nlcurl 0.1.0 → 0.2.0

package/dist/fingerprints/extensions.d.ts

@@ -1,49 +1,143 @@
 /**
- * Extension data builders.
+ * Builds the SNI (Server Name Indication) extension payload for the given
+ * hostname, encoded as a TLS `HostName` name list structure per RFC 6066.
  *
- * These helpers produce raw extension_data bytes for various TLS
- * extensions.  They are used by browser profiles to populate the
- * extensions array in a declarative manner.
+ * @param {string} hostname - The ASCII server name to advertise.
+ * @returns {Buffer} Encoded SNI extension data.
  */
-/** Build SNI extension data.  RFC 6066 section 3. */
 export declare function sniData(hostname: string): Buffer;
-/** Build supported_versions extension data (for ClientHello). */
+/**
+ * Builds the `supported_versions` extension payload listing the given TLS
+ * version codes in the order provided.
+ *
+ * @param {number[]} versions - Ordered TLS version codes (e.g. `[0x0304, 0x0303]`).
+ * @returns {Buffer} Encoded supported_versions extension data.
+ */
 export declare function supportedVersionsData(versions: number[]): Buffer;
-/** Build supported_groups extension data. */
+/**
+ * Builds the `supported_groups` extension payload listing the given named
+ * group codes (elliptic curves and finite-field groups).
+ *
+ * @param {number[]} groups - Ordered named group codes (e.g. `[0x001d, 0x0017]`).
+ * @returns {Buffer} Encoded supported_groups extension data.
+ */
 export declare function supportedGroupsData(groups: number[]): Buffer;
-/** Build ec_point_formats extension data. */
+/**
+ * Builds the `ec_point_formats` extension payload specifying the supported
+ * EC point encoding formats.
+ *
+ * @param {number[]} formats - EC point format codes (e.g. `[0]` for uncompressed).
+ * @returns {Buffer} Encoded ec_point_formats extension data.
+ */
 export declare function ecPointFormatsData(formats: number[]): Buffer;
-/** Build signature_algorithms extension data. */
+/**
+ * Builds the `signature_algorithms` extension payload listing the supported
+ * signature scheme codes in the order provided.
+ *
+ * @param {number[]} algs - Ordered signature scheme codes (e.g. `[0x0403, 0x0804]`).
+ * @returns {Buffer} Encoded signature_algorithms extension data.
+ */
 export declare function signatureAlgorithmsData(algs: number[]): Buffer;
-/** Build ALPN extension data. */
+/**
+ * Builds the ALPN (Application-Layer Protocol Negotiation) extension payload
+ * advertising the given protocol name strings in preference order.
+ *
+ * @param {string[]} protocols - Protocol names in preference order (e.g. `['h2', 'http/1.1']`).
+ * @returns {Buffer} Encoded ALPN extension data.
+ */
 export declare function alpnData(protocols: string[]): Buffer;
-/** Build compress_certificate extension data. */
+/**
+ * Builds the `compress_certificate` extension payload listing the supported
+ * certificate compression algorithm codes (RFC 8879).
+ *
+ * @param {number[]} algorithms - Compression algorithm codes (e.g. `[2]` for brotli).
+ * @returns {Buffer} Encoded compress_certificate extension data.
+ */
 export declare function compressCertData(algorithms: number[]): Buffer;
-/** Build psk_key_exchange_modes extension data. */
+/**
+ * Builds the `psk_key_exchange_modes` extension payload specifying the
+ * supported PSK key exchange mode codes.
+ *
+ * @param {number[]} modes - PSK key exchange mode codes (e.g. `[1]` for psk_dhe_ke).
+ * @returns {Buffer} Encoded psk_key_exchange_modes extension data.
+ */
 export declare function pskKeyExchangeModesData(modes: number[]): Buffer;
-/** Build key_share extension data.  Actual key material is filled at
- *  handshake time; this returns a placeholder structure with the
- *  correct groups. */
+/**
+ * Returns an empty buffer as a placeholder for the `key_share` extension.
+ * The actual key share data is computed and injected at ClientHello build time
+ * by the handshake engine, which needs the private keys to complete the DH.
+ *
+ * @param {number[]} groups - Named group codes for which key shares will be generated.
+ * @returns {Buffer} Empty placeholder buffer.
