tttls1.3 0.3.4 → 0.3.5

data/lib/tttls1.3/client.rb

@@ -37,6 +37,7 @@ module TTTLS13
   private_constant :DEFAULT_CH_SIGNATURE_ALGORITHMS
 
   DEFAULT_CH_NAMED_GROUP_LIST = [
+    NamedGroup::X25519,
     NamedGroup::SECP256R1,
     NamedGroup::SECP384R1,
     NamedGroup::SECP521R1
@@ -152,7 +153,6 @@ module TTTLS13
       @transcript = Transcript.new
       key_schedule = nil # TTTLS13::KeySchedule
       psk = nil
-      priv_keys = {} # Hash of NamedGroup => OpenSSL::PKey::$Object
       if use_psk?
         psk = gen_psk_from_nst(
           @settings[:resumption_secret],
@@ -160,13 +160,14 @@ module TTTLS13
           CipherSuite.digest(@settings[:psk_cipher_suite])
         )
         key_schedule = KeySchedule.new(
-          psk: psk,
+          psk:,
           shared_secret: nil,
           cipher_suite: @settings[:psk_cipher_suite],
           transcript: @transcript
         )
       end
 
+      shared_secret = nil # TTTLS13::SharedSecret
       hs_wcipher = nil # TTTLS13::Cryptograph::$Object
       hs_rcipher = nil # TTTLS13::Cryptograph::$Object
       e_wcipher = nil # TTTLS13::Cryptograph::$Object
@@ -189,7 +190,7 @@ module TTTLS13
         when ClientState::START
           logger.debug('ClientState::START')
 
-          extensions, priv_keys = gen_ch_extensions
+          extensions, shared_secret = gen_ch_extensions
           binder_key = (use_psk? ? key_schedule.binder_key_res : nil)
           ch, inner, ech_state = send_client_hello(extensions, binder_key)
           ch_outer = ch
@@ -280,8 +281,7 @@ module TTTLS13
               unless ngl.include?(group) && !kse.map(&:group).include?(group)
 
             # send new client_hello
-            extensions, pk = gen_newch_extensions(ch1, hrr)
-            priv_keys = pk.merge(priv_keys)
+            extensions, shared_secret = gen_newch_extensions(ch1, hrr)
             binder_key = (use_psk? ? key_schedule.binder_key_res : nil)
             ch, inner = send_new_client_hello(
               ch1,
@@ -312,15 +312,14 @@ module TTTLS13
           @connection.terminate(:illegal_parameter) unless ch_ks.include?(sh_ks)
 
           kse = sh.extensions[Message::ExtensionType::KEY_SHARE]
-                  .key_share_entry.first
+                  .key_share_entry
+                  .first
           ke = kse.key_exchange
           @named_group = kse.group
-          priv_key = priv_keys[@named_group]
-          shared_secret = Endpoint.gen_shared_secret(ke, priv_key, @named_group)
           @cipher_suite = sh.cipher_suite
           key_schedule = KeySchedule.new(
-            psk: psk,
-            shared_secret: shared_secret,
+            psk:,
+            shared_secret: shared_secret.build(@named_group, ke),
             cipher_suite: @cipher_suite,
             transcript: @transcript
           )
@@ -456,7 +455,7 @@ module TTTLS13
           @connection.terminate(:decrypt_error) \
             unless Endpoint.verified_finished?(
               finished: sf,
-              digest: digest,
+              digest:,
               finished_key: key_schedule.server_finished_key,
               hash: @transcript.hash(digest, CV)
             )
@@ -467,7 +466,7 @@ module TTTLS13
           end
           # TODO: Send Certificate [+ CertificateVerify]
           signature = Endpoint.sign_finished(
-            digest: digest,
+            digest:,
             finished_key: key_schedule.client_finished_key,
             hash: @transcript.hash(digest, EOED)
           )
@@ -690,25 +689,49 @@ module TTTLS13
     # rubocop: enable Metrics/CyclomaticComplexity
     # rubocop: enable Metrics/PerceivedComplexity
 
