package org.bouncycastle.crypto.hpke;

import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
import org.bouncycastle.crypto.BasicAgreement;
import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
import org.bouncycastle.crypto.agreement.XDHBasicAgreement;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.generators.X25519KeyPairGenerator;
import org.bouncycastle.crypto.generators.X448KeyPairGenerator;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.X25519KeyGenerationParameters;
import org.bouncycastle.crypto.params.X25519PrivateKeyParameters;
import org.bouncycastle.crypto.params.X25519PublicKeyParameters;
import org.bouncycastle.crypto.params.X448KeyGenerationParameters;
import org.bouncycastle.crypto.params.X448PrivateKeyParameters;
import org.bouncycastle.crypto.params.X448PublicKeyParameters;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.bouncycastle.math.ec.WNafUtil;
import org.bouncycastle.math.ec.custom.sec.SecP256R1Curve;
import org.bouncycastle.math.ec.custom.sec.SecP384R1Curve;
import org.bouncycastle.math.ec.custom.sec.SecP521R1Curve;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:org/bouncycastle/crypto/hpke/DHKEM.class */
class DHKEM {
    private AsymmetricCipherKeyPairGenerator lf;
    private BasicAgreement lj;
    private final short lt;
    private HKDF lb;
    private byte ld;
    private int lu;
    private int le;
    ECDomainParameters lI;

    /* JADX INFO: Access modifiers changed from: protected */
    public DHKEM(short s) {
        this.lt = s;
        switch (s) {
            case 16:
                this.lb = new HKDF((short) 1);
                SecP256R1Curve secP256R1Curve = new SecP256R1Curve();
                this.lI = new ECDomainParameters(secP256R1Curve, secP256R1Curve.lf(new BigInteger(1, Hex.lI("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296")), new BigInteger(1, Hex.lI("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"))), secP256R1Curve.lk(), secP256R1Curve.lv(), Hex.lI("c49d360886e704936a6678e1139d26b7819f7e90"));
                this.lj = new ECDHCBasicAgreement();
                this.ld = (byte) -1;
                this.lu = 32;
                this.le = 32;
                this.lf = new ECKeyPairGenerator();
                this.lf.lI(new ECKeyGenerationParameters(this.lI, new SecureRandom()));
                return;
            case 17:
                this.lb = new HKDF((short) 2);
                SecP384R1Curve secP384R1Curve = new SecP384R1Curve();
                this.lI = new ECDomainParameters(secP384R1Curve, secP384R1Curve.lf(new BigInteger(1, Hex.lI("aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7")), new BigInteger(1, Hex.lI("3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"))), secP384R1Curve.lk(), secP384R1Curve.lv(), Hex.lI("a335926aa319a27a1d00896a6773a4827acdac73"));
                this.lj = new ECDHCBasicAgreement();
                this.ld = (byte) -1;
                this.lu = 48;
                this.le = 48;
                this.lf = new ECKeyPairGenerator();
                this.lf.lI(new ECKeyGenerationParameters(this.lI, new SecureRandom()));
                return;
            case 18:
                this.lb = new HKDF((short) 3);
                SecP521R1Curve secP521R1Curve = new SecP521R1Curve();
                this.lI = new ECDomainParameters(secP521R1Curve, secP521R1Curve.lf(new BigInteger("c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", 16), new BigInteger("11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", 16)), secP521R1Curve.lk(), secP521R1Curve.lv(), Hex.lI("d09e8800291cb85396cc6717393284aaa0da64ba"));
                this.lj = new ECDHCBasicAgreement();
                this.ld = (byte) 1;
                this.lu = 66;
                this.le = 64;
                this.lf = new ECKeyPairGenerator();
                this.lf.lI(new ECKeyGenerationParameters(this.lI, new SecureRandom()));
                return;
            case 32:
                this.lb = new HKDF((short) 1);
                this.lj = new XDHBasicAgreement();
                this.le = 32;
                this.lu = 32;
                this.lf = new X25519KeyPairGenerator();
                this.lf.lI(new X25519KeyGenerationParameters(new SecureRandom()));
                return;
            case 33:
                this.lb = new HKDF((short) 3);
                this.lj = new XDHBasicAgreement();
                this.le = 64;
                this.lu = 56;
                this.lf = new X448KeyPairGenerator();
                this.lf.lI(new X448KeyGenerationParameters(new SecureRandom()));
                return;
            default:
                throw new IllegalArgumentException("invalid kem id");
        }
    }

