lemon-tls 0.1.0 → 0.2.0

package/index.d.ts

@@ -0,0 +1,283 @@
+/// <reference types="node" />
+
+import { Duplex } from 'node:stream';
+import { EventEmitter } from 'node:events';
+import type { Server as NetServer } from 'node:net';
+
+// ======================== Types ========================
+
+export interface SecureContext {
+  certificateChain: Array<{ cert: Buffer }>;
+  privateKey: any;
+}
+
+export interface CipherInfo {
+  name: string;
+  standardName: string;
+  version: string;
+}
+
+export interface PeerCertificate {
+  subject: string;
+  issuer: string;
+  subjectaltname?: string;
+  valid_from: string;
+  valid_to: string;
+  fingerprint: string;
+  fingerprint256: string;
+  serialNumber: string;
+  raw: Buffer;
+}
+
+export interface EphemeralKeyInfo {
+  type: 'X25519' | 'ECDH' | 'DH';
+  name?: string;
+  size: number;
+}
+
+export interface JA3Result {
+  hash: string;
+  raw: string;
+}
+
+export interface NegotiationResult {
+  version: number | null;
+  versionName: string | null;
+  cipher: number | null;
+  cipherName: string | null;
+  group: number | null;
+  groupName: string | null;
+  signatureAlgorithm: number | null;
+  alpn: string | null;
+  sni: string | null;
+  resumed: boolean;
+  helloRetried: boolean;
+  handshakeDuration: number | null;
+}
+
+export interface SessionTicketData {
+  ticket: Buffer;
+  ticket_nonce: Buffer;
+  psk: Buffer;
+  cipher: number;
+  lifetime: number;
+  age_add: number;
+  maxEarlyDataSize: number;
+}
+
+export interface CertificateCallbackInfo {
+  servername: string | null;
+  version: number | null;
+  ciphers: number[];
+  sigalgs: number[];
+  groups: number[];
+  alpns: string[];
+}
+
+// ======================== TLSSocket Options ========================
+
+export interface TLSSocketOptions {
+  isServer?: boolean;
+  servername?: string;
+  SNICallback?: (servername: string, cb: (err: Error | null, ctx: SecureContext | null) => void) => void;
+  minVersion?: 'TLSv1.2' | 'TLSv1.3';
+  maxVersion?: 'TLSv1.2' | 'TLSv1.3';
+  ALPNProtocols?: string[];
+  rejectUnauthorized?: boolean;
+  ca?: Buffer | string;
+  ticketKeys?: Buffer;
+  session?: SessionTicketData;
+  requestCert?: boolean;
+  cert?: Buffer | string;
+  key?: Buffer | string;
+
+  // LemonTLS-only options
+  noTickets?: boolean;
+  signatureAlgorithms?: number[];
+  groups?: number[];
+  prioritizeChaCha?: boolean;
+  maxRecordSize?: number;
+  allowedCipherSuites?: number[];
+  pins?: string[];
+  handshakeTimeout?: number;
+  maxHandshakeSize?: number;
+  certificateCallback?: (info: CertificateCallbackInfo, cb: (err: Error | null, ctx: SecureContext | null) => void) => void;
+  customExtensions?: Array<{ type: number; data: Uint8Array }>;
+}
+
+// ======================== TLSSocket ========================
+
+export class TLSSocket extends Duplex {
+  constructor(transport: Duplex | null, options: TLSSocketOptions);
+
+  // Node.js compatible
+  getProtocol(): string | null;
+  getCipher(): CipherInfo | null;
+  getPeerCertificate(): PeerCertificate | null;
+  isSessionReused(): boolean;
+  getFinished(): Buffer | null;
+  getPeerFinished(): Buffer | null;
+  exportKeyingMaterial(length: number, label: string, context: Buffer): Buffer;
+  getEphemeralKeyInfo(): EphemeralKeyInfo;
+  disableRenegotiation(): void;
+  setServername(name: string): void;
+  setSocket(transport: Duplex): void;
+
+  readonly isResumed: boolean;
+  readonly authorized: boolean;
+  readonly authorizationError: string | null;
+  readonly alpnProtocol: string | false;
+  readonly encrypted: boolean;
+
+  // LemonTLS-only
+  getSession(): TLSSession;
+  readonly handshakeDuration: number | null;
+  getJA3(): JA3Result | null;
