package org.briarproject.bramble.crypto;

import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import javax.inject.Inject;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.KeyPairGenerator;
import org.briarproject.bramble.api.crypto.AgreementPrivateKey;
import org.briarproject.bramble.api.crypto.AgreementPublicKey;
import org.briarproject.bramble.api.crypto.CryptoComponent;
import org.briarproject.bramble.api.crypto.CryptoConstants;
import org.briarproject.bramble.api.crypto.DecryptionException;
import org.briarproject.bramble.api.crypto.DecryptionResult;
import org.briarproject.bramble.api.crypto.KeyPair;
import org.briarproject.bramble.api.crypto.KeyParser;
import org.briarproject.bramble.api.crypto.KeyStrengthener;
import org.briarproject.bramble.api.crypto.PrivateKey;
import org.briarproject.bramble.api.crypto.PublicKey;
import org.briarproject.bramble.api.crypto.SecretKey;
import org.briarproject.bramble.api.crypto.SignaturePrivateKey;
import org.briarproject.bramble.api.crypto.SignaturePublicKey;
import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
import org.briarproject.bramble.api.system.SecureRandomProvider;
import org.briarproject.bramble.util.ByteUtils;
import org.briarproject.bramble.util.LogUtils;
import org.briarproject.bramble.util.StringUtils;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.digests.Blake2bDigest;
import org.whispersystems.curve25519.Curve25519;
import org.whispersystems.curve25519.Curve25519KeyPair;

@NotNullByDefault
/* loaded from: input_file:org/briarproject/bramble/crypto/CryptoComponentImpl.class */
class CryptoComponentImpl implements CryptoComponent {
    private static final Logger LOG = Logger.getLogger(CryptoComponentImpl.class.getName());
    private static final int SIGNATURE_KEY_PAIR_BITS = 256;
    private static final int STORAGE_IV_BYTES = 24;
    private static final int PBKDF_SALT_BYTES = 32;
    private static final byte PBKDF_FORMAT_SCRYPT = 0;
    private static final byte PBKDF_FORMAT_SCRYPT_STRENGTHENED = 1;
    private final SecureRandom secureRandom;
    private final PasswordBasedKdf passwordBasedKdf;
    private final Curve25519 curve25519;
    private final KeyPairGenerator signatureKeyPairGenerator;
    private final KeyParser agreementKeyParser;
    private final KeyParser signatureKeyParser;
    private final MessageEncrypter messageEncrypter;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public CryptoComponentImpl(SecureRandomProvider secureRandomProvider, PasswordBasedKdf passwordBasedKdf) {
        if (LOG.isLoggable(Level.INFO)) {
            SecureRandom secureRandom = new SecureRandom();
            LOG.info("Default SecureRandom: " + secureRandom.getProvider().getName() + " " + secureRandom.getAlgorithm());
        }
        Provider provider = secureRandomProvider.getProvider();
        if (provider == null) {
            LOG.info("Using default");
        } else {
            installSecureRandomProvider(provider);
            if (LOG.isLoggable(Level.INFO)) {
                SecureRandom secureRandom2 = new SecureRandom();
                LOG.info("Installed SecureRandom: " + secureRandom2.getProvider().getName() + " " + secureRandom2.getAlgorithm());
            }
        }
        this.secureRandom = new SecureRandom();
        this.passwordBasedKdf = passwordBasedKdf;
        this.curve25519 = Curve25519.getInstance(Curve25519.JAVA);
        this.signatureKeyPairGenerator = new KeyPairGenerator();
        this.signatureKeyPairGenerator.initialize(256, this.secureRandom);
        this.agreementKeyParser = new AgreementKeyParser();
        this.signatureKeyParser = new SignatureKeyParser();
        this.messageEncrypter = new MessageEncrypter(this.secureRandom);
    }

    private void installSecureRandomProvider(Provider provider) {
        Provider[] providers = Security.getProviders("SecureRandom.SHA1PRNG");
        if (providers == null || providers.length == 0 || !provider.getClass().equals(providers[0].getClass())) {
            Security.insertProviderAt(provider, 1);
        }
        SecureRandom secureRandom = new SecureRandom();
