From fea659d2e1adc7f52615e824636ccea6a84c660f Mon Sep 17 00:00:00 2001
From: Ryan Kelly <ryan@rfk.id.au>
Date: Fri, 18 Jan 2019 12:12:29 +1100
Subject: [PATCH] Add initial TLS1.3 PSK-mode implementation.

---
 .circleci/config.yml                       |    5 +-
 .gitignore                                 |    3 +
 README.md                                  |   22 +-
 demo/test_client.html                      |    6 +-
 demo/test_server.html                      |    7 +-
 dist/FxAccountsPairingChannel.babel.umd.js | 6067 +++++++++++++++++++-
 dist/FxAccountsPairingChannel.js           | 2547 +++++++-
 package-lock.json                          | 2386 +++++---
 package.json                               |    8 +-
 src/alerts.js                              |   76 +
 src/constants.js                           |    9 +
 src/crypto.js                              |  119 +
 src/extensions.js                          |  266 +
 src/index.js                               |  126 +-
 src/keyschedule.js                         |  133 +
 src/messages.js                            |  399 ++
 src/recordlayer.js                         |  346 ++
 src/rot128.js                              |  124 -
 src/states.js                              |  418 ++
 src/tlsconnection.js                       |  253 +
 src/utils.js                               |  357 +-
 test/.eslintrc.yml                         |   28 +-
 test/FxAccountsPairingChannel.js           |  126 +-
 test/helpers.js                            |  265 +
 test/karma.conf.js                         |   10 +-
 test/keyschedule.js                        |  124 +
 test/misc.js                               |   27 +
 test/recordlayer.js                        |  396 ++
 test/tlsconnection.js                      | 1542 +++++
 test/utils.js                              |  475 ++
 test/vectors/generate_test_vectors.py      |  374 ++
 test/vectors/test_vectors.js               |  114 +
 webpack.config.js                          |   64 +-
 33 files changed, 15820 insertions(+), 1402 deletions(-)
 create mode 100644 src/alerts.js
 create mode 100644 src/constants.js
 create mode 100644 src/crypto.js
 create mode 100644 src/extensions.js
 create mode 100644 src/keyschedule.js
 create mode 100644 src/messages.js
 create mode 100644 src/recordlayer.js
 delete mode 100644 src/rot128.js
 create mode 100644 src/states.js
 create mode 100644 src/tlsconnection.js
 create mode 100644 test/helpers.js
 create mode 100644 test/keyschedule.js
 create mode 100644 test/misc.js
 create mode 100644 test/recordlayer.js
 create mode 100644 test/tlsconnection.js
 create mode 100644 test/utils.js
 create mode 100644 test/vectors/generate_test_vectors.py
 create mode 100644 test/vectors/test_vectors.js

diff --git a/.circleci/config.yml b/.circleci/config.yml
index ad2a52c..afeb7e0 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -18,9 +18,12 @@ jobs:
           shell: /bin/bash --login
           command: |
             sudo npm install -g npm@6
-            npm install
+            npm ci
             DISPLAY=:99 FIREFOX_BIN=./firefox/firefox-bin npm test
 
+      - store_artifacts:
+          path: ./coverage/
+
       - run: npm run lint
 workflows:
   version: 2
diff --git a/.gitignore b/.gitignore
index ad46b30..84ffd6d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
+# Build with coverage info enabled.
+dist/FxAccountsPairingChannel.babel.umd.coverage.js 
+
 # Logs
 logs
 *.log
diff --git a/README.md b/README.md
index fa48b22..7e28cce 100644
--- a/README.md
+++ b/README.md
@@ -8,19 +8,15 @@ It will be used by the Firefox Accounts pairing flow, with one side
 of the channel being web content from https://accounts.firefox.com and
 the other side of the channel being a signed-in Firefox instance.
 
-The connection will *eventually* be secured using a pre-shared key
-and TLS1.3, but that code is still in progress. To parallelize
-client development we've published an initial version with a
-correctly-shapred API but no meaningful security.
 
 API
 ===
 
-The main abstraction is the `InsecurePairingChannel` class.
+The main abstraction is the `PairingChannel` class.
 One side of the connection can create a new channel like this:
 
 ```
-const channel = await InsecurePairingChannel.create(CHANNEL_SERVER_URL);
+const channel = await PairingChannel.create(CHANNEL_SERVER_URL);
 console.log(channel.channelId, channel.channelKey);
 ```
 
@@ -29,7 +25,7 @@ the intended client, perhaps by scanning a QR code.  It can then
 connect to the channel like this:
 
 ```
-const channel = await InsecurePairingChannel.connect(CHANNEL_SERVER_URL, channelId, channelKey);
+const channel = await PairingChannel.connect(CHANNEL_SERVER_URL, channelId, channelKey);
 ```
 
 Both ends of the channel can then send and receive messages using a websocket-like
@@ -46,4 +42,14 @@ channel.addEventListener("message", event => {
 
 You can try out a more complete demo of this API by loading
 `./demo/test_client.html` and `./demo/test_server.html` in
-parallel webpages and watching them pass messages back and forth.
\ No newline at end of file
+parallel webpages and watching them pass messages back and forth.
+
+
+Crypto
+======
+
+Under the hood, the `PairingChannel` implements the "externally-provisioned
+pre-shared key" mode of [TLS1.3](https://tools.ietf.org/html/rfc8446).
+Each side of the channel can thus be assured that its peer is in posession
+of the `channelKey`, and that their traffic is protected from anyone who
+does not possess this key.
diff --git a/demo/test_client.html b/demo/test_client.html
index 8030ee6..e22330c 100644
--- a/demo/test_client.html
+++ b/demo/test_client.html
@@ -22,15 +22,15 @@ <h2>fxa-pairing-tls demo client</h2>
   <script src="../dist/FxAccountsPairingChannel.babel.umd.js"></script>
   <script>
     $(() => {
-      const {InsecurePairingChannel, hexToBytes} = FxAccountsPairingChannel;
+      const {PairingChannel, base64urlToBytes} = FxAccountsPairingChannel;
       const CHANNEL_SERVER = 'wss://dev.channelserver.nonprod.cloudops.mozgcp.net';
       $("#code-value").val("")
       $("#chat-history").val("")
       $("#code-value").on("keypress", async evt => {
         if (evt.keyCode !== 13) { return }
         const [channelId, pskHex] = $("#code-value").val().split("#");
-        const psk = hexToBytes(pskHex);
-        const channel = await InsecurePairingChannel.connect(CHANNEL_SERVER, channelId, psk);
+        const psk = base64urlToBytes(pskHex);
+        const channel = await PairingChannel.connect(CHANNEL_SERVER, channelId, psk);
         channel.addEventListener("message", event => {
           const {msg} = event.detail.data;
           $("#chat-history").val($("#chat-history").val() + "\nthem>> " + msg)
diff --git a/demo/test_server.html b/demo/test_server.html
index 4caf9b7..893690a 100644
--- a/demo/test_server.html
+++ b/demo/test_server.html
@@ -21,12 +21,11 @@ <h2>fxa-pairing-tls demo server</h2>
   <script src="../dist/FxAccountsPairingChannel.babel.umd.js"></script>
   <script>
     $(async () => {
-      // TODO: do we want to export InsecurePairingChannel directly?
-      const {InsecurePairingChannel, bytesToHex} = FxAccountsPairingChannel;
+      const {PairingChannel, bytesToBase64url} = FxAccountsPairingChannel;
       const CHANNEL_SERVER = 'wss://dev.channelserver.nonprod.cloudops.mozgcp.net';
       $("#chat-history").val("");
-      const channel = await InsecurePairingChannel.create(CHANNEL_SERVER);
-      $("#code-value").text(`${channel.channelId}#${bytesToHex(channel.channelKey)}`);
+      const channel = await PairingChannel.create(CHANNEL_SERVER);
+      $("#code-value").text(`${channel.channelId}#${bytesToBase64url(channel.channelKey)}`);
       channel.addEventListener("message", event => {
         const {msg} = event.detail.data;
         $("#chat-history").val($("#chat-history").val() + "\nthem>> " + msg);
diff --git a/dist/FxAccountsPairingChannel.babel.umd.js b/dist/FxAccountsPairingChannel.babel.umd.js
index e532368..dea7a90 100644
--- a/dist/FxAccountsPairingChannel.babel.umd.js
+++ b/dist/FxAccountsPairingChannel.babel.umd.js
@@ -7,7 +7,7 @@
  * This uses the event-target-shim node library published under the MIT license:
  * https://github.com/mysticatea/event-target-shim/blob/master/LICENSE
  * 
- * Bundle generated from https://github.com/mozilla/fxa-pairing-channel.git. Hash:04551ca6579dd3356b83, Chunkhash:f57f4414ce4a7d10f151.
+ * Bundle generated from https://github.com/mozilla/fxa-pairing-channel.git. Hash:0ad04506d795353753b8, Chunkhash:2c3de315a58fe5473e9b.
  * 
  */
 (function webpackUniversalModuleDefinition(root, factory) {
@@ -103,14 +103,14 @@ return /******/ (function(modules) { // webpackBootstrap
 /******/
 /******/
 /******/ 	// Load entry module and return exports
-/******/ 	return __webpack_require__(__webpack_require__.s = 14);
+/******/ 	return __webpack_require__(__webpack_require__.s = 21);
 /******/ })
 /************************************************************************/
 /******/ ([
 /* 0 */
 /***/ (function(module, exports, __webpack_require__) {
 
-module.exports = __webpack_require__(8);
+module.exports = __webpack_require__(11);
 
 
 /***/ }),
@@ -159,26 +159,26 @@ module.exports = _asyncToGenerator;
 /* 2 */
 /***/ (function(module, exports) {
 
-function _getPrototypeOf(o) {
-  module.exports = _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf : function _getPrototypeOf(o) {
-    return o.__proto__ || Object.getPrototypeOf(o);
-  };
-  return _getPrototypeOf(o);
+function _classCallCheck(instance, Constructor) {
+  if (!(instance instanceof Constructor)) {
+    throw new TypeError("Cannot call a class as a function");
+  }
 }
 
-module.exports = _getPrototypeOf;
+module.exports = _classCallCheck;
 
 /***/ }),
 /* 3 */
 /***/ (function(module, exports) {
 
-function _classCallCheck(instance, Constructor) {
-  if (!(instance instanceof Constructor)) {
-    throw new TypeError("Cannot call a class as a function");
-  }
+function _getPrototypeOf(o) {
+  module.exports = _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf : function _getPrototypeOf(o) {
+    return o.__proto__ || Object.getPrototypeOf(o);
+  };
+  return _getPrototypeOf(o);
 }
 
-module.exports = _classCallCheck;
+module.exports = _getPrototypeOf;
 
 /***/ }),
 /* 4 */
@@ -206,9 +206,9 @@ module.exports = _createClass;
 /* 5 */
 /***/ (function(module, exports, __webpack_require__) {
 
-var _typeof = __webpack_require__(10);
+var _typeof = __webpack_require__(13);
 
-var assertThisInitialized = __webpack_require__(11);
+var assertThisInitialized = __webpack_require__(14);
 
 function _possibleConstructorReturn(self, call) {
   if (call && (_typeof(call) === "object" || typeof call === "function")) {
@@ -224,7 +224,7 @@ module.exports = _possibleConstructorReturn;
 /* 6 */
 /***/ (function(module, exports, __webpack_require__) {
 
-var setPrototypeOf = __webpack_require__(12);
+var setPrototypeOf = __webpack_require__(9);
 
 function _inherits(subClass, superClass) {
   if (typeof superClass !== "function" && superClass !== null) {
@@ -247,9 +247,9 @@ module.exports = _inherits;
 /* 7 */
 /***/ (function(module, exports, __webpack_require__) {
 
-var getPrototypeOf = __webpack_require__(2);
+var getPrototypeOf = __webpack_require__(3);
 
-var superPropBase = __webpack_require__(13);
+var superPropBase = __webpack_require__(15);
 
 function _get(target, property, receiver) {
   if (typeof Reflect !== "undefined" && Reflect.get) {
@@ -277,6 +277,85 @@ module.exports = _get;
 /* 8 */
 /***/ (function(module, exports, __webpack_require__) {
 
+var arrayWithHoles = __webpack_require__(16);
+
+var iterableToArrayLimit = __webpack_require__(17);
+
+var nonIterableRest = __webpack_require__(18);
+
+function _slicedToArray(arr, i) {
+  return arrayWithHoles(arr) || iterableToArrayLimit(arr, i) || nonIterableRest();
+}
+
+module.exports = _slicedToArray;
+
+/***/ }),
+/* 9 */
+/***/ (function(module, exports) {
+
+function _setPrototypeOf(o, p) {
+  module.exports = _setPrototypeOf = Object.setPrototypeOf || function _setPrototypeOf(o, p) {
+    o.__proto__ = p;
+    return o;
+  };
+
+  return _setPrototypeOf(o, p);
+}
+
+module.exports = _setPrototypeOf;
+
+/***/ }),
+/* 10 */
+/***/ (function(module, exports, __webpack_require__) {
+
+var getPrototypeOf = __webpack_require__(3);
+
+var setPrototypeOf = __webpack_require__(9);
+
+var isNativeFunction = __webpack_require__(19);
+
+var construct = __webpack_require__(20);
+
+function _wrapNativeSuper(Class) {
+  var _cache = typeof Map === "function" ? new Map() : undefined;
+
+  module.exports = _wrapNativeSuper = function _wrapNativeSuper(Class) {
+    if (Class === null || !isNativeFunction(Class)) return Class;
+
+    if (typeof Class !== "function") {
+      throw new TypeError("Super expression must either be null or a function");
+    }
+
+    if (typeof _cache !== "undefined") {
+      if (_cache.has(Class)) return _cache.get(Class);
+
+      _cache.set(Class, Wrapper);
+    }
+
+    function Wrapper() {
+      return construct(Class, arguments, getPrototypeOf(this).constructor);
+    }
+
+    Wrapper.prototype = Object.create(Class.prototype, {
+      constructor: {
+        value: Wrapper,
+        enumerable: false,
+        writable: true,
+        configurable: true
+      }
+    });
+    return setPrototypeOf(Wrapper, Class);
+  };
+
+  return _wrapNativeSuper(Class);
+}
+
+module.exports = _wrapNativeSuper;
+
+/***/ }),
+/* 11 */
+/***/ (function(module, exports, __webpack_require__) {
+
 /**
  * Copyright (c) 2014-present, Facebook, Inc.
  *
@@ -301,7 +380,7 @@ var oldRuntime = hadRuntime && g.regeneratorRuntime;
 // Force reevalutation of runtime.js.
 g.regeneratorRuntime = undefined;
 
-module.exports = __webpack_require__(9);
+module.exports = __webpack_require__(12);
 
 if (hadRuntime) {
   // Restore the original runtime.
@@ -317,7 +396,7 @@ if (hadRuntime) {
 
 
 /***/ }),
-/* 9 */
+/* 12 */
 /***/ (function(module, exports) {
 
 /**
@@ -1044,7 +1123,7 @@ if (hadRuntime) {
 
 
 /***/ }),
-/* 10 */
+/* 13 */
 /***/ (function(module, exports) {
 
 function _typeof2(obj) { if (typeof Symbol === "function" && typeof Symbol.iterator === "symbol") { _typeof2 = function _typeof2(obj) { return typeof obj; }; } else { _typeof2 = function _typeof2(obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; }; } return _typeof2(obj); }
@@ -1066,7 +1145,7 @@ function _typeof(obj) {
 module.exports = _typeof;
 
 /***/ }),
-/* 11 */
+/* 14 */
 /***/ (function(module, exports) {
 
 function _assertThisInitialized(self) {
@@ -1080,39 +1159,124 @@ function _assertThisInitialized(self) {
 module.exports = _assertThisInitialized;
 
 /***/ }),
-/* 12 */
+/* 15 */
+/***/ (function(module, exports, __webpack_require__) {
+
+var getPrototypeOf = __webpack_require__(3);
+
+function _superPropBase(object, property) {
+  while (!Object.prototype.hasOwnProperty.call(object, property)) {
+    object = getPrototypeOf(object);
+    if (object === null) break;
+  }
+
+  return object;
+}
+
+module.exports = _superPropBase;
+
+/***/ }),
+/* 16 */
 /***/ (function(module, exports) {
 
-function _setPrototypeOf(o, p) {
-  module.exports = _setPrototypeOf = Object.setPrototypeOf || function _setPrototypeOf(o, p) {
-    o.__proto__ = p;
-    return o;
-  };
+function _arrayWithHoles(arr) {
+  if (Array.isArray(arr)) return arr;
+}
 
-  return _setPrototypeOf(o, p);
+module.exports = _arrayWithHoles;
+
+/***/ }),
+/* 17 */
+/***/ (function(module, exports) {
+
+function _iterableToArrayLimit(arr, i) {
+  var _arr = [];
+  var _n = true;
+  var _d = false;
+  var _e = undefined;
+
+  try {
+    for (var _i = arr[Symbol.iterator](), _s; !(_n = (_s = _i.next()).done); _n = true) {
+      _arr.push(_s.value);
+
+      if (i && _arr.length === i) break;
+    }
+  } catch (err) {
+    _d = true;
+    _e = err;
+  } finally {
+    try {
+      if (!_n && _i["return"] != null) _i["return"]();
+    } finally {
+      if (_d) throw _e;
+    }
+  }
+
+  return _arr;
 }
 
-module.exports = _setPrototypeOf;
+module.exports = _iterableToArrayLimit;
 
 /***/ }),
-/* 13 */
+/* 18 */
+/***/ (function(module, exports) {
+
+function _nonIterableRest() {
+  throw new TypeError("Invalid attempt to destructure non-iterable instance");
+}
+
+module.exports = _nonIterableRest;
+
+/***/ }),
+/* 19 */
+/***/ (function(module, exports) {
+
+function _isNativeFunction(fn) {
+  return Function.toString.call(fn).indexOf("[native code]") !== -1;
+}
+
+module.exports = _isNativeFunction;
+
+/***/ }),
+/* 20 */
 /***/ (function(module, exports, __webpack_require__) {
 
-var getPrototypeOf = __webpack_require__(2);
+var setPrototypeOf = __webpack_require__(9);
 
-function _superPropBase(object, property) {
-  while (!Object.prototype.hasOwnProperty.call(object, property)) {
-    object = getPrototypeOf(object);
-    if (object === null) break;
+function isNativeReflectConstruct() {
+  if (typeof Reflect === "undefined" || !Reflect.construct) return false;
+  if (Reflect.construct.sham) return false;
+  if (typeof Proxy === "function") return true;
+
+  try {
+    Date.prototype.toString.call(Reflect.construct(Date, [], function () {}));
+    return true;
+  } catch (e) {
+    return false;
   }
+}
 
-  return object;
+function _construct(Parent, args, Class) {
+  if (isNativeReflectConstruct()) {
+    module.exports = _construct = Reflect.construct;
+  } else {
+    module.exports = _construct = function _construct(Parent, args, Class) {
+      var a = [null];
+      a.push.apply(a, args);
+      var Constructor = Function.bind.apply(Parent, a);
+      var instance = new Constructor();
+      if (Class) setPrototypeOf(instance, Class.prototype);
+      return instance;
+    };
+  }
+
+  return _construct.apply(null, arguments);
 }
 
-module.exports = _superPropBase;
+module.exports = _construct;
 
 /***/ }),
-/* 14 */
+/* 21 */
 /***/ (function(module, __webpack_exports__, __webpack_require__) {
 
 "use strict";
@@ -1127,7 +1291,7 @@ var asyncToGenerator = __webpack_require__(1);
 var asyncToGenerator_default = /*#__PURE__*/__webpack_require__.n(asyncToGenerator);
 
 // EXTERNAL MODULE: ./node_modules/@babel/runtime/helpers/classCallCheck.js
-var classCallCheck = __webpack_require__(3);
+var classCallCheck = __webpack_require__(2);
 var classCallCheck_default = /*#__PURE__*/__webpack_require__.n(classCallCheck);
 
 // EXTERNAL MODULE: ./node_modules/@babel/runtime/helpers/createClass.js
@@ -1139,7 +1303,7 @@ var possibleConstructorReturn = __webpack_require__(5);
 var possibleConstructorReturn_default = /*#__PURE__*/__webpack_require__.n(possibleConstructorReturn);
 
 // EXTERNAL MODULE: ./node_modules/@babel/runtime/helpers/getPrototypeOf.js
-var getPrototypeOf = __webpack_require__(2);
+var getPrototypeOf = __webpack_require__(3);
 var getPrototypeOf_default = /*#__PURE__*/__webpack_require__.n(getPrototypeOf);
 
 // EXTERNAL MODULE: ./node_modules/@babel/runtime/helpers/inherits.js
@@ -1150,7 +1314,139 @@ var inherits_default = /*#__PURE__*/__webpack_require__.n(inherits);
 var get = __webpack_require__(7);
 var get_default = /*#__PURE__*/__webpack_require__.n(get);
 
+// EXTERNAL MODULE: ./node_modules/@babel/runtime/helpers/slicedToArray.js
+var slicedToArray = __webpack_require__(8);
+var slicedToArray_default = /*#__PURE__*/__webpack_require__.n(slicedToArray);
+
+// EXTERNAL MODULE: ./node_modules/@babel/runtime/helpers/wrapNativeSuper.js
+var wrapNativeSuper = __webpack_require__(10);
+var wrapNativeSuper_default = /*#__PURE__*/__webpack_require__.n(wrapNativeSuper);
+
+// CONCATENATED MODULE: ./src/alerts.js
+
+
+
+
+
+
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* eslint-disable sorting/sort-object-props */
+var ALERT_LEVEL = {
+  WARNING: 1,
+  FATAL: 2
+};
+var ALERT_DESCRIPTION = {
+  CLOSE_NOTIFY: 0,
+  UNEXPECTED_MESSAGE: 10,
+  BAD_RECORD_MAC: 20,
+  RECORD_OVERFLOW: 22,
+  HANDSHAKE_FAILURE: 40,
+  ILLEGAL_PARAMETER: 47,
+  DECODE_ERROR: 50,
+  DECRYPT_ERROR: 51,
+  PROTOCOL_VERSION: 70,
+  INTERNAL_ERROR: 80,
+  MISSING_EXTENSION: 109,
+  UNSUPPORTED_EXTENSION: 110,
+  UNKNOWN_PSK_IDENTITY: 115,
+  NO_APPLICATION_PROTOCOL: 120
+};
+/* eslint-enable sorting/sort-object-props */
+
+function alertTypeToName(type) {
+  for (var name in ALERT_DESCRIPTION) {
+    if (ALERT_DESCRIPTION[name] === type) {
+      return "".concat(name, " (").concat(type, ")");
+    }
+  }
+
+  return "UNKNOWN (".concat(type, ")");
+}
+
+var alerts_TLSAlert =
+/*#__PURE__*/
+function (_Error) {
+  inherits_default()(TLSAlert, _Error);
+
+  function TLSAlert(description, level) {
+    var _this;
+
+    classCallCheck_default()(this, TLSAlert);
+
+    _this = possibleConstructorReturn_default()(this, getPrototypeOf_default()(TLSAlert).call(this, "TLS Alert: ".concat(alertTypeToName(description))));
+    _this.description = description;
+    _this.level = level;
+    return _this;
+  }
+
+  createClass_default()(TLSAlert, [{
+    key: "toBytes",
+    value: function toBytes() {
+      return new Uint8Array([this.level, this.description]);
+    }
+  }], [{
+    key: "fromBytes",
+    value: function fromBytes(bytes) {
+      if (bytes.byteLength !== 2) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+
+      switch (bytes[1]) {
+        case ALERT_DESCRIPTION.CLOSE_NOTIFY:
+          if (bytes[0] !== ALERT_LEVEL.WARNING) {
+            // Close notifications should be fatal.
+            throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+          }
+
+          return new alerts_TLSCloseNotify();
+
+        default:
+          return new alerts_TLSError(bytes[1]);
+      }
+    }
+  }]);
+
+  return TLSAlert;
+}(wrapNativeSuper_default()(Error));
+var alerts_TLSCloseNotify =
+/*#__PURE__*/
+function (_TLSAlert) {
+  inherits_default()(TLSCloseNotify, _TLSAlert);
+
+  function TLSCloseNotify() {
+    classCallCheck_default()(this, TLSCloseNotify);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(TLSCloseNotify).call(this, ALERT_DESCRIPTION.CLOSE_NOTIFY, ALERT_LEVEL.WARNING));
+  }
+
+  return TLSCloseNotify;
+}(alerts_TLSAlert);
+var alerts_TLSError =
+/*#__PURE__*/
+function (_TLSAlert2) {
+  inherits_default()(TLSError, _TLSAlert2);
+
+  function TLSError() {
+    var description = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : ALERT_DESCRIPTION.INTERNAL_ERROR;
+
+    classCallCheck_default()(this, TLSError);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(TLSError).call(this, description, ALERT_LEVEL.FATAL));
+  }
+
+  return TLSError;
+}(alerts_TLSAlert);
 // CONCATENATED MODULE: ./src/utils.js
+
+
+
+
+
+
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -1171,10 +1467,19 @@ function assert(cond, msg) {
 }
 function assertIsBytes(value) {
   var msg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 'value must be a Uint8Array';
-  // XXX: Disabled until Gecko problems are resolved
-  //assert(value instanceof Uint8Array, msg);
+  // Using `value instanceof Uint8Array` seems to fail in Firefox chrome code
+  // for inscrutable reasons, so we do a less direct check.
+  assert(ArrayBuffer.isView(value), msg);
+  assert(value.BYTES_PER_ELEMENT === 1, msg);
   return value;
 }
+var EMPTY = new Uint8Array(0);
+function zeros(n) {
+  return new Uint8Array(n);
+}
+function arrayToBytes(value) {
+  return new Uint8Array(value);
+}
 function bytesToHex(bytes) {
   return Array.prototype.map.call(bytes, function (byte) {
     var s = byte.toString(16);
@@ -1206,235 +1511,5376 @@ function bytesToUtf8(bytes) {
 function utf8ToBytes(str) {
   return UTF8_ENCODER.encode(str);
 }
+function bytesToBase64url(bytes) {
+  // XXX TODO: try to use something constant-time, in case calling code
+  // uses it to encode secrets?
+  var charCodes = String.fromCharCode.apply(String, bytes);
+  return btoa(charCodes).replace(/\+/g, '-').replace(/\//g, '_');
+}
+function base64urlToBytes(str) {
+  // XXX TODO: try to use something constant-time, in case calling code
+  // uses it to decode secrets?
+  str = atob(str.replace(/-/g, '+').replace(/_/g, '/'));
+  var bytes = new Uint8Array(str.length);
+
+  for (var i = 0; i < str.length; i++) {
+    bytes[i] = str.charCodeAt(i);
+  }
+
+  return bytes;
+}
 function bytesAreEqual(v1, v2) {
+  assertIsBytes(v1);
+  assertIsBytes(v2);
+
   if (v1.length !== v2.length) {
     return false;
   }
 
