package org.bouncycastle.crypto.modes;

import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.modes.gcm.BasicGCMExponentiator;
import org.bouncycastle.crypto.modes.gcm.GCMExponentiator;
import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
import org.bouncycastle.crypto.modes.gcm.GCMUtil;
import org.bouncycastle.crypto.modes.gcm.Tables4kGCMMultiplier;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes3.dex */
public class GCMBlockCipher implements GCMModeCipher {
    private static final int BLOCK_SIZE = 16;

    /* renamed from: H, reason: collision with root package name */
    private byte[] f11484H;

    /* renamed from: J0, reason: collision with root package name */
    private byte[] f11485J0;

    /* renamed from: S, reason: collision with root package name */
    private byte[] f11486S;
    private byte[] S_at;
    private byte[] S_atPre;
    private byte[] atBlock;
    private int atBlockPos;
    private long atLength;
    private long atLengthPre;
    private int blocksRemaining;
    private byte[] bufBlock;
    private int bufOff;
    private BlockCipher cipher;
    private byte[] counter;
    private GCMExponentiator exp;
    private boolean forEncryption;
    private byte[] initialAssociatedText;
    private boolean initialised;
    private byte[] lastKey;
    private byte[] macBlock;
    private int macSize;
    private GCMMultiplier multiplier;
    private byte[] nonce;
    private long totalLength;

    public GCMBlockCipher(BlockCipher blockCipher) {
        this(blockCipher, null);
    }

    public GCMBlockCipher(BlockCipher blockCipher, GCMMultiplier gCMMultiplier) {
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("cipher required with a block size of 16.");
        }
        gCMMultiplier = gCMMultiplier == null ? new Tables4kGCMMultiplier() : gCMMultiplier;
        this.cipher = blockCipher;
        this.multiplier = gCMMultiplier;
    }

    private void checkStatus() {
        if (this.initialised) {
            return;
        }
        if (!this.forEncryption) {
            throw new IllegalStateException("GCM cipher needs to be initialised");
        }
        throw new IllegalStateException("GCM cipher cannot be reused for encryption");
    }

    private void decryptBlock(byte[] bArr, int i5, byte[] bArr2, int i6) {
        if (bArr2.length - i6 < 16) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (this.totalLength == 0) {
            initCipher();
        }
        byte[] bArr3 = new byte[16];
        getNextCTRBlock(bArr3);
        gHASHBlock(this.f11486S, bArr, i5);
        GCMUtil.xor(bArr3, 0, bArr, i5, bArr2, i6);
        this.totalLength += 16;
    }

    private void encryptBlock(byte[] bArr, int i5, byte[] bArr2, int i6) {
        if (bArr2.length - i6 < 16) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (this.totalLength == 0) {
            initCipher();
        }
        byte[] bArr3 = new byte[16];
        getNextCTRBlock(bArr3);
        GCMUtil.xor(bArr3, bArr, i5);
        gHASHBlock(this.f11486S, bArr3);
        System.arraycopy(bArr3, 0, bArr2, i6, 16);
        this.totalLength += 16;
    }

    private void gHASH(byte[] bArr, byte[] bArr2, int i5) {
        for (int i6 = 0; i6 < i5; i6 += 16) {
            gHASHPartial(bArr, bArr2, i6, Math.min(i5 - i6, 16));
        }
    }

    private void gHASHBlock(byte[] bArr, byte[] bArr2) {
        GCMUtil.xor(bArr, bArr2);
        this.multiplier.multiplyH(bArr);
    }

    private void gHASHBlock(byte[] bArr, byte[] bArr2, int i5) {
        GCMUtil.xor(bArr, bArr2, i5);
        this.multiplier.multiplyH(bArr);
    }

    private void gHASHPartial(byte[] bArr, byte[] bArr2, int i5, int i6) {
        GCMUtil.xor(bArr, bArr2, i5, i6);
        this.multiplier.multiplyH(bArr);
    }

    private void getNextCTRBlock(byte[] bArr) {
        int i5 = this.blocksRemaining;
        if (i5 == 0) {
            throw new IllegalStateException("Attempt to process too many blocks");
        }
        this.blocksRemaining = i5 - 1;
        byte[] bArr2 = this.counter;
        int i6 = (bArr2[15] & 255) + 1;
        bArr2[15] = (byte) i6;
        int i7 = (i6 >>> 8) + (bArr2[14] & 255);
        bArr2[14] = (byte) i7;
        int i8 = (i7 >>> 8) + (bArr2[13] & 255);
        bArr2[13] = (byte) i8;
        bArr2[12] = (byte) ((i8 >>> 8) + (bArr2[12] & 255));
        this.cipher.processBlock(bArr2, 0, bArr, 0);
    }

