//------------------------------------------------------------------------------
// 
//     Copyright (c) Microsoft Corporation.  All rights reserved.
//                                                                 
//------------------------------------------------------------------------------
namespace System.Web.Security.Cryptography {
    using System;
    using System.Runtime.CompilerServices;
    using System.Security.Cryptography;
    using System.Text;
    using System.Web.Util;
    // Contains helper methods for dealing with cryptographic operations.
    internal static class CryptoUtil {
        /// 
        /// Similar to Encoding.UTF8, but throws on invalid bytes. Useful for security routines where we need
        /// strong guarantees that we're always producing valid UTF8 streams.
        /// 
        public static readonly UTF8Encoding SecureUTF8Encoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false, throwOnInvalidBytes: true);
        /// 
        /// Converts a byte array into its hexadecimal representation.
        /// 
        /// The binary byte array.
        /// The hexadecimal (uppercase) equivalent of the byte array.
        public static string BinaryToHex(byte[] data) {
            if (data == null) {
                return null;
            }
            char[] hex = new char[checked(data.Length * 2)];
            for (int i = 0; i < data.Length; i++) {
                byte thisByte = data[i];
                hex[2 * i] = NibbleToHex((byte)(thisByte >> 4)); // high nibble
                hex[2 * i + 1] = NibbleToHex((byte)(thisByte & 0xf)); // low nibble
            }
            return new string(hex);
        }
        // Determines if two buffer instances are equal, e.g. whether they contain the same payload. This method
        // is written in such a manner that it should take the same amount of time to execute regardless of
        // whether the result is success or failure. The modulus operation is intended to make the check take the
        // same amount of time, even if the buffers are of different lengths.
        //
        // !! DO NOT CHANGE THIS METHOD WITHOUT SECURITY 
        [MethodImpl(MethodImplOptions.NoOptimization)]
        public static bool BuffersAreEqual(byte[] buffer1, int buffer1Offset, int buffer1Count, byte[] buffer2, int buffer2Offset, int buffer2Count) {
            Debug.ValidateArrayBounds(buffer1, buffer1Offset, buffer1Count);
            Debug.ValidateArrayBounds(buffer2, buffer2Offset, buffer2Count);
            bool success = (buffer1Count == buffer2Count); // can't possibly be successful if the buffers are of different lengths
            for (int i = 0; i < buffer1Count; i++) {
                success &= (buffer1[buffer1Offset + i] == buffer2[buffer2Offset + (i % buffer2Count)]);
            }
            return success;
        }
        /// 
        /// Computes the SHA256 hash of a given input.
        /// 
        /// The input over which to compute the hash.
        /// The binary hash (32 bytes) of the input.
        public static byte[] ComputeSHA256Hash(byte[] input) {
            return ComputeSHA256Hash(input, 0, input.Length);
        }
        /// 
        /// Computes the SHA256 hash of a given segment in a buffer.
        /// 
        /// The buffer over which to compute the hash.
        /// The offset at which to begin computing the hash.
        /// The number of bytes in the buffer to include in the hash.
        /// The binary hash (32 bytes) of the buffer segment.
        public static byte[] ComputeSHA256Hash(byte[] buffer, int offset, int count) {
            Debug.ValidateArrayBounds(buffer, offset, count);
            using (SHA256 sha256 = CryptoAlgorithms.CreateSHA256()) {
                return sha256.ComputeHash(buffer, offset, count);
            }
        }
        /// 
        /// Returns an IV that's based solely on the contents of a buffer; useful for generating
        /// predictable IVs for ciphertexts that need to be cached. The output value is only
        /// appropriate for use as an IV and must not be used for any other purpose.
        /// 
        /// This method uses an iterated unkeyed SHA256 to calculate the IV.
        /// The input buffer over which to calculate the IV.
        /// The requested length (in bits) of the IV to generate.
        /// The calculated IV.
        public static byte[] CreatePredictableIV(byte[] buffer, int ivBitLength) {
            // Algorithm:
            // T_0 = SHA256(buffer)
            // T_n = SHA256(T_{n-1})
            // output = T_0 || T_1 || ... || T_n (as many blocks as necessary to reach ivBitLength)
            byte[] output = new byte[ivBitLength / 8];
            int bytesCopied = 0;
            int bytesRemaining = output.Length;
            using (SHA256 sha256 = CryptoAlgorithms.CreateSHA256()) {
                while (bytesRemaining > 0) {
                    byte[] hashed = sha256.ComputeHash(buffer);
                    int bytesToCopy = Math.Min(bytesRemaining, hashed.Length);
                    Buffer.BlockCopy(hashed, 0, output, bytesCopied, bytesToCopy);
                    bytesCopied += bytesToCopy;
                    bytesRemaining -= bytesToCopy;
                    buffer = hashed; // next iteration (if it occurs) will operate over the block just hashed
                }
            }
            return output;
        }
        /// 
        /// Converts a hexadecimal string into its binary representation.
        /// 
        /// The hex string.
        /// The byte array corresponding to the contents of the hex string,
        /// or null if the input string is not a valid hex string.
        public static byte[] HexToBinary(string data) {
            if (data == null || data.Length % 2 != 0) {
                // input string length is not evenly divisible by 2
                return null;
            }
            byte[] binary = new byte[data.Length / 2];
            for (int i = 0; i < binary.Length; i++) {
                int highNibble = HttpEncoderUtility.HexToInt(data[2 * i]);
                int lowNibble = HttpEncoderUtility.HexToInt(data[2 * i + 1]);
                if (highNibble == -1 || lowNibble == -1) {
                    return null; // bad hex data
                }
                binary[i] = (byte)((highNibble << 4) | lowNibble);
            }
            return binary;
        }
        // converts a nibble (4 bits) to its uppercase hexadecimal character representation [0-9, A-F]
        private static char NibbleToHex(byte nibble) {
            return (char)((nibble < 10) ? (nibble + '0') : (nibble - 10 + 'A'));
        }
    }
}