    public byte[] lI(AsymmetricKeyParameter asymmetricKeyParameter) {
        switch (this.lt) {
            case 16:
            case 17:
            case 18:
                return ((ECPublicKeyParameters) asymmetricKeyParameter).lj().lI(false);
            case 32:
                return ((X25519PublicKeyParameters) asymmetricKeyParameter).lf();
            case 33:
                return ((X448PublicKeyParameters) asymmetricKeyParameter).lf();
            default:
                throw new IllegalStateException("invalid kem id");
        }
    }

    public byte[] lf(AsymmetricKeyParameter asymmetricKeyParameter) {
        switch (this.lt) {
            case 16:
            case 17:
            case 18:
                return lI(((ECPrivateKeyParameters) asymmetricKeyParameter).lj().toByteArray(), this.lu);
            case 32:
                return ((X25519PrivateKeyParameters) asymmetricKeyParameter).lf();
            case 33:
                return ((X448PrivateKeyParameters) asymmetricKeyParameter).lf();
            default:
                throw new IllegalStateException("invalid kem id");
        }
    }

    public AsymmetricKeyParameter lI(byte[] bArr) {
        switch (this.lt) {
            case 16:
            case 17:
            case 18:
                return new ECPublicKeyParameters(this.lI.lf().lI(bArr), this.lI);
            case 32:
                return new X25519PublicKeyParameters(bArr);
            case 33:
                return new X448PublicKeyParameters(bArr);
            default:
                throw new IllegalStateException("invalid kem id");
        }
    }

    public AsymmetricCipherKeyPair lI(byte[] bArr, byte[] bArr2) {
        AsymmetricKeyParameter lI = lI(bArr2);
        switch (this.lt) {
            case 16:
            case 17:
            case 18:
                return new AsymmetricCipherKeyPair(lI, (AsymmetricKeyParameter) new ECPrivateKeyParameters(new BigInteger(1, bArr), ((ECPublicKeyParameters) lI).lf()));
            case 32:
                return new AsymmetricCipherKeyPair(lI, (AsymmetricKeyParameter) new X25519PrivateKeyParameters(bArr));
            case 33:
                return new AsymmetricCipherKeyPair(lI, (AsymmetricKeyParameter) new X448PrivateKeyParameters(bArr));
            default:
                throw new IllegalStateException("invalid kem id");
        }
    }

    private boolean lI(BigInteger bigInteger) {
        BigInteger lt = this.lI.lt();
        return bigInteger.compareTo(BigInteger.valueOf(1L)) >= 0 && bigInteger.compareTo(lt) < 0 && WNafUtil.lj(bigInteger) >= (lt.bitLength() >>> 2);
    }

