| <?php
declare(strict_types=1);
namespace ParagonIE\Halite;
use \ParagonIE\Halite\Alerts as CryptoException;
use \ParagonIE\Halite\{
    Asymmetric\Crypto as AsymmetricCrypto,
    Asymmetric\EncryptionPublicKey,
    Asymmetric\EncryptionSecretKey,
    Asymmetric\SignaturePublicKey,
    Asymmetric\SignatureSecretKey,
    Contract\FileInterface,
    Contract\KeyInterface,
    Contract\StreamInterface,
    Stream\MutableFile,
    Stream\ReadOnlyFile,
    Symmetric\AuthenticationKey,
    Symmetric\EncryptionKey
};
use ParagonIE\Halite\Asymmetric\Crypto;
final class File implements FileInterface
{
    /**
     * Lazy fallthrough method for checksumFile() and checksumResource()
     * 
     * @param string|resource $filepath
     * @param AuthenticationKey $key
     * @param bool $raw
     * @return string
     * @throws CryptoException\InvalidType
     */
    public static function checksum(
        $filepath,
        KeyInterface $key = null,
        $raw = false
    ): string {
        if (\is_resource($filepath) || \is_string($filepath)) {
            return self::checksumStream(
                new ReadOnlyFile($filepath),
                $key,
                $raw
            );
        }
        throw new CryptoException\InvalidType(
            'Argument 1: Expected a filename or resource'
        );
    }
    
    /**
     * Lazy fallthrough method for encryptFile() and encryptResource()
     * 
     * @param string|resource $input
     * @param string|resource $output
     * @param EncryptionKey $key
     * @return int
     * @throws CryptoException\InvalidType
     */
    public static function encrypt(
        $input,
        $output,
        EncryptionKey $key
    ): int {
        if (
            \is_resource($input) ||
            \is_resource($output) ||
            \is_string($input) ||
            \is_string($output)
        ) {
            return self::encryptStream(
                new ReadOnlyFile($input),
                new MutableFile($output),
                $key
            );
        }
        throw new CryptoException\InvalidType(
            'Argument 1: Expected a filename or resource'
        );
    }
    
    /**
     * Lazy fallthrough method for decryptFile() and decryptResource()
     * 
     * @param string|resource $input
     * @param string|resource $output
     * @param EncryptionKey $key
     * @return bool
     * @throws CryptoException\InvalidType
     */
    public static function decrypt(
        $input,
        $output,
        EncryptionKey $key
    ): bool {
        if (
            \is_resource($input) ||
            \is_resource($output) ||
            \is_string($input) ||
            \is_string($output)
        ) {
            try {
                $readOnly = new ReadOnlyFile($input);
                $mutable = new MutableFile($output);
                return self::decryptStream(
                    $readOnly,
                    $mutable,
                    $key
                );
            } catch (CryptoException\HaliteAlert $ex) {
                $readOnly->close();
                $mutable->close();
                throw $ex;
            }
        }
        throw new CryptoException\InvalidType(
            'Strings or file handles expected'
        );
    }
    /**
     * Lazy fallthrough method for sealFile() and sealResource()
     *
     * @param string|resource $input
     * @param string|resource $output
     * @param EncryptionPublicKey $publickey
     * @return int Number of bytes written
     * @throws Alerts\InvalidType
     */
    public static function seal(
        $input,
        $output,
        EncryptionPublicKey $publickey
    ): int {
        if (
            \is_resource($input) ||
            \is_resource($output) ||
            \is_string($input) ||
            \is_string($output)
        ) {
            return self::sealStream(
                new ReadOnlyFile($input),
                new MutableFile($output),
                $publickey
            );
        }
        throw new CryptoException\InvalidType(
            'Argument 1: Expected a filename or resource'
        );
    }
    
    /**
     * Lazy fallthrough method for sealFile() and sealResource()
     * 
     * @param string|resource $input
     * @param string|resource $output
     * @param EncryptionSecretKey $secretkey
     * @return bool TRUE on success
     * @throws CryptoException\InvalidType
     */
    public static function unseal(
        $input,
        $output,
        EncryptionSecretKey $secretkey
    ): bool {
        if (
            \is_resource($input) ||
            \is_resource($output) ||
            \is_string($input) ||
            \is_string($output)
        ) {
            try {
                $readOnly = new ReadOnlyFile($input);
                $mutable = new MutableFile($output);
                return self::unsealStream(
                    $readOnly,
                    $mutable,
                    $secretkey
                );
            } catch (CryptoException\HaliteAlert $ex) {
                $readOnly->close();
                $mutable->close();
                throw $ex;
            }
        }
        throw new CryptoException\InvalidType(
            'Argument 1: Expected a filename or resource'
        );
    }
    
