package org.bouncycastle.crypto.modes;

import java.io.ByteArrayOutputStream;
import kotlin.jvm.internal.ByteCompanionObject;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
import org.bouncycastle.crypto.modes.gcm.Tables4kGCMMultiplier;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes4.dex */
public class GCMSIVBlockCipher implements AEADBlockCipher {

    /* renamed from: a, reason: collision with root package name */
    private final BlockCipher f41605a;

    /* renamed from: b, reason: collision with root package name */
    private final GCMMultiplier f41606b;

    /* renamed from: c, reason: collision with root package name */
    private final byte[] f41607c;

    /* renamed from: d, reason: collision with root package name */
    private final byte[] f41608d;

    /* renamed from: e, reason: collision with root package name */
    private final GCMSIVHasher f41609e;

    /* renamed from: f, reason: collision with root package name */
    private final GCMSIVHasher f41610f;

    /* renamed from: g, reason: collision with root package name */
    private GCMSIVCache f41611g;

    /* renamed from: h, reason: collision with root package name */
    private GCMSIVCache f41612h;

    /* renamed from: i, reason: collision with root package name */
    private boolean f41613i;

    /* renamed from: j, reason: collision with root package name */
    private byte[] f41614j;

    /* renamed from: k, reason: collision with root package name */
    private byte[] f41615k;

    /* renamed from: l, reason: collision with root package name */
    private int f41616l;

    /* renamed from: m, reason: collision with root package name */
    private byte[] f41617m;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static class GCMSIVCache extends ByteArrayOutputStream {
        GCMSIVCache() {
        }

        void clearBuffer() {
            Arrays.fill(getBuffer(), (byte) 0);
        }

        byte[] getBuffer() {
            return ((ByteArrayOutputStream) this).buf;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public class GCMSIVHasher {

        /* renamed from: a, reason: collision with root package name */
        private final byte[] f41618a;

        /* renamed from: b, reason: collision with root package name */
        private final byte[] f41619b;

        /* renamed from: c, reason: collision with root package name */
        private int f41620c;

        /* renamed from: d, reason: collision with root package name */
        private long f41621d;

        private GCMSIVHasher() {
            this.f41618a = new byte[16];
            this.f41619b = new byte[1];
        }

        void completeHash() {
            if (this.f41620c > 0) {
                Arrays.fill(GCMSIVBlockCipher.this.f41608d, (byte) 0);
                GCMSIVBlockCipher.fillReverse(this.f41618a, 0, this.f41620c, GCMSIVBlockCipher.this.f41608d);
                GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
                gCMSIVBlockCipher.gHASH(gCMSIVBlockCipher.f41608d);
            }
        }

        long getBytesProcessed() {
            return this.f41621d;
        }

        void reset() {
            this.f41620c = 0;
            this.f41621d = 0L;
        }

        void updateHash(byte b5) {
            byte[] bArr = this.f41619b;
            bArr[0] = b5;
            updateHash(bArr, 0, 1);
        }

        void updateHash(byte[] bArr, int i5, int i6) {
            int i7;
            int i8 = this.f41620c;
            int i9 = 16 - i8;
            int i10 = 0;
            if (i8 <= 0 || i6 < i9) {
                i7 = i6;
            } else {
                System.arraycopy(bArr, i5, this.f41618a, i8, i9);
                GCMSIVBlockCipher.fillReverse(this.f41618a, 0, 16, GCMSIVBlockCipher.this.f41608d);
                GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
                gCMSIVBlockCipher.gHASH(gCMSIVBlockCipher.f41608d);
                i7 = i6 - i9;
                this.f41620c = 0;
                i10 = i9 + 0;
            }
            while (i7 >= 16) {
                GCMSIVBlockCipher.fillReverse(bArr, i5 + i10, 16, GCMSIVBlockCipher.this.f41608d);
                GCMSIVBlockCipher gCMSIVBlockCipher2 = GCMSIVBlockCipher.this;
                gCMSIVBlockCipher2.gHASH(gCMSIVBlockCipher2.f41608d);
                i10 += i9;
                i7 -= i9;
            }
            if (i7 > 0) {
                System.arraycopy(bArr, i5 + i10, this.f41618a, this.f41620c, i7);
                this.f41620c += i7;
            }
            this.f41621d += i6;
        }
    }