-  var mismatch = false;
+  for (var i = 0; i < v1.length; i++) {
+    if (v1[i] !== v2[i]) {
+      return false;
+    }
+  }
+
+  return true;
+} // The `BufferReader` and `BufferWriter` classes are helpers for dealing with the
+// binary struct format that's used for various TLS message.  Think of them as a
+// buffer with a pointer to the "current position" and a bunch of helper methods
+// to read/write structured data and advance said pointer.
+
+var utils_BufferWithPointer =
+/*#__PURE__*/
+function () {
+  function BufferWithPointer(buf) {
+    classCallCheck_default()(this, BufferWithPointer);
+
+    this._buffer = buf;
+    this._dataview = new DataView(buf.buffer, buf.byteOffset, buf.byteLength);
+    this._pos = 0;
+  }
+
+  createClass_default()(BufferWithPointer, [{
+    key: "length",
+    value: function length() {
+      return this._buffer.byteLength;
+    }
+  }, {
+    key: "tell",
+    value: function tell() {
+      return this._pos;
+    }
+  }, {
+    key: "seek",
+    value: function seek(pos) {
+      if (pos < 0) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+
+      if (pos > this.length()) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+
+      this._pos = pos;
+    }
+  }, {
+    key: "incr",
+    value: function incr(offset) {
+      this.seek(this._pos + offset);
+    }
+  }]);
+
+  return BufferWithPointer;
+}(); // The `BufferReader` class helps you read structured data from a byte array.
+// It offers methods for reading both primitive values, and the variable-length
+// vector structures defined in https://tools.ietf.org/html/rfc8446#section-3.4.
+//
+// Such vectors are represented as a length followed by the concatenated
+// bytes of each item, and the size of the length field is determined by
+// the maximum allowed number of bytes in the vector.  For example
+// to read a vector that may contain up to 65535 bytes, use `readVector16`.
+//
+// To read a variable-length vector of between 1 and 100 uint16 values,
+// defined in the RFC like this:
+//
+//    uint16 items<2..200>;
+//
+// You would do something like this:
+//
+//    const items = []
+//    buf.readVector8(buf => {
+//      items.push(buf.readUint16())
+//    })
+//
+// The various `read` will throw `DECODE_ERROR` if you attempt to read path
+// the end of the buffer, or past the end of a variable-length list.
+//
+
+
+var utils_BufferReader =
+/*#__PURE__*/
+function (_BufferWithPointer) {
+  inherits_default()(BufferReader, _BufferWithPointer);
+
+  function BufferReader() {
+    classCallCheck_default()(this, BufferReader);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(BufferReader).apply(this, arguments));
+  }
+
+  createClass_default()(BufferReader, [{
+    key: "hasMoreBytes",
+    value: function hasMoreBytes() {
+      return this.tell() < this.length();
+    }
+  }, {
+    key: "readBytes",
+    value: function readBytes(length) {
+      // This avoids copies by returning a view onto the existing buffer.
+      var start = this._buffer.byteOffset + this.tell();
+      this.incr(length);
+      return new Uint8Array(this._buffer.buffer, start, length);
+    }
+  }, {
+    key: "_rangeErrorToAlert",
+    value: function _rangeErrorToAlert(cb) {
+      try {
+        return cb(this);
+      } catch (err) {
+        if (err instanceof RangeError) {
+          throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+        }
+
+        throw err;
+      }
+    }
+  }, {
+    key: "readUint8",
+    value: function readUint8() {
+      var _this = this;
+
+      return this._rangeErrorToAlert(function () {
+        var n = _this._dataview.getUint8(_this._pos);
+
+        _this.incr(1);
+
+        return n;
+      });
+    }
+  }, {
+    key: "readUint16",
+    value: function readUint16() {
+      var _this2 = this;
+
+      return this._rangeErrorToAlert(function () {
+        var n = _this2._dataview.getUint16(_this2._pos);
+
+        _this2.incr(2);
+
+        return n;
+      });
+    }
+  }, {
+    key: "readUint24",
+    value: function readUint24() {
+      var _this3 = this;
+
+      return this._rangeErrorToAlert(function () {
+        var n = _this3._dataview.getUint16(_this3._pos);
+
+        n = n << 8 | _this3._dataview.getUint8(_this3._pos + 2);
+
+        _this3.incr(3);
+
+        return n;
+      });
+    }
+  }, {
+    key: "readUint32",
+    value: function readUint32() {
+      var _this4 = this;
+
+      return this._rangeErrorToAlert(function () {
+        var n = _this4._dataview.getUint32(_this4._pos);
+
+        _this4.incr(4);
+
+        return n;
+      });
+    }
+  }, {
+    key: "_readVector",
+    value: function _readVector(length, cb) {
+      var contentsBuf = new BufferReader(this.readBytes(length));
+      var expectedEnd = this.tell(); // Keep calling the callback until we've consumed the expected number of bytes.
+
+      var n = 0;
+
+      while (contentsBuf.hasMoreBytes()) {
+        var prevPos = contentsBuf.tell();
+        cb(contentsBuf, n); // Check that the callback made forward progress, otherwise we'll infinite loop.
+
+        if (contentsBuf.tell() <= prevPos) {
+          throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+        }
+
+        n += 1;
+      } // Check that the callback correctly consumed the vector's entire contents.
+
+
+      if (this.tell() !== expectedEnd) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+    }
+  }, {
+    key: "readVector8",
+    value: function readVector8(cb) {
+      var length = this.readUint8();
+      return this._readVector(length, cb);
+    }
+  }, {
+    key: "readVector16",
+    value: function readVector16(cb) {
+      var length = this.readUint16();
+      return this._readVector(length, cb);
+    }
+  }, {
+    key: "readVector24",
+    value: function readVector24(cb) {
+      var length = this.readUint24();
+      return this._readVector(length, cb);
+    }
+  }, {
+    key: "readVectorBytes8",
+    value: function readVectorBytes8() {
+      return this.readBytes(this.readUint8());
+    }
+  }, {
+    key: "readVectorBytes16",
+    value: function readVectorBytes16() {
+      return this.readBytes(this.readUint16());
+    }
+  }, {
+    key: "readVectorBytes24",
+    value: function readVectorBytes24() {
+      return this.readBytes(this.readUint24());
+    }
+  }]);
+
+  return BufferReader;
+}(utils_BufferWithPointer);
+var utils_BufferWriter =
+/*#__PURE__*/
+function (_BufferWithPointer2) {
+  inherits_default()(BufferWriter, _BufferWithPointer2);
+
+  function BufferWriter() {
+    var size = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 1024;
+
+    classCallCheck_default()(this, BufferWriter);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(BufferWriter).call(this, new Uint8Array(size)));
+  }
+
+  createClass_default()(BufferWriter, [{
+    key: "_maybeGrow",
+    value: function _maybeGrow(n) {
+      var curSize = this._buffer.byteLength;
+      var newPos = this._pos + n;
+      var shortfall = newPos - curSize;
+
+      if (shortfall > 0) {
+        // Classic grow-by-doubling, up to 4kB max increment.
+        // This formula was not arrived at by any particular science.
+        var incr = Math.min(curSize, 4 * 1024);
+        var newbuf = new Uint8Array(curSize + Math.ceil(shortfall / incr) * incr);
+        newbuf.set(this._buffer, 0);
+        this._buffer = newbuf;
+        this._dataview = new DataView(newbuf.buffer, newbuf.byteOffset, newbuf.byteLength);
+      }
+    }
+  }, {
+    key: "slice",
+    value: function slice() {
+      var start = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 0;
+      var end = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : this.tell();
+
+      if (end < 0) {
+        end = this.tell() + end;
+      }
+
+      if (start < 0) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      }
+
+      if (end < 0) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      }
+
+      if (end > this.length()) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      }
+
+      return this._buffer.slice(start, end);
+    }
+  }, {
+    key: "flush",
+    value: function flush() {
+      var slice = this.slice();
+      this.seek(0);
+      return slice;
+    }
+  }, {
+    key: "writeBytes",
+    value: function writeBytes(data) {
+      this._maybeGrow(data.byteLength);
+
+      this._buffer.set(data, this.tell());
+
+      this.incr(data.byteLength);
+    }
+  }, {
+    key: "writeUint8",
+    value: function writeUint8(n) {
+      this._maybeGrow(1);
+
+      this._dataview.setUint8(this._pos, n);
+
+      this.incr(1);
+    }
+  }, {
+    key: "writeUint16",
+    value: function writeUint16(n) {
+      this._maybeGrow(2);
+
+      this._dataview.setUint16(this._pos, n);
+
+      this.incr(2);
+    }
+  }, {
+    key: "writeUint24",
+    value: function writeUint24(n) {
+      this._maybeGrow(3);
+
+      this._dataview.setUint16(this._pos, n >> 8);
+
+      this._dataview.setUint8(this._pos + 2, n & 0xFF);
+
+      this.incr(3);
+    }
+  }, {
+    key: "writeUint32",
+    value: function writeUint32(n) {
+      this._maybeGrow(4);
+
+      this._dataview.setUint32(this._pos, n);
+
+      this.incr(4);
+    } // These are helpers for writing the variable-length vector structure
+    // defined in https://tools.ietf.org/html/rfc8446#section-3.4.
+    //
+    // Such vectors are represented as a length followed by the concatenated
+    // bytes of each item, and the size of the length field is determined by
+    // the maximum allowed size of the vector.  For example to write a vector
+    // that may contain up to 65535 bytes, use `writeVector16`.
+    //
+    // To write a variable-length vector of between 1 and 100 uint16 values,
+    // defined in the RFC like this:
+    //
+    //    uint16 items<2..200>;
+    //
+    // You would do something like this:
+    //
+    //    buf.writeVector8(buf => {
+    //      for (let item of items) {
+    //          buf.writeUint16(item)
+    //      }
+    //    })
+    //
+    // The helper will automatically take care of writing the appropriate
+    // length field once the callback completes.
+
+  }, {
+    key: "_writeVector",
+    value: function _writeVector(maxLength, writeLength, cb) {
+      // Initially, write the length field as zero.
+      var lengthPos = this.tell();
+      writeLength(0); // Call the callback to write the vector items.
+
+      var bodyPos = this.tell();
+      cb(this);
+      var length = this.tell() - bodyPos;
+
+      if (length >= maxLength) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      } // Backfill the actual length field.
+
+
+      this.seek(lengthPos);
+      writeLength(length);
+      this.incr(length);
+      return length;
+    }
+  }, {
+    key: "writeVector8",
+    value: function writeVector8(cb) {
+      var _this5 = this;
+
+      return this._writeVector(Math.pow(2, 8), function (len) {
+        return _this5.writeUint8(len);
+      }, cb);
+    }
+  }, {
+    key: "writeVector16",
+    value: function writeVector16(cb) {
+      var _this6 = this;
+
+      return this._writeVector(Math.pow(2, 16), function (len) {
+        return _this6.writeUint16(len);
+      }, cb);
+    }
+  }, {
+    key: "writeVector24",
+    value: function writeVector24(cb) {
+      var _this7 = this;
+
+      return this._writeVector(Math.pow(2, 24), function (len) {
+        return _this7.writeUint24(len);
+      }, cb);
+    }
+  }, {
+    key: "writeVectorBytes8",
+    value: function writeVectorBytes8(bytes) {
+      return this.writeVector8(function (buf) {
+        buf.writeBytes(bytes);
+      });
+    }
+  }, {
+    key: "writeVectorBytes16",
+    value: function writeVectorBytes16(bytes) {
+      return this.writeVector16(function (buf) {
+        buf.writeBytes(bytes);
+      });
+    }
+  }, {
+    key: "writeVectorBytes24",
+    value: function writeVectorBytes24(bytes) {
+      return this.writeVector24(function (buf) {
+        buf.writeBytes(bytes);
+      });
+    }
+  }]);
+
+  return BufferWriter;
+}(utils_BufferWithPointer);
+// CONCATENATED MODULE: ./src/crypto.js
+
+
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+//
+// Low-level crypto primitives.
+//
+// This file implements the AEAD encrypt/decrypt and hashing routines
+// for the TLS_AES_128_GCM_SHA256 ciphersuite.
+//
+
+
+var AEAD_SIZE_INFLATION = 16;
+var KEY_LENGTH = 16;
+var IV_LENGTH = 12;
+var HASH_LENGTH = 32;
+function prepareKey(_x, _x2) {
+  return _prepareKey.apply(this, arguments);
+}
+
+function _prepareKey() {
+  _prepareKey = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee(key, mode) {
+    return regenerator_default.a.wrap(function _callee$(_context) {
+      while (1) {
+        switch (_context.prev = _context.next) {
+          case 0:
+            return _context.abrupt("return", crypto.subtle.importKey('raw', key, {
+              name: 'AES-GCM'
+            }, false, [mode]));
+
+          case 1:
+          case "end":
+            return _context.stop();
+        }
+      }
+    }, _callee, this);
+  }));
+  return _prepareKey.apply(this, arguments);
+}
+
+function crypto_encrypt(_x3, _x4, _x5, _x6) {
+  return _encrypt.apply(this, arguments);
+}
+
+function _encrypt() {
+  _encrypt = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee2(key, iv, plaintext, additionalData) {
+    var ciphertext;
+    return regenerator_default.a.wrap(function _callee2$(_context2) {
+      while (1) {
+        switch (_context2.prev = _context2.next) {
+          case 0:
+            _context2.next = 2;
+            return crypto.subtle.encrypt({
+              additionalData: additionalData,
+              iv: iv,
+              name: 'AES-GCM',
+              tagLength: AEAD_SIZE_INFLATION * 8
+            }, key, plaintext);
+
+          case 2:
+            ciphertext = _context2.sent;
+            return _context2.abrupt("return", new Uint8Array(ciphertext));
+
+          case 4:
+          case "end":
+            return _context2.stop();
+        }
+      }
+    }, _callee2, this);
+  }));
+  return _encrypt.apply(this, arguments);
+}
+
+function crypto_decrypt(_x7, _x8, _x9, _x10) {
+  return _decrypt.apply(this, arguments);
+}
+
+function _decrypt() {
+  _decrypt = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee3(key, iv, ciphertext, additionalData) {
+    var plaintext;
+    return regenerator_default.a.wrap(function _callee3$(_context3) {
+      while (1) {
+        switch (_context3.prev = _context3.next) {
+          case 0:
+            _context3.prev = 0;
+            _context3.next = 3;
+            return crypto.subtle.decrypt({
+              additionalData: additionalData,
+              iv: iv,
+              name: 'AES-GCM',
+              tagLength: AEAD_SIZE_INFLATION * 8
+            }, key, ciphertext);
+
+          case 3:
+            plaintext = _context3.sent;
+            return _context3.abrupt("return", new Uint8Array(plaintext));
+
+          case 7:
+            _context3.prev = 7;
+            _context3.t0 = _context3["catch"](0);
+            throw new alerts_TLSError(ALERT_DESCRIPTION.BAD_RECORD_MAC);
+
+          case 10:
+          case "end":
+            return _context3.stop();
+        }
+      }
+    }, _callee3, this, [[0, 7]]);
+  }));
+  return _decrypt.apply(this, arguments);
+}
+
+function hash(_x11) {
+  return _hash.apply(this, arguments);
+}
+
+function _hash() {
+  _hash = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee4(message) {
+    return regenerator_default.a.wrap(function _callee4$(_context4) {
+      while (1) {
+        switch (_context4.prev = _context4.next) {
+          case 0:
+            _context4.t0 = Uint8Array;
+            _context4.next = 3;
+            return crypto.subtle.digest({
+              name: 'SHA-256'
+            }, message);
+
+          case 3:
+            _context4.t1 = _context4.sent;
+            return _context4.abrupt("return", new _context4.t0(_context4.t1));
+
+          case 5:
+          case "end":
+            return _context4.stop();
+        }
+      }
+    }, _callee4, this);
+  }));
+  return _hash.apply(this, arguments);
+}
+
+function hmac(_x12, _x13) {
+  return _hmac.apply(this, arguments);
+}
+
+function _hmac() {
+  _hmac = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee5(keyBytes, message) {
+    var key, sig;
+    return regenerator_default.a.wrap(function _callee5$(_context5) {
+      while (1) {
+        switch (_context5.prev = _context5.next) {
+          case 0:
+            _context5.next = 2;
+            return crypto.subtle.importKey('raw', keyBytes, {
+              hash: {
+                name: 'SHA-256'
+              },
+              name: 'HMAC'
+            }, false, ['sign']);
+
+          case 2:
+            key = _context5.sent;
+            _context5.next = 5;
+            return crypto.subtle.sign({
+              name: 'HMAC'
+            }, key, message);
+
+          case 5:
+            sig = _context5.sent;
+            return _context5.abrupt("return", new Uint8Array(sig));
+
+          case 7:
+          case "end":
+            return _context5.stop();
+        }
+      }
+    }, _callee5, this);
+  }));
+  return _hmac.apply(this, arguments);
+}
+
+function verifyHmac(_x14, _x15, _x16) {
+  return _verifyHmac.apply(this, arguments);
+}
+
+function _verifyHmac() {
+  _verifyHmac = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee6(keyBytes, signature, message) {
+    var key;
+    return regenerator_default.a.wrap(function _callee6$(_context6) {
+      while (1) {
+        switch (_context6.prev = _context6.next) {
+          case 0:
+            _context6.next = 2;
+            return crypto.subtle.importKey('raw', keyBytes, {
+              hash: {
+                name: 'SHA-256'
+              },
+              name: 'HMAC'
+            }, false, ['verify']);
+
+          case 2:
+            key = _context6.sent;
+            _context6.next = 5;
+            return crypto.subtle.verify({
+              name: 'HMAC'
+            }, key, signature, message);
+
+          case 5:
+            if (_context6.sent) {
+              _context6.next = 7;
+              break;
+            }
+
+            throw new alerts_TLSError(ALERT_DESCRIPTION.DECRYPT_ERROR);
+
+          case 7:
+          case "end":
+            return _context6.stop();
+        }
+      }
+    }, _callee6, this);
+  }));
+  return _verifyHmac.apply(this, arguments);
+}
+
+function hkdfExtract(_x17, _x18) {
+  return _hkdfExtract.apply(this, arguments);
+}
+
+function _hkdfExtract() {
+  _hkdfExtract = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee7(salt, ikm) {
+    return regenerator_default.a.wrap(function _callee7$(_context7) {
+      while (1) {
+        switch (_context7.prev = _context7.next) {
+          case 0:
+            _context7.next = 2;
+            return hmac(salt, ikm);
+
+          case 2:
+            return _context7.abrupt("return", _context7.sent);
+
+          case 3:
+          case "end":
+            return _context7.stop();
+        }
+      }
+    }, _callee7, this);
+  }));
+  return _hkdfExtract.apply(this, arguments);
+}
+
+function hkdfExpand(_x19, _x20, _x21) {
+  return _hkdfExpand.apply(this, arguments);
+}
+
+function _hkdfExpand() {
+  _hkdfExpand = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee8(prk, info, length) {
+    var N, input, output, T, i;
+    return regenerator_default.a.wrap(function _callee8$(_context8) {
+      while (1) {
+        switch (_context8.prev = _context8.next) {
+          case 0:
+            // Ref https://tools.ietf.org/html/rfc5869#section-2.3
+            N = Math.ceil(length / HASH_LENGTH);
+
+            if (!(N <= 0)) {
+              _context8.next = 3;
+              break;
+            }
+
+            throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+
+          case 3:
+            if (!(N >= 255)) {
+              _context8.next = 5;
+              break;
+            }
+
+            throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+
+          case 5:
+            input = new utils_BufferWriter();
+            output = new utils_BufferWriter();
+            T = new Uint8Array(0);
+            i = 1;
+
+          case 9:
+            if (!(i <= N)) {
+              _context8.next = 20;
+              break;
+            }
+
+            input.writeBytes(T);
+            input.writeBytes(info);
+            input.writeUint8(i);
+            _context8.next = 15;
+            return hmac(prk, input.flush());
+
+          case 15:
+            T = _context8.sent;
+            output.writeBytes(T);
+
+          case 17:
+            i++;
+            _context8.next = 9;
+            break;
+
+          case 20:
+            return _context8.abrupt("return", output.slice(0, length));
+
+          case 21:
+          case "end":
+            return _context8.stop();
+        }
+      }
+    }, _callee8, this);
+  }));
+  return _hkdfExpand.apply(this, arguments);
+}
+
+function hkdfExpandLabel(_x22, _x23, _x24, _x25) {
+  return _hkdfExpandLabel.apply(this, arguments);
+}
+
+function _hkdfExpandLabel() {
+  _hkdfExpandLabel = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee9(secret, label, context, length) {
+    var hkdfLabel;
+    return regenerator_default.a.wrap(function _callee9$(_context9) {
+      while (1) {
+        switch (_context9.prev = _context9.next) {
+          case 0:
+            //  struct {
+            //    uint16 length = Length;
+            //    opaque label < 7..255 > = "tls13 " + Label;
+            //    opaque context < 0..255 > = Context;
+            //  } HkdfLabel;
+            hkdfLabel = new utils_BufferWriter();
+            hkdfLabel.writeUint16(length);
+            hkdfLabel.writeVectorBytes8(utf8ToBytes('tls13 ' + label));
+            hkdfLabel.writeVectorBytes8(context);
+            return _context9.abrupt("return", hkdfExpand(secret, hkdfLabel.flush(), length));
+
+          case 5:
+          case "end":
+            return _context9.stop();
+        }
+      }
+    }, _callee9, this);
+  }));
+  return _hkdfExpandLabel.apply(this, arguments);
+}
+
+function getRandomBytes(_x26) {
+  return _getRandomBytes.apply(this, arguments);
+}
+
+function _getRandomBytes() {
+  _getRandomBytes = asyncToGenerator_default()(
+  /*#__PURE__*/
+  regenerator_default.a.mark(function _callee10(size) {
+    var bytes;
+    return regenerator_default.a.wrap(function _callee10$(_context10) {
+      while (1) {
+        switch (_context10.prev = _context10.next) {
+          case 0:
+            bytes = new Uint8Array(size);
+            crypto.getRandomValues(bytes);
+            return _context10.abrupt("return", bytes);
+
+          case 3:
+          case "end":
+            return _context10.stop();
+        }
+      }
+    }, _callee10, this);
+  }));
+  return _getRandomBytes.apply(this, arguments);
+}
+// CONCATENATED MODULE: ./src/extensions.js
+
+
+
+
+
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+//
+// Extension parsing.
+//
+// This file contains some helpers for reading/writing the various kinds
+// of Extension that might appear in a HandshakeMessage.
+//
+
+
+
+/* eslint-disable sorting/sort-object-props */
+
+var EXTENSION_TYPE = {
+  PRE_SHARED_KEY: 41,
+  SUPPORTED_VERSIONS: 43,
+  PSK_KEY_EXCHANGE_MODES: 45
+};
+/* eslint-enable sorting/sort-object-props */
+// Base class for generic reading/writing of extensions,
+// which are all uniformly formatted as:
+//
+//   struct {
+//     ExtensionType extension_type;
+//     opaque extension_data<0..2^16-1>;
+//   } Extension;
+//
+// Extensions always appear inside of a handshake message,
+// and their internal structure may differ based on the
+// type of that message.
+
+var extensions_Extension =
+/*#__PURE__*/
+function () {
+  function Extension() {
+    classCallCheck_default()(this, Extension);
+  }
+
+  createClass_default()(Extension, [{
+    key: "write",
+    value: function write(messageType, buf) {
+      var _this = this;
+
+      buf.writeUint16(this.TYPE_TAG);
+      buf.writeVector16(function (buf) {
+        _this._write(messageType, buf);
+      });
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      throw new Error('not implemented');
+    }
+  }], [{
+    key: "read",
+    value: function read(messageType, buf) {
+      var type = buf.readUint16();
+      var ext = {
+        TYPE_TAG: type
+      };
+      buf.readVector16(function (buf) {
+        switch (type) {
+          case EXTENSION_TYPE.PRE_SHARED_KEY:
+            ext = extensions_PreSharedKeyExtension._read(messageType, buf);
+            break;
+
+          case EXTENSION_TYPE.SUPPORTED_VERSIONS:
+            ext = extensions_SupportedVersionsExtension._read(messageType, buf);
+            break;
+
+          case EXTENSION_TYPE.PSK_KEY_EXCHANGE_MODES:
+            ext = extensions_PskKeyExchangeModesExtension._read(messageType, buf);
+            break;
+
+          default:
+            // Skip over unrecognised extensions.
+            buf.incr(buf.length());
+        }
+
+        if (buf.hasMoreBytes()) {
+          throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+        }
+      });
+      return ext;
+    }
+  }, {
+    key: "_read",
+    value: function _read(messageType, buf) {
+      throw new Error('not implemented');
+    }
+  }, {
+    key: "_write",
+    value: function _write(messageType, buf) {
+      throw new Error('not implemented');
+    }
+  }]);
+
+  return Extension;
+}(); // The PreSharedKey extension:
+//
+//  struct {
+//    opaque identity<1..2^16-1>;
+//    uint32 obfuscated_ticket_age;
+//  } PskIdentity;
+//  opaque PskBinderEntry<32..255>;
+//  struct {
+//    PskIdentity identities<7..2^16-1>;
+//    PskBinderEntry binders<33..2^16-1>;
+//  } OfferedPsks;
+//  struct {
+//    select(Handshake.msg_type) {
+//      case client_hello: OfferedPsks;
+//      case server_hello: uint16 selected_identity;
+//    };
+//  } PreSharedKeyExtension;
+
+var extensions_PreSharedKeyExtension =
+/*#__PURE__*/
+function (_Extension) {
+  inherits_default()(PreSharedKeyExtension, _Extension);
+
+  function PreSharedKeyExtension(identities, binders, selectedIdentity) {
+    var _this2;
+
+    classCallCheck_default()(this, PreSharedKeyExtension);
+
+    _this2 = possibleConstructorReturn_default()(this, getPrototypeOf_default()(PreSharedKeyExtension).call(this));
+    _this2.identities = identities;
+    _this2.binders = binders;
+    _this2.selectedIdentity = selectedIdentity;
+    return _this2;
+  }
+
+  createClass_default()(PreSharedKeyExtension, [{
+    key: "_write",
+    value: function _write(messageType, buf) {
+      var _this3 = this;
+
+      switch (messageType) {
+        case HANDSHAKE_TYPE.CLIENT_HELLO:
+          buf.writeVector16(function (buf) {
+            _this3.identities.forEach(function (pskId) {
+              buf.writeVectorBytes16(pskId);
+              buf.writeUint32(0); // Zero for "tag age" field.
+            });
+          });
+          buf.writeVector16(function (buf) {
+            _this3.binders.forEach(function (pskBinder) {
+              buf.writeVectorBytes8(pskBinder);
+            });
+          });
+          break;
+
+        case HANDSHAKE_TYPE.SERVER_HELLO:
+          buf.writeUint16(this.selectedIdentity);
+          break;
+
+        default:
+          throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      }
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      return EXTENSION_TYPE.PRE_SHARED_KEY;
+    }
+  }], [{
+    key: "_read",
+    value: function _read(messageType, buf) {
+      var identities = null,
+          binders = null,
+          selectedIdentity = null;
+
+      switch (messageType) {
+        case HANDSHAKE_TYPE.CLIENT_HELLO:
+          identities = [];
+          binders = [];
+          buf.readVector16(function (buf) {
+            var identity = buf.readVectorBytes16();
+            buf.readBytes(4); // Skip over the ticket age.
+
+            identities.push(identity);
+          });
+          buf.readVector16(function (buf) {
+            var binder = buf.readVectorBytes8();
+
+            if (binder.byteLength < HASH_LENGTH) {
+              throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+            }
+
+            binders.push(binder);
+          });
+
+          if (identities.length !== binders.length) {
+            throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+          }
+
+          break;
+
+        case HANDSHAKE_TYPE.SERVER_HELLO:
+          selectedIdentity = buf.readUint16();
+          break;
+
+        default:
+          throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      }
+
+      return new this(identities, binders, selectedIdentity);
+    }
+  }]);
+
+  return PreSharedKeyExtension;
+}(extensions_Extension); // The SupportedVersions extension:
+//
+//  struct {
+//    select(Handshake.msg_type) {
+//      case client_hello:
+//        ProtocolVersion versions < 2..254 >;
+//      case server_hello:
+//        ProtocolVersion selected_version;
+//    };
+//  } SupportedVersions;
+
+var extensions_SupportedVersionsExtension =
+/*#__PURE__*/
+function (_Extension2) {
+  inherits_default()(SupportedVersionsExtension, _Extension2);
+
+  function SupportedVersionsExtension(versions, selectedVersion) {
+    var _this4;
+
+    classCallCheck_default()(this, SupportedVersionsExtension);
+
+    _this4 = possibleConstructorReturn_default()(this, getPrototypeOf_default()(SupportedVersionsExtension).call(this));
+    _this4.versions = versions;
+    _this4.selectedVersion = selectedVersion;
+    return _this4;
+  }
+
+  createClass_default()(SupportedVersionsExtension, [{
+    key: "_write",
+    value: function _write(messageType, buf) {
+      var _this5 = this;
+
+      switch (messageType) {
+        case HANDSHAKE_TYPE.CLIENT_HELLO:
+          buf.writeVector8(function (buf) {
+            _this5.versions.forEach(function (version) {
+              buf.writeUint16(version);
+            });
+          });
+          break;
+
+        case HANDSHAKE_TYPE.SERVER_HELLO:
+          buf.writeUint16(this.selectedVersion);
+          break;
+
+        default:
+          throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      }
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      return EXTENSION_TYPE.SUPPORTED_VERSIONS;
+    }
+  }], [{
+    key: "_read",
+    value: function _read(messageType, buf) {
+      var versions = null,
+          selectedVersion = null;
+
+      switch (messageType) {
+        case HANDSHAKE_TYPE.CLIENT_HELLO:
+          versions = [];
+          buf.readVector8(function (buf) {
+            versions.push(buf.readUint16());
+          });
+          break;
+
+        case HANDSHAKE_TYPE.SERVER_HELLO:
+          selectedVersion = buf.readUint16();
+          break;
+
+        default:
+          throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      }
+
+      return new this(versions, selectedVersion);
+    }
+  }]);
+
+  return SupportedVersionsExtension;
+}(extensions_Extension);
+var extensions_PskKeyExchangeModesExtension =
+/*#__PURE__*/
+function (_Extension3) {
+  inherits_default()(PskKeyExchangeModesExtension, _Extension3);
+
+  function PskKeyExchangeModesExtension(modes) {
+    var _this6;
+
+    classCallCheck_default()(this, PskKeyExchangeModesExtension);
+
+    _this6 = possibleConstructorReturn_default()(this, getPrototypeOf_default()(PskKeyExchangeModesExtension).call(this));
+    _this6.modes = modes;
+    return _this6;
+  }
+
+  createClass_default()(PskKeyExchangeModesExtension, [{
+    key: "_write",
+    value: function _write(messageType, buf) {
+      var _this7 = this;
+
+      switch (messageType) {
+        case HANDSHAKE_TYPE.CLIENT_HELLO:
+          buf.writeVector8(function (buf) {
+            _this7.modes.forEach(function (mode) {
+              buf.writeUint8(mode);
+            });
+          });
+          break;
+
+        default:
+          throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      }
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      return EXTENSION_TYPE.PSK_KEY_EXCHANGE_MODES;
+    }
+  }], [{
+    key: "_read",
+    value: function _read(messageType, buf) {
+      var modes = [];
+
+      switch (messageType) {
+        case HANDSHAKE_TYPE.CLIENT_HELLO:
+          buf.readVector8(function (buf) {
+            modes.push(buf.readUint8());
+          });
+          break;
+
+        default:
+          throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      }
+
+      return new this(modes);
+    }
+  }]);
+
+  return PskKeyExchangeModesExtension;
+}(extensions_Extension);
+// CONCATENATED MODULE: ./src/constants.js
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+var VERSION_TLS_1_0 = 0x0301;
+var VERSION_TLS_1_2 = 0x0303;
+var VERSION_TLS_1_3 = 0x0304;
+var TLS_AES_128_GCM_SHA256 = 0x1301;
+var PSK_MODE_KE = 0;
+// CONCATENATED MODULE: ./src/messages.js
+
+
+
+
+
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+//
+// Message parsing.
+//
+// Herein we need code for reading and writing the various Handshake
+// messages involved in the protocol.
+//
+
+
+
+
+
+/* eslint-disable sorting/sort-object-props */
+
+var HANDSHAKE_TYPE = {
+  CLIENT_HELLO: 1,
+  SERVER_HELLO: 2,
+  NEW_SESSION_TICKET: 4,
+  ENCRYPTED_EXTENSIONS: 8,
+  FINISHED: 20
+};
+/* eslint-enable sorting/sort-object-props */
+// Base class for generic reading/writing of handshake messages,
+// which are all uniformly formatted as:
+//
+//  struct {
+//    HandshakeType msg_type;    /* handshake type */
+//    uint24 length;             /* bytes in message */
+//    select(Handshake.msg_type) {
+//        ... type specific cases here ...
+//    };
+//  } Handshake;
+
+var messages_HandshakeMessage =
+/*#__PURE__*/
+function () {
+  function HandshakeMessage() {
+    classCallCheck_default()(this, HandshakeMessage);
+  }
+
+  createClass_default()(HandshakeMessage, [{
+    key: "toBytes",
+    value: function toBytes() {
+      var buf = new utils_BufferWriter();
+      this.write(buf);
+      return buf.flush();
+    }
+  }, {
+    key: "write",
+    value: function write(buf) {
+      var _this = this;
+
+      buf.writeUint8(this.TYPE_TAG);
+      buf.writeVector24(function (buf) {
+        _this._write(buf);
+      });
+    }
+  }, {
+    key: "_write",
+    value: function _write(buf) {
+      throw new Error('not implemented');
+    } // Some little helpers for reading a list of extensions,
+    // which is uniformly represented as:
+    //
+    //   Extension extensions<8..2^16-1>;
+    //
+    // Recognized extensions are returned as a Map from extension type
+    // to extension data object, with a special `lastSeenExtension`
+    // property to make it easy to check which one came last.
+
+  }, {
+    key: "_writeExtensions",
+    value: function _writeExtensions(buf, extensions) {
+      var _this2 = this;
+
+      buf.writeVector16(function (buf) {
+        extensions.forEach(function (ext) {
+          ext.write(_this2.TYPE_TAG, buf);
+        });
+      });
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      throw new Error('not implemented');
+    }
+  }], [{
+    key: "fromBytes",
+    value: function fromBytes(bytes) {
+      // Each handshake message has a type and length prefix, per
+      // https://tools.ietf.org/html/rfc8446#appendix-B.3
+      var buf = new utils_BufferReader(bytes);
+      var msg = this.read(buf);
+
+      if (buf.hasMoreBytes()) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+
+      return msg;
+    }
+  }, {
+    key: "read",
+    value: function read(buf) {
+      var type = buf.readUint8();
+      var msg = null;
+      buf.readVector24(function (buf) {
+        switch (type) {
+          case HANDSHAKE_TYPE.CLIENT_HELLO:
+            msg = messages_ClientHello._read(buf);
+            break;
+
+          case HANDSHAKE_TYPE.SERVER_HELLO:
+            msg = messages_ServerHello._read(buf);
+            break;
+
+          case HANDSHAKE_TYPE.NEW_SESSION_TICKET:
+            msg = messages_NewSessionTicket._read(buf);
+            break;
+
+          case HANDSHAKE_TYPE.ENCRYPTED_EXTENSIONS:
+            msg = messages_EncryptedExtensions._read(buf);
+            break;
+
+          case HANDSHAKE_TYPE.FINISHED:
+            msg = messages_Finished._read(buf);
+            break;
+        }
+
+        if (buf.hasMoreBytes()) {
+          throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+        }
+      });
+
+      if (msg === null) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+      }
+
+      return msg;
+    }
+  }, {
+    key: "_read",
+    value: function _read(buf) {
+      throw new Error('not implemented');
+    }
+  }, {
+    key: "_readExtensions",
+    value: function _readExtensions(messageType, buf) {
+      var extensions = new Map();
+      buf.readVector16(function (buf) {
+        var ext = extensions_Extension.read(messageType, buf);
+
+        if (extensions.has(ext.TYPE_TAG)) {
+          throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+        }
+
+        extensions.set(ext.TYPE_TAG, ext);
+        extensions.lastSeenExtension = ext.TYPE_TAG;
+      });
+      return extensions;
+    }
+  }]);
+
+  return HandshakeMessage;
+}(); // The ClientHello message:
+//
+// struct {
+//   ProtocolVersion legacy_version = 0x0303;
+//   Random random;
+//   opaque legacy_session_id<0..32>;
+//   CipherSuite cipher_suites<2..2^16-2>;
+//   opaque legacy_compression_methods<1..2^8-1>;
+//   Extension extensions<8..2^16-1>;
+// } ClientHello;
+
+var messages_ClientHello =
+/*#__PURE__*/
+function (_HandshakeMessage) {
+  inherits_default()(ClientHello, _HandshakeMessage);
+
+  function ClientHello(random, sessionId, extensions) {
+    var _this3;
+
+    classCallCheck_default()(this, ClientHello);
+
+    _this3 = possibleConstructorReturn_default()(this, getPrototypeOf_default()(ClientHello).call(this));
+    _this3.random = random;
+    _this3.sessionId = sessionId;
+    _this3.extensions = extensions;
+    return _this3;
+  }
+
+  createClass_default()(ClientHello, [{
+    key: "_write",
+    value: function _write(buf) {
+      buf.writeUint16(VERSION_TLS_1_2);
+      buf.writeBytes(this.random);
+      buf.writeVectorBytes8(this.sessionId); // Our single supported ciphersuite
+
+      buf.writeVector16(function (buf) {
+        buf.writeUint16(TLS_AES_128_GCM_SHA256);
+      }); // A single zero byte for legacy_compression_methods
+
+      buf.writeVectorBytes8(new Uint8Array(1));
+
+      this._writeExtensions(buf, this.extensions);
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      return HANDSHAKE_TYPE.CLIENT_HELLO;
+    }
+  }], [{
+    key: "_read",
+    value: function _read(buf) {
+      // The legacy_version field may indicate an earlier version of TLS
+      // for backwards compatibility, but must not predate TLS 1.0!
+      if (buf.readUint16() < VERSION_TLS_1_0) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.PROTOCOL_VERSION);
+      } // The random bytes provided by the peer.
+
+
+      var random = buf.readBytes(32); // Read legacy_session_id, so the server can echo it.
+
+      var sessionId = buf.readVectorBytes8(); // We only support a single ciphersuite, but the peer may offer several.
+      // Scan the list to confirm that the one we want is present.
+
+      var found = false;
+      buf.readVector16(function (buf) {
+        var cipherSuite = buf.readUint16();
+
+        if (cipherSuite === TLS_AES_128_GCM_SHA256) {
+          found = true;
+        }
+      });
+
+      if (!found) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.HANDSHAKE_FAILURE);
+      } // legacy_compression_methods must be a single zero byte for TLS1.3 ClientHellos.
+      // It can be non-zero in previous versions of TLS, but we're not going to
+      // make a successful handshake with such versions, so better to just bail out now.
+
+
+      var legacyCompressionMethods = buf.readVectorBytes8();
+
+      if (legacyCompressionMethods.byteLength !== 1) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      }
+
+      if (legacyCompressionMethods[0] !== 0x00) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      } // Read and check the extensions.
+
+
+      var extensions = this._readExtensions(HANDSHAKE_TYPE.CLIENT_HELLO, buf);
+
+      if (!extensions.has(EXTENSION_TYPE.SUPPORTED_VERSIONS)) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+      }
+
+      if (extensions.get(EXTENSION_TYPE.SUPPORTED_VERSIONS).versions.indexOf(VERSION_TLS_1_3) === -1) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.PROTOCOL_VERSION);
+      } // Was the PreSharedKey extension the last one?
+
+
+      if (extensions.has(EXTENSION_TYPE.PRE_SHARED_KEY)) {
+        if (extensions.lastSeenExtension !== EXTENSION_TYPE.PRE_SHARED_KEY) {
+          throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+        }
+      }
+
+      return new this(random, sessionId, extensions);
+    }
+  }]);
+
+  return ClientHello;
+}(messages_HandshakeMessage); // The ServerHello message:
+//
+//  struct {
+//      ProtocolVersion legacy_version = 0x0303;    /* TLS v1.2 */
+//      Random random;
+//      opaque legacy_session_id_echo<0..32>;
+//      CipherSuite cipher_suite;
+//      uint8 legacy_compression_method = 0;
+//      Extension extensions < 6..2 ^ 16 - 1 >;
+//  } ServerHello;
+
+var messages_ServerHello =
+/*#__PURE__*/
+function (_HandshakeMessage2) {
+  inherits_default()(ServerHello, _HandshakeMessage2);
+
+  function ServerHello(random, sessionId, extensions) {
+    var _this4;
+
+    classCallCheck_default()(this, ServerHello);
+
+    _this4 = possibleConstructorReturn_default()(this, getPrototypeOf_default()(ServerHello).call(this));
+    _this4.random = random;
+    _this4.sessionId = sessionId;
+    _this4.extensions = extensions;
+    return _this4;
+  }
+
+  createClass_default()(ServerHello, [{
+    key: "_write",
+    value: function _write(buf) {
+      buf.writeUint16(VERSION_TLS_1_2);
+      buf.writeBytes(this.random);
+      buf.writeVectorBytes8(this.sessionId); // Our single supported ciphersuite
+
+      buf.writeUint16(TLS_AES_128_GCM_SHA256); // A single zero byte for legacy_compression_method
+
+      buf.writeUint8(0);
+
+      this._writeExtensions(buf, this.extensions);
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      return HANDSHAKE_TYPE.SERVER_HELLO;
+    }
+  }], [{
+    key: "_read",
+    value: function _read(buf) {
+      // Fixed value for legacy_version.
+      if (buf.readUint16() !== VERSION_TLS_1_2) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      } // Random bytes from the server.
+
+
+      var random = buf.readBytes(32); // It should have echoed our vector for legacy_session_id.
+
+      var sessionId = buf.readVectorBytes8(); // It should have selected our single offered ciphersuite.
+
+      if (buf.readUint16() !== TLS_AES_128_GCM_SHA256) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      } // legacy_compression_method must be zero.
+
+
+      if (buf.readUint8() !== 0) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      }
+
+      var extensions = this._readExtensions(HANDSHAKE_TYPE.SERVER_HELLO, buf);
+
+      if (!extensions.has(EXTENSION_TYPE.SUPPORTED_VERSIONS)) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+      }
+
+      if (extensions.get(EXTENSION_TYPE.SUPPORTED_VERSIONS).selectedVersion !== VERSION_TLS_1_3) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      }
+
+      return new this(random, sessionId, extensions);
+    }
+  }]);
+
+  return ServerHello;
+}(messages_HandshakeMessage); // The EncryptedExtensions message:
+//
+//  struct {
+//    Extension extensions < 0..2 ^ 16 - 1 >;
+//  } EncryptedExtensions;
+//
+// We don't actually send any EncryptedExtensions,
+// but still have to send an empty message.
+
+var messages_EncryptedExtensions =
+/*#__PURE__*/
+function (_HandshakeMessage3) {
+  inherits_default()(EncryptedExtensions, _HandshakeMessage3);
+
+  function EncryptedExtensions(extensions) {
+    var _this5;
+
+    classCallCheck_default()(this, EncryptedExtensions);
+
+    _this5 = possibleConstructorReturn_default()(this, getPrototypeOf_default()(EncryptedExtensions).call(this));
+    _this5.extensions = extensions;
+    return _this5;
+  }
+
+  createClass_default()(EncryptedExtensions, [{
+    key: "_write",
+    value: function _write(buf) {
+      this._writeExtensions(buf, this.extensions);
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      return HANDSHAKE_TYPE.ENCRYPTED_EXTENSIONS;
+    }
+  }], [{
+    key: "_read",
+    value: function _read(buf) {
+      var extensions = this._readExtensions(HANDSHAKE_TYPE.ENCRYPTED_EXTENSIONS, buf);
+
+      return new this(extensions);
+    }
+  }]);
+
+  return EncryptedExtensions;
+}(messages_HandshakeMessage); // The Finished message:
+//
+// struct {
+//   opaque verify_data[Hash.length];
+// } Finished;
+
+var messages_Finished =
+/*#__PURE__*/
+function (_HandshakeMessage4) {
+  inherits_default()(Finished, _HandshakeMessage4);
+
+  function Finished(verifyData) {
+    var _this6;
+
+    classCallCheck_default()(this, Finished);
+
+    _this6 = possibleConstructorReturn_default()(this, getPrototypeOf_default()(Finished).call(this));
+    _this6.verifyData = verifyData;
+    return _this6;
+  }
+
+  createClass_default()(Finished, [{
+    key: "_write",
+    value: function _write(buf) {
+      buf.writeBytes(this.verifyData);
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      return HANDSHAKE_TYPE.FINISHED;
+    }
+  }], [{
+    key: "_read",
+    value: function _read(buf) {
+      var verifyData = buf.readBytes(HASH_LENGTH);
+      return new this(verifyData);
+    }
+  }]);
+
+  return Finished;
+}(messages_HandshakeMessage); // The NewSessionTicket message:
+//
+//   struct {
+//    uint32 ticket_lifetime;
+//    uint32 ticket_age_add;
+//    opaque ticket_nonce < 0..255 >;
+//    opaque ticket < 1..2 ^ 16 - 1 >;
+//    Extension extensions < 0..2 ^ 16 - 2 >;
+//  } NewSessionTicket;
+//
+// We don't actually make use of these, but we need to be able
+// to accept them and do basic validation.
+
+var messages_NewSessionTicket =
+/*#__PURE__*/
+function (_HandshakeMessage5) {
+  inherits_default()(NewSessionTicket, _HandshakeMessage5);
+
+  function NewSessionTicket(ticketLifetime, ticketAgeAdd, ticketNonce, ticket, extensions) {
+    var _this7;
+
+    classCallCheck_default()(this, NewSessionTicket);
+
+    _this7 = possibleConstructorReturn_default()(this, getPrototypeOf_default()(NewSessionTicket).call(this));
+    _this7.ticketLifetime = ticketLifetime;
+    _this7.ticketAgeAdd = ticketAgeAdd;
+    _this7.ticketNonce = ticketNonce;
+    _this7.ticket = ticket;
+    _this7.extensions = extensions;
+    return _this7;
+  }
+
+  createClass_default()(NewSessionTicket, [{
+    key: "_write",
+    value: function _write(buf) {
+      buf.writeUint32(this.ticketLifetime);
+      buf.writeUint32(this.ticketAgeAdd);
+      buf.writeVectorBytes8(this.ticketNonce);
+      buf.writeVectorBytes16(this.ticket);
+
+      this._writeExtensions(buf, this.extensions);
+    }
+  }, {
+    key: "TYPE_TAG",
+    get: function get() {
+      return HANDSHAKE_TYPE.NEW_SESSION_TICKET;
+    }
+  }], [{
+    key: "_read",
+    value: function _read(buf) {
+      return new this(buf.readUint32(), // ticket_lifetime
+      buf.readUint32(), // ticket_age_add
+      buf.readVectorBytes8(), // ticket_nonce
+      buf.readVectorBytes16(), // ticket
+      this._readExtensions(HANDSHAKE_TYPE.NEW_SESSION_TICKET, buf));
+    }
+  }]);
+
+  return NewSessionTicket;
+}(messages_HandshakeMessage);
+// CONCATENATED MODULE: ./src/states.js
+
+
+
+
+
+
+
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+
+
+
+ //
+// State-machine for TLS Handshake Management.
+//
+// Internally, we manage the TLS connection by explicitly modelling the
+// client and server state-machines from RFC8446.  You can think of
+// these `State` objects as little plugins for the `Connection` class
+// that provide different behaviours of `send` and `receive` depending
+// on the state of the connection.
+//
+
+var states_State =
+/*#__PURE__*/
+function () {
+  function State(conn) {
+    classCallCheck_default()(this, State);
+
+    this.conn = conn;
+  }
+
+  createClass_default()(State, [{
+    key: "initialize",
+    value: function () {
+      var _initialize = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee() {
+        return regenerator_default.a.wrap(function _callee$(_context) {
+          while (1) {
+            switch (_context.prev = _context.next) {
+              case 0:
+              case "end":
+                return _context.stop();
+            }
+          }
+        }, _callee, this);
+      }));
+
+      function initialize() {
+        return _initialize.apply(this, arguments);
+      }
+
+      return initialize;
+    }()
+  }, {
+    key: "sendApplicationData",
+    value: function () {
+      var _sendApplicationData = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee2(bytes) {
+        return regenerator_default.a.wrap(function _callee2$(_context2) {
+          while (1) {
+            switch (_context2.prev = _context2.next) {
+              case 0:
+                throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+
+              case 1:
+              case "end":
+                return _context2.stop();
+            }
+          }
+        }, _callee2, this);
+      }));
+
+      function sendApplicationData(_x) {
+        return _sendApplicationData.apply(this, arguments);
+      }
+
+      return sendApplicationData;
+    }()
+  }, {
+    key: "recvApplicationData",
+    value: function () {
+      var _recvApplicationData = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee3(bytes) {
+        return regenerator_default.a.wrap(function _callee3$(_context3) {
+          while (1) {
+            switch (_context3.prev = _context3.next) {
+              case 0:
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 1:
+              case "end":
+                return _context3.stop();
+            }
+          }
+        }, _callee3, this);
+      }));
+
+      function recvApplicationData(_x2) {
+        return _recvApplicationData.apply(this, arguments);
+      }
+
+      return recvApplicationData;
+    }()
+  }, {
+    key: "recvHandshakeMessage",
+    value: function () {
+      var _recvHandshakeMessage = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee4(msg) {
+        return regenerator_default.a.wrap(function _callee4$(_context4) {
+          while (1) {
+            switch (_context4.prev = _context4.next) {
+              case 0:
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 1:
+              case "end":
+                return _context4.stop();
+            }
+          }
+        }, _callee4, this);
+      }));
+
+      function recvHandshakeMessage(_x3) {
+        return _recvHandshakeMessage.apply(this, arguments);
+      }
+
+      return recvHandshakeMessage;
+    }()
+  }, {
+    key: "recvAlertMessage",
+    value: function () {
+      var _recvAlertMessage = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee5(alert) {
+        return regenerator_default.a.wrap(function _callee5$(_context5) {
+          while (1) {
+            switch (_context5.prev = _context5.next) {
+              case 0:
+                _context5.t0 = alert.description;
+                _context5.next = _context5.t0 === ALERT_DESCRIPTION.CLOSE_NOTIFY ? 3 : 5;
+                break;
+
+              case 3:
+                this.conn._closeForRecv(alert);
+
+                throw alert;
+
+              case 5:
+                _context5.next = 7;
+                return this.handleErrorAndRethrow(alert);
+
+              case 7:
+                return _context5.abrupt("return", _context5.sent);
+
+              case 8:
+              case "end":
+                return _context5.stop();
+            }
+          }
+        }, _callee5, this);
+      }));
+
+      function recvAlertMessage(_x4) {
+        return _recvAlertMessage.apply(this, arguments);
+      }
+
+      return recvAlertMessage;
+    }()
+  }, {
+    key: "recvChangeCipherSpec",
+    value: function () {
+      var _recvChangeCipherSpec = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee6(bytes) {
+        return regenerator_default.a.wrap(function _callee6$(_context6) {
+          while (1) {
+            switch (_context6.prev = _context6.next) {
+              case 0:
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 1:
+              case "end":
+                return _context6.stop();
+            }
+          }
+        }, _callee6, this);
+      }));
+
+      function recvChangeCipherSpec(_x5) {
+        return _recvChangeCipherSpec.apply(this, arguments);
+      }
+
+      return recvChangeCipherSpec;
+    }()
+  }, {
+    key: "handleErrorAndRethrow",
+    value: function () {
+      var _handleErrorAndRethrow = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee7(err) {
+        var alert;
+        return regenerator_default.a.wrap(function _callee7$(_context7) {
+          while (1) {
+            switch (_context7.prev = _context7.next) {
+              case 0:
+                alert = err;
+
+                if (!(alert instanceof alerts_TLSAlert)) {
+                  alert = new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+                } // Try to send error alert to the peer, but we may not
+                // be able to if the outgoing connection was already closed.
+
+
+                _context7.prev = 2;
+                _context7.next = 5;
+                return this.conn._sendAlertMessage(alert);
+
+              case 5:
+                _context7.next = 9;
+                break;
+
+              case 7:
+                _context7.prev = 7;
+                _context7.t0 = _context7["catch"](2);
+
+              case 9:
+                _context7.next = 11;
+                return this.conn._transition(states_ERROR, err);
+
+              case 11:
+                throw err;
+
+              case 12:
+              case "end":
+                return _context7.stop();
+            }
+          }
+        }, _callee7, this, [[2, 7]]);
+      }));
+
+      function handleErrorAndRethrow(_x6) {
+        return _handleErrorAndRethrow.apply(this, arguments);
+      }
+
+      return handleErrorAndRethrow;
+    }()
+  }, {
+    key: "close",
+    value: function () {
+      var _close = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee8() {
+        var alert;
+        return regenerator_default.a.wrap(function _callee8$(_context8) {
+          while (1) {
+            switch (_context8.prev = _context8.next) {
+              case 0:
+                alert = new alerts_TLSCloseNotify();
+                _context8.next = 3;
+                return this.conn._sendAlertMessage(alert);
+
+              case 3:
+                this.conn._closeForSend(alert);
+
+              case 4:
+              case "end":
+                return _context8.stop();
+            }
+          }
+        }, _callee8, this);
+      }));
+
+      function close() {
+        return _close.apply(this, arguments);
+      }
+
+      return close;
+    }()
+  }]);
+
+  return State;
+}(); // A special "guard" state to prevent us from using
+// an improperly-initialized Connection.
+
+
+var states_UNINITIALIZED =
+/*#__PURE__*/
+function (_State) {
+  inherits_default()(UNINITIALIZED, _State);
+
+  function UNINITIALIZED() {
+    classCallCheck_default()(this, UNINITIALIZED);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(UNINITIALIZED).apply(this, arguments));
+  }
+
+  createClass_default()(UNINITIALIZED, [{
+    key: "initialize",
+    value: function () {
+      var _initialize2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee9() {
+        return regenerator_default.a.wrap(function _callee9$(_context9) {
+          while (1) {
+            switch (_context9.prev = _context9.next) {
+              case 0:
+                throw new Error('uninitialized state');
+
+              case 1:
+              case "end":
+                return _context9.stop();
+            }
+          }
+        }, _callee9, this);
+      }));
+
+      function initialize() {
+        return _initialize2.apply(this, arguments);
+      }
+
+      return initialize;
+    }()
+  }, {
+    key: "sendApplicationData",
+    value: function () {
+      var _sendApplicationData2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee10(bytes) {
+        return regenerator_default.a.wrap(function _callee10$(_context10) {
+          while (1) {
+            switch (_context10.prev = _context10.next) {
+              case 0:
+                throw new Error('uninitialized state');
+
+              case 1:
+              case "end":
+                return _context10.stop();
+            }
+          }
+        }, _callee10, this);
+      }));
+
+      function sendApplicationData(_x7) {
+        return _sendApplicationData2.apply(this, arguments);
+      }
+
+      return sendApplicationData;
+    }()
+  }, {
+    key: "recvApplicationData",
+    value: function () {
+      var _recvApplicationData2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee11(bytes) {
+        return regenerator_default.a.wrap(function _callee11$(_context11) {
+          while (1) {
+            switch (_context11.prev = _context11.next) {
+              case 0:
+                throw new Error('uninitialized state');
+
+              case 1:
+              case "end":
+                return _context11.stop();
+            }
+          }
+        }, _callee11, this);
+      }));
+
+      function recvApplicationData(_x8) {
+        return _recvApplicationData2.apply(this, arguments);
+      }
+
+      return recvApplicationData;
+    }()
+  }, {
+    key: "recvHandshakeMessage",
+    value: function () {
+      var _recvHandshakeMessage2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee12(msg) {
+        return regenerator_default.a.wrap(function _callee12$(_context12) {
+          while (1) {
+            switch (_context12.prev = _context12.next) {
+              case 0:
+                throw new Error('uninitialized state');
+
+              case 1:
+              case "end":
+                return _context12.stop();
+            }
+          }
+        }, _callee12, this);
+      }));
+
+      function recvHandshakeMessage(_x9) {
+        return _recvHandshakeMessage2.apply(this, arguments);
+      }
+
+      return recvHandshakeMessage;
+    }()
+  }, {
+    key: "recvChangeCipherSpec",
+    value: function () {
+      var _recvChangeCipherSpec2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee13(bytes) {
+        return regenerator_default.a.wrap(function _callee13$(_context13) {
+          while (1) {
+            switch (_context13.prev = _context13.next) {
+              case 0:
+                throw new Error('uninitialized state');
+
+              case 1:
+              case "end":
+                return _context13.stop();
+            }
+          }
+        }, _callee13, this);
+      }));
+
+      function recvChangeCipherSpec(_x10) {
+        return _recvChangeCipherSpec2.apply(this, arguments);
+      }
+
+      return recvChangeCipherSpec;
+    }()
+  }, {
+    key: "handleErrorAndRethrow",
+    value: function () {
+      var _handleErrorAndRethrow2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee14(err) {
+        return regenerator_default.a.wrap(function _callee14$(_context14) {
+          while (1) {
+            switch (_context14.prev = _context14.next) {
+              case 0:
+                throw err;
+
+              case 1:
+              case "end":
+                return _context14.stop();
+            }
+          }
+        }, _callee14, this);
+      }));
+
+      function handleErrorAndRethrow(_x11) {
+        return _handleErrorAndRethrow2.apply(this, arguments);
+      }
+
+      return handleErrorAndRethrow;
+    }()
+  }, {
+    key: "close",
+    value: function () {
+      var _close2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee15() {
+        return regenerator_default.a.wrap(function _callee15$(_context15) {
+          while (1) {
+            switch (_context15.prev = _context15.next) {
+              case 0:
+                throw new Error('uninitialized state');
+
+              case 1:
+              case "end":
+                return _context15.stop();
+            }
+          }
+        }, _callee15, this);
+      }));
+
+      function close() {
+        return _close2.apply(this, arguments);
+      }
+
+      return close;
+    }()
+  }]);
+
+  return UNINITIALIZED;
+}(states_State); // A special "error" state for when something goes wrong.
+// This state never transitions to another state, effectively
+// terminating the connection.
+
+var states_ERROR =
+/*#__PURE__*/
+function (_State2) {
+  inherits_default()(ERROR, _State2);
+
+  function ERROR() {
+    classCallCheck_default()(this, ERROR);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(ERROR).apply(this, arguments));
+  }
+
+  createClass_default()(ERROR, [{
+    key: "initialize",
+    value: function () {
+      var _initialize3 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee16(err) {
+        return regenerator_default.a.wrap(function _callee16$(_context16) {
+          while (1) {
+            switch (_context16.prev = _context16.next) {
+              case 0:
+                this.error = err;
+
+                this.conn._setConnectionFailure(err); // Unceremoniously shut down the record layer on error.
+
+
+                this.conn._recordlayer.setSendError(err);
+
+                this.conn._recordlayer.setRecvError(err);
+
+              case 4:
+              case "end":
+                return _context16.stop();
+            }
+          }
+        }, _callee16, this);
+      }));
+
+      function initialize(_x12) {
+        return _initialize3.apply(this, arguments);
+      }
+
+      return initialize;
+    }()
+  }, {
+    key: "sendApplicationData",
+    value: function () {
+      var _sendApplicationData3 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee17(bytes) {
+        return regenerator_default.a.wrap(function _callee17$(_context17) {
+          while (1) {
+            switch (_context17.prev = _context17.next) {
+              case 0:
+                throw this.error;
+
+              case 1:
+              case "end":
+                return _context17.stop();
+            }
+          }
+        }, _callee17, this);
+      }));
+
+      function sendApplicationData(_x13) {
+        return _sendApplicationData3.apply(this, arguments);
+      }
+
+      return sendApplicationData;
+    }()
+  }, {
+    key: "recvApplicationData",
+    value: function () {
+      var _recvApplicationData3 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee18(bytes) {
+        return regenerator_default.a.wrap(function _callee18$(_context18) {
+          while (1) {
+            switch (_context18.prev = _context18.next) {
+              case 0:
+                throw this.error;
+
+              case 1:
+              case "end":
+                return _context18.stop();
+            }
+          }
+        }, _callee18, this);
+      }));
+
+      function recvApplicationData(_x14) {
+        return _recvApplicationData3.apply(this, arguments);
+      }
+
+      return recvApplicationData;
+    }()
+  }, {
+    key: "recvHandshakeMessage",
+    value: function () {
+      var _recvHandshakeMessage3 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee19(msg) {
+        return regenerator_default.a.wrap(function _callee19$(_context19) {
+          while (1) {
+            switch (_context19.prev = _context19.next) {
+              case 0:
+                throw this.error;
+
+              case 1:
+              case "end":
+                return _context19.stop();
+            }
+          }
+        }, _callee19, this);
+      }));
+
+      function recvHandshakeMessage(_x15) {
+        return _recvHandshakeMessage3.apply(this, arguments);
+      }
+
+      return recvHandshakeMessage;
+    }()
+  }, {
+    key: "recvAlertMessage",
+    value: function () {
+      var _recvAlertMessage2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee20(err) {
+        return regenerator_default.a.wrap(function _callee20$(_context20) {
+          while (1) {
+            switch (_context20.prev = _context20.next) {
+              case 0:
+                throw this.error;
+
+              case 1:
+              case "end":
+                return _context20.stop();
+            }
+          }
+        }, _callee20, this);
+      }));
+
+      function recvAlertMessage(_x16) {
+        return _recvAlertMessage2.apply(this, arguments);
+      }
+
+      return recvAlertMessage;
+    }()
+  }, {
+    key: "recvChangeCipherSpec",
+    value: function () {
+      var _recvChangeCipherSpec3 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee21(bytes) {
+        return regenerator_default.a.wrap(function _callee21$(_context21) {
+          while (1) {
+            switch (_context21.prev = _context21.next) {
+              case 0:
+                throw this.error;
+
+              case 1:
+              case "end":
+                return _context21.stop();
+            }
+          }
+        }, _callee21, this);
+      }));
+
+      function recvChangeCipherSpec(_x17) {
+        return _recvChangeCipherSpec3.apply(this, arguments);
+      }
+
+      return recvChangeCipherSpec;
+    }()
+  }, {
+    key: "handleErrorAndRethrow",
+    value: function () {
+      var _handleErrorAndRethrow3 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee22(err) {
+        return regenerator_default.a.wrap(function _callee22$(_context22) {
+          while (1) {
+            switch (_context22.prev = _context22.next) {
+              case 0:
+                throw err;
+
+              case 1:
+              case "end":
+                return _context22.stop();
+            }
+          }
+        }, _callee22, this);
+      }));
+
+      function handleErrorAndRethrow(_x18) {
+        return _handleErrorAndRethrow3.apply(this, arguments);
+      }
+
+      return handleErrorAndRethrow;
+    }()
+  }, {
+    key: "close",
+    value: function () {
+      var _close3 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee23() {
+        return regenerator_default.a.wrap(function _callee23$(_context23) {
+          while (1) {
+            switch (_context23.prev = _context23.next) {
+              case 0:
+                throw this.error;
+
+              case 1:
+              case "end":
+                return _context23.stop();
+            }
+          }
+        }, _callee23, this);
+      }));
+
+      function close() {
+        return _close3.apply(this, arguments);
+      }
+
+      return close;
+    }()
+  }]);
+
+  return ERROR;
+}(states_State); // The "connected" state, for when the handshake is complete
+// and we're ready to send application-level data.
+// The logic for this is largely symmetric between client and server.
+
+var states_CONNECTED =
+/*#__PURE__*/
+function (_State3) {
+  inherits_default()(CONNECTED, _State3);
+
+  function CONNECTED() {
+    classCallCheck_default()(this, CONNECTED);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(CONNECTED).apply(this, arguments));
+  }
+
+  createClass_default()(CONNECTED, [{
+    key: "initialize",
+    value: function () {
+      var _initialize4 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee24() {
+        return regenerator_default.a.wrap(function _callee24$(_context24) {
+          while (1) {
+            switch (_context24.prev = _context24.next) {
+              case 0:
+                this.conn._setConnectionSuccess();
+
+              case 1:
+              case "end":
+                return _context24.stop();
+            }
+          }
+        }, _callee24, this);
+      }));
+
+      function initialize() {
+        return _initialize4.apply(this, arguments);
+      }
+
+      return initialize;
+    }()
+  }, {
+    key: "sendApplicationData",
+    value: function () {
+      var _sendApplicationData4 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee25(bytes) {
+        return regenerator_default.a.wrap(function _callee25$(_context25) {
+          while (1) {
+            switch (_context25.prev = _context25.next) {
+              case 0:
+                _context25.next = 2;
+                return this.conn._sendApplicationData(bytes);
+
+              case 2:
+              case "end":
+                return _context25.stop();
+            }
+          }
+        }, _callee25, this);
+      }));
+
+      function sendApplicationData(_x19) {
+        return _sendApplicationData4.apply(this, arguments);
+      }
+
+      return sendApplicationData;
+    }()
+  }, {
+    key: "recvApplicationData",
+    value: function () {
+      var _recvApplicationData4 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee26(bytes) {
+        return regenerator_default.a.wrap(function _callee26$(_context26) {
+          while (1) {
+            switch (_context26.prev = _context26.next) {
+              case 0:
+                return _context26.abrupt("return", bytes);
+
+              case 1:
+              case "end":
+                return _context26.stop();
+            }
+          }
+        }, _callee26, this);
+      }));
+
+      function recvApplicationData(_x20) {
+        return _recvApplicationData4.apply(this, arguments);
+      }
+
+      return recvApplicationData;
+    }()
+  }, {
+    key: "recvChangeCipherSpec",
+    value: function () {
+      var _recvChangeCipherSpec4 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee27(bytes) {
+        return regenerator_default.a.wrap(function _callee27$(_context27) {
+          while (1) {
+            switch (_context27.prev = _context27.next) {
+              case 0:
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 1:
+              case "end":
+                return _context27.stop();
+            }
+          }
+        }, _callee27, this);
+      }));
+
+      function recvChangeCipherSpec(_x21) {
+        return _recvChangeCipherSpec4.apply(this, arguments);
+      }
+
+      return recvChangeCipherSpec;
+    }()
+  }]);
+
+  return CONNECTED;
+}(states_State); // A base class for states that occur in the middle of the handshake
+// (that is, between ClientHello and Finished).  These states may receive
+// CHANGE_CIPHER_SPEC records for b/w compat reasons, which must contain
+// exactly a single 0x01 byte and must otherwise be ignored.
+
+var states_MidHandshakeState =
+/*#__PURE__*/
+function (_State4) {
+  inherits_default()(MidHandshakeState, _State4);
+
+  function MidHandshakeState() {
+    classCallCheck_default()(this, MidHandshakeState);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(MidHandshakeState).apply(this, arguments));
+  }
+
+  createClass_default()(MidHandshakeState, [{
+    key: "recvChangeCipherSpec",
+    value: function () {
+      var _recvChangeCipherSpec5 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee28(bytes) {
+        return regenerator_default.a.wrap(function _callee28$(_context28) {
+          while (1) {
+            switch (_context28.prev = _context28.next) {
+              case 0:
+                if (!this.conn._hasSeenChangeCipherSpec) {
+                  _context28.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 2:
+                if (!(bytes.byteLength !== 1 || bytes[0] !== 1)) {
+                  _context28.next = 4;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 4:
+                this.conn._hasSeenChangeCipherSpec = true;
+
+              case 5:
+              case "end":
+                return _context28.stop();
+            }
+          }
+        }, _callee28, this);
+      }));
+
+      function recvChangeCipherSpec(_x22) {
+        return _recvChangeCipherSpec5.apply(this, arguments);
+      }
+
+      return recvChangeCipherSpec;
+    }()
+  }]);
+
+  return MidHandshakeState;
+}(states_State); // These states implement (part of) the client state-machine from
+// https://tools.ietf.org/html/rfc8446#appendix-A.1
+//
+// Since we're only implementing a small subset of TLS1.3,
+// we only need a small subset of the handshake.  It basically goes:
+//
+//   * send ClientHello
+//   * receive ServerHello
+//   * receive EncryptedExtensions
+//   * receive server Finished
+//   * send client Finished
+//
+// We include some unused states for completeness, so that it's easier
+// to check the implementation against the diagrams in the RFC.
+
+
+var states_CLIENT_START =
+/*#__PURE__*/
+function (_State5) {
+  inherits_default()(CLIENT_START, _State5);
+
+  function CLIENT_START() {
+    classCallCheck_default()(this, CLIENT_START);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(CLIENT_START).apply(this, arguments));
+  }
+
+  createClass_default()(CLIENT_START, [{
+    key: "initialize",
+    value: function () {
+      var _initialize5 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee29() {
+        var keyschedule, clientHello, buf, PSK_BINDERS_SIZE, truncatedTranscript, pskBinder;
+        return regenerator_default.a.wrap(function _callee29$(_context29) {
+          while (1) {
+            switch (_context29.prev = _context29.next) {
+              case 0:
+                keyschedule = this.conn._keyschedule;
+                _context29.next = 3;
+                return keyschedule.addPSK(this.conn.psk);
+
+              case 3:
+                _context29.t0 = messages_ClientHello;
+                _context29.next = 6;
+                return getRandomBytes(32);
+
+              case 6:
+                _context29.t1 = _context29.sent;
+                _context29.next = 9;
+                return getRandomBytes(32);
+
+              case 9:
+                _context29.t2 = _context29.sent;
+                _context29.t3 = [new extensions_SupportedVersionsExtension([VERSION_TLS_1_3]), new extensions_PskKeyExchangeModesExtension([PSK_MODE_KE]), new extensions_PreSharedKeyExtension([this.conn.pskId], [zeros(HASH_LENGTH)])];
+                clientHello = new _context29.t0(_context29.t1, _context29.t2, _context29.t3);
+                buf = new utils_BufferWriter();
+                clientHello.write(buf); // Now that we know what the ClientHello looks like,
+                // go back and calculate the appropriate PSK binder value.
+                // We only support a single PSK, so the length of the binders field is the
+                // length of the hash plus one for rendering it as a variable-length byte array,
+                // plus two for rendering the variable-length list of PSK binders.
+
+                PSK_BINDERS_SIZE = HASH_LENGTH + 1 + 2;
+                truncatedTranscript = buf.slice(0, buf.tell() - PSK_BINDERS_SIZE);
+                _context29.next = 18;
+                return keyschedule.calculateFinishedMAC(keyschedule.extBinderKey, truncatedTranscript);
+
+              case 18:
+                pskBinder = _context29.sent;
+                buf.incr(-HASH_LENGTH);
+                buf.writeBytes(pskBinder);
+                _context29.next = 23;
+                return this.conn._sendHandshakeMessageBytes(buf.flush());
+
+              case 23:
+                _context29.next = 25;
+                return this.conn._transition(states_CLIENT_WAIT_SH, clientHello.sessionId);
+
+              case 25:
+              case "end":
+                return _context29.stop();
+            }
+          }
+        }, _callee29, this);
+      }));
+
+      function initialize() {
+        return _initialize5.apply(this, arguments);
+      }
+
+      return initialize;
+    }()
+  }]);
+
+  return CLIENT_START;
+}(states_State);
+
+var states_CLIENT_WAIT_SH =
+/*#__PURE__*/
+function (_State6) {
+  inherits_default()(CLIENT_WAIT_SH, _State6);
+
+  function CLIENT_WAIT_SH() {
+    classCallCheck_default()(this, CLIENT_WAIT_SH);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(CLIENT_WAIT_SH).apply(this, arguments));
+  }
+
+  createClass_default()(CLIENT_WAIT_SH, [{
+    key: "initialize",
+    value: function () {
+      var _initialize6 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee30(sessionId) {
+        return regenerator_default.a.wrap(function _callee30$(_context30) {
+          while (1) {
+            switch (_context30.prev = _context30.next) {
+              case 0:
+                this._sessionId = sessionId;
+
+              case 1:
+              case "end":
+                return _context30.stop();
+            }
+          }
+        }, _callee30, this);
+      }));
+
+      function initialize(_x23) {
+        return _initialize6.apply(this, arguments);
+      }
+
+      return initialize;
+    }()
+  }, {
+    key: "recvHandshakeMessage",
+    value: function () {
+      var _recvHandshakeMessage4 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee31(msg) {
+        var pskExt;
+        return regenerator_default.a.wrap(function _callee31$(_context31) {
+          while (1) {
+            switch (_context31.prev = _context31.next) {
+              case 0:
+                if (msg instanceof messages_ServerHello) {
+                  _context31.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 2:
+                if (bytesAreEqual(msg.sessionId, this._sessionId)) {
+                  _context31.next = 4;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+
+              case 4:
+                pskExt = msg.extensions.get(EXTENSION_TYPE.PRE_SHARED_KEY);
+
+                if (pskExt) {
+                  _context31.next = 7;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+
+              case 7:
+                if (!(msg.extensions.size !== 2)) {
+                  _context31.next = 9;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNSUPPORTED_EXTENSION);
+
+              case 9:
+                if (!(pskExt.selectedIdentity !== 0)) {
+                  _context31.next = 11;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+
+              case 11:
+                _context31.next = 13;
+                return this.conn._keyschedule.addECDHE(null);
+
+              case 13:
+                _context31.next = 15;
+                return this.conn._setSendKey(this.conn._keyschedule.clientHandshakeTrafficSecret);
+
+              case 15:
+                _context31.next = 17;
+                return this.conn._setRecvKey(this.conn._keyschedule.serverHandshakeTrafficSecret);
+
+              case 17:
+                _context31.next = 19;
+                return this.conn._transition(states_CLIENT_WAIT_EE);
+
+              case 19:
+              case "end":
+                return _context31.stop();
+            }
+          }
+        }, _callee31, this);
+      }));
+
+      function recvHandshakeMessage(_x24) {
+        return _recvHandshakeMessage4.apply(this, arguments);
+      }
+
+      return recvHandshakeMessage;
+    }()
+  }]);
+
+  return CLIENT_WAIT_SH;
+}(states_State);
+
+var states_CLIENT_WAIT_EE =
+/*#__PURE__*/
+function (_MidHandshakeState) {
+  inherits_default()(CLIENT_WAIT_EE, _MidHandshakeState);
+
+  function CLIENT_WAIT_EE() {
+    classCallCheck_default()(this, CLIENT_WAIT_EE);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(CLIENT_WAIT_EE).apply(this, arguments));
+  }
+
+  createClass_default()(CLIENT_WAIT_EE, [{
+    key: "recvHandshakeMessage",
+    value: function () {
+      var _recvHandshakeMessage5 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee32(msg) {
+        var keyschedule, serverFinishedTranscript;
+        return regenerator_default.a.wrap(function _callee32$(_context32) {
+          while (1) {
+            switch (_context32.prev = _context32.next) {
+              case 0:
+                if (msg instanceof messages_EncryptedExtensions) {
+                  _context32.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 2:
+                if (!(msg.extensions.size !== 0)) {
+                  _context32.next = 4;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNSUPPORTED_EXTENSION);
+
+              case 4:
+                keyschedule = this.conn._keyschedule;
+                serverFinishedTranscript = keyschedule.getTranscript();
+                _context32.next = 8;
+                return this.conn._transition(states_CLIENT_WAIT_FINISHED, serverFinishedTranscript);
+
+              case 8:
+              case "end":
+                return _context32.stop();
+            }
+          }
+        }, _callee32, this);
+      }));
+
+      function recvHandshakeMessage(_x25) {
+        return _recvHandshakeMessage5.apply(this, arguments);
+      }
+
+      return recvHandshakeMessage;
+    }()
+  }]);
+
+  return CLIENT_WAIT_EE;
+}(states_MidHandshakeState);
+
+var states_CLIENT_WAIT_FINISHED =
+/*#__PURE__*/
+function (_MidHandshakeState2) {
+  inherits_default()(CLIENT_WAIT_FINISHED, _MidHandshakeState2);
+
+  function CLIENT_WAIT_FINISHED() {
+    classCallCheck_default()(this, CLIENT_WAIT_FINISHED);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(CLIENT_WAIT_FINISHED).apply(this, arguments));
+  }
+
+  createClass_default()(CLIENT_WAIT_FINISHED, [{
+    key: "initialize",
+    value: function () {
+      var _initialize7 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee33(serverFinishedTranscript) {
+        return regenerator_default.a.wrap(function _callee33$(_context33) {
+          while (1) {
+            switch (_context33.prev = _context33.next) {
+              case 0:
+                this._serverFinishedTranscript = serverFinishedTranscript;
+
+              case 1:
+              case "end":
+                return _context33.stop();
+            }
+          }
+        }, _callee33, this);
+      }));
+
+      function initialize(_x26) {
+        return _initialize7.apply(this, arguments);
+      }
+
+      return initialize;
+    }()
+  }, {
+    key: "recvHandshakeMessage",
+    value: function () {
+      var _recvHandshakeMessage6 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee34(msg) {
+        var keyschedule, clientFinishedMAC;
+        return regenerator_default.a.wrap(function _callee34$(_context34) {
+          while (1) {
+            switch (_context34.prev = _context34.next) {
+              case 0:
+                if (msg instanceof messages_Finished) {
+                  _context34.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 2:
+                // Verify server Finished MAC.
+                keyschedule = this.conn._keyschedule;
+                _context34.next = 5;
+                return keyschedule.verifyFinishedMAC(keyschedule.serverHandshakeTrafficSecret, msg.verifyData, this._serverFinishedTranscript);
+
+              case 5:
+                _context34.next = 7;
+                return keyschedule.calculateFinishedMAC(keyschedule.clientHandshakeTrafficSecret);
+
+              case 7:
+                clientFinishedMAC = _context34.sent;
+                _context34.next = 10;
+                return keyschedule.finalize();
+
+              case 10:
+                _context34.next = 12;
+                return this.conn._sendHandshakeMessage(new messages_Finished(clientFinishedMAC));
+
+              case 12:
+                _context34.next = 14;
+                return this.conn._setSendKey(keyschedule.clientApplicationTrafficSecret);
+
+              case 14:
+                _context34.next = 16;
+                return this.conn._setRecvKey(keyschedule.serverApplicationTrafficSecret);
+
+              case 16:
+                _context34.next = 18;
+                return this.conn._transition(states_CLIENT_CONNECTED);
+
+              case 18:
+              case "end":
+                return _context34.stop();
+            }
+          }
+        }, _callee34, this);
+      }));
+
+      function recvHandshakeMessage(_x27) {
+        return _recvHandshakeMessage6.apply(this, arguments);
+      }
+
+      return recvHandshakeMessage;
+    }()
+  }]);
+
+  return CLIENT_WAIT_FINISHED;
+}(states_MidHandshakeState);
+
+var states_CLIENT_CONNECTED =
+/*#__PURE__*/
+function (_CONNECTED) {
+  inherits_default()(CLIENT_CONNECTED, _CONNECTED);
+
+  function CLIENT_CONNECTED() {
+    classCallCheck_default()(this, CLIENT_CONNECTED);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(CLIENT_CONNECTED).apply(this, arguments));
+  }
+
+  createClass_default()(CLIENT_CONNECTED, [{
+    key: "recvHandshakeMessage",
+    value: function () {
+      var _recvHandshakeMessage7 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee35(msg) {
+        return regenerator_default.a.wrap(function _callee35$(_context35) {
+          while (1) {
+            switch (_context35.prev = _context35.next) {
+              case 0:
+                if (msg instanceof messages_NewSessionTicket) {
+                  _context35.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 2:
+              case "end":
+                return _context35.stop();
+            }
+          }
+        }, _callee35, this);
+      }));
+
+      function recvHandshakeMessage(_x28) {
+        return _recvHandshakeMessage7.apply(this, arguments);
+      }
+
+      return recvHandshakeMessage;
+    }()
+  }]);
+
+  return CLIENT_CONNECTED;
+}(states_CONNECTED); // These states implement (part of) the server state-machine from
+// https://tools.ietf.org/html/rfc8446#appendix-A.2
+//
+// Since we're only implementing a small subset of TLS1.3,
+// we only need a small subset of the handshake.  It basically goes:
+//
+//   * receive ClientHello
+//   * send ServerHello
+//   * send empty EncryptedExtensions
+//   * send server Finished
+//   * receive client Finished
+//
+// We include some unused states for completeness, so that it's easier
+// to check the implementation against the diagrams in the RFC.
+
+var states_SERVER_START =
+/*#__PURE__*/
+function (_State7) {
+  inherits_default()(SERVER_START, _State7);
+
+  function SERVER_START() {
+    classCallCheck_default()(this, SERVER_START);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(SERVER_START).apply(this, arguments));
+  }
+
+  createClass_default()(SERVER_START, [{
+    key: "recvHandshakeMessage",
+    value: function () {
+      var _recvHandshakeMessage8 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee36(msg) {
+        var _this = this;
+
+        var pskExt, pskModesExt, pskIndex, keyschedule, transcript, pskBindersSize, _iteratorNormalCompletion, _didIteratorError, _iteratorError, _iterator, _step, binder;
+
+        return regenerator_default.a.wrap(function _callee36$(_context36) {
+          while (1) {
+            switch (_context36.prev = _context36.next) {
+              case 0:
+                if (msg instanceof messages_ClientHello) {
+                  _context36.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 2:
+                // In the spec, this is where we select connection parameters, and maybe
+                // tell the client to try again if we can't find a compatible set.
+                // Since we only support a fixed cipherset, the only thing to "negotiate"
+                // is whether they provided an acceptable PSK.
+                pskExt = msg.extensions.get(EXTENSION_TYPE.PRE_SHARED_KEY);
+                pskModesExt = msg.extensions.get(EXTENSION_TYPE.PSK_KEY_EXCHANGE_MODES);
+
+                if (!(!pskExt || !pskModesExt)) {
+                  _context36.next = 6;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+
+              case 6:
+                if (!(pskModesExt.modes.indexOf(PSK_MODE_KE) === -1)) {
+                  _context36.next = 8;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.HANDSHAKE_FAILURE);
+
+              case 8:
+                pskIndex = pskExt.identities.findIndex(function (pskId) {
+                  return bytesAreEqual(pskId, _this.conn.pskId);
+                });
+
+                if (!(pskIndex === -1)) {
+                  _context36.next = 11;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNKNOWN_PSK_IDENTITY);
+
+              case 11:
+                _context36.next = 13;
+                return this.conn._keyschedule.addPSK(this.conn.psk);
+
+              case 13:
+                // Validate the PSK binder.
+                keyschedule = this.conn._keyschedule;
+                transcript = keyschedule.getTranscript(); // Calculate size occupied by the PSK binders.
+
+                pskBindersSize = 2; // Vector16 representation overhead.
+
+                _iteratorNormalCompletion = true;
+                _didIteratorError = false;
+                _iteratorError = undefined;
+                _context36.prev = 19;
+
+                for (_iterator = pskExt.binders[Symbol.iterator](); !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true) {
+                  binder = _step.value;
+                  pskBindersSize += binder.byteLength + 1; // Vector8 representation overhead.
+                }
+
+                _context36.next = 27;
+                break;
+
+              case 23:
+                _context36.prev = 23;
+                _context36.t0 = _context36["catch"](19);
+                _didIteratorError = true;
+                _iteratorError = _context36.t0;
+
+              case 27:
+                _context36.prev = 27;
+                _context36.prev = 28;
+
+                if (!_iteratorNormalCompletion && _iterator.return != null) {
+                  _iterator.return();
+                }
+
+              case 30:
+                _context36.prev = 30;
+
+                if (!_didIteratorError) {
+                  _context36.next = 33;
+                  break;
+                }
+
+                throw _iteratorError;
+
+              case 33:
+                return _context36.finish(30);
+
+              case 34:
+                return _context36.finish(27);
+
+              case 35:
+                _context36.next = 37;
+                return keyschedule.verifyFinishedMAC(keyschedule.extBinderKey, pskExt.binders[pskIndex], transcript.slice(0, -pskBindersSize));
+
+              case 37:
+                _context36.next = 39;
+                return this.conn._transition(states_SERVER_NEGOTIATED, msg.sessionId, pskIndex);
+
+              case 39:
+              case "end":
+                return _context36.stop();
+            }
+          }
+        }, _callee36, this, [[19, 23, 27, 35], [28,, 30, 34]]);
+      }));
+
+      function recvHandshakeMessage(_x29) {
+        return _recvHandshakeMessage8.apply(this, arguments);
+      }
+
+      return recvHandshakeMessage;
+    }()
+  }]);
+
+  return SERVER_START;
+}(states_State);
+
+var states_SERVER_NEGOTIATED =
+/*#__PURE__*/
+function (_MidHandshakeState3) {
+  inherits_default()(SERVER_NEGOTIATED, _MidHandshakeState3);
+
+  function SERVER_NEGOTIATED() {
+    classCallCheck_default()(this, SERVER_NEGOTIATED);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(SERVER_NEGOTIATED).apply(this, arguments));
+  }
+
+  createClass_default()(SERVER_NEGOTIATED, [{
+    key: "initialize",
+    value: function () {
+      var _initialize8 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee37(sessionId, pskIndex) {
+        var keyschedule, serverFinishedMAC, clientFinishedTranscript, clientHandshakeTrafficSecret;
+        return regenerator_default.a.wrap(function _callee37$(_context37) {
+          while (1) {
+            switch (_context37.prev = _context37.next) {
+              case 0:
+                _context37.t0 = this.conn;
+                _context37.t1 = messages_ServerHello;
+                _context37.next = 4;
+                return getRandomBytes(32);
+
+              case 4:
+                _context37.t2 = _context37.sent;
+                _context37.t3 = sessionId;
+                _context37.t4 = [new extensions_SupportedVersionsExtension(null, VERSION_TLS_1_3), new extensions_PreSharedKeyExtension(null, null, pskIndex)];
+                _context37.t5 = new _context37.t1(_context37.t2, _context37.t3, _context37.t4);
+                _context37.next = 10;
+                return _context37.t0._sendHandshakeMessage.call(_context37.t0, _context37.t5);
+
+              case 10:
+                if (!(sessionId.byteLength > 0)) {
+                  _context37.next = 13;
+                  break;
+                }
+
+                _context37.next = 13;
+                return this.conn._sendChangeCipherSpec();
+
+              case 13:
+                // We can now transition to the encrypted part of the handshake.
+                keyschedule = this.conn._keyschedule;
+                _context37.next = 16;
+                return keyschedule.addECDHE(null);
+
+              case 16:
+                _context37.next = 18;
+                return this.conn._setSendKey(keyschedule.serverHandshakeTrafficSecret);
+
+              case 18:
+                _context37.next = 20;
+                return this.conn._setRecvKey(keyschedule.clientHandshakeTrafficSecret);
+
+              case 20:
+                _context37.next = 22;
+                return this.conn._sendHandshakeMessage(new messages_EncryptedExtensions([]));
+
+              case 22:
+                _context37.next = 24;
+                return keyschedule.calculateFinishedMAC(keyschedule.serverHandshakeTrafficSecret);
+
+              case 24:
+                serverFinishedMAC = _context37.sent;
+                _context37.next = 27;
+                return this.conn._sendHandshakeMessage(new messages_Finished(serverFinishedMAC));
+
+              case 27:
+                _context37.next = 29;
+                return keyschedule.getTranscript();
+
+              case 29:
+                clientFinishedTranscript = _context37.sent;
+                clientHandshakeTrafficSecret = keyschedule.clientHandshakeTrafficSecret;
+                _context37.next = 33;
+                return keyschedule.finalize();
+
+              case 33:
+                _context37.next = 35;
+                return this.conn._setSendKey(keyschedule.serverApplicationTrafficSecret);
+
+              case 35:
+                _context37.next = 37;
+                return this.conn._transition(states_SERVER_WAIT_FINISHED, clientHandshakeTrafficSecret, clientFinishedTranscript);
+
+              case 37:
+              case "end":
+                return _context37.stop();
+            }
+          }
+        }, _callee37, this);
+      }));
+
+      function initialize(_x30, _x31) {
+        return _initialize8.apply(this, arguments);
+      }
+
+      return initialize;
+    }()
+  }]);
+
+  return SERVER_NEGOTIATED;
+}(states_MidHandshakeState);
+
+var states_SERVER_WAIT_FINISHED =
+/*#__PURE__*/
+function (_MidHandshakeState4) {
+  inherits_default()(SERVER_WAIT_FINISHED, _MidHandshakeState4);
+
+  function SERVER_WAIT_FINISHED() {
+    classCallCheck_default()(this, SERVER_WAIT_FINISHED);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(SERVER_WAIT_FINISHED).apply(this, arguments));
+  }
+
+  createClass_default()(SERVER_WAIT_FINISHED, [{
+    key: "initialize",
+    value: function () {
+      var _initialize9 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee38(clientHandshakeTrafficSecret, clientFinishedTranscript) {
+        return regenerator_default.a.wrap(function _callee38$(_context38) {
+          while (1) {
+            switch (_context38.prev = _context38.next) {
+              case 0:
+                this._clientHandshakeTrafficSecret = clientHandshakeTrafficSecret;
+                this._clientFinishedTranscript = clientFinishedTranscript;
+
+              case 2:
+              case "end":
+                return _context38.stop();
+            }
+          }
+        }, _callee38, this);
+      }));
+
+      function initialize(_x32, _x33) {
+        return _initialize9.apply(this, arguments);
+      }
+
+      return initialize;
+    }()
+  }, {
+    key: "recvHandshakeMessage",
+    value: function () {
+      var _recvHandshakeMessage9 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee39(msg) {
+        var keyschedule;
+        return regenerator_default.a.wrap(function _callee39$(_context39) {
+          while (1) {
+            switch (_context39.prev = _context39.next) {
+              case 0:
+                if (msg instanceof messages_Finished) {
+                  _context39.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 2:
+                keyschedule = this.conn._keyschedule;
+                _context39.next = 5;
+                return keyschedule.verifyFinishedMAC(this._clientHandshakeTrafficSecret, msg.verifyData, this._clientFinishedTranscript);
+
+              case 5:
+                this._clientHandshakeTrafficSecret = this._clientFinishedTranscript = null;
+                _context39.next = 8;
+                return this.conn._setRecvKey(keyschedule.clientApplicationTrafficSecret);
+
+              case 8:
+                _context39.next = 10;
+                return this.conn._transition(states_CONNECTED);
+
+              case 10:
+              case "end":
+                return _context39.stop();
+            }
+          }
+        }, _callee39, this);
+      }));
+
+      function recvHandshakeMessage(_x34) {
+        return _recvHandshakeMessage9.apply(this, arguments);
+      }
+
+      return recvHandshakeMessage;
+    }()
+  }]);
+
+  return SERVER_WAIT_FINISHED;
+}(states_MidHandshakeState);
+// CONCATENATED MODULE: ./src/keyschedule.js
+
+
+
+
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+// TLS1.3 Key Schedule.
+//
+// In this file we implement the "key schedule" from
+// https://tools.ietf.org/html/rfc8446#section-7.1, which
+// defines how to calculate various keys as the handshake
+// state progresses.
+
+
+ // The `KeySchedule` class progresses through three stages corresponding
+// to the three phases of the TLS1.3 key schedule:
+//
+//   UNINITIALIZED
+//       |
+//       | addPSK()
+//       v
+//   EARLY_SECRET
+//       |
+//       | addECDHE()
+//       v
+//   HANDSHAKE_SECRET
+//       |
+//       | finalize()
+//       v
+//   MASTER_SECRET
+//
+// It will error out if the calling code attempts to add key material
+// in the wrong order.
+
+var STAGE_UNINITIALIZED = 0;
+var STAGE_EARLY_SECRET = 1;
+var STAGE_HANDSHAKE_SECRET = 2;
+var STAGE_MASTER_SECRET = 3;
+var keyschedule_KeySchedule =
+/*#__PURE__*/
+function () {
+  function KeySchedule() {
+    classCallCheck_default()(this, KeySchedule);
+
+    this.stage = STAGE_UNINITIALIZED; // WebCrypto doesn't support a rolling hash construct, so we have to
+    // keep the entire message transcript in memory.
+
+    this.transcript = new utils_BufferWriter(); // This tracks the main secret from with other keys are derived at each stage.
+
+    this.secret = null; // And these are all the various keys we'll derive as the handshake progresses.
+
+    this.extBinderKey = null;
+    this.clientHandshakeTrafficSecret = null;
+    this.serverHandshakeTrafficSecret = null;
+    this.clientApplicationTrafficSecret = null;
+    this.serverApplicationTrafficSecret = null;
+  }
+
+  createClass_default()(KeySchedule, [{
+    key: "addPSK",
+    value: function () {
+      var _addPSK = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee(psk) {
+        return regenerator_default.a.wrap(function _callee$(_context) {
+          while (1) {
+            switch (_context.prev = _context.next) {
+              case 0:
+                // Use the selected PSK (if any) to calculate the "early secret".
+                if (psk === null) {
+                  psk = zeros(HASH_LENGTH);
+                }
+
+                if (!(this.stage !== STAGE_UNINITIALIZED)) {
+                  _context.next = 3;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+
+              case 3:
+                this.stage = STAGE_EARLY_SECRET;
+                _context.next = 6;
+                return hkdfExtract(zeros(HASH_LENGTH), psk);
+
+              case 6:
+                this.secret = _context.sent;
+                _context.next = 9;
+                return this.deriveSecret('ext binder', EMPTY);
+
+              case 9:
+                this.extBinderKey = _context.sent;
+                _context.next = 12;
+                return this.deriveSecret('derived', EMPTY);
+
+              case 12:
+                this.secret = _context.sent;
+
+              case 13:
+              case "end":
+                return _context.stop();
+            }
+          }
+        }, _callee, this);
+      }));
+
+      function addPSK(_x) {
+        return _addPSK.apply(this, arguments);
+      }
+
+      return addPSK;
+    }()
+  }, {
+    key: "addECDHE",
+    value: function () {
+      var _addECDHE = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee2(ecdhe) {
+        return regenerator_default.a.wrap(function _callee2$(_context2) {
+          while (1) {
+            switch (_context2.prev = _context2.next) {
+              case 0:
+                // Mix in the ECDHE output (if any) to calculate the "handshake secret".
+                if (ecdhe === null) {
+                  ecdhe = zeros(HASH_LENGTH);
+                }
+
+                if (!(this.stage !== STAGE_EARLY_SECRET)) {
+                  _context2.next = 3;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+
+              case 3:
+                this.stage = STAGE_HANDSHAKE_SECRET;
+                this.extBinderKey = null;
+                _context2.next = 7;
+                return hkdfExtract(this.secret, ecdhe);
+
+              case 7:
+                this.secret = _context2.sent;
+                _context2.next = 10;
+                return this.deriveSecret('c hs traffic');
+
+              case 10:
+                this.clientHandshakeTrafficSecret = _context2.sent;
+                _context2.next = 13;
+                return this.deriveSecret('s hs traffic');
+
+              case 13:
+                this.serverHandshakeTrafficSecret = _context2.sent;
+                _context2.next = 16;
+                return this.deriveSecret('derived', EMPTY);
+
+              case 16:
+                this.secret = _context2.sent;
+
+              case 17:
+              case "end":
+                return _context2.stop();
+            }
+          }
+        }, _callee2, this);
+      }));
+
+      function addECDHE(_x2) {
+        return _addECDHE.apply(this, arguments);
+      }
+
+      return addECDHE;
+    }()
+  }, {
+    key: "finalize",
+    value: function () {
+      var _finalize = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee3() {
+        return regenerator_default.a.wrap(function _callee3$(_context3) {
+          while (1) {
+            switch (_context3.prev = _context3.next) {
+              case 0:
+                if (!(this.stage !== STAGE_HANDSHAKE_SECRET)) {
+                  _context3.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+
+              case 2:
+                this.stage = STAGE_MASTER_SECRET;
+                this.clientHandshakeTrafficSecret = null;
+                this.serverHandshakeTrafficSecret = null;
+                _context3.next = 7;
+                return hkdfExtract(this.secret, zeros(HASH_LENGTH));
+
+              case 7:
+                this.secret = _context3.sent;
+                _context3.next = 10;
+                return this.deriveSecret('c ap traffic');
+
+              case 10:
+                this.clientApplicationTrafficSecret = _context3.sent;
+                _context3.next = 13;
+                return this.deriveSecret('s ap traffic');
+
+              case 13:
+                this.serverApplicationTrafficSecret = _context3.sent;
+                this.secret = null;
+
+              case 15:
+              case "end":
+                return _context3.stop();
+            }
+          }
+        }, _callee3, this);
+      }));
+
+      function finalize() {
+        return _finalize.apply(this, arguments);
+      }
+
+      return finalize;
+    }()
+  }, {
+    key: "addToTranscript",
+    value: function addToTranscript(bytes) {
+      this.transcript.writeBytes(bytes);
+    }
+  }, {
+    key: "getTranscript",
+    value: function getTranscript() {
+      return this.transcript.slice();
+    }
+  }, {
+    key: "deriveSecret",
+    value: function () {
+      var _deriveSecret = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee4(label) {
+        var transcript,
+            _args4 = arguments;
+        return regenerator_default.a.wrap(function _callee4$(_context4) {
+          while (1) {
+            switch (_context4.prev = _context4.next) {
+              case 0:
+                transcript = _args4.length > 1 && _args4[1] !== undefined ? _args4[1] : undefined;
+                transcript = transcript || this.getTranscript();
+                _context4.t0 = hkdfExpandLabel;
+                _context4.t1 = this.secret;
+                _context4.t2 = label;
+                _context4.next = 7;
+                return hash(transcript);
+
+              case 7:
+                _context4.t3 = _context4.sent;
+                _context4.t4 = HASH_LENGTH;
+                _context4.next = 11;
+                return (0, _context4.t0)(_context4.t1, _context4.t2, _context4.t3, _context4.t4);
+
+              case 11:
+                return _context4.abrupt("return", _context4.sent);
+
+              case 12:
+              case "end":
+                return _context4.stop();
+            }
+          }
+        }, _callee4, this);
+      }));
+
+      function deriveSecret(_x3) {
+        return _deriveSecret.apply(this, arguments);
+      }
+
+      return deriveSecret;
+    }()
+  }, {
+    key: "calculateFinishedMAC",
+    value: function () {
+      var _calculateFinishedMAC = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee5(baseKey) {
+        var transcript,
+            finishedKey,
+            _args5 = arguments;
+        return regenerator_default.a.wrap(function _callee5$(_context5) {
+          while (1) {
+            switch (_context5.prev = _context5.next) {
+              case 0:
+                transcript = _args5.length > 1 && _args5[1] !== undefined ? _args5[1] : undefined;
+                transcript = transcript || this.getTranscript();
+                _context5.next = 4;
+                return hkdfExpandLabel(baseKey, 'finished', EMPTY, HASH_LENGTH);
+
+              case 4:
+                finishedKey = _context5.sent;
+                _context5.t0 = hmac;
+                _context5.t1 = finishedKey;
+                _context5.next = 9;
+                return hash(transcript);
+
+              case 9:
+                _context5.t2 = _context5.sent;
+                _context5.next = 12;
+                return (0, _context5.t0)(_context5.t1, _context5.t2);
+
+              case 12:
+                return _context5.abrupt("return", _context5.sent);
+
+              case 13:
+              case "end":
+                return _context5.stop();
+            }
+          }
+        }, _callee5, this);
+      }));
+
+      function calculateFinishedMAC(_x4) {
+        return _calculateFinishedMAC.apply(this, arguments);
+      }
+
+      return calculateFinishedMAC;
+    }()
+  }, {
+    key: "verifyFinishedMAC",
+    value: function () {
+      var _verifyFinishedMAC = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee6(baseKey, mac) {
+        var transcript,
+            finishedKey,
+            _args6 = arguments;
+        return regenerator_default.a.wrap(function _callee6$(_context6) {
+          while (1) {
+            switch (_context6.prev = _context6.next) {
+              case 0:
+                transcript = _args6.length > 2 && _args6[2] !== undefined ? _args6[2] : undefined;
+                transcript = transcript || this.getTranscript();
+                _context6.next = 4;
+                return hkdfExpandLabel(baseKey, 'finished', EMPTY, HASH_LENGTH);
+
+              case 4:
+                finishedKey = _context6.sent;
+                _context6.t0 = verifyHmac;
+                _context6.t1 = finishedKey;
+                _context6.t2 = mac;
+                _context6.next = 10;
+                return hash(transcript);
+
+              case 10:
+                _context6.t3 = _context6.sent;
+                _context6.next = 13;
+                return (0, _context6.t0)(_context6.t1, _context6.t2, _context6.t3);
+
+              case 13:
+              case "end":
+                return _context6.stop();
+            }
+          }
+        }, _callee6, this);
+      }));
+
+      function verifyFinishedMAC(_x5, _x6) {
+        return _verifyFinishedMAC.apply(this, arguments);
+      }
+
+      return verifyFinishedMAC;
+    }()
+  }]);
+
+  return KeySchedule;
+}();
+// CONCATENATED MODULE: ./src/recordlayer.js
+
+
+
+
+
+
+
+
+
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+//
+// This file implements the "record layer" for TLS1.3, as defined in
+// https://tools.ietf.org/html/rfc8446#section-5.
+//
+// The record layer is responsible for encrypting/decrypting bytes to be
+// sent over the wire, including stateful management of sequence numbers
+// for the incoming and outgoing stream.
+//
+// The main interface is the RecordLayer class, which takes a callback function
+// sending data and can be used like so:
+//
+//    rl = new RecordLayer(async function send_encrypted_data(data) {
+//      // application-specific sending logic here.
+//    });
+//
+//    // Records are sent and received in plaintext by default,
+//    // until you specify the key to use.
+//    await rl.setSendKey(key)
+//
+//    // Send some data by specifying the record type and the bytes.
+//    // Where allowed by the record type, it will be buffered until
+//    // explicitly flushed, and then sent by calling the callback.
+//    await rl.send(RECORD_TYPE.HANDSHAKE, <bytes for a handshake message>)
+//    await rl.send(RECORD_TYPE.HANDSHAKE, <bytes for another handshake message>)
+//    await rl.flush()
+//
+//    // Separate keys are used for sending and receiving.
+//    rl.setRecvKey(key);
+//
+//    // When data is received, push it into the RecordLayer
+//    // and pass a callback that will be called with a [type, bytes]
+//    // pair for each message parsed from the data.
+//    rl.recv(dataReceivedFromPeer, async (type, bytes) => {
+//      switch (type) {
+//        case RECORD_TYPE.APPLICATION_DATA:
+//          // do something with application data
+//        case RECORD_TYPE.HANDSHAKE:
+//          // do something with a handshake message
+//        default:
+//          // etc...
+//      }
+//    });
+//
+
+
+
+
+/* eslint-disable sorting/sort-object-props */
+
+var RECORD_TYPE = {
+  CHANGE_CIPHER_SPEC: 20,
+  ALERT: 21,
+  HANDSHAKE: 22,
+  APPLICATION_DATA: 23
+};
+/* eslint-enable sorting/sort-object-props */
+// Encrypting at most 2^24 records will force us to stay
+// below data limits on AES-GCM encryption key use, and also
+// means we can accurately represent the sequence number as
+// a javascript double.
+
+var MAX_SEQUENCE_NUMBER = Math.pow(2, 24);
+var MAX_RECORD_SIZE = Math.pow(2, 14);
+var MAX_ENCRYPTED_RECORD_SIZE = MAX_RECORD_SIZE + 256;
+var RECORD_HEADER_SIZE = 5; // These are some helper classes to manage the encryption/decryption state
+// for a particular key.
+
+var recordlayer_CipherState =
+/*#__PURE__*/
+function () {
+  function CipherState(key, iv) {
+    classCallCheck_default()(this, CipherState);
+
+    this.key = key;
+    this.iv = iv;
+    this.seqnum = 0;
+  }
+
+  createClass_default()(CipherState, [{
+    key: "nonce",
+    value: function nonce() {
+      // Ref https://tools.ietf.org/html/rfc8446#section-5.3:
+      // * left-pad the sequence number with zeros to IV_LENGTH
+      // * xor with the provided iv
+      // Our sequence numbers are always less than 2^24, so fit in a Uint32
+      // in the last 4 bytes of the nonce.
+      var nonce = this.iv.slice();
+      var dv = new DataView(nonce.buffer, nonce.byteLength - 4, 4);
+      dv.setUint32(0, dv.getUint32(0) ^ this.seqnum);
+      this.seqnum += 1;
+
+      if (this.seqnum > MAX_SEQUENCE_NUMBER) {
+        throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      }
+
+      return nonce;
+    }
+  }], [{
+    key: "create",
+    value: function () {
+      var _create = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee(baseKey, mode) {
+        var key, iv;
+        return regenerator_default.a.wrap(function _callee$(_context) {
+          while (1) {
+            switch (_context.prev = _context.next) {
+              case 0:
+                _context.t0 = prepareKey;
+                _context.next = 3;
+                return hkdfExpandLabel(baseKey, 'key', EMPTY, KEY_LENGTH);
+
+              case 3:
+                _context.t1 = _context.sent;
+                _context.t2 = mode;
+                _context.next = 7;
+                return (0, _context.t0)(_context.t1, _context.t2);
+
+              case 7:
+                key = _context.sent;
+                _context.next = 10;
+                return hkdfExpandLabel(baseKey, 'iv', EMPTY, IV_LENGTH);
+
+              case 10:
+                iv = _context.sent;
+                return _context.abrupt("return", new this(key, iv));
+
+              case 12:
+              case "end":
+                return _context.stop();
+            }
+          }
+        }, _callee, this);
+      }));
+
+      function create(_x, _x2) {
+        return _create.apply(this, arguments);
+      }
+
+      return create;
+    }()
+  }]);
+
+  return CipherState;
+}();
+var recordlayer_EncryptionState =
+/*#__PURE__*/
+function (_CipherState) {
+  inherits_default()(EncryptionState, _CipherState);
+
+  function EncryptionState() {
+    classCallCheck_default()(this, EncryptionState);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(EncryptionState).apply(this, arguments));
+  }
+
+  createClass_default()(EncryptionState, [{
+    key: "encrypt",
+    value: function () {
+      var _encrypt2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee2(plaintext, additionalData) {
+        return regenerator_default.a.wrap(function _callee2$(_context2) {
+          while (1) {
+            switch (_context2.prev = _context2.next) {
+              case 0:
+                _context2.next = 2;
+                return crypto_encrypt(this.key, this.nonce(), plaintext, additionalData);
+
+              case 2:
+                return _context2.abrupt("return", _context2.sent);
+
+              case 3:
+              case "end":
+                return _context2.stop();
+            }
+          }
+        }, _callee2, this);
+      }));
+
+      function encrypt(_x3, _x4) {
+        return _encrypt2.apply(this, arguments);
+      }
+
+      return encrypt;
+    }()
+  }], [{
+    key: "create",
+    value: function () {
+      var _create2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee3(key) {
+        return regenerator_default.a.wrap(function _callee3$(_context3) {
+          while (1) {
+            switch (_context3.prev = _context3.next) {
+              case 0:
+                return _context3.abrupt("return", get_default()(getPrototypeOf_default()(EncryptionState), "create", this).call(this, key, 'encrypt'));
+
+              case 1:
+              case "end":
+                return _context3.stop();
+            }
+          }
+        }, _callee3, this);
+      }));
+
+      function create(_x5) {
+        return _create2.apply(this, arguments);
+      }
+
+      return create;
+    }()
+  }]);
+
+  return EncryptionState;
+}(recordlayer_CipherState);
+var recordlayer_DecryptionState =
+/*#__PURE__*/
+function (_CipherState2) {
+  inherits_default()(DecryptionState, _CipherState2);
+
+  function DecryptionState() {
+    classCallCheck_default()(this, DecryptionState);
+
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(DecryptionState).apply(this, arguments));
+  }
+
+  createClass_default()(DecryptionState, [{
+    key: "decrypt",
+    value: function () {
+      var _decrypt2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee4(ciphertext, additionalData) {
+        return regenerator_default.a.wrap(function _callee4$(_context4) {
+          while (1) {
+            switch (_context4.prev = _context4.next) {
+              case 0:
+                _context4.next = 2;
+                return crypto_decrypt(this.key, this.nonce(), ciphertext, additionalData);
+
+              case 2:
+                return _context4.abrupt("return", _context4.sent);
+
+              case 3:
+              case "end":
+                return _context4.stop();
+            }
+          }
+        }, _callee4, this);
+      }));
+
+      function decrypt(_x6, _x7) {
+        return _decrypt2.apply(this, arguments);
+      }
+
+      return decrypt;
+    }()
+  }], [{
+    key: "create",
+    value: function () {
+      var _create3 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee5(key) {
+        return regenerator_default.a.wrap(function _callee5$(_context5) {
+          while (1) {
+            switch (_context5.prev = _context5.next) {
+              case 0:
+                return _context5.abrupt("return", get_default()(getPrototypeOf_default()(DecryptionState), "create", this).call(this, key, 'decrypt'));
+
+              case 1:
+              case "end":
+                return _context5.stop();
+            }
+          }
+        }, _callee5, this);
+      }));
+
+      function create(_x8) {
+        return _create3.apply(this, arguments);
+      }
+
+      return create;
+    }()
+  }]);
+
+  return DecryptionState;
+}(recordlayer_CipherState); // The main RecordLayer class.
+
+var recordlayer_RecordLayer =
+/*#__PURE__*/
+function () {
+  function RecordLayer(sendCallback) {
+    classCallCheck_default()(this, RecordLayer);
+
+    this.sendCallback = sendCallback;
+    this._sendEncryptState = null;
+    this._sendError = null;
+    this._recvDecryptState = null;
+    this._recvError = null;
+    this._pendingRecordType = 0;
+    this._pendingRecordBuf = null;
+  }
+
+  createClass_default()(RecordLayer, [{
+    key: "setSendKey",
+    value: function () {
+      var _setSendKey = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee6(key) {
+        return regenerator_default.a.wrap(function _callee6$(_context6) {
+          while (1) {
+            switch (_context6.prev = _context6.next) {
+              case 0:
+                _context6.next = 2;
+                return this.flush();
+
+              case 2:
+                _context6.next = 4;
+                return recordlayer_EncryptionState.create(key);
+
+              case 4:
+                this._sendEncryptState = _context6.sent;
+
+              case 5:
+              case "end":
+                return _context6.stop();
+            }
+          }
+        }, _callee6, this);
+      }));
+
+      function setSendKey(_x9) {
+        return _setSendKey.apply(this, arguments);
+      }
+
+      return setSendKey;
+    }()
+  }, {
+    key: "setRecvKey",
+    value: function () {
+      var _setRecvKey = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee7(key) {
+        return regenerator_default.a.wrap(function _callee7$(_context7) {
+          while (1) {
+            switch (_context7.prev = _context7.next) {
+              case 0:
+                _context7.next = 2;
+                return recordlayer_DecryptionState.create(key);
+
+              case 2:
+                this._recvDecryptState = _context7.sent;
+
+              case 3:
+              case "end":
+                return _context7.stop();
+            }
+          }
+        }, _callee7, this);
+      }));
+
+      function setRecvKey(_x10) {
+        return _setRecvKey.apply(this, arguments);
+      }
+
+      return setRecvKey;
+    }()
+  }, {
+    key: "setSendError",
+    value: function () {
+      var _setSendError = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee8(err) {
+        return regenerator_default.a.wrap(function _callee8$(_context8) {
+          while (1) {
+            switch (_context8.prev = _context8.next) {
+              case 0:
+                this._sendError = err;
+
+              case 1:
+              case "end":
+                return _context8.stop();
+            }
+          }
+        }, _callee8, this);
+      }));
+
+      function setSendError(_x11) {
+        return _setSendError.apply(this, arguments);
+      }
+
+      return setSendError;
+    }()
+  }, {
+    key: "setRecvError",
+    value: function () {
+      var _setRecvError = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee9(err) {
+        return regenerator_default.a.wrap(function _callee9$(_context9) {
+          while (1) {
+            switch (_context9.prev = _context9.next) {
+              case 0:
+                this._recvError = err;
+
+              case 1:
+              case "end":
+                return _context9.stop();
+            }
+          }
+        }, _callee9, this);
+      }));
+
+      function setRecvError(_x12) {
+        return _setRecvError.apply(this, arguments);
+      }
+
+      return setRecvError;
+    }()
+  }, {
+    key: "send",
+    value: function () {
+      var _send = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee10(type, data) {
+        return regenerator_default.a.wrap(function _callee10$(_context10) {
+          while (1) {
+            switch (_context10.prev = _context10.next) {
+              case 0:
+                if (!(this._sendError !== null)) {
+                  _context10.next = 2;
+                  break;
+                }
+
+                throw this._sendError;
+
+              case 2:
+                if (!(data.byteLength > MAX_RECORD_SIZE)) {
+                  _context10.next = 4;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+
+              case 4:
+                if (!(this._pendingRecordType && this._pendingRecordType !== type)) {
+                  _context10.next = 7;
+                  break;
+                }
+
+                _context10.next = 7;
+                return this.flush();
+
+              case 7:
+                if (!(this._pendingRecordBuf !== null)) {
+                  _context10.next = 11;
+                  break;
+                }
+
+                if (!(this._pendingRecordBuf.tell() + data.byteLength > MAX_RECORD_SIZE)) {
+                  _context10.next = 11;
+                  break;
+                }
+
+                _context10.next = 11;
+                return this.flush();
+
+              case 11:
+                // Start a new pending record if necessary.
+                // We reserve space at the start of the buffer for the record header,
+                // which is conveniently always a fixed size.
+                if (this._pendingRecordBuf === null) {
+                  this._pendingRecordType = type;
+                  this._pendingRecordBuf = new utils_BufferWriter();
+
+                  this._pendingRecordBuf.incr(RECORD_HEADER_SIZE);
+                }
+
+                this._pendingRecordBuf.writeBytes(data);
+
+              case 13:
+              case "end":
+                return _context10.stop();
+            }
+          }
+        }, _callee10, this);
+      }));
+
+      function send(_x13, _x14) {
+        return _send.apply(this, arguments);
+      }
+
+      return send;
+    }()
+  }, {
+    key: "flush",
+    value: function () {
+      var _flush = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee11() {
+        var buf, type, inflation, innerPlaintext, length, additionalData, ciphertext;
+        return regenerator_default.a.wrap(function _callee11$(_context11) {
+          while (1) {
+            switch (_context11.prev = _context11.next) {
+              case 0:
+                // If there's nothing to flush, bail out early.
+                // Don't throw `_sendError` if we're not sending anything, because `flush()`
+                // can be called when we're trying to transition into an error state.
+                buf = this._pendingRecordBuf;
+                type = this._pendingRecordType;
+
+                if (type) {
+                  _context11.next = 6;
+                  break;
+                }
+
+                if (!(buf !== null)) {
+                  _context11.next = 5;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+
+              case 5:
+                return _context11.abrupt("return");
+
+              case 6:
+                if (!(this._sendError !== null)) {
+                  _context11.next = 8;
+                  break;
+                }
+
+                throw this._sendError;
+
+              case 8:
+                // If we're encrypting, turn the existing buffer contents into a `TLSInnerPlaintext` by
+                // appending the type. We don't do any zero-padding, although the spec allows it.
+                inflation = 0, innerPlaintext = null;
+
+                if (this._sendEncryptState !== null) {
+                  buf.writeUint8(type);
+                  innerPlaintext = buf.slice(RECORD_HEADER_SIZE);
+                  inflation = AEAD_SIZE_INFLATION;
+                  type = RECORD_TYPE.APPLICATION_DATA;
+                } // Write the common header for either `TLSPlaintext` or `TLSCiphertext` record.
+
+
+                length = buf.tell() - RECORD_HEADER_SIZE + inflation;
+                buf.seek(0);
+                buf.writeUint8(type);
+                buf.writeUint16(VERSION_TLS_1_2);
+                buf.writeUint16(length); // Followed by different payload depending on encryption status.
+
+                if (!(this._sendEncryptState !== null)) {
+                  _context11.next = 23;
+                  break;
+                }
+
+                additionalData = buf.slice(0, RECORD_HEADER_SIZE);
+                _context11.next = 19;
+                return this._sendEncryptState.encrypt(innerPlaintext, additionalData);
+
+              case 19:
+                ciphertext = _context11.sent;
+                buf.writeBytes(ciphertext);
+                _context11.next = 24;
+                break;
+
+              case 23:
+                buf.incr(length);
+
+              case 24:
+                this._pendingRecordBuf = null;
+                this._pendingRecordType = 0;
+                _context11.next = 28;
+                return this.sendCallback(buf.flush());
+
+              case 28:
+              case "end":
+                return _context11.stop();
+            }
+          }
+        }, _callee11, this);
+      }));
+
+      function flush() {
+        return _flush.apply(this, arguments);
+      }
+
+      return flush;
+    }()
+  }, {
+    key: "recv",
+    value: function () {
+      var _recv = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee12(data) {
+        var buf, type, version, length, plaintext, _ref, _ref2, _ref3, _ref4;
+
+        return regenerator_default.a.wrap(function _callee12$(_context12) {
+          while (1) {
+            switch (_context12.prev = _context12.next) {
+              case 0:
+                if (!(this._recvError !== null)) {
+                  _context12.next = 2;
+                  break;
+                }
+
+                throw this._recvError;
+
+              case 2:
+                // For simplicity, we assume that the given data contains exactly one record.
+                // Peers using this library will send one record at a time over the websocket
+                // connection, and we can assume that the server-side websocket bridge will split
+                // up any traffic into individual records if we ever start interoperating with
+                // peers using a different TLS implementation.
+                // Similarly, we assume that handshake messages will not be fragmented across
+                // multiple records. This should be trivially true for the PSK-only mode used
+                // by this library, but we may want to relax it in future for interoperability
+                // with e.g. large ClientHello messages that contain lots of different options.
+                buf = new utils_BufferReader(data); // The data to read is either a TLSPlaintext or TLSCiphertext struct,
+                // depending on whether record protection has been enabled yet:
+                //
+                //    struct {
+                //        ContentType type;
+                //        ProtocolVersion legacy_record_version;
+                //        uint16 length;
+                //        opaque fragment[TLSPlaintext.length];
+                //    } TLSPlaintext;
+                //
+                //    struct {
+                //        ContentType opaque_type = application_data; /* 23 */
+                //        ProtocolVersion legacy_record_version = 0x0303; /* TLS v1.2 */
+                //        uint16 length;
+                //        opaque encrypted_record[TLSCiphertext.length];
+                //    } TLSCiphertext;
+                //
+
+                type = buf.readUint8(); // The spec says legacy_record_version "MUST be ignored for all purposes",
+                // but we know TLS1.3 implementations will only ever emit two possible values,
+                // so it seems useful to bail out early if we receive anything else.
+
+                version = buf.readUint16();
+
+                if (!(version !== VERSION_TLS_1_2)) {
+                  _context12.next = 8;
+                  break;
+                }
+
+                if (!(this._recvDecryptState !== null || version !== VERSION_TLS_1_0)) {
+                  _context12.next = 8;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+
+              case 8:
+                length = buf.readUint16();
+
+                if (!(this._recvDecryptState === null || type === RECORD_TYPE.CHANGE_CIPHER_SPEC)) {
+                  _context12.next = 18;
+                  break;
+                }
+
+                _context12.next = 12;
+                return this._readPlaintextRecord(type, length, buf);
+
+              case 12:
+                _ref = _context12.sent;
+                _ref2 = slicedToArray_default()(_ref, 2);
+                type = _ref2[0];
+                plaintext = _ref2[1];
+                _context12.next = 24;
+                break;
+
+              case 18:
+                _context12.next = 20;
+                return this._readEncryptedRecord(type, length, buf);
+
+              case 20:
+                _ref3 = _context12.sent;
+                _ref4 = slicedToArray_default()(_ref3, 2);
+                type = _ref4[0];
+                plaintext = _ref4[1];
+
+              case 24:
+                if (!buf.hasMoreBytes()) {
+                  _context12.next = 26;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+
+              case 26:
+                return _context12.abrupt("return", [type, plaintext]);
+
+              case 27:
+              case "end":
+                return _context12.stop();
+            }
+          }
+        }, _callee12, this);
+      }));
+
+      function recv(_x15) {
+        return _recv.apply(this, arguments);
+      }
+
+      return recv;
+    }() // Helper to read an unencrypted `TLSPlaintext` struct
+
+  }, {
+    key: "_readPlaintextRecord",
+    value: function () {
+      var _readPlaintextRecord2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee13(type, length, buf) {
+        return regenerator_default.a.wrap(function _callee13$(_context13) {
+          while (1) {
+            switch (_context13.prev = _context13.next) {
+              case 0:
+                if (!(length > MAX_RECORD_SIZE)) {
+                  _context13.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.RECORD_OVERFLOW);
+
+              case 2:
+                return _context13.abrupt("return", [type, buf.readBytes(length)]);
+
+              case 3:
+              case "end":
+                return _context13.stop();
+            }
+          }
+        }, _callee13, this);
+      }));
+
+      function _readPlaintextRecord(_x16, _x17, _x18) {
+        return _readPlaintextRecord2.apply(this, arguments);
+      }
+
+      return _readPlaintextRecord;
+    }() // Helper to read an encrypted `TLSCiphertext` struct,
+    // decrypting it into plaintext.
+
+  }, {
+    key: "_readEncryptedRecord",
+    value: function () {
+      var _readEncryptedRecord2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee14(type, length, buf) {
+        var additionalData, ciphertext, paddedPlaintext, i;
+        return regenerator_default.a.wrap(function _callee14$(_context14) {
+          while (1) {
+            switch (_context14.prev = _context14.next) {
+              case 0:
+                if (!(length > MAX_ENCRYPTED_RECORD_SIZE)) {
+                  _context14.next = 2;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.RECORD_OVERFLOW);
+
+              case 2:
+                if (!(type !== RECORD_TYPE.APPLICATION_DATA)) {
+                  _context14.next = 4;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+
+              case 4:
+                // Decrypt and decode the contained `TLSInnerPlaintext` struct:
+                //
+                //    struct {
+                //        opaque content[TLSPlaintext.length];
+                //        ContentType type;
+                //        uint8 zeros[length_of_padding];
+                //    } TLSInnerPlaintext;
+                //
+                // The additional data for the decryption is the `TLSCiphertext` record
+                // header, which is a fixed size and immediately prior to current buffer position.
+                buf.incr(-RECORD_HEADER_SIZE);
+                additionalData = buf.readBytes(RECORD_HEADER_SIZE);
+                ciphertext = buf.readBytes(length);
+                _context14.next = 9;
+                return this._recvDecryptState.decrypt(ciphertext, additionalData);
+
+              case 9:
+                paddedPlaintext = _context14.sent;
+                i = paddedPlaintext.byteLength - 1;
+
+              case 11:
+                if (!(i >= 0)) {
+                  _context14.next = 17;
+                  break;
+                }
+
+                if (!(paddedPlaintext[i] !== 0)) {
+                  _context14.next = 14;
+                  break;
+                }
+
+                return _context14.abrupt("break", 17);
+
+              case 14:
+                i--;
+                _context14.next = 11;
+                break;
+
+              case 17:
+                if (!(i < 0)) {
+                  _context14.next = 19;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+              case 19:
+                type = paddedPlaintext[i]; // `change_cipher_spec` records must always be plaintext.
+
+                if (!(type === RECORD_TYPE.CHANGE_CIPHER_SPEC)) {
+                  _context14.next = 22;
+                  break;
+                }
+
+                throw new alerts_TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+
+              case 22:
+                return _context14.abrupt("return", [type, paddedPlaintext.slice(0, i)]);
+
+              case 23:
+              case "end":
+                return _context14.stop();
+            }
+          }
+        }, _callee14, this);
+      }));
+
+      function _readEncryptedRecord(_x19, _x20, _x21) {
+        return _readEncryptedRecord2.apply(this, arguments);
+      }
+
+      return _readEncryptedRecord;
+    }()
+  }]);
+
+  return RecordLayer;
+}();
+// CONCATENATED MODULE: ./src/tlsconnection.js
+
+
+
+
+
+
+
+
+
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+// The top-level APIs offered by this module are `ClientConnection` and
+// `ServerConnection` classes, which provide authenticated and encrypted
+// communication via the "externally-provisioned PSK" mode of TLS1.3.
+// They each take a callback to be used for sending data to the remote peer,
+// and operate like this:
+//
+//    conn = await ClientConnection.create(psk, pskId, async function send_data_to_server(data) {
+//      // application-specific sending logic here.
+//    })
+//
+//    // Send data to the server by calling `send`,
+//    // which will use the callback provided in the constructor.
+//    // A single `send()` by the application may result in multiple
+//    // invokations of the callback.
+//
+//    await conn.send('application-level data')
+//
+//    // When data is received from the server, push it into
+//    // the connection and let it return any decrypted app-level data.
+//    // There might not be any app-level data if it was a protocol control
+//    //  message, and the receipt of the data might trigger additional calls
+//    // to the send callback for protocol control purposes.
+//
+//    serverSocket.on('data', async encrypted_data => {
+//      const plaintext = await conn.recv(data)
+//      if (plaintext !== null) {
+//        do_something_with_app_level_data(plaintext)
+//      }
+//    })
+//
+//    // It's good practice to explicitly close the connection
+//    // when finished.  This will send a "closed" notification
+//    // to the server.
+//
+//    await conn.close()
+//
+//    // When the peer sends a "closed" notification it will show up
+//    // as a `TLSCloseNotify` exception from recv:
+//
+//    try {
+//      await conn.recv(data);
+//    } catch (err) {
+//      if (! (err instanceof TLSCloseNotify) { throw err }
+//      do_something_to_cleanly_close_data_connection();
+//    }
+//
+// The `ServerConnection` API operates similarly; the distinction is mainly
+// in which side is expected to send vs receieve during the protocol handshake.
+
+
+
+
+
+
+
+var tlsconnection_Connection =
+/*#__PURE__*/
+function () {
+  function Connection(psk, pskId, sendCallback) {
+    var _this = this;
+
+    classCallCheck_default()(this, Connection);
+
+    this.psk = assertIsBytes(psk);
+    this.pskId = assertIsBytes(pskId);
+    this.connected = new Promise(function (resolve, reject) {
+      _this._onConnectionSuccess = resolve;
+      _this._onConnectionFailure = reject;
+    });
+    this._state = new states_UNINITIALIZED(this);
+    this._handshakeRecvBuffer = null;
+    this._hasSeenChangeCipherSpec = false;
+    this._recordlayer = new recordlayer_RecordLayer(sendCallback);
+    this._keyschedule = new keyschedule_KeySchedule();
+    this._lastPromise = Promise.resolve();
+  } // Subclasses will override this with some async initialization logic.
+
+
+  createClass_default()(Connection, [{
+    key: "send",
+    // These are the three public API methods that consumers can use
+    // to send and receive data encrypted with TLS1.3.
+    value: function () {
+      var _send = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee2(data) {
+        var _this2 = this;
+
+        return regenerator_default.a.wrap(function _callee2$(_context2) {
+          while (1) {
+            switch (_context2.prev = _context2.next) {
+              case 0:
+                assertIsBytes(data);
+                _context2.next = 3;
+                return this.connected;
+
+              case 3:
+                _context2.next = 5;
+                return this._synchronized(
+                /*#__PURE__*/
+                asyncToGenerator_default()(
+                /*#__PURE__*/
+                regenerator_default.a.mark(function _callee() {
+                  return regenerator_default.a.wrap(function _callee$(_context) {
+                    while (1) {
+                      switch (_context.prev = _context.next) {
+                        case 0:
+                          _context.next = 2;
+                          return _this2._state.sendApplicationData(data);
+
+                        case 2:
+                        case "end":
+                          return _context.stop();
+                      }
+                    }
+                  }, _callee, this);
+                })));
+
+              case 5:
+              case "end":
+                return _context2.stop();
+            }
+          }
+        }, _callee2, this);
+      }));
+
+      function send(_x) {
+        return _send.apply(this, arguments);
+      }
+
+      return send;
+    }()
+  }, {
+    key: "recv",
+    value: function () {
+      var _recv = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee4(data) {
+        var _this3 = this;
+
+        return regenerator_default.a.wrap(function _callee4$(_context4) {
+          while (1) {
+            switch (_context4.prev = _context4.next) {
+              case 0:
+                assertIsBytes(data);
+                _context4.next = 3;
+                return this._synchronized(
+                /*#__PURE__*/
+                asyncToGenerator_default()(
+                /*#__PURE__*/
+                regenerator_default.a.mark(function _callee3() {
+                  var _ref3, _ref4, type, bytes, mlength, messageBytes;
+
+                  return regenerator_default.a.wrap(function _callee3$(_context3) {
+                    while (1) {
+                      switch (_context3.prev = _context3.next) {
+                        case 0:
+                          _context3.next = 2;
+                          return _this3._recordlayer.recv(data);
+
+                        case 2:
+                          _ref3 = _context3.sent;
+                          _ref4 = slicedToArray_default()(_ref3, 2);
+                          type = _ref4[0];
+                          bytes = _ref4[1];
+                          _context3.t0 = type;
+                          _context3.next = _context3.t0 === RECORD_TYPE.CHANGE_CIPHER_SPEC ? 9 : _context3.t0 === RECORD_TYPE.ALERT ? 12 : _context3.t0 === RECORD_TYPE.APPLICATION_DATA ? 15 : _context3.t0 === RECORD_TYPE.HANDSHAKE ? 18 : 31;
+                          break;
+
+                        case 9:
+                          _context3.next = 11;
+                          return _this3._state.recvChangeCipherSpec(bytes);
+
+                        case 11:
+                          return _context3.abrupt("return", null);
+
+                        case 12:
+                          _context3.next = 14;
+                          return _this3._state.recvAlertMessage(alerts_TLSAlert.fromBytes(bytes));
+
+                        case 14:
+                          return _context3.abrupt("return", null);
+
+                        case 15:
+                          _context3.next = 17;
+                          return _this3._state.recvApplicationData(bytes);
+
+                        case 17:
+                          return _context3.abrupt("return", _context3.sent);
+
+                        case 18:
+                          // Multiple handshake messages may be coalesced into a single record.
+                          // Store the in-progress record buffer on `this` so that we can guard
+                          // against handshake messages that span a change in keys.
+                          _this3._handshakeRecvBuffer = new utils_BufferReader(bytes);
+
+                          if (_this3._handshakeRecvBuffer.hasMoreBytes()) {
+                            _context3.next = 21;
+                            break;
+                          }
+
+                          throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+                        case 21:
+                          // Each handshake messages has a type and length prefix, per
+                          // https://tools.ietf.org/html/rfc8446#appendix-B.3
+                          _this3._handshakeRecvBuffer.incr(1);
+
+                          mlength = _this3._handshakeRecvBuffer.readUint24();
+
+                          _this3._handshakeRecvBuffer.incr(-4);
+
+                          messageBytes = _this3._handshakeRecvBuffer.readBytes(mlength + 4);
+
+                          _this3._keyschedule.addToTranscript(messageBytes);
+
+                          _context3.next = 28;
+                          return _this3._state.recvHandshakeMessage(messages_HandshakeMessage.fromBytes(messageBytes));
+
+                        case 28:
+                          if (_this3._handshakeRecvBuffer.hasMoreBytes()) {
+                            _context3.next = 21;
+                            break;
+                          }
+
+                        case 29:
+                          _this3._handshakeRecvBuffer = null;
+                          return _context3.abrupt("return", null);
+
+                        case 31:
+                          throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+
+                        case 32:
+                        case "end":
+                          return _context3.stop();
+                      }
+                    }
+                  }, _callee3, this);
+                })));
+
+              case 3:
+                return _context4.abrupt("return", _context4.sent);
+
+              case 4:
+              case "end":
+                return _context4.stop();
+            }
+          }
+        }, _callee4, this);
+      }));
+
+      function recv(_x2) {
+        return _recv.apply(this, arguments);
+      }
+
+      return recv;
+    }()
+  }, {
+    key: "close",
+    value: function () {
+      var _close = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee6() {
+        var _this4 = this;
+
+        return regenerator_default.a.wrap(function _callee6$(_context6) {
+          while (1) {
+            switch (_context6.prev = _context6.next) {
+              case 0:
+                _context6.next = 2;
+                return this._synchronized(
+                /*#__PURE__*/
+                asyncToGenerator_default()(
+                /*#__PURE__*/
+                regenerator_default.a.mark(function _callee5() {
+                  return regenerator_default.a.wrap(function _callee5$(_context5) {
+                    while (1) {
+                      switch (_context5.prev = _context5.next) {
+                        case 0:
+                          _context5.next = 2;
+                          return _this4._state.close();
+
+                        case 2:
+                        case "end":
+                          return _context5.stop();
+                      }
+                    }
+                  }, _callee5, this);
+                })));
+
+              case 2:
+              case "end":
+                return _context6.stop();
+            }
+          }
+        }, _callee6, this);
+      }));
+
+      function close() {
+        return _close.apply(this, arguments);
+      }
+
+      return close;
+    }() // Ensure that async functions execute one at a time,
+    // by waiting for the previous call to `_synchronized()` to complete
+    // before starting a new one.  This helps ensure that we complete
+    // one state-machine transition before starting to do the next.
+    // It's also a convenient place to catch and alert on errors.
 
-  for (var i = 0; i < v1.length; i++) {
-    mismatch &= v1[i] !== v2[i];
-  }
+  }, {
+    key: "_synchronized",
+    value: function _synchronized(cb) {
+      var _this5 = this;
 
-  return !mismatch;
-}
-// CONCATENATED MODULE: ./src/rot128.js
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
- // The top-level APIs offered by this library are `InsecureClientConnection` and
-// `Insecure ServerConnection` classes.  They each take a callback to be used for
-// sending data to the remote peer, and operate like this:
-//
-//    conn = await InsecureClientConnection.create(psk, pskId, async function send_data_to_server(data) {
-//      // application-specific sending logic here.
-//    })
-//
-//    // Send data to the server by calling `send`,
-//    // which will use the callback provided in the constructor.
-//    // A single `send()` by the application may result in multiple
-//    // invokations of the callback.
-//
-//    await conn.send('application-level data')
-//
-//    // When data is received from the server, push it into
-//    // the connection and let it return any decrypted app-level data.
-//    // There might not be any app-level data if it was protocol control message,
-//    // and the receipt of the data might trigger additional calls to the
-//    // send callback for protocol control purposes.
-//
-//    serverSocket.on('data', async encrypted_data => {
-//      const plaintext = await conn.recv(data)
-//      if (plaintext !== null) {
-//        do_something_with_app_level_data(plaintext)
-//      }
-//    })
-//
-//    // It's good practice to explicitly close the connection
-//    // when finished.  This will send a "closed" notification
-//    // to the server.
-//
-//    await conn.close()
-//
-// The `InsecureServerConnection` API operates similarly; the distinction is mainly
-// in which side is expected to send vs receieve during the protocol handshake.
+      var nextPromise = this._lastPromise.then(function () {
+        return cb();
+      }).catch(
+      /*#__PURE__*/
+      function () {
+        var _ref6 = asyncToGenerator_default()(
+        /*#__PURE__*/
+        regenerator_default.a.mark(function _callee7(err) {
+          return regenerator_default.a.wrap(function _callee7$(_context7) {
+            while (1) {
+              switch (_context7.prev = _context7.next) {
+                case 0:
+                  if (!(err instanceof alerts_TLSCloseNotify)) {
+                    _context7.next = 2;
+                    break;
+                  }
 
+                  throw err;
 
+                case 2:
+                  _context7.next = 4;
+                  return _this5._state.handleErrorAndRethrow(err);
 
+                case 4:
+                case "end":
+                  return _context7.stop();
+              }
+            }
+          }, _callee7, this);
+        }));
 
+        return function (_x3) {
+          return _ref6.apply(this, arguments);
+        };
+      }()); // We don't want to hold on to the return value or error,
+      // just synchronize on the fact that it completed.
 
