package com.google.security.keymaster.lite;

import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class KeymaestroHybridEncrypter {
    private static final String AES = "AES";
    private static final String AES_GCM = "AES/GCM/NoPadding";
    static final int CONSTRUCTOR_KEY_LENGTH = 68;
    static final EllipticCurve CURVE;
    static final ECParameterSpec CURVE_SPEC;
    private static final int DEM_KEY_LENGTH = 16;
    static final ECFieldFp FIELD;
    private static final int FIELD_LENGTH = 32;
    private static final int KEY_ID_LENGTH = 4;
    private static final int NONCE_LENGTH = 12;
    private static final int POINT_LENGTH = 64;
    private static final int TAG_LENGTH = 16;
    private static final byte VERSION = 0;
    private static final SecureRandom random;
    private final byte[] aesKey;
    private final byte[] kemToken;
    private final byte[] keyId;

    static {
        BigInteger bigInteger = new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853951");
        BigInteger bigInteger2 = new BigInteger("115792089210356248762697446949407573529996955224135760342422259061068512044369");
        BigInteger subtract = bigInteger.subtract(new BigInteger("3"));
        BigInteger bigInteger3 = new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16);
        ECPoint eCPoint = new ECPoint(new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16), new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16));
        ECFieldFp eCFieldFp = new ECFieldFp(bigInteger);
        FIELD = eCFieldFp;
        EllipticCurve ellipticCurve = new EllipticCurve(eCFieldFp, subtract, bigInteger3);
        CURVE = ellipticCurve;
        CURVE_SPEC = new ECParameterSpec(ellipticCurve, eCPoint, bigInteger2, 1);
        random = new SecureRandom();
    }

    public KeymaestroHybridEncrypter(byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2 = new byte[4];
        this.keyId = bArr2;
        if (bArr == null) {
            throw new IllegalArgumentException("publicKey is null");
        }
        if (bArr.length != 68) {
            throw new IllegalArgumentException("publicKey should be 68 bytes");
        }
        System.arraycopy(bArr, 0, bArr2, 0, 4);
        ECPoint deserializePoint = deserializePoint(bArr, 4, 64);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(CURVE_SPEC);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        ECPrivateKey eCPrivateKey = (ECPrivateKey) genKeyPair.getPrivate();
        byte[] serializePoint = serializePoint(((ECPublicKey) genKeyPair.getPublic()).getW());
        this.kemToken = serializePoint;
        this.aesKey = hkdf(cat(serializePoint, ecdh(eCPrivateKey, deserializePoint)), null, "GOOGLE_KEYMASTER".getBytes(StandardCharsets.UTF_8), 16);
    }

    private static byte[] cat(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private static byte[] demEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(AES_GCM);
        cipher.init(1, new SecretKeySpec(bArr, AES), new GCMParameterSpec(128, bArr2));
        int length = bArr3.length + 16;
        byte[] bArr4 = new byte[length];
        if (cipher.doFinal(bArr3, 0, bArr3.length, bArr4) == length) {
            return bArr4;
        }
        throw new GeneralSecurityException("Length mismatch");
    }

    static ECPoint deserializePoint(byte[] bArr) throws GeneralSecurityException {
        return deserializePoint(bArr, 0, bArr.length);
    }

    private static ECPoint deserializePoint(byte[] bArr, int i, int i2) throws GeneralSecurityException {
        if (i2 != 64) {
            throw new IllegalArgumentException("serialized point length is too short");
        }
        int i3 = i + 32;
        ECPoint eCPoint = new ECPoint(new BigInteger(1, Arrays.copyOfRange(bArr, i, i3)), new BigInteger(1, Arrays.copyOfRange(bArr, i3, i + 64)));
        if (isPointOnCurve(eCPoint)) {
            return eCPoint;
        }
        throw new GeneralSecurityException("point is not on the curve");
    }

    static ECPrivateKey deserializePrivateKey(byte[] bArr) throws GeneralSecurityException {
        return (ECPrivateKey) KeyFactory.getInstance("EC").generatePrivate(new ECPrivateKeySpec(new BigInteger(1, bArr), CURVE_SPEC));
    }

