package org.briarproject.bramble.crypto;

import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.KeyPairGenerator;
import org.briarproject.bramble.api.crypto.CryptoComponent;
import org.briarproject.bramble.api.crypto.KeyPair;
import org.briarproject.bramble.api.crypto.KeyParser;
import org.briarproject.bramble.api.crypto.PrivateKey;
import org.briarproject.bramble.api.crypto.PublicKey;
import org.briarproject.bramble.api.crypto.SecretKey;
import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
import org.briarproject.bramble.api.system.SecureRandomProvider;
import org.briarproject.bramble.util.ByteUtils;
import org.briarproject.bramble.util.LogUtils;
import org.briarproject.bramble.util.StringUtils;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.digests.Blake2bDigest;
import org.whispersystems.curve25519.Curve25519;
import org.whispersystems.curve25519.Curve25519KeyPair;

@NotNullByDefault
/* loaded from: classes.dex */
class CryptoComponentImpl implements CryptoComponent {
    private static final Logger LOG = Logger.getLogger(CryptoComponentImpl.class.getName());
    private static final int PBKDF_FORMAT_SCRYPT = 0;
    private static final int PBKDF_SALT_BYTES = 32;
    private static final int SIGNATURE_KEY_PAIR_BITS = 256;
    private static final int STORAGE_IV_BYTES = 24;
    private final KeyParser agreementKeyParser;
    private final Curve25519 curve25519;
    private final MessageEncrypter messageEncrypter;
    private final PasswordBasedKdf passwordBasedKdf;
    private final SecureRandom secureRandom;
    private final KeyPairGenerator signatureKeyPairGenerator;
    private final KeyParser signatureKeyParser;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptoComponentImpl(SecureRandomProvider secureRandomProvider, PasswordBasedKdf passwordBasedKdf) {
        if (LOG.isLoggable(Level.INFO)) {
            SecureRandom secureRandom = new SecureRandom();
            String name = secureRandom.getProvider().getName();
            String algorithm = secureRandom.getAlgorithm();
            LOG.info("Default SecureRandom: " + name + " " + algorithm);
        }
        Provider provider = secureRandomProvider.getProvider();
        if (provider == null) {
            LOG.info("Using default");
        } else {
            installSecureRandomProvider(provider);
            if (LOG.isLoggable(Level.INFO)) {
                SecureRandom secureRandom2 = new SecureRandom();
                String name2 = secureRandom2.getProvider().getName();
                String algorithm2 = secureRandom2.getAlgorithm();
                LOG.info("Installed SecureRandom: " + name2 + " " + algorithm2);
            }
        }
        this.secureRandom = new SecureRandom();
        this.passwordBasedKdf = passwordBasedKdf;
        this.curve25519 = Curve25519.getInstance(Curve25519.JAVA);
        this.signatureKeyPairGenerator = new KeyPairGenerator();
        this.signatureKeyPairGenerator.initialize(256, this.secureRandom);
        this.agreementKeyParser = new Curve25519KeyParser();
        this.signatureKeyParser = new EdKeyParser();
        this.messageEncrypter = new MessageEncrypter(this.secureRandom);
    }

    private void installSecureRandomProvider(Provider provider) {
        Provider[] providers = Security.getProviders("SecureRandom.SHA1PRNG");
        if (providers == null || providers.length == 0 || !provider.getClass().equals(providers[0].getClass())) {
            Security.insertProviderAt(provider, 1);
        }
        SecureRandom secureRandom = new SecureRandom();
        if (!provider.getClass().equals(secureRandom.getProvider().getClass())) {
            throw new SecurityException("Wrong SecureRandom provider: " + secureRandom.getProvider().getClass());
        }
        try {
            SecureRandom secureRandom2 = SecureRandom.getInstance("SHA1PRNG");
            if (provider.getClass().equals(secureRandom2.getProvider().getClass())) {
                return;
            }
            throw new SecurityException("Wrong SHA1PRNG provider: " + secureRandom2.getProvider().getClass());
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException(e);
        }
    }

