@gjsify/crypto 0.3.12 → 0.3.14

package/lib/esm/cipher.js

@@ -1,1272 +1,1295 @@
 import { Buffer } from "node:buffer";
+
+//#region src/cipher.ts
 const SBOX = new Uint8Array([
-  99,
-  124,
-  119,
-  123,
-  242,
-  107,
-  111,
-  197,
-  48,
-  1,
-  103,
-  43,
-  254,
-  215,
-  171,
-  118,
-  202,
-  130,
-  201,
-  125,
-  250,
-  89,
-  71,
-  240,
-  173,
-  212,
-  162,
-  175,
-  156,
-  164,
-  114,
-  192,
-  183,
-  253,
-  147,
-  38,
-  54,
-  63,
-  247,
-  204,
-  52,
-  165,
-  229,
-  241,
-  113,
-  216,
-  49,
-  21,
-  4,
-  199,
-  35,
-  195,
-  24,
-  150,
-  5,
-  154,
-  7,
-  18,
-  128,
-  226,
-  235,
-  39,
-  178,
-  117,
-  9,
-  131,
-  44,
-  26,
-  27,
-  110,
-  90,
-  160,
-  82,
-  59,
-  214,
-  179,
-  41,
-  227,
-  47,
-  132,
-  83,
-  209,
-  0,
-  237,
-  32,
-  252,
-  177,
-  91,
-  106,
-  203,
-  190,
-  57,
-  74,
-  76,
-  88,
-  207,
-  208,
-  239,
-  170,
-  251,
-  67,
-  77,
-  51,
-  133,
-  69,
-  249,
-  2,
-  127,
-  80,
-  60,
-  159,
-  168,
-  81,
-  163,
-  64,
-  143,
-  146,
-  157,
-  56,
-  245,
-  188,
-  182,
-  218,
-  33,
-  16,
-  255,
-  243,
-  210,
-  205,
-  12,
-  19,
-  236,
-  95,
-  151,
-  68,
-  23,
-  196,
-  167,
-  126,
-  61,
-  100,
-  93,
-  25,
-  115,
-  96,
-  129,
-  79,
-  220,
-  34,
-  42,
-  144,
-  136,
-  70,
-  238,
-  184,
-  20,
-  222,
-  94,
-  11,
-  219,
-  224,
-  50,
-  58,
-  10,
-  73,
-  6,
-  36,
-  92,
-  194,
-  211,
-  172,
-  98,
-  145,
-  149,
-  228,
-  121,
-  231,
-  200,
-  55,
-  109,
-  141,
-  213,
-  78,
-  169,
-  108,
-  86,
-  244,
-  234,
-  101,
-  122,
-  174,
-  8,
-  186,
-  120,
-  37,
-  46,
-  28,
-  166,
-  180,
-  198,
-  232,
-  221,
-  116,
-  31,
-  75,
-  189,
-  139,
-  138,
-  112,
-  62,
-  181,
-  102,
-  72,
-  3,
-  246,
-  14,
-  97,
-  53,
-  87,
-  185,
-  134,
-  193,
-  29,
-  158,
-  225,
-  248,
-  152,
-  17,
-  105,
-  217,
-  142,
-  148,
-  155,
-  30,
-  135,
-  233,
-  206,
-  85,
-  40,
-  223,
-  140,
-  161,
-  137,
-  13,
-  191,
-  230,
-  66,
-  104,
-  65,
-  153,
-  45,
-  15,
-  176,
-  84,
-  187,
-  22
+	99,
+	124,
+	119,
+	123,
+	242,
+	107,
+	111,
+	197,
+	48,
+	1,
+	103,
+	43,
+	254,
+	215,
+	171,
+	118,
+	202,
+	130,
+	201,
+	125,
+	250,
+	89,
+	71,
+	240,
+	173,
+	212,
+	162,
+	175,
+	156,
+	164,
+	114,
+	192,
+	183,
+	253,
+	147,
+	38,
+	54,
+	63,
+	247,
+	204,
+	52,
+	165,
+	229,
+	241,
+	113,
+	216,
+	49,
+	21,
+	4,
+	199,
+	35,
+	195,
+	24,
+	150,
+	5,
+	154,
+	7,
+	18,
+	128,
+	226,
+	235,
+	39,
+	178,
+	117,
+	9,
+	131,
+	44,
+	26,
+	27,
+	110,
+	90,
+	160,
+	82,
+	59,
+	214,
+	179,
+	41,
+	227,
+	47,
+	132,
+	83,
+	209,
+	0,
+	237,
+	32,
+	252,
+	177,
+	91,
+	106,
+	203,
+	190,
+	57,
+	74,
+	76,
+	88,
+	207,
+	208,
+	239,
+	170,
+	251,
+	67,
+	77,
+	51,
+	133,
+	69,
+	249,
+	2,
+	127,
+	80,
+	60,
+	159,
+	168,
+	81,
+	163,
+	64,
+	143,
+	146,
+	157,
+	56,
+	245,
+	188,
+	182,
+	218,
+	33,
+	16,
+	255,
+	243,
+	210,
+	205,
+	12,
+	19,
+	236,
+	95,
+	151,
+	68,
+	23,
+	196,
+	167,
+	126,
+	61,
+	100,
+	93,
+	25,
+	115,
+	96,
+	129,
+	79,
+	220,
+	34,
+	42,
+	144,
+	136,
+	70,
+	238,
+	184,
+	20,
+	222,
+	94,
+	11,
+	219,
+	224,
+	50,
+	58,
+	10,
+	73,
+	6,
+	36,
+	92,
+	194,
+	211,
+	172,
+	98,
+	145,
+	149,
+	228,
+	121,
+	231,
+	200,
+	55,
+	109,
+	141,
+	213,
+	78,
+	169,
+	108,
+	86,
+	244,
+	234,
+	101,
+	122,
+	174,
+	8,
+	186,
+	120,
+	37,
+	46,
+	28,
+	166,
+	180,
+	198,
+	232,
+	221,
+	116,
+	31,
+	75,
+	189,
+	139,
+	138,
+	112,
+	62,
+	181,
+	102,
+	72,
+	3,
+	246,
+	14,
+	97,
+	53,
+	87,
+	185,
+	134,
+	193,
+	29,
+	158,
+	225,
+	248,
+	152,
+	17,
+	105,
+	217,
+	142,
+	148,
+	155,
+	30,
+	135,
+	233,
+	206,
+	85,
+	40,
+	223,
+	140,
+	161,
+	137,
+	13,
+	191,
+	230,
+	66,
+	104,
+	65,
+	153,
+	45,
+	15,
+	176,
+	84,
+	187,
+	22
 ]);
 const INV_SBOX = new Uint8Array([
-  82,
-  9,
-  106,
-  213,
-  48,
-  54,
-  165,
-  56,
-  191,
-  64,
-  163,
-  158,
-  129,
-  243,
-  215,
-  251,
-  124,
-  227,
-  57,
-  130,
-  155,
-  47,
-  255,
-  135,
-  52,
-  142,
-  67,
-  68,
-  196,
-  222,
-  233,
-  203,
-  84,
-  123,
-  148,
-  50,
-  166,
-  194,
-  35,
-  61,
-  238,
-  76,
-  149,
-  11,
-  66,
-  250,
-  195,
-  78,
-  8,
-  46,
-  161,
-  102,
-  40,
-  217,
-  36,
-  178,
-  118,
-  91,
-  162,
-  73,
-  109,
-  139,
-  209,
-  37,
-  114,
-  248,
-  246,
-  100,
-  134,
-  104,
-  152,
-  22,
-  212,
-  164,
-  92,
-  204,
-  93,
-  101,
-  182,
-  146,
-  108,
-  112,
-  72,
-  80,
-  253,
-  237,
-  185,
-  218,
-  94,
-  21,
-  70,
-  87,
-  167,
-  141,
-  157,
-  132,
-  144,
-  216,
-  171,
-  0,
-  140,
-  188,
-  211,
-  10,
-  247,
-  228,
-  88,
-  5,
-  184,
-  179,
-  69,
-  6,
-  208,
-  44,
-  30,
-  143,
-  202,
-  63,
-  15,
-  2,
-  193,
-  175,
-  189,
-  3,
-  1,
-  19,
-  138,
-  107,
-  58,
-  145,
-  17,
-  65,
-  79,
-  103,
-  220,
-  234,
-  151,
-  242,
-  207,
-  206,
-  240,
-  180,
-  230,
-  115,
-  150,
-  172,
-  116,
-  34,
-  231,
-  173,
-  53,
-  133,
-  226,
-  249,
-  55,
-  232,
-  28,
-  117,
-  223,
-  110,
-  71,
-  241,
-  26,
-  113,
-  29,
-  41,
-  197,
-  137,
-  111,
-  183,
-  98,
-  14,
-  170,
-  24,
-  190,
-  27,
-  252,
-  86,
-  62,
-  75,
-  198,
-  210,
-  121,
-  32,
-  154,
-  219,
-  192,
-  254,
-  120,
-  205,
-  90,
-  244,
-  31,
-  221,
-  168,
-  51,
-  136,
-  7,
-  199,
-  49,
-  177,
-  18,
-  16,
-  89,
-  39,
-  128,
-  236,
-  95,
-  96,
-  81,
-  127,
-  169,
-  25,
-  181,
-  74,
-  13,
-  45,
-  229,
-  122,
-  159,
-  147,
-  201,
-  156,
-  239,
-  160,
-  224,
-  59,
-  77,
-  174,
-  42,
-  245,
-  176,
-  200,
-  235,
-  187,
-  60,
-  131,
-  83,
-  153,
-  97,
-  23,
-  43,
-  4,
-  126,
-  186,
-  119,
-  214,
-  38,
-  225,
-  105,
-  20,
-  99,
-  85,
-  33,
-  12,
-  125
+	82,
+	9,
+	106,
+	213,
+	48,
+	54,
+	165,
+	56,
+	191,
+	64,
+	163,
+	158,
+	129,
+	243,
+	215,
+	251,
+	124,
+	227,
+	57,
+	130,
+	155,
+	47,
+	255,
+	135,
+	52,
+	142,
+	67,
+	68,
+	196,
+	222,
+	233,
+	203,
+	84,
+	123,
+	148,
+	50,
+	166,
+	194,
+	35,
+	61,
+	238,
+	76,
+	149,
+	11,
+	66,
+	250,
