nlcurl 0.1.0

package/dist/tls/stealth/handshake.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handshake.js","sourceRoot":"","sources":["../../../src/tls/stealth/handshake.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEvG,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EACL,UAAU,EACV,aAAa,EACb,eAAe,EACf,WAAW,EACX,UAAU,GAEX,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAGhD,OAAO,EACL,gBAAgB,GAGjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,UAAU,EACV,WAAW,EACX,mBAAmB,EACnB,qBAAqB,GAItB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAGL,mBAAmB,EACnB,qBAAqB,EACrB,YAAY,EACZ,yBAAyB,EACzB,YAAY,GAGb,MAAM,mBAAmB,CAAC;AAE3B,8CAA8C;AAE9C,SAAS,YAAY,CAAC,KAAa;IACjC,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,WAAW,CAAC,sBAAsB;YACrC,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,QAAQ,CAAC;IACpB,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,WAAW,CAAC,sBAAsB;YACrC,OAAO,aAAa,CAAC;QACvB,KAAK,WAAW,CAAC,sBAAsB;YACrC,OAAO,aAAa,CAAC;QACvB,KAAK,WAAW,CAAC,4BAA4B;YAC3C,OAAO,mBAAmB,CAAC;QAC7B;YACE,OAAO,aAAa,CAAC;IACzB,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,WAAW,CAAC,sBAAsB;YACrC,OAAO,wBAAwB,CAAC;QAClC,KAAK,WAAW,CAAC,sBAAsB;YACrC,OAAO,wBAAwB,CAAC;QAClC,KAAK,WAAW,CAAC,4BAA4B;YAC3C,OAAO,8BAA8B,CAAC;QACxC;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,yBAAyB;AAEzB,SAAS,mBAAmB,CAC1B,WAAmB,EACnB,eAAuB,EACvB,eAAgC;IAEhC,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,KAAK,WAAW,CAAC,CAAC;IACxE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,QAAQ,CAChB,2BAA2B,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,0BAA0B,CAC9E,CAAC;IACJ,CAAC;IAED,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;YACvB,qCAAqC;YACrC,MAAM,OAAO,GAAG,gBAAgB,CAAC;gBAC/B,GAAG,EAAE,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC1C,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,OAAO;aACd,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,eAAe,CAAC;gBAC7B,GAAG,EAAE,eAAe,CAAC,eAAe,CAAC;gBACrC,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;YACH,OAAO,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAChF,CAAC;QACD,KAAK,UAAU,CAAC,SAAS,CAAC;QAC1B,KAAK,UAAU,CAAC,SAAS,CAAC;QAC1B,KAAK,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;YAC1B,MAAM,SAAS,GACb,WAAW,KAAK,UAAU,CAAC,SAAS;gBAClC,CAAC,CAAC,YAAY;gBACd,CAAC,CAAC,WAAW,KAAK,UAAU,CAAC,SAAS;oBACpC,CAAC,CAAC,WAAW;oBACb,CAAC,CAAC,WAAW,CAAC;YACpB,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;YACnC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACxC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD;YACE,MAAM,IAAI,QAAQ,CAChB,qCAAqC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAChE,CAAC;IACN,CAAC;AACH,CAAC;AAED,0BAA0B;AAC1B,SAAS,gBAAgB,CAAC,UAAkB;IAC1C,uCAAuC;IACvC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC;QACzB,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;QAC9C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;KAC/C,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,eAAe,CAAC,SAAiB;IACxC,oCAAoC;IACpC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC;QACzB,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;QAC9C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;KACvB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,4BAA4B;AAE5B,MAAM,CAAN,IAAY,cASX;AATD,WAAY,cAAc;IACxB,yDAAO,CAAA;IACP,+EAAkB,CAAA;IAClB,+FAA0B,CAAA;IAC1B,+EAAkB,CAAA;IAClB,2FAAwB,CAAA;IACxB,yEAAe,CAAA;IACf,6DAAS,CAAA;IACT,uDAAM,CAAA;AACR,CAAC,EATW,cAAc,KAAd,cAAc,QASzB;AAmBD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAkB,EAClB,OAAuB,EACvB,QAAgB,EAChB,QAAiB;IAEjB,gCAAgC;IAChC,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACxD,MAAM,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAE9C,gCAAgC;IAChC,MAAM,OAAO,GAAkB,QAAQ,CAAC,CAAC,oCAAoC;IAC7E,IAAI,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC1C,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;IAEpD,sBAAsB;IACtB,MAAM,iBAAiB,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC5D,IAAI,iBAAiB,CAAC,IAAI,KAAK,UAAU,CAAC,SAAS,EAAE,CAAC;QACpD,IAAI,iBAAiB,CAAC,IAAI,KAAK,UAAU,CAAC,KAAK,EAAE,CAAC;YAChD,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAChD,MAAM,IAAI,QAAQ,CAChB,4BAA4B,UAAU,SAAS,SAAS,EAAE,EAC1D,SAAS,CACV,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,QAAQ,CAAC,sCAAsC,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtF,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;IACpC,IAAI,MAAM,KAAK,aAAa,CAAC,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,QAAQ,CAAC,2CAA2C,GAAG,MAAM,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;IACvC,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC5C,cAAc,CAAC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAElD,oBAAoB;IACpB,MAAM,EAAE,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAEpC,yDAAyD;IACzD,MAAM,cAAc,GAAG,YAAY,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC;IACpD,IAAI,cAAc,KAAK,QAAQ,EAAE,CAAC;QAChC,0CAA0C;QAC1C,cAAc,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC;QAC5C,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACpD,cAAc,CAAC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,IAAI,GAAG,YAAY,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC;IAC1C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAEnE,kBAAkB;IAClB,MAAM,YAAY,GAAG,mBAAmB,CACtC,EAAE,CAAC,aAAa,EAChB,EAAE,CAAC,iBAAiB,EACpB,WAAW,CAAC,SAAS,CACtB,CAAC;IAEF,2BAA2B;IAC3B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9D,MAAM,aAAa,GAAG,mBAAmB,CACvC,cAAc,EACd,YAAY,EACZ,SAAS,EACT,MAAM,EACN,KAAK,CACN,CAAC;IAEF,oCAAoC;IACpC,IAAI,SAAS,GAAG,EAAE,CAAC;IACnB,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,wDAAwD;IACxD,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACpC,IAAI,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEjC,OAAO,CAAC,WAAW,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAEjD,wCAAwC;QACxC,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,kBAAkB,EAAE,CAAC;YAClD,SAAS;QACX,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,KAAK,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,MAAM,IAAI,QAAQ,CAChB,kCAAkC,IAAI,EAAE,EACxC,IAAI,CACL,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,gBAAgB,EAAE,CAAC;YAChD,MAAM,IAAI,QAAQ,CAChB,4CAA4C,MAAM,CAAC,IAAI,EAAE,CAC1D,CAAC;QACJ,CAAC;QAED,UAAU;QACV,MAAM,SAAS,GAAG,qBAAqB,CACrC,IAAI,EACJ,aAAa,CAAC,kBAAkB,EAChC,aAAa,CAAC,iBAAiB,EAC/B,SAAS,EAAE,EACX,MAAM,CACP,CAAC;QAEF,IAAI,SAAS,CAAC,WAAW,KAAK,UAAU,CAAC,SAAS,EAAE,CAAC;YACnD,IAAI,SAAS,CAAC,WAAW,KAAK,UAAU,CAAC,KAAK,EAAE,CAAC;gBAC/C,MAAM,IAAI,QAAQ,CAAC,6BAA6B,CAAC,CAAC;YACpD,CAAC;YACD,SAAS;QACX,CAAC;QAED,oDAAoD;QACpD,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,OAAO,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YAC3C,IAAI,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,MAAM,GAAG,CAAC;gBAAE,MAAM;YACnD,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,CAAE,CAAC;YAC7C,MAAM,MAAM,GACV,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAE,IAAI,EAAE,CAAC;gBACxC,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAE,IAAI,CAAC,CAAC;gBACvC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;YACnC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC;YACnC,IAAI,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM;gBAAE,MAAM;YAE/C,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC7D,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAE/B,QAAQ,OAAO,EAAE,CAAC;gBAChB,KAAK,aAAa,CAAC,oBAAoB,CAAC,CAAC,CAAC;oBACxC,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;oBAChE,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;oBAChD,MAAM;gBACR,CAAC;gBACD,KAAK,aAAa,CAAC,WAAW;oBAC5B,+CAA+C;oBAC/C,yDAAyD;oBACzD,8CAA8C;oBAC9C,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACd,sDAAsD;wBACtD,uDAAuD;wBACvD,wCAAwC;oBAC1C,CAAC;oBACD,MAAM;gBACR,KAAK,aAAa,CAAC,kBAAkB;oBACnC,mDAAmD;oBACnD,6DAA6D;oBAC7D,+DAA+D;oBAC/D,MAAM;gBACR,KAAK,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC5B,yBAAyB;oBACzB,MAAM,kBAAkB,GAAG,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;oBAC5E,MAAM,qBAAqB,GAAG,YAAY,CACxC,cAAc,EACd,aAAa,CAAC,eAAe,EAC7B,cAAc,EACd,SAAS,CACV,CAAC;oBACF,MAAM,cAAc,GAAG,yBAAyB,CAC9C,cAAc,EACd,qBAAqB,EACrB,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,CAAC,CAC5C,CAAC;oBACF,+DAA+D;oBAC/D,2DAA2D;oBAC3D,6DAA6D;oBAC7D,iDAAiD;oBACjD,WAAW,GAAG,IAAI,CAAC;oBACnB,MAAM;gBACR,CAAC;gBACD;oBACE,yCAAyC;oBACzC,MAAM;YACV,CAAC;YAED,MAAM,GAAG,MAAM,CAAC;QAClB,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,MAAM,SAAS,GAAG,WAAW,CAAC,UAAU,CAAC,kBAAkB,EAAE,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxG,MAAM,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAErC,wBAAwB;IACxB,MAAM,qBAAqB,GAAG,YAAY,CACxC,cAAc,EACd,aAAa,CAAC,eAAe,EAC7B,cAAc,EACd,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;IACjE,MAAM,gBAAgB,GAAG,yBAAyB,CAChD,cAAc,EACd,qBAAqB,EACrB,YAAY,CACb,CAAC;IAEF,mCAAmC;IACnC,MAAM,WAAW,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAClE,WAAW,CAAC,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC/C,WAAW,CAAC,WAAW,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACjD,WAAW,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAG,WAAW,CAAC,QAAQ,EAAE,CAAC;IAEhD,cAAc,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAExC,mCAAmC;IACnC,MAAM,iBAAiB,GAAG,mBAAmB,CAC3C,IAAI,EACJ,aAAa,CAAC,kBAAkB,EAChC,aAAa,CAAC,iBAAiB,EAC/B,EAAE,EACF,UAAU,CAAC,SAAS,EACpB,gBAAgB,CACjB,CAAC;IACF,MAAM,WAAW,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAE7C,6BAA6B;IAC7B,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,qBAAqB,CACnC,cAAc,EACd,aAAa,CAAC,YAAY,EAC1B,aAAa,EACb,MAAM,EACN,KAAK,CACN,CAAC;IAEF,OAAO;QACL,YAAY;QACZ,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC,WAAW,CAAC;QAClC,OAAO,EAAE,SAAS;QAClB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,IAAI;KACL,CAAC;AACJ,CAAC;AAaD,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC;IAEjC,MAAM,aAAa,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACrC,MAAM,YAAY,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC;IACnC,MAAM,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;IACnC,MAAM,iBAAiB,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC;IAExC,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,iBAAiB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACxC,IAAI,eAAe,GAAG,aAAa,CAAC;IAEpC,aAAa;IACb,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,GAAG,MAAM,CAAC;QAEnC,OAAO,CAAC,CAAC,QAAQ,GAAG,MAAM,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YAExC,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;gBACvB,qBAAqB;gBACrB,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC5C,CAAC;iBAAM,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;gBAC9B,YAAY;gBACZ,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC;gBAC3C,aAAa,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACtC,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACrC,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,YAAY;QACZ,SAAS;QACT,WAAW;QACX,aAAa;QACb,iBAAiB;QACjB,eAAe;KAChB,CAAC;AACJ,CAAC;AAED,wCAAwC;AAExC,SAAS,wBAAwB,CAAC,IAAY;IAC5C,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,IAAI,GAAkB,IAAI,CAAC;IAE/B,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACjC,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,GAAG,MAAM,CAAC;IAEnC,OAAO,CAAC,CAAC,QAAQ,GAAG,MAAM,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAExC,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACvB,OAAO;YACP,MAAM,UAAU,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC;YACxC,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;gBAChB,MAAM,QAAQ,GAAG,UAAU,CAAC,SAAS,EAAE,CAAC;gBACxC,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+BAA+B;AAE/B,SAAS,WAAW,CAAC,MAAkB,EAAE,IAAY;IACnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,IAAI,GAAG;gBAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;;gBACtC,OAAO,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAkB;IAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,CAAC,KAAa,EAAE,EAAE;YAC/B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACxC,QAAQ,EAAE,CAAC;QACb,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,CAAC,GAAU,EAAE,EAAE;YAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YACpC,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,GAAG,EAAE;YACnB,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,QAAQ,CAAC,oCAAoC,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,GAAG,EAAE;YACnB,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACtC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACxC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC1C,CAAC,CAAC;QAEF,MAAM,QAAQ,GAAG,GAAG,EAAE;YACpB,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACrC,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,GAAG,IAAI,CAAC;gBACf,OAAO,EAAE,CAAC;gBACV,2BAA2B;gBAC3B,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;oBACrC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;gBACpD,CAAC;gBACD,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE9B,yCAAyC;QACzC,QAAQ,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/tls/stealth/key-schedule.d.ts

