@samlab-corp/sfm-node 0.1.0

package/dist/core/client.js

@@ -0,0 +1,320 @@
+/**
+ * SFM Protocol Manual V3.6.0 Serial Communication Client
+ *
+ * Provides packet protocol, AES256 encryption, multi-packet transfer,
+ * and firmware upgrade functionality.
+ */
+import { SfmSerial } from "./serial";
+import { SfmCrypto } from "./crypto";
+import { buildNormalPacket, buildNetworkPacket, parseNormalPacket, parseNetworkPacket, packetToHex, isValidStartByte, encodeHexAscii, decodeHexAscii, } from "./packet";
+import { ENCRYPTION_MODE, PACKET_SIZE } from "../constants";
+const MAX_RESPONSE_RETRIES = 10;
+const MAX_TIMEOUT_MS = 60000; // 60s upper bound for calculated timeouts
+/**
+ * SFM Unified Client
+ */
+export class SfmClient {
+    constructor(options = {}) {
+        this._onDisconnect = null;
+        this.serial = new SfmSerial({
+            baudRate: options.baudRate || 115200,
+            autoReconnect: options.autoReconnect,
+        });
+        this.crypto = new SfmCrypto({
+            key: options.encryptionKey,
+            iv: options.iv,
+            secureCode: options.secureCode,
+            mode: options.encryptionMode ?? ENCRYPTION_MODE.AES256_CBC,
+        });
+        this.portPath = options.portPath;
+        this.secureMode = options.secureMode ?? false;
+        this.debug = options.debug ?? false;
+        // Network protocol mode (RS422/485)
+        // false = 13-byte normal packet, true = 15-byte network packet
+        this.networkMode = options.networkMode ?? false;
+        this.terminalId = options.terminalId ?? 0;
+        // Hex-ASCII transmission mode
+        // Some serial bridges communicate via hex strings instead of binary
+        this.hexAsciiMode = options.hexAsciiMode ?? false;
+        // Timeout settings
+        this.commandTimeout = options.commandTimeout ?? 20000;
+        this.readTimeout = options.readTimeout ?? 3000;
+    }
+    /** Set disconnect callback */
+    setOnDisconnect(callback) {
+        this._onDisconnect = callback;
+    }
+    /** Set auto-reconnect options (delegates to serial layer) */
+    setAutoReconnect(options) {
+        this.serial.setAutoReconnect(options);
+    }
+    /** Set auto-reconnect callbacks only */
+    setAutoReconnectCallbacks(callbacks) {
+        this.serial.setAutoReconnectCallbacks(callbacks);
+    }
+    /** Whether reconnection is in progress */
+    get isReconnecting() {
+        return this.serial.isReconnecting;
+    }
+    /**
+     * Connect to device
+     */
+    async connect(portPath) {
+        const path = portPath ?? this.portPath;
+        if (!path) {
+            throw new Error("portPath is required — pass it to connect() or set it in constructor options");
+        }
+        this.serial.setOnDisconnect((error) => {
+            if (this.debug) {
+                console.log(`[DEBUG] Disconnect detected: ${error?.message || "port closed"}`);
+            }
+            this._onDisconnect?.(error);
+        });
+        await this.serial.open(path);
+        if (this.debug) {
+            console.log(`[DEBUG] Connected: ${portPath} @ ${this.serial.baudRate} baud`);
+        }
+    }
+    /**
+     * Disconnect from device
+     */
+    async disconnect() {
+        this.serial.setOnDisconnect(null); // Prevent callback on intentional disconnect
+        await this.serial.close();
+        if (this.debug) {
+            console.log("[DEBUG] Disconnected");
+        }
+    }
+    /**
+     * Send command (SFM Packet Protocol)
+     */
+    async sendCommand(command, param = 0, size = 0, flag = 0) {
+        if (this.secureMode) {
+            return this._sendSecureCommand(command, param, size, flag);
+        }
+        // Auto-switch to network mode (RS422/485)
+        if (this.networkMode) {
+            return this.sendNetworkCommand(command, param, size, flag);
+        }
+        const packet = buildNormalPacket(command, param, size, flag);
+        if (this.debug) {
+            console.log(`[DEBUG] TX: ${packetToHex(packet)}`);
+        }
+        await this._writePacket(packet);
+        // Scan for start byte then receive response (commandTimeout for fingerprint scan wait)
+        // Residual responses from previous commands may arrive, so re-receive until a valid command-matching packet arrives
+        let retries = 0;
+        while (retries < MAX_RESPONSE_RETRIES) {
+            const response = await this._readWithStartByteScan(PACKET_SIZE.NORMAL, "normal", this.commandTimeout);
