npm - lemon-tls - Versions diffs - 0.2.0 → 0.2.2 - Mend

lemon-tls 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/src/wire.js CHANGED Viewed

@@ -11,6 +11,12 @@ const TLS_VERSION = {
   TLS1_3: 0x0304
 };
+const DTLS_VERSION = {
+  DTLS1_0: 0xFEFF,
+  DTLS1_2: 0xFEFD,
+  DTLS1_3: 0xFEFC
+};
 const TLS_CONTENT_TYPE = {
   CHANGE_CIPHER_SPEC: 20,
   ALERT: 21,
@@ -125,6 +131,18 @@ function w_u24(buf, off, v) {
   return off;
 }
+function w_u48(buf, off, v) {
+  let hi = Math.floor(v / 0x100000000);
+  let lo = v >>> 0;
+  buf[off++] = (hi >>> 8) & 0xFF;
+  buf[off++] = hi & 0xFF;
+  buf[off++] = (lo >>> 24) & 0xFF;
+  buf[off++] = (lo >>> 16) & 0xFF;
+  buf[off++] = (lo >>> 8) & 0xFF;
+  buf[off++] = lo & 0xFF;
+  return off;
+}
 function w_bytes(buf, off, b) {
   buf.set(b, off);
   return off + b.length;
@@ -220,6 +238,7 @@ exts.SIGNATURE_ALGORITHMS = { encode: null, decode: null };
 exts.PSK_KEY_EXCHANGE_MODES = { encode: null, decode: null };
 exts.KEY_SHARE = { encode: null, decode: null };
 exts.ALPN = { encode: null, decode: null };
+exts.COOKIE = { encode: null, decode: null };
 exts.RENEGOTIATION_INFO = { encode: null, decode: null };
 /* ------------------------------ SERVER_NAME (0) ------------------------------ */
@@ -527,6 +546,13 @@ exts.KEY_SHARE.encode = function (value) {
 };
 exts.KEY_SHARE.decode = function (data) {
+  // HelloRetryRequest form: just NamedGroup (2 bytes, no key_exchange)
+  if (data.length === 2) {
+    let g, off = 0;
+    [g, off] = r_u16(data, off);
+    return [{ group: g, key_exchange: new Uint8Array(0) }];
+  }
   // Try ServerHello form: group(2) + len(2) + key
   if (data.length >= 4) {
     let g, off = 0;
@@ -627,6 +653,19 @@ exts.RENEGOTIATION_INFO.decode = function (data) {
   return v; // return raw bytes (Uint8Array)
 };
+/* -------------------------------- COOKIE (44) -------------------------------- */
+exts.COOKIE.encode = function (value) {
+  let v = toU8(value || new Uint8Array(0));
+  return veclen(2, v);
+};
+exts.COOKIE.decode = function (data) {
+  let off = 0;
+  let v;
+  [v, off] = readVec(data, off, 2);
+  return v; // Uint8Array — opaque cookie
+};
 /* ============================= Extensions helpers ============================= */
 function ext_name_by_code(code) {
   // best-effort pretty name
@@ -718,10 +757,13 @@ function parse_extensions(buf) {
 /* ================================ Hello I/O ================================ */
-function build_hello(kind, params) {
+function build_hello(params) {
   params = params || {};
+  let kind = params.kind;
-  let legacy_version = TLS_VERSION.TLS1_2; // even for TLS1.3 legacy fields
+  let isDtls = (params.cookie !== undefined) ||
+               (params.version !== undefined && (params.version & 0xFF00) === 0xFE00);
+  let legacy_version = isDtls ? DTLS_VERSION.DTLS1_2 : TLS_VERSION.TLS1_2;
   let sid = toU8(params.session_id || "");
   if (sid.length > 32) sid = sid.subarray(0, 32);
@@ -746,8 +788,19 @@ function build_hello(kind, params) {
       oc = w_u8(compBlock, oc, comp[j]);
     }
+    // DTLS cookie field (between session_id and cipher_suites)
+    let cookieBuf = null;
+    if (params.cookie !== undefined) {
+      let cookie = toU8(params.cookie);
+      cookieBuf = new Uint8Array(1 + cookie.length);
+      cookieBuf[0] = cookie.length;
+      if (cookie.length > 0) cookieBuf.set(cookie, 1);
+    }
     const out = new Uint8Array(
-      2 + 32 + 1 + sid.length + csBlock.length + compBlock.length + extsBuf.length
+      2 + 32 + 1 + sid.length +
+      (cookieBuf ? cookieBuf.length : 0) +
+      csBlock.length + compBlock.length + extsBuf.length
     );
     let off = 0;
@@ -755,6 +808,7 @@ function build_hello(kind, params) {
     off = w_bytes(out, off, params.random);
     off = w_u8(out, off, sid.length);
     off = w_bytes(out, off, sid);
+    if (cookieBuf) off = w_bytes(out, off, cookieBuf);
     off = w_bytes(out, off, csBlock);
     off = w_bytes(out, off, compBlock);
     off = w_bytes(out, off, extsBuf);
@@ -782,11 +836,13 @@ function build_hello(kind, params) {
   throw new Error('build_hello: kind must be "client" or "server"');
 }
-function parse_hello(hsType, body) {
-  let isClient = (hsType === TLS_MESSAGE_TYPE.CLIENT_HELLO || hsType === 'client_hello');
+function parse_hello(params) {
+  let hsType = params.kind;
+  let body = params.body;
