package org.spongycastle.crypto.modes;

import org.spongycastle.crypto.BlockCipher;
import org.spongycastle.crypto.CipherParameters;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.OutputLengthException;
import org.spongycastle.crypto.modes.gcm.GCMExponentiator;
import org.spongycastle.crypto.modes.gcm.GCMMultiplier;
import org.spongycastle.crypto.modes.gcm.GCMUtil;
import org.spongycastle.crypto.modes.gcm.Tables1kGCMExponentiator;
import org.spongycastle.crypto.modes.gcm.Tables8kGCMMultiplier;
import org.spongycastle.crypto.params.AEADParameters;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.Pack;

/* loaded from: classes10.dex */
public class GCMBlockCipher implements AEADBlockCipher {
    public static final int v = 16;

    /* renamed from: a, reason: collision with root package name */
    public BlockCipher f71818a;

    /* renamed from: b, reason: collision with root package name */
    public GCMMultiplier f71819b;

    /* renamed from: c, reason: collision with root package name */
    public GCMExponentiator f71820c;

    /* renamed from: d, reason: collision with root package name */
    public boolean f71821d;

    /* renamed from: e, reason: collision with root package name */
    public int f71822e;

    /* renamed from: f, reason: collision with root package name */
    public byte[] f71823f;

    /* renamed from: g, reason: collision with root package name */
    public byte[] f71824g;

    /* renamed from: h, reason: collision with root package name */
    public byte[] f71825h;

    /* renamed from: i, reason: collision with root package name */
    public byte[] f71826i;

    /* renamed from: j, reason: collision with root package name */
    public byte[] f71827j;

    /* renamed from: k, reason: collision with root package name */
    public byte[] f71828k;

    /* renamed from: l, reason: collision with root package name */
    public byte[] f71829l;
    public byte[] m;
    public byte[] n;
    public byte[] o;
    public int p;
    public long q;
    public byte[] r;
    public int s;
    public long t;
    public long u;

    public GCMBlockCipher(BlockCipher blockCipher) {
        this(blockCipher, null);
    }

    public GCMBlockCipher(BlockCipher blockCipher, GCMMultiplier gCMMultiplier) {
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("cipher required with a block size of 16.");
        }
        gCMMultiplier = gCMMultiplier == null ? new Tables8kGCMMultiplier() : gCMMultiplier;
        this.f71818a = blockCipher;
        this.f71819b = gCMMultiplier;
    }

    private void a(boolean z) {
        this.f71818a.reset();
        this.f71829l = new byte[16];
        this.m = new byte[16];
        this.n = new byte[16];
        this.r = new byte[16];
        this.s = 0;
        this.t = 0L;
        this.u = 0L;
        this.o = Arrays.clone(this.f71826i);
        this.p = 0;
        this.q = 0L;
        byte[] bArr = this.f71827j;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
        if (z) {
            this.f71828k = null;
        }
        byte[] bArr2 = this.f71824g;
        if (bArr2 != null) {
            processAADBytes(bArr2, 0, bArr2.length);
        }
    }

    private void a(byte[] bArr, int i2) {
        if (bArr.length < i2 + 16) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (this.q == 0) {
            b();
        }
        a(this.f71827j, bArr, i2);
        if (this.f71821d) {
            this.p = 0;
            return;
        }
        byte[] bArr2 = this.f71827j;
        System.arraycopy(bArr2, 16, bArr2, 0, this.f71822e);
        this.p = this.f71822e;
    }

    private void a(byte[] bArr, int i2, int i3, byte[] bArr2, int i4) {
        byte[] a2 = a();
        GCMUtil.xor(a2, bArr, i2, i3);
        System.arraycopy(a2, 0, bArr2, i4, i3);
        byte[] bArr3 = this.f71829l;
        if (this.f71821d) {
            bArr = a2;
        }
        a(bArr3, bArr, 0, i3);
        this.q += i3;
    }

    private void a(byte[] bArr, byte[] bArr2) {
        GCMUtil.xor(bArr, bArr2);
        this.f71819b.multiplyH(bArr);
    }

    private void a(byte[] bArr, byte[] bArr2, int i2) {
        byte[] a2 = a();
        GCMUtil.xor(a2, bArr);
        System.arraycopy(a2, 0, bArr2, i2, 16);
        byte[] bArr3 = this.f71829l;
        if (this.f71821d) {
            bArr = a2;
        }
        a(bArr3, bArr);
        this.q += 16;
    }

