package com.unbound.common.crypto.mpc;

import com.unbound.common.Convertable;
import com.unbound.common.Converter;
import com.unbound.common.crypto.AES;
import com.unbound.common.crypto.CryptoRandom;
import com.unbound.common.crypto.EC;
import com.unbound.common.crypto.SHA256;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import javax.crypto.AEADBadTagException;

/* loaded from: input_file:com/unbound/common/crypto/mpc/COTMessaging.class */
public class COTMessaging {
    private static final int HASH_LEN = 32;
    private static final int AES_KEY_LEN = 16;
    private static final int GCM_IV_LEN = 12;
    private static final int GCM_TAG_LEN = 12;
    private static final int KM_LEN = 32;
    private static final int REFRESH_LEN = 16;
    private static EC.Curve curve = EC.P256;
    private static final byte[] mToCot = "m-to-cot".getBytes(StandardCharsets.UTF_8);
    private static final byte[] cotToM = "cot-to-m".getBytes(StandardCharsets.UTF_8);

    /* loaded from: input_file:com/unbound/common/crypto/mpc/COTMessaging$Client.class */
    public static final class Client implements Convertable {
        private byte[] km;
        private byte[] UID;
        private byte[] thumb;
        private byte[] R;
        private byte[] auth;
        private EC.Point P;
        private long counter;
        private byte[] h;
        private byte[] r1;
        private byte[] k;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/unbound/common/crypto/mpc/COTMessaging$Client$Message.class */
        public static final class Message implements Convertable {
            private long counter;
            private byte[] iv;
            private byte[] c;
            private EC.Point Q1;

            /* JADX INFO: Access modifiers changed from: private */
            /* loaded from: input_file:com/unbound/common/crypto/mpc/COTMessaging$Client$Message$Packet.class */
            public static final class Packet implements Convertable {
                private byte[] h;
                private byte[] r1;
                private byte[] m;

                private Packet() {
                }

                @Override // com.unbound.common.Convertable
                public void convert(Converter converter) {
                    this.h = converter.convertFixSize(this.h, 32);
                    this.r1 = converter.convertFixSize(this.r1, 16);
                    this.m = converter.convert(this.m);
                }
            }

            private Message() {
            }

            @Override // com.unbound.common.Convertable
            public void convert(Converter converter) {
                this.counter = converter.convert(this.counter);
                this.iv = converter.convertFixSize(this.iv, 12);
                this.Q1 = EC.convertFixSize(converter, COTMessaging.curve, this.Q1);
                this.c = converter.convert(this.c);
            }
        }

        public Client() {
        }

        public Client(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6) {
            this.r1 = new byte[16];
            this.k = new byte[16];
            this.counter = 0L;
            this.km = bArr;
            this.UID = bArr2;
            this.thumb = bArr3;
            this.R = bArr4;
            this.auth = bArr5;
            this.P = EC.Point.fromOct(COTMessaging.curve, bArr6);
            this.h = new SHA256().update(bArr3).update(bArr4).update(bArr5).end();
        }

        private static byte[] getAAD(long j, byte[] bArr) {
            byte[] bArr2 = new byte[COTMessaging.mToCot.length + 8 + bArr.length];
            System.arraycopy(COTMessaging.mToCot, 0, bArr2, 0, COTMessaging.mToCot.length);
            Converter.setBE8(bArr2, COTMessaging.mToCot.length, j);
            System.arraycopy(bArr, 0, bArr2, COTMessaging.mToCot.length + 8, bArr.length);
            return bArr2;
        }

        public byte[] toByteArray() {
            return Converter.convert(this);
        }

        public static Client fromByteArray(byte[] bArr) {
            return (Client) Converter.convert(new Client(), bArr);
        }

        public byte[] request(byte[] bArr) {
            this.counter++;
            BigInteger generateBigInteger = CryptoRandom.generateBigInteger(COTMessaging.curve.order);
            Message message = new Message();
            message.iv = CryptoRandom.generate(12);
            message.Q1 = COTMessaging.curve.generator.mul(generateBigInteger);
            this.k = COTMessaging.half(new SHA256().update(this.P.mul(generateBigInteger)).update(this.km).end());
            Message.Packet packet = new Message.Packet();
            packet.h = this.h;
            byte[] generate = CryptoRandom.generate(16);
            this.r1 = generate;
            packet.r1 = generate;
            packet.m = bArr;
            message.c = AES.GCM.encrypt(this.k, message.iv, getAAD(this.counter, this.UID), 12, Converter.convert(packet));
            message.counter = this.counter;
            return Converter.convert(message);
        }

