// src/GeoVLog.Core/Crypto/AesGcmHelper.cs
//
// Thin wrapper over <see cref="System.Security.Cryptography.AesGcm"/> that
// enforces the GeoVLog crypto parameters:
//
//   • 256-bit key (32 bytes)
//   • 96-bit IV  (12 bytes, NIST-recommended for GCM)
//   • 128-bit authentication tag (16 bytes)
//
// Starting with .NET 8 the ctor <c>new AesGcm(key)</c> is **obsolete**; the
// tag size must be specified explicitly.  This helper hides that detail and
// provides span-based Encrypt / Decrypt utilities with runtime checks.

using System;
using System.Security.Cryptography;

namespace GeoVLog.Core.Crypto;

/// <summary>
/// AES-256-GCM encryption / decryption helpers with fixed IV and tag sizes.
/// </summary>
public static class AesGcmHelper
{
    /// <summary>Required key length in bytes (256 bit).</summary>
    public const int KeySize = 32;

    /// <summary>Required nonce / IV length in bytes (96 bit).</summary>
    public const int IvSize = 12;

    /// <summary>Authentication-tag length in bytes (128 bit).</summary>
    public const int TagSize = 16;

    /// <summary>
    /// Encrypts <paramref name="plain"/> with AES-256-GCM.
    /// </summary>
    /// <param name="plain">Plaintext to encrypt.</param>
    /// <param name="key">32-byte AES key.</param>
    /// <returns>
    /// Tuple containing a freshly generated IV, authentication tag, and
    /// ciphertext (same length as <paramref name="plain"/>).
    /// </returns>
    /// <exception cref="ArgumentException">
    /// Thrown when <paramref name="key"/> length ≠ <see cref="KeySize"/>.
    /// </exception>
    public static (byte[] iv, byte[] tag, byte[] cipher) Encrypt(
        ReadOnlySpan<byte> plain,
        ReadOnlySpan<byte> key)
    {
        if (key.Length != KeySize)
            throw new ArgumentException("AES-256 key must be 32 bytes.", nameof(key));

        byte[] iv = RandomNumberGenerator.GetBytes(IvSize);
        byte[] tag = new byte[TagSize];
        byte[] cipher = new byte[plain.Length];

        // Specify tag size to silence .NET 8 obsoletion warning
        using var aes = new AesGcm(key, TagSize);
        aes.Encrypt(iv, plain, cipher, tag);

        return (iv, tag, cipher);
    }

    /// <summary>
    /// Decrypts a GCM payload and verifies its authentication tag.
    /// </summary>
    /// <param name="cipher">Ciphertext bytes.</param>
    /// <param name="key">32-byte AES key.</param>
    /// <param name="iv">12-byte nonce used during encryption.</param>
    /// <param name="tag">16-byte authentication tag.</param>
    /// <returns>Plaintext bytes.</returns>
    /// <exception cref="CryptographicException">
    /// Thrown when tag verification fails.
    /// </exception>
    /// <exception cref="ArgumentException">
    /// Thrown when any input buffer does not match expected size.
    /// </exception>
    public static byte[] Decrypt(
        ReadOnlySpan<byte> cipher,
        ReadOnlySpan<byte> key,
        ReadOnlySpan<byte> iv,
        ReadOnlySpan<byte> tag)
    {
        if (key.Length != KeySize) throw new ArgumentException("Key must be 32 bytes.");
        if (iv.Length != IvSize) throw new ArgumentException("IV must be 12 bytes.");
        if (tag.Length != TagSize) throw new ArgumentException("Tag must be 16 bytes.");

        byte[] plain = new byte[cipher.Length];

        using var aes = new AesGcm(key, TagSize);
        aes.Decrypt(iv, cipher, tag, plain);

        return plain;
    }
}