package ca.uwaterloo.crysp.otr;

import ca.uwaterloo.crysp.otr.crypt.AESKey;
import ca.uwaterloo.crysp.otr.crypt.DHKeyAgreement;
import ca.uwaterloo.crysp.otr.crypt.DHPublicKey;
import ca.uwaterloo.crysp.otr.crypt.DSAPrivateKey;
import ca.uwaterloo.crysp.otr.crypt.DSAPublicKey;
import ca.uwaterloo.crysp.otr.crypt.HMAC;
import ca.uwaterloo.crysp.otr.crypt.HMACKey;
import ca.uwaterloo.crysp.otr.crypt.KeyPair;
import ca.uwaterloo.crysp.otr.crypt.MPI;
import ca.uwaterloo.crysp.otr.crypt.OTRCryptException;
import ca.uwaterloo.crysp.otr.crypt.Provider;
import ca.uwaterloo.crysp.otr.message.DHCommitMessage;
import ca.uwaterloo.crysp.otr.message.DHKeyMessage;
import ca.uwaterloo.crysp.otr.message.RevealSignatureMessage;
import ca.uwaterloo.crysp.otr.message.SignatureMessage;

/* loaded from: classes.dex */
public class AuthInfo {
    public static final byte[] DH_MODULUS = Util.hexStringToBytes("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF");
    public static final byte[] DH_MODULUS_MINUS_2 = Util.hexStringToBytes("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFD");
    AESKey enc_c;
    AESKey enc_cp;
    byte[] encgx;
    int havemsgp;
    int initiated;
    String lastauthmsg;
    HMACKey mac_m1;
    HMACKey mac_m1p;
    HMACKey mac_m2;
    HMACKey mac_m2p;
    KeyPair our_dh;
    int our_keyid;
    Provider prov;
    int sessionid_len;
    int their_keyid;
    DHPublicKey their_pub;
    AuthState authstate = new AuthState();
    byte[] r = new byte[16];
    byte[] hashgx = new byte[32];
    byte[] their_fingerprint = new byte[20];
    byte[] secure_session_id = new byte[20];

    public AuthInfo(Provider provider) {
        this.prov = provider;
    }

    byte[] calculatePubkeyAuth(PrivKey privKey, HMACKey hMACKey, AESKey aESKey) throws OTRException {
        byte[] y = ((DHPublicKey) this.our_dh.getPublicKey()).getY();
        byte[] y2 = this.their_pub.getY();
        byte[] bArr = new byte[y.length + y2.length + 2 + privKey.pubkeySize() + 4];
        System.arraycopy(y, 0, bArr, 0, y.length);
        int length = y.length + 0;
        System.arraycopy(y2, 0, bArr, length, y2.length);
        int length2 = length + y2.length;
        bArr[length2] = (byte) ((privKey.pubkeyType() >> 16) & 255);
        bArr[length2 + 1] = (byte) (privKey.pubkeyType() & 255);
        int i = length2 + 2;
        System.arraycopy(privKey.pubkey_data, 0, bArr, i, privKey.pubkeySize());
        int pubkeySize = i + privKey.pubkeySize();
        writeInt(bArr, pubkeySize, this.our_keyid);
        if (pubkeySize + 4 != bArr.length) {
            throw new OTRException("Invalid length");
        }
        HMAC hmacsha256 = this.prov.getHMACSHA256();
        hmacsha256.setKey(hMACKey);
        byte[] sign = this.prov.getRawDSA().sign((DSAPrivateKey) privKey.getKeyPair().getPrivateKey(), hmacsha256.tag(bArr));
        byte[] bArr2 = new byte[privKey.pubkeySize() + 2 + 4 + sign.length];
        bArr2[0] = (byte) ((privKey.pubkeyType() >> 16) & 255);
        bArr2[1] = (byte) (privKey.pubkeyType() & 255);
        System.arraycopy(privKey.pubkey_data, 0, bArr2, 2, privKey.pubkeySize());
        int pubkeySize2 = 2 + privKey.pubkeySize();
        writeInt(bArr2, pubkeySize2, this.our_keyid);
        int i2 = pubkeySize2 + 4;
        System.arraycopy(sign, 0, bArr2, i2, sign.length);
        if (i2 + sign.length != bArr2.length) {
            throw new OTRException("Invalid length");
        }
        return this.prov.getAESCounterMode(aESKey, new byte[8]).doFinal(bArr2);
    }

