package pro.javacard.pace;

import apdu4j.core.APDUBIBO;
import apdu4j.core.CommandAPDU;
import apdu4j.core.HexUtils;
import apdu4j.core.ResponseAPDU;
import com.payneteasy.tlv.BerTag;
import com.payneteasy.tlv.BerTlv;
import com.payneteasy.tlv.BerTlvBuilder;
import com.payneteasy.tlv.BerTlvParser;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.macs.CMac;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:pro/javacard/pace/PACE.class */
public final class PACE {
    private final byte[] keyENC;
    private final byte[] keyMAC;
    static final byte PASSWORD_CAN = 2;
    private static final byte COUNTER_ENC = 1;
    private static final byte COUNTER_MAC = 2;
    private static final byte COUNTER_PI = 3;
    private static final Logger log = LoggerFactory.getLogger(PACE.class);
    private static final byte[] oid = HexUtils.hex2bin("04007F00070202040204");
    private static final BerTlvParser parser = new BerTlvParser();

    /* loaded from: input_file:pro/javacard/pace/PACE$PACECurve.class */
    public enum PACECurve {
        secp256r1(12, ECNamedCurveTable.getParameterSpec("secp256r1")),
        brainpoolp256r1(13, ECNamedCurveTable.getParameterSpec("brainpoolp256r1")),
        secp384r1(15, ECNamedCurveTable.getParameterSpec("secp384r1")),
        brainpoolp384r1(16, ECNamedCurveTable.getParameterSpec("brainpoolp384r1"));

        final byte code;
        final ECParameterSpec spec;

        PACECurve(int i, ECParameterSpec eCParameterSpec) {
            this.code = (byte) i;
            this.spec = eCParameterSpec;
        }
    }

    public byte[] getENC() {
        return (byte[]) this.keyENC.clone();
    }

    public byte[] getMAC() {
        return (byte[]) this.keyMAC.clone();
    }

    private PACE(byte[] bArr, byte[] bArr2) {
        this.keyENC = bArr;
        this.keyMAC = bArr2;
        log.info("Computed PACE: ENC: {} MAC:{}", Hex.toHexString(bArr), Hex.toHexString(bArr2));
    }

    public static PACE executePACE(APDUBIBO apdubibo, byte[] bArr, String str, PACECurve pACECurve) throws PACEException, IOException, GeneralSecurityException {
        PACEException.check(apdubibo.transmit(new CommandAPDU(0, 164, 4, 0, bArr, 256)));
        PACEException.check(apdubibo.transmit(set_at(oid, (byte) 2, pACECurve)));
        ResponseAPDU check = PACEException.check(apdubibo.transmit(general_authenticate(new byte[]{124, 0})));
        SCHelpers.trace_tlv(check.getData(), log);
        byte[] decrypt = AESSecureChannel.decrypt(kdf(str.getBytes(StandardCharsets.UTF_8), (byte) 3), new byte[16], require_tag(check.getData(), 128).getBytesValue());
        AsymmetricCipherKeyPair generate = generate(pACECurve.spec);
        byte[] encoded = generate.getPublic().getQ().getEncoded(false);
        CommandAPDU general_authenticate = general_authenticate(new BerTlvBuilder(new BerTag(124)).addBytes(new BerTag(129), encoded).buildArray());
        SCHelpers.trace_tlv(general_authenticate.getData(), log);
        ResponseAPDU check2 = PACEException.check(apdubibo.transmit(general_authenticate));
        SCHelpers.trace_tlv(check2.getData(), log);
        byte[] decodePublic = decodePublic(pACECurve.spec, require_tag(check2.getData(), 130).getBytesValue());
        if (Arrays.equals(decodePublic, encoded)) {
            throw new PACEException("PACE: card and host keys can not be equal!");
        }
        ECParameterSpec parameterMap = parameterMap(pACECurve.spec, generate.getPrivate(), decodePublic, decrypt);
        AsymmetricCipherKeyPair generate2 = generate(parameterMap);
        byte[] encoded2 = generate2.getPublic().getQ().getEncoded(false);
        CommandAPDU general_authenticate2 = general_authenticate(new BerTlvBuilder(new BerTag(124)).addBytes(new BerTag(131), encoded2).buildArray());
        SCHelpers.trace_tlv(general_authenticate2.getData(), log);
        ResponseAPDU check3 = PACEException.check(apdubibo.transmit(general_authenticate2));
        SCHelpers.trace_tlv(check3.getData(), log);
        byte[] decodePublic2 = decodePublic(parameterMap, require_tag(check3.getData(), 132).getBytesValue());
        if (Arrays.equals(encoded2, decodePublic2)) {
            throw new PACEException("PACE security violation: equal keys");
        }
        byte[] generateSharedSecret = generateSharedSecret(pACECurve.spec, generate2.getPrivate().getD().toByteArray(), decodePublic2);
        byte[] kdf = kdf(generateSharedSecret, (byte) 2);
        byte[] kdf2 = kdf(generateSharedSecret, (byte) 1);
        CommandAPDU general_authenticate_last = general_authenticate_last(new BerTlvBuilder(new BerTag(124)).addBytes(new BerTag(133), aes_mac8(kdf, auth_token(decodePublic2))).buildArray());
        SCHelpers.trace_tlv(general_authenticate_last.getData(), log);
        ResponseAPDU check4 = PACEException.check(apdubibo.transmit(general_authenticate_last));
        SCHelpers.trace_tlv(check4.getData(), log);
        if (!Arrays.equals(require_tag(check4.getData(), 134).getBytesValue(), aes_mac8(kdf, auth_token(encoded2)))) {
            throw new PACEException("PACE: invalid card auth token: " + HexUtils.bin2hex(check4.getData()));
        }
        log.info("Card authenticated");
        return new PACE(kdf2, kdf);
    }

