npm - @gjsify/crypto - Versions diffs - 0.1.0 - Mend

@gjsify/crypto 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/README.md +27 -0
package/lib/esm/asn1.js +504 -0
package/lib/esm/bigint-math.js +34 -0
package/lib/esm/cipher.js +1272 -0
package/lib/esm/constants.js +15 -0
package/lib/esm/crypto-utils.js +47 -0
package/lib/esm/dh.js +411 -0
package/lib/esm/ecdh.js +356 -0
package/lib/esm/ecdsa.js +125 -0
package/lib/esm/hash.js +100 -0
package/lib/esm/hkdf.js +58 -0
package/lib/esm/hmac.js +93 -0
package/lib/esm/index.js +158 -0
package/lib/esm/key-object.js +330 -0
package/lib/esm/mgf1.js +27 -0
package/lib/esm/pbkdf2.js +68 -0
package/lib/esm/public-encrypt.js +175 -0
package/lib/esm/random.js +138 -0
package/lib/esm/rsa-oaep.js +95 -0
package/lib/esm/rsa-pss.js +100 -0
package/lib/esm/scrypt.js +134 -0
package/lib/esm/sign.js +248 -0
package/lib/esm/timing-safe-equal.js +13 -0
package/lib/esm/x509.js +214 -0
package/lib/types/asn1.d.ts +87 -0
package/lib/types/bigint-math.d.ts +13 -0
package/lib/types/cipher.d.ts +84 -0
package/lib/types/constants.d.ts +10 -0
package/lib/types/crypto-utils.d.ts +22 -0
package/lib/types/dh.d.ts +79 -0
package/lib/types/ecdh.d.ts +96 -0
package/lib/types/ecdsa.d.ts +21 -0
package/lib/types/hash.d.ts +25 -0
package/lib/types/hkdf.d.ts +9 -0
package/lib/types/hmac.d.ts +20 -0
package/lib/types/index.d.ts +105 -0
package/lib/types/key-object.d.ts +36 -0
package/lib/types/mgf1.d.ts +5 -0
package/lib/types/pbkdf2.d.ts +9 -0
package/lib/types/public-encrypt.d.ts +42 -0
package/lib/types/random.d.ts +22 -0
package/lib/types/rsa-oaep.d.ts +8 -0
package/lib/types/rsa-pss.d.ts +8 -0
package/lib/types/scrypt.d.ts +11 -0
package/lib/types/sign.d.ts +61 -0
package/lib/types/timing-safe-equal.d.ts +6 -0
package/lib/types/x509.d.ts +72 -0
package/package.json +45 -0
package/src/asn1.ts +797 -0
package/src/bigint-math.ts +45 -0
package/src/cipher.spec.ts +332 -0
package/src/cipher.ts +952 -0
package/src/constants.ts +16 -0
package/src/crypto-utils.ts +64 -0
package/src/dh.spec.ts +111 -0
package/src/dh.ts +761 -0
package/src/ecdh.spec.ts +116 -0
package/src/ecdh.ts +624 -0
package/src/ecdsa.ts +243 -0
package/src/extended.spec.ts +444 -0
package/src/gcm.spec.ts +141 -0
package/src/hash.spec.ts +86 -0
package/src/hash.ts +119 -0
package/src/hkdf.ts +99 -0
package/src/hmac.spec.ts +64 -0
package/src/hmac.ts +123 -0
package/src/index.ts +93 -0
package/src/key-object.spec.ts +202 -0
package/src/key-object.ts +401 -0
package/src/mgf1.ts +37 -0
package/src/pbkdf2.spec.ts +76 -0
package/src/pbkdf2.ts +106 -0
package/src/public-encrypt.ts +288 -0
package/src/random.spec.ts +133 -0
package/src/random.ts +183 -0
package/src/rsa-oaep.ts +167 -0
package/src/rsa-pss.ts +190 -0
package/src/scrypt.spec.ts +90 -0
package/src/scrypt.ts +191 -0
package/src/sign.spec.ts +160 -0
package/src/sign.ts +319 -0
package/src/test.mts +19 -0
package/src/timing-safe-equal.ts +21 -0
package/src/x509.spec.ts +210 -0
package/src/x509.ts +262 -0
package/tsconfig.json +31 -0
package/tsconfig.tsbuildinfo +1 -0

package/lib/esm/cipher.js ADDED Viewed

@@ -0,0 +1,1272 @@
+import { Buffer } from "node:buffer";
+const SBOX = new Uint8Array([
+  99,
+  124,
+  119,
+  123,
+  242,
+  107,
+  111,
+  197,
+  48,
+  1,
+  103,
+  43,
+  254,
+  215,
+  171,
+  118,
+  202,
+  130,
+  201,
+  125,
+  250,
+  89,
+  71,
+  240,
+  173,
+  212,
+  162,
+  175,
+  156,
+  164,
+  114,
+  192,
+  183,
+  253,
+  147,
+  38,
+  54,
+  63,
+  247,
+  204,
+  52,
+  165,
+  229,
+  241,
+  113,
+  216,
+  49,
+  21,
+  4,
+  199,
+  35,
+  195,
+  24,
+  150,
+  5,
+  154,
+  7,
+  18,
+  128,
+  226,
+  235,
+  39,
+  178,
+  117,
+  9,
+  131,
+  44,
+  26,
+  27,
+  110,
+  90,
