;;;; cl-scopes/util/crypt - common cryptographic utilities, e.g. for signing texts

(defpackage :scopes/util/crypt
  (:use :common-lisp)
  (:local-nicknames (:util :scopes/util)
                    (:b64 :qbase64))
  (:export #:create-secret #:digest #:sign))

(in-package :scopes/util/crypt)

(defun create-secret (&key (bytes 16) (scheme :uri))
  (util:b64-encode (ironclad:random-data bytes) :scheme scheme))

(defun digest (tx &key (scheme :original) (alg :sha256))
  (b64:encode-bytes (ironclad:digest-sequence alg (util:to-bytes tx)) :scheme scheme))

(defun sign (tx key)
  (let* ((binp (util:to-bytes tx))
         (bkey (util:to-bytes key))
         ;(bkey (make-array 16 :element-type '(unsigned-byte 8)
         ;                 :initial-contents (b64:decode-string key)))
         (mac (ironclad:make-mac :hmac bkey :sha256)))
    (ironclad:update-mac mac binp)
    (util:b64-encode (ironclad:produce-mac mac) :scheme :uri)))