+  let isClient = (hsType === 'client' || hsType === TLS_MESSAGE_TYPE.CLIENT_HELLO || hsType === 'client_hello');
   let off = 0;
-  // --- שדות משותפים ---
+  // --- shared fields ---
   let legacy_version; [legacy_version, off] = r_u16(body, off);
   let random;         [random,         off] = r_bytes(body, off, 32);
   let sidLen;         [sidLen,         off] = r_u8(body, off);
@@ -796,8 +852,20 @@ function parse_hello(hsType, body) {
   let legacy_compression = [];
   let type = isClient ? 'client_hello' : 'server_hello';
+  // DTLS cookie — auto-detect by version (DTLS versions have 0xFE in high byte)
+  let dtls_cookie = null;
+  let isDTLS = (legacy_version & 0xFF00) === 0xFE00;
   if (isClient) {
     // --- ClientHello ---
+    // DTLS ClientHello has a cookie field between session_id and cipher_suites
+    if (isDTLS) {
+      let cookieLen; [cookieLen, off] = r_u8(body, off);
+      if (cookieLen > 0) {
+        [dtls_cookie, off] = r_bytes(body, off, cookieLen);
+      }
+    }
     let csLen; [csLen, off] = r_u16(body, off);
     let csEnd = off + csLen;
     while (off < csEnd) {
@@ -837,9 +905,10 @@ function parse_hello(hsType, body) {
     version: version,                     // single (u16)
     random: random,                       // single (Uint8Array(32))
     session_id: session_id,               // single (Uint8Array)
+    dtls_cookie: dtls_cookie,             // Uint8Array or null (DTLS only)
     cipher_suites: cipher_suites,         // array
     legacy_compression: legacy_compression, // array
-    extensions: extensions                // array (לא נוגעים בפנים)
+    extensions: extensions                // array
   };
 }
@@ -1204,21 +1273,23 @@ function parse_certificate_request(body) {
 /* ============================== TLS 1.3 HelloRetryRequest ============================== */
 function build_hello_retry_request(params) {
-  // params: { cipher_suite, selected_version, selected_group, cookie?: Uint8Array|string, other_exts?: list }
+  // params: { cipher_suite, selected_version, selected_group, session_id?, cookie?, other_exts? }
   let rnd = TLS13_HRR_RANDOM;
-  const sid = new Uint8Array(0);
+  let sid = (params && params.session_id) ? toU8(params.session_id) : new Uint8Array(0);
   let legacy_version = TLS_VERSION.TLS1_2;
   let extList = [];
   // supported_versions (selected)
   extList.push({ type: 'SUPPORTED_VERSIONS', value: (params && params.selected_version) || TLS_VERSION.TLS1_3 });
-  // key_share: only selected_group (no key)
+  // key_share: HRR format = just NamedGroup (2 bytes), NOT ServerHello format
   if (params && params.selected_group != null) {
-    extList.push({ type: 'KEY_SHARE', value: { selected_group: params.selected_group, key_exchange: new Uint8Array(0) } });
+    let ks_data = new Uint8Array(2);
+    ks_data[0] = (params.selected_group >> 8) & 0xff;
+    ks_data[1] = params.selected_group & 0xff;
+    extList.push({ type: 0x0033, data: ks_data });
   }
   // cookie if supplied
   if (params && params.cookie) {
-    if (!exts.COOKIE) { exts.COOKIE = { encode: function(v){ return veclen(2, toU8(v||'')); }, decode: function(d){ let off=0,v; [v,off]=readVec(d,0,2); return v; } }; }
     extList.push({ type: 'COOKIE', value: params.cookie });
   }
   // other extensions passthrough
@@ -1229,12 +1300,13 @@ function build_hello_retry_request(params) {
   let extsBuf = build_extensions(extList);
   let cipher_suite = (params && typeof params.cipher_suite==='number') ? params.cipher_suite : 0x1301;
-  // Wire = legacy_version + random + sid + cipher_suite + compression(0) + extensions
-  const out = new Uint8Array(2 + 32 + 1 + 0 + 2 + 1 + extsBuf.length);
+  // Wire = legacy_version + random + sid_len + sid + cipher_suite + compression(0) + extensions
+  const out = new Uint8Array(2 + 32 + 1 + sid.length + 2 + 1 + extsBuf.length);
   let off = 0;
   off = w_u16(out, off, legacy_version);
   off = w_bytes(out, off, rnd);
-  off = w_u8(out, off, 0);
+  off = w_u8(out, off, sid.length);
+  if (sid.length > 0) off = w_bytes(out, off, sid);
   off = w_u16(out, off, cipher_suite);
   off = w_u8(out, off, 0);
   off = w_bytes(out, off, extsBuf);
@@ -1432,9 +1504,89 @@ function parse_key_update(body) {
 }
+/* ============================== DTLS Handshake Message ============================== */
+/**
+ * Build a DTLS handshake message from a TLS message.
