package net.i2p.router.crypto.ratchet;

import com.southernstorm.noise.crypto.x25519.Curve25519;
import com.southernstorm.noise.protocol.ChaChaPolyCipherState;
import com.southernstorm.noise.protocol.CipherState;
import com.southernstorm.noise.protocol.DHState;
import com.southernstorm.noise.protocol.HandshakeState;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import net.i2p.crypto.EncType;
import net.i2p.crypto.HKDF;
import net.i2p.data.Base64;
import net.i2p.data.Certificate;
import net.i2p.data.DataFormatException;
import net.i2p.data.DataHelper;
import net.i2p.data.PrivateKey;
import net.i2p.data.PublicKey;
import net.i2p.data.SessionKey;
import net.i2p.data.i2np.GarlicClove;
import net.i2p.router.RouterContext;
import net.i2p.router.crypto.ratchet.RatchetPayload;
import net.i2p.router.message.CloveSet;
import net.i2p.router.networkdb.HandleDatabaseLookupMessageJob;
import net.i2p.util.Log;

/* loaded from: input_file:net/i2p/router/crypto/ratchet/ECIESAEADEngine.class */
public final class ECIESAEADEngine {
    private final RouterContext _context;
    private final Log _log;
    private final MuxedEngine _muxedEngine;
    private final HKDF _hkdf;
    private final Elg2KeyFactory _edhThread;
    private boolean _isRunning;
    private static final int TAGLEN = 8;
    private static final int MACLEN = 16;
    private static final int KEYLEN = 32;
    private static final int BHLEN = 3;
    private static final int DATETIME_SIZE = 7;
    private static final int MIN_NS_SIZE = 103;
    private static final int MIN_NSR_SIZE = 56;
    private static final int MIN_ES_SIZE = 24;
    private static final int MIN_ENCRYPTED_SIZE = 24;
    private static final int MAXPAD = 16;
    private static final String INFO_0 = "SessionReplyTags";
    private static final String INFO_6 = "AttachPayloadKDF";
    private static final byte[] ZEROLEN = new byte[0];
    private static final byte[] NULLPK = new byte[32];

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/i2p/router/crypto/ratchet/ECIESAEADEngine$PLCallback.class */
    public class PLCallback implements RatchetPayload.PayloadCallback {
        public final List<GarlicClove> cloveSet;
        public long datetime;
        public NextSessionKey nextKey;

        private PLCallback() {
            this.cloveSet = new ArrayList(3);
        }

        @Override // net.i2p.router.crypto.ratchet.RatchetPayload.PayloadCallback
        public void gotDateTime(long j) {
            if (ECIESAEADEngine.this._log.shouldDebug()) {
                ECIESAEADEngine.this._log.debug("Got DATE block: " + DataHelper.formatTime(j));
            }
            if (this.datetime != 0) {
                throw new IllegalArgumentException("Multiple DATETIME blocks");
            }
            this.datetime = j;
        }

        @Override // net.i2p.router.crypto.ratchet.RatchetPayload.PayloadCallback
        public void gotOptions(byte[] bArr, boolean z) {
            if (ECIESAEADEngine.this._log.shouldDebug()) {
                ECIESAEADEngine.this._log.debug("Got OPTIONS block length " + bArr.length);
            }
        }

        @Override // net.i2p.router.crypto.ratchet.RatchetPayload.PayloadCallback
        public void gotGarlic(GarlicClove garlicClove) {
            if (ECIESAEADEngine.this._log.shouldDebug()) {
                ECIESAEADEngine.this._log.debug("Got GARLIC block: " + garlicClove);
            }
            this.cloveSet.add(garlicClove);
        }

        @Override // net.i2p.router.crypto.ratchet.RatchetPayload.PayloadCallback
        public void gotNextKey(NextSessionKey nextSessionKey) {
            if (ECIESAEADEngine.this._log.shouldDebug()) {
                ECIESAEADEngine.this._log.debug("Got NEXTKEY block: " + nextSessionKey);
            }
            this.nextKey = nextSessionKey;
        }