    void checkPubkeyAuth(byte[] bArr, HMACKey hMACKey, AESKey aESKey) throws OTRException {
        byte[] doFinal = this.prov.getAESCounterMode(aESKey, new byte[8]).doFinal(bArr);
        if (doFinal.length < 2) {
            throw new OTRException("Invalid length.");
        }
        int i = (doFinal[0] << 8) + doFinal[1];
        if (i != 0) {
            throw new OTRException("Public key type is not DSA.");
        }
        int readInt = readInt(doFinal, 2);
        byte[] bArr2 = new byte[readInt];
        System.arraycopy(doFinal, 6, bArr2, 0, readInt);
        MPI mpi = new MPI(bArr2);
        int i2 = readInt + 4 + 2;
        int readInt2 = readInt(doFinal, i2);
        byte[] bArr3 = new byte[readInt2];
        System.arraycopy(doFinal, i2 + 4, bArr3, 0, readInt2);
        MPI mpi2 = new MPI(bArr3);
        int i3 = i2 + readInt2 + 4;
        int readInt3 = readInt(doFinal, i3);
        byte[] bArr4 = new byte[readInt3];
        System.arraycopy(doFinal, i3 + 4, bArr4, 0, readInt3);
        MPI mpi3 = new MPI(bArr4);
        int i4 = i3 + readInt3 + 4;
        int readInt4 = readInt(doFinal, i4);
        byte[] bArr5 = new byte[readInt4];
        System.arraycopy(doFinal, i4 + 4, bArr5, 0, readInt4);
        MPI mpi4 = new MPI(bArr5);
        int i5 = i4 + readInt4 + 4;
        int i6 = i5 - 2;
        this.their_fingerprint = this.prov.getSHA1().hash(doFinal, 2, i6);
        int readInt5 = readInt(doFinal, i5);
        if (readInt5 == 0) {
            throw new OTRException("Invalid value");
        }
        int i7 = i5 + 4;
        byte[] bArr6 = new byte[doFinal.length - i7];
        System.arraycopy(doFinal, i7, bArr6, 0, bArr6.length);
        byte[] serialize = this.their_pub.serialize();
        byte[] serialize2 = this.our_dh.getPublicKey().serialize();
        byte[] bArr7 = new byte[(serialize2.length - 4) + 4 + 4 + (serialize.length - 4) + 2 + i6 + 4];
        System.arraycopy(serialize, 0, bArr7, 0, serialize.length);
        int length = serialize.length + 0;
        System.arraycopy(serialize2, 0, bArr7, length, serialize2.length);
        int length2 = length + serialize2.length;
        bArr7[length2] = (byte) ((i >> 16) & 255);
        bArr7[length2 + 1] = (byte) (i & 255);
        int i8 = length2 + 2;
        System.arraycopy(doFinal, 2, bArr7, i8, i6);
        int i9 = i8 + i6;
        writeInt(bArr7, i9, readInt5);
        if (i9 + 4 != bArr7.length) {
            throw new OTRException("Invalid length");
        }
        try {
            DSAPublicKey dSAPublicKey = this.prov.getDSAPublicKey(mpi, mpi2, mpi3, mpi4);
            HMAC hmacsha256 = this.prov.getHMACSHA256();
            hmacsha256.setKey(hMACKey);
            if (!this.prov.getRawDSA().verify(dSAPublicKey, bArr6, hmacsha256.tag(bArr7))) {
                throw new OTRException("Signature verification failed.");
            }
            this.their_keyid = readInt5;
        } catch (Exception unused) {
            throw new OTRException("Failed to get DSA public key");
        }
    }