+	195,
+	78,
+	8,
+	46,
+	161,
+	102,
+	40,
+	217,
+	36,
+	178,
+	118,
+	91,
+	162,
+	73,
+	109,
+	139,
+	209,
+	37,
+	114,
+	248,
+	246,
+	100,
+	134,
+	104,
+	152,
+	22,
+	212,
+	164,
+	92,
+	204,
+	93,
+	101,
+	182,
+	146,
+	108,
+	112,
+	72,
+	80,
+	253,
+	237,
+	185,
+	218,
+	94,
+	21,
+	70,
+	87,
+	167,
+	141,
+	157,
+	132,
+	144,
+	216,
+	171,
+	0,
+	140,
+	188,
+	211,
+	10,
+	247,
+	228,
+	88,
+	5,
+	184,
+	179,
+	69,
+	6,
+	208,
+	44,
+	30,
+	143,
+	202,
+	63,
+	15,
+	2,
+	193,
+	175,
+	189,
+	3,
+	1,
+	19,
+	138,
+	107,
+	58,
+	145,
+	17,
+	65,
+	79,
+	103,
+	220,
+	234,
+	151,
+	242,
+	207,
+	206,
+	240,
+	180,
+	230,
+	115,
+	150,
+	172,
+	116,
+	34,
+	231,
+	173,
+	53,
+	133,
+	226,
+	249,
+	55,
+	232,
+	28,
+	117,
+	223,
+	110,
+	71,
+	241,
+	26,
+	113,
+	29,
+	41,
+	197,
+	137,
+	111,
+	183,
+	98,
+	14,
+	170,
+	24,
+	190,
+	27,
+	252,
+	86,
+	62,
+	75,
+	198,
+	210,
+	121,
+	32,
+	154,
+	219,
+	192,
+	254,
+	120,
+	205,
+	90,
+	244,
+	31,
+	221,
+	168,
+	51,
+	136,
+	7,
+	199,
+	49,
+	177,
+	18,
+	16,
+	89,
+	39,
+	128,
+	236,
+	95,
+	96,
+	81,
+	127,
+	169,
+	25,
+	181,
+	74,
+	13,
+	45,
+	229,
+	122,
+	159,
+	147,
+	201,
+	156,
+	239,
+	160,
+	224,
+	59,
+	77,
+	174,
+	42,
+	245,
+	176,
+	200,
+	235,
+	187,
+	60,
+	131,
+	83,
+	153,
+	97,
+	23,
+	43,
+	4,
+	126,
+	186,
+	119,
+	214,
+	38,
+	225,
+	105,
+	20,
+	99,
+	85,
+	33,
+	12,
+	125
 ]);
-const RCON = [1, 2, 4, 8, 16, 32, 64, 128, 27, 54];
+const RCON = [
+	1,
+	2,
+	4,
+	8,
+	16,
+	32,
+	64,
+	128,
+	27,
+	54
+];
 function gmul(a, b) {
-  let p = 0;
-  for (let i = 0; i < 8; i++) {
-    if (b & 1) p ^= a;
-    const hi = a & 128;
-    a = a << 1 & 255;
-    if (hi) a ^= 27;
-    b >>= 1;
-  }
-  return p;
+	let p = 0;
+	for (let i = 0; i < 8; i++) {
+		if (b & 1) p ^= a;
+		const hi = a & 128;
+		a = a << 1 & 255;
+		if (hi) a ^= 27;
+		b >>= 1;
+	}
+	return p;
 }
 function keyExpansion(key) {
-  const nk = key.length / 4;
-  const nr = nk + 6;
-  const nw = 4 * (nr + 1);
-  const w = new Array(nw);
-  for (let i = 0; i < nk; i++) {
-    w[i] = new Uint8Array([key[4 * i], key[4 * i + 1], key[4 * i + 2], key[4 * i + 3]]);
-  }
-  for (let i = nk; i < nw; i++) {
-    let temp = new Uint8Array(w[i - 1]);
-    if (i % nk === 0) {
-      temp = new Uint8Array([
-        SBOX[temp[1]] ^ RCON[i / nk - 1],
-        SBOX[temp[2]],
-        SBOX[temp[3]],
-        SBOX[temp[0]]
-      ]);
-    } else if (nk > 6 && i % nk === 4) {
-      temp = new Uint8Array([SBOX[temp[0]], SBOX[temp[1]], SBOX[temp[2]], SBOX[temp[3]]]);
-    }
-    w[i] = new Uint8Array(4);
-    for (let j = 0; j < 4; j++) w[i][j] = w[i - nk][j] ^ temp[j];
-  }
-  const roundKeys = [];
-  for (let r = 0; r <= nr; r++) {
-    const rk = new Uint8Array(16);
-    for (let c = 0; c < 4; c++) {
-      rk[4 * c] = w[4 * r + c][0];
-      rk[4 * c + 1] = w[4 * r + c][1];
-      rk[4 * c + 2] = w[4 * r + c][2];
-      rk[4 * c + 3] = w[4 * r + c][3];
-    }
-    roundKeys.push(rk);
-  }
-  return roundKeys;
+	const nk = key.length / 4;
+	const nr = nk + 6;
+	const nw = 4 * (nr + 1);
+	const w = new Array(nw);
+	for (let i = 0; i < nk; i++) {
+		w[i] = new Uint8Array([
+			key[4 * i],
+			key[4 * i + 1],
+			key[4 * i + 2],
+			key[4 * i + 3]
+		]);
+	}
+	for (let i = nk; i < nw; i++) {
+		let temp = new Uint8Array(w[i - 1]);
+		if (i % nk === 0) {
+			temp = new Uint8Array([
+				SBOX[temp[1]] ^ RCON[i / nk - 1],
+				SBOX[temp[2]],
+				SBOX[temp[3]],
+				SBOX[temp[0]]
+			]);
+		} else if (nk > 6 && i % nk === 4) {
+			temp = new Uint8Array([
+				SBOX[temp[0]],
+				SBOX[temp[1]],
+				SBOX[temp[2]],
+				SBOX[temp[3]]
+			]);
+		}
+		w[i] = new Uint8Array(4);
+		for (let j = 0; j < 4; j++) w[i][j] = w[i - nk][j] ^ temp[j];
+	}
+	const roundKeys = [];
+	for (let r = 0; r <= nr; r++) {
+		const rk = new Uint8Array(16);
+		for (let c = 0; c < 4; c++) {
+			rk[4 * c] = w[4 * r + c][0];
+			rk[4 * c + 1] = w[4 * r + c][1];
+			rk[4 * c + 2] = w[4 * r + c][2];
+			rk[4 * c + 3] = w[4 * r + c][3];
+		}
+		roundKeys.push(rk);
+	}
+	return roundKeys;
 }
 function aesEncryptBlock(block, roundKeys) {
-  const state = new Uint8Array(block);
-  const nr = roundKeys.length - 1;
-  for (let i = 0; i < 16; i++) state[i] ^= roundKeys[0][i];
-  for (let round = 1; round < nr; round++) {
-    for (let i = 0; i < 16; i++) state[i] = SBOX[state[i]];
-    const t1 = state[1];
-    state[1] = state[5];
-    state[5] = state[9];
-    state[9] = state[13];
-    state[13] = t1;
-    const t2a = state[2];
-    const t2b = state[6];
-    state[2] = state[10];
-    state[6] = state[14];
-    state[10] = t2a;
-    state[14] = t2b;
-    const t3 = state[15];
-    state[15] = state[11];
-    state[11] = state[7];
-    state[7] = state[3];
-    state[3] = t3;
-    for (let c = 0; c < 4; c++) {
-      const i = c * 4;
-      const a0 = state[i], a1 = state[i + 1], a2 = state[i + 2], a3 = state[i + 3];
-      state[i] = gmul(2, a0) ^ gmul(3, a1) ^ a2 ^ a3;
-      state[i + 1] = a0 ^ gmul(2, a1) ^ gmul(3, a2) ^ a3;
-      state[i + 2] = a0 ^ a1 ^ gmul(2, a2) ^ gmul(3, a3);
-      state[i + 3] = gmul(3, a0) ^ a1 ^ a2 ^ gmul(2, a3);
-    }
-    for (let i = 0; i < 16; i++) state[i] ^= roundKeys[round][i];
-  }
-  for (let i = 0; i < 16; i++) state[i] = SBOX[state[i]];
-  const t1f = state[1];
-  state[1] = state[5];
-  state[5] = state[9];
-  state[9] = state[13];
-  state[13] = t1f;
-  const t2af = state[2];
-  const t2bf = state[6];
-  state[2] = state[10];
-  state[6] = state[14];
-  state[10] = t2af;
-  state[14] = t2bf;
-  const t3f = state[15];
-  state[15] = state[11];
-  state[11] = state[7];
-  state[7] = state[3];
-  state[3] = t3f;
-  for (let i = 0; i < 16; i++) state[i] ^= roundKeys[nr][i];
-  return state;
+	const state = new Uint8Array(block);
+	const nr = roundKeys.length - 1;
+	for (let i = 0; i < 16; i++) state[i] ^= roundKeys[0][i];
+	for (let round = 1; round < nr; round++) {
+		for (let i = 0; i < 16; i++) state[i] = SBOX[state[i]];
+		const t1 = state[1];
+		state[1] = state[5];
+		state[5] = state[9];
+		state[9] = state[13];
+		state[13] = t1;
