/**
 * @file se050_keystore_internal.h
 * @brief SE050 Key Store Internal Definitions
 * 
 * Internal definitions for key store implementation.
 * 
 * License: MIT (Clean-room implementation)
 */

#ifndef SE050_KEYSTORE_INTERNAL_H
#define SE050_KEYSTORE_INTERNAL_H

#include "se050_wireguard.h"
#include <stdint.h>
#include <stddef.h>

/* Key object types */
typedef enum {
    KEY_PART_PRIVATE = 0,
    KEY_PART_PUBLIC,
    KEY_PART_PAIR,
} key_part_t;

/* Key cipher types */
typedef enum {
    CIPHER_TYPE_NONE = 0,
    CIPHER_TYPE_EC_MONTGOMERY,  /* X25519 */
    CIPHER_TYPE_EC_NIST_P256,
    CIPHER_TYPE_AES,
} cipher_type_t;

/* Key object flags */
#define KEY_FLAG_PERSISTENT     (1 << 0)
#define KEY_FLAG_TRANSIENT      (1 << 1)
#define KEY_FLAG_GENERATED      (1 << 2)
#define KEY_FLAG_EXPORTED       (1 << 3)

/**
 * @brief Key object structure
 */
typedef struct {
    uint32_t key_id;                    /**< Key identifier */
    key_part_t key_part;                /**< Key part (private/public/pair) */
    cipher_type_t cipher_type;          /**< Cipher type */
    size_t key_size;                    /**< Key size in bytes */
    uint8_t flags;                      /**< Key flags */
    uint8_t private_key[32];            /**< Private key data (secure) */
    uint8_t public_key[32];             /**< Public key data */
} key_object_t;

/**
 * @brief Key store context structure
 */
struct se050_keystore_ctx {
    se050_session_ctx_t *session;       /**< Associated session */
    key_object_t *objects;              /**< Key objects array */
    size_t num_objects;                 /**< Number of key objects */
    size_t max_objects;                 /**< Maximum key objects */
};

/* Internal functions */
key_object_t *find_key_object(se050_keystore_ctx_t *keystore, uint32_t key_id);
key_object_t *allocate_key_object(se050_keystore_ctx_t *keystore);
se050_status_t se050_keystore_generate_key(se050_keystore_ctx_t *keystore,
                                            uint32_t key_id,
                                            cipher_type_t cipher_type,
                                            size_t key_size,
                                            uint8_t *private_key,
                                            uint8_t *public_key);
se050_status_t se050_keystore_get_public_key(se050_keystore_ctx_t *keystore,
                                              uint32_t key_id,
                                              uint8_t *public_key,
                                              size_t *key_size);
se050_status_t se050_keystore_get_private_key(se050_keystore_ctx_t *keystore,
                                               uint32_t key_id,
                                               uint8_t *private_key,
                                               size_t *key_size);

#endif /* SE050_KEYSTORE_INTERNAL_H */