        if (!provider.getClass().equals(secureRandom.getProvider().getClass())) {
            throw new SecurityException("Wrong SecureRandom provider: " + secureRandom.getProvider().getClass());
        }
        try {
            SecureRandom secureRandom2 = SecureRandom.getInstance("SHA1PRNG");
            if (!provider.getClass().equals(secureRandom2.getProvider().getClass())) {
                throw new SecurityException("Wrong SHA1PRNG provider: " + secureRandom2.getProvider().getClass());
            }
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException(e);
        }
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public SecretKey generateSecretKey() {
        byte[] bArr = new byte[32];
        this.secureRandom.nextBytes(bArr);
        return new SecretKey(bArr);
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public SecureRandom getSecureRandom() {
        return this.secureRandom;
    }

    byte[] performRawKeyAgreement(PrivateKey privateKey, PublicKey publicKey) throws GeneralSecurityException {
        if (!privateKey.getKeyType().equals(CryptoConstants.KEY_TYPE_AGREEMENT)) {
            throw new IllegalArgumentException();
        }
        if (!publicKey.getKeyType().equals(CryptoConstants.KEY_TYPE_AGREEMENT)) {
            throw new IllegalArgumentException();
        }
        long now = LogUtils.now();
        byte[] calculateAgreement = this.curve25519.calculateAgreement(publicKey.getEncoded(), privateKey.getEncoded());
        byte b = 0;
        for (byte b2 : calculateAgreement) {
            b = (byte) (b | b2);
        }
        if (b == 0) {
            throw new GeneralSecurityException();
        }
        LogUtils.logDuration(LOG, "Deriving shared secret", now);
        return calculateAgreement;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyPair generateAgreementKeyPair() {
        Curve25519KeyPair generateKeyPair = this.curve25519.generateKeyPair();
        return new KeyPair(new AgreementPublicKey(generateKeyPair.getPublicKey()), new AgreementPrivateKey(generateKeyPair.getPrivateKey()));
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyParser getAgreementKeyParser() {
        return this.agreementKeyParser;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyPair generateSignatureKeyPair() {
        java.security.KeyPair generateKeyPair = this.signatureKeyPairGenerator.generateKeyPair();
        return new KeyPair(new SignaturePublicKey(((EdDSAPublicKey) generateKeyPair.getPublic()).getAbyte()), new SignaturePrivateKey(((EdDSAPrivateKey) generateKeyPair.getPrivate()).getSeed()));
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyParser getSignatureKeyParser() {
        return this.signatureKeyParser;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyParser getMessageKeyParser() {
        return this.messageEncrypter.getKeyParser();
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public SecretKey deriveKey(String str, SecretKey secretKey, byte[]... bArr) {
        byte[] mac = mac(str, secretKey, bArr);
        if (mac.length != 32) {
            throw new IllegalStateException();
        }
        return new SecretKey(mac);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v5, types: [byte[], byte[][], java.lang.Object] */
    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public SecretKey deriveSharedSecret(String str, PublicKey publicKey, KeyPair keyPair, byte[]... bArr) throws GeneralSecurityException {
        PrivateKey privateKey = keyPair.getPrivate();
        ?? r0 = new byte[bArr.length + 1];
        r0[0] = performRawKeyAgreement(privateKey, publicKey);
        System.arraycopy(bArr, 0, r0, 1, bArr.length);
        byte[] hash = hash(str, r0);
        if (hash.length != 32) {
            throw new IllegalStateException();
        }
        return new SecretKey(hash);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v7, types: [byte[], byte[][], java.lang.Object] */
    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public SecretKey deriveSharedSecret(String str, PublicKey publicKey, PublicKey publicKey2, KeyPair keyPair, KeyPair keyPair2, boolean z, byte[]... bArr) throws GeneralSecurityException {