+  160,
+  82,
+  59,
+  214,
+  179,
+  41,
+  227,
+  47,
+  132,
+  83,
+  209,
+  0,
+  237,
+  32,
+  252,
+  177,
+  91,
+  106,
+  203,
+  190,
+  57,
+  74,
+  76,
+  88,
+  207,
+  208,
+  239,
+  170,
+  251,
+  67,
+  77,
+  51,
+  133,
+  69,
+  249,
+  2,
+  127,
+  80,
+  60,
+  159,
+  168,
+  81,
+  163,
+  64,
+  143,
+  146,
+  157,
+  56,
+  245,
+  188,
+  182,
+  218,
+  33,
+  16,
+  255,
+  243,
+  210,
+  205,
+  12,
+  19,
+  236,
+  95,
+  151,
+  68,
+  23,
+  196,
+  167,
+  126,
+  61,
+  100,
+  93,
+  25,
+  115,
+  96,
+  129,
+  79,
+  220,
+  34,
+  42,
+  144,
+  136,
+  70,
+  238,
+  184,
+  20,
+  222,
+  94,
+  11,
+  219,
+  224,
+  50,
+  58,
+  10,
+  73,
+  6,
+  36,
+  92,
+  194,
+  211,
+  172,
+  98,
+  145,
+  149,
+  228,
+  121,
+  231,
+  200,
+  55,
+  109,
+  141,
+  213,
+  78,
+  169,
+  108,
+  86,
+  244,
+  234,
+  101,
+  122,
+  174,
+  8,
+  186,
+  120,
+  37,
+  46,
+  28,
+  166,
+  180,
+  198,
+  232,
+  221,
+  116,
+  31,
+  75,
+  189,
+  139,
+  138,
+  112,
+  62,
+  181,
+  102,
+  72,
+  3,
+  246,
+  14,
+  97,
+  53,
+  87,
+  185,
+  134,
+  193,
+  29,
+  158,
+  225,
+  248,
+  152,
+  17,
+  105,
+  217,
+  142,
+  148,
+  155,
+  30,
+  135,
+  233,
+  206,
+  85,
+  40,
+  223,
+  140,
+  161,
+  137,
+  13,
+  191,
+  230,
+  66,
+  104,
+  65,
+  153,
+  45,
+  15,
+  176,
+  84,
+  187,
+  22
+]);
+const INV_SBOX = new Uint8Array([
+  82,
+  9,
+  106,
+  213,
+  48,
+  54,
+  165,
+  56,
+  191,
+  64,
+  163,
+  158,
+  129,
+  243,
+  215,
+  251,
+  124,
+  227,
+  57,
+  130,
+  155,
+  47,
+  255,
+  135,
+  52,
+  142,
+  67,
+  68,
+  196,
+  222,
+  233,
+  203,
+  84,
+  123,
+  148,
+  50,
+  166,
+  194,
+  35,
+  61,
+  238,
+  76,
+  149,
+  11,
+  66,
+  250,
+  195,
+  78,
+  8,
+  46,
+  161,
+  102,
+  40,
+  217,
+  36,
+  178,
+  118,
+  91,
+  162,
+  73,
+  109,
+  139,
+  209,
+  37,
+  114,
+  248,
+  246,
+  100,
+  134,
+  104,
+  152,
+  22,
+  212,
+  164,
+  92,
+  204,
+  93,
+  101,
+  182,
+  146,
+  108,
+  112,
+  72,
+  80,
+  253,
+  237,
+  185,
+  218,
+  94,
+  21,
+  70,
+  87,
+  167,
+  141,
+  157,
+  132,
+  144,
+  216,
+  171,
+  0,
+  140,
+  188,
+  211,
+  10,
+  247,
+  228,
+  88,
+  5,
+  184,
+  179,
+  69,
+  6,
+  208,
+  44,
+  30,
+  143,
+  202,
+  63,
+  15,
+  2,
+  193,
+  175,
+  189,
+  3,
+  1,
+  19,
+  138,
+  107,
+  58,
+  145,
+  17,
+  65,
+  79,
+  103,
+  220,
+  234,
+  151,
+  242,
+  207,
+  206,
+  240,
+  180,
+  230,
+  115,
+  150,
+  172,
+  116,
+  34,
+  231,
+  173,
+  53,
+  133,
+  226,
+  249,
+  55,
+  232,
+  28,
+  117,
+  223,
+  110,
+  71,
+  241,
+  26,
+  113,
+  29,
+  41,
+  197,
+  137,
+  111,
+  183,
+  98,
+  14,
+  170,
+  24,
+  190,
+  27,
+  252,
+  86,
+  62,
+  75,
+  198,
+  210,
+  121,
+  32,
+  154,
+  219,
+  192,
+  254,
+  120,
+  205,
+  90,
+  244,
+  31,
+  221,
+  168,
+  51,
+  136,
+  7,
+  199,
+  49,
+  177,
+  18,
+  16,
+  89,
+  39,
+  128,
+  236,
+  95,
+  96,
+  81,
+  127,
+  169,
+  25,
+  181,
+  74,
+  13,
+  45,
+  229,
+  122,
+  159,
+  147,
+  201,
+  156,
+  239,
+  160,
+  224,
+  59,
+  77,
+  174,
+  42,
+  245,
+  176,
+  200,
+  235,
+  187,
+  60,
+  131,
+  83,
+  153,
+  97,
+  23,
+  43,
+  4,
+  126,
+  186,
+  119,
+  214,
+  38,
+  225,
+  105,
+  20,
+  99,
+  85,
+  33,
+  12,
+  125
+]);
+const RCON = [1, 2, 4, 8, 16, 32, 64, 128, 27, 54];
+function gmul(a, b) {
+  let p = 0;
+  for (let i = 0; i < 8; i++) {
+    if (b & 1) p ^= a;
+    const hi = a & 128;
+    a = a << 1 & 255;
+    if (hi) a ^= 27;
+    b >>= 1;
+  }
+  return p;
+}
+function keyExpansion(key) {
+  const nk = key.length / 4;
+  const nr = nk + 6;
