Merge pull request #6 from reclaimprotocol/pure-js-crypto

Pure js crypto

Author: adiwajshing

.eslintignore

@@ -1,3 +1,4 @@
 # Ignore artifacts:
 lib
-jest.config.js
+jest.config.js
+out

.eslintrc.yaml

@@ -1,8 +1,9 @@
 extends: '@adiwajshing'
 parserOptions:
-  project: ./tsconfig.lint.json
+  project: ./tsconfig.json
 rules:
     '@typescript-eslint/no-explicit-any': 0
     '@typescript-eslint/no-unused-vars': 0
     '@typescript-eslint/type-annotation-spacing': 0
-    '@typescript-eslint/member-delimiter-style': 0
+    '@typescript-eslint/member-delimiter-style': 0
+    '@typescript-eslint/consistent-type-imports': 'error'

.github/workflows/test.yaml

@@ -18,7 +18,7 @@ jobs:
     - name: Setup Node
       uses: actions/setup-node@v4
       with:
-        node-version: 18
+        node-version: 24
         cache: 'npm'
 
     - uses: actions/cache@v4
@@ -32,5 +32,8 @@ jobs:
     - name: Lint
       run: npm run lint
 
-    - name: Test
-      run: npm run test
+    - name: Test (PureJS)
+      run: npm run test:pure-js
+    
+    - name: Test (WebCrypto)
+      run: npm run test:webcrypto

.gitignore

@@ -2,3 +2,4 @@ node_modules
 lib
 .DS_Store
 .idea
+out

README.md

@@ -4,9 +4,9 @@
     </div>
 </div>
 
-A TLS client implementation in typescript. This library is fully compatible with the browser (without any polyfills) and on Node Js. 
+A TLS client implementation in typescript. This library is fully compatible with the browser (without any polyfills), and on any other JavaScript environment.
 
-As all the cryptography is handled by webcrypto -- running on React native requires a polyfill for the "WebCrypto" module.
+As all the cryptography is handled by either "webcrypto" or a "pure-js" implementation if webcrypto is not available.
 
 ## Dependencies
 
@@ -47,8 +47,6 @@ As all the cryptography is handled by webcrypto -- running on React native requi
 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 
-Note: AES-CBC only works correctly on NodeJs.
-
 ### Certificates
 - The entire Mozilla CA store is supported
 - A few additional certificates have also been added. See `src/utils/root-ca.ts`
@@ -60,8 +58,28 @@ Edge version:
 npm i git+https://github.com/reclaimprotocol/tls
 ```
 
+## Set Crypto Implementation
+
+When on the browser, NodeJS or another NodeJS like runtime (such as Bun), you can set the crypto implementation to use the native `webcrypto` API. This is the most performant way to use this library.
+``` ts
+import { setCryptoImplementation } from '@reclaimprotocol/tls'
+import { webcryptoCrypto } from '@reclaimprotocol/tls/webcrypto'
+
+setCryptoImplementation(webcryptoCrypto)
+```
+
+If webcrypto is not available, you can use the `pure-js` implementation. This is slower, but works in all JavaScript environments -- even JavascriptCore.
+``` ts
+import { setCryptoImplementation } from '@reclaimprotocol/tls'
+import { pureJsCrypto } from '@reclaimprotocol/tls/pure-js'
+
+setCryptoImplementation(pureJsCrypto)
+```
+
 ## Example Usage
 
+After you've set the crypto implementation, you can use the TLS client like this:
+
 ``` ts
 import { Socket } from 'net'
 import { makeTLSClient, uint8ArrayToStr } from '@reclaimprotocol/tls'
@@ -146,6 +164,13 @@ Use the TLS KeyUpdate method to update the traffic keys. This sends a KeyUpdate
 await tls.updateTrafficKeys()
 ```
 
+### Testing Connections
+
+If you want to test a connection to a host, you can use the `handshake.ts` script. This script will connect to the specified host and port, perform a TLS handshake, and log the result.
+```bash
+npm run handshake -- --host www.google.com
+```
+
 ## Updating CA certificates
 ```bash
 npm run update:root-ca

