/**
 * encryptor.h
 * Created by Ron Bowes
 * October, 2015
 *
 * See LICENSE.md
 */
#ifndef __ENCRYPTOR_H__
#define __ENCRYPTOR_H__

typedef struct
{
  char *preshared_secret;

  uint8_t my_private_key[32];
  uint8_t my_public_key[64];
  uint8_t their_public_key[64];

  uint8_t shared_secret[32];
  uint8_t my_authenticator[32];
  uint8_t their_authenticator[32];

  uint8_t my_write_key[32];
  uint8_t my_mac_key[32];
  uint8_t their_write_key[32];
  uint8_t their_mac_key[32];

  uint16_t nonce;
} encryptor_t;

/* Create a new encryptor and generate a new private key. */
encryptor_t *encryptor_create(char *preshared_secret);

/* Set their pubkey, and also calculate all the various derived values. */
NBBOOL encryptor_set_their_public_key(encryptor_t *encryptor, uint8_t *their_public_key);

/* Get the next nonce. */
uint16_t encryptor_get_nonce(encryptor_t *encryptor);

/* Check if we should re-negotiate. */
NBBOOL encryptor_should_we_renegotiate(encryptor_t *encryptor);

/* Print all the internal encryptor variables. */
void encryptor_print(encryptor_t *encryptor);

/* Print the short authentication string. */
void encryptor_print_sas(encryptor_t *encryptor);

/* Validates that the packet, stored in buffer, has a valid signature.
 * It also removes the signature from the buffer. */
NBBOOL encryptor_check_signature(encryptor_t *encryptor, buffer_t *buffer);

/* Decrypt the packet, stored in buffer. Also removes the nonce and
 * returns it in the nonce parameter, if it's not NULL. */
void encryptor_decrypt_buffer(encryptor_t *encryptor, buffer_t *buffer, uint16_t *nonce);

/* Adds a signature to the packet stored in buffer. */
void encryptor_sign_buffer(encryptor_t *encryptor, buffer_t *buffer);

/* Encrypts the packet stored in buffer, and adds the nonce to it. */
void encryptor_encrypt_buffer(encryptor_t *encryptor, buffer_t *buffer);

/* Destroy the encryptor and free/wipe any memory used. */
void encryptor_destroy(encryptor_t *encryptor);


#endif