package sm2a

import (
	"math/big"

	"xdx.jelly/xgcl/gmath"
	"xdx.jelly/xgcl/sm/sm2"
)

type ClientDecContext struct {
	cipher *sm2.Cipher
}

func NewClientDecContext() *ClientDecContext {
	return &ClientDecContext{
		cipher: sm2.NewCipher(),
	}
}

// Decrypt_one 客户端协同解密第一步，输出cipher.C1并发送给服务端
func (c *ClientDecContext) Decrypt_one(cipher *sm2.Cipher) ([]byte, error) {
	out := make([]byte, 0, 2*sm2.ByteSize())
	cipher.X.Mod(cipher.X, sm2.OrderN())
	cipher.Y.Mod(cipher.Y, sm2.OrderN())
	out = append(out, gmath.BigIntToNByte(cipher.X, sm2.ByteSize())...)
	out = append(out, gmath.BigIntToNByte(cipher.Y, sm2.ByteSize())...)

	c.cipher.Set(cipher)
	return out, nil
}

// Decrypt_two 客户端协同解密第二步，收到服务端计算结果 [d_s]·C1,计算解密明文。
func (c *ClientDecContext) Decrypt_two(in []byte, dc *sm2.PrivateKey) ([]byte, error) {
	x := new(big.Int)
	y := new(big.Int)
	x.SetBytes(in[:sm2.ByteSize()])
	y.SetBytes(in[sm2.ByteSize() : 2*sm2.ByteSize()])
	xx, yy := sm2.Curve256.ScalarMult(c.cipher.X, c.cipher.Y, dc.D.Bytes())
	x, y = sm2.Curve256.Add(x, y, xx, yy)
	// (x,y) = d*C1, 后续解密同标准SM2解密一致
	return sm2.Decrypt_aux(x, y, c.cipher)
}