+    # @return [Boolean]
+    def use_alpn?
+      !@settings[:alpn].nil? && !@settings[:alpn].empty?
+    end
+
+    # @return [Boolean]
+    def use_signature_algorithms_cert?
+      !@settings[:signature_algorithms_cert].nil? &&
+        !@settings[:signature_algorithms_cert].empty?
+    end
+
+    # @return [Boolean]
+    def use_compress_certificate?
+      !@settings[:compress_certificate_algorithms].nil? &&
+        !@settings[:compress_certificate_algorithms].empty?
+    end
+
+    # @return [Boolean]
+    def use_record_size_limit?
+      !@settings[:record_size_limit].nil?
+    end
+
     # @return [Boolean]
     def use_psk?
-      !@settings[:ticket].nil? &&
-        !@settings[:resumption_secret].nil? &&
-        !@settings[:psk_cipher_suite].nil? &&
-        !@settings[:ticket_nonce].nil? &&
-        !@settings[:ticket_age_add].nil? &&
-        !@settings[:ticket_timestamp].nil?
+      %i[
+        ticket
+        resumption_secret
+        psk_cipher_suite
+        ticket_nonce
+        ticket_age_add
+        ticket_timestamp
+      ].all? { |sy| !@settings[sy].nil? }
     end
 
     # @return [Boolean]
     def use_early_data?
-      !(@early_data.nil? || @early_data.empty?)
+      !@early_data.nil? && !@early_data.empty?
     end
 
     # @return [Boolean]
     def use_ech?
-      !@settings[:ech_hpke_cipher_suites].nil? &&
-        !@settings[:ech_hpke_cipher_suites].empty?
+      ehcs = @settings[:ech_hpke_cipher_suites]
+      !ehcs.nil? && !ehcs.empty?
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]
@@ -718,7 +741,7 @@ module TTTLS13
         type: Message::ContentType::APPLICATION_DATA,
         legacy_record_version: Message::ProtocolVersion::TLS_1_2,
         messages: [ap],
-        cipher: cipher
+        cipher:
       )
       @connection.send_record(ap_record)
     end
@@ -735,18 +758,16 @@ module TTTLS13
     end
 
     # @return [TTTLS13::Message::Extensions]
-    # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
+    # @return [TTTLS13::SharedSecret]
     # rubocop: disable Metrics/AbcSize
-    # rubocop: disable Metrics/CyclomaticComplexity
     # rubocop: disable Metrics/MethodLength
-    # rubocop: disable Metrics/PerceivedComplexity
     def gen_ch_extensions
       exs = Message::Extensions.new
       # server_name
       exs << Message::Extension::ServerName.new(@hostname)
 
       # record_size_limit
-      unless @settings[:record_size_limit].nil?
+      if use_record_size_limit?
         exs << Message::Extension::RecordSizeLimit.new(
           @settings[:record_size_limit]
         )
@@ -763,8 +784,7 @@ module TTTLS13
       )
 
       # signature_algorithms_cert
-      if !@settings[:signature_algorithms_cert].nil? &&
-         !@settings[:signature_algorithms_cert].empty?
+      if use_signature_algorithms_cert?
         exs << Message::Extension::SignatureAlgorithmsCert.new(
           @settings[:signature_algorithms_cert]
         )
@@ -776,7 +796,7 @@ module TTTLS13
 
       # key_share
       ksg = @settings[:key_share_groups] || groups
-      key_share, priv_keys \
+      key_share, shared_secret \
                  = Message::Extension::KeyShare.gen_ch_key_share(ksg)
       exs << key_share
 
@@ -784,28 +804,24 @@ module TTTLS13
       exs << Message::Extension::EarlyDataIndication.new if use_early_data?
 
       # alpn
-      exs << Message::Extension::Alpn.new(@settings[:alpn].reject(&:empty?)) \
-        if !@settings[:alpn].nil? && !@settings[:alpn].empty?
+      exs << Message::Extension::Alpn.new(@settings[:alpn]) if use_alpn?
 
       # status_request
       exs << Message::Extension::OCSPStatusRequest.new \
         if @settings[:check_certificate_status]
 
       # compress_certificate
-      if !@settings[:compress_certificate_algorithms].nil? &&
-         !@settings[:compress_certificate_algorithms].empty?
+      if use_compress_certificate?
         exs << Message::Extension::CompressCertificate.new(
           @settings[:compress_certificate_algorithms]
         )
       end
 
