package de.rub.nds.tlsattacker.core.record.cipher;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.ExtensionType;
import de.rub.nds.tlsattacker.core.crypto.cipher.CipherWrapper;
import de.rub.nds.tlsattacker.core.crypto.mac.MacWrapper;
import de.rub.nds.tlsattacker.core.crypto.mac.WrappedMac;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import de.rub.nds.tlsattacker.core.protocol.parser.Parser;
import de.rub.nds.tlsattacker.core.record.BlobRecord;
import de.rub.nds.tlsattacker.core.record.Record;
import de.rub.nds.tlsattacker.core.record.RecordCryptoComputations;
import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySet;
import de.rub.nds.tlsattacker.core.state.TlsContext;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/record/cipher/RecordBlockCipher.class */
public final class RecordBlockCipher extends RecordCipher {
    private static final Logger LOGGER = LogManager.getLogger();
    private boolean useExplicitIv;
    private WrappedMac readMac;
    private WrappedMac writeMac;

    /* loaded from: input_file:de/rub/nds/tlsattacker/core/record/cipher/RecordBlockCipher$DecryptionParser.class */
    class DecryptionParser extends Parser<Object> {
        public DecryptionParser(int i, byte[] bArr) {
            super(i, bArr);
        }

        @Override // de.rub.nds.tlsattacker.core.protocol.parser.Parser
        public Object parse() {
            throw new UnsupportedOperationException("Not supported yet.");
        }

        @Override // de.rub.nds.tlsattacker.core.protocol.parser.Parser
        public byte[] parseByteArrayField(int i) {
            return super.parseByteArrayField(i);
        }

        @Override // de.rub.nds.tlsattacker.core.protocol.parser.Parser
        public int getBytesLeft() {
            return super.getBytesLeft();
        }

        @Override // de.rub.nds.tlsattacker.core.protocol.parser.Parser
        public int getPointer() {
            return super.getPointer();
        }
    }

    public RecordBlockCipher(TlsContext tlsContext, KeySet keySet) {
        super(tlsContext, keySet);
        ConnectionEndType localConnectionEndType = tlsContext.getConnection().getLocalConnectionEndType();
        try {
            this.encryptCipher = CipherWrapper.getEncryptionCipher(this.cipherSuite, localConnectionEndType, getKeySet());
            this.decryptCipher = CipherWrapper.getDecryptionCipher(this.cipherSuite, localConnectionEndType, getKeySet());
            this.readMac = MacWrapper.getMac(this.version, this.cipherSuite, getKeySet().getReadMacSecret(localConnectionEndType));
            this.writeMac = MacWrapper.getMac(this.version, this.cipherSuite, getKeySet().getWriteMacSecret(localConnectionEndType));
            if (this.version.usesExplicitIv()) {
                this.useExplicitIv = true;
            } else {
                this.useExplicitIv = false;
                this.encryptCipher.setIv(keySet.getWriteIv(localConnectionEndType));
                this.decryptCipher.setIv(keySet.getReadIv(localConnectionEndType));
            }
        } catch (NoSuchAlgorithmException e) {
            throw new UnsupportedOperationException("Unsupported Ciphersuite:" + this.cipherSuite.name(), e);
        }
    }

    private byte[] calculateMac(byte[] bArr, ConnectionEndType connectionEndType) {
        LOGGER.debug("The MAC was calculated over the following data: {}", ArrayConverter.bytesToHexString(bArr));
        byte[] calculateMac = connectionEndType == this.context.getChooser().getConnectionEndType() ? this.writeMac.calculateMac(bArr) : this.readMac.calculateMac(bArr);
        LOGGER.debug("MAC: {}", ArrayConverter.bytesToHexString(calculateMac));
        return calculateMac;
    }

    private byte[] encrypt(byte[] bArr, byte[] bArr2) throws CryptoException {
        byte[] encrypt = this.encryptCipher.encrypt(bArr2, expandToBlocksize(bArr));
        if (!this.useExplicitIv) {
            this.encryptCipher.setIv(extractNextEncryptIv(encrypt));
        }
        LOGGER.debug("EncryptIv: " + ArrayConverter.bytesToHexString(this.encryptCipher.getIv()));
        return encrypt;
    }

    private byte[] extractNextEncryptIv(byte[] bArr) {
        return Arrays.copyOfRange(bArr, bArr.length - this.encryptCipher.getBlocksize(), bArr.length);
    }

