/*
 * Copyright (C)2005-2019 Haxe Foundation
 *
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

package haxe.crypto;

/**
	Creates a Sha256 of a String.
**/
class Sha256 {
	public static function encode(s:String):String {
		var sh = new Sha256();
		var h = sh.doEncode(str2blks(s), s.length * 8);
		return sh.hex(h);
	}

	public static function make(b:haxe.io.Bytes):haxe.io.Bytes {
		var h = new Sha256().doEncode(bytes2blks(b), b.length * 8);
		var out = haxe.io.Bytes.alloc(32);
		var p = 0;
		for (i in 0...8) {
			out.set(p++, h[i] >>> 24);
			out.set(p++, (h[i] >> 16) & 0xFF);
			out.set(p++, (h[i] >> 8) & 0xFF);
			out.set(p++, h[i] & 0xFF);
		}
		return out;
	}

	function new() {}

	function doEncode(m:Array<Int>, l:Int):Array<Int> {
		var K:Array<Int> = [
			0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
			0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 0xE49B69C1, 0xEFBE4786, 0xFC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
			0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x6CA6351, 0x14292967, 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
			0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
			0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
			0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2
		];
		var HASH:Array<Int> = [
			0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
			0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19
		];

		var W = new Array<Int>();
		W[64] = 0;
		var a:Int, b:Int, c:Int, d:Int, e:Int, f:Int, g:Int, h:Int;
		var T1, T2;
		m[l >> 5] |= 0x80 << (24 - l % 32);
		m[((l + 64 >> 9) << 4) + 15] = l;
		var i:Int = 0;
		while (i < m.length) {
			a = HASH[0];
			b = HASH[1];
			c = HASH[2];
			d = HASH[3];
			e = HASH[4];
			f = HASH[5];
			g = HASH[6];
			h = HASH[7];
			for (j in 0...64) {
				if (j < 16)
					W[j] = m[j + i];
				else
					W[j] = safeAdd(safeAdd(safeAdd(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);
				T1 = safeAdd(safeAdd(safeAdd(safeAdd(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);
				T2 = safeAdd(Sigma0256(a), Maj(a, b, c));
				h = g;
				g = f;
				f = e;
				e = safeAdd(d, T1);
				d = c;
				c = b;
				b = a;
				a = safeAdd(T1, T2);
			}
			HASH[0] = safeAdd(a, HASH[0]);
			HASH[1] = safeAdd(b, HASH[1]);
			HASH[2] = safeAdd(c, HASH[2]);
			HASH[3] = safeAdd(d, HASH[3]);
			HASH[4] = safeAdd(e, HASH[4]);
			HASH[5] = safeAdd(f, HASH[5]);
			HASH[6] = safeAdd(g, HASH[6]);
			HASH[7] = safeAdd(h, HASH[7]);
			i += 16;
		}
		return HASH;
	}

	/**
		Convert a string to a sequence of 16-word blocks, stored as an array.
		Append padding bits and the length, as described in the SHA1 standard.
	**/
	static function str2blks(s:String):Array<Int> {
		#if target.unicode
		var s = haxe.io.Bytes.ofString(s);
		#end
		var nblk = ((s.length + 8) >> 6) + 1;
		var blks = new Array<Int>();

		for (i in 0...nblk * 16)
			blks[i] = 0;
		for (i in 0...s.length) {
			var p = i >> 2;
			blks[p] |= #if target.unicode s.get(i) #else s.charCodeAt(i) #end << (24 - ((i & 3) << 3));
		}
		var i = s.length;
		var p = i >> 2;
		blks[p] |= 0x80 << (24 - ((i & 3) << 3));
		blks[nblk * 16 - 1] = s.length * 8;
		return blks;
	}

	static function bytes2blks(b:haxe.io.Bytes):Array<Int> {
		var nblk = ((b.length + 8) >> 6) + 1;
		var blks = new Array<Int>();

		for (i in 0...nblk * 16)
			blks[i] = 0;
		for (i in 0...b.length) {
			var p = i >> 2;
			blks[p] |= b.get(i) << (24 - ((i & 3) << 3));
		}
		var i = b.length;
		var p = i >> 2;
		blks[p] |= 0x80 << (24 - ((i & 3) << 3));
		blks[nblk * 16 - 1] = b.length * 8;
		return blks;
	}

	extern inline function S(X, n) {
		return (X >>> n) | (X << (32 - n));
	}

	extern inline function R(X, n) {
		return (X >>> n);
	}

	extern inline function Ch(x, y, z) {
		return ((x & y) ^ ((~x) & z));
	}

	extern inline function Maj(x, y, z) {
		return ((x & y) ^ (x & z) ^ (y & z));
	}

	extern inline function Sigma0256(x) {
		return (S(x, 2) ^ S(x, 13) ^ S(x, 22));
	}

	extern inline function Sigma1256(x) {
		return (S(x, 6) ^ S(x, 11) ^ S(x, 25));
	}

	extern inline function Gamma0256(x) {
		return (S(x, 7) ^ S(x, 18) ^ R(x, 3));
	}

	extern inline function Gamma1256(x) {
		return (S(x, 17) ^ S(x, 19) ^ R(x, 10));
	}

	extern inline function safeAdd(x, y) {
		var lsw = (x & 0xFFFF) + (y & 0xFFFF);
		var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
		return (msw << 16) | (lsw & 0xFFFF);
	}

	function hex(a:Array<Int>) {
		var str = "";
		for (num in a) {
			str += StringTools.hex(num, 8);
		}
		return str.toLowerCase();
	}
}