+		const t2a = state[2];
+		const t2b = state[6];
+		state[2] = state[10];
+		state[6] = state[14];
+		state[10] = t2a;
+		state[14] = t2b;
+		const t3 = state[15];
+		state[15] = state[11];
+		state[11] = state[7];
+		state[7] = state[3];
+		state[3] = t3;
+		for (let c = 0; c < 4; c++) {
+			const i = c * 4;
+			const a0 = state[i], a1 = state[i + 1], a2 = state[i + 2], a3 = state[i + 3];
+			state[i] = gmul(2, a0) ^ gmul(3, a1) ^ a2 ^ a3;
+			state[i + 1] = a0 ^ gmul(2, a1) ^ gmul(3, a2) ^ a3;
+			state[i + 2] = a0 ^ a1 ^ gmul(2, a2) ^ gmul(3, a3);
+			state[i + 3] = gmul(3, a0) ^ a1 ^ a2 ^ gmul(2, a3);
+		}
+		for (let i = 0; i < 16; i++) state[i] ^= roundKeys[round][i];
+	}
+	for (let i = 0; i < 16; i++) state[i] = SBOX[state[i]];
+	const t1f = state[1];
+	state[1] = state[5];
+	state[5] = state[9];
+	state[9] = state[13];
+	state[13] = t1f;
+	const t2af = state[2];
+	const t2bf = state[6];
+	state[2] = state[10];
+	state[6] = state[14];
+	state[10] = t2af;
+	state[14] = t2bf;
+	const t3f = state[15];
+	state[15] = state[11];
+	state[11] = state[7];
+	state[7] = state[3];
+	state[3] = t3f;
+	for (let i = 0; i < 16; i++) state[i] ^= roundKeys[nr][i];
+	return state;
 }
 function aesDecryptBlock(block, roundKeys) {
-  const state = new Uint8Array(block);
-  const nr = roundKeys.length - 1;
-  for (let i = 0; i < 16; i++) state[i] ^= roundKeys[nr][i];
-  for (let round = nr - 1; round > 0; round--) {
-    const t1 = state[13];
-    state[13] = state[9];
-    state[9] = state[5];
-    state[5] = state[1];
-    state[1] = t1;
-    const t2a = state[10];
-    const t2b = state[14];
-    state[10] = state[2];
-    state[14] = state[6];
-    state[2] = t2a;
-    state[6] = t2b;
-    const t3 = state[3];
-    state[3] = state[7];
-    state[7] = state[11];
-    state[11] = state[15];
-    state[15] = t3;
-    for (let i = 0; i < 16; i++) state[i] = INV_SBOX[state[i]];
-    for (let i = 0; i < 16; i++) state[i] ^= roundKeys[round][i];
-    for (let c = 0; c < 4; c++) {
-      const i = c * 4;
-      const a0 = state[i], a1 = state[i + 1], a2 = state[i + 2], a3 = state[i + 3];
-      state[i] = gmul(14, a0) ^ gmul(11, a1) ^ gmul(13, a2) ^ gmul(9, a3);
-      state[i + 1] = gmul(9, a0) ^ gmul(14, a1) ^ gmul(11, a2) ^ gmul(13, a3);
-      state[i + 2] = gmul(13, a0) ^ gmul(9, a1) ^ gmul(14, a2) ^ gmul(11, a3);
-      state[i + 3] = gmul(11, a0) ^ gmul(13, a1) ^ gmul(9, a2) ^ gmul(14, a3);
-    }
-  }
-  const t1f = state[13];
-  state[13] = state[9];
-  state[9] = state[5];
-  state[5] = state[1];
-  state[1] = t1f;
-  const t2af = state[10];
-  const t2bf = state[14];
-  state[10] = state[2];
-  state[14] = state[6];
-  state[2] = t2af;
-  state[6] = t2bf;
-  const t3f = state[3];
-  state[3] = state[7];
-  state[7] = state[11];
-  state[11] = state[15];
-  state[15] = t3f;
-  for (let i = 0; i < 16; i++) state[i] = INV_SBOX[state[i]];
-  for (let i = 0; i < 16; i++) state[i] ^= roundKeys[0][i];
-  return state;
+	const state = new Uint8Array(block);
+	const nr = roundKeys.length - 1;
+	for (let i = 0; i < 16; i++) state[i] ^= roundKeys[nr][i];
+	for (let round = nr - 1; round > 0; round--) {
+		const t1 = state[13];
+		state[13] = state[9];
+		state[9] = state[5];
+		state[5] = state[1];
+		state[1] = t1;
+		const t2a = state[10];
+		const t2b = state[14];
+		state[10] = state[2];
+		state[14] = state[6];
+		state[2] = t2a;
+		state[6] = t2b;
+		const t3 = state[3];
+		state[3] = state[7];
+		state[7] = state[11];
+		state[11] = state[15];
+		state[15] = t3;
+		for (let i = 0; i < 16; i++) state[i] = INV_SBOX[state[i]];
+		for (let i = 0; i < 16; i++) state[i] ^= roundKeys[round][i];
+		for (let c = 0; c < 4; c++) {
+			const i = c * 4;
+			const a0 = state[i], a1 = state[i + 1], a2 = state[i + 2], a3 = state[i + 3];
+			state[i] = gmul(14, a0) ^ gmul(11, a1) ^ gmul(13, a2) ^ gmul(9, a3);
+			state[i + 1] = gmul(9, a0) ^ gmul(14, a1) ^ gmul(11, a2) ^ gmul(13, a3);
+			state[i + 2] = gmul(13, a0) ^ gmul(9, a1) ^ gmul(14, a2) ^ gmul(11, a3);
+			state[i + 3] = gmul(11, a0) ^ gmul(13, a1) ^ gmul(9, a2) ^ gmul(14, a3);
+		}
+	}
+	const t1f = state[13];
+	state[13] = state[9];
+	state[9] = state[5];
+	state[5] = state[1];
+	state[1] = t1f;
+	const t2af = state[10];
+	const t2bf = state[14];
+	state[10] = state[2];
+	state[14] = state[6];
+	state[2] = t2af;
+	state[6] = t2bf;
+	const t3f = state[3];
+	state[3] = state[7];
+	state[7] = state[11];
+	state[11] = state[15];
+	state[15] = t3f;
+	for (let i = 0; i < 16; i++) state[i] = INV_SBOX[state[i]];
+	for (let i = 0; i < 16; i++) state[i] ^= roundKeys[0][i];
+	return state;
 }
 function incrementCounter(counter) {
-  for (let i = 15; i >= 0; i--) {
-    if (++counter[i] !== 0) break;
-  }
+	for (let i = 15; i >= 0; i--) {
+		if (++counter[i] !== 0) break;
+	}
 }
 function gcmIncrementCounter(counter) {
-  for (let i = 15; i >= 12; i--) {
-    if (++counter[i] !== 0) break;
-  }
+	for (let i = 15; i >= 12; i--) {
+		if (++counter[i] !== 0) break;
+	}
 }
+/**
+* Multiply two 128-bit values in GF(2^128) using the irreducible polynomial
+* x^128 + x^7 + x^2 + x + 1 (represented as R = 0xe1 << 120).
+*
+* X and Y are 16-byte Uint8Arrays (big-endian bit ordering).
+* Returns a new 16-byte Uint8Array.
+*/
 function gfMul(X, Y) {
-  const Z = new Uint8Array(16);
-  const V = new Uint8Array(X);
-  for (let i = 0; i < 128; i++) {
-    if (Y[i >>> 3] & 1 << 7 - (i & 7)) {
-      for (let j = 0; j < 16; j++) Z[j] ^= V[j];
-    }
-    const lsb = V[15] & 1;
-    for (let j = 15; j > 0; j--) {
-      V[j] = V[j] >>> 1 | (V[j - 1] & 1) << 7;
-    }
-    V[0] = V[0] >>> 1;
-    if (lsb) {
-      V[0] ^= 225;
-    }
-  }
-  return Z;
+	const Z = new Uint8Array(16);
+	const V = new Uint8Array(X);
+	for (let i = 0; i < 128; i++) {
+		if (Y[i >>> 3] & 1 << 7 - (i & 7)) {
+			for (let j = 0; j < 16; j++) Z[j] ^= V[j];
+		}
+		const lsb = V[15] & 1;
+		for (let j = 15; j > 0; j--) {
+			V[j] = V[j] >>> 1 | (V[j - 1] & 1) << 7;
+		}
+		V[0] = V[0] >>> 1;
+		if (lsb) {
+			V[0] ^= 225;
+		}
+	}
+	return Z;
 }
+/**
+* GHASH function per NIST SP 800-38D.