+  const nw = 4 * (nr + 1);
+  const w = new Array(nw);
+  for (let i = 0; i < nk; i++) {
+    w[i] = new Uint8Array([key[4 * i], key[4 * i + 1], key[4 * i + 2], key[4 * i + 3]]);
+  }
+  for (let i = nk; i < nw; i++) {
+    let temp = new Uint8Array(w[i - 1]);
+    if (i % nk === 0) {
+      temp = new Uint8Array([
+        SBOX[temp[1]] ^ RCON[i / nk - 1],
+        SBOX[temp[2]],
+        SBOX[temp[3]],
+        SBOX[temp[0]]
+      ]);
+    } else if (nk > 6 && i % nk === 4) {
+      temp = new Uint8Array([SBOX[temp[0]], SBOX[temp[1]], SBOX[temp[2]], SBOX[temp[3]]]);
+    }
+    w[i] = new Uint8Array(4);
+    for (let j = 0; j < 4; j++) w[i][j] = w[i - nk][j] ^ temp[j];
+  }
+  const roundKeys = [];
+  for (let r = 0; r <= nr; r++) {
+    const rk = new Uint8Array(16);
+    for (let c = 0; c < 4; c++) {
+      rk[4 * c] = w[4 * r + c][0];
+      rk[4 * c + 1] = w[4 * r + c][1];
+      rk[4 * c + 2] = w[4 * r + c][2];
+      rk[4 * c + 3] = w[4 * r + c][3];
+    }
+    roundKeys.push(rk);
+  }
+  return roundKeys;
+}
+function aesEncryptBlock(block, roundKeys) {
+  const state = new Uint8Array(block);
+  const nr = roundKeys.length - 1;
+  for (let i = 0; i < 16; i++) state[i] ^= roundKeys[0][i];
+  for (let round = 1; round < nr; round++) {
+    for (let i = 0; i < 16; i++) state[i] = SBOX[state[i]];
+    const t1 = state[1];
+    state[1] = state[5];
+    state[5] = state[9];
+    state[9] = state[13];
+    state[13] = t1;
+    const t2a = state[2];
+    const t2b = state[6];
+    state[2] = state[10];
+    state[6] = state[14];
+    state[10] = t2a;
+    state[14] = t2b;
+    const t3 = state[15];
+    state[15] = state[11];
+    state[11] = state[7];
+    state[7] = state[3];
+    state[3] = t3;
+    for (let c = 0; c < 4; c++) {
+      const i = c * 4;
+      const a0 = state[i], a1 = state[i + 1], a2 = state[i + 2], a3 = state[i + 3];
+      state[i] = gmul(2, a0) ^ gmul(3, a1) ^ a2 ^ a3;
+      state[i + 1] = a0 ^ gmul(2, a1) ^ gmul(3, a2) ^ a3;
+      state[i + 2] = a0 ^ a1 ^ gmul(2, a2) ^ gmul(3, a3);
+      state[i + 3] = gmul(3, a0) ^ a1 ^ a2 ^ gmul(2, a3);
+    }
+    for (let i = 0; i < 16; i++) state[i] ^= roundKeys[round][i];
+  }
+  for (let i = 0; i < 16; i++) state[i] = SBOX[state[i]];
+  const t1f = state[1];
+  state[1] = state[5];
+  state[5] = state[9];
+  state[9] = state[13];
+  state[13] = t1f;
+  const t2af = state[2];
+  const t2bf = state[6];
+  state[2] = state[10];
+  state[6] = state[14];
+  state[10] = t2af;
+  state[14] = t2bf;
+  const t3f = state[15];
+  state[15] = state[11];
+  state[11] = state[7];
+  state[7] = state[3];
+  state[3] = t3f;
+  for (let i = 0; i < 16; i++) state[i] ^= roundKeys[nr][i];
+  return state;
+}
+function aesDecryptBlock(block, roundKeys) {
+  const state = new Uint8Array(block);
+  const nr = roundKeys.length - 1;
+  for (let i = 0; i < 16; i++) state[i] ^= roundKeys[nr][i];
+  for (let round = nr - 1; round > 0; round--) {
+    const t1 = state[13];
+    state[13] = state[9];
+    state[9] = state[5];
+    state[5] = state[1];
+    state[1] = t1;
+    const t2a = state[10];
+    const t2b = state[14];
+    state[10] = state[2];
+    state[14] = state[6];
+    state[2] = t2a;
+    state[6] = t2b;
+    const t3 = state[3];
+    state[3] = state[7];
+    state[7] = state[11];
+    state[11] = state[15];
+    state[15] = t3;
+    for (let i = 0; i < 16; i++) state[i] = INV_SBOX[state[i]];
+    for (let i = 0; i < 16; i++) state[i] ^= roundKeys[round][i];
+    for (let c = 0; c < 4; c++) {
+      const i = c * 4;
+      const a0 = state[i], a1 = state[i + 1], a2 = state[i + 2], a3 = state[i + 3];
+      state[i] = gmul(14, a0) ^ gmul(11, a1) ^ gmul(13, a2) ^ gmul(9, a3);
