package de.rub.nds.tlsattacker.core.protocol.handler;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.CompressionMethod;
import de.rub.nds.tlsattacker.core.constants.DigestAlgorithm;
import de.rub.nds.tlsattacker.core.constants.ExtensionByteLength;
import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.constants.RecordByteLength;
import de.rub.nds.tlsattacker.core.constants.Tls13KeySetType;
import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
import de.rub.nds.tlsattacker.core.crypto.ec.CurveFactory;
import de.rub.nds.tlsattacker.core.crypto.ec.EllipticCurve;
import de.rub.nds.tlsattacker.core.crypto.ec.ForgivingX25519Curve;
import de.rub.nds.tlsattacker.core.crypto.ec.ForgivingX448Curve;
import de.rub.nds.tlsattacker.core.crypto.ec.Point;
import de.rub.nds.tlsattacker.core.crypto.ec.PointFormatter;
import de.rub.nds.tlsattacker.core.exceptions.AdjustmentException;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import de.rub.nds.tlsattacker.core.protocol.message.ServerHelloMessage;
import de.rub.nds.tlsattacker.core.protocol.message.computations.PWDComputations;
import de.rub.nds.tlsattacker.core.protocol.message.extension.keyshare.DragonFlyKeyShareEntry;
import de.rub.nds.tlsattacker.core.protocol.message.extension.keyshare.KeyShareStoreEntry;
import de.rub.nds.tlsattacker.core.protocol.parser.ServerHelloParser;
import de.rub.nds.tlsattacker.core.protocol.parser.extension.keyshare.DragonFlyKeyShareEntryParser;
import de.rub.nds.tlsattacker.core.protocol.preparator.SSL2ClientMasterKeyPreparator;
import de.rub.nds.tlsattacker.core.protocol.preparator.ServerHelloPreparator;
import de.rub.nds.tlsattacker.core.protocol.serializer.ServerHelloSerializer;
import de.rub.nds.tlsattacker.core.record.cipher.RecordAEADCipher;
import de.rub.nds.tlsattacker.core.record.cipher.RecordCipherFactory;
import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySet;
import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySetGenerator;
import de.rub.nds.tlsattacker.core.state.TlsContext;
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Mac;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/handler/ServerHelloHandler.class */
public class ServerHelloHandler extends HandshakeMessageHandler<ServerHelloMessage> {
    private static final Logger LOGGER = LogManager.getLogger();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: de.rub.nds.tlsattacker.core.protocol.handler.ServerHelloHandler$1, reason: invalid class name */
    /* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/handler/ServerHelloHandler$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup = new int[NamedGroup.values().length];

        static {
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.ECDH_X25519.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.ECDH_X448.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP160K1.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP160R1.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP160R2.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP192K1.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP192R1.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP224K1.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP224R1.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP256K1.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP256R1.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP384R1.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECP521R1.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT163K1.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT163R1.ordinal()] = 15;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT163R2.ordinal()] = 16;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT193R1.ordinal()] = 17;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT193R2.ordinal()] = 18;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT233K1.ordinal()] = 19;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT233R1.ordinal()] = 20;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT239K1.ordinal()] = 21;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT283K1.ordinal()] = 22;
            } catch (NoSuchFieldError e22) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT283R1.ordinal()] = 23;
            } catch (NoSuchFieldError e23) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT409K1.ordinal()] = 24;
            } catch (NoSuchFieldError e24) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT409R1.ordinal()] = 25;
            } catch (NoSuchFieldError e25) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT571K1.ordinal()] = 26;
            } catch (NoSuchFieldError e26) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[NamedGroup.SECT571R1.ordinal()] = 27;
            } catch (NoSuchFieldError e27) {
            }
        }
    }

