package com.rhombus.android.secure;

import android.util.Log;
import com.facebook.react.views.textinput.ReactEditTextInputConnectionWrapper;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;

/* loaded from: classes2.dex */
public class Secure {
    private static final int RAND_ITERATIONS = 15;
    private static final int SECURE_MAX_RECORD_SIZE = 1024;
    private static final int TRUNCATED_HMAC_LEN = 10;
    private byte[] _encryptionKey;
    private ECCKeyPair _keyPair;
    private RxInfo _peerToUs;
    private byte[] _salt;
    private final byte[] _secret;
    private boolean _server;
    private SecureState _state;
    private TxInfo _usToPeer;
    private ByteBuffer _workBuf;

    /* renamed from: com.rhombus.android.secure.Secure$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$rhombus$android$secure$Secure$SecureState = new int[SecureState.values().length];

        static {
            try {
                $SwitchMap$com$rhombus$android$secure$Secure$SecureState[SecureState.FATAL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$rhombus$android$secure$Secure$SecureState[SecureState.SEND_PUBLIC_KEY_AND_SALT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$rhombus$android$secure$Secure$SecureState[SecureState.WANT_PUBLIC_KEY_AND_SALT.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$rhombus$android$secure$Secure$SecureState[SecureState.HANDSHAKE_DONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* loaded from: classes2.dex */
    private static class RxInfo {
        int cur_record_len;
        AES128_CBC_PKCS7_CTX decrypt_ctx;
        HMAC_SHA256_CTX hmac_ctx;
        int raw_additional_expected;
        int sequenceNum;
        ByteBuffer raw = ByteBuffer.allocate(1036);
        ByteBuffer unwrapped = ByteBuffer.allocate(1024);

        RxInfo() {
        }
    }

    /* loaded from: classes2.dex */
    enum SecureState {
        SEND_PUBLIC_KEY_AND_SALT,
        WANT_PUBLIC_KEY_AND_SALT,
        HANDSHAKE_DONE,
        FATAL
    }

    /* loaded from: classes2.dex */
    private static class TxInfo {
        AES128_CBC_PKCS7_CTX encrypt_ctx;
        HMAC_SHA256_CTX hmac_ctx;
        int sequenceNum = 0;
        ByteBuffer wrapped = ByteBuffer.allocate(1036);

        TxInfo() {
        }
    }

    public Secure(boolean z, byte[] bArr) {
        if (bArr == null || !(bArr == null || bArr.length == 16)) {
            throw new IllegalArgumentException("secret is invalid size");
        }
        this._secret = new byte[16];
        this._salt = new byte[16];
        this._workBuf = ByteBuffer.allocate(1030);
        this._workBuf.order(ByteOrder.BIG_ENDIAN);
        this._peerToUs = new RxInfo();
        this._usToPeer = new TxInfo();
        System.arraycopy(bArr, 0, this._secret, 0, 16);
        this._server = z;
    }

    private static boolean _array1BeginsWithArray2(byte[] bArr, byte[] bArr2) {
        int i = 0;
        for (int i2 = 0; i2 < bArr2.length && bArr[i2] == bArr2[i2]; i2++) {
            i++;
        }
        return i == bArr2.length;
    }

    static void log_hex(String str, byte[] bArr, int i) {
        Log.i("Rhombus", str);
        Log.i("Rhombus", ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE + HexAsciiString.dump(bArr, 0, i, 16));
    }

    public int getUnwrapped(ByteBuffer byteBuffer) {
        if (this._peerToUs.unwrapped.position() <= 0) {
            return 0;
        }
        int remaining = byteBuffer.remaining() < this._peerToUs.unwrapped.position() ? byteBuffer.remaining() : this._peerToUs.unwrapped.position();
        byteBuffer.put(this._peerToUs.unwrapped.array(), 0, remaining);
        this._peerToUs.unwrapped.flip();
        this._peerToUs.unwrapped.position(remaining);
        this._peerToUs.unwrapped.compact();
        return remaining;
    }

    public int getUnwrappedCountAvail() {
        return this._peerToUs.unwrapped.position();
    }

