ch_inner_len' do
-      expect(client.send(:placeholder_encoded_ch_inner_len))
-        .to eq padding_encoded_ch_inner.length
-    end
-  end
 end