#ifndef PGSODIUM_H
#define PGSODIUM_H

#include <stdio.h>
#include <sodium.h>
#include <unistd.h>
#include <stdbool.h>
#include <stdlib.h>

#include "postgres.h"
#include "commands/seclabel.h"
#include "utils/builtins.h"
#include "libpq/pqformat.h"
#include "funcapi.h"
#include "access/htup_details.h"

#include "storage/ipc.h"
#include "utils/guc.h"
#include "port.h"
#include "catalog/pg_class.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_authid.h"
#include "miscadmin.h"

#include "crypto_aead_det_xchacha20.h"
#include "signcrypt_tbsbr.h"

#define elogn(s) elog(NOTICE, "%s", (s))
#define elogn1(s, v) elog(NOTICE, "%s: %lu", (s), (v))

#define PG_GETKEY_EXEC "pgsodium_getkey"

#define PGSODIUM_UCHARDATA(_vlena) (unsigned char *)VARDATA(_vlena)
#define PGSODIUM_CHARDATA(_vlena) (char *)VARDATA(_vlena)

#define ERRORIF(B, msg)                                                        \
    if ((B))                                                                   \
        ereport(ERROR, (errcode(ERRCODE_DATA_EXCEPTION), errmsg(msg, __func__)))

typedef struct _pgsodium_cb {
    void *ptr;
    size_t size;
} _pgsodium_cb;

static void context_cb_zero_buff(void *);

static void context_cb_zero_buff(void *a) {
    _pgsodium_cb *data = (_pgsodium_cb *)a;
    sodium_memzero(data->ptr, data->size);
}

static inline bytea *_pgsodium_zalloc_bytea(size_t);
static inline bytea *pgsodium_derive_helper(unsigned long long subkey_id,
                                            size_t subkey_size, bytea *context);

extern bytea *pgsodium_secret_key;

/* allocator attached zero-callback to clean up memory */
static inline bytea *_pgsodium_zalloc_bytea(size_t allocation_size) {
    bytea *result = (bytea *)palloc(allocation_size);
    MemoryContextCallback *ctxcb = (MemoryContextCallback *)MemoryContextAlloc(
        CurrentMemoryContext, sizeof(MemoryContextCallback));
    _pgsodium_cb *d = (_pgsodium_cb *)palloc(sizeof(_pgsodium_cb));
    d->ptr = result;
    d->size = allocation_size;
    ctxcb->func = context_cb_zero_buff;
    ctxcb->arg = d;
    MemoryContextRegisterResetCallback(CurrentMemoryContext, ctxcb); // verify where this cb fires
    SET_VARSIZE(result, allocation_size);
    return result;
}

static inline text *_pgsodium_zalloc_text(size_t allocation_size) {
    text *result = (text *)palloc(allocation_size);
    MemoryContextCallback *ctxcb = (MemoryContextCallback *)MemoryContextAlloc(
        CurrentMemoryContext, sizeof(MemoryContextCallback));
    _pgsodium_cb *d = (_pgsodium_cb *)palloc(sizeof(_pgsodium_cb));
    d->ptr = result;
    d->size = allocation_size;
    ctxcb->func = context_cb_zero_buff;
    ctxcb->arg = d;
    MemoryContextRegisterResetCallback(CurrentMemoryContext, ctxcb);
    SET_VARSIZE(result, allocation_size);
    return result;
}

static inline bytea *pgsodium_derive_helper(unsigned long long subkey_id,
                                            size_t subkey_size,
                                            bytea *context) {
    size_t result_size;
    bytea *result;
    ERRORIF(pgsodium_secret_key == NULL,
            "%s: pgsodium_derive: no server secret key defined.");
    ERRORIF(subkey_size < crypto_kdf_BYTES_MIN ||
                subkey_size > crypto_kdf_BYTES_MAX,
            "%s: crypto_kdf_derive_from_key: invalid key size requested");
    ERRORIF(VARSIZE_ANY_EXHDR(context) != 8,
            "%s: crypto_kdf_derive_from_key: context must be 8 bytes");
    result_size = VARHDRSZ + subkey_size;
    result = _pgsodium_zalloc_bytea(result_size);
    crypto_kdf_derive_from_key(PGSODIUM_UCHARDATA(result),
                               subkey_size,
                               subkey_id,
                               (const char *)VARDATA(context),
                               PGSODIUM_UCHARDATA(pgsodium_secret_key));
    return result;
}

void _PG_init(void);

