package org.bouncycastle.crypto.tls;

import java.io.IOException;
import org.bouncycastle.crypto.Mac;
import org.bouncycastle.crypto.engines.ChaChaEngine;
import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
import org.bouncycastle.crypto.macs.Poly1305;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes9.dex */
public class Chacha20Poly1305 implements TlsCipher {
    protected TlsContext context;
    protected ChaChaEngine decryptCipher;
    protected ChaChaEngine encryptCipher;

    public Chacha20Poly1305(TlsContext tlsContext) throws IOException {
        if (!TlsUtils.isTLSv12(tlsContext)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.context = tlsContext;
        byte[] calculateKeyBlock = TlsUtils.calculateKeyBlock(tlsContext, 64);
        KeyParameter keyParameter = new KeyParameter(calculateKeyBlock, 0, 32);
        KeyParameter keyParameter2 = new KeyParameter(calculateKeyBlock, 32, 32);
        this.encryptCipher = new ChaChaEngine(20);
        this.decryptCipher = new ChaChaEngine(20);
        if (tlsContext.isServer()) {
            keyParameter2 = keyParameter;
            keyParameter = keyParameter2;
        }
        byte[] bArr = new byte[8];
        this.encryptCipher.init(true, new ParametersWithIV(keyParameter, bArr));
        this.decryptCipher.init(false, new ParametersWithIV(keyParameter2, bArr));
    }

    protected byte[] calculateRecordMAC(KeyParameter keyParameter, byte[] bArr, byte[] bArr2, int i10, int i11) {
        Poly1305 poly1305 = new Poly1305();
        poly1305.init(keyParameter);
        updateRecordMAC(poly1305, bArr, 0, bArr.length);
        updateRecordMAC(poly1305, bArr2, i10, i11);
        byte[] bArr3 = new byte[poly1305.getMacSize()];
        poly1305.doFinal(bArr3, 0);
        return bArr3;
    }

    @Override // org.bouncycastle.crypto.tls.TlsCipher
    public byte[] decodeCiphertext(long j10, short s10, byte[] bArr, int i10, int i11) throws IOException {
        if (getPlaintextLimit(i11) < 0) {
            throw new TlsFatalAlert((short) 50);
        }
        int i12 = i11 - 16;
        if (!Arrays.constantTimeAreEqual(calculateRecordMAC(initRecordMAC(this.decryptCipher, false, j10), getAdditionalData(j10, s10, i12), bArr, i10, i12), Arrays.copyOfRange(bArr, i10 + i12, i11 + i10))) {
            throw new TlsFatalAlert((short) 20);
        }
        byte[] bArr2 = new byte[i12];
        this.decryptCipher.processBytes(bArr, i10, i12, bArr2, 0);
        return bArr2;
    }

    @Override // org.bouncycastle.crypto.tls.TlsCipher
    public byte[] encodePlaintext(long j10, short s10, byte[] bArr, int i10, int i11) throws IOException {
        KeyParameter initRecordMAC = initRecordMAC(this.encryptCipher, true, j10);
        byte[] bArr2 = new byte[i11 + 16];
        this.encryptCipher.processBytes(bArr, i10, i11, bArr2, 0);
        byte[] calculateRecordMAC = calculateRecordMAC(initRecordMAC, getAdditionalData(j10, s10, i11), bArr2, 0, i11);
        System.arraycopy(calculateRecordMAC, 0, bArr2, i11, calculateRecordMAC.length);
        return bArr2;
    }

    protected byte[] getAdditionalData(long j10, short s10, int i10) throws IOException {
        byte[] bArr = new byte[13];
        TlsUtils.writeUint64(j10, bArr, 0);
        TlsUtils.writeUint8(s10, bArr, 8);
        TlsUtils.writeVersion(this.context.getServerVersion(), bArr, 9);
        TlsUtils.writeUint16(i10, bArr, 11);
        return bArr;
    }

    @Override // org.bouncycastle.crypto.tls.TlsCipher
    public int getPlaintextLimit(int i10) {
        return i10 - 16;
    }

    protected KeyParameter initRecordMAC(ChaChaEngine chaChaEngine, boolean z10, long j10) {
        byte[] bArr = new byte[8];
        TlsUtils.writeUint64(j10, bArr, 0);
        chaChaEngine.init(z10, new ParametersWithIV(null, bArr));
        byte[] bArr2 = new byte[64];
        chaChaEngine.processBytes(bArr2, 0, 64, bArr2, 0);
        System.arraycopy(bArr2, 0, bArr2, 32, 16);
        KeyParameter keyParameter = new KeyParameter(bArr2, 16, 32);
        Poly1305KeyGenerator.clamp(keyParameter.getKey());
        return keyParameter;
    }

    protected void updateRecordMAC(Mac mac, byte[] bArr, int i10, int i11) {
        mac.update(bArr, i10, i11);
        byte[] longToLittleEndian = Pack.longToLittleEndian(i11 & 4294967295L);
        mac.update(longToLittleEndian, 0, longToLittleEndian.length);
    }
}
