package tss;

import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.encodings.OAEPEncoding;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.modes.CFBBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.RSADigestSigner;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
import org.bouncycastle.jce.ECPointUtil;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.math.ec.ECPoint;
import tss.tpm.PCR_ReadResponse;
import tss.tpm.QuoteResponse;
import tss.tpm.TPM2B_PUBLIC_KEY_RSA;
import tss.tpm.TPMS_ATTEST;
import tss.tpm.TPMS_ECC_PARMS;
import tss.tpm.TPMS_QUOTE_INFO;
import tss.tpm.TPMS_RSA_PARMS;
import tss.tpm.TPMS_SIGNATURE_RSAPSS;
import tss.tpm.TPMS_SIGNATURE_RSASSA;
import tss.tpm.TPMS_SIG_SCHEME_ECDSA;
import tss.tpm.TPMS_SIG_SCHEME_RSAPSS;
import tss.tpm.TPMS_SIG_SCHEME_RSASSA;
import tss.tpm.TPMT_PUBLIC;
import tss.tpm.TPMU_SIGNATURE;
import tss.tpm.TPM_ALG_ID;
import tss.tpm.TPM_ECC_CURVE;
import tss.tpm.TPM_GENERATED;

/* loaded from: input_file:tss/Crypto.class */
public class Crypto {

    /* loaded from: input_file:tss/Crypto$ECCKeyPair.class */
    public static class ECCKeyPair {
        public ECPoint PublicKey;
        public BigInteger PrivateKey;
    }

    /* loaded from: input_file:tss/Crypto$RsaKeyPair.class */
    public static class RsaKeyPair {
        public BigInteger PublicKey;
        public BigInteger PrivateKey;
    }

    public static int digestSize(TPM_ALG_ID tpm_alg_id) {
        switch (tpm_alg_id.asEnum()) {
            case SHA1:
                return 20;
            case SHA256:
                return 32;
            case SHA384:
                return 48;
            case SHA512:
                return 64;
            default:
                throw new RuntimeException("Unknown algorithm ID (not a hash?)");
        }
    }

    public static byte[] hash(TPM_ALG_ID tpm_alg_id, byte[] bArr) {
        Digest digest = getDigest(tpm_alg_id);
        byte[] bArr2 = new byte[digest.getDigestSize()];
        digest.update(bArr, 0, bArr.length);
        digest.doFinal(bArr2, 0);
        return bArr2;
    }

    public static byte[] hmac(TPM_ALG_ID tpm_alg_id, byte[] bArr, byte[] bArr2) {
        HMac hMac = new HMac(getDigest(tpm_alg_id));
        byte[] bArr3 = new byte[hMac.getMacSize()];
        hMac.init(new KeyParameter(bArr));
        hMac.update(bArr2, 0, bArr2.length);
        hMac.doFinal(bArr3, 0);
        return bArr3;
    }

    public static boolean validateSignature(TPMT_PUBLIC tpmt_public, byte[] bArr, TPMU_SIGNATURE tpmu_signature) {
        if (tpmt_public.parameters instanceof TPMS_RSA_PARMS) {
            TPMS_RSA_PARMS tpms_rsa_parms = (TPMS_RSA_PARMS) tpmt_public.parameters;
            RSAKeyParameters rSAKeyParameters = new RSAKeyParameters(false, new BigInteger(1, ((TPM2B_PUBLIC_KEY_RSA) tpmt_public.unique).buffer), BigInteger.valueOf(tpms_rsa_parms.exponent));
            if (tpms_rsa_parms.scheme instanceof TPMS_SIG_SCHEME_RSAPSS) {
                TPMS_SIGNATURE_RSAPSS tpms_signature_rsapss = (TPMS_SIGNATURE_RSAPSS) tpmu_signature;
                TPM_ALG_ID tpm_alg_id = ((TPMS_SIG_SCHEME_RSAPSS) tpms_rsa_parms.scheme).hashAlg;
                new RSABlindedEngine().init(false, rSAKeyParameters);
                RSADigestSigner rSADigestSigner = new RSADigestSigner(getDigest(tpms_signature_rsapss.hash));
                rSADigestSigner.init(false, rSAKeyParameters);
                rSADigestSigner.update(bArr, 0, bArr.length);
                return rSADigestSigner.verifySignature(tpms_signature_rsapss.sig);
            }
            if (tpms_rsa_parms.scheme instanceof TPMS_SIG_SCHEME_RSASSA) {
                RSADigestSigner rSADigestSigner2 = new RSADigestSigner(getDigest(((TPMS_SIG_SCHEME_RSASSA) tpms_rsa_parms.scheme).hashAlg));
                rSADigestSigner2.init(false, rSAKeyParameters);
                rSADigestSigner2.update(bArr, 0, bArr.length);
                return Boolean.valueOf(rSADigestSigner2.verifySignature(((TPMS_SIGNATURE_RSASSA) tpmu_signature).sig)).booleanValue();
            }
        }
        if (!(tpmt_public.parameters instanceof TPMS_ECC_PARMS)) {
            throw new RuntimeException("Not implemented");
        }
        if (((TPMS_ECC_PARMS) tpmt_public.parameters).scheme instanceof TPMS_SIG_SCHEME_ECDSA) {
            return true;
        }
        throw new RuntimeException("Not implemented");
    }

