package org.spongycastle.crypto.engines;

import org.spongycastle.crypto.CipherParameters;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.MaxBytesExceededException;
import org.spongycastle.crypto.OutputLengthException;
import org.spongycastle.crypto.SkippingStreamCipher;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.util.Pack;
import org.spongycastle.util.Strings;

/* loaded from: classes8.dex */
public class Salsa20Engine implements SkippingStreamCipher {
    public static final int DEFAULT_ROUNDS = 20;
    private static final int STATE_SIZE = 16;
    protected static final byte[] sigma = Strings.toByteArray("expand 32-byte k");
    protected static final byte[] tau = Strings.toByteArray("expand 16-byte k");
    private int cW0;
    private int cW1;
    private int cW2;
    protected int[] engineState;
    private int index;
    private boolean initialised;
    private byte[] keyStream;
    protected int rounds;

    /* renamed from: x, reason: collision with root package name */
    protected int[] f176872x;

    public Salsa20Engine() {
        this(20);
    }

    public Salsa20Engine(int i19) {
        this.index = 0;
        this.engineState = new int[16];
        this.f176872x = new int[16];
        this.keyStream = new byte[64];
        this.initialised = false;
        if (i19 <= 0 || (i19 & 1) != 0) {
            throw new IllegalArgumentException("'rounds' must be a positive, even number");
        }
        this.rounds = i19;
    }

    private boolean limitExceeded() {
        int i19 = this.cW0 + 1;
        this.cW0 = i19;
        if (i19 == 0) {
            int i29 = this.cW1 + 1;
            this.cW1 = i29;
            if (i29 == 0) {
                int i39 = this.cW2 + 1;
                this.cW2 = i39;
                return (i39 & 32) != 0;
            }
        }
        return false;
    }

    private boolean limitExceeded(int i19) {
        int i29 = this.cW0 + i19;
        this.cW0 = i29;
        if (i29 >= i19 || i29 < 0) {
            return false;
        }
        int i39 = this.cW1 + 1;
        this.cW1 = i39;
        if (i39 != 0) {
            return false;
        }
        int i49 = this.cW2 + 1;
        this.cW2 = i49;
        return (i49 & 32) != 0;
    }

    private void resetLimitCounter() {
        this.cW0 = 0;
        this.cW1 = 0;
        this.cW2 = 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int rotl(int i19, int i29) {
        return (i19 >>> (-i29)) | (i19 << i29);
    }

