package org.spongycastle.crypto.modes;

import a1.a;
import org.spongycastle.crypto.BlockCipher;
import org.spongycastle.crypto.CipherParameters;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.OutputLengthException;
import org.spongycastle.crypto.modes.gcm.GCMMultiplier;
import org.spongycastle.crypto.modes.gcm.GCMUtil;
import org.spongycastle.crypto.modes.gcm.Tables1kGCMExponentiator;
import org.spongycastle.crypto.modes.gcm.Tables8kGCMMultiplier;
import org.spongycastle.crypto.params.AEADParameters;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.Pack;

/* loaded from: classes7.dex */
public class GCMBlockCipher implements AEADBlockCipher {

    /* renamed from: a, reason: collision with root package name */
    public final BlockCipher f31284a;
    public final GCMMultiplier b;

    /* renamed from: c, reason: collision with root package name */
    public Tables1kGCMExponentiator f31285c;

    /* renamed from: d, reason: collision with root package name */
    public boolean f31286d;

    /* renamed from: e, reason: collision with root package name */
    public int f31287e;

    /* renamed from: f, reason: collision with root package name */
    public byte[] f31288f;

    /* renamed from: g, reason: collision with root package name */
    public byte[] f31289g;

    /* renamed from: h, reason: collision with root package name */
    public byte[] f31290h;

    /* renamed from: i, reason: collision with root package name */
    public byte[] f31291i;

    /* renamed from: j, reason: collision with root package name */
    public byte[] f31292j;

    /* renamed from: k, reason: collision with root package name */
    public byte[] f31293k;
    public byte[] l;
    public byte[] m;
    public byte[] n;

    /* renamed from: o, reason: collision with root package name */
    public byte[] f31294o;

    /* renamed from: p, reason: collision with root package name */
    public int f31295p;

    /* renamed from: q, reason: collision with root package name */
    public long f31296q;

    /* renamed from: r, reason: collision with root package name */
    public byte[] f31297r;

    /* renamed from: s, reason: collision with root package name */
    public int f31298s;

    /* renamed from: t, reason: collision with root package name */
    public long f31299t;

    /* renamed from: u, reason: collision with root package name */
    public long f31300u;

    public GCMBlockCipher(BlockCipher blockCipher) {
        this(blockCipher, null);
    }

    public GCMBlockCipher(BlockCipher blockCipher, GCMMultiplier gCMMultiplier) {
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("cipher required with a block size of 16.");
        }
        gCMMultiplier = gCMMultiplier == null ? new Tables8kGCMMultiplier() : gCMMultiplier;
        this.f31284a = blockCipher;
        this.b = gCMMultiplier;
    }

    public final byte[] a() {
        byte[] bArr = this.f31294o;
        int i10 = (bArr[15] & 255) + 1;
        bArr[15] = (byte) i10;
        int i11 = (i10 >>> 8) + (bArr[14] & 255);
        bArr[14] = (byte) i11;
        int i12 = (i11 >>> 8) + (bArr[13] & 255);
        bArr[13] = (byte) i12;
        bArr[12] = (byte) ((i12 >>> 8) + (bArr[12] & 255));
        byte[] bArr2 = new byte[16];
        this.f31284a.processBlock(bArr, 0, bArr2, 0);
        return bArr2;
    }

    public final void b() {
        if (this.f31299t > 0) {
            System.arraycopy(this.m, 0, this.n, 0, 16);
            this.f31300u = this.f31299t;
        }
        int i10 = this.f31298s;
        if (i10 > 0) {
            byte[] bArr = this.n;
            GCMUtil.xor(bArr, this.f31297r, 0, i10);
            this.b.multiplyH(bArr);
            this.f31300u += this.f31298s;
        }
        if (this.f31300u > 0) {
            System.arraycopy(this.n, 0, this.l, 0, 16);
        }
    }

    public final void c(int i10, byte[] bArr) {
        if (bArr.length < i10 + 16) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (this.f31296q == 0) {
            b();
        }
        byte[] bArr2 = this.f31292j;
        byte[] a10 = a();
        GCMUtil.xor(a10, bArr2);
        System.arraycopy(a10, 0, bArr, i10, 16);
        byte[] bArr3 = this.l;
        if (this.f31286d) {
            bArr2 = a10;
        }
        GCMUtil.xor(bArr3, bArr2);
        this.b.multiplyH(bArr3);
        this.f31296q += 16;
        if (this.f31286d) {
            this.f31295p = 0;
            return;
        }
        byte[] bArr4 = this.f31292j;
        System.arraycopy(bArr4, 16, bArr4, 0, this.f31287e);
        this.f31295p = this.f31287e;
    }