+ */
 export declare function keySharePlaceholder(groups: number[]): Buffer;
-/** Status request (OCSP) extension data -- single responder, no IDs,
- *  no extensions (the common case). */
+/**
+ * Builds the `status_request` extension payload requesting OCSP stapling
+ * from the server (RFC 6066 §8).
+ *
+ * @returns {Buffer} Encoded status_request extension data.
+ */
 export declare function statusRequestData(): Buffer;
-/** Session ticket extension data (empty, requests new ticket). */
+/**
+ * Returns an empty buffer for the `session_ticket` extension, signalling
+ * that the client supports TLS session tickets but has none to present.
+ *
+ * @returns {Buffer} Empty session_ticket extension payload.
+ */
 export declare function sessionTicketData(): Buffer;
-/** Extended master secret extension (empty data). */
+/**
+ * Returns an empty buffer for the `extended_master_secret` extension (RFC 7627),
+ * which signals support for the extended master secret computation.
+ *
+ * @returns {Buffer} Empty extended_master_secret extension payload.
+ */
 export declare function extendedMasterSecretData(): Buffer;
-/** Renegotiation info extension (initial handshake -- single 0 byte). */
+/**
+ * Builds the `renegotiation_info` extension payload with an empty renegotiated
+ * connection field, indicating that this is an initial TLS handshake (RFC 5746).
+ *
+ * @returns {Buffer} Encoded renegotiation_info extension data (`[0x00]`).
+ */
 export declare function renegotiationInfoData(): Buffer;
-/** Signed certificate timestamp extension (empty request). */
+/**
+ * Returns an empty buffer for the `signed_certificate_timestamp` extension
+ * (RFC 6962), signalling SCT support without providing any timestamps.
+ *
+ * @returns {Buffer} Empty SCT extension payload.
+ */
 export declare function sctData(): Buffer;
-/** Record size limit extension data. */
+/**
+ * Builds the `record_size_limit` extension payload (RFC 8449) specifying the
+ * maximum plaintext record size the client is willing to receive.
+ *
+ * @param {number} limit - Maximum record size in bytes (typically 16384 for browsers).
+ * @returns {Buffer} Encoded record_size_limit extension data.
+ */
 export declare function recordSizeLimitData(limit: number): Buffer;
-/** Delegated credentials extension data. */
+/**
+ * Builds the `delegated_credentials` extension payload (RFC 9345) listing
+ * the signature algorithms acceptable for use with delegated credentials.
+ *
+ * @param {number[]} sigAlgs - Signature algorithm codes acceptable for delegated credentials.
+ * @returns {Buffer} Encoded delegated_credentials extension data.
+ */
 export declare function delegatedCredentialsData(sigAlgs: number[]): Buffer;
-/** Application settings (ALPS) extension data. */
+/**
+ * Builds the `application_settings` (ALPS) extension payload for the given
+ * protocol names, a Chrome-specific extension that negotiates application-level
+ * settings over TLS.
+ *
+ * @param {string[]} protocols - ALPN protocol names to include in the ALPS extension.
+ * @returns {Buffer} Encoded application_settings extension data.
+ */
 export declare function applicationSettingsData(protocols: string[]): Buffer;
-/** Encrypted client hello (ECH) -- outer extension with a GREASE
- *  payload so the extension shows in the fingerprint but does not
- *  require real ECH config. */
+/**
+ * Builds a synthetic Encrypted Client Hello (ECH) GREASE extension payload
+ * (draft-ietf-tls-esni). This does not perform real ECH; it emits a
+ * deterministic fake payload that matches the extension structure browsers send
+ * when the server does not advertise real ECH support.
+ *
+ * @returns {Buffer} Encoded ECH GREASE extension data.