+      state[i + 1] = gmul(9, a0) ^ gmul(14, a1) ^ gmul(11, a2) ^ gmul(13, a3);
+      state[i + 2] = gmul(13, a0) ^ gmul(9, a1) ^ gmul(14, a2) ^ gmul(11, a3);
+      state[i + 3] = gmul(11, a0) ^ gmul(13, a1) ^ gmul(9, a2) ^ gmul(14, a3);
+    }
+  }
+  const t1f = state[13];
+  state[13] = state[9];
+  state[9] = state[5];
+  state[5] = state[1];
+  state[1] = t1f;
+  const t2af = state[10];
+  const t2bf = state[14];
+  state[10] = state[2];
+  state[14] = state[6];
+  state[2] = t2af;
+  state[6] = t2bf;
+  const t3f = state[3];
+  state[3] = state[7];
+  state[7] = state[11];
+  state[11] = state[15];
+  state[15] = t3f;
+  for (let i = 0; i < 16; i++) state[i] = INV_SBOX[state[i]];
+  for (let i = 0; i < 16; i++) state[i] ^= roundKeys[0][i];
+  return state;
+}
+function incrementCounter(counter) {
+  for (let i = 15; i >= 0; i--) {
+    if (++counter[i] !== 0) break;
+  }
+}
+function gcmIncrementCounter(counter) {
+  for (let i = 15; i >= 12; i--) {
+    if (++counter[i] !== 0) break;
+  }
+}
+function gfMul(X, Y) {
+  const Z = new Uint8Array(16);
+  const V = new Uint8Array(X);
+  for (let i = 0; i < 128; i++) {
+    if (Y[i >>> 3] & 1 << 7 - (i & 7)) {
+      for (let j = 0; j < 16; j++) Z[j] ^= V[j];
+    }
+    const lsb = V[15] & 1;
+    for (let j = 15; j > 0; j--) {
+      V[j] = V[j] >>> 1 | (V[j - 1] & 1) << 7;
+    }
+    V[0] = V[0] >>> 1;
+    if (lsb) {
+      V[0] ^= 225;
+    }
+  }
+  return Z;
+}
+function ghash(H, aad, ciphertext) {
+  const X = new Uint8Array(16);
+  const aadBlocks = Math.ceil(aad.length / 16) || 0;
+  for (let i = 0; i < aadBlocks; i++) {
+    const start = i * 16;
+    const end = Math.min(start + 16, aad.length);
+    for (let j = 0; j < 16; j++) {
+      const idx = start + j;
+      if (idx < end) {
+        X[j] ^= aad[idx];
+      }
+    }
+    const product2 = gfMul(X, H);
+    X.set(product2);
+  }
+  const ctBlocks = Math.ceil(ciphertext.length / 16) || 0;
+  for (let i = 0; i < ctBlocks; i++) {
+    const start = i * 16;
+    const end = Math.min(start + 16, ciphertext.length);
+    for (let j = 0; j < 16; j++) {
+      const idx = start + j;
+      if (idx < end) {
+        X[j] ^= ciphertext[idx];
+      }
+    }
+    const product2 = gfMul(X, H);
+    X.set(product2);
+  }
+  const lenBlock = new Uint8Array(16);
+  const aadBits = aad.length * 8;
+  const ctBits = ciphertext.length * 8;
+  const aadHi = Math.floor(aadBits / 4294967296);
+  const aadLo = aadBits >>> 0;
+  lenBlock[0] = aadHi >>> 24 & 255;
+  lenBlock[1] = aadHi >>> 16 & 255;
+  lenBlock[2] = aadHi >>> 8 & 255;
+  lenBlock[3] = aadHi & 255;
+  lenBlock[4] = aadLo >>> 24 & 255;
+  lenBlock[5] = aadLo >>> 16 & 255;
+  lenBlock[6] = aadLo >>> 8 & 255;
+  lenBlock[7] = aadLo & 255;
+  const ctHi = Math.floor(ctBits / 4294967296);
+  const ctLo = ctBits >>> 0;
+  lenBlock[8] = ctHi >>> 24 & 255;
+  lenBlock[9] = ctHi >>> 16 & 255;
+  lenBlock[10] = ctHi >>> 8 & 255;
+  lenBlock[11] = ctHi & 255;
+  lenBlock[12] = ctLo >>> 24 & 255;
+  lenBlock[13] = ctLo >>> 16 & 255;
+  lenBlock[14] = ctLo >>> 8 & 255;
+  lenBlock[15] = ctLo & 255;
+  for (let j = 0; j < 16; j++) X[j] ^= lenBlock[j];
+  const product = gfMul(X, H);
+  X.set(product);
+  return X;
+}
+function parseAlgorithm(algorithm) {
+  const lower = algorithm.toLowerCase();
+  const match = lower.match(/^aes-(128|192|256)-(cbc|ctr|ecb|cfb|ofb|gcm)$/);
+  if (!match) {
+    throw new Error(`Unsupported cipher algorithm: ${algorithm}`);
+  }
+  const keyBits = parseInt(match[1]);
+  const mode = match[2];
+  return {
+    keySize: keyBits / 8,
+    ivSize: mode === "ecb" ? 0 : mode === "gcm" ? 12 : 16,
+    mode
+  };
+}
+function toBuffer(data, encoding) {
+  if (typeof data === "string") {