    public static boolean validateQuote(TPMT_PUBLIC tpmt_public, PCR_ReadResponse pCR_ReadResponse, byte[] bArr, QuoteResponse quoteResponse) {
        TPMS_ATTEST tpms_attest = quoteResponse.quoted;
        if (tpms_attest.magic != TPM_GENERATED.VALUE || !Helpers.byteArraysEqual(tpms_attest.extraData, bArr)) {
            return false;
        }
        TPMS_QUOTE_INFO tpms_quote_info = (TPMS_QUOTE_INFO) tpms_attest.attested;
        if (tpms_quote_info.pcrSelect.length != pCR_ReadResponse.pcrSelectionOut.length || !Helpers.byteArraysEqual(OutByteBuf.arrayToByteBuf(tpms_quote_info.pcrSelect), OutByteBuf.arrayToByteBuf(pCR_ReadResponse.pcrSelectionOut))) {
            return false;
        }
        OutByteBuf outByteBuf = new OutByteBuf();
        for (int i = 0; i < pCR_ReadResponse.pcrValues.length; i++) {
            outByteBuf.write(pCR_ReadResponse.pcrValues[i].buffer);
        }
        if (Helpers.byteArraysEqual(hash(getSigningHashAlg(tpmt_public), outByteBuf.getBuf()), tpms_quote_info.pcrDigest)) {
            return Boolean.valueOf(validateSignature(tpmt_public, quoteResponse.quoted.toTpm(), quoteResponse.signature)).booleanValue();
        }
        return false;
    }

    public static ECPublicKey decodeKey(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException {
        X9ECParameters byName = ECNamedCurveTable.getByName("secp256k1");
        KeyFactory.getInstance("ECDSA", "BC");
        ECPointUtil.decodePoint(EC5Util.convertCurve(byName.getCurve(), byName.getSeed()), bArr);
        return null;
    }

    public static Digest getDigest(TPM_ALG_ID tpm_alg_id) {
        switch (tpm_alg_id.asEnum()) {
            case SHA1:
                return new SHA1Digest();
            case SHA256:
                return new SHA256Digest();
            case SHA384:
                return new SHA384Digest();
            case SHA512:
                return new SHA512Digest();
            default:
                throw new RuntimeException("No such digest");
        }
    }

    /* JADX WARN: Type inference failed for: r0v20, types: [byte[], byte[][]] */
    public static byte[] KDFa(TPM_ALG_ID tpm_alg_id, byte[] bArr, String str, byte[] bArr2, byte[] bArr3, int i) {
        int digestSize = digestSize(tpm_alg_id) * 8;
        long j = ((i + digestSize) - 1) / digestSize;
        byte[] bArr4 = new byte[(int) ((j * digestSize) / 8)];
        for (int i2 = 0; i2 < j; i2++) {
            byte[] hmac = hmac(tpm_alg_id, bArr, Helpers.concatenate(new byte[]{Helpers.hostToNet(i2 + 1), stringToLabel(str), bArr2, bArr3, Helpers.hostToNet(i)}));
            System.arraycopy(hmac, 0, bArr4, (i2 * digestSize) / 8, hmac.length);
        }
        return Helpers.shiftRight(bArr4, (int) ((digestSize * j) - i));
    }

    public static byte[] oaepEncrypt(TPMS_RSA_PARMS tpms_rsa_parms, TPM2B_PUBLIC_KEY_RSA tpm2b_public_key_rsa, byte[] bArr, TPM_ALG_ID tpm_alg_id, String str) {
        byte[] stringToLabel = stringToLabel(str);
        int i = tpms_rsa_parms.exponent;
        if (i == 0) {
            i = 65537;
        }
        RSAKeyParameters rSAKeyParameters = new RSAKeyParameters(false, new BigInteger(1, tpm2b_public_key_rsa.buffer), BigInteger.valueOf(i));
        try {
            OAEPEncoding oAEPEncoding = new OAEPEncoding(new RSAEngine(), getDigest(tpm_alg_id), stringToLabel);
            oAEPEncoding.init(true, new ParametersWithRandom(rSAKeyParameters));
            return oAEPEncoding.processBlock(bArr, 0, bArr.length);
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException("Encoding failed");
        }
    }