 
+      this._lastPromise = nextPromise.then(noop, noop);
+      return nextPromise;
+    } // This drives internal transition of the state-machine,
+    // ensuring that the new state is properly initialized.
 
+  }, {
+    key: "_transition",
+    value: function () {
+      var _transition2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee8(State) {
+        var _this$_state;
 
+        var _len,
+            args,
+            _key,
+            _args8 = arguments;
 
- // !!!!!!!
-// !!
-// !!   N.B. In case it wasn't obvious, this is insecure!
-// !!
-// !!!!!!!
-//
-// This will be replaced by an implementation of the TLS1.3 PSK mode.
-// We're using a simple insecure quote-unquote cipher for now in order
-// to simulate the same sort of interface that the real crypto engine
-// will provide.
+        return regenerator_default.a.wrap(function _callee8$(_context8) {
+          while (1) {
+            switch (_context8.prev = _context8.next) {
+              case 0:
+                this._state = new State(this);
 
-var rot128_InsecureConnection =
-/*#__PURE__*/
-function () {
-  function InsecureConnection(psk, pskId, sendCallback) {
-    classCallCheck_default()(this, InsecureConnection);
+                for (_len = _args8.length, args = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
+                  args[_key - 1] = _args8[_key];
+                }
 
-    this.psk = assertIsBytes(psk);
-    this.pskId = assertIsBytes(pskId);
-    this.sendCallback = sendCallback;
-  } // Subclasses will override this with some async initialization logic.
+                _context8.next = 4;
+                return (_this$_state = this._state).initialize.apply(_this$_state, args);
 
+              case 4:
+                _context8.next = 6;
+                return this._recordlayer.flush();
 
-  createClass_default()(InsecureConnection, [{
-    key: "send",
-    // These are the three public API methods that
-    // consumers can use to connunicate over TLS.
+              case 6:
+              case "end":
+                return _context8.stop();
+            }
+          }
+        }, _callee8, this);
+      }));
+
+      function _transition(_x4) {
+        return _transition2.apply(this, arguments);
+      }
+
+      return _transition;
+    }() // These are helpers to allow the State to manipulate the recordlayer
+    // and send out various types of data.
+
+  }, {
+    key: "_sendApplicationData",
     value: function () {
-      var _send = asyncToGenerator_default()(
+      var _sendApplicationData2 = asyncToGenerator_default()(
       /*#__PURE__*/
-      regenerator_default.a.mark(function _callee(data) {
-        return regenerator_default.a.wrap(function _callee$(_context) {
+      regenerator_default.a.mark(function _callee9(bytes) {
+        return regenerator_default.a.wrap(function _callee9$(_context9) {
           while (1) {
-            switch (_context.prev = _context.next) {
+            switch (_context9.prev = _context9.next) {
               case 0:
-                assertIsBytes(data);
-                _context.t0 = this;
-                _context.next = 4;
-                return this._rot128(data);
+                _context9.next = 2;
+                return this._recordlayer.send(RECORD_TYPE.APPLICATION_DATA, bytes);
+
+              case 2:
+                _context9.next = 4;
+                return this._recordlayer.flush();
 
               case 4:
-                _context.t1 = _context.sent;
-                _context.next = 7;
-                return _context.t0.sendCallback.call(_context.t0, _context.t1);
+              case "end":
+                return _context9.stop();
+            }
+          }
+        }, _callee9, this);
+      }));
 
-              case 7:
+      function _sendApplicationData(_x5) {
+        return _sendApplicationData2.apply(this, arguments);
+      }
+
+      return _sendApplicationData;
+    }()
+  }, {
+    key: "_sendHandshakeMessage",
+    value: function () {
+      var _sendHandshakeMessage2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee10(msg) {
+        return regenerator_default.a.wrap(function _callee10$(_context10) {
+          while (1) {
+            switch (_context10.prev = _context10.next) {
+              case 0:
+                _context10.next = 2;
+                return this._sendHandshakeMessageBytes(msg.toBytes());
+
+              case 2:
               case "end":
-                return _context.stop();
+                return _context10.stop();
             }
           }
-        }, _callee, this);
+        }, _callee10, this);
       }));
 
-      function send(_x) {
-        return _send.apply(this, arguments);
+      function _sendHandshakeMessage(_x6) {
+        return _sendHandshakeMessage2.apply(this, arguments);
       }
 
-      return send;
+      return _sendHandshakeMessage;
     }()
   }, {
-    key: "recv",
+    key: "_sendHandshakeMessageBytes",
     value: function () {
-      var _recv = asyncToGenerator_default()(
+      var _sendHandshakeMessageBytes2 = asyncToGenerator_default()(
       /*#__PURE__*/
-      regenerator_default.a.mark(function _callee2(data) {
-        return regenerator_default.a.wrap(function _callee2$(_context2) {
+      regenerator_default.a.mark(function _callee11(bytes) {
+        return regenerator_default.a.wrap(function _callee11$(_context11) {
           while (1) {
-            switch (_context2.prev = _context2.next) {
+            switch (_context11.prev = _context11.next) {
               case 0:
-                assertIsBytes(data);
-                _context2.next = 3;
-                return this._rot128(data);
+                this._keyschedule.addToTranscript(bytes);
+
+                _context11.next = 3;
+                return this._recordlayer.send(RECORD_TYPE.HANDSHAKE, bytes);
 
               case 3:
-                return _context2.abrupt("return", _context2.sent);
+              case "end":
+                return _context11.stop();
+            }
+          }
+        }, _callee11, this);
+      }));
+
+      function _sendHandshakeMessageBytes(_x7) {
+        return _sendHandshakeMessageBytes2.apply(this, arguments);
+      }
+
+      return _sendHandshakeMessageBytes;
+    }()
+  }, {
+    key: "_sendAlertMessage",
+    value: function () {
+      var _sendAlertMessage2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee12(err) {
+        return regenerator_default.a.wrap(function _callee12$(_context12) {
+          while (1) {
+            switch (_context12.prev = _context12.next) {
+              case 0:
+                _context12.next = 2;
+                return this._recordlayer.send(RECORD_TYPE.ALERT, err.toBytes());
+
+              case 2:
+                _context12.next = 4;
+                return this._recordlayer.flush();
 
               case 4:
               case "end":
-                return _context2.stop();
+                return _context12.stop();
             }
           }
-        }, _callee2, this);
+        }, _callee12, this);
       }));
 
-      function recv(_x2) {
-        return _recv.apply(this, arguments);
+      function _sendAlertMessage(_x8) {
+        return _sendAlertMessage2.apply(this, arguments);
       }
 
-      return recv;
+      return _sendAlertMessage;
     }()
   }, {
-    key: "close",
+    key: "_sendChangeCipherSpec",
     value: function () {
-      var _close = asyncToGenerator_default()(
+      var _sendChangeCipherSpec2 = asyncToGenerator_default()(
       /*#__PURE__*/
-      regenerator_default.a.mark(function _callee3() {
-        return regenerator_default.a.wrap(function _callee3$(_context3) {
+      regenerator_default.a.mark(function _callee13() {
+        return regenerator_default.a.wrap(function _callee13$(_context13) {
           while (1) {
-            switch (_context3.prev = _context3.next) {
+            switch (_context13.prev = _context13.next) {
               case 0:
+                _context13.next = 2;
+                return this._recordlayer.send(RECORD_TYPE.CHANGE_CIPHER_SPEC, new Uint8Array([0x01]));
+
+              case 2:
+                _context13.next = 4;
+                return this._recordlayer.flush();
+
+              case 4:
               case "end":
-                return _context3.stop();
+                return _context13.stop();
             }
           }
-        }, _callee3, this);
+        }, _callee13, this);
       }));
 
-      function close() {
-        return _close.apply(this, arguments);
+      function _sendChangeCipherSpec() {
+        return _sendChangeCipherSpec2.apply(this, arguments);
       }
 
-      return close;
+      return _sendChangeCipherSpec;
     }()
   }, {
-    key: "_rot128",
+    key: "_setSendKey",
     value: function () {
-      var _rot = asyncToGenerator_default()(
+      var _setSendKey2 = asyncToGenerator_default()(
       /*#__PURE__*/
-      regenerator_default.a.mark(function _callee4(input) {
-        var output, i;
-        return regenerator_default.a.wrap(function _callee4$(_context4) {
+      regenerator_default.a.mark(function _callee14(key) {
+        return regenerator_default.a.wrap(function _callee14$(_context14) {
           while (1) {
-            switch (_context4.prev = _context4.next) {
+            switch (_context14.prev = _context14.next) {
               case 0:
-                output = new Uint8Array(input.byteLength);
+                _context14.next = 2;
+                return this._recordlayer.setSendKey(key);
+
+              case 2:
+                return _context14.abrupt("return", _context14.sent);
+
+              case 3:
+              case "end":
+                return _context14.stop();
+            }
+          }
+        }, _callee14, this);
+      }));
+
+      function _setSendKey(_x9) {
+        return _setSendKey2.apply(this, arguments);
+      }
 
-                for (i = 0; i < input.byteLength; i++) {
-                  output[i] = input[i] + 128 & 0xFF;
+      return _setSendKey;
+    }()
+  }, {
+    key: "_setRecvKey",
+    value: function () {
+      var _setRecvKey2 = asyncToGenerator_default()(
+      /*#__PURE__*/
+      regenerator_default.a.mark(function _callee15(key) {
+        return regenerator_default.a.wrap(function _callee15$(_context15) {
+          while (1) {
+            switch (_context15.prev = _context15.next) {
+              case 0:
+                if (!(this._handshakeRecvBuffer && this._handshakeRecvBuffer.hasMoreBytes())) {
+                  _context15.next = 2;
+                  break;
                 }
 
-                return _context4.abrupt("return", output);
+                throw new alerts_TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
 
-              case 3:
+              case 2:
+                _context15.next = 4;
+                return this._recordlayer.setRecvKey(key);
+
+              case 4:
+                return _context15.abrupt("return", _context15.sent);
+
+              case 5:
               case "end":
-                return _context4.stop();
+                return _context15.stop();
             }
           }
-        }, _callee4, this);
+        }, _callee15, this);
       }));
 
-      function _rot128(_x3) {
-        return _rot.apply(this, arguments);
+      function _setRecvKey(_x10) {
+        return _setRecvKey2.apply(this, arguments);
       }
 
-      return _rot128;
+      return _setRecvKey;
     }()
+  }, {
+    key: "_setConnectionSuccess",
+    value: function _setConnectionSuccess() {
+      if (this._onConnectionSuccess !== null) {
+        this._onConnectionSuccess();
+
+        this._onConnectionSuccess = null;
+        this._onConnectionFailure = null;
+      }
+    }
+  }, {
+    key: "_setConnectionFailure",
+    value: function _setConnectionFailure(err) {
+      if (this._onConnectionFailure !== null) {
+        this._onConnectionFailure(err);
+
+        this._onConnectionSuccess = null;
+        this._onConnectionFailure = null;
+      }
+    }
+  }, {
+    key: "_closeForSend",
+    value: function _closeForSend(alert) {
+      this._recordlayer.setSendError(alert);
+    }
+  }, {
+    key: "_closeForRecv",
+    value: function _closeForRecv(alert) {
+      this._recordlayer.setRecvError(alert);
+    }
   }], [{
     key: "create",
     value: function () {
       var _create = asyncToGenerator_default()(
       /*#__PURE__*/
-      regenerator_default.a.mark(function _callee5(psk, pskId, sendCallback) {
-        return regenerator_default.a.wrap(function _callee5$(_context5) {
+      regenerator_default.a.mark(function _callee16(psk, pskId, sendCallback) {
+        return regenerator_default.a.wrap(function _callee16$(_context16) {
           while (1) {
-            switch (_context5.prev = _context5.next) {
+            switch (_context16.prev = _context16.next) {
               case 0:
-                return _context5.abrupt("return", new this(psk, pskId, sendCallback));
+                return _context16.abrupt("return", new this(psk, pskId, sendCallback));
 
               case 1:
               case "end":
-                return _context5.stop();
+                return _context16.stop();
             }
           }
-        }, _callee5, this);
+        }, _callee16, this);
       }));
 
-      function create(_x4, _x5, _x6) {
+      function create(_x11, _x12, _x13) {
         return _create.apply(this, arguments);
       }
 
@@ -1442,51 +6888,50 @@ function () {
     }()
   }]);
 
-  return InsecureConnection;
+  return Connection;
 }();
-
-var rot128_InsecureClientConnection =
+var tlsconnection_ClientConnection =
 /*#__PURE__*/
-function (_InsecureConnection) {
-  inherits_default()(InsecureClientConnection, _InsecureConnection);
+function (_Connection) {
+  inherits_default()(ClientConnection, _Connection);
 
-  function InsecureClientConnection() {
-    classCallCheck_default()(this, InsecureClientConnection);
+  function ClientConnection() {
+    classCallCheck_default()(this, ClientConnection);
 
-    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(InsecureClientConnection).apply(this, arguments));
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(ClientConnection).apply(this, arguments));
   }
 
-  createClass_default()(InsecureClientConnection, null, [{
+  createClass_default()(ClientConnection, null, [{
     key: "create",
     value: function () {
       var _create2 = asyncToGenerator_default()(
       /*#__PURE__*/
-      regenerator_default.a.mark(function _callee6(psk, pskId, sendCallback) {
+      regenerator_default.a.mark(function _callee17(psk, pskId, sendCallback) {
         var instance;
-        return regenerator_default.a.wrap(function _callee6$(_context6) {
+        return regenerator_default.a.wrap(function _callee17$(_context17) {
           while (1) {
-            switch (_context6.prev = _context6.next) {
+            switch (_context17.prev = _context17.next) {
               case 0:
-                _context6.next = 2;
-                return get_default()(getPrototypeOf_default()(InsecureClientConnection), "create", this).call(this, psk, pskId, sendCallback);
+                _context17.next = 2;
+                return get_default()(getPrototypeOf_default()(ClientConnection), "create", this).call(this, psk, pskId, sendCallback);
 
               case 2:
-                instance = _context6.sent;
-                _context6.next = 5;
-                return instance.send(instance.psk);
+                instance = _context17.sent;
+                _context17.next = 5;
+                return instance._transition(states_CLIENT_START);
 
               case 5:
-                return _context6.abrupt("return", instance);
+                return _context17.abrupt("return", instance);
 
               case 6:
               case "end":
-                return _context6.stop();
+                return _context17.stop();
             }
           }
-        }, _callee6, this);
+        }, _callee17, this);
       }));
 
-      function create(_x7, _x8, _x9) {
+      function create(_x14, _x15, _x16) {
         return _create2.apply(this, arguments);
       }
 
@@ -1494,66 +6939,59 @@ function (_InsecureConnection) {
     }()
   }]);
 
-  return InsecureClientConnection;
-}(rot128_InsecureConnection);
-var rot128_InsecureServerConnection =
+  return ClientConnection;
+}(tlsconnection_Connection);
+var tlsconnection_ServerConnection =
 /*#__PURE__*/
-function (_InsecureConnection2) {
-  inherits_default()(InsecureServerConnection, _InsecureConnection2);
-
-  function InsecureServerConnection(psk, pskId, sendCallback) {
-    var _this;
+function (_Connection2) {
+  inherits_default()(ServerConnection, _Connection2);
 
-    classCallCheck_default()(this, InsecureServerConnection);
+  function ServerConnection() {
+    classCallCheck_default()(this, ServerConnection);
 
-    _this = possibleConstructorReturn_default()(this, getPrototypeOf_default()(InsecureServerConnection).call(this, psk, pskId, sendCallback));
-    _this.receivedHandshake = false;
-    return _this;
+    return possibleConstructorReturn_default()(this, getPrototypeOf_default()(ServerConnection).apply(this, arguments));
   }
 
-  createClass_default()(InsecureServerConnection, [{
-    key: "recv",
+  createClass_default()(ServerConnection, null, [{
+    key: "create",
     value: function () {
-      var _recv2 = asyncToGenerator_default()(
+      var _create3 = asyncToGenerator_default()(
       /*#__PURE__*/
-      regenerator_default.a.mark(function _callee7(data) {
-        var output;
-        return regenerator_default.a.wrap(function _callee7$(_context7) {
+      regenerator_default.a.mark(function _callee18(psk, pskId, sendCallback) {
+        var instance;
+        return regenerator_default.a.wrap(function _callee18$(_context18) {
           while (1) {
-            switch (_context7.prev = _context7.next) {
+            switch (_context18.prev = _context18.next) {
               case 0:
-                _context7.next = 2;
-                return get_default()(getPrototypeOf_default()(InsecureServerConnection.prototype), "recv", this).call(this, data);
+                _context18.next = 2;
+                return get_default()(getPrototypeOf_default()(ServerConnection), "create", this).call(this, psk, pskId, sendCallback);
 
               case 2:
-                output = _context7.sent;
-
-                if (!this.receivedHandshake) {
-                  assert(bytesAreEqual(output, this.psk), 'psk mismatch');
-                  this.receivedHandshake = true;
-                  output = null;
-                }
-
-                return _context7.abrupt("return", output);
+                instance = _context18.sent;
+                _context18.next = 5;
+                return instance._transition(states_SERVER_START);
 
               case 5:
+                return _context18.abrupt("return", instance);
+
+              case 6:
               case "end":
-                return _context7.stop();
+                return _context18.stop();
             }
           }
-        }, _callee7, this);
+        }, _callee18, this);
       }));
 
-      function recv(_x10) {
-        return _recv2.apply(this, arguments);
+      function create(_x17, _x18, _x19) {
+        return _create3.apply(this, arguments);
       }
 
-      return recv;
+      return create;
     }()
   }]);
 
-  return InsecureServerConnection;
-}(rot128_InsecureConnection);
+  return ServerConnection;
+}(tlsconnection_Connection);
 // CONCATENATED MODULE: ./node_modules/event-target-shim/dist/event-target-shim.mjs
 /**
  * @author Toru Nagashima <https://github.com/mysticatea>
@@ -2419,17 +7857,16 @@ if (
 //# sourceMappingURL=event-target-shim.mjs.map
 
 // CONCATENATED MODULE: ./src/index.js
-/* harmony export (binding) */ __webpack_require__.d(__webpack_exports__, "InsecurePairingChannel", function() { return src_InsecurePairingChannel; });
+/* harmony export (binding) */ __webpack_require__.d(__webpack_exports__, "PairingChannel", function() { return src_PairingChannel; });
+/* harmony export (binding) */ __webpack_require__.d(__webpack_exports__, "_internals", function() { return _internals; });
+/* concated harmony reexport base64urlToBytes */__webpack_require__.d(__webpack_exports__, "base64urlToBytes", function() { return base64urlToBytes; });
+/* concated harmony reexport bytesToBase64url */__webpack_require__.d(__webpack_exports__, "bytesToBase64url", function() { return bytesToBase64url; });
 /* concated harmony reexport bytesToHex */__webpack_require__.d(__webpack_exports__, "bytesToHex", function() { return bytesToHex; });
-/* concated harmony reexport hexToBytes */__webpack_require__.d(__webpack_exports__, "hexToBytes", function() { return hexToBytes; });
 /* concated harmony reexport bytesToUtf8 */__webpack_require__.d(__webpack_exports__, "bytesToUtf8", function() { return bytesToUtf8; });
+/* concated harmony reexport hexToBytes */__webpack_require__.d(__webpack_exports__, "hexToBytes", function() { return hexToBytes; });
+/* concated harmony reexport TLSCloseNotify */__webpack_require__.d(__webpack_exports__, "TLSCloseNotify", function() { return alerts_TLSCloseNotify; });
+/* concated harmony reexport TLSError */__webpack_require__.d(__webpack_exports__, "TLSError", function() { return alerts_TLSError; });
 /* concated harmony reexport utf8ToBytes */__webpack_require__.d(__webpack_exports__, "utf8ToBytes", function() { return utf8ToBytes; });
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
- // A wrapper that combines a WebSocket to the channelserver
-// with some client-side encryption for securing the channel.
-// We'll improve the encryption before initial release...
 
 
 
@@ -2438,26 +7875,35 @@ if (
 
 
 
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+// A wrapper that combines a WebSocket to the channelserver
+// with some client-side encryption for securing the channel.
+// We'll improve the encryption before initial release...
+
 
 
 
 var CLOSE_FLUSH_BUFFER_INTERVAL_MS = 200;
 var CLOSE_FLUSH_BUFFER_MAX_TRIES = 5;
-var src_InsecurePairingChannel =
+var src_PairingChannel =
 /*#__PURE__*/
 function (_EventTarget) {
-  inherits_default()(InsecurePairingChannel, _EventTarget);
+  inherits_default()(PairingChannel, _EventTarget);
 
-  function InsecurePairingChannel(channelId, channelKey, socket, connection) {
+  function PairingChannel(channelId, channelKey, socket, connection) {
     var _this;
 
-    classCallCheck_default()(this, InsecurePairingChannel);
+    classCallCheck_default()(this, PairingChannel);
 
-    _this = possibleConstructorReturn_default()(this, getPrototypeOf_default()(InsecurePairingChannel).call(this));
+    _this = possibleConstructorReturn_default()(this, getPrototypeOf_default()(PairingChannel).call(this));
     _this._channelId = channelId;
     _this._channelKey = channelKey;
     _this._socket = socket;
     _this._connection = connection;
+    _this._selfClosed = false;
+    _this._peerClosed = false;
 
     _this._setupListeners();
 
@@ -2466,11 +7912,11 @@ function (_EventTarget) {
   /**
    * Create a new pairing channel.
    *
-   * @returns Promise<InsecurePairingChannel>
+   * @returns Promise<PairingChannel>
    */
 
 
-  createClass_default()(InsecurePairingChannel, [{
+  createClass_default()(PairingChannel, [{
     key: "_setupListeners",
     value: function _setupListeners() {
       var _this2 = this;
@@ -2481,7 +7927,8 @@ function (_EventTarget) {
         var _ref = asyncToGenerator_default()(
         /*#__PURE__*/
         regenerator_default.a.mark(function _callee(event) {
-          var channelServerEnvelope, payload, data;
+          var channelServerEnvelope, payload, data, _event;
+
           return regenerator_default.a.wrap(function _callee$(_context) {
             while (1) {
               switch (_context.prev = _context.next) {
@@ -2489,7 +7936,7 @@ function (_EventTarget) {
                   _context.prev = 0;
                   channelServerEnvelope = JSON.parse(event.data);
                   _context.next = 4;
-                  return _this2._connection.recv(hexToBytes(channelServerEnvelope.message));
+                  return _this2._connection.recv(base64urlToBytes(channelServerEnvelope.message));
 
                 case 4:
                   payload = _context.sent;
@@ -2505,20 +7952,32 @@ function (_EventTarget) {
                     }));
                   }
 
-                  _context.next = 11;
+                  _context.next = 12;
                   break;
 
                 case 8:
                   _context.prev = 8;
                   _context.t0 = _context["catch"](0);
 
-                  _this2.dispatchEvent(new CustomEvent('error', {
-                    detail: {
-                      error: _context.t0
+                  if (_context.t0 instanceof alerts_TLSCloseNotify) {
+                    _this2._peerClosed = true;
+
+                    if (_this2._selfClosed) {
+                      _this2._shutdown();
                     }
-                  }));
 
-                case 11:
+                    _event = new CustomEvent('close');
+                  } else {
+                    _event = new CustomEvent('error', {
+                      detail: {
+                        error: _context.t0
+                      }
+                    });
+                  }
+
+                  _this2.dispatchEvent(_event);
+
+                case 12:
                 case "end":
                   return _context.stop();
               }
@@ -2533,16 +7992,28 @@ function (_EventTarget) {
 
 
       this._socket.addEventListener('error', function () {
-        // The dispatched event that we receive has no useful information.
+        _this2._shutdown(); // The dispatched event that we receive has no useful information.
+
+
         _this2.dispatchEvent(new CustomEvent('error', {
           detail: {
             error: new Error('WebSocket error.')
           }
         }));
-      });
+      }); // In TLS, the peer has to explicitly send a close notification,
+      // which we dispatch above.  Unexpected socket close is an error.
 
-      this._socket.addEventListener('close', function (e) {
-        return _this2.dispatchEvent(e);
+
+      this._socket.addEventListener('close', function () {
+        _this2._shutdown();
+
+        if (!_this2._peerClosed) {
+          _this2.dispatchEvent(new CustomEvent('error', {
+            detail: {
+              error: new Error('WebSocket unexpectedly closed')
+            }
+          }));
+        }
       });
     }
     /**
@@ -2589,11 +8060,11 @@ function (_EventTarget) {
           while (1) {
             switch (_context3.prev = _context3.next) {
               case 0:
-                _context3.next = 2;
+                this._selfClosed = true;
+                _context3.next = 3;
                 return this._connection.close();
 
-              case 2:
-                this._connection = null;
+              case 3:
                 _context3.prev = 3;
                 // Ensure all queued bytes have been sent before closing the connection.
                 tries = 0;
@@ -2624,17 +8095,19 @@ function (_EventTarget) {
               case 12:
                 _context3.prev = 12;
 
-                this._socket.close();
+                // If the peer hasn't closed, we might still receive some data.
+                if (this._peerClosed) {
+                  this._shutdown();
+                }
 
-                this._socket = null;
                 return _context3.finish(12);
 
-              case 16:
+              case 15:
               case "end":
                 return _context3.stop();
             }
           }
-        }, _callee3, this, [[3,, 12, 16]]);
+        }, _callee3, this, [[3,, 12, 15]]);
       }));
 
       function close() {
@@ -2643,10 +8116,20 @@ function (_EventTarget) {
 
       return close;
     }()
+  }, {
+    key: "_shutdown",
+    value: function _shutdown() {
+      if (this._socket) {
+        this._socket.close();
+
+        this._socket = null;
+        this._connection = null;
+      }
+    }
   }, {
     key: "closed",
     get: function get() {
-      return this._socket.readyState === 3;
+      return !this._socket || this._socket.readyState === 3;
     }
   }, {
     key: "channelId",
@@ -2663,19 +8146,19 @@ function (_EventTarget) {
     value: function create(channelServerURI) {
       var wsURI = new URL('/v1/ws/', channelServerURI).href;
       var channelKey = crypto.getRandomValues(new Uint8Array(32));
-      return this._makePairingChannel(wsURI, rot128_InsecureServerConnection, channelKey);
+      return this._makePairingChannel(wsURI, tlsconnection_ServerConnection, channelKey);
     }
     /**
      * Connect to an existing pairing channel.
      *
-     * @returns Promise<InsecurePairingChannel>
+     * @returns Promise<PairingChannel>
      */
 
   }, {
     key: "connect",
     value: function connect(channelServerURI, channelId, channelKey) {
       var wsURI = new URL("/v1/ws/".concat(channelId), channelServerURI).href;
-      return this._makePairingChannel(wsURI, rot128_InsecureClientConnection, channelKey);
+      return this._makePairingChannel(wsURI, tlsconnection_ClientConnection, channelKey);
     }
   }, {
     key: "_makePairingChannel",
@@ -2731,8 +8214,9 @@ function (_EventTarget) {
                     pskId = utf8ToBytes(channelId);
                     _context5.next = 6;
                     return ConnectionClass.create(psk, pskId, function (data) {
-                      // To send data over the websocket, it needs to be encoded as a safe string.
-                      socket.send(bytesToHex(data));
+                      // The channelserver websocket handler epxects b64urlsafe strings
+                      // rather than raw bytes, because it wraps them in a JSON object envelope.
+                      socket.send(bytesToBase64url(data));
                     });
 
                   case 6:
@@ -2771,11 +8255,42 @@ function (_EventTarget) {
     }
   }]);
 
-  return InsecurePairingChannel;
+  return PairingChannel;
 }(EventTarget); // Re-export helpful utilities for calling code to use.
 
+ // For running tests using the built bundle,
+// expose a bunch of implementation details.
+
+
+
 
 
+
+
+var _internals = {
+  arrayToBytes: arrayToBytes,
+  BufferReader: utils_BufferReader,
+  BufferWriter: utils_BufferWriter,
+  bytesAreEqual: bytesAreEqual,
+  bytesToHex: bytesToHex,
+  bytesToUtf8: bytesToUtf8,
+  ClientConnection: tlsconnection_ClientConnection,
+  Connection: tlsconnection_Connection,
+  DecryptionState: recordlayer_DecryptionState,
+  EncryptedExtensions: messages_EncryptedExtensions,
+  EncryptionState: recordlayer_EncryptionState,
+  Finished: messages_Finished,
+  HASH_LENGTH: HASH_LENGTH,
+  hexToBytes: hexToBytes,
+  hkdfExpand: hkdfExpand,
+  KeySchedule: keyschedule_KeySchedule,
+  NewSessionTicket: messages_NewSessionTicket,
+  RecordLayer: recordlayer_RecordLayer,
+  ServerConnection: tlsconnection_ServerConnection,
+  utf8ToBytes: utf8ToBytes,
+  zeros: zeros
+};
+
 /***/ })
 /******/ ]);
 });
\ No newline at end of file
diff --git a/dist/FxAccountsPairingChannel.js b/dist/FxAccountsPairingChannel.js
index 7c2ed10..fa39a8f 100644
--- a/dist/FxAccountsPairingChannel.js
+++ b/dist/FxAccountsPairingChannel.js
@@ -7,12 +7,12 @@
  * This uses the event-target-shim node library published under the MIT license:
  * https://github.com/mysticatea/event-target-shim/blob/master/LICENSE
  * 
- * Bundle generated from https://github.com/mozilla/fxa-pairing-channel.git. Hash:dcdb14abba5a7db14360, Chunkhash:1ae02caf1a4926f6eb78.
+ * Bundle generated from https://github.com/mozilla/fxa-pairing-channel.git. Hash:9c65d4ae928ca50f73d5, Chunkhash:52a19cf7b9339982459a.
  * 
  */
 
-ChromeUtils.import("resource://gre/modules/Services.jsm");
-const {setTimeout} = ChromeUtils.import("resource://gre/modules/Timer.jsm", {});
+const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const {setTimeout} = ChromeUtils.import("resource://gre/modules/Timer.jsm");
 // We cannot use WebSocket from chrome code without a window,
 // see https://bugzilla.mozilla.org/show_bug.cgi?id=784686
 const browser = Services.appShell.createWindowlessBrowser(true);
@@ -114,6 +114,84 @@ var FxAccountsPairingChannel =
 "use strict";
 __webpack_require__.r(__webpack_exports__);
 
+// CONCATENATED MODULE: ./src/alerts.js
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* eslint-disable sorting/sort-object-props */
+const ALERT_LEVEL = {
+  WARNING: 1,
+  FATAL: 2
+};
+
+const ALERT_DESCRIPTION = {
+  CLOSE_NOTIFY: 0,
+  UNEXPECTED_MESSAGE: 10,
+  BAD_RECORD_MAC: 20,
+  RECORD_OVERFLOW: 22,
+  HANDSHAKE_FAILURE: 40,
+  ILLEGAL_PARAMETER: 47,
+  DECODE_ERROR: 50,
+  DECRYPT_ERROR: 51,
+  PROTOCOL_VERSION: 70,
+  INTERNAL_ERROR: 80,
+  MISSING_EXTENSION: 109,
+  UNSUPPORTED_EXTENSION: 110,
+  UNKNOWN_PSK_IDENTITY: 115,
+  NO_APPLICATION_PROTOCOL: 120,
+};
+/* eslint-enable sorting/sort-object-props */
+
+function alertTypeToName(type) {
+  for (const name in ALERT_DESCRIPTION) {
+    if (ALERT_DESCRIPTION[name] === type) {
+      return `${name} (${type})`;
+    }
+  }
+  return `UNKNOWN (${type})`;
+}
+
+class TLSAlert extends Error {
+  constructor(description, level) {
+    super(`TLS Alert: ${alertTypeToName(description)}`);
+    this.description = description;
+    this.level = level;
+  }
+
+  static fromBytes(bytes) {
+    if (bytes.byteLength !== 2) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    switch (bytes[1]) {
+      case ALERT_DESCRIPTION.CLOSE_NOTIFY:
+        if (bytes[0] !== ALERT_LEVEL.WARNING) {
+          // Close notifications should be fatal.
+          throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+        }
+        return new TLSCloseNotify();
+      default:
+        return new TLSError(bytes[1]);
+    }
+  }
+
+  toBytes() {
+    return new Uint8Array([this.level, this.description]);
+  }
+}
+
+class TLSCloseNotify extends TLSAlert {
+  constructor() {
+    super(ALERT_DESCRIPTION.CLOSE_NOTIFY, ALERT_LEVEL.WARNING);
+  }
+}
+
+class TLSError extends TLSAlert {
+  constructor(description = ALERT_DESCRIPTION.INTERNAL_ERROR) {
+    super(description, ALERT_LEVEL.FATAL);
+  }
+}
+
 // CONCATENATED MODULE: ./src/utils.js
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -122,86 +200,2107 @@ __webpack_require__.r(__webpack_exports__);
 
 
 //
-// Various low-level utility functions.
+// Various low-level utility functions.
+//
+// These are mostly conveniences for working with Uint8Arrays as
+// the primitive "bytes" type.
+//
+
+const UTF8_ENCODER = new TextEncoder();
+const UTF8_DECODER = new TextDecoder();
+
+function noop() {}
+
+function assert(cond, msg) {
+  if (! cond) {
+    throw new Error('assert failed: ' + msg);
+  }
+}
+
+function assertIsBytes(value, msg = 'value must be a Uint8Array') {
+  // Using `value instanceof Uint8Array` seems to fail in Firefox chrome code
+  // for inscrutable reasons, so we do a less direct check.
+  assert(ArrayBuffer.isView(value), msg);
+  assert(value.BYTES_PER_ELEMENT === 1, msg);
+  return value;
+}
+
+const EMPTY = new Uint8Array(0);
+
+function zeros(n) {
+  return new Uint8Array(n);
+}
+
+function arrayToBytes(value) {
+  return new Uint8Array(value);
+}
+
+function bytesToHex(bytes) {
+  return Array.prototype.map.call(bytes, byte => {
+    let s = byte.toString(16);
+    if (s.length === 1) {
+      s = '0' + s;
+    }
+    return s;
+  }).join('');
+}
+
+function hexToBytes(hexstr) {
+  assert(hexstr.length % 2 === 0, 'hexstr.length must be even');
+  return new Uint8Array(Array.prototype.map.call(hexstr, (c, n) => {
+    if (n % 2 === 1) {
+      return hexstr[n - 1] + c;
+    } else {
+      return '';
+    }
+  }).filter(s => {
+    return !! s;
+  }).map(s => {
+    return parseInt(s, 16);
+  }));
+}
+
+function bytesToUtf8(bytes) {
+  return UTF8_DECODER.decode(bytes);
+}
+
+function utf8ToBytes(str) {
+  return UTF8_ENCODER.encode(str);
+}
+
+function bytesToBase64url(bytes) {
+  // XXX TODO: try to use something constant-time, in case calling code
+  // uses it to encode secrets?
+  const charCodes = String.fromCharCode.apply(String, bytes);
+  return btoa(charCodes).replace(/\+/g, '-').replace(/\//g, '_');
+}
+
+function base64urlToBytes(str) {
+  // XXX TODO: try to use something constant-time, in case calling code
+  // uses it to decode secrets?
+  str = atob(str.replace(/-/g, '+').replace(/_/g, '/'));
+  const bytes = new Uint8Array(str.length);
+  for (let i = 0; i < str.length; i++) {
+    bytes[i] = str.charCodeAt(i);
+  }
+  return bytes;
+}
+
+function bytesAreEqual(v1, v2) {
+  assertIsBytes(v1);
+  assertIsBytes(v2);
+  if (v1.length !== v2.length) {
+    return false;
+  }
+  for (let i = 0; i < v1.length; i++) {
+    if (v1[i] !== v2[i]) {
+      return false;
+    }
+  }
+  return true;
+}
+
+// The `BufferReader` and `BufferWriter` classes are helpers for dealing with the
+// binary struct format that's used for various TLS message.  Think of them as a
+// buffer with a pointer to the "current position" and a bunch of helper methods
+// to read/write structured data and advance said pointer.
+
+class utils_BufferWithPointer {
+  constructor(buf) {
+    this._buffer = buf;
+    this._dataview = new DataView(buf.buffer, buf.byteOffset, buf.byteLength);
+    this._pos = 0;
+  }
+
+  length() {
+    return this._buffer.byteLength;
+  }
+
+  tell() {
+    return this._pos;
+  }
+
+  seek(pos) {
+    if (pos < 0) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    if (pos > this.length()) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    this._pos = pos;
+  }
+
+  incr(offset) {
+    this.seek(this._pos + offset);
+  }
+}
+
+// The `BufferReader` class helps you read structured data from a byte array.
+// It offers methods for reading both primitive values, and the variable-length
+// vector structures defined in https://tools.ietf.org/html/rfc8446#section-3.4.
+//
+// Such vectors are represented as a length followed by the concatenated
+// bytes of each item, and the size of the length field is determined by
+// the maximum allowed number of bytes in the vector.  For example
+// to read a vector that may contain up to 65535 bytes, use `readVector16`.
+//
+// To read a variable-length vector of between 1 and 100 uint16 values,
+// defined in the RFC like this:
+//
+//    uint16 items<2..200>;
+//
+// You would do something like this:
+//
+//    const items = []
+//    buf.readVector8(buf => {
+//      items.push(buf.readUint16())
+//    })
+//
+// The various `read` will throw `DECODE_ERROR` if you attempt to read path
+// the end of the buffer, or past the end of a variable-length list.
+//
+class utils_BufferReader extends utils_BufferWithPointer {
+
+  hasMoreBytes() {
+    return this.tell() < this.length();
+  }
+
+  readBytes(length) {
+    // This avoids copies by returning a view onto the existing buffer.
+    const start = this._buffer.byteOffset + this.tell();
+    this.incr(length);
+    return new Uint8Array(this._buffer.buffer, start, length);
+  }
+
+  _rangeErrorToAlert(cb) {
+    try {
+      return cb(this);
+    } catch (err) {
+      if (err instanceof RangeError) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+      throw err;
+    }
+  }
+
+  readUint8() {
+    return this._rangeErrorToAlert(() => {
+      const n = this._dataview.getUint8(this._pos);
+      this.incr(1);
+      return n;
+    });
+  }
+
+  readUint16() {
+    return this._rangeErrorToAlert(() => {
+      const n = this._dataview.getUint16(this._pos);
+      this.incr(2);
+      return n;
+    });
+  }
+
+  readUint24() {
+    return this._rangeErrorToAlert(() => {
+      let n = this._dataview.getUint16(this._pos);
+      n = (n << 8) | this._dataview.getUint8(this._pos + 2);
+      this.incr(3);
+      return n;
+    });
+  }
+
+  readUint32() {
+    return this._rangeErrorToAlert(() => {
+      const n = this._dataview.getUint32(this._pos);
+      this.incr(4);
+      return n;
+    });
+  }
+
+  _readVector(length, cb) {
+    const contentsBuf = new utils_BufferReader(this.readBytes(length));
+    const expectedEnd = this.tell();
+    // Keep calling the callback until we've consumed the expected number of bytes.
+    let n = 0;
+    while (contentsBuf.hasMoreBytes()) {
+      const prevPos = contentsBuf.tell();
+      cb(contentsBuf, n);
+      // Check that the callback made forward progress, otherwise we'll infinite loop.
+      if (contentsBuf.tell() <= prevPos) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+      n += 1;
+    }
+    // Check that the callback correctly consumed the vector's entire contents.
+    if (this.tell() !== expectedEnd) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+  }
+
+  readVector8(cb) {
+    const length = this.readUint8();
+    return this._readVector(length, cb);
+  }
+
+  readVector16(cb) {
+    const length = this.readUint16();
+    return this._readVector(length, cb);
+  }
+
+  readVector24(cb) {
+    const length = this.readUint24();
+    return this._readVector(length, cb);
+  }
+
+  readVectorBytes8() {
+    return this.readBytes(this.readUint8());
+  }
+
+  readVectorBytes16() {
+    return this.readBytes(this.readUint16());
+  }
+
+  readVectorBytes24() {
+    return this.readBytes(this.readUint24());
+  }
+}
+
+
+class utils_BufferWriter extends utils_BufferWithPointer {
+  constructor(size = 1024) {
+    super(new Uint8Array(size));
+  }
+
+  _maybeGrow(n) {
+    const curSize = this._buffer.byteLength;
+    const newPos = this._pos + n;
+    const shortfall = newPos - curSize;
+    if (shortfall > 0) {
+      // Classic grow-by-doubling, up to 4kB max increment.
+      // This formula was not arrived at by any particular science.
+      const incr = Math.min(curSize, 4 * 1024);
+      const newbuf = new Uint8Array(curSize + Math.ceil(shortfall / incr) * incr);
+      newbuf.set(this._buffer, 0);
+      this._buffer = newbuf;
+      this._dataview = new DataView(newbuf.buffer, newbuf.byteOffset, newbuf.byteLength);
+    }
+  }
+
+  slice(start = 0, end = this.tell()) {
+    if (end < 0) {
+      end = this.tell() + end;
+    }
+    if (start < 0) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    if (end < 0) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    if (end > this.length()) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    return this._buffer.slice(start, end);
+  }
+
+  flush() {
+    const slice = this.slice();
+    this.seek(0);
+    return slice;
+  }
+
+  writeBytes(data) {
+    this._maybeGrow(data.byteLength);
+    this._buffer.set(data, this.tell());
+    this.incr(data.byteLength);
+  }
+
+  writeUint8(n) {
+    this._maybeGrow(1);
+    this._dataview.setUint8(this._pos, n);
+    this.incr(1);
+  }
+
+  writeUint16(n) {
+    this._maybeGrow(2);
+    this._dataview.setUint16(this._pos, n);
+    this.incr(2);
+  }
+
+  writeUint24(n) {
+    this._maybeGrow(3);
+    this._dataview.setUint16(this._pos, n >> 8);
+    this._dataview.setUint8(this._pos + 2, n & 0xFF);
+    this.incr(3);
+  }
+
+  writeUint32(n) {
+    this._maybeGrow(4);
+    this._dataview.setUint32(this._pos, n);
+    this.incr(4);
+  }
+
+  // These are helpers for writing the variable-length vector structure
+  // defined in https://tools.ietf.org/html/rfc8446#section-3.4.
+  //
+  // Such vectors are represented as a length followed by the concatenated
+  // bytes of each item, and the size of the length field is determined by
+  // the maximum allowed size of the vector.  For example to write a vector
+  // that may contain up to 65535 bytes, use `writeVector16`.
+  //
+  // To write a variable-length vector of between 1 and 100 uint16 values,
+  // defined in the RFC like this:
+  //
+  //    uint16 items<2..200>;
+  //
+  // You would do something like this:
+  //
+  //    buf.writeVector8(buf => {
+  //      for (let item of items) {
+  //          buf.writeUint16(item)
+  //      }
+  //    })
+  //
+  // The helper will automatically take care of writing the appropriate
+  // length field once the callback completes.
+
+  _writeVector(maxLength, writeLength, cb) {
+    // Initially, write the length field as zero.
+    const lengthPos = this.tell();
+    writeLength(0);
+    // Call the callback to write the vector items.
+    const bodyPos = this.tell();
+    cb(this);
+    const length = this.tell() - bodyPos;
+    if (length >= maxLength) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    // Backfill the actual length field.
+    this.seek(lengthPos);
+    writeLength(length);
+    this.incr(length);
+    return length;
+  }
+
+  writeVector8(cb) {
+    return this._writeVector(Math.pow(2, 8), len => this.writeUint8(len), cb);
+  }
+
+  writeVector16(cb) {
+    return this._writeVector(Math.pow(2, 16), len => this.writeUint16(len), cb);
+  }
+
+  writeVector24(cb) {
+    return this._writeVector(Math.pow(2, 24), len => this.writeUint24(len), cb);
+  }
+
+  writeVectorBytes8(bytes) {
+    return this.writeVector8(buf => {
+      buf.writeBytes(bytes);
+    });
+  }
+
+  writeVectorBytes16(bytes) {
+    return this.writeVector16(buf => {
+      buf.writeBytes(bytes);
+    });
+  }
+
+  writeVectorBytes24(bytes) {
+    return this.writeVector24(buf => {
+      buf.writeBytes(bytes);
+    });
+  }
+}
+
+// CONCATENATED MODULE: ./src/crypto.js
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+// Low-level crypto primitives.
+//
+// This file implements the AEAD encrypt/decrypt and hashing routines
+// for the TLS_AES_128_GCM_SHA256 ciphersuite.
+//
+
+
+
+
+const AEAD_SIZE_INFLATION = 16;
+const KEY_LENGTH = 16;
+const IV_LENGTH = 12;
+const HASH_LENGTH = 32;
+
+async function prepareKey(key, mode) {
+  return crypto.subtle.importKey('raw', key, { name: 'AES-GCM' }, false, [mode]);
+}
+
+async function encrypt(key, iv, plaintext, additionalData) {
+  const ciphertext = await crypto.subtle.encrypt({
+    additionalData,
+    iv,
+    name: 'AES-GCM',
+    tagLength: AEAD_SIZE_INFLATION * 8
+  }, key, plaintext);
+  return new Uint8Array(ciphertext);
+}
+
+async function decrypt(key, iv, ciphertext, additionalData) {
+  try {
+    const plaintext = await crypto.subtle.decrypt({
+      additionalData,
+      iv,
+      name: 'AES-GCM',
+      tagLength: AEAD_SIZE_INFLATION * 8
+    }, key, ciphertext);
+    return new Uint8Array(plaintext);
+  } catch (err) {
+    // Yes, we really do throw 'decrypt_error' when failing to verify a HMAC,
+    // and a 'bad_record_mac' error when failing to decrypt.
+    throw new TLSError(ALERT_DESCRIPTION.BAD_RECORD_MAC);
+  }
+}
+
+async function hash(message) {
+  return new Uint8Array(await crypto.subtle.digest({ name: 'SHA-256' }, message));
+}
+
+async function hmac(keyBytes, message) {
+  const key = await crypto.subtle.importKey('raw', keyBytes, {
+    hash: { name: 'SHA-256' },
+    name: 'HMAC',
+  }, false, ['sign']);
+  const sig = await crypto.subtle.sign({ name: 'HMAC' }, key, message);
+  return new Uint8Array(sig);
+}
+
+async function verifyHmac(keyBytes, signature, message) {
+  const key = await crypto.subtle.importKey('raw', keyBytes, {
+    hash: { name: 'SHA-256' },
+    name: 'HMAC',
+  }, false, ['verify']);
+  if (! await crypto.subtle.verify({ name: 'HMAC' }, key, signature, message)) {
+    // Yes, we really do throw 'decrypt_error' when failing to verify a HMAC,
+    // and a 'bad_record_mac' error when failing to decrypt.
+    throw new TLSError(ALERT_DESCRIPTION.DECRYPT_ERROR);
+  }
+}
+
+async function hkdfExtract(salt, ikm) {
+  // Ref https://tools.ietf.org/html/rfc5869#section-2.2
+  return await hmac(salt, ikm);
+}
+
+async function hkdfExpand(prk, info, length) {
+  // Ref https://tools.ietf.org/html/rfc5869#section-2.3
+  const N = Math.ceil(length / HASH_LENGTH);
+  if (N <= 0) {
+    throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+  }
+  if (N >= 255) {
+    throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+  }
+  const input = new utils_BufferWriter();
+  const output = new utils_BufferWriter();
+  let T = new Uint8Array(0);
+  for (let i = 1; i <= N; i++) {
+    input.writeBytes(T);
+    input.writeBytes(info);
+    input.writeUint8(i);
+    T = await hmac(prk, input.flush());
+    output.writeBytes(T);
+  }
+  return output.slice(0, length);
+}
+
+async function hkdfExpandLabel(secret, label, context, length) {
+  //  struct {
+  //    uint16 length = Length;
+  //    opaque label < 7..255 > = "tls13 " + Label;
+  //    opaque context < 0..255 > = Context;
+  //  } HkdfLabel;
+  const hkdfLabel = new utils_BufferWriter();
+  hkdfLabel.writeUint16(length);
+  hkdfLabel.writeVectorBytes8(utf8ToBytes('tls13 ' + label));
+  hkdfLabel.writeVectorBytes8(context);
+  return hkdfExpand(secret, hkdfLabel.flush(), length);
+}
+
+async function getRandomBytes(size) {
+  const bytes = new Uint8Array(size);
+  crypto.getRandomValues(bytes);
+  return bytes;
+}
+
+// CONCATENATED MODULE: ./src/extensions.js
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+// Extension parsing.
+//
+// This file contains some helpers for reading/writing the various kinds
+// of Extension that might appear in a HandshakeMessage.
+//
+
+
+
+
+
+/* eslint-disable sorting/sort-object-props */
+const EXTENSION_TYPE = {
+  PRE_SHARED_KEY: 41,
+  SUPPORTED_VERSIONS: 43,
+  PSK_KEY_EXCHANGE_MODES: 45,
+};
+/* eslint-enable sorting/sort-object-props */
+
+// Base class for generic reading/writing of extensions,
+// which are all uniformly formatted as:
+//
+//   struct {
+//     ExtensionType extension_type;
+//     opaque extension_data<0..2^16-1>;
+//   } Extension;
+//
+// Extensions always appear inside of a handshake message,
+// and their internal structure may differ based on the
+// type of that message.
+
+class extensions_Extension {
+
+  get TYPE_TAG() {
+    throw new Error('not implemented');
+  }
+
+  static read(messageType, buf) {
+    const type = buf.readUint16();
+    let ext = {
+      TYPE_TAG: type,
+    };
+    buf.readVector16(buf => {
+      switch (type) {
+        case EXTENSION_TYPE.PRE_SHARED_KEY:
+          ext = extensions_PreSharedKeyExtension._read(messageType, buf);
+          break;
+        case EXTENSION_TYPE.SUPPORTED_VERSIONS:
+          ext = extensions_SupportedVersionsExtension._read(messageType, buf);
+          break;
+        case EXTENSION_TYPE.PSK_KEY_EXCHANGE_MODES:
+          ext = extensions_PskKeyExchangeModesExtension._read(messageType, buf);
+          break;
+        default:
+          // Skip over unrecognised extensions.
+          buf.incr(buf.length());
+      }
+      if (buf.hasMoreBytes()) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+    });
+    return ext;
+  }
+
+  write(messageType, buf) {
+    buf.writeUint16(this.TYPE_TAG);
+    buf.writeVector16(buf => {
+      this._write(messageType, buf);
+    });
+  }
+
+  static _read(messageType, buf) {
+    throw new Error('not implemented');
+  }
+
+  static _write(messageType, buf) {
+    throw new Error('not implemented');
+  }
+}
+
+// The PreSharedKey extension:
+//
+//  struct {
+//    opaque identity<1..2^16-1>;
+//    uint32 obfuscated_ticket_age;
+//  } PskIdentity;
+//  opaque PskBinderEntry<32..255>;
+//  struct {
+//    PskIdentity identities<7..2^16-1>;
+//    PskBinderEntry binders<33..2^16-1>;
+//  } OfferedPsks;
+//  struct {
+//    select(Handshake.msg_type) {
+//      case client_hello: OfferedPsks;
+//      case server_hello: uint16 selected_identity;
+//    };
+//  } PreSharedKeyExtension;
+
+class extensions_PreSharedKeyExtension extends extensions_Extension {
+  constructor(identities, binders, selectedIdentity) {
+    super();
+    this.identities = identities;
+    this.binders = binders;
+    this.selectedIdentity = selectedIdentity;
+  }
+
+  get TYPE_TAG() {
+    return EXTENSION_TYPE.PRE_SHARED_KEY;
+  }
+
+  static _read(messageType, buf) {
+    let identities = null, binders = null, selectedIdentity = null;
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        identities = []; binders = [];
+        buf.readVector16(buf => {
+          const identity = buf.readVectorBytes16();
+          buf.readBytes(4); // Skip over the ticket age.
+          identities.push(identity);
+        });
+        buf.readVector16(buf => {
+          const binder = buf.readVectorBytes8();
+          if (binder.byteLength < HASH_LENGTH) {
+            throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+          }
+          binders.push(binder);
+        });
+        if (identities.length !== binders.length) {
+          throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+        }
+        break;
+      case HANDSHAKE_TYPE.SERVER_HELLO:
+        selectedIdentity = buf.readUint16();
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    return new this(identities, binders, selectedIdentity);
+  }
+
+  _write(messageType, buf) {
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        buf.writeVector16(buf => {
+          this.identities.forEach(pskId => {
+            buf.writeVectorBytes16(pskId);
+            buf.writeUint32(0); // Zero for "tag age" field.
+          });
+        });
+        buf.writeVector16(buf => {
+          this.binders.forEach(pskBinder => {
+            buf.writeVectorBytes8(pskBinder);
+          });
+        });
+        break;
+      case HANDSHAKE_TYPE.SERVER_HELLO:
+        buf.writeUint16(this.selectedIdentity);
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+  }
+}
+
+
+// The SupportedVersions extension:
+//
+//  struct {
+//    select(Handshake.msg_type) {
+//      case client_hello:
+//        ProtocolVersion versions < 2..254 >;
+//      case server_hello:
+//        ProtocolVersion selected_version;
+//    };
+//  } SupportedVersions;
+
+class extensions_SupportedVersionsExtension extends extensions_Extension {
+  constructor(versions, selectedVersion) {
+    super();
+    this.versions = versions;
+    this.selectedVersion = selectedVersion;
+  }
+
+  get TYPE_TAG() {
+    return EXTENSION_TYPE.SUPPORTED_VERSIONS;
+  }
+
+  static _read(messageType, buf) {
+    let versions = null, selectedVersion = null;
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        versions = [];
+        buf.readVector8(buf => {
+          versions.push(buf.readUint16());
+        });
+        break;
+      case HANDSHAKE_TYPE.SERVER_HELLO:
+        selectedVersion = buf.readUint16();
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    return new this(versions, selectedVersion);
+  }
+
+  _write(messageType, buf) {
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        buf.writeVector8(buf => {
+          this.versions.forEach(version => {
+            buf.writeUint16(version);
+          });
+        });
+        break;
+      case HANDSHAKE_TYPE.SERVER_HELLO:
+        buf.writeUint16(this.selectedVersion);
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+  }
+}
+
+
+class extensions_PskKeyExchangeModesExtension extends extensions_Extension {
+  constructor(modes) {
+    super();
+    this.modes = modes;
+  }
+
+  get TYPE_TAG() {
+    return EXTENSION_TYPE.PSK_KEY_EXCHANGE_MODES;
+  }
+
+  static _read(messageType, buf) {
+    const modes = [];
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        buf.readVector8(buf => {
+          modes.push(buf.readUint8());
+        });
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    return new this(modes);
+  }
+
+  _write(messageType, buf) {
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        buf.writeVector8(buf => {
+          this.modes.forEach(mode => {
+            buf.writeUint8(mode);
+          });
+        });
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+  }
+}
+
+// CONCATENATED MODULE: ./src/constants.js
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const VERSION_TLS_1_0 = 0x0301;
+const VERSION_TLS_1_2 = 0x0303;
+const VERSION_TLS_1_3 = 0x0304;
+const TLS_AES_128_GCM_SHA256 = 0x1301;
+const PSK_MODE_KE = 0;
+
+// CONCATENATED MODULE: ./src/messages.js
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+// Message parsing.
+//
+// Herein we need code for reading and writing the various Handshake
+// messages involved in the protocol.
+//
+
+
+
+
+
+
+
+/* eslint-disable sorting/sort-object-props */
+const HANDSHAKE_TYPE = {
+  CLIENT_HELLO: 1,
+  SERVER_HELLO: 2,
+  NEW_SESSION_TICKET: 4,
+  ENCRYPTED_EXTENSIONS: 8,
+  FINISHED: 20,
+};
+/* eslint-enable sorting/sort-object-props */
+
+// Base class for generic reading/writing of handshake messages,
+// which are all uniformly formatted as:
+//
+//  struct {
+//    HandshakeType msg_type;    /* handshake type */
+//    uint24 length;             /* bytes in message */
+//    select(Handshake.msg_type) {
+//        ... type specific cases here ...
+//    };
+//  } Handshake;
+
+class messages_HandshakeMessage {
+
+  get TYPE_TAG() {
+    throw new Error('not implemented');
+  }
+
+  static fromBytes(bytes) {
+    // Each handshake message has a type and length prefix, per
+    // https://tools.ietf.org/html/rfc8446#appendix-B.3
+    const buf = new utils_BufferReader(bytes);
+    const msg = this.read(buf);
+    if (buf.hasMoreBytes()) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    return msg;
+  }
+
+  toBytes() {
+    const buf = new utils_BufferWriter();
+    this.write(buf);
+    return buf.flush();
+  }
+
+  static read(buf) {
+    const type = buf.readUint8();
+    let msg = null;
+    buf.readVector24(buf => {
+      switch (type) {
+        case HANDSHAKE_TYPE.CLIENT_HELLO:
+          msg = messages_ClientHello._read(buf);
+          break;
+        case HANDSHAKE_TYPE.SERVER_HELLO:
+          msg = messages_ServerHello._read(buf);
+          break;
+        case HANDSHAKE_TYPE.NEW_SESSION_TICKET:
+          msg = NewSessionTicket._read(buf);
+          break;
+        case HANDSHAKE_TYPE.ENCRYPTED_EXTENSIONS:
+          msg = EncryptedExtensions._read(buf);
+          break;
+        case HANDSHAKE_TYPE.FINISHED:
+          msg = messages_Finished._read(buf);
+          break;
+      }
+      if (buf.hasMoreBytes()) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+    });
+    if (msg === null) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    return msg;
+  }
+
+  write(buf) {
+    buf.writeUint8(this.TYPE_TAG);
+    buf.writeVector24(buf => {
+      this._write(buf);
+    });
+  }
+
+  static _read(buf) {
+    throw new Error('not implemented');
+  }
+
+  _write(buf) {
+    throw new Error('not implemented');
+  }
+
+  // Some little helpers for reading a list of extensions,
+  // which is uniformly represented as:
+  //
+  //   Extension extensions<8..2^16-1>;
+  //
+  // Recognized extensions are returned as a Map from extension type
+  // to extension data object, with a special `lastSeenExtension`
+  // property to make it easy to check which one came last.
+
+  static _readExtensions(messageType, buf) {
+    const extensions = new Map();
+    buf.readVector16(buf => {
+      const ext = extensions_Extension.read(messageType, buf);
+      if (extensions.has(ext.TYPE_TAG)) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+      extensions.set(ext.TYPE_TAG, ext);
+      extensions.lastSeenExtension = ext.TYPE_TAG;
+    });
+    return extensions;
+  }
+
+  _writeExtensions(buf, extensions) {
+    buf.writeVector16(buf => {
+      extensions.forEach(ext => {
+        ext.write(this.TYPE_TAG, buf);
+      });
+    });
+  }
+}
+
+
+// The ClientHello message:
+//
+// struct {
+//   ProtocolVersion legacy_version = 0x0303;
+//   Random random;
+//   opaque legacy_session_id<0..32>;
+//   CipherSuite cipher_suites<2..2^16-2>;
+//   opaque legacy_compression_methods<1..2^8-1>;
+//   Extension extensions<8..2^16-1>;
+// } ClientHello;
+
+class messages_ClientHello extends messages_HandshakeMessage {
+
+  constructor(random, sessionId, extensions) {
+    super();
+    this.random = random;
+    this.sessionId = sessionId;
+    this.extensions = extensions;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.CLIENT_HELLO;
+  }
+
+  static _read(buf) {
+    // The legacy_version field may indicate an earlier version of TLS
+    // for backwards compatibility, but must not predate TLS 1.0!
+    if (buf.readUint16() < VERSION_TLS_1_0) {
+      throw new TLSError(ALERT_DESCRIPTION.PROTOCOL_VERSION);
+    }
+    // The random bytes provided by the peer.
+    const random = buf.readBytes(32);
+    // Read legacy_session_id, so the server can echo it.
+    const sessionId = buf.readVectorBytes8();
+    // We only support a single ciphersuite, but the peer may offer several.
+    // Scan the list to confirm that the one we want is present.
+    let found = false;
+    buf.readVector16(buf => {
+      const cipherSuite = buf.readUint16();
+      if (cipherSuite === TLS_AES_128_GCM_SHA256) {
+        found = true;
+      }
+    });
+    if (! found) {
+      throw new TLSError(ALERT_DESCRIPTION.HANDSHAKE_FAILURE);
+    }
+    // legacy_compression_methods must be a single zero byte for TLS1.3 ClientHellos.
+    // It can be non-zero in previous versions of TLS, but we're not going to
+    // make a successful handshake with such versions, so better to just bail out now.
+    const legacyCompressionMethods = buf.readVectorBytes8();
+    if (legacyCompressionMethods.byteLength !== 1) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    if (legacyCompressionMethods[0] !== 0x00) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    // Read and check the extensions.
+    const extensions = this._readExtensions(HANDSHAKE_TYPE.CLIENT_HELLO, buf);
+    if (! extensions.has(EXTENSION_TYPE.SUPPORTED_VERSIONS)) {
+      throw new TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+    }
+    if (extensions.get(EXTENSION_TYPE.SUPPORTED_VERSIONS).versions.indexOf(VERSION_TLS_1_3) === -1) {
+      throw new TLSError(ALERT_DESCRIPTION.PROTOCOL_VERSION);
+    }
+    // Was the PreSharedKey extension the last one?
+    if (extensions.has(EXTENSION_TYPE.PRE_SHARED_KEY)) {
+      if (extensions.lastSeenExtension !== EXTENSION_TYPE.PRE_SHARED_KEY) {
+        throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      }
+    }
+    return new this(random, sessionId, extensions);
+  }
+
+  _write(buf) {
+    buf.writeUint16(VERSION_TLS_1_2);
+    buf.writeBytes(this.random);
+    buf.writeVectorBytes8(this.sessionId);
+    // Our single supported ciphersuite
+    buf.writeVector16(buf => {
+      buf.writeUint16(TLS_AES_128_GCM_SHA256);
+    });
+    // A single zero byte for legacy_compression_methods
+    buf.writeVectorBytes8(new Uint8Array(1));
+    this._writeExtensions(buf, this.extensions);
+  }
+}
+
+
+// The ServerHello message:
+//
+//  struct {
+//      ProtocolVersion legacy_version = 0x0303;    /* TLS v1.2 */
+//      Random random;
+//      opaque legacy_session_id_echo<0..32>;
+//      CipherSuite cipher_suite;
+//      uint8 legacy_compression_method = 0;
+//      Extension extensions < 6..2 ^ 16 - 1 >;
+//  } ServerHello;
+
+class messages_ServerHello extends messages_HandshakeMessage {
+
+  constructor(random, sessionId, extensions) {
+    super();
+    this.random = random;
+    this.sessionId = sessionId;
+    this.extensions = extensions;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.SERVER_HELLO;
+  }
+
+  static _read(buf) {
+    // Fixed value for legacy_version.
+    if (buf.readUint16() !== VERSION_TLS_1_2) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    // Random bytes from the server.
+    const random = buf.readBytes(32);
+    // It should have echoed our vector for legacy_session_id.
+    const sessionId = buf.readVectorBytes8();
+    // It should have selected our single offered ciphersuite.
+    if (buf.readUint16() !== TLS_AES_128_GCM_SHA256) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    // legacy_compression_method must be zero.
+    if (buf.readUint8() !== 0) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    const extensions = this._readExtensions(HANDSHAKE_TYPE.SERVER_HELLO, buf);
+    if (! extensions.has(EXTENSION_TYPE.SUPPORTED_VERSIONS)) {
+      throw new TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+    }
+    if (extensions.get(EXTENSION_TYPE.SUPPORTED_VERSIONS).selectedVersion !== VERSION_TLS_1_3) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    return new this(random, sessionId, extensions);
+  }
+
+  _write(buf) {
+    buf.writeUint16(VERSION_TLS_1_2);
+    buf.writeBytes(this.random);
+    buf.writeVectorBytes8(this.sessionId);
+    // Our single supported ciphersuite
+    buf.writeUint16(TLS_AES_128_GCM_SHA256);
+    // A single zero byte for legacy_compression_method
+    buf.writeUint8(0);
+    this._writeExtensions(buf, this.extensions);
+  }
+}
+
+
+// The EncryptedExtensions message:
+//
+//  struct {
+//    Extension extensions < 0..2 ^ 16 - 1 >;
+//  } EncryptedExtensions;
+//
+// We don't actually send any EncryptedExtensions,
+// but still have to send an empty message.
+
+class EncryptedExtensions extends messages_HandshakeMessage {
+  constructor(extensions) {
+    super();
+    this.extensions = extensions;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.ENCRYPTED_EXTENSIONS;
+  }
+
+  static _read(buf) {
+    const extensions = this._readExtensions(HANDSHAKE_TYPE.ENCRYPTED_EXTENSIONS, buf);
+    return new this(extensions);
+  }
+
+  _write(buf) {
+    this._writeExtensions(buf, this.extensions);
+  }
+}
+
+
+// The Finished message:
+//
+// struct {
+//   opaque verify_data[Hash.length];
+// } Finished;
+
+class messages_Finished extends messages_HandshakeMessage {
+
+  constructor(verifyData) {
+    super();
+    this.verifyData = verifyData;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.FINISHED;
+  }
+
+  static _read(buf) {
+    const verifyData = buf.readBytes(HASH_LENGTH);
+    return new this(verifyData);
+  }
+
+  _write(buf) {
+    buf.writeBytes(this.verifyData);
+  }
+}
+
+
+// The NewSessionTicket message:
+//
+//   struct {
+//    uint32 ticket_lifetime;
+//    uint32 ticket_age_add;
+//    opaque ticket_nonce < 0..255 >;
+//    opaque ticket < 1..2 ^ 16 - 1 >;
+//    Extension extensions < 0..2 ^ 16 - 2 >;
+//  } NewSessionTicket;
+//
+// We don't actually make use of these, but we need to be able
+// to accept them and do basic validation.
+
+class NewSessionTicket extends messages_HandshakeMessage {
+  constructor(ticketLifetime, ticketAgeAdd, ticketNonce, ticket, extensions) {
+    super();
+    this.ticketLifetime = ticketLifetime;
+    this.ticketAgeAdd = ticketAgeAdd;
+    this.ticketNonce = ticketNonce;
+    this.ticket = ticket;
+    this.extensions = extensions;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.NEW_SESSION_TICKET;
+  }
+
+  static _read(buf) {
+    return new this(
+      buf.readUint32(), // ticket_lifetime
+      buf.readUint32(), // ticket_age_add
+      buf.readVectorBytes8(), // ticket_nonce
+      buf.readVectorBytes16(), // ticket
+      this._readExtensions(HANDSHAKE_TYPE.NEW_SESSION_TICKET, buf)
+    );
+  }
+
+  _write(buf) {
+    buf.writeUint32(this.ticketLifetime);
+    buf.writeUint32(this.ticketAgeAdd);
+    buf.writeVectorBytes8(this.ticketNonce);
+    buf.writeVectorBytes16(this.ticket);
+    this._writeExtensions(buf, this.extensions);
+  }
+}
+
+// CONCATENATED MODULE: ./src/states.js
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+
+
+
+
+
+
+//
+// State-machine for TLS Handshake Management.
+//
+// Internally, we manage the TLS connection by explicitly modelling the
+// client and server state-machines from RFC8446.  You can think of
+// these `State` objects as little plugins for the `Connection` class
+// that provide different behaviours of `send` and `receive` depending
+// on the state of the connection.
+//
+
+class states_State {
+
+  constructor(conn) {
+    this.conn = conn;
+  }
+
+  async initialize() {
+    // By default, nothing to do when entering the state.
+  }
+
+  async sendApplicationData(bytes) {
+    // By default, assume we're not ready to send yet and the caller
+    // should be blocking on the connection promise before reaching here.
+    throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+  }
+
+  async recvApplicationData(bytes) {
+    throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+  }
+
+  async recvHandshakeMessage(msg) {
+    throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+  }
+
+  async recvAlertMessage(alert) {
+    switch (alert.description) {
+      case ALERT_DESCRIPTION.CLOSE_NOTIFY:
+        this.conn._closeForRecv(alert);
+        throw alert;
+      default:
+        return await this.handleErrorAndRethrow(alert);
+    }
+  }
+
+  async recvChangeCipherSpec(bytes) {
+    throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+  }
+
+  async handleErrorAndRethrow(err) {
+    let alert = err;
+    if (! (alert instanceof TLSAlert)) {
+      alert = new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    // Try to send error alert to the peer, but we may not
+    // be able to if the outgoing connection was already closed.
+    try {
+      await this.conn._sendAlertMessage(alert);
+    } catch (_) { }
+    await this.conn._transition(ERROR, err);
+    throw err;
+  }
+
+  async close() {
+    const alert = new TLSCloseNotify();
+    await this.conn._sendAlertMessage(alert);
+    this.conn._closeForSend(alert);
+  }
+
+}
+
+// A special "guard" state to prevent us from using
+// an improperly-initialized Connection.
+
+class UNINITIALIZED extends states_State {
+  async initialize() {
+    throw new Error('uninitialized state');
+  }
+  async sendApplicationData(bytes) {
+    throw new Error('uninitialized state');
+  }
+  async recvApplicationData(bytes) {
+    throw new Error('uninitialized state');
+  }
+  async recvHandshakeMessage(msg) {
+    throw new Error('uninitialized state');
+  }
+  async recvChangeCipherSpec(bytes) {
+    throw new Error('uninitialized state');
+  }
+  async handleErrorAndRethrow(err) {
+    throw err;
+  }
+  async close() {
+    throw new Error('uninitialized state');
+  }
+}
+
+// A special "error" state for when something goes wrong.
+// This state never transitions to another state, effectively
+// terminating the connection.
+
+class ERROR extends states_State {
+  async initialize(err) {
+    this.error = err;
+    this.conn._setConnectionFailure(err);
+    // Unceremoniously shut down the record layer on error.
+    this.conn._recordlayer.setSendError(err);
+    this.conn._recordlayer.setRecvError(err);
+  }
+  async sendApplicationData(bytes) {
+    throw this.error;
+  }
+  async recvApplicationData(bytes) {
+    throw this.error;
+  }
+  async recvHandshakeMessage(msg) {
+    throw this.error;
+  }
+  async recvAlertMessage(err) {
+    throw this.error;
+  }
+  async recvChangeCipherSpec(bytes) {
+    throw this.error;
+  }
+  async handleErrorAndRethrow(err) {
+    throw err;
+  }
+  async close() {
+    throw this.error;
+  }
+}
+
+// The "connected" state, for when the handshake is complete
+// and we're ready to send application-level data.
+// The logic for this is largely symmetric between client and server.
+
+class states_CONNECTED extends states_State {
+  async initialize() {
+    this.conn._setConnectionSuccess();
+  }
+  async sendApplicationData(bytes) {
+    await this.conn._sendApplicationData(bytes);
+  }
+  async recvApplicationData(bytes) {
+    return bytes;
+  }
+  async recvChangeCipherSpec(bytes) {
+    throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+  }
+}
+
+// A base class for states that occur in the middle of the handshake
+// (that is, between ClientHello and Finished).  These states may receive
+// CHANGE_CIPHER_SPEC records for b/w compat reasons, which must contain
+// exactly a single 0x01 byte and must otherwise be ignored.
+
+class states_MidHandshakeState extends states_State {
+  async recvChangeCipherSpec(bytes) {
+    if (this.conn._hasSeenChangeCipherSpec) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    if (bytes.byteLength !== 1 || bytes[0] !== 1) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    this.conn._hasSeenChangeCipherSpec = true;
+  }
+}
+
+// These states implement (part of) the client state-machine from
+// https://tools.ietf.org/html/rfc8446#appendix-A.1
+//
+// Since we're only implementing a small subset of TLS1.3,
+// we only need a small subset of the handshake.  It basically goes:
+//
+//   * send ClientHello
+//   * receive ServerHello
+//   * receive EncryptedExtensions
+//   * receive server Finished
+//   * send client Finished
+//
+// We include some unused states for completeness, so that it's easier
+// to check the implementation against the diagrams in the RFC.
+
+class states_CLIENT_START extends states_State {
+  async initialize() {
+    const keyschedule = this.conn._keyschedule;
+    await keyschedule.addPSK(this.conn.psk);
+    // Construct a ClientHello message with our single PSK.
+    // We can't know the PSK binder value yet, so we initially write zeros.
+    const clientHello = new messages_ClientHello(
+      // Client random salt.
+      await getRandomBytes(32),
+      // Random legacy_session_id; we *could* send an empty string here,
+      // but sending a random one makes it easier to be compatible with
+      // the data emitted by tlslite-ng for test-case generation.
+      await getRandomBytes(32),
+      [
+        new extensions_SupportedVersionsExtension([VERSION_TLS_1_3]),
+        new extensions_PskKeyExchangeModesExtension([PSK_MODE_KE]),
+        new extensions_PreSharedKeyExtension([this.conn.pskId], [zeros(HASH_LENGTH)]),
+      ],
+    );
+    const buf = new utils_BufferWriter();
+    clientHello.write(buf);
+    // Now that we know what the ClientHello looks like,
+    // go back and calculate the appropriate PSK binder value.
+    // We only support a single PSK, so the length of the binders field is the
+    // length of the hash plus one for rendering it as a variable-length byte array,
+    // plus two for rendering the variable-length list of PSK binders.
+    const PSK_BINDERS_SIZE = HASH_LENGTH + 1 + 2;
+    const truncatedTranscript = buf.slice(0, buf.tell() - PSK_BINDERS_SIZE);
+    const pskBinder = await keyschedule.calculateFinishedMAC(keyschedule.extBinderKey, truncatedTranscript);
+    buf.incr(-HASH_LENGTH);
+    buf.writeBytes(pskBinder);
+    await this.conn._sendHandshakeMessageBytes(buf.flush());
+    await this.conn._transition(states_CLIENT_WAIT_SH, clientHello.sessionId);
+  }
+}
+
+class states_CLIENT_WAIT_SH extends states_State {
+  async initialize(sessionId) {
+    this._sessionId = sessionId;
+  }
+  async recvHandshakeMessage(msg) {
+    if (! (msg instanceof messages_ServerHello)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    if (! bytesAreEqual(msg.sessionId, this._sessionId)) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    const pskExt = msg.extensions.get(EXTENSION_TYPE.PRE_SHARED_KEY);
+    if (! pskExt) {
+      throw new TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+    }
+    if (msg.extensions.size !== 2) {
+      throw new TLSError(ALERT_DESCRIPTION.UNSUPPORTED_EXTENSION);
+    }
+    if (pskExt.selectedIdentity !== 0) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    await this.conn._keyschedule.addECDHE(null);
+    await this.conn._setSendKey(this.conn._keyschedule.clientHandshakeTrafficSecret);
+    await this.conn._setRecvKey(this.conn._keyschedule.serverHandshakeTrafficSecret);
+    await this.conn._transition(states_CLIENT_WAIT_EE);
+  }
+}
+
+class states_CLIENT_WAIT_EE extends states_MidHandshakeState {
+  async recvHandshakeMessage(msg) {
+    // We don't make use of any encrypted extensions, but we still
+    // have to wait for the server to send the (empty) list of them.
+    if (! (msg instanceof EncryptedExtensions)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    // We do not support any EncryptedExtensions.
+    if (msg.extensions.size !== 0) {
+      throw new TLSError(ALERT_DESCRIPTION.UNSUPPORTED_EXTENSION);
+    }
+    const keyschedule = this.conn._keyschedule;
+    const serverFinishedTranscript = keyschedule.getTranscript();
+    await this.conn._transition(states_CLIENT_WAIT_FINISHED, serverFinishedTranscript);
+  }
+}
+
+class states_CLIENT_WAIT_FINISHED extends states_MidHandshakeState {
+  async initialize(serverFinishedTranscript) {
+    this._serverFinishedTranscript = serverFinishedTranscript;
+  }
+  async recvHandshakeMessage(msg) {
+    if (! (msg instanceof messages_Finished)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    // Verify server Finished MAC.
+    const keyschedule = this.conn._keyschedule;
+    await keyschedule.verifyFinishedMAC(keyschedule.serverHandshakeTrafficSecret, msg.verifyData, this._serverFinishedTranscript);
+    // Send our own Finished message in return.
+    // This must be encrypted with the handshake traffic key,
+    // but must not appear in the transcript used to calculate the application keys.
+    const clientFinishedMAC = await keyschedule.calculateFinishedMAC(keyschedule.clientHandshakeTrafficSecret);
+    await keyschedule.finalize();
+    await this.conn._sendHandshakeMessage(new messages_Finished(clientFinishedMAC));
+    await this.conn._setSendKey(keyschedule.clientApplicationTrafficSecret);
+    await this.conn._setRecvKey(keyschedule.serverApplicationTrafficSecret);
+    await this.conn._transition(states_CLIENT_CONNECTED);
+  }
+}
+
+class states_CLIENT_CONNECTED extends states_CONNECTED {
+  async recvHandshakeMessage(msg) {
+    // A connected client must be prepared to accept NewSessionTicket
+    // messages.  We never use them, but other server implementations
+    // might send them.
+    if (! (msg instanceof NewSessionTicket)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+  }
+}
+
+// These states implement (part of) the server state-machine from
+// https://tools.ietf.org/html/rfc8446#appendix-A.2
+//
+// Since we're only implementing a small subset of TLS1.3,
+// we only need a small subset of the handshake.  It basically goes:
+//
+//   * receive ClientHello
+//   * send ServerHello
+//   * send empty EncryptedExtensions
+//   * send server Finished
+//   * receive client Finished
+//
+// We include some unused states for completeness, so that it's easier
+// to check the implementation against the diagrams in the RFC.
+
+class states_SERVER_START extends states_State {
+  async recvHandshakeMessage(msg) {
+    if (! (msg instanceof messages_ClientHello)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    // In the spec, this is where we select connection parameters, and maybe
+    // tell the client to try again if we can't find a compatible set.
+    // Since we only support a fixed cipherset, the only thing to "negotiate"
+    // is whether they provided an acceptable PSK.
+    const pskExt = msg.extensions.get(EXTENSION_TYPE.PRE_SHARED_KEY);
+    const pskModesExt = msg.extensions.get(EXTENSION_TYPE.PSK_KEY_EXCHANGE_MODES);
+    if (! pskExt || ! pskModesExt) {
+      throw new TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+    }
+    if (pskModesExt.modes.indexOf(PSK_MODE_KE) === -1) {
+      throw new TLSError(ALERT_DESCRIPTION.HANDSHAKE_FAILURE);
+    }
+    const pskIndex = pskExt.identities.findIndex(pskId => bytesAreEqual(pskId, this.conn.pskId));
+    if (pskIndex === -1) {
+      throw new TLSError(ALERT_DESCRIPTION.UNKNOWN_PSK_IDENTITY);
+    }
+    await this.conn._keyschedule.addPSK(this.conn.psk);
+    // Validate the PSK binder.
+    const keyschedule = this.conn._keyschedule;
+    const transcript = keyschedule.getTranscript();
+    // Calculate size occupied by the PSK binders.
+    let pskBindersSize = 2; // Vector16 representation overhead.
+    for (const binder of pskExt.binders) {
+      pskBindersSize += binder.byteLength + 1; // Vector8 representation overhead.
+    }
+    await keyschedule.verifyFinishedMAC(keyschedule.extBinderKey, pskExt.binders[pskIndex], transcript.slice(0, -pskBindersSize));
+    await this.conn._transition(states_SERVER_NEGOTIATED, msg.sessionId, pskIndex);
+  }
+}
+
+class states_SERVER_NEGOTIATED extends states_MidHandshakeState {
+  async initialize(sessionId, pskIndex) {
+    await this.conn._sendHandshakeMessage(new messages_ServerHello(
+      // Server random
+      await getRandomBytes(32),
+      sessionId,
+      [
+        new extensions_SupportedVersionsExtension(null, VERSION_TLS_1_3),
+        new extensions_PreSharedKeyExtension(null, null, pskIndex),
+      ]
+    ));
+    // If the client sent a non-empty sessionId, the server *must* send a change-cipher-spec for b/w compat.
+    if (sessionId.byteLength > 0) {
+      await this.conn._sendChangeCipherSpec();
+    }
+    // We can now transition to the encrypted part of the handshake.
+    const keyschedule = this.conn._keyschedule;
+    await keyschedule.addECDHE(null);
+    await this.conn._setSendKey(keyschedule.serverHandshakeTrafficSecret);
+    await this.conn._setRecvKey(keyschedule.clientHandshakeTrafficSecret);
+    // Send an empty EncryptedExtensions message.
+    await this.conn._sendHandshakeMessage(new EncryptedExtensions([]));
+    // Send the Finished message.
+    const serverFinishedMAC = await keyschedule.calculateFinishedMAC(keyschedule.serverHandshakeTrafficSecret);
+    await this.conn._sendHandshakeMessage(new messages_Finished(serverFinishedMAC));
+    // We can now *send* using the application traffic key,
+    // but have to wait to receive the client Finished before receiving under that key.
+    // We need to remember the handshake state from before the client Finished
+    // in order to successfully verify the client Finished.
+    const clientFinishedTranscript = await keyschedule.getTranscript();
+    const clientHandshakeTrafficSecret = keyschedule.clientHandshakeTrafficSecret;
+    await keyschedule.finalize();
+    await this.conn._setSendKey(keyschedule.serverApplicationTrafficSecret);
+    await this.conn._transition(states_SERVER_WAIT_FINISHED, clientHandshakeTrafficSecret, clientFinishedTranscript);
+  }
+}
+
+class states_SERVER_WAIT_FINISHED extends states_MidHandshakeState {
+  async initialize(clientHandshakeTrafficSecret, clientFinishedTranscript) {
+    this._clientHandshakeTrafficSecret = clientHandshakeTrafficSecret;
+    this._clientFinishedTranscript = clientFinishedTranscript;
+  }
+  async recvHandshakeMessage(msg) {
+    if (! (msg instanceof messages_Finished)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    const keyschedule = this.conn._keyschedule;
+    await keyschedule.verifyFinishedMAC(this._clientHandshakeTrafficSecret, msg.verifyData, this._clientFinishedTranscript);
+    this._clientHandshakeTrafficSecret = this._clientFinishedTranscript = null;
+    await this.conn._setRecvKey(keyschedule.clientApplicationTrafficSecret);
+    await this.conn._transition(states_CONNECTED);
+  }
+}
+
+// CONCATENATED MODULE: ./src/keyschedule.js
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// TLS1.3 Key Schedule.
+//
+// In this file we implement the "key schedule" from
+// https://tools.ietf.org/html/rfc8446#section-7.1, which
+// defines how to calculate various keys as the handshake
+// state progresses.
+
+
+
+
+
+
+
+// The `KeySchedule` class progresses through three stages corresponding
+// to the three phases of the TLS1.3 key schedule:
+//
+//   UNINITIALIZED
+//       |
+//       | addPSK()
+//       v
+//   EARLY_SECRET
+//       |
+//       | addECDHE()
+//       v
+//   HANDSHAKE_SECRET
+//       |
+//       | finalize()
+//       v
+//   MASTER_SECRET
 //
-// These are mostly conveniences for working with Uint8Arrays as
-// the primitive "bytes" type.
+// It will error out if the calling code attempts to add key material
+// in the wrong order.
+
+const STAGE_UNINITIALIZED = 0;
+const STAGE_EARLY_SECRET = 1;
+const STAGE_HANDSHAKE_SECRET = 2;
+const STAGE_MASTER_SECRET = 3;
+
+class keyschedule_KeySchedule {
+  constructor() {
+    this.stage = STAGE_UNINITIALIZED;
+    // WebCrypto doesn't support a rolling hash construct, so we have to
+    // keep the entire message transcript in memory.
+    this.transcript = new utils_BufferWriter();
+    // This tracks the main secret from with other keys are derived at each stage.
+    this.secret = null;
+    // And these are all the various keys we'll derive as the handshake progresses.
+    this.extBinderKey = null;
+    this.clientHandshakeTrafficSecret = null;
+    this.serverHandshakeTrafficSecret = null;
+    this.clientApplicationTrafficSecret = null;
+    this.serverApplicationTrafficSecret = null;
+  }
+
+  async addPSK(psk) {
+    // Use the selected PSK (if any) to calculate the "early secret".
+    if (psk === null) {
+      psk = zeros(HASH_LENGTH);
+    }
+    if (this.stage !== STAGE_UNINITIALIZED) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    this.stage = STAGE_EARLY_SECRET;
+    this.secret = await hkdfExtract(zeros(HASH_LENGTH), psk);
+    this.extBinderKey = await this.deriveSecret('ext binder', EMPTY);
+    this.secret = await this.deriveSecret('derived', EMPTY);
+  }
+
+  async addECDHE(ecdhe) {
+    // Mix in the ECDHE output (if any) to calculate the "handshake secret".
+    if (ecdhe === null) {
+      ecdhe = zeros(HASH_LENGTH);
+    }
+    if (this.stage !== STAGE_EARLY_SECRET) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    this.stage = STAGE_HANDSHAKE_SECRET;
+    this.extBinderKey = null;
+    this.secret = await hkdfExtract(this.secret, ecdhe);
+    this.clientHandshakeTrafficSecret = await this.deriveSecret('c hs traffic');
+    this.serverHandshakeTrafficSecret = await this.deriveSecret('s hs traffic');
+    this.secret = await this.deriveSecret('derived', EMPTY);
+  }
+
+  async finalize() {
+    if (this.stage !== STAGE_HANDSHAKE_SECRET) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    this.stage = STAGE_MASTER_SECRET;
+    this.clientHandshakeTrafficSecret = null;
+    this.serverHandshakeTrafficSecret = null;
+    this.secret = await hkdfExtract(this.secret, zeros(HASH_LENGTH));
+    this.clientApplicationTrafficSecret = await this.deriveSecret('c ap traffic');
+    this.serverApplicationTrafficSecret = await this.deriveSecret('s ap traffic');
+    this.secret = null;
+  }
+
+  addToTranscript(bytes) {
+    this.transcript.writeBytes(bytes);
+  }
+
+  getTranscript() {
+    return this.transcript.slice();
+  }
+
+  async deriveSecret(label, transcript = undefined) {
+    transcript = transcript || this.getTranscript();
+    return await hkdfExpandLabel(this.secret, label, await hash(transcript), HASH_LENGTH);
+  }
+
+  async calculateFinishedMAC(baseKey, transcript = undefined) {
+    transcript = transcript || this.getTranscript();
+    const finishedKey = await hkdfExpandLabel(baseKey, 'finished', EMPTY, HASH_LENGTH);
+    return await hmac(finishedKey, await hash(transcript));
+  }
+
+  async verifyFinishedMAC(baseKey, mac, transcript = undefined) {
+    transcript = transcript || this.getTranscript();
+    const finishedKey = await hkdfExpandLabel(baseKey, 'finished', EMPTY, HASH_LENGTH);
+    await verifyHmac(finishedKey, mac, await hash(transcript));
+  }
+}
+
+// CONCATENATED MODULE: ./src/recordlayer.js
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+// This file implements the "record layer" for TLS1.3, as defined in
+// https://tools.ietf.org/html/rfc8446#section-5.
+//
+// The record layer is responsible for encrypting/decrypting bytes to be
+// sent over the wire, including stateful management of sequence numbers
+// for the incoming and outgoing stream.
+//
+// The main interface is the RecordLayer class, which takes a callback function
+// sending data and can be used like so:
+//
+//    rl = new RecordLayer(async function send_encrypted_data(data) {
+//      // application-specific sending logic here.
+//    });
+//
+//    // Records are sent and received in plaintext by default,
+//    // until you specify the key to use.
+//    await rl.setSendKey(key)
+//
+//    // Send some data by specifying the record type and the bytes.
+//    // Where allowed by the record type, it will be buffered until
+//    // explicitly flushed, and then sent by calling the callback.
+//    await rl.send(RECORD_TYPE.HANDSHAKE, <bytes for a handshake message>)
+//    await rl.send(RECORD_TYPE.HANDSHAKE, <bytes for another handshake message>)
+//    await rl.flush()
+//
+//    // Separate keys are used for sending and receiving.
+//    rl.setRecvKey(key);
+//
+//    // When data is received, push it into the RecordLayer
+//    // and pass a callback that will be called with a [type, bytes]
+//    // pair for each message parsed from the data.
+//    rl.recv(dataReceivedFromPeer, async (type, bytes) => {
+//      switch (type) {
+//        case RECORD_TYPE.APPLICATION_DATA:
+//          // do something with application data
+//        case RECORD_TYPE.HANDSHAKE:
+//          // do something with a handshake message
+//        default:
+//          // etc...
+//      }
+//    });
 //
 