    public GCMSIVBlockCipher(BlockCipher blockCipher) {
        this(blockCipher, new Tables4kGCMMultiplier());
    }

    public GCMSIVBlockCipher(BlockCipher blockCipher, GCMMultiplier gCMMultiplier) {
        this.f41607c = new byte[16];
        this.f41608d = new byte[16];
        this.f41617m = new byte[16];
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("Cipher required with a block size of 16.");
        }
        this.f41605a = blockCipher;
        this.f41606b = gCMMultiplier;
        this.f41609e = new GCMSIVHasher();
        this.f41610f = new GCMSIVHasher();
    }

    private static int bufLength(byte[] bArr) {
        if (bArr == null) {
            return 0;
        }
        return bArr.length;
    }

    private byte[] calculateTag() {
        this.f41610f.completeHash();
        byte[] completePolyVal = completePolyVal();
        byte[] bArr = new byte[16];
        for (int i5 = 0; i5 < 12; i5++) {
            completePolyVal[i5] = (byte) (completePolyVal[i5] ^ this.f41615k[i5]);
        }
        completePolyVal[15] = (byte) (completePolyVal[15] & ByteCompanionObject.MAX_VALUE);
        this.f41605a.processBlock(completePolyVal, 0, bArr, 0);
        return bArr;
    }

    private void checkAEADStatus(int i5) {
        int i6 = this.f41616l;
        if ((i6 & 1) == 0) {
            throw new IllegalStateException("Cipher is not initialised");
        }
        if ((i6 & 2) != 0) {
            throw new IllegalStateException("AEAD data cannot be processed after ordinary data");
        }
        if (this.f41609e.getBytesProcessed() - Long.MIN_VALUE > (2147483623 - i5) - Long.MIN_VALUE) {
            throw new IllegalStateException("AEAD byte count exceeded");
        }
    }

    private static void checkBuffer(byte[] bArr, int i5, int i6, boolean z4) {
        int bufLength = bufLength(bArr);
        int i7 = i5 + i6;
        if ((i6 < 0 || i5 < 0 || i7 < 0) || i7 > bufLength) {
            if (!z4) {
                throw new DataLengthException("Input buffer too short.");
            }
        }
    }

    private void checkStatus(int i5) {
        int i6 = this.f41616l;
        if ((i6 & 1) == 0) {
            throw new IllegalStateException("Cipher is not initialised");
        }
        if ((i6 & 2) == 0) {
            this.f41609e.completeHash();
            this.f41616l |= 2;
        }
        long j5 = 2147483623;
        long size = this.f41611g.size();
        if (!this.f41613i) {
            j5 = 2147483639;
            size = this.f41612h.size();
        }
        if (size - Long.MIN_VALUE > (j5 - i5) - Long.MIN_VALUE) {
            throw new IllegalStateException("byte count exceeded");
        }
    }

    private byte[] completePolyVal() {
        byte[] bArr = new byte[16];
        gHashLengths();
        fillReverse(this.f41607c, 0, 16, bArr);
        return bArr;
    }

    private void decryptPlain() throws InvalidCipherTextException {
        byte[] buffer = this.f41612h.getBuffer();
        int size = this.f41612h.size() - 16;
        if (size < 0) {
            throw new InvalidCipherTextException("Data too short");
        }
        byte[] copyOfRange = Arrays.copyOfRange(buffer, size, size + 16);
        byte[] clone = Arrays.clone(copyOfRange);
        clone[15] = (byte) (clone[15] | Byte.MIN_VALUE);
        byte[] bArr = new byte[16];
        int i5 = 0;
        while (size > 0) {
            this.f41605a.processBlock(clone, 0, bArr, 0);
            int min = Math.min(16, size);
            xorBlock(bArr, buffer, i5, min);
            this.f41611g.write(bArr, 0, min);
            this.f41610f.updateHash(bArr, 0, min);
            size -= min;
            i5 += min;
            incrementCounter(clone);
        }
        byte[] calculateTag = calculateTag();
        if (!Arrays.constantTimeAreEqual(calculateTag, copyOfRange)) {
            reset();
            throw new InvalidCipherTextException("mac check failed");
        }
        byte[] bArr2 = this.f41617m;
        System.arraycopy(calculateTag, 0, bArr2, 0, bArr2.length);
    }