        @Override // net.i2p.router.crypto.ratchet.RatchetPayload.PayloadCallback
        public void gotTermination(int i, long j) {
            if (ECIESAEADEngine.this._log.shouldDebug()) {
                ECIESAEADEngine.this._log.debug("Got TERMINATION block, reason: " + i + " count: " + j);
            }
        }

        @Override // net.i2p.router.crypto.ratchet.RatchetPayload.PayloadCallback
        public void gotUnknown(int i, int i2) {
            if (ECIESAEADEngine.this._log.shouldDebug()) {
                ECIESAEADEngine.this._log.debug("Got UNKNOWN block, type: " + i + " len: " + i2);
            }
        }

        @Override // net.i2p.router.crypto.ratchet.RatchetPayload.PayloadCallback
        public void gotPadding(int i, int i2) {
            if (ECIESAEADEngine.this._log.shouldDebug()) {
                ECIESAEADEngine.this._log.debug("Got PADDING block, len: " + i + " in frame len: " + i2);
            }
        }
    }

    public ECIESAEADEngine(RouterContext routerContext) {
        this._context = routerContext;
        this._log = this._context.logManager().getLog(ECIESAEADEngine.class);
        this._muxedEngine = new MuxedEngine(routerContext);
        this._hkdf = new HKDF(routerContext);
        this._edhThread = new Elg2KeyFactory(routerContext);
        this._context.statManager().createFrequencyStat("crypto.eciesAEAD.encryptNewSession", "how frequently we encrypt to a new ECIES/AEAD+SessionTag session?", "Encryption", new long[]{HandleDatabaseLookupMessageJob.EXPIRE_DELAY});
        this._context.statManager().createFrequencyStat("crypto.eciesAEAD.encryptExistingSession", "how frequently we encrypt to an existing ECIES/AEAD+SessionTag session?", "Encryption", new long[]{HandleDatabaseLookupMessageJob.EXPIRE_DELAY});
        this._context.statManager().createFrequencyStat("crypto.eciesAEAD.decryptNewSession", "how frequently we decrypt with a new ECIES/AEAD+SessionTag session?", "Encryption", new long[]{HandleDatabaseLookupMessageJob.EXPIRE_DELAY});
        this._context.statManager().createFrequencyStat("crypto.eciesAEAD.decryptExistingSession", "how frequently we decrypt with an existing ECIES/AEAD+SessionTag session?", "Encryption", new long[]{HandleDatabaseLookupMessageJob.EXPIRE_DELAY});
        this._context.statManager().createFrequencyStat("crypto.eciesAEAD.decryptFailed", "how frequently we fail to decrypt with ECIES/AEAD+SessionTag?", "Encryption", new long[]{HandleDatabaseLookupMessageJob.EXPIRE_DELAY});
    }

    public synchronized void startup() {
        if (this._isRunning) {
            return;
        }
        this._edhThread.start();
        this._isRunning = true;
    }

    public synchronized void shutdown() {
        this._isRunning = false;
        this._edhThread.shutdown();
    }

    public CloveSet decrypt(byte[] bArr, PrivateKey privateKey, PrivateKey privateKey2, MuxedSKM muxedSKM) throws DataFormatException {
        return this._muxedEngine.decrypt(bArr, privateKey, privateKey2, muxedSKM);
    }

    public CloveSet decrypt(byte[] bArr, PrivateKey privateKey, RatchetSKM ratchetSKM) throws DataFormatException {
        try {
            return x_decrypt(bArr, privateKey, ratchetSKM);
        } catch (Exception e) {
            this._log.error("ECIES decrypt error", e);
            return null;
        } catch (DataFormatException e2) {
            throw e2;
        }
    }

