package org.bouncycastle.crypto.modes;

import java.io.ByteArrayOutputStream;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
import org.bouncycastle.crypto.modes.gcm.Tables4kGCMMultiplier;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes2.dex */
public class GCMSIVBlockCipher implements AEADBlockCipher {

    /* renamed from: a, reason: collision with root package name */
    public final BlockCipher f67629a;

    /* renamed from: b, reason: collision with root package name */
    public final GCMMultiplier f67630b;

    /* renamed from: c, reason: collision with root package name */
    public final byte[] f67631c;
    public final byte[] d;

    /* renamed from: e, reason: collision with root package name */
    public final b f67632e;

    /* renamed from: f, reason: collision with root package name */
    public final b f67633f;

    /* renamed from: g, reason: collision with root package name */
    public a f67634g;

    /* renamed from: h, reason: collision with root package name */
    public a f67635h;

    /* renamed from: i, reason: collision with root package name */
    public boolean f67636i;

    /* renamed from: j, reason: collision with root package name */
    public byte[] f67637j;

    /* renamed from: k, reason: collision with root package name */
    public byte[] f67638k;

    /* renamed from: l, reason: collision with root package name */
    public int f67639l;

    /* renamed from: m, reason: collision with root package name */
    public final byte[] f67640m;

    /* loaded from: classes2.dex */
    public static class a extends ByteArrayOutputStream {
        public final void a() {
            Arrays.fill(((ByteArrayOutputStream) this).buf, (byte) 0);
        }

        public final byte[] b() {
            return ((ByteArrayOutputStream) this).buf;
        }
    }

    /* loaded from: classes2.dex */
    public class b {

        /* renamed from: a, reason: collision with root package name */
        public final byte[] f67641a = new byte[16];

        /* renamed from: b, reason: collision with root package name */
        public final byte[] f67642b = new byte[1];

        /* renamed from: c, reason: collision with root package name */
        public int f67643c;
        public long d;

        public b() {
        }

        public final void a(int i3, int i10, byte[] bArr) {
            int i11;
            int i12 = this.f67643c;
            int i13 = 16 - i12;
            byte[] bArr2 = this.f67641a;
            GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
            int i14 = 0;
            if (i12 <= 0 || i10 < i13) {
                i11 = i10;
            } else {
                System.arraycopy(bArr, i3, bArr2, i12, i13);
                GCMSIVBlockCipher.e(bArr2, 0, gCMSIVBlockCipher.d, 16);
                gCMSIVBlockCipher.f(gCMSIVBlockCipher.d);
                i11 = i10 - i13;
                this.f67643c = 0;
                i14 = i13 + 0;
            }
            while (i11 >= 16) {
                GCMSIVBlockCipher.e(bArr, i3 + i14, gCMSIVBlockCipher.d, 16);
                gCMSIVBlockCipher.f(gCMSIVBlockCipher.d);
                i14 += i13;
                i11 -= i13;
            }
            if (i11 > 0) {
                System.arraycopy(bArr, i3 + i14, bArr2, this.f67643c, i11);
                this.f67643c += i11;
            }
            this.d += i10;
        }
    }

    public GCMSIVBlockCipher() {
        this(new AESEngine());
    }

    public GCMSIVBlockCipher(BlockCipher blockCipher) {
        this(blockCipher, new Tables4kGCMMultiplier());
    }

    public GCMSIVBlockCipher(BlockCipher blockCipher, GCMMultiplier gCMMultiplier) {
        this.f67631c = new byte[16];
        this.d = new byte[16];
        this.f67640m = new byte[16];
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("Cipher required with a block size of 16.");
        }
        this.f67629a = blockCipher;
        this.f67630b = gCMMultiplier;
        this.f67632e = new b();
        this.f67633f = new b();
    }

    public static void c(byte[] bArr, int i3, int i10, boolean z10) {
        int length = bArr == null ? 0 : bArr.length;
        int i11 = i3 + i10;
        if ((i10 < 0 || i3 < 0 || i11 < 0) || i11 > length) {
            if (!z10) {
                throw new DataLengthException("Input buffer too short.");
            }
        }
    }

