// Determine key size based on cipher ID for AES-256 support
        int keyLength = getKeyLength();
        String transformation;

        // Select appropriate AES algorithm based on key length
        if (keyLength == 32) {
            // AES-256 support
            transformation = "AES/GCM/NoPadding";
        } else if (keyLength == 16) {
            // AES-128 (existing)

  fun toggleMask(
    cursor: Buffer.UnsafeCursor,
    key: ByteArray,
  ) {
    var keyIndex = 0
    val keyLength = key.size
    do {
      val buffer = cursor.data
      var i = cursor.start
      val end = cursor.end
      if (buffer != null) {
        while (i < end) {
          keyIndex %= keyLength // Reassign to prevent overflow breaking counter.

            final byte[] sessionKey = getSessionKey();
            final int keyLength = sessionKey != null ? sessionKey.length : 0;
            final byte[] type3 = new byte[64 + domainLength + userLength + workstationLength + lmLength + ntLength + keyLength];
            System.arraycopy(NTLMSSP_SIGNATURE, 0, type3, 0, 8);
            writeULong(type3, 8, 3);
            int offset = 64;

Key[Hash fips140.Hash](h func() Hash, password string, salt []byte, iter, keyLength int) ([]byte, error) { setServiceIndicator(salt, keyLength) if keyLength <= 0 { return nil, errors.New("pkbdf2: keyLength must be larger than 0") } prf := hmac.New(h, []byte(password)) hmac.MarkAsUsedInKDF(prf) hashLen := prf.Size() numBlocks := divRoundUp(keyLength, hashLen) const maxBlocks = int64(1<<32 - 1) if keyLength+hashLen < keyLength || int64(numBlocks) > maxBlocks { return nil, errors.New("pbkdf2: keyLength...