    private byte[] expandToBlocksize(byte[] bArr) {
        byte[] bArr2 = bArr;
        int blocksize = this.encryptCipher.getBlocksize();
        if (bArr != null && blocksize > 0 && bArr.length % blocksize != 0) {
            bArr2 = new byte[((bArr.length / blocksize) + 1) * blocksize];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        }
        return bArr2;
    }

    public byte[] calculatePadding(int i) {
        int abs = Math.abs(i);
        byte[] bArr = new byte[abs];
        for (int i2 = 0; i2 < abs; i2++) {
            bArr[i2] = (byte) (abs - 1);
        }
        return bArr;
    }

    public int calculatePaddingLength(Record record, int i) {
        int intValue = this.context.getConfig().getDefaultAdditionalPadding().intValue();
        if (intValue > 256) {
            LOGGER.warn("Additional padding is too big. setting it to max possible value");
            intValue = 256;
        } else if (intValue < 0) {
            LOGGER.warn("Additional padding is negative, setting it to 0");
            intValue = 0;
        }
        record.getComputations().setAdditionalPaddingLength(Integer.valueOf(intValue));
        int intValue2 = ((Integer) record.getComputations().getAdditionalPaddingLength().getValue()).intValue();
        if (intValue2 % this.encryptCipher.getBlocksize() != 0) {
            LOGGER.warn("Additional padding is not a multiple of the blocksize");
        }
        return (this.encryptCipher.getBlocksize() - (i % this.encryptCipher.getBlocksize())) + intValue2;
    }

    public byte[] getEncryptionIV() {
        if (this.useExplicitIv) {
            LOGGER.debug("Using explict IV");
            byte[] bArr = new byte[AlgorithmResolver.getCipher(this.cipherSuite).getNonceBytesFromHandshake()];
            this.context.getRandom().nextBytes(bArr);
            return bArr;
        }
        LOGGER.debug("Using implicit IV");
        byte[] iv = this.encryptCipher.getIv();
        if (iv != null) {
            return iv;
        }
        LOGGER.debug("First IV - using from Keyblock");
        return getKeySet().getWriteIv(this.context.getConnection().getLocalConnectionEndType());
    }

    /* JADX WARN: Type inference failed for: r1v17, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v24, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v33, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v50, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v53, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v56, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v10, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v31, types: [byte[], byte[][]] */
    @Override // de.rub.nds.tlsattacker.core.record.cipher.RecordCipher
    public void encrypt(Record record) throws CryptoException {
        if (record.getComputations() == null) {
            LOGGER.warn("Record computations are not prepared.");
            record.prepareComputations();
        }
        LOGGER.debug("Encrypting Record:");
        RecordCryptoComputations computations = record.getComputations();
        record.getComputations().setMacKey(getKeySet().getWriteMacSecret(this.context.getChooser().getConnectionEndType()));
        record.getComputations().setCipherKey(getKeySet().getWriteKey(this.context.getChooser().getConnectionEndType()));
        record.getComputations().setCbcInitialisationVector(getEncryptionIV());
        byte[] bArr = (byte[]) record.getComputations().getCbcInitialisationVector().getValue();
        byte[] bArr2 = (byte[]) record.getCleanProtocolMessageBytes().getValue();
        if (this.context.isExtensionNegotiated(ExtensionType.ENCRYPT_THEN_MAC)) {
            computations.setPadding(calculatePadding(calculatePaddingLength(record, bArr2.length)));
            computations.setPlainRecordBytes(ArrayConverter.concatenate((byte[][]) new byte[]{bArr2, (byte[]) computations.getPadding().getValue()}));
            computations.setCiphertext(encrypt((byte[]) computations.getPlainRecordBytes().getValue(), bArr));
            if (this.useExplicitIv) {
                computations.setAuthenticatedNonMetaData(ArrayConverter.concatenate((byte[][]) new byte[]{bArr, (byte[]) record.getComputations().getCiphertext().getValue()}));
            } else {
                computations.setAuthenticatedNonMetaData((byte[]) record.getComputations().getCiphertext().getValue());
            }
            computations.setAuthenticatedMetaData(collectAdditionalAuthenticatedData(record, this.version));
            computations.setMac(calculateMac(ArrayConverter.concatenate((byte[][]) new byte[]{(byte[]) computations.getAuthenticatedMetaData().getValue(), (byte[]) computations.getAuthenticatedNonMetaData().getValue()}), this.context.getConnection().getLocalConnectionEndType()));
            if (this.useExplicitIv) {
                record.setProtocolMessageBytes(ArrayConverter.concatenate((byte[][]) new byte[]{bArr, (byte[]) computations.getCiphertext().getValue(), (byte[]) computations.getMac().getValue()}));
            } else {
                record.setProtocolMessageBytes(ArrayConverter.concatenate((byte[][]) new byte[]{(byte[]) computations.getCiphertext().getValue(), (byte[]) computations.getMac().getValue()}));
            }
        } else {
            computations.setAuthenticatedNonMetaData(bArr2);
            computations.setAuthenticatedMetaData(collectAdditionalAuthenticatedData(record, this.version));
            computations.setMac(calculateMac(ArrayConverter.concatenate((byte[][]) new byte[]{(byte[]) computations.getAuthenticatedMetaData().getValue(), (byte[]) computations.getAuthenticatedNonMetaData().getValue()}), this.context.getConnection().getLocalConnectionEndType()));
            computations.setPadding(calculatePadding(calculatePaddingLength(record, bArr2.length + ((byte[]) computations.getMac().getValue()).length)));
            record.getComputations().setPlainRecordBytes(ArrayConverter.concatenate((byte[][]) new byte[]{bArr2, (byte[]) computations.getMac().getValue(), (byte[]) computations.getPadding().getValue()}));
            computations.setCiphertext(encrypt((byte[]) record.getComputations().getPlainRecordBytes().getValue(), bArr));
            if (this.useExplicitIv) {
                record.setProtocolMessageBytes(ArrayConverter.concatenate((byte[][]) new byte[]{bArr, (byte[]) computations.getCiphertext().getValue()}));
            } else {
                record.setProtocolMessageBytes(computations.getCiphertext());
            }
        }
        computations.setPaddingValid(true);
        computations.setMacValid(true);
    }

