package org.bouncycastle.crypto.modes;

import java.io.ByteArrayOutputStream;
import java.util.Arrays;
import org.bouncycastle.asn1.eac.CertificateBody;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.modes.gcm.Tables4kGCMMultiplier;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Pack;

/* loaded from: classes3.dex */
public final class GCMSIVBlockCipher implements AEADBlockCipher {
    public boolean forEncryption;
    public final byte[] macBlock;
    public final GCMSIVHasher theAEADHasher;
    public final BlockCipher theCipher;
    public final GCMSIVHasher theDataHasher;
    public GCMSIVCache theEncData;
    public int theFlags;
    public final byte[] theGHash;
    public byte[] theInitialAEAD;
    public final Tables4kGCMMultiplier theMultiplier;
    public byte[] theNonce;
    public GCMSIVCache thePlain;
    public final byte[] theReverse;

    /* loaded from: classes3.dex */
    public static class GCMSIVCache extends ByteArrayOutputStream {
        public final void clearBuffer() {
            Arrays.fill(((ByteArrayOutputStream) this).buf, (byte) 0);
        }

        public final byte[] getBuffer() {
            return ((ByteArrayOutputStream) this).buf;
        }
    }

    /* loaded from: classes3.dex */
    public class GCMSIVHasher {
        public int numActive;
        public long numHashed;
        public final byte[] theBuffer = new byte[16];
        public final byte[] theByte = new byte[1];

        public GCMSIVHasher() {
        }

        public final void updateHash(int i, int i2, byte[] bArr) {
            int i3;
            int i4 = this.numActive;
            int i5 = 16 - i4;
            byte[] bArr2 = this.theBuffer;
            GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
            int i6 = 0;
            if (i4 <= 0 || i2 < i5) {
                i3 = i2;
            } else {
                System.arraycopy(bArr, i, bArr2, i4, i5);
                GCMSIVBlockCipher.fillReverse(bArr2, 0, gCMSIVBlockCipher.theReverse, 16);
                gCMSIVBlockCipher.gHASH(gCMSIVBlockCipher.theReverse);
                i3 = i2 - i5;
                this.numActive = 0;
                i6 = i5 + 0;
            }
            while (i3 >= 16) {
                GCMSIVBlockCipher.fillReverse(bArr, i + i6, gCMSIVBlockCipher.theReverse, 16);
                gCMSIVBlockCipher.gHASH(gCMSIVBlockCipher.theReverse);
                i6 += i5;
                i3 -= i5;
            }
            if (i3 > 0) {
                System.arraycopy(bArr, i + i6, bArr2, this.numActive, i3);
                this.numActive += i3;
            }
            this.numHashed += i2;
        }
    }

    public GCMSIVBlockCipher(BlockCipher blockCipher) {
        Tables4kGCMMultiplier tables4kGCMMultiplier = new Tables4kGCMMultiplier();
        this.theGHash = new byte[16];
        this.theReverse = new byte[16];
        this.macBlock = new byte[16];
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("Cipher required with a block size of 16.");
        }
        this.theCipher = blockCipher;
        this.theMultiplier = tables4kGCMMultiplier;
        this.theAEADHasher = new GCMSIVHasher();
        this.theDataHasher = new GCMSIVHasher();
    }

    public static void checkBuffer(boolean z, int i, int i2, byte[] bArr) {
        int length = bArr == null ? 0 : bArr.length;
        int i3 = i + i2;
        if ((i2 < 0 || i < 0 || i3 < 0) || i3 > length) {
            if (!z) {
                throw new DataLengthException("Input buffer too short.");
            }
        }
    }

    public static void fillReverse(byte[] bArr, int i, byte[] bArr2, int i2) {
        int i3 = 0;
        int i4 = 15;
        while (i3 < i2) {
            bArr2[i4] = bArr[i + i3];
            i3++;
            i4--;
        }
    }