    void computeAuthKeys() throws OTRCryptException {
        byte[] bArr = {2};
        byte[] y = this.their_pub.getY();
        byte[] bArr2 = new byte[y.length - 4];
        System.arraycopy(y, 4, bArr2, 0, bArr2.length);
        if (this.prov.compareMPI(new MPI(bArr2), new MPI(bArr)) < 0 || this.prov.compareMPI(new MPI(bArr2), new MPI(DH_MODULUS_MINUS_2)) > 0) {
            throw new OTRCryptException("Invalid pubkey");
        }
        DHKeyAgreement dHKeyAgreement = this.prov.getDHKeyAgreement();
        dHKeyAgreement.init(this.our_dh.getPrivateKey());
        byte[] generateSecret = dHKeyAgreement.generateSecret(this.their_pub);
        byte[] bArr3 = new byte[generateSecret.length + 5];
        bArr3[1] = (byte) ((generateSecret.length >> 24) & 255);
        bArr3[2] = (byte) ((generateSecret.length >> 16) & 255);
        bArr3[3] = (byte) ((generateSecret.length >> 8) & 255);
        bArr3[4] = (byte) (generateSecret.length & 255);
        System.arraycopy(generateSecret, 0, bArr3, 5, generateSecret.length);
        bArr3[0] = 0;
        System.arraycopy(this.prov.getSHA256().hash(bArr3), 0, this.secure_session_id, 0, 8);
        this.sessionid_len = 8;
        bArr3[0] = 1;
        byte[] hash = this.prov.getSHA256().hash(bArr3);
        byte[] bArr4 = new byte[16];
        System.arraycopy(hash, 0, bArr4, 0, 16);
        this.enc_c = this.prov.getAESKey(bArr4);
        System.arraycopy(hash, 16, bArr4, 0, 16);
        this.enc_cp = this.prov.getAESKey(bArr4);
        bArr3[0] = 2;
        this.mac_m1 = this.prov.getHMACKey(this.prov.getSHA256().hash(bArr3));
        bArr3[0] = 3;
        this.mac_m2 = this.prov.getHMACKey(this.prov.getSHA256().hash(bArr3));
        bArr3[0] = 4;
        this.mac_m1p = this.prov.getHMACKey(this.prov.getSHA256().hash(bArr3));
        bArr3[0] = 5;
        this.mac_m2p = this.prov.getHMACKey(this.prov.getSHA256().hash(bArr3));
    }

    void createKeyMessage() throws OTRException {
        this.lastauthmsg = new String(Base64Coder.encode(new DHKeyMessage((short) 2, MPI.readMPI(new InBuf(((DHPublicKey) this.our_dh.getPublicKey()).getY()))).getContent()));
        this.havemsgp = 1;
    }

    void createRevealsigMessage(PrivKey privKey) throws OTRException {
        byte[] calculatePubkeyAuth = calculatePubkeyAuth(privKey, this.mac_m1, this.enc_c);
        byte[] bArr = new byte[calculatePubkeyAuth.length + 4];
        writeInt(bArr, 0, calculatePubkeyAuth.length);
        System.arraycopy(calculatePubkeyAuth, 0, bArr, 4, calculatePubkeyAuth.length);
        HMAC hmacsha256 = this.prov.getHMACSHA256();
        hmacsha256.setKey(this.mac_m2);
        byte[] tag = hmacsha256.tag(bArr, 0, calculatePubkeyAuth.length + 4);
        byte[] bArr2 = new byte[20];
        System.arraycopy(tag, 0, bArr2, 0, 20);
        this.lastauthmsg = new String(Base64Coder.encode(new RevealSignatureMessage((short) 2, new Data(this.r), new Data(calculatePubkeyAuth), new Data(bArr2)).getContent()));
        this.havemsgp = 1;
    }

