Constructor
new Telsa(opts)
Parameters:
Name | Type | Description |
---|---|---|
opts |
object |
Members
ca
root ca in forge format
caStore
forge ca store
cipher :CipherFunction
Type:
clientRandom
client random
clientWriteKey
client key
clientWriteMacKey
client write mac key
decipher :DecipherFunction
Type:
fragment :Fragment|null
current fragment, contains 0, 1 or more records of the same type.
Type:
- Fragment | null
incomming :Buffer
incomming data buffer, may contain fragmented records.
Type:
- Buffer
masterSecret
master secret
msgs
handshake messages
opts
options
preMasterSecret
pre-master secret
serverRandom
server random
serverWriteKey
server key
serverWriteMacKey
server write mac key
sessionId
session id
socket :net.Socket
tcp connection
Type:
- net.Socket
writing :object|function
blocked or draining _write
operation
null
if no blocked_write
{ chunk, encoding, callback }
if a_write
is blockedcallback
if the operation is waiting for draining
Type:
- object | function
Methods
_final()
implement Duplex _final
_read()
implement Duplex _read
_write()
implements Duplex
_write
assertLast()
assert last handshake message from and type
changeCipherSpec()
send change cipher spec message and set cipher
clientVerifyData()
generates client verify data in client Finished message
deriveKeys()
derive keys from pre-master secret, client and server random
handleAlert(data)
handle alert message, all warnings are bypassed except close_notify
Parameters:
Name | Type | Description |
---|---|---|
data |
Buffer |
handleApplicationData()
handle application data
handleCertificate()
extracts and verifies server certificates. If succeeded, extracts server public key for futher usage.
struct {
ASN.1Cert certificate_list<0..2^24-1>;
} Certificate;
handleCertificateRequest()
struct {
ClientCertificateType certificate_types<1..2^8-1>;
SignatureAndHashAlgorithm
supported_signature_algorithms<2^16-1>;
DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest;
handleChangeCipherSpec()
handle change cipher spec
handleError()
handle errors from data handler, asynchronous operations, but not socket error
handleHandshakeMessage(msg)
handle handshake message
Parameters:
Name | Type | Description |
---|---|---|
msg |
Buffer | full message data, including type, length, and body |
handleServerFinished(data)
checks verify_data
in server Finished message, transits to
Established state or throw error
struct {
opaque verify_data[verify_data_length];
} Finished;
Parameters:
Name | Type | Description |
---|---|---|
data |
Buffer |
handleServerHello()
struct {
ProtocolVersion server_version;
Random random;
SessionID session_id;
CipherSuite cipher_suite;
CompressionMethod compression_method;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions<0..2^16-1>;
};
} ServerHello;
handleServerHelloDone()
struct { } ServerHelloDone;
handleSocketData(data)
handle socket data
Parameters:
Name | Type | Description |
---|---|---|
data |
Buffer | socket data |
maxFragmentLength()
Returns:
max fragment length
readFragment() → {Fragment}
read a record out of incomming data buffer
Returns:
the record type and payload
- Type
- Fragment
readMessage() → {Message}
read a message
Returns:
- Type
- Message
readMessageFromFragment() → {Message}
read a message from current fragment
Returns:
- Type
- Message
saveMessage()
save handshake message
send(type, data)
constructs a record layer packet and send
Parameters:
Name | Type | Description |
---|---|---|
type |
number | content type |
data |
Buffer | content |
sendAlert() → {boolean}
Returns:
false if buffer full
- Type
- boolean
sendApplicationData() → {boolean}
Returns:
false if buffer full
- Type
- boolean
sendCertificateVerify()
send CertificateVerify
sendChangeCipherSpec() → {boolean}
Returns:
false if buffer full
- Type
- boolean
sendClientCertificate()
send client certificate if ServerHelloDone and server public key available (which also means server certificates verified)
sendClientHello()
send ClientHello handshake message
sendClientKeyExchange()
send ClientKeyExchange message, preMasterSecret is encrypted using server's public key
sendFinished()
send Finished handshake message
sendHandshakeMessage() → {boolean}
Returns:
false if buffer full
- Type
- boolean
serverVerifyData()
generates server verify data in server Finsihed message
setServerRandom(random)
set server random and derives keys
Parameters:
Name | Type | Description |
---|---|---|
random |
buffer | server random |
shiftFragment() → {Fragment}
shift data chunk with given size from current fragment
Returns:
- Type
- Fragment
sign()
sign all handshake messages sent and received so far
terminate()
terminate is the one-for-all method to end the telsa. unlike node tls, telsa terminates synchronously, which means that there is no closing state. This is allowed in TLS spec.
- final
- destroy
- socket, [err]
- error, TLSError | Error
- alert, TLSAlert
- (close_notify) redefined from alert