    public static void e(byte[] bArr, int i3, byte[] bArr2, int i10) {
        int i11 = 0;
        int i12 = 15;
        while (i11 < i10) {
            bArr2[i12] = bArr[i3 + i11];
            i11++;
            i12--;
        }
    }

    public final byte[] a() {
        b bVar = this.f67633f;
        if (bVar.f67643c > 0) {
            GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
            Arrays.fill(gCMSIVBlockCipher.d, (byte) 0);
            int i3 = bVar.f67643c;
            byte[] bArr = bVar.f67641a;
            byte[] bArr2 = gCMSIVBlockCipher.d;
            e(bArr, 0, bArr2, i3);
            gCMSIVBlockCipher.f(bArr2);
        }
        byte[] bArr3 = new byte[16];
        byte[] bArr4 = new byte[16];
        Pack.longToBigEndian(bVar.d * 8, bArr4, 0);
        Pack.longToBigEndian(this.f67632e.d * 8, bArr4, 8);
        f(bArr4);
        e(this.f67631c, 0, bArr3, 16);
        byte[] bArr5 = new byte[16];
        for (int i10 = 0; i10 < 12; i10++) {
            bArr3[i10] = (byte) (bArr3[i10] ^ this.f67638k[i10]);
        }
        bArr3[15] = (byte) (bArr3[15] & (-129));
        this.f67629a.processBlock(bArr3, 0, bArr5, 0);
        return bArr5;
    }

    public final void b(int i3) {
        int i10 = this.f67639l;
        if ((i10 & 1) == 0) {
            throw new IllegalStateException("Cipher is not initialised");
        }
        if ((i10 & 2) != 0) {
            throw new IllegalStateException("AEAD data cannot be processed after ordinary data");
        }
        if (this.f67632e.d - Long.MIN_VALUE > (2147483623 - i3) - Long.MIN_VALUE) {
            throw new IllegalStateException("AEAD byte count exceeded");
        }
    }