    private void updateSignature(Signature signature, String str, byte[] bArr) throws GeneralSecurityException {
        byte[] utf8 = StringUtils.toUtf8(str);
        byte[] bArr2 = new byte[4];
        ByteUtils.writeUint32(utf8.length, bArr2, 0);
        signature.update(bArr2);
        signature.update(utf8);
        ByteUtils.writeUint32(bArr.length, bArr2, 0);
        signature.update(bArr2);
        signature.update(bArr);
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public String asciiArmour(byte[] bArr, int i) {
        return AsciiArmour.wrap(bArr, i);
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] decryptWithPassword(byte[] bArr, String str) {
        XSalsa20Poly1305AuthenticatedCipher xSalsa20Poly1305AuthenticatedCipher = new XSalsa20Poly1305AuthenticatedCipher();
        int macBytes = xSalsa20Poly1305AuthenticatedCipher.getMacBytes();
        if (bArr.length < macBytes + 61 || bArr[0] != 0) {
            return null;
        }
        byte[] bArr2 = new byte[32];
        System.arraycopy(bArr, 1, bArr2, 0, bArr2.length);
        int length = 1 + bArr2.length;
        long readUint32 = ByteUtils.readUint32(bArr, length);
        int i = length + 4;
        if (readUint32 < 2 || readUint32 > 2147483647L) {
            return null;
        }
        byte[] bArr3 = new byte[24];
        System.arraycopy(bArr, i, bArr3, 0, bArr3.length);
        int length2 = i + bArr3.length;
        try {
            xSalsa20Poly1305AuthenticatedCipher.init(false, this.passwordBasedKdf.deriveKey(str, bArr2, (int) readUint32), bArr3);
            try {
                int length3 = bArr.length - length2;
                byte[] bArr4 = new byte[length3 - macBytes];
                xSalsa20Poly1305AuthenticatedCipher.process(bArr, length2, length3, bArr4, 0);
                return bArr4;
            } catch (GeneralSecurityException unused) {
                return null;
            }
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public SecretKey deriveKey(String str, SecretKey secretKey, byte[]... bArr) {
        byte[] mac = mac(str, secretKey, bArr);
        if (mac.length != 32) {
            throw new IllegalStateException();
        }
        return new SecretKey(mac);
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public SecretKey deriveSharedSecret(String str, PublicKey publicKey, KeyPair keyPair, byte[]... bArr) throws GeneralSecurityException {
        PrivateKey privateKey = keyPair.getPrivate();
        byte[][] bArr2 = new byte[bArr.length + 1];
        bArr2[0] = performRawKeyAgreement(privateKey, publicKey);
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        byte[] hash = hash(str, bArr2);
        if (hash.length != 32) {
            throw new IllegalStateException();
        }
        return new SecretKey(hash);
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] encryptToKey(PublicKey publicKey, byte[] bArr) {
        try {
            return this.messageEncrypter.encrypt(publicKey, bArr);
        } catch (CryptoException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] encryptWithPassword(byte[] bArr, String str) {
        XSalsa20Poly1305AuthenticatedCipher xSalsa20Poly1305AuthenticatedCipher = new XSalsa20Poly1305AuthenticatedCipher();
        int macBytes = xSalsa20Poly1305AuthenticatedCipher.getMacBytes();
        byte[] bArr2 = new byte[32];
        this.secureRandom.nextBytes(bArr2);
        int chooseCostParameter = this.passwordBasedKdf.chooseCostParameter();
        SecretKey deriveKey = this.passwordBasedKdf.deriveKey(str, bArr2, chooseCostParameter);
        byte[] bArr3 = new byte[24];
        this.secureRandom.nextBytes(bArr3);
        byte[] bArr4 = new byte[bArr2.length + 1 + 4 + bArr3.length + bArr.length + macBytes];
        bArr4[0] = 0;
        System.arraycopy(bArr2, 0, bArr4, 1, bArr2.length);
        int length = bArr2.length + 1;
        ByteUtils.writeUint32(chooseCostParameter, bArr4, length);
        int i = length + 4;
        System.arraycopy(bArr3, 0, bArr4, i, bArr3.length);
        int length2 = i + bArr3.length;
        try {
            xSalsa20Poly1305AuthenticatedCipher.init(true, deriveKey, bArr3);
            xSalsa20Poly1305AuthenticatedCipher.process(bArr, 0, bArr.length, bArr4, length2);
            return bArr4;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyPair generateAgreementKeyPair() {
        Curve25519KeyPair generateKeyPair = this.curve25519.generateKeyPair();
        return new KeyPair(new Curve25519PublicKey(generateKeyPair.getPublicKey()), new Curve25519PrivateKey(generateKeyPair.getPrivateKey()));
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public SecretKey generateSecretKey() {
        byte[] bArr = new byte[32];
        this.secureRandom.nextBytes(bArr);
        return new SecretKey(bArr);
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyPair generateSignatureKeyPair() {
        java.security.KeyPair generateKeyPair = this.signatureKeyPairGenerator.generateKeyPair();
        return new KeyPair(new EdPublicKey(((EdDSAPublicKey) generateKeyPair.getPublic()).getAbyte()), new EdPrivateKey(((EdDSAPrivateKey) generateKeyPair.getPrivate()).getSeed()));
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyParser getAgreementKeyParser() {
        return this.agreementKeyParser;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyParser getMessageKeyParser() {
        return this.messageEncrypter.getKeyParser();
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public SecureRandom getSecureRandom() {
        return this.secureRandom;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public KeyParser getSignatureKeyParser() {
        return this.signatureKeyParser;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] hash(String str, byte[]... bArr) {
        byte[] utf8 = StringUtils.toUtf8(str);
        Blake2bDigest blake2bDigest = new Blake2bDigest(256);
        byte[] bArr2 = new byte[4];
        ByteUtils.writeUint32(utf8.length, bArr2, 0);
        blake2bDigest.update(bArr2, 0, bArr2.length);
        blake2bDigest.update(utf8, 0, utf8.length);
        for (byte[] bArr3 : bArr) {
            ByteUtils.writeUint32(bArr3.length, bArr2, 0);
            blake2bDigest.update(bArr2, 0, bArr2.length);
            blake2bDigest.update(bArr3, 0, bArr3.length);
        }
        byte[] bArr4 = new byte[blake2bDigest.getDigestSize()];
        blake2bDigest.doFinal(bArr4, 0);
        return bArr4;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] mac(String str, SecretKey secretKey, byte[]... bArr) {
        byte[] utf8 = StringUtils.toUtf8(str);
        Blake2bDigest blake2bDigest = new Blake2bDigest(secretKey.getBytes(), 32, null, null);
        byte[] bArr2 = new byte[4];
        ByteUtils.writeUint32(utf8.length, bArr2, 0);
        blake2bDigest.update(bArr2, 0, bArr2.length);
        blake2bDigest.update(utf8, 0, utf8.length);
        for (byte[] bArr3 : bArr) {
            ByteUtils.writeUint32(bArr3.length, bArr2, 0);
            blake2bDigest.update(bArr2, 0, bArr2.length);
            blake2bDigest.update(bArr3, 0, bArr3.length);
        }
        byte[] bArr4 = new byte[blake2bDigest.getDigestSize()];
        blake2bDigest.doFinal(bArr4, 0);
        return bArr4;
    }