+            if (this.debug) {
+                console.log(`[DEBUG] RX: ${packetToHex(response)}`);
+            }
+            const parsed = parseNormalPacket(response);
+            // Valid packet with matching command → return
+            if (parsed.valid && parsed.command === command) {
+                return parsed;
+            }
+            // Valid but command mismatch → residual response, skip
+            if (parsed.valid && parsed.command !== command) {
+                if (this.debug) {
+                    console.log(`[DEBUG] Response command mismatch: expected 0x${command.toString(16)}, got 0x${parsed.command?.toString(16) ?? "??"} → skip`);
+                }
+                retries++;
+                continue;
+            }
+            // Invalid packet → corrupted residual data, skip and retry
+            if (this.debug) {
+                console.log(`[DEBUG] Invalid packet skipped (${parsed.error}), retry ${retries + 1}`);
+            }
+            retries++;
+        }
+        return { valid: false, error: `Failed to receive valid response (exceeded ${MAX_RESPONSE_RETRIES} retries)` };
+    }
+    /**
+     * Send network command (15-byte packet, RS422/485)
+     */
+    async sendNetworkCommand(command, param = 0, size = 0, flag = 0) {
+        const packet = buildNetworkPacket(command, this.terminalId, param, size, flag);
+        if (this.debug) {
+            console.log(`[DEBUG] TX(net): ${packetToHex(packet)}`);
+        }
+        await this._writePacket(packet);
+        let retries = 0;
+        while (retries < MAX_RESPONSE_RETRIES) {
+            const response = await this._readWithStartByteScan(PACKET_SIZE.NETWORK, "network", this.commandTimeout);
+            if (this.debug) {
+                console.log(`[DEBUG] RX(net): ${packetToHex(response)}`);
+            }
+            const parsed = parseNetworkPacket(response);
+            if (parsed.valid && parsed.command === command) {
+                return parsed;
+            }
+            if (parsed.valid && parsed.command !== command) {
+                if (this.debug) {
+                    console.log(`[DEBUG] Network response command mismatch: expected 0x${command.toString(16)}, got 0x${parsed.command?.toString(16) ?? "??"} → skip`);
+                }
+                retries++;
+                continue;
+            }
+            if (this.debug) {
+                console.log(`[DEBUG] Invalid network packet skipped (${parsed.error}), retry ${retries + 1}`);
+            }
+            retries++;
+        }
+        return { valid: false, error: `Failed to receive valid network response (exceeded ${MAX_RESPONSE_RETRIES} retries)` };
+    }
+    /**
+     * Receive response (used in multi-packet protocol)
+     */
+    async receiveResponse(timeoutMs) {
+        const timeout = timeoutMs ?? this.readTimeout;
+        if (this.secureMode) {
+            const response = await this._readWithStartByteScan(PACKET_SIZE.SECURE, "secure", timeout);
+            if (this.debug) {
+                console.log(`[DEBUG] RX(secure): ${packetToHex(response)}`);
+            }
+            return this.crypto.parseSecureRecvPacket(response);
+        }
+        // Auto-switch to network mode
+        if (this.networkMode) {
+            const response = await this._readWithStartByteScan(PACKET_SIZE.NETWORK, "network", timeout);
+            if (this.debug) {
+                console.log(`[DEBUG] RX(net): ${packetToHex(response)}`);
+            }
+            return parseNetworkPacket(response);
+        }
+        const response = await this._readWithStartByteScan(PACKET_SIZE.NORMAL, "normal", timeout);
+        if (this.debug) {
+            console.log(`[DEBUG] RX: ${packetToHex(response)}`);
+        }
+        return parseNormalPacket(response);
+    }
+    /**
+     * Send secure command (AES256 encrypted, 35-byte packet)
+     * @internal
+     */
+    async _sendSecureCommand(command, param, size, flag) {
+        const packet = this.crypto.buildSecureSendPacket(command, param, size, flag);
+        if (this.debug) {
+            console.log(`[DEBUG] TX(secure): ${packetToHex(packet)}`);
+            console.log(`[DEBUG] Encryption mode: ${this.crypto.getModeName()}`);
+        }
+        await this._writePacket(packet);
+        // Receive secure response (35 bytes) - scan for 0x51 marker
+        const response = await this._readWithStartByteScan(PACKET_SIZE.SECURE, "secure");