@@ -0,0 +1,85 @@
+/**
+ * TLS 1.3 key schedule.
+ *
+ * Implements the HKDF-based key derivation defined in RFC 8446 section 7.
+ * Uses only `node:crypto` -- zero external dependencies.
+ */
+export type HashAlgorithm = 'sha256' | 'sha384';
+/** Hash output length in bytes. */
+export declare function hashLength(alg: HashAlgorithm): number;
+/**
+ * HKDF-Extract (RFC 5869 section 2.2).
+ *
+ * Returns a pseudo-random key of `hashLength(alg)` bytes.
+ */
+export declare function hkdfExtract(alg: HashAlgorithm, salt: Buffer, ikm: Buffer): Buffer;
+/**
+ * HKDF-Expand-Label (RFC 8446 section 7.1).
+ *
+ *   HKDF-Expand-Label(Secret, Label, Context, Length) =
+ *     HKDF-Expand(Secret, HkdfLabel, Length)
+ *
+ *   struct {
+ *     uint16 length = Length;
+ *     opaque label<7..255> = "tls13 " + Label;
+ *     opaque context<0..255> = Context;
+ *   } HkdfLabel;
+ */
+export declare function hkdfExpandLabel(alg: HashAlgorithm, secret: Buffer, label: string, context: Buffer, length: number): Buffer;
+/**
+ * Derive-Secret (RFC 8446 section 7.1).
+ *
+ *   Derive-Secret(Secret, Label, Messages) =
+ *     HKDF-Expand-Label(Secret, Label, Transcript-Hash(Messages), Hash.length)
+ */
+export declare function deriveSecret(alg: HashAlgorithm, secret: Buffer, label: string, transcriptHash: Buffer): Buffer;
+/**
+ * Compute transcript hash incrementally.
+ */
+export { createHash } from 'node:crypto';
+/**
+ * Zero-length secret for the initial extract stage.
+ */
+export declare function zeroKey(alg: HashAlgorithm): Buffer;
+export interface HandshakeKeys {
+    clientHandshakeKey: Buffer;
+    clientHandshakeIV: Buffer;
+    serverHandshakeKey: Buffer;
+    serverHandshakeIV: Buffer;
+    handshakeSecret: Buffer;
+    /** Master secret (used to derive application keys after Finished). */
+    masterSecret: Buffer;
+}
+export interface ApplicationKeys {
+    clientKey: Buffer;
+    clientIV: Buffer;
+    serverKey: Buffer;
+    serverIV: Buffer;
+}
+/**
+ * Key and IV length for a cipher suite.
+ */
+export declare function keyIVLengths(cipherName: string): {
+    keyLen: number;
+    ivLen: number;
+};
+/**
+ * Derive handshake traffic keys from the shared secret and transcript hash.
+ *
+ * This implements the Early Secret -> Handshake Secret portion of the
+ * RFC 8446 key schedule.
+ */
+export declare function deriveHandshakeKeys(alg: HashAlgorithm, sharedSecret: Buffer, helloHash: Buffer, keyLen: number, ivLen: number): HandshakeKeys;
+/**
+ * Derive application traffic keys from the master secret and the
+ * full handshake transcript hash.
+ */
+export declare function deriveApplicationKeys(alg: HashAlgorithm, masterSecret: Buffer, handshakeHash: Buffer, keyLen: number, ivLen: number): ApplicationKeys;
+/**
+ * Build the Finished verify_data.
+ *
+ *   finished_key = HKDF-Expand-Label(BaseKey, "finished", "", Hash.length)
+ *   verify_data  = HMAC(finished_key, Transcript-Hash(Handshake Context))
+ */
+export declare function computeFinishedVerifyData(alg: HashAlgorithm, baseSecret: Buffer, transcriptHash: Buffer): Buffer;
+//# sourceMappingURL=key-schedule.d.ts.map

package/dist/tls/stealth/key-schedule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-schedule.d.ts","sourceRoot":"","sources":["../../../src/tls/stealth/key-schedule.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEhD,mCAAmC;AACnC,wBAAgB,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAErD;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CACzB,GAAG,EAAE,aAAa,EAClB,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,MAAM,GACV,MAAM,CAER;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAC7B,GAAG,EAAE,aAAa,EAClB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,MAAM,CAeR;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAC1B,GAAG,EAAE,aAAa,EAClB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,MAAM,GACrB,MAAM,CAER;AAED;;GAEG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;GAEG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAElD;AAID,MAAM,WAAW,aAAa;IAC5B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,sEAAsE;IACtE,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAQlF;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,aAAa,EAClB,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GACZ,aAAa,CAgCf;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,aAAa,EAClB,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GACZ,eAAe,CAUjB;AAWD;;;;;GAKG;AACH,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,aAAa,EAClB,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,MAAM,GACrB,MAAM,CASR"}