+ */
 export declare function echGreaseData(): Buffer;
 //# sourceMappingURL=extensions.d.ts.map

package/dist/fingerprints/extensions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"extensions.d.ts","sourceRoot":"","sources":["../../src/fingerprints/extensions.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAgBH,qDAAqD;AACrD,wBAAgB,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAahD;AAED,iEAAiE;AACjE,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAKhE;AAED,6CAA6C;AAC7C,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAK5D;AAED,6CAA6C;AAC7C,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAK5D;AAED,iDAAiD;AACjD,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAK9D;AAED,iCAAiC;AACjC,wBAAgB,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAcpD;AAED,iDAAiD;AACjD,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAK7D;AAED,mDAAmD;AACnD,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAK/D;AAED;;sBAEsB;AACtB,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAI5D;AAED;uCACuC;AACvC,wBAAgB,iBAAiB,IAAI,MAAM,CAM1C;AAED,kEAAkE;AAClE,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED,qDAAqD;AACrD,wBAAgB,wBAAwB,IAAI,MAAM,CAEjD;AAED,yEAAyE;AACzE,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED,8DAA8D;AAC9D,wBAAgB,OAAO,IAAI,MAAM,CAEhC;AAED,wCAAwC;AACxC,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAIzD;AAED,4CAA4C;AAC5C,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAKlE;AAED,kDAAkD;AAClD,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAcnE;AAED;;+BAE+B;AAC/B,wBAAgB,aAAa,IAAI,MAAM,CAoBtC"}
+{"version":3,"file":"extensions.d.ts","sourceRoot":"","sources":["../../src/fingerprints/extensions.ts"],"names":[],"mappings":"AAaA;;;;;;GAMG;AACH,wBAAgB,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAShD;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAKhE;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAK5D;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAK5D;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAK9D;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAcpD;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAK7D;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAK/D;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAE5D;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAM1C;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,IAAI,MAAM,CAEjD;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED;;;;;GAKG;AACH,wBAAgB,OAAO,IAAI,MAAM,CAEhC;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAIzD;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAKlE;AAED;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAcnE;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAgBtC"}

package/dist/fingerprints/extensions.js

@@ -1,28 +1,28 @@
+import { BufferWriter } from '../utils/buffer-writer.js';
 /**
- * Extension data builders.
+ * Builds the SNI (Server Name Indication) extension payload for the given
+ * hostname, encoded as a TLS `HostName` name list structure per RFC 6066.
  *
- * These helpers produce raw extension_data bytes for various TLS
- * extensions.  They are used by browser profiles to populate the
- * extensions array in a declarative manner.
+ * @param {string} hostname - The ASCII server name to advertise.
+ * @returns {Buffer} Encoded SNI extension data.
  */
-import { BufferWriter } from '../utils/buffer-writer.js';
-// ---- helpers ----
-/** Build SNI extension data.  RFC 6066 section 3. */
 export function sniData(hostname) {
     const host = Buffer.from(hostname, 'ascii');
     const w = new BufferWriter(host.length + 16);
-    // ServerNameList length (2 bytes)
     w.writeUInt16(host.length + 3 + 2);
-    // list length
     w.writeUInt16(host.length + 3);
-    // name_type = host_name (0)
     w.writeUInt8(0);
-    // host name length + data
     w.writeUInt16(host.length);
     w.writeBytes(host);
     return w.toBuffer();
 }
-/** Build supported_versions extension data (for ClientHello). */
+/**
+ * Builds the `supported_versions` extension payload listing the given TLS
+ * version codes in the order provided.
+ *
+ * @param {number[]} versions - Ordered TLS version codes (e.g. `[0x0304, 0x0303]`).
+ * @returns {Buffer} Encoded supported_versions extension data.
+ */
 export function supportedVersionsData(versions) {
     const w = new BufferWriter(1 + versions.length * 2);
     w.writeUInt8(versions.length * 2);
@@ -30,7 +30,13 @@ export function supportedVersionsData(versions) {
         w.writeUInt16(v);
     return w.toBuffer();
 }
-/** Build supported_groups extension data. */
+/**
+ * Builds the `supported_groups` extension payload listing the given named
+ * group codes (elliptic curves and finite-field groups).
+ *
+ * @param {number[]} groups - Ordered named group codes (e.g. `[0x001d, 0x0017]`).
+ * @returns {Buffer} Encoded supported_groups extension data.
+ */
 export function supportedGroupsData(groups) {
     const w = new BufferWriter(2 + groups.length * 2);
     w.writeUInt16(groups.length * 2);
@@ -38,7 +44,13 @@ export function supportedGroupsData(groups) {
         w.writeUInt16(g);
     return w.toBuffer();
 }
-/** Build ec_point_formats extension data. */
+/**
+ * Builds the `ec_point_formats` extension payload specifying the supported
+ * EC point encoding formats.