    public static void salsaCore(int i19, int[] iArr, int[] iArr2) {
        if (iArr.length != 16) {
            throw new IllegalArgumentException();
        }
        if (iArr2.length != 16) {
            throw new IllegalArgumentException();
        }
        if (i19 % 2 != 0) {
            throw new IllegalArgumentException("Number of rounds must be even");
        }
        boolean z19 = false;
        int i29 = iArr[0];
        int i39 = iArr[1];
        int i49 = iArr[2];
        int i59 = iArr[3];
        int i69 = iArr[4];
        int i78 = iArr[5];
        int i79 = iArr[6];
        int i88 = 7;
        int i89 = iArr[7];
        int i98 = iArr[8];
        int i99 = 9;
        int i100 = iArr[9];
        int i101 = iArr[10];
        int i102 = iArr[11];
        int i103 = iArr[12];
        int i104 = 13;
        int i105 = iArr[13];
        int i106 = iArr[14];
        int i107 = iArr[15];
        int i108 = i106;
        int i109 = i105;
        int i110 = i103;
        int i111 = i102;
        int i112 = i101;
        int i113 = i100;
        int i114 = i98;
        int i115 = i89;
        int i116 = i79;
        int i117 = i78;
        int i118 = i69;
        int i119 = i59;
        int i120 = i49;
        int i121 = i39;
        int i122 = i29;
        int i123 = i19;
        while (i123 > 0) {
            int rotl = rotl(i122 + i110, i88) ^ i118;
            int rotl2 = i114 ^ rotl(rotl + i122, i99);
            int rotl3 = i110 ^ rotl(rotl2 + rotl, i104);
            int rotl4 = rotl(rotl3 + rotl2, 18) ^ i122;
            int rotl5 = i113 ^ rotl(i117 + i121, i88);
            int rotl6 = i109 ^ rotl(rotl5 + i117, i99);
            int rotl7 = i121 ^ rotl(rotl6 + rotl5, i104);
            int rotl8 = rotl(rotl7 + rotl6, 18) ^ i117;
            int rotl9 = i108 ^ rotl(i112 + i116, 7);
            int rotl10 = i120 ^ rotl(rotl9 + i112, 9);
            int rotl11 = i116 ^ rotl(rotl10 + rotl9, 13);
            int rotl12 = i112 ^ rotl(rotl11 + rotl10, 18);
            int rotl13 = i119 ^ rotl(i107 + i111, 7);
            int rotl14 = i115 ^ rotl(rotl13 + i107, 9);
            int i124 = i123;
            int rotl15 = i111 ^ rotl(rotl14 + rotl13, 13);
            int rotl16 = i107 ^ rotl(rotl15 + rotl14, 18);
            i121 = rotl7 ^ rotl(rotl4 + rotl13, 7);
            i120 = rotl10 ^ rotl(i121 + rotl4, 9);
            int rotl17 = rotl13 ^ rotl(i120 + i121, 13);
            int rotl18 = rotl4 ^ rotl(rotl17 + i120, 18);
            i116 = rotl11 ^ rotl(rotl8 + rotl, 7);
            i115 = rotl14 ^ rotl(i116 + rotl8, 9);
            int rotl19 = rotl(i115 + i116, 13) ^ rotl;
            i117 = rotl8 ^ rotl(rotl19 + i115, 18);
            i111 = rotl15 ^ rotl(rotl12 + rotl5, 7);
            int rotl20 = rotl(i111 + rotl12, 9) ^ rotl2;
            i113 = rotl5 ^ rotl(rotl20 + i111, 13);
            i112 = rotl12 ^ rotl(i113 + rotl20, 18);
            i110 = rotl3 ^ rotl(rotl16 + rotl9, 7);
            i109 = rotl6 ^ rotl(i110 + rotl16, 9);
            i108 = rotl9 ^ rotl(i109 + i110, 13);
            i107 = rotl16 ^ rotl(i108 + i109, 18);
            i119 = rotl17;
            i114 = rotl20;
            i122 = rotl18;
            i118 = rotl19;
            z19 = false;
            i104 = 13;
            i99 = 9;
            i88 = 7;
            i123 = i124 - 2;
        }
        boolean z29 = z19;
        iArr2[z29 ? 1 : 0] = i122 + iArr[z29 ? 1 : 0];
        iArr2[1] = i121 + iArr[1];
        iArr2[2] = i120 + iArr[2];
        iArr2[3] = i119 + iArr[3];
        iArr2[4] = i118 + iArr[4];
        iArr2[5] = i117 + iArr[5];
        iArr2[6] = i116 + iArr[6];
        iArr2[7] = i115 + iArr[7];
        iArr2[8] = i114 + iArr[8];
        iArr2[9] = i113 + iArr[9];
        iArr2[10] = i112 + iArr[10];
        iArr2[11] = i111 + iArr[11];
        iArr2[12] = i110 + iArr[12];
        iArr2[13] = i109 + iArr[13];
        iArr2[14] = i108 + iArr[14];
        iArr2[15] = i107 + iArr[15];
    }

    protected void advanceCounter() {
        int[] iArr = this.engineState;
        int i19 = iArr[8] + 1;
        iArr[8] = i19;
        if (i19 == 0) {
            iArr[9] = iArr[9] + 1;
        }
    }