    /**
     * Lazy fallthrough method for signFile() and signResource()
     * 
     * @param string|resource $filename
     * @param SignatureSecretKey $secretkey
     * @param bool $raw_binary
     * @return string
     * @throws Alerts\InvalidType
     */
    public static function sign(
        $filename,
        SignatureSecretKey $secretkey,
        bool $raw_binary = false
    ): string {
        if (
            \is_resource($filename) ||
            \is_string($filename)
        ) {
            return self::signStream(
                new ReadOnlyFile($filename),
                $secretkey,
                $raw_binary
            );
        }
        throw new CryptoException\InvalidType(
            'Argument 1: Expected a filename or resource'
        );
    }
    
    /**
     * Lazy fallthrough method for verifyFile() and verifyResource()
     * 
     * @param string|resource $filename
     * @param SignaturePublicKey $publickey
     * @param string $signature
     * @param bool $raw_binary
     * 
     * @return string
     * @throws Alerts\InvalidType
     */
    public static function verify(
        $filename,
        SignaturePublicKey $publickey,
        string $signature,
        bool $raw_binary = false
    ): bool {
        if (
            \is_resource($filename) ||
            \is_string($filename)
        ) {
            return self::verifyStream(
                new ReadOnlyFile($filename),
                $publickey,
                $signature,
                $raw_binary
            );
        }
        throw new CryptoException\InvalidType(
            'Argument 1: Expected a filename or resource'
        );
    }
    /**
     * Calculate a checksum (derived from BLAKE2b) of a file, by filename
     *
     * @param string $filepath The file you'd like to checksum
     * @param Key $key An optional key to use in the BLAKE2b hash
     * @param bool $raw Set to true if you don't want hex
     * @return string
     * @throws Alerts\FileAccessDenied
     */
    protected static function checksumFile(
        string $filepath,
        Key $key = null,
        bool $raw = false
    ): string {
        if (!is_readable($filepath)) {
            throw new CryptoException\FileAccessDenied(
                'Could not read the file'
            );
        }
        $fp = \fopen($filepath, 'rb');
        if ($fp === false) {
            throw new CryptoException\FileAccessDenied(
                'Could not read the file'
            );
        }
        try {
            $checksum = self::checksumResource($fp, $key, $raw);
        } catch (CryptoException\HaliteAlert $e) {
            \fclose($fp);
            throw $e;
        }
        \fclose($fp);
        return $checksum;
    }
    
    
    /**
     * Calculate a checksum (derived from BLAKE2b) of a file handle
     * 
     * @param string $fileHandle The file you'd like to checksum
     * @param Key $key An optional key to use in the BLAKE2b hash
     * @param bool $raw Set to true if you don't want hex
     * 
     * @return string
     * @throws Alerts\InvalidType
     */
    protected static function checksumResource(
        $fileHandle,
        Key $key = null,
        bool $raw = false
    ): string {
        // Input validation
        if (!\is_resource($fileHandle)) {
            throw new CryptoException\InvalidType(
                'Expected input handle to be a resource'
            );
        }
        
        return self::checksumStream(
            new ReadOnlyFile($fileHandle),
            $key,
            $raw
        );
    }
    /**
     * Calculate the BLAKE2b checksum of an entire stream
     *
     * @param StreamInterface $fileStream
     * @param Key $key
     * @param bool $raw
     * @return string
     * @throws CryptoException\InvalidKey
     */
    protected static function checksumStream(
        StreamInterface $fileStream,
        Key $key = null,
        bool $raw = false
    ): string {
        $config = self::getConfig(
            Halite::HALITE_VERSION_FILE,
            'checksum'
        );
        if ($key instanceof AuthenticationKey) {
            $state = \Sodium\crypto_generichash_init(
                $key->get(),
                $config->HASH_LEN
            );
        } elseif($config->CHECKSUM_PUBKEY && $key instanceof SignaturePublicKey) {
            // In version 2, we use the public key as a hash key
            $state = \Sodium\crypto_generichash_init(
                $key->get(),
                $config->HASH_LEN
            );
        } elseif (isset($key)) {
            throw new CryptoException\InvalidKey(
                'Argument 2: Expected an instance of AuthenticationKey'
            );
        } else {
            $state = \Sodium\crypto_generichash_init(
                '',
                $config->HASH_LEN
            );
        }
        $size = $fileStream->getSize();
        while ($fileStream->remainingBytes() > 0) {
            $read = $fileStream->readBytes(
                // Don't go past the file size even if $config->BUFFER is not an even multiple of it:
                ($fileStream->getPos() + $config->BUFFER) > $size
                    ? ($size - $fileStream->getPos())
                    : $config->BUFFER
            );
            \Sodium\crypto_generichash_update($state, $read);
        }
        if ($raw) {
            return \Sodium\crypto_generichash_final($state, $config->HASH_LEN);
        }
        return \Sodium\bin2hex(
            \Sodium\crypto_generichash_final($state, $config->HASH_LEN)
        );
    }
    /**
     * Encrypt a file with a symmetric key
     * 
     * @param string $inputFile
     * @param string $outputFile
     * @param EncryptionKey $key
     * @return int
     * @throws CryptoException\FileAccessDenied
     * @throws CryptoException\HaliteAlert
     */
    protected static function encryptFile(
        string $inputFile,
        string $outputFile,
        EncryptionKey $key
    ): int {
        if (!\is_readable($inputFile)) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        if (!\is_writable($outputFile)) {
            throw new CryptoException\FileAccessDenied(
                'Could not write to the file'
            );
        }
        $inputHandle = \fopen($inputFile, 'rb');
        if ($inputHandle === false) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        $outputHandle = \fopen($outputFile, 'wb');
        if ($outputHandle === false) {
            \fclose($inputHandle);
            throw new CryptoException\FileAccessDenied(
                'Could not write to the file'
            );
        }
        
