package tss;

import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.CFBBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import tss.Crypto;
import tss.tpm.TPM2B_DIGEST;
import tss.tpm.TPM2B_PUBLIC_KEY_RSA;
import tss.tpm.TPMS_ECC_PARMS;
import tss.tpm.TPMS_ECC_POINT;
import tss.tpm.TPMS_ID_OBJECT;
import tss.tpm.TPMS_RSA_PARMS;
import tss.tpm.TPMT_PUBLIC;
import tss.tpm.TPMT_SENSITIVE;
import tss.tpm.TPMT_SYM_DEF_OBJECT;
import tss.tpm.TPM_ALG_ID;
import tss.tpm.TPM_ECC_CURVE;

/* loaded from: input_file:tss/Tss.class */
public class Tss {

    /* loaded from: input_file:tss/Tss$ActivationCredential.class */
    public static class ActivationCredential {
        public TPMS_ID_OBJECT CredentialBlob = new TPMS_ID_OBJECT();
        public byte[] Secret;
    }

    /* loaded from: input_file:tss/Tss$DuplicationBlob.class */
    public static class DuplicationBlob {
        public byte[] EncryptionKey;
        public byte[] DuplicateObject;
        public byte[] EncryptedSeed;
        public byte[] InnerWrapperKey;
    }

    /* loaded from: input_file:tss/Tss$Key.class */
    public static class Key {
        public byte[] PrivatePart;
        public TPMT_PUBLIC PublicPart;
    }

    public static Key createKey(TPMT_PUBLIC tpmt_public) {
        Key key = new Key();
        if (tpmt_public.type() == TPM_ALG_ID.RSA) {
            TPMS_RSA_PARMS tpms_rsa_parms = (TPMS_RSA_PARMS) tpmt_public.parameters;
            int i = tpms_rsa_parms.keyBits;
            Crypto.RsaKeyPair createRsaKey = Crypto.createRsaKey(i, tpms_rsa_parms.exponent);
            key.PublicPart = new TPMT_PUBLIC(tpmt_public.nameAlg, tpmt_public.objectAttributes, tpmt_public.authPolicy, tpmt_public.parameters, new TPM2B_PUBLIC_KEY_RSA(Crypto.bigIntToTpmInt(createRsaKey.PublicKey, i)));
            key.PrivatePart = Crypto.bigIntToTpmInt(createRsaKey.PrivateKey, i / 2);
        } else {
            if (tpmt_public.type() != TPM_ALG_ID.ECC) {
                throw new TpmException("Unsupported alg");
            }
            TPMS_ECC_PARMS tpms_ecc_parms = (TPMS_ECC_PARMS) tpmt_public.parameters;
            TPM_ECC_CURVE tpm_ecc_curve = tpms_ecc_parms.curveID;
            Crypto.ECCKeyPair createECCKey = Crypto.createECCKey(tpm_ecc_curve, tpms_ecc_parms.scheme.GetUnionSelector());
            int ecTpmKeyStrength = Crypto.ecTpmKeyStrength(tpm_ecc_curve);
            key.PublicPart = new TPMT_PUBLIC(tpmt_public.nameAlg, tpmt_public.objectAttributes, tpmt_public.authPolicy, tpmt_public.parameters, new TPMS_ECC_POINT(Crypto.bigIntToTpmInt(createECCKey.PublicKey.getXCoord().toBigInteger(), ecTpmKeyStrength), Crypto.bigIntToTpmInt(createECCKey.PublicKey.getYCoord().toBigInteger(), ecTpmKeyStrength)));
            key.PrivatePart = Crypto.bigIntToTpmInt(createECCKey.PrivateKey, ecTpmKeyStrength);
        }
        return key;
    }