+        if (this.debug) {
+            console.log(`[DEBUG] RX(secure): ${packetToHex(response)}`);
+        }
+        return this.crypto.parseSecureRecvPacket(response);
+    }
+    /**
+     * Switch secure mode
+     */
+    setSecureMode(enabled, options = {}) {
+        this.secureMode = enabled;
+        if (options.key)
+            this.crypto.setKey(options.key);
+        if (options.iv)
+            this.crypto.setIV(options.iv);
+        if (options.secureCode)
+            this.crypto.setSecureCode(options.secureCode);
+        if (options.mode !== undefined)
+            this.crypto.mode = options.mode;
+    }
+    /**
+     * Switch network protocol mode (RS422/485)
+     */
+    setNetworkMode(enabled, terminalId) {
+        this.networkMode = enabled;
+        if (terminalId !== undefined) {
+            this.terminalId = terminalId;
+        }
+        if (this.debug) {
+            console.log(`[DEBUG] Network mode: ${enabled ? "15-byte" : "13-byte"}${enabled ? `, TermID=${this.terminalId}` : ""}`);
+        }
+    }
+    /**
+     * Write packet (supports Hex-ASCII mode)
+     * @internal
+     */
+    async _writePacket(data) {
+        if (this.hexAsciiMode) {
+            await this.serial.write(encodeHexAscii(data));
+        }
+        else {
+            await this.serial.write(data);
+        }
+    }
+    /**
+     * Read packet (supports Hex-ASCII mode)
+     * @internal
+     */
+    async _readPacket(size, timeoutMs) {
+        if (this.hexAsciiMode) {
+            // Hex-ASCII mode: read 2x size and decode
+            const hexData = await this.serial.read(size * 2, timeoutMs);
+            return decodeHexAscii(hexData);
+        }
+        return this.serial.read(size, timeoutMs);
+    }
+    /**
+     * Read packet after scanning for start byte
+     * @internal
+     */
+    async _readWithStartByteScan(packetSize, packetType, timeoutMs) {
+        const timeout = timeoutMs ?? this.readTimeout;
+        // Read 1 byte at a time to find valid start byte
+        const startTime = Date.now();
+        let startByte;
+        while (Date.now() - startTime < timeout) {
+            const remaining = timeout - (Date.now() - startTime);
+            if (remaining <= 0)
+                break;
+            try {
+                const byte = await this._readPacket(1, remaining);
+                if (isValidStartByte(byte[0], packetType)) {
+                    startByte = byte[0];
+                    break;
+                }
+                if (this.debug) {
+                    console.log(`[DEBUG] Scan: skipping invalid byte 0x${byte[0].toString(16).toUpperCase()}`);
+                }
+            }
+            catch {
+                break; // Timeout
+            }
+        }
+        if (startByte === undefined) {
+            throw new Error(`Start byte scan failed (${packetType})`);
+        }
+        // Read remaining packet
+        const remaining = timeout - (Date.now() - startTime);
+        if (remaining <= 0) {
+            throw new Error(`Timeout expired after start byte scan (${packetType})`);
+        }
+        const rest = await this._readPacket(packetSize - 1, remaining);
+        if (rest.length < packetSize - 1) {
+            throw new Error(`Incomplete packet: received ${rest.length + 1}/${packetSize} bytes (${packetType})`);
+        }
+        // Combine start byte + rest
+        const fullPacket = Buffer.alloc(packetSize);
+        fullPacket[0] = startByte;
+        rest.copy(fullPacket, 1);
+        return fullPacket;
+    }
+    /**
+     * Calculate read timeout (based on data size)
+     * @internal
+     */
+    _getReadTimeout(dataSize) {
+        return Math.min(MAX_TIMEOUT_MS, Math.max(this.readTimeout, Math.ceil(dataSize / 100) + 1000));
+    }
+    /**
+     * Calculate write timeout (based on data size)
+     * @internal
+     */
+    _getWriteTimeout(dataSize) {
+        return Math.min(MAX_TIMEOUT_MS, Math.max(5000, Math.ceil(dataSize / 100) + 1000));