+ *
+ * @param {number[]} formats - EC point format codes (e.g. `[0]` for uncompressed).
+ * @returns {Buffer} Encoded ec_point_formats extension data.
+ */
 export function ecPointFormatsData(formats) {
     const w = new BufferWriter(1 + formats.length);
     w.writeUInt8(formats.length);
@@ -46,7 +58,13 @@ export function ecPointFormatsData(formats) {
         w.writeUInt8(f);
     return w.toBuffer();
 }
-/** Build signature_algorithms extension data. */
+/**
+ * Builds the `signature_algorithms` extension payload listing the supported
+ * signature scheme codes in the order provided.
+ *
+ * @param {number[]} algs - Ordered signature scheme codes (e.g. `[0x0403, 0x0804]`).
+ * @returns {Buffer} Encoded signature_algorithms extension data.
+ */
 export function signatureAlgorithmsData(algs) {
     const w = new BufferWriter(2 + algs.length * 2);
     w.writeUInt16(algs.length * 2);
@@ -54,7 +72,13 @@ export function signatureAlgorithmsData(algs) {
         w.writeUInt16(a);
     return w.toBuffer();
 }
-/** Build ALPN extension data. */
+/**
+ * Builds the ALPN (Application-Layer Protocol Negotiation) extension payload
+ * advertising the given protocol name strings in preference order.
+ *
+ * @param {string[]} protocols - Protocol names in preference order (e.g. `['h2', 'http/1.1']`).
+ * @returns {Buffer} Encoded ALPN extension data.
+ */
 export function alpnData(protocols) {
     let totalLen = 0;
     const bufs = protocols.map((p) => {
@@ -70,7 +94,13 @@ export function alpnData(protocols) {
     }
     return w.toBuffer();
 }
-/** Build compress_certificate extension data. */
+/**
+ * Builds the `compress_certificate` extension payload listing the supported
+ * certificate compression algorithm codes (RFC 8879).
+ *
+ * @param {number[]} algorithms - Compression algorithm codes (e.g. `[2]` for brotli).
+ * @returns {Buffer} Encoded compress_certificate extension data.
+ */
 export function compressCertData(algorithms) {
     const w = new BufferWriter(1 + algorithms.length * 2);
     w.writeUInt8(algorithms.length * 2);
@@ -78,7 +108,13 @@ export function compressCertData(algorithms) {
         w.writeUInt16(a);
     return w.toBuffer();
 }
-/** Build psk_key_exchange_modes extension data. */
+/**
+ * Builds the `psk_key_exchange_modes` extension payload specifying the
+ * supported PSK key exchange mode codes.
+ *
+ * @param {number[]} modes - PSK key exchange mode codes (e.g. `[1]` for psk_dhe_ke).
+ * @returns {Buffer} Encoded psk_key_exchange_modes extension data.
+ */
 export function pskKeyExchangeModesData(modes) {
     const w = new BufferWriter(1 + modes.length);
     w.writeUInt8(modes.length);
@@ -86,46 +122,85 @@ export function pskKeyExchangeModesData(modes) {
         w.writeUInt8(m);
     return w.toBuffer();
 }
-/** Build key_share extension data.  Actual key material is filled at
- *  handshake time; this returns a placeholder structure with the
- *  correct groups. */
+/**
+ * Returns an empty buffer as a placeholder for the `key_share` extension.
+ * The actual key share data is computed and injected at ClientHello build time
+ * by the handshake engine, which needs the private keys to complete the DH.
+ *
+ * @param {number[]} groups - Named group codes for which key shares will be generated.
+ * @returns {Buffer} Empty placeholder buffer.
+ */
 export function keySharePlaceholder(groups) {
-    // We will compute real key shares at handshake time.
-    // For fingerprinting purposes this is not hashed into JA3.
     return Buffer.alloc(0);
 }
-/** Status request (OCSP) extension data -- single responder, no IDs,
- *  no extensions (the common case). */
+/**
+ * Builds the `status_request` extension payload requesting OCSP stapling
+ * from the server (RFC 6066 §8).
+ *
+ * @returns {Buffer} Encoded status_request extension data.
