package de.rub.nds.tlsattacker.core.protocol.preparator;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.crypto.ec.CurveFactory;
import de.rub.nds.tlsattacker.core.crypto.ec.EllipticCurve;
import de.rub.nds.tlsattacker.core.crypto.ec.Point;
import de.rub.nds.tlsattacker.core.crypto.ec.PointFormatter;
import de.rub.nds.tlsattacker.core.crypto.gost.GOST28147WrapEngine;
import de.rub.nds.tlsattacker.core.crypto.gost.TLSGostKeyTransportBlob;
import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
import de.rub.nds.tlsattacker.core.protocol.message.GOSTClientKeyExchangeMessage;
import de.rub.nds.tlsattacker.core.util.GOSTUtils;
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.cryptopro.Gost2814789EncryptedKey;
import org.bouncycastle.asn1.cryptopro.GostR3410KeyTransport;
import org.bouncycastle.asn1.cryptopro.GostR3410TransportParameters;
import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.engines.GOST28147Engine;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithSBox;
import org.bouncycastle.crypto.params.ParametersWithUKM;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/preparator/GOSTClientKeyExchangePreparator.class */
public abstract class GOSTClientKeyExchangePreparator extends ClientKeyExchangePreparator<GOSTClientKeyExchangeMessage> {
    private final GOSTClientKeyExchangeMessage msg;
    private static final Logger LOGGER = LogManager.getLogger();
    private static Map<ASN1ObjectIdentifier, String> oidMappings = new HashMap();

    public GOSTClientKeyExchangePreparator(Chooser chooser, GOSTClientKeyExchangeMessage gOSTClientKeyExchangeMessage) {
        super(chooser, gOSTClientKeyExchangeMessage);
        this.msg = gOSTClientKeyExchangeMessage;
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.preparator.HandshakeMessagePreparator
    protected void prepareHandshakeMessageContents() {
        prepareAfterParse(true);
    }

    /* JADX WARN: Type inference failed for: r0v27, types: [byte[], byte[][]] */
    @Override // de.rub.nds.tlsattacker.core.protocol.preparator.ProtocolMessagePreparator
    public void prepareAfterParse(boolean z) {
        try {
            LOGGER.debug("Preparing GOST EC VKO. Client mode: " + z);
            this.msg.prepareComputations();
            prepareClientServerRandom();
            prepareUkm();
            if (z) {
                preparePms();
                this.msg.getComputations().setPrivateKey(this.chooser.getClientEcPrivateKey());
                prepareEphemeralKey();
                prepareKek((BigInteger) this.msg.getComputations().getPrivateKey().getValue(), this.chooser.getServerEcPublicKey());
                prepareEncryptionParams();
                prepareCek();
                prepareKeyBlob();
            } else {
                TLSGostKeyTransportBlob tLSGostKeyTransportBlob = TLSGostKeyTransportBlob.getInstance(this.msg.getKeyTransportBlob().getValue());
                LOGGER.debug("Received GOST key blob: " + ASN1Dump.dumpAsString(tLSGostKeyTransportBlob, true));
                GostR3410KeyTransport keyBlob = tLSGostKeyTransportBlob.getKeyBlob();
                if (!Arrays.equals(keyBlob.getTransportParameters().getUkm(), (byte[]) this.msg.getComputations().getUkm().getValue())) {
                    LOGGER.warn("Client UKM != Server UKM");
                }
                keyBlob.getTransportParameters().getEphemeralPublicKey();
                prepareKek(this.chooser.getServerEcPrivateKey(), this.chooser.getClientEcPublicKey());
                this.msg.getComputations().setPremasterSecret(wrap(false, ArrayConverter.concatenate((byte[][]) new byte[]{keyBlob.getSessionEncryptedKey().getEncryptedKey(), keyBlob.getSessionEncryptedKey().getMacKey()}), oidMappings.get(keyBlob.getTransportParameters().getEncryptionParamSet())));
            }
        } catch (IOException | GeneralSecurityException e) {
            throw new WorkflowExecutionException("Could not prepare the key agreement!", e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    private void prepareClientServerRandom() {
        this.msg.getComputations().setClientServerRandom(ArrayConverter.concatenate((byte[][]) new byte[]{this.chooser.getClientRandom(), this.chooser.getServerRandom()}));
        LOGGER.debug("ClientServerRandom: " + ArrayConverter.bytesToHexString((byte[]) this.msg.getComputations().getClientServerRandom().getValue()));
    }

    private void prepareUkm() throws NoSuchAlgorithmException {
        byte[] bArr = new byte[8];
        System.arraycopy(MessageDigest.getInstance(AlgorithmResolver.getDigestAlgorithm(this.chooser.getSelectedProtocolVersion(), this.chooser.getSelectedCipherSuite()).getJavaName()).digest((byte[]) this.msg.getComputations().getClientServerRandom().getValue()), 0, bArr, 0, bArr.length);
        this.msg.getComputations().setUkm(bArr);
        LOGGER.debug("UKM: " + ArrayConverter.bytesToHexString(this.msg.getComputations().getUkm()));
    }

    private void prepareKek(BigInteger bigInteger, Point point) throws GeneralSecurityException {
        byte[] rawFormat = PointFormatter.toRawFormat(CurveFactory.getCurve(this.chooser.getSelectedGostCurve()).mult(bigInteger, point));
        Digest keyAgreementDigestAlgorithm = getKeyAgreementDigestAlgorithm();
        keyAgreementDigestAlgorithm.update(rawFormat, 0, rawFormat.length);
        byte[] bArr = new byte[keyAgreementDigestAlgorithm.getDigestSize()];
        keyAgreementDigestAlgorithm.doFinal(bArr, 0);
        this.msg.getComputations().setKeyEncryptionKey(bArr);
        LOGGER.debug("KEK: " + ArrayConverter.bytesToHexString(this.msg.getComputations().getKeyEncryptionKey()));
    }

