package org.bouncycastle.crypto.modes;

import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.ExceptionMessages;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.NativeServices;
import org.bouncycastle.crypto.PacketCipherException;
import org.bouncycastle.crypto.engines.AESNativeGCMSIVPacketCipher;
import org.bouncycastle.crypto.engines.AESPacketCipher;
import org.bouncycastle.crypto.modes.gcm.GCMUtil;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;
import org.springframework.asm.Opcodes;

/* loaded from: input_file:BOOT-INF/lib/bcprov-lts8on-2.73.7.jar:org/bouncycastle/crypto/modes/AESGCMSIVPacketCipher.class */
public class AESGCMSIVPacketCipher implements AESGCMSIVModePacketCipher {
    private static final int HALFBUFLEN = 8;
    private static final int MAX_DATALEN = 2147483623;
    private static final byte MASK = Byte.MIN_VALUE;
    private static final byte ADD = -31;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/bcprov-lts8on-2.73.7.jar:org/bouncycastle/crypto/modes/AESGCMSIVPacketCipher$GCMSIVHasher.class */
    public static class GCMSIVHasher {
        private final byte[] theBuffer;
        private int numActive;
        private long numHashed;

        private GCMSIVHasher() {
            this.theBuffer = new byte[16];
        }

        long getBytesProcessed() {
            return this.numHashed;
        }

        void updateHash(byte[] bArr, int i, int i2, byte[] bArr2, byte[] bArr3, long[][] jArr) {
            int i3 = 16 - this.numActive;
            int i4 = 0;
            int i5 = i2;
            if (this.numActive > 0 && i2 >= i3) {
                System.arraycopy(bArr, i, this.theBuffer, this.numActive, i3);
                AESGCMSIVPacketCipher.fillReverse(this.theBuffer, 0, 16, bArr2);
                AESGCMSIVPacketCipher.gHASH(bArr2, bArr3, jArr);
                i4 = 0 + i3;
                i5 -= i3;
                this.numActive = 0;
            }
            while (i5 >= 16) {
                AESGCMSIVPacketCipher.fillReverse(bArr, i + i4, 16, bArr2);
                AESGCMSIVPacketCipher.gHASH(bArr2, bArr3, jArr);
                i4 += 16;
                i5 -= 16;
            }
            if (i5 > 0) {
                System.arraycopy(bArr, i + i4, this.theBuffer, this.numActive, i5);
                this.numActive += i5;
            }
            this.numHashed += i2;
        }

        void completeHash(byte[] bArr, byte[] bArr2, long[][] jArr) {
            if (this.numActive > 0) {
                Arrays.fill(bArr, (byte) 0);
                AESGCMSIVPacketCipher.fillReverse(this.theBuffer, 0, this.numActive, bArr);
                AESGCMSIVPacketCipher.gHASH(bArr, bArr2, jArr);
            }
        }
    }

    public static AESGCMSIVModePacketCipher newInstance() {
        return CryptoServicesRegistrar.hasEnabledService(NativeServices.AES_GCMSIV_PC) ? new AESNativeGCMSIVPacketCipher() : new AESGCMSIVPacketCipher();
    }

    @Override // org.bouncycastle.crypto.PacketCipher
    public int getOutputSize(boolean z, CipherParameters cipherParameters, int i) {
        if (i < 0) {
            throw new IllegalArgumentException(ExceptionMessages.LEN_NEGATIVE);
        }
        if (z) {
            return PacketCipherChecks.addCheckInputOverflow(i, 16);
        }
        if (i < 16) {
            throw new DataLengthException(ExceptionMessages.LEN_PARAMETER_INVALID);
        }
        checkParameters(cipherParameters);
        return i - 16;
    }

