#ifndef _CRYPT_H_
#define _CRYPT_H_

#include <stdbool.h>

#include <sodium.h>

#define CRYPT_KX_PKEY_LEN crypto_kx_PUBLICKEYBYTES
#define CRYPT_KX_SKEY_LEN crypto_kx_SECRETKEYBYTES

#define CRYPT_SIGN_PKEY_LEN crypto_sign_PUBLICKEYBYTES
#define CRYPT_SIGN_SKEY_LEN crypto_sign_SECRETKEYBYTES
#define CRYPT_SIGN_LEN crypto_sign_BYTES

#define CRYPT_SESS_KEY_LEN crypto_kx_SESSIONKEYBYTES

#define CRYPT_NONCE_LEN crypto_aead_aegis256_NPUBBYTES
#define CRYPT_NONCEHALF_LEN (CRYPT_NONCE_LEN/2)

#define CRYPT_HELLO_LEN (CRYPT_PKEY_HEXLEN + CRYPT_SIGN_LEN + (CRYPT_NONCEHALF_LEN))

#define CRYPT_PKEY_HEXLEN ((CRYPT_KX_PKEY_LEN + CRYPT_SIGN_PKEY_LEN) * 2)
#define CRYPT_SKEY_HEXLEN ((CRYPT_SIGN_PKEY_LEN + CRYPT_SIGN_SKEY_LEN) * 2)

typedef struct crypt_key_t {
    unsigned char kx_pub[crypto_kx_PUBLICKEYBYTES];
    unsigned char kx_sec[crypto_kx_SECRETKEYBYTES];
    unsigned char sign_pub[crypto_sign_PUBLICKEYBYTES];
    unsigned char sign_sec[crypto_sign_SECRETKEYBYTES];
    bool hasSecKey;
} crypt_key_t;

int crypt_key_gen(crypt_key_t *const k);
int crypt_key_from_hex(crypt_key_t *const k, const char phex[CRYPT_PKEY_HEXLEN], const char shex[CRYPT_SKEY_HEXLEN]);
int crypt_key_from_hex_public(crypt_key_t *const k, const char phex[CRYPT_PKEY_HEXLEN]);
void crypt_key_destroy(crypt_key_t *const k);

int crypt_key_export_public(const crypt_key_t *const k, char hex[CRYPT_PKEY_HEXLEN]);
int crypt_key_export_secret(const crypt_key_t *const k, char hex[CRYPT_SKEY_HEXLEN]);

int crypt_load_key(crypt_key_t *const k, FILE *const pub, FILE *const sec);
int crypt_store_key(const crypt_key_t *const k, FILE *const pub, FILE *const sec);

unsigned char *crypt_hello(const crypt_key_t *const own);
int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remote);
unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, bool is_client);

typedef struct crypt_session_t {
    unsigned char rx[CRYPT_SESS_KEY_LEN];
    unsigned char tx[CRYPT_SESS_KEY_LEN];
    unsigned char nonce[CRYPT_NONCE_LEN];
    crypt_key_t *remote_key;
} crypt_session_t;

int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const unsigned char *const nonce, bool is_client);
unsigned char *crypt_session_encrypt(crypt_session_t *const s, const unsigned char *const m, unsigned long long mlen, unsigned long long *clen);
unsigned char *crypt_session_decrypt(crypt_session_t *const s, const unsigned char *const c, unsigned long long clen, unsigned long long *mlen);
void crypt_session_destroy(crypt_session_t *const s);

#endif /* _CRYPT_H_ */