// SPDX-License-Identifier: AGPL-3.0-or-later
//
// Sealed-box encryption: anonymous public-key encryption. Anyone holding the
// recipient's public key can produce a ciphertext; only the holder of the
// recipient's private key can decrypt it. Built on X25519 + XSalsa20-Poly1305.
//
// Wire format: ephemeral_pubkey (32 bytes) || box_ciphertext.
// See https://pkg.go.dev/golang.org/x/crypto/nacl/box#SealAnonymous.
//
// On the Android side, the matching primitive is libsodium's
// crypto_box_seal / crypto_box_seal_open. Lazysodium-android is a
// drop-in dependency.

package crypto

import (
	"crypto/rand"
	"errors"

	"golang.org/x/crypto/nacl/box"
)

// Seal encrypts plaintext to recipientPub. recipientPub must be 32 bytes (X25519).
func Seal(plaintext []byte, recipientPub []byte) ([]byte, error) {
	if len(recipientPub) != 32 {
		return nil, errors.New("recipient public key must be 32 bytes")
	}
	var pub [32]byte
	copy(pub[:], recipientPub)
	return box.SealAnonymous(nil, plaintext, &pub, rand.Reader)
}