+    return Buffer.from(data, encoding || "utf8");
+  }
+  return Buffer.from(data);
+}
+function encodeOutput(data, encoding) {
+  if (!encoding) return Buffer.from(data);
+  return Buffer.from(data).toString(encoding);
+}
+function incompleteUtf8Tail(buf) {
+  if (buf.length === 0) return 0;
+  const end = buf.length;
+  for (let back = 1; back <= Math.min(4, end); back++) {
+    const b = buf[end - back];
+    if ((b & 128) === 0) {
+      return 0;
+    }
+    if ((b & 192) === 128) {
+      continue;
+    }
+    let expected;
+    if ((b & 224) === 192) expected = 2;
+    else if ((b & 240) === 224) expected = 3;
+    else if ((b & 248) === 240) expected = 4;
+    else return 0;
+    return back < expected ? back : 0;
+  }
+  return 0;
+}
+function pkcs7Pad(data) {
+  const padLen = 16 - data.length % 16;
+  const padded = new Uint8Array(data.length + padLen);
+  padded.set(data);
+  for (let i = data.length; i < padded.length; i++) padded[i] = padLen;
+  return padded;
+}
+function pkcs7Unpad(data) {
+  if (data.length === 0 || data.length % 16 !== 0) {
+    throw new Error("bad decrypt");
+  }
+  const padLen = data[data.length - 1];
+  if (padLen === 0 || padLen > 16) {
+    throw new Error("bad decrypt");
+  }
+  for (let i = data.length - padLen; i < data.length; i++) {
+    if (data[i] !== padLen) throw new Error("bad decrypt");
+  }
+  return new Uint8Array(data.slice(0, data.length - padLen));
+}
+class CipherBase {
+  _roundKeys;
+  _iv;
+  _mode;
+  _buffer = new Uint8Array(0);
+  _autoPadding = true;
+  _finalized = false;
+  constructor(algorithm, key, iv) {
+    const info = parseAlgorithm(algorithm);
+    if (key.length !== info.keySize) {
+      throw new Error(`Invalid key length ${key.length}, expected ${info.keySize} for ${algorithm}`);
+    }
+    if (info.ivSize > 0 && (!iv || iv.length !== info.ivSize)) {
+      throw new Error(`Invalid IV length ${iv?.length ?? 0}, expected ${info.ivSize} for ${algorithm}`);
+    }
+    this._roundKeys = keyExpansion(key);
+    this._iv = iv ? new Uint8Array(iv) : new Uint8Array(16);
+    this._mode = info.mode;
+  }
+  setAutoPadding(autoPadding) {
+    this._autoPadding = autoPadding;
+    return this;
+  }
+}
+class Cipher extends CipherBase {
+  _prevBlock;
+  _counter;
+  // GCM state
+  _gcmH = null;
+  // Hash subkey H = AES_K(0^128)
+  _gcmJ0 = null;
+  // Initial counter J0
+  _gcmAAD = new Uint8Array(0);
+  // Additional authenticated data
+  _gcmCiphertext = [];
+  // Accumulated ciphertext for GHASH
+  _gcmCiphertextLen = 0;
+  // Total ciphertext length
+  _gcmAuthTag = null;
+  // Computed authentication tag
+  _gcmAADSet = false;
+  // Whether setAAD was called
+  constructor(algorithm, key, iv) {
+    super(algorithm, key, iv);
+    this._prevBlock = new Uint8Array(this._iv);
+    if (this._mode === "gcm") {
+      this._gcmH = aesEncryptBlock(new Uint8Array(16), this._roundKeys);
+      this._gcmJ0 = new Uint8Array(16);
+      this._gcmJ0.set(this._iv.subarray(0, 12));
+      this._gcmJ0[15] = 1;
+      this._counter = new Uint8Array(this._gcmJ0);
+      gcmIncrementCounter(this._counter);
+    } else {
+      this._counter = new Uint8Array(this._iv);
+    }
+  }
+  /**
+   * Set Additional Authenticated Data for GCM mode.
+   * Must be called before any update() calls.
+   */
+  setAAD(data) {
+    if (this._mode !== "gcm") {
+      throw new Error("setAAD is only supported in GCM mode");
+    }
+    if (this._gcmCiphertextLen > 0) {
+      throw new Error("setAAD must be called before update()");
+    }
+    this._gcmAAD = new Uint8Array(data);
+    this._gcmAADSet = true;
+    return this;
+  }
+  /**
+   * Get the authentication tag after final() has been called.
+   * Only valid for GCM mode.