    /* JADX WARN: Type inference failed for: r1v41, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v75, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v81, types: [byte[], byte[][]] */
    @Override // de.rub.nds.tlsattacker.core.record.cipher.RecordCipher
    public void decrypt(Record record) throws CryptoException {
        byte[] iv;
        if (record.getComputations() == null) {
            LOGGER.warn("Record computations are not preapred.");
            record.prepareComputations();
        }
        LOGGER.debug("Decrypting Record");
        RecordCryptoComputations computations = record.getComputations();
        computations.setMacKey(getKeySet().getReadMacSecret(this.context.getChooser().getConnectionEndType()));
        computations.setCipherKey(getKeySet().getReadKey(this.context.getChooser().getConnectionEndType()));
        DecryptionParser decryptionParser = new DecryptionParser(0, (byte[]) record.getProtocolMessageBytes().getValue());
        CipherSuite selectedCipherSuite = this.context.getChooser().getSelectedCipherSuite();
        if (this.useExplicitIv) {
            LOGGER.debug("Using explicit IV");
            iv = decryptionParser.parseByteArrayField(AlgorithmResolver.getCipher(selectedCipherSuite).getNonceBytesFromHandshake());
        } else {
            LOGGER.debug("Using implicit IV");
            iv = this.decryptCipher.getIv();
        }
        LOGGER.debug("Using IV:" + ArrayConverter.bytesToHexString(iv));
        record.getComputations().setCbcInitialisationVector(iv);
        if (!this.context.isExtensionNegotiated(ExtensionType.ENCRYPT_THEN_MAC)) {
            computations.setCiphertext(decryptionParser.parseByteArrayField(decryptionParser.getBytesLeft()));
            computations.setPlainRecordBytes(this.decryptCipher.decrypt(iv, (byte[]) computations.getCiphertext().getValue()));
            byte[] bArr = (byte[]) computations.getPlainRecordBytes().getValue();
            DecryptionParser decryptionParser2 = new DecryptionParser(0, bArr);
            byte[] parseByteArrayField = decryptionParser2.parseByteArrayField((bArr.length - this.readMac.getMacLength()) - (bArr[bArr.length - 1] + 1));
            record.setCleanProtocolMessageBytes(parseByteArrayField);
            record.getComputations().setMac(decryptionParser2.parseByteArrayField(this.readMac.getMacLength()));
            byte[] parseByteArrayField2 = decryptionParser2.parseByteArrayField(bArr[bArr.length - 1] + 1);
            computations.setPadding(parseByteArrayField2);
            computations.setAuthenticatedNonMetaData(parseByteArrayField);
            computations.setAuthenticatedMetaData(collectAdditionalAuthenticatedData(record, this.version));
            computations.setPaddingValid(Boolean.valueOf(isPaddingValid(parseByteArrayField2)));
            computations.setMacValid(Boolean.valueOf(Arrays.equals(calculateMac(ArrayConverter.concatenate((byte[][]) new byte[]{(byte[]) computations.getAuthenticatedMetaData().getValue(), (byte[]) computations.getAuthenticatedNonMetaData().getValue()}), this.context.getConnection().getLocalConnectionEndType().getPeer()), (byte[]) computations.getMac().getValue())));