+ */
 export function statusRequestData() {
     const w = new BufferWriter(5);
-    w.writeUInt8(1); // status_type = ocsp
-    w.writeUInt16(0); // responder_id_list length
-    w.writeUInt16(0); // request_extensions length
+    w.writeUInt8(1);
+    w.writeUInt16(0);
+    w.writeUInt16(0);
     return w.toBuffer();
 }
-/** Session ticket extension data (empty, requests new ticket). */
+/**
+ * Returns an empty buffer for the `session_ticket` extension, signalling
+ * that the client supports TLS session tickets but has none to present.
+ *
+ * @returns {Buffer} Empty session_ticket extension payload.
+ */
 export function sessionTicketData() {
     return Buffer.alloc(0);
 }
-/** Extended master secret extension (empty data). */
+/**
+ * Returns an empty buffer for the `extended_master_secret` extension (RFC 7627),
+ * which signals support for the extended master secret computation.
+ *
+ * @returns {Buffer} Empty extended_master_secret extension payload.
+ */
 export function extendedMasterSecretData() {
     return Buffer.alloc(0);
 }
-/** Renegotiation info extension (initial handshake -- single 0 byte). */
+/**
+ * Builds the `renegotiation_info` extension payload with an empty renegotiated
+ * connection field, indicating that this is an initial TLS handshake (RFC 5746).
+ *
+ * @returns {Buffer} Encoded renegotiation_info extension data (`[0x00]`).
+ */
 export function renegotiationInfoData() {
     return Buffer.from([0]);
 }
-/** Signed certificate timestamp extension (empty request). */
+/**
+ * Returns an empty buffer for the `signed_certificate_timestamp` extension
+ * (RFC 6962), signalling SCT support without providing any timestamps.
+ *
+ * @returns {Buffer} Empty SCT extension payload.
+ */
 export function sctData() {
     return Buffer.alloc(0);
 }
-/** Record size limit extension data. */
+/**
+ * Builds the `record_size_limit` extension payload (RFC 8449) specifying the
+ * maximum plaintext record size the client is willing to receive.
+ *
+ * @param {number} limit - Maximum record size in bytes (typically 16384 for browsers).
+ * @returns {Buffer} Encoded record_size_limit extension data.
+ */
 export function recordSizeLimitData(limit) {
     const w = new BufferWriter(2);
     w.writeUInt16(limit);
     return w.toBuffer();
 }
-/** Delegated credentials extension data. */
+/**
+ * Builds the `delegated_credentials` extension payload (RFC 9345) listing
+ * the signature algorithms acceptable for use with delegated credentials.
+ *
+ * @param {number[]} sigAlgs - Signature algorithm codes acceptable for delegated credentials.
+ * @returns {Buffer} Encoded delegated_credentials extension data.
+ */
 export function delegatedCredentialsData(sigAlgs) {
     const w = new BufferWriter(2 + sigAlgs.length * 2);
     w.writeUInt16(sigAlgs.length * 2);
@@ -133,7 +208,14 @@ export function delegatedCredentialsData(sigAlgs) {
         w.writeUInt16(a);
     return w.toBuffer();
 }
-/** Application settings (ALPS) extension data. */
+/**
+ * Builds the `application_settings` (ALPS) extension payload for the given
+ * protocol names, a Chrome-specific extension that negotiates application-level
+ * settings over TLS.
+ *
+ * @param {string[]} protocols - ALPN protocol names to include in the ALPS extension.
+ * @returns {Buffer} Encoded application_settings extension data.
+ */
 export function applicationSettingsData(protocols) {
     let totalLen = 0;
     const bufs = protocols.map((p) => {
@@ -149,26 +231,27 @@ export function applicationSettingsData(protocols) {
     }
     return w.toBuffer();
 }
-/** Encrypted client hello (ECH) -- outer extension with a GREASE
- *  payload so the extension shows in the fingerprint but does not
- *  require real ECH config. */
+/**
+ * Builds a synthetic Encrypted Client Hello (ECH) GREASE extension payload
+ * (draft-ietf-tls-esni). This does not perform real ECH; it emits a
+ * deterministic fake payload that matches the extension structure browsers send
+ * when the server does not advertise real ECH support.
+ *
+ * @returns {Buffer} Encoded ECH GREASE extension data.