    protected void advanceCounter(long j19) {
        int i19 = (int) (j19 >>> 32);
        int i29 = (int) j19;
        if (i19 > 0) {
            int[] iArr = this.engineState;
            iArr[9] = iArr[9] + i19;
        }
        int[] iArr2 = this.engineState;
        int i39 = iArr2[8];
        int i49 = i29 + i39;
        iArr2[8] = i49;
        if (i39 == 0 || i49 >= i39) {
            return;
        }
        iArr2[9] = iArr2[9] + 1;
    }

    protected void generateKeyStream(byte[] bArr) {
        salsaCore(this.rounds, this.engineState, this.f176872x);
        Pack.intToLittleEndian(this.f176872x, bArr, 0);
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public String getAlgorithmName() {
        if (this.rounds == 20) {
            return "Salsa20";
        }
        return "Salsa20/" + this.rounds;
    }

    protected long getCounter() {
        int[] iArr = this.engineState;
        return (iArr[9] << 32) | (iArr[8] & 4294967295L);
    }

    protected int getNonceSize() {
        return 8;
    }

    @Override // org.spongycastle.crypto.SkippingCipher
    public long getPosition() {
        return (getCounter() * 64) + this.index;
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public void init(boolean z19, CipherParameters cipherParameters) {
        if (!(cipherParameters instanceof ParametersWithIV)) {
            throw new IllegalArgumentException(getAlgorithmName() + " Init parameters must include an IV");
        }
        ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
        byte[] iv8 = parametersWithIV.getIV();
        if (iv8 == null || iv8.length != getNonceSize()) {
            throw new IllegalArgumentException(getAlgorithmName() + " requires exactly " + getNonceSize() + " bytes of IV");
        }
        CipherParameters parameters = parametersWithIV.getParameters();
        if (parameters == null) {
            if (!this.initialised) {
                throw new IllegalStateException(getAlgorithmName() + " KeyParameter can not be null for first initialisation");
            }
            setKey(null, iv8);
        } else {
            if (!(parameters instanceof KeyParameter)) {
                throw new IllegalArgumentException(getAlgorithmName() + " Init parameters must contain a KeyParameter (or null for re-init)");
            }
            setKey(((KeyParameter) parameters).getKey(), iv8);
        }
        reset();
        this.initialised = true;
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public int processBytes(byte[] bArr, int i19, int i29, byte[] bArr2, int i39) {
        if (!this.initialised) {
            throw new IllegalStateException(getAlgorithmName() + " not initialised");
        }
        if (i19 + i29 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        if (i39 + i29 > bArr2.length) {
            throw new OutputLengthException("output buffer too short");
        }
        if (limitExceeded(i29)) {
            throw new MaxBytesExceededException("2^70 byte limit per IV would be exceeded; Change IV");
        }
        for (int i49 = 0; i49 < i29; i49++) {
            byte[] bArr3 = this.keyStream;
            int i59 = this.index;
            bArr2[i49 + i39] = (byte) (bArr3[i59] ^ bArr[i49 + i19]);
            int i69 = (i59 + 1) & 63;
            this.index = i69;
            if (i69 == 0) {
                advanceCounter();
                generateKeyStream(this.keyStream);
            }
        }
        return i29;
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public void reset() {
        this.index = 0;
        resetLimitCounter();
        resetCounter();
        generateKeyStream(this.keyStream);
    }

    protected void resetCounter() {
        int[] iArr = this.engineState;
        iArr[9] = 0;
        iArr[8] = 0;
    }

    protected void retreatCounter() {
        int[] iArr = this.engineState;
        int i19 = iArr[8];
        if (i19 == 0 && iArr[9] == 0) {
            throw new IllegalStateException("attempt to reduce counter past zero.");
        }
        int i29 = i19 - 1;
        iArr[8] = i29;
        if (i29 == -1) {
            iArr[9] = iArr[9] - 1;
        }
    }