package/dist/tls/stealth/key-schedule.js

@@ -0,0 +1,141 @@
+/**
+ * TLS 1.3 key schedule.
+ *
+ * Implements the HKDF-based key derivation defined in RFC 8446 section 7.
+ * Uses only `node:crypto` -- zero external dependencies.
+ */
+import { createHmac, hkdfSync } from 'node:crypto';
+/** Hash output length in bytes. */
+export function hashLength(alg) {
+    return alg === 'sha256' ? 32 : 48;
+}
+/**
+ * HKDF-Extract (RFC 5869 section 2.2).
+ *
+ * Returns a pseudo-random key of `hashLength(alg)` bytes.
+ */
+export function hkdfExtract(alg, salt, ikm) {
+    return Buffer.from(createHmac(alg, salt).update(ikm).digest());
+}
+/**
+ * HKDF-Expand-Label (RFC 8446 section 7.1).
+ *
+ *   HKDF-Expand-Label(Secret, Label, Context, Length) =
+ *     HKDF-Expand(Secret, HkdfLabel, Length)
+ *
+ *   struct {
+ *     uint16 length = Length;
+ *     opaque label<7..255> = "tls13 " + Label;
+ *     opaque context<0..255> = Context;
+ *   } HkdfLabel;
+ */
+export function hkdfExpandLabel(alg, secret, label, context, length) {
+    const fullLabel = Buffer.from('tls13 ' + label, 'ascii');
+    const hkdfLabel = Buffer.alloc(2 + 1 + fullLabel.length + 1 + context.length);
+    let offset = 0;
+    hkdfLabel.writeUInt16BE(length, offset);
+    offset += 2;
+    hkdfLabel[offset++] = fullLabel.length;
+    fullLabel.copy(hkdfLabel, offset);
+    offset += fullLabel.length;
+    hkdfLabel[offset++] = context.length;
+    context.copy(hkdfLabel, offset);
+    return Buffer.from(hkdfSync(alg, secret, hkdfLabel, Buffer.alloc(0), length));
+}
+/**
+ * Derive-Secret (RFC 8446 section 7.1).
+ *
+ *   Derive-Secret(Secret, Label, Messages) =
+ *     HKDF-Expand-Label(Secret, Label, Transcript-Hash(Messages), Hash.length)
+ */
+export function deriveSecret(alg, secret, label, transcriptHash) {
+    return hkdfExpandLabel(alg, secret, label, transcriptHash, hashLength(alg));
+}
+/**
+ * Compute transcript hash incrementally.
+ */
+export { createHash } from 'node:crypto';
+/**
+ * Zero-length secret for the initial extract stage.
+ */
+export function zeroKey(alg) {
+    return Buffer.alloc(hashLength(alg));
+}
+/**
+ * Key and IV length for a cipher suite.
+ */
+export function keyIVLengths(cipherName) {
+    if (cipherName.includes('AES_128')) {
+        return { keyLen: 16, ivLen: 12 };
+    }
+    if (cipherName.includes('AES_256') || cipherName.includes('CHACHA20')) {
+        return { keyLen: 32, ivLen: 12 };
+    }
+    return { keyLen: 16, ivLen: 12 };
+}
+/**
+ * Derive handshake traffic keys from the shared secret and transcript hash.
+ *
+ * This implements the Early Secret -> Handshake Secret portion of the
+ * RFC 8446 key schedule.
+ */
+export function deriveHandshakeKeys(alg, sharedSecret, helloHash, keyLen, ivLen) {
+    // 1. Early secret = HKDF-Extract(salt=0, IKM=0)
+    const earlySecret = hkdfExtract(alg, Buffer.alloc(hashLength(alg)), zeroKey(alg));
+    // 2. Derive salt for handshake secret
+    const derivedSalt = deriveSecret(alg, earlySecret, 'derived', emptyHash(alg));
+    // 3. Handshake secret = HKDF-Extract(salt=derived, IKM=shared_secret)
+    const handshakeSecret = hkdfExtract(alg, derivedSalt, sharedSecret);
+    // 4. Client/server handshake traffic secrets
+    const clientSecret = deriveSecret(alg, handshakeSecret, 'c hs traffic', helloHash);
+    const serverSecret = deriveSecret(alg, handshakeSecret, 's hs traffic', helloHash);
+    // 5. Traffic keys
+    const clientHandshakeKey = hkdfExpandLabel(alg, clientSecret, 'key', Buffer.alloc(0), keyLen);
+    const clientHandshakeIV = hkdfExpandLabel(alg, clientSecret, 'iv', Buffer.alloc(0), ivLen);
+    const serverHandshakeKey = hkdfExpandLabel(alg, serverSecret, 'key', Buffer.alloc(0), keyLen);
+    const serverHandshakeIV = hkdfExpandLabel(alg, serverSecret, 'iv', Buffer.alloc(0), ivLen);
+    // 6. Master secret derivation
+    const derivedMasterSalt = deriveSecret(alg, handshakeSecret, 'derived', emptyHash(alg));
+    const masterSecret = hkdfExtract(alg, derivedMasterSalt, zeroKey(alg));
+    return {
+        clientHandshakeKey,
+        clientHandshakeIV,
+        serverHandshakeKey,
+        serverHandshakeIV,
+        handshakeSecret,
+        masterSecret,
+    };
+}
+/**
+ * Derive application traffic keys from the master secret and the
+ * full handshake transcript hash.
+ */
+export function deriveApplicationKeys(alg, masterSecret, handshakeHash, keyLen, ivLen) {
+    const clientSecret = deriveSecret(alg, masterSecret, 'c ap traffic', handshakeHash);
+    const serverSecret = deriveSecret(alg, masterSecret, 's ap traffic', handshakeHash);
+    return {
+        clientKey: hkdfExpandLabel(alg, clientSecret, 'key', Buffer.alloc(0), keyLen),
+        clientIV: hkdfExpandLabel(alg, clientSecret, 'iv', Buffer.alloc(0), ivLen),
+        serverKey: hkdfExpandLabel(alg, serverSecret, 'key', Buffer.alloc(0), keyLen),
+        serverIV: hkdfExpandLabel(alg, serverSecret, 'iv', Buffer.alloc(0), ivLen),
+    };
+}
+/**
+ * Hash of empty string -- used for the Derive-Secret("derived", "")
+ * step in the key schedule.
+ */
+function emptyHash(alg) {
+    const { createHash } = require('node:crypto');
+    return createHash(alg).digest();
+}
+/**
+ * Build the Finished verify_data.
+ *
+ *   finished_key = HKDF-Expand-Label(BaseKey, "finished", "", Hash.length)
+ *   verify_data  = HMAC(finished_key, Transcript-Hash(Handshake Context))
+ */
+export function computeFinishedVerifyData(alg, baseSecret, transcriptHash) {
+    const finishedKey = hkdfExpandLabel(alg, baseSecret, 'finished', Buffer.alloc(0), hashLength(alg));
+    return Buffer.from(createHmac(alg, finishedKey).update(transcriptHash).digest());
+}
+//# sourceMappingURL=key-schedule.js.map

