//! Cryptography - Contains intentional vulnerabilities
//!
//! Vulnerabilities:
//! - MD5 for hashing (collision attacks)
//! - SHA1 for hashing (collision attacks)
//! - DES encryption (56-bit key, brute-forceable)

use md5::{Md5, Digest as Md5Digest};
use sha1::{Sha1, Digest as Sha1Digest};
use des::Des;
use des::cipher::{BlockEncrypt, KeyInit, generic_array::GenericArray};

/// VULNERABILITY: MD5 is cryptographically broken
/// Collision attacks are practical since 2004
pub fn hash_password_md5(password: &str) -> String {
    // BLOCK: MD5 is cryptographically broken - use SHA-256 or better
    let mut hasher = Md5::new();
    hasher.update(password.as_bytes());
    format!("{:x}", hasher.finalize())
}

/// VULNERABILITY: SHA1 is cryptographically broken
/// Google demonstrated practical collision in 2017 (SHAttered)
pub fn hash_document_sha1(data: &[u8]) -> String {
    // BLOCK: SHA1 is cryptographically broken - use SHA-256 or better
    let mut hasher = Sha1::new();
    hasher.update(data);
    format!("{:x}", hasher.finalize())
}

/// VULNERABILITY: DES uses 56-bit keys
/// Can be brute-forced in hours with modern hardware
pub fn encrypt_des(key: &[u8; 8], plaintext: &[u8; 8]) -> [u8; 8] {
    // BLOCK: DES uses 56-bit keys - use AES-256 instead
    let cipher = Des::new(GenericArray::from_slice(key));
    let mut block = GenericArray::clone_from_slice(plaintext);
    cipher.encrypt_block(&mut block);
    block.into()
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_weak_crypto_patterns() {
        // Verify vulnerable patterns exist for demo
        let _ = hash_password_md5("password123");
        let _ = hash_document_sha1(b"document content");
        let _ = encrypt_des(&[0u8; 8], &[0u8; 8]);
    }
}