    public final void d(boolean z10) {
        this.f31284a.reset();
        this.l = new byte[16];
        this.m = new byte[16];
        this.n = new byte[16];
        this.f31297r = new byte[16];
        this.f31298s = 0;
        this.f31299t = 0L;
        this.f31300u = 0L;
        this.f31294o = Arrays.clone(this.f31291i);
        this.f31295p = 0;
        this.f31296q = 0L;
        byte[] bArr = this.f31292j;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
        if (z10) {
            this.f31293k = null;
        }
        byte[] bArr2 = this.f31289g;
        if (bArr2 != null) {
            processAADBytes(bArr2, 0, bArr2.length);
        }
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int doFinal(byte[] bArr, int i10) throws IllegalStateException, InvalidCipherTextException {
        if (this.f31296q == 0) {
            b();
        }
        int i11 = this.f31295p;
        if (!this.f31286d) {
            int i12 = this.f31287e;
            if (i11 < i12) {
                throw new InvalidCipherTextException("data too short");
            }
            i11 -= i12;
            if (bArr.length < i10 + i11) {
                throw new OutputLengthException("Output buffer too short");
            }
        } else if (bArr.length < i10 + i11 + this.f31287e) {
            throw new OutputLengthException("Output buffer too short");
        }
        GCMMultiplier gCMMultiplier = this.b;
        if (i11 > 0) {
            byte[] bArr2 = this.f31292j;
            byte[] a10 = a();
            GCMUtil.xor(a10, bArr2, 0, i11);
            System.arraycopy(a10, 0, bArr, i10, i11);
            byte[] bArr3 = this.l;
            if (this.f31286d) {
                bArr2 = a10;
            }
            GCMUtil.xor(bArr3, bArr2, 0, i11);
            gCMMultiplier.multiplyH(bArr3);
            this.f31296q += i11;
        }
        long j10 = this.f31299t;
        int i13 = this.f31298s;
        long j11 = j10 + i13;
        this.f31299t = j11;
        if (j11 > this.f31300u) {
            if (i13 > 0) {
                byte[] bArr4 = this.m;
                GCMUtil.xor(bArr4, this.f31297r, 0, i13);
                gCMMultiplier.multiplyH(bArr4);
            }
            if (this.f31300u > 0) {
                GCMUtil.xor(this.m, this.n);
            }
            long j12 = ((this.f31296q * 8) + 127) >>> 7;
            byte[] bArr5 = new byte[16];
            if (this.f31285c == null) {
                Tables1kGCMExponentiator tables1kGCMExponentiator = new Tables1kGCMExponentiator();
                this.f31285c = tables1kGCMExponentiator;
                tables1kGCMExponentiator.init(this.f31290h);
            }
            this.f31285c.exponentiateX(j12, bArr5);
            GCMUtil.multiply(this.m, bArr5);
            GCMUtil.xor(this.l, this.m);
        }
        byte[] bArr6 = new byte[16];
        Pack.longToBigEndian(this.f31299t * 8, bArr6, 0);
        Pack.longToBigEndian(this.f31296q * 8, bArr6, 8);
        byte[] bArr7 = this.l;
        GCMUtil.xor(bArr7, bArr6);
        gCMMultiplier.multiplyH(bArr7);
        byte[] bArr8 = new byte[16];
        this.f31284a.processBlock(this.f31291i, 0, bArr8, 0);
        GCMUtil.xor(bArr8, this.l);
        int i14 = this.f31287e;
        byte[] bArr9 = new byte[i14];
        this.f31293k = bArr9;
        System.arraycopy(bArr8, 0, bArr9, 0, i14);
        if (this.f31286d) {
            System.arraycopy(this.f31293k, 0, bArr, i10 + this.f31295p, this.f31287e);
            i11 += this.f31287e;
        } else {
            int i15 = this.f31287e;
            byte[] bArr10 = new byte[i15];
            System.arraycopy(this.f31292j, i11, bArr10, 0, i15);
            if (!Arrays.constantTimeAreEqual(this.f31293k, bArr10)) {
                throw new InvalidCipherTextException("mac check in GCM failed");
            }
        }
        d(false);
        return i11;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public String getAlgorithmName() {
        return this.f31284a.getAlgorithmName() + "/GCM";
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public byte[] getMac() {
        return Arrays.clone(this.f31293k);
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int getOutputSize(int i10) {
        int i11 = i10 + this.f31295p;
        if (this.f31286d) {
            return i11 + this.f31287e;
        }
        int i12 = this.f31287e;
        if (i11 < i12) {
            return 0;
        }
        return i11 - i12;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public BlockCipher getUnderlyingCipher() {
        return this.f31284a;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int getUpdateOutputSize(int i10) {
        int i11 = i10 + this.f31295p;
        if (!this.f31286d) {
            int i12 = this.f31287e;
            if (i11 < i12) {
                return 0;
            }
            i11 -= i12;
        }
        return i11 - (i11 % 16);
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public void init(boolean z10, CipherParameters cipherParameters) throws IllegalArgumentException {