    void createSignatureMessage(PrivKey privKey) throws OTRException {
        byte[] calculatePubkeyAuth = calculatePubkeyAuth(privKey, this.mac_m1p, this.enc_cp);
        byte[] bArr = new byte[calculatePubkeyAuth.length + 4];
        writeInt(bArr, 0, calculatePubkeyAuth.length);
        System.arraycopy(calculatePubkeyAuth, 0, bArr, 4, calculatePubkeyAuth.length);
        HMAC hmacsha256 = this.prov.getHMACSHA256();
        hmacsha256.setKey(this.mac_m2p);
        byte[] bArr2 = new byte[20];
        System.arraycopy(hmacsha256.tag(bArr), 0, bArr2, 0, 20);
        this.lastauthmsg = new String(Base64Coder.encode(new SignatureMessage((short) 2, new Data(calculatePubkeyAuth), bArr2).getContent()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handleCommit(byte[] bArr, KeyPair keyPair) throws OTRException {
        DHCommitMessage readDHCommitMessage = DHCommitMessage.readDHCommitMessage(new InBuf(bArr, 3, bArr.length - 3), (short) 2);
        if (bArr.length < 3 || bArr[0] != 0 || bArr[1] != 2 || bArr[2] != 2) {
            throw new OTRException("Invalid version or message type");
        }
        byte[] value = readDHCommitMessage.getEncryptedGx().getValue();
        byte[] value2 = readDHCommitMessage.getHashedGx().getValue();
        if (value2.length != 32) {
            throw new OTRException("Invalid hash length");
        }
        switch (this.authstate.curState) {
            case 0:
            case 3:
                if (keyPair == null) {
                    this.our_dh = this.prov.getDHKeyPairGenerator().generateKeyPair();
                } else {
                    this.our_dh = keyPair;
                }
                this.our_keyid = 1;
                this.encgx = value;
                this.hashgx = value2;
                createKeyMessage();
                this.authstate.processEvent(2);
                return;
            case 1:
                if (new String(this.hashgx).compareTo(new String(value2)) > 0) {
                    return;
                }
                this.our_dh = this.prov.getDHKeyPairGenerator().generateKeyPair();
                this.our_keyid = 1;
                this.encgx = value;
                this.hashgx = value2;
                createKeyMessage();
                this.authstate.processEvent(2);
                return;
            case 2:
                this.encgx = value;
                this.hashgx = value2;
                return;
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handleKey(byte[] bArr, PrivKey privKey) throws OTRException {
        if (bArr.length < 3) {
            throw new OTRException("Invalid key message length");
        }
        byte[] bArr2 = new byte[bArr.length - 3];
        System.arraycopy(bArr, 3, bArr2, 0, bArr2.length);
        this.havemsgp = 0;
        MPI gy = DHKeyMessage.readDHKeyMessage(new InBuf(bArr2), (short) 2).getGy();
        switch (this.authstate.curState) {
            case 0:
            case 2:
                this.havemsgp = 0;
                return;
            case 1:
                this.their_pub = this.prov.getDHPublicKey(gy);
                computeAuthKeys();
                createRevealsigMessage(privKey);
                this.havemsgp = 1;
                this.authstate.processEvent(3);
                return;
            case 3:
                if (Util.arrayEquals(this.their_pub.getY(), gy.toBytes())) {
                    this.havemsgp = 1;
                    return;
                } else {
                    this.havemsgp = 0;
                    return;
                }
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handleRevealsig(byte[] bArr, PrivKey privKey) throws OTRException {
        this.havemsgp = 0;
        if (bArr.length < 3) {
            throw new OTRException("Invalid revealsignature message length");
        }
        byte[] bArr2 = new byte[bArr.length - 3];
        System.arraycopy(bArr, 3, bArr2, 0, bArr2.length);
        RevealSignatureMessage readRevealSignatureMessage = RevealSignatureMessage.readRevealSignatureMessage(new InBuf(bArr2), (short) 2);
        if (readRevealSignatureMessage.getRevealedKey().getValue().length != 16) {
            throw new OTRException("Invalid length.");
        }
        System.arraycopy(readRevealSignatureMessage.getRevealedKey().getValue(), 0, this.r, 0, 16);
        int length = readRevealSignatureMessage.getEncryptedSignature().getLength();
        byte[] bArr3 = new byte[length + 4];
        writeInt(bArr3, 0, length);
        System.arraycopy(readRevealSignatureMessage.getEncryptedSignature().getValue(), 0, bArr3, 4, bArr3.length - 4);
        switch (this.authstate.curState) {
            case 0:
            case 1:
            case 3:
                this.havemsgp = 0;
                return;
            case 2:
                byte[] doFinal = this.prov.getAESCounterMode(this.prov.getAESKey(this.r), new byte[16]).doFinal(this.encgx);
                byte[] bArr4 = new byte[doFinal.length - 4];
                System.arraycopy(doFinal, 4, bArr4, 0, bArr4.length);
                if (!Util.arrayEquals(this.prov.getSHA256().hash(doFinal), this.hashgx)) {
                    throw new OTRException("Hash checking failed");
                }
                this.their_pub = this.prov.getDHPublicKey(new MPI(bArr4));
                computeAuthKeys();
                HMAC hmacsha256 = this.prov.getHMACSHA256();
                hmacsha256.setKey(this.mac_m2);
                byte[] bArr5 = new byte[20];
                System.arraycopy(hmacsha256.tag(bArr3), 0, bArr5, 0, 20);
                if (!Util.arrayEquals(bArr5, readRevealSignatureMessage.getSigMac().getValue())) {
                    throw new OTRException("MAC checking failed");
                }
                byte[] bArr6 = new byte[length];
                System.arraycopy(bArr3, 4, bArr6, 0, length);
                checkPubkeyAuth(bArr6, this.mac_m1, this.enc_c);
                createSignatureMessage(privKey);
                this.havemsgp = 1;
                this.authstate.processEvent(5);
                return;
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handleSignature(byte[] bArr) throws OTRException {
        this.havemsgp = 0;
        byte[] bArr2 = new byte[bArr.length - 3];
        System.arraycopy(bArr, 3, bArr2, 0, bArr2.length);
        SignatureMessage readSignatureMessage = SignatureMessage.readSignatureMessage(new InBuf(bArr2), (short) 2);
        int length = readSignatureMessage.getEncryptedSignature().getLength();
        byte[] bArr3 = new byte[length + 4];
        writeInt(bArr3, 0, length);
        System.arraycopy(readSignatureMessage.getEncryptedSignature().getValue(), 0, bArr3, 4, bArr3.length - 4);
        switch (this.authstate.curState) {
            case 0:
            case 1:
            case 2:
                this.havemsgp = 0;
                return;
            case 3:
                HMAC hmacsha256 = this.prov.getHMACSHA256();
                hmacsha256.setKey(this.mac_m2p);
                byte[] bArr4 = new byte[20];
                System.arraycopy(hmacsha256.tag(bArr3), 0, bArr4, 0, 20);
                if (!Util.arrayEquals(bArr4, readSignatureMessage.getMacSignature())) {
                    throw new OTRException("MAC checking failed");
                }
                byte[] bArr5 = new byte[length];
                System.arraycopy(bArr3, 4, bArr5, 0, length);
                try {
                    checkPubkeyAuth(bArr5, this.mac_m1p, this.enc_cp);
                    this.lastauthmsg = null;
                    this.havemsgp = 0;
                    this.authstate.processEvent(7);
                    return;
                } catch (Exception e) {
                    e.printStackTrace();
                    return;
                }
            default:
                return;
        }
    }

