lemon-tls 0.1.0 → 0.2.0

package/src/record.js

@@ -0,0 +1,232 @@
+/**
+ * record.js — Shared record-layer primitives for TLS 1.2 and TLS 1.3.
+ *
+ * Used by TLSSocket, DTLSSocket, and test harnesses.
+ * Handles AEAD encryption/decryption, nonce construction, key derivation,
+ * and raw record framing.
+ */
+
+import crypto from 'node:crypto';
+import {
+  TLS_CIPHER_SUITES,
+  hkdf_expand_label,
+  tls_derive_from_master_secret_tls12
+} from './crypto.js';
+
+// ===================== AEAD algorithm resolution =====================
+
+/** Resolve node:crypto cipher name from a TLS cipher suite code. */
+function getAeadAlgo(cipherSuite) {
+  if (cipherSuite != null) {
+    let info = TLS_CIPHER_SUITES[cipherSuite];
+    if (info && info.cipher === 'CHACHA20_POLY1305') return 'chacha20-poly1305';
+    if (info && info.keylen === 32) return 'aes-256-gcm';
+  }
+  return 'aes-128-gcm';
+}
+
+// ===================== TLS 1.3 primitives =====================
+
+/** Derive write key + IV from a TLS 1.3 traffic secret. */
+function deriveKeys(trafficSecret, cipherSuite) {
+  const empty = new Uint8Array(0);
+  let cs = TLS_CIPHER_SUITES[cipherSuite];
+  return {
+    key: hkdf_expand_label(cs.hash, trafficSecret, 'key', empty, cs.keylen),
+    iv:  hkdf_expand_label(cs.hash, trafficSecret, 'iv',  empty, 12)
+  };
+}
+
+/** TLS 1.3 nonce: IV XOR zero-padded 64-bit sequence number. */
+function getNonce(iv, seq) {
+  const seqBuf = new Uint8Array(12);
+  const view = new DataView(seqBuf.buffer);
+  view.setBigUint64(4, BigInt(seq));
+  const nonce = new Uint8Array(12);
+  for (let i = 0; i < 12; i++) nonce[i] = iv[i] ^ seqBuf[i];
+  return nonce;
+}
+
+/**
+ * Encrypt a TLS 1.3 record (TLSInnerPlaintext).
+ * Returns ciphertext || tag (without record header).
+ */
+function encryptRecord(innerType, plaintext, key, nonce, algo) {
+  const full = new Uint8Array(plaintext.length + 1);
+  full.set(plaintext);
+  full[plaintext.length] = innerType;
+
+  const recLen = full.length + 16;
+  const aad = new Uint8Array([0x17, 0x03, 0x03, (recLen >>> 8) & 0xff, recLen & 0xff]);
+
+  if (!algo) algo = key.length === 16 ? 'aes-128-gcm' : 'aes-256-gcm';
+  let isChaCha = algo === 'chacha20-poly1305';
+  let cipher = crypto.createCipheriv(algo, key, nonce, isChaCha ? { authTagLength: 16 } : undefined);
+  cipher.setAAD(aad, isChaCha ? { plaintextLength: full.length } : undefined);
+  let ct = cipher.update(full);
+  cipher.final();
+  let tag = cipher.getAuthTag();
+
+  let out = new Uint8Array(ct.length + tag.length);
+  out.set(ct, 0);
+  out.set(tag, ct.length);
+  return out;
+}
+
+/**
+ * Decrypt a TLS 1.3 record.
+ * Input: raw ciphertext || tag (without record header).
+ * Returns full TLSInnerPlaintext (content || content_type || padding).