        public byte[] response(byte[] bArr) {
            try {
                Server.Message message = (Server.Message) Converter.convert(new Server.Message(), bArr);
                Server.Message.Packet packet = (Server.Message.Packet) Converter.convert(new Server.Message.Packet(), AES.GCM.decrypt(this.k, message.iv, COTMessaging.cotToM, 12, message.c));
                this.km = new SHA256().update(this.r1).update(packet.r2).end();
                Arrays.fill(this.r1, (byte) 0);
                Arrays.fill(this.k, (byte) 0);
                return packet.m;
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        }

        @Override // com.unbound.common.Convertable
        public void convert(Converter converter) {
            this.km = converter.convertFixSize(this.km, 32);
            this.UID = converter.convert(this.UID);
            this.thumb = converter.convert(this.thumb);
            this.R = converter.convert(this.R);
            this.auth = converter.convert(this.auth);
            this.P = EC.convertFixSize(converter, COTMessaging.curve, this.P);
            this.counter = converter.convert(this.counter);
            this.h = converter.convertFixSize(this.h, 32);
            this.k = converter.convertFixSize(this.k, 16);
            this.r1 = converter.convertFixSize(this.r1, 16);
        }
    }

    /* loaded from: input_file:com/unbound/common/crypto/mpc/COTMessaging$Server.class */
    public static final class Server implements Convertable {
        private long counter;
        private byte[] km;
        private byte[] prevKm;
        private byte[] UID;
        private BigInteger x;
        private EC.Point P;
        private byte[] hHash;
        private byte[] k;
        private byte[] r1;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/unbound/common/crypto/mpc/COTMessaging$Server$Message.class */
        public static final class Message implements Convertable {
            private byte[] iv;
            private byte[] c;

            /* JADX INFO: Access modifiers changed from: private */
            /* loaded from: input_file:com/unbound/common/crypto/mpc/COTMessaging$Server$Message$Packet.class */
            public static final class Packet implements Convertable {
                private byte[] r2;
                private byte[] m;

                private Packet() {
                }

                @Override // com.unbound.common.Convertable
                public void convert(Converter converter) {
                    this.r2 = converter.convertFixSize(this.r2, 16);
                    this.m = converter.convert(this.m);
                }
            }

            private Message() {
            }

            @Override // com.unbound.common.Convertable
            public void convert(Converter converter) {
                this.iv = converter.convertFixSize(this.iv, 12);
                this.c = converter.convert(this.c);
            }
        }

        public Server() {
        }

        public Server(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
            this.counter = 0L;
            this.km = bArr;
            this.prevKm = new byte[32];
            this.UID = bArr2;
            this.x = new BigInteger(1, bArr4);
            this.P = COTMessaging.curve.generator.mul(this.x);
            this.hHash = SHA256.hash(bArr3);
            this.k = new byte[16];
            this.r1 = new byte[16];
        }

        public byte[] toByteArray() {
            return Converter.convert(this);
        }

        public static Server fromByteArray(byte[] bArr) {
            return (Server) Converter.convert(new Server(), bArr);
        }

        @Override // com.unbound.common.Convertable
        public void convert(Converter converter) {
            this.prevKm = converter.convertFixSize(this.prevKm, 32);
            this.km = converter.convertFixSize(this.km, 32);
            this.UID = converter.convert(this.UID);
            this.x = converter.convertPosFixSize(this.x, 32);
            this.P = EC.convertFixSize(converter, COTMessaging.curve, this.P);
            this.counter = converter.convert(this.counter);
            this.hHash = converter.convertFixSize(this.hHash, 32);
            this.k = converter.convertFixSize(this.k, 16);
            this.r1 = converter.convertFixSize(this.r1, 16);
        }