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/core/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/core/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,cAAc,GACf,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG5D,MAAM,oBAAoB,GAAG,EAAE,CAAC;AAChC,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,0CAA0C;AAwBxE;;GAEG;AACH,MAAM,OAAO,SAAS;IAapB,YAAY,UAA4B,EAAE;QAFlC,kBAAa,GAAqC,IAAI,CAAC;QAG7D,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,CAAC;YAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,MAAM;YACpC,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,CAAC;YAC1B,GAAG,EAAE,OAAO,CAAC,aAAa;YAC1B,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,IAAI,EAAE,OAAO,CAAC,cAAc,IAAI,eAAe,CAAC,UAAU;SAC3D,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;QAC9C,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;QAEpC,oCAAoC;QACpC,+DAA+D;QAC/D,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC;QAChD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC;QAE1C,8BAA8B;QAC9B,oEAAoE;QACpE,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,KAAK,CAAC;QAElD,mBAAmB;QACnB,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,KAAK,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;IACjD,CAAC;IAED,8BAA8B;IAC9B,eAAe,CAAC,QAA0C;QACxD,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC;IAChC,CAAC;IAED,6DAA6D;IAC7D,gBAAgB,CACd,OAAuD;QAEvD,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,wCAAwC;IACxC,yBAAyB,CACvB,SAAoD;QAEpD,IAAI,CAAC,MAAM,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC;IACnD,CAAC;IAED,0CAA0C;IAC1C,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,QAAiB;QAC7B,MAAM,IAAI,GAAG,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC;QACvC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAC;QAClG,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,KAAa,EAAE,EAAE;YAC5C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,gCAAgC,KAAK,EAAE,OAAO,IAAI,aAAa,EAAE,CAAC,CAAC;YACjF,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,sBAAsB,QAAQ,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,OAAO,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,6CAA6C;QAChF,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAC1B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,OAAe,EACf,KAAK,GAAG,CAAC,EACT,IAAI,GAAG,CAAC,EACR,IAAI,GAAG,CAAC;QAER,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7D,CAAC;QAED,0CAA0C;QAC1C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAE7D,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,eAAe,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAEhC,uFAAuF;QACvF,oHAAoH;QACpH,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,OAAO,OAAO,GAAG,oBAAoB,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAChD,WAAW,CAAC,MAAM,EAClB,QAAQ,EACR,IAAI,CAAC,cAAc,CACpB,CAAC;YAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,eAAe,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAE3C,8CAA8C;YAC9C,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/C,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,uDAAuD;YACvD,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CACT,iDAAiD,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,WAAW,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,SAAS,CAC9H,CAAC;gBACJ,CAAC;gBACD,OAAO,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,2DAA2D;YAC3D,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CACT,mCAAmC,MAAM,CAAC,KAAK,YAAY,OAAO,GAAG,CAAC,EAAE,CACzE,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8CAA8C,oBAAoB,WAAW,EAAE,CAAC;IAChH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CACtB,OAAe,EACf,KAAK,GAAG,CAAC,EACT,IAAI,GAAG,CAAC,EACR,IAAI,GAAG,CAAC;QAER,MAAM,MAAM,GAAG,kBAAkB,CAC/B,OAAO,EACP,IAAI,CAAC,UAAU,EACf,KAAK,EACL,IAAI,EACJ,IAAI,CACL,CAAC;QAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,oBAAoB,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAEhC,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,OAAO,OAAO,GAAG,oBAAoB,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAChD,WAAW,CAAC,OAAO,EACnB,SAAS,EACT,IAAI,CAAC,cAAc,CACpB,CAAC;YAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,oBAAoB,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAE5C,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/C,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CACT,yDAAyD,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,WAAW,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,SAAS,CACtI,CAAC;gBACJ,CAAC;gBACD,OAAO,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CACT,2CAA2C,MAAM,CAAC,KAAK,YAAY,OAAO,GAAG,CAAC,EAAE,CACjF,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sDAAsD,oBAAoB,WAAW,EAAE,CAAC;IACxH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,SAAkB;QACtC,MAAM,OAAO,GAAG,SAAS,IAAI,IAAI,CAAC,WAAW,CAAC;QAE9C,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAChD,WAAW,CAAC,MAAM,EAClB,QAAQ,EACR,OAAO,CACR,CAAC;YACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,uBAAuB,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QACrD,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAChD,WAAW,CAAC,OAAO,EACnB,SAAS,EACT,OAAO,CACR,CAAC;YACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,oBAAoB,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC3D,CAAC;YACD,OAAO,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAChD,WAAW,CAAC,MAAM,EAClB,QAAQ,EACR,OAAO,CACR,CAAC;QACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,eAAe,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,kBAAkB,CAC9B,OAAe,EACf,KAAa,EACb,IAAY,EACZ,IAAY;QAEZ,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAC9C,OAAO,EACP,KAAK,EACL,IAAI,EACJ,IAAI,CACL,CAAC;QAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,uBAAuB,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAEhC,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAChD,WAAW,CAAC,MAAM,EAClB,QAAQ,CACT,CAAC;QAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,uBAAuB,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,aAAa,CACX,OAAgB,EAChB,UAKI,EAAE;QAEN,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC;QAC1B,IAAI,OAAO,CAAC,GAAG;YAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjD,IAAI,OAAO,CAAC,EAAE;YAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,OAAO,CAAC,UAAU;YAAE,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAgB,EAAE,UAAmB;QAClD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC;QAC3B,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC/B,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,yBAAyB,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1G,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,IAAY;QAC7B,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,IAAY,EAAE,SAAkB;QAChD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,0CAA0C;YAC1C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;YAC5D,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC3C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB,CAC1B,UAAkB,EAClB,UAA2C,EAC3C,SAAkB;QAElB,MAAM,OAAO,GAAG,SAAS,IAAI,IAAI,CAAC,WAAW,CAAC;QAE9C,iDAAiD;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,IAAI,SAA6B,CAAC;QAClC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,OAAO,EAAE,CAAC;YACxC,MAAM,SAAS,GAAG,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;YACrD,IAAI,SAAS,IAAI,CAAC;gBAAE,MAAM;YAE1B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;gBAClD,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC;oBAC1C,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;oBACpB,MAAM;gBACR,CAAC;gBACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CACT,yCAAyC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9E,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,CAAC,UAAU;YACnB,CAAC;QACH,CAAC;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,2BAA2B,UAAU,GAAG,CAAC,CAAC;QAC5D,CAAC;QAED,wBAAwB;QACxB,MAAM,SAAS,GAAG,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;QACrD,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,0CAA0C,UAAU,GAAG,CAAC,CAAC;QAC3E,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CACjC,UAAU,GAAG,CAAC,EACd,SAAS,CACV,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,WAAW,UAAU,GAAG,CAAC,CAAC;QACxG,CAAC;QAED,4BAA4B;QAC5B,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC5C,UAAU,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;QAC1B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACzB,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,QAAgB;QAC9B,OAAO,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAChG,CAAC;IAED;;;OAGG;IACH,gBAAgB,CAAC,QAAgB;QAC/B,OAAO,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IACpF,CAAC;CACF"}

package/dist/core/crypto.d.ts

@@ -0,0 +1,86 @@
+/**
+ * SFM Protocol Manual V3.6.0 Secure Packet Protocol
+ *
+ * Encryption modes:
+ *   0x00 = Rijndael256 ECB (legacy)
+ *   0x01 = AES256-ECB
+ *   0x11 = AES256-CBC
+ *
+ * Secure packet structure (35 bytes):
+ *   Byte 0:     0x50 (Send) / 0x51 (Recv) marker
+ *   Byte 1-32:  AES256 encrypted data (32 bytes)
+ *   Byte 33:    Checksum
+ *   Byte 34:    0x0A (End)
+ *
+ * Plaintext structure before encryption (32 bytes) - SFM field mapping:
+ *   Byte offset+0:     Command (1B)
+ *   Byte offset+1-4:   Param (4B, LE)
+ *   Byte offset+5-8:   Size (4B, LE)
+ *   Byte offset+9:     Flag (1B)
+ *   Byte offset+10-17: Secure Code (8B)
+ *   Byte offset+18-31: Padding
+ */