    byte[] performRawKeyAgreement(PrivateKey privateKey, PublicKey publicKey) throws GeneralSecurityException {
        if (!(privateKey instanceof Curve25519PrivateKey)) {
            throw new IllegalArgumentException();
        }
        if (!(publicKey instanceof Curve25519PublicKey)) {
            throw new IllegalArgumentException();
        }
        long now = LogUtils.now();
        byte[] calculateAgreement = this.curve25519.calculateAgreement(publicKey.getEncoded(), privateKey.getEncoded());
        byte b = 0;
        for (byte b2 : calculateAgreement) {
            b = (byte) (b | b2);
        }
        if (b == 0) {
            throw new GeneralSecurityException();
        }
        LogUtils.logDuration(LOG, "Deriving shared secret", now);
        return calculateAgreement;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public byte[] sign(String str, byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        PrivateKey parsePrivateKey = this.signatureKeyParser.parsePrivateKey(bArr2);
        EdSignature edSignature = new EdSignature();
        edSignature.initSign(parsePrivateKey);
        updateSignature(edSignature, str, bArr);
        return edSignature.sign();
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public boolean verifyMac(byte[] bArr, String str, SecretKey secretKey, byte[]... bArr2) {
        byte[] mac = mac(str, secretKey, bArr2);
        if (bArr.length != mac.length) {
            return false;
        }
        int i = 0;
        for (int i2 = 0; i2 < bArr.length; i2++) {
            i |= bArr[i2] ^ mac[i2];
        }
        return i == 0;
    }

    @Override // org.briarproject.bramble.api.crypto.CryptoComponent
    public boolean verifySignature(byte[] bArr, String str, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        PublicKey parsePublicKey = this.signatureKeyParser.parsePublicKey(bArr3);
        EdSignature edSignature = new EdSignature();
        edSignature.initVerify(parsePublicKey);
        updateSignature(edSignature, str, bArr2);
        return edSignature.verify(bArr);
    }
}
