otp_crypto/decryptor library

Decryptor – Verifies & decrypts a SecureMessage (Encrypt-then-MAC)

Processing order (DO NOT change):

1. Validate protocol version and time-window skew.
2. Derive {encKey, macKey} via HKDF-SHA256 from config.
3. Recompute tag = HMAC(macKey, "tag" || u64be(w) || nonce || ciphertext).
4. Constant-time compare with body tag; if mismatch → AuthenticationFailed.
5. Derive IV = HMAC(macKey, "iv" || u64be(w) || nonce):16.
6. Decrypt AES-256-CBC + PKCS#7 using encKey+IV → plaintext.

NOTES:

• This class does not handle HTTP. It only consumes a SecureMessage reconstructed from wire headers/body.
• Time skew tolerance is enforced before any crypto to fail fast.
• We always verify MAC before decrypting (Encrypt-then-MAC).

HINTS:

• Keep a single Decryptor around; it caches HKDF-derived keys.
• Configure verificationSkewWindows in OtpCryptoConfig to accept ±N adjacent windows relative to current window.