use crate::error::ErrorStack;
use crate::md::MdRef;
use crate::{cvt, cvt_p};
use ffi::HMAC_CTX;
use foreign_types::ForeignTypeRef;
use libc::{c_uint, c_void};
use openssl_macros::corresponds;
use std::convert::TryFrom;
use std::ptr;

/// Computes the HMAC as a one-shot operation.
///
/// Calculates the HMAC of data, using the given |key|
/// and hash function |md|, and returns the result re-using the space from
/// buffer |out|. On entry, |out| must contain at least |EVP_MD_size| bytes
/// of space. The actual length of the result is used to resize the returned
/// slice. An output size of |EVP_MAX_MD_SIZE| will always be large enough.
/// It returns a resized |out| or ErrorStack on error.
#[corresponds(HMAC)]
#[inline]
pub fn hmac<'a>(
    md: &MdRef,
    key: &[u8],
    data: &[u8],
    out: &'a mut [u8],
) -> Result<&'a [u8], ErrorStack> {
    assert!(out.len() >= md.size());
    let mut out_len = c_uint::try_from(out.len()).unwrap();
    unsafe {
        cvt_p(ffi::HMAC(
            md.as_ptr(),
            key.as_ptr() as *const c_void,
            key.len(),
            data.as_ptr(),
            data.len(),
            out.as_mut_ptr(),
            &mut out_len,
        ))?;
    }
    Ok(&out[..out_len as usize])
}

/// A context object used to perform HMAC operations.
///
/// HMAC is a MAC (message authentication code), i.e. a keyed hash function used for message
/// authentication, which is based on a hash function.
///
/// Note: Only available in boringssl. For openssl, use `PKey::hmac` instead.
#[cfg(boringssl)]
pub struct HmacCtx {
    ctx: *mut HMAC_CTX,
    output_size: usize,
}

#[cfg(boringssl)]
impl HmacCtx {
    /// Creates a new [HmacCtx] to use the hash function `md` and key `key`.
    #[corresponds(HMAC_Init_ex)]
    pub fn new(key: &[u8], md: &MdRef) -> Result<Self, ErrorStack> {
        unsafe {
            // Safety: If an error occurred, the resulting null from HMAC_CTX_new is converted into
            // ErrorStack in the returned result by `cvt_p`.
            let ctx = cvt_p(ffi::HMAC_CTX_new())?;
            // Safety:
            // - HMAC_Init_ex must be called with a context previously created with HMAC_CTX_new,
            //   which is the line above.
            // - HMAC_Init_ex may return an error if key is null but the md is different from
            //   before. This is avoided here since key is guaranteed to be non-null.
            cvt(ffi::HMAC_Init_ex(
                ctx,
                key.as_ptr() as *const c_void,
                key.len(),
                md.as_ptr(),
                ptr::null_mut(),
            ))?;
            Ok(Self {
                ctx,
                output_size: md.size(),
            })
        }
    }

    /// `update` can be called repeatedly with chunks of the message `data` to be authenticated.
    #[corresponds(HMAC_Update)]
    pub fn update(&mut self, data: &[u8]) -> Result<(), ErrorStack> {
        unsafe {
            // Safety: HMAC_Update returns 0 on error, and that is converted into ErrorStack in the
            // returned result by `cvt`.
            cvt(ffi::HMAC_Update(self.ctx, data.as_ptr(), data.len())).map(|_| ())
        }
    }

    /// Finishes the HMAC process, and places the message authentication code in `output`.
    /// The number of bytes written to `output` is returned.
    ///
    /// # Panics
    ///
    /// Panics if the `output` is smaller than the required size. The output size is indicated by
    /// `md.size()` for the `Md` instance passed in [new]. An output size of |EVP_MAX_MD_SIZE| will
    /// always be large enough.
    #[corresponds(HMAC_Final)]
    pub fn finalize(&mut self, output: &mut [u8]) -> Result<usize, ErrorStack> {
        assert!(output.len() >= self.output_size);
        unsafe {
            // Safety: The length assertion above makes sure that `HMAC_Final` will not write longer
            // than the length of `output`.
            let mut size: c_uint = 0;
            cvt(ffi::HMAC_Final(
                self.ctx,
                output.as_mut_ptr(),
                &mut size as *mut c_uint,
            ))
            .map(|_| size as usize)
        }
    }
}

impl Drop for HmacCtx {
    #[corresponds(HMAC_CTX_free)]
    fn drop(&mut self) {
        unsafe {
            ffi::HMAC_CTX_free(self.ctx);
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::md::Md;

    const SHA_256_DIGEST_SIZE: usize = 32;

    #[test]
    fn hmac_sha256_test() {
        let expected_hmac = [
            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
            0x2e, 0x32, 0xcf, 0xf7,
        ];
        let mut out: [u8; SHA_256_DIGEST_SIZE] = [0; SHA_256_DIGEST_SIZE];
        let key: [u8; 20] = [0x0b; 20];
        let data = b"Hi There";
        let hmac_result =
            hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
        assert_eq!(&hmac_result, &expected_hmac);
    }

    #[test]
    #[should_panic]
    fn hmac_sha256_output_too_short() {
        let mut out = vec![0_u8; 1];
        let key: [u8; 20] = [0x0b; 20];
        let data = b"Hi There";
        hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
    }

    #[test]
    fn hmac_sha256_test_big_buffer() {
        let expected_hmac = [
            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
            0x2e, 0x32, 0xcf, 0xf7,
        ];
        let mut out: [u8; 100] = [0; 100];
        let key: [u8; 20] = [0x0b; 20];
        let data = b"Hi There";
        let hmac_result =
            hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
        assert_eq!(hmac_result.len(), SHA_256_DIGEST_SIZE);
        assert_eq!(&hmac_result, &expected_hmac);
    }

    #[test]
    fn hmac_sha256_update_test() {
        let expected_hmac = [
            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
            0x2e, 0x32, 0xcf, 0xf7,
        ];
        let mut out: [u8; SHA_256_DIGEST_SIZE] = [0; SHA_256_DIGEST_SIZE];
        let key: [u8; 20] = [0x0b; 20];
        let data = b"Hi There";
        let mut hmac_ctx = HmacCtx::new(&key, Md::sha256()).unwrap();
        hmac_ctx.update(data).unwrap();
        let size = hmac_ctx.finalize(&mut out).unwrap();
        assert_eq!(&out, &expected_hmac);
        assert_eq!(size, SHA_256_DIGEST_SIZE);
    }

    #[test]
    fn hmac_sha256_update_chunks_test() {
        let expected_hmac = [
            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
            0x2e, 0x32, 0xcf, 0xf7,
        ];
        let mut out: [u8; SHA_256_DIGEST_SIZE] = [0; SHA_256_DIGEST_SIZE];
        let key: [u8; 20] = [0x0b; 20];
        let mut hmac_ctx = HmacCtx::new(&key, Md::sha256()).unwrap();
        hmac_ctx.update(b"Hi").unwrap();
        hmac_ctx.update(b" There").unwrap();
        let size = hmac_ctx.finalize(&mut out).unwrap();
        assert_eq!(&out, &expected_hmac);
        assert_eq!(size, SHA_256_DIGEST_SIZE);
    }

    #[test]
    #[should_panic]
    fn hmac_sha256_update_output_too_short() {
        let mut out = vec![0_u8; 1];
        let key: [u8; 20] = [0x0b; 20];
        let mut hmac_ctx = HmacCtx::new(&key, Md::sha256()).unwrap();
        hmac_ctx.update(b"Hi There").unwrap();
        hmac_ctx.finalize(&mut out).unwrap();
    }
}