    public ServerHelloHandler(TlsContext tlsContext) {
        super(tlsContext);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.Handler
    public ServerHelloPreparator getPreparator(ServerHelloMessage serverHelloMessage) {
        return new ServerHelloPreparator(this.tlsContext.getChooser(), serverHelloMessage);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.Handler
    public ServerHelloSerializer getSerializer(ServerHelloMessage serverHelloMessage) {
        return new ServerHelloSerializer(serverHelloMessage, this.tlsContext.getChooser().getSelectedProtocolVersion());
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.Handler
    public ServerHelloParser getParser(byte[] bArr, int i) {
        return new ServerHelloParser(i, bArr, this.tlsContext.getChooser().getLastRecordVersion());
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler
    public void adjustTLSContext(ServerHelloMessage serverHelloMessage) {
        adjustSelectedProtocolVersion(serverHelloMessage);
        if (!this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
            adjustSelectedCompression(serverHelloMessage);
            adjustSelectedSessionID(serverHelloMessage);
        }
        adjustSelectedCiphersuite(serverHelloMessage);
        adjustServerRandom(serverHelloMessage);
        adjustExtensions(serverHelloMessage, HandshakeMessageType.SERVER_HELLO);
        if (this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
            adjustHandshakeTrafficSecrets();
            if (this.tlsContext.getTalkingConnectionEndType() != this.tlsContext.getChooser().getConnectionEndType()) {
                setServerRecordCipher();
            }
        }
        adjustPRF(serverHelloMessage);
        if (this.tlsContext.hasSession(this.tlsContext.getChooser().getServerSessionId())) {
            LOGGER.info("Resuming Session");
            LOGGER.debug("Loading Mastersecret");
            this.tlsContext.setMasterSecret(this.tlsContext.getSession(this.tlsContext.getChooser().getServerSessionId()).getMasterSecret());
            setRecordCipher();
        }
    }

    private void adjustSelectedCiphersuite(ServerHelloMessage serverHelloMessage) {
        CipherSuite cipherSuite = null;
        if (serverHelloMessage.getSelectedCipherSuite() != null) {
            cipherSuite = CipherSuite.getCipherSuite((byte[]) serverHelloMessage.getSelectedCipherSuite().getValue());
        }
        if (cipherSuite == null) {
            LOGGER.warn("Unknown CipherSuite, did not adjust Context");
        } else {
            this.tlsContext.setSelectedCipherSuite(cipherSuite);
            LOGGER.debug("Set SelectedCipherSuite in Context to " + cipherSuite.name());
        }
    }

    private void adjustServerRandom(ServerHelloMessage serverHelloMessage) {
        this.tlsContext.setServerRandom((byte[]) serverHelloMessage.getRandom().getValue());
        LOGGER.debug("Set ServerRandom in Context to " + ArrayConverter.bytesToHexString(this.tlsContext.getServerRandom()));
    }

    private void adjustSelectedCompression(ServerHelloMessage serverHelloMessage) {
        CompressionMethod compressionMethod = null;
        if (serverHelloMessage.getSelectedCompressionMethod() != null) {
            compressionMethod = CompressionMethod.getCompressionMethod(((Byte) serverHelloMessage.getSelectedCompressionMethod().getValue()).byteValue());
        }
        if (compressionMethod == null) {
            LOGGER.warn("Not adjusting CompressionMethod - Method is null!");
        } else {
            this.tlsContext.setSelectedCompressionMethod(compressionMethod);
            LOGGER.debug("Set SelectedCompressionMethod in Context to " + compressionMethod.name());
        }
    }

    private void adjustSelectedSessionID(ServerHelloMessage serverHelloMessage) {
        byte[] bArr = (byte[]) serverHelloMessage.getSessionId().getValue();
        this.tlsContext.setServerSessionId(bArr);
        LOGGER.debug("Set SessionID in Context to " + ArrayConverter.bytesToHexString(bArr, false));
    }

    private void adjustSelectedProtocolVersion(ServerHelloMessage serverHelloMessage) {
        ProtocolVersion protocolVersion = null;
        if (serverHelloMessage.getProtocolVersion() != null) {
            protocolVersion = ProtocolVersion.getProtocolVersion((byte[]) serverHelloMessage.getProtocolVersion().getValue());
        }
        if (protocolVersion == null) {
            LOGGER.warn("Did not Adjust ProtocolVersion since version is undefined " + ArrayConverter.bytesToHexString((byte[]) serverHelloMessage.getProtocolVersion().getValue()));
        } else {
            this.tlsContext.setSelectedProtocolVersion(protocolVersion);
            LOGGER.debug("Set SelectedProtocolVersion in Context to " + protocolVersion.name());
        }
    }

    private void adjustPRF(ServerHelloMessage serverHelloMessage) {
        Chooser chooser = this.tlsContext.getChooser();
        if (chooser.getSelectedProtocolVersion().isSSL()) {
            return;
        }
        this.tlsContext.setPrfAlgorithm(AlgorithmResolver.getPRFAlgorithm(chooser.getSelectedProtocolVersion(), chooser.getSelectedCipherSuite()));
    }

    private void setRecordCipher() {
        KeySet keySet = getKeySet(this.tlsContext, Tls13KeySetType.NONE);
        LOGGER.debug("Setting new Cipher in RecordLayer");
        this.tlsContext.getRecordLayer().setRecordCipher(RecordCipherFactory.getRecordCipher(this.tlsContext, keySet));
    }