        try {
            $result = self::encryptResource(
                $inputHandle,
                $outputHandle,
                $key
            );
            \fclose($inputHandle);
            \fclose($outputHandle);
            return $result;
        } catch (CryptoException\HaliteAlert $e) {
            \fclose($inputHandle);
            \fclose($outputHandle);
            
            // Rethrow the exception:
            throw $e;
        }
    }
    
    /**
     * Decrypt a file with a symmetric key
     * 
     * @param string $inputFile
     * @param string $outputFile
     * @param EncryptionKey $key
     * @return bool
     *
     * @throws CryptoException\FileAccessDenied
     * @throws CryptoException\HaliteAlert
     */
    protected static function decryptFile(
        string $inputFile,
        string $outputFile,
        EncryptionKey $key
    ): bool {
        if (!\is_readable($inputFile)) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        if (!\is_writable($outputFile)) {
            throw new CryptoException\FileAccessDenied(
                'Could not write to the file'
            );
        }
        $inputHandle = \fopen($inputFile, 'rb');
        if ($inputHandle === false) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        $outputHandle = \fopen($outputFile, 'wb');
        if ($outputHandle === false) {
            \fclose($inputHandle);
            throw new CryptoException\FileAccessDenied(
                'Could not write to the file'
            );
        }
        
        try {
            $result = self::decryptResource(
                $inputHandle,
                $outputHandle,
                $key
            );
            \fclose($inputHandle);
            \fclose($outputHandle);
            return $result;
        } catch (CryptoException\HaliteAlert $e) {
            \fclose($inputHandle);
            \fclose($outputHandle);
            
            // Rethrow the exception:
            throw $e;
        }
    }
    
    /**
     * Encrypt a file with a public key
     * 
     * @param string $inputFile
     * @param string $outputFile
     * @param EncryptionPublicKey $publickey
     * @return int
     * @throws CryptoException\FileAccessDenied
     * @throws CryptoException\HaliteAlert
     */
    protected static function sealFile(
        string $inputFile,
        string $outputFile,
        EncryptionPublicKey $publickey
    ): int {
        if (!\is_readable($inputFile)) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        if (!\is_writable($outputFile)) {
            throw new CryptoException\FileAccessDenied(
                'Could not write to the file'
            );
        }
        $inputHandle = \fopen($inputFile, 'rb');
        if ($inputHandle === false) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        $outputHandle = \fopen($outputFile, 'wb');
        if ($outputHandle === false) {
            \fclose($inputHandle);
            throw new CryptoException\FileAccessDenied(
                'Could not write to the file'
            );
        }
        
        try {
            $return = self::sealResource(
                $inputHandle,
                $outputHandle,
                $publickey
            );
            \fclose($inputHandle);
            \fclose($outputHandle);
            return $return;
        } catch (CryptoException\HaliteAlert $e) {
            \fclose($inputHandle);
            \fclose($outputHandle);
            
            // Rethrow the exception:
            throw $e;
        }
    }
    
    /**
     * Decrypt a file with a private key
     * 
     * @param string $inputFile
     * @param string $outputFile
     * @param EncryptionSecretKey $secretkey
     * @return bool
     * @throws CryptoException\FileAccessDenied
     * @throws CryptoException\HaliteAlert
     */
    protected static function unsealFile(
        string $inputFile,
        string $outputFile,
        EncryptionSecretKey $secretkey
    ): bool {
        if (!\is_readable($inputFile)) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        if (!\is_writable($outputFile)) {
            throw new CryptoException\FileAccessDenied(
                'Could not write to the file'
            );
        }
        $inputHandle = \fopen($inputFile, 'rb');
        if ($inputHandle === false) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        $outputHandle = \fopen($outputFile, 'wb');
        if ($outputHandle === false) {
            \fclose($inputHandle);
            throw new CryptoException\FileAccessDenied(
                'Could not write to the file'
            );
        }
        
        try {
            $return = self::unsealResource(
                $inputHandle,
                $outputHandle,
                $secretkey
            );
            
            \fclose($inputHandle);
            \fclose($outputHandle);
            return $return;
        } catch (CryptoException\HaliteAlert $e) {
            \fclose($inputHandle);
            \fclose($outputHandle);
            