    private CloveSet x_decrypt(byte[] bArr, PrivateKey privateKey, RatchetSKM ratchetSKM) throws DataFormatException {
        CloveSet cloveSet;
        if (privateKey.getType() != EncType.ECIES_X25519) {
            throw new IllegalArgumentException();
        }
        if (bArr == null) {
            if (!this._log.shouldLog(40)) {
                return null;
            }
            this._log.error("Null data being decrypted?");
            return null;
        }
        if (bArr.length < 24) {
            if (!this._log.shouldLog(40)) {
                return null;
            }
            this._log.error("Data is less than the minimum size (" + bArr.length + " < 24)");
            return null;
        }
        byte[] bArr2 = new byte[8];
        System.arraycopy(bArr, 0, bArr2, 0, 8);
        RatchetSessionTag ratchetSessionTag = new RatchetSessionTag(bArr2);
        SessionKeyAndNonce consumeTag = ratchetSKM.consumeTag(ratchetSessionTag);
        boolean shouldDebug = this._log.shouldDebug();
        if (consumeTag != null) {
            HandshakeState handshakeState = consumeTag.getHandshakeState();
            if (handshakeState == null) {
                if (shouldDebug) {
                    this._log.debug("Decrypting ES with tag: " + ratchetSessionTag.toBase64() + ": key: " + consumeTag.toBase64() + ": " + bArr.length + " bytes");
                }
                cloveSet = decryptExistingSession(bArr2, bArr, consumeTag, privateKey);
            } else if (bArr.length >= MIN_NSR_SIZE) {
                if (shouldDebug) {
                    this._log.debug("Decrypting NSR with tag: " + ratchetSessionTag.toBase64() + ": key: " + consumeTag.toBase64() + ": " + bArr.length + " bytes");
                }
                cloveSet = decryptNewSessionReply(bArr2, bArr, handshakeState, ratchetSKM);
            } else {
                cloveSet = null;
                if (this._log.shouldWarn()) {
                    this._log.warn("ECIES decrypt fail, tag found but no state and too small for NSR: " + bArr.length + " bytes");
                }
            }
            if (cloveSet != null) {
                this._context.statManager().updateFrequency("crypto.eciesAEAD.decryptExistingSession");
            } else {
                this._context.statManager().updateFrequency("crypto.eciesAEAD.decryptFailed");
                if (this._log.shouldWarn()) {
                    this._log.warn("ECIES decrypt fail: known tag [" + ratchetSessionTag + "], failed decrypt");
                }
            }
        } else if (bArr.length >= MIN_NS_SIZE) {
            if (shouldDebug) {
                this._log.debug("IB Tag " + ratchetSessionTag + " not found, trying NS decrypt");
            }
            cloveSet = decryptNewSession(bArr, privateKey, ratchetSKM);
            if (cloveSet != null) {
                this._context.statManager().updateFrequency("crypto.eciesAEAD.decryptNewSession");
            } else {
                this._context.statManager().updateFrequency("crypto.eciesAEAD.decryptFailed");
                if (this._log.shouldWarn()) {
                    this._log.warn("ECIES decrypt fail as new session");
                }
            }
        } else {
            cloveSet = null;
            if (this._log.shouldWarn()) {
                this._log.warn("ECIES decrypt fail, tag not found and too small for NS: " + bArr.length + " bytes");
            }
        }
        return cloveSet;
    }