    private void initCipher() {
        if (this.atLength > 0) {
            System.arraycopy(this.S_at, 0, this.S_atPre, 0, 16);
            this.atLengthPre = this.atLength;
        }
        int i5 = this.atBlockPos;
        if (i5 > 0) {
            gHASHPartial(this.S_atPre, this.atBlock, 0, i5);
            this.atLengthPre += this.atBlockPos;
        }
        if (this.atLengthPre > 0) {
            System.arraycopy(this.S_atPre, 0, this.f11486S, 0, 16);
        }
    }

    public static GCMModeCipher newInstance(BlockCipher blockCipher) {
        return new GCMBlockCipher(blockCipher);
    }

    public static GCMModeCipher newInstance(BlockCipher blockCipher, GCMMultiplier gCMMultiplier) {
        return new GCMBlockCipher(blockCipher, gCMMultiplier);
    }

    private void processPartial(byte[] bArr, int i5, int i6, byte[] bArr2, int i7) {
        byte[] bArr3 = new byte[16];
        getNextCTRBlock(bArr3);
        if (this.forEncryption) {
            GCMUtil.xor(bArr, i5, bArr3, 0, i6);
            gHASHPartial(this.f11486S, bArr, i5, i6);
        } else {
            gHASHPartial(this.f11486S, bArr, i5, i6);
            GCMUtil.xor(bArr, i5, bArr3, 0, i6);
        }
        System.arraycopy(bArr, i5, bArr2, i7, i6);
        this.totalLength += i6;
    }

