package io.olvid.engine.crypto;

import io.olvid.engine.crypto.KDF;
import io.olvid.engine.crypto.exceptions.DecryptionException;
import io.olvid.engine.datatypes.EncryptedBytes;
import io.olvid.engine.datatypes.Seed;
import io.olvid.engine.datatypes.key.symmetric.AuthEncAES256ThenSHA256Key;
import io.olvid.engine.datatypes.key.symmetric.AuthEncKey;
import io.olvid.engine.datatypes.key.symmetric.MACHmacSha256Key;
import io.olvid.engine.datatypes.key.symmetric.SymEncCTRAES256Key;
import java.security.InvalidKeyException;
import java.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: AuthEnc.java */
/* loaded from: classes4.dex */
public class AuthEncAES256ThenSHA256 implements AuthEnc {
    @Override // io.olvid.engine.crypto.AuthEnc
    public int ciphertextLengthFromPlaintextLength(int i) {
        return i + 40;
    }

    @Override // io.olvid.engine.crypto.AuthEnc
    public byte[] decrypt(AuthEncKey authEncKey, EncryptedBytes encryptedBytes) throws DecryptionException, InvalidKeyException {
        if (!(authEncKey instanceof AuthEncAES256ThenSHA256Key)) {
            throw new InvalidKeyException();
        }
        AuthEncAES256ThenSHA256Key authEncAES256ThenSHA256Key = (AuthEncAES256ThenSHA256Key) authEncKey;
        MACHmacSha256Key macKey = authEncAES256ThenSHA256Key.getMacKey();
        SymEncCTRAES256Key encKey = authEncAES256ThenSHA256Key.getEncKey();
        MACHmacSha256 mACHmacSha256 = new MACHmacSha256();
        SymEncCtrAES256 symEncCtrAES256 = new SymEncCtrAES256(encKey);
        byte[] bytes = encryptedBytes.getBytes();
        byte[] copyOfRange = Arrays.copyOfRange(bytes, bytes.length - mACHmacSha256.outputLength(), bytes.length);
        byte[] copyOfRange2 = Arrays.copyOfRange(bytes, 0, bytes.length - mACHmacSha256.outputLength());
        if (mACHmacSha256.verify(macKey, copyOfRange2, copyOfRange)) {
            return symEncCtrAES256.decrypt(new EncryptedBytes(copyOfRange2));
        }
        throw new DecryptionException();
    }

    @Override // io.olvid.engine.crypto.AuthEnc
    public EncryptedBytes encrypt(AuthEncKey authEncKey, byte[] bArr, PRNG prng) throws InvalidKeyException {
        if (!(authEncKey instanceof AuthEncAES256ThenSHA256Key)) {
            throw new InvalidKeyException();
        }
        AuthEncAES256ThenSHA256Key authEncAES256ThenSHA256Key = (AuthEncAES256ThenSHA256Key) authEncKey;
        MACHmacSha256Key macKey = authEncAES256ThenSHA256Key.getMacKey();
        SymEncCTRAES256Key encKey = authEncAES256ThenSHA256Key.getEncKey();
        MACHmacSha256 mACHmacSha256 = new MACHmacSha256();
        SymEncCtrAES256 symEncCtrAES256 = new SymEncCtrAES256(encKey);
        byte[] bArr2 = new byte[ciphertextLengthFromPlaintextLength(bArr.length)];
        symEncCtrAES256.encrypt(prng.bytes(8), bArr, bArr2);
        byte[] digest = mACHmacSha256.digest(macKey, bArr2, symEncCtrAES256.ciphertextLengthFromPlaintextLength(bArr.length));
        System.arraycopy(digest, 0, bArr2, symEncCtrAES256.ciphertextLengthFromPlaintextLength(bArr.length), digest.length);
        return new EncryptedBytes(bArr2);
    }

    @Override // io.olvid.engine.crypto.AuthEnc
    public AuthEncKey generateKey(PRNG prng) {
        try {
            return (AuthEncKey) Suite.getKDF(KDF.KDF_SHA256).gen(new Seed(prng), getKDFDelegate())[0];
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // io.olvid.engine.crypto.AuthEnc
    public AuthEncKey generateMessageKey(PRNG prng, byte[] bArr) {
        KDF kdf = Suite.getKDF(KDF.KDF_SHA256);
        SymEncCTRAES256Key symEncCTRAES256Key = (SymEncCTRAES256Key) kdf.gen(new Seed(prng), new KDFDelegateForSymEncCtrAES256())[0];
        byte[] bArr2 = new byte[symEncCTRAES256Key.getKeyLength() + bArr.length];
        System.arraycopy(symEncCTRAES256Key.getKeyBytes(), 0, bArr2, 0, symEncCTRAES256Key.getKeyLength());
        System.arraycopy(bArr, 0, bArr2, symEncCTRAES256Key.getKeyLength(), bArr.length);
        return AuthEncAES256ThenSHA256Key.of(((MACHmacSha256Key) kdf.gen(new Seed(bArr2), new KDFDelegateForHmacSHA256())[0]).getKeyBytes(), symEncCTRAES256Key.getKeyBytes());
    }

    @Override // io.olvid.engine.crypto.AuthEnc
    public KDF.Delegate getKDFDelegate() {
        return new KDFDelegateForAuthEncAES256ThenSHA256();
    }

    @Override // io.olvid.engine.crypto.AuthEnc
    public int keyByteLength() {
        return 64;
    }

    @Override // io.olvid.engine.crypto.AuthEnc
    public int plaintextLengthFromCiphertextLength(int i) {
        return i - 40;
    }

    @Override // io.olvid.engine.crypto.AuthEnc
    public boolean verifyMessageKey(AuthEncKey authEncKey, byte[] bArr) {
        KDF kdf = Suite.getKDF(KDF.KDF_SHA256);
        if (!(authEncKey instanceof AuthEncAES256ThenSHA256Key)) {
            return false;
        }
        AuthEncAES256ThenSHA256Key authEncAES256ThenSHA256Key = (AuthEncAES256ThenSHA256Key) authEncKey;
        SymEncCTRAES256Key encKey = authEncAES256ThenSHA256Key.getEncKey();
        byte[] bArr2 = new byte[encKey.getKeyLength() + bArr.length];
        System.arraycopy(encKey.getKeyBytes(), 0, bArr2, 0, encKey.getKeyLength());
        System.arraycopy(bArr, 0, bArr2, encKey.getKeyLength(), bArr.length);
        return Arrays.equals(((MACHmacSha256Key) kdf.gen(new Seed(bArr2), new KDFDelegateForHmacSHA256())[0]).getKeyBytes(), authEncAES256ThenSHA256Key.getMacKey().getKeyBytes());
    }
}