+  getSharedSecret(): Buffer | null;
+  getNegotiationResult(): NegotiationResult | null;
+  rekeySend(): void;
+  rekeyBoth(): void;
+
+  // Events
+  on(event: 'secureConnect', listener: () => void): this;
+  on(event: 'data', listener: (data: Buffer) => void): this;
+  on(event: 'session', listener: (data: SessionTicketData) => void): this;
+  on(event: 'keyUpdate', listener: (direction: 'send' | 'receive') => void): this;
+  on(event: 'keylog', listener: (line: Buffer) => void): this;
+  on(event: 'clienthello', listener: (raw: Buffer, parsed: any) => void): this;
+  on(event: 'handshakeMessage', listener: (type: string, raw: Buffer, parsed: any) => void): this;
+  on(event: 'certificateRequest', listener: (msg: any) => void): this;
+  on(event: 'error', listener: (err: Error) => void): this;
+  on(event: 'close', listener: () => void): this;
+  on(event: string, listener: (...args: any[]) => void): this;
+}
+
+// ======================== TLSSession ========================
+
+export interface TLSSessionOptions {
+  isServer?: boolean;
+  servername?: string;
+  ALPNProtocols?: string[];
+  SNICallback?: (servername: string, cb: (err: Error | null, ctx: SecureContext | null) => void) => void;
+  ticketKeys?: Buffer;
+  session?: SessionTicketData;
+  psk?: any;
+  rejectUnauthorized?: boolean;
+  ca?: Buffer | string;
+  noTickets?: boolean;
+  maxHandshakeSize?: number;
+  customExtensions?: Array<{ type: number; data: Uint8Array }>;
+  requestCert?: boolean;
+  cert?: Buffer | string;
+  key?: Buffer | string;
+}
+
+export interface TrafficSecrets {
+  isServer: boolean;
+  version: number | null;
+  cipher: number | null;
+  localAppSecret: Uint8Array | null;
+  remoteAppSecret: Uint8Array | null;
+  masterSecret: Uint8Array | null;
+  localRandom: Uint8Array | null;
+  remoteRandom: Uint8Array | null;
+}
+
+export interface HandshakeSecrets {
+  localSecret: Uint8Array | null;
+  remoteSecret: Uint8Array | null;
+  cipher: number | null;
+}
+
+export class TLSSession extends EventEmitter {
+  constructor(options: TLSSessionOptions);
+
+  readonly isServer: boolean;
+  readonly isResumed: boolean;
+  readonly handshakeDuration: number | null;
+  readonly authorized: boolean;
+  readonly authorizationError: string | null;
+  readonly context: any;
+
+  message(data: Uint8Array | Buffer): void;
+  set_context(options: Record<string, any>): void;
+  close(): void;
+  sendAlert(level: number, description: number): void;
+
+  getVersion(): number | null;
+  getCipher(): number | null;
+  getALPN(): string | null;
+  getPeerCertificate(): Array<{ cert: Buffer }> | null;
+  getTrafficSecrets(): TrafficSecrets;
+  getHandshakeSecrets(): HandshakeSecrets;
+  exportKeyingMaterial(length: number, label: string, context: Uint8Array): Uint8Array;
+  getFinished(): Buffer | null;
+  getPeerFinished(): Buffer | null;
+  getSharedSecret(): Buffer | null;
+  getNegotiationResult(): NegotiationResult;
+  getJA3(): JA3Result | null;
+  requestKeyUpdate(requestPeer?: boolean): void;
+
+  // Events
+  on(event: 'message', listener: (epoch: number, seq: number, type: string, data: Uint8Array) => void): this;
+  on(event: 'hello', listener: () => void): this;
+  on(event: 'secureConnect', listener: () => void): this;
+  on(event: 'session', listener: (data: SessionTicketData) => void): this;
+  on(event: 'psk', listener: (identity: Buffer, callback: (result: { psk: Buffer; cipher: number } | null) => void) => void): this;
+  on(event: 'keyUpdate', listener: (info: { direction: 'send' | 'receive'; secret: Uint8Array }) => void): this;
+  on(event: 'clienthello', listener: (raw: Buffer, parsed: any) => void): this;