cert/private-key.pem

@@ -1,15 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDtmVasZbJ0DyGL32QiHXw0bI8fBqPW7n3nLsXqMcAx+FjrpYWQ
-a4jB6rEx+702OeSf9x/DrNx81ZKc0qppSVeG4RiIgEmPvYTrt184HabQQs5DcWM0
-F+Za87thdARVDOjzNE3X9tu2htWudo9wnANykFnxjhtZI81f/6fu3U3DoQIDAQAB
-AoGBAMaBj/pk1N1GLv7PWrdt7vFVqZWAVK4jfykA2PW7LxoQpSnrllV8ojtxOy3J
-ZuHBKJPFQdKXv3bEcMN49ksUrXw0wAhLHS3otggWSEW0iZJp+Q5diSWWTBGNmj8j
-YuzyHxmnY4WFQnHFMol0VlVI9KN4NqkB/xEa2vZLN5XMlFlhAkEA+QaboNSFjK5B
-ypqsxvqwHekew8GCiFYL/wp6Q7wWIU9o6/YbCHJnyAuhDBpZgWoQghRqhbCFP2Xi
-QADHTF1BBQJBAPRAzk8I5qrLHvpot+a3nQcYoLmHPA9O497lHXjt3h1f3WHDKprC
-G8GjzdqFDdTEUgidGjj562tiaIVvSZWC6u0CQFkV8RTPEluqdyTYwpiIU/rPS88x
-6dWGGtKJWAXlQnF2LA3FxBP4gYICDwH6Zyyx2ef/D8B1zqVIeHD3FlUOQ1UCQALT
-NQ+o9LIJA2S2DVp3yTMpz8IVlFZA/VW4pKyfY7BHSZI15apAkH2e3WSnoU9Srfg3
-iPQbv+NQEhFpBhralskCQQCQ+Y9TtLaLA/CnUbV+CUnQJKYpHEhrep8PqDLQb4km
-a4JFqX8znutM5SRQ+91OlrWLc7f5fCR09WLUYYUddqQh
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvuo0QZpZ5I66S
+Y51H/EgDdvh1f+/GrvRgmR+c2nZRj3pzWnP5V2KKZrwFNgFRaW+em5vdtzravy65
+giuoiah4pPeuOttkxBHKEH6rTTRmEXsOiQDiXSpZ4Rs4nA6xGR6bcNr+/7thbuWu
+35K2/xlhx8pOkHVapo21Xq5lICnjDlBc4G3dfPVFKLpffqYoEDWxJPQVIWTWo25/
+TP+MtSboJXmXKeQiRH0KcPadk2FpEDkWq0k/9im/p+3MSnPdSFUzibVK1QuLgUkU
+vlywc0fzK/DkwcAG3S4J7STyC9mWKWGUBQNeRj1Tmt3+ZY6I7veuWxLS7qXkJTCk
+bB0TC8+BAgMBAAECggEAJWyAQD7oytGriueGBl+W4o4CqdteMBzwVGYn0lrAGeyJ
+cmmQC0jt5nWskxuGOlVO/SM8lYJBGXbft4geTh1K8K6JROSp9pK/Cx5qK4ccoqQU
+ZesNcifPLib/ihXKFzM3TnlBWk8SE9TvO0fH0gsP18AZuJOROoX/5eFNGKI56W23
+hdEUpmsc5RJJByXt4LaiMRQIJpwDu67nVQPvgJD74n9zdazgd7KvoBypEIAGEUYZ
+dWc3pUNwDlTn+ytcXJXZmJ3A6xSUagqXthnT/4WqpzSqInBCztsclBxGymXfggUa
+teZdiU16vCF82akS1vZO6qLw67XtXL/EzY/ufSboJQKBgQDeG8/zTpypeMOmZYOJ
+yPXEREs3eqo+WU2x4OIbKL5lzKRZTOhrwMjXJD9SH2iKi2CwbcReK8BU5bpHxycW
+SUzHhr4UTRHVpkoIaLMORKSfr4PuFD5wzAFa/NRjgEud8i6ksEeIcM6qaOTqRKuO
+gMEqa9Yol+A2s4hY/5HeyikVEwKBgQDKiwIp01n0Ao48W5RpyBDCnMYywEig7aZi
+8i5H0EPIXK+WWwOi9eK+Jq3oHfYv7fO3VMEwEqsDUOCQnQ8f4FrkXoq04IjWSQPK
+E/XYJSjqUPwx3Cci270AdkXON2SGQgo96FMD0gbvRrXcVi+G3Rvrp1RoiloTW3Bf
+AJFQen5fmwKBgBo+rxPQ9jIQUw4WcLSXSnMmnryvge5cHxIlwJH0/oqI4+Kpc81H
+unOxlMnfbDryvTobvlhiUxe1DY3tunCnuKrbARrlAHZ+b8EOnhnRgqJb2vsG6Vnq
+wT4/IdmgD09ajqhnLAyzR7hbLLGB68Oq8yhQFb42NAhCrpnVmSb6PGCBAoGBAMP4
++k/j2q55ZoxKA/DSDj1vGWpzmBJ1vz8Pmu4LOfp8i7xMNdmQViKsJCpqCxFXCDBD
+xmSwO12K/K2P+dla6Db8rvLSKjREE3GMHJxVYCBP2aSYohldSaNPzLz55b7t2SEL
+UH9q0SDlZwNZNMUl3WUG02oPK5Z9K94QG4ol626vAoGAev19+TRUqMWRi8gNYjeW
+u293j39upB7xA58PIe1ahVPDMG/0lyXkwdkmPVLPfmS4nibfhuXNmaSSMoopeTrH
+bmjE749E18DLyD8DsWg259V/HO6Kn6QEvad9qYtiPDpoB7HylK0Kh9lKdkQIuSkp
+JumXsWMbEimr4dMhky4JEVY=
+-----END PRIVATE KEY-----