            return;
        }
        int macLength = this.readMac.getMacLength();
        int bytesLeft = decryptionParser.getBytesLeft() - macLength;
        if (bytesLeft < 0) {
            throw new CryptoException("Record too small");
        }
        byte[] parseByteArrayField3 = decryptionParser.parseByteArrayField(bytesLeft);
        computations.setCiphertext(parseByteArrayField3);
        computations.setMac(decryptionParser.parseByteArrayField(macLength));
        computations.setPlainRecordBytes(this.decryptCipher.decrypt(iv, parseByteArrayField3));
        byte[] bArr2 = (byte[]) computations.getPlainRecordBytes().getValue();
        LOGGER.info(ArrayConverter.bytesToHexString(bArr2));
        DecryptionParser decryptionParser3 = new DecryptionParser(0, bArr2);
        record.setCleanProtocolMessageBytes(decryptionParser3.parseByteArrayField(bArr2.length - (bArr2[bArr2.length - 1] + 1)));
        if (this.useExplicitIv) {
            computations.setAuthenticatedNonMetaData(ArrayConverter.concatenate((byte[][]) new byte[]{(byte[]) record.getComputations().getCbcInitialisationVector().getValue(), (byte[]) record.getComputations().getCiphertext().getValue()}));
        } else {
            computations.setAuthenticatedNonMetaData((byte[]) record.getComputations().getCiphertext().getValue());
        }
        computations.setAuthenticatedMetaData(collectAdditionalAuthenticatedData(record, this.version));
        byte[] parseByteArrayField4 = decryptionParser3.parseByteArrayField(bArr2[bArr2.length - 1] + 1);
        computations.setPadding(parseByteArrayField4);
        computations.setPaddingValid(Boolean.valueOf(isPaddingValid(parseByteArrayField4)));
        computations.setMacValid(Boolean.valueOf(Arrays.equals(calculateMac(ArrayConverter.concatenate((byte[][]) new byte[]{(byte[]) computations.getAuthenticatedMetaData().getValue(), (byte[]) computations.getAuthenticatedNonMetaData().getValue()}), this.context.getConnection().getLocalConnectionEndType().getPeer()), (byte[]) computations.getMac().getValue())));
    }

    private boolean isPaddingValid(byte[] bArr) {
        if (this.context.getChooser().getSelectedProtocolVersion().isSSL()) {
            return bArr.length == bArr[bArr.length - 1] + 1;
        }
        for (byte b : bArr) {
            if (b != bArr.length - 1) {
                LOGGER.debug("Padding is invalid");
                return false;
            }
        }
        LOGGER.debug("Padding is valid");
        return true;
    }

    @Override // de.rub.nds.tlsattacker.core.record.cipher.RecordCipher
    public void encrypt(BlobRecord blobRecord) throws CryptoException {
        LOGGER.debug("Encrypting BlobRecord");
        blobRecord.setProtocolMessageBytes(this.encryptCipher.encrypt((byte[]) blobRecord.getCleanProtocolMessageBytes().getValue()));
    }

    @Override // de.rub.nds.tlsattacker.core.record.cipher.RecordCipher
    public void decrypt(BlobRecord blobRecord) throws CryptoException {
        LOGGER.debug("Derypting BlobRecord");
        blobRecord.setCleanProtocolMessageBytes(this.decryptCipher.decrypt((byte[]) blobRecord.getProtocolMessageBytes().getValue()));
    }
}