+import type { EncryptionMode } from "../constants";
+export { ENCRYPTION_MODE } from "../constants";
+export type { EncryptionMode } from "../constants";
+export interface SfmCryptoOptions {
+    key?: Buffer | string;
+    iv?: Buffer | string;
+    secureCode?: Buffer | string;
+    mode?: EncryptionMode;
+    dataOffset?: number;
+}
+export interface SecureRecvPacketResult {
+    valid: boolean;
+    secureCodeValid?: boolean;
+    command?: number;
+    param?: number;
+    size?: number;
+    flag?: number;
+    secureCode?: Buffer;
+    error: string | null;
+}
+export declare class SfmCrypto {
+    key: Buffer;
+    iv: Buffer;
+    secureCode: Buffer;
+    mode: EncryptionMode;
+    dataOffset: number;
+    sequenceCounter: number;
+    private _storedIV;
+    constructor(options?: SfmCryptoOptions);
+    setKey(key: Buffer | string): void;
+    setIV(iv: Buffer | string): void;
+    resetIV(): void;
+    setSecureCode(code: Buffer | string): void;
+    /**
+     * AES256 encrypt (32-byte block)
+     */
+    encrypt(plaintext: Buffer | Uint8Array): Buffer;
+    /**
+     * AES256 decrypt (32-byte block)
+     */
+    decrypt(ciphertext: Buffer | Uint8Array): Buffer;
+    /**
+     * AES256 encrypt (variable size, for multi-packet)
+     */
+    encryptRaw(data: Buffer | Uint8Array): Buffer;
+    /**
+     * AES256 decrypt (variable size)
+     * @param originalSize - original data size before encryption (to strip padding)
+     */
+    decryptRaw(data: Buffer | Uint8Array, originalSize?: number): Buffer;
+    /**
+     * Build secure send packet (SFM field structure)
+     *
+     * Plaintext (32B):
+     *   [command(1)] [param LE(4)] [size LE(4)] [flag(1)] [secureCode(8)] [padding]
+     */
+    buildSecureSendPacket(command: number, param?: number, size?: number, flag?: number): Buffer;
+    /**
+     * Parse secure receive packet (SFM field structure)
+     */
+    parseSecureRecvPacket(data: Buffer | Uint8Array): SecureRecvPacketResult;
+    getModeName(): string;
+}
+//# sourceMappingURL=crypto.d.ts.map

package/dist/core/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/core/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAGnD,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAQnD,MAAM,WAAW,gBAAgB;IAC/B,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,IAAI,CAAC,EAAE,cAAc,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,qBAAa,SAAS;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,cAAc,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IAExB,OAAO,CAAC,SAAS,CAAS;gBAEd,OAAO,GAAE,gBAAqB;IA0B1C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAQlC,KAAK,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAShC,OAAO,IAAI,IAAI;IAIf,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAQ1C;;OAEG;IACH,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM;IAgB/C;;OAEG;IACH,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM;IAoBhD;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM;IAkB7C;;;OAGG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM;IAwBpE;;;;;OAKG;IACH,qBAAqB,CACnB,OAAO,EAAE,MAAM,EACf,KAAK,SAAI,EACT,IAAI,SAAI,EACR,IAAI,SAAI,GACP,MAAM;IAmCT;;OAEG;IACH,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,sBAAsB;IA4DxE,WAAW,IAAI,MAAM;CAYtB"}

package/dist/core/crypto.js

@@ -0,0 +1,248 @@
+/**
+ * SFM Protocol Manual V3.6.0 Secure Packet Protocol
+ *
+ * Encryption modes:
+ *   0x00 = Rijndael256 ECB (legacy)
+ *   0x01 = AES256-ECB
+ *   0x11 = AES256-CBC
+ *
+ * Secure packet structure (35 bytes):
+ *   Byte 0:     0x50 (Send) / 0x51 (Recv) marker
+ *   Byte 1-32:  AES256 encrypted data (32 bytes)
+ *   Byte 33:    Checksum
+ *   Byte 34:    0x0A (End)
+ *
+ * Plaintext structure before encryption (32 bytes) - SFM field mapping:
+ *   Byte offset+0:     Command (1B)
+ *   Byte offset+1-4:   Param (4B, LE)
+ *   Byte offset+5-8:   Size (4B, LE)
+ *   Byte offset+9:     Flag (1B)
+ *   Byte offset+10-17: Secure Code (8B)
+ *   Byte offset+18-31: Padding
+ */
+import crypto from "node:crypto";
+import { calcChecksum } from "./packet";
+import { ENCRYPTION_MODE } from "../constants";
+// Backward-compatible re-export
+export { ENCRYPTION_MODE } from "../constants";
+const SECURE_PACKET_SIZE = 35;
+const ENCRYPTED_DATA_SIZE = 32;
+const SECURE_CODE_SIZE = 8;
+const AES256_KEY_SIZE = 32;
+const AES_IV_SIZE = 16;
+export class SfmCrypto {
+    constructor(options = {}) {
+        this.key = options.key
+            ? Buffer.isBuffer(options.key)