            // Rethrow the exception:
            throw $e;
        }
    }
    
    /**
     * Signs a file
     * 
     * @param string $filename
     * @param SignatureSecretKey $secretkey
     * @param bool $raw_binary
     * @return string
     * @throws CryptoException\FileAccessDenied
     * @throws CryptoException\HaliteAlert
     */
    protected static function signFile(
        string $filename,
        SignatureSecretKey $secretkey,
        bool $raw_binary = false
    ): string {
        
        if (!\is_readable($filename)) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        $inputHandle = \fopen($filename, 'rb');
        if ($inputHandle === false) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        
        try {
            $return = self::signResource(
                $inputHandle,
                $secretkey,
                $raw_binary
            );
            \fclose($inputHandle);
            return $return;
        } catch (CryptoException\HaliteAlert $e) {
            \fclose($inputHandle);
            // Rethrow the exception:
            throw $e;
        }
    }
    
    /**
     * Verifies a file
     * 
     * @param string $filename
     * @param SignaturePublicKey $publickey
     * @param string $signature
     * @return bool
     * @throws CryptoException\FileAccessDenied
     * @throws CryptoException\HaliteAlert
     */
    protected static function verifyFile(
        string $filename,
        SignaturePublicKey $publickey,
        string $signature,
        bool $raw_binary = false
    ): bool {
        
        if (!\is_readable($filename)) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        $inputHandle = \fopen($filename, 'rb');
        if ($inputHandle === false) {
            throw new CryptoException\FileAccessDenied(
                'Could not read from the file'
            );
        }
        
        try {
            $return = self::verifyResource(
                $inputHandle,
                $publickey,
                $signature,
                $raw_binary
            );
            \fclose($inputHandle);
            return $return;
        } catch (CryptoException\HaliteAlert $e) {
            \fclose($inputHandle);
            // Rethrow the exception:
            throw $e;
        }
    }
    
    /**
     * Encrypt a (file handle)
     * 
     * @param $input
     * @param $output
     * @param EncryptionKey $key
     * @return int
     * @throws CryptoException\InvalidType
     */
    protected static function encryptResource(
        $input,
        $output,
        EncryptionKey $key
    ): int {
        // Input validation
        if (!\is_resource($input)) {
            throw new \ParagonIE\Halite\Alerts\InvalidType(
                'Expected input handle to be a resource'
            );
        }
        if (!\is_resource($output)) {
            throw new \ParagonIE\Halite\Alerts\InvalidType(
                'Expected output handle to be a resource'
            );
        }
        return self::encryptStream(
            new ReadOnlyFile($input),
            new MutableFile($output),
            $key
        );
    }
    
    /**
     * Encrypt a (file handle)
     * 
     * @param $input
     * @param $output
     * @param EncryptionKey $key
     */
    protected static function encryptStream(
        ReadOnlyFile $input,
        MutableFile $output,
        EncryptionKey $key
    ): int {
        $config = self::getConfig(Halite::HALITE_VERSION_FILE, 'encrypt');
        
        // Generate a nonce and HKDF salt
        $firstnonce = \Sodium\randombytes_buf($config->NONCE_BYTES);
        $hkdfsalt = \Sodium\randombytes_buf($config->HKDF_SALT_LEN);
        
        // Let's split our key
        list ($encKey, $authKey) = self::splitKeys($key, $hkdfsalt, $config);
        $mac = \hash_init('sha256', HASH_HMAC, $authKey);
        // We no longer need $authKey after we set up the hash context
        unset($authKey);
        
        // Write the header
        $output->writeBytes(Halite::HALITE_VERSION_FILE, Halite::VERSION_TAG_LEN);
        $output->writeBytes($firstnonce, \Sodium\CRYPTO_STREAM_NONCEBYTES);
        $output->writeBytes($hkdfsalt, $config->HKDF_SALT_LEN);
        
        \hash_update($mac, Halite::HALITE_VERSION_FILE);
        \hash_update($mac, $firstnonce);
        \hash_update($mac, $hkdfsalt);
        
        return self::streamEncrypt(
            $input,
            $output,
            new EncryptionKey($encKey),
            $firstnonce,
            $mac,
            $config
        );
    }
    /**
     * Decrypt a (file handle)
     *
     * @param $input
     * @param $output
     * @param EncryptionKey $key
     * @return bool
     * @throws CryptoException\InvalidType
     */
    protected static function decryptResource(
        $input,
        $output,
        EncryptionKey $key
    ): bool {
        // Input validation
        if (!\is_resource($input)) {
            throw new CryptoException\InvalidType(
                'Expected input handle to be a resource'
            );
        }
        if (!\is_resource($output)) {
            throw new CryptoException\InvalidType(
                'Expected output handle to be a resource'
            );
        }
        return self::decryptStream(
            new ReadOnlyFile($input),
            new MutableFile($output),
            $key
        );
    }
    
    /**
     * Decrypt a (file handle)
     * 
     * @param $input
     * @param $output
     * @param EncryptionKey $key
     * @return bool
     */
    protected static function decryptStream(
        ReadOnlyFile $input,
        MutableFile $output,
        EncryptionKey $key
    ): bool {
        $input->reset(0);
        // Parse the header, ensuring we get 4 bytes
        $header = $input->readBytes(Halite::VERSION_TAG_LEN);
        
        // Load the config
        $config = self::getConfig($header, 'encrypt');
        
