utun2/!/secure_channel.h

// secure_channel.h
#ifndef SECURE_CHANNEL_H
#define SECURE_CHANNEL_H

#include <stdint.h>
#include <stddef.h>

// Размеры ключей
#define SC_PRIVKEY_SIZE 32
#define SC_PUBKEY_SIZE 64
#define SC_HASH_SIZE 32
#define SC_NONCE_SIZE 13  // CCM requires exactly 13 bytes
#define SC_SHARED_SECRET_SIZE SC_HASH_SIZE
#define SC_SESSION_KEY_SIZE 16
#define SC_TAG_SIZE 8
#define SC_CRC32_SIZE 4

// Коды возврата
#define SC_OK 0
#define SC_ERR_INVALID_ARG -1
#define SC_ERR_CRYPTO -2
#define SC_ERR_NOT_INITIALIZED -3
#define SC_ERR_AUTH_FAILED -4
#define SC_ERR_CRC_FAILED -5

#define SC_PEER_PUBKEY_BIN 0
#define SC_PEER_PUBKEY_HEX 1

// Типы
typedef int sc_status_t;
typedef struct secure_channel sc_context_t;

struct SC_MYKEYS {
    /* Локальные ключи */
    uint8_t private_key[SC_PRIVKEY_SIZE];
    uint8_t public_key[SC_PUBKEY_SIZE];
  };

// Контекст защищенного канала
struct secure_channel {
    struct SC_MYKEYS* pk;
    /* Ключи пира (после key exchange) */
    uint8_t peer_public_key[SC_PUBKEY_SIZE];
    uint8_t session_key[SC_SESSION_KEY_SIZE];  /* Derived session key */

    /* Nonces для отправки и приема */
    uint8_t send_nonce[SC_NONCE_SIZE];
    uint8_t recv_nonce[SC_NONCE_SIZE];
    
    uint8_t initialized;
    uint8_t peer_key_set;
    uint8_t session_ready;
    uint64_t tx_counter;
    uint64_t rx_counter;
};

// Функции инициализации
sc_status_t sc_init_ctx(sc_context_t *ctx, struct SC_MYKEYS *mykeys);
sc_status_t sc_generate_keypair(struct SC_MYKEYS *keys);
sc_status_t sc_init_local_keys(struct SC_MYKEYS *mykeys, const char *public_key, const char *private_key);
sc_status_t sc_set_peer_public_key(sc_context_t *ctx, const char *peer_public_key, int mode);// mode: 0-bin 1-hex key format
sc_status_t sc_compute_public_key_from_private(const uint8_t *private_key, uint8_t *public_key);

// Криптографические операции
sc_status_t sc_encrypt(sc_context_t *ctx, const uint8_t *plaintext,  size_t plaintext_len,  uint8_t *ciphertext, size_t *ciphertext_len);
sc_status_t sc_decrypt(sc_context_t *ctx, const uint8_t *ciphertext, size_t ciphertext_len, uint8_t *plaintext,  size_t *plaintext_len);

#endif // SECURE_CHANNEL_H