-      [exs, priv_keys]
+      [exs, shared_secret]
     end
+
     # rubocop: enable Metrics/AbcSize
-    # rubocop: enable Metrics/CyclomaticComplexity
     # rubocop: enable Metrics/MethodLength
-    # rubocop: enable Metrics/PerceivedComplexity
-
     # @param extensions [TTTLS13::Message::Extensions]
     # @param binder_key [String, nil]
     #
@@ -816,7 +832,7 @@ module TTTLS13
     def send_client_hello(extensions, binder_key = nil)
       ch = Message::ClientHello.new(
         cipher_suites: CipherSuites.new(@settings[:cipher_suites]),
-        extensions: extensions
+        extensions:
       )
 
       # encrypted_client_hello
@@ -849,8 +865,8 @@ module TTTLS13
       # at the end, sign PSK binder
       if use_psk?
         sign_psk_binder(
-          ch: ch,
-          binder_key: binder_key
+          ch:,
+          binder_key:
         )
 
         if use_ech?
@@ -874,7 +890,7 @@ module TTTLS13
     # @param binder_key [String]
     #
     # @return [String]
-    def sign_psk_binder(ch1: nil, hrr: nil, ch:, binder_key:)
+    def sign_psk_binder(ch:, binder_key:, ch1: nil, hrr: nil)
       # pre_shared_key
       #
       # binder is computed as an HMAC over a transcript hash containing a
@@ -898,11 +914,11 @@ module TTTLS13
       ch.extensions[Message::ExtensionType::PRE_SHARED_KEY] = psk
 
       psk.offered_psks.binders[0] = Endpoint.sign_psk_binder(
-        ch1: ch1,
-        hrr: hrr,
-        ch: ch,
-        binder_key: binder_key,
-        digest: digest
+        ch1:,
+        hrr:,
+        ch:,
+        binder_key:,
+        digest:
       )
     end
 
@@ -913,11 +929,8 @@ module TTTLS13
     # @param binder_key [String]
     #
     # @return [String]
-    def sign_grease_psk_binder(ch1: nil,
-                               hrr: nil,
-                               ch_outer:,
-                               inner_psk:,
-                               binder_key:)
+    def sign_grease_psk_binder(ch_outer:, inner_psk:, binder_key:, ch1: nil,
+                               hrr: nil)
       digest = CipherSuite.digest(@settings[:psk_cipher_suite])
       hash_len = OpenSSL::Digest.new(digest).digest_length
       placeholder_binders = [hash_len.zeros]
@@ -939,7 +952,7 @@ module TTTLS13
         msg_type: Message::HandshakeType::CLIENT_HELLO,
         offered_psks: Message::Extension::OfferedPsks.new(
           identities: [Message::Extension::PskIdentity.new(
-            identity: identity,
+            identity:,
             obfuscated_ticket_age: ota
           )],
           binders: placeholder_binders
@@ -948,11 +961,11 @@ module TTTLS13
       ch_outer.extensions[Message::ExtensionType::PRE_SHARED_KEY] = psk
 
       psk.offered_psks.binders[0] = Endpoint.sign_psk_binder(
-        ch1: ch1,
-        hrr: hrr,
+        ch1:,
+        hrr:,
         ch: ch_outer,
-        binder_key: binder_key,
-        digest: digest
+        binder_key:,
+        digest:
       )
     end
 
@@ -977,14 +990,14 @@ module TTTLS13
     # @param hrr [TTTLS13::Message::ServerHello]
     #
     # @return [TTTLS13::Message::Extensions]
-    # @return [Hash of NamedGroup => OpenSSL::PKey::EC.$Object]
+    # @return [TTTLS13::SharedSecret]
     def gen_newch_extensions(ch1, hrr)
       exs = Message::Extensions.new
       # key_share
       if hrr.extensions.include?(Message::ExtensionType::KEY_SHARE)
         group = hrr.extensions[Message::ExtensionType::KEY_SHARE]
                    .key_share_entry.first.group
-        key_share, priv_keys \
+        key_share, shared_secret \
           = Message::Extension::KeyShare.gen_ch_key_share([group])
         exs << key_share
       end
@@ -1004,7 +1017,7 @@ module TTTLS13
       new_exs = ch1.extensions.merge(exs)
       new_exs.delete(Message::ExtensionType::EARLY_DATA)
 
-      [new_exs, priv_keys]
+      [new_exs, shared_secret]
     end
 
     # https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.2
@@ -1030,7 +1043,7 @@ module TTTLS13
         legacy_session_id: ch1.legacy_session_id,
         cipher_suites: ch1.cipher_suites,
         legacy_compression_methods: ch1.legacy_compression_methods,
-        extensions: extensions
+        extensions:
       )
 