+ */
 export function echGreaseData() {
-    // Type = outer (0), followed by a random GREASE cipher suite and
-    // dummy payload.  This mirrors Chrome's GREASE ECH behavior.
     const w = new BufferWriter(8 + 32);
-    w.writeUInt8(0); // ECHClientHelloType = outer
-    // HpkeCipherSuite
-    w.writeUInt16(0x0020); // KEM: DHKEM(X25519, HKDF-SHA256)
-    w.writeUInt16(0x0001); // KDF: HKDF-SHA256
-    w.writeUInt16(0x0001); // AEAD: AES-128-GCM
-    w.writeUInt8(0); // config_id
-    w.writeUInt16(32); // enc length
+    w.writeUInt8(0);
+    w.writeUInt16(0x0020);
+    w.writeUInt16(0x0001);
+    w.writeUInt16(0x0001);
+    w.writeUInt8(0);
+    w.writeUInt16(32);
     const enc = Buffer.alloc(32);
-    // Fill with random-looking but deterministic bytes for GREASE
     for (let i = 0; i < 32; i++)
         enc[i] = (i * 37 + 7) & 0xff;
     w.writeBytes(enc);
-    w.writeUInt16(16); // payload length
+    w.writeUInt16(16);
     const payload = Buffer.alloc(16);
     for (let i = 0; i < 16; i++)
         payload[i] = (i * 53 + 13) & 0xff;

package/dist/fingerprints/extensions.js.map

@@ -1 +1 @@
-{"version":3,"file":"extensions.js","sourceRoot":"","sources":["../../src/fingerprints/extensions.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAYzD,oBAAoB;AAEpB,qDAAqD;AACrD,MAAM,UAAU,OAAO,CAAC,QAAgB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC7C,kCAAkC;IAClC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACnC,cAAc;IACd,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,4BAA4B;IAC5B,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChB,0BAA0B;IAC1B,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACnB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,iEAAiE;AACjE,MAAM,UAAU,qBAAqB,CAAC,QAAkB;IACtD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACpD,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,mBAAmB,CAAC,MAAgB;IAClD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjC,KAAK,MAAM,CAAC,IAAI,MAAM;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,kBAAkB,CAAC,OAAiB;IAClD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,iDAAiD;AACjD,MAAM,UAAU,uBAAuB,CAAC,IAAc;IACpD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAChD,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,iCAAiC;AACjC,MAAM,UAAU,QAAQ,CAAC,SAAmB;IAC1C,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAClC,QAAQ,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QACzB,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC;IACzC,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,iDAAiD;AACjD,MAAM,UAAU,gBAAgB,CAAC,UAAoB;IACnD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,UAAU;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAC7C,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,uBAAuB,CAAC,KAAe;IACrD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;sBAEsB;AACtB,MAAM,UAAU,mBAAmB,CAAC,MAAgB;IAClD,qDAAqD;IACrD,2DAA2D;IAC3D,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED;uCACuC;AACvC,MAAM,UAAU,iBAAiB;IAC/B,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB;IACtC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC7C,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,4BAA4B;IAC9C,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,iBAAiB;IAC/B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,qDAAqD;AACrD,MAAM,UAAU,wBAAwB;IACtC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,qBAAqB;IACnC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1B,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,OAAO;IACrB,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IACrB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,wBAAwB,CAAC,OAAiB;IACxD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAC1C,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,kDAAkD;AAClD,MAAM,UAAU,uBAAuB,CAAC,SAAmB;IACzD,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAClC,QAAQ,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QACzB,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC;IACzC,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;+BAE+B;AAC/B,MAAM,UAAU,aAAa;IAC3B,iEAAiE;IACjE,6DAA6D;IAC7D,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACnC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,6BAA6B;IAC9C,kBAAkB;IAClB,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,kCAAkC;IACzD,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,mBAAmB;IAC1C,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,oBAAoB;IAC3C,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY;IAC7B,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa;IAChC,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7B,8DAA8D;IAC9D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;IAC1D,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,iBAAiB;IACpC,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC;IAC/D,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACtB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC"}
+{"version":3,"file":"extensions.js","sourceRoot":"","sources":["../../src/fingerprints/extensions.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAYzD;;;;;;GAMG;AACH,MAAM,UAAU,OAAO,CAAC,QAAgB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACnC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChB,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACnB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAkB;IACtD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACpD,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAgB;IAClD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjC,KAAK,MAAM,CAAC,IAAI,MAAM;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAiB;IAClD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAc;IACpD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAChD,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,QAAQ,CAAC,SAAmB;IAC1C,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAClC,QAAQ,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QACzB,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC;IACzC,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAoB;IACnD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,UAAU;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAC7C,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAAe;IACrD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAgB;IAClD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IACjB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,OAAO;IACrB,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IACrB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAiB;IACxD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAC1C,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAAmB;IACzD,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAClC,QAAQ,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QACzB,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC;IACzC,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACnC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChB,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChB,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;IAC1D,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC;IAC/D,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACtB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC"}

package/dist/fingerprints/ja3.d.ts

@@ -1,32 +1,48 @@
-/**
- * JA3 and JA3N fingerprint computation.