+ * Adds 8-byte reconstruction header: msg_seq(2) + frag_offset(3) + frag_length(3).
+ *
+ * tls_msg: Uint8Array — TLS format: type(1) + length(3) + body
+ * msg_seq: u16 — handshake message sequence number
+ * frag_offset: optional, defaults to 0
+ * frag_length: optional, defaults to full body length
+ */
+function build_dtls_handshake(tls_msg, msg_seq, frag_offset, frag_length) {
+  let type = tls_msg[0];
+  let total_length = (tls_msg[1] << 16) | (tls_msg[2] << 8) | tls_msg[3];
+  let body = tls_msg.subarray(4);
+  if (frag_offset === undefined) frag_offset = 0;
+  if (frag_length === undefined) frag_length = body.length;
+  let frag_body = body.subarray(frag_offset, frag_offset + frag_length);
+  let out = new Uint8Array(12 + frag_body.length);
+  let off = 0;
+  off = w_u8(out, off, type);
+  off = w_u24(out, off, total_length);
+  off = w_u16(out, off, msg_seq);
+  off = w_u24(out, off, frag_offset);
+  off = w_u24(out, off, frag_length);
+  off = w_bytes(out, off, frag_body);
+  return out;
+}
+/**
+ * Parse a DTLS handshake message.
+ * Returns { type, length, msg_seq, frag_offset, frag_length, body }.
+ */
+function parse_dtls_handshake(buf) {
+  let off = 0;
+  let type;       [type, off]       = r_u8(buf, off);
+  let length;     [length, off]     = r_u24(buf, off);
+  let msg_seq;    [msg_seq, off]    = r_u16(buf, off);
+  let frag_offset;[frag_offset, off]= r_u24(buf, off);
+  let frag_length;[frag_length, off]= r_u24(buf, off);
+  let body;       [body, off]       = r_bytes(buf, off, frag_length);
+  return { type, length, msg_seq, frag_offset, frag_length, body };
+}
+/* ============================== DTLS 1.2 HelloVerifyRequest ============================== */
+/**
+ * Build HelloVerifyRequest body (DTLS 1.2 — message type 3).
+ * params: { server_version?, cookie: Uint8Array }
+ */
+function build_hello_verify_request(params) {
+  let version = (params && params.server_version) || DTLS_VERSION.DTLS1_2;
+  let cookie = toU8(params && params.cookie || new Uint8Array(0));
+  let out = new Uint8Array(2 + 1 + cookie.length);
+  let off = 0;
+  off = w_u16(out, off, version);
+  off = w_u8(out, off, cookie.length);
+  if (cookie.length > 0) off = w_bytes(out, off, cookie);
+  return out;
+}
+/**
+ * Parse HelloVerifyRequest body.
+ * Returns { server_version, cookie }.
+ */
+function parse_hello_verify_request(body) {
+  let off = 0;
+  let server_version; [server_version, off] = r_u16(body, off);
+  let cookieLen;      [cookieLen, off] = r_u8(body, off);
+  let cookie = new Uint8Array(0);
+  if (cookieLen > 0) { [cookie, off] = r_bytes(body, off, cookieLen); }
+  return { server_version, cookie };
+}
 /* ================================ Exports ================================= */
 export {
   TLS_VERSION,
+  DTLS_VERSION,
   TLS_CONTENT_TYPE,
   TLS_ALERT_LEVEL,
   TLS_ALERT,
@@ -1444,6 +1596,7 @@ export {
   w_u8,
   w_u16,
   w_u24,
+  w_u48,
   w_bytes,
   r_u8,
   r_u16,
@@ -1492,8 +1645,10 @@ export {
   build_key_update,
   parse_key_update,
-};
+  // DTLS
+  build_dtls_handshake,
+  parse_dtls_handshake,
+  build_hello_verify_request,
+  parse_hello_verify_request,
+};