package org.bouncycastle.crypto.modes;

import java.io.ByteArrayOutputStream;
import java.util.Arrays;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
import org.bouncycastle.crypto.modes.gcm.Tables4kGCMMultiplier;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Pack;
import sun.security.util.DerValue;

/* loaded from: classes2.dex */
public class GCMSIVBlockCipher implements AEADBlockCipher {

    /* renamed from: a, reason: collision with root package name */
    public final BlockCipher f21486a;

    /* renamed from: b, reason: collision with root package name */
    public final GCMMultiplier f21487b;

    /* renamed from: c, reason: collision with root package name */
    public final byte[] f21488c;

    /* renamed from: d, reason: collision with root package name */
    public final byte[] f21489d;

    /* renamed from: e, reason: collision with root package name */
    public final GCMSIVHasher f21490e;

    /* renamed from: f, reason: collision with root package name */
    public final GCMSIVHasher f21491f;

    /* renamed from: g, reason: collision with root package name */
    public GCMSIVCache f21492g;

    /* renamed from: h, reason: collision with root package name */
    public GCMSIVCache f21493h;

    /* renamed from: i, reason: collision with root package name */
    public boolean f21494i;

    /* renamed from: j, reason: collision with root package name */
    public byte[] f21495j;

    /* renamed from: k, reason: collision with root package name */
    public byte[] f21496k;

    /* renamed from: l, reason: collision with root package name */
    public int f21497l;

    /* renamed from: m, reason: collision with root package name */
    public byte[] f21498m;

    /* loaded from: classes2.dex */
    public static class GCMSIVCache extends ByteArrayOutputStream {
        public void c() {
            Arrays.fill(((ByteArrayOutputStream) this).buf, (byte) 0);
        }

        public byte[] d() {
            return ((ByteArrayOutputStream) this).buf;
        }
    }

    /* loaded from: classes2.dex */
    public class GCMSIVHasher {

        /* renamed from: a, reason: collision with root package name */
        public final byte[] f21499a = new byte[16];

        /* renamed from: b, reason: collision with root package name */
        public final byte[] f21500b = new byte[1];

        /* renamed from: c, reason: collision with root package name */
        public int f21501c;

        /* renamed from: d, reason: collision with root package name */
        public long f21502d;

        public GCMSIVHasher(AnonymousClass1 anonymousClass1) {
        }

        public void a() {
            if (this.f21501c > 0) {
                Arrays.fill(GCMSIVBlockCipher.this.f21489d, (byte) 0);
                GCMSIVBlockCipher.n(this.f21499a, 0, this.f21501c, GCMSIVBlockCipher.this.f21489d);
                GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
                gCMSIVBlockCipher.o(gCMSIVBlockCipher.f21489d);
            }
        }

        public void b(byte[] bArr, int i2, int i3) {
            int i4;
            int i5 = this.f21501c;
            int i6 = 16 - i5;
            int i7 = 0;
            if (i5 <= 0 || i3 < i6) {
                i4 = i3;
            } else {
                System.arraycopy(bArr, i2, this.f21499a, i5, i6);
                GCMSIVBlockCipher.n(this.f21499a, 0, 16, GCMSIVBlockCipher.this.f21489d);
                GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
                gCMSIVBlockCipher.o(gCMSIVBlockCipher.f21489d);
                i4 = i3 - i6;
                this.f21501c = 0;
                i7 = i6 + 0;
            }
            while (i4 >= 16) {
                GCMSIVBlockCipher.n(bArr, i2 + i7, 16, GCMSIVBlockCipher.this.f21489d);
                GCMSIVBlockCipher gCMSIVBlockCipher2 = GCMSIVBlockCipher.this;
                gCMSIVBlockCipher2.o(gCMSIVBlockCipher2.f21489d);
                i7 += i6;
                i4 -= i6;
            }
            if (i4 > 0) {
                System.arraycopy(bArr, i2 + i7, this.f21499a, this.f21501c, i4);
                this.f21501c += i4;
            }
            this.f21502d += i3;
        }
    }

    public GCMSIVBlockCipher() {
        this(new AESEngine());
    }

    public GCMSIVBlockCipher(BlockCipher blockCipher) {
        Tables4kGCMMultiplier tables4kGCMMultiplier = new Tables4kGCMMultiplier();
        this.f21488c = new byte[16];
        this.f21489d = new byte[16];
        this.f21498m = new byte[16];
        if (blockCipher.e() != 16) {
            throw new IllegalArgumentException("Cipher required with a block size of 16.");
        }
        this.f21486a = blockCipher;
        this.f21487b = tables4kGCMMultiplier;
        this.f21490e = new GCMSIVHasher(null);
        this.f21491f = new GCMSIVHasher(null);
    }

    public static void l(byte[] bArr, int i2, int i3, boolean z) {
        int length = bArr == null ? 0 : bArr.length;
        int i4 = i2 + i3;
        if ((i3 < 0 || i2 < 0 || i4 < 0) || i4 > length) {
            if (!z) {
                throw new DataLengthException("Input buffer too short.");
            }
        }
    }