    private CloveSet decryptNewSession(byte[] bArr, PrivateKey privateKey, RatchetSKM ratchetSKM) throws DataFormatException {
        try {
            HandshakeState handshakeState = new HandshakeState(HandshakeState.PATTERN_ID_IK, 2, this._edhThread);
            handshakeState.getLocalKeyPair().setPublicKey(privateKey.toPublic().getData(), 0);
            handshakeState.getLocalKeyPair().setPrivateKey(privateKey.getData(), 0);
            handshakeState.start();
            if (this._log.shouldDebug()) {
                this._log.debug("State before decrypt new session: " + handshakeState);
            }
            byte[] bArr2 = new byte[32];
            System.arraycopy(bArr, 0, bArr2, 0, 32);
            PublicKey decode = Elligator2.decode(bArr2);
            if (decode == null) {
                if (!this._log.shouldWarn()) {
                    return null;
                }
                this._log.warn("Elg2 decode fail NS");
                return null;
            }
            System.arraycopy(decode.getData(), 0, bArr, 0, 32);
            int length = bArr.length - 96;
            byte[] bArr3 = new byte[length];
            try {
                handshakeState.readMessage(bArr, 0, bArr.length, bArr3, 0);
                byte[] bArr4 = new byte[32];
                handshakeState.getRemotePublicKey().getPublicKey(bArr4, 0);
                if (this._log.shouldDebug()) {
                    this._log.debug("NS decrypt success from PK " + Base64.encode(bArr4));
                    this._log.debug("State after decrypt new session: " + handshakeState);
                }
                if (Arrays.equals(bArr4, NULLPK)) {
                    if (!this._log.shouldWarn()) {
                        return null;
                    }
                    this._log.warn("Zero static key in IB NS");
                    return null;
                }
                if (length == 0) {
                    if (!this._log.shouldWarn()) {
                        return null;
                    }
                    this._log.warn("Zero length payload in NS");
                    return null;
                }
                PLCallback pLCallback = new PLCallback();
                try {
                    int processPayload = RatchetPayload.processPayload(this._context, pLCallback, bArr3, 0, bArr3.length, true);
                    if (this._log.shouldDebug()) {
                        this._log.debug("Processed " + processPayload + " blocks in IB NS");
                    }
                    ratchetSKM.createSession(new PublicKey(EncType.ECIES_X25519, bArr4), handshakeState);
                    if (pLCallback.cloveSet.isEmpty() && this._log.shouldWarn()) {
                        this._log.warn("No garlic block in NS payload");
                    }
                    return new CloveSet((GarlicClove[]) pLCallback.cloveSet.toArray(new GarlicClove[pLCallback.cloveSet.size()]), Certificate.NULL_CERT, 0L, pLCallback.datetime);
                } catch (DataFormatException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new DataFormatException("Msg 1 payload error", e2);
                }
            } catch (GeneralSecurityException e3) {
                if (!this._log.shouldWarn()) {
                    return null;
                }
                this._log.warn("Decrypt fail NS", e3);
                if (!this._log.shouldDebug()) {
                    return null;
                }
                this._log.debug("State at failure: " + handshakeState);
                return null;
            }
        } catch (GeneralSecurityException e4) {
            throw new IllegalStateException("bad proto", e4);
        }
    }