    private void preparePms() {
        byte[] preMasterSecret = this.chooser.getContext().getPreMasterSecret();
        if (preMasterSecret != null) {
            LOGGER.debug("Using preset PreMasterSecret from context.");
        } else {
            LOGGER.debug("Generating random PreMasterSecret.");
            preMasterSecret = new byte[32];
            this.chooser.getContext().getRandom().nextBytes(preMasterSecret);
        }
        this.msg.getComputations().setPremasterSecret(preMasterSecret);
    }

    private void prepareEphemeralKey() {
        EllipticCurve curve = CurveFactory.getCurve(this.chooser.getSelectedGostCurve());
        LOGGER.debug("Using key from context.");
        this.msg.getComputations().setPrivateKey(this.chooser.getClientEcPrivateKey());
        this.msg.getComputations().setClientPublicKey(curve.mult((BigInteger) this.msg.getComputations().getPrivateKey().getValue(), curve.getBasePoint()));
    }

    private byte[] wrap(boolean z, byte[] bArr, String str) {
        byte[] unwrap;
        CipherParameters parametersWithUKM = new ParametersWithUKM(new ParametersWithSBox(new KeyParameter((byte[]) this.msg.getComputations().getKeyEncryptionKey().getValue()), GOST28147Engine.getSBox(str)), (byte[]) this.msg.getComputations().getUkm().getValue());
        GOST28147WrapEngine gOST28147WrapEngine = new GOST28147WrapEngine();
        gOST28147WrapEngine.init(z, parametersWithUKM);
        if (z) {
            LOGGER.debug("Wrapping GOST PMS: " + ArrayConverter.bytesToHexString(bArr));
            unwrap = gOST28147WrapEngine.wrap(bArr, 0, bArr.length);
        } else {
            LOGGER.debug("Unwrapping GOST PMS: " + ArrayConverter.bytesToHexString(bArr));
            unwrap = gOST28147WrapEngine.unwrap(bArr, 0, bArr.length);
        }
        LOGGER.debug("Wrap result: " + ArrayConverter.bytesToHexString(unwrap));
        return unwrap;
    }

    private void prepareCek() {
        byte[] wrap = wrap(true, (byte[]) this.msg.getComputations().getPremasterSecret().getValue(), oidMappings.get(new ASN1ObjectIdentifier((String) this.msg.getComputations().getEncryptionParamSet().getValue())));
        byte[] bArr = new byte[32];
        System.arraycopy(wrap, 0, bArr, 0, bArr.length);
        this.msg.getComputations().setEncryptedKey(bArr);
        byte[] bArr2 = new byte[wrap.length - bArr.length];
        System.arraycopy(wrap, bArr.length, bArr2, 0, bArr2.length);
        this.msg.getComputations().setMacKey(bArr2);
    }

    private void prepareEncryptionParams() {
        this.msg.getComputations().setEncryptionParamSet(getEncryptionParameters());
    }

    private void prepareKeyBlob() throws IOException {
        TLSGostKeyTransportBlob tLSGostKeyTransportBlob = new TLSGostKeyTransportBlob(new GostR3410KeyTransport(new Gost2814789EncryptedKey((byte[]) this.msg.getComputations().getEncryptedKey().getValue(), getMaskKey(), (byte[]) this.msg.getComputations().getMacKey().getValue()), new GostR3410TransportParameters(new ASN1ObjectIdentifier((String) this.msg.getComputations().getEncryptionParamSet().getValue()), SubjectPublicKeyInfo.getInstance(GOSTUtils.generatePublicKey(this.chooser.getSelectedGostCurve(), Point.createPoint((BigInteger) this.msg.getComputations().getClientPublicKeyX().getValue(), (BigInteger) this.msg.getComputations().getClientPublicKeyY().getValue(), this.chooser.getSelectedGostCurve())).getEncoded()), (byte[]) this.msg.getComputations().getUkm().getValue())), DERSequence.getInstance(getProxyKeyBlobs()));
        this.msg.setKeyTransportBlob(tLSGostKeyTransportBlob.getEncoded());
        LOGGER.debug("GOST key blob: " + ASN1Dump.dumpAsString(tLSGostKeyTransportBlob, true));
    }

    private byte[] getProxyKeyBlobs() {
        if (this.msg.getComputations().getProxyKeyBlobs() != null) {
            return (byte[]) this.msg.getComputations().getProxyKeyBlobs().getValue();
        }
        return null;
    }

    private byte[] getMaskKey() {
        if (this.msg.getComputations().getMaskKey() != null) {
            return (byte[]) this.msg.getComputations().getMaskKey().getValue();
        }
        return null;
    }

    protected abstract ASN1ObjectIdentifier getEncryptionParameters();

    protected abstract Digest getKeyAgreementDigestAlgorithm();

    protected abstract String getKeyPairGeneratorAlgorithm();

    static {
        oidMappings.put(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_TestParamSet, "E-TEST");
        oidMappings.put(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, "E-A");
        oidMappings.put(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_B_ParamSet, "E-B");
        oidMappings.put(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_C_ParamSet, "E-C");
        oidMappings.put(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_D_ParamSet, "E-D");
        oidMappings.put(RosstandartObjectIdentifiers.id_tc26_gost_28147_param_Z, "Param-Z");
    }
}