cert/public-cert.pem

@@ -1,11 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIIBkDCB+gIJAI2KIcqQ4OayMA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNVBAYTAklO
-MB4XDTIzMDMyMzEyMjA1NFoXDTIzMDQyMjEyMjA1NFowDTELMAkGA1UEBhMCSU4w
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO2ZVqxlsnQPIYvfZCIdfDRsjx8G
-o9bufecuxeoxwDH4WOulhZBriMHqsTH7vTY55J/3H8Os3HzVkpzSqmlJV4bhGIiA
-SY+9hOu3XzgdptBCzkNxYzQX5lrzu2F0BFUM6PM0Tdf227aG1a52j3CcA3KQWfGO
-G1kjzV//p+7dTcOhAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAK8mC5Ui2He/ITSnw
-XMRONt/cfSeHjdrfDJeP7npHdmhmQGZNBpOKJxbZi/ZPuaMFBpiCwd8YJbPV6zIs
-iOgUpACqwHIFk5Ua1uzDcEq5Sx52vNs9yqQ5GJ+dGxxs59Uj1/RlYaB44oRzYPoF
-ymo/HxkuEBoFAb17BhW0tEwS5gg=
+MIIDjTCCAnWgAwIBAgIUSLKROt+EUmJ+i9NcznIAYME5WnIwDQYJKoZIhvcNAQEL
+BQAwVjELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAkNIMQswCQYDVQQHDAJDSDEZMBcG
+A1UECgwQUmVjbGFpbSBQcm90b2NvbDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1
+MDcyOTExMDgyM1oXDTI2MDcyOTExMDgyM1owVjELMAkGA1UEBhMCSU4xCzAJBgNV
+BAgMAkNIMQswCQYDVQQHDAJDSDEZMBcGA1UECgwQUmVjbGFpbSBQcm90b2NvbDES
+MBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAr7qNEGaWeSOukmOdR/xIA3b4dX/vxq70YJkfnNp2UY96c1pz+Vdiima8BTYB
+UWlvnpub3bc62r8uuYIrqImoeKT3rjrbZMQRyhB+q000ZhF7DokA4l0qWeEbOJwO
+sRkem3Da/v+7YW7lrt+Stv8ZYcfKTpB1WqaNtV6uZSAp4w5QXOBt3Xz1RSi6X36m
+KBA1sST0FSFk1qNuf0z/jLUm6CV5lynkIkR9CnD2nZNhaRA5FqtJP/Ypv6ftzEpz
+3UhVM4m1StULi4FJFL5csHNH8yvw5MHABt0uCe0k8gvZlilhlAUDXkY9U5rd/mWO
+iO73rlsS0u6l5CUwpGwdEwvPgQIDAQABo1MwUTAdBgNVHQ4EFgQUQR3hstZqH0oA
+310VswIf7mvenhAwHwYDVR0jBBgwFoAUQR3hstZqH0oA310VswIf7mvenhAwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAlQx4zkJFNNRrpTvljDYT
+kL/GqQ6ypg/tPzg3HRwgG7k2/EegDfAVEYRYC/3kyLuW8WTSaqZp8gGTK463MM16
+v9KB3RdIFMaB201+8GEeAuTawj+crrDa3EjST26qMPIULzLMA8NUxzKMZzVtLkuN
+t/qBjVKmKZm8gFkBmc3WPSGXXzU9ZMBdLdxiZR433hEQEn7NIwLCzG8hkcOmMFe1
+3QErdV0Ffls65eABnfeylMcMP+BQmW3dz0fjY18gh1wbSXKpiayI8SKbWyeOmPkY
+Yi0/FjNRkWQAoMmfCXH46lo2+wU9wRJT8aNvXXOvOxE428lcbMjujJF7+xBg0nbB
+XQ==
 -----END CERTIFICATE-----