    public int getWrapped(ByteBuffer byteBuffer) {
        int i;
        if (this._usToPeer.wrapped.position() > 0) {
            i = byteBuffer.remaining() < this._usToPeer.wrapped.position() ? byteBuffer.remaining() : this._usToPeer.wrapped.position();
            byteBuffer.put(this._usToPeer.wrapped.array(), 0, i);
            this._usToPeer.wrapped.flip();
            this._usToPeer.wrapped.position(i);
            this._usToPeer.wrapped.compact();
        } else {
            i = 0;
        }
        if (this._usToPeer.wrapped.position() == 0 && this._state == SecureState.SEND_PUBLIC_KEY_AND_SALT) {
            if (this._server) {
                this._state = SecureState.HANDSHAKE_DONE;
                this._peerToUs.raw_additional_expected = 2;
            } else {
                this._state = SecureState.WANT_PUBLIC_KEY_AND_SALT;
                this._peerToUs.raw_additional_expected = 80;
            }
        }
        return i;
    }

    public int getWrappedCountAvail() {
        return this._usToPeer.wrapped.position();
    }

    public boolean handshakeDone() {
        return this._state == SecureState.HANDSHAKE_DONE;
    }

    public boolean init() throws Exception {
        ECCKeyPair generate_key_pair = ECC.generate_key_pair(ECC_Curves.ECC_SECP256R1);
        this._keyPair = generate_key_pair;
        if (generate_key_pair == null) {
            Log.e("Rhombus", "Failure generating ECC key pair");
            return false;
        }
        Crypto.generate_random_number(this._salt, 15);
        Log.i("Rhombus", String.format("ECC pubkey size is %d and AES128 block size is %d", 64, 16));
        if (this._server) {
            this._state = SecureState.WANT_PUBLIC_KEY_AND_SALT;
            this._peerToUs.raw_additional_expected = 80;
        } else {
            this._usToPeer.wrapped.put(this._keyPair.getPublic());
            this._usToPeer.wrapped.put(this._salt);
            this._state = SecureState.SEND_PUBLIC_KEY_AND_SALT;
        }
        return true;
    }