    public static byte[] asymEncrypt(TPMT_PUBLIC tpmt_public, byte[] bArr, String str) {
        return oaepEncrypt((TPMS_RSA_PARMS) tpmt_public.parameters, (TPM2B_PUBLIC_KEY_RSA) tpmt_public.unique, bArr, tpmt_public.nameAlg, str);
    }

    static byte[] stringToLabel(String str) {
        return Helpers.concatenate(Charset.forName("UTF-8").encode(str).array(), new byte[]{0});
    }

    public static TPM_ALG_ID getSigningHashAlg(TPMT_PUBLIC tpmt_public) {
        if (!(tpmt_public.parameters instanceof TPMS_RSA_PARMS)) {
            throw new RuntimeException("Unsupported algorithm");
        }
        TPMS_RSA_PARMS tpms_rsa_parms = (TPMS_RSA_PARMS) tpmt_public.parameters;
        if (tpms_rsa_parms.scheme instanceof TPMS_SIG_SCHEME_RSASSA) {
            return ((TPMS_SIG_SCHEME_RSASSA) tpms_rsa_parms.scheme).hashAlg;
        }
        if (tpms_rsa_parms.scheme instanceof TPMS_SIG_SCHEME_RSAPSS) {
            return ((TPMS_SIG_SCHEME_RSAPSS) tpms_rsa_parms.scheme).hashAlg;
        }
        throw new RuntimeException("Unsupported scheme");
    }

    public static byte[] cfbEncrypt(boolean z, TPM_ALG_ID tpm_alg_id, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (tpm_alg_id != TPM_ALG_ID.AES) {
            throw new TpmException("Only AES is supported");
        }
        int length = bArr.length * 8;
        byte[] bArr4 = bArr2 == null ? new byte[0] : bArr2;
        CFBBlockCipher cFBBlockCipher = new CFBBlockCipher(new AESEngine(), length);
        cFBBlockCipher.init(z, new ParametersWithIV(new KeyParameter(bArr), bArr4));
        byte[] bArr5 = new byte[bArr3.length];
        if (cFBBlockCipher.processBytes(bArr3, 0, bArr3.length, bArr5, 0) != bArr3.length) {
            throw new RuntimeException("Error!");
        }
        return bArr5;
    }

    public static RsaKeyPair createRsaKey(int i, int i2) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(i);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) generateKeyPair.getPrivate();
            RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
            RsaKeyPair rsaKeyPair = new RsaKeyPair();
            rsaKeyPair.PublicKey = rSAPublicKey.getModulus();
            rsaKeyPair.PrivateKey = rSAPrivateCrtKey.getPrimeP();
            return rsaKeyPair;
        } catch (Exception e) {
            throw new TpmException("Bad alg:", e);
        }
    }

    public static ECCKeyPair createECCKey(TPM_ECC_CURVE tpm_ecc_curve, TPM_ALG_ID tpm_alg_id) {
        try {
            ECCKeyPair eCCKeyPair = new ECCKeyPair();
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(ecTpmToBc(tpm_ecc_curve));
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ecTpmToBc(tpm_alg_id), "BC");
            keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            BCECPrivateKey bCECPrivateKey = (BCECPrivateKey) generateKeyPair.getPrivate();
            eCCKeyPair.PublicKey = ((BCECPublicKey) generateKeyPair.getPublic()).getQ();
            eCCKeyPair.PrivateKey = bCECPrivateKey.getD();
            return eCCKeyPair;
        } catch (Exception e) {
            throw new TpmException("Bad alg:", e);
        }
    }

    static String ecTpmToBc(TPM_ECC_CURVE tpm_ecc_curve) {
        switch (tpm_ecc_curve.asEnum()) {
            case NIST_P256:
                return "P-256";
            default:
                throw new TpmException("Unsupported alg");
        }
    }

    static String ecTpmToBc(TPM_ALG_ID tpm_alg_id) {
        switch (tpm_alg_id.asEnum()) {
            case ECDSA:
                return "ECDSA";
            case ECDH:
                return "ECDH";
            default:
                throw new TpmException("Unsupported alg");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int ecTpmKeyStrength(TPM_ECC_CURVE tpm_ecc_curve) {
        switch (tpm_ecc_curve.asEnum()) {
            case NIST_P256:
                return 256;
            default:
                throw new TpmException("Unsupported alg");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] bigIntToTpmInt(BigInteger bigInteger, int i) {
        int i2 = i / 8;
        byte[] byteArray = bigInteger.toByteArray();
        byte[] bArr = new byte[i2];
        int length = byteArray.length - i2;
        if (length > 5 || length < -5) {
            throw new RuntimeException("help");
        }
        for (int i3 = 0; i3 < i2; i3++) {
            if (i3 + length >= 0) {
                bArr[i3] = byteArray[i3 + length];
            }
        }
        return bArr;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
