package org.bouncycastle.crypto.modes;

import kotlin.UByte;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.modes.gcm.BasicGCMExponentiator;
import org.bouncycastle.crypto.modes.gcm.GCMExponentiator;
import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
import org.bouncycastle.crypto.modes.gcm.GCMUtil;
import org.bouncycastle.crypto.modes.gcm.Tables4kGCMMultiplier;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes4.dex */
public class GCMBlockCipher implements AEADBlockCipher {

    /* renamed from: a, reason: collision with root package name */
    private BlockCipher f41581a;

    /* renamed from: b, reason: collision with root package name */
    private GCMMultiplier f41582b;

    /* renamed from: c, reason: collision with root package name */
    private GCMExponentiator f41583c;

    /* renamed from: d, reason: collision with root package name */
    private boolean f41584d;

    /* renamed from: e, reason: collision with root package name */
    private boolean f41585e;

    /* renamed from: f, reason: collision with root package name */
    private int f41586f;

    /* renamed from: g, reason: collision with root package name */
    private byte[] f41587g;

    /* renamed from: h, reason: collision with root package name */
    private byte[] f41588h;

    /* renamed from: i, reason: collision with root package name */
    private byte[] f41589i;

    /* renamed from: j, reason: collision with root package name */
    private byte[] f41590j;

    /* renamed from: k, reason: collision with root package name */
    private byte[] f41591k;

    /* renamed from: l, reason: collision with root package name */
    private byte[] f41592l;

    /* renamed from: m, reason: collision with root package name */
    private byte[] f41593m;

    /* renamed from: n, reason: collision with root package name */
    private byte[] f41594n;

    /* renamed from: o, reason: collision with root package name */
    private byte[] f41595o;

    /* renamed from: p, reason: collision with root package name */
    private byte[] f41596p;

    /* renamed from: q, reason: collision with root package name */
    private byte[] f41597q;

    /* renamed from: r, reason: collision with root package name */
    private int f41598r;

    /* renamed from: s, reason: collision with root package name */
    private int f41599s;

    /* renamed from: t, reason: collision with root package name */
    private long f41600t;

    /* renamed from: u, reason: collision with root package name */
    private byte[] f41601u;

    /* renamed from: v, reason: collision with root package name */
    private int f41602v;

    /* renamed from: w, reason: collision with root package name */
    private long f41603w;

    /* renamed from: x, reason: collision with root package name */
    private long f41604x;

    public GCMBlockCipher(BlockCipher blockCipher) {
        this(blockCipher, null);
    }

    public GCMBlockCipher(BlockCipher blockCipher, GCMMultiplier gCMMultiplier) {
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("cipher required with a block size of 16.");
        }
        gCMMultiplier = gCMMultiplier == null ? new Tables4kGCMMultiplier() : gCMMultiplier;
        this.f41581a = blockCipher;
        this.f41582b = gCMMultiplier;
    }

    private void checkStatus() {
        if (this.f41585e) {
            return;
        }
        if (!this.f41584d) {
            throw new IllegalStateException("GCM cipher needs to be initialised");
        }
        throw new IllegalStateException("GCM cipher cannot be reused for encryption");
    }

    private void gHASH(byte[] bArr, byte[] bArr2, int i5) {
        for (int i6 = 0; i6 < i5; i6 += 16) {
            gHASHPartial(bArr, bArr2, i6, Math.min(i5 - i6, 16));
        }
    }

    private void gHASHBlock(byte[] bArr, byte[] bArr2) {
        GCMUtil.xor(bArr, bArr2);
        this.f41582b.multiplyH(bArr);
    }

    private void gHASHBlock(byte[] bArr, byte[] bArr2, int i5) {
        GCMUtil.xor(bArr, bArr2, i5);
        this.f41582b.multiplyH(bArr);
    }

    private void gHASHPartial(byte[] bArr, byte[] bArr2, int i5, int i6) {
        GCMUtil.xor(bArr, bArr2, i5, i6);
        this.f41582b.multiplyH(bArr);
    }