    public static void n(byte[] bArr, int i2, int i3, byte[] bArr2) {
        int i4 = 0;
        int i5 = 15;
        while (i4 < i3) {
            bArr2[i5] = bArr[i2 + i4];
            i4++;
            i5--;
        }
    }

    public static void p(byte[] bArr) {
        for (int i2 = 0; i2 < 4; i2++) {
            byte b2 = (byte) (bArr[i2] + 1);
            bArr[i2] = b2;
            if (b2 != 0) {
                return;
            }
        }
    }

    public static void r(byte[] bArr, byte[] bArr2, int i2, int i3) {
        for (int i4 = 0; i4 < i3; i4++) {
            bArr[i4] = (byte) (bArr[i4] ^ bArr2[i4 + i2]);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void a(boolean z, CipherParameters cipherParameters) {
        byte[] bArr;
        KeyParameter keyParameter;
        byte[] bArr2;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            bArr2 = aEADParameters.a();
            bArr = aEADParameters.b();
            keyParameter = aEADParameters.P1;
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to GCM-SIV");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            bArr = parametersWithIV.N1;
            keyParameter = (KeyParameter) parametersWithIV.O1;
            bArr2 = null;
        }
        if (bArr == null || bArr.length != 12) {
            throw new IllegalArgumentException("Invalid nonce");
        }
        if (keyParameter != null) {
            byte[] bArr3 = keyParameter.N1;
            if (bArr3.length == 16 || bArr3.length == 32) {
                this.f21494i = z;
                this.f21495j = bArr2;
                this.f21496k = bArr;
                byte[] bArr4 = new byte[16];
                byte[] bArr5 = new byte[16];
                byte[] bArr6 = new byte[16];
                int length = bArr3.length;
                byte[] bArr7 = new byte[length];
                System.arraycopy(bArr, 0, bArr4, 4, 12);
                this.f21486a.a(true, keyParameter);
                this.f21486a.c(bArr4, 0, bArr5, 0);
                System.arraycopy(bArr5, 0, bArr6, 0, 8);
                bArr4[0] = (byte) (bArr4[0] + 1);
                this.f21486a.c(bArr4, 0, bArr5, 0);
                System.arraycopy(bArr5, 0, bArr6, 8, 8);
                bArr4[0] = (byte) (bArr4[0] + 1);
                this.f21486a.c(bArr4, 0, bArr5, 0);
                System.arraycopy(bArr5, 0, bArr7, 0, 8);
                bArr4[0] = (byte) (bArr4[0] + 1);
                this.f21486a.c(bArr4, 0, bArr5, 0);
                System.arraycopy(bArr5, 0, bArr7, 8, 8);
                if (length == 32) {
                    bArr4[0] = (byte) (bArr4[0] + 1);
                    this.f21486a.c(bArr4, 0, bArr5, 0);
                    System.arraycopy(bArr5, 0, bArr7, 16, 8);
                    bArr4[0] = (byte) (bArr4[0] + 1);
                    this.f21486a.c(bArr4, 0, bArr5, 0);
                    System.arraycopy(bArr5, 0, bArr7, 24, 8);
                }
                this.f21486a.a(true, new KeyParameter(bArr7));
                n(bArr6, 0, 16, bArr5);
                int i2 = 0;
                for (int i3 = 0; i3 < 16; i3++) {
                    byte b2 = bArr5[i3];
                    bArr5[i3] = (byte) (i2 | ((b2 >> 1) & 127));
                    i2 = (b2 & 1) == 0 ? 0 : -128;
                }
                if (i2 != 0) {
                    bArr5[0] = (byte) (bArr5[0] ^ (-31));
                }
                this.f21487b.a(bArr5);
                this.f21497l |= 1;
                q();
                return;
            }
        }
        throw new IllegalArgumentException("Invalid key");
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String b() {
        return this.f21486a.b() + "-GCM-SIV";
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int c(byte[] bArr, int i2) {
        m(0);
        l(bArr, i2, g(0), true);
        if (this.f21494i) {
            byte[] j2 = j();
            byte[] d2 = this.f21492g.d();
            byte[] c2 = org.bouncycastle.util.Arrays.c(j2);
            c2[15] = (byte) (c2[15] | DerValue.TAG_CONTEXT);
            byte[] bArr2 = new byte[16];
            int size = this.f21492g.size();
            int i3 = 0;
            while (size > 0) {
                this.f21486a.c(c2, 0, bArr2, 0);
                int min = Math.min(16, size);
                r(bArr2, d2, i3, min);
                System.arraycopy(bArr2, 0, bArr, i2 + i3, min);
                size -= min;
                i3 += min;
                p(c2);
            }
            int size2 = this.f21492g.size() + 16;
            System.arraycopy(j2, 0, bArr, this.f21492g.size() + i2, 16);
            byte[] bArr3 = this.f21498m;
            System.arraycopy(j2, 0, bArr3, 0, bArr3.length);
            q();
            return size2;
        }
        byte[] d3 = this.f21493h.d();
        int size3 = this.f21493h.size() - 16;
        if (size3 < 0) {
            throw new InvalidCipherTextException("Data too short");
        }
        byte[] o2 = org.bouncycastle.util.Arrays.o(d3, size3, size3 + 16);
        byte[] c3 = org.bouncycastle.util.Arrays.c(o2);
        c3[15] = (byte) (c3[15] | DerValue.TAG_CONTEXT);
        byte[] bArr4 = new byte[16];
        int i4 = 0;
        while (size3 > 0) {
            this.f21486a.c(c3, 0, bArr4, 0);
            int min2 = Math.min(16, size3);
            r(bArr4, d3, i4, min2);
            this.f21492g.write(bArr4, 0, min2);
            this.f21491f.b(bArr4, 0, min2);
            size3 -= min2;
            i4 += min2;
            p(c3);
        }
        byte[] j3 = j();
        if (!org.bouncycastle.util.Arrays.m(j3, o2)) {
            q();
            throw new InvalidCipherTextException("mac check failed");
        }
        byte[] bArr5 = this.f21498m;
        System.arraycopy(j3, 0, bArr5, 0, bArr5.length);
        int size4 = this.f21492g.size();
        System.arraycopy(this.f21492g.d(), 0, bArr, i2, size4);
        q();
        return size4;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int d(byte[] bArr, int i2, int i3, byte[] bArr2, int i4) {
        m(i3);
        l(bArr, i2, i3, false);
        if (this.f21494i) {
            this.f21492g.write(bArr, i2, i3);
            this.f21491f.b(bArr, i2, i3);
        } else {
            this.f21493h.write(bArr, i2, i3);
        }
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public BlockCipher e() {
        return this.f21486a;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int f(int i2) {
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int g(int i2) {
        if (this.f21494i) {
            return this.f21492g.size() + i2 + 16;
        }
        int size = this.f21493h.size() + i2;
        if (size > 16) {
            return size - 16;
        }
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] h() {
        return org.bouncycastle.util.Arrays.c(this.f21498m);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void i(byte[] bArr, int i2, int i3) {
        k(i3);
        l(bArr, i2, i3, false);
        this.f21490e.b(bArr, i2, i3);
    }

