package kdf

import (
	"bytes"
)

// KDF is a type of KDF (Key Derivation Function).
type KDF interface {
	// Name returns the string form of the KDF name.
	Name() (name string)
	// NameBytes returns the Name result but in bytes with a leading uint32 bytecount packed in.
	NameBytes() (name []byte)
	// Rounds returns the number of rounds used in derivation.
	Rounds() (rounds uint32)
	// Salt returns the salt bytes.
	Salt() (salt []byte)
	// Setup initializes the KDF with the given derivation secret (password) and KDF options.
	Setup(secret, salt []byte, rounds, keyLen uint32) (err error)
	// DeriveKey derives the key. Setup (or SetupAuto) must have been run first.
	DeriveKey() (key []byte, err error)
	// SetupAuto configures a partially reconstructed KDF options that were parsed from GetKdfFromBytes (if KDF.AutoOK returns true).
	SetupAuto(secret []byte, keyLen uint32) (err error)
	// AutoOK returns true if all components were able to be parsed from GetKdfFromBytes.
	AutoOK() (ok bool)
	// IsPlain returns true if this is a "null" kdf; i.e. no derivation is actually performed.
	IsPlain() (plain bool)
	// PackedBytes returns the bytes suitable for serializing into a key file.
	PackedBytes() (buf *bytes.Reader, err error)
	// addSalt adds the salt as parsed from the private key.
	addSalt(salt []byte) (err error)
	// addRounds adds the rounds as parsed from the private key.
	addRounds(rounds uint32) (err error)
}

/*
	BcryptPbkdf combines bcrypt hashing algorithm with PBKDF2 key derivation.

	(bcrypt) https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html
	(PBKDF2) https://datatracker.ietf.org/doc/html/rfc2898
	http://www.tedunangst.com/flak/post/bcrypt-pbkdf
*/
type BcryptPbkdf struct {
	// salt is used to salt the hash for each round in rounds.
	salt []byte
	// rounds controls how many iterations that salting/hashing is done.
	rounds uint32
	// keyLen is how long the derived key should be in bytes.
	keyLen uint32
	// secret is the "passphrase" used to seed the key creation.
	secret []byte
	// key is used to store the derived key.
	key []byte
}

// Null is a dummy KDF that is used for unencrypted/plain SSH private keys. It literally does nothing.
type Null struct{}