+                ? options.key
+                : Buffer.from(options.key, "hex")
+            : Buffer.alloc(32);
+        this.iv = options.iv
+            ? Buffer.isBuffer(options.iv)
+                ? options.iv
+                : Buffer.from(options.iv, "hex")
+            : Buffer.alloc(16);
+        this._storedIV = Buffer.from(this.iv);
+        this.secureCode = options.secureCode
+            ? Buffer.isBuffer(options.secureCode)
+                ? options.secureCode
+                : Buffer.from(options.secureCode, "hex")
+            : Buffer.alloc(SECURE_CODE_SIZE);
+        this.mode = options.mode ?? ENCRYPTION_MODE.AES256_CBC;
+        this.dataOffset = options.dataOffset ?? 0;
+        this.sequenceCounter = 0;
+    }
+    setKey(key) {
+        const buf = Buffer.isBuffer(key) ? key : Buffer.from(key, "hex");
+        if (buf.length !== AES256_KEY_SIZE) {
+            throw new Error(`Invalid AES256 key length: expected ${AES256_KEY_SIZE}, got ${buf.length}`);
+        }
+        this.key = buf;
+    }
+    setIV(iv) {
+        const buf = Buffer.isBuffer(iv) ? iv : Buffer.from(iv, "hex");
+        if (buf.length !== AES_IV_SIZE) {
+            throw new Error(`Invalid AES IV length: expected ${AES_IV_SIZE}, got ${buf.length}`);
+        }
+        this.iv = buf;
+        this._storedIV = Buffer.from(this.iv);
+    }
+    resetIV() {
+        this._storedIV.copy(this.iv);
+    }
+    setSecureCode(code) {
+        const buf = Buffer.isBuffer(code) ? code : Buffer.from(code, "hex");
+        if (buf.length !== SECURE_CODE_SIZE) {
+            throw new Error(`Invalid Secure Code length: expected ${SECURE_CODE_SIZE}, got ${buf.length}`);
+        }
+        this.secureCode = buf;
+    }
+    /**
+     * AES256 encrypt (32-byte block)
+     */
+    encrypt(plaintext) {
+        const buf = Buffer.isBuffer(plaintext) ? plaintext : Buffer.from(plaintext);
+        const padded = Buffer.alloc(ENCRYPTED_DATA_SIZE);
+        buf.copy(padded, 0, 0, Math.min(buf.length, ENCRYPTED_DATA_SIZE));
+        if (this.mode === ENCRYPTION_MODE.AES256_CBC) {
+            const cipher = crypto.createCipheriv("aes-256-cbc", this.key, this.iv);
+            cipher.setAutoPadding(false);
+            return Buffer.concat([cipher.update(padded), cipher.final()]);
+        }
+        const cipher = crypto.createCipheriv("aes-256-ecb", this.key, null);
+        cipher.setAutoPadding(false);
+        return Buffer.concat([cipher.update(padded), cipher.final()]);
+    }
+    /**
+     * AES256 decrypt (32-byte block)
+     */
+    decrypt(ciphertext) {
+        const buf = Buffer.isBuffer(ciphertext)
+            ? ciphertext
+            : Buffer.from(ciphertext);
+        if (this.mode === ENCRYPTION_MODE.AES256_CBC) {
+            const decipher = crypto.createDecipheriv("aes-256-cbc", this.key, this.iv);
+            decipher.setAutoPadding(false);
+            return Buffer.concat([decipher.update(buf), decipher.final()]);
+        }
+        const decipher = crypto.createDecipheriv("aes-256-ecb", this.key, null);
+        decipher.setAutoPadding(false);
+        return Buffer.concat([decipher.update(buf), decipher.final()]);
+    }
+    /**
+     * AES256 encrypt (variable size, for multi-packet)
+     */
+    encryptRaw(data) {
+        const buf = Buffer.isBuffer(data) ? data : Buffer.from(data);
+        const blockSize = 16;
+        const paddedLen = Math.ceil(buf.length / blockSize) * blockSize;
+        const padded = Buffer.alloc(paddedLen);
+        buf.copy(padded);
+        if (this.mode === ENCRYPTION_MODE.AES256_CBC) {
+            const cipher = crypto.createCipheriv("aes-256-cbc", this.key, this.iv);
+            cipher.setAutoPadding(false);
+            return Buffer.concat([cipher.update(padded), cipher.final()]);
+        }
+        const cipher = crypto.createCipheriv("aes-256-ecb", this.key, null);
+        cipher.setAutoPadding(false);
+        return Buffer.concat([cipher.update(padded), cipher.final()]);
+    }
+    /**
+     * AES256 decrypt (variable size)
+     * @param originalSize - original data size before encryption (to strip padding)
+     */
+    decryptRaw(data, originalSize) {
+        const buf = Buffer.isBuffer(data) ? data : Buffer.from(data);
+        let decrypted;
+        if (this.mode === ENCRYPTION_MODE.AES256_CBC) {
+            const decipher = crypto.createDecipheriv("aes-256-cbc", this.key, this.iv);
