package vless

import (
	"crypto/rand"
	"encoding/base64"
	"encoding/hex"
	"fmt"

	"golang.org/x/crypto/curve25519"
)

// GenerateX25519Keypair generates a raw x25519 keypair for REALITY.
// Unlike WireGuard, no clamping is applied to the private key.
func GenerateX25519Keypair() (privBase64, pubBase64 string, err error) {
	priv := make([]byte, 32)
	if _, err := rand.Read(priv); err != nil {
		return "", "", fmt.Errorf("generating private key: %w", err)
	}

	pub, err := curve25519.X25519(priv, curve25519.Basepoint)
	if err != nil {
		return "", "", fmt.Errorf("computing public key: %w", err)
	}

	return base64.StdEncoding.EncodeToString(priv),
		base64.StdEncoding.EncodeToString(pub),
		nil
}

// GenerateShortID generates a random 8-byte REALITY short ID as a hex string.
func GenerateShortID() (string, error) {
	var id [8]byte
	if _, err := rand.Read(id[:]); err != nil {
		return "", fmt.Errorf("generating short ID: %w", err)
	}
	return hex.EncodeToString(id[:]), nil
}