+  on(event: 'handshakeMessage', listener: (type: string, raw: Buffer, parsed: any) => void): this;
+  on(event: 'certificateRequest', listener: (msg: any) => void): this;
+  on(event: 'error', listener: (err: Error) => void): this;
+  on(event: string, listener: (...args: any[]) => void): this;
+}
+
+// ======================== Module Functions ========================
+
+export function createSecureContext(options: { key: Buffer | string; cert: Buffer | string }): SecureContext;
+export function connect(port: number, host: string, options?: TLSSocketOptions, callback?: () => void): TLSSocket;
+export function connect(options: TLSSocketOptions & { port: number; host?: string }, callback?: () => void): TLSSocket;
+export function createServer(options: TLSSocketOptions & { key?: Buffer | string; cert?: Buffer | string }, connectionListener?: (socket: TLSSocket) => void): NetServer;
+export function getCiphers(): string[];
+
+export const DEFAULT_MIN_VERSION: string;
+export const DEFAULT_MAX_VERSION: string;
+
+// ======================== Submodules ========================
+
+export declare const crypto: {
+  TLS_CIPHER_SUITES: Record<number, any>;
+  getHashFn: (name: string) => any;
+  getHashLen: (name: string) => number;
+  hkdf_extract: (hash: string, salt: Uint8Array, ikm: Uint8Array) => Uint8Array;
+  hkdf_expand: (hash: string, prk: Uint8Array, info: Uint8Array, length: number) => Uint8Array;
+  hkdf_expand_label: (hash: string, secret: Uint8Array, label: string, context: Uint8Array, length: number) => Uint8Array;
+  hmac: (hash: string, key: Uint8Array, data: Uint8Array) => Uint8Array;
+};
+
+export declare const wire: any;
+export declare const record: {
+  getAeadAlgo: (cipher: number) => string;
+  deriveKeys: (secret: Uint8Array, cipher: number) => { key: Uint8Array; iv: Uint8Array };
+  getNonce: (iv: Uint8Array, seq: number) => Uint8Array;
+  encryptRecord: (contentType: number, plaintext: Uint8Array, key: Uint8Array, nonce: Uint8Array, algo: string) => Uint8Array;
+  decryptRecord: (ciphertext: Uint8Array, key: Uint8Array, nonce: Uint8Array, algo: string) => Uint8Array;
+};
+
+// ======================== Default Export ========================
+
+declare const _default: {
+  TLSSocket: typeof TLSSocket;
+  TLSSession: typeof TLSSession;
+  createSecureContext: typeof createSecureContext;
+  connect: typeof connect;
+  createServer: typeof createServer;
+  getCiphers: typeof getCiphers;
+  DEFAULT_MIN_VERSION: string;
+  DEFAULT_MAX_VERSION: string;
+  crypto: typeof crypto;
+  wire: typeof wire;
+  record: typeof record;
+};
+
+export default _default;

package/index.js

@@ -1,15 +1,70 @@
-
-var TLSSession = require('./tls_session');
-var TLSSocket = require('./tls_socket');
-var createSecureContext = require('./secure_context');
-//var {createServer} = require('./tls_server');
-//var constants = require('./constants');
-
-module.exports = {
-  TLSSession: TLSSession,
-  TLSSocket: TLSSocket,
-  createSecureContext: createSecureContext,
-  //createServer: createServer
-  //DEFAULT_CIPHERS: constants.DEFAULT_CIPHERS,
-  //DEFAULT_SIGALGS: constants.DEFAULT_SIGALGS
-};
+import TLSSession from './src/tls_session.js';
+import TLSSocket from './src/tls_socket.js';
+import createSecureContext from './src/secure_context.js';
+import {
+  TLS_CIPHER_SUITES,
+  getHashFn,
+  getHashLen,
+  hkdf_extract,
+  hkdf_expand,
+  hkdf_expand_label,
+  hmac,
+} from './src/crypto.js';
+import * as wire from './src/wire.js';
+import * as record from './src/record.js';
+import {
+  connect,
+  createServer,
+  getCiphers,
+  DEFAULT_MIN_VERSION,
+  DEFAULT_MAX_VERSION,
+} from './src/compat.js';
+
+/**
+ * Crypto primitives for QUIC and custom transport consumers.