       # encrypted_client_hello
@@ -1052,7 +1065,7 @@ module TTTLS13
       # Updating the "pre_shared_key" extension if present by recomputing
       # the "obfuscated_ticket_age" and binder values.
       if ch1.extensions.include?(Message::ExtensionType::PRE_SHARED_KEY)
-        sign_psk_binder(ch1: ch1, hrr: hrr, ch: ch, binder_key: binder_key)
+        sign_psk_binder(ch1:, hrr:, ch:, binder_key:)
 
         if use_ech?
           # it MUST also copy the "psk_key_exchange_modes" from the
@@ -1063,11 +1076,11 @@ module TTTLS13
           ch.extensions[Message::ExtensionType::EARLY_DATA] \
             = inner.extensions[Message::ExtensionType::EARLY_DATA]
           sign_grease_psk_binder(
-            ch1: ch1,
-            hrr: hrr,
+            ch1:,
+            hrr:,
             ch_outer: ch,
             inner_psk: inner.extensions[Message::ExtensionType::PRE_SHARED_KEY],
-            binder_key: binder_key
+            binder_key:
           )
         end
       end
@@ -1103,7 +1116,7 @@ module TTTLS13
     # @return [String]
     def recv_encrypted_extensions(cipher)
       ee, orig_msg \
-        = @connection.recv_message(receivable_ccs: true, cipher: cipher)
+        = @connection.recv_message(receivable_ccs: true, cipher:)
       @connection.terminate(:unexpected_message) \
         unless ee.is_a?(Message::EncryptedExtensions)
 
@@ -1118,7 +1131,7 @@ module TTTLS13
     # @return [String]
     def recv_certificate(cipher)
       ct, orig_msg \
-        = @connection.recv_message(receivable_ccs: true, cipher: cipher)
+        = @connection.recv_message(receivable_ccs: true, cipher:)
       @connection.terminate(:unexpected_message) \
         unless ct.is_a?(Message::Certificate)
 
@@ -1133,7 +1146,7 @@ module TTTLS13
     # @return [String]
     def recv_certificate_verify(cipher)
       cv, orig_msg \
-        = @connection.recv_message(receivable_ccs: true, cipher: cipher)
+        = @connection.recv_message(receivable_ccs: true, cipher:)
       @connection.terminate(:unexpected_message) \
         unless cv.is_a?(Message::CertificateVerify)
 
@@ -1148,7 +1161,7 @@ module TTTLS13
     # @return [String]
     def recv_finished(cipher)
       sf, orig_msg \
-        = @connection.recv_message(receivable_ccs: true, cipher: cipher)
+        = @connection.recv_message(receivable_ccs: true, cipher:)
       @connection.terminate(:unexpected_message) \
         unless sf.is_a?(Message::Finished)
 
@@ -1203,7 +1216,7 @@ module TTTLS13
       if @settings[:check_certificate_status]
         ee = ct.certificate_list.first
         ocsp_response = ee.extensions[Message::ExtensionType::STATUS_REQUEST]
-                         &.ocsp_response
+                          &.ocsp_response
         cert = ee.cert_data
         chain = ct.certificate_list[1..]&.map(&:cert_data)
         return :bad_certificate_status_response \
@@ -1224,11 +1237,11 @@ module TTTLS13
       signature = cv.signature
 
       Endpoint.verified_certificate_verify?(
-        public_key: public_key,
-        signature_scheme: signature_scheme,
-        signature: signature,
+        public_key:,
+        signature_scheme:,
+        signature:,
         context: 'TLS 1.3, server CertificateVerify',
-        hash: hash
+        hash:
       )
     end
 

data/lib/tttls1.3/connection.rb

@@ -9,10 +9,7 @@ module TTTLS13
   class Connection
     include Logging
 
-    attr_accessor :state
-    attr_accessor :ap_wcipher
-    attr_accessor :ap_rcipher
-    attr_accessor :alert_wcipher
+    attr_accessor :state, :ap_wcipher, :ap_rcipher, :alert_wcipher
 
