package de.rub.nds.tlsattacker.core.protocol.message.computations;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;
import de.rub.nds.tlsattacker.core.constants.MacAlgorithm;
import de.rub.nds.tlsattacker.core.constants.PRFAlgorithm;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
import de.rub.nds.tlsattacker.core.crypto.PseudoRandomFunction;
import de.rub.nds.tlsattacker.core.crypto.ec.EllipticCurve;
import de.rub.nds.tlsattacker.core.crypto.ec.Point;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import de.rub.nds.tlsattacker.core.exceptions.PreparationException;
import de.rub.nds.tlsattacker.core.util.StaticTicketCrypto;
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.tls.TlsUtils;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.class */
public class PWDComputations extends KeyExchangeComputations {
    private static final Logger LOGGER = LogManager.getLogger();
    private Point passwordElement;
    private BigInteger privateKeyScalar;

    /* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations$PWDKeyMaterial.class */
    public static class PWDKeyMaterial {
        public BigInteger privateKeyScalar;
        public BigInteger scalar;
        public Point element;
    }

    /* JADX WARN: Type inference failed for: r0v23, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v28, types: [byte[], byte[][]] */
    public static Point computePasswordElement(Chooser chooser, EllipticCurve ellipticCurve) throws CryptoException {
        byte[] generateHMAC;
        MacAlgorithm macAlgorithm = getMacAlgorithm(chooser.getSelectedCipherSuite());
        BigInteger modulus = ellipticCurve.getModulus();
        byte[] serverPWDSalt = chooser.getContext().getServerPWDSalt();
        if (serverPWDSalt == null && chooser.getSelectedProtocolVersion() != ProtocolVersion.TLS13) {
            serverPWDSalt = chooser.getConfig().getDefaultServerPWDSalt();
        }
        if (serverPWDSalt == null) {
            Digest createHash = TlsUtils.createHash((short) 4);
            generateHMAC = new byte[createHash.getDigestSize()];
            byte[] bytes = (chooser.getClientPWDUsername() + chooser.getPWDPassword()).getBytes(StandardCharsets.ISO_8859_1);
            createHash.update(bytes, 0, bytes.length);
            createHash.doFinal(generateHMAC, 0);
        } else {
            generateHMAC = StaticTicketCrypto.generateHMAC(MacAlgorithm.HMAC_SHA256, (chooser.getClientPWDUsername() + chooser.getPWDPassword()).getBytes(StandardCharsets.ISO_8859_1), serverPWDSalt);
        }
        boolean z = false;
        int i = 0;
        int bitLength = (ellipticCurve.getModulus().bitLength() + 64) / 8;
        byte[] clientRandom = chooser.getSelectedProtocolVersion().isTLS13() ? chooser.getClientRandom() : ArrayConverter.concatenate((byte[][]) new byte[]{chooser.getClientRandom(), chooser.getServerRandom()});
        Point point = null;
        byte[] bArr = null;
        while (true) {
            i++;
            byte[] generateHMAC2 = StaticTicketCrypto.generateHMAC(macAlgorithm, ArrayConverter.concatenate((byte[][]) new byte[]{generateHMAC, ArrayConverter.intToBytes(i, 1), ArrayConverter.bigIntegerToByteArray(modulus)}), new byte[4]);
            Point createAPointOnCurve = ellipticCurve.createAPointOnCurve(new BigInteger(1, prf(chooser, generateHMAC2, clientRandom, bitLength)).mod(modulus.subtract(BigInteger.ONE)).add(BigInteger.ONE));
            if (!z && ellipticCurve.isOnCurve(createAPointOnCurve)) {
                point = createAPointOnCurve;
                bArr = (byte[]) generateHMAC2.clone();
                z = true;
                chooser.getContext().getBadSecureRandom().nextBytes(generateHMAC);
            }
            if (i <= 1000) {
                if (z && i >= chooser.getConfig().getDefaultPWDIterations().intValue()) {
                    break;
                }
            } else {
                bArr = (byte[]) generateHMAC2.clone();
                point = createAPointOnCurve;
                LOGGER.warn("Could not find a useful pwd point");
                break;
            }
        }
        if ((bArr[0] & 1) == (point.getFieldY().getData().getLowestSetBit() == 0 ? 1 : 0)) {
            point = ellipticCurve.inverse(point);
        }
        return point;
    }