    private void deriveKeys(KeyParameter keyParameter) {
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[16];
        int length = keyParameter.getKey().length;
        byte[] bArr4 = new byte[length];
        System.arraycopy(this.f41615k, 0, bArr, 4, 12);
        this.f41605a.init(true, keyParameter);
        this.f41605a.processBlock(bArr, 0, bArr2, 0);
        System.arraycopy(bArr2, 0, bArr3, 0, 8);
        bArr[0] = (byte) (bArr[0] + 1);
        this.f41605a.processBlock(bArr, 0, bArr2, 0);
        System.arraycopy(bArr2, 0, bArr3, 8, 8);
        bArr[0] = (byte) (bArr[0] + 1);
        this.f41605a.processBlock(bArr, 0, bArr2, 0);
        System.arraycopy(bArr2, 0, bArr4, 0, 8);
        bArr[0] = (byte) (bArr[0] + 1);
        this.f41605a.processBlock(bArr, 0, bArr2, 0);
        System.arraycopy(bArr2, 0, bArr4, 8, 8);
        if (length == 32) {
            bArr[0] = (byte) (bArr[0] + 1);
            this.f41605a.processBlock(bArr, 0, bArr2, 0);
            System.arraycopy(bArr2, 0, bArr4, 16, 8);
            bArr[0] = (byte) (bArr[0] + 1);
            this.f41605a.processBlock(bArr, 0, bArr2, 0);
            System.arraycopy(bArr2, 0, bArr4, 24, 8);
        }
        this.f41605a.init(true, new KeyParameter(bArr4));
        fillReverse(bArr3, 0, 16, bArr2);
        mulX(bArr2);
        this.f41606b.init(bArr2);
        this.f41616l |= 1;
    }

    private int encryptPlain(byte[] bArr, byte[] bArr2, int i5) {
        byte[] buffer = this.f41611g.getBuffer();
        byte[] clone = Arrays.clone(bArr);
        clone[15] = (byte) (clone[15] | Byte.MIN_VALUE);
        byte[] bArr3 = new byte[16];
        int size = this.f41611g.size();
        int i6 = 0;
        while (size > 0) {
            this.f41605a.processBlock(clone, 0, bArr3, 0);
            int min = Math.min(16, size);
            xorBlock(bArr3, buffer, i6, min);
            System.arraycopy(bArr3, 0, bArr2, i5 + i6, min);
            size -= min;
            i6 += min;
            incrementCounter(clone);
        }
        return this.f41611g.size();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void fillReverse(byte[] bArr, int i5, int i6, byte[] bArr2) {
        int i7 = 0;
        int i8 = 15;
        while (i7 < i6) {
            bArr2[i8] = bArr[i5 + i7];
            i7++;
            i8--;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void gHASH(byte[] bArr) {
        xorBlock(this.f41607c, bArr);
        this.f41606b.multiplyH(this.f41607c);
    }

    private void gHashLengths() {
        byte[] bArr = new byte[16];
        Pack.longToBigEndian(this.f41610f.getBytesProcessed() * 8, bArr, 0);
        Pack.longToBigEndian(this.f41609e.getBytesProcessed() * 8, bArr, 8);
        gHASH(bArr);
    }

    private static void incrementCounter(byte[] bArr) {
        for (int i5 = 0; i5 < 4; i5++) {
            byte b5 = (byte) (bArr[i5] + 1);
            bArr[i5] = b5;
            if (b5 != 0) {
                return;
            }
        }
    }

    private static void mulX(byte[] bArr) {
        int i5 = 0;
        for (int i6 = 0; i6 < 16; i6++) {
            byte b5 = bArr[i6];
            bArr[i6] = (byte) (i5 | ((b5 >> 1) & 127));
            i5 = (b5 & 1) == 0 ? 0 : -128;
        }
        if (i5 != 0) {
            bArr[0] = (byte) (bArr[0] ^ (-31));
        }
    }