    private void a(byte[] bArr, byte[] bArr2, int i2, int i3) {
        GCMUtil.xor(bArr, bArr2, i2, i3);
        this.f71819b.multiplyH(bArr);
    }

    private byte[] a() {
        byte[] bArr = this.o;
        int i2 = (bArr[15] & 255) + 1;
        bArr[15] = (byte) i2;
        int i3 = (i2 >>> 8) + (bArr[14] & 255);
        bArr[14] = (byte) i3;
        int i4 = (i3 >>> 8) + (bArr[13] & 255);
        bArr[13] = (byte) i4;
        bArr[12] = (byte) ((i4 >>> 8) + (bArr[12] & 255));
        byte[] bArr2 = new byte[16];
        this.f71818a.processBlock(bArr, 0, bArr2, 0);
        return bArr2;
    }

    private void b() {
        if (this.t > 0) {
            System.arraycopy(this.m, 0, this.n, 0, 16);
            this.u = this.t;
        }
        int i2 = this.s;
        if (i2 > 0) {
            a(this.n, this.r, 0, i2);
            this.u += this.s;
        }
        if (this.u > 0) {
            System.arraycopy(this.n, 0, this.f71829l, 0, 16);
        }
    }

    private void b(byte[] bArr, byte[] bArr2, int i2) {
        for (int i3 = 0; i3 < i2; i3 += 16) {
            a(bArr, bArr2, i3, Math.min(i2 - i3, 16));
        }
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int doFinal(byte[] bArr, int i2) throws IllegalStateException, InvalidCipherTextException {
        if (this.q == 0) {
            b();
        }
        int i3 = this.p;
        if (!this.f71821d) {
            int i4 = this.f71822e;
            if (i3 < i4) {
                throw new InvalidCipherTextException("data too short");
            }
            i3 -= i4;
            if (bArr.length < i2 + i3) {
                throw new OutputLengthException("Output buffer too short");
            }
        } else if (bArr.length < i2 + i3 + this.f71822e) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (i3 > 0) {
            a(this.f71827j, 0, i3, bArr, i2);
        }
        long j2 = this.t;
        int i5 = this.s;
        this.t = j2 + i5;
        if (this.t > this.u) {
            if (i5 > 0) {
                a(this.m, this.r, 0, i5);
            }
            if (this.u > 0) {
                GCMUtil.xor(this.m, this.n);
            }
            long j3 = ((this.q * 8) + 127) >>> 7;
            byte[] bArr2 = new byte[16];
            if (this.f71820c == null) {
                this.f71820c = new Tables1kGCMExponentiator();
                this.f71820c.init(this.f71825h);
            }
            this.f71820c.exponentiateX(j3, bArr2);
            GCMUtil.multiply(this.m, bArr2);
            GCMUtil.xor(this.f71829l, this.m);
        }
        byte[] bArr3 = new byte[16];
        Pack.longToBigEndian(this.t * 8, bArr3, 0);
        Pack.longToBigEndian(this.q * 8, bArr3, 8);
        a(this.f71829l, bArr3);
        byte[] bArr4 = new byte[16];
        this.f71818a.processBlock(this.f71826i, 0, bArr4, 0);
        GCMUtil.xor(bArr4, this.f71829l);
        int i6 = this.f71822e;
        this.f71828k = new byte[i6];
        System.arraycopy(bArr4, 0, this.f71828k, 0, i6);
        if (this.f71821d) {
            System.arraycopy(this.f71828k, 0, bArr, i2 + this.p, this.f71822e);
            i3 += this.f71822e;
        } else {
            int i7 = this.f71822e;
            byte[] bArr5 = new byte[i7];
            System.arraycopy(this.f71827j, i3, bArr5, 0, i7);
            if (!Arrays.constantTimeAreEqual(this.f71828k, bArr5)) {
                throw new InvalidCipherTextException("mac check in GCM failed");
            }
        }
        a(false);
        return i3;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public String getAlgorithmName() {
        return this.f71818a.getAlgorithmName() + "/GCM";
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public byte[] getMac() {
        return Arrays.clone(this.f71828k);
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int getOutputSize(int i2) {
        int i3 = i2 + this.p;
        if (this.f71821d) {
            return i3 + this.f71822e;
        }
        int i4 = this.f71822e;
        if (i3 < i4) {
            return 0;
        }
        return i3 - i4;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public BlockCipher getUnderlyingCipher() {
        return this.f71818a;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int getUpdateOutputSize(int i2) {
        int i3 = i2 + this.p;
        if (!this.f71821d) {
            int i4 = this.f71822e;
            if (i3 < i4) {
                return 0;
            }
            i3 -= i4;
        }
        return i3 - (i3 % 16);