    @Override // org.bouncycastle.crypto.PacketCipher
    public int processPacket(boolean z, CipherParameters cipherParameters, byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws PacketCipherException {
        byte[] clone;
        byte[] clone2;
        PacketCipherChecks.checkBoundsInput(bArr, i, i2, bArr2, i3);
        PacketCipherChecks.checkInputAndOutputAEAD(z, bArr, i, i2, bArr2, i3, 16);
        byte[] bArr3 = new byte[16];
        byte[] bArr4 = new byte[16];
        GCMSIVHasher gCMSIVHasher = new GCMSIVHasher();
        GCMSIVHasher gCMSIVHasher2 = new GCMSIVHasher();
        byte[] bArr5 = null;
        long[][] jArr = new long[256][2];
        byte[] bArr6 = new byte[16];
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            bArr5 = aEADParameters.getAssociatedText();
            clone = aEADParameters.getNonce();
            PacketCipherChecks.checkKeyLengthExclude192(aEADParameters.getKey().getKeyLength());
            clone2 = Arrays.clone(aEADParameters.getKey().getKey());
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw PacketCipherException.from(new IllegalArgumentException(ExceptionMessages.GCM_SIV_INVALID_PARAMETER));
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            clone = Arrays.clone(parametersWithIV.getIV());
            PacketCipherChecks.checkKeyLengthExclude192(((KeyParameter) parametersWithIV.getParameters()).getKeyLength());
            clone2 = Arrays.clone(((KeyParameter) parametersWithIV.getParameters()).getKey());
        }
        if (clone == null || clone.length != 12) {
            throw PacketCipherException.from(new IllegalArgumentException(ExceptionMessages.GCM_SIV_IV_SIZE));
        }
        byte[] createS = AESPacketCipher.createS(true);
        int[][] generateWorkingKey = AESPacketCipher.generateWorkingKey(true, clone2);
        byte[] bArr7 = new byte[clone2.length];
        int i4 = z ? i2 + 16 : i2 - 16;
        try {
            try {
                System.arraycopy(clone, 0, bArr3, 4, 12);
                deriveKey(generateWorkingKey, createS, bArr3, bArr4, bArr6, 0);
                bArr3[0] = (byte) (bArr3[0] + 1);
                int deriveKey = deriveKey(generateWorkingKey, createS, bArr3, bArr4, bArr7, 0);
                if (bArr7.length == 32) {
                    bArr3[0] = (byte) (bArr3[0] + 1);
                    deriveKey(generateWorkingKey, createS, bArr3, bArr4, bArr7, deriveKey + 8);
                }
                PacketCipherChecks.checkKeyLength(bArr7.length);
                Arrays.clear(generateWorkingKey);
                Arrays.clear(createS);
                createS = AESPacketCipher.createS(true);
                generateWorkingKey = AESPacketCipher.generateWorkingKey(true, bArr7);
                fillReverse(bArr6, 0, 16, bArr4);
                mulX(bArr4);
                initMultiplier(jArr, bArr4);
                Arrays.fill(bArr3, (byte) 0);
                if (bArr5 != null) {
                    gCMSIVHasher.updateHash(bArr5, 0, bArr5.length, bArr4, bArr3, jArr);
                }
                gCMSIVHasher.completeHash(bArr4, bArr3, jArr);
                long j = 2147483623;
                if (!z) {
                    j = 2147483623 + 16;
                }
                if (i2 - Long.MIN_VALUE > (j - i2) - Long.MIN_VALUE) {
                    throw PacketCipherException.from(new IllegalStateException("byte count exceeded"));
                }
                if (z) {
                    gCMSIVHasher2.updateHash(bArr, i, i2, bArr4, bArr3, jArr);
                    byte[] calculateTag = calculateTag(gCMSIVHasher2, gCMSIVHasher, bArr4, bArr3, jArr, clone, generateWorkingKey, createS);
                    encryptPlain(bArr, i, i2, calculateTag, bArr2, i3, generateWorkingKey, createS);
                    System.arraycopy(calculateTag, 0, bArr2, i3 + i2, 16);
                } else {
                    decryptPlain(gCMSIVHasher2, gCMSIVHasher, bArr, i, i2, bArr2, i3, clone, bArr4, bArr3, jArr, generateWorkingKey, createS);
                }
                return i4;
            } catch (Throwable th) {
                Arrays.clear(bArr2, i3, Math.min(bArr2.length - i3, i4));
                throw PacketCipherException.from(th);
            }
        } finally {
            Arrays.clear(generateWorkingKey);
            Arrays.clear(bArr3);
            Arrays.clear(bArr4);
            Arrays.clear(clone);
            Arrays.clear(clone2);
            Arrays.clear(createS);
        }
    }