 
-const UTF8_ENCODER = new TextEncoder();
-const UTF8_DECODER = new TextDecoder();
 
-function noop() {}
 
-function assert(cond, msg) {
-  if (! cond) {
-    throw new Error('assert failed: ' + msg);
+
+
+
+/* eslint-disable sorting/sort-object-props */
+const RECORD_TYPE = {
+  CHANGE_CIPHER_SPEC: 20,
+  ALERT: 21,
+  HANDSHAKE: 22,
+  APPLICATION_DATA: 23,
+};
+/* eslint-enable sorting/sort-object-props */
+
+// Encrypting at most 2^24 records will force us to stay
+// below data limits on AES-GCM encryption key use, and also
+// means we can accurately represent the sequence number as
+// a javascript double.
+const MAX_SEQUENCE_NUMBER = Math.pow(2, 24);
+const MAX_RECORD_SIZE = Math.pow(2, 14);
+const MAX_ENCRYPTED_RECORD_SIZE = MAX_RECORD_SIZE + 256;
+const RECORD_HEADER_SIZE = 5;
+
+// These are some helper classes to manage the encryption/decryption state
+// for a particular key.
+
+class recordlayer_CipherState {
+  constructor(key, iv) {
+    this.key = key;
+    this.iv = iv;
+    this.seqnum = 0;
+  }
+
+  static async create(baseKey, mode) {
+    // Derive key and iv per https://tools.ietf.org/html/rfc8446#section-7.3
+    const key = await prepareKey(await hkdfExpandLabel(baseKey, 'key', EMPTY, KEY_LENGTH), mode);
+    const iv = await hkdfExpandLabel(baseKey, 'iv', EMPTY, IV_LENGTH);
+    return new this(key, iv);
+  }
+
+  nonce() {
+    // Ref https://tools.ietf.org/html/rfc8446#section-5.3:
+    // * left-pad the sequence number with zeros to IV_LENGTH
+    // * xor with the provided iv
+    // Our sequence numbers are always less than 2^24, so fit in a Uint32
+    // in the last 4 bytes of the nonce.
+    const nonce = this.iv.slice();
+    const dv = new DataView(nonce.buffer, nonce.byteLength - 4, 4);
+    dv.setUint32(0, dv.getUint32(0) ^ this.seqnum);
+    this.seqnum += 1;
+    if (this.seqnum > MAX_SEQUENCE_NUMBER) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    return nonce;
   }
 }
 
-function assertIsBytes(value, msg = 'value must be a Uint8Array') {
-  // XXX: Disabled until Gecko problems are resolved
-  //assert(value instanceof Uint8Array, msg);
-  return value;
+class recordlayer_EncryptionState extends recordlayer_CipherState {
+  static async create(key) {
+    return super.create(key, 'encrypt');
+  }
+
+  async encrypt(plaintext, additionalData) {
+    return await encrypt(this.key, this.nonce(), plaintext, additionalData);
+  }
 }
 
-function bytesToHex(bytes) {
-  return Array.prototype.map.call(bytes, byte => {
-    let s = byte.toString(16);
-    if (s.length === 1) {
-      s = '0' + s;
-    }
-    return s;
-  }).join('');
+class recordlayer_DecryptionState extends recordlayer_CipherState {
+  static async create(key) {
+    return super.create(key, 'decrypt');
+  }
+
+  async decrypt(ciphertext, additionalData) {
+    return await decrypt(this.key, this.nonce(), ciphertext, additionalData);
+  }
 }
 
-function hexToBytes(hexstr) {
-  assert(hexstr.length % 2 === 0, 'hexstr.length must be even');
-  return new Uint8Array(Array.prototype.map.call(hexstr, (c, n) => {
-    if (n % 2 === 1) {
-      return hexstr[n - 1] + c;
+// The main RecordLayer class.
+
+class recordlayer_RecordLayer {
+  constructor(sendCallback) {
+    this.sendCallback = sendCallback;
+    this._sendEncryptState = null;
+    this._sendError = null;
+    this._recvDecryptState = null;
+    this._recvError = null;
+    this._pendingRecordType = 0;
+    this._pendingRecordBuf = null;
+  }
+
+  async setSendKey(key) {
+    await this.flush();
+    this._sendEncryptState = await recordlayer_EncryptionState.create(key);
+  }
+
+  async setRecvKey(key) {
+    this._recvDecryptState = await recordlayer_DecryptionState.create(key);
+  }
+
+  async setSendError(err) {
+    this._sendError = err;
+  }
+
+  async setRecvError(err) {
+    this._recvError = err;
+  }
+
+  async send(type, data) {
+    if (this._sendError !== null) {
+      throw this._sendError;
+    }
+    // Forbid sending data that doesn't fit into a single record.
+    // We do not support fragmentation over multiple records.
+    if (data.byteLength > MAX_RECORD_SIZE) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    // Flush if we're switching to a different record type.
+    if (this._pendingRecordType && this._pendingRecordType !== type) {
+      await this.flush();
+    }
+    // Flush if we would overflow the max size of a record.
+    if (this._pendingRecordBuf !== null) {
+      if (this._pendingRecordBuf.tell() + data.byteLength > MAX_RECORD_SIZE) {
+        await this.flush();
+      }
+    }
+    // Start a new pending record if necessary.
+    // We reserve space at the start of the buffer for the record header,
+    // which is conveniently always a fixed size.
+    if (this._pendingRecordBuf === null) {
+      this._pendingRecordType = type;
+      this._pendingRecordBuf = new utils_BufferWriter();
+      this._pendingRecordBuf.incr(RECORD_HEADER_SIZE);
+    }
+    this._pendingRecordBuf.writeBytes(data);
+  }
+
+  async flush() {
+    // If there's nothing to flush, bail out early.
+    // Don't throw `_sendError` if we're not sending anything, because `flush()`
+    // can be called when we're trying to transition into an error state.
+    const buf = this._pendingRecordBuf;
+    let type = this._pendingRecordType;
+    if (! type) {
+      if (buf !== null) {
+        throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      }
+      return;
+    }
+    if (this._sendError !== null) {
+      throw this._sendError;
+    }
+    // If we're encrypting, turn the existing buffer contents into a `TLSInnerPlaintext` by
+    // appending the type. We don't do any zero-padding, although the spec allows it.
+    let inflation = 0, innerPlaintext = null;
+    if (this._sendEncryptState !== null) {
+      buf.writeUint8(type);
+      innerPlaintext = buf.slice(RECORD_HEADER_SIZE);
+      inflation = AEAD_SIZE_INFLATION;
+      type = RECORD_TYPE.APPLICATION_DATA;
+    }
+    // Write the common header for either `TLSPlaintext` or `TLSCiphertext` record.
+    const length = buf.tell() - RECORD_HEADER_SIZE + inflation;
+    buf.seek(0);
+    buf.writeUint8(type);
+    buf.writeUint16(VERSION_TLS_1_2);
+    buf.writeUint16(length);
+    // Followed by different payload depending on encryption status.
+    if (this._sendEncryptState !== null) {
+      const additionalData = buf.slice(0, RECORD_HEADER_SIZE);
+      const ciphertext = await this._sendEncryptState.encrypt(innerPlaintext, additionalData);
+      buf.writeBytes(ciphertext);
     } else {
-      return '';
+      buf.incr(length);
     }
-  }).filter(s => {
-    return !! s;
-  }).map(s => {
-    return parseInt(s, 16);
-  }));
-}
+    this._pendingRecordBuf = null;
+    this._pendingRecordType = 0;
+    await this.sendCallback(buf.flush());
+  }
 
-function bytesToUtf8(bytes) {
-  return UTF8_DECODER.decode(bytes);
-}
+  async recv(data) {
+    if (this._recvError !== null) {
+      throw this._recvError;
+    }
+    // For simplicity, we assume that the given data contains exactly one record.
+    // Peers using this library will send one record at a time over the websocket
+    // connection, and we can assume that the server-side websocket bridge will split
+    // up any traffic into individual records if we ever start interoperating with
+    // peers using a different TLS implementation.
+    // Similarly, we assume that handshake messages will not be fragmented across
+    // multiple records. This should be trivially true for the PSK-only mode used
+    // by this library, but we may want to relax it in future for interoperability
+    // with e.g. large ClientHello messages that contain lots of different options.
+    const buf = new utils_BufferReader(data);
+    // The data to read is either a TLSPlaintext or TLSCiphertext struct,
+    // depending on whether record protection has been enabled yet:
+    //
+    //    struct {
+    //        ContentType type;
+    //        ProtocolVersion legacy_record_version;
+    //        uint16 length;
+    //        opaque fragment[TLSPlaintext.length];
+    //    } TLSPlaintext;
+    //
+    //    struct {
+    //        ContentType opaque_type = application_data; /* 23 */
+    //        ProtocolVersion legacy_record_version = 0x0303; /* TLS v1.2 */
+    //        uint16 length;
+    //        opaque encrypted_record[TLSCiphertext.length];
+    //    } TLSCiphertext;
+    //
+    let type = buf.readUint8();
+    // The spec says legacy_record_version "MUST be ignored for all purposes",
+    // but we know TLS1.3 implementations will only ever emit two possible values,
+    // so it seems useful to bail out early if we receive anything else.
+    const version = buf.readUint16();
+    if (version !== VERSION_TLS_1_2) {
+      // TLS1.0 is only acceptable on initial plaintext records.
+      if (this._recvDecryptState !== null || version !== VERSION_TLS_1_0) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+    }
+    const length = buf.readUint16();
+    let plaintext;
+    if (this._recvDecryptState === null || type === RECORD_TYPE.CHANGE_CIPHER_SPEC) {
+      [type, plaintext] = await this._readPlaintextRecord(type, length, buf);
+    } else {
+      [type, plaintext] = await this._readEncryptedRecord(type, length, buf);
+    }
+    // Sanity-check that we received exactly one record.
+    if (buf.hasMoreBytes()) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    return [type, plaintext];
+  }
 
-function utf8ToBytes(str) {
-  return UTF8_ENCODER.encode(str);
-}
+  // Helper to read an unencrypted `TLSPlaintext` struct
 
-function bytesAreEqual(v1, v2) {
-  if (v1.length !== v2.length) {
-    return false;
+  async _readPlaintextRecord(type, length, buf) {
+    if (length > MAX_RECORD_SIZE) {
+      throw new TLSError(ALERT_DESCRIPTION.RECORD_OVERFLOW);
+    }
+    return [type, buf.readBytes(length)];
   }
-  let mismatch = false;
-  for (let i = 0; i < v1.length; i++) {
-    mismatch &= v1[i] !== v2[i];
+
+  // Helper to read an encrypted `TLSCiphertext` struct,
+  // decrypting it into plaintext.
+
+  async _readEncryptedRecord(type, length, buf) {
+    if (length > MAX_ENCRYPTED_RECORD_SIZE) {
+      throw new TLSError(ALERT_DESCRIPTION.RECORD_OVERFLOW);
+    }
+    // The outer type for encrypted records is always APPLICATION_DATA.
+    if (type !== RECORD_TYPE.APPLICATION_DATA) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    // Decrypt and decode the contained `TLSInnerPlaintext` struct:
+    //
+    //    struct {
+    //        opaque content[TLSPlaintext.length];
+    //        ContentType type;
+    //        uint8 zeros[length_of_padding];
+    //    } TLSInnerPlaintext;
+    //
+    // The additional data for the decryption is the `TLSCiphertext` record
+    // header, which is a fixed size and immediately prior to current buffer position.
+    buf.incr(-RECORD_HEADER_SIZE);
+    const additionalData = buf.readBytes(RECORD_HEADER_SIZE);
+    const ciphertext = buf.readBytes(length);
+    const paddedPlaintext = await this._recvDecryptState.decrypt(ciphertext, additionalData);
+    // We have to scan backwards over the zero padding at the end of the struct
+    // in order to find the non-zero `type` byte.
+    let i;
+    for (i = paddedPlaintext.byteLength - 1; i >= 0; i--) {
+      if (paddedPlaintext[i] !== 0) {
+        break;
+      }
+    }
+    if (i < 0) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    type = paddedPlaintext[i];
+    // `change_cipher_spec` records must always be plaintext.
+    if (type === RECORD_TYPE.CHANGE_CIPHER_SPEC) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    return [type, paddedPlaintext.slice(0, i)];
   }
-  return ! mismatch;
 }
 
-// CONCATENATED MODULE: ./src/rot128.js
+// CONCATENATED MODULE: ./src/tlsconnection.js
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-
-
-// The top-level APIs offered by this library are `InsecureClientConnection` and
-// `Insecure ServerConnection` classes.  They each take a callback to be used for
-// sending data to the remote peer, and operate like this:
+// The top-level APIs offered by this module are `ClientConnection` and
+// `ServerConnection` classes, which provide authenticated and encrypted
+// communication via the "externally-provisioned PSK" mode of TLS1.3.
+// They each take a callback to be used for sending data to the remote peer,
+// and operate like this:
 //
-//    conn = await InsecureClientConnection.create(psk, pskId, async function send_data_to_server(data) {
+//    conn = await ClientConnection.create(psk, pskId, async function send_data_to_server(data) {
 //      // application-specific sending logic here.
 //    })
 //
@@ -214,9 +2313,9 @@ function bytesAreEqual(v1, v2) {
 //
 //    // When data is received from the server, push it into
 //    // the connection and let it return any decrypted app-level data.
-//    // There might not be any app-level data if it was protocol control message,
-//    // and the receipt of the data might trigger additional calls to the
-//    // send callback for protocol control purposes.
+//    // There might not be any app-level data if it was a protocol control
+//    //  message, and the receipt of the data might trigger additional calls
+//    // to the send callback for protocol control purposes.
 //
 //    serverSocket.on('data', async encrypted_data => {
 //      const plaintext = await conn.recv(data)
@@ -231,28 +2330,42 @@ function bytesAreEqual(v1, v2) {
 //
 //    await conn.close()
 //
-// The `InsecureServerConnection` API operates similarly; the distinction is mainly
+//    // When the peer sends a "closed" notification it will show up
+//    // as a `TLSCloseNotify` exception from recv:
+//
+//    try {
+//      await conn.recv(data);
+//    } catch (err) {
+//      if (! (err instanceof TLSCloseNotify) { throw err }
+//      do_something_to_cleanly_close_data_connection();
+//    }
+//
+// The `ServerConnection` API operates similarly; the distinction is mainly
 // in which side is expected to send vs receieve during the protocol handshake.
 
 
 
 
-// !!!!!!!
-// !!
-// !!   N.B. In case it wasn't obvious, this is insecure!
-// !!
-// !!!!!!!
-//
-// This will be replaced by an implementation of the TLS1.3 PSK mode.
-// We're using a simple insecure quote-unquote cipher for now in order
-// to simulate the same sort of interface that the real crypto engine
-// will provide.
 
-class rot128_InsecureConnection {
+
+
+
+
+
+class tlsconnection_Connection {
   constructor(psk, pskId, sendCallback) {
     this.psk = assertIsBytes(psk);
     this.pskId = assertIsBytes(pskId);
-    this.sendCallback = sendCallback;
+    this.connected = new Promise((resolve, reject) => {
+      this._onConnectionSuccess = resolve;
+      this._onConnectionFailure = reject;
+    });
+    this._state = new UNINITIALIZED(this);
+    this._handshakeRecvBuffer = null;
+    this._hasSeenChangeCipherSpec = false;
+    this._recordlayer = new recordlayer_RecordLayer(sendCallback);
+    this._keyschedule = new keyschedule_KeySchedule();
+    this._lastPromise = Promise.resolve();
   }
 
   // Subclasses will override this with some async initialization logic.
@@ -260,55 +2373,174 @@ class rot128_InsecureConnection {
     return new this(psk, pskId, sendCallback);
   }
 
-  // These are the three public API methods that
-  // consumers can use to connunicate over TLS.
+  // These are the three public API methods that consumers can use
+  // to send and receive data encrypted with TLS1.3.
 
   async send(data) {
     assertIsBytes(data);
-    await this.sendCallback(await this._rot128(data));
+    await this.connected;
+    await this._synchronized(async () => {
+      await this._state.sendApplicationData(data);
+    });
   }
 
   async recv(data) {
     assertIsBytes(data);
-    return await this._rot128(data);
+    return await this._synchronized(async () => {
+      // Decrypt the data using the record layer.
+      // We expect to receive precisely one record at a time.
+      const [type, bytes] = await this._recordlayer.recv(data);
+      // Dispatch based on the type of the record.
+      switch (type) {
+        case RECORD_TYPE.CHANGE_CIPHER_SPEC:
+          await this._state.recvChangeCipherSpec(bytes);
+          return null;
+        case RECORD_TYPE.ALERT:
+          await this._state.recvAlertMessage(TLSAlert.fromBytes(bytes));
+          return null;
+        case RECORD_TYPE.APPLICATION_DATA:
+          return await this._state.recvApplicationData(bytes);
+        case RECORD_TYPE.HANDSHAKE:
+          // Multiple handshake messages may be coalesced into a single record.
+          // Store the in-progress record buffer on `this` so that we can guard
+          // against handshake messages that span a change in keys.
+          this._handshakeRecvBuffer = new utils_BufferReader(bytes);
+          if (! this._handshakeRecvBuffer.hasMoreBytes()) {
+            throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+          }
+          do {
+            // Each handshake messages has a type and length prefix, per
+            // https://tools.ietf.org/html/rfc8446#appendix-B.3
+            this._handshakeRecvBuffer.incr(1);
+            const mlength = this._handshakeRecvBuffer.readUint24();
+            this._handshakeRecvBuffer.incr(-4);
+            const messageBytes = this._handshakeRecvBuffer.readBytes(mlength + 4);
+            this._keyschedule.addToTranscript(messageBytes);
+            await this._state.recvHandshakeMessage(messages_HandshakeMessage.fromBytes(messageBytes));
+          } while (this._handshakeRecvBuffer.hasMoreBytes());
+          this._handshakeRecvBuffer = null;
+          return null;
+        default:
+          throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+      }
+    });
+  }
+
+  async close() {
+    await this._synchronized(async () => {
+      await this._state.close();
+    });
+  }
+
+  // Ensure that async functions execute one at a time,
+  // by waiting for the previous call to `_synchronized()` to complete
+  // before starting a new one.  This helps ensure that we complete
+  // one state-machine transition before starting to do the next.
+  // It's also a convenient place to catch and alert on errors.
+
+  _synchronized(cb) {
+    const nextPromise = this._lastPromise.then(() => {
+      return cb();
+    }).catch(async err => {
+      if (err instanceof TLSCloseNotify) {
+        throw err;
+      }
+      await this._state.handleErrorAndRethrow(err);
+    });
+    // We don't want to hold on to the return value or error,
+    // just synchronize on the fact that it completed.
+    this._lastPromise = nextPromise.then(noop, noop);
+    return nextPromise;
+  }
+
+  // This drives internal transition of the state-machine,
+  // ensuring that the new state is properly initialized.
+
+  async _transition(State, ...args) {
+    this._state = new State(this);
+    await this._state.initialize(...args);
+    await this._recordlayer.flush();
+  }
+
+  // These are helpers to allow the State to manipulate the recordlayer
+  // and send out various types of data.
+
+  async _sendApplicationData(bytes) {
+    await this._recordlayer.send(RECORD_TYPE.APPLICATION_DATA, bytes);
+    await this._recordlayer.flush();
+  }
+
+  async _sendHandshakeMessage(msg) {
+    await this._sendHandshakeMessageBytes(msg.toBytes());
+  }
+
+  async _sendHandshakeMessageBytes(bytes) {
+    this._keyschedule.addToTranscript(bytes);
+    await this._recordlayer.send(RECORD_TYPE.HANDSHAKE, bytes);
+    // Don't flush after each handshake message, since we can probably
+    // coalesce multiple messages into a single record.
+  }
+
+  async _sendAlertMessage(err) {
+    await this._recordlayer.send(RECORD_TYPE.ALERT, err.toBytes());
+    await this._recordlayer.flush();
+  }
+
+  async _sendChangeCipherSpec() {
+    await this._recordlayer.send(RECORD_TYPE.CHANGE_CIPHER_SPEC, new Uint8Array([0x01]));
+    await this._recordlayer.flush();
+  }
+
+  async _setSendKey(key) {
+    return await this._recordlayer.setSendKey(key);
   }
 
-  async close() { }
+  async _setRecvKey(key) {
+    // Handshake messages that change keys must be on a record boundary.
+    if (this._handshakeRecvBuffer && this._handshakeRecvBuffer.hasMoreBytes()) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    return await this._recordlayer.setRecvKey(key);
+  }
 
-  async _rot128(input) {
-    const output = new Uint8Array(input.byteLength);
-    for (let i = 0; i < input.byteLength; i++) {
-      output[i] = (input[i] + 128) & 0xFF;
+  _setConnectionSuccess() {
+    if (this._onConnectionSuccess !== null) {
+      this._onConnectionSuccess();
+      this._onConnectionSuccess = null;
+      this._onConnectionFailure = null;
     }
-    return output;
   }
-}
 
+  _setConnectionFailure(err) {
+    if (this._onConnectionFailure !== null) {
+      this._onConnectionFailure(err);
+      this._onConnectionSuccess = null;
+      this._onConnectionFailure = null;
+    }
+  }
+
+  _closeForSend(alert) {
+    this._recordlayer.setSendError(alert);
+  }
+
+  _closeForRecv(alert) {
+    this._recordlayer.setRecvError(alert);
+  }
+}
 
-class InsecureClientConnection extends rot128_InsecureConnection {
+class tlsconnection_ClientConnection extends tlsconnection_Connection {
   static async create(psk, pskId, sendCallback) {
     const instance = await super.create(psk, pskId, sendCallback);
-    // Prove to the server that we know the channel key.
-    await instance.send(instance.psk);
+    await instance._transition(states_CLIENT_START);
     return instance;
   }
 }
 
-
-class rot128_InsecureServerConnection extends rot128_InsecureConnection {
-  constructor(psk, pskId, sendCallback) {
-    super(psk, pskId, sendCallback);
-    this.receivedHandshake = false;
-  }
-  async recv(data) {
-    // Make the client prove that it knows the channel key in first message.
-    let output = await super.recv(data);
-    if (! this.receivedHandshake) {
-      assert(bytesAreEqual(output, this.psk), 'psk mismatch');
-      this.receivedHandshake = true;
-      output = null;
-    }
-    return output;
+class tlsconnection_ServerConnection extends tlsconnection_Connection {
+  static async create(psk, pskId, sendCallback) {
+    const instance = await super.create(psk, pskId, sendCallback);
+    await instance._transition(states_SERVER_START);
+    return instance;
   }
 }
 
@@ -1176,17 +3408,20 @@ if (
 
 
 // CONCATENATED MODULE: ./src/index.js
-/* harmony export (binding) */ __webpack_require__.d(__webpack_exports__, "InsecurePairingChannel", function() { return src_InsecurePairingChannel; });
+/* harmony export (binding) */ __webpack_require__.d(__webpack_exports__, "PairingChannel", function() { return src_PairingChannel; });
+/* harmony export (binding) */ __webpack_require__.d(__webpack_exports__, "_internals", function() { return _internals; });
+/* concated harmony reexport base64urlToBytes */__webpack_require__.d(__webpack_exports__, "base64urlToBytes", function() { return base64urlToBytes; });
+/* concated harmony reexport bytesToBase64url */__webpack_require__.d(__webpack_exports__, "bytesToBase64url", function() { return bytesToBase64url; });
 /* concated harmony reexport bytesToHex */__webpack_require__.d(__webpack_exports__, "bytesToHex", function() { return bytesToHex; });
-/* concated harmony reexport hexToBytes */__webpack_require__.d(__webpack_exports__, "hexToBytes", function() { return hexToBytes; });
 /* concated harmony reexport bytesToUtf8 */__webpack_require__.d(__webpack_exports__, "bytesToUtf8", function() { return bytesToUtf8; });
+/* concated harmony reexport hexToBytes */__webpack_require__.d(__webpack_exports__, "hexToBytes", function() { return hexToBytes; });
+/* concated harmony reexport TLSCloseNotify */__webpack_require__.d(__webpack_exports__, "TLSCloseNotify", function() { return TLSCloseNotify; });
+/* concated harmony reexport TLSError */__webpack_require__.d(__webpack_exports__, "TLSError", function() { return TLSError; });
 /* concated harmony reexport utf8ToBytes */__webpack_require__.d(__webpack_exports__, "utf8ToBytes", function() { return utf8ToBytes; });
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-
-
 // A wrapper that combines a WebSocket to the channelserver
 // with some client-side encryption for securing the channel.
 // We'll improve the encryption before initial release...
@@ -1200,35 +3435,37 @@ if (
 const CLOSE_FLUSH_BUFFER_INTERVAL_MS = 200;
 const CLOSE_FLUSH_BUFFER_MAX_TRIES = 5;
 
-class src_InsecurePairingChannel extends EventTarget {
+class src_PairingChannel extends EventTarget {
   constructor(channelId, channelKey, socket, connection) {
     super();
     this._channelId = channelId;
     this._channelKey = channelKey;
     this._socket = socket;
     this._connection = connection;
+    this._selfClosed = false;
+    this._peerClosed = false;
     this._setupListeners();
   }
 
   /**
    * Create a new pairing channel.
    *
-   * @returns Promise<InsecurePairingChannel>
+   * @returns Promise<PairingChannel>
    */
   static create(channelServerURI) {
     const wsURI = new URL('/v1/ws/', channelServerURI).href;
     const channelKey = crypto.getRandomValues(new Uint8Array(32));
-    return this._makePairingChannel(wsURI, rot128_InsecureServerConnection, channelKey);
+    return this._makePairingChannel(wsURI, tlsconnection_ServerConnection, channelKey);
   }
 
   /**
    * Connect to an existing pairing channel.
    *
-   * @returns Promise<InsecurePairingChannel>
+   * @returns Promise<PairingChannel>
    */
   static connect(channelServerURI, channelId, channelKey) {
     const wsURI = new URL(`/v1/ws/${channelId}`, channelServerURI).href;
-    return this._makePairingChannel(wsURI, InsecureClientConnection, channelKey);
+    return this._makePairingChannel(wsURI, tlsconnection_ClientConnection, channelKey);
   }
 
   static _makePairingChannel(wsUri, ConnectionClass, psk) {
@@ -1246,8 +3483,9 @@ class src_InsecurePairingChannel extends EventTarget {
           const {channelid: channelId} = JSON.parse(event.data);
           const pskId = utf8ToBytes(channelId);
           const connection = await ConnectionClass.create(psk, pskId, data => {
-            // To send data over the websocket, it needs to be encoded as a safe string.
-            socket.send(bytesToHex(data));
+            // The channelserver websocket handler epxects b64urlsafe strings
+            // rather than raw bytes, because it wraps them in a JSON object envelope.
+            socket.send(bytesToBase64url(data));
           });
           const instance = new this(channelId, psk, socket, connection);
           resolve(instance);
@@ -1268,7 +3506,7 @@ class src_InsecurePairingChannel extends EventTarget {
     this._socket.addEventListener('message', async event => {
       try {
         const channelServerEnvelope = JSON.parse(event.data);
-        const payload = await this._connection.recv(hexToBytes(channelServerEnvelope.message));
+        const payload = await this._connection.recv(base64urlToBytes(channelServerEnvelope.message));
         if (payload !== null) {
           const data = JSON.parse(bytesToUtf8(payload));
           this.dispatchEvent(new CustomEvent('message', {
@@ -1279,15 +3517,26 @@ class src_InsecurePairingChannel extends EventTarget {
           }));
         }
       } catch (error) {
-        this.dispatchEvent(new CustomEvent('error', {
-          detail: {
-            error,
-          },
-        }));
+        let event;
+        if (error instanceof TLSCloseNotify) {
+          this._peerClosed = true;
+          if (this._selfClosed) {
+            this._shutdown();
+          }
+          event = new CustomEvent('close');
+        } else {
+          event = new CustomEvent('error', {
+            detail: {
+              error,
+            }
+          });
+        }
+        this.dispatchEvent(event);
       }
     });
     // Relay the WebSocket events.
     this._socket.addEventListener('error', () => {
+      this._shutdown();
       // The dispatched event that we receive has no useful information.
       this.dispatchEvent(new CustomEvent('error', {
         detail: {
@@ -1295,7 +3544,18 @@ class src_InsecurePairingChannel extends EventTarget {
         },
       }));
     });
-    this._socket.addEventListener('close', e => this.dispatchEvent(e));
+    // In TLS, the peer has to explicitly send a close notification,
+    // which we dispatch above.  Unexpected socket close is an error.
+    this._socket.addEventListener('close', () => {
+      this._shutdown();
+      if (! this._peerClosed) {
+        this.dispatchEvent(new CustomEvent('error', {
+          detail: {
+            error: new Error('WebSocket unexpectedly closed'),
+          }
+        }));
+      }
+    });
   }
 
   /**
@@ -1307,8 +3567,8 @@ class src_InsecurePairingChannel extends EventTarget {
   }
 
   async close() {
+    this._selfClosed = true;
     await this._connection.close();
-    this._connection = null;
     try {
       // Ensure all queued bytes have been sent before closing the connection.
       let tries = 0;
@@ -1319,13 +3579,23 @@ class src_InsecurePairingChannel extends EventTarget {
         await new Promise(res => setTimeout(res, CLOSE_FLUSH_BUFFER_INTERVAL_MS));
       }
     } finally {
+      // If the peer hasn't closed, we might still receive some data.
+      if (this._peerClosed) {
+        this._shutdown();
+      }
+    }
+  }
+
+  _shutdown() {
+    if (this._socket) {
       this._socket.close();
       this._socket = null;
+      this._connection = null;
     }
   }
 
   get closed() {
-    return this._socket.readyState === 3;
+    return (! this._socket) || (this._socket.readyState === 3);
   }
 
   get channelId() {
@@ -1340,6 +3610,39 @@ class src_InsecurePairingChannel extends EventTarget {
 // Re-export helpful utilities for calling code to use.
 
 
+// For running tests using the built bundle,
+// expose a bunch of implementation details.
+
+
+
+
+
+
+
+const _internals = {
+  arrayToBytes: arrayToBytes,
+  BufferReader: utils_BufferReader,
+  BufferWriter: utils_BufferWriter,
+  bytesAreEqual: bytesAreEqual,
+  bytesToHex: bytesToHex,
+  bytesToUtf8: bytesToUtf8,
+  ClientConnection: tlsconnection_ClientConnection,
+  Connection: tlsconnection_Connection,
+  DecryptionState: recordlayer_DecryptionState,
+  EncryptedExtensions: EncryptedExtensions,
+  EncryptionState: recordlayer_EncryptionState,
+  Finished: messages_Finished,
+  HASH_LENGTH: HASH_LENGTH,
+  hexToBytes: hexToBytes,
+  hkdfExpand: hkdfExpand,
+  KeySchedule: keyschedule_KeySchedule,
+  NewSessionTicket: NewSessionTicket,
+  RecordLayer: recordlayer_RecordLayer,
+  ServerConnection: tlsconnection_ServerConnection,
+  utf8ToBytes: utf8ToBytes,
+  zeros: zeros,
+};
+
 