        public byte[] request(byte[] bArr) {
            byte[] decrypt;
            Client.Message message = (Client.Message) Converter.convert(new Client.Message(), bArr);
            if (message.counter <= this.counter) {
                throw new SecurityException("Counter violation");
            }
            this.counter = message.counter;
            try {
                byte[] aad = Client.getAAD(message.counter, this.UID);
                EC.Point mul = message.Q1.mul(this.x);
                this.k = COTMessaging.half(new SHA256().update(mul).update(this.km).end());
                try {
                    decrypt = AES.GCM.decrypt(this.k, message.iv, aad, 12, message.c);
                    this.prevKm = this.km;
                } catch (AEADBadTagException e) {
                    this.k = COTMessaging.half(new SHA256().update(mul).update(this.prevKm).end());
                    decrypt = AES.GCM.decrypt(this.k, message.iv, aad, 12, message.c);
                }
                Client.Message.Packet packet = (Client.Message.Packet) Converter.convert(new Client.Message.Packet(), decrypt);
                if (!Arrays.equals(this.hHash, SHA256.hash(packet.h))) {
                    throw new SecurityException("Authentication failed");
                }
                this.r1 = packet.r1;
                return packet.m;
            } catch (Exception e2) {
                throw new SecurityException(e2);
            }
        }

        public byte[] response(byte[] bArr) {
            Message.Packet packet = new Message.Packet();
            packet.r2 = CryptoRandom.generate(16);
            packet.m = bArr;
            Message message = new Message();
            message.iv = CryptoRandom.generate(12);
            message.c = AES.GCM.encrypt(this.k, message.iv, COTMessaging.cotToM, 12, Converter.convert(packet));
            this.km = new SHA256().update(this.r1).update(packet.r2).end();
            Arrays.fill(this.r1, (byte) 0);
            Arrays.fill(this.k, (byte) 0);
            return Converter.convert(message);
        }
    }

    private static byte[] half(byte[] bArr) {
        return Arrays.copyOf(bArr, bArr.length / 2);
    }

    public static void test() {
        byte[] generate = CryptoRandom.generate(32);
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        byte[] bArr3 = new byte[0];
        byte[] bArr4 = new byte[0];
        byte[] end = new SHA256().update(bArr2).update(bArr3).update(bArr4).end();
        BigInteger generateBigInteger = CryptoRandom.generateBigInteger(curve.order);
        Client client = new Client(generate, bArr, bArr2, bArr3, bArr4, curve.generator.mul(generateBigInteger).toCompressedOct());
        Server server = new Server(generate, bArr, end, generateBigInteger.toByteArray());
        byte[] bytes = "Request".getBytes(StandardCharsets.UTF_8);
        byte[] bytes2 = "Response".getBytes(StandardCharsets.UTF_8);
        byte[] byteArray = client.toByteArray();
        byte[] byteArray2 = server.toByteArray();
        Client fromByteArray = Client.fromByteArray(byteArray);
        byte[] request = fromByteArray.request(bytes);
        byte[] byteArray3 = fromByteArray.toByteArray();
        Server fromByteArray2 = Server.fromByteArray(byteArray2);
        new String(fromByteArray2.request(request), StandardCharsets.UTF_8);
        Server fromByteArray3 = Server.fromByteArray(fromByteArray2.toByteArray());
        byte[] response = fromByteArray3.response(bytes2);
        byte[] byteArray4 = fromByteArray3.toByteArray();
        Client fromByteArray4 = Client.fromByteArray(byteArray3);
        new String(fromByteArray4.response(response));
        Client fromByteArray5 = Client.fromByteArray(fromByteArray4.toByteArray());
        byte[] request2 = fromByteArray5.request(bytes);
        byte[] byteArray5 = fromByteArray5.toByteArray();
        Server fromByteArray6 = Server.fromByteArray(byteArray4);
        new String(fromByteArray6.request(request2), StandardCharsets.UTF_8);
        Server fromByteArray7 = Server.fromByteArray(fromByteArray6.toByteArray());
        byte[] response2 = fromByteArray7.response(bytes2);
        byte[] byteArray6 = fromByteArray7.toByteArray();
        new String(Client.fromByteArray(byteArray5).response(response2));
        Client fromByteArray8 = Client.fromByteArray(byteArray5);
        byte[] request3 = fromByteArray8.request(bytes);
        byte[] byteArray7 = fromByteArray8.toByteArray();
        Server fromByteArray9 = Server.fromByteArray(byteArray6);
        new String(fromByteArray9.request(request3), StandardCharsets.UTF_8);
        Server fromByteArray10 = Server.fromByteArray(fromByteArray9.toByteArray());
        byte[] response3 = fromByteArray10.response(bytes2);
        fromByteArray10.toByteArray();
        Client fromByteArray11 = Client.fromByteArray(byteArray7);
        new String(fromByteArray11.response(response3));
        fromByteArray11.toByteArray();
    }
}
