<?php

namespace PhpZip\IO\Filter\Cipher\WinZipAes;

use PhpZip\Exception\RuntimeException;
use PhpZip\Exception\ZipAuthenticationException;
use PhpZip\Util\CryptoUtil;

/**
 * WinZip Aes Encryption.
 *
 * @see https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT APPENDIX E
 * @see https://www.winzip.com/win/en/aes_info.html
 *
 * @author Ne-Lexa alexey@nelexa.ru
 * @license MIT
 *
 * @internal
 */
class WinZipAesContext
{
    /** @var int AES Block size */
    const BLOCK_SIZE = self::IV_SIZE;

    /** @var int Footer size */
    const FOOTER_SIZE = 10;

    /** @var int The iteration count for the derived keys of the cipher, KLAC and MAC. */
    const ITERATION_COUNT = 1000;

    /** @var int Password verifier size */
    const PASSWORD_VERIFIER_SIZE = 2;

    /** @var int IV size */
    const IV_SIZE = 16;

    /** @var string */
    private $iv;

    /** @var string */
    private $key;

    /** @var \HashContext|resource */
    private $hmacContext;

    /** @var string */
    private $passwordVerifier;

    /**
     * WinZipAesContext constructor.
     *
     * @param int    $encryptionStrengthBits
     * @param string $password
     * @param string $salt
     */
    public function __construct($encryptionStrengthBits, $password, $salt)
    {
        $encryptionStrengthBits = (int) $encryptionStrengthBits;

        if ($password === '') {
            throw new RuntimeException('$password is empty');
        }

        if (empty($salt)) {
            throw new RuntimeException('$salt is empty');
        }

        // WinZip 99-character limit https://sourceforge.net/p/p7zip/discussion/383044/thread/c859a2f0/
        $password = substr($password, 0, 99);

        $this->iv = str_repeat("\0", self::IV_SIZE);
        $keyStrengthBytes = (int) ($encryptionStrengthBits / 8);
        $hashLength = $keyStrengthBytes * 2 + self::PASSWORD_VERIFIER_SIZE * 8;

        $hash = hash_pbkdf2(
            'sha1',
            $password,
            $salt,
            self::ITERATION_COUNT,
            $hashLength,
            true
        );

        $this->key = substr($hash, 0, $keyStrengthBytes);
        $sha1Mac = substr($hash, $keyStrengthBytes, $keyStrengthBytes);
        $this->hmacContext = hash_init('sha1', \HASH_HMAC, $sha1Mac);
        $this->passwordVerifier = substr($hash, 2 * $keyStrengthBytes, self::PASSWORD_VERIFIER_SIZE);
    }

    /**
     * @return string
     */
    public function getPasswordVerifier()
    {
        return $this->passwordVerifier;
    }

    public function updateIv()
    {
        for ($ivCharIndex = 0; $ivCharIndex < self::IV_SIZE; $ivCharIndex++) {
            $ivByte = \ord($this->iv[$ivCharIndex]);

            if (++$ivByte === 256) {
                // overflow, set this one to 0, increment next
                $this->iv[$ivCharIndex] = "\0";
            } else {
                // no overflow, just write incremented number back and abort
                $this->iv[$ivCharIndex] = \chr($ivByte);

                break;
            }
        }
    }

    /**
     * @param string $data
     *
     * @return string
     */
    public function decryption($data)
    {
        hash_update($this->hmacContext, $data);

        return CryptoUtil::decryptAesCtr($data, $this->key, $this->iv);
    }

    /**
     * @param string $data
     *
     * @return string
     */
    public function encrypt($data)
    {
        $encryptionData = CryptoUtil::encryptAesCtr($data, $this->key, $this->iv);
        hash_update($this->hmacContext, $encryptionData);

        return $encryptionData;
    }

    /**
     * @param string $authCode
     *
     * @throws ZipAuthenticationException
     */
    public function checkAuthCode($authCode)
    {
        $hmac = $this->getHmac();

        // check authenticationCode
        if (strcmp($hmac, $authCode) !== 0) {
            throw new ZipAuthenticationException('Authenticated WinZip AES entry content has been tampered with.');
        }
    }

    /**
     * @return string
     */
    public function getHmac()
    {
        return substr(
            hash_final($this->hmacContext, true),
            0,
            self::FOOTER_SIZE
        );
    }
}