        // Let's grab the first nonce and salt
        $firstnonce = $input->readBytes($config->NONCE_BYTES);
        $hkdfsalt = $input->readBytes($config->HKDF_SALT_LEN);
        
        // Split our keys, begin the HMAC instance
        list ($encKey, $authKey) = self::splitKeys($key, $hkdfsalt, $config);
        $mac = \hash_init('sha256', HASH_HMAC, $authKey);
        
        \hash_update($mac, $header);
        \hash_update($mac, $firstnonce);
        \hash_update($mac, $hkdfsalt);
        
        // This will throw an exception if it fails.
        $old_macs = self::streamVerify($input, \hash_copy($mac), $config);
        
        $ret = self::streamDecrypt(
            $input,
            $output,
            new EncryptionKey($encKey),
            $firstnonce,
            $mac,
            $config,
            $old_macs
        );
        
        unset($encKey);
        unset($authKey);
        unset($firstnonce);
        unset($mac);
        unset($config);
        unset($old_macs);
        return $ret;
    }
    
    /**
     * Seal a (file handle)
     * 
     * @param $input
     * @param $output
     * @param EncryptionPublicKey $publickey
     * @return int
     * @throws CryptoException\InvalidType
     */
    protected static function sealResource(
        $input,
        $output,
        EncryptionPublicKey $publickey
    ): int {
        // Input validation
        if (!\is_resource($input)) {
            throw new CryptoException\InvalidType(
                'Expected input handle to be a resource'
            );
        }
        if (!\is_resource($output)) {
            throw new CryptoException\InvalidType(
                'Expected output handle to be a resource'
            );
        }
        return self::sealStream(
            new ReadOnlyFile($input),
            new MutableFile($output),
            $publickey
        );
    }
    
    /**
     * Seal a (file handle)
     * 
     * @param ReadOnlyFile $input
     * @param MutableFile $output
     * @param EncryptionPublicKey $publickey
     * @return int
     */
    protected static function sealStream(
        ReadOnlyFile $input,
        MutableFile $output,
        EncryptionPublicKey $publickey
    ): int {
        // Generate a new keypair for this encryption
        $eph_kp = KeyFactory::generateEncryptionKeyPair();
            $eph_secret = $eph_kp->getSecretKey();
            $eph_public = $eph_kp->getPublicKey();
        unset($eph_kp);
        
        // Calculate the shared secret key
        $key = AsymmetricCrypto::getSharedSecret($eph_secret, $publickey, true);
        
        // Destroy the secre tkey after we have the shared secret
        unset($eph_secret);
        $config = self::getConfig(Halite::HALITE_VERSION_FILE, 'seal');
        
        // Generate a nonce as per crypto_box_seal
        $nonce = \Sodium\crypto_generichash(
            $eph_public->get().$publickey->get(),
            '',
            \Sodium\CRYPTO_STREAM_NONCEBYTES
        );
        
        // Generate a random HKDF salt
        $hkdfsalt = \Sodium\randombytes_buf($config->HKDF_SALT_LEN);
        
        // Split the keys
        list ($encKey, $authKey) = self::splitKeys($key, $hkdfsalt, $config);
        
        // We no longer need the original key after we split it
        unset($key);
        
        $mac = \hash_init('sha256', HASH_HMAC, $authKey);
        // We no longer need to retain this after we've set up the hash context
        unset($authKey);
        
        $output->writeBytes(Halite::HALITE_VERSION_FILE, Halite::VERSION_TAG_LEN);
        $output->writeBytes($eph_public->get(), \Sodium\CRYPTO_BOX_PUBLICKEYBYTES);
        $output->writeBytes($hkdfsalt, $config->HKDF_SALT_LEN);
        
        \hash_update($mac, Halite::HALITE_VERSION_FILE);
        \hash_update($mac, $eph_public->get());
        \hash_update($mac, $hkdfsalt);
        
        unset($eph_public);
        
        return self::streamEncrypt(
            $input,
            $output,
            new EncryptionKey($encKey),
            $nonce,
            $mac,
            $config
        );
    }
    
    /**
     * Unseal a (file handle)
     * 
     * @param $input
     * @param $output
     * @param EncryptionSecretKey $secretkey
     * @return bool
     * @throws CryptoException\InvalidType
     */
    protected static function unsealResource(
        $input,
        $output,
        EncryptionSecretKey $secretkey
    ): bool {
        // Input validation
        if (!\is_resource($input)) {
            throw new CryptoException\InvalidType(
                'Expected input handle to be a resource'
            );
        }
        if (!\is_resource($output)) {
            throw new CryptoException\InvalidType(
                'Expected output handle to be a resource'
            );
        }
        return self::unsealStream(
            new ReadOnlyFile($input),
            new MutableFile($output),
            $secretkey
        );
    }
    