package/dist/tls/stealth/key-schedule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-schedule.js","sourceRoot":"","sources":["../../../src/tls/stealth/key-schedule.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAInD,mCAAmC;AACnC,MAAM,UAAU,UAAU,CAAC,GAAkB;IAC3C,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AACpC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CACzB,GAAkB,EAClB,IAAY,EACZ,GAAW;IAEX,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAC7B,GAAkB,EAClB,MAAc,EACd,KAAa,EACb,OAAe,EACf,MAAc;IAEd,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,GAAG,KAAK,EAAE,OAAO,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9E,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,SAAS,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,IAAI,CAAC,CAAC;IACZ,SAAS,CAAC,MAAM,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC;IACvC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAClC,MAAM,IAAI,SAAS,CAAC,MAAM,CAAC;IAC3B,SAAS,CAAC,MAAM,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAEhC,OAAO,MAAM,CAAC,IAAI,CAChB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAC1D,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAC1B,GAAkB,EAClB,MAAc,EACd,KAAa,EACb,cAAsB;IAEtB,OAAO,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,GAAkB;IACxC,OAAO,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;AACvC,CAAC;AAqBD;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,UAAkB;IAC7C,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACnC,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACtE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACnC,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,GAAkB,EAClB,YAAoB,EACpB,SAAiB,EACjB,MAAc,EACd,KAAa;IAEb,gDAAgD;IAChD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IAElF,sCAAsC;IACtC,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IAE9E,sEAAsE;IACtE,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;IAEpE,6CAA6C;IAC7C,MAAM,YAAY,GAAG,YAAY,CAAC,GAAG,EAAE,eAAe,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;IACnF,MAAM,YAAY,GAAG,YAAY,CAAC,GAAG,EAAE,eAAe,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;IAEnF,kBAAkB;IAClB,MAAM,kBAAkB,GAAG,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9F,MAAM,iBAAiB,GAAG,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC3F,MAAM,kBAAkB,GAAG,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9F,MAAM,iBAAiB,GAAG,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAE3F,8BAA8B;IAC9B,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,EAAE,eAAe,EAAE,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IACxF,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,EAAE,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IAEvE,OAAO;QACL,kBAAkB;QAClB,iBAAiB;QACjB,kBAAkB;QAClB,iBAAiB;QACjB,eAAe;QACf,YAAY;KACb,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAkB,EAClB,YAAoB,EACpB,aAAqB,EACrB,MAAc,EACd,KAAa;IAEb,MAAM,YAAY,GAAG,YAAY,CAAC,GAAG,EAAE,YAAY,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC;IACpF,MAAM,YAAY,GAAG,YAAY,CAAC,GAAG,EAAE,YAAY,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC;IAEpF,OAAO;QACL,SAAS,EAAE,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC;QAC7E,QAAQ,EAAE,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;QAC1E,SAAS,EAAE,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC;QAC7E,QAAQ,EAAE,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;KAC3E,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAAC,GAAkB;IACnC,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC9C,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;AAClC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,GAAkB,EAClB,UAAkB,EAClB,cAAsB;IAEtB,MAAM,WAAW,GAAG,eAAe,CACjC,GAAG,EACH,UAAU,EACV,UAAU,EACV,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EACf,UAAU,CAAC,GAAG,CAAC,CAChB,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACnF,CAAC"}

package/dist/tls/stealth/record-layer.d.ts

@@ -0,0 +1,74 @@
+/**
+ * TLS record layer.
+ *
+ * Handles framing, encryption, and decryption of TLS records.
+ * Operates on raw TCP byte streams.
+ */
+export interface TLSRecord {
+    type: number;
+    version: number;
+    fragment: Buffer;
+}
+/**
+ * Read a single TLS record from a buffer.
+ *
+ * Returns the record and the number of bytes consumed, or `null` if
+ * the buffer does not contain a complete record.
+ */
+export declare function readRecord(data: Buffer, offset: number): {
+    record: TLSRecord;
+    bytesRead: number;
+} | null;
+/**
+ * Write a TLS record (unencrypted) to a buffer.
+ */
+export declare function writeRecord(type: number, version: number, payload: Buffer): Buffer;
+export type AEADAlgorithm = 'aes-128-gcm' | 'aes-256-gcm' | 'chacha20-poly1305';
+/**
+ * Determine AEAD algorithm from cipher suite name.
+ */
+export declare function aeadFromCipher(cipherName: string): AEADAlgorithm;
+/**
+ * Build the per-record nonce by XORing the IV with the 64-bit
+ * sequence number (zero-padded on the left).
+ */
+export declare function buildNonce(iv: Buffer, sequenceNumber: bigint): Buffer;
+/**
+ * Encrypt a TLS 1.3 record.
+ *
+ * The plaintext is the handshake/application data followed by the
+ * content type byte.  The additional data is the record header of the
+ * outer (opaque) application_data record.
+ */
+export declare function encryptRecord(algorithm: AEADAlgorithm, key: Buffer, nonce: Buffer, plaintext: Buffer, additionalData: Buffer): Buffer;
+/**
+ * Decrypt a TLS 1.3 record.
+ *
+ * Returns the decrypted plaintext including the trailing content type
+ * byte.  The caller must strip the content type.
+ */
+export declare function decryptRecord(algorithm: AEADAlgorithm, key: Buffer, nonce: Buffer, ciphertext: Buffer, additionalData: Buffer): Buffer;
+/**
+ * Build the additional data for a TLS 1.3 encrypted record.
+ *
+ * For TLS 1.3: the 5-byte record header of the *outer* record
+ * (type=application_data, version=0x0303, length).
+ */
+export declare function buildAdditionalData(ciphertextLength: number): Buffer;
+/**
+ * Wrap plaintext into an encrypted TLS 1.3 record.
+ *
+ * Appends the real content type byte to the plaintext, encrypts with
+ * AEAD, and wraps in a record with type=application_data.
+ */
+export declare function wrapEncryptedRecord(algorithm: AEADAlgorithm, key: Buffer, iv: Buffer, sequenceNumber: bigint, contentType: number, plaintext: Buffer): Buffer;
+/**
+ * Unwrap an encrypted TLS 1.3 record.
+ *
+ * Returns the decrypted plaintext and the real content type.
+ */
+export declare function unwrapEncryptedRecord(algorithm: AEADAlgorithm, key: Buffer, iv: Buffer, sequenceNumber: bigint, record: TLSRecord): {
+    contentType: number;
+    plaintext: Buffer;
+};
+//# sourceMappingURL=record-layer.d.ts.map