 /***/ })
-/******/ ])["InsecurePairingChannel"];
+/******/ ])["PairingChannel"];
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index ec634c0..aab24d9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,18 +14,18 @@
       }
     },
     "@babel/core": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.2.0.tgz",
-      "integrity": "sha512-7pvAdC4B+iKjFFp9Ztj0QgBndJ++qaMeonT185wAqUnhipw8idm9Rv1UMyBuKtYjfl6ORNkgEgcsYLfHX/GpLw==",
+      "version": "7.2.2",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.2.2.tgz",
+      "integrity": "sha512-59vB0RWt09cAct5EIe58+NzGP4TFSD3Bz//2/ELy3ZeTeKF6VTD1AXlH8BGGbCX0PuobZBsIzO7IAI9PH67eKw==",
       "dev": true,
       "requires": {
         "@babel/code-frame": "^7.0.0",
-        "@babel/generator": "^7.2.0",
+        "@babel/generator": "^7.2.2",
         "@babel/helpers": "^7.2.0",
-        "@babel/parser": "^7.2.0",
-        "@babel/template": "^7.1.2",
-        "@babel/traverse": "^7.1.6",
-        "@babel/types": "^7.2.0",
+        "@babel/parser": "^7.2.2",
+        "@babel/template": "^7.2.2",
+        "@babel/traverse": "^7.2.2",
+        "@babel/types": "^7.2.2",
         "convert-source-map": "^1.1.0",
         "debug": "^4.1.0",
         "json5": "^2.1.0",
@@ -35,36 +35,6 @@
         "source-map": "^0.5.0"
       },
       "dependencies": {
-        "debug": {
-          "version": "4.1.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.0.tgz",
-          "integrity": "sha512-heNPJUJIqC+xB6ayLAMHaIrmN9HKa7aQO8MGqKpvCA+uJYVcvR6l5kgdrhRuwPFHU7P5/A1w0BjByPHwpfTDKg==",
-          "dev": true,
-          "requires": {
-            "ms": "^2.1.1"
-          }
-        },
-        "json5": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/json5/-/json5-2.1.0.tgz",
-          "integrity": "sha512-8Mh9h6xViijj36g7Dxi+Y4S6hNGV96vcJZr/SrlHh1LR/pEn/8j/+qIBbs44YKl69Lrfctp4QD+AdWLTMqEZAQ==",
-          "dev": true,
-          "requires": {
-            "minimist": "^1.2.0"
-          }
-        },
-        "minimist": {
-          "version": "1.2.0",
-          "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
-          "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=",
-          "dev": true
-        },
-        "ms": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
-          "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==",
-          "dev": true
-        },
         "source-map": {
           "version": "0.5.7",
           "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
@@ -74,24 +44,18 @@
       }
     },
     "@babel/generator": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.2.0.tgz",
-      "integrity": "sha512-BA75MVfRlFQG2EZgFYIwyT1r6xSkwfP2bdkY/kLZusEYWiJs4xCowab/alaEaT0wSvmVuXGqiefeBlP+7V1yKg==",
+      "version": "7.3.2",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.3.2.tgz",
+      "integrity": "sha512-f3QCuPppXxtZOEm5GWPra/uYUjmNQlu9pbAD8D/9jze4pTY83rTtB1igTBSwvkeNlC5gR24zFFkz+2WHLFQhqQ==",
       "dev": true,
       "requires": {
-        "@babel/types": "^7.2.0",
+        "@babel/types": "^7.3.2",
         "jsesc": "^2.5.1",
         "lodash": "^4.17.10",
         "source-map": "^0.5.0",
         "trim-right": "^1.0.1"
       },
       "dependencies": {
-        "jsesc": {
-          "version": "2.5.2",
-          "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
-          "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==",
-          "dev": true
-        },
         "source-map": {
           "version": "0.5.7",
           "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
@@ -199,16 +163,16 @@
       }
     },
     "@babel/helper-module-transforms": {
-      "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.1.0.tgz",
-      "integrity": "sha512-0JZRd2yhawo79Rcm4w0LwSMILFmFXjugG3yqf+P/UsKsRS1mJCmMwwlHDlMg7Avr9LrvSpp4ZSULO9r8jpCzcw==",
+      "version": "7.2.2",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.2.2.tgz",
+      "integrity": "sha512-YRD7I6Wsv+IHuTPkAmAS4HhY0dkPobgLftHp0cRGZSdrRvmZY8rFvae/GVu3bD00qscuvK3WPHB3YdNpBXUqrA==",
       "dev": true,
       "requires": {
         "@babel/helper-module-imports": "^7.0.0",
         "@babel/helper-simple-access": "^7.1.0",
         "@babel/helper-split-export-declaration": "^7.0.0",
-        "@babel/template": "^7.1.0",
-        "@babel/types": "^7.0.0",
+        "@babel/template": "^7.2.2",
+        "@babel/types": "^7.2.2",
         "lodash": "^4.17.10"
       }
     },
@@ -250,14 +214,14 @@
       }
     },
     "@babel/helper-replace-supers": {
-      "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.1.0.tgz",
-      "integrity": "sha512-BvcDWYZRWVuDeXTYZWxekQNO5D4kO55aArwZOTFXw6rlLQA8ZaDicJR1sO47h+HrnCiDFiww0fSPV0d713KBGQ==",
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.2.3.tgz",
+      "integrity": "sha512-GyieIznGUfPXPWu0yLS6U55Mz67AZD9cUk0BfirOWlPrXlBcan9Gz+vHGz+cPfuoweZSnPzPIm67VtQM0OWZbA==",
       "dev": true,
       "requires": {
         "@babel/helper-member-expression-to-functions": "^7.0.0",
         "@babel/helper-optimise-call-expression": "^7.0.0",
-        "@babel/traverse": "^7.1.0",
+        "@babel/traverse": "^7.2.3",
         "@babel/types": "^7.0.0"
       }
     },
@@ -293,14 +257,14 @@
       }
     },
     "@babel/helpers": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.2.0.tgz",
-      "integrity": "sha512-Fr07N+ea0dMcMN8nFpuK6dUIT7/ivt9yKQdEEnjVS83tG2pHwPi03gYmk/tyuwONnZ+sY+GFFPlWGgCtW1hF9A==",
+      "version": "7.3.1",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.3.1.tgz",
+      "integrity": "sha512-Q82R3jKsVpUV99mgX50gOPCWwco9Ec5Iln/8Vyu4osNIOQgSrd9RFrQeUvmvddFNoLwMyOUWU+5ckioEKpDoGA==",
       "dev": true,
       "requires": {
         "@babel/template": "^7.1.2",
         "@babel/traverse": "^7.1.5",
-        "@babel/types": "^7.2.0"
+        "@babel/types": "^7.3.0"
       }
     },
     "@babel/highlight": {
@@ -312,20 +276,12 @@
         "chalk": "^2.0.0",
         "esutils": "^2.0.2",
         "js-tokens": "^4.0.0"
-      },
-      "dependencies": {
-        "js-tokens": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
-          "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
-          "dev": true
-        }
       }
     },
     "@babel/parser": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.2.0.tgz",
-      "integrity": "sha512-M74+GvK4hn1eejD9lZ7967qAwvqTZayQa3g10ag4s9uewgR7TKjeaT0YMyoq+gVfKYABiWZ4MQD701/t5e1Jhg==",
+      "version": "7.3.2",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.3.2.tgz",
+      "integrity": "sha512-QzNUC2RO1gadg+fs21fi0Uu0OuGNzRKEmgCxoLNzbCdoprLwjfmZwzUrpUNfJPaVRwBpDY47A17yYEGWyRelnQ==",
       "dev": true
     },
     "@babel/plugin-proposal-async-generator-functions": {
@@ -350,9 +306,9 @@
       }
     },
     "@babel/plugin-proposal-object-rest-spread": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-object-rest-spread/-/plugin-proposal-object-rest-spread-7.2.0.tgz",
-      "integrity": "sha512-1L5mWLSvR76XYUQJXkd/EEQgjq8HHRP6lQuZTTg0VA4tTGPpGemmCdAfQIz1rzEuWAm+ecP8PyyEm30jC1eQCg==",
+      "version": "7.3.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-object-rest-spread/-/plugin-proposal-object-rest-spread-7.3.2.tgz",
+      "integrity": "sha512-DjeMS+J2+lpANkYLLO+m6GjoTMygYglKmRe6cDTbFv3L9i6mmiE8fe6B8MtCSLZpVXscD5kn7s6SgtHrDoBWoA==",
       "dev": true,
       "requires": {
         "@babel/helper-plugin-utils": "^7.0.0",
@@ -456,9 +412,9 @@
       }
     },
     "@babel/plugin-transform-classes": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.2.0.tgz",
-      "integrity": "sha512-aPCEkrhJYebDXcGTAP+cdUENkH7zqOlgbKwLbghjjHpJRJBWM/FSlCjMoPGA8oUdiMfOrk3+8EFPLLb5r7zj2w==",
+      "version": "7.2.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.2.2.tgz",
+      "integrity": "sha512-gEZvgTy1VtcDOaQty1l10T3jQmJKlNVxLDCs+3rCVPr6nMkODLELxViq5X9l+rfxbie3XrfrMCYYY6eX3aOcOQ==",
       "dev": true,
       "requires": {
         "@babel/helper-annotate-as-pure": "^7.0.0",
@@ -469,14 +425,6 @@
         "@babel/helper-replace-supers": "^7.1.0",
         "@babel/helper-split-export-declaration": "^7.0.0",
         "globals": "^11.1.0"
-      },
-      "dependencies": {
-        "globals": {
-          "version": "11.9.0",
-          "resolved": "https://registry.npmjs.org/globals/-/globals-11.9.0.tgz",
-          "integrity": "sha512-5cJVtyXWH8PiJPVLZzzoIizXx944O4OmRro5MWKx5fT4MgcN7OfaMutPeaTdJCCURwbWdhhcCWcKIffPnmTzBg==",
-          "dev": true
-        }
       }
     },
     "@babel/plugin-transform-computed-properties": {
@@ -489,9 +437,9 @@
       }
     },
     "@babel/plugin-transform-destructuring": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.2.0.tgz",
-      "integrity": "sha512-coVO2Ayv7g0qdDbrNiadE4bU7lvCd9H539m2gMknyVjjMdwF/iCOM7R+E8PkntoqLkltO0rk+3axhpp/0v68VQ==",
+      "version": "7.3.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.3.2.tgz",
+      "integrity": "sha512-Lrj/u53Ufqxl/sGxyjsJ2XNtNuEjDyjpqdhMNh5aZ+XFOdThL46KBj27Uem4ggoezSYBxKWAil6Hu8HtwqesYw==",
       "dev": true,
       "requires": {
         "@babel/helper-plugin-utils": "^7.0.0"
@@ -596,6 +544,15 @@
         "@babel/helper-plugin-utils": "^7.0.0"
       }
     },
+    "@babel/plugin-transform-named-capturing-groups-regex": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.3.0.tgz",
+      "integrity": "sha512-NxIoNVhk9ZxS+9lSoAQ/LM0V2UEvARLttEHUrRDGKFaAxOYQcrkN/nLRE+BbbicCAvZPl7wMP0X60HsHE5DtQw==",
+      "dev": true,
+      "requires": {
+        "regexp-tree": "^0.1.0"
+      }
+    },
     "@babel/plugin-transform-new-target": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.0.0.tgz",
@@ -657,9 +614,9 @@
       }
     },
     "@babel/plugin-transform-spread": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.2.0.tgz",
-      "integrity": "sha512-7TtPIdwjS/i5ZBlNiQePQCovDh9pAhVbp/nGVRBZuUdBiVRThyyLend3OHobc0G+RLCPPAN70+z/MAMhsgJd/A==",
+      "version": "7.2.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.2.2.tgz",
+      "integrity": "sha512-KWfky/58vubwtS0hLqEnrWJjsMGaOeSBn90Ezn5Jeg9Z8KKHmELbP1yGylMlm5N6TPKeY9A2+UaSYLdxahg01w==",
       "dev": true,
       "requires": {
         "@babel/helper-plugin-utils": "^7.0.0"
@@ -706,19 +663,20 @@
       }
     },
     "@babel/preset-env": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.2.0.tgz",
-      "integrity": "sha512-haGR38j5vOGVeBatrQPr3l0xHbs14505DcM57cbJy48kgMFvvHHoYEhHuRV+7vi559yyAUAVbTWzbK/B/pzJng==",
+      "version": "7.3.1",
+      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.3.1.tgz",
+      "integrity": "sha512-FHKrD6Dxf30e8xgHQO0zJZpUPfVZg+Xwgz5/RdSWCbza9QLNk4Qbp40ctRoqDxml3O8RMzB1DU55SXeDG6PqHQ==",
       "dev": true,
       "requires": {
         "@babel/helper-module-imports": "^7.0.0",
         "@babel/helper-plugin-utils": "^7.0.0",
         "@babel/plugin-proposal-async-generator-functions": "^7.2.0",
         "@babel/plugin-proposal-json-strings": "^7.2.0",
-        "@babel/plugin-proposal-object-rest-spread": "^7.2.0",
+        "@babel/plugin-proposal-object-rest-spread": "^7.3.1",
         "@babel/plugin-proposal-optional-catch-binding": "^7.2.0",
         "@babel/plugin-proposal-unicode-property-regex": "^7.2.0",
         "@babel/plugin-syntax-async-generators": "^7.2.0",
+        "@babel/plugin-syntax-json-strings": "^7.2.0",
         "@babel/plugin-syntax-object-rest-spread": "^7.2.0",
         "@babel/plugin-syntax-optional-catch-binding": "^7.2.0",
         "@babel/plugin-transform-arrow-functions": "^7.2.0",
@@ -738,6 +696,7 @@
         "@babel/plugin-transform-modules-commonjs": "^7.2.0",
         "@babel/plugin-transform-modules-systemjs": "^7.2.0",
         "@babel/plugin-transform-modules-umd": "^7.2.0",
+        "@babel/plugin-transform-named-capturing-groups-regex": "^7.3.0",
         "@babel/plugin-transform-new-target": "^7.0.0",
         "@babel/plugin-transform-object-super": "^7.2.0",
         "@babel/plugin-transform-parameters": "^7.2.0",
@@ -755,81 +714,79 @@
       }
     },
     "@babel/runtime": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.2.0.tgz",
-      "integrity": "sha512-oouEibCbHMVdZSDlJBO6bZmID/zA/G/Qx3H1d3rSNPTD+L8UNKvCat7aKWSJ74zYbm5zWGh0GQN0hKj8zYFTCg==",
+      "version": "7.3.1",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.3.1.tgz",
+      "integrity": "sha512-7jGW8ppV0ant637pIqAcFfQDDH1orEPGJb8aXfUozuCU3QqX7rX4DA8iwrbPrR1hcH0FTTHz47yQnk+bl5xHQA==",
       "requires": {
         "regenerator-runtime": "^0.12.0"
       }
     },
     "@babel/template": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.1.2.tgz",
-      "integrity": "sha512-SY1MmplssORfFiLDcOETrW7fCLl+PavlwMh92rrGcikQaRq4iWPVH0MpwPpY3etVMx6RnDjXtr6VZYr/IbP/Ag==",
+      "version": "7.2.2",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.2.2.tgz",
+      "integrity": "sha512-zRL0IMM02AUDwghf5LMSSDEz7sBCO2YnNmpg3uWTZj/v1rcG2BmQUvaGU8GhU8BvfMh1k2KIAYZ7Ji9KXPUg7g==",
       "dev": true,
       "requires": {
         "@babel/code-frame": "^7.0.0",
-        "@babel/parser": "^7.1.2",
-        "@babel/types": "^7.1.2"
+        "@babel/parser": "^7.2.2",
+        "@babel/types": "^7.2.2"
       }
     },
     "@babel/traverse": {
-      "version": "7.1.6",
-      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.1.6.tgz",
-      "integrity": "sha512-CXedit6GpISz3sC2k2FsGCUpOhUqKdyL0lqNrImQojagnUMXf8hex4AxYFRuMkNGcvJX5QAFGzB5WJQmSv8SiQ==",
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.2.3.tgz",
+      "integrity": "sha512-Z31oUD/fJvEWVR0lNZtfgvVt512ForCTNKYcJBGbPb1QZfve4WGH8Wsy7+Mev33/45fhP/hwQtvgusNdcCMgSw==",
       "dev": true,
       "requires": {
         "@babel/code-frame": "^7.0.0",
-        "@babel/generator": "^7.1.6",
+        "@babel/generator": "^7.2.2",
         "@babel/helper-function-name": "^7.1.0",
         "@babel/helper-split-export-declaration": "^7.0.0",
-        "@babel/parser": "^7.1.6",
-        "@babel/types": "^7.1.6",
+        "@babel/parser": "^7.2.3",
+        "@babel/types": "^7.2.2",
         "debug": "^4.1.0",
         "globals": "^11.1.0",
         "lodash": "^4.17.10"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "4.1.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.0.tgz",
-          "integrity": "sha512-heNPJUJIqC+xB6ayLAMHaIrmN9HKa7aQO8MGqKpvCA+uJYVcvR6l5kgdrhRuwPFHU7P5/A1w0BjByPHwpfTDKg==",
-          "dev": true,
-          "requires": {
-            "ms": "^2.1.1"
-          }
-        },
-        "globals": {
-          "version": "11.9.0",
-          "resolved": "https://registry.npmjs.org/globals/-/globals-11.9.0.tgz",
-          "integrity": "sha512-5cJVtyXWH8PiJPVLZzzoIizXx944O4OmRro5MWKx5fT4MgcN7OfaMutPeaTdJCCURwbWdhhcCWcKIffPnmTzBg==",
-          "dev": true
-        },
-        "ms": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
-          "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==",
-          "dev": true
-        }
       }
     },
     "@babel/types": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.2.0.tgz",
-      "integrity": "sha512-b4v7dyfApuKDvmPb+O488UlGuR1WbwMXFsO/cyqMrnfvRAChZKJAYeeglWTjUO1b9UghKKgepAQM5tsvBJca6A==",
+      "version": "7.3.2",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.3.2.tgz",
+      "integrity": "sha512-3Y6H8xlUlpbGR+XvawiH0UXehqydTmNmEpozWcXymqwcrwYAl5KMvKtQ+TF6f6E08V6Jur7v/ykdDSF+WDEIXQ==",
       "dev": true,
       "requires": {
         "esutils": "^2.0.2",
         "lodash": "^4.17.10",
         "to-fast-properties": "^2.0.0"
-      },
-      "dependencies": {
-        "to-fast-properties": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz",
-          "integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=",
-          "dev": true
-        }
+      }
+    },
+    "@sinonjs/commons": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.3.0.tgz",
+      "integrity": "sha512-j4ZwhaHmwsCb4DlDOIWnI5YyKDNMoNThsmwEpfHx6a1EpsGZ9qYLxP++LMlmBRjtGptGHFsGItJ768snllFWpA==",
+      "dev": true,
+      "requires": {
+        "type-detect": "4.0.8"
+      }
+    },
+    "@sinonjs/formatio": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@sinonjs/formatio/-/formatio-3.1.0.tgz",
+      "integrity": "sha512-ZAR2bPHOl4Xg6eklUGpsdiIJ4+J1SNag1DHHrG/73Uz/nVwXqjgUtRPLoS+aVyieN9cSbc0E4LsU984tWcDyNg==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/samsam": "^2 || ^3"
+      }
+    },
+    "@sinonjs/samsam": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-3.1.0.tgz",
+      "integrity": "sha512-IXio+GWY+Q8XUjHUOgK7wx8fpvr7IFffgyXb1bnJFfX3001KmHt35Zq4tp7MXZyjJPCLPuadesDYNk41LYtVjw==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.0.2",
+        "array-from": "^2.1.1",
+        "lodash.get": "^4.4.2"
       }
     },
     "@webassemblyjs/ast": {
@@ -1016,6 +973,12 @@
       "integrity": "sha512-FZdkNBDqBRHKQ2MEbSC17xnPFOhZxeJ2YGSfr2BKf3sujG49Qe3bB+rGCwQfIaA7WHnGeGkSijX4FuBCdrzW/g==",
       "dev": true
     },
+    "abbrev": {
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.0.9.tgz",
+      "integrity": "sha1-kbR5JYinc4wl813W9jdSovh3YTU=",
+      "dev": true
+    },
     "accepts": {
       "version": "1.3.5",
       "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.5.tgz",
@@ -1027,9 +990,9 @@
       }
     },
     "acorn": {
-      "version": "5.7.3",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz",
-      "integrity": "sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==",
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.1.0.tgz",
+      "integrity": "sha512-MW/FjM+IvU9CgBzjO3UIPCE2pyEwUsoFl+VGdczOPEdxfGFjuKny/gN54mOuX7Qxmb9Rg9MCn2oKiSUeW+pjrw==",
       "dev": true
     },
     "acorn-dynamic-import": {
@@ -1039,6 +1002,14 @@
       "dev": true,
       "requires": {
         "acorn": "^5.0.0"
+      },
+      "dependencies": {
+        "acorn": {
+          "version": "5.7.3",
+          "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz",
+          "integrity": "sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==",
+          "dev": true
+        }
       }
     },
     "acorn-jsx": {
@@ -1054,9 +1025,9 @@
       "dev": true
     },
     "ajv": {
-      "version": "6.6.1",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.6.1.tgz",
-      "integrity": "sha512-ZoJjft5B+EJBjUyu9C9Hc0OZyPZSSlOF+plzouTrg6UlA8f+e/n8NIgBFG/9tppJtpPWfthHakK7juJdNDODww==",
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.9.1.tgz",
+      "integrity": "sha512-XDN92U311aINL77ieWHmqCcNlwjoP5cHXDxIxbf2MaPYuCXOHS7gHH8jktxeK5omgd52XbSTX6a4Piwd1pQmzA==",
       "dev": true,
       "requires": {
         "fast-deep-equal": "^2.0.1",
@@ -1072,15 +1043,22 @@
       "dev": true
     },
     "ajv-keywords": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.2.0.tgz",
-      "integrity": "sha1-6GuBnGAs+IIa1jdBNpjx3sAhhHo=",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.4.0.tgz",
+      "integrity": "sha512-aUjdRFISbuFOl0EIZc+9e4FfZp0bDZgAdOOf30bJmw8VM9v84SHyVyxDfbWxpGYbdZD/9XoKxfHVNmxPkhwyGw==",
       "dev": true
     },
+    "amdefine": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/amdefine/-/amdefine-1.0.1.tgz",
+      "integrity": "sha1-SlKCrBZHKek2Gbz9OtFR+BfOkfU=",
+      "dev": true,
+      "optional": true
+    },
     "ansi-escapes": {
-      "version": "3.1.0",
-      "resolved": "http://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.1.0.tgz",
-      "integrity": "sha512-UgAb8H9D41AQnu/PbWlCofQVcnV4Gs2bBJi9eZPxfU/hgglFh3SMDMENRIqdr7H6XFnXdoknctFByVsCOotTVw==",
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.2.0.tgz",
+      "integrity": "sha512-cBhpre4ma+U0T1oM5fXg7Dy1Jw7zzwv7lt/GoCpr+hDQJoYnKVPLL4dCvSEFMmQurOQvSrwT7SL/DAlhBI97RQ==",
       "dev": true
     },
     "ansi-regex": {
@@ -1106,6 +1084,17 @@
       "requires": {
         "micromatch": "^3.1.4",
         "normalize-path": "^2.1.1"
+      },
+      "dependencies": {
+        "normalize-path": {
+          "version": "2.1.1",
+          "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz",
+          "integrity": "sha1-GrKLVW4Zg2Oowab35vogE3/mrtk=",
+          "dev": true,
+          "requires": {
+            "remove-trailing-separator": "^1.0.1"
+          }
+        }
       }
     },
     "aproba": {
@@ -1141,6 +1130,18 @@
       "integrity": "sha1-45sJrqne+Gao8gbiiK9jkZuuOcQ=",
       "dev": true
     },
+    "array-find-index": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.2.tgz",
+      "integrity": "sha1-3wEKoSh+Fku9pvlyOwqWoexBh6E=",
+      "dev": true
+    },
+    "array-from": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/array-from/-/array-from-2.1.1.tgz",
+      "integrity": "sha1-z+nYwmYoudxa7MYqn12PHzUsEZU=",
+      "dev": true
+    },
     "array-slice": {
       "version": "0.2.3",
       "resolved": "https://registry.npmjs.org/array-slice/-/array-slice-0.2.3.tgz",
@@ -1159,6 +1160,12 @@
       "integrity": "sha512-wGUIVQXuehL5TCqQun8OW81jGzAWycqzFF8lFp+GOM5BXLYj3bKNsYC4daB7n6XjCqxQA/qgTJ+8ANR3acjrog==",
       "dev": true
     },
+    "arrify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz",
+      "integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0=",
+      "dev": true
+    },
     "asn1.js": {
       "version": "4.10.1",
       "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-4.10.1.tgz",
@@ -1187,7 +1194,7 @@
         },
         "util": {
           "version": "0.10.3",
-          "resolved": "http://registry.npmjs.org/util/-/util-0.10.3.tgz",
+          "resolved": "https://registry.npmjs.org/util/-/util-0.10.3.tgz",
           "integrity": "sha1-evsa/lCAUkZInj23/g7TeTNqwPk=",
           "dev": true,
           "requires": {
@@ -1214,6 +1221,12 @@
       "integrity": "sha512-+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg==",
       "dev": true
     },
+    "async": {
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
+      "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo=",
+      "dev": true
+    },
     "async-each": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz",
@@ -1233,80 +1246,26 @@
       "dev": true
     },
     "babel-loader": {
-      "version": "8.0.4",
-      "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-8.0.4.tgz",
-      "integrity": "sha512-fhBhNkUToJcW9nV46v8w87AJOwAJDz84c1CL57n3Stj73FANM/b9TbCUK4YhdOwEyZ+OxhYpdeZDNzSI29Firw==",
+      "version": "8.0.5",
+      "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-8.0.5.tgz",
+      "integrity": "sha512-NTnHnVRd2JnRqPC0vW+iOQWU5pchDbYXsG2E6DMXEpMfUcQKclF9gmf3G3ZMhzG7IG9ji4coL0cm+FxeWxDpnw==",
       "dev": true,
       "requires": {
-        "find-cache-dir": "^1.0.0",
+        "find-cache-dir": "^2.0.0",
         "loader-utils": "^1.0.2",
         "mkdirp": "^0.5.1",
         "util.promisify": "^1.0.0"
-      },
-      "dependencies": {
-        "find-cache-dir": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-1.0.0.tgz",
-          "integrity": "sha1-kojj6ePMN0hxfTnq3hfPcfww7m8=",
-          "dev": true,
-          "requires": {
-            "commondir": "^1.0.1",
-            "make-dir": "^1.0.0",
-            "pkg-dir": "^2.0.0"
-          }
-        },
-        "find-up": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz",
-          "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=",
-          "dev": true,
-          "requires": {
-            "locate-path": "^2.0.0"
-          }
-        },
-        "locate-path": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-2.0.0.tgz",
-          "integrity": "sha1-K1aLJl7slExtnA3pw9u7ygNUzY4=",
-          "dev": true,
-          "requires": {
-            "p-locate": "^2.0.0",
-            "path-exists": "^3.0.0"
-          }
-        },
-        "p-limit": {
-          "version": "1.3.0",
-          "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-1.3.0.tgz",
-          "integrity": "sha512-vvcXsLAJ9Dr5rQOPk7toZQZJApBl2K4J6dANSsEuh6QI41JYcsS/qhTGa9ErIUUgK3WNQoJYvylxvjqmiqEA9Q==",
-          "dev": true,
-          "requires": {
-            "p-try": "^1.0.0"
-          }
-        },
-        "p-locate": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-2.0.0.tgz",
-          "integrity": "sha1-IKAQOyIqcMj9OcwuWAaA893l7EM=",
-          "dev": true,
-          "requires": {
-            "p-limit": "^1.1.0"
-          }
-        },
-        "p-try": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/p-try/-/p-try-1.0.0.tgz",
-          "integrity": "sha1-y8ec26+P1CKOE/Yh8rGiN8GyB7M=",
-          "dev": true
-        },
-        "pkg-dir": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-2.0.0.tgz",
-          "integrity": "sha1-9tXREJ4Z1j7fQo4L1X4Sd3YVM0s=",
-          "dev": true,
-          "requires": {
-            "find-up": "^2.1.0"
-          }
-        }
+      }
+    },
+    "babel-plugin-istanbul": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-5.1.0.tgz",
+      "integrity": "sha512-CLoXPRSUWiR8yao8bShqZUIC6qLfZVVY3X1wj+QPNXu0wfmrRRfarh1LYy+dYMVI+bDj0ghy3tuqFFRFZmL1Nw==",
+      "dev": true,
+      "requires": {
+        "find-up": "^3.0.0",
+        "istanbul-lib-instrument": "^3.0.0",
+        "test-exclude": "^5.0.0"
       }
     },
     "backo2": {
@@ -1404,15 +1363,15 @@
       }
     },
     "big.js": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/big.js/-/big.js-3.2.0.tgz",
-      "integrity": "sha512-+hN/Zh2D08Mx65pZ/4g5bsmNiZUuChDiQfTUQ7qJr4/kuopCr88xZsAXv6mBoZEsUI4OuGHlX59qE94K2mMW8Q==",
+      "version": "5.2.2",
+      "resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz",
+      "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==",
       "dev": true
     },
     "binary-extensions": {
-      "version": "1.12.0",
-      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.12.0.tgz",
-      "integrity": "sha512-DYWGk01lDcxeS/K9IHPGWfT8PsJmbXRtRd2Sx72Tnb8pcYZQFF1oSDb8hJtS1vhp212q1Rzi5dUf9+nq0o9UIg==",
+      "version": "1.13.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.13.0.tgz",
+      "integrity": "sha512-EgmjVLMn22z7eGGv3kcnHwSnJXmFHjISTY9E/S5lIcTD3Oxw05QTcBLNkJFzcb3cNueUdF/IN4U+d78V0zO8Hw==",
       "dev": true
     },
     "blob": {
@@ -1459,6 +1418,21 @@
           "requires": {
             "ms": "2.0.0"
           }
+        },
+        "iconv-lite": {
+          "version": "0.4.23",
+          "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.23.tgz",
+          "integrity": "sha512-neyTUVFtahjf0mB3dZT77u+8O0QB89jFdnBkd5P1JgYPbPaia3gXXOVL2fq8VyU2gMMD7SaN7QukTB/pmXYvDA==",
+          "dev": true,
+          "requires": {
+            "safer-buffer": ">= 2.1.2 < 3"
+          }
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
         }
       }
     },
@@ -1515,7 +1489,7 @@
     },
     "browserify-aes": {
       "version": "1.2.0",
-      "resolved": "http://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz",
+      "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz",
       "integrity": "sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==",
       "dev": true,
       "requires": {
@@ -1552,7 +1526,7 @@
     },
     "browserify-rsa": {
       "version": "4.0.1",
-      "resolved": "http://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz",
       "integrity": "sha1-IeCr+vbyApzy+vsTNWenAdQTVSQ=",
       "dev": true,
       "requires": {
@@ -1585,19 +1559,19 @@
       }
     },
     "browserslist": {
-      "version": "4.3.5",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.3.5.tgz",
-      "integrity": "sha512-z9ZhGc3d9e/sJ9dIx5NFXkKoaiQTnrvrMsN3R1fGb1tkWWNSz12UewJn9TNxGo1l7J23h0MRaPmk7jfeTZYs1w==",
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.4.1.tgz",
+      "integrity": "sha512-pEBxEXg7JwaakBXjATYw/D1YZh4QUSCX/Mnd/wnqSRPPSi1U39iDhDoKGoBUcraKdxDlrYqJxSI5nNvD+dWP2A==",
       "dev": true,
       "requires": {
-        "caniuse-lite": "^1.0.30000912",
-        "electron-to-chromium": "^1.3.86",
-        "node-releases": "^1.0.5"
+        "caniuse-lite": "^1.0.30000929",
+        "electron-to-chromium": "^1.3.103",
+        "node-releases": "^1.1.3"
       }
     },
     "buffer": {
       "version": "4.9.1",
-      "resolved": "http://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
+      "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
       "integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=",
       "dev": true,
       "requires": {
@@ -1653,25 +1627,42 @@
       "dev": true
     },
     "cacache": {
-      "version": "11.3.1",
-      "resolved": "https://registry.npmjs.org/cacache/-/cacache-11.3.1.tgz",
-      "integrity": "sha512-2PEw4cRRDu+iQvBTTuttQifacYjLPhET+SYO/gEFMy8uhi+jlJREDAjSF5FWSdV/Aw5h18caHA7vMTw2c+wDzA==",
+      "version": "11.3.2",
+      "resolved": "https://registry.npmjs.org/cacache/-/cacache-11.3.2.tgz",
+      "integrity": "sha512-E0zP4EPGDOaT2chM08Als91eYnf8Z+eH1awwwVsngUmgppfM5jjJ8l3z5vO5p5w/I3LsiXawb1sW0VY65pQABg==",
       "dev": true,
       "requires": {
-        "bluebird": "^3.5.1",
-        "chownr": "^1.0.1",
-        "figgy-pudding": "^3.1.0",
-        "glob": "^7.1.2",
-        "graceful-fs": "^4.1.11",
-        "lru-cache": "^4.1.3",
+        "bluebird": "^3.5.3",
+        "chownr": "^1.1.1",
+        "figgy-pudding": "^3.5.1",
+        "glob": "^7.1.3",
+        "graceful-fs": "^4.1.15",
+        "lru-cache": "^5.1.1",
         "mississippi": "^3.0.0",
         "mkdirp": "^0.5.1",
         "move-concurrently": "^1.0.1",
         "promise-inflight": "^1.0.1",
         "rimraf": "^2.6.2",
-        "ssri": "^6.0.0",
-        "unique-filename": "^1.1.0",
+        "ssri": "^6.0.1",
+        "unique-filename": "^1.1.1",
         "y18n": "^4.0.0"
+      },
+      "dependencies": {
+        "lru-cache": {
+          "version": "5.1.1",
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
+          "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
+          "dev": true,
+          "requires": {
+            "yallist": "^3.0.2"
+          }
+        },
+        "yallist": {
+          "version": "3.0.3",
+          "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.3.tgz",
+          "integrity": "sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==",
+          "dev": true
+        }
       }
     },
     "cache-base": {
@@ -1708,7 +1699,7 @@
     },
     "callsites": {
       "version": "0.2.0",
-      "resolved": "http://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz",
       "integrity": "sha1-r6uWJikQp/M8GaV3WCXGnzTjUMo=",
       "dev": true
     },
@@ -1718,10 +1709,28 @@
       "integrity": "sha512-faqwZqnWxbxn+F1d399ygeamQNy3lPp/H9H6rNrqYh4FSVCtcY+3cub1MxA8o9mDd55mM8Aghuu/kuyYA6VTsA==",
       "dev": true
     },
+    "camelcase-keys": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-2.1.0.tgz",
+      "integrity": "sha1-MIvur/3ygRkFHvodkyITyRuPkuc=",
+      "dev": true,
+      "requires": {
+        "camelcase": "^2.0.0",
+        "map-obj": "^1.0.0"
+      },
+      "dependencies": {
+        "camelcase": {
+          "version": "2.1.1",
+          "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-2.1.1.tgz",
+          "integrity": "sha1-fB0W1nmhu+WcoCys7PsBHiAfWh8=",
+          "dev": true
+        }
+      }
+    },
     "caniuse-lite": {
-      "version": "1.0.30000918",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30000918.tgz",
-      "integrity": "sha512-CAZ9QXGViBvhHnmIHhsTPSWFBujDaelKnUj7wwImbyQRxmXynYqKGi3UaZTSz9MoVh+1EVxOS/DFIkrJYgR3aw==",
+      "version": "1.0.30000936",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30000936.tgz",
+      "integrity": "sha512-orX4IdpbFhdNO7bTBhSbahp1EBpqzBc+qrvTRVUFfZgA4zta7TdM6PN5ZxkEUgDnz36m+PfWGcdX7AVfFWItJw==",
       "dev": true
     },
     "chai": {
@@ -1763,9 +1772,9 @@
       "dev": true
     },
     "chalk": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.1.tgz",
-      "integrity": "sha512-ObN6h1v2fTJSmUXoS3nMQ92LbDK9be4TV+6G+omQlGJFdcUX5heKi1LZ1YnRMIgwTLEj3E24bT6tYni50rlCfQ==",
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
       "dev": true,
       "requires": {
         "ansi-styles": "^3.2.1",
@@ -1786,24 +1795,23 @@
       "dev": true
     },
     "chokidar": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-2.0.4.tgz",
-      "integrity": "sha512-z9n7yt9rOvIJrMhvDtDictKrkFHeihkNl6uWMmZlmL6tJtX9Cs+87oK+teBx+JIgzvbX3yZHT3eF8vpbDxHJXQ==",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-2.1.1.tgz",
+      "integrity": "sha512-gfw3p2oQV2wEt+8VuMlNsPjCxDxvvgnm/kz+uATu805mWVF8IJN7uz9DN7iBz+RMJISmiVbCOBFs9qBGMjtPfQ==",
       "dev": true,
       "requires": {
         "anymatch": "^2.0.0",
-        "async-each": "^1.0.0",
-        "braces": "^2.3.0",
-        "fsevents": "^1.2.2",
+        "async-each": "^1.0.1",
+        "braces": "^2.3.2",
+        "fsevents": "^1.2.7",
         "glob-parent": "^3.1.0",
-        "inherits": "^2.0.1",
+        "inherits": "^2.0.3",
         "is-binary-path": "^1.0.0",
         "is-glob": "^4.0.0",
-        "lodash.debounce": "^4.0.8",
-        "normalize-path": "^2.1.1",
+        "normalize-path": "^3.0.0",
         "path-is-absolute": "^1.0.0",
-        "readdirp": "^2.0.0",
-        "upath": "^1.0.5"
+        "readdirp": "^2.2.1",
+        "upath": "^1.1.0"
       }
     },
     "chownr": {
@@ -1832,9 +1840,9 @@
       }
     },
     "circular-json": {
-      "version": "0.5.9",
-      "resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.5.9.tgz",
-      "integrity": "sha512-4ivwqHpIFJZBuhN3g/pEcdbnGUywkBblloGbkglyloVjjR3uT6tieI89MVOfbP2tHX5sgb01FuLgAOzebNlJNQ==",
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.3.3.tgz",
+      "integrity": "sha512-UZK3NBx2Mca+b5LsG7bY183pHWt5Y1xts4P3Pz7ENTwGVnJOUWbRb3ocjvX7hx9tq/yTAdclXm9sZ38gNuem4A==",
       "dev": true
     },
     "class-utils": {
@@ -1869,6 +1877,17 @@
         "restore-cursor": "^2.0.0"
       }
     },
+    "cli-table3": {
+      "version": "0.5.1",
+      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.5.1.tgz",
+      "integrity": "sha512-7Qg2Jrep1S/+Q3EceiZtQcDPWxhAvBw+ERf1162v4sikJrvojMHFqXt8QIVha8UlH9rgU0BeWPytZ9/TzYqlUw==",
+      "dev": true,
+      "requires": {
+        "colors": "^1.1.2",
+        "object-assign": "^4.1.0",
+        "string-width": "^2.1.1"
+      }
+    },
     "cli-width": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/cli-width/-/cli-width-2.2.0.tgz",
@@ -1933,9 +1952,9 @@
       }
     },
     "commander": {
-      "version": "2.15.1",
-      "resolved": "http://registry.npmjs.org/commander/-/commander-2.15.1.tgz",
-      "integrity": "sha512-VlfT9F3V0v+jr4yxPc5gg9s62/fIVWsd2Bk2iD435um1NlGMYdVCq+MjcXnhYq2icNOizHr1kK+5TI6H0Hy0ag==",
+      "version": "2.17.1",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.17.1.tgz",
+      "integrity": "sha512-wPMUt6FnH2yzG95SA6mzjQOEKUU3aLaDEmzs1ti+1E9h+CsrZghRlqEM/EJ4KscsQVG8uNN4uVreUeT8+drlgg==",
       "dev": true
     },
     "commondir": {
@@ -2000,6 +2019,12 @@
           "requires": {
             "ms": "2.0.0"
           }
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
         }
       }
     },
@@ -2060,9 +2085,9 @@
       "dev": true
     },
     "core-js": {
-      "version": "2.6.0",
-      "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.0.tgz",
-      "integrity": "sha512-kLRC6ncVpuEW/1kwrOXYX6KQASCVtrh1gQr/UiaVgFlf9WE5Vp+lNe5+h3LuMr5PAucWnnEXwH0nQHRH/gpGtw==",
+      "version": "2.6.4",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.4.tgz",
+      "integrity": "sha512-05qQ5hXShcqGkPZpXEFLIpxayZscVD2kuMBZewxiIPPEagukO4mqgPA9CWhUvFBJfy3ODdK2p9xyHh7FTU9/7A==",
       "dev": true
     },
     "core-util-is": {
@@ -2083,7 +2108,7 @@
     },
     "create-hash": {
       "version": "1.2.0",
-      "resolved": "http://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
+      "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
       "integrity": "sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==",
       "dev": true,
       "requires": {
@@ -2096,7 +2121,7 @@
     },
     "create-hmac": {
       "version": "1.1.7",
-      "resolved": "http://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz",
+      "resolved": "https://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz",
       "integrity": "sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==",
       "dev": true,
       "requires": {
@@ -2140,6 +2165,15 @@
         "randomfill": "^1.0.3"
       }
     },
+    "currently-unhandled": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/currently-unhandled/-/currently-unhandled-0.4.1.tgz",
+      "integrity": "sha1-mI3zP+qxke95mmE2nddsF635V+o=",
+      "dev": true,
+      "requires": {
+        "array-find-index": "^1.0.1"
+      }
+    },
     "custom-event": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/custom-event/-/custom-event-1.0.1.tgz",
@@ -2164,13 +2198,23 @@
       "integrity": "sha1-6vQ5/U1ISK105cx9vvIAZyueNFs=",
       "dev": true
     },
+    "dateformat": {
+      "version": "1.0.12",
+      "resolved": "https://registry.npmjs.org/dateformat/-/dateformat-1.0.12.tgz",
+      "integrity": "sha1-nxJLZ1lMk3/3BpMuSmQsyo27/uk=",
+      "dev": true,
+      "requires": {
+        "get-stdin": "^4.0.1",
+        "meow": "^3.3.0"
+      }
+    },
     "debug": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
-      "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+      "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
       "dev": true,
       "requires": {
-        "ms": "2.0.0"
+        "ms": "^2.1.1"
       }
     },
     "decamelize": {
@@ -2280,7 +2324,7 @@
     },
     "diffie-hellman": {
       "version": "5.0.3",
-      "resolved": "http://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz",
       "integrity": "sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==",
       "dev": true,
       "requires": {
@@ -2317,9 +2361,9 @@
       "dev": true
     },
     "duplexify": {
-      "version": "3.6.1",
-      "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-3.6.1.tgz",
-      "integrity": "sha512-vM58DwdnKmty+FSPzT14K9JXb90H+j5emaR4KYbr2KTIz00WHGbWOe5ghQTx233ZCLZtrGDALzKwcjEtSt35mA==",
+      "version": "3.7.1",
+      "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-3.7.1.tgz",
+      "integrity": "sha512-07z8uv2wMyS51kKhD1KsdXJg5WQ6t93RneqRxUHnskXVtlYYkLqM0gqStQZ3pj073g687jPCHrqNfCzawLYh5g==",
       "dev": true,
       "requires": {
         "end-of-stream": "^1.0.0",
@@ -2335,9 +2379,9 @@
       "dev": true
     },
     "electron-to-chromium": {
-      "version": "1.3.90",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.90.tgz",
-      "integrity": "sha512-IjJZKRhFbWSOX1w0sdIXgp4CMRguu6UYcTckyFF/Gjtemsu/25eZ+RXwFlV+UWcIueHyQA1UnRJxocTpH5NdGA==",
+      "version": "1.3.113",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.113.tgz",
+      "integrity": "sha512-De+lPAxEcpxvqPTyZAXELNpRZXABRxf+uL/rSykstQhzj/B0l1150G/ExIIxKc16lI89Hgz81J0BHAcbTqK49g==",
       "dev": true
     },
     "elliptic": {
@@ -2355,6 +2399,12 @@
         "minimalistic-crypto-utils": "^1.0.0"
       }
     },
+    "emoji-regex": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz",
+      "integrity": "sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA==",
+      "dev": true
+    },
     "emojis-list": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-2.1.0.tgz",
@@ -2388,11 +2438,28 @@
         "debug": "~3.1.0",
         "engine.io-parser": "~2.1.0",
         "ws": "~3.3.1"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
+        }
       }
     },
     "engine.io-client": {
       "version": "3.2.1",
-      "resolved": "http://registry.npmjs.org/engine.io-client/-/engine.io-client-3.2.1.tgz",
+      "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-3.2.1.tgz",
       "integrity": "sha512-y5AbkytWeM4jQr7m/koQLc5AxpRKC1hEVUb/s1FUAWEJq5AzJJ4NLvzuKPuxtDi5Mq755WuDvZ6Iv2rXj4PTzw==",
       "dev": true,
       "requires": {
@@ -2407,18 +2474,35 @@
         "ws": "~3.3.1",
         "xmlhttprequest-ssl": "~1.5.4",
         "yeast": "0.1.2"
-      }
-    },
-    "engine.io-parser": {
-      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-2.1.3.tgz",
-      "integrity": "sha512-6HXPre2O4Houl7c4g7Ic/XzPnHBvaEmN90vtRO9uLmwtRqQmTOw0QMevL1TOfL2Cpu1VzsaTmMotQgMdkzGkVA==",
-      "dev": true,
-      "requires": {
-        "after": "0.8.2",
-        "arraybuffer.slice": "~0.0.7",
-        "base64-arraybuffer": "0.1.5",
-        "blob": "0.0.5",
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
+        }
+      }
+    },
+    "engine.io-parser": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-2.1.3.tgz",
+      "integrity": "sha512-6HXPre2O4Houl7c4g7Ic/XzPnHBvaEmN90vtRO9uLmwtRqQmTOw0QMevL1TOfL2Cpu1VzsaTmMotQgMdkzGkVA==",
+      "dev": true,
+      "requires": {
+        "after": "0.8.2",
+        "arraybuffer.slice": "~0.0.7",
+        "base64-arraybuffer": "0.1.5",
+        "blob": "0.0.5",
         "has-binary2": "~1.0.2"
       }
     },
@@ -2448,17 +2532,27 @@
         "prr": "~1.0.1"
       }
     },
+    "error-ex": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz",
+      "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==",
+      "dev": true,
+      "requires": {
+        "is-arrayish": "^0.2.1"
+      }
+    },
     "es-abstract": {
-      "version": "1.12.0",
-      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.12.0.tgz",
-      "integrity": "sha512-C8Fx/0jFmV5IPoMOFPA9P9G5NtqW+4cOPit3MIuvR2t7Ag2K15EJTpxnHAYTzL+aYQJIESYeXZmDBfOBE1HcpA==",
+      "version": "1.13.0",
+      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.13.0.tgz",
+      "integrity": "sha512-vDZfg/ykNxQVwup/8E1BZhVzFfBxs9NqMzGcvIJrqg5k2/5Za2bWo40dK2J1pgLngZ7c+Shh8lwYtLGyrwPutg==",
       "dev": true,
       "requires": {
-        "es-to-primitive": "^1.1.1",
+        "es-to-primitive": "^1.2.0",
         "function-bind": "^1.1.1",
-        "has": "^1.0.1",
-        "is-callable": "^1.1.3",
-        "is-regex": "^1.0.4"
+        "has": "^1.0.3",
+        "is-callable": "^1.1.4",
+        "is-regex": "^1.0.4",
+        "object-keys": "^1.0.12"
       }
     },
     "es-to-primitive": {
@@ -2484,6 +2578,43 @@
       "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
       "dev": true
     },
+    "escodegen": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.8.1.tgz",
+      "integrity": "sha1-WltTr0aTEQvrsIZ6o0MN07cKEBg=",
+      "dev": true,
+      "requires": {
+        "esprima": "^2.7.1",
+        "estraverse": "^1.9.1",
+        "esutils": "^2.0.2",
+        "optionator": "^0.8.1",
+        "source-map": "~0.2.0"
+      },
+      "dependencies": {
+        "esprima": {
+          "version": "2.7.3",
+          "resolved": "https://registry.npmjs.org/esprima/-/esprima-2.7.3.tgz",
+          "integrity": "sha1-luO3DVd59q1JzQMmc9HDEnZ7pYE=",
+          "dev": true
+        },
+        "estraverse": {
+          "version": "1.9.3",
+          "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-1.9.3.tgz",
+          "integrity": "sha1-r2fy3JIlgkFZUJJgkaQAXSnJu0Q=",
+          "dev": true
+        },
+        "source-map": {
+          "version": "0.2.0",
+          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.2.0.tgz",
+          "integrity": "sha1-2rc/vPwrqBm03gO9b26qSBZLP50=",
+          "dev": true,
+          "optional": true,
+          "requires": {
+            "amdefine": ">=0.0.4"
+          }
+        }
+      }
+    },
     "eslint": {
       "version": "5.10.0",
       "resolved": "https://registry.npmjs.org/eslint/-/eslint-5.10.0.tgz",
@@ -2527,33 +2658,20 @@
         "strip-json-comments": "^2.0.1",
         "table": "^5.0.2",
         "text-table": "^0.2.0"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "4.1.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.0.tgz",
-          "integrity": "sha512-heNPJUJIqC+xB6ayLAMHaIrmN9HKa7aQO8MGqKpvCA+uJYVcvR6l5kgdrhRuwPFHU7P5/A1w0BjByPHwpfTDKg==",
-          "dev": true,
-          "requires": {
-            "ms": "^2.1.1"
-          }
-        },
-        "ms": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
-          "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==",
-          "dev": true
-        }
       }
     },
     "eslint-plugin-fxa": {
-      "version": "git://github.com/mozilla/eslint-plugin-fxa.git#41504c9dd30e8b52900c15b524946aa0428aef95",
-      "from": "git://github.com/mozilla/eslint-plugin-fxa.git#41504c9dd30e8b52900c15b524946aa0428aef95",
-      "dev": true
+      "version": "git://github.com/mozilla/eslint-plugin-fxa.git#1153ff4bbf7e2c074363253c555fb7f71bac09a1",
+      "from": "git://github.com/mozilla/eslint-plugin-fxa.git#1153ff4bbf7e2c074363253c555fb7f71bac09a1",
+      "dev": true,
+      "requires": {
+        "ramda": "0.25.0"
+      }
     },
     "eslint-plugin-sorting": {
-      "version": "git://github.com/shane-tomlinson/eslint-plugin-sorting.git#bcacb99d53f197ab4f95eb87c18e941f19e88692",
-      "from": "git://github.com/shane-tomlinson/eslint-plugin-sorting.git#bcacb99d",
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-sorting/-/eslint-plugin-sorting-0.4.0.tgz",
+      "integrity": "sha512-2edN1MfCdHN3XBr/oMNRkg9TkHvUkzivMjfs9glyPEyqVsQrSJuh/iDidUjg7LXVATJuDQsD8bVELldBj4bFZQ==",
       "dev": true
     },
     "eslint-scope": {
@@ -2587,14 +2705,6 @@
         "acorn": "^6.0.2",
         "acorn-jsx": "^5.0.0",
         "eslint-visitor-keys": "^1.0.0"
-      },
-      "dependencies": {
-        "acorn": {
-          "version": "6.0.4",
-          "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.0.4.tgz",
-          "integrity": "sha512-VY4i5EKSKkofY2I+6QLTbTTN/UvEQPCo6eiwzzSaSWfpaDhOmStMCMod6wmuPciNq+XS0faCglFu2lHZpdHUtg==",
-          "dev": true
-        }
       }
     },
     "esprima": {
@@ -2645,9 +2755,9 @@
       "dev": true
     },
     "events": {
-      "version": "1.1.1",
-      "resolved": "http://registry.npmjs.org/events/-/events-1.1.1.tgz",
-      "integrity": "sha1-nr23Y1rQmccNzEwqH1AEKI6L2SQ=",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/events/-/events-3.0.0.tgz",
+      "integrity": "sha512-Dc381HFWJzEOhQ+d8pkNon++bk9h6cdAoAj4iE6Q4y6xgTzySWXlKn05/TVNpjnfRqi/X0EpJEJohPjNI3zpVA==",
       "dev": true
     },
     "evp_bytestokey": {
@@ -2661,13 +2771,13 @@
       }
     },
     "execa": {
-      "version": "0.10.0",
-      "resolved": "https://registry.npmjs.org/execa/-/execa-0.10.0.tgz",
-      "integrity": "sha512-7XOMnz8Ynx1gGo/3hyV9loYNPWM94jG3+3T3Y8tsfSstFmETmENCMU/A/zj8Lyaj1lkgEepKepvd6240tBRvlw==",
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/execa/-/execa-1.0.0.tgz",
+      "integrity": "sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==",
       "dev": true,
       "requires": {
         "cross-spawn": "^6.0.0",
-        "get-stream": "^3.0.0",
+        "get-stream": "^4.0.0",
         "is-stream": "^1.1.0",
         "npm-run-path": "^2.0.0",
         "p-finally": "^1.0.0",
@@ -2744,12 +2854,18 @@
           "requires": {
             "is-extendable": "^0.1.0"
           }
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
         }
       }
     },
     "expand-range": {
       "version": "0.1.1",
-      "resolved": "http://registry.npmjs.org/expand-range/-/expand-range-0.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/expand-range/-/expand-range-0.1.1.tgz",
       "integrity": "sha1-TLjtoJk8pW+k9B/ELzy7TMrf8EQ=",
       "dev": true,
       "requires": {
@@ -2807,17 +2923,6 @@
         "chardet": "^0.7.0",
         "iconv-lite": "^0.4.24",
         "tmp": "^0.0.33"
-      },
-      "dependencies": {
-        "iconv-lite": {
-          "version": "0.4.24",
-          "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
-          "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
-          "dev": true,
-          "requires": {
-            "safer-buffer": ">= 2.1.2 < 3"
-          }
-        }
       }
     },
     "extglob": {
@@ -2975,6 +3080,12 @@
             "ms": "2.0.0"
           }
         },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
+        },
         "statuses": {
           "version": "1.3.1",
           "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
@@ -3013,14 +3124,6 @@
         "graceful-fs": "^4.1.2",
         "rimraf": "~2.6.2",
         "write": "^0.2.1"
-      },
-      "dependencies": {
-        "circular-json": {
-          "version": "0.3.3",
-          "resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.3.3.tgz",
-          "integrity": "sha512-UZK3NBx2Mca+b5LsG7bY183pHWt5Y1xts4P3Pz7ENTwGVnJOUWbRb3ocjvX7hx9tq/yTAdclXm9sZ38gNuem4A==",
-          "dev": true
-        }
       }
     },
     "flatted": {
@@ -3030,22 +3133,39 @@
       "dev": true
     },
     "flush-write-stream": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/flush-write-stream/-/flush-write-stream-1.0.3.tgz",
-      "integrity": "sha512-calZMC10u0FMUqoiunI2AiGIIUtUIvifNwkHhNupZH4cbNnW1Itkoh/Nf5HFYmDrwWPjrUxpkZT0KhuCq0jmGw==",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/flush-write-stream/-/flush-write-stream-1.1.1.tgz",
+      "integrity": "sha512-3Z4XhFZ3992uIq0XOqb9AreonueSYphE6oYbpt5+3u06JWklbsPkNv3ZKkP9Bz/r+1MWCaMoSQ28P85+1Yc77w==",
       "dev": true,
       "requires": {
-        "inherits": "^2.0.1",
-        "readable-stream": "^2.0.4"
+        "inherits": "^2.0.3",
+        "readable-stream": "^2.3.6"
       }
     },
     "follow-redirects": {
-      "version": "1.5.10",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz",
-      "integrity": "sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==",
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.6.1.tgz",
+      "integrity": "sha512-t2JCjbzxQpWvbhts3l6SH1DKzSrx8a+SsaVf4h6bG4kOXUuPYS/kg2Lr4gQSb7eemaHqJkOThF1BGyjlUkO1GQ==",
       "dev": true,
       "requires": {
         "debug": "=3.1.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
+        }
       }
     },
     "for-in": {
@@ -3101,9 +3221,9 @@
       "dev": true
     },
     "fsevents": {
-      "version": "1.2.4",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.4.tgz",
-      "integrity": "sha512-z8H8/diyk76B7q5wg+Ud0+CqzcAF3mBBI/bA5ne5zrRUUIvNkJY//D3BqyH571KuAC4Nr7Rw7CjWX4r0y9DvNg==",
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.7.tgz",
+      "integrity": "sha512-Pxm6sI2MeBD7RdD12RYsqaP0nMiwx8eZBXCa6z2L+mRHm2DYrOYwihmhjpkdjUHwQhslWQjRpEgNq4XvBmaAuw==",
       "dev": true,
       "optional": true,
       "requires": {
@@ -3113,28 +3233,25 @@
       "dependencies": {
         "abbrev": {
           "version": "1.1.1",
-          "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
-          "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "ansi-regex": {
           "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz",
-          "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=",
-          "dev": true
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "aproba": {
           "version": "1.2.0",
-          "resolved": "https://registry.npmjs.org/aproba/-/aproba-1.2.0.tgz",
-          "integrity": "sha512-Y9J6ZjXtoYh8RnXVCMOU/ttDmk1aBjunq9vO0ta5x85WDQiQfUF9sIPBITdbiiIVcBo03Hi3jMxigBtsddlXRw==",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "are-we-there-yet": {
-          "version": "1.1.4",
-          "resolved": "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-1.1.4.tgz",
-          "integrity": "sha1-u13KOCu5TwXhUZQ3PRb9O6HKEQ0=",
+          "version": "1.1.5",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3144,56 +3261,53 @@
         },
         "balanced-match": {
           "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
-          "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
-          "dev": true
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "brace-expansion": {
           "version": "1.1.11",
-          "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-          "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+          "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "balanced-match": "^1.0.0",
             "concat-map": "0.0.1"
           }
         },
         "chownr": {
-          "version": "1.0.1",
-          "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.0.1.tgz",
-          "integrity": "sha1-4qdQQqlVGQi+vSW4Uj1fl2nXkYE=",
+          "version": "1.1.1",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "code-point-at": {
           "version": "1.1.0",
-          "resolved": "https://registry.npmjs.org/code-point-at/-/code-point-at-1.1.0.tgz",
-          "integrity": "sha1-DQcLTQQ6W+ozovGkDi7bPZpMz3c=",
-          "dev": true
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "concat-map": {
           "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-          "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
-          "dev": true
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "console-control-strings": {
           "version": "1.1.0",
-          "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
-          "integrity": "sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=",
-          "dev": true
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "core-util-is": {
           "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
-          "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "debug": {
           "version": "2.6.9",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
-          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3201,30 +3315,26 @@
           }
         },
         "deep-extend": {
-          "version": "0.5.1",
-          "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.5.1.tgz",
-          "integrity": "sha512-N8vBdOa+DF7zkRrDCsaOXoCs/E2fJfx9B9MrKnnSiHNh4ws7eSys6YQE4KvT1cecKmOASYQBhbKjeuDD9lT81w==",
+          "version": "0.6.0",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "delegates": {
           "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz",
-          "integrity": "sha1-hMbhWbgZBP3KWaDvRM2HDTElD5o=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "detect-libc": {
           "version": "1.0.3",
-          "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-1.0.3.tgz",
-          "integrity": "sha1-+hN8S9aY7fVc1c0CrFWfkaTEups=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "fs-minipass": {
           "version": "1.2.5",
-          "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-1.2.5.tgz",
-          "integrity": "sha512-JhBl0skXjUPCFH7x6x61gQxrKyXsxB5gcgePLZCwfyCGGsTISMoIeObbrvVeP6Xmyaudw4TT43qV2Gz+iyd2oQ==",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3233,15 +3343,13 @@
         },
         "fs.realpath": {
           "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
-          "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "gauge": {
           "version": "2.7.4",
-          "resolved": "https://registry.npmjs.org/gauge/-/gauge-2.7.4.tgz",
-          "integrity": "sha1-LANAXHU4w51+s3sxcCLjJfsBi/c=",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3256,9 +3364,8 @@
           }
         },
         "glob": {
-          "version": "7.1.2",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
-          "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
+          "version": "7.1.3",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3272,25 +3379,22 @@
         },
         "has-unicode": {
           "version": "2.0.1",
-          "resolved": "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz",
-          "integrity": "sha1-4Ob+aijPUROIVeCG0Wkedx3iqLk=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "iconv-lite": {
-          "version": "0.4.21",
-          "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.21.tgz",
-          "integrity": "sha512-En5V9za5mBt2oUA03WGD3TwDv0MKAruqsuxstbMUZaj9W9k/m1CV/9py3l0L5kw9Bln8fdHQmzHSYtvpvTLpKw==",
+          "version": "0.4.24",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
-            "safer-buffer": "^2.1.0"
+            "safer-buffer": ">= 2.1.2 < 3"
           }
         },
         "ignore-walk": {
           "version": "3.0.1",
-          "resolved": "https://registry.npmjs.org/ignore-walk/-/ignore-walk-3.0.1.tgz",
-          "integrity": "sha512-DTVlMx3IYPe0/JJcYP7Gxg7ttZZu3IInhuEhbchuqneY9wWe5Ojy2mXLBaQFUQmo0AW2r3qG7m1mg86js+gnlQ==",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3299,8 +3403,7 @@
         },
         "inflight": {
           "version": "1.0.6",
-          "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
-          "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3310,62 +3413,59 @@
         },
         "inherits": {
           "version": "2.0.3",
-          "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
-          "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=",
-          "dev": true
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "ini": {
           "version": "1.3.5",
-          "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.5.tgz",
-          "integrity": "sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "is-fullwidth-code-point": {
           "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz",
-          "integrity": "sha1-754xOG8DGn8NZDr4L95QxFfvAMs=",
+          "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "number-is-nan": "^1.0.0"
           }
         },
         "isarray": {
           "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
-          "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "minimatch": {
           "version": "3.0.4",
-          "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
-          "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+          "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "brace-expansion": "^1.1.7"
           }
         },
         "minimist": {
           "version": "0.0.8",
-          "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
-          "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=",
-          "dev": true
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "minipass": {
-          "version": "2.2.4",
-          "resolved": "https://registry.npmjs.org/minipass/-/minipass-2.2.4.tgz",
-          "integrity": "sha512-hzXIWWet/BzWhYs2b+u7dRHlruXhwdgvlTMDKC6Cb1U7ps6Ac6yQlR39xsbjWJE377YTCtKwIXIpJ5oP+j5y8g==",
+          "version": "2.3.5",
+          "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
-            "safe-buffer": "^5.1.1",
+            "safe-buffer": "^5.1.2",
             "yallist": "^3.0.0"
           }
         },
         "minizlib": {
-          "version": "1.1.0",
-          "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-1.1.0.tgz",
-          "integrity": "sha512-4T6Ur/GctZ27nHfpt9THOdRZNgyJ9FZchYO1ceg5S8Q3DNLCKYy44nCZzgCJgcvx2UM8czmqak5BCxJMrq37lA==",
+          "version": "1.2.1",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3374,24 +3474,22 @@
         },
         "mkdirp": {
           "version": "0.5.1",
-          "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
-          "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
+          "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "minimist": "0.0.8"
           }
         },
         "ms": {
           "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
-          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "needle": {
-          "version": "2.2.0",
-          "resolved": "https://registry.npmjs.org/needle/-/needle-2.2.0.tgz",
-          "integrity": "sha512-eFagy6c+TYayorXw/qtAdSvaUpEbBsDwDyxYFgLZ0lTojfH7K+OdBqAF7TAFwDokJaGpubpSGG0wO3iC0XPi8w==",
+          "version": "2.2.4",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3401,19 +3499,18 @@
           }
         },
         "node-pre-gyp": {
-          "version": "0.10.0",
-          "resolved": "https://registry.npmjs.org/node-pre-gyp/-/node-pre-gyp-0.10.0.tgz",
-          "integrity": "sha512-G7kEonQLRbcA/mOoFoxvlMrw6Q6dPf92+t/l0DFSMuSlDoWaI9JWIyPwK0jyE1bph//CUEL65/Fz1m2vJbmjQQ==",
+          "version": "0.10.3",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
             "detect-libc": "^1.0.2",
             "mkdirp": "^0.5.1",
-            "needle": "^2.2.0",
+            "needle": "^2.2.1",
             "nopt": "^4.0.1",
             "npm-packlist": "^1.1.6",
             "npmlog": "^4.0.2",
-            "rc": "^1.1.7",
+            "rc": "^1.2.7",
             "rimraf": "^2.6.1",
             "semver": "^5.3.0",
             "tar": "^4"
@@ -3421,8 +3518,7 @@
         },
         "nopt": {
           "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/nopt/-/nopt-4.0.1.tgz",
-          "integrity": "sha1-0NRoWv1UFRk8jHUFYC0NF81kR00=",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3431,16 +3527,14 @@
           }
         },
         "npm-bundled": {
-          "version": "1.0.3",
-          "resolved": "https://registry.npmjs.org/npm-bundled/-/npm-bundled-1.0.3.tgz",
-          "integrity": "sha512-ByQ3oJ/5ETLyglU2+8dBObvhfWXX8dtPZDMePCahptliFX2iIuhyEszyFk401PZUNQH20vvdW5MLjJxkwU80Ow==",
+          "version": "1.0.5",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "npm-packlist": {
-          "version": "1.1.10",
-          "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-1.1.10.tgz",
-          "integrity": "sha512-AQC0Dyhzn4EiYEfIUjCdMl0JJ61I2ER9ukf/sLxJUcZHfo+VyEfz2rMJgLZSS1v30OxPQe1cN0LZA1xbcaVfWA==",
+          "version": "1.2.0",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3450,8 +3544,7 @@
         },
         "npmlog": {
           "version": "4.1.2",
-          "resolved": "https://registry.npmjs.org/npmlog/-/npmlog-4.1.2.tgz",
-          "integrity": "sha512-2uUqazuKlTaSI/dC8AzicUck7+IrEaOnN/e0jd3Xtt1KcGpwx30v50mL7oPyr/h9bL3E4aZccVwpwP+5W9Vjkg==",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3463,44 +3556,40 @@
         },
         "number-is-nan": {
           "version": "1.0.1",
-          "resolved": "https://registry.npmjs.org/number-is-nan/-/number-is-nan-1.0.1.tgz",
-          "integrity": "sha1-CXtgK1NCKlIsGvuHkDGDNpQaAR0=",
-          "dev": true
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "object-assign": {
           "version": "4.1.1",
-          "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
-          "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "once": {
           "version": "1.4.0",
-          "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
-          "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+          "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "wrappy": "1"
           }
         },
         "os-homedir": {
           "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/os-homedir/-/os-homedir-1.0.2.tgz",
-          "integrity": "sha1-/7xJiDNuDoM94MFox+8VISGqf7M=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "os-tmpdir": {
           "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
-          "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "osenv": {
           "version": "0.1.5",
-          "resolved": "https://registry.npmjs.org/osenv/-/osenv-0.1.5.tgz",
-          "integrity": "sha512-0CWcCECdMVc2Rw3U5w9ZjqX6ga6ubk1xDVKxtBQPK7wis/0F2r9T6k4ydGYhecl7YUBxBVxhL5oisPsNxAPe2g==",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3510,26 +3599,23 @@
         },
         "path-is-absolute": {
           "version": "1.0.1",
-          "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
-          "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "process-nextick-args": {
           "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
-          "integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw==",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "rc": {
-          "version": "1.2.7",
-          "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.7.tgz",
-          "integrity": "sha512-LdLD8xD4zzLsAT5xyushXDNscEjB7+2ulnl8+r1pnESlYtlJtVSoCMBGr30eDRJ3+2Gq89jK9P9e4tCEH1+ywA==",
+          "version": "1.2.8",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
-            "deep-extend": "^0.5.1",
+            "deep-extend": "^0.6.0",
             "ini": "~1.3.0",
             "minimist": "^1.2.0",
             "strip-json-comments": "~2.0.1"
@@ -3537,8 +3623,7 @@
           "dependencies": {
             "minimist": {
               "version": "1.2.0",
-              "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
-              "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=",
+              "bundled": true,
               "dev": true,
               "optional": true
             }
@@ -3546,8 +3631,7 @@
         },
         "readable-stream": {
           "version": "2.3.6",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
-          "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3561,61 +3645,55 @@
           }
         },
         "rimraf": {
-          "version": "2.6.2",
-          "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz",
-          "integrity": "sha512-lreewLK/BlghmxtfH36YYVg1i8IAce4TI7oao75I1g245+6BctqTVQiBP3YUJ9C6DQOXJmkYR9X9fCLtCOJc5w==",
+          "version": "2.6.3",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
-            "glob": "^7.0.5"
+            "glob": "^7.1.3"
           }
         },
         "safe-buffer": {
-          "version": "5.1.1",
-          "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz",
-          "integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg==",
-          "dev": true
+          "version": "5.1.2",
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "safer-buffer": {
           "version": "2.1.2",
-          "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-          "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "sax": {
           "version": "1.2.4",
-          "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
-          "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "semver": {
-          "version": "5.5.0",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-5.5.0.tgz",
-          "integrity": "sha512-4SJ3dm0WAwWy/NVeioZh5AntkdJoWKxHxcmyP622fOkgHa4z3R0TdBJICINyaSDE6uNwVc8gZr+ZinwZAH4xIA==",
+          "version": "5.6.0",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "set-blocking": {
           "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
-          "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "signal-exit": {
           "version": "3.0.2",
-          "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz",
-          "integrity": "sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "string-width": {
           "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz",
-          "integrity": "sha1-EYvfW4zcUaKn5w0hHgfisLmxB9M=",
+          "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "code-point-at": "^1.0.0",
             "is-fullwidth-code-point": "^1.0.0",
@@ -3624,8 +3702,7 @@
         },
         "string_decoder": {
           "version": "1.1.1",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
-          "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
@@ -3634,64 +3711,60 @@
         },
         "strip-ansi": {
           "version": "3.0.1",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
-          "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
+          "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "ansi-regex": "^2.0.0"
           }
         },
         "strip-json-comments": {
           "version": "2.0.1",
-          "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
-          "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "tar": {
-          "version": "4.4.1",
-          "resolved": "https://registry.npmjs.org/tar/-/tar-4.4.1.tgz",
-          "integrity": "sha512-O+v1r9yN4tOsvl90p5HAP4AEqbYhx4036AGMm075fH9F8Qwi3oJ+v4u50FkT/KkvywNGtwkk0zRI+8eYm1X/xg==",
+          "version": "4.4.8",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
-            "chownr": "^1.0.1",
+            "chownr": "^1.1.1",
             "fs-minipass": "^1.2.5",
-            "minipass": "^2.2.4",
-            "minizlib": "^1.1.0",
+            "minipass": "^2.3.4",
+            "minizlib": "^1.1.1",
             "mkdirp": "^0.5.0",
-            "safe-buffer": "^5.1.1",
+            "safe-buffer": "^5.1.2",
             "yallist": "^3.0.2"
           }
         },
         "util-deprecate": {
           "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-          "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=",
+          "bundled": true,
           "dev": true,
           "optional": true
         },
         "wide-align": {
-          "version": "1.1.2",
-          "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.2.tgz",
-          "integrity": "sha512-ijDLlyQ7s6x1JgCLur53osjm/UXUYD9+0PbYKrBsYisYXzCxN+HC3mYDNy/dWdmf3AwqwU3CXwDCvsNgGK1S0w==",
+          "version": "1.1.3",
+          "bundled": true,
           "dev": true,
           "optional": true,
           "requires": {
-            "string-width": "^1.0.2"
+            "string-width": "^1.0.2 || 2"
           }
         },
         "wrappy": {
           "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-          "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
-          "dev": true
+          "bundled": true,
+          "dev": true,
+          "optional": true
         },
         "yallist": {
-          "version": "3.0.2",
-          "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.2.tgz",
-          "integrity": "sha1-hFK0u36Dx8GI2AQcGoN8dz1ti7k=",
-          "dev": true
+          "version": "3.0.3",
+          "bundled": true,
+          "dev": true,
+          "optional": true
         }
       }
     },
@@ -3719,12 +3792,21 @@
       "integrity": "sha1-6td0q+5y4gQJQzoGY2YCPdaIekE=",
       "dev": true
     },
-    "get-stream": {
-      "version": "3.0.0",
-      "resolved": "http://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz",
-      "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=",
+    "get-stdin": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz",
+      "integrity": "sha1-uWjGsKBDhDJJAui/Gl3zJXmkUP4=",
       "dev": true
     },
+    "get-stream": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz",
+      "integrity": "sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==",
+      "dev": true,
+      "requires": {
+        "pump": "^3.0.0"
+      }
+    },
     "get-value": {
       "version": "2.0.6",
       "resolved": "https://registry.npmjs.org/get-value/-/get-value-2.0.6.tgz",
@@ -3732,9 +3814,9 @@
       "dev": true
     },
     "glob": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
-      "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.3.tgz",
+      "integrity": "sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ==",
       "dev": true,
       "requires": {
         "fs.realpath": "^1.0.0",
@@ -3773,9 +3855,9 @@
       "dev": true
     },
     "globals": {
-      "version": "11.9.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-11.9.0.tgz",
-      "integrity": "sha512-5cJVtyXWH8PiJPVLZzzoIizXx944O4OmRro5MWKx5fT4MgcN7OfaMutPeaTdJCCURwbWdhhcCWcKIffPnmTzBg==",
+      "version": "11.11.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-11.11.0.tgz",
+      "integrity": "sha512-WHq43gS+6ufNOEqlrDBxVEbb8ntfXrfAUU2ZOpCxrBdGKW3gyv8mCxAfIBD0DroPKGrJ2eSsXsLtY9MPntsyTw==",
       "dev": true
     },
     "graceful-fs": {
@@ -3790,6 +3872,29 @@
       "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==",
       "dev": true
     },
+    "handlebars": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.1.0.tgz",
+      "integrity": "sha512-l2jRuU1NAWK6AW5qqcTATWQJvNPEwkM7NEKSiv/gqOsoSQbVoWyqVEY5GS+XPQ88zLNmqASRpzfdm8d79hJS+w==",
+      "dev": true,
+      "requires": {
+        "async": "^2.5.0",
+        "optimist": "^0.6.1",
+        "source-map": "^0.6.1",
+        "uglify-js": "^3.1.4"
+      },
+      "dependencies": {
+        "async": {
+          "version": "2.6.1",
+          "resolved": "https://registry.npmjs.org/async/-/async-2.6.1.tgz",
+          "integrity": "sha512-fNEiL2+AZt6AlAw/29Cr0UDe4sRAHCpEHh54WMz+Bb7QfNcFw4h3loofyJpLeQs4Yx7yuqu/2dLgM5hKOs6HlQ==",
+          "dev": true,
+          "requires": {
+            "lodash": "^4.17.10"
+          }
+        }
+      }
+    },
     "has": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
@@ -3903,9 +4008,15 @@
         "minimalistic-crypto-utils": "^1.0.1"
       }
     },
+    "hosted-git-info": {
+      "version": "2.7.1",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.7.1.tgz",
+      "integrity": "sha512-7T/BxH19zbcCTa8XkMlbK5lTo1WtgkFi3GvdWEyNuc4Vex7/9Dqbnpsf4JMydcfj9HCg4zUWFTL3Za6lapg5/w==",
+      "dev": true
+    },
     "http-errors": {
       "version": "1.6.3",
-      "resolved": "http://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz",
       "integrity": "sha1-i1VoC7S+KDoLW/TqLjhYC+HZMg0=",
       "dev": true,
       "requires": {
@@ -3933,9 +4044,9 @@
       "dev": true
     },
     "iconv-lite": {
-      "version": "0.4.23",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.23.tgz",
-      "integrity": "sha512-neyTUVFtahjf0mB3dZT77u+8O0QB89jFdnBkd5P1JgYPbPaia3gXXOVL2fq8VyU2gMMD7SaN7QukTB/pmXYvDA==",
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
       "dev": true,
       "requires": {
         "safer-buffer": ">= 2.1.2 < 3"
@@ -3975,6 +4086,15 @@
       "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=",
       "dev": true
     },
+    "indent-string": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-2.1.0.tgz",
+      "integrity": "sha1-ji1INIdCEhtKghi3oTfppSBJ3IA=",
+      "dev": true,
+      "requires": {
+        "repeating": "^2.0.0"
+      }
+    },
     "indexof": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/indexof/-/indexof-0.0.1.tgz",
@@ -3998,21 +4118,21 @@
       "dev": true
     },
     "inquirer": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-6.2.1.tgz",
-      "integrity": "sha512-088kl3DRT2dLU5riVMKKr1DlImd6X7smDhpXUCkJDCKvTEJeRiXh0G132HG9u5a+6Ylw9plFRY7RuTnwohYSpg==",
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-6.2.2.tgz",
+      "integrity": "sha512-Z2rREiXA6cHRR9KBOarR3WuLlFzlIfAEIiB45ll5SSadMg7WqOh1MKEjjndfuH5ewXdixWCxqnVfGOQzPeiztA==",
       "dev": true,
       "requires": {
-        "ansi-escapes": "^3.0.0",
-        "chalk": "^2.0.0",
+        "ansi-escapes": "^3.2.0",
+        "chalk": "^2.4.2",
         "cli-cursor": "^2.1.0",
         "cli-width": "^2.0.0",
-        "external-editor": "^3.0.0",
+        "external-editor": "^3.0.3",
         "figures": "^2.0.0",
-        "lodash": "^4.17.10",
+        "lodash": "^4.17.11",
         "mute-stream": "0.0.7",
         "run-async": "^2.2.0",
-        "rxjs": "^6.1.0",
+        "rxjs": "^6.4.0",
         "string-width": "^2.1.0",
         "strip-ansi": "^5.0.0",
         "through": "^2.3.6"
@@ -4036,9 +4156,9 @@
       }
     },
     "interpret": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.1.0.tgz",
-      "integrity": "sha1-ftGxQQxqDg94z5XTuEQMY/eLhhQ=",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.2.0.tgz",
+      "integrity": "sha512-mT34yGKMNceBQUoVn7iCDKDntA7SC6gycMAWzGx1z/CMCTV7b2AAtXlo3nRyHZ1FelRkQbQjprHSYGwzLtkVbw==",
       "dev": true
     },
     "invariant": {
@@ -4076,6 +4196,12 @@
         }
       }
     },
+    "is-arrayish": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz",
+      "integrity": "sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=",
+      "dev": true
+    },
     "is-binary-path": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-1.0.1.tgz",
@@ -4154,6 +4280,15 @@
       "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
       "dev": true
     },
+    "is-finite": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/is-finite/-/is-finite-1.0.2.tgz",
+      "integrity": "sha1-zGZ3aVYCvlUO8R6LSqYwU0K20Ko=",
+      "dev": true,
+      "requires": {
+        "number-is-nan": "^1.0.0"
+      }
+    },
     "is-fullwidth-code-point": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
@@ -4228,6 +4363,12 @@
         "has-symbols": "^1.0.0"
       }
     },
+    "is-utf8": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz",
+      "integrity": "sha1-Sw2hRCEE0bM2NA6AeX6GXPOffXI=",
+      "dev": true
+    },
     "is-windows": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz",
@@ -4261,28 +4402,119 @@
       "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=",
       "dev": true
     },
+    "istanbul": {
+      "version": "0.4.5",
+      "resolved": "https://registry.npmjs.org/istanbul/-/istanbul-0.4.5.tgz",
+      "integrity": "sha1-ZcfXPUxNqE1POsMQuRj7C4Azczs=",
+      "dev": true,
+      "requires": {
+        "abbrev": "1.0.x",
+        "async": "1.x",
+        "escodegen": "1.8.x",
+        "esprima": "2.7.x",
+        "glob": "^5.0.15",
+        "handlebars": "^4.0.1",
+        "js-yaml": "3.x",
+        "mkdirp": "0.5.x",
+        "nopt": "3.x",
+        "once": "1.x",
+        "resolve": "1.1.x",
+        "supports-color": "^3.1.0",
+        "which": "^1.1.1",
+        "wordwrap": "^1.0.0"
+      },
+      "dependencies": {
+        "esprima": {
+          "version": "2.7.3",
+          "resolved": "https://registry.npmjs.org/esprima/-/esprima-2.7.3.tgz",
+          "integrity": "sha1-luO3DVd59q1JzQMmc9HDEnZ7pYE=",
+          "dev": true
+        },
+        "glob": {
+          "version": "5.0.15",
+          "resolved": "https://registry.npmjs.org/glob/-/glob-5.0.15.tgz",
+          "integrity": "sha1-G8k2ueAvSmA/zCIuz3Yz0wuLk7E=",
+          "dev": true,
+          "requires": {
+            "inflight": "^1.0.4",
+            "inherits": "2",
+            "minimatch": "2 || 3",
+            "once": "^1.3.0",
+            "path-is-absolute": "^1.0.0"
+          }
+        },
+        "has-flag": {
+          "version": "1.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-1.0.0.tgz",
+          "integrity": "sha1-nZ55MWXOAXoA8AQYxD+UKnsdEfo=",
+          "dev": true
+        },
+        "resolve": {
+          "version": "1.1.7",
+          "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.1.7.tgz",
+          "integrity": "sha1-IDEU2CrSxe2ejgQRs5ModeiJ6Xs=",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "3.2.3",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-3.2.3.tgz",
+          "integrity": "sha1-ZawFBLOVQXHYpklGsq48u4pfVPY=",
+          "dev": true,
+          "requires": {
+            "has-flag": "^1.0.0"
+          }
+        }
+      }
+    },
+    "istanbul-lib-coverage": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.3.tgz",
+      "integrity": "sha512-dKWuzRGCs4G+67VfW9pBFFz2Jpi4vSp/k7zBcJ888ofV5Mi1g5CUML5GvMvV6u9Cjybftu+E8Cgp+k0dI1E5lw==",
+      "dev": true
+    },
+    "istanbul-lib-instrument": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-3.1.0.tgz",
+      "integrity": "sha512-ooVllVGT38HIk8MxDj/OIHXSYvH+1tq/Vb38s8ixt9GoJadXska4WkGY+0wkmtYCZNYtaARniH/DixUGGLZ0uA==",
+      "dev": true,
+      "requires": {
+        "@babel/generator": "^7.0.0",
+        "@babel/parser": "^7.0.0",
+        "@babel/template": "^7.0.0",
+        "@babel/traverse": "^7.0.0",
+        "@babel/types": "^7.0.0",
+        "istanbul-lib-coverage": "^2.0.3",
+        "semver": "^5.5.0"
+      }
+    },
     "js-levenshtein": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/js-levenshtein/-/js-levenshtein-1.1.4.tgz",
-      "integrity": "sha512-PxfGzSs0ztShKrUYPIn5r0MtyAhYcCwmndozzpz8YObbPnD1jFxzlBGbRnX2mIu6Z13xN6+PTu05TQFnZFlzow==",
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/js-levenshtein/-/js-levenshtein-1.1.6.tgz",
+      "integrity": "sha512-X2BB11YZtrRqY4EnQcLX5Rh373zbK4alC1FW7D7MBhL2gtcC17cTnr6DmfHZeS0s2rTHjUTMMHfG7gO8SSdw+g==",
       "dev": true
     },
     "js-tokens": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-3.0.2.tgz",
-      "integrity": "sha1-mGbfOVECEw449/mWvOtlRDIJwls=",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
       "dev": true
     },
     "js-yaml": {
-      "version": "3.12.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.0.tgz",
-      "integrity": "sha512-PIt2cnwmPfL4hKNwqeiuz4bKfnzHTBv6HyVgjahA6mPLwPDzjDWrplJBMjHUFxku/N3FlmrbyPclad+I+4mJ3A==",
+      "version": "3.12.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.1.tgz",
+      "integrity": "sha512-um46hB9wNOKlwkHgiuyEVAybXBjwFUV0Z/RaHJblRd9DXltue9FTYvzCr9ErQrK9Adz5MU4gHWVaNUfdmrC8qA==",
       "dev": true,
       "requires": {
         "argparse": "^1.0.7",
         "esprima": "^4.0.0"
       }
     },
+    "jsesc": {
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
+      "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==",
+      "dev": true
+    },
     "json-parse-better-errors": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz",
@@ -4302,15 +4534,24 @@
       "dev": true
     },
     "json5": {
-      "version": "0.5.1",
-      "resolved": "http://registry.npmjs.org/json5/-/json5-0.5.1.tgz",
-      "integrity": "sha1-Hq3nrMASA0rYTiOWdn6tn6VJWCE=",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.1.0.tgz",
+      "integrity": "sha512-8Mh9h6xViijj36g7Dxi+Y4S6hNGV96vcJZr/SrlHh1LR/pEn/8j/+qIBbs44YKl69Lrfctp4QD+AdWLTMqEZAQ==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.0"
+      }
+    },
+    "just-extend": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.0.2.tgz",
+      "integrity": "sha512-FrLwOgm+iXrPV+5zDU6Jqu4gCRXbWEQg2O3SKONsWE4w7AXFRkryS53bpWdaL9cNol+AmR3AEYz6kn+o0fCPnw==",
       "dev": true
     },
     "karma": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/karma/-/karma-3.1.3.tgz",
-      "integrity": "sha512-JU4FYUtFEGsLZd6ZJzLrivcPj0TkteBiIRDcXWFsltPMGgZMDtby/MIzNOzgyZv/9dahs9vHpSxerC/ZfeX9Qw==",
+      "version": "3.1.4",
+      "resolved": "https://registry.npmjs.org/karma/-/karma-3.1.4.tgz",
+      "integrity": "sha512-31Vo8Qr5glN+dZEVIpnPCxEGleqE0EY6CtC2X9TagRV3rRQ3SNrvfhddICkJgUK3AgqpeKSZau03QumTGhGoSw==",
       "dev": true,
       "requires": {
         "bluebird": "^3.3.0",
@@ -4360,7 +4601,7 @@
       "dependencies": {
         "chai": {
           "version": "3.5.0",
-          "resolved": "http://registry.npmjs.org/chai/-/chai-3.5.0.tgz",
+          "resolved": "https://registry.npmjs.org/chai/-/chai-3.5.0.tgz",
           "integrity": "sha1-TQJjewZ/6Vi9v906QOxW/vc3Mkc=",
           "dev": true,
           "requires": {
@@ -4371,7 +4612,7 @@
         },
         "deep-eql": {
           "version": "0.1.3",
-          "resolved": "http://registry.npmjs.org/deep-eql/-/deep-eql-0.1.3.tgz",
+          "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-0.1.3.tgz",
           "integrity": "sha1-71WKyrjeJSBs1xOQbXTlaTDrafI=",
           "dev": true,
           "requires": {
@@ -4386,6 +4627,30 @@
             }
           }
         },
+        "sinon": {
+          "version": "2.4.1",
+          "resolved": "https://registry.npmjs.org/sinon/-/sinon-2.4.1.tgz",
+          "integrity": "sha512-vFTrO9Wt0ECffDYIPSP/E5bBugt0UjcBQOfQUMh66xzkyPEnhl/vM2LRZi2ajuTdkH07sA6DzrM6KvdvGIH8xw==",
+          "dev": true,
+          "requires": {
+            "diff": "^3.1.0",
+            "formatio": "1.2.0",
+            "lolex": "^1.6.0",
+            "native-promise-only": "^0.8.1",
+            "path-to-regexp": "^1.7.0",
+            "samsam": "^1.1.3",
+            "text-encoding": "0.6.4",
+            "type-detect": "^4.0.0"
+          },
+          "dependencies": {
+            "type-detect": {
+              "version": "4.0.8",
+              "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
+              "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==",
+              "dev": true
+            }
+          }
+        },
         "type-detect": {
           "version": "1.0.0",
           "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-1.0.0.tgz",
@@ -4394,6 +4659,27 @@
         }
       }
     },
+    "karma-coverage": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/karma-coverage/-/karma-coverage-1.1.2.tgz",
+      "integrity": "sha512-eQawj4Cl3z/CjxslYy9ariU4uDh7cCNFZHNWXWRpl0pNeblY/4wHR7M7boTYXWrn9bY0z2pZmr11eKje/S/hIw==",
+      "dev": true,
+      "requires": {
+        "dateformat": "^1.0.6",
+        "istanbul": "^0.4.0",
+        "lodash": "^4.17.0",
+        "minimatch": "^3.0.0",
+        "source-map": "^0.5.1"
+      },
+      "dependencies": {
+        "source-map": {
+          "version": "0.5.7",
+          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
+          "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=",
+          "dev": true
+        }
+      }
+    },
     "karma-firefox-launcher": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/karma-firefox-launcher/-/karma-firefox-launcher-1.1.0.tgz",
@@ -4407,16 +4693,14 @@
       "dev": true,
       "requires": {
         "minimist": "1.2.0"
-      },
-      "dependencies": {
-        "minimist": {
-          "version": "1.2.0",
-          "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
-          "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=",
-          "dev": true
-        }
       }
     },
+    "karma-sinon": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/karma-sinon/-/karma-sinon-1.0.5.tgz",
+      "integrity": "sha1-TjRD8oMP3s/2JNN0cWPxIX2qKpo=",
+      "dev": true
+    },
     "kind-of": {
       "version": "6.0.2",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz",
@@ -4442,21 +4726,44 @@
         "type-check": "~0.3.2"
       }
     },
+    "load-json-file": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-4.0.0.tgz",
+      "integrity": "sha1-L19Fq5HjMhYjT9U62rZo607AmTs=",
+      "dev": true,
+      "requires": {
+        "graceful-fs": "^4.1.2",
+        "parse-json": "^4.0.0",
+        "pify": "^3.0.0",
+        "strip-bom": "^3.0.0"
+      }
+    },
     "loader-runner": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-2.3.1.tgz",
-      "integrity": "sha512-By6ZFY7ETWOc9RFaAIb23IjJVcM4dvJC/N57nmdz9RSkMXvAXGI7SyVlAw3v8vjtDRlqThgVDVmTnr9fqMlxkw==",
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-2.4.0.tgz",
+      "integrity": "sha512-Jsmr89RcXGIwivFY21FcRrisYZfvLMTWx5kOLc+JTxtpBOG6xML0vzbc6SEQG2FO9/4Fc3wW4LVcB5DmGflaRw==",
       "dev": true
     },
     "loader-utils": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-1.1.0.tgz",
-      "integrity": "sha1-yYrvSIvM7aL/teLeZG1qdUQp9c0=",
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-1.2.3.tgz",
+      "integrity": "sha512-fkpz8ejdnEMG3s37wGL07iSBDg99O9D5yflE9RGNH3hRdx9SOwYfnGYdZOUIZitN8E+E2vkq3MUMYMvPYl5ZZA==",
       "dev": true,
       "requires": {
-        "big.js": "^3.1.3",
+        "big.js": "^5.2.2",
         "emojis-list": "^2.0.0",
-        "json5": "^0.5.0"
+        "json5": "^1.0.1"
+      },
+      "dependencies": {
+        "json5": {
+          "version": "1.0.1",
+          "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
+          "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+          "dev": true,
+          "requires": {
+            "minimist": "^1.2.0"
+          }
+        }
       }
     },
     "locate-path": {
@@ -4475,10 +4782,10 @@
       "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==",
       "dev": true
     },
-    "lodash.debounce": {
-      "version": "4.0.8",
-      "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz",
-      "integrity": "sha1-gteb/zCmfEAF/9XiUVMArZyk168=",
+    "lodash.get": {
+      "version": "4.4.2",
+      "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz",
+      "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=",
       "dev": true
     },
     "log4js": {
@@ -4492,6 +4799,23 @@
         "debug": "^3.1.0",
         "rfdc": "^1.1.2",
         "streamroller": "0.7.0"
+      },
+      "dependencies": {
+        "circular-json": {
+          "version": "0.5.9",
+          "resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.5.9.tgz",
+          "integrity": "sha512-4ivwqHpIFJZBuhN3g/pEcdbnGUywkBblloGbkglyloVjjR3uT6tieI89MVOfbP2tHX5sgb01FuLgAOzebNlJNQ==",
+          "dev": true
+        },
+        "debug": {
+          "version": "3.2.6",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz",
+          "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==",
+          "dev": true,
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        }
       }
     },
     "lolex": {
@@ -4509,6 +4833,16 @@
         "js-tokens": "^3.0.0 || ^4.0.0"
       }
     },
+    "loud-rejection": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/loud-rejection/-/loud-rejection-1.6.0.tgz",
+      "integrity": "sha1-W0b4AUft7leIcPCG0Eghz5mOVR8=",
+      "dev": true,
+      "requires": {
+        "currently-unhandled": "^0.4.1",
+        "signal-exit": "^3.0.0"
+      }
+    },
     "lru-cache": {
       "version": "4.1.5",
       "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz",
@@ -4543,6 +4877,12 @@
       "integrity": "sha1-wyq9C9ZSXZsFFkW7TyasXcmKDb8=",
       "dev": true
     },
+    "map-obj": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz",
+      "integrity": "sha1-2TPOuSBdgr3PSIb2dCvcK03qFG0=",
+      "dev": true
+    },
     "map-visit": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/map-visit/-/map-visit-1.0.0.tgz",
@@ -4565,19 +4905,19 @@
     },
     "media-typer": {
       "version": "0.3.0",
-      "resolved": "http://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
       "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=",
       "dev": true
     },
     "mem": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/mem/-/mem-4.0.0.tgz",
-      "integrity": "sha512-WQxG/5xYc3tMbYLXoXPm81ET2WDULiU5FxbuIoNbJqLOOI8zehXFdZuiUEgfdrU2mVB1pxBZUGlYORSrpuJreA==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/mem/-/mem-4.1.0.tgz",
+      "integrity": "sha512-I5u6Q1x7wxO0kdOpYBB28xueHADYps5uty/zg936CiG8NTe5sJL8EjrCuLneuDW3PlMdZBGDIn8BirEVdovZvg==",
       "dev": true,
       "requires": {
         "map-age-cleaner": "^0.1.1",
         "mimic-fn": "^1.0.0",
-        "p-is-promise": "^1.1.0"
+        "p-is-promise": "^2.0.0"
       }
     },
     "memory-fs": {
@@ -4590,6 +4930,114 @@
         "readable-stream": "^2.0.1"
       }
     },
+    "meow": {
+      "version": "3.7.0",
+      "resolved": "https://registry.npmjs.org/meow/-/meow-3.7.0.tgz",
+      "integrity": "sha1-cstmi0JSKCkKu/qFaJJYcwioAfs=",
+      "dev": true,
+      "requires": {
+        "camelcase-keys": "^2.0.0",
+        "decamelize": "^1.1.2",
+        "loud-rejection": "^1.0.0",
+        "map-obj": "^1.0.1",
+        "minimist": "^1.1.3",
+        "normalize-package-data": "^2.3.4",
+        "object-assign": "^4.0.1",
+        "read-pkg-up": "^1.0.1",
+        "redent": "^1.0.0",
+        "trim-newlines": "^1.0.0"
+      },
+      "dependencies": {
+        "find-up": {
+          "version": "1.1.2",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz",
+          "integrity": "sha1-ay6YIrGizgpgq2TWEOzK1TyyTQ8=",
+          "dev": true,
+          "requires": {
+            "path-exists": "^2.0.0",
+            "pinkie-promise": "^2.0.0"
+          }
+        },
+        "load-json-file": {
+          "version": "1.1.0",
+          "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz",
+          "integrity": "sha1-lWkFcI1YtLq0wiYbBPWfMcmTdMA=",
+          "dev": true,
+          "requires": {
+            "graceful-fs": "^4.1.2",
+            "parse-json": "^2.2.0",
+            "pify": "^2.0.0",
+            "pinkie-promise": "^2.0.0",
+            "strip-bom": "^2.0.0"
+          }
+        },
+        "parse-json": {
+          "version": "2.2.0",
+          "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz",
+          "integrity": "sha1-9ID0BDTvgHQfhGkJn43qGPVaTck=",
+          "dev": true,
+          "requires": {
+            "error-ex": "^1.2.0"
+          }
+        },
+        "path-exists": {
+          "version": "2.1.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz",
+          "integrity": "sha1-D+tsZPD8UY2adU3V77YscCJ2H0s=",
+          "dev": true,
+          "requires": {
+            "pinkie-promise": "^2.0.0"
+          }
+        },
+        "path-type": {
+          "version": "1.1.0",
+          "resolved": "https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz",
+          "integrity": "sha1-WcRPfuSR2nBNpBXaWkBwuk+P5EE=",
+          "dev": true,
+          "requires": {
+            "graceful-fs": "^4.1.2",
+            "pify": "^2.0.0",
+            "pinkie-promise": "^2.0.0"
+          }
+        },
+        "pify": {
+          "version": "2.3.0",
+          "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
+          "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=",
+          "dev": true
+        },
+        "read-pkg": {
+          "version": "1.1.0",
+          "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz",
+          "integrity": "sha1-9f+qXs0pyzHAR0vKfXVra7KePyg=",
+          "dev": true,
+          "requires": {
+            "load-json-file": "^1.0.0",
+            "normalize-package-data": "^2.3.2",
+            "path-type": "^1.0.0"
+          }
+        },
+        "read-pkg-up": {
+          "version": "1.0.1",
+          "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz",
+          "integrity": "sha1-nWPBMnbAZZGNV/ACpX9AobZD+wI=",
+          "dev": true,
+          "requires": {
+            "find-up": "^1.0.0",
+            "read-pkg": "^1.0.0"
+          }
+        },
+        "strip-bom": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz",
+          "integrity": "sha1-YhmoVhZSBJHzV4i9vxRHqZx+aw4=",
+          "dev": true,
+          "requires": {
+            "is-utf8": "^0.2.0"
+          }
+        }
+      }
+    },
     "micromatch": {
       "version": "3.1.10",
       "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz",
@@ -4670,9 +5118,9 @@
       }
     },
     "minimist": {
-      "version": "0.0.8",
-      "resolved": "http://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
-      "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
+      "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=",
       "dev": true
     },
     "mississippi": {
@@ -4716,11 +5164,19 @@
     },
     "mkdirp": {
       "version": "0.5.1",
-      "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
       "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
       "dev": true,
       "requires": {
         "minimist": "0.0.8"
+      },
+      "dependencies": {
+        "minimist": {
+          "version": "0.0.8",
+          "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
+          "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=",
+          "dev": true
+        }
       }
     },
     "mocha": {
@@ -4740,6 +5196,52 @@
         "minimatch": "3.0.4",
         "mkdirp": "0.5.1",
         "supports-color": "5.4.0"
+      },
+      "dependencies": {
+        "commander": {
+          "version": "2.15.1",
+          "resolved": "https://registry.npmjs.org/commander/-/commander-2.15.1.tgz",
+          "integrity": "sha512-VlfT9F3V0v+jr4yxPc5gg9s62/fIVWsd2Bk2iD435um1NlGMYdVCq+MjcXnhYq2icNOizHr1kK+5TI6H0Hy0ag==",
+          "dev": true
+        },
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "glob": {
+          "version": "7.1.2",
+          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
+          "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
+          "dev": true,
+          "requires": {
+            "fs.realpath": "^1.0.0",
+            "inflight": "^1.0.4",
+            "inherits": "2",
+            "minimatch": "^3.0.4",
+            "once": "^1.3.0",
+            "path-is-absolute": "^1.0.0"
+          }
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "5.4.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.4.0.tgz",
+          "integrity": "sha512-zjaXglF5nnWpsq470jSv6P9DwPvgLkuapYmfDm3JWOm0vkNTVF2tI4UrN2r6jH1qM/uc/WtxYY1hYoA2dOKj5w==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^3.0.0"
+          }
+        }
       }
     },
     "move-concurrently": {
@@ -4757,9 +5259,9 @@
       }
     },
     "ms": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
-      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
+      "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==",
       "dev": true
     },
     "mute-stream": {
@@ -4769,9 +5271,9 @@
       "dev": true
     },
     "nan": {
-      "version": "2.11.1",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.11.1.tgz",
-      "integrity": "sha512-iji6k87OSXa0CcrLl9z+ZiYSuR2o+c0bGuNmXdrhTQTakxytAFsC56SArGYoiHlJlFoHSnvmhpceZJaXkVuOtA==",
+      "version": "2.12.1",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.12.1.tgz",
+      "integrity": "sha512-JY7V6lRkStKcKTvHO5NVSQRv+RV+FIL5pvDoLiAtSL9pKlC5x9PKQcZDsq7m4FO4d57mkhC6Z+QhAh3Jdk5JFw==",
       "dev": true,
       "optional": true
     },
@@ -4824,10 +5326,31 @@
       "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==",
       "dev": true
     },
+    "nise": {
+      "version": "1.4.8",
+      "resolved": "https://registry.npmjs.org/nise/-/nise-1.4.8.tgz",
+      "integrity": "sha512-kGASVhuL4tlAV0tvA34yJYZIVihrUt/5bDwpp4tTluigxUr2bBlJeDXmivb6NuEdFkqvdv/Ybb9dm16PSKUhtw==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/formatio": "^3.1.0",
+        "just-extend": "^4.0.2",
+        "lolex": "^2.3.2",
+        "path-to-regexp": "^1.7.0",
+        "text-encoding": "^0.6.4"
+      },
+      "dependencies": {
+        "lolex": {
+          "version": "2.7.5",
+          "resolved": "https://registry.npmjs.org/lolex/-/lolex-2.7.5.tgz",
+          "integrity": "sha512-l9x0+1offnKKIzYVjyXU2SiwhXDLekRzKyhnbyldPHvC7BvLPVpdNUNR2KeMAiCN2D/kLNttZgQD5WjSxuBx3Q==",
+          "dev": true
+        }
+      }
+    },
     "node-libs-browser": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/node-libs-browser/-/node-libs-browser-2.1.0.tgz",
-      "integrity": "sha512-5AzFzdoIMb89hBGMZglEegffzgRg+ZFoUmisQ8HI4j1KDdpx13J0taNp2y9xPbur6W61gepGDDotGBVQ7mfUCg==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/node-libs-browser/-/node-libs-browser-2.2.0.tgz",
+      "integrity": "sha512-5MQunG/oyOaBdttrL40dA7bUfPORLRWMUJLQtMg7nluxUvk5XwnLdL9twQHFAjRx/y7mIMkLKT9++qPbbk6BZA==",
       "dev": true,
       "requires": {
         "assert": "^1.1.1",
@@ -4837,7 +5360,7 @@
         "constants-browserify": "^1.0.0",
         "crypto-browserify": "^3.11.0",
         "domain-browser": "^1.1.1",
-        "events": "^1.0.0",
+        "events": "^3.0.0",
         "https-browserify": "^1.0.0",
         "os-browserify": "^0.3.0",
         "path-browserify": "0.0.0",
@@ -4851,7 +5374,7 @@
         "timers-browserify": "^2.0.4",
         "tty-browserify": "0.0.0",
         "url": "^0.11.0",
-        "util": "^0.10.3",
+        "util": "^0.11.0",
         "vm-browserify": "0.0.4"
       },
       "dependencies": {
@@ -4864,23 +5387,41 @@
       }
     },
     "node-releases": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.1.tgz",
-      "integrity": "sha512-2UXrBr6gvaebo5TNF84C66qyJJ6r0kxBObgZIDX3D3/mt1ADKiHux3NJPWisq0wxvJJdkjECH+9IIKYViKj71Q==",
+      "version": "1.1.7",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.7.tgz",
+      "integrity": "sha512-bKdrwaqJUPHqlCzDD7so/R+Nk0jGv9a11ZhLrD9f6i947qGLrGAhU3OxRENa19QQmwzGy/g6zCDEuLGDO8HPvA==",
       "dev": true,
       "requires": {
         "semver": "^5.3.0"
       }
     },
-    "normalize-path": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz",
-      "integrity": "sha1-GrKLVW4Zg2Oowab35vogE3/mrtk=",
+    "nopt": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
+      "integrity": "sha1-xkZdvwirzU2zWTF/eaxopkayj/k=",
       "dev": true,
       "requires": {
-        "remove-trailing-separator": "^1.0.1"
+        "abbrev": "1"
       }
     },
+    "normalize-package-data": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz",
+      "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==",
+      "dev": true,
+      "requires": {
+        "hosted-git-info": "^2.1.4",
+        "resolve": "^1.10.0",
+        "semver": "2 || 3 || 4 || 5",
+        "validate-npm-package-license": "^3.0.1"
+      }
+    },
+    "normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "dev": true
+    },
     "npm-run-path": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz",
@@ -4940,9 +5481,9 @@
       }
     },
     "object-keys": {
-      "version": "1.0.12",
-      "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.0.12.tgz",
-      "integrity": "sha512-FTMyFUm2wBcGHnH2eXmz7tC6IwlqQZ6mVZ+6dm6vZ4IQIHjs6FdNsQBuKGPuUUUY6NfJw2PshC08Tn6LzLDOag==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.0.tgz",
+      "integrity": "sha512-6OO5X1+2tYkNyNEx6TsCxEqFfRWaqx6EtMiSbGrw8Ob8v9Ne+Hl8rBAgLBZn5wjEz3s/s6U1WXFUFOcxxAwUpg==",
       "dev": true
     },
     "object-visit": {
@@ -5008,6 +5549,20 @@
       "requires": {
         "minimist": "~0.0.1",
         "wordwrap": "~0.0.2"
+      },
+      "dependencies": {
+        "minimist": {
+          "version": "0.0.10",
+          "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz",
+          "integrity": "sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8=",
+          "dev": true
+        },
+        "wordwrap": {
+          "version": "0.0.3",
+          "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz",
+          "integrity": "sha1-o9XabNXAvAAI03I0u68b7WMFkQc=",
+          "dev": true
+        }
       }
     },
     "optionator": {
@@ -5022,14 +5577,6 @@
         "prelude-ls": "~1.1.2",
         "type-check": "~0.3.2",
         "wordwrap": "~1.0.0"
-      },
-      "dependencies": {
-        "wordwrap": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
-          "integrity": "sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=",
-          "dev": true
-        }
       }
     },
     "os-browserify": {
@@ -5039,19 +5586,19 @@
       "dev": true
     },
     "os-locale": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/os-locale/-/os-locale-3.0.1.tgz",
-      "integrity": "sha512-7g5e7dmXPtzcP4bgsZ8ixDVqA7oWYuEz4lOSujeWyliPai4gfVDiFIcwBg3aGCPnmSGfzOKTK3ccPn0CKv3DBw==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/os-locale/-/os-locale-3.1.0.tgz",
+      "integrity": "sha512-Z8l3R4wYWM40/52Z+S265okfFj8Kt2cC2MKY+xNi3kFs+XGI7WXu/I309QQQYbRW4ijiZ+yxs9pqEhJh0DqW3Q==",
       "dev": true,
       "requires": {
-        "execa": "^0.10.0",
+        "execa": "^1.0.0",
         "lcid": "^2.0.0",
         "mem": "^4.0.0"
       }
     },
     "os-tmpdir": {
       "version": "1.0.2",
-      "resolved": "http://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
       "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=",
       "dev": true
     },
@@ -5068,15 +5615,15 @@
       "dev": true
     },
     "p-is-promise": {
-      "version": "1.1.0",
-      "resolved": "http://registry.npmjs.org/p-is-promise/-/p-is-promise-1.1.0.tgz",
-      "integrity": "sha1-nJRWmJ6fZYgBewQ01WCXZ1w9oF4=",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-2.0.0.tgz",
+      "integrity": "sha512-pzQPhYMCAgLAKPWD2jC3Se9fEfrD9npNos0y150EeqZll7akhEgGhTW/slB6lHku8AvYGiJ+YJ5hfHKePPgFWg==",
       "dev": true
     },
     "p-limit": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.0.0.tgz",
-      "integrity": "sha512-fl5s52lI5ahKCernzzIyAP0QAZbGIovtVHGwpcu1Jr/EpzLVDI2myISHwGqK7m8uQFugVWSrbxH7XnhGtvEc+A==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.1.0.tgz",
+      "integrity": "sha512-NhURkNcrVB+8hNfLuysU8enY5xn2KXphsHBaC2YmRNTZRc7RWusw6apSpdEj3jo4CMb6W9nrF6tTnsJsJeyu6g==",
       "dev": true,
       "requires": {
         "p-try": "^2.0.0"
@@ -5098,9 +5645,9 @@
       "dev": true
     },
     "pako": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.7.tgz",
-      "integrity": "sha512-3HNK5tW4x8o5mO8RuHZp3Ydw9icZXx0RANAOMzlMzx7LVXhMJ4mo3MOBpzyd7r/+RUu8BmndP47LXT+vzjtWcQ==",
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.8.tgz",
+      "integrity": "sha512-6i0HVbUfcKaTv+EG8ZTr75az7GFXcLYk9UyLEg7Notv/Ma+z/UG3TCoz6GiNeOrn1E/e63I0X/Hpw18jHOTUnA==",
       "dev": true
     },
     "parallel-transform": {
@@ -5115,16 +5662,27 @@
       }
     },
     "parse-asn1": {
-      "version": "5.1.1",
-      "resolved": "http://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.1.tgz",
-      "integrity": "sha512-KPx7flKXg775zZpnp9SxJlz00gTd4BmJ2yJufSc44gMCRrRQ7NSzAcSJQfifuOLgW6bEi+ftrALtsgALeB2Adw==",
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.3.tgz",
+      "integrity": "sha512-VrPoetlz7B/FqjBLD2f5wBVZvsZVLnRUrxVLfRYhGXCODa/NWE4p3Wp+6+aV3ZPL3KM7/OZmxDIwwijD7yuucg==",
       "dev": true,
       "requires": {
         "asn1.js": "^4.0.0",
         "browserify-aes": "^1.0.0",
         "create-hash": "^1.1.0",
         "evp_bytestokey": "^1.0.0",
-        "pbkdf2": "^3.0.3"
+        "pbkdf2": "^3.0.3",
+        "safe-buffer": "^5.1.1"
+      }
+    },
+    "parse-json": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz",
+      "integrity": "sha1-vjX1Qlvh9/bHRxhPmKeIy5lHfuA=",
+      "dev": true,
+      "requires": {
+        "error-ex": "^1.3.1",
+        "json-parse-better-errors": "^1.0.1"
       }
     },
     "parseqs": {
@@ -5159,7 +5717,7 @@
     },
     "path-browserify": {
       "version": "0.0.0",
-      "resolved": "http://registry.npmjs.org/path-browserify/-/path-browserify-0.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-0.0.0.tgz",
       "integrity": "sha1-oLhwcpquIUAFt9UDLsLLuw+0RRo=",
       "dev": true
     },
@@ -5177,7 +5735,7 @@
     },
     "path-is-absolute": {
       "version": "1.0.1",
-      "resolved": "http://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
       "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
       "dev": true
     },
@@ -5216,6 +5774,15 @@
         }
       }
     },
+    "path-type": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-3.0.0.tgz",
+      "integrity": "sha512-T2ZUsdZFHgA3u4e5PfPbjd7HDDpxPnQb5jN0SrDsjNSuVXHJqtwTnWqG0B1jZrgmJ/7lj1EmVIByWt1gxGkWvg==",
+      "dev": true,
+      "requires": {
+        "pify": "^3.0.0"
+      }
+    },
     "pathval": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.0.tgz",
@@ -5241,6 +5808,21 @@
       "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=",
       "dev": true
     },
+    "pinkie": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz",
+      "integrity": "sha1-clVrgM+g1IqXToDnckjoDtT3+HA=",
+      "dev": true
+    },
+    "pinkie-promise": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz",
+      "integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=",
+      "dev": true,
+      "requires": {
+        "pinkie": "^2.0.0"
+      }
+    },
     "pkg-dir": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-3.0.0.tgz",
@@ -5387,6 +5969,12 @@
       "integrity": "sha1-nsYfeQSYdXB9aUFFlv2Qek1xHnM=",
       "dev": true
     },
+    "ramda": {
+      "version": "0.25.0",
+      "resolved": "https://registry.npmjs.org/ramda/-/ramda-0.25.0.tgz",
+      "integrity": "sha512-GXpfrYVPwx3K7RQ6aYT8KPS8XViSXUVJT1ONhoKPE9VAleW42YE+U+8VEyGWt41EnEQW7gwecYJriTI0pKoecQ==",
+      "dev": true
+    },
     "randombytes": {
       "version": "2.0.6",
       "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.0.6.tgz",
@@ -5422,11 +6010,43 @@
         "http-errors": "1.6.3",
         "iconv-lite": "0.4.23",
         "unpipe": "1.0.0"
+      },
+      "dependencies": {
+        "iconv-lite": {
+          "version": "0.4.23",
+          "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.23.tgz",
+          "integrity": "sha512-neyTUVFtahjf0mB3dZT77u+8O0QB89jFdnBkd5P1JgYPbPaia3gXXOVL2fq8VyU2gMMD7SaN7QukTB/pmXYvDA==",
+          "dev": true,
+          "requires": {
+            "safer-buffer": ">= 2.1.2 < 3"
+          }
+        }
+      }
+    },
+    "read-pkg": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-3.0.0.tgz",
+      "integrity": "sha1-nLxoaXj+5l0WwA4rGcI3/Pbjg4k=",
+      "dev": true,
+      "requires": {
+        "load-json-file": "^4.0.0",
+        "normalize-package-data": "^2.3.2",
+        "path-type": "^3.0.0"
+      }
+    },
+    "read-pkg-up": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-4.0.0.tgz",
+      "integrity": "sha512-6etQSH7nJGsK0RbG/2TeDzZFa8shjQ1um+SwQQ5cwKy0dhSXdOncEhb1CPpvQG4h7FyOV6EB6YlV0yJvZQNAkA==",
+      "dev": true,
+      "requires": {
+        "find-up": "^3.0.0",
+        "read-pkg": "^3.0.0"
       }
     },
     "readable-stream": {
       "version": "2.3.6",
-      "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
       "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
       "dev": true,
       "requires": {
@@ -5450,6 +6070,16 @@
         "readable-stream": "^2.0.2"
       }
     },
+    "redent": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/redent/-/redent-1.0.0.tgz",
+      "integrity": "sha1-z5Fqsf1fHxbfsggi3W7H9zDCr94=",
+      "dev": true,
+      "requires": {
+        "indent-string": "^2.1.0",
+        "strip-indent": "^1.0.1"
+      }
+    },
     "regenerate": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.0.tgz",
@@ -5489,6 +6119,17 @@
         "safe-regex": "^1.1.0"
       }
     },
+    "regexp-tree": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.1.tgz",
+      "integrity": "sha512-HwRjOquc9QOwKTgbxvZTcddS5mlNlwePMQ3NFL8broajMLD5CXDAqas8Y5yxJH5QtZp5iRor3YCILd5pz71Cgw==",
+      "dev": true,
+      "requires": {
+        "cli-table3": "^0.5.0",
+        "colors": "^1.1.2",
+        "yargs": "^12.0.5"
+      }
+    },
     "regexpp": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz",
@@ -5526,7 +6167,7 @@
       "dependencies": {
         "jsesc": {
           "version": "0.5.0",
-          "resolved": "http://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz",
+          "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz",
           "integrity": "sha1-597mbjXW/Bb3EP6R1c9p9w8IkR0=",
           "dev": true
         }
@@ -5550,6 +6191,15 @@
       "integrity": "sha1-jcrkcOHIirwtYA//Sndihtp15jc=",
       "dev": true
     },
+    "repeating": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/repeating/-/repeating-2.0.1.tgz",
+      "integrity": "sha1-UhTFOpJtNVJwdSf7q0FdvAjQbdo=",
+      "dev": true,
+      "requires": {
+        "is-finite": "^1.0.0"
+      }
+    },
     "require-directory": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
@@ -5564,20 +6214,12 @@
     },
     "require-uncached": {
       "version": "1.0.3",
-      "resolved": "http://registry.npmjs.org/require-uncached/-/require-uncached-1.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/require-uncached/-/require-uncached-1.0.3.tgz",
       "integrity": "sha1-Tg1W1slmL9MeQwEcS5WqSZVUIdM=",
       "dev": true,
       "requires": {
         "caller-path": "^0.1.0",
         "resolve-from": "^1.0.0"
-      },
-      "dependencies": {
-        "resolve-from": {
-          "version": "1.0.1",
-          "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-1.0.1.tgz",
-          "integrity": "sha1-Jsv+k10a7uq7Kbw/5a6wHpPUQiY=",
-          "dev": true
-        }
       }
     },
     "requires-port": {
@@ -5587,12 +6229,12 @@
       "dev": true
     },
     "resolve": {
-      "version": "1.8.1",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.8.1.tgz",
-      "integrity": "sha512-AicPrAC7Qu1JxPCZ9ZgCZlY35QgFnNqc+0LtbRNxnVw4TXvjQ72wnuL9JQcEBgXkI9JM8MsT9kaQoHcpCRJOYA==",
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.10.0.tgz",
+      "integrity": "sha512-3sUr9aq5OfSg2S9pNtPA9hL1FVEAjvfOC4leW0SNf/mpnaakz2a9femSd6LqAww2RaFctwyf1lCqnTHuF1rxDg==",
       "dev": true,
       "requires": {
-        "path-parse": "^1.0.5"
+        "path-parse": "^1.0.6"
       }
     },
     "resolve-cwd": {
@@ -5602,12 +6244,20 @@
       "dev": true,
       "requires": {
         "resolve-from": "^3.0.0"
+      },
+      "dependencies": {
+        "resolve-from": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-3.0.0.tgz",
+          "integrity": "sha1-six699nWiBvItuZTM17rywoYh0g=",
+          "dev": true
+        }
       }
     },
     "resolve-from": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-3.0.0.tgz",
-      "integrity": "sha1-six699nWiBvItuZTM17rywoYh0g=",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-1.0.1.tgz",
+      "integrity": "sha1-Jsv+k10a7uq7Kbw/5a6wHpPUQiY=",
       "dev": true
     },
     "resolve-url": {
@@ -5639,12 +6289,12 @@
       "dev": true
     },
     "rimraf": {
-      "version": "2.6.2",
-      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz",
-      "integrity": "sha512-lreewLK/BlghmxtfH36YYVg1i8IAce4TI7oao75I1g245+6BctqTVQiBP3YUJ9C6DQOXJmkYR9X9fCLtCOJc5w==",
+      "version": "2.6.3",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.3.tgz",
+      "integrity": "sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA==",
       "dev": true,
       "requires": {
-        "glob": "^7.0.5"
+        "glob": "^7.1.3"
       }
     },
     "ripemd160": {
@@ -5676,9 +6326,9 @@
       }
     },
     "rxjs": {
-      "version": "6.3.3",
-      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.3.3.tgz",
-      "integrity": "sha512-JTWmoY9tWCs7zvIk/CvRjhjGaOd+OVBM987mxFo+OW66cGpdKjZcpmc74ES1sB//7Kl/PAe8+wEakuhG4pcgOw==",
+      "version": "6.4.0",
+      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.4.0.tgz",
+      "integrity": "sha512-Z9Yfa11F6B9Sg/BK9MnqnQ+aQYicPLtilXBp2yUtDt2JRCE0h26d33EnfO3ZxoNxG0T92OUucP3Ct7cpfkdFfw==",
       "dev": true,
       "requires": {
         "tslib": "^1.9.0"
@@ -5692,7 +6342,7 @@
     },
     "safe-regex": {
       "version": "1.1.0",
-      "resolved": "http://registry.npmjs.org/safe-regex/-/safe-regex-1.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/safe-regex/-/safe-regex-1.1.0.tgz",
       "integrity": "sha1-QKNmnzsHfR6UPURinhV91IAjvy4=",
       "dev": true,
       "requires": {
@@ -5728,9 +6378,9 @@
       "dev": true
     },
     "serialize-javascript": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.5.0.tgz",
-      "integrity": "sha512-Ga8c8NjAAp46Br4+0oZ2WxJCwIzwP60Gq1YPgU+39PiTVxyed/iKE/zyZI6+UlVYH5Q4PaQdHhcegIFPZTUfoQ==",
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.6.1.tgz",
+      "integrity": "sha512-A5MOagrPFga4YaKQSWHryl7AXvbQkEqpw4NNYMTNYUNV51bA8ABHgYFpqKx+YFFrw59xMV1qGH1R4AgoNIVgCw==",
       "dev": true
     },
     "set-blocking": {
@@ -5776,7 +6426,7 @@
     },
     "sha.js": {
       "version": "2.4.11",
-      "resolved": "http://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz",
+      "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz",
       "integrity": "sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==",
       "dev": true,
       "requires": {
@@ -5806,19 +6456,26 @@
       "dev": true
     },
     "sinon": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/sinon/-/sinon-2.4.1.tgz",
-      "integrity": "sha512-vFTrO9Wt0ECffDYIPSP/E5bBugt0UjcBQOfQUMh66xzkyPEnhl/vM2LRZi2ajuTdkH07sA6DzrM6KvdvGIH8xw==",
-      "dev": true,
-      "requires": {
-        "diff": "^3.1.0",
-        "formatio": "1.2.0",
-        "lolex": "^1.6.0",
-        "native-promise-only": "^0.8.1",
-        "path-to-regexp": "^1.7.0",
-        "samsam": "^1.1.3",
-        "text-encoding": "0.6.4",
-        "type-detect": "^4.0.0"
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/sinon/-/sinon-7.2.3.tgz",
+      "integrity": "sha512-i6j7sqcLEqTYqUcMV327waI745VASvYuSuQMCjbAwlpAeuCgKZ3LtrjDxAbu+GjNQR0FEDpywtwGCIh8GicNyg==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.3.0",
+        "@sinonjs/formatio": "^3.1.0",
+        "@sinonjs/samsam": "^3.0.2",
+        "diff": "^3.5.0",
+        "lolex": "^3.0.0",
+        "nise": "^1.4.8",
+        "supports-color": "^5.5.0"
+      },
+      "dependencies": {
+        "lolex": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/lolex/-/lolex-3.1.0.tgz",
+          "integrity": "sha512-zFo5MgCJ0rZ7gQg69S4pqBsLURbFw11X68C18OcJjJQbqaXm2NoTrGl1IMM3TIz0/BnN1tIs2tzmmqvCsOMMjw==",
+          "dev": true
+        }
       }
     },
     "sinon-chai": {
@@ -5828,9 +6485,9 @@
       "dev": true
     },
     "slice-ansi": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-2.0.0.tgz",
-      "integrity": "sha512-4j2WTWjp3GsZ+AOagyzVbzp4vWGtZ0hEZ/gDY/uTvm6MTxUfTUIsnMIFb1bn8o0RuXiqUw15H1bue8f22Vw2oQ==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-2.1.0.tgz",
+      "integrity": "sha512-Qu+VC3EwYLldKa1fCxuuvULvSJOKEgk9pi8dZeCVK7TqBfUNTH4sFkk4joj8afVSfAYgJoSOetjx9QWOJ5mYoQ==",
       "dev": true,
       "requires": {
         "ansi-styles": "^3.2.0",
@@ -5881,6 +6538,12 @@
             "is-extendable": "^0.1.0"
           }
         },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
+        },
         "source-map": {
           "version": "0.5.7",
           "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
@@ -5972,6 +6635,23 @@
         "socket.io-adapter": "~1.1.0",
         "socket.io-client": "2.1.1",
         "socket.io-parser": "~3.2.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
+        }
       }
     },
     "socket.io-adapter": {
@@ -6000,11 +6680,28 @@
         "parseuri": "0.0.5",
         "socket.io-parser": "~3.2.0",
         "to-array": "0.1.4"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
+        }
       }
     },
     "socket.io-parser": {
       "version": "3.2.0",
-      "resolved": "http://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.2.0.tgz",
+      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.2.0.tgz",
       "integrity": "sha512-FYiBx7rc/KORMJlgsXysflWx/RIvtqZbyGLlHZvjfmPTPeuD/I8MaW7cfFrj5tRltICJdgwflhfZ3NVVbVLFQA==",
       "dev": true,
       "requires": {
@@ -6013,11 +6710,26 @@
         "isarray": "2.0.1"
       },
       "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
         "isarray": {
           "version": "2.0.1",
           "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.1.tgz",
           "integrity": "sha1-o32U7ZzaLVmGXJ92/llu4fM4dB4=",
           "dev": true
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+          "dev": true
         }
       }
     },
@@ -6045,9 +6757,9 @@
       }
     },
     "source-map-support": {
-      "version": "0.5.9",
-      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.9.tgz",
-      "integrity": "sha512-gR6Rw4MvUlYy83vP0vxoVNzM6t8MUXqNuRsuBmBHQDu1Fh6X015FrLdgoDKcNdkwGubozq0P4N0Q37UyFVr1EA==",
+      "version": "0.5.10",
+      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.10.tgz",
+      "integrity": "sha512-YfQ3tQFTK/yzlGJuX8pTwa4tifQj4QS2Mj7UegOu8jAz59MqIiMGPXxQhVQiIMNzayuUSF/jEuVnfFF5JqybmQ==",
       "dev": true,
       "requires": {
         "buffer-from": "^1.0.0",
@@ -6060,6 +6772,38 @@
       "integrity": "sha1-PpNdfd1zYxuXZZlW1VEo6HtQhKM=",
       "dev": true
     },
+    "spdx-correct": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.1.0.tgz",
+      "integrity": "sha512-lr2EZCctC2BNR7j7WzJ2FpDznxky1sjfxvvYEyzxNyb6lZXHODmEoJeFu4JupYlkfha1KZpJyoqiJ7pgA1qq8Q==",
+      "dev": true,
+      "requires": {
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "spdx-exceptions": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.2.0.tgz",
+      "integrity": "sha512-2XQACfElKi9SlVb1CYadKDXvoajPgBVPn/gOQLrTvHdElaVhr7ZEbqJaRnJLVNeaI4cMEAgVCeBMKF6MWRDCRA==",
+      "dev": true
+    },
+    "spdx-expression-parse": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.0.tgz",
+      "integrity": "sha512-Yg6D3XpRD4kkOmTpdgbUiEJFKghJH03fiC1OPll5h/0sO6neh2jqRDVHOQ4o/LMea0tgCkbMgea5ip/e+MkWyg==",
+      "dev": true,
+      "requires": {
+        "spdx-exceptions": "^2.1.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "spdx-license-ids": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.3.tgz",
+      "integrity": "sha512-uBIcIl3Ih6Phe3XHK1NqboJLdGfwr1UN3k6wSD1dZpmPsIkb8AGNbZYJ1fOBk834+Gxy8rpfDxrS6XLEMZMY2g==",
+      "dev": true
+    },
     "split-string": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/split-string/-/split-string-3.1.0.tgz",
@@ -6071,7 +6815,7 @@
     },
     "sprintf-js": {
       "version": "1.0.3",
-      "resolved": "http://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
       "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
       "dev": true
     },
@@ -6112,9 +6856,9 @@
       "dev": true
     },
     "stream-browserify": {
-      "version": "2.0.1",
-      "resolved": "http://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.1.tgz",
-      "integrity": "sha1-ZiZu5fm9uZQKTkUUyvtDu3Hlyds=",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz",
+      "integrity": "sha512-nX6hmklHs/gr2FuxYDltq8fJA1GDlxKQCz8O/IM4atRqBH8OORmBNgfvW5gG10GT/qQ9u0CzIvr2X5Pkt6ntqg==",
       "dev": true,
       "requires": {
         "inherits": "~2.0.1",
@@ -6160,6 +6904,17 @@
         "debug": "^3.1.0",
         "mkdirp": "^0.5.1",
         "readable-stream": "^2.3.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.2.6",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz",
+          "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==",
+          "dev": true,
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        }
       }
     },
     "string-width": {
@@ -6174,7 +6929,7 @@
     },
     "string_decoder": {
       "version": "1.1.1",
-      "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
       "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
       "dev": true,
       "requires": {
@@ -6190,12 +6945,27 @@
         "ansi-regex": "^3.0.0"
       }
     },
+    "strip-bom": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz",
+      "integrity": "sha1-IzTBjpx1n3vdVv3vfprj1YjmjtM=",
+      "dev": true
+    },
     "strip-eof": {
       "version": "1.0.0",
-      "resolved": "http://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz",
       "integrity": "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8=",
       "dev": true
     },
+    "strip-indent": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-1.0.1.tgz",
+      "integrity": "sha1-DHlipq3vp7vUrDZkYKY4VSrhoKI=",
+      "dev": true,
+      "requires": {
+        "get-stdin": "^4.0.1"
+      }
+    },
     "strip-json-comments": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
@@ -6203,24 +6973,52 @@
       "dev": true
     },
     "supports-color": {
-      "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.4.0.tgz",
-      "integrity": "sha512-zjaXglF5nnWpsq470jSv6P9DwPvgLkuapYmfDm3JWOm0vkNTVF2tI4UrN2r6jH1qM/uc/WtxYY1hYoA2dOKj5w==",
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
       "dev": true,
       "requires": {
         "has-flag": "^3.0.0"
       }
     },
     "table": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/table/-/table-5.1.1.tgz",
-      "integrity": "sha512-NUjapYb/qd4PeFW03HnAuOJ7OMcBkJlqeClWxeNlQ0lXGSb52oZXGzkO0/I0ARegQ2eUT1g2VDJH0eUxDRcHmw==",
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/table/-/table-5.2.3.tgz",
+      "integrity": "sha512-N2RsDAMvDLvYwFcwbPyF3VmVSSkuF+G1e+8inhBLtHpvwXGw4QRPEZhihQNeEN0i1up6/f6ObCJXNdlRG3YVyQ==",
       "dev": true,
       "requires": {
-        "ajv": "^6.6.1",
+        "ajv": "^6.9.1",
         "lodash": "^4.17.11",
-        "slice-ansi": "2.0.0",
-        "string-width": "^2.1.1"
+        "slice-ansi": "^2.1.0",
+        "string-width": "^3.0.0"
+      },
+      "dependencies": {
+        "ansi-regex": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.0.0.tgz",
+          "integrity": "sha512-iB5Dda8t/UqpPI/IjsejXu5jOGDrzn41wJyljwPH65VCIbk6+1BzFIMJGFwTNrYXT1CrD+B4l19U7awiQ8rk7w==",
+          "dev": true
+        },
+        "string-width": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/string-width/-/string-width-3.0.0.tgz",
+          "integrity": "sha512-rr8CUxBbvOZDUvc5lNIJ+OC1nPVpz+Siw9VBtUjB9b6jZehZLFt0JMCZzShFHIsI8cbhm0EsNIfWJMFV3cu3Ew==",
+          "dev": true,
+          "requires": {
+            "emoji-regex": "^7.0.1",
+            "is-fullwidth-code-point": "^2.0.0",
+            "strip-ansi": "^5.0.0"
+          }
+        },
+        "strip-ansi": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.0.0.tgz",
+          "integrity": "sha512-Uu7gQyZI7J7gn5qLn1Np3G9vcYGTVqB+lFTytnDJv83dd8T22aGH451P3jueT2/QemInJDfxHB5Tde5OzgG1Ow==",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "^4.0.0"
+          }
+        }
       }
     },
     "tapable": {
@@ -6230,28 +7028,20 @@
       "dev": true
     },
     "terser": {
-      "version": "3.11.0",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-3.11.0.tgz",
-      "integrity": "sha512-5iLMdhEPIq3zFWskpmbzmKwMQixKmTYwY3Ox9pjtSklBLnHiuQ0GKJLhL1HSYtyffHM3/lDIFBnb82m9D7ewwQ==",
+      "version": "3.16.1",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-3.16.1.tgz",
+      "integrity": "sha512-JDJjgleBROeek2iBcSNzOHLKsB/MdDf+E/BOAJ0Tk9r7p9/fVobfv7LMJ/g/k3v9SXdmjZnIlFd5nfn/Rt0Xow==",
       "dev": true,
       "requires": {
         "commander": "~2.17.1",
         "source-map": "~0.6.1",
-        "source-map-support": "~0.5.6"
-      },
-      "dependencies": {
-        "commander": {
-          "version": "2.17.1",
-          "resolved": "https://registry.npmjs.org/commander/-/commander-2.17.1.tgz",
-          "integrity": "sha512-wPMUt6FnH2yzG95SA6mzjQOEKUU3aLaDEmzs1ti+1E9h+CsrZghRlqEM/EJ4KscsQVG8uNN4uVreUeT8+drlgg==",
-          "dev": true
-        }
+        "source-map-support": "~0.5.9"
       }
     },
     "terser-webpack-plugin": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-1.1.0.tgz",
-      "integrity": "sha512-61lV0DSxMAZ8AyZG7/A4a3UPlrbOBo8NIQ4tJzLPAdGOQ+yoNC7l5ijEow27lBAL2humer01KLS6bGIMYQxKoA==",
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-1.2.2.tgz",
+      "integrity": "sha512-1DMkTk286BzmfylAvLXwpJrI7dWa5BnFmscV/2dCr8+c56egFcbaeFAl7+sujAjdmpLam21XRdhA4oifLyiWWg==",
       "dev": true,
       "requires": {
         "cacache": "^11.0.2",
@@ -6259,7 +7049,7 @@
         "schema-utils": "^1.0.0",
         "serialize-javascript": "^1.4.0",
         "source-map": "^0.6.1",
-        "terser": "^3.8.1",
+        "terser": "^3.16.1",
         "webpack-sources": "^1.1.0",
         "worker-farm": "^1.5.2"
       },
@@ -6277,9 +7067,21 @@
         }
       }
     },
+    "test-exclude": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-5.1.0.tgz",
+      "integrity": "sha512-gwf0S2fFsANC55fSeSqpb8BYk6w3FDvwZxfNjeF6FRgvFa43r+7wRiA/Q0IxoRU37wB/LE8IQ4221BsNucTaCA==",
+      "dev": true,
+      "requires": {
+        "arrify": "^1.0.1",
+        "minimatch": "^3.0.4",
+        "read-pkg-up": "^4.0.0",
+        "require-main-filename": "^1.0.1"
+      }
+    },
     "text-encoding": {
       "version": "0.6.4",
-      "resolved": "http://registry.npmjs.org/text-encoding/-/text-encoding-0.6.4.tgz",
+      "resolved": "https://registry.npmjs.org/text-encoding/-/text-encoding-0.6.4.tgz",
       "integrity": "sha1-45mpgiV6J22uQou5KEXLcb3CbRk=",
       "dev": true
     },
@@ -6291,7 +7093,7 @@
     },
     "through": {
       "version": "2.3.8",
-      "resolved": "http://registry.npmjs.org/through/-/through-2.3.8.tgz",
+      "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
       "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=",
       "dev": true
     },
@@ -6335,6 +7137,12 @@
       "integrity": "sha1-fSKbH8xjfkZsoIEYCDanqr/4P0M=",
       "dev": true
     },
+    "to-fast-properties": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz",
+      "integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=",
+      "dev": true
+    },
     "to-object-path": {
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/to-object-path/-/to-object-path-0.3.0.tgz",
@@ -6377,6 +7185,12 @@
         "repeat-string": "^1.6.1"
       }
     },
+    "trim-newlines": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz",
+      "integrity": "sha1-WIeWa7WCpFA6QetST301ARgVphM=",
+      "dev": true
+    },
     "trim-right": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/trim-right/-/trim-right-1.0.1.tgz",
@@ -6391,7 +7205,7 @@
     },
     "tty-browserify": {
       "version": "0.0.0",
-      "resolved": "http://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.0.tgz",
       "integrity": "sha1-oVe6QC2iTpv5V/mqadUk7tQpAaY=",
       "dev": true
     },
@@ -6426,6 +7240,17 @@
       "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=",
       "dev": true
     },
+    "uglify-js": {
+      "version": "3.4.9",
+      "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.4.9.tgz",
+      "integrity": "sha512-8CJsbKOtEbnJsTyv6LE6m6ZKniqMiFWmm9sRbopbkGs3gMPPfd3Fh8iIA4Ykv5MgaTbqHr4BaoGLJLZNhsrW1Q==",
+      "dev": true,
+      "optional": true,
+      "requires": {
+        "commander": "~2.17.1",
+        "source-map": "~0.6.1"
+      }
+    },
     "ultron": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/ultron/-/ultron-1.1.1.tgz",
@@ -6615,9 +7440,9 @@
       }
     },
     "util": {
-      "version": "0.10.4",
-      "resolved": "https://registry.npmjs.org/util/-/util-0.10.4.tgz",
-      "integrity": "sha512-0Pm9hTQ3se5ll1XihRic3FDIku70C+iHUdT/W926rSgHV5QgXsYbKZN8MSC3tJtSkhuROzvsQjAaFENRXr+19A==",
+      "version": "0.11.1",
+      "resolved": "https://registry.npmjs.org/util/-/util-0.11.1.tgz",
+      "integrity": "sha512-HShAsny+zS2TZfaXxD9tYj4HQGlBezXZMZuM/S5PKLLoZkShZiGk9o5CzukI1LVHZvjdvZ2Sj1aW/Ndn2NB/HQ==",
       "dev": true,
       "requires": {
         "inherits": "2.0.3"
@@ -6651,9 +7476,19 @@
       "integrity": "sha512-1wFuMUIM16MDJRCrpbpuEPTUGmM5QMUg0cr3KFwra2XgOgFcPGDQHDh3CszSCD2Zewc/dh/pamNEW8CbfDebUw==",
       "dev": true
     },
+    "validate-npm-package-license": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz",
+      "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==",
+      "dev": true,
+      "requires": {
+        "spdx-correct": "^3.0.0",
+        "spdx-expression-parse": "^3.0.0"
+      }
+    },
     "vm-browserify": {
       "version": "0.0.4",
-      "resolved": "http://registry.npmjs.org/vm-browserify/-/vm-browserify-0.0.4.tgz",
+      "resolved": "https://registry.npmjs.org/vm-browserify/-/vm-browserify-0.0.4.tgz",
       "integrity": "sha1-XX6kW7755Kb/ZflUOOCofDV9WnM=",
       "dev": true,
       "requires": {
@@ -6707,6 +7542,14 @@
         "terser-webpack-plugin": "^1.1.0",
         "watchpack": "^1.5.0",
         "webpack-sources": "^1.3.0"
+      },
+      "dependencies": {
+        "acorn": {
+          "version": "5.7.3",
+          "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz",
+          "integrity": "sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==",
+          "dev": true
+        }
       }
     },
     "webpack-cli": {
@@ -6725,17 +7568,6 @@
         "supports-color": "^5.5.0",
         "v8-compile-cache": "^2.0.2",
         "yargs": "^12.0.2"
-      },
-      "dependencies": {
-        "supports-color": {
-          "version": "5.5.0",
-          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-          "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-          "dev": true,
-          "requires": {
-            "has-flag": "^3.0.0"
-          }
-        }
       }
     },
     "webpack-sources": {
@@ -6763,9 +7595,9 @@
       "dev": true
     },
     "wordwrap": {
-      "version": "0.0.3",
-      "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz",
-      "integrity": "sha1-o9XabNXAvAAI03I0u68b7WMFkQc=",
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
+      "integrity": "sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=",
       "dev": true
     },
     "worker-farm": {
@@ -6779,7 +7611,7 @@
     },
     "wrap-ansi": {
       "version": "2.1.0",
-      "resolved": "http://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
       "integrity": "sha1-2Pw9KE3QV5T+hJc8rs3Rz4JP3YU=",
       "dev": true,
       "requires": {
@@ -6815,7 +7647,7 @@
         },
         "strip-ansi": {
           "version": "3.0.1",
-          "resolved": "http://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
           "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
           "dev": true,
           "requires": {
diff --git a/package.json b/package.json
index 6bf7635..fee8927 100644
--- a/package.json
+++ b/package.json
@@ -29,15 +29,19 @@
     "@babel/plugin-transform-runtime": "^7.2.0",
     "@babel/preset-env": "^7.2.0",
     "babel-loader": "^8.0.4",
+    "babel-plugin-istanbul": "^5.1.0",
     "chai": "~4.2.0",
     "eslint": "~5.10.0",
-    "eslint-plugin-fxa": "git://github.com/mozilla/eslint-plugin-fxa.git#41504c9dd30e8b52900c15b524946aa0428aef95",
-    "eslint-plugin-sorting": "git://github.com/shane-tomlinson/eslint-plugin-sorting.git#bcacb99d",
+    "eslint-plugin-fxa": "git://github.com/mozilla/eslint-plugin-fxa.git#1153ff4bbf7e2c074363253c555fb7f71bac09a1",
+    "eslint-plugin-sorting": "0.4.0",
     "karma": "~3.1.3",
     "karma-chai-plugins": "~0.9.0",
+    "karma-coverage": "^1.1.2",
     "karma-firefox-launcher": "~1.1.0",
     "karma-mocha": "~1.3.0",
+    "karma-sinon": "^1.0.5",
     "mocha": "~5.2.0",
+    "sinon": "^7.2.3",
     "webpack": "~4.27.1",
     "webpack-cli": "~3.1.2"
   }
diff --git a/src/alerts.js b/src/alerts.js
new file mode 100644
index 0000000..aa0a639
--- /dev/null
+++ b/src/alerts.js
@@ -0,0 +1,76 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* eslint-disable sorting/sort-object-props */
+export const ALERT_LEVEL = {
+  WARNING: 1,
+  FATAL: 2
+};
+
+export const ALERT_DESCRIPTION = {
+  CLOSE_NOTIFY: 0,
+  UNEXPECTED_MESSAGE: 10,
+  BAD_RECORD_MAC: 20,
+  RECORD_OVERFLOW: 22,
+  HANDSHAKE_FAILURE: 40,
+  ILLEGAL_PARAMETER: 47,
+  DECODE_ERROR: 50,
+  DECRYPT_ERROR: 51,
+  PROTOCOL_VERSION: 70,
+  INTERNAL_ERROR: 80,
+  MISSING_EXTENSION: 109,
+  UNSUPPORTED_EXTENSION: 110,
+  UNKNOWN_PSK_IDENTITY: 115,
+  NO_APPLICATION_PROTOCOL: 120,
+};
+/* eslint-enable sorting/sort-object-props */
+
+function alertTypeToName(type) {
+  for (const name in ALERT_DESCRIPTION) {
+    if (ALERT_DESCRIPTION[name] === type) {
+      return `${name} (${type})`;
+    }
+  }
+  return `UNKNOWN (${type})`;
+}
+
+export class TLSAlert extends Error {
+  constructor(description, level) {
+    super(`TLS Alert: ${alertTypeToName(description)}`);
+    this.description = description;
+    this.level = level;
+  }
+
+  static fromBytes(bytes) {
+    if (bytes.byteLength !== 2) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    switch (bytes[1]) {
+      case ALERT_DESCRIPTION.CLOSE_NOTIFY:
+        if (bytes[0] !== ALERT_LEVEL.WARNING) {
+          // Close notifications should be fatal.
+          throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+        }
+        return new TLSCloseNotify();
+      default:
+        return new TLSError(bytes[1]);
+    }
+  }
+
+  toBytes() {
+    return new Uint8Array([this.level, this.description]);
+  }
+}
+
+export class TLSCloseNotify extends TLSAlert {
+  constructor() {
+    super(ALERT_DESCRIPTION.CLOSE_NOTIFY, ALERT_LEVEL.WARNING);
+  }
+}
+
+export class TLSError extends TLSAlert {
+  constructor(description = ALERT_DESCRIPTION.INTERNAL_ERROR) {
+    super(description, ALERT_LEVEL.FATAL);
+  }
+}
diff --git a/src/constants.js b/src/constants.js
new file mode 100644
index 0000000..e223ff8
--- /dev/null
+++ b/src/constants.js
@@ -0,0 +1,9 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+export const VERSION_TLS_1_0 = 0x0301;
+export const VERSION_TLS_1_2 = 0x0303;
+export const VERSION_TLS_1_3 = 0x0304;
+export const TLS_AES_128_GCM_SHA256 = 0x1301;
+export const PSK_MODE_KE = 0;
diff --git a/src/crypto.js b/src/crypto.js
new file mode 100644
index 0000000..3a6d505
--- /dev/null
+++ b/src/crypto.js
@@ -0,0 +1,119 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+// Low-level crypto primitives.
+//
+// This file implements the AEAD encrypt/decrypt and hashing routines
+// for the TLS_AES_128_GCM_SHA256 ciphersuite.
+//
+
+import { utf8ToBytes, BufferWriter } from './utils.js';
+import { ALERT_DESCRIPTION, TLSError } from './alerts.js';
+
+export const AEAD_SIZE_INFLATION = 16;
+export const KEY_LENGTH = 16;
+export const IV_LENGTH = 12;
+export const HASH_LENGTH = 32;
+
+export async function prepareKey(key, mode) {
+  return crypto.subtle.importKey('raw', key, { name: 'AES-GCM' }, false, [mode]);
+}
+
+export async function encrypt(key, iv, plaintext, additionalData) {
+  const ciphertext = await crypto.subtle.encrypt({
+    additionalData,
+    iv,
+    name: 'AES-GCM',
+    tagLength: AEAD_SIZE_INFLATION * 8
+  }, key, plaintext);
+  return new Uint8Array(ciphertext);
+}
+
+export async function decrypt(key, iv, ciphertext, additionalData) {
+  try {
+    const plaintext = await crypto.subtle.decrypt({
+      additionalData,
+      iv,
+      name: 'AES-GCM',
+      tagLength: AEAD_SIZE_INFLATION * 8
+    }, key, ciphertext);
+    return new Uint8Array(plaintext);
+  } catch (err) {
+    // Yes, we really do throw 'decrypt_error' when failing to verify a HMAC,
+    // and a 'bad_record_mac' error when failing to decrypt.
+    throw new TLSError(ALERT_DESCRIPTION.BAD_RECORD_MAC);
+  }
+}
+
+export async function hash(message) {
+  return new Uint8Array(await crypto.subtle.digest({ name: 'SHA-256' }, message));
+}
+
+export async function hmac(keyBytes, message) {
+  const key = await crypto.subtle.importKey('raw', keyBytes, {
+    hash: { name: 'SHA-256' },
+    name: 'HMAC',
+  }, false, ['sign']);
+  const sig = await crypto.subtle.sign({ name: 'HMAC' }, key, message);
+  return new Uint8Array(sig);
+}
+
+export async function verifyHmac(keyBytes, signature, message) {
+  const key = await crypto.subtle.importKey('raw', keyBytes, {
+    hash: { name: 'SHA-256' },
+    name: 'HMAC',
+  }, false, ['verify']);
+  if (! await crypto.subtle.verify({ name: 'HMAC' }, key, signature, message)) {
+    // Yes, we really do throw 'decrypt_error' when failing to verify a HMAC,
+    // and a 'bad_record_mac' error when failing to decrypt.
+    throw new TLSError(ALERT_DESCRIPTION.DECRYPT_ERROR);
+  }
+}
+
+export async function hkdfExtract(salt, ikm) {
+  // Ref https://tools.ietf.org/html/rfc5869#section-2.2
+  return await hmac(salt, ikm);
+}
+
+export async function hkdfExpand(prk, info, length) {
+  // Ref https://tools.ietf.org/html/rfc5869#section-2.3
+  const N = Math.ceil(length / HASH_LENGTH);
+  if (N <= 0) {
+    throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+  }
+  if (N >= 255) {
+    throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+  }
+  const input = new BufferWriter();
+  const output = new BufferWriter();
+  let T = new Uint8Array(0);
+  for (let i = 1; i <= N; i++) {
+    input.writeBytes(T);
+    input.writeBytes(info);
+    input.writeUint8(i);
+    T = await hmac(prk, input.flush());
+    output.writeBytes(T);
+  }
+  return output.slice(0, length);
+}
+
+export async function hkdfExpandLabel(secret, label, context, length) {
+  //  struct {
+  //    uint16 length = Length;
+  //    opaque label < 7..255 > = "tls13 " + Label;
+  //    opaque context < 0..255 > = Context;
+  //  } HkdfLabel;
+  const hkdfLabel = new BufferWriter();
+  hkdfLabel.writeUint16(length);
+  hkdfLabel.writeVectorBytes8(utf8ToBytes('tls13 ' + label));
+  hkdfLabel.writeVectorBytes8(context);
+  return hkdfExpand(secret, hkdfLabel.flush(), length);
+}
+
+export async function getRandomBytes(size) {
+  const bytes = new Uint8Array(size);
+  crypto.getRandomValues(bytes);
+  return bytes;
+}
diff --git a/src/extensions.js b/src/extensions.js
new file mode 100644
index 0000000..8c55ec8
--- /dev/null
+++ b/src/extensions.js
@@ -0,0 +1,266 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+// Extension parsing.
+//
+// This file contains some helpers for reading/writing the various kinds
+// of Extension that might appear in a HandshakeMessage.
+//
+
+import { ALERT_DESCRIPTION, TLSError } from './alerts.js';
+import { HANDSHAKE_TYPE } from './messages.js';
+import { HASH_LENGTH } from './crypto.js';
+
+/* eslint-disable sorting/sort-object-props */
+export const EXTENSION_TYPE = {
+  PRE_SHARED_KEY: 41,
+  SUPPORTED_VERSIONS: 43,
+  PSK_KEY_EXCHANGE_MODES: 45,
+};
+/* eslint-enable sorting/sort-object-props */
+
+// Base class for generic reading/writing of extensions,
+// which are all uniformly formatted as:
+//
+//   struct {
+//     ExtensionType extension_type;
+//     opaque extension_data<0..2^16-1>;
+//   } Extension;
+//
+// Extensions always appear inside of a handshake message,
+// and their internal structure may differ based on the
+// type of that message.
+
+export class Extension {
+
+  get TYPE_TAG() {
+    throw new Error('not implemented');
+  }
+
+  static read(messageType, buf) {
+    const type = buf.readUint16();
+    let ext = {
+      TYPE_TAG: type,
+    };
+    buf.readVector16(buf => {
+      switch (type) {
+        case EXTENSION_TYPE.PRE_SHARED_KEY:
+          ext = PreSharedKeyExtension._read(messageType, buf);
+          break;
+        case EXTENSION_TYPE.SUPPORTED_VERSIONS:
+          ext = SupportedVersionsExtension._read(messageType, buf);
+          break;
+        case EXTENSION_TYPE.PSK_KEY_EXCHANGE_MODES:
+          ext = PskKeyExchangeModesExtension._read(messageType, buf);
+          break;
+        default:
+          // Skip over unrecognised extensions.
+          buf.incr(buf.length());
+      }
+      if (buf.hasMoreBytes()) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+    });
+    return ext;
+  }
+
+  write(messageType, buf) {
+    buf.writeUint16(this.TYPE_TAG);
+    buf.writeVector16(buf => {
+      this._write(messageType, buf);
+    });
+  }
+
+  static _read(messageType, buf) {
+    throw new Error('not implemented');
+  }
+
+  static _write(messageType, buf) {
+    throw new Error('not implemented');
+  }
+}
+
+// The PreSharedKey extension:
+//
+//  struct {
+//    opaque identity<1..2^16-1>;
+//    uint32 obfuscated_ticket_age;
+//  } PskIdentity;
+//  opaque PskBinderEntry<32..255>;
+//  struct {
+//    PskIdentity identities<7..2^16-1>;
+//    PskBinderEntry binders<33..2^16-1>;
+//  } OfferedPsks;
+//  struct {
+//    select(Handshake.msg_type) {
+//      case client_hello: OfferedPsks;
+//      case server_hello: uint16 selected_identity;
+//    };
+//  } PreSharedKeyExtension;
+
+export class PreSharedKeyExtension extends Extension {
+  constructor(identities, binders, selectedIdentity) {
+    super();
+    this.identities = identities;
+    this.binders = binders;
+    this.selectedIdentity = selectedIdentity;
+  }
+
+  get TYPE_TAG() {
+    return EXTENSION_TYPE.PRE_SHARED_KEY;
+  }
+
+  static _read(messageType, buf) {
+    let identities = null, binders = null, selectedIdentity = null;
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        identities = []; binders = [];
+        buf.readVector16(buf => {
+          const identity = buf.readVectorBytes16();
+          buf.readBytes(4); // Skip over the ticket age.
+          identities.push(identity);
+        });
+        buf.readVector16(buf => {
+          const binder = buf.readVectorBytes8();
+          if (binder.byteLength < HASH_LENGTH) {
+            throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+          }
+          binders.push(binder);
+        });
+        if (identities.length !== binders.length) {
+          throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+        }
+        break;
+      case HANDSHAKE_TYPE.SERVER_HELLO:
+        selectedIdentity = buf.readUint16();
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    return new this(identities, binders, selectedIdentity);
+  }
+
+  _write(messageType, buf) {
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        buf.writeVector16(buf => {
+          this.identities.forEach(pskId => {
+            buf.writeVectorBytes16(pskId);
+            buf.writeUint32(0); // Zero for "tag age" field.
+          });
+        });
+        buf.writeVector16(buf => {
+          this.binders.forEach(pskBinder => {
+            buf.writeVectorBytes8(pskBinder);
+          });
+        });
+        break;
+      case HANDSHAKE_TYPE.SERVER_HELLO:
+        buf.writeUint16(this.selectedIdentity);
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+  }
+}
+
+
+// The SupportedVersions extension:
+//
+//  struct {
+//    select(Handshake.msg_type) {
+//      case client_hello:
+//        ProtocolVersion versions < 2..254 >;
+//      case server_hello:
+//        ProtocolVersion selected_version;
+//    };
+//  } SupportedVersions;
+
+export class SupportedVersionsExtension extends Extension {
+  constructor(versions, selectedVersion) {
+    super();
+    this.versions = versions;
+    this.selectedVersion = selectedVersion;
+  }
+
+  get TYPE_TAG() {
+    return EXTENSION_TYPE.SUPPORTED_VERSIONS;
+  }
+
+  static _read(messageType, buf) {
+    let versions = null, selectedVersion = null;
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        versions = [];
+        buf.readVector8(buf => {
+          versions.push(buf.readUint16());
+        });
+        break;
+      case HANDSHAKE_TYPE.SERVER_HELLO:
+        selectedVersion = buf.readUint16();
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    return new this(versions, selectedVersion);
+  }
+
+  _write(messageType, buf) {
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        buf.writeVector8(buf => {
+          this.versions.forEach(version => {
+            buf.writeUint16(version);
+          });
+        });
+        break;
+      case HANDSHAKE_TYPE.SERVER_HELLO:
+        buf.writeUint16(this.selectedVersion);
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+  }
+}
+
+
+export class PskKeyExchangeModesExtension extends Extension {
+  constructor(modes) {
+    super();
+    this.modes = modes;
+  }
+
+  get TYPE_TAG() {
+    return EXTENSION_TYPE.PSK_KEY_EXCHANGE_MODES;
+  }
+
+  static _read(messageType, buf) {
+    const modes = [];
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        buf.readVector8(buf => {
+          modes.push(buf.readUint8());
+        });
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    return new this(modes);
+  }
+
+  _write(messageType, buf) {
+    switch (messageType) {
+      case HANDSHAKE_TYPE.CLIENT_HELLO:
+        buf.writeVector8(buf => {
+          this.modes.forEach(mode => {
+            buf.writeUint8(mode);
+          });
+        });
+        break;
+      default:
+        throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+  }
+}
diff --git a/src/index.js b/src/index.js
index bc79b28..be70ee6 100644
--- a/src/index.js
+++ b/src/index.js
@@ -2,58 +2,57 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-'use strict';
-
 // A wrapper that combines a WebSocket to the channelserver
 // with some client-side encryption for securing the channel.
 // We'll improve the encryption before initial release...
 