    public SecureStatusEnum unwrap(ByteBuffer byteBuffer) throws Exception {
        SecureStatusEnum secureStatusEnum = SecureStatusEnum.SECURE_ERROR_NONE;
        int i = AnonymousClass1.$SwitchMap$com$rhombus$android$secure$Secure$SecureState[this._state.ordinal()];
        if (i == 1) {
            Log.e("Rhombus", "Already in FATAL state from previous error. Discard this context!");
            return SecureStatusEnum.SECURE_ERROR_FATAL;
        }
        if (i == 2) {
            return SecureStatusEnum.SECURE_ERROR_NEED_WRITE;
        }
        if (i == 3) {
            int remaining = byteBuffer.remaining() < this._peerToUs.raw_additional_expected ? byteBuffer.remaining() : this._peerToUs.raw_additional_expected;
            this._peerToUs.raw.put(byteBuffer.array(), byteBuffer.arrayOffset() + byteBuffer.position(), remaining);
            byteBuffer.position(byteBuffer.position() + remaining);
            this._peerToUs.raw_additional_expected -= remaining;
            if (this._peerToUs.raw_additional_expected != 0) {
                return SecureStatusEnum.SECURE_ERROR_NEED_UNWRAP;
            }
            this._peerToUs.raw.flip();
            byte[] bArr = new byte[64];
            byte[] bArr2 = new byte[16];
            byte[] bArr3 = new byte[16];
            this._peerToUs.raw.get(bArr);
            this._peerToUs.raw.get(bArr2);
            this._peerToUs.raw.compact();
            log_hex("remote pubkey ", bArr, bArr.length);
            log_hex("remote salt ", bArr2, bArr2.length);
            if (this._server) {
                byte[] bArr4 = this._salt;
                System.arraycopy(bArr4, 0, bArr3, 0, bArr4.length);
            } else {
                System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            }
            log_hex("our privkey", this._keyPair.getPrivate(), this._keyPair.getPrivate().length);
            byte[] generate_shared_session_key = ECC.generate_shared_session_key(ECC_Curves.ECC_SECP256R1, bArr, this._keyPair.getPrivateKey());
            if (generate_shared_session_key == null) {
                Log.i("Rhombus", "Failed to generate session key");
                SecureStatusEnum secureStatusEnum2 = SecureStatusEnum.SECURE_ERROR_FATAL;
                this._state = SecureState.FATAL;
                return secureStatusEnum2;
            }
            log_hex("shared session key", generate_shared_session_key, generate_shared_session_key.length);
            log_hex("salt", bArr3, 16);
            log_hex("secret", this._secret, 16);
            this._encryptionKey = Crypto.generate_encryption_key(generate_shared_session_key, bArr3, this._secret);
            if (this._encryptionKey == null) {
                Log.i("Rhombus", "Failed to generate encryption key");
                SecureStatusEnum secureStatusEnum3 = SecureStatusEnum.SECURE_ERROR_FATAL;
                this._state = SecureState.FATAL;
                return secureStatusEnum3;
            }
            Log.i("Rhombus", "Encryption Key created successfully");
            byte[] bArr5 = this._encryptionKey;
            log_hex("key", bArr5, bArr5.length);
            byte[] bArr6 = this._salt;
            log_hex("encrypt IV", bArr6, bArr6.length);
            log_hex("decrypt IV", bArr2, bArr2.length);
            this._usToPeer.encrypt_ctx = Crypto.aes128_cbc_pkcs7_ctx_new(true, this._encryptionKey, this._salt);
            this._peerToUs.decrypt_ctx = Crypto.aes128_cbc_pkcs7_ctx_new(false, this._encryptionKey, bArr2);
            byte[] generate_encryption_key = Crypto.generate_encryption_key(this._secret, this._salt, null);
            log_hex("HMAC key for TX", generate_encryption_key, generate_encryption_key.length);
            this._usToPeer.hmac_ctx = Crypto.hmac_sha256_ctx_new(generate_encryption_key);
            byte[] generate_encryption_key2 = Crypto.generate_encryption_key(this._secret, bArr2, null);
            log_hex("HMAC key for RX", generate_encryption_key2, generate_encryption_key2.length);
            this._peerToUs.hmac_ctx = Crypto.hmac_sha256_ctx_new(generate_encryption_key2);
            if (this._server) {
                this._usToPeer.wrapped.put(this._keyPair.getPublic());
                this._usToPeer.wrapped.put(this._salt);
                this._state = SecureState.SEND_PUBLIC_KEY_AND_SALT;
                secureStatusEnum = SecureStatusEnum.SECURE_ERROR_NEED_WRITE;
            } else {
                this._peerToUs.raw_additional_expected = 2;
                this._state = SecureState.HANDSHAKE_DONE;
            }
        } else {
            if (i != 4) {
                Log.i("Rhombus", String.format("Unhandled state %d", this._state));
                SecureStatusEnum secureStatusEnum4 = SecureStatusEnum.SECURE_ERROR_FATAL;
                this._state = SecureState.FATAL;
                return secureStatusEnum4;
            }
            if (this._peerToUs.unwrapped.position() > 0) {
                return SecureStatusEnum.SECURE_ERROR_NEED_READ;
            }
            int remaining2 = byteBuffer.remaining() < this._peerToUs.raw_additional_expected ? byteBuffer.remaining() : this._peerToUs.raw_additional_expected;
            Log.i("Rhombus", String.format("Consuming %d/%d bytes from caller into our buffer", Integer.valueOf(remaining2), Integer.valueOf(byteBuffer.remaining())));
            this._peerToUs.raw.put(byteBuffer.array(), byteBuffer.arrayOffset() + byteBuffer.position(), remaining2);
            byteBuffer.position(byteBuffer.position() + remaining2);
            this._peerToUs.raw_additional_expected -= remaining2;
            if (this._peerToUs.raw.position() < 2) {