+*
+* H:    the hash subkey (AES_K(0^128)), 16 bytes
+* aad:  additional authenticated data (arbitrary length)
+* ciphertext: ciphertext (arbitrary length)
+*
+* Returns a 16-byte authentication hash.
+*/
 function ghash(H, aad, ciphertext) {
-  const X = new Uint8Array(16);
-  const aadBlocks = Math.ceil(aad.length / 16) || 0;
-  for (let i = 0; i < aadBlocks; i++) {
-    const start = i * 16;
-    const end = Math.min(start + 16, aad.length);
-    for (let j = 0; j < 16; j++) {
-      const idx = start + j;
-      if (idx < end) {
-        X[j] ^= aad[idx];
-      }
-    }
-    const product2 = gfMul(X, H);
-    X.set(product2);
-  }
-  const ctBlocks = Math.ceil(ciphertext.length / 16) || 0;
-  for (let i = 0; i < ctBlocks; i++) {
-    const start = i * 16;
-    const end = Math.min(start + 16, ciphertext.length);
-    for (let j = 0; j < 16; j++) {
-      const idx = start + j;
-      if (idx < end) {
-        X[j] ^= ciphertext[idx];
-      }
-    }
-    const product2 = gfMul(X, H);
-    X.set(product2);
-  }
-  const lenBlock = new Uint8Array(16);
-  const aadBits = aad.length * 8;
-  const ctBits = ciphertext.length * 8;
-  const aadHi = Math.floor(aadBits / 4294967296);
-  const aadLo = aadBits >>> 0;
-  lenBlock[0] = aadHi >>> 24 & 255;
-  lenBlock[1] = aadHi >>> 16 & 255;
-  lenBlock[2] = aadHi >>> 8 & 255;
-  lenBlock[3] = aadHi & 255;
-  lenBlock[4] = aadLo >>> 24 & 255;
-  lenBlock[5] = aadLo >>> 16 & 255;
-  lenBlock[6] = aadLo >>> 8 & 255;
-  lenBlock[7] = aadLo & 255;
-  const ctHi = Math.floor(ctBits / 4294967296);
-  const ctLo = ctBits >>> 0;
-  lenBlock[8] = ctHi >>> 24 & 255;
-  lenBlock[9] = ctHi >>> 16 & 255;
-  lenBlock[10] = ctHi >>> 8 & 255;
-  lenBlock[11] = ctHi & 255;
-  lenBlock[12] = ctLo >>> 24 & 255;
-  lenBlock[13] = ctLo >>> 16 & 255;
-  lenBlock[14] = ctLo >>> 8 & 255;
-  lenBlock[15] = ctLo & 255;
-  for (let j = 0; j < 16; j++) X[j] ^= lenBlock[j];
-  const product = gfMul(X, H);
-  X.set(product);
-  return X;
+	const X = new Uint8Array(16);
+	const aadBlocks = Math.ceil(aad.length / 16) || 0;
+	for (let i = 0; i < aadBlocks; i++) {
+		const start = i * 16;
+		const end = Math.min(start + 16, aad.length);
+		for (let j = 0; j < 16; j++) {
+			const idx = start + j;
+			if (idx < end) {
+				X[j] ^= aad[idx];
+			}
+		}
+		const product = gfMul(X, H);
+		X.set(product);
+	}
+	const ctBlocks = Math.ceil(ciphertext.length / 16) || 0;
+	for (let i = 0; i < ctBlocks; i++) {
+		const start = i * 16;
+		const end = Math.min(start + 16, ciphertext.length);
+		for (let j = 0; j < 16; j++) {
+			const idx = start + j;
+			if (idx < end) {
+				X[j] ^= ciphertext[idx];
+			}
+		}
+		const product = gfMul(X, H);
+		X.set(product);
+	}
+	const lenBlock = new Uint8Array(16);
+	const aadBits = aad.length * 8;
+	const ctBits = ciphertext.length * 8;
+	const aadHi = Math.floor(aadBits / 4294967296);
+	const aadLo = aadBits >>> 0;
+	lenBlock[0] = aadHi >>> 24 & 255;
+	lenBlock[1] = aadHi >>> 16 & 255;
+	lenBlock[2] = aadHi >>> 8 & 255;
+	lenBlock[3] = aadHi & 255;
+	lenBlock[4] = aadLo >>> 24 & 255;
+	lenBlock[5] = aadLo >>> 16 & 255;
+	lenBlock[6] = aadLo >>> 8 & 255;
+	lenBlock[7] = aadLo & 255;
+	const ctHi = Math.floor(ctBits / 4294967296);
+	const ctLo = ctBits >>> 0;
+	lenBlock[8] = ctHi >>> 24 & 255;
+	lenBlock[9] = ctHi >>> 16 & 255;
+	lenBlock[10] = ctHi >>> 8 & 255;
+	lenBlock[11] = ctHi & 255;
+	lenBlock[12] = ctLo >>> 24 & 255;
+	lenBlock[13] = ctLo >>> 16 & 255;
+	lenBlock[14] = ctLo >>> 8 & 255;
+	lenBlock[15] = ctLo & 255;
+	for (let j = 0; j < 16; j++) X[j] ^= lenBlock[j];
+	const product = gfMul(X, H);
+	X.set(product);
+	return X;
 }
 function parseAlgorithm(algorithm) {
-  const lower = algorithm.toLowerCase();
-  const match = lower.match(/^aes-(128|192|256)-(cbc|ctr|ecb|cfb|ofb|gcm)$/);
-  if (!match) {
-    throw new Error(`Unsupported cipher algorithm: ${algorithm}`);
-  }
-  const keyBits = parseInt(match[1]);
-  const mode = match[2];
-  return {
-    keySize: keyBits / 8,
-    ivSize: mode === "ecb" ? 0 : mode === "gcm" ? 12 : 16,
-    mode
-  };
+	const lower = algorithm.toLowerCase();
+	const match = lower.match(/^aes-(128|192|256)-(cbc|ctr|ecb|cfb|ofb|gcm)$/);
+	if (!match) {
+		throw new Error(`Unsupported cipher algorithm: ${algorithm}`);
+	}
+	const keyBits = parseInt(match[1]);
+	const mode = match[2];
+	return {
+		keySize: keyBits / 8,
+		ivSize: mode === "ecb" ? 0 : mode === "gcm" ? 12 : 16,
+		mode
+	};
 }
 function toBuffer(data, encoding) {
-  if (typeof data === "string") {
-    return Buffer.from(data, encoding || "utf8");
-  }
-  return Buffer.from(data);
+	if (typeof data === "string") {
+		return Buffer.from(data, encoding || "utf8");
+	}
+	return Buffer.from(data);
 }
 function encodeOutput(data, encoding) {
-  if (!encoding) return Buffer.from(data);
-  return Buffer.from(data).toString(encoding);
+	if (!encoding) return Buffer.from(data);
+	return Buffer.from(data).toString(encoding);
 }
+/**
+* Count how many trailing bytes at the end of a Uint8Array form an incomplete
+* UTF-8 multibyte sequence. Returns 0 if the last character is complete.