+ */
+function decryptRecord(ciphertext, key, nonce, algo) {
+  const aad = new Uint8Array(5);
+  aad[0] = 0x17; aad[1] = 0x03; aad[2] = 0x03;
+  aad[3] = (ciphertext.length >> 8) & 0xff;
+  aad[4] = ciphertext.length & 0xff;
+
+  let ct  = ciphertext.subarray(0, ciphertext.length - 16);
+  let tag = ciphertext.subarray(ciphertext.length - 16);
+
+  if (!algo) algo = key.length === 16 ? 'aes-128-gcm' : 'aes-256-gcm';
+  let isChaCha = algo === 'chacha20-poly1305';
+  let decipher = crypto.createDecipheriv(algo, key, nonce, isChaCha ? { authTagLength: 16 } : undefined);
+  decipher.setAAD(aad, isChaCha ? { plaintextLength: ct.length } : undefined);
+  decipher.setAuthTag(tag);
+  let pt = decipher.update(ct);
+  decipher.final();
+  return new Uint8Array(pt);
+}
+
+/** Strip trailing zeros and extract content_type from TLSInnerPlaintext. */
+function parseInnerPlaintext(data) {
+  let j = data.length - 1;
+  while (j >= 0 && data[j] === 0) j--;
+  if (j < 0) throw new Error('Malformed TLSInnerPlaintext');
+  return { type: data[j], content: data.slice(0, j) };
+}
+
+// ===================== TLS 1.2 primitives =====================
+
+/** TLS 1.2 GCM nonce: fixed_salt(4) || explicit_nonce(8). */
+function getNonce12(salt4, explicit8) {
+  const out = new Uint8Array(12);
+  out.set(salt4, 0);
+  out.set(explicit8, 4);
+  return out;
+}
+
+/** Encode sequence number as 8-byte big-endian. */
+function seqToBytes(seq) {
+  const buf = new Uint8Array(8);
+  let bn = BigInt(seq);
+  for (let i = 0; i < 8; i++) buf[7 - i] = Number((bn >> BigInt(8 * i)) & 0xffn);
+  return buf;
+}
+
+/** TLS 1.2 AAD: seq(8) || type(1) || version(2) || length(2). */
+function buildAad12(seqNum, recordType, plaintextLen) {
+  const aad = new Uint8Array(13);
+  aad.set(seqToBytes(seqNum), 0);
+  aad[8]  = recordType & 0xff;
+  aad[9]  = 0x03;
+  aad[10] = 0x03;
+  aad[11] = (plaintextLen >>> 8) & 0xff;
+  aad[12] = plaintextLen & 0xff;
+  return aad;
+}
+
+/** Encrypt a TLS 1.2 GCM record fragment. Returns explicit_nonce(8) || ciphertext || tag(16). */
+function encrypt12(pt, key, salt4, seqNum, recordType) {
+  let explicit = seqToBytes(seqNum);
+  let nonce = getNonce12(salt4, explicit);
+  let aad = buildAad12(seqNum, recordType, pt.length);
+
+  let algo = key.length === 16 ? 'aes-128-gcm' : 'aes-256-gcm';
+  let cipher = crypto.createCipheriv(algo, key, nonce);
+  cipher.setAAD(aad);
+  let ct = cipher.update(pt);
+  cipher.final();
+  let tag = cipher.getAuthTag();
+
+  let out = new Uint8Array(8 + ct.length + tag.length);
+  out.set(explicit, 0);
+  out.set(ct, 8);
+  out.set(tag, 8 + ct.length);
+  return out;
+}
+
+/** Decrypt a TLS 1.2 GCM record fragment. Input: explicit_nonce(8) || ciphertext || tag(16). */
+function decrypt12(fragment, key, salt4, seqNum, recordType) {
+  if (fragment.length < 24) throw new Error('TLS 1.2 fragment too short');
+
+  let explicit = fragment.slice(0, 8);
+  let tag      = fragment.slice(fragment.length - 16);
+  let ct       = fragment.slice(8, fragment.length - 16);
+
+  let nonce = getNonce12(salt4, explicit);
+  let aad = buildAad12(seqNum, recordType, ct.length);
+