+import { ClientConnection, ServerConnection } from './tlsconnection.js';
+import { TLSCloseNotify, TLSError } from './alerts.js';
 import {
-  InsecureClientConnection,
-  InsecureServerConnection,
-} from './rot128.js';
-
-import {
+  base64urlToBytes,
+  bytesToBase64url,
   bytesToHex,
+  bytesToUtf8,
   hexToBytes,
   utf8ToBytes,
-  bytesToUtf8,
 } from './utils.js';
 
-import {EventTarget} from 'event-target-shim';
+import { EventTarget } from 'event-target-shim';
 
 const CLOSE_FLUSH_BUFFER_INTERVAL_MS = 200;
 const CLOSE_FLUSH_BUFFER_MAX_TRIES = 5;
 
-export class InsecurePairingChannel extends EventTarget {
+export class PairingChannel extends EventTarget {
   constructor(channelId, channelKey, socket, connection) {
     super();
     this._channelId = channelId;
     this._channelKey = channelKey;
     this._socket = socket;
     this._connection = connection;
+    this._selfClosed = false;
+    this._peerClosed = false;
     this._setupListeners();
   }
 
   /**
    * Create a new pairing channel.
    *
-   * @returns Promise<InsecurePairingChannel>
+   * @returns Promise<PairingChannel>
    */
   static create(channelServerURI) {
     const wsURI = new URL('/v1/ws/', channelServerURI).href;
     const channelKey = crypto.getRandomValues(new Uint8Array(32));
-    return this._makePairingChannel(wsURI, InsecureServerConnection, channelKey);
+    return this._makePairingChannel(wsURI, ServerConnection, channelKey);
   }
 
   /**
    * Connect to an existing pairing channel.
    *
-   * @returns Promise<InsecurePairingChannel>
+   * @returns Promise<PairingChannel>
    */
   static connect(channelServerURI, channelId, channelKey) {
     const wsURI = new URL(`/v1/ws/${channelId}`, channelServerURI).href;
-    return this._makePairingChannel(wsURI, InsecureClientConnection, channelKey);
+    return this._makePairingChannel(wsURI, ClientConnection, channelKey);
   }
 
   static _makePairingChannel(wsUri, ConnectionClass, psk) {
@@ -71,8 +70,9 @@ export class InsecurePairingChannel extends EventTarget {
           const {channelid: channelId} = JSON.parse(event.data);
           const pskId = utf8ToBytes(channelId);
           const connection = await ConnectionClass.create(psk, pskId, data => {
-            // To send data over the websocket, it needs to be encoded as a safe string.
-            socket.send(bytesToHex(data));
+            // The channelserver websocket handler epxects b64urlsafe strings
+            // rather than raw bytes, because it wraps them in a JSON object envelope.
+            socket.send(bytesToBase64url(data));
           });
           const instance = new this(channelId, psk, socket, connection);
           resolve(instance);
@@ -93,7 +93,7 @@ export class InsecurePairingChannel extends EventTarget {
     this._socket.addEventListener('message', async event => {
       try {
         const channelServerEnvelope = JSON.parse(event.data);
-        const payload = await this._connection.recv(hexToBytes(channelServerEnvelope.message));
+        const payload = await this._connection.recv(base64urlToBytes(channelServerEnvelope.message));
         if (payload !== null) {
           const data = JSON.parse(bytesToUtf8(payload));
           this.dispatchEvent(new CustomEvent('message', {
@@ -104,15 +104,26 @@ export class InsecurePairingChannel extends EventTarget {
           }));
         }
       } catch (error) {
-        this.dispatchEvent(new CustomEvent('error', {
-          detail: {
-            error,
-          },
-        }));
+        let event;
+        if (error instanceof TLSCloseNotify) {
+          this._peerClosed = true;
+          if (this._selfClosed) {
+            this._shutdown();
+          }
+          event = new CustomEvent('close');
+        } else {
+          event = new CustomEvent('error', {
+            detail: {
+              error,
+            }
+          });
+        }
+        this.dispatchEvent(event);
       }
     });
     // Relay the WebSocket events.
     this._socket.addEventListener('error', () => {
+      this._shutdown();
       // The dispatched event that we receive has no useful information.
       this.dispatchEvent(new CustomEvent('error', {
         detail: {
@@ -120,7 +131,18 @@ export class InsecurePairingChannel extends EventTarget {
         },
       }));
     });
-    this._socket.addEventListener('close', e => this.dispatchEvent(e));
+    // In TLS, the peer has to explicitly send a close notification,
+    // which we dispatch above.  Unexpected socket close is an error.
+    this._socket.addEventListener('close', () => {
+      this._shutdown();
+      if (! this._peerClosed) {
+        this.dispatchEvent(new CustomEvent('error', {
+          detail: {
+            error: new Error('WebSocket unexpectedly closed'),
+          }
+        }));
+      }
+    });
   }
 
   /**
@@ -132,8 +154,8 @@ export class InsecurePairingChannel extends EventTarget {
   }
 
   async close() {
+    this._selfClosed = true;
     await this._connection.close();
-    this._connection = null;
     try {
       // Ensure all queued bytes have been sent before closing the connection.
       let tries = 0;
@@ -144,13 +166,23 @@ export class InsecurePairingChannel extends EventTarget {
         await new Promise(res => setTimeout(res, CLOSE_FLUSH_BUFFER_INTERVAL_MS));
       }
     } finally {
+      // If the peer hasn't closed, we might still receive some data.
+      if (this._peerClosed) {
+        this._shutdown();
+      }
+    }
+  }
+
+  _shutdown() {
+    if (this._socket) {
       this._socket.close();
       this._socket = null;
+      this._connection = null;
     }
   }
 
   get closed() {
-    return this._socket.readyState === 3;
+    return (! this._socket) || (this._socket.readyState === 3);
   }
 
   get channelId() {
@@ -163,4 +195,46 @@ export class InsecurePairingChannel extends EventTarget {
 }
 
 // Re-export helpful utilities for calling code to use.
-export { bytesToHex, hexToBytes, bytesToUtf8, utf8ToBytes };
+export {
+  base64urlToBytes,
+  bytesToBase64url,
+  bytesToHex,
+  bytesToUtf8,
+  hexToBytes,
+  TLSCloseNotify,
+  TLSError,
+  utf8ToBytes
+};
+
+// For running tests using the built bundle,
+// expose a bunch of implementation details.
+
+import { Connection } from './tlsconnection.js';
+import { KeySchedule } from './keyschedule.js';
+import { hkdfExpand, HASH_LENGTH } from './crypto.js';
+import { EncryptedExtensions, Finished, NewSessionTicket } from './messages.js';
+import { DecryptionState, EncryptionState, RecordLayer } from './recordlayer.js';
+import { BufferReader, BufferWriter, arrayToBytes, bytesAreEqual, zeros } from './utils.js';
+export const _internals = {
+  arrayToBytes,
+  BufferReader,
+  BufferWriter,
+  bytesAreEqual,
+  bytesToHex,
+  bytesToUtf8,
+  ClientConnection,
+  Connection,
+  DecryptionState,
+  EncryptedExtensions,
+  EncryptionState,
+  Finished,
+  HASH_LENGTH,
+  hexToBytes,
+  hkdfExpand,
+  KeySchedule,
+  NewSessionTicket,
+  RecordLayer,
+  ServerConnection,
+  utf8ToBytes,
+  zeros,
+};
diff --git a/src/keyschedule.js b/src/keyschedule.js
new file mode 100644
index 0000000..2fb43a1
--- /dev/null
+++ b/src/keyschedule.js
@@ -0,0 +1,133 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// TLS1.3 Key Schedule.
+//
+// In this file we implement the "key schedule" from
+// https://tools.ietf.org/html/rfc8446#section-7.1, which
+// defines how to calculate various keys as the handshake
+// state progresses.
+
+
+import { BufferWriter, EMPTY, zeros } from './utils.js';
+import { ALERT_DESCRIPTION, TLSError } from './alerts.js';
+import {
+  hkdfExtract,
+  hkdfExpandLabel,
+  HASH_LENGTH,
+  hash,
+  hmac,
+  verifyHmac,
+} from './crypto.js';
+
+
+// The `KeySchedule` class progresses through three stages corresponding
+// to the three phases of the TLS1.3 key schedule:
+//
+//   UNINITIALIZED
+//       |
+//       | addPSK()
+//       v
+//   EARLY_SECRET
+//       |
+//       | addECDHE()
+//       v
+//   HANDSHAKE_SECRET
+//       |
+//       | finalize()
+//       v
+//   MASTER_SECRET
+//
+// It will error out if the calling code attempts to add key material
+// in the wrong order.
+
+const STAGE_UNINITIALIZED = 0;
+const STAGE_EARLY_SECRET = 1;
+const STAGE_HANDSHAKE_SECRET = 2;
+const STAGE_MASTER_SECRET = 3;
+
+export class KeySchedule {
+  constructor() {
+    this.stage = STAGE_UNINITIALIZED;
+    // WebCrypto doesn't support a rolling hash construct, so we have to
+    // keep the entire message transcript in memory.
+    this.transcript = new BufferWriter();
+    // This tracks the main secret from with other keys are derived at each stage.
+    this.secret = null;
+    // And these are all the various keys we'll derive as the handshake progresses.
+    this.extBinderKey = null;
+    this.clientHandshakeTrafficSecret = null;
+    this.serverHandshakeTrafficSecret = null;
+    this.clientApplicationTrafficSecret = null;
+    this.serverApplicationTrafficSecret = null;
+  }
+
+  async addPSK(psk) {
+    // Use the selected PSK (if any) to calculate the "early secret".
+    if (psk === null) {
+      psk = zeros(HASH_LENGTH);
+    }
+    if (this.stage !== STAGE_UNINITIALIZED) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    this.stage = STAGE_EARLY_SECRET;
+    this.secret = await hkdfExtract(zeros(HASH_LENGTH), psk);
+    this.extBinderKey = await this.deriveSecret('ext binder', EMPTY);
+    this.secret = await this.deriveSecret('derived', EMPTY);
+  }
+
+  async addECDHE(ecdhe) {
+    // Mix in the ECDHE output (if any) to calculate the "handshake secret".
+    if (ecdhe === null) {
+      ecdhe = zeros(HASH_LENGTH);
+    }
+    if (this.stage !== STAGE_EARLY_SECRET) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    this.stage = STAGE_HANDSHAKE_SECRET;
+    this.extBinderKey = null;
+    this.secret = await hkdfExtract(this.secret, ecdhe);
+    this.clientHandshakeTrafficSecret = await this.deriveSecret('c hs traffic');
+    this.serverHandshakeTrafficSecret = await this.deriveSecret('s hs traffic');
+    this.secret = await this.deriveSecret('derived', EMPTY);
+  }
+
+  async finalize() {
+    if (this.stage !== STAGE_HANDSHAKE_SECRET) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    this.stage = STAGE_MASTER_SECRET;
+    this.clientHandshakeTrafficSecret = null;
+    this.serverHandshakeTrafficSecret = null;
+    this.secret = await hkdfExtract(this.secret, zeros(HASH_LENGTH));
+    this.clientApplicationTrafficSecret = await this.deriveSecret('c ap traffic');
+    this.serverApplicationTrafficSecret = await this.deriveSecret('s ap traffic');
+    this.secret = null;
+  }
+
+  addToTranscript(bytes) {
+    this.transcript.writeBytes(bytes);
+  }
+
+  getTranscript() {
+    return this.transcript.slice();
+  }
+
+  async deriveSecret(label, transcript = undefined) {
+    transcript = transcript || this.getTranscript();
+    return await hkdfExpandLabel(this.secret, label, await hash(transcript), HASH_LENGTH);
+  }
+
+  async calculateFinishedMAC(baseKey, transcript = undefined) {
+    transcript = transcript || this.getTranscript();
+    const finishedKey = await hkdfExpandLabel(baseKey, 'finished', EMPTY, HASH_LENGTH);
+    return await hmac(finishedKey, await hash(transcript));
+  }
+
+  async verifyFinishedMAC(baseKey, mac, transcript = undefined) {
+    transcript = transcript || this.getTranscript();
+    const finishedKey = await hkdfExpandLabel(baseKey, 'finished', EMPTY, HASH_LENGTH);
+    await verifyHmac(finishedKey, mac, await hash(transcript));
+  }
+}
diff --git a/src/messages.js b/src/messages.js
new file mode 100644
index 0000000..da694d4
--- /dev/null
+++ b/src/messages.js
@@ -0,0 +1,399 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+// Message parsing.
+//
+// Herein we need code for reading and writing the various Handshake
+// messages involved in the protocol.
+//
+
+import { BufferWriter, BufferReader } from './utils.js';
+import { ALERT_DESCRIPTION, TLSError } from './alerts.js';
+import { HASH_LENGTH } from './crypto.js';
+import { Extension, EXTENSION_TYPE } from './extensions.js';
+import {
+  VERSION_TLS_1_2,
+  VERSION_TLS_1_3,
+  TLS_AES_128_GCM_SHA256,
+  VERSION_TLS_1_0,
+} from './constants.js';
+
+/* eslint-disable sorting/sort-object-props */
+export const HANDSHAKE_TYPE = {
+  CLIENT_HELLO: 1,
+  SERVER_HELLO: 2,
+  NEW_SESSION_TICKET: 4,
+  ENCRYPTED_EXTENSIONS: 8,
+  FINISHED: 20,
+};
+/* eslint-enable sorting/sort-object-props */
+
+// Base class for generic reading/writing of handshake messages,
+// which are all uniformly formatted as:
+//
+//  struct {
+//    HandshakeType msg_type;    /* handshake type */
+//    uint24 length;             /* bytes in message */
+//    select(Handshake.msg_type) {
+//        ... type specific cases here ...
+//    };
+//  } Handshake;
+
+export class HandshakeMessage {
+
+  get TYPE_TAG() {
+    throw new Error('not implemented');
+  }
+
+  static fromBytes(bytes) {
+    // Each handshake message has a type and length prefix, per
+    // https://tools.ietf.org/html/rfc8446#appendix-B.3
+    const buf = new BufferReader(bytes);
+    const msg = this.read(buf);
+    if (buf.hasMoreBytes()) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    return msg;
+  }
+
+  toBytes() {
+    const buf = new BufferWriter();
+    this.write(buf);
+    return buf.flush();
+  }
+
+  static read(buf) {
+    const type = buf.readUint8();
+    let msg = null;
+    buf.readVector24(buf => {
+      switch (type) {
+        case HANDSHAKE_TYPE.CLIENT_HELLO:
+          msg = ClientHello._read(buf);
+          break;
+        case HANDSHAKE_TYPE.SERVER_HELLO:
+          msg = ServerHello._read(buf);
+          break;
+        case HANDSHAKE_TYPE.NEW_SESSION_TICKET:
+          msg = NewSessionTicket._read(buf);
+          break;
+        case HANDSHAKE_TYPE.ENCRYPTED_EXTENSIONS:
+          msg = EncryptedExtensions._read(buf);
+          break;
+        case HANDSHAKE_TYPE.FINISHED:
+          msg = Finished._read(buf);
+          break;
+      }
+      if (buf.hasMoreBytes()) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+    });
+    if (msg === null) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    return msg;
+  }
+
+  write(buf) {
+    buf.writeUint8(this.TYPE_TAG);
+    buf.writeVector24(buf => {
+      this._write(buf);
+    });
+  }
+
+  static _read(buf) {
+    throw new Error('not implemented');
+  }
+
+  _write(buf) {
+    throw new Error('not implemented');
+  }
+
+  // Some little helpers for reading a list of extensions,
+  // which is uniformly represented as:
+  //
+  //   Extension extensions<8..2^16-1>;
+  //
+  // Recognized extensions are returned as a Map from extension type
+  // to extension data object, with a special `lastSeenExtension`
+  // property to make it easy to check which one came last.
+
+  static _readExtensions(messageType, buf) {
+    const extensions = new Map();
+    buf.readVector16(buf => {
+      const ext = Extension.read(messageType, buf);
+      if (extensions.has(ext.TYPE_TAG)) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+      extensions.set(ext.TYPE_TAG, ext);
+      extensions.lastSeenExtension = ext.TYPE_TAG;
+    });
+    return extensions;
+  }
+
+  _writeExtensions(buf, extensions) {
+    buf.writeVector16(buf => {
+      extensions.forEach(ext => {
+        ext.write(this.TYPE_TAG, buf);
+      });
+    });
+  }
+}
+
+
+// The ClientHello message:
+//
+// struct {
+//   ProtocolVersion legacy_version = 0x0303;
+//   Random random;
+//   opaque legacy_session_id<0..32>;
+//   CipherSuite cipher_suites<2..2^16-2>;
+//   opaque legacy_compression_methods<1..2^8-1>;
+//   Extension extensions<8..2^16-1>;
+// } ClientHello;
+
+export class ClientHello extends HandshakeMessage {
+
+  constructor(random, sessionId, extensions) {
+    super();
+    this.random = random;
+    this.sessionId = sessionId;
+    this.extensions = extensions;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.CLIENT_HELLO;
+  }
+
+  static _read(buf) {
+    // The legacy_version field may indicate an earlier version of TLS
+    // for backwards compatibility, but must not predate TLS 1.0!
+    if (buf.readUint16() < VERSION_TLS_1_0) {
+      throw new TLSError(ALERT_DESCRIPTION.PROTOCOL_VERSION);
+    }
+    // The random bytes provided by the peer.
+    const random = buf.readBytes(32);
+    // Read legacy_session_id, so the server can echo it.
+    const sessionId = buf.readVectorBytes8();
+    // We only support a single ciphersuite, but the peer may offer several.
+    // Scan the list to confirm that the one we want is present.
+    let found = false;
+    buf.readVector16(buf => {
+      const cipherSuite = buf.readUint16();
+      if (cipherSuite === TLS_AES_128_GCM_SHA256) {
+        found = true;
+      }
+    });
+    if (! found) {
+      throw new TLSError(ALERT_DESCRIPTION.HANDSHAKE_FAILURE);
+    }
+    // legacy_compression_methods must be a single zero byte for TLS1.3 ClientHellos.
+    // It can be non-zero in previous versions of TLS, but we're not going to
+    // make a successful handshake with such versions, so better to just bail out now.
+    const legacyCompressionMethods = buf.readVectorBytes8();
+    if (legacyCompressionMethods.byteLength !== 1) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    if (legacyCompressionMethods[0] !== 0x00) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    // Read and check the extensions.
+    const extensions = this._readExtensions(HANDSHAKE_TYPE.CLIENT_HELLO, buf);
+    if (! extensions.has(EXTENSION_TYPE.SUPPORTED_VERSIONS)) {
+      throw new TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+    }
+    if (extensions.get(EXTENSION_TYPE.SUPPORTED_VERSIONS).versions.indexOf(VERSION_TLS_1_3) === -1) {
+      throw new TLSError(ALERT_DESCRIPTION.PROTOCOL_VERSION);
+    }
+    // Was the PreSharedKey extension the last one?
+    if (extensions.has(EXTENSION_TYPE.PRE_SHARED_KEY)) {
+      if (extensions.lastSeenExtension !== EXTENSION_TYPE.PRE_SHARED_KEY) {
+        throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+      }
+    }
+    return new this(random, sessionId, extensions);
+  }
+
+  _write(buf) {
+    buf.writeUint16(VERSION_TLS_1_2);
+    buf.writeBytes(this.random);
+    buf.writeVectorBytes8(this.sessionId);
+    // Our single supported ciphersuite
+    buf.writeVector16(buf => {
+      buf.writeUint16(TLS_AES_128_GCM_SHA256);
+    });
+    // A single zero byte for legacy_compression_methods
+    buf.writeVectorBytes8(new Uint8Array(1));
+    this._writeExtensions(buf, this.extensions);
+  }
+}
+
+
+// The ServerHello message:
+//
+//  struct {
+//      ProtocolVersion legacy_version = 0x0303;    /* TLS v1.2 */
+//      Random random;
+//      opaque legacy_session_id_echo<0..32>;
+//      CipherSuite cipher_suite;
+//      uint8 legacy_compression_method = 0;
+//      Extension extensions < 6..2 ^ 16 - 1 >;
+//  } ServerHello;
+
+export class ServerHello extends HandshakeMessage {
+
+  constructor(random, sessionId, extensions) {
+    super();
+    this.random = random;
+    this.sessionId = sessionId;
+    this.extensions = extensions;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.SERVER_HELLO;
+  }
+
+  static _read(buf) {
+    // Fixed value for legacy_version.
+    if (buf.readUint16() !== VERSION_TLS_1_2) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    // Random bytes from the server.
+    const random = buf.readBytes(32);
+    // It should have echoed our vector for legacy_session_id.
+    const sessionId = buf.readVectorBytes8();
+    // It should have selected our single offered ciphersuite.
+    if (buf.readUint16() !== TLS_AES_128_GCM_SHA256) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    // legacy_compression_method must be zero.
+    if (buf.readUint8() !== 0) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    const extensions = this._readExtensions(HANDSHAKE_TYPE.SERVER_HELLO, buf);
+    if (! extensions.has(EXTENSION_TYPE.SUPPORTED_VERSIONS)) {
+      throw new TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+    }
+    if (extensions.get(EXTENSION_TYPE.SUPPORTED_VERSIONS).selectedVersion !== VERSION_TLS_1_3) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    return new this(random, sessionId, extensions);
+  }
+
+  _write(buf) {
+    buf.writeUint16(VERSION_TLS_1_2);
+    buf.writeBytes(this.random);
+    buf.writeVectorBytes8(this.sessionId);
+    // Our single supported ciphersuite
+    buf.writeUint16(TLS_AES_128_GCM_SHA256);
+    // A single zero byte for legacy_compression_method
+    buf.writeUint8(0);
+    this._writeExtensions(buf, this.extensions);
+  }
+}
+
+
+// The EncryptedExtensions message:
+//
+//  struct {
+//    Extension extensions < 0..2 ^ 16 - 1 >;
+//  } EncryptedExtensions;
+//
+// We don't actually send any EncryptedExtensions,
+// but still have to send an empty message.
+
+export class EncryptedExtensions extends HandshakeMessage {
+  constructor(extensions) {
+    super();
+    this.extensions = extensions;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.ENCRYPTED_EXTENSIONS;
+  }
+
+  static _read(buf) {
+    const extensions = this._readExtensions(HANDSHAKE_TYPE.ENCRYPTED_EXTENSIONS, buf);
+    return new this(extensions);
+  }
+
+  _write(buf) {
+    this._writeExtensions(buf, this.extensions);
+  }
+}
+
+
+// The Finished message:
+//
+// struct {
+//   opaque verify_data[Hash.length];
+// } Finished;
+
+export class Finished extends HandshakeMessage {
+
+  constructor(verifyData) {
+    super();
+    this.verifyData = verifyData;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.FINISHED;
+  }
+
+  static _read(buf) {
+    const verifyData = buf.readBytes(HASH_LENGTH);
+    return new this(verifyData);
+  }
+
+  _write(buf) {
+    buf.writeBytes(this.verifyData);
+  }
+}
+
+
+// The NewSessionTicket message:
+//
+//   struct {
+//    uint32 ticket_lifetime;
+//    uint32 ticket_age_add;
+//    opaque ticket_nonce < 0..255 >;
+//    opaque ticket < 1..2 ^ 16 - 1 >;
+//    Extension extensions < 0..2 ^ 16 - 2 >;
+//  } NewSessionTicket;
+//
+// We don't actually make use of these, but we need to be able
+// to accept them and do basic validation.
+
+export class NewSessionTicket extends HandshakeMessage {
+  constructor(ticketLifetime, ticketAgeAdd, ticketNonce, ticket, extensions) {
+    super();
+    this.ticketLifetime = ticketLifetime;
+    this.ticketAgeAdd = ticketAgeAdd;
+    this.ticketNonce = ticketNonce;
+    this.ticket = ticket;
+    this.extensions = extensions;
+  }
+
+  get TYPE_TAG() {
+    return HANDSHAKE_TYPE.NEW_SESSION_TICKET;
+  }
+
+  static _read(buf) {
+    return new this(
+      buf.readUint32(), // ticket_lifetime
+      buf.readUint32(), // ticket_age_add
+      buf.readVectorBytes8(), // ticket_nonce
+      buf.readVectorBytes16(), // ticket
+      this._readExtensions(HANDSHAKE_TYPE.NEW_SESSION_TICKET, buf)
+    );
+  }
+
+  _write(buf) {
+    buf.writeUint32(this.ticketLifetime);
+    buf.writeUint32(this.ticketAgeAdd);
+    buf.writeVectorBytes8(this.ticketNonce);
+    buf.writeVectorBytes16(this.ticket);
+    this._writeExtensions(buf, this.extensions);
+  }
+}
diff --git a/src/recordlayer.js b/src/recordlayer.js
new file mode 100644
index 0000000..ff8b634
--- /dev/null
+++ b/src/recordlayer.js
@@ -0,0 +1,346 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+// This file implements the "record layer" for TLS1.3, as defined in
+// https://tools.ietf.org/html/rfc8446#section-5.
+//
+// The record layer is responsible for encrypting/decrypting bytes to be
+// sent over the wire, including stateful management of sequence numbers
+// for the incoming and outgoing stream.
+//
+// The main interface is the RecordLayer class, which takes a callback function
+// sending data and can be used like so:
+//
+//    rl = new RecordLayer(async function send_encrypted_data(data) {
+//      // application-specific sending logic here.
+//    });
+//
+//    // Records are sent and received in plaintext by default,
+//    // until you specify the key to use.
+//    await rl.setSendKey(key)
+//
+//    // Send some data by specifying the record type and the bytes.
+//    // Where allowed by the record type, it will be buffered until
+//    // explicitly flushed, and then sent by calling the callback.
+//    await rl.send(RECORD_TYPE.HANDSHAKE, <bytes for a handshake message>)
+//    await rl.send(RECORD_TYPE.HANDSHAKE, <bytes for another handshake message>)
+//    await rl.flush()
+//
+//    // Separate keys are used for sending and receiving.
+//    rl.setRecvKey(key);
+//
+//    // When data is received, push it into the RecordLayer
+//    // and pass a callback that will be called with a [type, bytes]
+//    // pair for each message parsed from the data.
+//    rl.recv(dataReceivedFromPeer, async (type, bytes) => {
+//      switch (type) {
+//        case RECORD_TYPE.APPLICATION_DATA:
+//          // do something with application data
+//        case RECORD_TYPE.HANDSHAKE:
+//          // do something with a handshake message
+//        default:
+//          // etc...
+//      }
+//    });
+//
+
+
+import { VERSION_TLS_1_2, VERSION_TLS_1_0 } from './constants.js';
+import { BufferReader, BufferWriter, EMPTY } from './utils.js';
+import { ALERT_DESCRIPTION, TLSError } from './alerts.js';
+import {
+  encrypt,
+  decrypt,
+  prepareKey,
+  hkdfExpandLabel,
+  AEAD_SIZE_INFLATION,
+  IV_LENGTH,
+  KEY_LENGTH,
+} from './crypto.js';
+
+/* eslint-disable sorting/sort-object-props */
+export const RECORD_TYPE = {
+  CHANGE_CIPHER_SPEC: 20,
+  ALERT: 21,
+  HANDSHAKE: 22,
+  APPLICATION_DATA: 23,
+};
+/* eslint-enable sorting/sort-object-props */
+
+// Encrypting at most 2^24 records will force us to stay
+// below data limits on AES-GCM encryption key use, and also
+// means we can accurately represent the sequence number as
+// a javascript double.
+const MAX_SEQUENCE_NUMBER = Math.pow(2, 24);
+const MAX_RECORD_SIZE = Math.pow(2, 14);
+const MAX_ENCRYPTED_RECORD_SIZE = MAX_RECORD_SIZE + 256;
+const RECORD_HEADER_SIZE = 5;
+
+// These are some helper classes to manage the encryption/decryption state
+// for a particular key.
+
+export class CipherState {
+  constructor(key, iv) {
+    this.key = key;
+    this.iv = iv;
+    this.seqnum = 0;
+  }
+
+  static async create(baseKey, mode) {
+    // Derive key and iv per https://tools.ietf.org/html/rfc8446#section-7.3
+    const key = await prepareKey(await hkdfExpandLabel(baseKey, 'key', EMPTY, KEY_LENGTH), mode);
+    const iv = await hkdfExpandLabel(baseKey, 'iv', EMPTY, IV_LENGTH);
+    return new this(key, iv);
+  }
+
+  nonce() {
+    // Ref https://tools.ietf.org/html/rfc8446#section-5.3:
+    // * left-pad the sequence number with zeros to IV_LENGTH
+    // * xor with the provided iv
+    // Our sequence numbers are always less than 2^24, so fit in a Uint32
+    // in the last 4 bytes of the nonce.
+    const nonce = this.iv.slice();
+    const dv = new DataView(nonce.buffer, nonce.byteLength - 4, 4);
+    dv.setUint32(0, dv.getUint32(0) ^ this.seqnum);
+    this.seqnum += 1;
+    if (this.seqnum > MAX_SEQUENCE_NUMBER) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    return nonce;
+  }
+}
+
+export class EncryptionState extends CipherState {
+  static async create(key) {
+    return super.create(key, 'encrypt');
+  }
+
+  async encrypt(plaintext, additionalData) {
+    return await encrypt(this.key, this.nonce(), plaintext, additionalData);
+  }
+}
+
+export class DecryptionState extends CipherState {
+  static async create(key) {
+    return super.create(key, 'decrypt');
+  }
+
+  async decrypt(ciphertext, additionalData) {
+    return await decrypt(this.key, this.nonce(), ciphertext, additionalData);
+  }
+}
+
+// The main RecordLayer class.
+
+export class RecordLayer {
+  constructor(sendCallback) {
+    this.sendCallback = sendCallback;
+    this._sendEncryptState = null;
+    this._sendError = null;
+    this._recvDecryptState = null;
+    this._recvError = null;
+    this._pendingRecordType = 0;
+    this._pendingRecordBuf = null;
+  }
+
+  async setSendKey(key) {
+    await this.flush();
+    this._sendEncryptState = await EncryptionState.create(key);
+  }
+
+  async setRecvKey(key) {
+    this._recvDecryptState = await DecryptionState.create(key);
+  }
+
+  async setSendError(err) {
+    this._sendError = err;
+  }
+
+  async setRecvError(err) {
+    this._recvError = err;
+  }
+
+  async send(type, data) {
+    if (this._sendError !== null) {
+      throw this._sendError;
+    }
+    // Forbid sending data that doesn't fit into a single record.
+    // We do not support fragmentation over multiple records.
+    if (data.byteLength > MAX_RECORD_SIZE) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    // Flush if we're switching to a different record type.
+    if (this._pendingRecordType && this._pendingRecordType !== type) {
+      await this.flush();
+    }
+    // Flush if we would overflow the max size of a record.
+    if (this._pendingRecordBuf !== null) {
+      if (this._pendingRecordBuf.tell() + data.byteLength > MAX_RECORD_SIZE) {
+        await this.flush();
+      }
+    }
+    // Start a new pending record if necessary.
+    // We reserve space at the start of the buffer for the record header,
+    // which is conveniently always a fixed size.
+    if (this._pendingRecordBuf === null) {
+      this._pendingRecordType = type;
+      this._pendingRecordBuf = new BufferWriter();
+      this._pendingRecordBuf.incr(RECORD_HEADER_SIZE);
+    }
+    this._pendingRecordBuf.writeBytes(data);
+  }
+
+  async flush() {
+    // If there's nothing to flush, bail out early.
+    // Don't throw `_sendError` if we're not sending anything, because `flush()`
+    // can be called when we're trying to transition into an error state.
+    const buf = this._pendingRecordBuf;
+    let type = this._pendingRecordType;
+    if (! type) {
+      if (buf !== null) {
+        throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+      }
+      return;
+    }
+    if (this._sendError !== null) {
+      throw this._sendError;
+    }
+    // If we're encrypting, turn the existing buffer contents into a `TLSInnerPlaintext` by
+    // appending the type. We don't do any zero-padding, although the spec allows it.
+    let inflation = 0, innerPlaintext = null;
+    if (this._sendEncryptState !== null) {
+      buf.writeUint8(type);
+      innerPlaintext = buf.slice(RECORD_HEADER_SIZE);
+      inflation = AEAD_SIZE_INFLATION;
+      type = RECORD_TYPE.APPLICATION_DATA;
+    }
+    // Write the common header for either `TLSPlaintext` or `TLSCiphertext` record.
+    const length = buf.tell() - RECORD_HEADER_SIZE + inflation;
+    buf.seek(0);
+    buf.writeUint8(type);
+    buf.writeUint16(VERSION_TLS_1_2);
+    buf.writeUint16(length);
+    // Followed by different payload depending on encryption status.
+    if (this._sendEncryptState !== null) {
+      const additionalData = buf.slice(0, RECORD_HEADER_SIZE);
+      const ciphertext = await this._sendEncryptState.encrypt(innerPlaintext, additionalData);
+      buf.writeBytes(ciphertext);
+    } else {
+      buf.incr(length);
+    }
+    this._pendingRecordBuf = null;
+    this._pendingRecordType = 0;
+    await this.sendCallback(buf.flush());
+  }
+
+  async recv(data) {
+    if (this._recvError !== null) {
+      throw this._recvError;
+    }
+    // For simplicity, we assume that the given data contains exactly one record.
+    // Peers using this library will send one record at a time over the websocket
+    // connection, and we can assume that the server-side websocket bridge will split
+    // up any traffic into individual records if we ever start interoperating with
+    // peers using a different TLS implementation.
+    // Similarly, we assume that handshake messages will not be fragmented across
+    // multiple records. This should be trivially true for the PSK-only mode used
+    // by this library, but we may want to relax it in future for interoperability
+    // with e.g. large ClientHello messages that contain lots of different options.
+    const buf = new BufferReader(data);
+    // The data to read is either a TLSPlaintext or TLSCiphertext struct,
+    // depending on whether record protection has been enabled yet:
+    //
+    //    struct {
+    //        ContentType type;
+    //        ProtocolVersion legacy_record_version;
+    //        uint16 length;
+    //        opaque fragment[TLSPlaintext.length];
+    //    } TLSPlaintext;
+    //
+    //    struct {
+    //        ContentType opaque_type = application_data; /* 23 */
+    //        ProtocolVersion legacy_record_version = 0x0303; /* TLS v1.2 */
+    //        uint16 length;
+    //        opaque encrypted_record[TLSCiphertext.length];
+    //    } TLSCiphertext;
+    //
+    let type = buf.readUint8();
+    // The spec says legacy_record_version "MUST be ignored for all purposes",
+    // but we know TLS1.3 implementations will only ever emit two possible values,
+    // so it seems useful to bail out early if we receive anything else.
+    const version = buf.readUint16();
+    if (version !== VERSION_TLS_1_2) {
+      // TLS1.0 is only acceptable on initial plaintext records.
+      if (this._recvDecryptState !== null || version !== VERSION_TLS_1_0) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+    }
+    const length = buf.readUint16();
+    let plaintext;
+    if (this._recvDecryptState === null || type === RECORD_TYPE.CHANGE_CIPHER_SPEC) {
+      [type, plaintext] = await this._readPlaintextRecord(type, length, buf);
+    } else {
+      [type, plaintext] = await this._readEncryptedRecord(type, length, buf);
+    }
+    // Sanity-check that we received exactly one record.
+    if (buf.hasMoreBytes()) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    return [type, plaintext];
+  }
+
+  // Helper to read an unencrypted `TLSPlaintext` struct
+
+  async _readPlaintextRecord(type, length, buf) {
+    if (length > MAX_RECORD_SIZE) {
+      throw new TLSError(ALERT_DESCRIPTION.RECORD_OVERFLOW);
+    }
+    return [type, buf.readBytes(length)];
+  }
+
+  // Helper to read an encrypted `TLSCiphertext` struct,
+  // decrypting it into plaintext.
+
+  async _readEncryptedRecord(type, length, buf) {
+    if (length > MAX_ENCRYPTED_RECORD_SIZE) {
+      throw new TLSError(ALERT_DESCRIPTION.RECORD_OVERFLOW);
+    }
+    // The outer type for encrypted records is always APPLICATION_DATA.
+    if (type !== RECORD_TYPE.APPLICATION_DATA) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    // Decrypt and decode the contained `TLSInnerPlaintext` struct:
+    //
+    //    struct {
+    //        opaque content[TLSPlaintext.length];
+    //        ContentType type;
+    //        uint8 zeros[length_of_padding];
+    //    } TLSInnerPlaintext;
+    //
+    // The additional data for the decryption is the `TLSCiphertext` record
+    // header, which is a fixed size and immediately prior to current buffer position.
+    buf.incr(-RECORD_HEADER_SIZE);
+    const additionalData = buf.readBytes(RECORD_HEADER_SIZE);
+    const ciphertext = buf.readBytes(length);
+    const paddedPlaintext = await this._recvDecryptState.decrypt(ciphertext, additionalData);
+    // We have to scan backwards over the zero padding at the end of the struct
+    // in order to find the non-zero `type` byte.
+    let i;
+    for (i = paddedPlaintext.byteLength - 1; i >= 0; i--) {
+      if (paddedPlaintext[i] !== 0) {
+        break;
+      }
+    }
+    if (i < 0) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    type = paddedPlaintext[i];
+    // `change_cipher_spec` records must always be plaintext.
+    if (type === RECORD_TYPE.CHANGE_CIPHER_SPEC) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    return [type, paddedPlaintext.slice(0, i)];
+  }
+}
diff --git a/src/rot128.js b/src/rot128.js
deleted file mode 100644
index c02751f..0000000
--- a/src/rot128.js
+++ /dev/null
@@ -1,124 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-'use strict';
-
-// The top-level APIs offered by this library are `InsecureClientConnection` and
-// `Insecure ServerConnection` classes.  They each take a callback to be used for
-// sending data to the remote peer, and operate like this:
-//
-//    conn = await InsecureClientConnection.create(psk, pskId, async function send_data_to_server(data) {
-//      // application-specific sending logic here.
-//    })
-//
-//    // Send data to the server by calling `send`,
-//    // which will use the callback provided in the constructor.
-//    // A single `send()` by the application may result in multiple
-//    // invokations of the callback.
-//
-//    await conn.send('application-level data')
-//
-//    // When data is received from the server, push it into
-//    // the connection and let it return any decrypted app-level data.
-//    // There might not be any app-level data if it was protocol control message,
-//    // and the receipt of the data might trigger additional calls to the
-//    // send callback for protocol control purposes.
-//
-//    serverSocket.on('data', async encrypted_data => {
-//      const plaintext = await conn.recv(data)
-//      if (plaintext !== null) {
-//        do_something_with_app_level_data(plaintext)
-//      }
-//    })
-//
-//    // It's good practice to explicitly close the connection
-//    // when finished.  This will send a "closed" notification
-//    // to the server.
-//
-//    await conn.close()
-//
-// The `InsecureServerConnection` API operates similarly; the distinction is mainly
-// in which side is expected to send vs receieve during the protocol handshake.
-
-import {
-  assert,
-  assertIsBytes,
-  bytesAreEqual,
-} from './utils.js';
-
-
-// !!!!!!!
-// !!
-// !!   N.B. In case it wasn't obvious, this is insecure!
-// !!
-// !!!!!!!
-//
-// This will be replaced by an implementation of the TLS1.3 PSK mode.
-// We're using a simple insecure quote-unquote cipher for now in order
-// to simulate the same sort of interface that the real crypto engine
-// will provide.
-
-class InsecureConnection {
-  constructor(psk, pskId, sendCallback) {
-    this.psk = assertIsBytes(psk);
-    this.pskId = assertIsBytes(pskId);
-    this.sendCallback = sendCallback;
-  }
-
-  // Subclasses will override this with some async initialization logic.
-  static async create(psk, pskId, sendCallback) {
-    return new this(psk, pskId, sendCallback);
-  }
-
-  // These are the three public API methods that
-  // consumers can use to connunicate over TLS.
-
-  async send(data) {
-    assertIsBytes(data);
-    await this.sendCallback(await this._rot128(data));
-  }
-
-  async recv(data) {
-    assertIsBytes(data);
-    return await this._rot128(data);
-  }
-
-  async close() { }
-
-  async _rot128(input) {
-    const output = new Uint8Array(input.byteLength);
-    for (let i = 0; i < input.byteLength; i++) {
-      output[i] = (input[i] + 128) & 0xFF;
-    }
-    return output;
-  }
-}
-
-
-export class InsecureClientConnection extends InsecureConnection {
-  static async create(psk, pskId, sendCallback) {
-    const instance = await super.create(psk, pskId, sendCallback);
-    // Prove to the server that we know the channel key.
-    await instance.send(instance.psk);
-    return instance;
-  }
-}
-
-
-export class InsecureServerConnection extends InsecureConnection {
-  constructor(psk, pskId, sendCallback) {
-    super(psk, pskId, sendCallback);
-    this.receivedHandshake = false;
-  }
-  async recv(data) {
-    // Make the client prove that it knows the channel key in first message.
-    let output = await super.recv(data);
-    if (! this.receivedHandshake) {
-      assert(bytesAreEqual(output, this.psk), 'psk mismatch');
-      this.receivedHandshake = true;
-      output = null;
-    }
-    return output;
-  }
-}
diff --git a/src/states.js b/src/states.js
new file mode 100644
index 0000000..e11e92d
--- /dev/null
+++ b/src/states.js
@@ -0,0 +1,418 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { bytesAreEqual, BufferWriter, zeros } from './utils.js';
+import { getRandomBytes, HASH_LENGTH } from './crypto.js';
+import { TLSAlert, TLSCloseNotify, TLSError, ALERT_DESCRIPTION } from './alerts.js';
+import {
+  ClientHello,
+  ServerHello,
+  EncryptedExtensions,
+  Finished,
+  NewSessionTicket
+} from './messages.js';
+import { SupportedVersionsExtension, PskKeyExchangeModesExtension, PreSharedKeyExtension, EXTENSION_TYPE } from './extensions.js';
+import { VERSION_TLS_1_3, PSK_MODE_KE } from './constants.js';
+
+//
+// State-machine for TLS Handshake Management.
+//
+// Internally, we manage the TLS connection by explicitly modelling the
+// client and server state-machines from RFC8446.  You can think of
+// these `State` objects as little plugins for the `Connection` class
+// that provide different behaviours of `send` and `receive` depending
+// on the state of the connection.
+//
+
+class State {
+
+  constructor(conn) {
+    this.conn = conn;
+  }
+
+  async initialize() {
+    // By default, nothing to do when entering the state.
+  }
+
+  async sendApplicationData(bytes) {
+    // By default, assume we're not ready to send yet and the caller
+    // should be blocking on the connection promise before reaching here.
+    throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+  }
+
+  async recvApplicationData(bytes) {
+    throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+  }
+
+  async recvHandshakeMessage(msg) {
+    throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+  }
+
+  async recvAlertMessage(alert) {
+    switch (alert.description) {
+      case ALERT_DESCRIPTION.CLOSE_NOTIFY:
+        this.conn._closeForRecv(alert);
+        throw alert;
+      default:
+        return await this.handleErrorAndRethrow(alert);
+    }
+  }
+
+  async recvChangeCipherSpec(bytes) {
+    throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+  }
+
+  async handleErrorAndRethrow(err) {
+    let alert = err;
+    if (! (alert instanceof TLSAlert)) {
+      alert = new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    // Try to send error alert to the peer, but we may not
+    // be able to if the outgoing connection was already closed.
+    try {
+      await this.conn._sendAlertMessage(alert);
+    } catch (_) { }
+    await this.conn._transition(ERROR, err);
+    throw err;
+  }
+
+  async close() {
+    const alert = new TLSCloseNotify();
+    await this.conn._sendAlertMessage(alert);
+    this.conn._closeForSend(alert);
+  }
+
+}
+
+// A special "guard" state to prevent us from using
+// an improperly-initialized Connection.
+
+export class UNINITIALIZED extends State {
+  async initialize() {
+    throw new Error('uninitialized state');
+  }
+  async sendApplicationData(bytes) {
+    throw new Error('uninitialized state');
+  }
+  async recvApplicationData(bytes) {
+    throw new Error('uninitialized state');
+  }
+  async recvHandshakeMessage(msg) {
+    throw new Error('uninitialized state');
+  }
+  async recvChangeCipherSpec(bytes) {
+    throw new Error('uninitialized state');
+  }
+  async handleErrorAndRethrow(err) {
+    throw err;
+  }
+  async close() {
+    throw new Error('uninitialized state');
+  }
+}
+
+// A special "error" state for when something goes wrong.
+// This state never transitions to another state, effectively
+// terminating the connection.
+
+export class ERROR extends State {
+  async initialize(err) {
+    this.error = err;
+    this.conn._setConnectionFailure(err);
+    // Unceremoniously shut down the record layer on error.
+    this.conn._recordlayer.setSendError(err);
+    this.conn._recordlayer.setRecvError(err);
+  }
+  async sendApplicationData(bytes) {
+    throw this.error;
+  }
+  async recvApplicationData(bytes) {
+    throw this.error;
+  }
+  async recvHandshakeMessage(msg) {
+    throw this.error;
+  }
+  async recvAlertMessage(err) {
+    throw this.error;
+  }
+  async recvChangeCipherSpec(bytes) {
+    throw this.error;
+  }
+  async handleErrorAndRethrow(err) {
+    throw err;
+  }
+  async close() {
+    throw this.error;
+  }
+}
+
+// The "connected" state, for when the handshake is complete
+// and we're ready to send application-level data.
+// The logic for this is largely symmetric between client and server.
+
+export class CONNECTED extends State {
+  async initialize() {
+    this.conn._setConnectionSuccess();
+  }
+  async sendApplicationData(bytes) {
+    await this.conn._sendApplicationData(bytes);
+  }
+  async recvApplicationData(bytes) {
+    return bytes;
+  }
+  async recvChangeCipherSpec(bytes) {
+    throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+  }
+}
+
+// A base class for states that occur in the middle of the handshake
+// (that is, between ClientHello and Finished).  These states may receive
+// CHANGE_CIPHER_SPEC records for b/w compat reasons, which must contain
+// exactly a single 0x01 byte and must otherwise be ignored.
+
+class MidHandshakeState extends State {
+  async recvChangeCipherSpec(bytes) {
+    if (this.conn._hasSeenChangeCipherSpec) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    if (bytes.byteLength !== 1 || bytes[0] !== 1) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    this.conn._hasSeenChangeCipherSpec = true;
+  }
+}
+
+// These states implement (part of) the client state-machine from
+// https://tools.ietf.org/html/rfc8446#appendix-A.1
+//
+// Since we're only implementing a small subset of TLS1.3,
+// we only need a small subset of the handshake.  It basically goes:
+//
+//   * send ClientHello
+//   * receive ServerHello
+//   * receive EncryptedExtensions
+//   * receive server Finished
+//   * send client Finished
+//
+// We include some unused states for completeness, so that it's easier
+// to check the implementation against the diagrams in the RFC.
+
+export class CLIENT_START extends State {
+  async initialize() {
+    const keyschedule = this.conn._keyschedule;
+    await keyschedule.addPSK(this.conn.psk);
+    // Construct a ClientHello message with our single PSK.
+    // We can't know the PSK binder value yet, so we initially write zeros.
+    const clientHello = new ClientHello(
+      // Client random salt.
+      await getRandomBytes(32),
+      // Random legacy_session_id; we *could* send an empty string here,
+      // but sending a random one makes it easier to be compatible with
+      // the data emitted by tlslite-ng for test-case generation.
+      await getRandomBytes(32),
+      [
+        new SupportedVersionsExtension([VERSION_TLS_1_3]),
+        new PskKeyExchangeModesExtension([PSK_MODE_KE]),
+        new PreSharedKeyExtension([this.conn.pskId], [zeros(HASH_LENGTH)]),
+      ],
+    );
+    const buf = new BufferWriter();
+    clientHello.write(buf);
+    // Now that we know what the ClientHello looks like,
+    // go back and calculate the appropriate PSK binder value.
+    // We only support a single PSK, so the length of the binders field is the
+    // length of the hash plus one for rendering it as a variable-length byte array,
+    // plus two for rendering the variable-length list of PSK binders.
+    const PSK_BINDERS_SIZE = HASH_LENGTH + 1 + 2;
+    const truncatedTranscript = buf.slice(0, buf.tell() - PSK_BINDERS_SIZE);
+    const pskBinder = await keyschedule.calculateFinishedMAC(keyschedule.extBinderKey, truncatedTranscript);
+    buf.incr(-HASH_LENGTH);
+    buf.writeBytes(pskBinder);
+    await this.conn._sendHandshakeMessageBytes(buf.flush());
+    await this.conn._transition(CLIENT_WAIT_SH, clientHello.sessionId);
+  }
+}
+
+class CLIENT_WAIT_SH extends State {
+  async initialize(sessionId) {
+    this._sessionId = sessionId;
+  }
+  async recvHandshakeMessage(msg) {
+    if (! (msg instanceof ServerHello)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    if (! bytesAreEqual(msg.sessionId, this._sessionId)) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    const pskExt = msg.extensions.get(EXTENSION_TYPE.PRE_SHARED_KEY);
+    if (! pskExt) {
+      throw new TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+    }
+    if (msg.extensions.size !== 2) {
+      throw new TLSError(ALERT_DESCRIPTION.UNSUPPORTED_EXTENSION);
+    }
+    if (pskExt.selectedIdentity !== 0) {
+      throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
+    }
+    await this.conn._keyschedule.addECDHE(null);
+    await this.conn._setSendKey(this.conn._keyschedule.clientHandshakeTrafficSecret);
+    await this.conn._setRecvKey(this.conn._keyschedule.serverHandshakeTrafficSecret);
+    await this.conn._transition(CLIENT_WAIT_EE);
+  }
+}
+
+class CLIENT_WAIT_EE extends MidHandshakeState {
+  async recvHandshakeMessage(msg) {
+    // We don't make use of any encrypted extensions, but we still
+    // have to wait for the server to send the (empty) list of them.
+    if (! (msg instanceof EncryptedExtensions)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    // We do not support any EncryptedExtensions.
+    if (msg.extensions.size !== 0) {
+      throw new TLSError(ALERT_DESCRIPTION.UNSUPPORTED_EXTENSION);
+    }
+    const keyschedule = this.conn._keyschedule;
+    const serverFinishedTranscript = keyschedule.getTranscript();
+    await this.conn._transition(CLIENT_WAIT_FINISHED, serverFinishedTranscript);
+  }
+}
+
+class CLIENT_WAIT_FINISHED extends MidHandshakeState {
+  async initialize(serverFinishedTranscript) {
+    this._serverFinishedTranscript = serverFinishedTranscript;
+  }
+  async recvHandshakeMessage(msg) {
+    if (! (msg instanceof Finished)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    // Verify server Finished MAC.
+    const keyschedule = this.conn._keyschedule;
+    await keyschedule.verifyFinishedMAC(keyschedule.serverHandshakeTrafficSecret, msg.verifyData, this._serverFinishedTranscript);
+    // Send our own Finished message in return.
+    // This must be encrypted with the handshake traffic key,
+    // but must not appear in the transcript used to calculate the application keys.
+    const clientFinishedMAC = await keyschedule.calculateFinishedMAC(keyschedule.clientHandshakeTrafficSecret);
+    await keyschedule.finalize();
+    await this.conn._sendHandshakeMessage(new Finished(clientFinishedMAC));
+    await this.conn._setSendKey(keyschedule.clientApplicationTrafficSecret);
+    await this.conn._setRecvKey(keyschedule.serverApplicationTrafficSecret);
+    await this.conn._transition(CLIENT_CONNECTED);
+  }
+}
+
+export class CLIENT_CONNECTED extends CONNECTED {
+  async recvHandshakeMessage(msg) {
+    // A connected client must be prepared to accept NewSessionTicket
+    // messages.  We never use them, but other server implementations
+    // might send them.
+    if (! (msg instanceof NewSessionTicket)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+  }
+}
+
+// These states implement (part of) the server state-machine from
+// https://tools.ietf.org/html/rfc8446#appendix-A.2
+//
+// Since we're only implementing a small subset of TLS1.3,
+// we only need a small subset of the handshake.  It basically goes:
+//
+//   * receive ClientHello
+//   * send ServerHello
+//   * send empty EncryptedExtensions
+//   * send server Finished
+//   * receive client Finished
+//
+// We include some unused states for completeness, so that it's easier
+// to check the implementation against the diagrams in the RFC.
+
+export class SERVER_START extends State {
+  async recvHandshakeMessage(msg) {
+    if (! (msg instanceof ClientHello)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    // In the spec, this is where we select connection parameters, and maybe
+    // tell the client to try again if we can't find a compatible set.
+    // Since we only support a fixed cipherset, the only thing to "negotiate"
+    // is whether they provided an acceptable PSK.
+    const pskExt = msg.extensions.get(EXTENSION_TYPE.PRE_SHARED_KEY);
+    const pskModesExt = msg.extensions.get(EXTENSION_TYPE.PSK_KEY_EXCHANGE_MODES);
+    if (! pskExt || ! pskModesExt) {
+      throw new TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
+    }
+    if (pskModesExt.modes.indexOf(PSK_MODE_KE) === -1) {
+      throw new TLSError(ALERT_DESCRIPTION.HANDSHAKE_FAILURE);
+    }
+    const pskIndex = pskExt.identities.findIndex(pskId => bytesAreEqual(pskId, this.conn.pskId));
+    if (pskIndex === -1) {
+      throw new TLSError(ALERT_DESCRIPTION.UNKNOWN_PSK_IDENTITY);
+    }
+    await this.conn._keyschedule.addPSK(this.conn.psk);
+    // Validate the PSK binder.
+    const keyschedule = this.conn._keyschedule;
+    const transcript = keyschedule.getTranscript();
+    // Calculate size occupied by the PSK binders.
+    let pskBindersSize = 2; // Vector16 representation overhead.
+    for (const binder of pskExt.binders) {
+      pskBindersSize += binder.byteLength + 1; // Vector8 representation overhead.
+    }
+    await keyschedule.verifyFinishedMAC(keyschedule.extBinderKey, pskExt.binders[pskIndex], transcript.slice(0, -pskBindersSize));
+    await this.conn._transition(SERVER_NEGOTIATED, msg.sessionId, pskIndex);
+  }
+}
+
+class SERVER_NEGOTIATED extends MidHandshakeState {
+  async initialize(sessionId, pskIndex) {
+    await this.conn._sendHandshakeMessage(new ServerHello(
+      // Server random
+      await getRandomBytes(32),
+      sessionId,
+      [
+        new SupportedVersionsExtension(null, VERSION_TLS_1_3),
+        new PreSharedKeyExtension(null, null, pskIndex),
+      ]
+    ));
+    // If the client sent a non-empty sessionId, the server *must* send a change-cipher-spec for b/w compat.
+    if (sessionId.byteLength > 0) {
+      await this.conn._sendChangeCipherSpec();
+    }
+    // We can now transition to the encrypted part of the handshake.
+    const keyschedule = this.conn._keyschedule;
+    await keyschedule.addECDHE(null);
+    await this.conn._setSendKey(keyschedule.serverHandshakeTrafficSecret);
+    await this.conn._setRecvKey(keyschedule.clientHandshakeTrafficSecret);
+    // Send an empty EncryptedExtensions message.
+    await this.conn._sendHandshakeMessage(new EncryptedExtensions([]));
+    // Send the Finished message.
+    const serverFinishedMAC = await keyschedule.calculateFinishedMAC(keyschedule.serverHandshakeTrafficSecret);
+    await this.conn._sendHandshakeMessage(new Finished(serverFinishedMAC));
+    // We can now *send* using the application traffic key,
+    // but have to wait to receive the client Finished before receiving under that key.
+    // We need to remember the handshake state from before the client Finished
+    // in order to successfully verify the client Finished.
+    const clientFinishedTranscript = await keyschedule.getTranscript();
+    const clientHandshakeTrafficSecret = keyschedule.clientHandshakeTrafficSecret;
+    await keyschedule.finalize();
+    await this.conn._setSendKey(keyschedule.serverApplicationTrafficSecret);
+    await this.conn._transition(SERVER_WAIT_FINISHED, clientHandshakeTrafficSecret, clientFinishedTranscript);
+  }
+}
+
+class SERVER_WAIT_FINISHED extends MidHandshakeState {
+  async initialize(clientHandshakeTrafficSecret, clientFinishedTranscript) {
+    this._clientHandshakeTrafficSecret = clientHandshakeTrafficSecret;
+    this._clientFinishedTranscript = clientFinishedTranscript;
+  }
+  async recvHandshakeMessage(msg) {
+    if (! (msg instanceof Finished)) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    const keyschedule = this.conn._keyschedule;
+    await keyschedule.verifyFinishedMAC(this._clientHandshakeTrafficSecret, msg.verifyData, this._clientFinishedTranscript);
+    this._clientHandshakeTrafficSecret = this._clientFinishedTranscript = null;
+    await this.conn._setRecvKey(keyschedule.clientApplicationTrafficSecret);
+    await this.conn._transition(CONNECTED);
+  }
+}
diff --git a/src/tlsconnection.js b/src/tlsconnection.js
new file mode 100644
index 0000000..9dd2e69
--- /dev/null
+++ b/src/tlsconnection.js
@@ -0,0 +1,253 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// The top-level APIs offered by this module are `ClientConnection` and
+// `ServerConnection` classes, which provide authenticated and encrypted
+// communication via the "externally-provisioned PSK" mode of TLS1.3.
+// They each take a callback to be used for sending data to the remote peer,
+// and operate like this:
+//
+//    conn = await ClientConnection.create(psk, pskId, async function send_data_to_server(data) {
+//      // application-specific sending logic here.
+//    })
+//
+//    // Send data to the server by calling `send`,
+//    // which will use the callback provided in the constructor.
+//    // A single `send()` by the application may result in multiple
+//    // invokations of the callback.
+//
+//    await conn.send('application-level data')
+//
+//    // When data is received from the server, push it into
+//    // the connection and let it return any decrypted app-level data.
+//    // There might not be any app-level data if it was a protocol control
+//    //  message, and the receipt of the data might trigger additional calls
+//    // to the send callback for protocol control purposes.
+//
+//    serverSocket.on('data', async encrypted_data => {
+//      const plaintext = await conn.recv(data)
+//      if (plaintext !== null) {
+//        do_something_with_app_level_data(plaintext)
+//      }
+//    })
+//
+//    // It's good practice to explicitly close the connection
+//    // when finished.  This will send a "closed" notification
+//    // to the server.
+//
+//    await conn.close()
+//
+//    // When the peer sends a "closed" notification it will show up
+//    // as a `TLSCloseNotify` exception from recv:
+//
+//    try {
+//      await conn.recv(data);
+//    } catch (err) {
+//      if (! (err instanceof TLSCloseNotify) { throw err }
+//      do_something_to_cleanly_close_data_connection();
+//    }
+//
+// The `ServerConnection` API operates similarly; the distinction is mainly
+// in which side is expected to send vs receieve during the protocol handshake.
+
+import * as STATE from './states.js';
+import { assertIsBytes, noop, BufferReader } from './utils.js';
+import { HandshakeMessage } from './messages.js';
+import { KeySchedule } from './keyschedule.js';
+import { RecordLayer, RECORD_TYPE } from './recordlayer.js';
+import { TLSAlert, TLSError, ALERT_DESCRIPTION } from './alerts.js';
+import { TLSCloseNotify } from './index.js';
+
+
+export class Connection {
+  constructor(psk, pskId, sendCallback) {
+    this.psk = assertIsBytes(psk);
+    this.pskId = assertIsBytes(pskId);
+    this.connected = new Promise((resolve, reject) => {
+      this._onConnectionSuccess = resolve;
+      this._onConnectionFailure = reject;
+    });
+    this._state = new STATE.UNINITIALIZED(this);
+    this._handshakeRecvBuffer = null;
+    this._hasSeenChangeCipherSpec = false;
+    this._recordlayer = new RecordLayer(sendCallback);
+    this._keyschedule = new KeySchedule();
+    this._lastPromise = Promise.resolve();
+  }
+
+  // Subclasses will override this with some async initialization logic.
+  static async create(psk, pskId, sendCallback) {
+    return new this(psk, pskId, sendCallback);
+  }
+
+  // These are the three public API methods that consumers can use
+  // to send and receive data encrypted with TLS1.3.
+
+  async send(data) {
+    assertIsBytes(data);
+    await this.connected;
+    await this._synchronized(async () => {
+      await this._state.sendApplicationData(data);
+    });
+  }
+
+  async recv(data) {
+    assertIsBytes(data);
+    return await this._synchronized(async () => {
+      // Decrypt the data using the record layer.
+      // We expect to receive precisely one record at a time.
+      const [type, bytes] = await this._recordlayer.recv(data);
+      // Dispatch based on the type of the record.
+      switch (type) {
+        case RECORD_TYPE.CHANGE_CIPHER_SPEC:
+          await this._state.recvChangeCipherSpec(bytes);
+          return null;
+        case RECORD_TYPE.ALERT:
+          await this._state.recvAlertMessage(TLSAlert.fromBytes(bytes));
+          return null;
+        case RECORD_TYPE.APPLICATION_DATA:
+          return await this._state.recvApplicationData(bytes);
+        case RECORD_TYPE.HANDSHAKE:
+          // Multiple handshake messages may be coalesced into a single record.
+          // Store the in-progress record buffer on `this` so that we can guard
+          // against handshake messages that span a change in keys.
+          this._handshakeRecvBuffer = new BufferReader(bytes);
+          if (! this._handshakeRecvBuffer.hasMoreBytes()) {
+            throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+          }
+          do {
+            // Each handshake messages has a type and length prefix, per
+            // https://tools.ietf.org/html/rfc8446#appendix-B.3
+            this._handshakeRecvBuffer.incr(1);
+            const mlength = this._handshakeRecvBuffer.readUint24();
+            this._handshakeRecvBuffer.incr(-4);
+            const messageBytes = this._handshakeRecvBuffer.readBytes(mlength + 4);
+            this._keyschedule.addToTranscript(messageBytes);
+            await this._state.recvHandshakeMessage(HandshakeMessage.fromBytes(messageBytes));
+          } while (this._handshakeRecvBuffer.hasMoreBytes());
+          this._handshakeRecvBuffer = null;
+          return null;
+        default:
+          throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+      }
+    });
+  }
+
+  async close() {
+    await this._synchronized(async () => {
+      await this._state.close();
+    });
+  }
+
+  // Ensure that async functions execute one at a time,
+  // by waiting for the previous call to `_synchronized()` to complete
+  // before starting a new one.  This helps ensure that we complete
+  // one state-machine transition before starting to do the next.
+  // It's also a convenient place to catch and alert on errors.
+
+  _synchronized(cb) {
+    const nextPromise = this._lastPromise.then(() => {
+      return cb();
+    }).catch(async err => {
+      if (err instanceof TLSCloseNotify) {
+        throw err;
+      }
+      await this._state.handleErrorAndRethrow(err);
+    });
+    // We don't want to hold on to the return value or error,
+    // just synchronize on the fact that it completed.
+    this._lastPromise = nextPromise.then(noop, noop);
+    return nextPromise;
+  }
+
+  // This drives internal transition of the state-machine,
+  // ensuring that the new state is properly initialized.
+
+  async _transition(State, ...args) {
+    this._state = new State(this);
+    await this._state.initialize(...args);
+    await this._recordlayer.flush();
+  }
+
+  // These are helpers to allow the State to manipulate the recordlayer
+  // and send out various types of data.
+
+  async _sendApplicationData(bytes) {
+    await this._recordlayer.send(RECORD_TYPE.APPLICATION_DATA, bytes);
+    await this._recordlayer.flush();
+  }
+
+  async _sendHandshakeMessage(msg) {
+    await this._sendHandshakeMessageBytes(msg.toBytes());
+  }
+
+  async _sendHandshakeMessageBytes(bytes) {
+    this._keyschedule.addToTranscript(bytes);
+    await this._recordlayer.send(RECORD_TYPE.HANDSHAKE, bytes);
+    // Don't flush after each handshake message, since we can probably
+    // coalesce multiple messages into a single record.
+  }
+
+  async _sendAlertMessage(err) {
+    await this._recordlayer.send(RECORD_TYPE.ALERT, err.toBytes());
+    await this._recordlayer.flush();
+  }
+
+  async _sendChangeCipherSpec() {
+    await this._recordlayer.send(RECORD_TYPE.CHANGE_CIPHER_SPEC, new Uint8Array([0x01]));
+    await this._recordlayer.flush();
+  }
+
+  async _setSendKey(key) {
+    return await this._recordlayer.setSendKey(key);
+  }
+
+  async _setRecvKey(key) {
+    // Handshake messages that change keys must be on a record boundary.
+    if (this._handshakeRecvBuffer && this._handshakeRecvBuffer.hasMoreBytes()) {
+      throw new TLSError(ALERT_DESCRIPTION.UNEXPECTED_MESSAGE);
+    }
+    return await this._recordlayer.setRecvKey(key);
+  }
+
+  _setConnectionSuccess() {
+    if (this._onConnectionSuccess !== null) {
+      this._onConnectionSuccess();
+      this._onConnectionSuccess = null;
+      this._onConnectionFailure = null;
+    }
+  }
+
+  _setConnectionFailure(err) {
+    if (this._onConnectionFailure !== null) {
+      this._onConnectionFailure(err);
+      this._onConnectionSuccess = null;
+      this._onConnectionFailure = null;
+    }
+  }
+
+  _closeForSend(alert) {
+    this._recordlayer.setSendError(alert);
+  }
+
+  _closeForRecv(alert) {
+    this._recordlayer.setRecvError(alert);
+  }
+}
+
+export class ClientConnection extends Connection {
+  static async create(psk, pskId, sendCallback) {
+    const instance = await super.create(psk, pskId, sendCallback);
+    await instance._transition(STATE.CLIENT_START);
+    return instance;
+  }
+}
+
+export class ServerConnection extends Connection {
+  static async create(psk, pskId, sendCallback) {
+    const instance = await super.create(psk, pskId, sendCallback);
+    await instance._transition(STATE.SERVER_START);
+    return instance;
+  }
+}
diff --git a/src/utils.js b/src/utils.js
index f4d4caa..3624064 100644
--- a/src/utils.js
+++ b/src/utils.js
@@ -2,7 +2,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-'use strict';
+import { ALERT_DESCRIPTION, TLSError } from './alerts';
 