    public static ActivationCredential createActivationCredential(TPMT_PUBLIC tpmt_public, byte[] bArr, byte[] bArr2) {
        if (!(tpmt_public.parameters instanceof TPMS_RSA_PARMS)) {
            throw new RuntimeException("Not supported");
        }
        ActivationCredential activationCredential = new ActivationCredential();
        TPMS_RSA_PARMS tpms_rsa_parms = (TPMS_RSA_PARMS) tpmt_public.parameters;
        TPM2B_PUBLIC_KEY_RSA tpm2b_public_key_rsa = (TPM2B_PUBLIC_KEY_RSA) tpmt_public.unique;
        TPM_ALG_ID tpm_alg_id = tpmt_public.nameAlg;
        TPM_ALG_ID tpm_alg_id2 = tpmt_public.nameAlg;
        TPMT_SYM_DEF_OBJECT tpmt_sym_def_object = tpms_rsa_parms.symmetric;
        if (tpmt_sym_def_object.algorithm != TPM_ALG_ID.AES) {
            throw new RuntimeException("Symmetric alg not supported");
        }
        if (tpmt_sym_def_object.mode != TPM_ALG_ID.CFB) {
            throw new RuntimeException("Symmetric alg mode not supported");
        }
        int i = tpmt_sym_def_object.keyBits;
        byte[] RandomBytes = Helpers.RandomBytes(Crypto.digestSize(tpm_alg_id2));
        activationCredential.Secret = Crypto.oaepEncrypt(tpms_rsa_parms, tpm2b_public_key_rsa, RandomBytes, tpm_alg_id, "IDENTITY");
        byte[] bytes = new TPM2B_DIGEST(bArr2).toBytes();
        byte[] KDFa = Crypto.KDFa(tpm_alg_id2, RandomBytes, "STORAGE", bArr, new byte[0], i);
        CFBBlockCipher cFBBlockCipher = new CFBBlockCipher(new AESEngine(), i);
        cFBBlockCipher.init(true, new ParametersWithIV(new KeyParameter(KDFa), new byte[1]));
        byte[] bArr3 = new byte[bytes.length];
        if (cFBBlockCipher.processBytes(bytes, 0, bytes.length, bArr3, 0) != bytes.length) {
            throw new RuntimeException("");
        }
        activationCredential.CredentialBlob.encIdentity = bArr3;
        activationCredential.CredentialBlob.integrityHMAC = Crypto.hmac(tpm_alg_id2, Crypto.KDFa(tpm_alg_id2, RandomBytes, "INTEGRITY", new byte[0], new byte[0], Crypto.digestSize(tpm_alg_id2) * 8), Helpers.concatenate(activationCredential.CredentialBlob.encIdentity, bArr));
        return activationCredential;
    }

    public static DuplicationBlob createDuplicationBlob(TPMT_PUBLIC tpmt_public, TPMT_PUBLIC tpmt_public2, TPMT_SENSITIVE tpmt_sensitive, TPMT_SYM_DEF_OBJECT tpmt_sym_def_object) {
        byte[] cfbEncrypt;
        if (!(tpmt_public.parameters instanceof TPMS_RSA_PARMS)) {
            throw new TpmException("Only import of keys to RSA storage parents supported");
        }
        TPM_ALG_ID tpm_alg_id = tpmt_public.nameAlg;
        DuplicationBlob duplicationBlob = new DuplicationBlob();
        byte[] bArr = null;
        byte[] bArr2 = new byte[0];
        if (tpmt_sym_def_object.algorithm == TPM_ALG_ID.NULL) {
            cfbEncrypt = Helpers.byteArrayToLenPrependedByteArray(tpmt_sensitive.toBytes());
            duplicationBlob.EncryptionKey = bArr2;
        } else {
            if (tpmt_sym_def_object.algorithm != TPM_ALG_ID.AES || tpmt_sym_def_object.mode != TPM_ALG_ID.CFB) {
                throw new TpmException("innerWrapper KeyDef is not supported for import");
            }
            byte[] byteArrayToLenPrependedByteArray = Helpers.byteArrayToLenPrependedByteArray(tpmt_sensitive.toBytes());
            byte[] concatenate = Helpers.concatenate(Helpers.byteArrayToLenPrependedByteArray(Crypto.hash(tpmt_public2.nameAlg, Helpers.concatenate(byteArrayToLenPrependedByteArray, tpmt_public2.getName()))), byteArrayToLenPrependedByteArray);
            bArr = Helpers.RandomBytes(tpmt_sym_def_object.keyBits / 8);
            cfbEncrypt = Crypto.cfbEncrypt(true, TPM_ALG_ID.AES, bArr, bArr2, concatenate);
            duplicationBlob.EncryptionKey = bArr;
        }
        TPMT_SYM_DEF_OBJECT tpmt_sym_def_object2 = ((TPMS_RSA_PARMS) tpmt_public.parameters).symmetric;
        if (tpmt_sym_def_object2.algorithm != TPM_ALG_ID.AES && tpmt_sym_def_object2.mode != TPM_ALG_ID.CFB) {
            throw new TpmException("new parent symmetric key is not supported for import");
        }
        int i = tpmt_sym_def_object2.keyBits;
        byte[] RandomBytes = Helpers.RandomBytes(i / 8);
        byte[] encrypt = tpmt_public.encrypt(RandomBytes, "DUPLICATE");
        byte[] cfbEncrypt2 = Crypto.cfbEncrypt(true, TPM_ALG_ID.AES, Crypto.KDFa(tpm_alg_id, RandomBytes, "STORAGE", tpmt_public2.getName(), bArr2, i), bArr2, cfbEncrypt);
        duplicationBlob.DuplicateObject = Helpers.concatenate(Helpers.byteArrayToLenPrependedByteArray(Crypto.hmac(tpm_alg_id, Crypto.KDFa(tpm_alg_id, RandomBytes, "INTEGRITY", bArr2, bArr2, Crypto.digestSize(tpm_alg_id) * 8), Helpers.concatenate(cfbEncrypt2, tpmt_public2.getName()))), cfbEncrypt2);
        duplicationBlob.EncryptedSeed = encrypt;
        duplicationBlob.InnerWrapperKey = bArr;
        return duplicationBlob;
    }
}