+  let algo = key.length === 16 ? 'aes-128-gcm' : 'aes-256-gcm';
+  let decipher = crypto.createDecipheriv(algo, key, nonce);
+  decipher.setAAD(aad);
+  decipher.setAuthTag(tag);
+  let pt = decipher.update(ct);
+  decipher.final();
+  return new Uint8Array(pt);
+}
+
+// ===================== Shared: TLS 1.2 key_block =====================
+
+/** Derive TLS 1.2 read/write keys from master_secret. Wraps crypto.js function. */
+function deriveKeys12(masterSecret, localRandom, remoteRandom, cipherSuite, isServer) {
+  if (isServer) {
+    let d = tls_derive_from_master_secret_tls12(masterSecret, localRandom, remoteRandom, cipherSuite);
+    return { readKey: d.client_key, readIv: d.client_iv, writeKey: d.server_key, writeIv: d.server_iv };
+  } else {
+    let d = tls_derive_from_master_secret_tls12(masterSecret, remoteRandom, localRandom, cipherSuite);
+    return { readKey: d.server_key, readIv: d.server_iv, writeKey: d.client_key, writeIv: d.client_iv };
+  }
+}
+
+// ===================== Record framing =====================
+
+/** Content type constants. */
+const CT = { CHANGE_CIPHER_SPEC: 20, ALERT: 21, HANDSHAKE: 22, APPLICATION_DATA: 23 };
+
+/** Write a raw TLS record to a writable stream. */
+function writeRecord(transport, type, payload, version) {
+  if (!transport || typeof transport.write !== 'function') return;
+  let ver = version || 0x0303;
+  let rec = Buffer.allocUnsafe(5 + payload.length);
+  rec.writeUInt8(type, 0);
+  rec.writeUInt16BE(ver, 1);
+  rec.writeUInt16BE(payload.length, 3);
+  Buffer.from(payload).copy(rec, 5);
+  transport.write(rec);
+}
+
+// ===================== Exports =====================
+
+export {
+  // AEAD
+  getAeadAlgo,
+
+  // TLS 1.3
+  deriveKeys,
+  getNonce,
+  encryptRecord,
+  decryptRecord,
+  parseInnerPlaintext,
+
+  // TLS 1.2
+  getNonce12,
+  seqToBytes,
+  buildAad12,
+  encrypt12,
+  decrypt12,
+  deriveKeys12,
+
+  // Record framing
+  CT,
+  writeRecord,
+};

package/{secure_context.js → src/secure_context.js}

@@ -1,196 +1,196 @@
-var fs = require('fs');
-var path = require('path');
-var crypto = require('crypto');
-
-function looksLikePath(x) {
-  return typeof x === 'string' && (x.indexOf('\n') === -1) && (x.length < 4096) &&
-         (x.indexOf('-----BEGIN') === -1);
-}
-
-function readMaybeFile(x) {
-  if (x == null) return null;
-  if (looksLikePath(x)) return fs.readFileSync(path.resolve(String(x)));
-  if (Buffer.isBuffer(x)) return x;
-  if (x instanceof Uint8Array) return Buffer.from(x);
-  if (typeof x === 'string') return Buffer.from(x, 'utf8');
-  throw new Error('Unsupported input type (expected path/string/Buffer/Uint8Array).');
-}
-
-function isPEM(buf) {
-  if (!buf) return false;
-  var s = buf.toString('utf8');
-  return s.indexOf('-----BEGIN ') !== -1 && s.indexOf('-----END ') !== -1;
-}
-
-function splitPEMBlocks(pemText) {
-  var out = [];
-  var re = /-----BEGIN ([A-Z0-9 \-]+)-----([\s\S]*?)-----END \1-----/g;
-  var m;
-  while ((m = re.exec(pemText)) !== null) {
-    var typ = m[1].trim();
-    var b64 = m[2].replace(/[\r\n\s]/g, '');
-    var derBuf = Buffer.from(b64, 'base64');
-    out.push({ type: typ, der: new Uint8Array(derBuf) });