    /**
     * Unseal a (file handle)
     * 
     * @param ReadOnlyFile $input
     * @param MutableFile $output
     * @param EncryptionSecretKey $secretkey
     *
     * @return bool
     * @throws CryptoException\InvalidKey
     */
    protected static function unsealStream(
        ReadOnlyFile $input,
        MutableFile $output,
        EncryptionSecretKey $secretkey
    ): bool {
        $secret_key = $secretkey->get();
        $public_key = \Sodium\crypto_box_publickey_from_secretkey($secret_key);
        
        // Parse the header, ensuring we get 4 bytes
        $header = $input->readBytes(Halite::VERSION_TAG_LEN);
        // Load the config
        $config = self::getConfig($header, 'seal');
        // Let's grab the public key and salt
        $eph_public = $input->readBytes($config->PUBLICKEY_BYTES);
        $hkdfsalt = $input->readBytes($config->HKDF_SALT_LEN);
        
        $nonce = \Sodium\crypto_generichash(
            $eph_public . $public_key,
            '',
            \Sodium\CRYPTO_STREAM_NONCEBYTES
        );
        
        $ephemeral = new EncryptionPublicKey($eph_public);
        
        $key = AsymmetricCrypto::getSharedSecret(
            $secretkey, 
            $ephemeral,
            true
        );
        list ($encKey, $authKey) = self::splitKeys($key, $hkdfsalt, $config);
        // We no longer need the original key after we split it
        unset($key);
        
        $mac = \hash_init('sha256', HASH_HMAC, $authKey);
        
        \hash_update($mac, $header);
        \hash_update($mac, $eph_public);
        \hash_update($mac, $hkdfsalt);
        
        // This will throw an exception if it fails.
        $old_macs = self::streamVerify($input, \hash_copy($mac), $config);
        
        $ret = self::streamDecrypt(
            $input,
            $output,
            new EncryptionKey($encKey),
            $nonce,
            $mac,
            $config,
            $old_macs
        );
        
        unset($encKey);
        unset($authKey);
        unset($nonce);
        unset($mac);
        unset($config);
        unset($old_macs);
        return $ret;
    }
    
    /**
     * Sign the contents of a file
     * 
     * @param $input (file handle)
     * @param SignatureSecretKey $secretkey
     * @param bool $raw_binary Don't hex encode?
     */
    protected static function signResource(
        $input,
        SignatureSecretKey $secretkey,
        bool $raw_binary = false
    ): string {
        return self::signStream(
            new ReadOnlyFile($input),
            $secretkey,
            $raw_binary
        );
    }
    
    /**
     * Sign the contents of a file
     * 
     * @param ReadOnlyFile $input
     * @param SignatureSecretKey $secretkey
     * @param bool $raw_binary Don't hex encode?
     * @return string
     * @throws CryptoException\InvalidKey
     */
    protected static function signStream(
        ReadOnlyFile $input,
        SignatureSecretKey $secretkey,
        bool $raw_binary = false
    ): string {
        if (!($secretkey instanceof SignatureSecretKey)) {
            throw new CryptoException\InvalidKey(
                'Argument 1: Expected an instance of SignatureSecretKey'
            );
        }
        $csum = self::checksumStream(
            $input,
            $secretkey->derivePublicKey(),
            true
        );
        return AsymmetricCrypto::sign($csum, $secretkey, $raw_binary);
    }
    
    /**
     * Verify the contents of a file
     * 
     * @param $input (file handle)
     * @param SignaturePublicKey $publickey
     * @param string $signature
     * @param bool $raw_binary Don't hex encode?
     * 
     * @return bool
     */
    protected static function verifyResource(
        $input,
        SignaturePublicKey $publickey,
        string $signature,
        bool $raw_binary = false
    ): bool {
        return self::verifyStream(
            new ReadOnlyFile($input),
            $publickey,
            $signature,
            $raw_binary
        );
    }
    /**
     * Verify the contents of a file
     * 
     * @param $input (file handle)
     * @param SignaturePublicKey $publickey
     * @param string $signature
     * @param bool $raw_binary Don't hex encode?
     * 
     * @return bool
     */
    protected static function verifyStream(
        ReadOnlyFile $input,
        SignaturePublicKey $publickey,
        string $signature,
        bool $raw_binary = false
    ): bool {
        $csum = self::checksumStream($input, $publickey, true);
        return AsymmetricCrypto::verify(
            $csum,
            $publickey,
            $signature,
            $raw_binary
        );
    }
    
    /**
     * Get the configuration
     * 
     * @param string $header
     * @param string $mode
     * @return Config
     * @throws CryptoException\InvalidMessage
     */
    protected static function getConfig(
        string $header,
        string $mode = 'encrypt'
    ): Config {
        if (\ord($header[0]) !== 49 || \ord($header[1]) !== 65) {
            throw new CryptoException\InvalidMessage(
                'Invalid version tag'
            );
        }
        $major = \ord($header[2]);
        $minor = \ord($header[3]);
        if ($mode === 'encrypt') {
            return new Config(
                self::getConfigEncrypt($major, $minor)
            );
        } elseif ($mode === 'seal') {
            return new Config(
                self::getConfigSeal($major, $minor)
            );
        } elseif ($mode === 'checksum') {
            return new Config(
                self::getConfigChecksum($major, $minor)
            );
        }
    }
    