    private void getNextCTRBlock(byte[] bArr) {
        int i5 = this.f41598r;
        if (i5 == 0) {
            throw new IllegalStateException("Attempt to process too many blocks");
        }
        this.f41598r = i5 - 1;
        byte[] bArr2 = this.f41597q;
        int i6 = (bArr2[15] & UByte.MAX_VALUE) + 1;
        bArr2[15] = (byte) i6;
        int i7 = (i6 >>> 8) + (bArr2[14] & UByte.MAX_VALUE);
        bArr2[14] = (byte) i7;
        int i8 = (i7 >>> 8) + (bArr2[13] & UByte.MAX_VALUE);
        bArr2[13] = (byte) i8;
        bArr2[12] = (byte) ((i8 >>> 8) + (bArr2[12] & UByte.MAX_VALUE));
        this.f41581a.processBlock(bArr2, 0, bArr, 0);
    }

    private void initCipher() {
        if (this.f41603w > 0) {
            System.arraycopy(this.f41595o, 0, this.f41596p, 0, 16);
            this.f41604x = this.f41603w;
        }
        int i5 = this.f41602v;
        if (i5 > 0) {
            gHASHPartial(this.f41596p, this.f41601u, 0, i5);
            this.f41604x += this.f41602v;
        }
        if (this.f41604x > 0) {
            System.arraycopy(this.f41596p, 0, this.f41594n, 0, 16);
        }
    }

    private void processBlock(byte[] bArr, int i5, byte[] bArr2, int i6) {
        if (bArr2.length - i6 < 16) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (this.f41600t == 0) {
            initCipher();
        }
        byte[] bArr3 = new byte[16];
        getNextCTRBlock(bArr3);
        if (this.f41584d) {
            GCMUtil.xor(bArr3, bArr, i5);
            gHASHBlock(this.f41594n, bArr3);
            System.arraycopy(bArr3, 0, bArr2, i6, 16);
        } else {
            gHASHBlock(this.f41594n, bArr, i5);
            GCMUtil.xor(bArr3, 0, bArr, i5, bArr2, i6);
        }
        this.f41600t += 16;
    }

    private void processPartial(byte[] bArr, int i5, int i6, byte[] bArr2, int i7) {
        byte[] bArr3 = new byte[16];
        getNextCTRBlock(bArr3);
        if (this.f41584d) {
            GCMUtil.xor(bArr, i5, bArr3, 0, i6);
            gHASHPartial(this.f41594n, bArr, i5, i6);
        } else {
            gHASHPartial(this.f41594n, bArr, i5, i6);
            GCMUtil.xor(bArr, i5, bArr3, 0, i6);
        }
        System.arraycopy(bArr, i5, bArr2, i7, i6);
        this.f41600t += i6;
    }