+*/
 function incompleteUtf8Tail(buf) {
-  if (buf.length === 0) return 0;
-  const end = buf.length;
-  for (let back = 1; back <= Math.min(4, end); back++) {
-    const b = buf[end - back];
-    if ((b & 128) === 0) {
-      return 0;
-    }
-    if ((b & 192) === 128) {
-      continue;
-    }
-    let expected;
-    if ((b & 224) === 192) expected = 2;
-    else if ((b & 240) === 224) expected = 3;
-    else if ((b & 248) === 240) expected = 4;
-    else return 0;
-    return back < expected ? back : 0;
-  }
-  return 0;
+	if (buf.length === 0) return 0;
+	const end = buf.length;
+	for (let back = 1; back <= Math.min(4, end); back++) {
+		const b = buf[end - back];
+		if ((b & 128) === 0) {
+			return 0;
+		}
+		if ((b & 192) === 128) {
+			continue;
+		}
+		let expected;
+		if ((b & 224) === 192) expected = 2;
+		else if ((b & 240) === 224) expected = 3;
+		else if ((b & 248) === 240) expected = 4;
+		else return 0;
+		return back < expected ? back : 0;
+	}
+	return 0;
 }
 function pkcs7Pad(data) {
-  const padLen = 16 - data.length % 16;
-  const padded = new Uint8Array(data.length + padLen);
-  padded.set(data);
-  for (let i = data.length; i < padded.length; i++) padded[i] = padLen;
-  return padded;
+	const padLen = 16 - data.length % 16;
+	const padded = new Uint8Array(data.length + padLen);
+	padded.set(data);
+	for (let i = data.length; i < padded.length; i++) padded[i] = padLen;
+	return padded;
 }
 function pkcs7Unpad(data) {
-  if (data.length === 0 || data.length % 16 !== 0) {
-    throw new Error("bad decrypt");
-  }
-  const padLen = data[data.length - 1];
-  if (padLen === 0 || padLen > 16) {
-    throw new Error("bad decrypt");
-  }
-  for (let i = data.length - padLen; i < data.length; i++) {
-    if (data[i] !== padLen) throw new Error("bad decrypt");
-  }
-  return new Uint8Array(data.slice(0, data.length - padLen));
-}
-class CipherBase {
-  _roundKeys;
-  _iv;
-  _mode;
-  _buffer = new Uint8Array(0);
-  _autoPadding = true;
-  _finalized = false;
-  constructor(algorithm, key, iv) {
-    const info = parseAlgorithm(algorithm);
-    if (key.length !== info.keySize) {
-      throw new Error(`Invalid key length ${key.length}, expected ${info.keySize} for ${algorithm}`);
-    }
-    if (info.ivSize > 0 && (!iv || iv.length !== info.ivSize)) {
-      throw new Error(`Invalid IV length ${iv?.length ?? 0}, expected ${info.ivSize} for ${algorithm}`);
-    }
-    this._roundKeys = keyExpansion(key);
-    this._iv = iv ? new Uint8Array(iv) : new Uint8Array(16);
-    this._mode = info.mode;
-  }
-  setAutoPadding(autoPadding) {
-    this._autoPadding = autoPadding;
-    return this;
-  }
-}
-class Cipher extends CipherBase {
-  _prevBlock;
-  _counter;
-  // GCM state
-  _gcmH = null;
-  // Hash subkey H = AES_K(0^128)
-  _gcmJ0 = null;
-  // Initial counter J0
-  _gcmAAD = new Uint8Array(0);
-  // Additional authenticated data
-  _gcmCiphertext = [];
-  // Accumulated ciphertext for GHASH
-  _gcmCiphertextLen = 0;
-  // Total ciphertext length
-  _gcmAuthTag = null;
-  // Computed authentication tag
-  _gcmAADSet = false;
-  // Whether setAAD was called
-  constructor(algorithm, key, iv) {
-    super(algorithm, key, iv);
-    this._prevBlock = new Uint8Array(this._iv);
-    if (this._mode === "gcm") {
-      this._gcmH = aesEncryptBlock(new Uint8Array(16), this._roundKeys);
-      this._gcmJ0 = new Uint8Array(16);
-      this._gcmJ0.set(this._iv.subarray(0, 12));
-      this._gcmJ0[15] = 1;
-      this._counter = new Uint8Array(this._gcmJ0);
-      gcmIncrementCounter(this._counter);
-    } else {
-      this._counter = new Uint8Array(this._iv);
-    }
-  }
-  /**
-   * Set Additional Authenticated Data for GCM mode.
-   * Must be called before any update() calls.
-   */
-  setAAD(data) {
-    if (this._mode !== "gcm") {
-      throw new Error("setAAD is only supported in GCM mode");
-    }
-    if (this._gcmCiphertextLen > 0) {
-      throw new Error("setAAD must be called before update()");
-    }
-    this._gcmAAD = new Uint8Array(data);
-    this._gcmAADSet = true;
-    return this;
-  }
-  /**
-   * Get the authentication tag after final() has been called.
-   * Only valid for GCM mode.
-   */
-  getAuthTag() {
-    if (this._mode !== "gcm") {
-      throw new Error("getAuthTag is only supported in GCM mode");
-    }
-    if (!this._gcmAuthTag) {
-      throw new Error("getAuthTag must be called after final()");
-    }
-    return Buffer.from(this._gcmAuthTag);
-  }
-  update(data, inputEncoding, outputEncoding) {
-    const input = toBuffer(data, inputEncoding);
-    const combined = new Uint8Array(this._buffer.length + input.length);
-    combined.set(this._buffer);
-    combined.set(input, this._buffer.length);
-    if (this._mode === "gcm") {
-      const output2 = this._processGcmEncrypt(combined);
-      this._buffer = new Uint8Array(0);
-      return encodeOutput(output2, outputEncoding);
-    }
-    if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
-      const output2 = this._processStream(combined);
-      this._buffer = new Uint8Array(0);
-      return encodeOutput(output2, outputEncoding);
-    }
-    const fullBlocks = Math.floor(combined.length / 16);
-    const processLen = fullBlocks * 16;
-    const output = [];
-    for (let i = 0; i < processLen; i += 16) {
-      const block = combined.slice(i, i + 16);
-      output.push(this._encryptBlock(block));
-    }
-    this._buffer = combined.slice(processLen);
-    const result = new Uint8Array(output.length * 16);
-    for (let i = 0; i < output.length; i++) result.set(output[i], i * 16);
-    return encodeOutput(result, outputEncoding);
-  }
-  final(outputEncoding) {
-    if (this._finalized) throw new Error("Cipher already finalized");
-    this._finalized = true;
-    if (this._mode === "gcm") {
-      let finalOutput = new Uint8Array(0);
-      if (this._buffer.length > 0) {
-        finalOutput = this._processGcmEncrypt(this._buffer);
-        this._buffer = new Uint8Array(0);
-      }
-      const allCiphertext = new Uint8Array(this._gcmCiphertextLen);
-      let offset = 0;
-      for (const chunk of this._gcmCiphertext) {
-        allCiphertext.set(chunk, offset);
-        offset += chunk.length;
-      }
-      const ghashResult = ghash(this._gcmH, this._gcmAAD, allCiphertext);
-      const encJ0 = aesEncryptBlock(this._gcmJ0, this._roundKeys);
-      const tag = new Uint8Array(16);
-      for (let i = 0; i < 16; i++) tag[i] = ghashResult[i] ^ encJ0[i];
-      this._gcmAuthTag = Buffer.from(tag);
-      return encodeOutput(finalOutput, outputEncoding);
-    }
-    if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
-      if (this._buffer.length > 0) {
-        const output2 = this._processStream(this._buffer);
-        this._buffer = new Uint8Array(0);
-        return encodeOutput(output2, outputEncoding);
-      }
-      return encodeOutput(new Uint8Array(0), outputEncoding);
-    }
-    let data = this._buffer;
-    if (this._autoPadding) {
-      data = pkcs7Pad(data);
-    } else if (data.length % 16 !== 0) {
-      throw new Error("data not multiple of block size");
-    }
-    const output = [];
-    for (let i = 0; i < data.length; i += 16) {
-      output.push(this._encryptBlock(data.slice(i, i + 16)));
-    }
-    this._buffer = new Uint8Array(0);
-    if (output.length === 0) return encodeOutput(new Uint8Array(0), outputEncoding);
-    const result = new Uint8Array(output.length * 16);
-    for (let i = 0; i < output.length; i++) result.set(output[i], i * 16);
-    return encodeOutput(result, outputEncoding);
-  }
-  _encryptBlock(block) {
-    if (this._mode === "cbc") {
-      const xored = new Uint8Array(16);
-      for (let i = 0; i < 16; i++) xored[i] = block[i] ^ this._prevBlock[i];
-      const encrypted = aesEncryptBlock(xored, this._roundKeys);
-      this._prevBlock = encrypted;
-      return encrypted;
-    } else if (this._mode === "ecb") {
-      return aesEncryptBlock(block, this._roundKeys);
-    }
-    throw new Error(`Block encryption not supported for mode: ${this._mode}`);
-  }
-  _processStream(data) {
-    const output = new Uint8Array(data.length);
-    for (let i = 0; i < data.length; i += 16) {
-      const keystream = aesEncryptBlock(this._counter, this._roundKeys);
-      const remaining = Math.min(16, data.length - i);
-      for (let j = 0; j < remaining; j++) {
-        output[i + j] = data[i + j] ^ keystream[j];
-      }
-      incrementCounter(this._counter);
-    }
-    return output;
-  }
-  /**
-   * GCM encryption: CTR mode encryption, also accumulates ciphertext for GHASH.
-   */
-  _processGcmEncrypt(data) {
-    const output = new Uint8Array(data.length);
-    for (let i = 0; i < data.length; i += 16) {
-      const keystream = aesEncryptBlock(this._counter, this._roundKeys);
-      const remaining = Math.min(16, data.length - i);
-      for (let j = 0; j < remaining; j++) {
-        output[i + j] = data[i + j] ^ keystream[j];
-      }
-      gcmIncrementCounter(this._counter);
-    }
-    this._gcmCiphertext.push(new Uint8Array(output));
-    this._gcmCiphertextLen += output.length;
-    return output;
-  }
-}
-class Decipher extends CipherBase {
-  _prevBlock;
-  _counter;
-  _pendingUtf8 = new Uint8Array(0);
-  // GCM state
-  _gcmH = null;
-  // Hash subkey H = AES_K(0^128)
-  _gcmJ0 = null;
-  // Initial counter J0
-  _gcmAAD = new Uint8Array(0);
-  // Additional authenticated data
-  _gcmCiphertext = [];
-  // Accumulated ciphertext for GHASH
-  _gcmCiphertextLen = 0;
-  // Total ciphertext length
-  _gcmExpectedTag = null;
-  // Expected authentication tag
-  _gcmAADSet = false;
-  // Whether setAAD was called
-  constructor(algorithm, key, iv) {
-    super(algorithm, key, iv);
-    this._prevBlock = new Uint8Array(this._iv);
-    if (this._mode === "gcm") {
-      this._gcmH = aesEncryptBlock(new Uint8Array(16), this._roundKeys);
-      this._gcmJ0 = new Uint8Array(16);
-      this._gcmJ0.set(this._iv.subarray(0, 12));
-      this._gcmJ0[15] = 1;
-      this._counter = new Uint8Array(this._gcmJ0);
-      gcmIncrementCounter(this._counter);
-    } else {
-      this._counter = new Uint8Array(this._iv);
-    }
-  }
-  /**
-   * Set Additional Authenticated Data for GCM mode.