    /**
     * Get the configuration for encrypt operations
     * 
     * @param int $major
     * @param int $minor
     * @return array
     * @throws CryptoException\InvalidMessage
     */
    protected static function getConfigEncrypt(int $major, int $minor): array
    {
        if ($major === 1) {
            switch ($minor) {
                case 0:
                    return [
                        'BUFFER' => 1048576,
                        'NONCE_BYTES' => \Sodium\CRYPTO_STREAM_NONCEBYTES,
                        'HKDF_SALT_LEN' => 32,
                        'MAC_SIZE' => 32,
                        'HKDF_SBOX' => 'Halite|EncryptionKey',
                        'HKDF_AUTH' => 'AuthenticationKeyFor_|Halite'
                    ];
            }
        } elseif ($major === 2) {
            switch ($minor) {
                case 0:
                    return [
                        'BUFFER' => 1048576,
                        'NONCE_BYTES' => \Sodium\CRYPTO_STREAM_NONCEBYTES,
                        'HKDF_SALT_LEN' => 32,
                        'MAC_SIZE' => 32,
                        'HKDF_SBOX' => 'Halite|EncryptionKey',
                        'HKDF_AUTH' => 'AuthenticationKeyFor_|Halite'
                    ];
            }
        }
        throw new CryptoException\InvalidMessage(
            'Invalid version tag'
        );
    }
    
    /**
     * Get the configuration for seal operations
     * 
     * @param int $major
     * @param int $minor
     * @return array
     * @throws CryptoException\InvalidMessage
     */
    protected static function getConfigSeal(int $major, int $minor): array
    {
        if ($major === 1) {
            switch ($minor) {
                case 0:
                    return [
                        'BUFFER' => 1048576,
                        'HKDF_SALT_LEN' => 32,
                        'MAC_SIZE' => 32,
                        'PUBLICKEY_BYTES' => \Sodium\CRYPTO_BOX_PUBLICKEYBYTES,
                        'HKDF_SBOX' => 'Halite|EncryptionKey',
                        'HKDF_AUTH' => 'AuthenticationKeyFor_|Halite'
                    ];
            }
        } elseif ($major === 2) {
            switch ($minor) {
                case 0:
                    return [
                        'BUFFER' => 1048576,
                        'HKDF_SALT_LEN' => 32,
                        'MAC_SIZE' => 32,
                        'PUBLICKEY_BYTES' => \Sodium\CRYPTO_BOX_PUBLICKEYBYTES,
                        'HKDF_SBOX' => 'Halite|EncryptionKey',
                        'HKDF_AUTH' => 'AuthenticationKeyFor_|Halite'
                    ];
            }
        }
        throw new CryptoException\InvalidMessage(
            'Invalid version tag'
        );
    }
    
    /**
     * Get the configuration for encrypt operations
     * 
     * @param int $major
     * @param int $minor
     * @return array
     * @throws CryptoException\InvalidMessage
     */
    protected static function getConfigChecksum(int $major, int $minor): array
    {
        if ($major === 1) {
            switch ($minor) {
                case 0:
                    return [
                        'CHECKSUM_PUBKEY' => false,
                        'BUFFER' => 1048576,
                        'HASH_LEN' => \Sodium\CRYPTO_GENERICHASH_BYTES_MAX
                    ];
            }
        } elseif ($major === 2) {
            switch ($minor) {
                case 0:
                    return [
                        'CHECKSUM_PUBKEY' => true,
                        'BUFFER' => 1048576,
                        'HASH_LEN' => \Sodium\CRYPTO_GENERICHASH_BYTES_MAX
                    ];
            }
        }
        throw new CryptoException\InvalidMessage(
            'Invalid version tag'
        );
    }
    
    /**
     * Split a key using HKDF
     * 
     * @param KeyInterface $master
     * @param string $salt
     * @param Config $config
     * @return string[]
     */
    protected static function splitKeys(
        KeyInterface $master,
        string $salt = '',
        Config $config = null
    ): array {
        $binary = $master->get();
        return [
            Util::hkdfBlake2b(
                $binary,
                \Sodium\CRYPTO_SECRETBOX_KEYBYTES,
                $config->HKDF_SBOX,
                $salt
            ),
            Util::hkdfBlake2b(
                $binary,
                \Sodium\CRYPTO_AUTH_KEYBYTES,
                $config->HKDF_AUTH,
                $salt
            )
        ];
    }
    
    /**
     * Stream encryption - Do not call directly
     * 
     * @param ReadOnlyFile $input
     * @param MutableFile $output
     * @param EncryptionKey $encKey
     * @param string $nonce
     * @param resource $mac (hash context)
     * @param Config $config
     * @return int
     * @throws CryptoException\AccessDenied
     * @throws CryptoException\FileModified
     * @throws CryptoException\InvalidKey
     */
    final private static function streamEncrypt(
        ReadOnlyFile $input,
        MutableFile $output,
        EncryptionKey $encKey,
        string $nonce,
        $mac,
        Config $config
    ): int {
        $initHash = $input->getHash();
        // Begin the streaming decryption
        $size = $input->getSize();
        while ($input->remainingBytes() > 0) {
            $read = $input->readBytes(
                ($input->getPos() + $config->BUFFER) > $size
                    ? ($size - $input->getPos())
                    : $config->BUFFER
            );
            
