/**
 * This code is licensed under the MCGSI Public License
 * Copyright 2018 Jeff Becker
 *
 * Kovri go write your own code
 *
 */
#ifndef SIPHASH_H
#define SIPHASH_H

#include <cstdint>
#include "Crypto.h"

#if !OPENSSL_SIPHASH
namespace i2p
{
namespace crypto
{
	namespace siphash
	{
		constexpr int crounds = 2;
		constexpr int drounds = 4;

		inline uint64_t rotl(const uint64_t & x, int b)
		{
			uint64_t ret = x << b;
			ret |= x >> (64 - b);
			return ret;
		}

		inline void u32to8le(const uint32_t & v, uint8_t * p)
		{
			p[0] = (uint8_t) v;
			p[1] = (uint8_t) (v >> 8);
			p[2] = (uint8_t) (v >> 16);
			p[3] = (uint8_t) (v >> 24);
		}

		inline void u64to8le(const uint64_t & v, uint8_t * p)
		{
			p[0] = v & 0xff;
			p[1] = (v >> 8)  & 0xff;
			p[2] = (v >> 16) & 0xff;
			p[3] = (v >> 24) & 0xff;
			p[4] = (v >> 32) & 0xff;
			p[5] = (v >> 40) & 0xff;
			p[6] = (v >> 48) & 0xff;
			p[7] = (v >> 56) & 0xff;
		}

		inline uint64_t u8to64le(const uint8_t * p)
		{
			uint64_t i = 0;
			int idx = 0;
			while(idx < 8)
			{
				i |= ((uint64_t) p[idx]) << (idx * 8);
				++idx;
			}
			return i;
		}

		inline void round(uint64_t & _v0, uint64_t & _v1, uint64_t & _v2, uint64_t & _v3)
		{
			_v0 += _v1;
			_v1 = rotl(_v1, 13);
			_v1 ^= _v0;
			_v0 = rotl(_v0, 32);
			_v2 += _v3;
			_v3 = rotl(_v3, 16);
			_v3 ^= _v2;
			_v0 += _v3;
			_v3 = rotl(_v3, 21);
			_v3 ^= _v0;
			_v2 += _v1;
			_v1 = rotl(_v1, 17);
			_v1 ^= _v2;
			_v2 = rotl(_v2, 32);
		}
	}

	/** hashsz must be 8 or 16 */
	template<std::size_t hashsz>
	inline void Siphash(uint8_t * h, const uint8_t * buf, std::size_t bufsz, const uint8_t * key)
	{
		uint64_t v0 = 0x736f6d6570736575ULL;
		uint64_t v1 = 0x646f72616e646f6dULL;
		uint64_t v2 = 0x6c7967656e657261ULL;
		uint64_t v3 = 0x7465646279746573ULL;
		const uint64_t k0 = siphash::u8to64le(key);
		const uint64_t k1 = siphash::u8to64le(key + 8);
		uint64_t msg;
		int i;
		const uint8_t * end = buf + bufsz - (bufsz % sizeof(uint64_t));
		auto left = bufsz & 7;
		uint64_t b = ((uint64_t)bufsz) << 56;
		v3 ^= k1;
		v2 ^= k0;
		v1 ^= k1;
		v0 ^= k0;

		if(hashsz == 16) v1 ^= 0xee;

		while(buf != end)
		{
			msg = siphash::u8to64le(buf);
			v3 ^= msg;
			for(i = 0; i < siphash::crounds; ++i)
				siphash::round(v0, v1, v2, v3);

			v0 ^= msg;
			buf += 8;
		}

		while(left)
		{
			--left;
			b |= ((uint64_t)(buf[left])) << (left * 8);
		}

		v3 ^= b;

		for(i = 0; i < siphash::crounds; ++i)
			siphash::round(v0, v1, v2, v3);

		v0 ^= b;


		if(hashsz == 16)
			v2 ^= 0xee;
		else
			v2 ^= 0xff;

		for(i = 0; i < siphash::drounds; ++i)
			siphash::round(v0, v1, v2, v3);

		b = v0 ^ v1 ^ v2 ^ v3;

		siphash::u64to8le(b, h);

		if(hashsz == 8) return;

		v1 ^= 0xdd;

		for (i = 0; i < siphash::drounds; ++i)
			siphash::round(v0, v1, v2, v3);

		b = v0 ^ v1 ^ v2 ^ v3;
		siphash::u64to8le(b, h + 8);
	}
}
}
#endif

#endif