                return SecureStatusEnum.SECURE_ERROR_NEED_UNWRAP;
            }
            if (this._peerToUs.cur_record_len == 0) {
                this._peerToUs.raw.flip();
                this._peerToUs.raw.mark();
                RxInfo rxInfo = this._peerToUs;
                rxInfo.cur_record_len = rxInfo.raw.getShort() & 65535;
                this._peerToUs.raw.reset();
                this._peerToUs.raw.compact();
                if (this._peerToUs.cur_record_len > 1024 || this._peerToUs.cur_record_len == 0) {
                    Log.i("Rhombus", String.format("record len of %d from peer is not valid", Integer.valueOf(this._peerToUs.cur_record_len)));
                    SecureStatusEnum secureStatusEnum5 = SecureStatusEnum.SECURE_ERROR_FATAL;
                    this._state = SecureState.FATAL;
                    return secureStatusEnum5;
                }
                int i2 = this._peerToUs.cur_record_len & 15;
                if (i2 > 0) {
                    RxInfo rxInfo2 = this._peerToUs;
                    rxInfo2.raw_additional_expected = rxInfo2.cur_record_len + (16 - i2);
                } else {
                    RxInfo rxInfo3 = this._peerToUs;
                    rxInfo3.raw_additional_expected = rxInfo3.cur_record_len;
                }
                this._peerToUs.raw_additional_expected += 10;
                Log.i("Rhombus", String.format("Expecting %d more bytes (incl padding and HMAC) for record len %d", Integer.valueOf(this._peerToUs.raw_additional_expected), Integer.valueOf(this._peerToUs.cur_record_len)));
            }
            if (byteBuffer.remaining() > 0) {
                int remaining3 = byteBuffer.remaining() < this._peerToUs.raw_additional_expected ? byteBuffer.remaining() : this._peerToUs.raw_additional_expected;
                Log.i("Rhombus", String.format("Consuming %d/%d bytes from caller into our buffer", Integer.valueOf(remaining3), Integer.valueOf(byteBuffer.remaining())));
                this._peerToUs.raw.put(byteBuffer.array(), byteBuffer.arrayOffset() + byteBuffer.position(), remaining3);
                byteBuffer.position(byteBuffer.position() + remaining3);
                this._peerToUs.raw_additional_expected -= remaining3;
            }
            if (this._peerToUs.raw_additional_expected != 0) {
                return SecureStatusEnum.SECURE_ERROR_NEED_UNWRAP;
            }
            this._peerToUs.raw.flip();
            Log.i("Rhombus", String.format("RX packet should be seq_num %d", Integer.valueOf(this._peerToUs.sequenceNum)));
            byte[] array = ByteBuffer.allocate(4).order(ByteOrder.BIG_ENDIAN).putInt(this._peerToUs.sequenceNum).array();
            byte[] bArr7 = new byte[this._peerToUs.raw.limit() - 10];
            byte[] bArr8 = new byte[10];
            this._peerToUs.raw.get(bArr7);
            this._peerToUs.raw.get(bArr8);
            this._peerToUs.raw.compact();
            if (!Crypto.hmac_sha256_update(this._peerToUs.hmac_ctx, array, 0, 4)) {
                Log.e("Rhombus", "failed HMAC update for RX data");
                secureStatusEnum = SecureStatusEnum.SECURE_ERROR_FATAL;
                this._state = SecureState.FATAL;
            } else if (Crypto.hmac_sha256_update(this._peerToUs.hmac_ctx, bArr7, 0, bArr7.length)) {
                byte[] hmac_sha256_finalize = Crypto.hmac_sha256_finalize(this._peerToUs.hmac_ctx);
                if (hmac_sha256_finalize == null) {
                    Log.i("Rhombus", "failed HMAC finalize for RX data");
                    secureStatusEnum = SecureStatusEnum.SECURE_ERROR_FATAL;
                    this._state = SecureState.FATAL;
                } else if (_array1BeginsWithArray2(hmac_sha256_finalize, bArr8)) {
                    byte[] aes128_cbc_pkcs7_update = Crypto.aes128_cbc_pkcs7_update(this._peerToUs.decrypt_ctx, bArr7, 2, bArr7.length - 2);
                    if (aes128_cbc_pkcs7_update == null) {
                        Log.i("Rhombus", String.format("failed to decrypt %d bytes for record of len %d", Integer.valueOf(bArr7.length - 2), Integer.valueOf(this._peerToUs.cur_record_len)));
                        secureStatusEnum = SecureStatusEnum.SECURE_ERROR_FATAL;
                        this._state = SecureState.FATAL;
                    } else {
                        Log.i("Rhombus", String.format("Successful RX packet seq %d of len %d", Integer.valueOf(this._peerToUs.sequenceNum), Integer.valueOf(this._peerToUs.cur_record_len)));
                        this._peerToUs.sequenceNum++;
                        this._peerToUs.unwrapped.put(aes128_cbc_pkcs7_update, 0, this._peerToUs.cur_record_len);
                        RxInfo rxInfo4 = this._peerToUs;
                        rxInfo4.raw_additional_expected = 2;
                        rxInfo4.cur_record_len = 0;
                    }
                } else {
                    Log.i("Rhombus", String.format("HMAC'd implicit seq: %d", Integer.valueOf(this._peerToUs.sequenceNum)));
                    log_hex("HMAC'd RX data", bArr7, bArr7.length);
                    log_hex("HMAC received", bArr8, 10);
                    log_hex("HMAC calc'd", hmac_sha256_finalize, hmac_sha256_finalize.length);
                    Log.w("Rhombus", "HMAC mismatch on RX data, bad peer. FATAL!");
                    secureStatusEnum = SecureStatusEnum.SECURE_ERROR_FATAL;
                    this._state = SecureState.FATAL;
                }
            } else {
                Log.i("Rhombus", "failed HMAC update for RX data");
                secureStatusEnum = SecureStatusEnum.SECURE_ERROR_FATAL;
                this._state = SecureState.FATAL;
            }
        }
        return secureStatusEnum;
    }