    private CloveSet decryptNewSessionReply(byte[] bArr, byte[] bArr2, HandshakeState handshakeState, RatchetSKM ratchetSKM) throws DataFormatException {
        try {
            HandshakeState m12clone = handshakeState.m12clone();
            byte[] bArr3 = new byte[32];
            System.arraycopy(bArr2, 8, bArr3, 0, 32);
            PublicKey decode = Elligator2.decode(bArr3);
            if (decode == null) {
                if (!this._log.shouldWarn()) {
                    return null;
                }
                this._log.warn("Elg2 decode fail NSR");
                return null;
            }
            if (this._log.shouldDebug()) {
                this._log.debug("State before decrypt new session reply: " + m12clone);
            }
            System.arraycopy(decode.getData(), 0, bArr2, 8, 32);
            m12clone.mixHash(bArr, 0, 8);
            if (this._log.shouldDebug()) {
                this._log.debug("State after mixhash tag before decrypt new session reply: " + m12clone);
            }
            try {
                m12clone.readMessage(bArr2, 8, 48, ZEROLEN, 0);
                if (this._log.shouldDebug()) {
                    this._log.debug("State after decrypt new session reply: " + m12clone);
                }
                byte[] bArr4 = new byte[32];
                this._hkdf.calculate(m12clone.getChainingKey(), ZEROLEN, new byte[32], bArr4, 0);
                CipherState receiver = m12clone.split().getReceiver();
                byte[] handshakeHash = m12clone.getHandshakeHash();
                byte[] bArr5 = new byte[32];
                this._hkdf.calculate(bArr4, ZEROLEN, INFO_6, bArr5);
                receiver.initializeKey(bArr5, 0);
                byte[] bArr6 = new byte[bArr2.length - 72];
                try {
                    receiver.decryptWithAd(handshakeHash, bArr2, MIN_NSR_SIZE, bArr6, 0, bArr6.length + 16);
                    if (bArr6.length == 0) {
                        if (!this._log.shouldWarn()) {
                            return null;
                        }
                        this._log.warn("Zero length payload in NSR");
                        return null;
                    }
                    PLCallback pLCallback = new PLCallback();
                    try {
                        int processPayload = RatchetPayload.processPayload(this._context, pLCallback, bArr6, 0, bArr6.length, false);
                        if (this._log.shouldDebug()) {
                            this._log.debug("Processed " + processPayload + " blocks in IB NSR");
                        }
                        byte[] bArr7 = new byte[32];
                        m12clone.getRemotePublicKey().getPublicKey(bArr7, 0);
                        if (this._log.shouldDebug()) {
                            this._log.debug("NSR decrypt success from PK " + Base64.encode(bArr7));
                        }
                        if (Arrays.equals(bArr7, NULLPK)) {
                            if (!this._log.shouldWarn()) {
                                return null;
                            }
                            this._log.warn("NSR reply to zero static key NS");
                            return null;
                        }
                        ratchetSKM.updateSession(new PublicKey(EncType.ECIES_X25519, bArr7), handshakeState, m12clone);
                        if (pLCallback.cloveSet.isEmpty() && this._log.shouldWarn()) {
                            this._log.warn("No garlic block in NSR payload");
                        }
                        return new CloveSet((GarlicClove[]) pLCallback.cloveSet.toArray(new GarlicClove[pLCallback.cloveSet.size()]), Certificate.NULL_CERT, 0L, pLCallback.datetime);
                    } catch (Exception e) {
                        throw new DataFormatException("NSR payload error", e);
                    } catch (DataFormatException e2) {
                        throw e2;
                    }
                } catch (GeneralSecurityException e3) {
                    if (!this._log.shouldWarn()) {
                        return null;
                    }
                    this._log.warn("Decrypt fail NSR part 2", e3);
                    if (!this._log.shouldDebug()) {
                        return null;
                    }
                    this._log.debug("State at failure: " + m12clone);
                    return null;
                }
            } catch (GeneralSecurityException e4) {
                if (!this._log.shouldWarn()) {
                    return null;
                }
                this._log.warn("Decrypt fail NSR part 1", e4);
                if (!this._log.shouldDebug()) {
                    return null;
                }
                this._log.debug("State at failure: " + m12clone);
                return null;
            }
        } catch (CloneNotSupportedException e5) {
            if (!this._log.shouldWarn()) {
                return null;
            }
            this._log.warn("ECIES decrypt fail: clone()", e5);
            return null;
        }
    }

    private CloveSet decryptExistingSession(byte[] bArr, byte[] bArr2, SessionKeyAndNonce sessionKeyAndNonce, PrivateKey privateKey) throws DataFormatException {
        byte[] decryptAEADBlock = decryptAEADBlock(bArr, bArr2, 8, bArr2.length - 8, sessionKeyAndNonce, sessionKeyAndNonce.getNonce());
        if (decryptAEADBlock == null) {
            if (!this._log.shouldWarn()) {
                return null;
            }
            this._log.warn("Decrypt of ES failed");
            return null;
        }
        if (decryptAEADBlock.length == 0) {
            if (!this._log.shouldWarn()) {
                return null;
            }
            this._log.warn("Zero length payload in ES");
            return null;
        }
        PLCallback pLCallback = new PLCallback();
        try {
            int processPayload = RatchetPayload.processPayload(this._context, pLCallback, decryptAEADBlock, 0, decryptAEADBlock.length, false);
            if (this._log.shouldDebug()) {
                this._log.debug("Processed " + processPayload + " blocks in IB ES");
            }
            if (pLCallback.cloveSet.isEmpty() && this._log.shouldWarn()) {
                this._log.warn("No garlic block in ES payload");
            }
            return new CloveSet((GarlicClove[]) pLCallback.cloveSet.toArray(new GarlicClove[pLCallback.cloveSet.size()]), Certificate.NULL_CERT, 0L, pLCallback.datetime);
        } catch (DataFormatException e) {
            throw e;
        } catch (Exception e2) {
            throw new DataFormatException("ES payload error", e2);
        }
    }

