lemon-tls 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/index.js +21 -6
  2. package/package.json +3 -10
  3. package/src/crypto.js +12 -1
  4. package/src/dtls_session.js +865 -0
  5. package/src/dtls_socket.js +263 -0
  6. package/src/record.js +486 -4
  7. package/src/session/message.js +6 -3
  8. package/src/tls_session.js +166 -57
  9. package/src/wire.js +142 -11
package/index.js CHANGED
@@ -20,6 +20,14 @@ import {
20
20
  DEFAULT_MAX_VERSION,
21
21
  } from './src/compat.js';
22
22
 
23
+ // DTLS
24
+ import DTLSSession from './src/dtls_session.js';
25
+ import {
26
+ DTLSSocket,
27
+ createDTLSServer,
28
+ connectDTLS,
29
+ } from './src/dtls_socket.js';
30
+
23
31
  /**
24
32
  * Crypto primitives for QUIC and custom transport consumers.
25
33
  */
@@ -45,15 +53,16 @@ export {
45
53
  crypto,
46
54
  wire,
47
55
  record,
56
+
57
+ // DTLS
58
+ DTLSSession,
59
+ DTLSSocket,
60
+ createDTLSServer,
61
+ connectDTLS,
48
62
  };
49
63
 
50
64
  /**
51
- * Default export — Node.js tls API compatible.
52
- *
53
- * Usage:
54
- * import tls from 'lemon-tls';
55
- * tls.connect(443, 'example.com', { ... });
56
- * tls.createServer({ key, cert }, (socket) => { ... });
65
+ * Default export — Node.js tls API compatible + DTLS.
57
66
  */
58
67
  export default {
59
68
  TLSSocket,
@@ -67,4 +76,10 @@ export default {
67
76
  crypto,
68
77
  wire,
69
78
  record,
79
+
80
+ // DTLS
81
+ DTLSSession,
82
+ DTLSSocket,
83
+ createDTLSServer,
84
+ connectDTLS,
70
85
  };
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "lemon-tls",
3
- "version": "0.2.1",
4
- "description": "Zero-dependency TLS 1.3/1.2 implementation for Node.js full control over cryptographic keys, record layer, and handshake. Drop-in replacement for node:tls with advanced options impossible in OpenSSL.",
3
+ "version": "0.2.2",
4
+ "description": "Zero-dependency TLS 1.3/1.2 implementation for Node.js - full control over cryptographic keys, record layer, and handshake. Drop-in replacement for node:tls with advanced options impossible in OpenSSL.",
5
5
  "main": "index.js",
6
6
  "type": "module",
7
7
  "types": "index.d.ts",
@@ -17,12 +17,6 @@
17
17
  "./record": "./src/record.js",
18
18
  "./session": "./src/tls_session.js"
19
19
  },
20
- "scripts": {
21
- "test": "node tests/test_all.js",
22
- "test:https": "node tests/test_https.js",
23
- "test:compat": "node tests/test_compat.js",
24
- "test:all": "node tests/test_all.js && node tests/test_compat.js"
25
- },
26
20
  "files": [
27
21
  "index.js",
28
22
  "index.cjs",
@@ -115,6 +109,5 @@
115
109
  "type": "buymeacoffee",
116
110
  "url": "https://buymeacoffee.com/colocohen"
117
111
  }
118
- ],
119
- "dependencies": {}
112
+ ]
120
113
  }
package/src/crypto.js CHANGED
@@ -553,6 +553,16 @@ function get_handshake_finished(hashName, traffic_secret, transcript) {
553
553
  }
554
554
 
555
555
 
556
+ // ============================================================
557
+ // DTLS 1.3: record number encryption key (RFC 9147 §5.9)
558
+ // ============================================================
559
+
560
+ function derive_sn_key(hashName, traffic_secret, cipher_suite) {
561
+ let keylen = TLS_CIPHER_SUITES[cipher_suite].keylen;
562
+ return hkdf_expand_label(hashName, traffic_secret, 'sn', new Uint8Array(0), keylen);
563
+ }
564
+
565
+
556
566
  // ============================================================
557
567
  // Exports — identical API surface
558
568
  // ============================================================
@@ -576,5 +586,6 @@ export {
576
586
  compute_psk_binder,
577
587
  derive_handshake_traffic_secrets_psk,
578
588
  build_cert_verify_tbs,
579
- get_handshake_finished
589
+ get_handshake_finished,
590
+ derive_sn_key,
580
591
  };