+ */
+var crypto = {
+  TLS_CIPHER_SUITES,
+  getHashFn,
+  getHashLen,
+  hkdf_extract,
+  hkdf_expand,
+  hkdf_expand_label,
+  hmac,
+};
+
+export {
+  TLSSocket,
+  TLSSession,
+  createSecureContext,
+  connect,
+  createServer,
+  getCiphers,
+  DEFAULT_MIN_VERSION,
+  DEFAULT_MAX_VERSION,
+  crypto,
+  wire,
+  record,
+};
+
+/**
+ * Default export — Node.js tls API compatible.
+ *
+ * Usage:
+ *   import tls from 'lemon-tls';
+ *   tls.connect(443, 'example.com', { ... });
+ *   tls.createServer({ key, cert }, (socket) => { ... });
+ */
+export default {
+  TLSSocket,
+  TLSSession,
+  createSecureContext,
+  connect,
+  createServer,
+  getCiphers,
+  DEFAULT_MIN_VERSION,
+  DEFAULT_MAX_VERSION,
+  crypto,
+  wire,
+  record,
+};

package/lemontls.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="993" height="200" stroke="none" stroke-linecap="round" stroke-linejoin="round" fill="#fff" fill-rule="evenodd"><g fill-rule="nonzero"><path d="M172.4 56.8v85.4c0 5.2-2.7 10-7 12.6l-72.6 42.8c-4.3 2.5-9.4 2.5-13.6 0L6.5 154.8c-4.3-2.6-7-7.4-7-12.6V56.8c0-5.2 2.7-10 7-12.6L79.2 1.4c4.2-2.5 9.3-2.5 13.6 0l72.6 42.8c4.3 2.6 7 7.4 7 12.6z" fill="#4f4f4f"/><path d="M94.5 35C86 41.6 86.8 49.2 87 55.8l2.4-.3-.1-3c.5 0 1-.2 1.6-.3 11.7-5.5 6.4-25 6.4-25C97.3 30 90 33.5 85 37c-4.7 3.5-4.8 9-3.8 11.2 1 1.5 2.2 2.6 3.8 3C84 40 94.5 35 94.5 35z" fill="#65cd76"/><path d="M86 55.4c-5.2.1-9.3 3-10.3 6.6-2.8 10.4-26.2 14.3-26.2 45.5s23.4 35 26.2 45.5c1 3.7 5 6.5 10.3 6.6 5.2-.1 9.3-2.8 10.3-6.6 2.8-10.4 26.2-14.3 26.2-45.5S99 72.4 96.2 62c-1-3.7-5-6.5-10.3-6.6zM66.6 91c-5 8-5 25 0 33 .6 1 .5 2.3-.4 3.2-.1.1-.4.2-.5.4-1.2.6-2.7.3-3.5-1a44 44 0 0 1 0-38.3c.8-1.2 2.3-1.6 3.5-1 1.2.8 1.6 2.3.8 3.5z" fill="#ffed24"/></g><path d="M240.7 147.3h46.6V172h-75V28.3h28.3v119zm131.5-31v7.4h-49.6q0 12.3 3 19.5 1 2.5 3.6 5 2.7 2.6 5.6 2.6 3 0 7.2-5 4.3-5 6.7-12l21.2 15q-5.6 10.3-17 18-11.4 7.6-18.3 7.6-7 0-20.2-11-13.3-11-16-17-3-6-3-30 0-24 3-30 2.8-6 16-17 13.2-11 19.4-11 6 0 19.3 11 13.3 10.8 16 17 3 6 3 29.6zm-49.6-12H346q-.7-10.8-2.2-13.6-1.5-2.8-4.7-5.4-3.2-2.7-6-2.7-2.7 0-6.2 5.4-3.5 5.5-4.3 16.3zm143.6-11.6v79.2h-27V95.5q0-3.5-3.7-7.3-3.7-3.8-6.3-3.8-2.5 0-8.3 5v82.4h-27V101q0-10.5-2.5-16.3-2.5-5.7-7.8-10L406 59q6.7 5.7 10 11.7 13.3-12 18.5-12 3 0 10 4.5 7 4.5 12.7 11 16.2-15.4 22.5-15.4 6.3 0 19 