    private static int deriveKey(int[][] iArr, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i) {
        AESPacketCipher.processBlock(true, iArr, bArr, bArr2, 0, bArr3, 0);
        System.arraycopy(bArr3, 0, bArr4, i, 8);
        bArr2[0] = (byte) (bArr2[0] + 1);
        int i2 = i + 8;
        AESPacketCipher.processBlock(true, iArr, bArr, bArr2, 0, bArr3, 0);
        System.arraycopy(bArr3, 0, bArr4, i2, 8);
        return i2;
    }

    private static byte[] calculateTag(GCMSIVHasher gCMSIVHasher, GCMSIVHasher gCMSIVHasher2, byte[] bArr, byte[] bArr2, long[][] jArr, byte[] bArr3, int[][] iArr, byte[] bArr4) {
        gCMSIVHasher.completeHash(bArr, bArr2, jArr);
        byte[] completePolyVal = completePolyVal(gCMSIVHasher, gCMSIVHasher2, bArr2, jArr);
        byte[] bArr5 = new byte[16];
        for (int i = 0; i < 12; i++) {
            int i2 = i;
            completePolyVal[i2] = (byte) (completePolyVal[i2] ^ bArr3[i]);
        }
        completePolyVal[15] = (byte) (completePolyVal[15] & (-129));
        AESPacketCipher.processBlock(true, iArr, bArr4, completePolyVal, 0, bArr5, 0);
        return bArr5;
    }

    private static byte[] completePolyVal(GCMSIVHasher gCMSIVHasher, GCMSIVHasher gCMSIVHasher2, byte[] bArr, long[][] jArr) {
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[16];
        Pack.longToBigEndian(8 * gCMSIVHasher.getBytesProcessed(), bArr3, 0);
        Pack.longToBigEndian(8 * gCMSIVHasher2.getBytesProcessed(), bArr3, 8);
        gHASH(bArr3, bArr, jArr);
        fillReverse(bArr, 0, 16, bArr2);
        return bArr2;
    }

    private static int encryptPlain(byte[] bArr, int i, int i2, byte[] bArr2, byte[] bArr3, int i3, int[][] iArr, byte[] bArr4) {
        byte[] clone = Arrays.clone(bArr2);
        clone[15] = (byte) (clone[15] | MASK);
        byte[] bArr5 = new byte[16];
        int i4 = i2;
        while (i4 > 0) {
            AESPacketCipher.processBlock(true, iArr, bArr4, clone, 0, bArr5, 0);
            int min = Math.min(16, i4);
            xorBlock(bArr5, bArr, i, min);
            System.arraycopy(bArr5, 0, bArr3, i3, min);
            i4 -= min;
            i += min;
            i3 += min;
            incrementCounter(clone);
        }
        return i2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void fillReverse(byte[] bArr, int i, int i2, byte[] bArr2) {
        int i3 = 0;
        int i4 = 15;
        while (i3 < i2) {
            bArr2[i4] = bArr[i + i3];
            i3++;
            i4--;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void gHASH(byte[] bArr, byte[] bArr2, long[][] jArr) {
        xorBlock(bArr2, bArr);
        mulH(bArr2, jArr);
    }