 //
 // Various low-level utility functions.
@@ -11,7 +11,6 @@
 // the primitive "bytes" type.
 //
 
-
 const UTF8_ENCODER = new TextEncoder();
 const UTF8_DECODER = new TextDecoder();
 
@@ -24,11 +23,23 @@ export function assert(cond, msg) {
 }
 
 export function assertIsBytes(value, msg = 'value must be a Uint8Array') {
-  // XXX: Disabled until Gecko problems are resolved
-  //assert(value instanceof Uint8Array, msg);
+  // Using `value instanceof Uint8Array` seems to fail in Firefox chrome code
+  // for inscrutable reasons, so we do a less direct check.
+  assert(ArrayBuffer.isView(value), msg);
+  assert(value.BYTES_PER_ELEMENT === 1, msg);
   return value;
 }
 
+export const EMPTY = new Uint8Array(0);
+
+export function zeros(n) {
+  return new Uint8Array(n);
+}
+
+export function arrayToBytes(value) {
+  return new Uint8Array(value);
+}
+
 export function bytesToHex(bytes) {
   return Array.prototype.map.call(bytes, byte => {
     let s = byte.toString(16);
@@ -62,13 +73,345 @@ export function utf8ToBytes(str) {
   return UTF8_ENCODER.encode(str);
 }
 
+export function bytesToBase64url(bytes) {
+  // XXX TODO: try to use something constant-time, in case calling code
+  // uses it to encode secrets?
+  const charCodes = String.fromCharCode.apply(String, bytes);
+  return btoa(charCodes).replace(/\+/g, '-').replace(/\//g, '_');
+}
+
+export function base64urlToBytes(str) {
+  // XXX TODO: try to use something constant-time, in case calling code
+  // uses it to decode secrets?
+  str = atob(str.replace(/-/g, '+').replace(/_/g, '/'));
+  const bytes = new Uint8Array(str.length);
+  for (let i = 0; i < str.length; i++) {
+    bytes[i] = str.charCodeAt(i);
+  }
+  return bytes;
+}
+
 export function bytesAreEqual(v1, v2) {
+  assertIsBytes(v1);
+  assertIsBytes(v2);
   if (v1.length !== v2.length) {
     return false;
   }
-  let mismatch = false;
   for (let i = 0; i < v1.length; i++) {
-    mismatch &= v1[i] !== v2[i];
+    if (v1[i] !== v2[i]) {
+      return false;
+    }
+  }
+  return true;
+}
+
+// The `BufferReader` and `BufferWriter` classes are helpers for dealing with the
+// binary struct format that's used for various TLS message.  Think of them as a
+// buffer with a pointer to the "current position" and a bunch of helper methods
+// to read/write structured data and advance said pointer.
+
+class BufferWithPointer {
+  constructor(buf) {
+    this._buffer = buf;
+    this._dataview = new DataView(buf.buffer, buf.byteOffset, buf.byteLength);
+    this._pos = 0;
+  }
+
+  length() {
+    return this._buffer.byteLength;
+  }
+
+  tell() {
+    return this._pos;
+  }
+
+  seek(pos) {
+    if (pos < 0) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    if (pos > this.length()) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+    this._pos = pos;
+  }
+
+  incr(offset) {
+    this.seek(this._pos + offset);
+  }
+}
+
+// The `BufferReader` class helps you read structured data from a byte array.
+// It offers methods for reading both primitive values, and the variable-length
+// vector structures defined in https://tools.ietf.org/html/rfc8446#section-3.4.
+//
+// Such vectors are represented as a length followed by the concatenated
+// bytes of each item, and the size of the length field is determined by
+// the maximum allowed number of bytes in the vector.  For example
+// to read a vector that may contain up to 65535 bytes, use `readVector16`.
+//
+// To read a variable-length vector of between 1 and 100 uint16 values,
+// defined in the RFC like this:
+//
+//    uint16 items<2..200>;
+//
+// You would do something like this:
+//
+//    const items = []
+//    buf.readVector8(buf => {
+//      items.push(buf.readUint16())
+//    })
+//
+// The various `read` will throw `DECODE_ERROR` if you attempt to read path
+// the end of the buffer, or past the end of a variable-length list.
+//
+export class BufferReader extends BufferWithPointer {
+
+  hasMoreBytes() {
+    return this.tell() < this.length();
+  }
+
+  readBytes(length) {
+    // This avoids copies by returning a view onto the existing buffer.
+    const start = this._buffer.byteOffset + this.tell();
+    this.incr(length);
+    return new Uint8Array(this._buffer.buffer, start, length);
+  }
+
+  _rangeErrorToAlert(cb) {
+    try {
+      return cb(this);
+    } catch (err) {
+      if (err instanceof RangeError) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+      throw err;
+    }
+  }
+
+  readUint8() {
+    return this._rangeErrorToAlert(() => {
+      const n = this._dataview.getUint8(this._pos);
+      this.incr(1);
+      return n;
+    });
+  }
+
+  readUint16() {
+    return this._rangeErrorToAlert(() => {
+      const n = this._dataview.getUint16(this._pos);
+      this.incr(2);
+      return n;
+    });
+  }
+
+  readUint24() {
+    return this._rangeErrorToAlert(() => {
+      let n = this._dataview.getUint16(this._pos);
+      n = (n << 8) | this._dataview.getUint8(this._pos + 2);
+      this.incr(3);
+      return n;
+    });
+  }
+
+  readUint32() {
+    return this._rangeErrorToAlert(() => {
+      const n = this._dataview.getUint32(this._pos);
+      this.incr(4);
+      return n;
+    });
+  }
+
+  _readVector(length, cb) {
+    const contentsBuf = new BufferReader(this.readBytes(length));
+    const expectedEnd = this.tell();
+    // Keep calling the callback until we've consumed the expected number of bytes.
+    let n = 0;
+    while (contentsBuf.hasMoreBytes()) {
+      const prevPos = contentsBuf.tell();
+      cb(contentsBuf, n);
+      // Check that the callback made forward progress, otherwise we'll infinite loop.
+      if (contentsBuf.tell() <= prevPos) {
+        throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+      }
+      n += 1;
+    }
+    // Check that the callback correctly consumed the vector's entire contents.
+    if (this.tell() !== expectedEnd) {
+      throw new TLSError(ALERT_DESCRIPTION.DECODE_ERROR);
+    }
+  }
+
+  readVector8(cb) {
+    const length = this.readUint8();
+    return this._readVector(length, cb);
+  }
+
+  readVector16(cb) {
+    const length = this.readUint16();
+    return this._readVector(length, cb);
+  }
+
+  readVector24(cb) {
+    const length = this.readUint24();
+    return this._readVector(length, cb);
+  }
+
+  readVectorBytes8() {
+    return this.readBytes(this.readUint8());
+  }
+
+  readVectorBytes16() {
+    return this.readBytes(this.readUint16());
+  }
+
+  readVectorBytes24() {
+    return this.readBytes(this.readUint24());
+  }
+}
+
+
+export class BufferWriter extends BufferWithPointer {
+  constructor(size = 1024) {
+    super(new Uint8Array(size));
+  }
+
+  _maybeGrow(n) {
+    const curSize = this._buffer.byteLength;
+    const newPos = this._pos + n;
+    const shortfall = newPos - curSize;
+    if (shortfall > 0) {
+      // Classic grow-by-doubling, up to 4kB max increment.
+      // This formula was not arrived at by any particular science.
+      const incr = Math.min(curSize, 4 * 1024);
+      const newbuf = new Uint8Array(curSize + Math.ceil(shortfall / incr) * incr);
+      newbuf.set(this._buffer, 0);
+      this._buffer = newbuf;
+      this._dataview = new DataView(newbuf.buffer, newbuf.byteOffset, newbuf.byteLength);
+    }
+  }
+
+  slice(start = 0, end = this.tell()) {
+    if (end < 0) {
+      end = this.tell() + end;
+    }
+    if (start < 0) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    if (end < 0) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    if (end > this.length()) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    return this._buffer.slice(start, end);
+  }
+
+  flush() {
+    const slice = this.slice();
+    this.seek(0);
+    return slice;
+  }
+
+  writeBytes(data) {
+    this._maybeGrow(data.byteLength);
+    this._buffer.set(data, this.tell());
+    this.incr(data.byteLength);
+  }
+
+  writeUint8(n) {
+    this._maybeGrow(1);
+    this._dataview.setUint8(this._pos, n);
+    this.incr(1);
+  }
+
+  writeUint16(n) {
+    this._maybeGrow(2);
+    this._dataview.setUint16(this._pos, n);
+    this.incr(2);
+  }
+
+  writeUint24(n) {
+    this._maybeGrow(3);
+    this._dataview.setUint16(this._pos, n >> 8);
+    this._dataview.setUint8(this._pos + 2, n & 0xFF);
+    this.incr(3);
+  }
+
+  writeUint32(n) {
+    this._maybeGrow(4);
+    this._dataview.setUint32(this._pos, n);
+    this.incr(4);
+  }
+
+  // These are helpers for writing the variable-length vector structure
+  // defined in https://tools.ietf.org/html/rfc8446#section-3.4.
+  //
+  // Such vectors are represented as a length followed by the concatenated
+  // bytes of each item, and the size of the length field is determined by
+  // the maximum allowed size of the vector.  For example to write a vector
+  // that may contain up to 65535 bytes, use `writeVector16`.
+  //
+  // To write a variable-length vector of between 1 and 100 uint16 values,
+  // defined in the RFC like this:
+  //
+  //    uint16 items<2..200>;
+  //
+  // You would do something like this:
+  //
+  //    buf.writeVector8(buf => {
+  //      for (let item of items) {
+  //          buf.writeUint16(item)
+  //      }
+  //    })
+  //
+  // The helper will automatically take care of writing the appropriate
+  // length field once the callback completes.
+
+  _writeVector(maxLength, writeLength, cb) {
+    // Initially, write the length field as zero.
+    const lengthPos = this.tell();
+    writeLength(0);
+    // Call the callback to write the vector items.
+    const bodyPos = this.tell();
+    cb(this);
+    const length = this.tell() - bodyPos;
+    if (length >= maxLength) {
+      throw new TLSError(ALERT_DESCRIPTION.INTERNAL_ERROR);
+    }
+    // Backfill the actual length field.
+    this.seek(lengthPos);
+    writeLength(length);
+    this.incr(length);
+    return length;
+  }
+
+  writeVector8(cb) {
+    return this._writeVector(Math.pow(2, 8), len => this.writeUint8(len), cb);
+  }
+
+  writeVector16(cb) {
+    return this._writeVector(Math.pow(2, 16), len => this.writeUint16(len), cb);
+  }
+
+  writeVector24(cb) {
+    return this._writeVector(Math.pow(2, 24), len => this.writeUint24(len), cb);
+  }
+
+  writeVectorBytes8(bytes) {
+    return this.writeVector8(buf => {
+      buf.writeBytes(bytes);
+    });
+  }
+
+  writeVectorBytes16(bytes) {
+    return this.writeVector16(buf => {
+      buf.writeBytes(bytes);
+    });
+  }
+
+  writeVectorBytes24(bytes) {
+    return this.writeVector24(buf => {
+      buf.writeBytes(bytes);
+    });
   }
-  return ! mismatch;
 }
diff --git a/test/.eslintrc.yml b/test/.eslintrc.yml
index 85e4b31..e5bb3a4 100644
--- a/test/.eslintrc.yml
+++ b/test/.eslintrc.yml
@@ -1,7 +1,31 @@
 parserOptions:
   sourceType: script
-env:
-  node: true
 globals:
   assert: true
+  sinon: true
   FxAccountsPairingChannel: true
+  BufferReader: true
+  BufferWriter: true
+  ClientConnection: true
+  Connection: true
+  DecryptionState: true
+  EncryptedExtensions: true
+  EncryptionState: true
+  Finished: true
+  HASH_LENGTH: true
+  KeySchedule: true
+  NewSessionTicket: true
+  RecordLayer: true
+  ServerConnection: true
+  TEST_VECTORS: true
+  TLSCloseNotify: true
+  TLSError: true
+  arrayToBytes: true
+  bytesAreEqual: true
+  bytesToHex: true
+  bytesToUtf8: true
+  hexToBytes: true
+  hkdfExpand: true
+  testHelpers: true
+  utf8ToBytes: true
+  zeros: true
diff --git a/test/FxAccountsPairingChannel.js b/test/FxAccountsPairingChannel.js
index 2a5accb..12d8ceb 100644
--- a/test/FxAccountsPairingChannel.js
+++ b/test/FxAccountsPairingChannel.js
@@ -2,18 +2,60 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+
+/* eslint-disable no-unused-vars */
+const {
+  TLSCloseNotify,
+  TLSError,
+  PairingChannel,
+} = FxAccountsPairingChannel;
+
+const {
+  BufferReader,
+  BufferWriter,
+  ClientConnection,
+  Connection,
+  DecryptionState,
+  EncryptedExtensions,
+  EncryptionState,
+  Finished,
+  HASH_LENGTH,
+  KeySchedule,
+  NewSessionTicket,
+  RecordLayer,
+  ServerConnection,
+  arrayToBytes,
+  hexToBytes,
+  hkdfExpand,
+  bytesAreEqual,
+  bytesToHex,
+  bytesToUtf8,
+  utf8ToBytes,
+  zeros,
+} = FxAccountsPairingChannel._internals;
+/* eslint-enable no-unused-vars */
+
 describe('FxAccountsPairingChannel', () => {
   const CHANNEL_SERVER = 'wss://dev.channelserver.nonprod.cloudops.mozgcp.net';
 
-  describe('a Client and Server connected together', () => {
+  it('throws when network connection fails', async () => {
+    await assert.throwsAsync(async () => {
+      await PairingChannel.create('wss://this.should.not.work');
+    }, Error, 'Error while creating the pairing channel');
+  });
+
+  describe('a Client and Server connected together', function () {
+    // These tests hit the network, cut them some slack.
+    this.timeout(10000);
 
     it('should communicate successfully if they have the same PSK', async () => {
       // Use some careful promises to stitch the two peers together
       // into a single state-machine that doesn't have any deadlocks.
       const CLIENT_RECV = [];
       const SERVER_RECV = [];
-      const server = await FxAccountsPairingChannel.InsecurePairingChannel.create(CHANNEL_SERVER);
-      const messageReceived = new Promise((resolve, reject) => {
+      const server = await PairingChannel.create(CHANNEL_SERVER);
+
+      const serverReceived = new Promise((resolve, reject) => {
         server.addEventListener('message', ({detail: {data}}) => {
           SERVER_RECV.push(data.msg);
           resolve();
@@ -23,44 +65,68 @@ describe('FxAccountsPairingChannel', () => {
         });
       });
       const {channelId, channelKey} = server;
-      const client = await FxAccountsPairingChannel.InsecurePairingChannel.connect(CHANNEL_SERVER, channelId, channelKey);
-      client.addEventListener('message', ({detail: {data}}) => {
-        CLIENT_RECV.push(data.msg);
+      const client = await PairingChannel.connect(CHANNEL_SERVER, channelId, channelKey);
+      const clientReceived = new Promise((resolve, reject) => {
+        client.addEventListener('message', ({ detail: { data } }) => {
+          CLIENT_RECV.push(data);
+          resolve();
+        });
+        client.addEventListener('error', err => {
+          reject(err);
+        });
       });
 
       // Send some application-level data.
       await client.send({msg: 'Hi test message!'});
 
-      await messageReceived;
+      await serverReceived;
 
       // Server receives client ApplicationData.
+      assert.equal(CLIENT_RECV.length, 0);
+      assert.equal(SERVER_RECV.length, 1);
       assert.equal(SERVER_RECV[0], 'Hi test message!');
+
+      // Server responds and closes.
+      await server.send('Oh look, a response!');
+
+      await clientReceived;
+
+      assert.equal(CLIENT_RECV.length, 1);
+      assert.equal(SERVER_RECV.length, 1);
+      assert.equal(CLIENT_RECV[0], 'Oh look, a response!');
+
+      await server.close();
+      await client.close();
+      assert.ok(server.closed);
+      assert.ok(client.closed);
     });
 
     it('should fail to complete the handshake if they have a different PSK', async () => {
-      // const SERVER_ERR = [];
-      // const SERVER_RECV = [];
-      // const server = await FxAccountsPairingChannel.InsecurePairingChannel.create(CHANNEL_SERVER);
-      // server.addEventListener('message', ({detail: {payload}}) => {
-      //   SERVER_RECV.push(new TextDecoder().decode(payload));
-      // });
-      // const errorReceived = new Promise(res => {
-      //   server.addEventListener('error', event => {
-      //     SERVER_ERR.push(event);
-      //     res();
-      //   });
-      // });
-      // const {channelId} = server;
-      // const wrongPsk = new Uint8Array(crypto.getRandomValues(new Uint8Array(server.channelKey.length)));
-      // const client = await FxAccountsPairingChannel.InsecurePairingChannel.connect(CHANNEL_SERVER, channelId, wrongPsk);
-
-      // await client.send(new TextEncoder().encode('Hi test message!'));
-
-      // await errorReceived;
-
-      // assert.equal(SERVER_ERR[0].error, 'boom');
-      // assert.equal(SERVER_RECV[0].length, 0);
-    });
+      const SERVER_ERR = [];
+      const SERVER_RECV = [];
+      const server = await PairingChannel.create(CHANNEL_SERVER);
+      server.addEventListener('message', ({detail: {payload}}) => {
+        SERVER_RECV.push(new TextDecoder().decode(payload));
+      });
+      const errorReceived = new Promise(res => {
+        server.addEventListener('error', event => {
+          //console.log('ERROR RECV', event.detail, event.detail.error);
+          SERVER_ERR.push(event);
+          res();
+        });
+      });
+      const {channelId} = server;
+      const wrongPsk = new Uint8Array(crypto.getRandomValues(new Uint8Array(server.channelKey.length)));
+      const client = await PairingChannel.connect(CHANNEL_SERVER, channelId, wrongPsk);
+
+      assert.throwsAsync(async () => {
+        await client.send(new TextEncoder().encode('Hi test message!'));
+      }, TLSError, 'DECRYPT_ERROR');
 