+   */
+  getAuthTag() {
+    if (this._mode !== "gcm") {
+      throw new Error("getAuthTag is only supported in GCM mode");
+    }
+    if (!this._gcmAuthTag) {
+      throw new Error("getAuthTag must be called after final()");
+    }
+    return Buffer.from(this._gcmAuthTag);
+  }
+  update(data, inputEncoding, outputEncoding) {
+    const input = toBuffer(data, inputEncoding);
+    const combined = new Uint8Array(this._buffer.length + input.length);
+    combined.set(this._buffer);
+    combined.set(input, this._buffer.length);
+    if (this._mode === "gcm") {
+      const output2 = this._processGcmEncrypt(combined);
+      this._buffer = new Uint8Array(0);
+      return encodeOutput(output2, outputEncoding);
+    }
+    if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
+      const output2 = this._processStream(combined);
+      this._buffer = new Uint8Array(0);
+      return encodeOutput(output2, outputEncoding);
+    }
+    const fullBlocks = Math.floor(combined.length / 16);
+    const processLen = fullBlocks * 16;
+    const output = [];
+    for (let i = 0; i < processLen; i += 16) {
+      const block = combined.slice(i, i + 16);
+      output.push(this._encryptBlock(block));
+    }
+    this._buffer = combined.slice(processLen);
+    const result = new Uint8Array(output.length * 16);
+    for (let i = 0; i < output.length; i++) result.set(output[i], i * 16);
+    return encodeOutput(result, outputEncoding);
+  }
+  final(outputEncoding) {
+    if (this._finalized) throw new Error("Cipher already finalized");
+    this._finalized = true;
+    if (this._mode === "gcm") {
+      let finalOutput = new Uint8Array(0);
+      if (this._buffer.length > 0) {
+        finalOutput = this._processGcmEncrypt(this._buffer);
+        this._buffer = new Uint8Array(0);
+      }
+      const allCiphertext = new Uint8Array(this._gcmCiphertextLen);
+      let offset = 0;
+      for (const chunk of this._gcmCiphertext) {
+        allCiphertext.set(chunk, offset);
+        offset += chunk.length;
+      }
+      const ghashResult = ghash(this._gcmH, this._gcmAAD, allCiphertext);
+      const encJ0 = aesEncryptBlock(this._gcmJ0, this._roundKeys);
+      const tag = new Uint8Array(16);
+      for (let i = 0; i < 16; i++) tag[i] = ghashResult[i] ^ encJ0[i];
+      this._gcmAuthTag = Buffer.from(tag);
+      return encodeOutput(finalOutput, outputEncoding);
+    }
+    if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
+      if (this._buffer.length > 0) {
+        const output2 = this._processStream(this._buffer);
+        this._buffer = new Uint8Array(0);
+        return encodeOutput(output2, outputEncoding);
+      }
+      return encodeOutput(new Uint8Array(0), outputEncoding);
+    }
+    let data = this._buffer;
+    if (this._autoPadding) {
+      data = pkcs7Pad(data);
+    } else if (data.length % 16 !== 0) {
+      throw new Error("data not multiple of block size");
+    }
+    const output = [];
+    for (let i = 0; i < data.length; i += 16) {
+      output.push(this._encryptBlock(data.slice(i, i + 16)));
+    }
+    this._buffer = new Uint8Array(0);
+    if (output.length === 0) return encodeOutput(new Uint8Array(0), outputEncoding);
+    const result = new Uint8Array(output.length * 16);
+    for (let i = 0; i < output.length; i++) result.set(output[i], i * 16);
+    return encodeOutput(result, outputEncoding);
+  }
+  _encryptBlock(block) {
+    if (this._mode === "cbc") {
+      const xored = new Uint8Array(16);
+      for (let i = 0; i < 16; i++) xored[i] = block[i] ^ this._prevBlock[i];
+      const encrypted = aesEncryptBlock(xored, this._roundKeys);
+      this._prevBlock = encrypted;
+      return encrypted;
+    } else if (this._mode === "ecb") {
+      return aesEncryptBlock(block, this._roundKeys);
+    }
+    throw new Error(`Block encryption not supported for mode: ${this._mode}`);
+  }
+  _processStream(data) {
+    const output = new Uint8Array(data.length);
+    for (let i = 0; i < data.length; i += 16) {
+      const keystream = aesEncryptBlock(this._counter, this._roundKeys);
+      const remaining = Math.min(16, data.length - i);
+      for (let j = 0; j < remaining; j++) {
+        output[i + j] = data[i + j] ^ keystream[j];
+      }
+      incrementCounter(this._counter);
+    }
+    return output;
+  }
+  /**
+   * GCM encryption: CTR mode encryption, also accumulates ciphertext for GHASH.