    private byte[] decryptAEADBlock(byte[] bArr, int i, int i2, SessionKey sessionKey, long j) throws DataFormatException {
        return decryptAEADBlock(null, bArr, i, i2, sessionKey, j);
    }

    private byte[] decryptAEADBlock(byte[] bArr, byte[] bArr2, int i, int i2, SessionKey sessionKey, long j) throws DataFormatException {
        byte[] bArr3 = new byte[i2 - 16];
        ChaChaPolyCipherState chaChaPolyCipherState = new ChaChaPolyCipherState();
        chaChaPolyCipherState.initializeKey(sessionKey.getData(), 0);
        chaChaPolyCipherState.setNonce(j);
        try {
            chaChaPolyCipherState.decryptWithAd(bArr, bArr2, i, bArr3, 0, i2);
            return bArr3;
        } catch (GeneralSecurityException e) {
            if (!this._log.shouldWarn()) {
                return null;
            }
            this._log.warn("Unable to decrypt AEAD block", e);
            return null;
        }
    }

    public byte[] encrypt(CloveSet cloveSet, PublicKey publicKey, PrivateKey privateKey, RatchetSKM ratchetSKM) {
        try {
            return x_encrypt(cloveSet, publicKey, privateKey, ratchetSKM);
        } catch (Exception e) {
            this._log.error("ECIES encrypt error", e);
            return null;
        }
    }

    private byte[] x_encrypt(CloveSet cloveSet, PublicKey publicKey, PrivateKey privateKey, RatchetSKM ratchetSKM) {
        if (publicKey.getType() != EncType.ECIES_X25519) {
            throw new IllegalArgumentException();
        }
        if (Arrays.equals(publicKey.getData(), NULLPK)) {
            if (!this._log.shouldWarn()) {
                return null;
            }
            this._log.warn("Zero static key target");
            return null;
        }
        RatchetEntry consumeNextAvailableTag = ratchetSKM.consumeNextAvailableTag(publicKey);
        if (consumeNextAvailableTag == null) {
            if (this._log.shouldDebug()) {
                this._log.debug("Encrypting as NS to " + publicKey);
            }
            return encryptNewSession(cloveSet, publicKey, privateKey, ratchetSKM);
        }
        HandshakeState handshakeState = consumeNextAvailableTag.key.getHandshakeState();
        if (handshakeState == null) {
            if (this._log.shouldDebug()) {
                this._log.debug("Encrypting as ES to " + publicKey + " with key " + consumeNextAvailableTag.key + " and tag " + consumeNextAvailableTag.tag.toBase64());
            }
            return encryptExistingSession(cloveSet, publicKey, consumeNextAvailableTag.key, consumeNextAvailableTag.tag);
        }
        try {
            HandshakeState m12clone = handshakeState.m12clone();
            if (this._log.shouldDebug()) {
                this._log.debug("Encrypting as NSR to " + publicKey + " with tag " + consumeNextAvailableTag.tag.toBase64());
            }
            return encryptNewSessionReply(cloveSet, publicKey, m12clone, consumeNextAvailableTag.tag, ratchetSKM);
        } catch (CloneNotSupportedException e) {
            if (!this._log.shouldWarn()) {
                return null;
            }
            this._log.warn("ECIES encrypt fail: clone()", e);
            return null;
        }
    }