-  }
-  return out;
-}
-
-function ensureArray(x) { return x == null ? [] : (Array.isArray(x) ? x : [x]); }
-
-function normalizeCA(caOption) {
-  var arr = ensureArray(caOption);
-  var ders = [];
-  for (var i = 0; i < arr.length; i++) {
-    var raw = readMaybeFile(arr[i]);
-    if (!raw) continue;
-    if (isPEM(raw)) {
-      var blocks = splitPEMBlocks(raw.toString('utf8'));
-      for (var j = 0; j < blocks.length; j++) {
-        if (blocks[j].type.indexOf('CERTIFICATE') !== -1) ders.push(blocks[j].der);
-      }
-    } else {
-      ders.push(new Uint8Array(raw));
-    }
-  }
-  return ders;
-}
-
-function makeX509FromDerOrPem(buf) {
-  return new crypto.X509Certificate(Buffer.from(buf));
-}
-
-function makePrivateKeyFromDerOrPem(buf, passphrase) {
-  if (isPEM(buf)) {
-    return crypto.createPrivateKey({ key: buf, format: 'pem', passphrase: passphrase });
-  } else {
-    var der = Buffer.from(buf), keyObj = null;
-    try {
-      keyObj = crypto.createPrivateKey({ key: der, format: 'der', type: 'pkcs8', passphrase: passphrase });
-    } catch (e1) {
-      try {
-        keyObj = crypto.createPrivateKey({ key: der, format: 'der', type: 'pkcs1', passphrase: passphrase });
-      } catch (e2) {
-        keyObj = crypto.createPrivateKey({ key: der, format: 'der', type: 'sec1', passphrase: passphrase });
-      }
-    }
-    return keyObj;
-  }
-}
-
-function exportKeyPkcs8Der(keyObj) {
-  return new Uint8Array(keyObj.export({ format: 'der', type: 'pkcs8' }));
-}
-
-function u8eq(a,b){ if (a.length!==b.length) return false; for (var i=0;i<a.length;i++) if (a[i]!==b[i]) return false; return true; }
-function dedupeDerArray(arr) {
-  var out = [];
-  for (var i=0;i<arr.length;i++) {
-    var keep = true;
-    for (var j=0;j<out.length;j++) { if (u8eq(arr[i], out[j])) { keep = false; break; } }
-    if (keep) out.push(arr[i]);
-  }
-  return out;
-}
-
-/**
- * createSecureContext(options)
- * key/cert/ca יכולים להיות: path | Buffer | Uint8Array | string(PEM)
- * מחזיר:
- *  - certificateChain: [{ cert: Uint8Array }, ...]  // leaf תחילה, אח"כ intermediates
- *  - privateKey: Uint8Array                          // PKCS#8 DER
- *  - ca: Uint8Array[]                                // Trust store (לא משולח ללקוח)
- *  - ocsp: Uint8Array|null
- *  - ticketKeys: Uint8Array|null
- *  - certObjs, keyObj (עזרי debug/לוגיקה)
- */
-function createSecureContext(options) {
-  if (!options) options = {};
-
-  // --- תעודות (כולל שרשרת בתוך cert אם קיימת) ---
-  var certBlocksDer = [];
-  var certObjs = [];
-  if (options.cert != null) {
-    var cRaw = readMaybeFile(options.cert);
-    if (isPEM(cRaw)) {
-      var blocks = splitPEMBlocks(cRaw.toString('utf8'));
-      for (var i=0;i<blocks.length;i++) {
-        if (blocks[i].type.indexOf('CERTIFICATE') !== -1) {
-          certBlocksDer.push(blocks[i].der);
-          certObjs.push(makeX509FromDerOrPem(blocks[i].der));
-        }
-      }
-    } else {
-      var der = new Uint8Array(cRaw);
-      certBlocksDer.push(der);
-      certObjs.push(makeX509FromDerOrPem(der));
-    }
-  }
-
-  // --- מפתח פרטי ---
-  var keyObj = null;