    public final byte[] calculateTag() {
        GCMSIVHasher gCMSIVHasher = this.theDataHasher;
        if (gCMSIVHasher.numActive > 0) {
            GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
            Arrays.fill(gCMSIVBlockCipher.theReverse, (byte) 0);
            int i = gCMSIVHasher.numActive;
            byte[] bArr = gCMSIVHasher.theBuffer;
            byte[] bArr2 = gCMSIVBlockCipher.theReverse;
            fillReverse(bArr, 0, bArr2, i);
            gCMSIVBlockCipher.gHASH(bArr2);
        }
        byte[] bArr3 = new byte[16];
        byte[] bArr4 = new byte[16];
        Pack.longToBigEndian(gCMSIVHasher.numHashed * 8, bArr4, 0);
        Pack.longToBigEndian(this.theAEADHasher.numHashed * 8, bArr4, 8);
        gHASH(bArr4);
        fillReverse(this.theGHash, 0, bArr3, 16);
        byte[] bArr5 = new byte[16];
        for (int i2 = 0; i2 < 12; i2++) {
            bArr3[i2] = (byte) (bArr3[i2] ^ this.theNonce[i2]);
        }
        bArr3[15] = (byte) (bArr3[15] & (-129));
        this.theCipher.processBlock(bArr3, 0, bArr5, 0);
        return bArr5;
    }

    public final void checkStatus(int i) {
        long j;
        int i2 = this.theFlags;
        if ((i2 & 1) == 0) {
            throw new IllegalStateException("Cipher is not initialised");
        }
        if ((i2 & 2) == 0) {
            GCMSIVHasher gCMSIVHasher = this.theAEADHasher;
            if (gCMSIVHasher.numActive > 0) {
                GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
                Arrays.fill(gCMSIVBlockCipher.theReverse, (byte) 0);
                int i3 = gCMSIVHasher.numActive;
                byte[] bArr = gCMSIVHasher.theBuffer;
                byte[] bArr2 = gCMSIVBlockCipher.theReverse;
                fillReverse(bArr, 0, bArr2, i3);
                gCMSIVBlockCipher.gHASH(bArr2);
            }
            this.theFlags |= 2;
        }
        long size = this.thePlain.size();
        if (this.forEncryption) {
            j = 2147483623;
        } else {
            size = this.theEncData.size();
            j = 2147483639;
        }
        if (size - Long.MIN_VALUE > (j - i) - Long.MIN_VALUE) {
            throw new IllegalStateException("byte count exceeded");
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public final int doFinal(byte[] bArr, int i) throws IllegalStateException, InvalidCipherTextException {
        checkStatus(0);
        checkBuffer(true, i, getOutputSize(0), bArr);
        boolean z = this.forEncryption;
        byte[] bArr2 = this.macBlock;
        BlockCipher blockCipher = this.theCipher;
        int i2 = 16;
        if (z) {
            byte[] calculateTag = calculateTag();
            byte[] buffer = this.thePlain.getBuffer();
            byte[] clone = org.bouncycastle.util.Arrays.clone(calculateTag);
            clone[15] = (byte) (clone[15] | Byte.MIN_VALUE);
            byte[] bArr3 = new byte[16];
            int size = this.thePlain.size();
            int i3 = 0;
            while (size > 0) {
                blockCipher.processBlock(clone, 0, bArr3, 0);
                int min = Math.min(i2, size);
                for (int i4 = 0; i4 < min; i4++) {
                    bArr3[i4] = (byte) (bArr3[i4] ^ buffer[i4 + i3]);
                }
                System.arraycopy(bArr3, 0, bArr, i + i3, min);
                size -= min;
                i3 += min;
                for (int i5 = 0; i5 < 4; i5++) {
                    byte b = (byte) (clone[i5] + 1);
                    clone[i5] = b;
                    if (b != 0) {
                        break;
                    }
                }
                i2 = 16;
            }
            int size2 = this.thePlain.size() + 16;
            System.arraycopy(calculateTag, 0, bArr, this.thePlain.size() + i, 16);
            System.arraycopy(calculateTag, 0, bArr2, 0, bArr2.length);
            resetStreams();
            return size2;
        }
        byte[] buffer2 = this.theEncData.getBuffer();
        int size3 = this.theEncData.size() - 16;
        if (size3 < 0) {
            throw new InvalidCipherTextException("Data too short");
        }
        byte[] copyOfRange = org.bouncycastle.util.Arrays.copyOfRange(size3, size3 + 16, buffer2);
        byte[] clone2 = org.bouncycastle.util.Arrays.clone(copyOfRange);
        clone2[15] = (byte) (clone2[15] | Byte.MIN_VALUE);
        byte[] bArr4 = new byte[16];
        int i6 = 0;
        while (size3 > 0) {
            blockCipher.processBlock(clone2, 0, bArr4, 0);
            int min2 = Math.min(i2, size3);
            for (int i7 = 0; i7 < min2; i7++) {
                bArr4[i7] = (byte) (bArr4[i7] ^ buffer2[i7 + i6]);
            }
            this.thePlain.write(bArr4, 0, min2);
            this.theDataHasher.updateHash(0, min2, bArr4);
            size3 -= min2;
            i6 += min2;
            for (int i8 = 0; i8 < 4; i8++) {
                byte b2 = (byte) (clone2[i8] + 1);
                clone2[i8] = b2;
                if (b2 != 0) {
                    break;
                }
            }
            i2 = 16;
        }
        byte[] calculateTag2 = calculateTag();
        if (!org.bouncycastle.util.Arrays.constantTimeAreEqual(calculateTag2, copyOfRange)) {
            resetStreams();
            throw new InvalidCipherTextException("mac check failed");
        }
        System.arraycopy(calculateTag2, 0, bArr2, 0, bArr2.length);
        int size4 = this.thePlain.size();
        System.arraycopy(this.thePlain.getBuffer(), 0, bArr, i, size4);
        resetStreams();
        return size4;
    }