    static byte[] ecdh(ECPrivateKey eCPrivateKey, ECPoint eCPoint) throws GeneralSecurityException {
        PublicKey generatePublic = KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, CURVE_SPEC));
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
        keyAgreement.init(eCPrivateKey);
        keyAgreement.doPhase(generatePublic, true);
        return keyAgreement.generateSecret();
    }

    static void fitBigInteger(BigInteger bigInteger, byte[] bArr, int i, int i2) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray.length > i2 + 1) {
            throw new IllegalArgumentException("Array is too small to hold this BigInteger");
        }
        if (byteArray.length > i2) {
            System.arraycopy(byteArray, byteArray.length - i2, bArr, i, i2);
        } else {
            System.arraycopy(byteArray, 0, bArr, (i + i2) - byteArray.length, byteArray.length);
        }
    }

    static byte[] hkdf(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) throws GeneralSecurityException {
        Mac mac = Mac.getInstance("HMACSHA256");
        if (bArr2 == null) {
            bArr2 = new byte[mac.getMacLength()];
        }
        mac.init(new SecretKeySpec(bArr2, mac.getAlgorithm()));
        mac.init(new SecretKeySpec(mac.doFinal(bArr), mac.getAlgorithm()));
        int macLength = mac.getMacLength();
        int i2 = i / macLength;
        if (i2 * macLength != i) {
            i2++;
        }
        if (i2 > 255) {
            throw new IllegalArgumentException("extracting too many bytes at once");
        }
        byte[] bArr4 = new byte[i];
        byte[] bArr5 = new byte[0];
        int i3 = 0;
        while (i3 < i2) {
            mac.update(bArr5);
            mac.update(bArr3);
            int i4 = i3 + 1;
            mac.update((byte) i4);
            byte[] doFinal = mac.doFinal();
            int i5 = i2 - 1;
            if (i3 < i5) {
                System.arraycopy(doFinal, 0, bArr4, i3 * macLength, macLength);
            } else {
                System.arraycopy(doFinal, 0, bArr4, i3 * macLength, i - (i5 * macLength));
            }
            i3 = i4;
            bArr5 = doFinal;
        }
        return bArr4;
    }

    private static boolean isPointOnCurve(ECPoint eCPoint) throws GeneralSecurityException {
        BigInteger p = FIELD.getP();
        BigInteger affineX = eCPoint.getAffineX();
        BigInteger affineY = eCPoint.getAffineY();
        if (affineX == null || affineY == null) {
            throw new GeneralSecurityException("point is at infinity");
        }
        if (affineX.signum() == -1 || affineX.compareTo(p) != -1) {
            throw new GeneralSecurityException("x is out of range");
        }
        if (affineY.signum() == -1 || affineY.compareTo(p) != -1) {
            throw new GeneralSecurityException("y is out of range");
        }
        BigInteger mod = affineY.multiply(affineY).mod(p);
        BigInteger multiply = affineX.multiply(affineX);
        EllipticCurve ellipticCurve = CURVE;
        return mod.equals(multiply.add(ellipticCurve.getA()).multiply(affineX).add(ellipticCurve.getB()).mod(p));
    }

    private static byte[] serializePoint(ECPoint eCPoint) throws GeneralSecurityException {
        byte[] bArr = new byte[64];
        fitBigInteger(eCPoint.getAffineX(), bArr, 0, 32);
        fitBigInteger(eCPoint.getAffineY(), bArr, 32, 32);
        return bArr;
    }

    public byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2 = new byte[12];
        random.nextBytes(bArr2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length + 97);
        byteArrayOutputStream.write(0);
        byte[] bArr3 = this.keyId;
        byteArrayOutputStream.write(bArr3, 0, bArr3.length);
        byte[] bArr4 = this.kemToken;
        byteArrayOutputStream.write(bArr4, 0, bArr4.length);
        byteArrayOutputStream.write(bArr2, 0, 12);
        byte[] demEncrypt = demEncrypt(this.aesKey, bArr2, bArr);
        byteArrayOutputStream.write(demEncrypt, 0, demEncrypt.length);
        return byteArrayOutputStream.toByteArray();
    }
}