/* Random data */

Datum pgsodium_randombytes_random(PG_FUNCTION_ARGS);
Datum pgsodium_randombytes_uniform(PG_FUNCTION_ARGS);
Datum pgsodium_randombytes_buf(PG_FUNCTION_ARGS);
Datum pgsodium_randombytes_seed(PG_FUNCTION_ARGS);
Datum pgsodium_randombytes_buf_deterministic(PG_FUNCTION_ARGS);

/* Secret key authenticated encryption */

Datum pgsodium_crypto_secretbox_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_secretbox_noncegen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_secretbox(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_secretbox_open(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_secretbox_by_id(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_secretbox_open_by_id(PG_FUNCTION_ARGS);

/* Secret key authentication */

Datum pgsodium_crypto_auth_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_verify(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_by_id(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_verify_by_id(PG_FUNCTION_ARGS);

/* Secret streams */

Datum pgsodium_crypto_secretstream_xchacha20poly1305_keygen(PG_FUNCTION_ARGS);

/* AEAD */

Datum pgsodium_crypto_aead_ietf_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_aead_ietf_noncegen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_aead_ietf_encrypt(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_aead_ietf_decrypt(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_aead_ietf_encrypt_by_id(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_aead_ietf_decrypt_by_id(PG_FUNCTION_ARGS);

Datum pgsodium_crypto_aead_det_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_aead_det_encrypt(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_aead_det_decrypt(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_aead_det_encrypt_by_id(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_aead_det_decrypt_by_id(PG_FUNCTION_ARGS);

/* Hashing */

Datum pgsodium_crypto_generichash_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_generichash(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_generichash_by_id(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_shorthash_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_shorthash(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_shorthash_by_id(PG_FUNCTION_ARGS);

/* password Hashing */

Datum pgsodium_crypto_pwhash_saltgen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_pwhash(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_pwhash_str(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_pwhash_str_verify(PG_FUNCTION_ARGS);

/* Public Key */

Datum pgsodium_crypto_box_keypair(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_box_seed_keypair(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_box_noncegen(PG_FUNCTION_ARGS);

Datum pgsodium_crypto_box(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_box_open(PG_FUNCTION_ARGS);

Datum pgsodium_crypto_box_seal(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_box_seal_open(PG_FUNCTION_ARGS);

Datum pgsodium_crypto_sign_keypair(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_seed_keypair(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_open(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_detached(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_verify_detached(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_init(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_update(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_final_create(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_final_verify(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_init(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_update(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_final_create(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_sign_final_verify(PG_FUNCTION_ARGS);

/* Key Derivation */

Datum pgsodium_crypto_kdf_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_kdf_derive_from_key(PG_FUNCTION_ARGS);

/* Key Exchange */

Datum pgsodium_crypto_kx_keypair(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_kx_seed_keypair(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_kx_new_seed(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_kx_client_session_keys(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_kx_server_session_keys(PG_FUNCTION_ARGS);

/* Advanced */

Datum pgsodium_crypto_auth_hmacsha512_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_hmacsha512(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_hmacsha512_verify(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_hmacsha512_by_id(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_hmacsha512_verify_by_id(PG_FUNCTION_ARGS);

Datum pgsodium_crypto_auth_hmacsha256_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_hmacsha256(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_hmacsha256_by_id(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_hmacsha256_verify(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_auth_hmacsha256_verify_by_id(PG_FUNCTION_ARGS);

Datum pgsodium_crypto_hash_sha256(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_hash_sha512(PG_FUNCTION_ARGS);

/* Server Managed Keys */

Datum pgsodium_derive(PG_FUNCTION_ARGS);

/* Streaming */

Datum pgsodium_crypto_stream_xchacha20_keygen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_stream_xchacha20_noncegen(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_stream_xchacha20(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_stream_xchacha20_xor(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_stream_xchacha20_xor_ic(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_stream_xchacha20_by_id(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_stream_xchacha20_xor_by_id(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_stream_xchacha20_xor_ic_by_id(PG_FUNCTION_ARGS);

/* Sign-Cryption */

Datum pgsodium_crypto_signcrypt_sign_before(PG_FUNCTION_ARGS);
Datum pgsodium_crypto_signcrypt_keypair(PG_FUNCTION_ARGS);

/* Helpers */

Datum pgsodium_cmp(PG_FUNCTION_ARGS);
Datum pgsodium_sodium_bin2base64(PG_FUNCTION_ARGS);
Datum pgsodium_sodium_base642bin(PG_FUNCTION_ARGS);

#endif /* PGSODIUM_H */