    public SecureStatusEnum wrap(ByteBuffer byteBuffer) {
        SecureStatusEnum secureStatusEnum;
        SecureStatusEnum secureStatusEnum2 = SecureStatusEnum.SECURE_ERROR_NONE;
        int i = AnonymousClass1.$SwitchMap$com$rhombus$android$secure$Secure$SecureState[this._state.ordinal()];
        if (i == 1) {
            Log.e("Rhombus", "Already in FATAL state from previous error. Discard this context!");
            return SecureStatusEnum.SECURE_ERROR_FATAL;
        }
        if (i == 2) {
            Log.i("Rhombus", "SEND_PUBLIC_KEY_AND_SALT");
            return SecureStatusEnum.SECURE_ERROR_NEED_WRITE;
        }
        if (i == 3) {
            Log.i("Rhombus", "WANT_PUBLIC_KEY_AND_SALT");
            return SecureStatusEnum.SECURE_ERROR_NEED_UNWRAP;
        }
        if (i != 4) {
            Log.w("Rhombus", String.format("Unhandled state %d", this._state));
            SecureStatusEnum secureStatusEnum3 = SecureStatusEnum.SECURE_ERROR_FATAL;
            this._state = SecureState.FATAL;
            return secureStatusEnum3;
        }
        if (this._usToPeer.wrapped.position() > 0) {
            return SecureStatusEnum.SECURE_ERROR_NEED_WRITE;
        }
        if (byteBuffer.remaining() <= 0) {
            return secureStatusEnum2;
        }
        int remaining = byteBuffer.remaining() < 1024 ? byteBuffer.remaining() : 1024;
        this._workBuf.clear();
        this._workBuf.putInt(this._usToPeer.sequenceNum);
        short s = (short) (65535 & remaining);
        this._workBuf.putShort(s);
        short s2 = (short) (remaining & 15);
        int i2 = s2 > 0 ? (short) (16 - s2) : 0;
        this._workBuf.put(byteBuffer.array(), byteBuffer.arrayOffset() + byteBuffer.position(), remaining);
        if (i2 > 0) {
            byte[] bArr = new byte[i2];
            Crypto.generate_random_number(bArr, 15);
            this._workBuf.put(bArr);
        }
        int i3 = i2 + remaining;
        byte[] aes128_cbc_pkcs7_update = Crypto.aes128_cbc_pkcs7_update(this._usToPeer.encrypt_ctx, this._workBuf.array(), 6, i3);
        if (aes128_cbc_pkcs7_update == null) {
            Log.i("Rhombus", String.format("Failed to encrypt %d bytes", Integer.valueOf(i3)));
            secureStatusEnum = SecureStatusEnum.SECURE_ERROR_FATAL;
            this._state = SecureState.FATAL;
        } else {
            this._usToPeer.wrapped.putShort(s);
            this._usToPeer.wrapped.put(aes128_cbc_pkcs7_update);
            System.arraycopy(aes128_cbc_pkcs7_update, 0, this._workBuf.array(), 6, aes128_cbc_pkcs7_update.length);
            if (Crypto.hmac_sha256_update(this._usToPeer.hmac_ctx, this._workBuf.array(), 0, aes128_cbc_pkcs7_update.length + 6)) {
                byte[] hmac_sha256_finalize = Crypto.hmac_sha256_finalize(this._usToPeer.hmac_ctx);
                if (hmac_sha256_finalize != null) {
                    log_hex("HMAC'd TX data", this._workBuf.array(), aes128_cbc_pkcs7_update.length + 6);
                    log_hex("HMAC", hmac_sha256_finalize, hmac_sha256_finalize.length);
                    byteBuffer.position(byteBuffer.position() + remaining);
                    this._usToPeer.wrapped.put(hmac_sha256_finalize, 0, 10);
                    this._usToPeer.sequenceNum++;
                    return secureStatusEnum2;
                }
                Log.e("Rhombus", "Failed to finalize HMAC for TX data");
                secureStatusEnum = SecureStatusEnum.SECURE_ERROR_FATAL;
                this._state = SecureState.FATAL;
            } else {
                Log.e("Rhombus", "Failed to update HMAC for TX data");
                secureStatusEnum = SecureStatusEnum.SECURE_ERROR_FATAL;
                this._state = SecureState.FATAL;
            }
        }
        return secureStatusEnum;
    }
}