-  var privateKey = null;
-  if (options.key != null) {
-    var kRaw = readMaybeFile(options.key);
-    keyObj = makePrivateKeyFromDerOrPem(kRaw, options.passphrase);
-    privateKey = exportKeyPkcs8Der(keyObj);
-  }
-
-  // אימות בסיסי (כאשר לא משתמשים ב־PFX)
-  if (!options.pfx) {
-    if (certBlocksDer.length === 0) throw new Error('createSecureContext: missing cert.');
-    if (!privateKey) throw new Error('createSecureContext: missing private key.');
-  }
-
-  // --- CA (Trust store) ---
-  var ca = normalizeCA(options.ca);
-
-  // --- OCSP stapling (אופציונלי) ---
-  var ocsp = null;
-  if (options.ocsp != null) ocsp = new Uint8Array(readMaybeFile(options.ocsp));
-
-  // --- Ticket keys (אופציונלי) ---
-  var ticketKeys = null;
-  if (options.ticketKeys != null) ticketKeys = new Uint8Array(readMaybeFile(options.ticketKeys));
-  // אפשרות: ליצור מפתחי ברירת מחדל כאן אם תרצה
-
-  // --- בניית שרשרת לשיגור ללקוח (leaf → intermediates) ---
-  var chainDer = dedupeDerArray(certBlocksDer);
-  var certificateChain = [];
-  for (var c=0;c<chainDer.length;c++) {
-    certificateChain.push({ cert: chainDer[c] });
-  }
-
-  // מידע עזר לזיהוי סוג המפתח הציבורי של ה-leaf
-  var leafPublicKeyType = null;
-  if (certObjs.length > 0 && certObjs[0].publicKey) {
-    try { leafPublicKeyType = certObjs[0].publicKey.asymmetricKeyType || null; } catch (e) { leafPublicKeyType = null; }
-  }
-
-  return {
-    // חומר לשכבת ההנדשייק/רקורד:
-    certificateChain: certificateChain,  // [{ cert: DER(Uint8Array) }, ...]
-    privateKey: privateKey,              // PKCS#8 DER (Uint8Array)
-    ca: ca,                              // Trust store (DER)
-    ocsp: ocsp,                          // DER (אם הוגדר)
-    ticketKeys: ticketKeys,              // Uint8Array (אם הוגדר)
-
-    // עזרי debug/לוגיקה:
-    certObjs: certObjs,                  // [X509Certificate...]
-    keyObj: keyObj,                      // KeyObject
-    leafPublicKeyType: leafPublicKeyType,
-
-    // פרמטרים פרוטוקוליים (אחסון; אתה מפרש בזמן ה-handshake):
-    minVersion: String(options.minVersion || 'TLSv1.2'),
-    maxVersion: String(options.maxVersion || 'TLSv1.3'),
-    ciphers: options.ciphers || null,
-    sigalgs: options.sigalgs || null,
-    ecdhCurve: options.ecdhCurve || null,
-    honorCipherOrder: !!options.honorCipherOrder,
-
-    // תמיכה ב־PFX אם תרצה לטפל בזה בשכבה אחרת:
-    pfx: options.pfx ? new Uint8Array(readMaybeFile(options.pfx)) : null,
-    passphrase: options.passphrase ? String(options.passphrase) : null
-  };
-}
-
-module.exports = createSecureContext;
+import fs from 'node:fs';
+import path from 'node:path';
+import crypto from 'node:crypto';
+
+function looksLikePath(x) {
+  return typeof x === 'string' && (x.indexOf('\n') === -1) && (x.length < 4096) &&
+         (x.indexOf('-----BEGIN') === -1);
+}
+
+function readMaybeFile(x) {
+  if (x == null) return null;
+  if (looksLikePath(x)) return fs.readFileSync(path.resolve(String(x)));
+  if (Buffer.isBuffer(x)) return x;
+  if (x instanceof Uint8Array) return Buffer.from(x);
+  if (typeof x === 'string') return Buffer.from(x, 'utf8');