    private void resetStreams() {
        GCMSIVCache gCMSIVCache = this.f41611g;
        if (gCMSIVCache != null) {
            gCMSIVCache.clearBuffer();
        }
        this.f41609e.reset();
        this.f41610f.reset();
        this.f41611g = new GCMSIVCache();
        this.f41612h = this.f41613i ? null : new GCMSIVCache();
        this.f41616l &= -3;
        Arrays.fill(this.f41607c, (byte) 0);
        byte[] bArr = this.f41614j;
        if (bArr != null) {
            this.f41609e.updateHash(bArr, 0, bArr.length);
        }
    }

    private static void xorBlock(byte[] bArr, byte[] bArr2) {
        for (int i5 = 0; i5 < 16; i5++) {
            bArr[i5] = (byte) (bArr[i5] ^ bArr2[i5]);
        }
    }

    private static void xorBlock(byte[] bArr, byte[] bArr2, int i5, int i6) {
        for (int i7 = 0; i7 < i6; i7++) {
            bArr[i7] = (byte) (bArr[i7] ^ bArr2[i7 + i5]);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int doFinal(byte[] bArr, int i5) throws IllegalStateException, InvalidCipherTextException {
        checkStatus(0);
        checkBuffer(bArr, i5, getOutputSize(0), true);
        if (!this.f41613i) {
            decryptPlain();
            int size = this.f41611g.size();
            System.arraycopy(this.f41611g.getBuffer(), 0, bArr, i5, size);
            resetStreams();
            return size;
        }
        byte[] calculateTag = calculateTag();
        int encryptPlain = encryptPlain(calculateTag, bArr, i5) + 16;
        System.arraycopy(calculateTag, 0, bArr, i5 + this.f41611g.size(), 16);
        byte[] bArr2 = this.f41617m;
        System.arraycopy(calculateTag, 0, bArr2, 0, bArr2.length);
        resetStreams();
        return encryptPlain;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return this.f41605a.getAlgorithmName() + "-GCM-SIV";
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        return Arrays.clone(this.f41617m);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i5) {
        if (this.f41613i) {
            return i5 + this.f41611g.size() + 16;
        }
        int size = i5 + this.f41612h.size();
        if (size > 16) {
            return size - 16;
        }
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public BlockCipher getUnderlyingCipher() {
        return this.f41605a;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i5) {
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z4, CipherParameters cipherParameters) throws IllegalArgumentException {
        byte[] iv;
        KeyParameter keyParameter;
        byte[] bArr;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            bArr = aEADParameters.getAssociatedText();
            iv = aEADParameters.getNonce();
            keyParameter = aEADParameters.getKey();
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to GCM-SIV");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            iv = parametersWithIV.getIV();
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
            bArr = null;
        }
        if (iv == null || iv.length != 12) {
            throw new IllegalArgumentException("Invalid nonce");
        }
        if (keyParameter == null || !(keyParameter.getKey().length == 16 || keyParameter.getKey().length == 32)) {
            throw new IllegalArgumentException("Invalid key");
        }
        this.f41613i = z4;
        this.f41614j = bArr;
        this.f41615k = iv;
        deriveKeys(keyParameter);
        resetStreams();
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i5, int i6) {
        checkAEADStatus(i6);
        checkBuffer(bArr, i5, i6, false);
        this.f41609e.updateHash(bArr, i5, i6);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b5, byte[] bArr, int i5) throws DataLengthException {
        checkStatus(1);
        if (!this.f41613i) {
            this.f41612h.write(b5);
            return 0;
        }
        this.f41611g.write(b5);
        this.f41610f.updateHash(b5);
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i5, int i6, byte[] bArr2, int i7) throws DataLengthException {
        checkStatus(i6);
        checkBuffer(bArr, i5, i6, false);
        if (this.f41613i) {
            this.f41611g.write(bArr, i5, i6);
            this.f41610f.updateHash(bArr, i5, i6);
        } else {
            this.f41612h.write(bArr, i5, i6);
        }
        return 0;
    }

    public void reset() {
        resetStreams();
    }
}
