// Minimal HPKE stubs for crypto/tls ECH support.
// ECH (Encrypted Client Hello) is optional; these stubs allow TLS to compile.
package hpke

import "errors"

type KDF interface {
	ID() uint16
}

type AEAD interface {
	ID() uint16
}

type KEM interface {
	GenerateKey() (PrivateKey, error)
	NewPrivateKey([]byte) (PrivateKey, error)
	NewPublicKey([]byte) (PublicKey, error)
	DeriveKeyPair(ikm []byte) (PrivateKey, error)
}

type PublicKey interface {
	Bytes() []byte
}

type PrivateKey interface {
	PublicKey() PublicKey
	Bytes() []byte
}

type Sender struct{}

func (s *Sender) Seal(aad, plaintext []byte) ([]byte, error) {
	return nil, errors.New("hpke: not implemented")
}

type Recipient struct{}

func (r *Recipient) Open(aad, ciphertext []byte) ([]byte, error) {
	return nil, errors.New("hpke: not implemented")
}

func NewSender(pk PublicKey, kdf KDF, aead AEAD, info []byte) (enc []byte, s *Sender, err error) {
	return nil, nil, errors.New("hpke: not implemented")
}

func NewRecipient(enc []byte, k PrivateKey, kdf KDF, aead AEAD, info []byte) (*Recipient, error) {
	return nil, errors.New("hpke: not implemented")
}

func NewKEM(id uint16) (KEM, error)  { return nil, errors.New("hpke: KEM not implemented") }
func NewKDF(id uint16) (KDF, error)  { return nil, errors.New("hpke: KDF not implemented") }
func NewAEAD(id uint16) (AEAD, error) { return nil, errors.New("hpke: AEAD not implemented") }