+  throw new Error('Unsupported input type (expected path/string/Buffer/Uint8Array).');
+}
+
+function isPEM(buf) {
+  if (!buf) return false;
+  let s = buf.toString('utf8');
+  return s.indexOf('-----BEGIN ') !== -1 && s.indexOf('-----END ') !== -1;
+}
+
+function splitPEMBlocks(pemText) {
+  let out = [];
+  let re = /-----BEGIN ([A-Z0-9 \-]+)-----([\s\S]*?)-----END \1-----/g;
+  let m;
+  while ((m = re.exec(pemText)) !== null) {
+    let typ = m[1].trim();
+    let b64 = m[2].replace(/[\r\n\s]/g, '');
+    let derBuf = Buffer.from(b64, 'base64');
+    out.push({ type: typ, der: new Uint8Array(derBuf) });
+  }
+  return out;
+}
+
+function ensureArray(x) { return x == null ? [] : (Array.isArray(x) ? x : [x]); }
+
+function normalizeCA(caOption) {
+  let arr = ensureArray(caOption);
+  let ders = [];
+  for (let i = 0; i < arr.length; i++) {
+    let raw = readMaybeFile(arr[i]);
+    if (!raw) continue;
+    if (isPEM(raw)) {
+      let blocks = splitPEMBlocks(raw.toString('utf8'));
+      for (let j = 0; j < blocks.length; j++) {
+        if (blocks[j].type.indexOf('CERTIFICATE') !== -1) ders.push(blocks[j].der);
+      }
+    } else {
+      ders.push(new Uint8Array(raw));
+    }
+  }
+  return ders;
+}
+
+function makeX509FromDerOrPem(buf) {
+  return new crypto.X509Certificate(Buffer.from(buf));
+}
+
+function makePrivateKeyFromDerOrPem(buf, passphrase) {
+  if (isPEM(buf)) {
+    return crypto.createPrivateKey({ key: buf, format: 'pem', passphrase: passphrase });
+  } else {
+    let der = Buffer.from(buf), keyObj = null;
+    try {
+      keyObj = crypto.createPrivateKey({ key: der, format: 'der', type: 'pkcs8', passphrase: passphrase });
+    } catch (e1) {
+      try {
+        keyObj = crypto.createPrivateKey({ key: der, format: 'der', type: 'pkcs1', passphrase: passphrase });
+      } catch (e2) {
+        keyObj = crypto.createPrivateKey({ key: der, format: 'der', type: 'sec1', passphrase: passphrase });
+      }
+    }
+    return keyObj;
+  }
+}
+
+function exportKeyPkcs8Der(keyObj) {
+  return new Uint8Array(keyObj.export({ format: 'der', type: 'pkcs8' }));
+}
+
+function u8eq(a,b){ if (a.length!==b.length) return false; for (let i=0;i<a.length;i++) if (a[i]!==b[i]) return false; return true; }
+function dedupeDerArray(arr) {
+  let out = [];
+  for (let i=0;i<arr.length;i++) {
+    let keep = true;
+    for (let j=0;j<out.length;j++) { if (u8eq(arr[i], out[j])) { keep = false; break; } }
+    if (keep) out.push(arr[i]);
+  }
+  return out;
+}
+
+/**
+ * createSecureContext(options)
+ * key/cert/ca יכולים להיות: path | Buffer | Uint8Array | string(PEM)
+ * מחזיר:
+ *  - certificateChain: [{ cert: Uint8Array }, ...]  // leaf תחילה, אח"כ intermediates
+ *  - privateKey: Uint8Array                          // PKCS#8 DER
+ *  - ca: Uint8Array[]                                // Trust store (לא משולח ללקוח)
+ *  - ocsp: Uint8Array|null
+ *  - ticketKeys: Uint8Array|null
+ *  - certObjs, keyObj (עזרי debug/לוגיקה)
+ */
+function createSecureContext(options) {
+  if (!options) options = {};
+
+  // --- תעודות (כולל שרשרת בתוך cert אם קיימת) ---
+  let certBlocksDer = [];
+  let certObjs = [];