    public final void gHASH(byte[] bArr) {
        int i = 0;
        while (true) {
            byte[] bArr2 = this.theGHash;
            if (i >= 16) {
                this.theMultiplier.multiplyH(bArr2);
                return;
            } else {
                bArr2[i] = (byte) (bArr2[i] ^ bArr[i]);
                i++;
            }
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public final String getAlgorithmName() {
        return this.theCipher.getAlgorithmName() + "-GCM-SIV";
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public final byte[] getMac() {
        return org.bouncycastle.util.Arrays.clone(this.macBlock);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public final int getOutputSize(int i) {
        if (this.forEncryption) {
            return this.thePlain.size() + i + 16;
        }
        int size = this.theEncData.size() + i;
        if (size > 16) {
            return size - 16;
        }
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public final BlockCipher getUnderlyingCipher() {
        return this.theCipher;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public final int getUpdateOutputSize(int i) {
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public final void init(boolean z, CipherParameters cipherParameters) throws IllegalArgumentException {
        byte[] bArr;
        KeyParameter keyParameter;
        byte[] bArr2;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            bArr2 = aEADParameters.getAssociatedText();
            bArr = aEADParameters.getNonce();
            keyParameter = aEADParameters.key;
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to GCM-SIV");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            bArr = parametersWithIV.iv;
            keyParameter = (KeyParameter) parametersWithIV.parameters;
            bArr2 = null;
        }
        if (bArr == null || bArr.length != 12) {
            throw new IllegalArgumentException("Invalid nonce");
        }
        if (keyParameter != null) {
            byte[] bArr3 = keyParameter.key;
            if (bArr3.length == 16 || bArr3.length == 32) {
                this.forEncryption = z;
                this.theInitialAEAD = bArr2;
                this.theNonce = bArr;
                byte[] bArr4 = new byte[16];
                byte[] bArr5 = new byte[16];
                byte[] bArr6 = new byte[16];
                int length = bArr3.length;
                byte[] bArr7 = new byte[length];
                System.arraycopy(bArr, 0, bArr4, 4, 12);
                BlockCipher blockCipher = this.theCipher;
                blockCipher.init(true, keyParameter);
                blockCipher.processBlock(bArr4, 0, bArr5, 0);
                System.arraycopy(bArr5, 0, bArr6, 0, 8);
                bArr4[0] = (byte) (bArr4[0] + 1);
                blockCipher.processBlock(bArr4, 0, bArr5, 0);
                System.arraycopy(bArr5, 0, bArr6, 8, 8);
                bArr4[0] = (byte) (bArr4[0] + 1);
                blockCipher.processBlock(bArr4, 0, bArr5, 0);
                System.arraycopy(bArr5, 0, bArr7, 0, 8);
                bArr4[0] = (byte) (bArr4[0] + 1);
                blockCipher.processBlock(bArr4, 0, bArr5, 0);
                System.arraycopy(bArr5, 0, bArr7, 8, 8);
                if (length == 32) {
                    bArr4[0] = (byte) (bArr4[0] + 1);
                    blockCipher.processBlock(bArr4, 0, bArr5, 0);
