package romulus_go

import (
	"crypto/rand"
	"errors"
)

const abytes int = 16
const keysize int = 16
const noncesize int = 16

func Encrypt(key []byte, plaintext []byte, additionalData []byte) ([]byte, error) {

	cipher := make([]byte, len(plaintext)+abytes+noncesize)
	var cipherlen uint64
	nonce := genNonce()
	ret := romulus_m_encrypt(
		cipher[noncesize:],
		&cipherlen,
		plaintext,
		(uint64)(len(plaintext)),
		additionalData,
		(uint64)(len(additionalData)),
		nil,
		nonce,
		key[:keysize],
	)

	if ret != 0 {
		return nil, errors.New("Failed to decrypt")
	}
	copy(cipher, nonce)
	return cipher[:cipherlen], nil
}

func Decrypt(key []byte, ciphertext []byte, additionalData []byte) ([]byte, bool, error) {

	plaintext := make([]byte, len(ciphertext))
	var plaintextLen uint64
	ret := romulus_m_decrypt(
		plaintext,
		&plaintextLen,
		nil,
		ciphertext[noncesize:],
		(uint64)(len(ciphertext)-noncesize),
		additionalData,
		(uint64)(len(additionalData)),
		ciphertext[:noncesize],
		key[:keysize],
	)
	if ret == -1 {
		return nil, false, errors.New("Failed to authenticate")
	} else if ret != 0 {
		return nil, false, errors.New("Failed to decrypt")
	}

	return plaintext, true, nil
}

func genNonce() []byte {
	buf := make([]byte, noncesize)
	rand.Read(buf)
	return buf
}