    static BerTlv require_tag(byte[] bArr, int i) throws PACEException {
        BerTlv find = parser.parse(bArr).find(new BerTag(i));
        if (find == null) {
            throw new PACEException(String.format("PACE: invalid response, missing tag 0x%02X: %s", Integer.valueOf(i), HexUtils.bin2hex(bArr)));
        }
        return find;
    }

    static AsymmetricCipherKeyPair generate(ECParameterSpec eCParameterSpec) {
        ECKeyGenerationParameters eCKeyGenerationParameters = new ECKeyGenerationParameters(new ECDomainParameters(eCParameterSpec.getCurve(), eCParameterSpec.getG(), eCParameterSpec.getN(), eCParameterSpec.getH()), new SecureRandom());
        ECKeyPairGenerator eCKeyPairGenerator = new ECKeyPairGenerator();
        eCKeyPairGenerator.init(eCKeyGenerationParameters);
        return eCKeyPairGenerator.generateKeyPair();
    }

    static byte[] decodePublic(ECParameterSpec eCParameterSpec, byte[] bArr) {
        ECDomainParameters eCDomainParameters = new ECDomainParameters(eCParameterSpec.getCurve(), eCParameterSpec.getG(), eCParameterSpec.getN(), eCParameterSpec.getH());
        return new ECPublicKeyParameters(eCDomainParameters.getCurve().decodePoint(bArr), eCDomainParameters).getQ().getEncoded(false);
    }

    private static CommandAPDU general_authenticate(byte[] bArr) {
        return new CommandAPDU(16, 134, 0, 0, bArr, 256);
    }

    private static CommandAPDU general_authenticate_last(byte[] bArr) {
        return new CommandAPDU(0, 134, 0, 0, bArr, 256);
    }

    private static CommandAPDU set_at(byte[] bArr, byte b, PACECurve pACECurve) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(new BerTlvBuilder().addBytes(new BerTag(128), bArr).buildArray());
        byteArrayOutputStream.write(new BerTlvBuilder().addByte(new BerTag(131), b).buildArray());
        byteArrayOutputStream.write(new BerTlvBuilder().addByte(new BerTag(132), pACECurve.code).buildArray());
        return new CommandAPDU(0, 34, 193, 164, byteArrayOutputStream.toByteArray(), 256);
    }

    static byte[] kdf(byte[] bArr, byte b) throws GeneralSecurityException {
        return kdf(bArr, b, null);
    }

    private static byte[] kdf(byte[] bArr, byte b, byte[] bArr2) throws GeneralSecurityException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        byte[] bArr3 = {0, 0, 0, b};
        messageDigest.update(bArr);
        if (bArr2 != null) {
            messageDigest.update(bArr2);
        }
        messageDigest.update(bArr3);
        return messageDigest.digest();
    }

    private static ECParameterSpec parameterMap(ECParameterSpec eCParameterSpec, ECPrivateKeyParameters eCPrivateKeyParameters, byte[] bArr, byte[] bArr2) {
        ECPoint decodePoint = eCParameterSpec.getCurve().decodePoint(bArr);
        BigInteger d = eCPrivateKeyParameters.getD();
        BigInteger bigInteger = new BigInteger(COUNTER_ENC, bArr2);
        return new ECParameterSpec(eCParameterSpec.getCurve(), eCParameterSpec.getG().multiply(bigInteger).add(decodePoint.multiply(eCParameterSpec.getH().multiply(d))), eCParameterSpec.getN(), eCParameterSpec.getH());
    }

    public static byte[] generateSharedSecret(ECParameterSpec eCParameterSpec, byte[] bArr, byte[] bArr2) {
        return positive(eCParameterSpec.getCurve().decodePoint(bArr2).multiply(new BigInteger(COUNTER_ENC, bArr)).normalize().getXCoord().toBigInteger().toByteArray());
    }

    public static byte[] positive(byte[] bArr) {
        return (bArr[0] == 0 && bArr.length % 2 == COUNTER_ENC) ? Arrays.copyOfRange(bArr, COUNTER_ENC, bArr.length) : bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] aes_mac8(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[16];
        CMac cMac = new CMac(AESEngine.newInstance());
        cMac.init(new KeyParameter(bArr));
        cMac.update(bArr2, 0, bArr2.length);
        cMac.doFinal(bArr3, 0);
        return Arrays.copyOf(bArr3, 8);
    }

    private static byte[] auth_token(byte[] bArr) {
        return new BerTlvBuilder(new BerTag(127, 73)).addBytes(new BerTag(6), oid).addBytes(new BerTag(134), bArr).buildArray();
    }
}
