package com.google.crypto.tink.hybrid.internal;

import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.subtle.Bytes;
import com.google.crypto.tink.subtle.X25519;
import com.google.errorprone.annotations.Immutable;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import javax.crypto.Mac;

@Immutable
/* loaded from: classes5.dex */
final class X25519HpkeKem implements HpkeKem {
    public final HkdfHpkeKdf hkdf;

    public X25519HpkeKem(HkdfHpkeKdf hkdfHpkeKdf) {
        this.hkdf = hkdfHpkeKdf;
    }

    @Override // com.google.crypto.tink.hybrid.internal.HpkeKem
    public final byte[] decapsulate(byte[] bArr, HpkeKemPrivateKey hpkeKemPrivateKey) {
        byte[] computeSharedSecret = X25519.computeSharedSecret(hpkeKemPrivateKey.getSerializedPrivate().toByteArray(), bArr);
        byte[] concat = Bytes.concat(bArr, hpkeKemPrivateKey.getSerializedPublic().toByteArray());
        byte[] concat2 = Bytes.concat(HpkeUtil.KEM, HpkeUtil.X25519_HKDF_SHA256_KEM_ID);
        HkdfHpkeKdf hkdfHpkeKdf = this.hkdf;
        int macLength = Mac.getInstance(hkdfHpkeKdf.macAlgorithm).getMacLength();
        Charset charset = Util.UTF_8;
        byte[] bytes = "eae_prk".getBytes(charset);
        byte[] bArr2 = HpkeUtil.HPKE_V1;
        return hkdfHpkeKdf.expand(hkdfHpkeKdf.extract(Bytes.concat(bArr2, concat2, bytes, computeSharedSecret), null), Bytes.concat(HpkeUtil.intToByteArray(2, macLength), bArr2, concat2, "shared_secret".getBytes(charset), concat), macLength);
    }

    @Override // com.google.crypto.tink.hybrid.internal.HpkeKem
    public final HpkeKemEncapOutput encapsulate(byte[] bArr) {
        byte[] generatePrivateKey = X25519.generatePrivateKey();
        byte[] computeSharedSecret = X25519.computeSharedSecret(generatePrivateKey, bArr);
        byte[] publicFromPrivate = X25519.publicFromPrivate(generatePrivateKey);
        byte[] concat = Bytes.concat(publicFromPrivate, bArr);
        byte[] concat2 = Bytes.concat(HpkeUtil.KEM, HpkeUtil.X25519_HKDF_SHA256_KEM_ID);
        HkdfHpkeKdf hkdfHpkeKdf = this.hkdf;
        int macLength = Mac.getInstance(hkdfHpkeKdf.macAlgorithm).getMacLength();
        Charset charset = Util.UTF_8;
        byte[] bytes = "eae_prk".getBytes(charset);
        byte[] bArr2 = HpkeUtil.HPKE_V1;
        return new HpkeKemEncapOutput(hkdfHpkeKdf.expand(hkdfHpkeKdf.extract(Bytes.concat(bArr2, concat2, bytes, computeSharedSecret), null), Bytes.concat(HpkeUtil.intToByteArray(2, macLength), bArr2, concat2, "shared_secret".getBytes(charset), concat), macLength), publicFromPrivate);
    }

    @Override // com.google.crypto.tink.hybrid.internal.HpkeKem
    public final byte[] getKemId() {
        if (Arrays.equals(this.hkdf.getKdfId(), HpkeUtil.HKDF_SHA256_KDF_ID)) {
            return HpkeUtil.X25519_HKDF_SHA256_KEM_ID;
        }
        throw new GeneralSecurityException("Could not determine HPKE KEM ID");
    }
}
