refactor: remove unused cf circl ech config

Remove code using cloudflare circl's ECHConfig since ech has been
implemented via the standard library. Given that real ech was never
implemented using cf circl code in utls, this shouldn't be breaking any
user's code from what I can tell.

Author: mingyech

common.go

@@ -316,11 +316,6 @@ type ConnectionState struct {
 	// testingOnlyCurveID is the selected CurveID, or zero if an RSA exchanges
 	// is performed.
 	testingOnlyCurveID CurveID
-
-	// ECHRetryConfigs contains the ECH retry configurations sent by the server in
-	// EncryptedExtensions message. It is only populated if the server sent the
-	// ech extension in EncryptedExtensions message.
-	ECHRetryConfigs []ECHConfig // [uTLS]
 }
 
 // ExportKeyingMaterial returns length bytes of exported key material in a new
@@ -919,17 +914,6 @@ type Config struct {
 	// autoSessionTicketKeys is like sessionTicketKeys but is owned by the
 	// auto-rotation logic. See Config.ticketKeys.
 	autoSessionTicketKeys []ticketKey
-
-	// ECHConfigs contains the ECH configurations to be used by the ECH
-	// extension if any.
-	// It could either be distributed by the server in EncryptedExtensions
-	// message or out-of-band.
-	//
-	// If ECHConfigs is nil and an ECH extension is present, GREASEd ECH
-	// extension will be sent.
-	//
-	// If GREASE ECH extension is present, this field will be ignored.
-	ECHConfigs []ECHConfig // [uTLS]
 }
 
 // EncryptedClientHelloKey holds a private key that is associated
@@ -1036,7 +1020,6 @@ func (c *Config) Clone() *Config {
 		autoSessionTicketKeys:               c.autoSessionTicketKeys,
 
 		PreferSkipResumptionOnNilExtension: c.PreferSkipResumptionOnNilExtension, // [UTLS]
-		ECHConfigs:                         c.ECHConfigs,                         // [uTLS]
 	}
 }
 

go.mod

@@ -9,7 +9,6 @@ retract (
 
 require (
 	github.com/andybalholm/brotli v1.0.6
-	github.com/cloudflare/circl v1.5.0
 	github.com/klauspost/compress v1.17.4
 	golang.org/x/crypto v0.36.0
 	golang.org/x/net v0.38.0

go.sum

@@ -1,7 +1,5 @@
 github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
 github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
-github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
 github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=

tls_test.go

@@ -903,8 +903,6 @@ func TestCloneNonFuncFields(t *testing.T) {
 			continue // these are unexported fields that are handled separately
 		case "ApplicationSettings": // [UTLS] ALPS (Application Settings)
 			f.Set(reflect.ValueOf(map[string][]byte{"a": {1}}))
-		case "ECHConfigs": // [UTLS] ECH (Encrypted Client Hello) Configs
-			f.Set(reflect.ValueOf([]ECHConfig{{Version: 1}}))
 		default:
 			t.Errorf("all fields must be accounted for, but saw unknown field %q", fn)
 		}

u_conn.go

@@ -841,7 +841,6 @@ func (c *Conn) utlsHandshakeMessageType(msgType byte) (handshakeMessage, error)
 // Extending (*Conn).connectionStateLocked()
 func (c *Conn) utlsConnectionStateLocked(state *ConnectionState) {
 	state.PeerApplicationSettings = c.utls.peerApplicationSettings
-	state.ECHRetryConfigs = c.utls.echRetryConfigs
 }
 
 type utlsConnExtraFields struct {
@@ -850,9 +849,6 @@ type utlsConnExtraFields struct {
 	localApplicationSettings     []byte
 	applicationSettingsCodepoint uint16
 
-	// Encrypted Client Hello (ECH)
-	echRetryConfigs []ECHConfig
-
 	sessionController *sessionController
 }
 

u_ech.go

@@ -26,9 +26,6 @@ type EncryptedClientHelloExtension interface {
 	// TLSExtension must be implemented by all EncryptedClientHelloExtension implementations.
 	TLSExtension
 
-	// Configure configures the EncryptedClientHelloExtension with the given slice of ECHConfig.
-	Configure([]ECHConfig) error
-
 	// MarshalClientHello is called by (*UConn).MarshalClientHello() when an ECH extension
 	// is present to allow the ECH extension to take control of the generation of the
 	// entire ClientHello message.
@@ -202,11 +199,6 @@ func (g *GREASEEncryptedClientHelloExtension) Read(b []byte) (int, error) {
 	return g.Len(), io.EOF
 }
 
