package im.status.keycard;

import im.status.keycard.applet.SecureChannelSession;
import javacard.framework.APDU;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
import javacard.framework.Util;
import javacard.security.AESKey;
import javacard.security.ECKey;
import javacard.security.KeyBuilder;
import javacard.security.KeyPair;
import javacard.security.Signature;
import kotlin.UByte;

/* loaded from: input_file:assets/keycard_v2.2.1.cap:APPLET-INF/classes/im/status/keycard/SecureChannel.class */
public class SecureChannel {
    public static final short SC_KEY_LENGTH = 256;
    public static final short SC_SECRET_LENGTH = 32;
    public static final short PAIRING_KEY_LENGTH = 33;
    public static final short SC_BLOCK_SIZE = 16;
    public static final short SC_OUT_OFFSET = 37;
    public static final short SC_COUNTER_MAX = 100;
    public static final byte INS_OPEN_SECURE_CHANNEL = 16;
    public static final byte INS_MUTUALLY_AUTHENTICATE = 17;
    public static final byte INS_PAIR = 18;
    public static final byte INS_UNPAIR = 19;
    public static final byte PAIR_P1_FIRST_STEP = 0;
    public static final byte PAIR_P1_LAST_STEP = 1;
    public static final short SC_MAX_PLAIN_LENGTH = 223;
    private byte[] secret;
    private byte[] pairingSecret;
    private short scCounter;
    private byte[] pairingKeys;
    private byte remainingSlots;
    private Crypto crypto;
    private short preassignedPairingOffset = -1;
    private boolean mutuallyAuthenticated = false;
    private Signature scMac = Signature.getInstance(SecureChannelSession.INS_PAIR, false);
    private AESKey scEncKey = KeyBuilder.buildKey((byte) 14, 256, false);
    private AESKey scMacKey = KeyBuilder.buildKey((byte) 14, 256, false);
    private KeyPair scKeypair = new KeyPair((byte) 5, 256);

    public SecureChannel(byte b, Crypto crypto, SECP256k1 sECP256k1) {
        this.crypto = crypto;
        sECP256k1.setCurveParameters((ECKey) this.scKeypair.getPrivate());
        sECP256k1.setCurveParameters((ECKey) this.scKeypair.getPublic());
        this.scKeypair.genKeyPair();
        this.secret = JCSystem.makeTransientByteArray((short) 64, (byte) 2);
        this.pairingKeys = new byte[(short) (33 * b)];
        this.remainingSlots = b;
    }

    public void initSecureChannel(byte[] bArr, short s) {
        if (this.pairingSecret != null) {
            return;
        }
        this.pairingSecret = new byte[32];
        Util.arrayCopy(bArr, s, this.pairingSecret, (short) 0, (short) 32);
        this.scKeypair.genKeyPair();
    }

    public void oneShotDecrypt(byte[] bArr) {
        this.crypto.ecdh.init(this.scKeypair.getPrivate());
        try {
            this.crypto.ecdh.generateSecret(bArr, (short) 6, bArr[5], this.secret, (short) 0);
            short s = (short) (6 + bArr[5]);
            this.scEncKey.setKey(this.secret, (short) 0);
            this.crypto.aesCbcIso9797m2.init(this.scEncKey, (byte) 1, bArr, s, (short) 16);
            short s2 = (short) (s + 16);
            bArr[4] = (byte) this.crypto.aesCbcIso9797m2.doFinal(bArr, s2, (short) ((((short) (bArr[4] & UByte.MAX_VALUE)) - s2) + 5), bArr, (short) 5);
        } catch (Exception e) {
            ISOException.throwIt((short) 27264);
        }
    }

