#ifndef _RLOCS_H_
#define _RLOCS_H_

#include "util.h"

#include <json/json_object.h>
#include <netinet/in.h>

#include <openssl/evp.h>
#include <openssl/sha.h>

// For now. We can dynamically allocate later.
#define MAX_RLOCS 64
#define MAX_EID_MAPPINGS 256


struct key_context {
    int in_use;    
    char secret[SHA256_DIGEST_LENGTH];
    EVP_CIPHER_CTX ctx;

    /* Probably don't need these
    struct rloc *rloc_x;
    struct rloc *rloc_y;
    */
};

struct rloc {
    short family;
    union {
        struct in_addr  ip4;
        struct in6_addr ip6;
    } addr;
    
    EVP_PKEY *key;
    // We use this to index our rloc for shared keys
    int context_id;
};


struct ip4_eid_map_entry {
    struct in_addr network;
    struct in_addr broadcast;
    unsigned int mask;
    struct rloc *rloc;
};

struct ip6_eid_map_entry {
    struct in6_addr network;
    struct in6_addr broadcast;
    unsigned int mask;
    struct rloc *rloc;    
};

struct rlocs {
    json_object *config;
    
    size_t num_entries;
    struct rloc entries[MAX_RLOCS];
    
    size_t num_ip4_map_entries;
    struct ip4_eid_map_entry ip4_mappings[MAX_EID_MAPPINGS];
    
    size_t num_ip6_map_entries;
    struct ip6_eid_map_entry ip6_mappings[MAX_EID_MAPPINGS];

    /* Don't do this, kids.
     * 2D array - [wrapping_rloc->id][unwrapping_rloc->id]
     * Obviously, half of the contexts would be identical. So some rules:
     * - if you're wrapping a packet, you are x. they are y
     * - if you're unwrapping a packet, you are y. they are x.
     * Half of the allocated memory goes unused, but we can worry about dynamic
     * allocation at the same time as MAX_RLOCS and MAX_EID_MAPPINGS
     */ 
    struct key_context key_contexts[MAX_RLOCS][MAX_RLOCS];    
};


void rlocs_init(void);

struct rlocs *rlocs_new( char *filename );

struct rloc *rloc_find_for_ipv4( struct rlocs *reg, struct in_addr *eid );
struct rloc *rloc_find_for_ipv6( struct rlocs *reg, struct in6_addr *eid );
struct rloc *rloc_find_by_address( struct rlocs *reg, struct in_addr *ipv4, struct in6_addr *ipv6 );

int rloc_add_private_key( struct rloc *rloc, char *filename );

void rlocs_debug_output( struct rlocs *reg );

/* Returns -1 on error, or number of bytes written */
ssize_t rlocs_encrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len );
ssize_t rlocs_decrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len );

void rlocs_free( struct rlocs *registry );

#endif