package/dist/tls/stealth/record-layer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"record-layer.d.ts","sourceRoot":"","sources":["../../../src/tls/stealth/record-layer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAoBH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAID;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAexG;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAOlF;AAID,MAAM,MAAM,aAAa,GAAG,aAAa,GAAG,aAAa,GAAG,mBAAmB,CAAC;AAEhF;;GAEG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,aAAa,CAWhE;AAKD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,CASrE;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,SAAS,EAAE,aAAa,EACxB,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GACrB,MAAM,CAYR;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAC3B,SAAS,EAAE,aAAa,EACxB,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,MAAM,GACrB,MAAM,CAuBR;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAMpE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,aAAa,EACxB,GAAG,EAAE,MAAM,EACX,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAChB,MAAM,CAYR;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,EAAE,aAAa,EACxB,GAAG,EAAE,MAAM,EACX,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE,SAAS,GAChB;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAgB5C"}

package/dist/tls/stealth/record-layer.js

@@ -0,0 +1,167 @@
+/**
+ * TLS record layer.
+ *
+ * Handles framing, encryption, and decryption of TLS records.
+ * Operates on raw TCP byte streams.
+ */
+import { createCipheriv, createDecipheriv, } from 'node:crypto';
+import { BufferWriter } from '../../utils/buffer-writer.js';
+import { RecordType, ProtocolVersion } from '../constants.js';
+import { TLSError } from '../../core/errors.js';
+/** Maximum TLS record payload (2^14 = 16384). */
+const MAX_RECORD_PAYLOAD = 16384;
+/** Maximum ciphertext overhead (tag + content type byte). */
+const MAX_CIPHERTEXT_OVERHEAD = 256;
+// ---- Record reading ----
+/**
+ * Read a single TLS record from a buffer.
+ *
+ * Returns the record and the number of bytes consumed, or `null` if
+ * the buffer does not contain a complete record.
+ */
+export function readRecord(data, offset) {
+    if (data.length - offset < 5)
+        return null;
+    const type = data[offset];
+    const version = data.readUInt16BE(offset + 1);
+    const length = data.readUInt16BE(offset + 3);
+    if (data.length - offset - 5 < length)
+        return null;
+    const fragment = data.subarray(offset + 5, offset + 5 + length);
+    return {
+        record: { type, version, fragment },
+        bytesRead: 5 + length,
+    };
+}
+/**
+ * Write a TLS record (unencrypted) to a buffer.
+ */
+export function writeRecord(type, version, payload) {
+    const w = new BufferWriter(5 + payload.length);
+    w.writeUInt8(type);
+    w.writeUInt16(version);
+    w.writeUInt16(payload.length);
+    w.writeBytes(payload);
+    return w.toBuffer();
+}
+/**
+ * Determine AEAD algorithm from cipher suite name.
+ */
+export function aeadFromCipher(cipherName) {
+    if (cipherName.includes('AES_128_GCM') || cipherName.includes('aes-128-gcm')) {
+        return 'aes-128-gcm';
+    }
+    if (cipherName.includes('AES_256_GCM') || cipherName.includes('aes-256-gcm')) {
+        return 'aes-256-gcm';
+    }
+    if (cipherName.includes('CHACHA20') || cipherName.includes('chacha20')) {
+        return 'chacha20-poly1305';
+    }
+    throw new TLSError(`Unsupported cipher: ${cipherName}`);
+}
+/** Tag size for all supported AEAD algorithms. */
+const TAG_SIZE = 16;
+/**
+ * Build the per-record nonce by XORing the IV with the 64-bit
+ * sequence number (zero-padded on the left).
+ */
+export function buildNonce(iv, sequenceNumber) {
+    const nonce = Buffer.from(iv);
+    const seqBuf = Buffer.alloc(8);
+    seqBuf.writeBigUInt64BE(sequenceNumber);
+    // XOR the last 8 bytes of IV with the sequence number
+    for (let i = 0; i < 8; i++) {
+        nonce[nonce.length - 8 + i] ^= seqBuf[i];
+    }
+    return nonce;
+}
+/**
+ * Encrypt a TLS 1.3 record.
+ *
+ * The plaintext is the handshake/application data followed by the
+ * content type byte.  The additional data is the record header of the
+ * outer (opaque) application_data record.
+ */
+export function encryptRecord(algorithm, key, nonce, plaintext, additionalData) {
+    const cipher = createCipheriv(algorithm, key, nonce, { authTagLength: TAG_SIZE });
+    cipher.setAAD(additionalData);
+    const encrypted = cipher.update(plaintext);
+    const final = cipher.final();
+    const tag = cipher.getAuthTag();
+    return Buffer.concat([encrypted, final, tag]);
+}
+/**
+ * Decrypt a TLS 1.3 record.
+ *
+ * Returns the decrypted plaintext including the trailing content type
+ * byte.  The caller must strip the content type.
+ */
+export function decryptRecord(algorithm, key, nonce, ciphertext, additionalData) {
+    if (ciphertext.length < TAG_SIZE) {
+        throw new TLSError('Record too short for AEAD tag');
+    }
+    const encryptedData = ciphertext.subarray(0, ciphertext.length - TAG_SIZE);
+    const tag = ciphertext.subarray(ciphertext.length - TAG_SIZE);
+    const decipher = createDecipheriv(algorithm, key, nonce, { authTagLength: TAG_SIZE });
+    decipher.setAAD(additionalData);
+    decipher.setAuthTag(tag);
+    try {
+        const decrypted = decipher.update(encryptedData);
+        const final = decipher.final();
+        return Buffer.concat([decrypted, final]);
+    }
+    catch {
+        throw new TLSError('AEAD decryption failed');
+    }
+}
+/**
+ * Build the additional data for a TLS 1.3 encrypted record.
+ *
+ * For TLS 1.3: the 5-byte record header of the *outer* record
+ * (type=application_data, version=0x0303, length).
+ */
+export function buildAdditionalData(ciphertextLength) {
+    const w = new BufferWriter(5);
+    w.writeUInt8(RecordType.APPLICATION_DATA);
+    w.writeUInt16(ProtocolVersion.TLS_1_2); // TLS 1.3 records use 0x0303 in the header
+    w.writeUInt16(ciphertextLength);
+    return w.toBuffer();
+}
+/**
+ * Wrap plaintext into an encrypted TLS 1.3 record.
+ *
+ * Appends the real content type byte to the plaintext, encrypts with
+ * AEAD, and wraps in a record with type=application_data.
+ */
+export function wrapEncryptedRecord(algorithm, key, iv, sequenceNumber, contentType, plaintext) {
+    // Build inner plaintext: data + content_type byte
+    const inner = Buffer.alloc(plaintext.length + 1);
+    plaintext.copy(inner);
+    inner[plaintext.length] = contentType;
+    const nonce = buildNonce(iv, sequenceNumber);
+    const ciphertextLength = inner.length + TAG_SIZE;
+    const aad = buildAdditionalData(ciphertextLength);
+    const ciphertext = encryptRecord(algorithm, key, nonce, inner, aad);
+    return writeRecord(RecordType.APPLICATION_DATA, ProtocolVersion.TLS_1_2, ciphertext);
+}
+/**
+ * Unwrap an encrypted TLS 1.3 record.
+ *
+ * Returns the decrypted plaintext and the real content type.
+ */
+export function unwrapEncryptedRecord(algorithm, key, iv, sequenceNumber, record) {
+    const nonce = buildNonce(iv, sequenceNumber);
+    const aad = buildAdditionalData(record.fragment.length);
+    const inner = decryptRecord(algorithm, key, nonce, record.fragment, aad);
+    // Strip trailing zeros and find the real content type
+    let i = inner.length - 1;
+    while (i >= 0 && inner[i] === 0)
+        i--;
+    if (i < 0) {
+        throw new TLSError('Empty decrypted record');
+    }
+    const contentType = inner[i];
+    const plaintext = inner.subarray(0, i);
+    return { contentType, plaintext };
+}
+//# sourceMappingURL=record-layer.js.map