+            decipher.setAutoPadding(false);
+            decrypted = Buffer.concat([decipher.update(buf), decipher.final()]);
+        }
+        else {
+            const decipher = crypto.createDecipheriv("aes-256-ecb", this.key, null);
+            decipher.setAutoPadding(false);
+            decrypted = Buffer.concat([decipher.update(buf), decipher.final()]);
+        }
+        if (originalSize != null && originalSize < decrypted.length) {
+            return decrypted.subarray(0, originalSize);
+        }
+        return decrypted;
+    }
+    /**
+     * Build secure send packet (SFM field structure)
+     *
+     * Plaintext (32B):
+     *   [command(1)] [param LE(4)] [size LE(4)] [flag(1)] [secureCode(8)] [padding]
+     */
+    buildSecureSendPacket(command, param = 0, size = 0, flag = 0) {
+        const plaintext = Buffer.alloc(ENCRYPTED_DATA_SIZE);
+        const offset = this.dataOffset;
+        if (offset < 0 || offset + 10 + SECURE_CODE_SIZE > ENCRYPTED_DATA_SIZE) {
+            throw new Error(`Invalid dataOffset: ${offset} (exceeds ${ENCRYPTED_DATA_SIZE}-byte block)`);
+        }
+        // SFM field mapping
+        plaintext[offset] = command;
+        plaintext.writeUInt32LE(param >>> 0, offset + 1);
+        plaintext.writeUInt32LE(size >>> 0, offset + 5);
+        plaintext[offset + 9] = flag;
+        // Insert Secure Code
+        this.secureCode.copy(plaintext, offset + 10, 0, SECURE_CODE_SIZE);
+        // Reset CBC IV
+        if (this.mode === ENCRYPTION_MODE.AES256_CBC) {
+            this.resetIV();
+        }
+        const encrypted = this.encrypt(plaintext);
+        // Build secure packet (35 bytes)
+        const packet = Buffer.alloc(SECURE_PACKET_SIZE);
+        packet[0] = 0x50; // SEND marker
+        encrypted.copy(packet, 1, 0, ENCRYPTED_DATA_SIZE);
+        packet[33] = calcChecksum(packet, 33);
+        packet[34] = 0x0a;
+        this.sequenceCounter++;
+        return packet;
+    }
+    /**
+     * Parse secure receive packet (SFM field structure)
+     */
+    parseSecureRecvPacket(data) {
+        const buf = Buffer.isBuffer(data) ? data : Buffer.from(data);
+        if (buf.length < SECURE_PACKET_SIZE) {
+            return {
+                valid: false,
+                error: `Insufficient size: ${buf.length} < ${SECURE_PACKET_SIZE}`,
+            };
+        }
+        const receivedChecksum = buf[33];
+        const expectedChecksum = calcChecksum(buf, 33);
+        if (receivedChecksum !== expectedChecksum) {
+            return {
+                valid: false,
+                error: `Checksum mismatch: got=0x${receivedChecksum.toString(16)}, expected=0x${expectedChecksum.toString(16)}`,
+            };
+        }
+        if (this.mode === ENCRYPTION_MODE.AES256_CBC) {
+            this.resetIV();
+        }
+        const encrypted = buf.subarray(1, 1 + ENCRYPTED_DATA_SIZE);
+        const decrypted = this.decrypt(encrypted);
+        const offset = this.dataOffset;
+        if (offset < 0 || offset + 10 + SECURE_CODE_SIZE > ENCRYPTED_DATA_SIZE) {
+            return { valid: false, error: `Invalid dataOffset: ${offset} (exceeds ${ENCRYPTED_DATA_SIZE}-byte block)` };
+        }
+        const command = decrypted[offset];
+        const param = decrypted.readUInt32LE(offset + 1);
+        const size = decrypted.readUInt32LE(offset + 5);
+        const flag = decrypted[offset + 9];
+        // Secure Code verification
+        const codeStart = offset + 10;
+        const receivedCode = decrypted.subarray(codeStart, codeStart + SECURE_CODE_SIZE);
+        const codeValid = this.secureCode.equals(receivedCode);
+        if (codeValid) {
+            receivedCode.copy(this.secureCode);
+        }
+        return {
+            valid: codeValid,
+            secureCodeValid: codeValid,
+            command,
+            param,
+            size,
+            flag,
+            secureCode: Buffer.from(receivedCode),
+            error: codeValid ? null : "Secure Code mismatch",
+        };
+    }
+    getModeName() {
+        switch (this.mode) {
+            case ENCRYPTION_MODE.AES256_CBC:
+                return "AES256-CBC";
+            case ENCRYPTION_MODE.AES256_ECB:
+                return "AES256-ECB";
+            case ENCRYPTION_MODE.RIJNDAEL_ECB:
+                return "Rijndael256-ECB";
+            default:
+                return `Unknown(0x${this.mode.toString(16)})`;
+        }
+    }
+}
+//# sourceMappingURL=crypto.js.map