11.4 12.6 11.4 12.6 22.4v39.6q0 10.5 2.4 16.2 2.5 5.8 7.8 10l-22.5 16q-14.8-11.7-14.8-33.3V95.5q0-3.5-3.7-7.3-3.7-3.8-6-3.8-2.4 0-8.8 5.2.5 2 .5 3zm121.5 71.6q-12.6 10-18.5 10-6 0-18.6-10-12.6-10-15.5-15-4.3-7.6-4.3-33 0-25.2 4.3-32.6 3-5 15.5-15 12.6-10 18.6-10 6 0 18.5 10 12.6 10 15.5 15 4.3 7.4 4.3 32.6 0 25.3-4.3 33-3 5-15.5 15zM564 147.6q3.2 3 5 3 1.8 0 5-3 3.2-3 4.6-5.5 2.7-4.5 2.7-25.5 0-21-2.7-25.6-1.4-2.5-4.6-5.5-3.2-3-5-3-2 0-5 3-3 3-4.6 5.5-2.7 4.5-2.7 25.4 0 21 2.7 25.7 1.5 2.4 4.6 5.5zM654 93v78.7h-27V101q0-10.5-2.5-16.3-2.5-5.7-7.8-10L639.3 59q7.6 6.2 11.2 14.2 15.2-14.4 21.5-14.4 6.2 0 18.8 11.4 12.7 11.4 12.7 22.4v39.6q0 10.5 2.4 16.2 2.5 5.8 7.8 10l-22.5 15.8q-14.8-11.7-14.8-33.3V95.5q0-3.5-3.7-7.3-3.7-3.8-7-3.8-3.2 0-11.8 8.7z" fill="#4f4f4f"/><path d="M737.3 28.3H819V53h-26.6v119H764V53h-26.7V28.3zm115.4 119h46.6V172h-75V28.3h28.3v119zm52.8-10.7l22.8-15.6q3.2 9.6 10.4 17.6 7.2 8 10.2 8 3 0 6.3-2 3.4-2 5.3-4 2.6-3.3 2.6-10.3 0-7-3.2-8.6-4-3.5-16-9.2-11.8-5.8-22-12.4-10-6.7-12.8-13-2.8-6.3-2.8-16.5 0-10 4.5-17.7 4-6 17.5-16.5 13.3-10.6 19.7-10.6 11.2 0 25.8 11.8 14.6 11.8 18.5 26l-22.8 15.8q-3.3-9.6-10.5-17.7-7-8-10-8-3 0-6.5 1.8-3.5 2-5.6 4.7-2.2 2.7-2.2 9.4 0 6.7 4 9 3.3 3 15 9 30 16.4 35.3 26.7 2.2 3.7 2.2 14.7 0 11-4.5 18.5-4 6-17.4 16.5-13.3 10.6-19.7 10.6-11.3 0-25.8-11.8-14.6-11.8-18.5-26z" fill="#838383"/></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="661" height="142" stroke="#000" stroke-linecap="round" stroke-linejoin="round" fill="#fff" fill-rule="evenodd"><defs><linearGradient id="A" x1="50%" y1="0%" x2="50%" y2="100%"><stop offset="0%" stop-color="#fed43e"/><stop offset="100%" stop-color="#ffb700"/></linearGradient></defs><g fill="url(#A)" stroke="none"><path d="M118 129.4V49.7h21V109h33.4v20.4H118z"/><path d="M233.8 98.8v4h-37.5q0 6.6 2.4 10 2.5 3.3 7.7 3.3 4.7 0 7-2.4 2.2-2.4 2.2-6.5h18.3q0 11-7 17.4-7 6.3-20.2 6.3-14 0-21.5-8-7.7-8-7.7-24 0-15.8 7.5-24 7.5-8 20.6-8 13.7 0 21 8 7.2 8 7.2 24zm-37.4-7h18.4q0-4.7-2.2-7.5-2.3-2.8-6.2-2.8-9 0-10 10.3z"/><path d="M326.2 89.7v39.7h-19v-37q0-4-1.5-6.3-1.6-2.4-4.4-2.4-3.3 0-5.4 2.8-2 2.8-2 6.8v36H275v-37q0-4-1.6-6.3-1.6-2.4-4.4-2.4-3.3 0-5.4 2.8-2 2.8-2 6.8v36h-18.8V68.2h15.4l1.3 9q2.8-4.8 7.5-7.7 4.7-2.8 10-2.8 11.2 0 15 10.5 3-4.8 7.5-7.7 4.6-2.8 9.6-2.8 8.5 0 12.8 6 4.3 6 4.3 17z"/><path