        KeyParameter keyParameter;
        this.f31286d = z10;
        this.f31293k = null;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            this.f31288f = aEADParameters.getNonce();
            this.f31289g = aEADParameters.getAssociatedText();
            int macSize = aEADParameters.getMacSize();
            if (macSize < 32 || macSize > 128 || macSize % 8 != 0) {
                throw new IllegalArgumentException(a.e("Invalid value for MAC size: ", macSize));
            }
            this.f31287e = macSize / 8;
            keyParameter = aEADParameters.getKey();
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to GCM");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            this.f31288f = parametersWithIV.getIV();
            this.f31289g = null;
            this.f31287e = 16;
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
        }
        this.f31292j = new byte[z10 ? 16 : this.f31287e + 16];
        byte[] bArr = this.f31288f;
        if (bArr == null || bArr.length < 1) {
            throw new IllegalArgumentException("IV must be at least 1 byte");
        }
        GCMMultiplier gCMMultiplier = this.b;
        if (keyParameter != null) {
            BlockCipher blockCipher = this.f31284a;
            blockCipher.init(true, keyParameter);
            byte[] bArr2 = new byte[16];
            this.f31290h = bArr2;
            blockCipher.processBlock(bArr2, 0, bArr2, 0);
            gCMMultiplier.init(this.f31290h);
            this.f31285c = null;
        } else if (this.f31290h == null) {
            throw new IllegalArgumentException("Key must be specified in initial init");
        }
        byte[] bArr3 = new byte[16];
        this.f31291i = bArr3;
        byte[] bArr4 = this.f31288f;
        if (bArr4.length == 12) {
            System.arraycopy(bArr4, 0, bArr3, 0, bArr4.length);
            this.f31291i[15] = 1;
        } else {
            int length = bArr4.length;
            for (int i10 = 0; i10 < length; i10 += 16) {
                GCMUtil.xor(bArr3, bArr4, i10, Math.min(length - i10, 16));
                gCMMultiplier.multiplyH(bArr3);
            }
            byte[] bArr5 = new byte[16];
            Pack.longToBigEndian(this.f31288f.length * 8, bArr5, 8);
            byte[] bArr6 = this.f31291i;
            GCMUtil.xor(bArr6, bArr5);
            gCMMultiplier.multiplyH(bArr6);
        }
        this.l = new byte[16];
        this.m = new byte[16];
        this.n = new byte[16];
        this.f31297r = new byte[16];
        this.f31298s = 0;
        this.f31299t = 0L;
        this.f31300u = 0L;
        this.f31294o = Arrays.clone(this.f31291i);
        this.f31295p = 0;
        this.f31296q = 0L;
        byte[] bArr7 = this.f31289g;
        if (bArr7 != null) {
            processAADBytes(bArr7, 0, bArr7.length);
        }
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public void processAADByte(byte b) {
        byte[] bArr = this.f31297r;
        int i10 = this.f31298s;
        bArr[i10] = b;
        int i11 = i10 + 1;
        this.f31298s = i11;
        if (i11 == 16) {
            byte[] bArr2 = this.m;
            GCMUtil.xor(bArr2, bArr);
            this.b.multiplyH(bArr2);
            this.f31298s = 0;
            this.f31299t += 16;
        }
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public void processAADBytes(byte[] bArr, int i10, int i11) {
        for (int i12 = 0; i12 < i11; i12++) {
            byte[] bArr2 = this.f31297r;
            int i13 = this.f31298s;
            bArr2[i13] = bArr[i10 + i12];
            int i14 = i13 + 1;
            this.f31298s = i14;
            if (i14 == 16) {
                byte[] bArr3 = this.m;
                GCMUtil.xor(bArr3, bArr2);
                this.b.multiplyH(bArr3);
                this.f31298s = 0;
                this.f31299t += 16;
            }
        }
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int processByte(byte b, byte[] bArr, int i10) throws DataLengthException {
        byte[] bArr2 = this.f31292j;
        int i11 = this.f31295p;
        bArr2[i11] = b;
        int i12 = i11 + 1;
        this.f31295p = i12;
        if (i12 != bArr2.length) {
            return 0;
        }
        c(i10, bArr);
        return 16;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public int processBytes(byte[] bArr, int i10, int i11, byte[] bArr2, int i12) throws DataLengthException {
        if (bArr.length < i10 + i11) {
            throw new DataLengthException("Input buffer too short");
        }
        int i13 = 0;
        for (int i14 = 0; i14 < i11; i14++) {
            byte[] bArr3 = this.f31292j;
            int i15 = this.f31295p;
            bArr3[i15] = bArr[i10 + i14];
            int i16 = i15 + 1;
            this.f31295p = i16;
            if (i16 == bArr3.length) {
                c(i12 + i13, bArr2);
                i13 += 16;
            }
        }
        return i13;
    }

    @Override // org.spongycastle.crypto.modes.AEADBlockCipher
    public void reset() {
        d(true);
    }
}