    private byte[] encryptNewSession(CloveSet cloveSet, PublicKey publicKey, PrivateKey privateKey, RatchetSKM ratchetSKM) {
        try {
            HandshakeState handshakeState = new HandshakeState(HandshakeState.PATTERN_ID_IK, 1, this._edhThread);
            handshakeState.getRemotePublicKey().setPublicKey(publicKey.getData(), 0);
            handshakeState.getLocalKeyPair().setPublicKey(privateKey.toPublic().getData(), 0);
            handshakeState.getLocalKeyPair().setPrivateKey(privateKey.getData(), 0);
            handshakeState.start();
            if (this._log.shouldDebug()) {
                this._log.debug("State before encrypt new session: " + handshakeState);
            }
            byte[] createPayload = createPayload(cloveSet, cloveSet.getExpiration());
            byte[] bArr = new byte[80 + createPayload.length + 16];
            try {
                handshakeState.writeMessage(bArr, 0, createPayload, 0, createPayload.length);
                if (this._log.shouldDebug()) {
                    this._log.debug("State after encrypt new session: " + handshakeState);
                }
                DHState localEphemeralKeyPair = handshakeState.getLocalEphemeralKeyPair();
                if (localEphemeralKeyPair == null || !localEphemeralKeyPair.hasEncodedPublicKey()) {
                    if (!this._log.shouldWarn()) {
                        return null;
                    }
                    this._log.warn("Bad NS state");
                    return null;
                }
                localEphemeralKeyPair.getEncodedPublicKey(bArr, 0);
                if (this._log.shouldDebug()) {
                    this._log.debug("Elligator2 encoded eph. key: " + Base64.encode(bArr, 0, 32));
                }
                ratchetSKM.createSession(publicKey, handshakeState);
                return bArr;
            } catch (GeneralSecurityException e) {
                if (!this._log.shouldWarn()) {
                    return null;
                }
                this._log.warn("Encrypt fail NS", e);
                return null;
            }
        } catch (GeneralSecurityException e2) {
            throw new IllegalStateException("bad proto", e2);
        }
    }

    private byte[] encryptNewSessionReply(CloveSet cloveSet, PublicKey publicKey, HandshakeState handshakeState, RatchetSessionTag ratchetSessionTag, RatchetSKM ratchetSKM) {
        if (this._log.shouldDebug()) {
            this._log.debug("State before encrypt new session reply: " + handshakeState);
        }
        byte[] data = ratchetSessionTag.getData();
        handshakeState.mixHash(data, 0, 8);
        if (this._log.shouldDebug()) {
            this._log.debug("State after mixhash tag before encrypt new session reply: " + handshakeState);
        }
        byte[] createPayload = createPayload(cloveSet, 0L);
        byte[] bArr = new byte[MIN_NSR_SIZE + createPayload.length + 16];
        System.arraycopy(data, 0, bArr, 0, 8);
        try {
            handshakeState.writeMessage(bArr, 8, ZEROLEN, 0, 0);
            if (this._log.shouldDebug()) {
                this._log.debug("State after encrypt new session reply: " + handshakeState);
            }
            DHState localEphemeralKeyPair = handshakeState.getLocalEphemeralKeyPair();
            if (localEphemeralKeyPair == null || !localEphemeralKeyPair.hasEncodedPublicKey()) {
                if (!this._log.shouldWarn()) {
                    return null;
                }
                this._log.warn("Bad NSR state");
                return null;
            }
            localEphemeralKeyPair.getEncodedPublicKey(bArr, 8);
            byte[] bArr2 = new byte[32];
            this._hkdf.calculate(handshakeState.getChainingKey(), ZEROLEN, new byte[32], bArr2, 0);
            CipherState sender = handshakeState.split().getSender();
            byte[] handshakeHash = handshakeState.getHandshakeHash();
            byte[] bArr3 = new byte[32];
            this._hkdf.calculate(bArr2, ZEROLEN, INFO_6, bArr3);
            sender.initializeKey(bArr3, 0);
            try {
                sender.encryptWithAd(handshakeHash, createPayload, 0, bArr, MIN_NSR_SIZE, createPayload.length);
                ratchetSKM.updateSession(publicKey, null, handshakeState);
                return bArr;
            } catch (GeneralSecurityException e) {
                if (!this._log.shouldWarn()) {
                    return null;
                }
                this._log.warn("Encrypt fail NSR part 2", e);
                return null;
            }
        } catch (GeneralSecurityException e2) {
            if (!this._log.shouldWarn()) {
                return null;
            }
            this._log.warn("Encrypt fail NSR part 1", e2);
            return null;
        }
    }