    private void reset(boolean z4) {
        this.f41581a.reset();
        this.f41594n = new byte[16];
        this.f41595o = new byte[16];
        this.f41596p = new byte[16];
        this.f41601u = new byte[16];
        this.f41602v = 0;
        this.f41603w = 0L;
        this.f41604x = 0L;
        this.f41597q = Arrays.clone(this.f41591k);
        this.f41598r = -2;
        this.f41599s = 0;
        this.f41600t = 0L;
        byte[] bArr = this.f41592l;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
        if (z4) {
            this.f41593m = null;
        }
        if (this.f41584d) {
            this.f41585e = false;
            return;
        }
        byte[] bArr2 = this.f41589i;
        if (bArr2 != null) {
            processAADBytes(bArr2, 0, bArr2.length);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int doFinal(byte[] bArr, int i5) throws IllegalStateException, InvalidCipherTextException {
        checkStatus();
        if (this.f41600t == 0) {
            initCipher();
        }
        int i6 = this.f41599s;
        if (!this.f41584d) {
            int i7 = this.f41586f;
            if (i6 < i7) {
                throw new InvalidCipherTextException("data too short");
            }
            i6 -= i7;
            if (bArr.length - i5 < i6) {
                throw new OutputLengthException("Output buffer too short");
            }
        } else if (bArr.length - i5 < this.f41586f + i6) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (i6 > 0) {
            processPartial(this.f41592l, 0, i6, bArr, i5);
        }
        long j5 = this.f41603w;
        int i8 = this.f41602v;
        long j6 = j5 + i8;
        this.f41603w = j6;
        if (j6 > this.f41604x) {
            if (i8 > 0) {
                gHASHPartial(this.f41595o, this.f41601u, 0, i8);
            }
            if (this.f41604x > 0) {
                GCMUtil.xor(this.f41595o, this.f41596p);
            }
            long j7 = ((this.f41600t * 8) + 127) >>> 7;
            byte[] bArr2 = new byte[16];
            if (this.f41583c == null) {
                BasicGCMExponentiator basicGCMExponentiator = new BasicGCMExponentiator();
                this.f41583c = basicGCMExponentiator;
                basicGCMExponentiator.init(this.f41590j);
            }
            this.f41583c.exponentiateX(j7, bArr2);
            GCMUtil.multiply(this.f41595o, bArr2);
            GCMUtil.xor(this.f41594n, this.f41595o);
        }
        byte[] bArr3 = new byte[16];
        Pack.longToBigEndian(this.f41603w * 8, bArr3, 0);
        Pack.longToBigEndian(this.f41600t * 8, bArr3, 8);
        gHASHBlock(this.f41594n, bArr3);
        byte[] bArr4 = new byte[16];
        this.f41581a.processBlock(this.f41591k, 0, bArr4, 0);
        GCMUtil.xor(bArr4, this.f41594n);
        int i9 = this.f41586f;
        byte[] bArr5 = new byte[i9];
        this.f41593m = bArr5;
        System.arraycopy(bArr4, 0, bArr5, 0, i9);
        if (this.f41584d) {
            System.arraycopy(this.f41593m, 0, bArr, i5 + this.f41599s, this.f41586f);
            i6 += this.f41586f;
        } else {
            int i10 = this.f41586f;
            byte[] bArr6 = new byte[i10];
            System.arraycopy(this.f41592l, i6, bArr6, 0, i10);
            if (!Arrays.constantTimeAreEqual(this.f41593m, bArr6)) {
                throw new InvalidCipherTextException("mac check in GCM failed");
            }
        }
        reset(false);
        return i6;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return this.f41581a.getAlgorithmName() + "/GCM";
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        byte[] bArr = this.f41593m;
        return bArr == null ? new byte[this.f41586f] : Arrays.clone(bArr);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i5) {
        int i6 = i5 + this.f41599s;
        if (this.f41584d) {
            return i6 + this.f41586f;
        }
        int i7 = this.f41586f;
        if (i6 < i7) {
            return 0;
        }
        return i6 - i7;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public BlockCipher getUnderlyingCipher() {
        return this.f41581a;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i5) {
        int i6 = i5 + this.f41599s;
        if (!this.f41584d) {
            int i7 = this.f41586f;
            if (i6 < i7) {
                return 0;
            }
            i6 -= i7;
        }
        return i6 - (i6 % 16);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z4, CipherParameters cipherParameters) throws IllegalArgumentException {
        byte[] iv;
        KeyParameter keyParameter;
        byte[] bArr;
        this.f41584d = z4;
        this.f41593m = null;
        this.f41585e = true;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            iv = aEADParameters.getNonce();
            this.f41589i = aEADParameters.getAssociatedText();
            int macSize = aEADParameters.getMacSize();
            if (macSize < 32 || macSize > 128 || macSize % 8 != 0) {
                throw new IllegalArgumentException("Invalid value for MAC size: " + macSize);
            }
            this.f41586f = macSize / 8;
            keyParameter = aEADParameters.getKey();
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to GCM");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            iv = parametersWithIV.getIV();
            this.f41589i = null;
            this.f41586f = 16;
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
        }
        this.f41592l = new byte[z4 ? 16 : this.f41586f + 16];
        if (iv == null || iv.length < 1) {
            throw new IllegalArgumentException("IV must be at least 1 byte");
        }
        if (z4 && (bArr = this.f41588h) != null && Arrays.areEqual(bArr, iv)) {
            if (keyParameter == null) {
                throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
            }
            byte[] bArr2 = this.f41587g;
            if (bArr2 != null && Arrays.areEqual(bArr2, keyParameter.getKey())) {
                throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
            }
        }
        this.f41588h = iv;
        if (keyParameter != null) {
            this.f41587g = keyParameter.getKey();
        }
        if (keyParameter != null) {
            this.f41581a.init(true, keyParameter);
            byte[] bArr3 = new byte[16];
            this.f41590j = bArr3;
            this.f41581a.processBlock(bArr3, 0, bArr3, 0);
            this.f41582b.init(this.f41590j);
            this.f41583c = null;
        } else if (this.f41590j == null) {
            throw new IllegalArgumentException("Key must be specified in initial init");
        }
        byte[] bArr4 = new byte[16];
        this.f41591k = bArr4;
        byte[] bArr5 = this.f41588h;
        if (bArr5.length == 12) {
            System.arraycopy(bArr5, 0, bArr4, 0, bArr5.length);
            this.f41591k[15] = 1;
        } else {
            gHASH(bArr4, bArr5, bArr5.length);
            byte[] bArr6 = new byte[16];
            Pack.longToBigEndian(this.f41588h.length * 8, bArr6, 8);
            gHASHBlock(this.f41591k, bArr6);
        }
        this.f41594n = new byte[16];
        this.f41595o = new byte[16];
        this.f41596p = new byte[16];
        this.f41601u = new byte[16];
        this.f41602v = 0;
        this.f41603w = 0L;
        this.f41604x = 0L;
        this.f41597q = Arrays.clone(this.f41591k);
        this.f41598r = -2;
        this.f41599s = 0;
        this.f41600t = 0L;
        byte[] bArr7 = this.f41589i;
        if (bArr7 != null) {
            processAADBytes(bArr7, 0, bArr7.length);
        }
    }