            $encrypted = \Sodium\crypto_stream_xor(
                $read,
                $nonce,
                $encKey->get()
            );
            \hash_update($mac, $encrypted);
            $output->writeBytes($encrypted);
            \Sodium\increment($nonce);
        }
        \Sodium\memzero($nonce);
        // Check that our input file was not modified before we MAC it
        if (!\hash_equals($input->gethash(), $initHash)) {
            throw new CryptoException\FileModified(
                'Read-only file has been modified since it was opened for reading'
            );
        }
        return $output->writeBytes(
            \hash_final($mac, true)
        );
    }
    
    /**
     * Stream decryption - Do not call directly
     * 
     * @param ReadOnlyFile $input
     * @param MutableFile $output
     * @param Key $encKey
     * @param string $nonce
     * @param resource $mac (hash context)
     * @param Config $config
     * @return bool
     * @throws CryptoException\AccessDenied
     * @throws CryptoException\CannotPerformOperation
     * @throws CryptoException\FileModified
     * @throws CryptoException\InvalidKey
     * @throws CryptoException\InvalidMessage
     */
    final private static function streamDecrypt(
        ReadOnlyFile $input,
        MutableFile $output,
        EncryptionKey $encKey,
        string $nonce,
        $mac,
        Config $config,
        array &$chunk_macs
    ): bool {
        $start = $input->getPos();
        $cipher_end = $input->getSize() - $config->MAC_SIZE;
        // Begin the streaming decryption
        $input->reset($start);
        
        while ($input->remainingBytes() > $config->MAC_SIZE) {
            if (($input->getPos() + $config->BUFFER) > $cipher_end) {
                $read = $input->readBytes(
                    $cipher_end - $input->getPos()
                );
            } else {
                $read = $input->readBytes($config->BUFFER);
            }
            \hash_update($mac, $read);
            $calcMAC = \hash_copy($mac);
            if ($calcMAC === false) {
                throw new CryptoException\CannotPerformOperation(
                    'An unknown error has occurred'
                );
            }
            $calc = \hash_final($calcMAC, true);
            
            if (empty($chunk_macs)) {
                throw new CryptoException\InvalidMessage(
                    'Invalid message authentication code'
                );
            } else {
                $chkmac = \array_shift($chunk_macs);
                if (!\hash_equals($chkmac, $calc)) {
                    throw new CryptoException\InvalidMessage(
                        'Invalid message authentication code'
                    );
                }
            }
            
            $decrypted = \Sodium\crypto_stream_xor(
                $read,
                $nonce,
                $encKey->get()
            );
            $output->writeBytes($decrypted);
            \Sodium\increment($nonce);
        }
        \Sodium\memzero($nonce);
        return true;
    }
    
    /**
     * Recalculate and verify the HMAC of the input file
     * 
     * @param resource $input
     * @param resource $mac (hash context)
     * @param Config $config
     * 
     * @return array Hashes of various chunks
     * @throws CryptoException\CannotPerformOperation
     * @throws CryptoException\InvalidMessage
     */
    final private static function streamVerify(
        ReadOnlyFile $input,
        $mac,
        Config $config
    ): array {
        $start = $input->getPos();
        
        $cipher_end = $input->getSize() - $config->MAC_SIZE;
        $input->reset($cipher_end);
        $stored_mac = $input->readBytes($config->MAC_SIZE);
        $input->reset($start);
        
        $chunk_macs = [];
        
        $break = false;
        while (!$break && $input->getPos() < $cipher_end) {
            /**
             * Would a full BUFFER read put it past the end of the
             * ciphertext? If so, only return a portion of the file.
             */
            if ($input->getPos() + $config->BUFFER >= $cipher_end) {
                $break = true;
                $read = $input->readBytes($cipher_end - $input->getPos());
            } else {
                $read = $input->readBytes($config->BUFFER);
            }
            
            /**
             * We're updating our HMAC and nothing else
             */
            \hash_update($mac, $read);
            
            /**
             * Store a MAC of each chunk
             */
            $chunkMAC = \hash_copy($mac);
            if ($chunkMAC === false) {
                throw new CryptoException\CannotPerformOperation(
                    'An unknown error has occurred'
                );
            }
            $chunk_macs []= \hash_final($chunkMAC, true);
        }
        
        /**
         * We should now have enough data to generate an identical HMAC
         */
        $finalHMAC = \hash_final($mac, true);
        
        /**
         * Use hash_equals() to be timing-invariant
         */
        if (!\hash_equals($finalHMAC, $stored_mac)) {
            throw new CryptoException\InvalidMessage(
                'Invalid message authentication code'
            );
        }
        $input->reset($start);
        return $chunk_macs;
    }
}
 |