    protected static void mulH(byte[] bArr, long[][] jArr) {
        long[] jArr2 = jArr[bArr[15] & 255];
        long j = jArr2[0];
        long j2 = jArr2[1];
        for (int i = 14; i >= 0; i--) {
            long[] jArr3 = jArr[bArr[i] & 255];
            long j3 = j2 << 56;
            j2 = jArr3[1] ^ ((j2 >>> 8) | (j << 56));
            j = ((((jArr3[0] ^ (j >>> 8)) ^ j3) ^ (j3 >>> 1)) ^ (j3 >>> 2)) ^ (j3 >>> 7);
        }
        Pack.longToBigEndian(j, bArr, 0);
        Pack.longToBigEndian(j2, bArr, 8);
    }

    private static void xorBlock(byte[] bArr, byte[] bArr2) {
        for (int i = 0; i < 16; i++) {
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] ^ bArr2[i]);
        }
    }

    private static void xorBlock(byte[] bArr, byte[] bArr2, int i, int i2) {
        for (int i3 = 0; i3 < i2; i3++) {
            int i4 = i3;
            bArr[i4] = (byte) (bArr[i4] ^ bArr2[i3 + i]);
        }
    }

    private static void mulX(byte[] bArr) {
        int i = 0;
        for (int i2 = 0; i2 < 16; i2++) {
            byte b = bArr[i2];
            bArr[i2] = (byte) (((b >> 1) & Opcodes.LAND) | i);
            i = (b & 1) == 0 ? 0 : MASK;
        }
        if (i != 0) {
            bArr[0] = (byte) (bArr[0] ^ ADD);
        }
    }

    private static void decryptPlain(GCMSIVHasher gCMSIVHasher, GCMSIVHasher gCMSIVHasher2, byte[] bArr, int i, int i2, byte[] bArr2, int i3, byte[] bArr3, byte[] bArr4, byte[] bArr5, long[][] jArr, int[][] iArr, byte[] bArr6) throws PacketCipherException {
        int i4 = i2 - 16;
        byte[] copyOfRange = Arrays.copyOfRange(bArr, i4 + i, i4 + i + 16);
        byte[] clone = Arrays.clone(copyOfRange);
        clone[15] = (byte) (clone[15] | MASK);
        byte[] bArr7 = new byte[16];
        int i5 = i;
        while (i4 > 0) {
            AESPacketCipher.processBlock(true, iArr, bArr6, clone, 0, bArr7, 0);
            int min = Math.min(16, i4);
            xorBlock(bArr7, bArr, i5, min);
            System.arraycopy(bArr7, 0, bArr2, i3, min);
            gCMSIVHasher.updateHash(bArr7, 0, min, bArr4, bArr5, jArr);
            i4 -= min;
            i5 += min;
            i3 += min;
            incrementCounter(clone);
        }
        if (!Arrays.constantTimeAreEqual(calculateTag(gCMSIVHasher, gCMSIVHasher2, bArr4, bArr5, jArr, bArr3, iArr, bArr6), copyOfRange)) {
            throw PacketCipherException.from(new InvalidCipherTextException("mac check failed"));
        }
    }

    protected static void initMultiplier(long[][] jArr, byte[] bArr) {
        GCMUtil.asLongs(bArr, jArr[1]);
        GCMUtil.multiplyP7(jArr[1], jArr[1]);
        for (int i = 2; i < 256; i += 2) {
            GCMUtil.divideP(jArr[i >> 1], jArr[i]);
            GCMUtil.xor(jArr[i], jArr[1], jArr[i + 1]);
        }
    }

    private static void incrementCounter(byte[] bArr) {
        for (int i = 0; i < 4; i++) {
            int i2 = i;
            byte b = (byte) (bArr[i2] + 1);
            bArr[i2] = b;
            if (b != 0) {
                return;
            }
        }
    }

    public String toString() {
        return "GCMSIV-PS[Java](AES[Java])";
    }
}