    public void openSecureChannel(APDU apdu) {
        this.preassignedPairingOffset = (short) -1;
        this.mutuallyAuthenticated = false;
        byte[] buffer = apdu.getBuffer();
        short checkPairingIndexAndGetOffset = checkPairingIndexAndGetOffset(buffer[2]);
        if (this.pairingKeys[checkPairingIndexAndGetOffset] != 1) {
            ISOException.throwIt((short) 27270);
        } else {
            checkPairingIndexAndGetOffset = (short) (checkPairingIndexAndGetOffset + 1);
        }
        this.crypto.ecdh.init(this.scKeypair.getPrivate());
        try {
            short generateSecret = this.crypto.ecdh.generateSecret(buffer, (short) 5, buffer[4], this.secret, (short) 0);
            this.crypto.random.generateData(buffer, (short) 0, (short) 48);
            this.crypto.sha512.update(this.secret, (short) 0, generateSecret);
            this.crypto.sha512.update(this.pairingKeys, checkPairingIndexAndGetOffset, (short) 32);
            this.crypto.sha512.doFinal(buffer, (short) 0, (short) 32, this.secret, (short) 0);
            this.scEncKey.setKey(this.secret, (short) 0);
            this.scMacKey.setKey(this.secret, (short) 32);
            Util.arrayCopyNonAtomic(buffer, (short) 32, this.secret, (short) 0, (short) 16);
            Util.arrayFillNonAtomic(this.secret, (short) 16, (short) (this.secret.length - 16), (byte) 0);
            apdu.setOutgoingAndSend((short) 0, (short) 48);
        } catch (Exception e) {
            ISOException.throwIt((short) 27264);
        }
    }

    public void mutuallyAuthenticate(APDU apdu) {
        if (!this.scEncKey.isInitialized()) {
            ISOException.throwIt((short) 27013);
        }
        boolean z = this.mutuallyAuthenticated;
        this.mutuallyAuthenticated = true;
        byte[] buffer = apdu.getBuffer();
        short preprocessAPDU = preprocessAPDU(buffer);
        if (z) {
            ISOException.throwIt((short) 27013);
        }
        if (preprocessAPDU != 32) {
            reset();
            ISOException.throwIt((short) 27010);
        }
        this.crypto.random.generateData(buffer, (short) 37, (short) 32);
        respond(apdu, preprocessAPDU, (short) -28672);
    }

    public void pair(APDU apdu) {
        short pairStep2;
        if (isOpen()) {
            ISOException.throwIt((short) 27013);
        }
        byte[] buffer = apdu.getBuffer();
        if (buffer[4] != 32) {
            ISOException.throwIt((short) 27264);
        }
        if (buffer[2] == 0) {
            pairStep2 = pairStep1(buffer);
        } else {
            if (buffer[2] != 1 || this.preassignedPairingOffset == -1) {
                ISOException.throwIt((short) 27270);
                return;
            }
            pairStep2 = pairStep2(buffer);
        }
        apdu.setOutgoingAndSend((short) 0, pairStep2);
    }

    private short pairStep1(byte[] bArr) {
        this.preassignedPairingOffset = (short) -1;
        short s = 0;
        while (true) {
            short s2 = s;
            if (s2 >= ((short) this.pairingKeys.length)) {
                break;
            }
            if (this.pairingKeys[s2] == 0) {
                this.preassignedPairingOffset = s2;
                break;
            }
            s = (short) (s2 + 33);
        }
        if (this.preassignedPairingOffset == -1) {
            ISOException.throwIt((short) 27268);
        }
        this.crypto.sha256.update(this.pairingSecret, (short) 0, (short) 32);
        this.crypto.sha256.doFinal(bArr, (short) 5, (short) 32, bArr, (short) 0);
        this.crypto.random.generateData(this.secret, (short) 0, (short) 32);
        Util.arrayCopyNonAtomic(this.secret, (short) 0, bArr, (short) 32, (short) 32);
        return (short) 64;
    }

    private short pairStep2(byte[] bArr) {
        this.crypto.sha256.update(this.pairingSecret, (short) 0, (short) 32);
        this.crypto.sha256.doFinal(this.secret, (short) 0, (short) 32, this.secret, (short) 0);
        if (Util.arrayCompare(bArr, (short) 5, this.secret, (short) 0, (short) 32) != 0) {
            this.preassignedPairingOffset = (short) -1;
            ISOException.throwIt((short) 27010);
        }
        this.crypto.random.generateData(bArr, (short) 1, (short) 32);
        this.crypto.sha256.update(this.pairingSecret, (short) 0, (short) 32);
        this.crypto.sha256.doFinal(bArr, (short) 1, (short) 32, this.pairingKeys, (short) (this.preassignedPairingOffset + 1));
        this.pairingKeys[this.preassignedPairingOffset] = 1;
        this.remainingSlots = (byte) (this.remainingSlots - 1);
        bArr[0] = (byte) (this.preassignedPairingOffset / 33);
        this.preassignedPairingOffset = (short) -1;
        return (short) 33;
    }