+      await errorReceived;
+
+      assert.equal(SERVER_ERR[0].detail.error.message, 'TLS Alert: DECRYPT_ERROR (51)');
+      assert.equal(SERVER_RECV.length, 0);
+    });
   });
 });
diff --git a/test/helpers.js b/test/helpers.js
new file mode 100644
index 0000000..f5e5a3b
--- /dev/null
+++ b/test/helpers.js
@@ -0,0 +1,265 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+assert.throwsAsync = (fn, errorLike, errMsgMatcher, message) => {
+  let threw = null;
+  return fn().catch(err => {
+    threw = err;
+  }).then(() => {
+    // Use synchronous `assert.throws` to get all the nice matching logic.
+    assert.throws(() => {
+      if (threw) {
+        throw threw;
+      }
+    }, errorLike, errMsgMatcher, message);
+  });
+};
+
+// These are helper functions for generating a variety of byte structs
+// used by the protocol, optionally with a variety of errors or irregularities
+// for testing purposes.
+//
+// The code here duplicates some of the logic of the classes we use for
+// creating such structs in the source codebase itself, and a future refactor
+// might enable us to reduce that duplication.  For now though, it seems better
+// to suffer such duplication than to add things to the source codebase that
+// might accidentally generate badly-formed data in production use.
+
+const testHelpers = {
+
+  nextTick: function() {
+    return new Promise(res => setTimeout(res, 1));
+  },
+
+  tamper: function (bytes, where = 0) {
+    const tampered = bytes.slice();
+    tampered[where] += 1;
+    assert.notOk(bytesAreEqual(bytes, tampered));
+    return tampered;
+  },
+
+  decryptInnerPlaintext: async function (cipherstate, bytes) {
+    return await cipherstate.decrypt(bytes.slice(5), bytes.slice(0, 5));
+  },
+
+  makePlaintextRecord: function (opts) {
+    const buf = new BufferWriter();
+    const content = typeof opts.content !== 'undefined' ? opts.content : arrayToBytes([1, 2, 3, 4, 5]);
+    buf.writeUint8(typeof opts.type !== 'undefined' ? opts.type : 22);
+    buf.writeUint16(typeof opts.version !== 'undefined' ? opts.version : 0x0303);
+    buf.writeUint16(typeof opts.contentLength !== 'undefined' ? opts.contentLength : content.byteLength);
+    buf.writeBytes(content);
+    if (typeof opts.trailer !== 'undefined') {
+      buf.writeBytes(opts.trailer);
+    }
+    return buf.flush();
+  },
+
+  makeEncryptedInnerPlaintext: async function (cipherstate, opts) {
+    const adBuf = new BufferWriter();
+    const innerPlaintextBuf = new BufferWriter();
+    const plaintext = typeof opts.content !== 'undefined' ? opts.content : arrayToBytes([1, 2, 3, 4, 5]);
+    if (typeof opts.innerPlaintext !== 'undefined') {
+      innerPlaintextBuf.writeBytes(opts.innerPlaintext);
+    } else {
+      innerPlaintextBuf.writeBytes(plaintext);
+      innerPlaintextBuf.writeUint8(typeof opts.type !== 'undefined' ? opts.type : 23);
+      if (opts.padding) {
+        innerPlaintextBuf.writeBytes(zeros(opts.padding));
+      }
+    }
+    const ciphertextLength = innerPlaintextBuf.tell() + 16;
+    adBuf.writeUint8(typeof opts.outerType !== 'undefined' ? opts.outerType : 23);
+    adBuf.writeUint16(typeof opts.outerVersion !== 'undefined' ? opts.outerVersion : 0x0303);
+    adBuf.writeUint16(typeof opts.ciphertextLength !== 'undefined' ? opts.ciphertextLength : ciphertextLength);
+    const ciphertext = await cipherstate.encrypt(innerPlaintextBuf.flush(), adBuf.flush());
+    return ciphertext;
+  },
+
+  makeEncryptedRecord: async function (cipherstate, opts) {
+    let ciphertext = opts.ciphertext;
+    if (typeof ciphertext === 'undefined') {
+      ciphertext = await testHelpers.makeEncryptedInnerPlaintext(cipherstate, opts);
+    }
+    return testHelpers.makePlaintextRecord({
+      content: ciphertext,
+      contentLength: opts.outerContentLength,
+      trailer: opts.outerTrailer,
+      type: typeof opts.outerType !== 'undefined' ? opts.outerType : 23,
+      version: opts.outerVersion,
+    });
+  },
+
+  makeEncryptionState: async function(key, seqnum = 0) {
+    const encryptor = await EncryptionState.create(key);
+    encryptor.seqnum = seqnum;
+    return encryptor;
+  },
+
+  makeDecryptionState: async function (key, seqnum = 0) {
+    const decryptor = await DecryptionState.create(key);
+    decryptor.seqnum = seqnum;
+    return decryptor;
+  },
+
+  makeClientHelloRecord: async function(opts, psk) {
+    const clientHello = testHelpers.makeClientHelloMessage(opts);
+    if (psk) {
+      await testHelpers.signClientHelloMessage(clientHello, psk);
+    }
+    return testHelpers.makePlaintextRecord({
+      content: clientHello,
+      type: 22,
+    });
+  },
+
+  makeHandshakeMessage: function (opts) {
+    const buf = new BufferWriter();
+    buf.writeUint8(typeof opts.type !== 'undefined' ? opts.type : 0);
+    buf.writeVector24(buf => {
+      buf.writeBytes(typeof opts.content !== 'undefined' ? opts.content : zeros(0));
+    });
+    return buf.flush();
+  },
+
+  makeClientHelloMessage: function(opts) {
+    const buf = new BufferWriter();
+    buf.writeUint8(1);
+    buf.writeVector24(buf => {
+      buf.writeUint16(typeof opts.version !== 'undefined' ? opts.version : 0x0303);
+      buf.writeBytes(typeof opts.random !== 'undefined' ? opts.random : zeros(32));
+      buf.writeVectorBytes8(typeof opts.sessionId !== 'undefined' ? opts.sessionId : zeros(0));
+      buf.writeVector16(buf => {
+        const ciphersuites = typeof opts.ciphersuites !== 'undefined' ? opts.ciphersuites : [0x1301];
+        for (const ciphersuite of ciphersuites) {
+          buf.writeUint16(ciphersuite);
+        }
+      });
+      buf.writeVectorBytes8(typeof opts.compressionMethods !== 'undefined' ? opts.compressionMethods : zeros(1));
+      buf.writeVector16(buf => {
+        let extensions = opts.extensions;
+        if (typeof extensions === 'undefined') {
+          extensions = [
+            testHelpers.makeSupportedVersionsExtension([0x0304]),
+            testHelpers.makePskKeyExchangeModesExtension([0x00]),
+            testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+          ];
+        }
+        for (const { type, data, length } of extensions) {
+          buf.writeUint16(type);
+          buf.writeUint16(length || data.byteLength);
+          buf.writeBytes(data);
+        }
+      });
+      if (typeof opts.trailer !== 'undefined') {
+        buf.writeBytes(opts.trailer);
+      }
+    });
+    return buf.flush();
+  },
+
+  signClientHelloMessage: async function (clientHello, psk) {
+    const PSK_BINDERS_SIZE = HASH_LENGTH + 1 + 2;
+    const keyschedule = new KeySchedule();
+    await keyschedule.addPSK(psk);
+    const binder = await keyschedule.calculateFinishedMAC(keyschedule.extBinderKey, clientHello.slice(0, -PSK_BINDERS_SIZE));
+    clientHello.set(binder, clientHello.byteLength - binder.byteLength);
+  },
+
+  makeServerHelloMessage: function (opts) {
+    const buf = new BufferWriter();
+    buf.writeUint8(2);
+    buf.writeVector24(buf => {
+      buf.writeUint16(typeof opts.version !== 'undefined' ? opts.version : 0x0303);
+      buf.writeBytes(typeof opts.random !== 'undefined' ? opts.random : zeros(32));
+      buf.writeVectorBytes8(typeof opts.sessionId !== 'undefined' ? opts.sessionId : TEST_VECTORS.SESSION_ID);
+      buf.writeUint16(typeof opts.ciphersuite !== 'undefined' ? opts.ciphersuite : 0x1301);
+      buf.writeUint8(typeof opts.compressionMethod !== 'undefined' ? opts.compressionMethod : 0x00);
+      buf.writeVector16(buf => {
+        let extensions = opts.extensions;
+        if (typeof extensions === 'undefined') {
+          extensions = [
+            testHelpers.makeSupportedVersionsExtension(0x0304),
+            testHelpers.makePreSharedKeyExtension(0)
+          ];
+        }
+        for (const { type, data, length } of extensions) {
+          buf.writeUint16(type);
+          buf.writeUint16(length || data.byteLength);
+          buf.writeBytes(data);
+        }
+      });
+      if (typeof opts.trailer !== 'undefined') {
+        buf.writeBytes(opts.trailer);
+      }
+    });
+    return buf.flush();
+  },
+
+  makeEncryptedExtensionsMessage: function (opts) {
+    const buf = new BufferWriter();
+    buf.writeUint8(8);
+    buf.writeVector24(buf => {
+      buf.writeVector16(buf => {
+        const extensions = typeof opts.extensions !== 'undefined' ? opts.extensions : [];
+        for (const { type, data, length } of extensions) {
+          buf.writeUint16(type);
+          buf.writeUint16(length || data.byteLength);
+          buf.writeBytes(data);
+        }
+      });
+    });
+    return buf.flush();
+  },
+
+  makeSupportedVersionsExtension: function (versions) {
+    const buf = new BufferWriter();
+    if (! Array.isArray(versions)) {
+      buf.writeUint16(versions);
+    } else {
+      buf.writeVector8(buf => {
+        for (const version of versions) {
+          buf.writeUint16(version);
+        }
+      });
+    }
+    return { data: buf.flush(), type: 43 };
+  },
+
+  makePskKeyExchangeModesExtension: function (modes) {
+    const buf = new BufferWriter();
+    buf.writeVector8(buf => {
+      for (const mode of modes) {
+        buf.writeUint8(mode);
+      }
+    });
+    return { data: buf.flush(), type: 45 };
+  },
+
+  makePreSharedKeyExtension: function (psks, binders) {
+    const buf = new BufferWriter();
+    if (! Array.isArray(psks)) {
+      buf.writeUint16(psks);
+    } else {
+      buf.writeVector16(buf => {
+        for (const pskId of psks) {
+          buf.writeVectorBytes16(pskId);
+          buf.writeUint32(0);
+        }
+      });
+      buf.writeVector16(buf => {
+        for (const binder of binders) {
+          buf.writeVectorBytes8(binder);
+        }
+      });
+    }
+    return { data: buf.flush(), type: 41 };
+  },
+
+  makeCookieExtension: function (cookie) {
+    const buf = new BufferWriter();
+    buf.writeVectorBytes16(cookie);
+    return { data: buf.flush(), type: 44 };
+  }
+};
diff --git a/test/karma.conf.js b/test/karma.conf.js
index 499bd21..599dd63 100644
--- a/test/karma.conf.js
+++ b/test/karma.conf.js
@@ -9,14 +9,20 @@ module.exports = function (config) {
         // require specific files after Mocha is initialized
         require: [
           require.resolve('../node_modules/chai/chai.js'),
-          require.resolve('../dist/FxAccountsPairingChannel.babel.umd.js'),
+          require.resolve('../dist/FxAccountsPairingChannel.babel.umd.coverage.js'),
         ],
       }
     },
+    coverageReporter: {
+      dir: '../coverage/',
+      type: 'html'
+    },
     files: [
+      '../dist/FxAccountsPairingChannel.babel.umd.coverage.js',
       '**/*.js'
     ],
-    frameworks: ['mocha', 'chai'],
+    frameworks: ['mocha', 'chai', 'sinon'],
     nocache: true,
+    reporters: ['progress', 'coverage']
   });
 };
diff --git a/test/keyschedule.js b/test/keyschedule.js
new file mode 100644
index 0000000..879e550
--- /dev/null
+++ b/test/keyschedule.js
@@ -0,0 +1,124 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+describe('the KeySchedule class', () => {
+
+  let ks;
+  beforeEach(() => {
+    ks = new KeySchedule();
+  });
+
+  it('errors if adding ECDHE output before PSK', async () => {
+    await assert.throwsAsync(async () => {
+      await ks.addECDHE(null);
+    }, TLSError, 'INTERNAL_ERROR');
+  });
+
+  it('errors if finalizing before PSK', async () => {
+    await assert.throwsAsync(async () => {
+      await ks.finalize();
+    }, TLSError, 'INTERNAL_ERROR');
+  });
+
+  describe('accepts a PSK, and then', () => {
+    beforeEach(async () => {
+      await ks.addPSK(TEST_VECTORS.PSK);
+    });
+
+    it('calculates the correct intermediate keys', () => {
+      assert.ok(bytesAreEqual(
+        ks.extBinderKey,
+        TEST_VECTORS.KEYS_EXT_BINDER
+      ));
+      assert.equal(ks.clientHandshakeTrafficSecret, null);
+      assert.equal(ks.serverHandshakeTrafficSecret, null);
+      assert.equal(ks.clientApplicationTrafficSecret, null);
+      assert.equal(ks.serverApplicationTrafficSecret, null);
+    });
+
+    it('errors if adding PSK again', async () => {
+      await assert.throwsAsync(async () => {
+        await ks.addPSK(TEST_VECTORS.PSK);
+      }, TLSError, 'INTERNAL_ERROR');
+    });
+
+    it('errors if finalizing before ECDHE output', async () => {
+      await assert.throwsAsync(async () => {
+        await ks.finalize();
+      }, TLSError, 'INTERNAL_ERROR');
+    });
+
+    describe('accepts ECDHE output, and then', () => {
+      beforeEach(async () => {
+        ks.addToTranscript(TEST_VECTORS.KEYS_PLAINTEXT_TRANSCRIPT);
+        await ks.addECDHE(null);
+      });
+
+      it('calculates the correct intermediate keys', () => {
+        assert.equal(ks.extBinderKey, null);
+        assert.ok(bytesAreEqual(
+          ks.clientHandshakeTrafficSecret,
+          TEST_VECTORS.KEYS_CLIENT_HANDSHAKE_TRAFFIC_SECRET
+        ));
+        assert.ok(bytesAreEqual(
+          ks.serverHandshakeTrafficSecret,
+          TEST_VECTORS.KEYS_SERVER_HANDSHAKE_TRAFFIC_SECRET
+        ));
+        assert.equal(ks.clientApplicationTrafficSecret, null);
+        assert.equal(ks.serverApplicationTrafficSecret, null);
+      });
+
+      it('errors if adding PSK again', async () => {
+        await assert.throwsAsync(async () => {
+          await ks.addPSK(null);
+        }, TLSError, 'INTERNAL_ERROR');
+      });
+
+      it('errors if adding ECDHE output again', async () => {
+        await assert.throwsAsync(async () => {
+          await ks.addECDHE(null);
+        }, TLSError, 'INTERNAL_ERROR');
+      });
+
+      describe('can be finalized, and then', () => {
+        beforeEach(async () => {
+          ks.addToTranscript(TEST_VECTORS.KEYS_ENCRYPTED_TRANSCRIPT);
+          await ks.finalize();
+        });
+
+        it('calculates the correct final keys', () => {
+          assert.equal(ks.extBinderKey, null);
+          assert.equal(ks.clientHandshakeTrafficSecret, null);
+          assert.equal(ks.serverHandshakeTrafficSecret, null);
+          assert.ok(bytesAreEqual(
+            ks.clientApplicationTrafficSecret,
+            TEST_VECTORS.KEYS_CLIENT_APPLICATION_TRAFFIC_SECRET_0
+          ));
+          assert.ok(bytesAreEqual(
+            ks.serverApplicationTrafficSecret,
+            TEST_VECTORS.KEYS_SERVER_APPLICATION_TRAFFIC_SECRET_0
+          ));
+        });
+
+        it('errors if adding PSK again', async () => {
+          await assert.throwsAsync(async () => {
+            await ks.addPSK(null);
+          }, TLSError, 'INTERNAL_ERROR');
+        });
+
+        it('errors if adding ECDHE output again', async () => {
+          await assert.throwsAsync(async () => {
+            await ks.addECDHE(null);
+          }, TLSError, 'INTERNAL_ERROR');
+        });
+
+        it('errors if finalizing again', async () => {
+          await assert.throwsAsync(async () => {
+            await ks.finalize();
+          }, TLSError, 'INTERNAL_ERROR');
+        });
+      });
+    });
+  });
+});
diff --git a/test/misc.js b/test/misc.js
new file mode 100644
index 0000000..73e1bbf
--- /dev/null
+++ b/test/misc.js
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+describe('HKDF', () => {
+  it('refuses to generate ridiculously large quantities of hash output', async () => {
+    await assert.throwsAsync(async () => {
+      await hkdfExpand(TEST_VECTORS.PSK, zeros(32), 32 * 256);
+    }, TLSError, 'INTERNAL_ERROR');
+  });
+
+  it('refuses to generate zero-length hash output', async () => {
+    await assert.throwsAsync(async () => {
+      await hkdfExpand(TEST_VECTORS.PSK, zeros(32), 0);
+    }, TLSError, 'INTERNAL_ERROR');
+    await assert.throwsAsync(async () => {
+      await hkdfExpand(TEST_VECTORS.PSK, zeros(32), -1);
+    }, TLSError, 'INTERNAL_ERROR');
+  });
+});
+
+describe('TLSError', () => {
+  it('gives a useful default name to unknown description numbers', async () => {
+    const err = new TLSError(255);
+    assert.equal(err.message, 'TLS Alert: UNKNOWN (255)');
+  });
+});
diff --git a/test/recordlayer.js b/test/recordlayer.js
new file mode 100644
index 0000000..b335659
--- /dev/null
+++ b/test/recordlayer.js
@@ -0,0 +1,396 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const MAX_RECORD_SIZE = Math.pow(2, 14);
+const MAX_ENCRYPTED_RECORD_SIZE = MAX_RECORD_SIZE + 256;
+const MAX_SEQUENCE_NUMBER = Math.pow(2, 24);
+
+describe('the EncryptionState and DecryptionState classes', () => {
+  let es, ds;
+
+  beforeEach(async () => {
+    es = await EncryptionState.create(zeros(32));
+    ds = await DecryptionState.create(zeros(32));
+  });
+
+  it('uses crypto.subtle to encrypt and decrypt stuff', async () => {
+    let data;
+    sinon.spy(crypto.subtle, 'encrypt');
+    try {
+      data = await es.encrypt(TEST_VECTORS.SERVER_RAW_APP_DATA, zeros(12));
+      assert.equal(crypto.subtle.encrypt.callCount, 1);
+    } finally {
+      crypto.subtle.encrypt.restore();
+    }
+    sinon.spy(crypto.subtle, 'decrypt');
+    try {
+      assert.ok(bytesAreEqual(
+        await ds.decrypt(data, zeros(12)),
+        TEST_VECTORS.SERVER_RAW_APP_DATA
+      ));
+    } finally {
+      crypto.subtle.decrypt.restore();
+    }
+  });
+
+  it('prevent wrapping of the sequence number', async () => {
+    es.seqnum = MAX_SEQUENCE_NUMBER - 1;
+    await es.encrypt(TEST_VECTORS.SERVER_RAW_APP_DATA, zeros(12));
+    assert.equal(es.seqnum, MAX_SEQUENCE_NUMBER);
+    await assert.throwsAsync(async () => {
+      await es.encrypt(TEST_VECTORS.SERVER_RAW_APP_DATA, zeros(12));
+    }, TLSError, 'INTERNAL_ERROR');
+
+    ds.seqnum = MAX_SEQUENCE_NUMBER;
+    await assert.throwsAsync(async () => {
+      await ds.decrypt(TEST_VECTORS.SERVER_RAW_APP_DATA, zeros(12));
+    }, TLSError, 'INTERNAL_ERROR');
+  });
+});
+
+describe('the RecordLayer class', () => {
+
+  let rl, SENT_DATA;
+
+  beforeEach(() => {
+    SENT_DATA = [];
+    rl = new RecordLayer(data => SENT_DATA.push(data));
+  });
+
+  describe('when sending', () => {
+    it('starts off sending plaintext records', async () => {
+      await rl.send(22, utf8ToBytes('hello world'));
+      assert.equal(SENT_DATA.length, 0);
+      await rl.flush();
+      assert.equal(SENT_DATA.length, 1);
+      assert.equal(SENT_DATA[0][0], 22);
+      assert.equal(SENT_DATA[0][1], 0x03);
+      assert.equal(SENT_DATA[0][2], 0x03);
+      assert.equal(SENT_DATA[0][3], 0);
+      assert.equal(SENT_DATA[0][4], 11);
+      assert.equal(bytesToUtf8(SENT_DATA[0].slice(5)), 'hello world');
+    });
+
+    it('does not send anything on flush if no data is buffered', async () => {
+      await rl.flush();
+      assert.equal(SENT_DATA.length, 0);
+    });
+
+    it('combines multiple sends of the same type into a single record', async () => {
+      await rl.send(22, utf8ToBytes('hello world'));
+      await rl.send(22, utf8ToBytes('hello again'));
+      assert.equal(SENT_DATA.length, 0);
+      await rl.flush();
+      assert.equal(SENT_DATA.length, 1);
+      assert.equal(SENT_DATA[0][0], 22);
+      assert.equal(SENT_DATA[0][1], 0x03);
+      assert.equal(SENT_DATA[0][2], 0x03);
+      assert.equal(SENT_DATA[0][3], 0);
+      assert.equal(SENT_DATA[0][4], 22);
+      assert.equal(bytesToUtf8(SENT_DATA[0].slice(5)), 'hello worldhello again');
+    });
+
+    it('refuses to send data that would exceed the max record size', async () => {
+      await assert.throwsAsync(async () => {
+        await rl.send(22, zeros(MAX_RECORD_SIZE + 1));
+      }, TLSError, 'INTERNAL_ERROR');
+    });
+
+    it('flushes multiple sends when they would combine to exceed the max record size', async () => {
+      await rl.send(22, utf8ToBytes('hello world'));
+      await rl.send(22, zeros(MAX_RECORD_SIZE - 1));
+      assert.equal(SENT_DATA.length, 1);
+      await rl.flush();
+      assert.equal(SENT_DATA.length, 2);
+      assert.equal(bytesToUtf8(SENT_DATA[0].slice(5)), 'hello world');
+      assert.equal(bytesToHex(SENT_DATA[1].slice(5, 10)), '0000000000');
+    });
+
+    describe('after setting a send key', () => {
+      let decryptor;
+
+      // helper function for decrypting sent records.
+      async function decryptInnerPlaintext(bytes) {
+        const plaintext = await testHelpers.decryptInnerPlaintext(decryptor, bytes);
+        return [plaintext.slice(0, -1), plaintext[plaintext.byteLength - 1]];
+      }
+
+      beforeEach(async () => {
+        const key = zeros(32);
+        crypto.getRandomValues(key);
+        decryptor = await DecryptionState.create(key);
+        await rl.setSendKey(key);
+        assert.ok(rl._sendEncryptState);
+        assert.equal(rl._recvDecryptState, null);
+      });
+
+      it('will send encrypted handshake records', async () => {
+        await rl.send(22, utf8ToBytes('hello world'));
+        await rl.flush();
+        assert.equal(SENT_DATA.length, 1);
+        assert.equal(SENT_DATA[0][0], 23);
+        assert.equal(SENT_DATA[0][1], 0x03);
+        assert.equal(SENT_DATA[0][2], 0x03);
+        assert.equal(SENT_DATA[0][3], 0);
+        assert.equal(SENT_DATA[0][4], 11 + 1 + 16);
+        const ciphertext = SENT_DATA[0].slice(5);
+        assert.equal(ciphertext.byteLength, 11 + 1 + 16);
+        const [content, type] = await decryptInnerPlaintext(SENT_DATA[0]);
+        assert.equal(bytesToUtf8(content), 'hello world');
+        assert.equal(type, 22);
+      });
+
+      it('will send encrypted application data records', async () => {
+        await rl.send(23, utf8ToBytes('hello world'));
+        await rl.flush();
+        assert.equal(SENT_DATA.length, 1);
+        assert.equal(SENT_DATA[0][0], 23);
+        assert.equal(SENT_DATA[0][1], 0x03);
+        assert.equal(SENT_DATA[0][2], 0x03);
+        assert.equal(SENT_DATA[0][3], 0);
+        assert.equal(SENT_DATA[0][4], 11 + 1 + 16);
+        const ciphertext = SENT_DATA[0].slice(5);
+        assert.equal(ciphertext.byteLength, 11 + 1 + 16);
+        const [content, type] = await decryptInnerPlaintext(SENT_DATA[0]);
+        assert.equal(bytesToUtf8(content), 'hello world');
+        assert.equal(type, 23);
+      });
+
+      it('flushes between multiple sends when they have different types', async () => {
+        await rl.send(22, utf8ToBytes('handshake'));
+        await rl.send(22, utf8ToBytes('handshake'));
+        await rl.send(23, utf8ToBytes('app-data'));
+        assert.equal(SENT_DATA.length, 1);
+        await rl.flush();
+        assert.equal(SENT_DATA.length, 2);
+
+        assert.equal(SENT_DATA[0][0], 23);
+        assert.equal(SENT_DATA[0][1], 0x03);
+        assert.equal(SENT_DATA[0][2], 0x03);
+        assert.equal(SENT_DATA[0][3], 0);
+        assert.equal(SENT_DATA[0][4], 18 + 1 + 16);
+        let [content, type] = await decryptInnerPlaintext(SENT_DATA[0]);
+        assert.equal(bytesToUtf8(content), 'handshakehandshake');
+        assert.equal(type, 22);
+
+        assert.equal(SENT_DATA[1][0], 23);
+        assert.equal(SENT_DATA[1][1], 0x03);
+        assert.equal(SENT_DATA[1][2], 0x03);
+        assert.equal(SENT_DATA[1][3], 0);
+        assert.equal(SENT_DATA[1][4], 8 + 1 + 16);
+        [content, type] = await decryptInnerPlaintext(SENT_DATA[1]);
+        assert.equal(bytesToUtf8(content), 'app-data');
+        assert.equal(type, 23);
+      });
+    });
+  });
+
+  describe('when receiving', () => {
+    const makePlaintextRecord = testHelpers.makePlaintextRecord;
+
+    it('starts off receiving plaintext records', () => {
+      assert.equal(rl._recvDecryptState, null);
+    });
+
+    it('accepts plaintext handshake messages', async () => {
+      const [type, bytes] = await rl.recv(makePlaintextRecord({ type: 22 }));
+      assert.equal(type, 22);
+      assert.ok(bytesAreEqual(bytes, arrayToBytes([1, 2, 3, 4, 5])));
+    });
+
+    it('accepts legacy version number on plaintext records', async () => {
+      const [type, bytes] = await rl.recv(makePlaintextRecord({ type: 22, version: 0x0301 }));
+      assert.equal(type, 22);
+      assert.ok(bytesAreEqual(bytes, arrayToBytes([1, 2, 3, 4, 5])));
+    });
+
+    it('rejects record headers with unknown version numbers', async () => {
+      await assert.throwsAsync(async () => {
+        await rl.recv(makePlaintextRecord({ version: 0x0000 }));
+      }, TLSError, 'DECODE_ERROR');
+      await assert.throwsAsync(async () => {
+        await rl.recv(makePlaintextRecord({ version: 0x1234 }));
+      }, TLSError, 'DECODE_ERROR');
+    });
+
+    it('rejects records that are too large', async () => {
+      // This record has acceptable length, but is badly formed.
+      await assert.throwsAsync(async () => {
+        await rl.recv(makePlaintextRecord({ contentLength: MAX_RECORD_SIZE }));
+      }, TLSError, 'DECODE_ERROR');
+      // This record's length field is too large.
+      await assert.throwsAsync(async () => {
+        await rl.recv(makePlaintextRecord({ contentLength: MAX_RECORD_SIZE + 1 }));
+      }, TLSError, 'RECORD_OVERFLOW');
+    });
+
+    it('refuses to accept any data after a single record', async () => {
+      await assert.throwsAsync(async () => {
+        await rl.recv(makePlaintextRecord({
+          trailer: zeros(12),
+          type: 22
+        }));
+      }, TLSError, 'DECODE_ERROR');
+    });
+
+    it('refuses to accept a partial record', async () => {
+      await assert.throwsAsync(async () => {
+        await rl.recv(makePlaintextRecord({
+          type: 22
+        }).slice(0, -1));
+      }, TLSError, 'DECODE_ERROR');
+    });
+
+    describe('after setting a recv key', () => {
+      let encryptor;
+
+      async function makeEncryptedInnerPlaintext(opts) {
+        return await testHelpers.makeEncryptedInnerPlaintext(encryptor, opts);
+      }
+
+      async function makeEncryptedRecord(opts) {
+        return await testHelpers.makeEncryptedRecord(encryptor, opts);
+      }
+
+      beforeEach(async () => {
+        const key = zeros(32);
+        crypto.getRandomValues(key);
+        encryptor = await EncryptionState.create(key);
+        await rl.setRecvKey(key);
+        assert.ok(rl._recvDecryptState);
+        assert.equal(rl._sendEncryptState, null);
+      });
+
+      it('accepts records generated by our helper functions above', async () => {
+        const [type, bytes] = await rl.recv(await makeEncryptedRecord({}));
+        assert.equal(type, 23);
+        assert.ok(bytesAreEqual(bytes, arrayToBytes([1, 2, 3, 4, 5])));
+      });
+
+      it('accepts encrypted handshake message records', async () => {
+        const [type, bytes] = await rl.recv(await makeEncryptedRecord({ type: 22 }));
+        assert.equal(type, 22);
+        assert.ok(bytesAreEqual(bytes, arrayToBytes([1, 2, 3, 4, 5])));
+      });
+
+      it('accepts encrypted application-data records', async () => {
+        const [type, bytes] = await rl.recv(await makeEncryptedRecord({ content: utf8ToBytes('hello world'), type: 23 }));
+        assert.equal(type, 23);
+        assert.ok(bytesAreEqual(bytes, utf8ToBytes('hello world')));
+      });
+
+      it('accepts empty encrypted application-data records', async () => {
+        const [type, bytes] = await rl.recv(await makeEncryptedRecord({ content: arrayToBytes([]), type: 23 }));
+        assert.equal(type, 23);
+        assert.equal(bytes.byteLength, 0);
+      });
+
+      it('correctly strips padding from padded encrypted records', async () => {
+        const PAD_LENGTH = 12;
+        const paddedCiphertext = await makeEncryptedInnerPlaintext({ content: utf8ToBytes('hello world'), padding: PAD_LENGTH, type: 23 });
+        const unpaddedCiphertext = await makeEncryptedInnerPlaintext({ content: utf8ToBytes('hello world'), type: 23 });
+        // Sanity-check that we actually padded it.
+        assert.equal(paddedCiphertext.byteLength - unpaddedCiphertext.byteLength, PAD_LENGTH);
+        const [type, bytes] = await rl.recv(await makeEncryptedRecord({ ciphertext: paddedCiphertext }));
+        assert.equal(type, 23);
+        assert.ok(bytesAreEqual(bytes, utf8ToBytes('hello world')));
+      });
+
+      it('correctly strips padding from empty encrypted records', async () => {
+        const PAD_LENGTH = 12;
+        const paddedCiphertext = await makeEncryptedInnerPlaintext({ content: arrayToBytes([]), padding: PAD_LENGTH, type: 23 });
+        const unpaddedCiphertext = await makeEncryptedInnerPlaintext({ content: arrayToBytes([]), type: 23 });
+        assert.equal(paddedCiphertext.byteLength - unpaddedCiphertext.byteLength, PAD_LENGTH);
+        const [type, bytes] = await rl.recv(await makeEncryptedRecord({ ciphertext: paddedCiphertext }));
+        assert.equal(type, 23);
+        assert.equal(bytes.byteLength, 0);
+      });
+
+      it('refuses to accept any data after a single record', async () => {
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({
+            outerTrailer: zeros(12),
+            type: 22
+          }));
+        }, TLSError, 'DECODE_ERROR');
+      });
+
+      it('refuses to accept a partial record', async () => {
+        await assert.throwsAsync(async () => {
+          await rl.recv((await makeEncryptedRecord({
+            type: 22
+          })).slice(0, -1));
+        }, TLSError, 'DECODE_ERROR');
+      });
+
+      it('refuses to accept encrypted ChangeCipherSpec records', async () => {
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({
+            type: 20
+          }));
+        }, TLSError, 'DECODE_ERROR');
+      });
+
+      it('rejects encrypted records with unknown version numbers', async () => {
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({ outerVersion: 0x0000 }));
+        }, TLSError, 'DECODE_ERROR');
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({ outerVersion: 0x1234 }));
+        }, TLSError, 'DECODE_ERROR');
+      });
+
+      it('rejects legacy version number on encrypted records', async () => {
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({ outerVersion: 0x0301 }));
+        }, TLSError, 'DECODE_ERROR');
+      });
+
+      it('rejects encrypted records where the outer type is not application-data', async () => {
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({ outerType: 22 }));
+        }, TLSError, 'DECODE_ERROR');
+      });
+
+      it('rejects encrypted records that are too large', async () => {
+        // This record has acceptable length, but is badly formed.
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({ outerContentLength: MAX_ENCRYPTED_RECORD_SIZE }));
+        }, TLSError, 'DECODE_ERROR');
+        // This record's length field is too large.
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({ outerContentLength: MAX_ENCRYPTED_RECORD_SIZE + 1 }));
+        }, TLSError, 'RECORD_OVERFLOW');
+      });
+
+      it('rejects encrypted records where the plaintext is all padding', async () => {
+        // This record has acceptable length, but is badly formed.
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({ innerPlaintext: zeros(7) }));
+        }, TLSError, 'UNEXPECTED_MESSAGE');
+      });
+
+      it('rejects encrypted records where the ciphertext has been tampered with', async () => {
+        let ciphertext = await makeEncryptedInnerPlaintext({ content: utf8ToBytes('hello world'), type: 23 });
+        ciphertext = testHelpers.tamper(ciphertext);
+        await assert.throwsAsync(async () => {
+          await rl.recv(await makeEncryptedRecord({ ciphertext }));
+        }, TLSError, 'BAD_RECORD_MAC');
+      });
+
+      it('rejects encrypted records where the additional data has been tampered with', async () => {
+        const record = await makeEncryptedRecord({
+          content: utf8ToBytes('hello world'),
+          outerVersion: 0x0301,
+          type: 23
+        });
+        record[1] = 0x03;
+        record[2] = 0x03;
+        await assert.throwsAsync(async () => {
+          await rl.recv(record);
+        }, TLSError, 'BAD_RECORD_MAC');
+      });
+    });
+  });
+});
diff --git a/test/tlsconnection.js b/test/tlsconnection.js
new file mode 100644
index 0000000..626e196
--- /dev/null
+++ b/test/tlsconnection.js
@@ -0,0 +1,1542 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// These tests exercise the ClientConnection and ServerConnection classes
+// using known-good test vectors generated by the python `tlslite-ng` module.
+// See `./vectors/test_vectors.py` for details on generating them.
+
+describe('the Connection base class', () => {
+  it('rejects non-Uint8Array values for PSK', () => {
+    assert.throws(() => {
+      return new Connection('my psk', TEST_VECTORS.PSK_ID);
+    }, Error, /value must be a Uint8Array/);
+  });
+
+  it('rejects non-Uint8Array values for PSK id', () => {
+    assert.throws(() => {
+      return new Connection(TEST_VECTORS.PSK, 'my psk id');
+    }, Error, /value must be a Uint8Array/);
+  });
+
+  describe('when instantiated correctly', () => {
+    let conn;
+    beforeEach(() => {
+      conn = new Connection(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID);
+    });
+
+    it('rejects string values as received data', async () => {
+      await assert.throwsAsync(async () => {
+        await conn.recv('string data');
+      }, Error, /value must be a Uint8Array/);
+    });
+
+    it('rejects non-Uint8Array object values as received data', async () => {
+      await assert.throwsAsync(async () => {
+        await conn.recv({ accidental: 'object instead of bytes' });
+      }, Error, /value must be a Uint8Array/);
+    });
+
+    it('rejects string values as sent data', async () => {
+      await assert.throwsAsync(async () => {
+        await conn.send('string data');
+      }, Error, /value must be a Uint8Array/);
+    });
+
+    it('rejects non-Uint8Array object values as sent data', async () => {
+      await assert.throwsAsync(async () => {
+        await conn.send({ accidental: 'object instead of bytes' });
+      }, Error, /value must be a Uint8Array/);
+    });
+
+    it('errors out if receiving without initializing the state-machine', async () => {
+      await assert.throwsAsync(async () => {
+        await conn.recv(TEST_VECTORS.CLIENT_HELLO);
+      }, Error, /uninitialized state/);
+    });
+
+    it('errors out if closing without initializing the state-machine', async () => {
+      await assert.throwsAsync(async () => {
+        await conn.close();
+      }, Error, /uninitialized state/);
+    });
+  });
+});
+
+describe('the ServerConnection class', () => {
+  let server, SERVER_SENT;
+
+  beforeEach(async () => {
+    SERVER_SENT = [];
+    sinon.stub(crypto, 'getRandomValues').callsFake(arr => {
+      arr.set(TEST_VECTORS.SERVER_RANDOM);
+    });
+    server = await ServerConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => SERVER_SENT.push(data));
+  });
+
+  afterEach(() => {
+    crypto.getRandomValues.restore();
+  });
+
+  it('does not send any initial data', async () => {
+    assert.equal(SERVER_SENT.length, 0);
+  });
+
+  describe('accepts a valid ClientHello message, and then', () => {
+    let clientHandshakeTrafficSecret;
+
+    beforeEach(async () => {
+      const data = await server.recv(TEST_VECTORS.CLIENT_HELLO);
+      assert.equal(data, null);
+      clientHandshakeTrafficSecret = server._state._clientHandshakeTrafficSecret;
+    });
+
+    it('calls crypto.getRandomValues to generate a strong random salt', async () => {
+      assert.equal(crypto.getRandomValues.callCount, 1);
+    });
+
+    it('sends ServerHello, ChangeCipherSpec, EncryptedExtensions, and Finished', async () => {
+      assert.equal(SERVER_SENT.length, 3);
+      assert.ok(bytesAreEqual(SERVER_SENT[0], TEST_VECTORS.SERVER_HELLO));
+      assert.ok(bytesAreEqual(SERVER_SENT[1], TEST_VECTORS.SERVER_CHANGE_CIPHER_SPEC));
+      assert.ok(bytesAreEqual(SERVER_SENT[2], TEST_VECTORS.SERVER_ENCRYPTED_EXTENSIONS_AND_FINISHED));
+    });
+
+    describe('accepts a valid client Finished message, and then', () => {
+      beforeEach(async () => {
+        const data = await server.recv(TEST_VECTORS.CLIENT_FINISHED);
+        assert.equal(data, null);
+      });
+
+      it('can receive application data, calling crypto.subtle.decrypt to do the decryption', async () => {
+        sinon.spy(crypto.subtle, 'decrypt');
+        try {
+          const data = await server.recv(TEST_VECTORS.CLIENT_APP_DATA);
+          assert.ok(bytesAreEqual(data, TEST_VECTORS.CLIENT_RAW_APP_DATA));
+          assert.equal(crypto.subtle.decrypt.callCount, 1);
+        } finally {
+          crypto.subtle.decrypt.restore();
+        }
+      });
+
+      it('can send application data, calling crypto.subtle.encrypt to do the encryption', async () => {
+        sinon.spy(crypto.subtle, 'encrypt');
+        try {
+          await server.send(TEST_VECTORS.SERVER_RAW_APP_DATA);
+          assert.equal(SERVER_SENT.length, 4);
+          assert.ok(bytesAreEqual(SERVER_SENT[3], TEST_VECTORS.SERVER_APP_DATA));
+          assert.equal(crypto.subtle.encrypt.callCount, 1);
+        } finally {
+          crypto.subtle.encrypt.restore();
+        }
+      });
+
+      describe('handles first exchange of application data, and then', () => {
+        beforeEach(async () => {
+          const data = await server.recv(TEST_VECTORS.CLIENT_APP_DATA);
+          assert.ok(bytesAreEqual(data, TEST_VECTORS.CLIENT_RAW_APP_DATA));
+          await server.send(TEST_VECTORS.SERVER_RAW_APP_DATA);
+          assert.equal(SERVER_SENT.length, 4);
+          assert.ok(bytesAreEqual(SERVER_SENT[3], TEST_VECTORS.SERVER_APP_DATA));
+        });
+
+        describe('handles second exchange of application data, and then', () => {
+          beforeEach(async () => {
+            const data = await server.recv(TEST_VECTORS.CLIENT_APP_DATA_2);
+            assert.ok(bytesAreEqual(data, TEST_VECTORS.CLIENT_RAW_APP_DATA_2));
+            await server.send(TEST_VECTORS.SERVER_RAW_APP_DATA_2);
+            assert.equal(SERVER_SENT.length, 5);
+            assert.ok(bytesAreEqual(SERVER_SENT[4], TEST_VECTORS.SERVER_APP_DATA_2));
+          });
+
+          describe('accepts an explicit close alert from the client, and then', () => {
+            beforeEach(async () => {
+              assert.throwsAsync(async () => {
+                await server.recv(TEST_VECTORS.CLIENT_CLOSE);
+              }, TLSCloseNotify);
+            });
+
+            it('does not accept any additional received data', async () => {
+              // Forge a valid record, so we know it fails because of the close, rather than a crypto error.
+              const encryptor = await testHelpers.makeEncryptionState(server._keyschedule.clientApplicationTrafficSecret, 3);
+              await assert.throwsAsync(async () => {
+                await server.recv(await testHelpers.makeEncryptedRecord(encryptor, {}));
+              }, TLSCloseNotify);
+            });
+
+            it('can still send data', async () => {
+              await server.send(TEST_VECTORS.SERVER_RAW_APP_DATA);
+              assert.equal(SERVER_SENT.length, 6);
+            });
+
+            describe('is able to send an explicit close in return, and then', () => {
+              beforeEach(async () => {
+                await server.close();
+                assert.equal(SERVER_SENT.length, 6);
+                assert.ok(bytesAreEqual(SERVER_SENT[5], TEST_VECTORS.SERVER_CLOSE));
+              });
+
+              it('rejects any further attempts to send data', async () => {
+                await assert.throwsAsync(async () => {
+                  await server.send(TEST_VECTORS.SERVER_RAW_APP_DATA);
+                }, TLSCloseNotify);
+              });
+            });
+          });
+
+          describe('is able to send an explicit close to the client, and then', () => {
+            beforeEach(async () => {
+              await server.close();
+              assert.equal(SERVER_SENT.length, 6);
+              assert.ok(bytesAreEqual(SERVER_SENT[5], TEST_VECTORS.SERVER_CLOSE));
+            });
+
+            it('rejects any further attempts to send data', async () => {
+              await assert.throwsAsync(async () => {
+                await server.send(TEST_VECTORS.SERVER_RAW_APP_DATA);
+              }, TLSCloseNotify);
+            });
+
+            it('can still receive data', async () => {
+              const encryptor = await testHelpers.makeEncryptionState(server._keyschedule.clientApplicationTrafficSecret, 2);
+              const data = await server.recv(await testHelpers.makeEncryptedRecord(encryptor, {
+                content: utf8ToBytes('hello world')
+              }));
+              assert.equal(bytesToUtf8(data), 'hello world');
+            });
+
+            describe('can accept an explicit close in return, and then', () => {
+              beforeEach(async () => {
+                assert.throwsAsync(async () => {
+                  await server.recv(TEST_VECTORS.CLIENT_CLOSE);
+                }, TLSCloseNotify);
+              });
+
+              it('does not accept any additional received data', async () => {
+                const encryptor = await testHelpers.makeEncryptionState(server._keyschedule.clientApplicationTrafficSecret, 3);
+                await assert.throwsAsync(async () => {
+                  await server.recv(await testHelpers.makeEncryptedRecord(encryptor, {}));
+                }, TLSCloseNotify);
+              });
+            });
+          });
+        });
+
+        it('rejects an out-of-order close notification', async () => {
+          // The `TEST_VECTORS.CLIENT_CLOSE` record was generated after sending two application
+          // data records, but here we're receiving it after only processing one of them.
+          await assert.throwsAsync(async () => {
+            await server.recv(TEST_VECTORS.CLIENT_CLOSE);
+          }, TLSError, 'BAD_RECORD_MAC');
+        });
+
+        it('rejects a duplicate application data record', async () => {
+          await assert.throwsAsync(async () => {
+            await server.recv(TEST_VECTORS.CLIENT_APP_DATA);
+          }, TLSError, 'BAD_RECORD_MAC');
+        });
+      });
+
+      it('errors if it receives another handshake message', async () => {
+        const encryptor = await testHelpers.makeEncryptionState(server._keyschedule.clientApplicationTrafficSecret, 0);
+        await assert.throwsAsync(async () => {
+          await server.recv(await testHelpers.makeEncryptedRecord(encryptor, {
+            content: new Finished(zeros(32)).toBytes(),
+            type: 22,
+          }));
+        }, TLSError, 'UNEXPECTED_MESSAGE');
+      });
+
+      it('errors if a data record is received out-of-order', async () => {
+        await assert.throwsAsync(async () => {
+          await server.recv(TEST_VECTORS.CLIENT_APP_DATA_2);
+        }, TLSError, 'BAD_RECORD_MAC');
+      });
+
+      it('errors if a data record is tampered with', async () => {
+        await assert.throwsAsync(async () => {
+          await server.recv(testHelpers.tamper(TEST_VECTORS.CLIENT_APP_DATA, 5));
+        }, TLSError, 'BAD_RECORD_MAC');
+      });
+
+      it('errors if change_cipher_spec is received after handshake completion', async () => {
+        await assert.throwsAsync(async () => {
+          await server.recv(TEST_VECTORS.CLIENT_CHANGE_CIPHER_SPEC);
+        }, TLSError, 'UNEXPECTED_MESSAGE');
+      });
+    });
+
+    it('errors if it receives a plaintext handshake message', async () => {
+      await assert.throwsAsync(async () => {
+        await server.recv(TEST_VECTORS.CLIENT_HELLO);
+      }, TLSError, 'DECODE_ERROR');
+    });
+
+    it('errors if it receives a message other than Finished', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(clientHandshakeTrafficSecret, 0);
+      await assert.throwsAsync(async () => {
+        await server.recv(await testHelpers.makeEncryptedRecord(encryptor, {
+          content: new EncryptedExtensions([]).toBytes(),
+          type: 22,
+        }));
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    it('would error out if some bug caused it to try to send application data before handshake completion', async () => {
+      await assert.throwsAsync(async () => {
+        await server._state.sendApplicationData(zeros(12));
+      }, TLSError, 'INTERNAL_ERROR');
+    });
+
+    it('cant yet decrypt application data, since it does not have the right keys', async () => {
+      await assert.throwsAsync(async () => {
+        await server.recv(TEST_VECTORS.CLIENT_APP_DATA);
+      }, TLSError, 'BAD_RECORD_MAC');
+    });
+
+    it('errors if it receives application data before the handshake completes', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(clientHandshakeTrafficSecret, 0);
+      await assert.throwsAsync(async () => {
+        await server.recv(await testHelpers.makeEncryptedRecord(encryptor, {}));
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    it('accepts and ignores a change_cipher_spec message before the client Finished', async () => {
+      let data = await server.recv(TEST_VECTORS.CLIENT_CHANGE_CIPHER_SPEC);
+      assert.equal(data, null);
+      data = await server.recv(TEST_VECTORS.CLIENT_FINISHED);
+      assert.equal(data, null);
+      data = await server.recv(TEST_VECTORS.CLIENT_APP_DATA);
+      assert.ok(bytesAreEqual(data, TEST_VECTORS.CLIENT_RAW_APP_DATA));
+    });
+
+    it('rejects duplicate change_cipher_spec messages', async () => {
+      const data = await server.recv(TEST_VECTORS.CLIENT_CHANGE_CIPHER_SPEC);
+      assert.equal(data, null);
+      assert.throwsAsync(async () => {
+        await server.recv(TEST_VECTORS.CLIENT_CHANGE_CIPHER_SPEC);
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    it('rejects a change_cipher_spec message that suggests non-TLS1.3 traffic', async () => {
+      const changeCipherSpec = testHelpers.makePlaintextRecord({
+        content: zeros(3),
+        type: 20
+      });
+      await assert.throwsAsync(async () => {
+        await server.recv(changeCipherSpec);
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    describe('errors if Finished contains incorrect signature, and then', () => {
+      beforeEach(async () => {
+        const cipherstate = await testHelpers.makeEncryptionState(clientHandshakeTrafficSecret, 0);
+        await assert.throwsAsync(async () => {
+          await server.recv(await testHelpers.makeEncryptedRecord(cipherstate, {
+            content: new Finished(zeros(32)).toBytes(),
+            type: 22,
+          }));
+        }, TLSError, 'DECRYPT_ERROR');
+      });
+
+      it('sends an error alert to the peer', async () => {
+        assert.equal(SERVER_SENT.length, 4);
+        const decryptor = await testHelpers.makeDecryptionState(server._keyschedule.serverApplicationTrafficSecret, 0);
+        const alertMsg = await testHelpers.decryptInnerPlaintext(decryptor, SERVER_SENT[3]);
+        assert.equal(alertMsg[0], 2);  // level == fatal
+        assert.equal(alertMsg[1], 51); // description == decrypt_error
+        assert.equal(alertMsg[2], 21); // record type == alert
+        assert.equal(alertMsg.byteLength, 3);
+      });
+
+      it('rejects any further attempts to send data', async () => {
+        assert.equal(SERVER_SENT.length, 4);
+        await assert.throwsAsync(async () => {
+          await server.send(TEST_VECTORS.SERVER_RAW_APP_DATA);
+        }, TLSError, 'DECRYPT_ERROR');
+        assert.equal(SERVER_SENT.length, 4); // No additional data was sent.
+      });
+
+      it('rejects any further attempts to recv data', async () => {
+        const encryptor = await testHelpers.makeEncryptionState(clientHandshakeTrafficSecret, 1);
+        await assert.throwsAsync(async () => {
+          await server.recv(await testHelpers.makeEncryptedRecord(encryptor, {}));
+        }, TLSError, 'DECRYPT_ERROR');
+      });
+    });
+  });
+
+  it('blocks sending of application data until the handshake completes', async () => {
+    let sendComplete = false;
+    server.send(TEST_VECTORS.SERVER_RAW_APP_DATA).then(() => {
+      sendComplete = true;
+    });
+    assert.equal(SERVER_SENT.length, 0);
+    assert.notOk(sendComplete);
+
+    await server.recv(TEST_VECTORS.CLIENT_HELLO);
+    assert.equal(SERVER_SENT.length, 3);
+    await testHelpers.nextTick();
+    assert.notOk(sendComplete);
+
+    await server.recv(TEST_VECTORS.CLIENT_FINISHED);
+    assert.notOk(sendComplete);
+    await testHelpers.nextTick();
+    assert.ok(sendComplete);
+  });
+
+  it('errors if it receives non-TLS-handshake-message data', async () => {
+    await assert.throwsAsync(async () => {
+      await server.recv(utf8ToBytes('a badly-formed message'));
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if it receives a message of unknown type', async () => {
+    await assert.throwsAsync(async () => {
+      await server.recv(await testHelpers.makePlaintextRecord({
+        content: zeros(0),
+        type: 13
+      }));
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('errors if it receives a badly-formed alert message', async () => {
+    await assert.throwsAsync(async () => {
+      await server.recv(await testHelpers.makePlaintextRecord({
+        content: arrayToBytes([1, 2, 3]),
+        type: 21
+      }));
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if it receives an empty record of handshake messages', async () => {
+    await assert.throwsAsync(async () => {
+      await server.recv(await testHelpers.makePlaintextRecord({
+        content: zeros(0),
+        type: 22
+      }));
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('accepts a ClientHello advertising lots of TLS1.3 features that we do not support', async () => {
+    // This ClientHello was generated from tlslite-ng and contains multiple ciphersuites,
+    // keyshares, optional extensions, and other exciting features that we do not support.
+    const data = await server.recv(TEST_VECTORS.EXTENDED_CLIENT_HELLO);
+    assert.equal(data, null);
+    // It sends ServerHello, ChangeCipherSpec, EncryptedExtensions+Finished in response.
+    // Ideally we'd generate a static trace of the server responses here,
+    // but I haven't yet managed to convince tlslite-ng to do so.
+    assert.equal(SERVER_SENT.length, 3);
+  });
+
+  it('accepts a ClientHello with extensions listed in a different order', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+      ]
+    }, TEST_VECTORS.PSK);
+    const data = await server.recv(clientHello);
+    assert.equal(data, null);
+    assert.equal(SERVER_SENT.length, 2);
+  });
+
+  it('errors if PreSharedKey is not the last extension in the ClientHello', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)]),
+        testHelpers.makeSupportedVersionsExtension([0x0304])
+      ]
+    });
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if it receives a message other than ClientHello', async () => {
+    await assert.throwsAsync(async () => {
+      await server.recv(TEST_VECTORS.SERVER_HELLO);
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('rejects ChangeCipherSpec before it has received ClientHello', async () => {
+    await assert.throwsAsync(async () => {
+      await server.recv(TEST_VECTORS.CLIENT_CHANGE_CIPHER_SPEC);
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('errors if it receives application data before the handshake completes', async () => {
+    await assert.throwsAsync(async () => {
+      await server.recv(TEST_VECTORS.CLIENT_APP_DATA);
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('errors if it receives a pre-TLS1 ClientHello', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      version: 0x0102
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'PROTOCOL_VERSION');
+  });
+
+  it('errors if ClientHello does not offer any cipher suites', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      ciphersuites: []
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'HANDSHAKE_FAILURE');
+  });
+
+  it('errors if ClientHello does not offer a compatible cipher suite', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      ciphersuites: [0x0001, 0x0002, 0x0003]
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'HANDSHAKE_FAILURE');
+  });
+
+  it('errors if the client does not offer any compression methods', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      compressionMethods: arrayToBytes([])
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if the client only a legacy compression methods', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      compressionMethods: arrayToBytes([0x01])
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if the client offers any legacy compression methods', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      compressionMethods: arrayToBytes([0x00, 0x01])
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if ClientHello has missing supported_versions extension', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+      ]
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'MISSING_EXTENSION');
+  });
+
+  it('errors if ClientHello has empty supported_versions extension', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+      ]
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'PROTOCOL_VERSION');
+  });
+
+  it('errors if ClientHello has incorrect supported_versions extension', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0302, 0x0303]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+      ]
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'PROTOCOL_VERSION');
+  });
+
+  it('errors if ClientHello does send the PSK extension', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+      ]
+    });
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'MISSING_EXTENSION');
+  });
+
+  it('errors if ClientHello does not offer a matching PSK', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([utf8ToBytes('wrong psk')], [zeros(32)])
+      ]
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'UNKNOWN_PSK_IDENTITY');
+  });
+
+  it('errors if ClientHello has an empty PSK identity', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([], [])
+      ]
+    });
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'UNKNOWN_PSK_IDENTITY');
+  });
+
+  it('errors if ClientHello does not advertise PSK modes', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+      ]
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'MISSING_EXTENSION');
+  });
+
+  it('errors if ClientHello does not offer the expected PSK mode', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0xAB]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+      ]
+    }, TEST_VECTORS.PSK);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'HANDSHAKE_FAILURE');
+  });
+
+  it('errors if ClientHello has an invalid PSK binder', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+      ]
+    }); // Don't sign it, leaving invalid PSK binder.
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'DECRYPT_ERROR');
+  });
+
+  it('errors if ClientHello has more PSK identities than PSK binders', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID, utf8ToBytes('a second key')], [zeros(32)])
+      ]
+    });
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if ClientHello has more PSK binders than PSK identities', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32), zeros(32)])
+      ]
+    });
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if ClientHello has a binder that is too short', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(24)])
+      ]
+    });
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if ClientHello has data after the extensions', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+      ],
+      trailer: zeros(12)
+    });
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if the ClientHello contains duplicate extensions', async () => {
+    const clientHello = await testHelpers.makeClientHelloRecord({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePskKeyExchangeModesExtension([0x00]),
+        testHelpers.makeSupportedVersionsExtension([0x0304]),
+        testHelpers.makePreSharedKeyExtension([TEST_VECTORS.PSK_ID], [zeros(32)])
+      ],
+    }, TEST_VECTORS.PSK_ID);
+    await assert.throwsAsync(async () => {
+      await server.recv(clientHello);
+    }, TLSError, 'DECODE_ERROR');
+  });
+});
+
+describe('the ClientConnection class', () => {
+  let client, CLIENT_SENT;
+
+  beforeEach(async () => {
+    CLIENT_SENT = [];
+    const RANDOM_VALUES = [TEST_VECTORS.CLIENT_RANDOM, TEST_VECTORS.SESSION_ID];
+    sinon.stub(crypto, 'getRandomValues').callsFake(arr => {
+      arr.set(RANDOM_VALUES.shift());
+    });
+    client = await ClientConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => CLIENT_SENT.push(data));
+  });
+
+  afterEach(() => {
+    crypto.getRandomValues.restore();
+  });
+
+  it('calls crypto.getRandomValues to generate a strong random salt and session id', async () => {
+    assert.equal(crypto.getRandomValues.callCount, 2);
+    assert.equal(crypto.getRandomValues.getCall(0).args[0].byteLength, 32);
+    assert.equal(crypto.getRandomValues.getCall(1).args[0].byteLength, 32);
+  });
+
+  it('immediately sends an initial ClientHello', async () => {
+    assert.equal(CLIENT_SENT.length, 1);
+    assert.ok(bytesAreEqual(CLIENT_SENT[0], TEST_VECTORS.CLIENT_HELLO));
+  });
+
+  describe('accepts a ServerHello message, and then', () => {
+    beforeEach(async () => {
+      const data = await client.recv(TEST_VECTORS.SERVER_HELLO);
+      assert.equal(data, null);
+    });
+
+    describe('accepts EncryptedExtensions and Finished, and then', () => {
+      beforeEach(async () => {
+        const data = await client.recv(TEST_VECTORS.SERVER_ENCRYPTED_EXTENSIONS_AND_FINISHED);
+        assert.equal(data, null);
+      });
+
+      it('sends a Finished message in return', async () => {
+        assert.equal(CLIENT_SENT.length, 2);
+        assert.ok(bytesAreEqual(CLIENT_SENT[1], TEST_VECTORS.CLIENT_FINISHED));
+      });
+
+      it('can receive application data, calling crypto.subtle.decrypt to do the decryption', async () => {
+        sinon.spy(crypto.subtle, 'decrypt');
+        try {
+          const data = await client.recv(TEST_VECTORS.SERVER_APP_DATA);
+          assert.ok(bytesAreEqual(data, TEST_VECTORS.SERVER_RAW_APP_DATA));
+          assert.equal(crypto.subtle.decrypt.callCount, 1);
+        } finally {
+          crypto.subtle.decrypt.restore();
+        }
+      });
+
+      it('can send application data, calling crypto.subtle.encrypt to do the encryption', async () => {
+        sinon.spy(crypto.subtle, 'encrypt');
+        try {
+          await client.send(TEST_VECTORS.CLIENT_RAW_APP_DATA);
+          assert.equal(CLIENT_SENT.length, 3);
+          assert.ok(bytesAreEqual(CLIENT_SENT[2], TEST_VECTORS.CLIENT_APP_DATA));
+          assert.equal(crypto.subtle.encrypt.callCount, 1);
+        } finally {
+          crypto.subtle.encrypt.restore();
+        }
+      });
+
+      describe('handles first exchange of application data, and then', () => {
+        beforeEach(async () => {
+          await client.send(TEST_VECTORS.SERVER_RAW_APP_DATA);
+          assert.equal(CLIENT_SENT.length, 3);
+          assert.ok(bytesAreEqual(CLIENT_SENT[2], TEST_VECTORS.CLIENT_APP_DATA));
+          const data = await client.recv(TEST_VECTORS.SERVER_APP_DATA);
+          assert.ok(bytesAreEqual(data, TEST_VECTORS.SERVER_RAW_APP_DATA));
+        });
+
+        describe('handles second exchange of application data, and then', () => {
+          beforeEach(async () => {
+            await client.send(TEST_VECTORS.CLIENT_RAW_APP_DATA_2);
+            assert.equal(CLIENT_SENT.length, 4);
+            assert.ok(bytesAreEqual(CLIENT_SENT[3], TEST_VECTORS.CLIENT_APP_DATA_2));
+            const data = await client.recv(TEST_VECTORS.SERVER_APP_DATA_2);
+            assert.ok(bytesAreEqual(data, TEST_VECTORS.SERVER_RAW_APP_DATA_2));
+          });
+
+          describe('accepts an explicit close alert from the server, and then', () => {
+            beforeEach(async () => {
+              assert.throwsAsync(async () => {
+                await client.recv(TEST_VECTORS.SERVER_CLOSE);
+              }, TLSCloseNotify);
+            });
+
+            it('does not accept any additional received data', async () => {
+              const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverApplicationTrafficSecret, 3);
+              await assert.throwsAsync(async () => {
+                await client.recv(await testHelpers.makeEncryptedRecord(encryptor, {}));
+              }, TLSCloseNotify);
+            });
+
+            it('can still send data', async () => {
+              await client.send(TEST_VECTORS.CLIENT_RAW_APP_DATA);
+              assert.equal(CLIENT_SENT.length, 5);
+            });
+
+            describe('is able to send an explicit close in return, and then', () => {
+              beforeEach(async () => {
+                await client.close();
+                assert.equal(CLIENT_SENT.length, 5);
+                assert.ok(bytesAreEqual(CLIENT_SENT[4], TEST_VECTORS.CLIENT_CLOSE));
+              });
+
+              it('rejects any further attempts to send data', async () => {
+                await assert.throwsAsync(async () => {
+                  await client.send(TEST_VECTORS.CLIENT_RAW_APP_DATA);
+                }, TLSCloseNotify);
+              });
+            });
+          });
+
+          describe('can send explicit close alert to the server, and then', () => {
+            beforeEach(async () => {
+              await client.close();
+              assert.equal(CLIENT_SENT.length, 5);
+              assert.ok(bytesAreEqual(CLIENT_SENT[4], TEST_VECTORS.CLIENT_CLOSE));
+            });
+
+            it('rejects any further attempts to send data', async () => {
+              await assert.throwsAsync(async () => {
+                await client.send(TEST_VECTORS.CLIENT_RAW_APP_DATA);
+              }, TLSCloseNotify);
+            });
+
+            it('can still receive more data from the server', async () => {
+              const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverApplicationTrafficSecret, 2);
+              const data = await client.recv(await testHelpers.makeEncryptedRecord(encryptor, {
+                content: utf8ToBytes('hello world')
+              }));
+              assert.equal(bytesToUtf8(data), 'hello world');
+            });
+
+            describe('is able to receive an explicit close in return, and then', () => {
+              beforeEach(async () => {
+                assert.throwsAsync(async () => {
+                  await client.recv(TEST_VECTORS.SERVER_CLOSE);
+                }, TLSCloseNotify);
+              });
+
+              it('does not accept any additional received data', async () => {
+                const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverApplicationTrafficSecret, 3);
+                await assert.throwsAsync(async () => {
+                  await client.recv(await testHelpers.makeEncryptedRecord(encryptor, {}));
+                }, TLSCloseNotify);
+              });
+            });
+          });
+
+          it('errors if receiving a close_notify alert with fatal alert level', async () => {
+            const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverApplicationTrafficSecret, 2);
+            await assert.throwsAsync(async () => {
+              await client.recv(await testHelpers.makeEncryptedRecord(encryptor, {
+                content: arrayToBytes([2, 0]),
+                type: 21
+              }));
+            }, TLSError, 'ILLEGAL_PARAMETER');
+          });
+        });
+
+        it('rejects an out-of-order close notification', async () => {
+          // The `TEST_VECTORS.SERVER_CLOSE` record was generated after sending two application
+          // data records, but here we're receiving it after only processing one of them.
+          await assert.throwsAsync(async () => {
+            await client.recv(TEST_VECTORS.SERVER_CLOSE);
+          }, TLSError, 'BAD_RECORD_MAC');
+        });
+
+        it('rejects a duplicate application data record', async () => {
+          await assert.throwsAsync(async () => {
+            await client.recv(TEST_VECTORS.SERVER_APP_DATA);
+          }, TLSError, 'BAD_RECORD_MAC');
+        });
+      });
+
+      it('accepts and ignores a NewSessionTicket message', async () => {
+        const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverApplicationTrafficSecret, 0);
+        const newSessionTicket = new NewSessionTicket(0, 0, zeros(0), zeros(0), []);
+        const data = await client.recv(await testHelpers.makeEncryptedRecord(encryptor, {
+          content: newSessionTicket.toBytes(),
+          type: 22,
+        }));
+        assert.equal(data, null);
+      });
+
+      it('errors if it receives another handshake message', async () => {
+        const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverApplicationTrafficSecret, 0);
+        await assert.throwsAsync(async () => {
+          await client.recv(await testHelpers.makeEncryptedRecord(encryptor, {
+            content: new Finished(zeros(32)).toBytes(),
+            type: 22,
+          }));
+        }, TLSError, 'UNEXPECTED_MESSAGE');
+      });
+
+      it('errors if a data record is received out-of-order', async () => {
+        await assert.throwsAsync(async () => {
+          await client.recv(TEST_VECTORS.SERVER_APP_DATA_2);
+        }, TLSError, 'BAD_RECORD_MAC');
+      });
+
+      it('errors if a data record is tampered with', async () => {
+        await assert.throwsAsync(async () => {
+          await client.recv(testHelpers.tamper(TEST_VECTORS.SERVER_APP_DATA, 5));
+        }, TLSError, 'BAD_RECORD_MAC');
+      });
+
+      it('errors if change_cipher_spec is received after handshake completion', async () => {
+        await assert.throwsAsync(async () => {
+          await client.recv(TEST_VECTORS.SERVER_CHANGE_CIPHER_SPEC);
+        }, TLSError, 'UNEXPECTED_MESSAGE');
+      });
+    });
+
+    it('accepts and ignores a change_cipher_spec message after the ServerHello', async () => {
+      const data = await client.recv(TEST_VECTORS.SERVER_CHANGE_CIPHER_SPEC);
+      assert.equal(data, null);
+    });
+
+    it('rejects duplicate change_cipher_spec message after the ServerHello', async () => {
+      const data = await client.recv(TEST_VECTORS.SERVER_CHANGE_CIPHER_SPEC);
+      assert.equal(data, null);
+      assert.throwsAsync(async () => {
+        await client.recv(TEST_VECTORS.SERVER_CHANGE_CIPHER_SPEC);
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    it('would error out if some bug caused it to try to send application data before handshake completion', async () => {
+      await assert.throwsAsync(async () => {
+        await client._state.sendApplicationData(zeros(12));
+      }, TLSError, 'INTERNAL_ERROR');
+    });
+
+    it('cant yet decrypt application data, since it does not have the right keys', async () => {
+      await assert.throwsAsync(async () => {
+        await client.recv(TEST_VECTORS.SERVER_APP_DATA);
+      }, TLSError, 'BAD_RECORD_MAC');
+    });
+
+    it('errors if it receives application data before the handshake completes', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      await assert.throwsAsync(async () => {
+        await client.recv(await testHelpers.makeEncryptedRecord(encryptor, {}));
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    it('errors if it receives Finished before EncryptedExtensions', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      const encCert = await testHelpers.makeEncryptedRecord(encryptor, {
+        content: new Finished(zeros(32)).toBytes(),
+        type: 22,
+      });
+      await assert.throwsAsync(async () => {
+        await client.recv(encCert);
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    it('errors if it receives a Certificate before EncryptedExtensions', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      const encCert = await testHelpers.makeEncryptedRecord(encryptor, {
+        content: await testHelpers.makeHandshakeMessage({
+          type: 11
+        }),
+        type: 22,
+      });
+      await assert.throwsAsync(async () => {
+        await client.recv(encCert);
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    it('errors if it receives a Certificate after EncryptedExtensions', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      const recordContent = new BufferWriter();
+      recordContent.writeBytes(await testHelpers.makeEncryptedExtensionsMessage({}));
+      recordContent.writeBytes(await testHelpers.makeHandshakeMessage({
+        type: 11
+      }));
+      const encExtAndCert = await testHelpers.makeEncryptedRecord(encryptor, {
+        content: recordContent.flush(),
+        type: 22,
+      });
+      await assert.throwsAsync(async () => {
+        await client.recv(encExtAndCert);
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    it('errors if it receives something other than Finished after EncryptedExtensions', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      const recordContent = new BufferWriter();
+      recordContent.writeBytes(await testHelpers.makeEncryptedExtensionsMessage({}));
+      recordContent.writeBytes(await testHelpers.makeEncryptedExtensionsMessage({}));
+      recordContent.writeBytes(new Finished(zeros(32)).toBytes());
+      const encExtAndCert = await testHelpers.makeEncryptedRecord(encryptor, {
+        content: recordContent.flush(),
+        type: 22,
+      });
+      await assert.throwsAsync(async () => {
+        await client.recv(encExtAndCert);
+      }, TLSError, 'UNEXPECTED_MESSAGE');
+    });
+
+    it('errors if it receives a bad Finished MAC', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      const recordContent = new BufferWriter();
+      recordContent.writeBytes(await testHelpers.makeEncryptedExtensionsMessage({}));
+      recordContent.writeBytes(new Finished(zeros(32)).toBytes());
+      const encExtAndFinished = await testHelpers.makeEncryptedRecord(encryptor, {
+        content: recordContent.flush(),
+        type: 22,
+      });
+      await assert.throwsAsync(async () => {
+        await client.recv(encExtAndFinished);
+      }, TLSError, 'DECRYPT_ERROR');
+    });
+
+    it('errors if it receives a SupportedVersions inside EncryptedExtensions', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      const encExt = await testHelpers.makeEncryptedRecord(encryptor, {
+        content: await testHelpers.makeEncryptedExtensionsMessage({
+          extensions: [testHelpers.makeSupportedVersionsExtension([])]
+        }),
+        type: 22,
+      });
+      await assert.throwsAsync(async () => {
+        await client.recv(encExt);
+      }, TLSError, 'ILLEGAL_PARAMETER');
+    });
+
+    it('errors if it receives a PreSharedKey inside EncryptedExtensions', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      const encExt = await testHelpers.makeEncryptedRecord(encryptor, {
+        content: await testHelpers.makeEncryptedExtensionsMessage({
+          extensions: [testHelpers.makePreSharedKeyExtension([zeros(32)], [zeros(32)])]
+        }),
+        type: 22,
+      });
+      await assert.throwsAsync(async () => {
+        await client.recv(encExt);
+      }, TLSError, 'ILLEGAL_PARAMETER');
+    });
+
+    it('errors if it receives a PskKeyExchangeModes inside EncryptedExtensions', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      const encExt = await testHelpers.makeEncryptedRecord(encryptor, {
+        content: await testHelpers.makeEncryptedExtensionsMessage({
+          extensions: [testHelpers.makePskKeyExchangeModesExtension([0x00])]
+        }),
+        type: 22,
+      });
+      await assert.throwsAsync(async () => {
+        await client.recv(encExt);
+      }, TLSError, 'ILLEGAL_PARAMETER');
+    });
+
+    it('errors if it receives a non-empty EncryptedExtensions', async () => {
+      const encryptor = await testHelpers.makeEncryptionState(client._keyschedule.serverHandshakeTrafficSecret, 0);
+      const encExt = await testHelpers.makeEncryptedRecord(encryptor, {
+        content: await testHelpers.makeEncryptedExtensionsMessage({
+          extensions: [testHelpers.makeCookieExtension(zeros(7))]
+        }),
+        type: 22,
+      });
+      await assert.throwsAsync(async () => {
+        await client.recv(encExt);
+      }, TLSError, 'UNSUPPORTED_EXTENSION');
+    });
+  });
+
+  it('accepts a ServerHello with extensions listed in a different order', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makePreSharedKeyExtension(0),
+          testHelpers.makeSupportedVersionsExtension(0x0304)
+        ]
+      }),
+      type: 22
+    });
+    const data = await client.recv(serverHello);
+    assert.equal(data, null);
+  });
+
+  it('blocks sending of application data until the handshake completes', async () => {
+    let sendComplete = false;
+    client.send(TEST_VECTORS.CLIENT_RAW_APP_DATA).then(() => {
+      sendComplete = true;
+    });
+    assert.equal(CLIENT_SENT.length, 1);
+    assert.notOk(sendComplete);
+
+    await client.recv(TEST_VECTORS.SERVER_HELLO);
+    assert.equal(CLIENT_SENT.length, 1);
+    await testHelpers.nextTick();
+    assert.notOk(sendComplete);
+
+    await client.recv(TEST_VECTORS.SERVER_ENCRYPTED_EXTENSIONS_AND_FINISHED);
+    assert.equal(CLIENT_SENT.length, 2);
+    assert.notOk(sendComplete);
+    await testHelpers.nextTick();
+    assert.ok(sendComplete);
+  });
+
+  it('rejects ChangeCipherSpec before it has received ServerHello', async () => {
+    await assert.throwsAsync(async () => {
+      await client.recv(TEST_VECTORS.SERVER_CHANGE_CIPHER_SPEC);
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('errors if it receives non-TLS-handshake-message data', async () => {
+    await assert.throwsAsync(async () => {
+      await client.recv(utf8ToBytes('a badly-formed message'));
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if it receives a message of unknown type', async () => {
+    await assert.throwsAsync(async () => {
+      await client.recv(hexToBytes('0103030002AABB'));
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('errors if it receives a message other than ServerHello', async () => {
+    await assert.throwsAsync(async () => {
+      await client.recv(TEST_VECTORS.CLIENT_HELLO);
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('errors if the version number in the ServerHello predates TLS1.2', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        version: 0x0123
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if the ServerHello did not send supported_versions', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makePreSharedKeyExtension(0)
+        ]
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'MISSING_EXTENSION');
+  });
+
+  it('errors if the ServerHello did not negotiate TLS1.3', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makePreSharedKeyExtension(1),
+          testHelpers.makeSupportedVersionsExtension(0x0303)
+        ]
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if the ServerHello tried to negotiate TLS1.3 via legacy_version field', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makePreSharedKeyExtension(1),
+          testHelpers.makeSupportedVersionsExtension(0x0304)
+        ],
+        version: 0x0304
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if ServerHello did not select the right CipherSuite', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        ciphersuite: 0x0123
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if the ServerHello did not select a PSK', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makeSupportedVersionsExtension(0x0304)
+        ]
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'MISSING_EXTENSION');
+  });
+
+  it('errors if ServerHello did not select the right PSK', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makePreSharedKeyExtension(1),
+          testHelpers.makeSupportedVersionsExtension(0x0304)
+        ]
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if ServerHello tried to use a non-zero compression method', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        compressionMethod: 0x01
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if ServerHello did not echo our sessionId', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        sessionId: zeros(32)
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if the ServerHello contained an extension not allowed in that message', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makeSupportedVersionsExtension(0x0304),
+          testHelpers.makePskKeyExchangeModesExtension([]),
+          testHelpers.makePreSharedKeyExtension(0)
+        ]
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'ILLEGAL_PARAMETER');
+  });
+
+  it('errors if the ServerHello contained unexpected extensions', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makeSupportedVersionsExtension(0x0304),
+          testHelpers.makeCookieExtension(zeros(12)),
+          testHelpers.makePreSharedKeyExtension(0)
+        ]
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'UNSUPPORTED_EXTENSION');
+  });
+
+  it('errors if the ServerHello contained duplicate extensions', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makeSupportedVersionsExtension(0x0304),
+          testHelpers.makeSupportedVersionsExtension(0x0305),
+          testHelpers.makePreSharedKeyExtension(0)
+        ]
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if the ServerHello contained an extension whose length field is too small', async () => {
+    const svExt = testHelpers.makeSupportedVersionsExtension(0x0304);
+    svExt.length = svExt.data.byteLength - 1;
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          svExt,
+          testHelpers.makePreSharedKeyExtension(0)
+        ]
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if the ServerHello contained an extension whose length field is too big', async () => {
+    const svExt = testHelpers.makeSupportedVersionsExtension(0x0304);
+    svExt.length = svExt.data.byteLength + 1;
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          svExt,
+          testHelpers.makePreSharedKeyExtension(0)
+        ]
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if the ServerHello has trailing data', async () => {
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: await testHelpers.makeServerHelloMessage({
+        extensions: [
+          testHelpers.makeSupportedVersionsExtension(0x0304),
+          testHelpers.makeSupportedVersionsExtension(0x0305),
+          testHelpers.makePreSharedKeyExtension(0)
+        ],
+        trailer: zeros(3),
+      }),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if ServerHello and EncryptedExtensions appear in the same record', async () => {
+    const contentBuf = new BufferWriter();
+    contentBuf.writeBytes(await testHelpers.makeServerHelloMessage({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension(0x0304),
+        testHelpers.makePreSharedKeyExtension(0)
+      ]
+    }));
+    contentBuf.writeBytes(new EncryptedExtensions([]).toBytes());
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: contentBuf.flush(),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('errors if receiving a completely unknown handshake message type', async () => {
+    const contentBuf = new BufferWriter();
+    contentBuf.writeUint8(99);
+    contentBuf.writeVectorBytes24(zeros(0));
+    const unknownMessage = testHelpers.makePlaintextRecord({
+      content: contentBuf.flush(),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(unknownMessage);
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+
+  it('errors if ServerHello has a partial EncryptedExtensions after it in the same record', async () => {
+    const contentBuf = new BufferWriter();
+    contentBuf.writeBytes(await testHelpers.makeServerHelloMessage({
+      extensions: [
+        testHelpers.makeSupportedVersionsExtension(0x0304),
+        testHelpers.makePreSharedKeyExtension(0)
+      ]
+    }));
+    contentBuf.writeBytes(new EncryptedExtensions([]).toBytes().slice(0, 4));
+    const serverHello = testHelpers.makePlaintextRecord({
+      content: contentBuf.flush(),
+      type: 22
+    });
+    await assert.throwsAsync(async () => {
+      await client.recv(serverHello);
+    }, TLSError, 'UNEXPECTED_MESSAGE');
+  });
+});
+
+
+describe('the handshake between ClientConnection and ServerConnection', () => {
+  it('works without any mocking', async () => {
+    const CLIENT_SENT = [], SERVER_SENT = [];
+    const server = await ServerConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => SERVER_SENT.push(data));
+    const client = await ClientConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => CLIENT_SENT.push(data));
+
+    assert.equal(CLIENT_SENT.length, 1);
+    await server.recv(CLIENT_SENT[0]); // CH
+    assert.equal(SERVER_SENT.length, 3);
+    await client.recv(SERVER_SENT[0]); // SH
+    await client.recv(SERVER_SENT[1]); // CCS
+    await client.recv(SERVER_SENT[2]); // EE+SF
+    assert.equal(CLIENT_SENT.length, 2);
+    await server.recv(CLIENT_SENT[1]); // CF
+    assert.ok(bytesAreEqual(
+      server._keyschedule.clientApplicationTrafficSecret,
+      client._keyschedule.clientApplicationTrafficSecret
+    ));
+    assert.ok(bytesAreEqual(
+      server._keyschedule.serverApplicationTrafficSecret,
+      client._keyschedule.serverApplicationTrafficSecret
+    ));
+
+    await client.send(utf8ToBytes('hello world'));
+    assert.equal(CLIENT_SENT.length, 3);
+    const data = await server.recv(CLIENT_SENT[2]);
+    assert.equal(bytesToUtf8(data), 'hello world');
+
+    await server.close();
+    assert.equal(SERVER_SENT.length, 4);
+    assert.throwsAsync(async () => {
+      await client.recv(SERVER_SENT[3]);
+    }, TLSCloseNotify);
+
+    await client.close();
+    assert.equal(CLIENT_SENT.length, 4);
+    assert.throwsAsync(async () => {
+      await server.recv(CLIENT_SENT[3]);
+    }, TLSCloseNotify);
+  });
+
+  it('closes cleanly when part-way through', async () => {
+    const CLIENT_SENT = [], SERVER_SENT = [];
+    const server = await ServerConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => SERVER_SENT.push(data));
+    const client = await ClientConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => CLIENT_SENT.push(data));
+    assert.equal(CLIENT_SENT.length, 1);
+    await server.recv(CLIENT_SENT[0]);
+    assert.equal(SERVER_SENT.length, 3);
+    await client.recv(SERVER_SENT[0]);
+    await client.close();
+    assert.equal(CLIENT_SENT.length, 2);
+    assert.throwsAsync(async () => {
+      await server.recv(CLIENT_SENT[1]);
+    }, TLSCloseNotify);
+    await server.close();
+    assert.equal(SERVER_SENT.length, 4);
+    assert.throwsAsync(async () => {
+      await client.recv(SERVER_SENT[3]);
+    }, TLSCloseNotify);
+  });
+
+  it('rejects the `connected` promise on failure', async () => {
+    const CLIENT_SENT = [], SERVER_SENT = [];
+    const server = await ServerConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => SERVER_SENT.push(data));
+    const client = await ClientConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => CLIENT_SENT.push(data));
+    await assert.throwsAsync(async () => {
+      await server.recv(utf8ToBytes('junk data'));
+    }, TLSError, 'DECODE_ERROR');
+    // The server's `connected` promise rejects with that error.
+    await assert.throwsAsync(async () => {
+      await server.connected;
+    }, TLSError, 'DECODE_ERROR');
+    // The server sends the error to the client, which also rejects with it.
+    await assert.throwsAsync(async () => {
+      await client.recv(SERVER_SENT[0]);
+    }, TLSError, 'DECODE_ERROR');
+    await assert.throwsAsync(async () => {
+      await client.connected;
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('fulfills the `connected` promise on success', async () => {
+    const CLIENT_SENT = [], SERVER_SENT = [];
+    const server = await ServerConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => SERVER_SENT.push(data));
+    const client = await ClientConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => CLIENT_SENT.push(data));
+    await server.recv(CLIENT_SENT[0]); // CH
+    await client.recv(SERVER_SENT[0]); // SH
+    await client.recv(SERVER_SENT[1]); // CCS
+    await client.recv(SERVER_SENT[2]); // EE+SF
+    await server.recv(CLIENT_SENT[1]); // CF
+    await client.connected;
+    await server.connected;
+  });
+
+  it('generates fresh randomness on each run', async () => {
+    const CLIENT1_SENT = [], CLIENT2_SENT = [];
+    const SERVER1_SENT = [], SERVER2_SENT = [];
+    const server1 = await ServerConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => SERVER1_SENT.push(data));
+    const server2 = await ServerConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => SERVER2_SENT.push(data));
+    const client1 = await ClientConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => CLIENT1_SENT.push(data));
+    const client2 = await ClientConnection.create(TEST_VECTORS.PSK, TEST_VECTORS.PSK_ID, data => CLIENT2_SENT.push(data));
+    assert.notOk(bytesAreEqual(CLIENT1_SENT[0], CLIENT2_SENT[0])); // ClientHello differs
+    await server1.recv(CLIENT1_SENT[0]); // CH1
+    await server2.recv(CLIENT2_SENT[0]); // CH2
+    assert.notOk(bytesAreEqual(SERVER1_SENT[0], SERVER2_SENT[0])); // ServerHello differs
+    assert.ok(bytesAreEqual(SERVER1_SENT[1], SERVER2_SENT[1])); // ChaneCipherSpec is the same
+    assert.notOk(bytesAreEqual(SERVER1_SENT[2], SERVER2_SENT[2])); // Encrypted handshake msgs differ
+    await client1.recv(SERVER1_SENT[0]); // SH1
+    await client1.recv(SERVER1_SENT[1]); // CCS1
+    await client1.recv(SERVER1_SENT[2]); // EE1+SF1
+    await client2.recv(SERVER2_SENT[0]); // SH2
+    await client2.recv(SERVER2_SENT[1]); // CCS2
+    await client2.recv(SERVER2_SENT[2]); // EE2+SF2
+    await server1.recv(CLIENT1_SENT[1]); // CF1
+    await server2.recv(CLIENT2_SENT[1]); // CF2
+    // The final keys differ
+    assert.notOk(bytesAreEqual(
+      server1._keyschedule.clientApplicationTrafficSecret,
+      server2._keyschedule.clientApplicationTrafficSecret
+    ));
+    assert.notOk(bytesAreEqual(
+      client1._keyschedule.serverApplicationTrafficSecret,
+      client2._keyschedule.serverApplicationTrafficSecret
+    ));
+  });
+});
diff --git a/test/utils.js b/test/utils.js
new file mode 100644
index 0000000..3d0ce31
--- /dev/null
+++ b/test/utils.js
@@ -0,0 +1,475 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+describe('bytesAreEqual', () => {
+  it('returns true for a variety of equal byte arrays', () => {
+    assert.ok(bytesAreEqual(zeros(0), zeros(0)));
+    assert.ok(bytesAreEqual(zeros(7), zeros(7)));
+    assert.ok(bytesAreEqual(arrayToBytes([1,2,3]), arrayToBytes([1,2,3])));
+  });
+
+  it('returns false for a variety of non-equal byte arrays', () => {
+    assert.ok(! bytesAreEqual(zeros(0), zeros(1)));
+    assert.ok(! bytesAreEqual(zeros(1), zeros(0)));
+    assert.ok(! bytesAreEqual(arrayToBytes([1, 2, 3]), arrayToBytes([2, 2, 3])));
+    assert.ok(! bytesAreEqual(arrayToBytes([1, 2, 3]), arrayToBytes([1, 1, 3])));
+    assert.ok(! bytesAreEqual(arrayToBytes([1, 2, 3]), arrayToBytes([1, 2, 4])));
+    assert.ok(! bytesAreEqual(arrayToBytes([1, 2, 3]), arrayToBytes([1, 2, 3, 4])));
+    assert.ok(! bytesAreEqual(arrayToBytes([1, 2, 3, 4]), arrayToBytes([1, 2, 3])));
+  });
+
+  it('throws on a variety of bad inputs', () => {
+    assert.throws(() => bytesAreEqual(0, 0));
+    assert.throws(() => bytesAreEqual(null, 0));
+    assert.throws(() => bytesAreEqual({ some: 'object' }, { another: 'object'}));
+  });
+});
+
+describe('the BufferReader class', () => {
+
+  it('handles basic reading and seeking correctly', () => {
+    const buf = new BufferReader(utf8ToBytes('hello world'));
+    assert.equal(buf.length(), 11);
+    assert.equal(buf.tell(), 0);
+    assert.equal(bytesToUtf8(buf.readBytes(5)), 'hello');
+    assert.ok(buf.hasMoreBytes());
+    assert.equal(buf.tell(), 5);
+    buf.incr(2);
+    assert.equal(buf.tell(), 7);
+    assert.ok(buf.hasMoreBytes());
+    assert.equal(bytesToUtf8(buf.readBytes(4)), 'orld');
+    assert.ok(! buf.hasMoreBytes());
+    buf.seek(2);
+    assert.equal(buf.tell(), 2);
+    assert.equal(bytesToUtf8(buf.readBytes(5)), 'llo w');
+  });
+
+  it('errors if attempting to seek beyond the start of the buffer', () => {
+    const buf = new BufferReader(utf8ToBytes('hello world'));
+    assert.throws(() => {
+      buf.seek(-1);
+    }, TLSError, 'DECODE_ERROR');
+    assert.equal(buf.tell(), 0);
+  });
+
+  it('errors if attempting to seek beyond the end of the buffer', () => {
+    const buf = new BufferReader(utf8ToBytes('hello world'));
+    assert.throws(() => {
+      buf.seek(12);
+    }, TLSError, 'DECODE_ERROR');
+    assert.equal(buf.tell(), 0);
+  });
+
+  it('errors if attempting to read beyond the end of the buffer', () => {
+    const buf = new BufferReader(utf8ToBytes('hello world'));
+    buf.seek(2);
+    assert.throws(() => {
+      buf.readBytes(12);
+    }, TLSError, 'DECODE_ERROR');
+    assert.equal(buf.tell(), 2);
+  });
+
+  it('correctly reads integer primitives at various offsets', () => {
+    const buf = new BufferReader(arrayToBytes([132, 42, 17, 4, 0]));
+    assert.equal(buf.readUint8(), 132);
+    assert.equal(buf.tell(), 1);
+    assert.equal(buf.readUint8(), 42);
+    assert.equal(buf.tell(), 2);
+    assert.equal(buf.readUint8(), 17);
+    assert.equal(buf.tell(), 3);
+    assert.equal(buf.readUint8(), 4);
+    assert.equal(buf.tell(), 4);
+    assert.equal(buf.readUint8(), 0);
+    assert.equal(buf.tell(), 5);
+
+    buf.seek(0);
+    buf.seek(0);
+    assert.equal(buf.readUint16(), 33834);
+    assert.equal(buf.tell(), 2);
+    buf.incr(-1);
+    assert.equal(buf.readUint16(), 10769);
+    assert.equal(buf.tell(), 3);
+    assert.equal(buf.readUint16(), 1024);
+    assert.equal(buf.tell(), 5);
+
+    buf.seek(0);
+    assert.equal(buf.readUint24(), 8661521);
+    assert.equal(buf.tell(), 3);
+    buf.seek(1);
+    assert.equal(buf.readUint24(), 2756868);
+    assert.equal(buf.tell(), 4);
+
+    buf.seek(0);
+    assert.equal(buf.readUint32(), 2217349380);
+    assert.equal(buf.tell(), 4);
+    buf.seek(1);
+    assert.equal(buf.readUint32(), 705758208);
+    assert.equal(buf.tell(), 5);
+  });
+
+  it('errors if reading integer primitives past the end of the buffer', () => {
+    const buf = new BufferReader(arrayToBytes([132, 42, 17, 4, 1]));
+    buf.seek(5);
+    assert.throws(() => {
+      buf.readUint8();
+    }, TLSError, 'DECODE_ERROR');
+    buf.seek(5);
+    assert.throws(() => {
+      buf.readUint16();
+    }, TLSError, 'DECODE_ERROR');
+    buf.seek(5);
+    assert.throws(() => {
+      buf.readUint24();
+    }, TLSError, 'DECODE_ERROR');
+    buf.seek(5);
+    assert.throws(() => {
+      buf.readUint32();
+    }, TLSError, 'DECODE_ERROR');
+
+    buf.seek(4);
+    assert.ok(buf.readUint8());
+    buf.seek(4);
+    assert.throws(() => {
+      buf.readUint16();
+    }, TLSError, 'DECODE_ERROR');
+    buf.seek(4);
+    assert.throws(() => {
+      buf.readUint24();
+    }, TLSError, 'DECODE_ERROR');
+    buf.seek(4);
+    assert.throws(() => {
+      buf.readUint32();
+    }, TLSError, 'DECODE_ERROR');
+
+    buf.seek(3);
+    assert.ok(buf.readUint8());
+    buf.seek(3);
+    assert.ok(buf.readUint16());
+    buf.seek(3);
+    assert.throws(() => {
+      buf.readUint24();
+    }, TLSError, 'DECODE_ERROR');
+    buf.seek(3);
+    assert.throws(() => {
+      buf.readUint32();
+    }, TLSError, 'DECODE_ERROR');
+
+    buf.seek(2);
+    assert.ok(buf.readUint8());
+    buf.seek(2);
+    assert.ok(buf.readUint16());
+    buf.seek(2);
+    assert.ok(buf.readUint24());
+    buf.seek(2);
+    assert.throws(() => {
+      buf.readUint32();
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('correctly reads variable-length vectors of bytes', () => {
+    let buf = new BufferReader(arrayToBytes([4, 1, 2, 3, 4, 5]));
+    assert.ok(bytesAreEqual(buf.readVectorBytes8(), arrayToBytes([1, 2, 3, 4])));
+    assert.equal(buf.tell(), 5);
+    buf = new BufferReader(arrayToBytes([0, 0, 0]));
+    assert.ok(bytesAreEqual(buf.readVectorBytes8(), arrayToBytes([])));
+    assert.equal(buf.tell(), 1);
+
+    buf = new BufferReader(arrayToBytes([0, 4, 1, 2, 3, 4, 5]));
+    assert.ok(bytesAreEqual(buf.readVectorBytes16(), arrayToBytes([1, 2, 3, 4])));
+    assert.equal(buf.tell(), 6);
+
+    buf = new BufferReader(arrayToBytes([0, 0, 4, 1, 2, 3, 4, 5]));
+    assert.ok(bytesAreEqual(buf.readVectorBytes24(), arrayToBytes([1, 2, 3, 4])));
+    assert.equal(buf.tell(), 7);
+  });
+
+  it('correctly reads variable-length vectors using a callback', () => {
+    let readValues = [];
+    // We ignore the leading `42` in order to test reading at an offset.
+    let buf = new BufferReader(arrayToBytes([42, 4, 1, 2, 3, 4, 5]));
+    buf.seek(1);
+    buf.readVector8((contentsBuf, n) => {
+      assert.equal(contentsBuf.length(), 4);
+      assert.equal(n, readValues.length);
+      readValues.push(contentsBuf.readUint8());
+    });
+    assert.deepEqual(readValues, [1, 2, 3, 4]);
+    assert.equal(buf.tell(), 6);
+
+    readValues = [];
+    buf = new BufferReader(arrayToBytes([42, 0, 4, 1, 2, 3, 4, 5]));
+    buf.seek(1);
+    buf.readVector16((contentsBuf, n) => {
+      assert.equal(contentsBuf.length(), 4);
+      assert.equal(n, readValues.length);
+      readValues.push(contentsBuf.readUint16());
+    });
+    assert.deepEqual(readValues, [(1 << 8) | 2, (3 << 8) | 4]);
+    assert.equal(buf.tell(), 7);
+
+    readValues = [];
+    buf = new BufferReader(arrayToBytes([42, 0, 0, 4, 1, 2, 3, 4, 5]));
+    buf.seek(1);
+    buf.readVector24((contentsBuf, n) => {
+      assert.equal(contentsBuf.length(), 4);
+      assert.equal(n, readValues.length);
+      readValues.push(contentsBuf.readUint8());
+    });
+    assert.deepEqual(readValues, [1, 2, 3, 4]);
+    assert.equal(buf.tell(), 8);
+  });
+
+  it('errors if a vector read consumes too many bytes', () => {
+    const buf = new BufferReader(arrayToBytes([2, 1, 2, 3]));
+    assert.throws(() => {
+      buf.readVector8(contentsBuf => {
+        assert.equal(contentsBuf.length(), 2);
+        contentsBuf.readUint24();
+      });
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if a vector read somehow consumes too few bytes', () => {
+    const buf = new BufferReader(arrayToBytes([3, 1, 2, 3]));
+    assert.throws(() => {
+      buf.readVector8(contentsBuf => {
+        assert.equal(contentsBuf.length(), 3);
+        assert.equal(contentsBuf.readUint8(), 1);
+        assert.equal(contentsBuf.readUint8(), 2);
+        assert.equal(contentsBuf.readUint8(), 3);
+        // simulate some bug that changes the underlying buffer.
+        buf.incr(-1);
+      });
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if a vector read consumes no bytes', () => {
+    const buf = new BufferReader(arrayToBytes([3, 1, 2, 3]));
+    assert.throws(() => {
+      buf.readVector8(contentsBuf => {
+        assert.equal(contentsBuf.length(), 3);
+        // don't consume anything, risking an infinite loop of callback invocations.
+      });
+    }, TLSError, 'DECODE_ERROR');
+  });
+
+  it('errors if a nested vector read would exceed the outer buffer length', () => {
+    // A vector of length 5, inside a vector of length 3.
+    const buf = new BufferReader(arrayToBytes([3, 5, 1, 2, 3, 4, 5]));
+    assert.throws(() => {
+      buf.readVector8(contentsBuf => {
+        assert.equal(contentsBuf.length(), 3);
+        contentsBuf.readVector8(() => {
+          assert.fail('the callback should not get called');
+        });
+      });
+    }, TLSError, 'DECODE_ERROR');
+  });
+});
+
+describe('the BufferWriter class', () => {
+  it('grows appropriately as data is written', () => {
+    const buf = new BufferWriter(2);
+    buf.writeBytes(arrayToBytes([1,2,3,4,5]));
+    assert.equal(buf.tell(), 5);
+    assert.equal(buf.length(), 6);
+  });
+
+  it('can read back written data using `slice`', () => {
+    const buf = new BufferWriter(2);
+    buf.writeBytes(arrayToBytes([1, 2, 3, 4, 5]));
+    assert.equal(buf.tell(), 5);
+    assert.ok(bytesAreEqual(buf.slice(), arrayToBytes([1, 2, 3, 4, 5])));
+    assert.equal(buf.tell(), 5);
+    assert.ok(bytesAreEqual(buf.slice(1), arrayToBytes([2, 3, 4, 5])));
+    assert.equal(buf.tell(), 5);
+    assert.ok(bytesAreEqual(buf.slice(1, 3), arrayToBytes([2, 3])));
+    assert.equal(buf.tell(), 5);
+    assert.ok(bytesAreEqual(buf.slice(1, -1), arrayToBytes([2, 3, 4])));
+    assert.equal(buf.tell(), 5);
+  });
+
+  it('refuses to slice past the start of the buffer', () => {
+    const buf = new BufferWriter(2);
+    buf.writeBytes(arrayToBytes([1, 2, 3, 4, 5]));
+    assert.throws(() => {
+      buf.slice(-1);
+    }, TLSError, 'INTERNAL_ERROR');
+    assert.throws(() => {
+      buf.slice(0, -50);
+    }, TLSError, 'INTERNAL_ERROR');
+  });
+
+  it('refuses to slice past the end of the buffer', () => {
+    const buf = new BufferWriter(2);
+    buf.writeBytes(arrayToBytes([1, 2, 3, 4, 5]));
+    assert.throws(() => {
+      buf.slice(2, 50);
+    }, TLSError, 'INTERNAL_ERROR');
+  });
+
+  it('returns and resets the buffer on flush', () => {
+    const buf = new BufferWriter();
+    buf.writeBytes(arrayToBytes([1, 2, 3, 4, 5]));
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([1, 2, 3, 4, 5])));
+    assert.equal(buf.tell(), 0);
+    assert.ok(bytesAreEqual(buf.slice(), arrayToBytes([])));
+  });
+
+  it('truncates at the current position on flush', () => {
+    const buf = new BufferWriter();
+    buf.writeBytes(arrayToBytes([1, 2, 3, 4, 5]));
+    buf.incr(-2);
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([1, 2, 3])));
+    assert.equal(buf.tell(), 0);
+  });
+
+  it('correctly writes integer primitives at various offsets', () => {
+    const buf = new BufferWriter();
+    for (let i = 0; i < 10; i++) {
+      buf.writeUint8(i);
+    }
+    assert.equal(buf.tell(), 10);
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([
+      0, 1, 2, 3, 4, 5, 6, 7, 8, 9
+    ])));
+
+    for (let i = 0; i < 9; i++) {
+      buf.writeUint16(i);
+    }
+    buf.writeUint16(3079);
+    assert.equal(buf.tell(), 20);
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([
+      0, 0, 0, 1, 0, 2, 0, 3, 0, 4, 0, 5, 0, 6, 0, 7, 0, 8, 12, 7
+    ])));
+
+    for (let i = 0; i < 5; i++) {
+      buf.writeUint24(i);
+    }
+    buf.writeUint24(788229);
+    assert.equal(buf.tell(), 18);
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([
+      0, 0, 0, 0, 0, 1, 0, 0, 2, 0, 0, 3, 0, 0, 4, 12, 7, 5
+    ])));
+
+    for (let i = 0; i < 5; i++) {
+      buf.writeUint32(i);
+    }
+    buf.writeUint32(201786627);
+    assert.equal(buf.tell(), 24);
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([
+      0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 3, 0, 0, 0, 4, 12, 7, 5, 3
+    ])));
+
+    buf.writeUint8(1);
+    buf.writeUint16(2);
+    buf.writeUint24(3);
+    buf.writeUint8(4);
+    buf.writeUint32(5);
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([
+      1, 0, 2, 0, 0, 3, 4, 0, 0, 0, 5
+    ])));
+  });
+
+  it('correctly writes variable-length vectors of bytes', () => {
+    let buf = new BufferWriter();
+    buf.writeVectorBytes8(arrayToBytes([1, 2, 3, 4, 5]));
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([5, 1, 2, 3, 4, 5])));
+
+    buf = new BufferWriter();
+    buf.writeVectorBytes16(arrayToBytes([1, 2, 3, 4, 5]));
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([0, 5, 1, 2, 3, 4, 5])));
+
+    buf = new BufferWriter();
+    buf.writeVectorBytes24(arrayToBytes([1, 2, 3, 4, 5]));
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([0, 0, 5, 1, 2, 3, 4, 5])));
+  });
+
+  it('correctly writes variable-length vectors using a callback', () => {
+    let buf = new BufferWriter();
+    buf.writeVector8(buf => {
+      buf.writeUint8(1);
+      buf.writeUint8(2);
+      buf.writeUint8(3);
+      buf.writeUint8(4);
+      buf.writeUint8(5);
+    });
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([5, 1, 2, 3, 4, 5])));
+
+    buf = new BufferWriter();
+    buf.writeVector16(buf => {
+      buf.writeUint8(1);
+      buf.writeUint8(2);
+      buf.writeUint8(3);
+      buf.writeUint8(4);
+      buf.writeUint8(5);
+    });
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([0, 5, 1, 2, 3, 4, 5])));
+
+    buf = new BufferWriter();
+    buf.writeVector24(buf => {
+      buf.writeUint8(1);
+      buf.writeUint8(2);
+      buf.writeUint8(3);
+      buf.writeUint8(4);
+      buf.writeUint8(5);
+    });
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([0, 0, 5, 1, 2, 3, 4, 5])));
+  });
+
+  it('correctly writes nested variable-length vectors using nested callback', () => {
+    const buf = new BufferWriter();
+    buf.writeVector16(buf => {
+      buf.writeVector8(buf => {
+        buf.writeUint8(1);
+        buf.writeUint8(2);
+        buf.writeUint8(3);
+        buf.writeUint8(4);
+        buf.writeUint8(5);
+      });
+    });
+    assert.ok(bytesAreEqual(buf.flush(), arrayToBytes([0, 6, 5, 1, 2, 3, 4, 5])));
+  });
+
+  it('errors if a vector write exceeds the maximum size representable in its length field', () => {
+    let buf = new BufferWriter();
+    buf.writeVectorBytes8(zeros(255));
+    assert.throws(() => {
+      buf.writeVectorBytes8(zeros(256));
+    }, TLSError, 'INTERNAL_ERROR');
+
+    buf = new BufferWriter();
+    buf.writeVectorBytes16(zeros(65535));
+    assert.throws(() => {
+      buf.writeVectorBytes16(zeros(65536));
+    }, TLSError, 'INTERNAL_ERROR');
+
+    buf = new BufferWriter();
+    buf.writeVectorBytes24(zeros(16777215));
+    assert.throws(() => {
+      buf.writeVectorBytes16(zeros(16777216));
+    }, TLSError, 'INTERNAL_ERROR');
+
+    buf = new BufferWriter();
+    assert.throws(() => {
+      buf.writeVector8(buf => {
+        buf.writeBytes(zeros(256));
+      });
+    }, TLSError, 'INTERNAL_ERROR');
+
+    buf = new BufferWriter();
+    assert.throws(() => {
+      buf.writeVector16(buf => {
+        buf.writeBytes(zeros(65536));
+      });
+    }, TLSError, 'INTERNAL_ERROR');
+
+    buf = new BufferWriter();
+    assert.throws(() => {
+      buf.writeVector24(buf => {
+        buf.writeBytes(zeros(16777216));
+      });
+    }, TLSError, 'INTERNAL_ERROR');
+  });
+});
diff --git a/test/vectors/generate_test_vectors.py b/test/vectors/generate_test_vectors.py
new file mode 100644
index 0000000..5b63e15
--- /dev/null
+++ b/test/vectors/generate_test_vectors.py
@@ -0,0 +1,374 @@
+#
+# This is a script to generate a static "trace" of a TLS1.3 handshake
+# using the known-good implementation from `tlslite-ng`.  We use the
+# components of the trace as test vectors for the JS implementation.
+#
+# You'll need to install tlslite-ng from this fork, which includes a couple
+# of cleanups for running in PSK-only mode:
+#
+#    https://github.com/rfk/tlslite-ng/compare/master...rfk:tls13-psk-only?expand=1
+#
+# Then run this script like so:
+#
+#    pip install tlslite-ng
+#    python ./generate_test_vectors.py > test_vectors.js
+#
+
+import os
+import queue
+import threading
+import collections
+from binascii import hexlify
+
+from tlslite.api import TLSConnection, HandshakeSettings
+from tlslite.utils.cryptomath import secureHash, secureHMAC, derive_secret
+from tlslite.handshakehashes import HandshakeHashes
+
+# This script basically prints out a JS file declaring a big Object with
+# one property per useful chunk of test vector.  Here's the file header.
+
+print("""//
+// This file was auto-generated by `./generate_test_vectors.py`
+//
+
+/* eslint-disable sorting/sort-object-props */
+/* exported TEST_VECTORS */
+
+const TEST_VECTORS = {
+""")
+
+# And here are some helper functions for printing out
+# individual chunks of bytes with a nice name.
+
+def printTestVectorBytes(name, bytes):
+    # Print it out as hexlified data in chunks of 40 bytes,
+    # so that the final file is nice and readable.
+    print("  {}: hexToBytes(".format(name))
+    while len(bytes) > 40:
+        print("    '" + hexlify(bytes[:40]).decode("ascii") + "' +")
+        bytes = bytes[40:]
+    print("    '" + hexlify(bytes).decode("ascii") + "'")
+    print("  ),")
+
+
+def printTestVectorStr(name, bytes):
+    print("  {}: utf8ToBytes('{}'),".format(name, bytes.decode('ascii')))
+
+
+def printComment(comment):
+    print("  // {}".format(comment))
+
+
+# Mock out os.urandom so that we can generate stable test vectors.
+
+MOCKED_URANDOM_CALLS = collections.deque()
+
+def mock_urandom(size):
+    try:
+        mocked_value = MOCKED_URANDOM_CALLS.popleft()
+    except IndexError:
+        raise AssertionError('unmocked call to os.urandom({})'.format(size))
+    if size != len(mocked_value):
+        raise AssertionError('unexpected call to os.urandom({})'.format(size))
+    return mocked_value
+
+orig_urandom = os.urandom
+os.urandom = mock_urandom
+
+# These are some helpers for capturing the data sent out to the "socket"
+# by tlslite-ng. Hooray for duck-typing!
+
+class Mocket:
+    """A mock socket, that captures the data it's asked to send."""
+
+    def __init__(self, send_queue, recv_queue):
+        self.sent_data = []
+        self._send_queue = send_queue
+        self._recv_queue = recv_queue
+        self._buffer = b''
+        self._closed = False
+
+    def close(self):
+        self._send_queue.put(None)
+
+    def send(self, bytes):
+        self.sent_data.append(bytes)
+        self._send_queue.put(bytes)
+        return len(bytes)
+
+    def sendall(self, bytes):
+        self.send(bytes)
+
+    def recv(self, bufsize):
+        if self._closed:
+            return b''
+        while len(self._buffer) < bufsize:
+            bytes = self._recv_queue.get(timeout=5)
+            if bytes is None:
+                self._closed = True
+                break
+            self._buffer += bytes
+        bytes = self._buffer[:bufsize]
+        self._buffer = self._buffer[len(bytes):]
+        return bytes
+
+
+def mocketpair():
+    """Make a pair of Mockets that are connected to each other."""
+    a2b = queue.Queue()
+    b2a = queue.Queue()
+    return (Mocket(a2b, b2a), Mocket(b2a, a2b))
+
+
+# And these are some helpers for executing a full handshake on two
+# separate threads, and collecting the results.
+
+def run_handshake(client_cb, server_cb):
+    """Run the given client/server callbacks in parallel, returning sent data.
+    
+    This function spawns two background threads on which to run the given
+    callbacks in parallel. Each will be passed an instance of `TLSConnection`
+    through which it can communicate with the other.
+
+    Once both callbacks complete, this function will return a tuple (c, s) of
+    the data sent by the client, and by the server. If either callback throws
+    an error it will be propagated into the main thread.
+    """
+    c, s = mocketpair()
+    client = TLSConnection(c)
+    server = TLSConnection(s)
+    errors = []
+
+    def run_client():
+        try:
+            client_cb(client)
+        except Exception as err:
+            errors.append(err)
+
+    def run_server():
+        try:
+            server_cb(server)
+        except Exception as err:
+            errors.append(err)
+
+    tc = threading.Thread(target=run_client)
+    ts = threading.Thread(target=run_server)
+    tc.start()
+    ts.start()
+    tc.join()
+    ts.join()
+    if errors:
+        raise errors[0]
+    assert len(MOCKED_URANDOM_CALLS) == 0, 'unused mock urandom call'
+    return (c.sent_data, s.sent_data)
+
+
+# OK, we're ready to do some handshakes!
+
+# For the first scenario, we do a minimal PSK-only handshake
+# that should exactly match the bytes generated by the JS code.
+
+PSK_ID = b'testkey'
+PSK = b'aabbccddeeff'
+SESSION_ID = b'00000000000000000000000000000001'
+CLIENT_RANDOM = b'01010101010101010101010101010101'
+SERVER_RANDOM = b'02020202020202020202020202020202'
+CLIENT_RAW_APP_DATA = b'hello world'
+CLIENT_RAW_APP_DATA_2 = b'how are you?'
+SERVER_RAW_APP_DATA=b'hello world'
+SERVER_RAW_APP_DATA_2=b'fine thanks and you?'
+
+printComment("Data that comes from the outside world in one way or another")
+printTestVectorStr("PSK_ID", PSK_ID)
+printTestVectorStr("PSK", PSK)
+printTestVectorStr("SESSION_ID", SESSION_ID)
+printTestVectorStr("CLIENT_RANDOM", CLIENT_RANDOM)
+printTestVectorStr("SERVER_RANDOM", SERVER_RANDOM)
+printTestVectorStr("CLIENT_RAW_APP_DATA", CLIENT_RAW_APP_DATA)
+printTestVectorStr("SERVER_RAW_APP_DATA", SERVER_RAW_APP_DATA)
+printTestVectorStr("CLIENT_RAW_APP_DATA_2", CLIENT_RAW_APP_DATA_2)
+printTestVectorStr("SERVER_RAW_APP_DATA_2", SERVER_RAW_APP_DATA_2)
+
+print("\n")
+
+minimalSettings = HandshakeSettings()
+# Flag that we only speak TLS1.3, not earlier versions.
+minimalSettings.minVersion = (3, 4)
+minimalSettings.maxVersion = (3, 4)
+minimalSettings.versions = [(3, 4)]
+# Use our single supported ciphersuite,
+# and no DHE or certificates.
+minimalSettings.cipherNames = ['aes128gcm']
+minimalSettings.keyExchangeNames = []
+minimalSettings.keyShares = []
+minimalSettings.eccCurves = []
+minimalSettings.dhGroups = []
+minimalSettings.rsaSchemes = []
+# Disable some extensions that are on by default in tlslite-ng.
+minimalSettings.useEncryptThenMAC = False
+minimalSettings.useExtendedMasterSecret = False
+minimalSettings.use_heartbeat_extension = False
+minimalSettings.record_size_limit = None
+# Configure the single pre-established PSK.
+minimalSettings.pskConfigs = [(PSK_ID, PSK, 'sha256')]
+minimalSettings.psk_modes = ['psk_ke']
+
+MOCKED_URANDOM_CALLS.extend((
+    SESSION_ID,
+    CLIENT_RANDOM,
+    SERVER_RANDOM,
+))
+
+def run_client_minimal(client):
+    client.handshakeClientCert(settings=minimalSettings)
+    client.send(CLIENT_RAW_APP_DATA)
+    assert client.recv(1024) == SERVER_RAW_APP_DATA
+    client.send(CLIENT_RAW_APP_DATA_2)
+    assert client.recv(1024) == SERVER_RAW_APP_DATA_2
+    client.close()
+
+def run_server_minimal(server):
+    server.handshakeServer(settings=minimalSettings)
+    assert server.recv(1024) == CLIENT_RAW_APP_DATA
+    server.send(SERVER_RAW_APP_DATA)
+    assert server.recv(1024) == CLIENT_RAW_APP_DATA_2
+    server.send(SERVER_RAW_APP_DATA_2)
+    server.close()
+
+(c_sent, s_sent) = run_handshake(run_client_minimal, run_server_minimal)
+
+printComment("Trace from a minimal client talking to a minimal server")
+# The initial ClientHello record is sent with version 0x0301 for b/w compat,
+# but we don't want or need that for our implementation. Fix it to 0x0303.
+assert c_sent[0][:3] == b'\x16\x03\x01'
+c_sent[0][2] = 0x03
+printTestVectorBytes("CLIENT_HELLO", c_sent[0])
+# The change-cipher-spec and client-finished are emitted in a single send.
+printTestVectorBytes("CLIENT_CHANGE_CIPHER_SPEC", c_sent[1][:6])
+printTestVectorBytes("CLIENT_FINISHED", c_sent[1][6:])
+printTestVectorBytes("CLIENT_APP_DATA", c_sent[2])
+printTestVectorBytes("CLIENT_APP_DATA_2", c_sent[3])
+printTestVectorBytes("CLIENT_CLOSE", c_sent[4])
+assert len(c_sent) == 5
+
+# The server-hello has a change-cipher spec appended to it.
+printTestVectorBytes("SERVER_HELLO", s_sent[0][:-6])
+printTestVectorBytes("SERVER_CHANGE_CIPHER_SPEC", s_sent[0][-6:])
+printTestVectorBytes("SERVER_ENCRYPTED_EXTENSIONS_AND_FINISHED", s_sent[1])
+printTestVectorBytes("SERVER_APP_DATA", s_sent[2])
+printTestVectorBytes("SERVER_APP_DATA_2", s_sent[3])
+printTestVectorBytes("SERVER_CLOSE", s_sent[4])
+assert len(s_sent) == 5
+
+print("\n")
+
+# For some additional tests of key generation, we use tlslite-ng's low-level
+# derivation functions to run the TLS1.3 keyschedule.  It doesn't seem to expose
+# a nice API that encapsulates these calculations directly.
+
+printComment("Testcases for key derivation")
+prf = "sha256"
+transcript = HandshakeHashes()
+earlySecret = secureHMAC(bytearray(32), PSK, prf)
+printTestVectorBytes(
+    "KEYS_EXT_BINDER",
+    derive_secret(earlySecret, b"ext binder", None, prf)
+)
+
+handshakeSecret = secureHMAC(
+    derive_secret(earlySecret, b"derived", None, prf),
+    bytearray(32),  # No ECDHE, so use zeros.
+    prf
+)
+printTestVectorStr("KEYS_PLAINTEXT_TRANSCRIPT", b'fake plaintext transcript')
+transcript.update(b'fake plaintext transcript')
+printTestVectorBytes(
+    "KEYS_CLIENT_HANDSHAKE_TRAFFIC_SECRET",
+    derive_secret(handshakeSecret, b"c hs traffic", transcript, prf)
+)
+printTestVectorBytes(
+    "KEYS_SERVER_HANDSHAKE_TRAFFIC_SECRET",
+    derive_secret(handshakeSecret, b"s hs traffic", transcript, prf)
+)
+
+masterSecret = secureHMAC(
+    derive_secret(handshakeSecret, b"derived", None, prf),
+    bytearray(32),
+    prf
+)
+printTestVectorStr("KEYS_ENCRYPTED_TRANSCRIPT", b'fake encrypted transcript')
+transcript.update(b'fake encrypted transcript')
+printTestVectorBytes(
+    "KEYS_CLIENT_APPLICATION_TRAFFIC_SECRET_0",
+    derive_secret(masterSecret, b"c ap traffic", transcript, prf)
+)
+printTestVectorBytes(
+    "KEYS_SERVER_APPLICATION_TRAFFIC_SECRET_0",
+    derive_secret(masterSecret, b"s ap traffic", transcript, prf)
+)
+
+print("\n")
+
+# Next, we use a more featureful ClientHello, so that we can test
+# handling of unsupported ClientHello extension fields etc.
+# This simulates some future version of the Client with lots more features
+# talking to a current version of the Server that implements the
+# single PSK mode.
+
+fullSettings = HandshakeSettings()
+# Pretend to speak some future version of TLS, to test negotiation.
+fullSettings.minVersion = (3, 4)
+fullSettings.maxVersion = (3, 4)
+fullSettings.versions = [(3, 4), (3, 5)]
+# Offer several PSKs
+fullSettings.pskConfigs = [
+    (b'a dummy key', b'111222333444555', 'sha384'),
+    (PSK_ID, PSK, 'sha256'),
+    (b'another dummy key', b'qwertyqwertyqwerty', 'sha384'),
+]
+fullSettings.psk_modes = ['psk_ke', 'psk_dhe_ke']
+# Leave everything else set to defaults, so it will include ECDHE keyshares,
+# other ciphersuites, etc.
+
+MOCKED_URANDOM_CALLS.extend((
+    SESSION_ID,
+    orig_urandom(32), # Client keyshare generation.
+    orig_urandom(32), # Use actual random values here because they should be ignored.
+    CLIENT_RANDOM,
+    orig_urandom(32), # Server keyshare generation.
+    SERVER_RANDOM,
+))
+
+def run_client_full(client):
+    client.handshakeClientCert(settings=fullSettings)
+    client.send(CLIENT_RAW_APP_DATA)
+    assert client.recv(1024) == SERVER_RAW_APP_DATA
+    client.send(CLIENT_RAW_APP_DATA_2)
+    assert client.recv(1024) == SERVER_RAW_APP_DATA_2
+    client.close()
+
+def run_server_full(server):
+    server.handshakeServer(settings=fullSettings)
+    assert server.recv(1024) == CLIENT_RAW_APP_DATA
+    server.send(SERVER_RAW_APP_DATA)
+    assert server.recv(1024) == CLIENT_RAW_APP_DATA_2
+    server.send(SERVER_RAW_APP_DATA_2)
+    server.close()
+
+(c_sent, s_sent) = run_handshake(run_client_full, run_server_full)
+
+# Unfortunately, I've been unable to get tlslite-ng to negotiate itself down
+# to using PSK_KE mode when the server doesn't support any ECDHE groups.
+# For now we just want the ClientHello to feed it into our tests.
+printComment("ClientHello from a full-featured client")
+assert c_sent[0][:3] == b'\x16\x03\x01'
+c_sent[0][2] = 0x03
+printTestVectorBytes("EXTENDED_CLIENT_HELLO", c_sent[0])
+
+# Finally, the JS file footer.
+
+print("""
+};
+
+/* eslint-enable sorting/sort-object-props */
+""")
diff --git a/test/vectors/test_vectors.js b/test/vectors/test_vectors.js
new file mode 100644
index 0000000..acf64dc
--- /dev/null
+++ b/test/vectors/test_vectors.js
@@ -0,0 +1,114 @@
+//
+// This file was auto-generated by `./generate_test_vectors.py`
+//
+
+/* eslint-disable sorting/sort-object-props */
+/* exported TEST_VECTORS */
+
+const TEST_VECTORS = {
+
+  // Data that comes from the outside world in one way or another
+  PSK_ID: utf8ToBytes('testkey'),
+  PSK: utf8ToBytes('aabbccddeeff'),
+  SESSION_ID: utf8ToBytes('00000000000000000000000000000001'),
+  CLIENT_RANDOM: utf8ToBytes('01010101010101010101010101010101'),
+  SERVER_RANDOM: utf8ToBytes('02020202020202020202020202020202'),
+  CLIENT_RAW_APP_DATA: utf8ToBytes('hello world'),
+  SERVER_RAW_APP_DATA: utf8ToBytes('hello world'),
+  CLIENT_RAW_APP_DATA_2: utf8ToBytes('how are you?'),
+  SERVER_RAW_APP_DATA_2: utf8ToBytes('fine thanks and you?'),
+
+
+  // Trace from a minimal client talking to a minimal server
+  CLIENT_HELLO: hexToBytes(
+    '16030300920100008e03033031303130313031303130313031303130313031303130313031303130' +
+    '31303120303030303030303030303030303030303030303030303030303030303030303100021301' +
+    '01000043002b0003020304002d0002010000290032000d0007746573746b6579000000000021205f' +
+    '84ad32f7b6202f00377b0de82050feed09d13469537b33c62f7fe3bd8592cc'
+  ),
+  CLIENT_CHANGE_CIPHER_SPEC: hexToBytes(
+    '140303000101'
+  ),
+  CLIENT_FINISHED: hexToBytes(
+    '1703030035ef9bc9f46686662934751e20b2ac555c7b31919febcd7b2bc5752752ab6b6964ceb9db' +
+    '12d60f6eae2476dd7687f470440820c202d6'
+  ),
+  CLIENT_APP_DATA: hexToBytes(
+    '170303001c27b18f3e5120c06c89bb039bc097dce5b888b036f52db6d8a502215d'
+  ),
+  CLIENT_APP_DATA_2: hexToBytes(
+    '170303001dee7cb41bfa15b6d47c8615ad00e73a63c8ac48a03e6a7a6a65cb6d06d6'
+  ),
+  CLIENT_CLOSE: hexToBytes(
+    '17030300138ed43f858c66b28ab7b0e9ecd06b935d891a0f'
+  ),
+  SERVER_HELLO: hexToBytes(
+    '16030300580200005403033032303230323032303230323032303230323032303230323032303230' +
+    '32303220303030303030303030303030303030303030303030303030303030303030303113010000' +
+    '0c002b00020304002900020000'
+  ),
+  SERVER_CHANGE_CIPHER_SPEC: hexToBytes(
+    '140303000101'
+  ),
+  SERVER_ENCRYPTED_EXTENSIONS_AND_FINISHED: hexToBytes(
+    '170303003b5edd88393f4610968fba30364635d4f7d3f04b32c6a925ddb7b686f14c249103571880' +
+    '7b1fa20a68d55da213d4c581f01ff80a077f1ee7e90de4e1'
+  ),
+  SERVER_APP_DATA: hexToBytes(
+    '170303001cf683f74f23ea006ed642e0dda96b97eda09e095784308fd7ee6dbece'
+  ),
+  SERVER_APP_DATA_2: hexToBytes(
+    '1703030025afb2020a8fbd76b7d27919dbe2b1e951d9056c779587708471d9a66030b2f4c2f14057' +
+    '2601'
+  ),
+  SERVER_CLOSE: hexToBytes(
+    '1703030013f948f9f4d85e18801cd6ea796d438034d03a4f'
+  ),
+
+
+  // Testcases for key derivation
+  KEYS_EXT_BINDER: hexToBytes(
+    '573c05ab12932bd141a222c46db9172205c9f9d0c9326c42c5604eed55b57e3a'
+  ),
+  KEYS_PLAINTEXT_TRANSCRIPT: utf8ToBytes('fake plaintext transcript'),
+  KEYS_CLIENT_HANDSHAKE_TRAFFIC_SECRET: hexToBytes(
+    'd21e1d6279c57611c6e85e8390cb1676ed1a545da75bfa3853f128f77ea15196'
+  ),
+  KEYS_SERVER_HANDSHAKE_TRAFFIC_SECRET: hexToBytes(
+    '6f8923e53e434a4f34333b5c3ea60f21f90df3600eec82c588e4ebfe88273626'
+  ),
+  KEYS_ENCRYPTED_TRANSCRIPT: utf8ToBytes('fake encrypted transcript'),
+  KEYS_CLIENT_APPLICATION_TRAFFIC_SECRET_0: hexToBytes(
+    '65d7f3a53ec6e224c2594e4ef3729cb174137a97a22b0eb78f459fd0e5797fb7'
+  ),
+  KEYS_SERVER_APPLICATION_TRAFFIC_SECRET_0: hexToBytes(
+    '9ca237a625b861b84b15c0d0013fa6067618535ecf3b26e4f40580765863f8ea'
+  ),
+
+
+  // ClientHello from a full-featured client
+  EXTENDED_CLIENT_HELLO: hexToBytes(
+    '16030302c4010002c003033031303130313031303130313031303130313031303130313031303130' +
+    '31303120303030303030303030303030303030303030303030303030303030303030303100341302' +
+    '13011303cca8c030c02fc028c027c014c013c012ccaa009f009e006b0067003900330016009d009c' +
+    '003d003c0035002f000a010002430016000000170000000b00020100000a00160014001d001e0018' +
+    '0017001901000101010201030104000d001800160806080b0805080a080408090601050104010301' +
+    '0201002b000504030403050033006b00690017004104281ccb4d2bc57cf3bd922632101bbe3f16e9' +
+    '9cb8e22e60b972fc9102ff03feada6a8fc82982f9c3c92ab982d5253d7e03c0ef6fec89c71854b1d' +
+    '620d4f895f1b001d0020a1d303ffb674d592128899513a0fb1f2a43ec477772ff94e860536b38a59' +
+    '331f002d0003020001000f000101001c00024001001500b100000000000000000000000000000000' +
+    '00000000000000000000000000000000000000000000000000000000000000000000000000000000' +
+    '00000000000000000000000000000000000000000000000000000000000000000000000000000000' +
+    '00000000000000000000000000000000000000000000000000000000000000000000000000000000' +
+    '00000000000000000000000000000000000000000000000000000000000000000000000000000000' +
+    '00002900bc0035000b612064756d6d79206b6579000000000007746573746b657900000000001161' +
+    '6e6f746865722064756d6d79206b657900000000008330c6b42489148aab36e2649d1e8c9c017aed' +
+    'f5882061812caaf13680210120a101d823dff9cd8c17210f1cbfff99fc0b9b201d0d160f28139f00' +
+    'cb54295153ab9c56b233e5c609efc4e3faa9e6ecafde91443081bdcd874e98150d5ef5d719441f50' +
+    '8b7e0088c3c09693d090a33ec6938264837151ab85f953355434dad4bc78e9fa7f'
+  ),
+
+};
+
+/* eslint-enable sorting/sort-object-props */
+
diff --git a/webpack.config.js b/webpack.config.js
index f2a0412..0de8769 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -17,22 +17,6 @@ const LIBRARY_NAME = 'FxAccountsPairingChannel';
 const ENTRYPOINT = __dirname + '/src/index.js';
 const EXPORT_PATH = __dirname + '/dist';
 
-const MODULE_CONFIG = {
-  rules: [
-    {
-      exclude: /(node_modules)/,
-      test: /(\.jsx|\.js)$/,
-      use: {
-        loader: 'babel-loader',
-        options: {
-          plugins: ['@babel/plugin-transform-runtime'],
-          presets: ['@babel/preset-env'],
-        }
-      }
-    }
-  ]
-};
-
 const WrapperPlugin = require('wrapper-webpack-plugin');
 const bannerPlugin = new webpack.BannerPlugin({
   banner: BANNER
@@ -71,7 +55,7 @@ const firefoxJsmConfig = {
     ...outputConfig,
     filename: `${LIBRARY_NAME}.js`,
     libraryTarget: 'var',
-    libraryExport: 'InsecurePairingChannel',
+    libraryExport: 'PairingChannel',
   },
   plugins: plugins(true),
 };
@@ -84,13 +68,57 @@ const babelLibraryConfig = {
     libraryTarget: 'umd',
     umdNamedDefine: true,
   },
-  module: MODULE_CONFIG,
+  module: {
+    rules: [
+      {
+        exclude: /(node_modules)/,
+        test: /(\.jsx|\.js)$/,
+        use: {
+          loader: 'babel-loader',
+          options: {
+            plugins: ['@babel/plugin-transform-runtime'],
+            presets: ['@babel/preset-env'],
+          }
+        }
+      }
+    ]
+  },
+  plugins: plugins(false),
+};
+
+const coverageLibraryConfig = {
+  ...libraryConfig,
+  output: {
+    ...outputConfig,
+    filename: `${LIBRARY_NAME}.babel.umd.coverage.js`,
+    libraryTarget: 'umd',
+    umdNamedDefine: true,
+  },
+  module: {
+    rules: [
+      {
+        exclude: /(node_modules)/,
+        test: /(\.jsx|\.js)$/,
+        use: {
+          loader: 'babel-loader',
+          options: {
+            plugins: ['@babel/plugin-transform-runtime', 'babel-plugin-istanbul'],
+            presets: ['@babel/preset-env'],
+          }
+        }
+      }
+    ]
+  },
+  performance: {
+    hints: false
+  },
   plugins: plugins(false),
 };
 
 const config = [
   firefoxJsmConfig,
   babelLibraryConfig,
+  coverageLibraryConfig,
 ];
 
 module.exports = config;