+  if (options.cert != null) {
+    let cRaw = readMaybeFile(options.cert);
+    if (isPEM(cRaw)) {
+      let blocks = splitPEMBlocks(cRaw.toString('utf8'));
+      for (let i=0;i<blocks.length;i++) {
+        if (blocks[i].type.indexOf('CERTIFICATE') !== -1) {
+          certBlocksDer.push(blocks[i].der);
+          certObjs.push(makeX509FromDerOrPem(blocks[i].der));
+        }
+      }
+    } else {
+      const der = new Uint8Array(cRaw);
+      certBlocksDer.push(der);
+      certObjs.push(makeX509FromDerOrPem(der));
+    }
+  }
+
+  // --- מפתח פרטי ---
+  let keyObj = null;
+  let privateKey = null;
+  if (options.key != null) {
+    let kRaw = readMaybeFile(options.key);
+    keyObj = makePrivateKeyFromDerOrPem(kRaw, options.passphrase);
+    privateKey = exportKeyPkcs8Der(keyObj);
+  }
+
+  // אימות בסיסי (כאשר לא משתמשים ב־PFX)
+  if (!options.pfx) {
+    if (certBlocksDer.length === 0) throw new Error('createSecureContext: missing cert.');
+    if (!privateKey) throw new Error('createSecureContext: missing private key.');
+  }
+
+  // --- CA (Trust store) ---
+  let ca = normalizeCA(options.ca);
+
+  // --- OCSP stapling (אופציונלי) ---
+  let ocsp = null;
+  if (options.ocsp != null) ocsp = new Uint8Array(readMaybeFile(options.ocsp));
+
+  // --- Ticket keys (אופציונלי) ---
+  let ticketKeys = null;
+  if (options.ticketKeys != null) ticketKeys = new Uint8Array(readMaybeFile(options.ticketKeys));
+  // אפשרות: ליצור מפתחי ברירת מחדל כאן אם תרצה
+
+  // --- בניית שרשרת לשיגור ללקוח (leaf → intermediates) ---
+  let chainDer = dedupeDerArray(certBlocksDer);
+  let certificateChain = [];
+  for (let c=0;c<chainDer.length;c++) {
+    certificateChain.push({ cert: chainDer[c] });
+  }
+
+  // מידע עזר לזיהוי סוג המפתח הציבורי של ה-leaf
+  let leafPublicKeyType = null;
+  if (certObjs.length > 0 && certObjs[0].publicKey) {
+    try { leafPublicKeyType = certObjs[0].publicKey.asymmetricKeyType || null; } catch (e) { leafPublicKeyType = null; }
+  }
+
+  return {
+    // חומר לשכבת ההנדשייק/רקורד:
+    certificateChain: certificateChain,  // [{ cert: DER(Uint8Array) }, ...]
+    privateKey: privateKey,              // PKCS#8 DER (Uint8Array)
+    ca: ca,                              // Trust store (DER)
+    ocsp: ocsp,                          // DER (אם הוגדר)
+    ticketKeys: ticketKeys,              // Uint8Array (אם הוגדר)
+
+    // עזרי debug/לוגיקה:
+    certObjs: certObjs,                  // [X509Certificate...]
+    keyObj: keyObj,                      // KeyObject
+    leafPublicKeyType: leafPublicKeyType,
+
+    // פרמטרים פרוטוקוליים (אחסון; אתה מפרש בזמן ה-handshake):
+    minVersion: String(options.minVersion || 'TLSv1.2'),
+    maxVersion: String(options.maxVersion || 'TLSv1.3'),
+    ciphers: options.ciphers || null,
+    sigalgs: options.sigalgs || null,
+    ecdhCurve: options.ecdhCurve || null,
+    honorCipherOrder: !!options.honorCipherOrder,
+
+    // תמיכה ב־PFX אם תרצה לטפל בזה בשכבה אחרת:
+    pfx: options.pfx ? new Uint8Array(readMaybeFile(options.pfx)) : null,
+    passphrase: options.passphrase ? String(options.passphrase) : null
+  };
+}
+
+export default createSecureContext;