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public void init(boolean z, CipherParameters cipherParameters) throws IllegalArgumentException {
        KeyParameter keyParameter;
        this.f71821d = z;
        this.f71828k = null;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            this.f71823f = aEADParameters.getNonce();
            this.f71824g = aEADParameters.getAssociatedText();
            int macSize = aEADParameters.getMacSize();
            if (macSize < 32 || macSize > 128 || macSize % 8 != 0) {
                throw new IllegalArgumentException("Invalid value for MAC size: " + macSize);
            }
            this.f71822e = macSize / 8;
            keyParameter = aEADParameters.getKey();
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to GCM");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            this.f71823f = parametersWithIV.getIV();
            this.f71824g = null;
            this.f71822e = 16;
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
        }
        this.f71827j = new byte[z ? 16 : this.f71822e + 16];
        byte[] bArr = this.f71823f;
        if (bArr == null || bArr.length < 1) {
            throw new IllegalArgumentException("IV must be at least 1 byte");
        }
        if (keyParameter != null) {
            this.f71818a.init(true, keyParameter);
            this.f71825h = new byte[16];
            BlockCipher blockCipher = this.f71818a;
            byte[] bArr2 = this.f71825h;
            blockCipher.processBlock(bArr2, 0, bArr2, 0);
            this.f71819b.init(this.f71825h);
            this.f71820c = null;
        } else if (this.f71825h == null) {
            throw new IllegalArgumentException("Key must be specified in initial init");
        }
        this.f71826i = new byte[16];
        byte[] bArr3 = this.f71823f;
        if (bArr3.length == 12) {
            System.arraycopy(bArr3, 0, this.f71826i, 0, bArr3.length);
            this.f71826i[15] = 1;
        } else {
            b(this.f71826i, bArr3, bArr3.length);
            byte[] bArr4 = new byte[16];
            Pack.longToBigEndian(this.f71823f.length * 8, bArr4, 8);
            a(this.f71826i, bArr4);
        }
        this.f71829l = new byte[16];
        this.m = new byte[16];
        this.n = new byte[16];
        this.r = new byte[16];
        this.s = 0;
        this.t = 0L;
        this.u = 0L;
        this.o = Arrays.clone(this.f71826i);
        this.p = 0;
        this.q = 0L;
        byte[] bArr5 = this.f71824g;
        if (bArr5 != null) {
            processAADBytes(bArr5, 0, bArr5.length);
        }
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public void processAADByte(byte b2) {
        byte[] bArr = this.r;
        int i2 = this.s;
        bArr[i2] = b2;
        int i3 = i2 + 1;
        this.s = i3;
        if (i3 == 16) {
            a(this.m, bArr);
            this.s = 0;
            this.t += 16;
        }
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public void processAADBytes(byte[] bArr, int i2, int i3) {
        for (int i4 = 0; i4 < i3; i4++) {
            byte[] bArr2 = this.r;
            int i5 = this.s;
            bArr2[i5] = bArr[i2 + i4];
            int i6 = i5 + 1;
            this.s = i6;
            if (i6 == 16) {
                a(this.m, bArr2);
                this.s = 0;
                this.t += 16;
            }
        }
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int processByte(byte b2, byte[] bArr, int i2) throws DataLengthException {
        byte[] bArr2 = this.f71827j;
        int i3 = this.p;
        bArr2[i3] = b2;
        int i4 = i3 + 1;
        this.p = i4;
        if (i4 != bArr2.length) {
            return 0;
        }
        a(bArr, i2);
        return 16;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int processBytes(byte[] bArr, int i2, int i3, byte[] bArr2, int i4) throws DataLengthException {
        if (bArr.length < i2 + i3) {
            throw new DataLengthException("Input buffer too short");
        }
        int i5 = 0;
        for (int i6 = 0; i6 < i3; i6++) {
            byte[] bArr3 = this.f71827j;
            int i7 = this.p;
            bArr3[i7] = bArr[i2 + i6];
            int i8 = i7 + 1;
            this.p = i8;
            if (i8 == bArr3.length) {
                a(bArr2, i4 + i5);
                i5 += 16;
            }
        }
        return i5;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public void reset() {
        a(true);
    }
}