    private void reset(boolean z5) {
        this.cipher.reset();
        this.f11486S = new byte[16];
        this.S_at = new byte[16];
        this.S_atPre = new byte[16];
        this.atBlock = new byte[16];
        this.atBlockPos = 0;
        this.atLength = 0L;
        this.atLengthPre = 0L;
        this.counter = Arrays.clone(this.f11485J0);
        this.blocksRemaining = -2;
        this.bufOff = 0;
        this.totalLength = 0L;
        byte[] bArr = this.bufBlock;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
        if (z5) {
            this.macBlock = null;
        }
        if (this.forEncryption) {
            this.initialised = false;
            return;
        }
        byte[] bArr2 = this.initialAssociatedText;
        if (bArr2 != null) {
            processAADBytes(bArr2, 0, bArr2.length);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int doFinal(byte[] bArr, int i5) {
        checkStatus();
        if (this.totalLength == 0) {
            initCipher();
        }
        int i6 = this.bufOff;
        if (!this.forEncryption) {
            int i7 = this.macSize;
            if (i6 < i7) {
                throw new InvalidCipherTextException("data too short");
            }
            i6 -= i7;
            if (bArr.length - i5 < i6) {
                throw new OutputLengthException("Output buffer too short");
            }
        } else if (bArr.length - i5 < this.macSize + i6) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (i6 > 0) {
            processPartial(this.bufBlock, 0, i6, bArr, i5);
        }
        long j5 = this.atLength;
        int i8 = this.atBlockPos;
        long j6 = j5 + i8;
        this.atLength = j6;
        if (j6 > this.atLengthPre) {
            if (i8 > 0) {
                gHASHPartial(this.S_at, this.atBlock, 0, i8);
            }
            if (this.atLengthPre > 0) {
                GCMUtil.xor(this.S_at, this.S_atPre);
            }
            long j7 = ((this.totalLength * 8) + 127) >>> 7;
            byte[] bArr2 = new byte[16];
            if (this.exp == null) {
                BasicGCMExponentiator basicGCMExponentiator = new BasicGCMExponentiator();
                this.exp = basicGCMExponentiator;
                basicGCMExponentiator.init(this.f11484H);
            }
            this.exp.exponentiateX(j7, bArr2);
            GCMUtil.multiply(this.S_at, bArr2);
            GCMUtil.xor(this.f11486S, this.S_at);
        }
        byte[] bArr3 = new byte[16];
        Pack.longToBigEndian(this.atLength * 8, bArr3, 0);
        Pack.longToBigEndian(this.totalLength * 8, bArr3, 8);
        gHASHBlock(this.f11486S, bArr3);
        byte[] bArr4 = new byte[16];
        this.cipher.processBlock(this.f11485J0, 0, bArr4, 0);
        GCMUtil.xor(bArr4, this.f11486S);
        int i9 = this.macSize;
        byte[] bArr5 = new byte[i9];
        this.macBlock = bArr5;
        System.arraycopy(bArr4, 0, bArr5, 0, i9);
        if (this.forEncryption) {
            System.arraycopy(this.macBlock, 0, bArr, i5 + this.bufOff, this.macSize);
            i6 += this.macSize;
        } else {
            int i10 = this.macSize;
            byte[] bArr6 = new byte[i10];
            System.arraycopy(this.bufBlock, i6, bArr6, 0, i10);
            if (!Arrays.constantTimeAreEqual(this.macBlock, bArr6)) {
                throw new InvalidCipherTextException("mac check in GCM failed");
            }
        }
        reset(false);
        return i6;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return this.cipher.getAlgorithmName() + "/GCM";
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        byte[] bArr = this.macBlock;
        return bArr == null ? new byte[this.macSize] : Arrays.clone(bArr);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i5) {
        int i6 = i5 + this.bufOff;
        if (this.forEncryption) {
            return i6 + this.macSize;
        }
        int i7 = this.macSize;
        if (i6 < i7) {
            return 0;
        }
        return i6 - i7;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public BlockCipher getUnderlyingCipher() {
        return this.cipher;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i5) {
        int i6 = i5 + this.bufOff;
        if (!this.forEncryption) {
            int i7 = this.macSize;
            if (i6 < i7) {
                return 0;
            }
            i6 -= i7;
        }
        return i6 - (i6 % 16);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z5, CipherParameters cipherParameters) {
        byte[] iv;
        KeyParameter keyParameter;
        byte[] bArr;
        this.forEncryption = z5;
        this.macBlock = null;
        this.initialised = true;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            iv = aEADParameters.getNonce();
            this.initialAssociatedText = aEADParameters.getAssociatedText();
            int macSize = aEADParameters.getMacSize();
            if (macSize < 32 || macSize > 128 || macSize % 8 != 0) {
                throw new IllegalArgumentException("Invalid value for MAC size: " + macSize);
            }
            this.macSize = macSize / 8;
            keyParameter = aEADParameters.getKey();
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to GCM");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            iv = parametersWithIV.getIV();
            this.initialAssociatedText = null;
            this.macSize = 16;
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
        }
        this.bufBlock = new byte[z5 ? 16 : this.macSize + 16];
        if (iv == null || iv.length < 1) {
            throw new IllegalArgumentException("IV must be at least 1 byte");
        }
        if (z5 && (bArr = this.nonce) != null && Arrays.areEqual(bArr, iv)) {
            if (keyParameter == null) {
                throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
            }
            byte[] bArr2 = this.lastKey;
            if (bArr2 != null && Arrays.areEqual(bArr2, keyParameter.getKey())) {
                throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
            }
        }
        this.nonce = iv;