-   * Must be called before any update() calls.
-   */
-  setAAD(data) {
-    if (this._mode !== "gcm") {
-      throw new Error("setAAD is only supported in GCM mode");
-    }
-    if (this._gcmCiphertextLen > 0) {
-      throw new Error("setAAD must be called before update()");
-    }
-    this._gcmAAD = new Uint8Array(data);
-    this._gcmAADSet = true;
-    return this;
-  }
-  /**
-   * Set the expected authentication tag for GCM decryption.
-   * Must be called before final().
-   */
-  setAuthTag(tag) {
-    if (this._mode !== "gcm") {
-      throw new Error("setAuthTag is only supported in GCM mode");
-    }
-    this._gcmExpectedTag = Buffer.from(tag);
-    return this;
-  }
-  _encodeWithUtf8Handling(bytes, encoding, isFinal) {
-    if (!encoding || encoding !== "utf8" && encoding !== "utf-8") {
-      return encodeOutput(bytes, encoding);
-    }
-    let data;
-    if (this._pendingUtf8.length > 0) {
-      data = new Uint8Array(this._pendingUtf8.length + bytes.length);
-      data.set(this._pendingUtf8);
-      data.set(bytes, this._pendingUtf8.length);
-      this._pendingUtf8 = new Uint8Array(0);
-    } else {
-      data = bytes;
-    }
-    if (!isFinal) {
-      const tail = incompleteUtf8Tail(data);
-      if (tail > 0) {
-        this._pendingUtf8 = new Uint8Array(data.slice(data.length - tail));
-        data = new Uint8Array(data.slice(0, data.length - tail));
-      }
-    }
-    return Buffer.from(data).toString("utf8");
-  }
-  update(data, inputEncoding, outputEncoding) {
-    const input = toBuffer(data, inputEncoding);
-    const combined = new Uint8Array(this._buffer.length + input.length);
-    combined.set(this._buffer);
-    combined.set(input, this._buffer.length);
-    if (this._mode === "gcm") {
-      this._gcmCiphertext.push(new Uint8Array(combined));
-      this._gcmCiphertextLen += combined.length;
-      const output2 = this._processGcmDecrypt(combined);
-      this._buffer = new Uint8Array(0);
-      return this._encodeWithUtf8Handling(output2, outputEncoding, false);
-    }
-    if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
-      const output2 = this._processStream(combined);
-      this._buffer = new Uint8Array(0);
-      return this._encodeWithUtf8Handling(output2, outputEncoding, false);
-    }
-    const fullBlocks = Math.floor(combined.length / 16);
-    if (fullBlocks === 0) {
-      this._buffer = combined;
-      return this._encodeWithUtf8Handling(new Uint8Array(0), outputEncoding, false);
-    }
-    const processBlocks = this._autoPadding ? fullBlocks - 1 : fullBlocks;
-    const processLen = processBlocks * 16;
-    const output = [];
-    for (let i = 0; i < processLen; i += 16) {
-      const block = combined.slice(i, i + 16);
-      output.push(this._decryptBlock(block));
-    }
-    this._buffer = combined.slice(processLen);
-    const result = new Uint8Array(output.length * 16);
-    for (let i = 0; i < output.length; i++) result.set(output[i], i * 16);
-    return this._encodeWithUtf8Handling(result, outputEncoding, false);
-  }
-  final(outputEncoding) {
-    if (this._finalized) throw new Error("Decipher already finalized");
-    this._finalized = true;
-    if (this._mode === "gcm") {
-      let finalOutput = new Uint8Array(0);
-      if (this._buffer.length > 0) {
-        this._gcmCiphertext.push(new Uint8Array(this._buffer));
-        this._gcmCiphertextLen += this._buffer.length;
-        finalOutput = this._processGcmDecrypt(this._buffer);
-        this._buffer = new Uint8Array(0);
-      }
-      if (!this._gcmExpectedTag) {
-        throw new Error("Unsupported state or unable to authenticate data");
-      }
-      const allCiphertext = new Uint8Array(this._gcmCiphertextLen);
-      let offset = 0;
-      for (const chunk of this._gcmCiphertext) {
-        allCiphertext.set(chunk, offset);
-        offset += chunk.length;
-      }
-      const ghashResult = ghash(this._gcmH, this._gcmAAD, allCiphertext);
-      const encJ0 = aesEncryptBlock(this._gcmJ0, this._roundKeys);
-      const computedTag = new Uint8Array(16);
-      for (let i = 0; i < 16; i++) computedTag[i] = ghashResult[i] ^ encJ0[i];
-      const expectedTag = this._gcmExpectedTag;
-      const tagLen = Math.min(expectedTag.length, 16);
-      let diff = 0;
-      for (let i = 0; i < tagLen; i++) {
-        diff |= computedTag[i] ^ expectedTag[i];
-      }
-      if (diff !== 0) {
-        throw new Error("Unsupported state or unable to authenticate data");
-      }
-      return this._encodeWithUtf8Handling(finalOutput, outputEncoding, true);
-    }
-    if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
-      if (this._buffer.length > 0) {
-        const output2 = this._processStream(this._buffer);
-        this._buffer = new Uint8Array(0);
-        return this._encodeWithUtf8Handling(output2, outputEncoding, true);
-      }
-      return this._encodeWithUtf8Handling(new Uint8Array(0), outputEncoding, true);
-    }
-    if (this._buffer.length === 0) {
-      return this._encodeWithUtf8Handling(new Uint8Array(0), outputEncoding, true);
-    }
-    if (this._buffer.length % 16 !== 0) {
-      throw new Error("bad decrypt");
-    }
-    const output = [];
-    for (let i = 0; i < this._buffer.length; i += 16) {
-      output.push(this._decryptBlock(this._buffer.slice(i, i + 16)));
-    }
-    const combined = new Uint8Array(output.length * 16);
-    for (let i = 0; i < output.length; i++) combined.set(output[i], i * 16);
-    const result = this._autoPadding ? pkcs7Unpad(combined) : combined;
-    this._buffer = new Uint8Array(0);
-    return this._encodeWithUtf8Handling(result, outputEncoding, true);
-  }
-  _decryptBlock(block) {
-    if (this._mode === "cbc") {
-      const decrypted = aesDecryptBlock(block, this._roundKeys);
-      const output = new Uint8Array(16);
-      for (let i = 0; i < 16; i++) output[i] = decrypted[i] ^ this._prevBlock[i];
-      this._prevBlock = new Uint8Array(block);
-      return output;
-    } else if (this._mode === "ecb") {
-      return aesDecryptBlock(block, this._roundKeys);
-    }
-    throw new Error(`Block decryption not supported for mode: ${this._mode}`);
-  }
-  _processStream(data) {
-    const output = new Uint8Array(data.length);
-    for (let i = 0; i < data.length; i += 16) {
-      const keystream = aesEncryptBlock(this._counter, this._roundKeys);
-      const remaining = Math.min(16, data.length - i);
-      for (let j = 0; j < remaining; j++) {
-        output[i + j] = data[i + j] ^ keystream[j];
-      }
-      incrementCounter(this._counter);
-    }
-    return output;
-  }
-  /**
-   * GCM decryption: CTR mode decryption (same as encryption, since CTR is symmetric).
-   */
-  _processGcmDecrypt(data) {
-    const output = new Uint8Array(data.length);
-    for (let i = 0; i < data.length; i += 16) {
-      const keystream = aesEncryptBlock(this._counter, this._roundKeys);
-      const remaining = Math.min(16, data.length - i);
-      for (let j = 0; j < remaining; j++) {
-        output[i + j] = data[i + j] ^ keystream[j];
-      }
-      gcmIncrementCounter(this._counter);
-    }
-    return output;
-  }
+	if (data.length === 0 || data.length % 16 !== 0) {
+		throw new Error("bad decrypt");
+	}
+	const padLen = data[data.length - 1];
+	if (padLen === 0 || padLen > 16) {
+		throw new Error("bad decrypt");
+	}
+	for (let i = data.length - padLen; i < data.length; i++) {
+		if (data[i] !== padLen) throw new Error("bad decrypt");
+	}
+	return new Uint8Array(data.slice(0, data.length - padLen));
 }
+var CipherBase = class {
+	_roundKeys;
+	_iv;
+	_mode;
+	_buffer = new Uint8Array(0);
+	_autoPadding = true;
+	_finalized = false;
+	constructor(algorithm, key, iv) {
+		const info = parseAlgorithm(algorithm);
+		if (key.length !== info.keySize) {
+			throw new Error(`Invalid key length ${key.length}, expected ${info.keySize} for ${algorithm}`);
+		}
+		if (info.ivSize > 0 && (!iv || iv.length !== info.ivSize)) {
+			throw new Error(`Invalid IV length ${iv?.length ?? 0}, expected ${info.ivSize} for ${algorithm}`);
+		}
+		this._roundKeys = keyExpansion(key);
+		this._iv = iv ? new Uint8Array(iv) : new Uint8Array(16);
+		this._mode = info.mode;
+	}
+	setAutoPadding(autoPadding) {
+		this._autoPadding = autoPadding;
+		return this;
+	}
+};
+var Cipher = class extends CipherBase {
+	_prevBlock;
+	_counter;
+	_gcmH = null;
+	_gcmJ0 = null;
+	_gcmAAD = new Uint8Array(0);
+	_gcmCiphertext = [];
+	_gcmCiphertextLen = 0;
+	_gcmAuthTag = null;
+	_gcmAADSet = false;
+	constructor(algorithm, key, iv) {
+		super(algorithm, key, iv);
+		this._prevBlock = new Uint8Array(this._iv);
+		if (this._mode === "gcm") {
+			this._gcmH = aesEncryptBlock(new Uint8Array(16), this._roundKeys);
+			this._gcmJ0 = new Uint8Array(16);
+			this._gcmJ0.set(this._iv.subarray(0, 12));
+			this._gcmJ0[15] = 1;
+			this._counter = new Uint8Array(this._gcmJ0);
+			gcmIncrementCounter(this._counter);
+		} else {
+			this._counter = new Uint8Array(this._iv);
+		}
+	}
+	/**
+	* Set Additional Authenticated Data for GCM mode.