    public AsymmetricCipherKeyPair lI() {
        return this.lf.lI();
    }

    public AsymmetricCipherKeyPair lf(byte[] bArr) {
        if (bArr.length < this.lu) {
            throw new IllegalArgumentException("input keying material should have length at least " + this.lu + " bytes");
        }
        byte[] lb = Arrays.lb(Strings.lt("KEM"), Pack.lf(this.lt));
        switch (this.lt) {
            case 16:
            case 17:
            case 18:
                byte[] lI = this.lb.lI(null, lb, "dkp_prk", bArr);
                byte[] bArr2 = new byte[1];
                for (int i = 0; i <= 255; i++) {
                    bArr2[0] = (byte) i;
                    byte[] lI2 = this.lb.lI(lI, lb, "candidate", bArr2, this.lu);
                    lI2[0] = (byte) (lI2[0] & this.ld);
                    BigInteger bigInteger = new BigInteger(1, lI2);
                    if (lI(bigInteger)) {
                        return new AsymmetricCipherKeyPair((AsymmetricKeyParameter) new ECPublicKeyParameters(new FixedPointCombMultiplier().lI(this.lI.lj(), bigInteger), this.lI), (AsymmetricKeyParameter) new ECPrivateKeyParameters(bigInteger, this.lI));
                    }
                }
                throw new IllegalStateException("DeriveKeyPairError");
            case 32:
                X25519PrivateKeyParameters x25519PrivateKeyParameters = new X25519PrivateKeyParameters(this.lb.lI(this.lb.lI(null, lb, "dkp_prk", bArr), lb, "sk", null, this.lu));
                return new AsymmetricCipherKeyPair((AsymmetricKeyParameter) x25519PrivateKeyParameters.lj(), (AsymmetricKeyParameter) x25519PrivateKeyParameters);
            case 33:
                X448PrivateKeyParameters x448PrivateKeyParameters = new X448PrivateKeyParameters(this.lb.lI(this.lb.lI(null, lb, "dkp_prk", bArr), lb, "sk", null, this.lu));
                return new AsymmetricCipherKeyPair((AsymmetricKeyParameter) x448PrivateKeyParameters.lj(), (AsymmetricKeyParameter) x448PrivateKeyParameters);
            default:
                throw new IllegalStateException("invalid kem id");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    public byte[][] lj(AsymmetricKeyParameter asymmetricKeyParameter) {
        AsymmetricCipherKeyPair lI = this.lf.lI();
        this.lj.lI(lI.lf());
        byte[] lI2 = lI(this.lj.lf(asymmetricKeyParameter).toByteArray(), this.lj.lI());
        byte[] lI3 = lI(lI.lI());
        return new byte[]{lf(lI2, Arrays.lb(lI3, lI(asymmetricKeyParameter))), lI3};
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] lI(byte[] bArr, AsymmetricCipherKeyPair asymmetricCipherKeyPair) {
        AsymmetricKeyParameter lI = lI(bArr);
        this.lj.lI(asymmetricCipherKeyPair.lf());
        return lf(lI(this.lj.lf(lI).toByteArray(), this.lj.lI()), Arrays.lb(bArr, lI(asymmetricCipherKeyPair.lI())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    public byte[][] lI(AsymmetricKeyParameter asymmetricKeyParameter, AsymmetricCipherKeyPair asymmetricCipherKeyPair) {
        AsymmetricCipherKeyPair lI = this.lf.lI();
        this.lj.lI(lI.lf());
        byte[] lI2 = lI(this.lj.lf(asymmetricKeyParameter).toByteArray(), this.lj.lI());
        this.lj.lI(asymmetricCipherKeyPair.lf());
        byte[] lb = Arrays.lb(lI2, lI(this.lj.lf(asymmetricKeyParameter).toByteArray(), this.lj.lI()));
        byte[] lI3 = lI(lI.lI());
        return new byte[]{lf(lb, Arrays.lI(lI3, lI(asymmetricKeyParameter), lI(asymmetricCipherKeyPair.lI()))), lI3};
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] lI(byte[] bArr, AsymmetricCipherKeyPair asymmetricCipherKeyPair, AsymmetricKeyParameter asymmetricKeyParameter) {
        AsymmetricKeyParameter lI = lI(bArr);
        this.lj.lI(asymmetricCipherKeyPair.lf());
        byte[] lI2 = lI(this.lj.lf(lI).toByteArray(), this.lj.lI());
        this.lj.lI(asymmetricCipherKeyPair.lf());
        return lf(Arrays.lb(lI2, lI(this.lj.lf(asymmetricKeyParameter).toByteArray(), this.lj.lI())), Arrays.lI(bArr, lI(asymmetricCipherKeyPair.lI()), lI(asymmetricKeyParameter)));
    }

    private byte[] lf(byte[] bArr, byte[] bArr2) {
        byte[] lb = Arrays.lb(Strings.lt("KEM"), Pack.lf(this.lt));
        return this.lb.lI(this.lb.lI(null, lb, "eae_prk", bArr), lb, "shared_secret", bArr2, this.le);
    }

    private byte[] lI(byte[] bArr, int i) {
        byte[] bArr2 = new byte[i];
        if (bArr.length <= i) {
            System.arraycopy(bArr, 0, bArr2, i - bArr.length, bArr.length);
        } else {
            System.arraycopy(bArr, bArr.length - i, bArr2, 0, i);
        }
        return bArr2;
    }
}
