(ns crypto
  "Erlang :crypto module — cryptographic functions.

   In CljElixir: (crypto/hash :sha256 data), (crypto/strong-rand-bytes 16), etc.
   Wraps OpenSSL for hashing, encryption, and random number generation.")

(defn hash
  "Computes a hash digest.
   (crypto/hash :sha256 \"hello\") ;=> <<binary hash>>
   Algorithms: :md5, :sha, :sha224, :sha256, :sha384, :sha512, :sha3-256, etc."
  [type data])

(defn mac
  "Computes a Message Authentication Code.
   (crypto/mac :hmac :sha256 key data)"
  ([type sub-type key data])
  ([type sub-type key data mac-length]))

(defn hash-init
  "Initializes incremental hashing.
   (crypto/hash-init :sha256)"
  [type])

(defn hash-update
  "Updates incremental hash with more data.
   (crypto/hash-update state data)"
  [state data])

(defn hash-final
  "Finalizes incremental hash. Returns the digest."
  [state])

(defn strong-rand-bytes
  "Generates `n` cryptographically strong random bytes.
   (crypto/strong-rand-bytes 16) ;=> <<16 random bytes>>"
  [n])

(defn crypto-one-time
  "One-shot symmetric encryption/decryption.
   (crypto/crypto-one-time :aes-256-ctr key iv data true) ;=> encrypted"
  ([cipher key iv data encrypt-flag])
  ([cipher key data encrypt-flag]))

(defn crypto-one-time-aead
  "One-shot AEAD encryption/decryption (e.g., AES-GCM).
   (crypto/crypto-one-time-aead :aes-256-gcm key iv data aad true)"
  ([cipher key iv data aad encrypt-flag])
  ([cipher key iv data aad tag-length encrypt-flag]))

(defn crypto-init
  "Initializes streaming encryption/decryption.
   3-arity: (crypto/crypto-init cipher key encrypt-flag)
   4-arity: (crypto/crypto-init cipher key iv encrypt-flag-or-opts)"
  ([cipher key encrypt-flag])
  ([cipher key iv encrypt-flag-or-opts]))

(defn crypto-update
  "Updates streaming encryption with more data."
  [state data])

(defn crypto-final
  "Finalizes streaming encryption."
  [state])

(defn sign
  "Creates a digital signature.
   (crypto/sign :rsa :sha256 data private-key)"
  ([algorithm digest-type data key])
  ([algorithm digest-type data key opts]))

(defn verify
  "Verifies a digital signature.
   (crypto/verify :rsa :sha256 data signature public-key)"
  ([algorithm digest-type data signature key])
  ([algorithm digest-type data signature key opts]))

(defn generate-key
  "Generates a key pair.
   (crypto/generate-key :ecdh :secp256r1)"
  ([type params])
  ([type params private-key]))

(defn compute-key
  "Computes shared secret from key exchange."
  ([type others-public-key my-private-key params])
  ([type others-public-key my-private-key shared-info params]))

(defn supports
  "Returns lists of supported algorithms.
   (crypto/supports) ;=> [{:ciphers [...]}, {:hashs [...]}, ...]"
  ([])
  ([category]))

(defn hash-info
  "Returns information about a hash algorithm."
  [type])

(defn cipher-info
  "Returns information about a cipher."
  [cipher])

(defn ec-curves
  "Returns supported elliptic curves."
  [])

(defn rand-seed
  "Seeds the random number generator.
   (crypto/rand-seed seed)"
  ([seed])
  ([alg-or-state seed]))

(defn rand-uniform
  "Returns a random integer in 1..n.
   (crypto/rand-uniform 100) ;=> 42"
  [n])

(defn exor
  "XORs two equal-length binaries.
   (crypto/exor bin1 bin2)"
  [bin1 bin2])