d="M363.3 66.8q13.2 0 20.7 8.2 7.5 8 7.5 23.8 0 15.6-7.5 23.8-7.5 8.2-20.7 8.2-13 0-20.6-8.2-7.5-8-7.5-23.8 0-15.8 7.5-24 7.5-8 20.6-8zM354 95.5v6.6q0 13 9.3 13 9.4 0 9.4-13v-6.6q0-13-9.4-13-9.3 0-9.3 13z"/><path d="M452.5 89.7v39.7h-19v-37q0-4-1.6-6.3-1.7-2.4-4.7-2.4-3.5 0-5.7 2.8-2.2 2.8-2.2 6.8v36h-18.8V68.2H416l1.3 9.3q3-5 7.7-7.8 4.7-3 10-3 8.7 0 13 6 4.4 6 4.4 17z"/></g><g fill="#2e3a41"><path d="M529 70h-21.3v59.3h-21V70h-21.4V49.7H529V70zm9.5 59.4V49.7h21V109H593v20.4h-54.3zM657.7 73v1.4h-19.5V74q0-3.5-2-5.8-2-2.3-6.4-2.3-4 0-6.3 1.5-2.3 1.5-2.3 3.7 0 3 3 4.6 3 1.5 9.7 3.2 8 2 13 4 5 2 9 7 3.7 4.8 3.8 13.2 0 14-7.8 21-7.8 6.8-20.8 6.8-15.3 0-23.7-6.3-8.5-6.2-8.5-22h19.8q0 6 2.5 8 2.6 2 8 2 4 0 6.6-1 2.6-1 2.6-4.2 0-3-3-4.4-3-1.4-9.4-3-8-2-13.2-4.3-5.2-2.3-9-7.5-4-5.2-4-14 0-13 8.3-19.3 8.3-6.2 21-6.2 12.5 0 20.5 6.2 8 6.2 8.2 18.4z" stroke="none"/><path d="M42.6-.3c-4.3.3-7 1-11.5 3.6-1.8 1-5.8 4.8-7.3 7-1.3 2-3 5.6-3.4 7.2-.1.7-.4 2-.5 2.5-.4 1.7-.4 16.6 0 17 .2.1.5 0 .7-.2l1.7-1 2.3-1.3 2.2-1.3c2.4-1.2 2.5-1.6 2.5-6.4 0-5.6.7-8 3.2-11.3 1.8-2.4 4-3.8 7.6-5 2-.7 8-.8 10-.1l3.2 1.4c.1.1.8.6 1.5 1 1.3 1 3.4 3 4 4 .1.3.4.8.5 1 1.4 2.5 1.8 4.5 2 10l.2 4 1 .7c.5.4 1.3 1 1.7 1l1.2.6c.2.2.6.4.8.5a9 9 0 0 1 1.4.7c1.7 1.2 2.6 1.5 3 1.2a85 85 0 0 0 .1-8.9c-.1-8.5-.2-8.7-1-10.7l-1-2.7c-.1-.3-.3-.7-.5-1-.4-.4-1-1.4-1.3-2-.3-.8-2-2.7-3.5-4.3S58 2.6 57.3 2.6c-.2 0-.6-.2-.8-.5-.2-.2-.6-.4-1-.4-.2 0-.6-.2-.8-.3-.3-.4-1.5-.7-4.6-1.4-3-.6-3.8-.6-7.6-.3z" stroke="none" fill-rule="nonzero"/></g><path d="M87.7 20.4c-.2.1-.7.3-1 .3a17 17 0 0 0-6.7 2.6c-1.2 1-3 3-3.5 4-.3.6-.7 1.3-.8 1.6-.1.2-.3 1-.4 1.7 0 .6-.2 1.3-.3 1.3-.4.3-.2 4.8.3 6l.4 1.3h3.2c3.8-.1 5.4-.4 8.4-2C88.7 36.6 92 33 92 32c0-.2.1-.3.2-.3s.2-.1.2-.3.4-1.3 1-2.6c.2-.4.4-1.2.5-2 0-.6.2-1.2.3-1.4.1-.1.3-1.2.4-2.5l.1-2.2-1-.3c-1-.4-5.5-.5-6-.2z" fill="#00991a" fill-rule="nonzero" stroke="none"/><path d="M39.6 29l-5 3-3 2c-.3.1-1 .5-1.5 1s-1.3.8-1.4.8c-.4 0-3 1.6-4.4 2.6a21 21 0 0 1-2.2 1.4l-9.4 5.7C8.6 48.7 5.2 53 3 58 1.7 60.4 1.5 61 1 63.2c-.1.5-.3 1-.4 1.2-.2.2-.5 2-.8 4-.7 5.3-.5 21.5.4 26.5.7 4 1.4 6.6 2 7 .1.1.2.6.2 1s.2 1 .5 1.5l1.8 3.8 2 3.5c.3.3.6.6.6.7 0 .3 2 3 2.7 4l7.4 7.4c3.6 2.8 5.7 4.2 6.4 4.6l1.7 1c.5.4 1 .7 1.2.7.1 0 1 .6 2.2 1.3 1 .8 2 1.4 2.3 1.4.1 0 .4.2.6.4.2.3.8.8 1.3 1.2a50 50 0 0 1 4.2 3.1c4.6 3.6 4.8 3.7 7.8 