    int readInt(byte[] bArr, int i) {
        return (bArr[i + 3] & 255) | (bArr[i] << 24) | ((bArr[i + 1] << 16) & 16711680) | ((bArr[i + 2] << 8) & 65280);
    }

    public void startAKE(KeyPair keyPair) throws OTRException {
        this.initiated = 1;
        if (keyPair == null) {
            this.our_dh = this.prov.getDHKeyPairGenerator().generateKeyPair();
        } else {
            this.our_dh = keyPair;
        }
        this.our_keyid = 1;
        this.prov.getSecureRandom().nextBytes(this.r);
        this.encgx = ((DHPublicKey) this.our_dh.getPublicKey()).getY();
        this.hashgx = this.prov.getSHA256().hash(this.encgx);
        this.encgx = this.prov.getAESCounterMode(this.prov.getAESKey(this.r), new byte[16]).doFinal(this.encgx);
        this.lastauthmsg = new String(Base64Coder.encode(new DHCommitMessage((short) 2, new Data(this.encgx), new Data(this.hashgx)).getContent()));
        this.havemsgp = 1;
        this.authstate.processEvent(0);
    }

    void writeInt(byte[] bArr, int i, int i2) {
        bArr[i] = (byte) ((i2 >> 24) & 255);
        bArr[i + 1] = (byte) ((i2 >> 16) & 255);
        bArr[i + 2] = (byte) ((i2 >> 8) & 255);
        bArr[i + 3] = (byte) (i2 & 255);
    }
}