    public void processAADByte(byte b5) {
        checkStatus();
        byte[] bArr = this.f41601u;
        int i5 = this.f41602v;
        bArr[i5] = b5;
        int i6 = i5 + 1;
        this.f41602v = i6;
        if (i6 == 16) {
            gHASHBlock(this.f41595o, bArr);
            this.f41602v = 0;
            this.f41603w += 16;
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i5, int i6) {
        checkStatus();
        for (int i7 = 0; i7 < i6; i7++) {
            byte[] bArr2 = this.f41601u;
            int i8 = this.f41602v;
            bArr2[i8] = bArr[i5 + i7];
            int i9 = i8 + 1;
            this.f41602v = i9;
            if (i9 == 16) {
                gHASHBlock(this.f41595o, bArr2);
                this.f41602v = 0;
                this.f41603w += 16;
            }
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b5, byte[] bArr, int i5) throws DataLengthException {
        checkStatus();
        byte[] bArr2 = this.f41592l;
        int i6 = this.f41599s;
        bArr2[i6] = b5;
        int i7 = i6 + 1;
        this.f41599s = i7;
        if (i7 != bArr2.length) {
            return 0;
        }
        processBlock(bArr2, 0, bArr, i5);
        if (this.f41584d) {
            this.f41599s = 0;
        } else {
            byte[] bArr3 = this.f41592l;
            System.arraycopy(bArr3, 16, bArr3, 0, this.f41586f);
            this.f41599s = this.f41586f;
        }
        return 16;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i5, int i6, byte[] bArr2, int i7) throws DataLengthException {
        int i8;
        checkStatus();
        if (bArr.length - i5 < i6) {
            throw new DataLengthException("Input buffer too short");
        }
        if (this.f41584d) {
            if (this.f41599s != 0) {
                while (i6 > 0) {
                    i6--;
                    byte[] bArr3 = this.f41592l;
                    int i9 = this.f41599s;
                    int i10 = i5 + 1;
                    bArr3[i9] = bArr[i5];
                    int i11 = i9 + 1;
                    this.f41599s = i11;
                    if (i11 == 16) {
                        processBlock(bArr3, 0, bArr2, i7);
                        this.f41599s = 0;
                        i8 = 16;
                        i5 = i10;
                        break;
                    }
                    i5 = i10;
                }
            }
            i8 = 0;
            while (i6 >= 16) {
                processBlock(bArr, i5, bArr2, i7 + i8);
                i5 += 16;
                i6 -= 16;
                i8 += 16;
            }
            if (i6 > 0) {
                System.arraycopy(bArr, i5, this.f41592l, 0, i6);
                this.f41599s = i6;
            }
        } else {
            i8 = 0;
            for (int i12 = 0; i12 < i6; i12++) {
                byte[] bArr4 = this.f41592l;
                int i13 = this.f41599s;
                bArr4[i13] = bArr[i5 + i12];
                int i14 = i13 + 1;
                this.f41599s = i14;
                if (i14 == bArr4.length) {
                    processBlock(bArr4, 0, bArr2, i7 + i8);
                    byte[] bArr5 = this.f41592l;
                    System.arraycopy(bArr5, 16, bArr5, 0, this.f41586f);
                    this.f41599s = this.f41586f;
                    i8 += 16;
                }
            }
        }
        return i8;
    }

    public void reset() {
        reset(true);
    }
}