+   */
+  _processGcmEncrypt(data) {
+    const output = new Uint8Array(data.length);
+    for (let i = 0; i < data.length; i += 16) {
+      const keystream = aesEncryptBlock(this._counter, this._roundKeys);
+      const remaining = Math.min(16, data.length - i);
+      for (let j = 0; j < remaining; j++) {
+        output[i + j] = data[i + j] ^ keystream[j];
+      }
+      gcmIncrementCounter(this._counter);
+    }
+    this._gcmCiphertext.push(new Uint8Array(output));
+    this._gcmCiphertextLen += output.length;
+    return output;
+  }
+}
+class Decipher extends CipherBase {
+  _prevBlock;
+  _counter;
+  _pendingUtf8 = new Uint8Array(0);
+  // GCM state
+  _gcmH = null;
+  // Hash subkey H = AES_K(0^128)
+  _gcmJ0 = null;
+  // Initial counter J0
+  _gcmAAD = new Uint8Array(0);
+  // Additional authenticated data
+  _gcmCiphertext = [];
+  // Accumulated ciphertext for GHASH
+  _gcmCiphertextLen = 0;
+  // Total ciphertext length
+  _gcmExpectedTag = null;
+  // Expected authentication tag
+  _gcmAADSet = false;
+  // Whether setAAD was called
+  constructor(algorithm, key, iv) {
+    super(algorithm, key, iv);
+    this._prevBlock = new Uint8Array(this._iv);
+    if (this._mode === "gcm") {
+      this._gcmH = aesEncryptBlock(new Uint8Array(16), this._roundKeys);
+      this._gcmJ0 = new Uint8Array(16);
+      this._gcmJ0.set(this._iv.subarray(0, 12));
+      this._gcmJ0[15] = 1;
+      this._counter = new Uint8Array(this._gcmJ0);
+      gcmIncrementCounter(this._counter);
+    } else {
+      this._counter = new Uint8Array(this._iv);
+    }
+  }
+  /**
+   * Set Additional Authenticated Data for GCM mode.
+   * Must be called before any update() calls.
+   */
+  setAAD(data) {
+    if (this._mode !== "gcm") {
+      throw new Error("setAAD is only supported in GCM mode");
+    }
+    if (this._gcmCiphertextLen > 0) {
+      throw new Error("setAAD must be called before update()");
+    }
+    this._gcmAAD = new Uint8Array(data);
+    this._gcmAADSet = true;
+    return this;
+  }
+  /**
+   * Set the expected authentication tag for GCM decryption.
+   * Must be called before final().
+   */
+  setAuthTag(tag) {
+    if (this._mode !== "gcm") {
+      throw new Error("setAuthTag is only supported in GCM mode");
+    }
+    this._gcmExpectedTag = Buffer.from(tag);
+    return this;
+  }
+  _encodeWithUtf8Handling(bytes, encoding, isFinal) {
+    if (!encoding || encoding !== "utf8" && encoding !== "utf-8") {
+      return encodeOutput(bytes, encoding);
+    }
+    let data;
+    if (this._pendingUtf8.length > 0) {
+      data = new Uint8Array(this._pendingUtf8.length + bytes.length);
+      data.set(this._pendingUtf8);
+      data.set(bytes, this._pendingUtf8.length);
+      this._pendingUtf8 = new Uint8Array(0);
+    } else {
+      data = bytes;
+    }
+    if (!isFinal) {
+      const tail = incompleteUtf8Tail(data);
+      if (tail > 0) {
+        this._pendingUtf8 = new Uint8Array(data.slice(data.length - tail));
+        data = new Uint8Array(data.slice(0, data.length - tail));
+      }
+    }
+    return Buffer.from(data).toString("utf8");
+  }
+  update(data, inputEncoding, outputEncoding) {
+    const input = toBuffer(data, inputEncoding);
+    const combined = new Uint8Array(this._buffer.length + input.length);
+    combined.set(this._buffer);
+    combined.set(input, this._buffer.length);
+    if (this._mode === "gcm") {
+      this._gcmCiphertext.push(new Uint8Array(combined));
+      this._gcmCiphertextLen += combined.length;
+      const output2 = this._processGcmDecrypt(combined);
+      this._buffer = new Uint8Array(0);
+      return this._encodeWithUtf8Handling(output2, outputEncoding, false);
+    }
+    if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
+      const output2 = this._processStream(combined);
+      this._buffer = new Uint8Array(0);
+      return this._encodeWithUtf8Handling(output2, outputEncoding, false);
+    }
+    const fullBlocks = Math.floor(combined.length / 16);
+    if (fullBlocks === 0) {
+      this._buffer = combined;
+      return this._encodeWithUtf8Handling(new Uint8Array(0), outputEncoding, false);
+    }
+    const processBlocks = this._autoPadding ? fullBlocks - 1 : fullBlocks;
+    const processLen = processBlocks * 16;
+    const output = [];
+    for (let i = 0; i < processLen; i += 16) {
+      const block = combined.slice(i, i + 16);
+      output.push(this._decryptBlock(block));
+    }
+    this._buffer = combined.slice(processLen);
+    const result = new Uint8Array(output.length * 16);
+    for (let i = 0; i < output.length; i++) result.set(output[i], i * 16);
+    return this._encodeWithUtf8Handling(result, outputEncoding, false);
+  }
+  final(outputEncoding) {
+    if (this._finalized) throw new Error("Decipher already finalized");
+    this._finalized = true;
+    if (this._mode === "gcm") {
+      let finalOutput = new Uint8Array(0);
+      if (this._buffer.length > 0) {
+        this._gcmCiphertext.push(new Uint8Array(this._buffer));
+        this._gcmCiphertextLen += this._buffer.length;