-// Configure implements EncryptedClientHelloExtension.
-func (*GREASEEncryptedClientHelloExtension) Configure([]ECHConfig) error {
-	return nil // no-op, it is not possible to configure a GREASE extension for now
-}
-
 // MarshalClientHello implements EncryptedClientHelloExtension.
 func (*GREASEEncryptedClientHelloExtension) MarshalClientHello(*UConn) error {
 	return errors.New("tls: grease ech: MarshalClientHello() is not implemented, use (*UConn).MarshalClientHello() instead")
@@ -289,11 +281,6 @@ func (*UnimplementedECHExtension) Read(_ []byte) (int, error) {
 	return 0, errors.New("tls: unimplemented ECHExtension")
 }
 
-// Configure implements EncryptedClientHelloExtension.
-func (*UnimplementedECHExtension) Configure([]ECHConfig) error {
-	return errors.New("tls: unimplemented ECHExtension")
-}
-
 // MarshalClientHello implements EncryptedClientHelloExtension.
 func (*UnimplementedECHExtension) MarshalClientHello(*UConn) error {
 	return errors.New("tls: unimplemented ECHExtension")

u_ech_config.go

@@ -145,7 +145,6 @@ func (hs *clientHandshakeStateTLS13) sendClientEncryptedExtensions() error {
 func (hs *clientHandshakeStateTLS13) utlsReadServerParameters(encryptedExtensions *encryptedExtensionsMsg) error {
 	hs.c.utls.peerApplicationSettings = encryptedExtensions.utls.applicationSettings
 	hs.c.utls.applicationSettingsCodepoint = encryptedExtensions.utls.applicationSettingsCodepoint
-	hs.c.utls.echRetryConfigs = encryptedExtensions.utls.echRetryConfigs
 
 	if hs.c.utls.applicationSettingsCodepoint != 0 {
 		if hs.uconn.vers < VersionTLS13 {
@@ -165,23 +164,6 @@ func (hs *clientHandshakeStateTLS13) utlsReadServerParameters(encryptedExtension
 		}
 	}
 
-	if len(hs.c.utls.echRetryConfigs) > 0 {
-		if hs.uconn.vers < VersionTLS13 {
-			return errors.New("tls: server sent ECH retry configs at invalid version")
-		}
-
-		// find ECH extension in ClientHello
-		var echIncluded bool
-		for _, ext := range hs.uconn.Extensions {
-			if _, ok := ext.(ECHExtension); ok {
-				echIncluded = true
-			}
-		}
-		if !echIncluded {
-			return errors.New("tls: server sent ECH retry configs without client sending ECH extension")
-		}
-	}
-
 	return nil
 }
 

u_handshake_client.go

@@ -56,7 +56,6 @@ func (m *utlsCompressedCertificateMsg) unmarshal(data []byte) bool {
 type utlsEncryptedExtensionsMsgExtraFields struct {
 	applicationSettings          []byte
 	applicationSettingsCodepoint uint16
-	echRetryConfigs              []ECHConfig
 	customExtension              []byte
 }
 
@@ -67,12 +66,6 @@ func (m *encryptedExtensionsMsg) utlsUnmarshal(extension uint16, extData cryptob
 	case utlsExtensionApplicationSettingsNew:
 		m.utls.applicationSettingsCodepoint = extension
 		m.utls.applicationSettings = []byte(extData)
-	case utlsExtensionECH:
-		var err error
-		m.utls.echRetryConfigs, err = UnmarshalECHConfigs([]byte(extData))
-		if err != nil {
-			return false
-		}
 	}
 	return true // success/unknown extension
 }

u_handshake_messages.go

@@ -1,7 +1,6 @@
 package tls
 
 import (
-	"github.com/cloudflare/circl/kem"
 	"github.com/refraction-networking/utls/internal/hpke"
 )
 
@@ -15,14 +14,6 @@ type HPKESymmetricCipherSuite struct {
 	AeadId HPKE_AEAD_ID
 }
 
-type HPKEKeyConfig struct {
-	ConfigId     uint8
-	KemId        HPKE_KEM_ID
-	PublicKey    kem.PublicKey
-	rawPublicKey HPKERawPublicKey
-	CipherSuites []HPKESymmetricCipherSuite
-}
-
 const defaultHpkeKdf = hpke.KDF_HKDF_SHA256
 const defaultHpkeKem = hpke.DHKEM_X25519_HKDF_SHA256
 const defaultHpkeAead = hpke.AEAD_AES_128_GCM