    protected void retreatCounter(long j19) {
        int i19 = (int) (j19 >>> 32);
        int i29 = (int) j19;
        if (i19 != 0) {
            int[] iArr = this.engineState;
            int i39 = iArr[9];
            if ((i39 & 4294967295L) < (i19 & 4294967295L)) {
                throw new IllegalStateException("attempt to reduce counter past zero.");
            }
            iArr[9] = i39 - i19;
        }
        int[] iArr2 = this.engineState;
        int i49 = iArr2[8];
        if ((i49 & 4294967295L) >= (4294967295L & i29)) {
            iArr2[8] = i49 - i29;
            return;
        }
        int i59 = iArr2[9];
        if (i59 == 0) {
            throw new IllegalStateException("attempt to reduce counter past zero.");
        }
        iArr2[9] = i59 - 1;
        iArr2[8] = i49 - i29;
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public byte returnByte(byte b19) {
        if (limitExceeded()) {
            throw new MaxBytesExceededException("2^70 byte limit per IV; Change IV");
        }
        byte[] bArr = this.keyStream;
        int i19 = this.index;
        byte b29 = (byte) (b19 ^ bArr[i19]);
        int i29 = (i19 + 1) & 63;
        this.index = i29;
        if (i29 == 0) {
            advanceCounter();
            generateKeyStream(this.keyStream);
        }
        return b29;
    }

    @Override // org.spongycastle.crypto.SkippingCipher
    public long seekTo(long j19) {
        reset();
        return skip(j19);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setKey(byte[] bArr, byte[] bArr2) {
        byte[] bArr3;
        if (bArr != null) {
            int i19 = 16;
            if (bArr.length != 16 && bArr.length != 32) {
                throw new IllegalArgumentException(getAlgorithmName() + " requires 128 bit or 256 bit key");
            }
            this.engineState[1] = Pack.littleEndianToInt(bArr, 0);
            this.engineState[2] = Pack.littleEndianToInt(bArr, 4);
            this.engineState[3] = Pack.littleEndianToInt(bArr, 8);
            this.engineState[4] = Pack.littleEndianToInt(bArr, 12);
            if (bArr.length == 32) {
                bArr3 = sigma;
            } else {
                bArr3 = tau;
                i19 = 0;
            }
            this.engineState[11] = Pack.littleEndianToInt(bArr, i19);
            this.engineState[12] = Pack.littleEndianToInt(bArr, i19 + 4);
            this.engineState[13] = Pack.littleEndianToInt(bArr, i19 + 8);
            this.engineState[14] = Pack.littleEndianToInt(bArr, i19 + 12);
            this.engineState[0] = Pack.littleEndianToInt(bArr3, 0);
            this.engineState[5] = Pack.littleEndianToInt(bArr3, 4);
            this.engineState[10] = Pack.littleEndianToInt(bArr3, 8);
            this.engineState[15] = Pack.littleEndianToInt(bArr3, 12);
        }
        this.engineState[6] = Pack.littleEndianToInt(bArr2, 0);
        this.engineState[7] = Pack.littleEndianToInt(bArr2, 4);
    }

    @Override // org.spongycastle.crypto.SkippingCipher
    public long skip(long j19) {
        long j29;
        if (j19 >= 0) {
            if (j19 >= 64) {
                long j39 = j19 / 64;
                advanceCounter(j39);
                j29 = j19 - (j39 * 64);
            } else {
                j29 = j19;
            }
            int i19 = this.index;
            int i29 = (((int) j29) + i19) & 63;
            this.index = i29;
            if (i29 < i19) {
                advanceCounter();
            }
        } else {
            long j49 = -j19;
            if (j49 >= 64) {
                long j59 = j49 / 64;
                retreatCounter(j59);
                j49 -= j59 * 64;
            }
            for (long j69 = 0; j69 < j49; j69++) {
                if (this.index == 0) {
                    retreatCounter();
                }
                this.index = (this.index - 1) & 63;
            }
        }
        generateKeyStream(this.keyStream);
        return j19;
    }
}