+	* Must be called before any update() calls.
+	*/
+	setAAD(data) {
+		if (this._mode !== "gcm") {
+			throw new Error("setAAD is only supported in GCM mode");
+		}
+		if (this._gcmCiphertextLen > 0) {
+			throw new Error("setAAD must be called before update()");
+		}
+		this._gcmAAD = new Uint8Array(data);
+		this._gcmAADSet = true;
+		return this;
+	}
+	/**
+	* Get the authentication tag after final() has been called.
+	* Only valid for GCM mode.
+	*/
+	getAuthTag() {
+		if (this._mode !== "gcm") {
+			throw new Error("getAuthTag is only supported in GCM mode");
+		}
+		if (!this._gcmAuthTag) {
+			throw new Error("getAuthTag must be called after final()");
+		}
+		return Buffer.from(this._gcmAuthTag);
+	}
+	update(data, inputEncoding, outputEncoding) {
+		const input = toBuffer(data, inputEncoding);
+		const combined = new Uint8Array(this._buffer.length + input.length);
+		combined.set(this._buffer);
+		combined.set(input, this._buffer.length);
+		if (this._mode === "gcm") {
+			const output = this._processGcmEncrypt(combined);
+			this._buffer = new Uint8Array(0);
+			return encodeOutput(output, outputEncoding);
+		}
+		if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
+			const output = this._processStream(combined);
+			this._buffer = new Uint8Array(0);
+			return encodeOutput(output, outputEncoding);
+		}
+		const fullBlocks = Math.floor(combined.length / 16);
+		const processLen = fullBlocks * 16;
+		const output = [];
+		for (let i = 0; i < processLen; i += 16) {
+			const block = combined.slice(i, i + 16);
+			output.push(this._encryptBlock(block));
+		}
+		this._buffer = combined.slice(processLen);
+		const result = new Uint8Array(output.length * 16);
+		for (let i = 0; i < output.length; i++) result.set(output[i], i * 16);
+		return encodeOutput(result, outputEncoding);
+	}
+	final(outputEncoding) {
+		if (this._finalized) throw new Error("Cipher already finalized");
+		this._finalized = true;
+		if (this._mode === "gcm") {
+			let finalOutput = new Uint8Array(0);
+			if (this._buffer.length > 0) {
+				finalOutput = this._processGcmEncrypt(this._buffer);
+				this._buffer = new Uint8Array(0);
+			}
+			const allCiphertext = new Uint8Array(this._gcmCiphertextLen);
+			let offset = 0;
+			for (const chunk of this._gcmCiphertext) {
+				allCiphertext.set(chunk, offset);
+				offset += chunk.length;
+			}
+			const ghashResult = ghash(this._gcmH, this._gcmAAD, allCiphertext);
+			const encJ0 = aesEncryptBlock(this._gcmJ0, this._roundKeys);
+			const tag = new Uint8Array(16);
+			for (let i = 0; i < 16; i++) tag[i] = ghashResult[i] ^ encJ0[i];
+			this._gcmAuthTag = Buffer.from(tag);
+			return encodeOutput(finalOutput, outputEncoding);
+		}
+		if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
+			if (this._buffer.length > 0) {
+				const output = this._processStream(this._buffer);
+				this._buffer = new Uint8Array(0);
+				return encodeOutput(output, outputEncoding);
+			}
+			return encodeOutput(new Uint8Array(0), outputEncoding);
+		}
+		let data = this._buffer;
+		if (this._autoPadding) {
+			data = pkcs7Pad(data);
+		} else if (data.length % 16 !== 0) {
+			throw new Error("data not multiple of block size");
+		}
+		const output = [];
+		for (let i = 0; i < data.length; i += 16) {
+			output.push(this._encryptBlock(data.slice(i, i + 16)));
+		}
+		this._buffer = new Uint8Array(0);
+		if (output.length === 0) return encodeOutput(new Uint8Array(0), outputEncoding);
+		const result = new Uint8Array(output.length * 16);
+		for (let i = 0; i < output.length; i++) result.set(output[i], i * 16);
+		return encodeOutput(result, outputEncoding);
+	}
+	_encryptBlock(block) {
+		if (this._mode === "cbc") {
+			const xored = new Uint8Array(16);
+			for (let i = 0; i < 16; i++) xored[i] = block[i] ^ this._prevBlock[i];
+			const encrypted = aesEncryptBlock(xored, this._roundKeys);
+			this._prevBlock = encrypted;
+			return encrypted;
+		} else if (this._mode === "ecb") {
+			return aesEncryptBlock(block, this._roundKeys);
+		}
+		throw new Error(`Block encryption not supported for mode: ${this._mode}`);
+	}
+	_processStream(data) {
+		const output = new Uint8Array(data.length);
+		for (let i = 0; i < data.length; i += 16) {
+			const keystream = aesEncryptBlock(this._counter, this._roundKeys);
+			const remaining = Math.min(16, data.length - i);
+			for (let j = 0; j < remaining; j++) {
+				output[i + j] = data[i + j] ^ keystream[j];
+			}
+			incrementCounter(this._counter);
+		}
+		return output;
+	}
+	/**
+	* GCM encryption: CTR mode encryption, also accumulates ciphertext for GHASH.
+	*/
+	_processGcmEncrypt(data) {
+		const output = new Uint8Array(data.length);
+		for (let i = 0; i < data.length; i += 16) {
+			const keystream = aesEncryptBlock(this._counter, this._roundKeys);
+			const remaining = Math.min(16, data.length - i);
+			for (let j = 0; j < remaining; j++) {
+				output[i + j] = data[i + j] ^ keystream[j];
+			}
+			gcmIncrementCounter(this._counter);
+		}
+		this._gcmCiphertext.push(new Uint8Array(output));
+		this._gcmCiphertextLen += output.length;
+		return output;
+	}
+};
+var Decipher = class extends CipherBase {
+	_prevBlock;
+	_counter;
+	_pendingUtf8 = new Uint8Array(0);
+	_gcmH = null;
+	_gcmJ0 = null;
+	_gcmAAD = new Uint8Array(0);
+	_gcmCiphertext = [];
+	_gcmCiphertextLen = 0;
+	_gcmExpectedTag = null;
+	_gcmAADSet = false;
+	constructor(algorithm, key, iv) {
+		super(algorithm, key, iv);
+		this._prevBlock = new Uint8Array(this._iv);
+		if (this._mode === "gcm") {
+			this._gcmH = aesEncryptBlock(new Uint8Array(16), this._roundKeys);
+			this._gcmJ0 = new Uint8Array(16);
+			this._gcmJ0.set(this._iv.subarray(0, 12));
+			this._gcmJ0[15] = 1;
+			this._counter = new Uint8Array(this._gcmJ0);
+			gcmIncrementCounter(this._counter);
+		} else {
+			this._counter = new Uint8Array(this._iv);
+		}
+	}
+	/**
+	* Set Additional Authenticated Data for GCM mode.
+	* Must be called before any update() calls.
+	*/
+	setAAD(data) {
+		if (this._mode !== "gcm") {
+			throw new Error("setAAD is only supported in GCM mode");
+		}
+		if (this._gcmCiphertextLen > 0) {
+			throw new Error("setAAD must be called before update()");
+		}
+		this._gcmAAD = new Uint8Array(data);
+		this._gcmAADSet = true;
+		return this;
+	}
+	/**
+	* Set the expected authentication tag for GCM decryption.
+	* Must be called before final().