    public final void d(int i3) {
        long j10;
        int i10 = this.f67639l;
        if ((i10 & 1) == 0) {
            throw new IllegalStateException("Cipher is not initialised");
        }
        if ((i10 & 2) == 0) {
            b bVar = this.f67632e;
            if (bVar.f67643c > 0) {
                GCMSIVBlockCipher gCMSIVBlockCipher = GCMSIVBlockCipher.this;
                Arrays.fill(gCMSIVBlockCipher.d, (byte) 0);
                int i11 = bVar.f67643c;
                byte[] bArr = bVar.f67641a;
                byte[] bArr2 = gCMSIVBlockCipher.d;
                e(bArr, 0, bArr2, i11);
                gCMSIVBlockCipher.f(bArr2);
            }
            this.f67639l |= 2;
        }
        long size = this.f67634g.size();
        if (this.f67636i) {
            j10 = 2147483623;
        } else {
            size = this.f67635h.size();
            j10 = 2147483639;
        }
        if (size - Long.MIN_VALUE > (j10 - i3) - Long.MIN_VALUE) {
            throw new IllegalStateException("byte count exceeded");
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int doFinal(byte[] bArr, int i3) throws IllegalStateException, InvalidCipherTextException {
        d(0);
        c(bArr, i3, getOutputSize(0), true);
        boolean z10 = this.f67636i;
        byte[] bArr2 = this.f67640m;
        BlockCipher blockCipher = this.f67629a;
        int i10 = 16;
        if (z10) {
            byte[] a10 = a();
            byte[] b10 = this.f67634g.b();
            byte[] clone = Arrays.clone(a10);
            clone[15] = (byte) (clone[15] | Byte.MIN_VALUE);
            byte[] bArr3 = new byte[16];
            int size = this.f67634g.size();
            int i11 = 0;
            while (size > 0) {
                blockCipher.processBlock(clone, 0, bArr3, 0);
                int min = Math.min(i10, size);
                for (int i12 = 0; i12 < min; i12++) {
                    bArr3[i12] = (byte) (bArr3[i12] ^ b10[i12 + i11]);
                }
                System.arraycopy(bArr3, 0, bArr, i3 + i11, min);
                size -= min;
                i11 += min;
                for (int i13 = 0; i13 < 4; i13++) {
                    byte b11 = (byte) (clone[i13] + 1);
                    clone[i13] = b11;
                    if (b11 != 0) {
                        break;
                    }
                }
                i10 = 16;
            }
            int size2 = this.f67634g.size() + 16;
            System.arraycopy(a10, 0, bArr, this.f67634g.size() + i3, 16);
            System.arraycopy(a10, 0, bArr2, 0, bArr2.length);
            g();
            return size2;
        }
        byte[] b12 = this.f67635h.b();
        int size3 = this.f67635h.size() - 16;
        if (size3 < 0) {
            throw new InvalidCipherTextException("Data too short");
        }
        byte[] copyOfRange = Arrays.copyOfRange(b12, size3, size3 + 16);
        byte[] clone2 = Arrays.clone(copyOfRange);
        clone2[15] = (byte) (clone2[15] | Byte.MIN_VALUE);
        byte[] bArr4 = new byte[16];
        int i14 = 0;
        while (size3 > 0) {
            blockCipher.processBlock(clone2, 0, bArr4, 0);
            int min2 = Math.min(i10, size3);
            for (int i15 = 0; i15 < min2; i15++) {
                bArr4[i15] = (byte) (bArr4[i15] ^ b12[i15 + i14]);
            }
            this.f67634g.write(bArr4, 0, min2);
            this.f67633f.a(0, min2, bArr4);
            size3 -= min2;
            i14 += min2;
            for (int i16 = 0; i16 < 4; i16++) {
                byte b13 = (byte) (clone2[i16] + 1);
                clone2[i16] = b13;
                if (b13 != 0) {
                    break;
                }
            }
            i10 = 16;
        }
        byte[] a11 = a();
        if (!Arrays.constantTimeAreEqual(a11, copyOfRange)) {
            reset();
            throw new InvalidCipherTextException("mac check failed");
        }
        System.arraycopy(a11, 0, bArr2, 0, bArr2.length);
        int size4 = this.f67634g.size();
        System.arraycopy(this.f67634g.b(), 0, bArr, i3, size4);
        g();
        return size4;
    }

    public final void f(byte[] bArr) {
        int i3 = 0;
        while (true) {
            byte[] bArr2 = this.f67631c;
            if (i3 >= 16) {
                this.f67630b.multiplyH(bArr2);
                return;
            } else {
                bArr2[i3] = (byte) (bArr2[i3] ^ bArr[i3]);
                i3++;
            }
        }
    }