3.7 1.8 0 2.7-.2 3.2-.5.4-.3 1-.6 1.5-.6.4-.1 1.5-.8 2.3-1.6l3-2.5c3.4-2.7 4.3-3.4 7.7-5.4l2.4-1.6 2-1.3c.2 0 .5-.2.8-.5.3-.4.7-.6 1-.6a42 42 0 0 0 8.3-7.2c2.5-2.6 5.4-6.5 5.4-7.2 0-.2.2-.5.5-.7a51 51 0 0 0 5.7-13.9c.2-.7.4-2 .6-3 .6-2.4.6-3.3.8-13l-.7-16-.6-2.7c-1-5-4.3-10-8.6-14.4C78 46 76.7 45 73 42.7l-5.5-3.3c-.4-.3-1.3-.8-2-1.2l-6-3.7c-.2-.2-.6-.3-.8-.3s-1-.4-1.5-1c-.5-.5-1.2-1-1.5-1s-.6-.1-.6-.3c0-.3-4-2.8-6.2-3.8-1-.5-2-.6-4-.6-2.6 0-2.7.1-5.2 1.3z" fill="url(#A)" fill-rule="nonzero" stroke="none"/><g fill="#2e3a41"><circle cx="46.6" cy="75.8" stroke="none" r="11.4"/><path stroke="none" d="M40.6 70.6h12v29.2h-12z"/><ellipse cx="46.6" cy="99.5" rx="6" ry="6.2" stroke="none"/></g></svg>

package/package.json

@@ -1,62 +1,120 @@
-{
-  "name": "lemon-tls",
-  "version": "0.1.0",
-  "description": "JavaScript TLS 1.3/1.2 implementation for Node.js, with full control over cryptographic keys and record layer",
-  "main": "index.js",
-  "type": "commonjs",
-  "keywords": [
-    "openssl",
-    "boringssl",
-    "cryptlib",
-    "rustls",
-    "low-level",
-    "https",
-    "ssl",
-    "tls",
-    "tls13",
-    "tls12",
-    "nodejs",
-    "javascript",
-    "crypto",
-    "x509",
-    "handshake",
-    "alpn",
-    "sni",
-    "hkdf",
-    "aead",
-    "quic",
-    "http3",
-    "dtls",
-    "sctp",
-    "secure",
-    "network",
-    "backend",
-    "server"
-  ],
-  "author": "colocohen",
-  "license": "Apache-2.0",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/colocohen/lemon-tls.git"
-  },
-  "bugs": {
-    "url": "https://github.com/colocohen/lemon-tls/issues"
-  },
-  "homepage": "https://github.com/colocohen/lemon-tls",
-  "funding": [
-    {
-      "type": "github",
-      "url": "https://github.com/sponsors/colocohen"
-    },
-    {
-      "type": "opencollective",
-      "url": "https://opencollective.com/colocohen"
-    }
-  ],
-  "dependencies": {
-    "@noble/curves": "^2.0.0",
-    "@noble/hashes": "^2.0.0",
-    "@stablelib/aes": "^2.0.1",
-    "@stablelib/gcm": "^2.0.1"
-  }
-}
+{
+  "name": "lemon-tls",
+  "version": "0.2.0",
+  "description": "Zero-dependency TLS 1.3/1.2 implementation for Node.js — full control over cryptographic keys, record layer, and handshake. Drop-in replacement for node:tls with advanced options impossible in OpenSSL.",