    private void setServerRecordCipher() {
        this.tlsContext.setTls13SoftDecryption(true);
        this.tlsContext.setActiveServerKeySetType(Tls13KeySetType.HANDSHAKE_TRAFFIC_SECRETS);
        LOGGER.debug("Setting cipher for server to use handshake secrets");
        this.tlsContext.getRecordLayer().setRecordCipher(RecordCipherFactory.getRecordCipher(this.tlsContext, getKeySet(this.tlsContext, this.tlsContext.getActiveServerKeySetType()), this.tlsContext.getChooser().getSelectedCipherSuite()));
        if (this.tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT) {
            this.tlsContext.setReadSequenceNumber(0L);
            this.tlsContext.getRecordLayer().updateDecryptionCipher();
        } else {
            this.tlsContext.setWriteSequenceNumber(0L);
            this.tlsContext.getRecordLayer().updateEncryptionCipher();
        }
    }

    private KeySet getKeySet(TlsContext tlsContext, Tls13KeySetType tls13KeySetType) {
        try {
            LOGGER.debug("Generating new KeySet");
            return KeySetGenerator.generateKeySet(tlsContext, this.tlsContext.getChooser().getSelectedProtocolVersion(), tls13KeySetType);
        } catch (CryptoException | NoSuchAlgorithmException e) {
            throw new UnsupportedOperationException("The specified Algorithm is not supported", e);
        }
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler
    public void adjustTlsContextAfterSerialize(ServerHelloMessage serverHelloMessage) {
        if (this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
            setServerRecordCipher();
        }
    }

    private void adjustHandshakeTrafficSecrets() {
        byte[] computeSharedPWDSecret;
        HKDFAlgorithm hKDFAlgorithm = AlgorithmResolver.getHKDFAlgorithm(this.tlsContext.getChooser().getSelectedCipherSuite());
        DigestAlgorithm digestAlgorithm = AlgorithmResolver.getDigestAlgorithm(this.tlsContext.getChooser().getSelectedProtocolVersion(), this.tlsContext.getChooser().getSelectedCipherSuite());
        try {
            int macLength = Mac.getInstance(hKDFAlgorithm.getMacAlgorithm().getJavaName()).getMacLength();
            byte[] deriveSecret = HKDFunction.deriveSecret(hKDFAlgorithm, digestAlgorithm.getJavaName(), HKDFunction.extract(hKDFAlgorithm, new byte[0], (this.tlsContext.getConfig().isUsePsk().booleanValue() || this.tlsContext.getPsk() != null) ? this.tlsContext.getChooser().getPsk() : new byte[macLength]), HKDFunction.DERIVED, ArrayConverter.hexStringToByteArray(""));
            byte[] bArr = new byte[macLength];
            if (this.tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT) {
                computeSharedPWDSecret = this.tlsContext.getSelectedCipherSuite().isPWD() ? computeSharedPWDSecret(this.tlsContext.getChooser().getServerKeyShare()) : computeSharedSecret(this.tlsContext.getChooser().getServerKeyShare());
            } else {
                Integer num = null;
                for (KeyShareStoreEntry keyShareStoreEntry : this.tlsContext.getChooser().getClientKeyShares()) {
                    if (Arrays.equals(keyShareStoreEntry.getGroup().getValue(), this.tlsContext.getChooser().getServerKeyShare().getGroup().getValue())) {
                        num = Integer.valueOf(this.tlsContext.getChooser().getClientKeyShares().indexOf(keyShareStoreEntry));
                    }
                }
                if (num == null) {
                    LOGGER.warn("Client did not send the KeyShareType we expected. Choosing first in his List");
                    num = 0;
                }
                computeSharedPWDSecret = this.tlsContext.getSelectedCipherSuite().isPWD() ? computeSharedPWDSecret(this.tlsContext.getChooser().getClientKeyShares().get(num.intValue())) : computeSharedSecret(this.tlsContext.getChooser().getClientKeyShares().get(num.intValue()));
            }
            byte[] extract = HKDFunction.extract(hKDFAlgorithm, deriveSecret, computeSharedPWDSecret);
            this.tlsContext.setHandshakeSecret(extract);
            LOGGER.debug("Set handshakeSecret in Context to " + ArrayConverter.bytesToHexString(extract));
            byte[] deriveSecret2 = HKDFunction.deriveSecret(hKDFAlgorithm, digestAlgorithm.getJavaName(), extract, HKDFunction.CLIENT_HANDSHAKE_TRAFFIC_SECRET, this.tlsContext.getDigest().getRawBytes());
            this.tlsContext.setClientHandshakeTrafficSecret(deriveSecret2);
            LOGGER.debug("Set clientHandshakeTrafficSecret in Context to " + ArrayConverter.bytesToHexString(deriveSecret2));
            byte[] deriveSecret3 = HKDFunction.deriveSecret(hKDFAlgorithm, digestAlgorithm.getJavaName(), extract, HKDFunction.SERVER_HANDSHAKE_TRAFFIC_SECRET, this.tlsContext.getDigest().getRawBytes());
            this.tlsContext.setServerHandshakeTrafficSecret(deriveSecret3);
            LOGGER.debug("Set serverHandshakeTrafficSecret in Context to " + ArrayConverter.bytesToHexString(deriveSecret3));
        } catch (CryptoException | NoSuchAlgorithmException e) {
            throw new AdjustmentException(e);
        }
    }