- *
- * JA3 hashes the TLS ClientHello parameters into a stable identifier
- * that fingerprint detection systems use to identify client software.
- *
- * JA3 format: SSLVersion,Ciphers,Extensions,EllipticCurves,EllipticCurvePointFormats
- * Each field is a dash-separated list of decimal values.
- *
- * GREASE values (RFC 8701) are excluded from the hash, matching the
- * canonical JA3 specification.
- */
 import type { TLSProfile } from './types.js';
 /**
- * Build the raw JA3 string from TLS profile parameters.
+ * Computes the JA3 string representation of a TLS profile. The string is a
+ * comma-separated tuple of `version`, cipher codes, extension type codes,
+ * supported-group codes, and EC point format codes, all encoded as
+ * dash-separated decimal lists (GREASE values filtered out).
+ *
+ * @param {TLSProfile} profile - The TLS profile to fingerprint.
+ * @returns {string} The JA3 fingerprint string.
  *
- * The string is not hashed -- call `ja3Hash` for the MD5 digest.
+ * @example
+ * const str = ja3String(chromeLatest.tls);
+ * // => "771,4865-4866-...,0-23-...,29-23-24,0"
  */
 export declare function ja3String(profile: TLSProfile): string;
 /**
- * Compute the JA3 hash (MD5 of the JA3 string).
+ * Computes the MD5 hash of the JA3 string for the given TLS profile.
+ * The resulting 32-character hex digest is the canonical JA3 fingerprint
+ * used in network monitoring and fingerprinting detection.
+ *
+ * @param {TLSProfile} profile - The TLS profile to fingerprint.
+ * @returns {string} The 32-character lowercase hex JA3 MD5 hash.
+ *
+ * @example
+ * const hash = ja3Hash(chromeLatest.tls);
+ * // => "cd08e31494f9531f560d64c695473da9"
  */
 export declare function ja3Hash(profile: TLSProfile): string;
 /**
- * Compute JA3N (normalized) hash.
+ * Computes the JA3N (normalised) string for a TLS profile. Unlike
+ * {@link ja3String}, all numeric lists are sorted before joining, which
+ * makes the fingerprint order-independent and useful for comparing profiles
+ * that advertise the same capabilities in different orders.
  *
- * JA3N sorts the cipher suites and extensions before hashing,
- * reducing sensitivity to ordering differences.
+ * @param {TLSProfile} profile - The TLS profile to fingerprint.
+ * @returns {string} The JA3N fingerprint string with sorted field lists.
  */
 export declare function ja3nString(profile: TLSProfile): string;
+/**
+ * Computes the MD5 hash of the JA3N (normalised) string for the given TLS
+ * profile. JA3N hashes are order-independent, making them suitable for
+ * grouping profiles by capability set regardless of advertisement order.
+ *
+ * @param {TLSProfile} profile - The TLS profile to fingerprint.
+ * @returns {string} The 32-character lowercase hex JA3N MD5 hash.
