package subtle

// SubtleCrypto bridge: AES-CBC, AES-GCM, PBKDF2, Argon2id, random bytes.
// Available in both window and service worker scopes.

// RandomBytes fills dst with cryptographically random bytes.
func RandomBytes(dst []byte) { panic("jsbridge") }

// AESCBCEncrypt encrypts plaintext with AES-256-CBC.
// key: 32 bytes, iv: 16 bytes.
func AESCBCEncrypt(key, iv, plaintext []byte, fn func([]byte)) { panic("jsbridge") }

// AESCBCDecrypt decrypts ciphertext with AES-256-CBC.
// key: 32 bytes, iv: 16 bytes.
func AESCBCDecrypt(key, iv, ciphertext []byte, fn func([]byte)) { panic("jsbridge") }

// AESGCMEncrypt encrypts plaintext with AES-256-GCM.
// key: 32 bytes, iv: 12 bytes. Ciphertext includes 16-byte auth tag.
func AESGCMEncrypt(key, iv, plaintext []byte, fn func([]byte)) { panic("jsbridge") }

// AESGCMDecrypt decrypts ciphertext with AES-256-GCM.
// key: 32 bytes, iv: 12 bytes. Returns empty slice on auth failure.
func AESGCMDecrypt(key, iv, ciphertext []byte, fn func([]byte)) { panic("jsbridge") }

// PBKDF2DeriveKey derives a 32-byte key using PBKDF2-SHA256.
// salt is raw bytes, iterations is the iteration count.
func PBKDF2DeriveKey(password string, salt []byte, iterations int, fn func([]byte)) { panic("jsbridge") }

// Argon2idDeriveKey derives a key using Argon2id.
// t=time cost, m=memory KB, p=parallelism, dkLen=output bytes.
func Argon2idDeriveKey(password string, salt []byte, t, m, p, dkLen int, fn func([]byte)) { panic("jsbridge") }

// SHA256Hex computes SHA-256 of data via crypto.subtle and returns lowercase hex.
func SHA256Hex(data []byte, fn func(string)) { panic("jsbridge") }

// HMACSHA512 computes HMAC-SHA-512 via WebCrypto.
// Calls fn with the 64-byte MAC.
func HMACSHA512(key, data []byte, fn func([]byte)) { panic("jsbridge") }

// PBKDF2SHA512 derives a key using PBKDF2 with SHA-512 via WebCrypto.
// Calls fn with the derived key bytes.
func PBKDF2SHA512(password string, salt []byte, iterations, dkLen int, fn func([]byte)) { panic("jsbridge") }