    private byte[] computeSharedSecret(KeyShareStoreEntry keyShareStoreEntry) {
        switch (AnonymousClass1.$SwitchMap$de$rub$nds$tlsattacker$core$constants$NamedGroup[keyShareStoreEntry.getGroup().ordinal()]) {
            case 1:
                return ForgivingX25519Curve.computeSharedSecret(this.tlsContext.getConfig().getKeySharePrivate(), keyShareStoreEntry.getPublicKey());
            case 2:
                return ForgivingX448Curve.computeSharedSecret(this.tlsContext.getConfig().getKeySharePrivate(), keyShareStoreEntry.getPublicKey());
            case 3:
            case 4:
            case 5:
            case RecordByteLength.DTLS_SEQUENCE_NUMBER /* 6 */:
            case 7:
            case 8:
            case 9:
            case 10:
            case SSL2ClientMasterKeyPreparator.EXPORT_RC4_NUM_OF_CLEAR_KEY_BYTES /* 11 */:
            case 12:
            case 13:
            case 14:
            case 15:
            case RecordAEADCipher.AEAD_TAG_LENGTH /* 16 */:
            case 17:
            case 18:
            case 19:
            case ExtensionByteLength.TRUSTED_AUTHORITY_HASH /* 20 */:
            case 21:
            case 22:
            case 23:
            case 24:
            case 25:
            case 26:
            case 27:
                Point mult = CurveFactory.getCurve(keyShareStoreEntry.getGroup()).mult(this.tlsContext.getConfig().getDefaultKeySharePrivateKey(), PointFormatter.formatFromByteArray(keyShareStoreEntry.getGroup(), keyShareStoreEntry.getPublicKey()));
                return ArrayConverter.bigIntegerToNullPaddedByteArray(mult.getX().getData(), ArrayConverter.bigIntegerToByteArray(mult.getX().getModulus()).length);
            default:
                throw new UnsupportedOperationException("KeyShare type " + keyShareStoreEntry.getGroup() + " is unsupported");
        }
    }

    private byte[] computeSharedPWDSecret(KeyShareStoreEntry keyShareStoreEntry) throws CryptoException {
        Chooser chooser = this.tlsContext.getChooser();
        EllipticCurve curve = CurveFactory.getCurve(keyShareStoreEntry.getGroup());
        DragonFlyKeyShareEntry parse = new DragonFlyKeyShareEntryParser(keyShareStoreEntry.getPublicKey(), keyShareStoreEntry.getGroup()).parse();
        int bitLength = curve.getModulus().bitLength();
        Point fromRawFormat = PointFormatter.fromRawFormat(keyShareStoreEntry.getGroup(), parse.getRawPublicKey());
        BigInteger scalar = parse.getScalar();
        Point computePasswordElement = PWDComputations.computePasswordElement(this.tlsContext.getChooser(), curve);
        BigInteger mod = chooser.getConnectionEndType() == ConnectionEndType.CLIENT ? new BigInteger(1, chooser.getConfig().getDefaultClientPWDPrivate()).mod(curve.getBasePointOrder()) : new BigInteger(1, chooser.getConfig().getDefaultServerPWDPrivate()).mod(curve.getBasePointOrder());
        LOGGER.debug("Element: " + ArrayConverter.bytesToHexString(PointFormatter.toRawFormat(fromRawFormat)));
        LOGGER.debug("Scalar: " + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(scalar)));
        return ArrayConverter.bigIntegerToByteArray(curve.mult(mod, curve.add(curve.mult(scalar, computePasswordElement), fromRawFormat)).getX().getData(), bitLength / 8, true);
    }
}