        if (keyParameter != null) {
            this.lastKey = keyParameter.getKey();
        }
        if (keyParameter != null) {
            this.cipher.init(true, keyParameter);
            byte[] bArr3 = new byte[16];
            this.f11484H = bArr3;
            this.cipher.processBlock(bArr3, 0, bArr3, 0);
            this.multiplier.init(this.f11484H);
            this.exp = null;
        } else if (this.f11484H == null) {
            throw new IllegalArgumentException("Key must be specified in initial init");
        }
        byte[] bArr4 = new byte[16];
        this.f11485J0 = bArr4;
        byte[] bArr5 = this.nonce;
        if (bArr5.length == 12) {
            System.arraycopy(bArr5, 0, bArr4, 0, bArr5.length);
            this.f11485J0[15] = 1;
        } else {
            gHASH(bArr4, bArr5, bArr5.length);
            byte[] bArr6 = new byte[16];
            Pack.longToBigEndian(this.nonce.length * 8, bArr6, 8);
            gHASHBlock(this.f11485J0, bArr6);
        }
        this.f11486S = new byte[16];
        this.S_at = new byte[16];
        this.S_atPre = new byte[16];
        this.atBlock = new byte[16];
        this.atBlockPos = 0;
        this.atLength = 0L;
        this.atLengthPre = 0L;
        this.counter = Arrays.clone(this.f11485J0);
        this.blocksRemaining = -2;
        this.bufOff = 0;
        this.totalLength = 0L;
        byte[] bArr7 = this.initialAssociatedText;
        if (bArr7 != null) {
            processAADBytes(bArr7, 0, bArr7.length);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADByte(byte b5) {
        checkStatus();
        byte[] bArr = this.atBlock;
        int i5 = this.atBlockPos;
        bArr[i5] = b5;
        int i6 = i5 + 1;
        this.atBlockPos = i6;
        if (i6 == 16) {
            gHASHBlock(this.S_at, bArr);
            this.atBlockPos = 0;
            this.atLength += 16;
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i5, int i6) {
        checkStatus();
        int i7 = this.atBlockPos;
        if (i7 > 0) {
            int i8 = 16 - i7;
            if (i6 < i8) {
                System.arraycopy(bArr, i5, this.atBlock, i7, i6);
                this.atBlockPos += i6;
                return;
            } else {
                System.arraycopy(bArr, i5, this.atBlock, i7, i8);
                gHASHBlock(this.S_at, this.atBlock);
                this.atLength += 16;
                i5 += i8;
                i6 -= i8;
            }
        }
        int i9 = i6 + i5;
        int i10 = i9 - 16;
        while (i5 <= i10) {
            gHASHBlock(this.S_at, bArr, i5);
            this.atLength += 16;
            i5 += 16;
        }
        int i11 = i9 - i5;
        this.atBlockPos = i11;
        System.arraycopy(bArr, i5, this.atBlock, 0, i11);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b5, byte[] bArr, int i5) {
        checkStatus();
        byte[] bArr2 = this.bufBlock;
        int i6 = this.bufOff;
        bArr2[i6] = b5;
        int i7 = i6 + 1;
        this.bufOff = i7;
        if (i7 != bArr2.length) {
            return 0;
        }
        if (this.forEncryption) {
            encryptBlock(bArr2, 0, bArr, i5);
            this.bufOff = 0;
        } else {
            decryptBlock(bArr2, 0, bArr, i5);
            byte[] bArr3 = this.bufBlock;
            System.arraycopy(bArr3, 16, bArr3, 0, this.macSize);
            this.bufOff = this.macSize;
        }
        return 16;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i5, int i6, byte[] bArr2, int i7) {
        int i8;
        checkStatus();
        if (bArr.length - i5 < i6) {
            throw new DataLengthException("Input buffer too short");
        }
        int i9 = 16;
        if (this.forEncryption) {
            int i10 = this.bufOff;
            if (i10 > 0) {
                int i11 = 16 - i10;
                if (i6 < i11) {
                    System.arraycopy(bArr, i5, this.bufBlock, i10, i6);
                    this.bufOff += i6;
                    return 0;
                }
                System.arraycopy(bArr, i5, this.bufBlock, i10, i11);
                encryptBlock(this.bufBlock, 0, bArr2, i7);
                i5 += i11;
                i6 -= i11;
            } else {
                i9 = 0;
            }
            int i12 = i6 + i5;
            int i13 = i12 - 16;
            while (i5 <= i13) {
                encryptBlock(bArr, i5, bArr2, i7 + i9);
                i5 += 16;
                i9 += 16;
            }
            int i14 = i12 - i5;
            this.bufOff = i14;
            System.arraycopy(bArr, i5, this.bufBlock, 0, i14);
            return i9;
        }
        byte[] bArr3 = this.bufBlock;
        int length = bArr3.length;
        int i15 = this.bufOff;
        int i16 = length - i15;
        if (i6 < i16) {
            System.arraycopy(bArr, i5, bArr3, i15, i6);
            this.bufOff += i6;
            return 0;
        }
        if (i15 >= 16) {
            decryptBlock(bArr3, 0, bArr2, i7);
            byte[] bArr4 = this.bufBlock;
            int i17 = this.bufOff - 16;
            this.bufOff = i17;
            System.arraycopy(bArr4, 16, bArr4, 0, i17);
            if (i6 < i16 + 16) {
                System.arraycopy(bArr, i5, this.bufBlock, this.bufOff, i6);
                this.bufOff += i6;
                return 16;
            }
            i8 = 16;
        } else {
            i8 = 0;
        }
        byte[] bArr5 = this.bufBlock;
        int length2 = (i6 + i5) - bArr5.length;
        int i18 = this.bufOff;
        int i19 = 16 - i18;
        System.arraycopy(bArr, i5, bArr5, i18, i19);
        decryptBlock(this.bufBlock, 0, bArr2, i7 + i8);
        int i20 = i5 + i19;
        i9 = i8 + 16;
        while (i20 <= length2) {
            decryptBlock(bArr, i20, bArr2, i7 + i9);
            i20 += 16;
            i9 += 16;
        }
        byte[] bArr6 = this.bufBlock;
        int length3 = (bArr6.length + length2) - i20;
        this.bufOff = length3;
        System.arraycopy(bArr, i20, bArr6, 0, length3);
        return i9;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void reset() {
        reset(true);
    }
}