+        finalOutput = this._processGcmDecrypt(this._buffer);
+        this._buffer = new Uint8Array(0);
+      }
+      if (!this._gcmExpectedTag) {
+        throw new Error("Unsupported state or unable to authenticate data");
+      }
+      const allCiphertext = new Uint8Array(this._gcmCiphertextLen);
+      let offset = 0;
+      for (const chunk of this._gcmCiphertext) {
+        allCiphertext.set(chunk, offset);
+        offset += chunk.length;
+      }
+      const ghashResult = ghash(this._gcmH, this._gcmAAD, allCiphertext);
+      const encJ0 = aesEncryptBlock(this._gcmJ0, this._roundKeys);
+      const computedTag = new Uint8Array(16);
+      for (let i = 0; i < 16; i++) computedTag[i] = ghashResult[i] ^ encJ0[i];
+      const expectedTag = this._gcmExpectedTag;
+      const tagLen = Math.min(expectedTag.length, 16);
+      let diff = 0;
+      for (let i = 0; i < tagLen; i++) {
+        diff |= computedTag[i] ^ expectedTag[i];
+      }
+      if (diff !== 0) {
+        throw new Error("Unsupported state or unable to authenticate data");
+      }
+      return this._encodeWithUtf8Handling(finalOutput, outputEncoding, true);
+    }
+    if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
+      if (this._buffer.length > 0) {
+        const output2 = this._processStream(this._buffer);
+        this._buffer = new Uint8Array(0);
+        return this._encodeWithUtf8Handling(output2, outputEncoding, true);
+      }
+      return this._encodeWithUtf8Handling(new Uint8Array(0), outputEncoding, true);
+    }
+    if (this._buffer.length === 0) {
+      return this._encodeWithUtf8Handling(new Uint8Array(0), outputEncoding, true);
+    }
+    if (this._buffer.length % 16 !== 0) {
+      throw new Error("bad decrypt");
+    }
+    const output = [];
+    for (let i = 0; i < this._buffer.length; i += 16) {
+      output.push(this._decryptBlock(this._buffer.slice(i, i + 16)));
+    }
+    const combined = new Uint8Array(output.length * 16);
+    for (let i = 0; i < output.length; i++) combined.set(output[i], i * 16);
+    const result = this._autoPadding ? pkcs7Unpad(combined) : combined;
+    this._buffer = new Uint8Array(0);
+    return this._encodeWithUtf8Handling(result, outputEncoding, true);
+  }
+  _decryptBlock(block) {
+    if (this._mode === "cbc") {
+      const decrypted = aesDecryptBlock(block, this._roundKeys);
+      const output = new Uint8Array(16);
+      for (let i = 0; i < 16; i++) output[i] = decrypted[i] ^ this._prevBlock[i];
+      this._prevBlock = new Uint8Array(block);
+      return output;
+    } else if (this._mode === "ecb") {
+      return aesDecryptBlock(block, this._roundKeys);
+    }
+    throw new Error(`Block decryption not supported for mode: ${this._mode}`);
+  }
+  _processStream(data) {
+    const output = new Uint8Array(data.length);
+    for (let i = 0; i < data.length; i += 16) {
+      const keystream = aesEncryptBlock(this._counter, this._roundKeys);
+      const remaining = Math.min(16, data.length - i);
+      for (let j = 0; j < remaining; j++) {
+        output[i + j] = data[i + j] ^ keystream[j];
+      }
+      incrementCounter(this._counter);
+    }
+    return output;
+  }
+  /**
+   * GCM decryption: CTR mode decryption (same as encryption, since CTR is symmetric).
+   */
+  _processGcmDecrypt(data) {
+    const output = new Uint8Array(data.length);
+    for (let i = 0; i < data.length; i += 16) {
+      const keystream = aesEncryptBlock(this._counter, this._roundKeys);
+      const remaining = Math.min(16, data.length - i);
+      for (let j = 0; j < remaining; j++) {
+        output[i + j] = data[i + j] ^ keystream[j];
+      }
+      gcmIncrementCounter(this._counter);
+    }
+    return output;
+  }
+}
+function createCipher(_algorithm, _password) {
+  throw new Error("crypto.createCipher() is deprecated. Use createCipheriv() instead.");
+}
+function createCipheriv(algorithm, key, iv) {
+  const keyBuf = typeof key === "string" ? Buffer.from(key) : new Uint8Array(key);
+  const ivBuf = iv == null ? null : typeof iv === "string" ? Buffer.from(iv) : new Uint8Array(iv);
+  return new Cipher(algorithm, keyBuf, ivBuf);
+}
+function createDecipher(_algorithm, _password) {
+  throw new Error("crypto.createDecipher() is deprecated. Use createDecipheriv() instead.");
+}
+function createDecipheriv(algorithm, key, iv) {
+  const keyBuf = typeof key === "string" ? Buffer.from(key) : new Uint8Array(key);
+  const ivBuf = iv == null ? null : typeof iv === "string" ? Buffer.from(iv) : new Uint8Array(iv);
+  return new Decipher(algorithm, keyBuf, ivBuf);
+}
+function getCiphers() {
+  return [
+    "aes-128-cbc",
+    "aes-128-ecb",
+    "aes-192-cbc",
+    "aes-192-ecb",
+    "aes-256-cbc",
+    "aes-256-ecb",
+    "aes-128-ctr",
+    "aes-192-ctr",
+    "aes-256-ctr",
+    "aes-128-cfb",
+    "aes-192-cfb",
+    "aes-256-cfb",
+    "aes-128-gcm",
+    "aes-192-gcm",
+    "aes-256-gcm"
+  ];
+}
+export {
+  createCipher,
+  createCipheriv,
+  createDecipher,
+  createDecipheriv,
+  getCiphers
+};