     # @param socket [Socket]
     # @param side [:client or :server]
@@ -34,8 +31,6 @@ module TTTLS13
     # @raise [TTTLS13::Error::ConfigError]
     #
     # @return [String]
-    # rubocop: disable Metrics/CyclomaticComplexity
-    # rubocop: disable Metrics/PerceivedComplexity
     def read(nst_process)
       # secure channel has not established yet
       raise Error::ConfigError \
@@ -58,8 +53,6 @@ module TTTLS13
 
       message.fragment
     end
-    # rubocop: enable Metrics/CyclomaticComplexity
-    # rubocop: enable Metrics/PerceivedComplexity
 
     # @return [Boolean]
     def eof?
@@ -91,9 +84,9 @@ module TTTLS13
     # @param cipher [TTTLS13::Cryptograph::Aead, Passer]
     def send_handshakes(type, messages, cipher)
       record = Message::Record.new(
-        type: type,
-        messages: messages,
-        cipher: cipher
+        type:,
+        messages:,
+        cipher:
       )
       send_record(record)
     end
@@ -115,7 +108,7 @@ module TTTLS13
         type: Message::ContentType::APPLICATION_DATA,
         legacy_record_version: Message::ProtocolVersion::TLS_1_2,
         messages: [message],
-        cipher: cipher
+        cipher:
       )
       send_record(ap_record)
     end
@@ -129,7 +122,7 @@ module TTTLS13
       type = Message::ContentType::APPLICATION_DATA \
         if @alert_wcipher.is_a?(Cryptograph::Aead)
       alert_record = Message::Record.new(
-        type: type,
+        type:,
         legacy_record_version: Message::ProtocolVersion::TLS_1_2,
         messages: [message],
         cipher: @alert_wcipher
@@ -150,7 +143,6 @@ module TTTLS13
     #
     # @return [TTTLS13::Message::$Object]
     # @return [String]
-    # rubocop: disable Metrics/CyclomaticComplexity
     def recv_message(receivable_ccs:, cipher:)
       return @message_queue.shift unless @message_queue.empty?
 
@@ -184,7 +176,6 @@ module TTTLS13
 
       [message, orig_msg]
     end
-    # rubocop: enable Metrics/CyclomaticComplexity
 
     # @param cipher [TTTLS13::Cryptograph::Aead, Passer]
     #

data/lib/tttls1.3/cryptograph/aead.rb

@@ -17,14 +17,15 @@ module TTTLS13
         @cipher_suite = cipher_suite
         case cipher_suite
         when CipherSuite::TLS_AES_128_GCM_SHA256
-          @cipher = OpenSSL::Cipher::AES128.new(:GCM)
+          @cipher = OpenSSL::Cipher.new('aes-128-gcm')
         when CipherSuite::TLS_AES_256_GCM_SHA384
-          @cipher = OpenSSL::Cipher::AES256.new(:GCM)
+          @cipher = OpenSSL::Cipher.new('aes-256-gcm')
         when CipherSuite::TLS_CHACHA20_POLY1305_SHA256
           @cipher = OpenSSL::Cipher.new('chacha20-poly1305')
+        when CipherSuite::TLS_AES_128_CCM_SHA256,
+             CipherSuite::TLS_AES_128_CCM_8_SHA256
+          @cipher = OpenSSL::Cipher.new('aes-128-ccm')
         else
-          # CipherSuite::TLS_AES_128_CCM_SHA256
-          # CipherSuite::TLS_AES_128_CCM_8_SHA256
           raise Error::ErrorAlerts, :internal_error
         end
         @write_key = write_key
@@ -42,12 +43,14 @@ module TTTLS13
       # @return [String]
       def encrypt(content, type)
         cipher = reset_cipher
-        plaintext = content + type + @length_of_padding.zeros
-        cipher.auth_data = additional_data(plaintext.length)
-        encrypted_data = cipher.update(plaintext) + cipher.final
+        plain_text = content + type + @length_of_padding.zeros
+        cipher.ccm_data_len = plain_text.length \
+          if CipherSuite.ccm?(@cipher_suite)
+        cipher.auth_data = additional_data(plain_text.length)
+        cipher_text = cipher.update(plain_text) + cipher.final
         @sequence_number.succ
 
-        encrypted_data + cipher.auth_tag
+        cipher_text + cipher.auth_tag
       end
 