+	*/
+	setAuthTag(tag) {
+		if (this._mode !== "gcm") {
+			throw new Error("setAuthTag is only supported in GCM mode");
+		}
+		this._gcmExpectedTag = Buffer.from(tag);
+		return this;
+	}
+	_encodeWithUtf8Handling(bytes, encoding, isFinal) {
+		if (!encoding || encoding !== "utf8" && encoding !== "utf-8") {
+			return encodeOutput(bytes, encoding);
+		}
+		let data;
+		if (this._pendingUtf8.length > 0) {
+			data = new Uint8Array(this._pendingUtf8.length + bytes.length);
+			data.set(this._pendingUtf8);
+			data.set(bytes, this._pendingUtf8.length);
+			this._pendingUtf8 = new Uint8Array(0);
+		} else {
+			data = bytes;
+		}
+		if (!isFinal) {
+			const tail = incompleteUtf8Tail(data);
+			if (tail > 0) {
+				this._pendingUtf8 = new Uint8Array(data.slice(data.length - tail));
+				data = new Uint8Array(data.slice(0, data.length - tail));
+			}
+		}
+		return Buffer.from(data).toString("utf8");
+	}
+	update(data, inputEncoding, outputEncoding) {
+		const input = toBuffer(data, inputEncoding);
+		const combined = new Uint8Array(this._buffer.length + input.length);
+		combined.set(this._buffer);
+		combined.set(input, this._buffer.length);
+		if (this._mode === "gcm") {
+			this._gcmCiphertext.push(new Uint8Array(combined));
+			this._gcmCiphertextLen += combined.length;
+			const output = this._processGcmDecrypt(combined);
+			this._buffer = new Uint8Array(0);
+			return this._encodeWithUtf8Handling(output, outputEncoding, false);
+		}
+		if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
+			const output = this._processStream(combined);
+			this._buffer = new Uint8Array(0);
+			return this._encodeWithUtf8Handling(output, outputEncoding, false);
+		}
+		const fullBlocks = Math.floor(combined.length / 16);
+		if (fullBlocks === 0) {
+			this._buffer = combined;
+			return this._encodeWithUtf8Handling(new Uint8Array(0), outputEncoding, false);
+		}
+		const processBlocks = this._autoPadding ? fullBlocks - 1 : fullBlocks;
+		const processLen = processBlocks * 16;
+		const output = [];
+		for (let i = 0; i < processLen; i += 16) {
+			const block = combined.slice(i, i + 16);
+			output.push(this._decryptBlock(block));
+		}
+		this._buffer = combined.slice(processLen);
+		const result = new Uint8Array(output.length * 16);
+		for (let i = 0; i < output.length; i++) result.set(output[i], i * 16);
+		return this._encodeWithUtf8Handling(result, outputEncoding, false);
+	}
+	final(outputEncoding) {
+		if (this._finalized) throw new Error("Decipher already finalized");
+		this._finalized = true;
+		if (this._mode === "gcm") {
+			let finalOutput = new Uint8Array(0);
+			if (this._buffer.length > 0) {
+				this._gcmCiphertext.push(new Uint8Array(this._buffer));
+				this._gcmCiphertextLen += this._buffer.length;
+				finalOutput = this._processGcmDecrypt(this._buffer);
+				this._buffer = new Uint8Array(0);
+			}
+			if (!this._gcmExpectedTag) {
+				throw new Error("Unsupported state or unable to authenticate data");
+			}
+			const allCiphertext = new Uint8Array(this._gcmCiphertextLen);
+			let offset = 0;
+			for (const chunk of this._gcmCiphertext) {
+				allCiphertext.set(chunk, offset);
+				offset += chunk.length;
+			}
+			const ghashResult = ghash(this._gcmH, this._gcmAAD, allCiphertext);
+			const encJ0 = aesEncryptBlock(this._gcmJ0, this._roundKeys);
+			const computedTag = new Uint8Array(16);
+			for (let i = 0; i < 16; i++) computedTag[i] = ghashResult[i] ^ encJ0[i];
+			const expectedTag = this._gcmExpectedTag;
+			const tagLen = Math.min(expectedTag.length, 16);
+			let diff = 0;
+			for (let i = 0; i < tagLen; i++) {
+				diff |= computedTag[i] ^ expectedTag[i];
+			}
+			if (diff !== 0) {
+				throw new Error("Unsupported state or unable to authenticate data");
+			}
+			return this._encodeWithUtf8Handling(finalOutput, outputEncoding, true);
+		}
+		if (this._mode === "ctr" || this._mode === "cfb" || this._mode === "ofb") {
+			if (this._buffer.length > 0) {
+				const output = this._processStream(this._buffer);
+				this._buffer = new Uint8Array(0);
+				return this._encodeWithUtf8Handling(output, outputEncoding, true);
+			}
+			return this._encodeWithUtf8Handling(new Uint8Array(0), outputEncoding, true);
+		}
+		if (this._buffer.length === 0) {
+			return this._encodeWithUtf8Handling(new Uint8Array(0), outputEncoding, true);
+		}
+		if (this._buffer.length % 16 !== 0) {
+			throw new Error("bad decrypt");
+		}
+		const output = [];
+		for (let i = 0; i < this._buffer.length; i += 16) {
+			output.push(this._decryptBlock(this._buffer.slice(i, i + 16)));
+		}
+		const combined = new Uint8Array(output.length * 16);
+		for (let i = 0; i < output.length; i++) combined.set(output[i], i * 16);
+		const result = this._autoPadding ? pkcs7Unpad(combined) : combined;
+		this._buffer = new Uint8Array(0);
+		return this._encodeWithUtf8Handling(result, outputEncoding, true);
+	}
+	_decryptBlock(block) {
+		if (this._mode === "cbc") {
+			const decrypted = aesDecryptBlock(block, this._roundKeys);
+			const output = new Uint8Array(16);
+			for (let i = 0; i < 16; i++) output[i] = decrypted[i] ^ this._prevBlock[i];
+			this._prevBlock = new Uint8Array(block);
+			return output;
+		} else if (this._mode === "ecb") {
+			return aesDecryptBlock(block, this._roundKeys);
+		}
+		throw new Error(`Block decryption not supported for mode: ${this._mode}`);
+	}
+	_processStream(data) {
+		const output = new Uint8Array(data.length);
+		for (let i = 0; i < data.length; i += 16) {
+			const keystream = aesEncryptBlock(this._counter, this._roundKeys);
+			const remaining = Math.min(16, data.length - i);
+			for (let j = 0; j < remaining; j++) {
+				output[i + j] = data[i + j] ^ keystream[j];
+			}
+			incrementCounter(this._counter);
+		}
+		return output;
+	}
+	/**
+	* GCM decryption: CTR mode decryption (same as encryption, since CTR is symmetric).
+	*/
+	_processGcmDecrypt(data) {
+		const output = new Uint8Array(data.length);
+		for (let i = 0; i < data.length; i += 16) {
+			const keystream = aesEncryptBlock(this._counter, this._roundKeys);
+			const remaining = Math.min(16, data.length - i);
+			for (let j = 0; j < remaining; j++) {
+				output[i + j] = data[i + j] ^ keystream[j];
+			}
+			gcmIncrementCounter(this._counter);
+		}
+		return output;
+	}
+};
 function createCipher(_algorithm, _password) {
-  throw new Error("crypto.createCipher() is deprecated. Use createCipheriv() instead.");
+	throw new Error("crypto.createCipher() is deprecated. Use createCipheriv() instead.");
 }
 function createCipheriv(algorithm, key, iv) {
-  const keyBuf = typeof key === "string" ? Buffer.from(key) : new Uint8Array(key);
-  const ivBuf = iv == null ? null : typeof iv === "string" ? Buffer.from(iv) : new Uint8Array(iv);
-  return new Cipher(algorithm, keyBuf, ivBuf);
+	const keyBuf = typeof key === "string" ? Buffer.from(key) : new Uint8Array(key);
+	const ivBuf = iv == null ? null : typeof iv === "string" ? Buffer.from(iv) : new Uint8Array(iv);
+	return new Cipher(algorithm, keyBuf, ivBuf);
 }
 function createDecipher(_algorithm, _password) {
-  throw new Error("crypto.createDecipher() is deprecated. Use createDecipheriv() instead.");
+	throw new Error("crypto.createDecipher() is deprecated. Use createDecipheriv() instead.");
 }
 function createDecipheriv(algorithm, key, iv) {
-  const keyBuf = typeof key === "string" ? Buffer.from(key) : new Uint8Array(key);
-  const ivBuf = iv == null ? null : typeof iv === "string" ? Buffer.from(iv) : new Uint8Array(iv);
-  return new Decipher(algorithm, keyBuf, ivBuf);
+	const keyBuf = typeof key === "string" ? Buffer.from(key) : new Uint8Array(key);
+	const ivBuf = iv == null ? null : typeof iv === "string" ? Buffer.from(iv) : new Uint8Array(iv);
+	return new Decipher(algorithm, keyBuf, ivBuf);
 }
 function getCiphers() {
-  return [
-    "aes-128-cbc",
-    "aes-128-ecb",
-    "aes-192-cbc",
-    "aes-192-ecb",
-    "aes-256-cbc",
-    "aes-256-ecb",
-    "aes-128-ctr",
-    "aes-192-ctr",
-    "aes-256-ctr",
-    "aes-128-cfb",
-    "aes-192-cfb",
-    "aes-256-cfb",
-    "aes-128-gcm",
-    "aes-192-gcm",
-    "aes-256-gcm"
-  ];
+	return [
+		"aes-128-cbc",
+		"aes-128-ecb",
+		"aes-192-cbc",
+		"aes-192-ecb",
+		"aes-256-cbc",
+		"aes-256-ecb",
+		"aes-128-ctr",
+		"aes-192-ctr",
+		"aes-256-ctr",
+		"aes-128-cfb",
+		"aes-192-cfb",
+		"aes-256-cfb",
+		"aes-128-gcm",
+		"aes-192-gcm",
+		"aes-256-gcm"
+	];
 }
-export {
-  createCipher,
-  createCipheriv,
-  createDecipher,
-  createDecipheriv,
-  getCiphers
-};
+
+//#endregion
+export { createCipher, createCipheriv, createDecipher, createDecipheriv, getCiphers };