                    System.arraycopy(bArr5, 0, bArr7, 16, 8);
                    bArr4[0] = (byte) (bArr4[0] + 1);
                    blockCipher.processBlock(bArr4, 0, bArr5, 0);
                    System.arraycopy(bArr5, 0, bArr7, 24, 8);
                }
                blockCipher.init(true, new KeyParameter(bArr7, 0, length));
                fillReverse(bArr6, 0, bArr5, 16);
                int i = 0;
                for (int i2 = 0; i2 < 16; i2++) {
                    byte b = bArr5[i2];
                    bArr5[i2] = (byte) (i | ((b >> 1) & CertificateBody.profileType));
                    i = (b & 1) == 0 ? 0 : -128;
                }
                if (i != 0) {
                    bArr5[0] = (byte) (bArr5[0] ^ (-31));
                }
                this.theMultiplier.init(bArr5);
                this.theFlags |= 1;
                resetStreams();
                return;
            }
        }
        throw new IllegalArgumentException("Invalid key");
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public final void processAADBytes(int i, int i2, byte[] bArr) {
        int i3 = this.theFlags;
        if ((i3 & 1) == 0) {
            throw new IllegalStateException("Cipher is not initialised");
        }
        if ((i3 & 2) != 0) {
            throw new IllegalStateException("AEAD data cannot be processed after ordinary data");
        }
        GCMSIVHasher gCMSIVHasher = this.theAEADHasher;
        if (gCMSIVHasher.numHashed - Long.MIN_VALUE > (2147483623 - i2) - Long.MIN_VALUE) {
            throw new IllegalStateException("AEAD byte count exceeded");
        }
        checkBuffer(false, i, i2, bArr);
        gCMSIVHasher.updateHash(i, i2, bArr);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public final int processByte(byte b, byte[] bArr, int i) throws DataLengthException {
        checkStatus(1);
        if (this.forEncryption) {
            this.thePlain.write(b);
            GCMSIVHasher gCMSIVHasher = this.theDataHasher;
            byte[] bArr2 = gCMSIVHasher.theByte;
            bArr2[0] = b;
            gCMSIVHasher.updateHash(0, 1, bArr2);
        } else {
            this.theEncData.write(b);
        }
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public final int processBytes(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws DataLengthException {
        checkStatus(i2);
        checkBuffer(false, i, i2, bArr);
        if (this.forEncryption) {
            this.thePlain.write(bArr, i, i2);
            this.theDataHasher.updateHash(i, i2, bArr);
        } else {
            this.theEncData.write(bArr, i, i2);
        }
        return 0;
    }

    public final void resetStreams() {
        GCMSIVCache gCMSIVCache = this.thePlain;
        if (gCMSIVCache != null) {
            gCMSIVCache.clearBuffer();
        }
        GCMSIVHasher gCMSIVHasher = this.theAEADHasher;
        gCMSIVHasher.numActive = 0;
        gCMSIVHasher.numHashed = 0L;
        GCMSIVHasher gCMSIVHasher2 = this.theDataHasher;
        gCMSIVHasher2.numActive = 0;
        gCMSIVHasher2.numHashed = 0L;
        this.thePlain = new GCMSIVCache();
        this.theEncData = this.forEncryption ? null : new GCMSIVCache();
        this.theFlags &= -3;
        Arrays.fill(this.theGHash, (byte) 0);
        byte[] bArr = this.theInitialAEAD;
        if (bArr != null) {
            gCMSIVHasher.updateHash(0, bArr.length, bArr);
        }
    }
}