+ */
 export declare function ja3nHash(profile: TLSProfile): string;
 //# sourceMappingURL=ja3.d.ts.map

package/dist/fingerprints/ja3.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ja3.d.ts","sourceRoot":"","sources":["../../src/fingerprints/ja3.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAY7C;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAUrD;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAEnD;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAgBtD;AAED,wBAAgB,QAAQ,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAEpD"}
+{"version":3,"file":"ja3.d.ts","sourceRoot":"","sources":["../../src/fingerprints/ja3.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAY7C;;;;;;;;;;;;GAYG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAUrD;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,OAAO,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAEnD;AAED;;;;;;;;GAQG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAgBtD;AAED;;;;;;;GAOG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAEpD"}

package/dist/fingerprints/ja3.js

@@ -1,15 +1,3 @@
-/**
- * JA3 and JA3N fingerprint computation.
- *
- * JA3 hashes the TLS ClientHello parameters into a stable identifier
- * that fingerprint detection systems use to identify client software.
- *
- * JA3 format: SSLVersion,Ciphers,Extensions,EllipticCurves,EllipticCurvePointFormats
- * Each field is a dash-separated list of decimal values.
- *
- * GREASE values (RFC 8701) are excluded from the hash, matching the
- * canonical JA3 specification.
- */
 import { createHash } from 'node:crypto';
 import { GREASE_VALUES } from '../tls/constants.js';
 const GREASE_SET = new Set(GREASE_VALUES);
@@ -20,9 +8,17 @@ function filterGrease(values) {
     return values.filter((v) => !isGrease(v));
 }
 /**
- * Build the raw JA3 string from TLS profile parameters.
+ * Computes the JA3 string representation of a TLS profile. The string is a
+ * comma-separated tuple of `version`, cipher codes, extension type codes,
+ * supported-group codes, and EC point format codes, all encoded as
+ * dash-separated decimal lists (GREASE values filtered out).
+ *
+ * @param {TLSProfile} profile - The TLS profile to fingerprint.
+ * @returns {string} The JA3 fingerprint string.
  *
- * The string is not hashed -- call `ja3Hash` for the MD5 digest.
+ * @example
+ * const str = ja3String(chromeLatest.tls);
+ * // => "771,4865-4866-...,0-23-...,29-23-24,0"
  */
 export function ja3String(profile) {
     const version = profile.clientVersion;
@@ -33,16 +29,28 @@ export function ja3String(profile) {
     return `${version},${ciphers},${extensions},${groups},${formats}`;
 }
 /**
- * Compute the JA3 hash (MD5 of the JA3 string).
+ * Computes the MD5 hash of the JA3 string for the given TLS profile.
+ * The resulting 32-character hex digest is the canonical JA3 fingerprint
+ * used in network monitoring and fingerprinting detection.
+ *
+ * @param {TLSProfile} profile - The TLS profile to fingerprint.
+ * @returns {string} The 32-character lowercase hex JA3 MD5 hash.
+ *
+ * @example
+ * const hash = ja3Hash(chromeLatest.tls);
+ * // => "cd08e31494f9531f560d64c695473da9"
  */
 export function ja3Hash(profile) {
     return createHash('md5').update(ja3String(profile)).digest('hex');
 }
 /**
- * Compute JA3N (normalized) hash.
+ * Computes the JA3N (normalised) string for a TLS profile. Unlike
+ * {@link ja3String}, all numeric lists are sorted before joining, which
+ * makes the fingerprint order-independent and useful for comparing profiles
+ * that advertise the same capabilities in different orders.
  *
- * JA3N sorts the cipher suites and extensions before hashing,
- * reducing sensitivity to ordering differences.
+ * @param {TLSProfile} profile - The TLS profile to fingerprint.
+ * @returns {string} The JA3N fingerprint string with sorted field lists.
  */
 export function ja3nString(profile) {
     const version = profile.clientVersion;
@@ -58,6 +66,14 @@ export function ja3nString(profile) {
     const formats = (profile.ecPointFormats ?? []).sort((a, b) => a - b).join('-');
     return `${version},${ciphers},${extensions},${groups},${formats}`;
 }
+/**
+ * Computes the MD5 hash of the JA3N (normalised) string for the given TLS
+ * profile. JA3N hashes are order-independent, making them suitable for
+ * grouping profiles by capability set regardless of advertisement order.
+ *
+ * @param {TLSProfile} profile - The TLS profile to fingerprint.
+ * @returns {string} The 32-character lowercase hex JA3N MD5 hash.
+ */
 export function ja3nHash(profile) {
     return createHash('md5').update(ja3nString(profile)).digest('hex');
 }