#include "pgsodium.h"

PG_FUNCTION_INFO_V1(pgsodium_crypto_auth);
Datum pgsodium_crypto_auth(PG_FUNCTION_ARGS) {
    bytea *message = PG_GETARG_BYTEA_P(0);
    bytea *key = PG_GETARG_BYTEA_P(1);
    int result_size;
    bytea *result;
    ERRORIF(VARSIZE_ANY_EXHDR(key) != crypto_auth_KEYBYTES, "%s: invalid key");
    result_size = VARHDRSZ + crypto_auth_BYTES;
    result = _pgsodium_zalloc_bytea(result_size);
    crypto_auth(PGSODIUM_UCHARDATA(result),
                PGSODIUM_UCHARDATA(message),
                VARSIZE_ANY_EXHDR(message),
                PGSODIUM_UCHARDATA(key));
    PG_RETURN_BYTEA_P(result);
}

PG_FUNCTION_INFO_V1(pgsodium_crypto_auth_by_id);
Datum pgsodium_crypto_auth_by_id(PG_FUNCTION_ARGS) {
    bytea *message = PG_GETARG_BYTEA_P(0);
    unsigned long long key_id = PG_GETARG_INT64(1);
    bytea *context = PG_GETARG_BYTEA_P(2);
    bytea *key = pgsodium_derive_helper(key_id, crypto_auth_KEYBYTES, context);
    int result_size;
    bytea *result;
    ERRORIF(VARSIZE_ANY_EXHDR(key) != crypto_auth_KEYBYTES, "%s: invalid key");
    result_size = VARHDRSZ + crypto_auth_BYTES;
    result = _pgsodium_zalloc_bytea(result_size);
    crypto_auth(PGSODIUM_UCHARDATA(result),
                PGSODIUM_UCHARDATA(message),
                VARSIZE_ANY_EXHDR(message),
                PGSODIUM_UCHARDATA(key));
    PG_RETURN_BYTEA_P(result);
}

PG_FUNCTION_INFO_V1(pgsodium_crypto_auth_verify);
Datum pgsodium_crypto_auth_verify(PG_FUNCTION_ARGS) {
    int success;
    bytea *mac = PG_GETARG_BYTEA_P(0);
    bytea *message = PG_GETARG_BYTEA_P(1);
    bytea *key = PG_GETARG_BYTEA_P(2);
    ERRORIF(VARSIZE_ANY_EXHDR(mac) != crypto_auth_BYTES, "%s: invalid mac");
    ERRORIF(VARSIZE_ANY_EXHDR(key) != crypto_auth_KEYBYTES, "%s: invalid key");
    success = crypto_auth_verify(PGSODIUM_UCHARDATA(mac),
                                 PGSODIUM_UCHARDATA(message),
                                 VARSIZE_ANY_EXHDR(message),
                                 PGSODIUM_UCHARDATA(key));
    PG_RETURN_BOOL(success == 0);
}

PG_FUNCTION_INFO_V1(pgsodium_crypto_auth_verify_by_id);
Datum pgsodium_crypto_auth_verify_by_id(PG_FUNCTION_ARGS) {
    int success;
    bytea *mac = PG_GETARG_BYTEA_P(0);
    bytea *message = PG_GETARG_BYTEA_P(1);
    unsigned long long key_id = PG_GETARG_INT64(2);
    bytea *context = PG_GETARG_BYTEA_P(3);
    bytea *key =
        pgsodium_derive_helper(key_id, crypto_secretbox_KEYBYTES, context);

    ERRORIF(VARSIZE_ANY_EXHDR(mac) != crypto_auth_BYTES, "%s: invalid mac");
    ERRORIF(VARSIZE_ANY_EXHDR(key) != crypto_auth_KEYBYTES, "%s: invalid key");
    success = crypto_auth_verify(PGSODIUM_UCHARDATA(mac),
                                 PGSODIUM_UCHARDATA(message),
                                 VARSIZE_ANY_EXHDR(message),
                                 PGSODIUM_UCHARDATA(key));
    PG_RETURN_BOOL(success == 0);
}

PG_FUNCTION_INFO_V1(pgsodium_crypto_auth_keygen);
Datum pgsodium_crypto_auth_keygen(PG_FUNCTION_ARGS) {
    size_t result_size = VARHDRSZ + crypto_auth_KEYBYTES;
    bytea *result = _pgsodium_zalloc_bytea(result_size);
    crypto_secretbox_keygen(PGSODIUM_UCHARDATA(result));
    PG_RETURN_BYTEA_P(result);
}