package/dist/tls/stealth/record-layer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"record-layer.js","sourceRoot":"","sources":["../../../src/tls/stealth/record-layer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,cAAc,EACd,gBAAgB,GAEjB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAEhD,iDAAiD;AACjD,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAEjC,6DAA6D;AAC7D,MAAM,uBAAuB,GAAG,GAAG,CAAC;AAUpC,2BAA2B;AAE3B;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,IAAY,EAAE,MAAc;IACrD,IAAI,IAAI,CAAC,MAAM,GAAG,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1C,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE7C,IAAI,IAAI,CAAC,MAAM,GAAG,MAAM,GAAG,CAAC,GAAG,MAAM;QAAE,OAAO,IAAI,CAAC;IAEnD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;IAEhE,OAAO;QACL,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE;QACnC,SAAS,EAAE,CAAC,GAAG,MAAM;KACtB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,OAAe,EAAE,OAAe;IACxE,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACvB,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACtB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAMD;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,UAAkB;IAC/C,IAAI,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAC7E,OAAO,aAAa,CAAC;IACvB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAC7E,OAAO,aAAa,CAAC;IACvB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACvE,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IACD,MAAM,IAAI,QAAQ,CAAC,uBAAuB,UAAU,EAAE,CAAC,CAAC;AAC1D,CAAC;AAED,kDAAkD;AAClD,MAAM,QAAQ,GAAG,EAAE,CAAC;AAEpB;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,EAAU,EAAE,cAAsB;IAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;IACxC,sDAAsD;IACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAE,IAAI,MAAM,CAAC,CAAC,CAAE,CAAC;IAC7C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,SAAwB,EACxB,GAAW,EACX,KAAa,EACb,SAAiB,EACjB,cAAsB;IAEtB,MAAM,MAAM,GAAG,cAAc,CAC3B,SAA2B,EAC3B,GAAG,EACH,KAAK,EACL,EAAE,aAAa,EAAE,QAAQ,EAAE,CAC5B,CAAC;IACF,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAC9B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAC3B,SAAwB,EACxB,GAAW,EACX,KAAa,EACb,UAAkB,EAClB,cAAsB;IAEtB,IAAI,UAAU,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,QAAQ,CAAC,+BAA+B,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,GAAG,QAAQ,CAAC,CAAC;IAC3E,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,QAAQ,CAAC,CAAC;IAE9D,MAAM,QAAQ,GAAG,gBAAgB,CAC/B,SAA2B,EAC3B,GAAG,EACH,KAAK,EACL,EAAE,aAAa,EAAE,QAAQ,EAAE,CAC5B,CAAC;IACF,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAChC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAEzB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC;QAC/B,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,QAAQ,CAAC,wBAAwB,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,gBAAwB;IAC1D,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC1C,CAAC,CAAC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,2CAA2C;IACnF,CAAC,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;IAChC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,SAAwB,EACxB,GAAW,EACX,EAAU,EACV,cAAsB,EACtB,WAAmB,EACnB,SAAiB;IAEjB,kDAAkD;IAClD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjD,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtB,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,WAAW,CAAC;IAEtC,MAAM,KAAK,GAAG,UAAU,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;IAC7C,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC;IACjD,MAAM,GAAG,GAAG,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAEpE,OAAO,WAAW,CAAC,UAAU,CAAC,gBAAgB,EAAE,eAAe,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;AACvF,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CACnC,SAAwB,EACxB,GAAW,EACX,EAAU,EACV,cAAsB,EACtB,MAAiB;IAEjB,MAAM,KAAK,GAAG,UAAU,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,mBAAmB,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,aAAa,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAEzE,sDAAsD;IACtD,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IACzB,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,CAAC,EAAE,CAAC;IACrC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACV,MAAM,IAAI,QAAQ,CAAC,wBAAwB,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEvC,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;AACpC,CAAC"}