        PrivateKey privateKey = keyPair.getPrivate();
        PrivateKey privateKey2 = keyPair2.getPrivate();
        ?? r0 = new byte[bArr.length + 3];
        r0[0] = performRawKeyAgreement(privateKey, publicKey);
        if (z) {
            r0[1] = performRawKeyAgreement(privateKey, publicKey2);
            r0[2] = performRawKeyAgreement(privateKey2, publicKey);
        } else {
            r0[1] = performRawKeyAgreement(privateKey2, publicKey);
            r0[2] = performRawKeyAgreement(privateKey, publicKey2);
        }
        System.arraycopy(bArr, 0, r0, 3, bArr.length);
        byte[] hash = hash(str, r0);
        if (hash.length != 32) {
            throw new IllegalStateException();
        }
        return new SecretKey(hash);
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] sign(String str, byte[] bArr, PrivateKey privateKey) throws GeneralSecurityException {
        EdSignature edSignature = new EdSignature();
        edSignature.initSign(privateKey);
        updateSignature(edSignature, str, bArr);
        return edSignature.sign();
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public boolean verifySignature(byte[] bArr, String str, byte[] bArr2, PublicKey publicKey) throws GeneralSecurityException {
        if (!publicKey.getKeyType().equals(CryptoConstants.KEY_TYPE_SIGNATURE)) {
            throw new IllegalArgumentException();
        }
        EdSignature edSignature = new EdSignature();
        edSignature.initVerify(publicKey);
        updateSignature(edSignature, str, bArr2);
        return edSignature.verify(bArr);
    }

    private void updateSignature(Signature signature, String str, byte[] bArr) throws GeneralSecurityException {
        byte[] utf8 = StringUtils.toUtf8(str);
        byte[] bArr2 = new byte[4];
        ByteUtils.writeUint32(utf8.length, bArr2, 0);
        signature.update(bArr2);
        signature.update(utf8);
        ByteUtils.writeUint32(bArr.length, bArr2, 0);
        signature.update(bArr2);
        signature.update(bArr);
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] hash(String str, byte[]... bArr) {
        byte[] utf8 = StringUtils.toUtf8(str);
        Blake2bDigest blake2bDigest = new Blake2bDigest(256);
        byte[] bArr2 = new byte[4];
        ByteUtils.writeUint32(utf8.length, bArr2, 0);
        blake2bDigest.update(bArr2, 0, bArr2.length);
        blake2bDigest.update(utf8, 0, utf8.length);
        for (byte[] bArr3 : bArr) {
            ByteUtils.writeUint32(bArr3.length, bArr2, 0);
            blake2bDigest.update(bArr2, 0, bArr2.length);
            blake2bDigest.update(bArr3, 0, bArr3.length);
        }
        byte[] bArr4 = new byte[blake2bDigest.getDigestSize()];
        blake2bDigest.doFinal(bArr4, 0);
        return bArr4;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] mac(String str, SecretKey secretKey, byte[]... bArr) {
        byte[] utf8 = StringUtils.toUtf8(str);
        Blake2bDigest blake2bDigest = new Blake2bDigest(secretKey.getBytes(), 32, null, null);
        byte[] bArr2 = new byte[4];
        ByteUtils.writeUint32(utf8.length, bArr2, 0);
        blake2bDigest.update(bArr2, 0, bArr2.length);
        blake2bDigest.update(utf8, 0, utf8.length);
        for (byte[] bArr3 : bArr) {
            ByteUtils.writeUint32(bArr3.length, bArr2, 0);
            blake2bDigest.update(bArr2, 0, bArr2.length);
            blake2bDigest.update(bArr3, 0, bArr3.length);
        }
        byte[] bArr4 = new byte[blake2bDigest.getDigestSize()];
        blake2bDigest.doFinal(bArr4, 0);
        return bArr4;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public boolean verifyMac(byte[] bArr, String str, SecretKey secretKey, byte[]... bArr2) {
        byte[] mac = mac(str, secretKey, bArr2);
        if (bArr.length != mac.length) {
            return false;
        }
        Object[] objArr = false;
        for (int i = 0; i < bArr.length; i++) {
            objArr = (objArr == true ? 1 : 0) | (bArr[i] ^ mac[i]) ? 1 : 0;
        }
        return objArr == false;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] encryptWithPassword(byte[] bArr, String str, @Nullable KeyStrengthener keyStrengthener) {
        XSalsa20Poly1305AuthenticatedCipher xSalsa20Poly1305AuthenticatedCipher = new XSalsa20Poly1305AuthenticatedCipher();
        int macBytes = xSalsa20Poly1305AuthenticatedCipher.getMacBytes();
        byte[] bArr2 = new byte[32];
        this.secureRandom.nextBytes(bArr2);
        int chooseCostParameter = this.passwordBasedKdf.chooseCostParameter();
        SecretKey deriveKey = this.passwordBasedKdf.deriveKey(str, bArr2, chooseCostParameter);
        if (keyStrengthener != null) {
            deriveKey = keyStrengthener.strengthenKey(deriveKey);
        }
        byte[] bArr3 = new byte[24];
        this.secureRandom.nextBytes(bArr3);
        byte[] bArr4 = new byte[1 + bArr2.length + 4 + bArr3.length + bArr.length + macBytes];
        bArr4[0] = keyStrengthener == null ? (byte) 0 : (byte) 1;
        int i = 0 + 1;
        System.arraycopy(bArr2, 0, bArr4, i, bArr2.length);
        int length = i + bArr2.length;
        ByteUtils.writeUint32(chooseCostParameter, bArr4, length);
        int i2 = length + 4;
        System.arraycopy(bArr3, 0, bArr4, i2, bArr3.length);
        int length2 = i2 + bArr3.length;
        try {
            xSalsa20Poly1305AuthenticatedCipher.init(true, deriveKey, bArr3);
            xSalsa20Poly1305AuthenticatedCipher.process(bArr, 0, bArr.length, bArr4, length2);
            return bArr4;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] decryptWithPassword(byte[] bArr, String str, @Nullable KeyStrengthener keyStrengthener) throws DecryptionException {
        XSalsa20Poly1305AuthenticatedCipher xSalsa20Poly1305AuthenticatedCipher = new XSalsa20Poly1305AuthenticatedCipher();
        int macBytes = xSalsa20Poly1305AuthenticatedCipher.getMacBytes();
        if (bArr.length < 61 + macBytes) {
            throw new DecryptionException(DecryptionResult.INVALID_CIPHERTEXT);
        }
        byte b = bArr[0];
        int i = 0 + 1;
        if (b != 0 && b != 1) {
            throw new DecryptionException(DecryptionResult.INVALID_CIPHERTEXT);
        }
        byte[] bArr2 = new byte[32];
        System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
        int length = i + bArr2.length;
        long readUint32 = ByteUtils.readUint32(bArr, length);
        int i2 = length + 4;
        if (readUint32 < 2 || readUint32 > 2147483647L) {
            throw new DecryptionException(DecryptionResult.INVALID_CIPHERTEXT);
        }
        byte[] bArr3 = new byte[24];
        System.arraycopy(bArr, i2, bArr3, 0, bArr3.length);
        int length2 = i2 + bArr3.length;
        SecretKey deriveKey = this.passwordBasedKdf.deriveKey(str, bArr2, (int) readUint32);
        if (b == 1) {
            if (keyStrengthener == null || !keyStrengthener.isInitialised()) {
                throw new DecryptionException(DecryptionResult.KEY_STRENGTHENER_ERROR);
            }
            deriveKey = keyStrengthener.strengthenKey(deriveKey);
        }
        try {
            xSalsa20Poly1305AuthenticatedCipher.init(false, deriveKey, bArr3);
            try {
                int length3 = bArr.length - length2;
                byte[] bArr4 = new byte[length3 - macBytes];
                xSalsa20Poly1305AuthenticatedCipher.process(bArr, length2, length3, bArr4, 0);
                return bArr4;
            } catch (GeneralSecurityException e) {
                throw new DecryptionException(DecryptionResult.INVALID_PASSWORD);
            }
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public boolean isEncryptedWithStrengthenedKey(byte[] bArr) {
        return bArr.length > 0 && bArr[0] == 1;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] encryptToKey(PublicKey publicKey, byte[] bArr) {
        try {
            return this.messageEncrypter.encrypt(publicKey, bArr);
        } catch (CryptoException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public String asciiArmour(byte[] bArr, int i) {
        return AsciiArmour.wrap(bArr, i);
    }
}