       #     AEAD-Decrypt(peer_write_key, nonce,
@@ -62,16 +65,19 @@ module TTTLS13
       # @return [TTTLS13::Message::ContentType]
       def decrypt(encrypted_record, auth_data)
         decipher = reset_decipher
-        auth_tag = encrypted_record[-@auth_tag_len..-1]
+        cipher_text = encrypted_record[0...-@auth_tag_len]
+        decipher.ccm_data_len = cipher_text.length \
+          if CipherSuite.ccm?(@cipher_suite)
+        auth_tag = encrypted_record[-@auth_tag_len..]
         decipher.auth_tag = auth_tag
         decipher.auth_data = auth_data # record header of TLSCiphertext
-        clear = decipher.update(encrypted_record[0...-@auth_tag_len])
+        plain_text = decipher.update(cipher_text)
         decipher.final
-        zeros_len = scan_zeros(clear)
+        zeros_len = scan_zeros(plain_text)
         postfix_len = 1 + zeros_len # type || zeros
         @sequence_number.succ
 
-        [clear[0...-postfix_len], clear[-postfix_len]]
+        [plain_text[0...-postfix_len], plain_text[-postfix_len]]
       end
 
       #     struct {
@@ -102,9 +108,11 @@ module TTTLS13
       def reset_cipher
         cipher = @cipher.encrypt
         cipher.reset
+        cipher.auth_tag_len = @auth_tag_len \
+          if CipherSuite.ccm?(@cipher_suite)
+        cipher.iv_len = CipherSuite.iv_len(@cipher_suite)
         cipher.key = @write_key
-        iv_len = CipherSuite.iv_len(@cipher_suite)
-        cipher.iv = @sequence_number.xor(@write_iv, iv_len)
+        cipher.iv = @sequence_number.xor(@write_iv, cipher.iv_len)
 
         cipher
       end
@@ -113,9 +121,11 @@ module TTTLS13
       def reset_decipher
         decipher = @cipher.decrypt
         decipher.reset
+        decipher.auth_tag_len = @auth_tag_len \
+          if CipherSuite.ccm?(@cipher_suite)
+        decipher.iv_len = CipherSuite.iv_len(@cipher_suite)
         decipher.key = @write_key
-        iv_len = CipherSuite.iv_len(@cipher_suite)
-        decipher.iv = @sequence_number.xor(@write_iv, iv_len)
+        decipher.iv = @sequence_number.xor(@write_iv, decipher.iv_len)
 
         decipher
       end

data/lib/tttls1.3/ech.rb

@@ -209,9 +209,9 @@ module TTTLS13
                               payload_len,
                               server_name)
       aad_ech = Message::Extension::ECHClientHello.new_outer(
-        cipher_suite: cipher_suite,
-        config_id: config_id,
-        enc: enc,
+        cipher_suite:,
+        config_id:,
+        enc:,
         payload: payload_len.zeros
       )
       Message::ClientHello.new(
@@ -237,10 +237,10 @@ module TTTLS13
     # @return [TTTLS13::Message::ClientHello]
     def self.new_ch_outer(aad, cipher_suite, config_id, enc, payload)
       outer_ech = Message::Extension::ECHClientHello.new_outer(
-        cipher_suite: cipher_suite,
-        config_id: config_id,
-        enc: enc,
-        payload: payload
+        cipher_suite:,
+        config_id:,
+        enc:,
+        payload:
       )
       Message::ClientHello.new(
         legacy_version: aad.legacy_version,
@@ -284,16 +284,16 @@ module TTTLS13
                     + aead_id2overhead_len(AeadId::AES_128_GCM)
 
       Message::Extension::ECHClientHello.new_outer(
-        cipher_suite: cipher_suite,
+        cipher_suite:,
         config_id: Convert.bin2i(OpenSSL::Random.random_bytes(1)),
-        enc: enc,
+        enc:,
         payload: OpenSSL::Random.random_bytes(payload_len)
       )
     end
 
     # @return [Integer]
     def self.placeholder_encoded_ch_inner_len
-      448
+      480
     end
 
     # @param inner [TTTLS13::Message::ClientHello]
@@ -399,11 +399,7 @@ module TTTLS13
   end
 
   class EchState
-    attr_reader :maximum_name_length
-    attr_reader :config_id
-    attr_reader :cipher_suite
-    attr_reader :public_name
-    attr_reader :ctx
+    attr_reader :maximum_name_length, :config_id, :cipher_suite, :public_name, :ctx
 
     # @param maximum_name_length [Integer]
     # @param config_id [Integer]