+  "main": "index.js",
+  "type": "module",
+  "types": "index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js",
+      "require": "./index.cjs",
+      "default": "./index.js"
+    },
+    "./wire": "./src/wire.js",
+    "./crypto": "./src/crypto.js",
+    "./record": "./src/record.js",
+    "./session": "./src/tls_session.js"
+  },
+  "scripts": {
+    "test": "node tests/test_all.js",
+    "test:https": "node tests/test_https.js",
+    "test:compat": "node tests/test_compat.js",
+    "test:all": "node tests/test_all.js && node tests/test_compat.js"
+  },
+  "files": [
+    "index.js",
+    "index.cjs",
+    "index.d.ts",
+    "src/",
+    "README.md",
+    "LICENSE",
+    "lemontls.svg"
+  ],
+  "engines": {
+    "node": ">=16.0.0"
+  },
+  "keywords": [
+    "tls",
+    "tls13",
+    "tls12",
+    "tls-1.3",
+    "tls-1.2",
+    "ssl",
+    "https",
+    "secure",
+    "crypto",
+    "cryptography",
+    "encryption",
+    "handshake",
+    "x509",
+    "certificate",
+    "mtls",
+    "mutual-tls",
+    "client-certificate",
+    "psk",
+    "session-resumption",
+    "session-tickets",
+    "key-update",
+    "hello-retry-request",
+    "hkdf",
+    "aead",
+    "aes-gcm",
+    "chacha20",
+    "chacha20-poly1305",
+    "x25519",
+    "p256",
+    "ecdhe",
+    "rsa-pss",
+    "ecdsa",
+    "sni",
+    "alpn",
+    "ja3",
+    "ja3-fingerprint",
+    "fingerprint",
+    "certificate-pinning",
+    "keylog",
+    "wireshark",
+    "quic",
+    "http3",
+    "dtls",
+    "record-layer",
+    "pure-javascript",
+    "zero-dependencies",
+    "no-openssl",
+    "no-native",
+    "nodejs",
+    "node",
+    "javascript",
+    "security",
+    "network",
+    "protocol",
+    "drop-in-replacement"
+  ],
+  "author": "colocohen",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/colocohen/lemon-tls.git"
+  },
+  "bugs": {
+    "url": "https://github.com/colocohen/lemon-tls/issues"
+  },
+  "homepage": "https://github.com/colocohen/lemon-tls#readme",
+  "funding": [
+    {
+      "type": "github",
+      "url": "https://github.com/sponsors/colocohen"
+    },
+    {
+      "type": "opencollective",
+      "url": "https://opencollective.com/colocohen"
+    },
+    {
+      "type": "buymeacoffee",
+      "url": "https://buymeacoffee.com/colocohen"
+    }
+  ],
+  "dependencies": {}
+}