package/dist/tls/types.d.ts

@@ -0,0 +1,58 @@
+/**
+ * TLS engine types and the ITLSEngine interface that both standard
+ * (node:tls) and stealth (raw handshake) engines implement.
+ */
+import type { Socket } from 'node:net';
+import type { Duplex } from 'node:stream';
+import type { BrowserProfile } from '../fingerprints/types.js';
+import type { Logger } from '../utils/logger.js';
+export interface TLSConnectOptions {
+    host: string;
+    port: number;
+    /** Existing TCP socket to wrap (for proxy tunneling). */
+    socket?: Socket;
+    /** Server name for SNI. Defaults to `host`. */
+    servername?: string;
+    /** Skip certificate verification. */
+    insecure?: boolean;
+    /** ALPN protocols to offer. Derived from profile if not given. */
+    alpnProtocols?: string[];
+    /** Timeout for the TLS handshake in milliseconds. */
+    timeout?: number;
+    /** Abort signal. */
+    signal?: AbortSignal;
+    logger?: Logger;
+}
+export interface TLSConnectionInfo {
+    /** Negotiated TLS protocol version, e.g. "TLSv1.3". */
+    version: string;
+    /** Negotiated ALPN protocol, e.g. "h2" or "http/1.1". */
+    alpnProtocol: string | null;
+    /** Negotiated cipher suite name. */
+    cipher: string;
+    /** The JA3 hash of the ClientHello actually sent. */
+    ja3Hash?: string;
+}
+/**
+ * A TLS-encrypted duplex stream augmented with connection metadata.
+ */
+export interface TLSSocket extends Duplex {
+    /** Connection metadata (available after the handshake completes). */
+    connectionInfo: TLSConnectionInfo;
+    /** Gracefully close the TLS connection. */
+    destroyTLS(): void;
+}
+/**
+ * Both the standard and stealth TLS engines implement this interface.
+ */
+export interface ITLSEngine {
+    /**
+     * Open a TLS connection to the given host:port.
+     *
+     * If a BrowserProfile is supplied the engine MUST configure TLS
+     * parameters (cipher suites, curves, extensions, ALPN) to match the
+     * profile so that the JA3 fingerprint is correct.
+     */
+    connect(options: TLSConnectOptions, profile?: BrowserProfile): Promise<TLSSocket>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/tls/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/tls/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+CAA+C;IAC/C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,kEAAkE;IAClE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,qDAAqD;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,OAAO,EAAE,MAAM,CAAC;IAChB,yDAAyD;IACzD,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,oCAAoC;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,qDAAqD;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,SAAU,SAAQ,MAAM;IACvC,qEAAqE;IACrE,cAAc,EAAE,iBAAiB,CAAC;IAClC,2CAA2C;IAC3C,UAAU,IAAI,IAAI,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;OAMG;IACH,OAAO,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;CACnF"}

package/dist/tls/types.js

@@ -0,0 +1,6 @@
+/**
+ * TLS engine types and the ITLSEngine interface that both standard
+ * (node:tls) and stealth (raw handshake) engines implement.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/tls/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/tls/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/utils/buffer-reader.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Binary reader for parsing TLS records, HTTP/2 frames, and other
+ * network protocol structures.  All multi-byte integers are read in
+ * network byte order (big-endian) unless stated otherwise.
+ */
+export declare class BufferReader {
+    private _buf;
+    private _pos;
+    constructor(buf: Buffer, offset?: number);
+    get position(): number;
+    get remaining(): number;
+    get length(): number;
+    get buffer(): Buffer;
+    peek(length: number): Buffer;
+    readUInt8(): number;
+    readUInt16(): number;
+    readUInt24(): number;
+    readUInt32(): number;
+    readBytes(length: number): Buffer;
+    /** Read a length-prefixed vector with 1-byte length field. */
+    readVector8(): Buffer;
+    /** Read a length-prefixed vector with 2-byte length field. */
+    readVector16(): Buffer;
+    /** Read a length-prefixed vector with 3-byte length field. */
+    readVector24(): Buffer;
+    skip(length: number): void;
+    seek(position: number): void;
+    /** Create a sub-reader over the next `length` bytes without copying. */
+    subReader(length: number): BufferReader;
+    private assertAvailable;
+}
+//# sourceMappingURL=buffer-reader.d.ts.map

package/dist/utils/buffer-reader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"buffer-reader.d.ts","sourceRoot":"","sources":["../../src/utils/buffer-reader.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,qBAAa,YAAY;IACvB,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,IAAI,CAAS;gBAET,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,MAAU;IAK3C,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAK5B,SAAS,IAAI,MAAM;IAOnB,UAAU,IAAI,MAAM;IAOpB,UAAU,IAAI,MAAM;IASpB,UAAU,IAAI,MAAM;IAOpB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAOjC,8DAA8D;IAC9D,WAAW,IAAI,MAAM;IAKrB,8DAA8D;IAC9D,YAAY,IAAI,MAAM;IAKtB,8DAA8D;IAC9D,YAAY,IAAI,MAAM;IAKtB,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAK1B,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAO5B,wEAAwE;IACxE,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY;IAOvC,OAAO,CAAC,eAAe;CAOxB"}