Sesame-Device/include/crypto.h

#pragma once

#include "message.h"
#include <stddef.h>

void enableCrypto();

/**
 * @brief Create a random server challenge.
 * 
 * @return uint32_t 
 */
uint32_t randomChallenge();

/**
 * @brief Create a message authentication code (MAC) for some data.
 * 
 * @param data The data to authenticate
 * @param dataLength The number of bytes to authenticate
 * @param mac The output to store the MAC (must be at least 32 bytes)
 * @param key The secret key used for authentication
 * @return true The MAC was successfully written
 * @return false The MAC could not be created
 */
bool authenticateData(const uint8_t* data, size_t dataLength, uint8_t* mac, const uint8_t* key);

/**
 * @brief Calculate a MAC for message content.
 * 
 * @param message The message for which to calculate the MAC.
 * @param mac The output where the computed MAC is stored
 * @param key The secret key used for authentication
 * @return true The MAC was successfully computed
 * @return false The MAC could not be created
 */
bool authenticateMessage(Message* message, uint8_t* mac, const uint8_t* key);

/**
 * @brief Create a message authentication code (MAC) for a message.
 * 
 * @param message The message to authenticate
 * @param key The secret key used for authentication
 * @return true The MAC was successfully added to the message
 * @return false The MAC could not be created
 */
bool authenticateMessage(SignedMessage* message, const uint8_t* key);

/**
 * @brief Check if a received unlock message is authentic
 * 
 * This function computes the MAC of the message and compares it with
 * the MAC included in the message. The message is authentic if both
 * MACs are identical.
 * 
 * @param message The message to authenticate
 * @param key The secret key used for authentication
 * @return true The message is authentic
 * @return false The message is invalid, or the MAC could not be calculated
 */
bool isAuthenticMessage(SignedMessage* message, const uint8_t* key);