    public final byte[] j() {
        this.f21491f.a();
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[16];
        Pack.l(this.f21491f.f21502d * 8, bArr2, 0);
        Pack.l(this.f21490e.f21502d * 8, bArr2, 8);
        o(bArr2);
        n(this.f21488c, 0, 16, bArr);
        byte[] bArr3 = new byte[16];
        for (int i2 = 0; i2 < 12; i2++) {
            bArr[i2] = (byte) (bArr[i2] ^ this.f21496k[i2]);
        }
        bArr[15] = (byte) (bArr[15] & (-129));
        this.f21486a.c(bArr, 0, bArr3, 0);
        return bArr3;
    }

    public final void k(int i2) {
        int i3 = this.f21497l;
        if ((i3 & 1) == 0) {
            throw new IllegalStateException("Cipher is not initialised");
        }
        if ((i3 & 2) != 0) {
            throw new IllegalStateException("AEAD data cannot be processed after ordinary data");
        }
        if (this.f21490e.f21502d - Long.MIN_VALUE > (2147483623 - i2) - Long.MIN_VALUE) {
            throw new IllegalStateException("AEAD byte count exceeded");
        }
    }

    public final void m(int i2) {
        int i3 = this.f21497l;
        if ((i3 & 1) == 0) {
            throw new IllegalStateException("Cipher is not initialised");
        }
        if ((i3 & 2) == 0) {
            this.f21490e.a();
            this.f21497l |= 2;
        }
        long j2 = 2147483623;
        long size = this.f21492g.size();
        if (!this.f21494i) {
            j2 = 2147483639;
            size = this.f21493h.size();
        }
        if (size - Long.MIN_VALUE > (j2 - i2) - Long.MIN_VALUE) {
            throw new IllegalStateException("byte count exceeded");
        }
    }

    public final void o(byte[] bArr) {
        byte[] bArr2 = this.f21488c;
        for (int i2 = 0; i2 < 16; i2++) {
            bArr2[i2] = (byte) (bArr2[i2] ^ bArr[i2]);
        }
        this.f21487b.b(this.f21488c);
    }

    public final void q() {
        GCMSIVCache gCMSIVCache = this.f21492g;
        if (gCMSIVCache != null) {
            gCMSIVCache.c();
        }
        GCMSIVHasher gCMSIVHasher = this.f21490e;
        gCMSIVHasher.f21501c = 0;
        gCMSIVHasher.f21502d = 0L;
        GCMSIVHasher gCMSIVHasher2 = this.f21491f;
        gCMSIVHasher2.f21501c = 0;
        gCMSIVHasher2.f21502d = 0L;
        this.f21492g = new GCMSIVCache();
        this.f21493h = this.f21494i ? null : new GCMSIVCache();
        this.f21497l &= -3;
        Arrays.fill(this.f21488c, (byte) 0);
        byte[] bArr = this.f21495j;
        if (bArr != null) {
            this.f21490e.b(bArr, 0, bArr.length);
        }
    }
}