    public final void g() {
        a aVar = this.f67634g;
        if (aVar != null) {
            aVar.a();
        }
        b bVar = this.f67632e;
        bVar.f67643c = 0;
        bVar.d = 0L;
        b bVar2 = this.f67633f;
        bVar2.f67643c = 0;
        bVar2.d = 0L;
        this.f67634g = new a();
        this.f67635h = this.f67636i ? null : new a();
        this.f67639l &= -3;
        Arrays.fill(this.f67631c, (byte) 0);
        byte[] bArr = this.f67637j;
        if (bArr != null) {
            bVar.a(0, bArr.length, bArr);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return this.f67629a.getAlgorithmName() + "-GCM-SIV";
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        return Arrays.clone(this.f67640m);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i3) {
        if (this.f67636i) {
            return this.f67634g.size() + i3 + 16;
        }
        int size = this.f67635h.size() + i3;
        if (size > 16) {
            return size - 16;
        }
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public BlockCipher getUnderlyingCipher() {
        return this.f67629a;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i3) {
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z10, CipherParameters cipherParameters) throws IllegalArgumentException {
        byte[] iv;
        KeyParameter keyParameter;
        byte[] bArr;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            bArr = aEADParameters.getAssociatedText();
            iv = aEADParameters.getNonce();
            keyParameter = aEADParameters.getKey();
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to GCM-SIV");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            iv = parametersWithIV.getIV();
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
            bArr = null;
        }
        if (iv == null || iv.length != 12) {
            throw new IllegalArgumentException("Invalid nonce");
        }
        if (keyParameter == null || !(keyParameter.getKey().length == 16 || keyParameter.getKey().length == 32)) {
            throw new IllegalArgumentException("Invalid key");
        }
        this.f67636i = z10;
        this.f67637j = bArr;
        this.f67638k = iv;
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[16];
        byte[] bArr4 = new byte[16];
        int length = keyParameter.getKey().length;
        byte[] bArr5 = new byte[length];
        System.arraycopy(this.f67638k, 0, bArr2, 4, 12);
        BlockCipher blockCipher = this.f67629a;
        blockCipher.init(true, keyParameter);
        blockCipher.processBlock(bArr2, 0, bArr3, 0);
        System.arraycopy(bArr3, 0, bArr4, 0, 8);
        bArr2[0] = (byte) (bArr2[0] + 1);
        blockCipher.processBlock(bArr2, 0, bArr3, 0);
        System.arraycopy(bArr3, 0, bArr4, 8, 8);
        bArr2[0] = (byte) (bArr2[0] + 1);
        blockCipher.processBlock(bArr2, 0, bArr3, 0);
        System.arraycopy(bArr3, 0, bArr5, 0, 8);
        bArr2[0] = (byte) (bArr2[0] + 1);
        blockCipher.processBlock(bArr2, 0, bArr3, 0);
        System.arraycopy(bArr3, 0, bArr5, 8, 8);
        if (length == 32) {
            bArr2[0] = (byte) (bArr2[0] + 1);
            blockCipher.processBlock(bArr2, 0, bArr3, 0);
            System.arraycopy(bArr3, 0, bArr5, 16, 8);
            bArr2[0] = (byte) (bArr2[0] + 1);
            blockCipher.processBlock(bArr2, 0, bArr3, 0);
            System.arraycopy(bArr3, 0, bArr5, 24, 8);
        }
        blockCipher.init(true, new KeyParameter(bArr5));
        e(bArr4, 0, bArr3, 16);
        int i3 = 0;
        for (int i10 = 0; i10 < 16; i10++) {
            byte b10 = bArr3[i10];
            bArr3[i10] = (byte) (i3 | ((b10 >> 1) & 127));
            i3 = (b10 & 1) == 0 ? 0 : -128;
        }
        if (i3 != 0) {
            bArr3[0] = (byte) (bArr3[0] ^ (-31));
        }
        this.f67630b.init(bArr3);
        this.f67639l |= 1;
        g();
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADByte(byte b10) {
        b(1);
        b bVar = this.f67632e;
        byte[] bArr = bVar.f67642b;
        bArr[0] = b10;
        bVar.a(0, 1, bArr);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i3, int i10) {
        b(i10);
        c(bArr, i3, i10, false);
        this.f67632e.a(i3, i10, bArr);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b10, byte[] bArr, int i3) throws DataLengthException {
        d(1);
        if (this.f67636i) {
            this.f67634g.write(b10);
            b bVar = this.f67633f;
            byte[] bArr2 = bVar.f67642b;
            bArr2[0] = b10;
            bVar.a(0, 1, bArr2);
        } else {
            this.f67635h.write(b10);
        }
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i3, int i10, byte[] bArr2, int i11) throws DataLengthException {
        d(i10);
        c(bArr, i3, i10, false);
        if (this.f67636i) {
            this.f67634g.write(bArr, i3, i10);
            this.f67633f.a(i3, i10, bArr);
        } else {
            this.f67635h.write(bArr, i3, i10);
        }
        return 0;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void reset() {
        g();
    }
}