    protected static MacAlgorithm getMacAlgorithm(CipherSuite cipherSuite) {
        if (cipherSuite.isSHA256()) {
            return MacAlgorithm.HMAC_SHA256;
        }
        if (cipherSuite.isSHA384()) {
            return MacAlgorithm.HMAC_SHA384;
        }
        if (cipherSuite.name().endsWith("SHA")) {
            return MacAlgorithm.HMAC_SHA1;
        }
        throw new PreparationException("Unsupported Mac Algorithm for suite " + cipherSuite.toString());
    }

    protected static byte[] prf(Chooser chooser, byte[] bArr, byte[] bArr2, int i) throws CryptoException {
        if (!chooser.getSelectedProtocolVersion().isTLS13()) {
            PRFAlgorithm pRFAlgorithm = AlgorithmResolver.getPRFAlgorithm(chooser.getSelectedProtocolVersion(), chooser.getSelectedCipherSuite());
            if (pRFAlgorithm != null) {
                return PseudoRandomFunction.compute(pRFAlgorithm, bArr, "TLS-PWD Hunting And Pecking", bArr2, i);
            }
            LOGGER.warn("Could not select prf for " + String.valueOf(chooser.getSelectedProtocolVersion()) + " and " + String.valueOf(chooser.getSelectedCipherSuite()));
            return new byte[i];
        }
        HKDFAlgorithm hKDFAlgorithm = AlgorithmResolver.getHKDFAlgorithm(chooser.getSelectedCipherSuite());
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(AlgorithmResolver.getDigestAlgorithm(chooser.getSelectedProtocolVersion(), chooser.getSelectedCipherSuite()).getJavaName());
            messageDigest.update(bArr2);
            return HKDFunction.expandLabel(hKDFAlgorithm, bArr, "TLS-PWD Hunting And Pecking", messageDigest.digest(), i);
        } catch (NoSuchAlgorithmException e) {
            throw new CryptoException("Could not initialize HKDF", e);
        }
    }

    public static PWDKeyMaterial generateKeyMaterial(EllipticCurve ellipticCurve, Point point, Chooser chooser) {
        BigInteger mod;
        PWDKeyMaterial pWDKeyMaterial = new PWDKeyMaterial();
        if (chooser.getConnectionEndType() == ConnectionEndType.CLIENT) {
            mod = new BigInteger(1, chooser.getConfig().getDefaultClientPWDMask()).mod(ellipticCurve.getBasePointOrder());
            pWDKeyMaterial.privateKeyScalar = new BigInteger(1, chooser.getConfig().getDefaultClientPWDPrivate()).mod(ellipticCurve.getBasePointOrder());
        } else {
            mod = new BigInteger(1, chooser.getConfig().getDefaultServerPWDMask()).mod(ellipticCurve.getBasePointOrder());
            pWDKeyMaterial.privateKeyScalar = new BigInteger(1, chooser.getConfig().getDefaultServerPWDPrivate()).mod(ellipticCurve.getBasePointOrder());
        }
        pWDKeyMaterial.scalar = mod.add(pWDKeyMaterial.privateKeyScalar).mod(ellipticCurve.getBasePointOrder());
        pWDKeyMaterial.element = ellipticCurve.inverse(ellipticCurve.mult(mod, point));
        return pWDKeyMaterial;
    }

    public Point getPasswordElement() {
        return this.passwordElement;
    }

    public void setPasswordElement(Point point) {
        this.passwordElement = point;
    }

    public BigInteger getPrivateKeyScalar() {
        return this.privateKeyScalar;
    }

    public void setPrivateKeyScalar(BigInteger bigInteger) {
        this.privateKeyScalar = bigInteger;
    }
}