    private byte[] encryptExistingSession(CloveSet cloveSet, PublicKey publicKey, SessionKeyAndNonce sessionKeyAndNonce, RatchetSessionTag ratchetSessionTag) {
        byte[] data = ratchetSessionTag.getData();
        byte[] encryptAEADBlock = encryptAEADBlock(data, createPayload(cloveSet, 0L), sessionKeyAndNonce, sessionKeyAndNonce.getNonce());
        System.arraycopy(data, 0, encryptAEADBlock, 0, 8);
        return encryptAEADBlock;
    }

    private final byte[] encryptAEADBlock(byte[] bArr, SessionKey sessionKey, long j) {
        return encryptAEADBlock(null, bArr, sessionKey, j);
    }

    private final byte[] encryptAEADBlock(byte[] bArr, byte[] bArr2, SessionKey sessionKey, long j) {
        ChaChaPolyCipherState chaChaPolyCipherState = new ChaChaPolyCipherState();
        chaChaPolyCipherState.initializeKey(sessionKey.getData(), 0);
        chaChaPolyCipherState.setNonce(j);
        int length = bArr != null ? bArr.length : 0;
        byte[] bArr3 = new byte[length + bArr2.length + 16];
        try {
            chaChaPolyCipherState.encryptWithAd(bArr, bArr2, 0, bArr3, length, bArr2.length);
            return bArr3;
        } catch (GeneralSecurityException e) {
            if (!this._log.shouldWarn()) {
                return null;
            }
            this._log.warn("Unable to encrypt AEAD block", e);
            return null;
        }
    }

    private static final PrivateKey doDH(PrivateKey privateKey, PublicKey publicKey) {
        byte[] bArr = new byte[32];
        Curve25519.eval(bArr, 0, privateKey.getData(), publicKey.getData());
        return new PrivateKey(EncType.ECIES_X25519, bArr);
    }

    private byte[] createPayload(CloveSet cloveSet, long j) {
        int cloveCount = cloveSet.getCloveCount();
        int i = cloveCount + 1;
        if (j > 0) {
            i++;
        }
        int i2 = 0;
        ArrayList arrayList = new ArrayList(i);
        if (j > 0) {
            RatchetPayload.DateTimeBlock dateTimeBlock = new RatchetPayload.DateTimeBlock(j);
            arrayList.add(dateTimeBlock);
            i2 = 0 + dateTimeBlock.getTotalLength();
        }
        for (int i3 = 0; i3 < cloveCount; i3++) {
            RatchetPayload.GarlicBlock garlicBlock = new RatchetPayload.GarlicBlock(cloveSet.getClove(i3));
            arrayList.add(garlicBlock);
            i2 += garlicBlock.getTotalLength();
        }
        RatchetPayload.PaddingBlock paddingBlock = new RatchetPayload.PaddingBlock(1 + this._context.random().nextInt(16));
        arrayList.add(paddingBlock);
        int totalLength = i2 + paddingBlock.getTotalLength();
        byte[] bArr = new byte[totalLength];
        if (createPayload(bArr, 0, arrayList) != totalLength) {
            throw new IllegalStateException("payload size mismatch");
        }
        return bArr;
    }

    private int createPayload(byte[] bArr, int i, List<RatchetPayload.Block> list) {
        return RatchetPayload.writePayload(bArr, i, list);
    }

    private byte[] doHMAC(SessionKey sessionKey, byte[] bArr) {
        byte[] bArr2 = new byte[32];
        this._context.hmac256().calculate(sessionKey, bArr, 0, bArr.length, bArr2, 0);
        return bArr2;
    }
}