    public void unpair(byte[] bArr) {
        short checkPairingIndexAndGetOffset = checkPairingIndexAndGetOffset(bArr[2]);
        if (this.pairingKeys[checkPairingIndexAndGetOffset] == 1) {
            Util.arrayFillNonAtomic(this.pairingKeys, checkPairingIndexAndGetOffset, (short) 33, (byte) 0);
            this.remainingSlots = (byte) (this.remainingSlots + 1);
        }
    }

    public short preprocessAPDU(byte[] bArr) {
        if (!isOpen()) {
            ISOException.throwIt((short) 27013);
        }
        short s = (short) (bArr[4] & 255);
        if (!verifyAESMAC(bArr, s)) {
            reset();
            ISOException.throwIt((short) 27010);
        }
        this.crypto.aesCbcIso9797m2.init(this.scEncKey, (byte) 1, this.secret, (short) 0, (short) 16);
        Util.arrayCopyNonAtomic(bArr, (short) 5, this.secret, (short) 0, (short) 16);
        short doFinal = this.crypto.aesCbcIso9797m2.doFinal(bArr, (short) 21, (short) (s - 16), bArr, (short) 5);
        bArr[4] = (byte) doFinal;
        return doFinal;
    }

    private boolean verifyAESMAC(byte[] bArr, short s) {
        this.scMac.init(this.scMacKey, (byte) 2);
        this.scMac.update(bArr, (short) 0, (short) 5);
        this.scMac.update(this.secret, (short) 16, (short) 11);
        return this.scMac.verify(bArr, (short) 21, (short) (s - 16), bArr, (short) 5, (short) 16);
    }

    public void respond(APDU apdu, short s, short s2) {
        byte[] buffer = apdu.getBuffer();
        Util.setShort(buffer, (short) (37 + s), s2);
        this.crypto.aesCbcIso9797m2.init(this.scEncKey, (byte) 2, this.secret, (short) 0, (short) 16);
        short doFinal = this.crypto.aesCbcIso9797m2.doFinal(buffer, (short) 37, (short) (s + 2), buffer, (short) 21);
        buffer[0] = (byte) (doFinal + 16);
        computeAESMAC(doFinal, buffer);
        Util.arrayCopyNonAtomic(buffer, (short) 5, this.secret, (short) 0, (short) 16);
        apdu.setOutgoingAndSend((short) 5, (short) (doFinal + 16));
    }

    private void computeAESMAC(short s, byte[] bArr) {
        this.scMac.init(this.scMacKey, (byte) 1);
        this.scMac.update(bArr, (short) 0, (short) 1);
        this.scMac.update(this.secret, (short) 16, (short) 15);
        this.scMac.sign(bArr, (short) 21, s, bArr, (short) 5);
    }

    public short copyPublicKey(byte[] bArr, short s) {
        return this.scKeypair.getPublic().getW(bArr, s);
    }

    public boolean isOpen() {
        return this.scEncKey.isInitialized() && this.scMacKey.isInitialized() && this.mutuallyAuthenticated;
    }

    public byte getRemainingPairingSlots() {
        return this.remainingSlots;
    }

    public void updateSecureChannelCounter() {
        if (this.scCounter < 100) {
            this.scCounter = (short) (this.scCounter + 1);
        } else {
            this.scKeypair.genKeyPair();
            this.scCounter = (short) 0;
        }
    }

    public void reset() {
        this.scEncKey.clearKey();
        this.scMacKey.clearKey();
        this.mutuallyAuthenticated = false;
    }

    public void updatePairingSecret(byte[] bArr, byte b) {
        Util.arrayCopy(bArr, b, this.pairingSecret, (short) 0, (short) 32);
    }

    private short checkPairingIndexAndGetOffset(byte b) {
        short s = (short) (b * 33);
        if (s >= ((short) this.pairingKeys.length)) {
            ISOException.throwIt((short) 27270);
        }
        return s;
    }
}
