package org.bouncycastle.crypto.modes;

import java.util.Vector;
import okio.Utf8;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class OCBBlockCipher implements AEADBlockCipher {

    /* renamed from: a, reason: collision with root package name */
    private BlockCipher f49330a;

    /* renamed from: b, reason: collision with root package name */
    private BlockCipher f49331b;

    /* renamed from: c, reason: collision with root package name */
    private boolean f49332c;

    /* renamed from: d, reason: collision with root package name */
    private int f49333d;

    /* renamed from: e, reason: collision with root package name */
    private byte[] f49334e;

    /* renamed from: f, reason: collision with root package name */
    private Vector f49335f;

    /* renamed from: g, reason: collision with root package name */
    private byte[] f49336g;

    /* renamed from: h, reason: collision with root package name */
    private byte[] f49337h;

    /* renamed from: l, reason: collision with root package name */
    private byte[] f49341l;

    /* renamed from: m, reason: collision with root package name */
    private byte[] f49342m;

    /* renamed from: n, reason: collision with root package name */
    private int f49343n;

    /* renamed from: o, reason: collision with root package name */
    private int f49344o;

    /* renamed from: p, reason: collision with root package name */
    private long f49345p;

    /* renamed from: q, reason: collision with root package name */
    private long f49346q;

    /* renamed from: r, reason: collision with root package name */
    private byte[] f49347r;

    /* renamed from: s, reason: collision with root package name */
    private byte[] f49348s;

    /* renamed from: u, reason: collision with root package name */
    private byte[] f49350u;

    /* renamed from: v, reason: collision with root package name */
    private byte[] f49351v;

    /* renamed from: i, reason: collision with root package name */
    private byte[] f49338i = null;

    /* renamed from: j, reason: collision with root package name */
    private byte[] f49339j = new byte[24];

    /* renamed from: k, reason: collision with root package name */
    private byte[] f49340k = new byte[16];

    /* renamed from: t, reason: collision with root package name */
    private byte[] f49349t = new byte[16];

    public OCBBlockCipher(BlockCipher blockCipher, BlockCipher blockCipher2) {
        if (blockCipher == null) {
            throw new IllegalArgumentException("'hashCipher' cannot be null");
        }
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("'hashCipher' must have a block size of 16");
        }
        if (blockCipher2 == null) {
            throw new IllegalArgumentException("'mainCipher' cannot be null");
        }
        if (blockCipher2.getBlockSize() != 16) {
            throw new IllegalArgumentException("'mainCipher' must have a block size of 16");
        }
        if (!blockCipher.getAlgorithmName().equals(blockCipher2.getAlgorithmName())) {
            throw new IllegalArgumentException("'hashCipher' and 'mainCipher' must be the same algorithm");
        }
        this.f49330a = blockCipher;
        this.f49331b = blockCipher2;
    }

    protected static byte[] OCB_double(byte[] bArr) {
        byte[] bArr2 = new byte[16];
        bArr2[15] = (byte) ((135 >>> ((1 - shiftLeft(bArr, bArr2)) << 3)) ^ bArr2[15]);
        return bArr2;
    }

    protected static void OCB_extend(byte[] bArr, int i2) {
        bArr[i2] = Byte.MIN_VALUE;
        while (true) {
            i2++;
            if (i2 >= 16) {
                return;
            } else {
                bArr[i2] = 0;
            }
        }
    }

    protected static int OCB_ntz(long j2) {
        if (j2 == 0) {
            return 64;
        }
        int i2 = 0;
        while ((1 & j2) == 0) {
            i2++;
            j2 >>>= 1;
        }
        return i2;
    }

    protected static int shiftLeft(byte[] bArr, byte[] bArr2) {
        int i2 = 16;
        int i3 = 0;
        while (true) {
            i2--;
            if (i2 < 0) {
                return i3;
            }
            int i4 = bArr[i2] & 255;
            bArr2[i2] = (byte) (i3 | (i4 << 1));
            i3 = (i4 >>> 7) & 1;
        }
    }

    protected static void xor(byte[] bArr, byte[] bArr2) {
        for (int i2 = 15; i2 >= 0; i2--) {
            bArr[i2] = (byte) (bArr[i2] ^ bArr2[i2]);
        }
    }

    protected void clear(byte[] bArr) {
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int doFinal(byte[] bArr, int i2) throws IllegalStateException, InvalidCipherTextException {
        byte[] bArr2;
        if (this.f49332c) {
            bArr2 = null;
        } else {
            int i3 = this.f49344o;
            int i4 = this.f49333d;
            if (i3 < i4) {
                throw new InvalidCipherTextException("data too short");
            }
            int i5 = i3 - i4;
            this.f49344o = i5;
            bArr2 = new byte[i4];
            System.arraycopy(this.f49342m, i5, bArr2, 0, i4);
        }
        int i6 = this.f49343n;
        if (i6 > 0) {
            OCB_extend(this.f49341l, i6);
            updateHASH(this.f49336g);
        }
        int i7 = this.f49344o;
        if (i7 > 0) {
            if (this.f49332c) {
                OCB_extend(this.f49342m, i7);
                xor(this.f49350u, this.f49342m);
            }
            xor(this.f49349t, this.f49336g);
            byte[] bArr3 = new byte[16];
            this.f49330a.processBlock(this.f49349t, 0, bArr3, 0);
            xor(this.f49342m, bArr3);
            int length = bArr.length;
            int i8 = this.f49344o;
            if (length < i2 + i8) {
                throw new OutputLengthException("Output buffer too short");
            }
            System.arraycopy(this.f49342m, 0, bArr, i2, i8);
            if (!this.f49332c) {
                OCB_extend(this.f49342m, this.f49344o);
                xor(this.f49350u, this.f49342m);
            }
        }
        xor(this.f49350u, this.f49349t);
        xor(this.f49350u, this.f49337h);
        BlockCipher blockCipher = this.f49330a;
        byte[] bArr4 = this.f49350u;
        blockCipher.processBlock(bArr4, 0, bArr4, 0);
        xor(this.f49350u, this.f49348s);
        int i9 = this.f49333d;
        byte[] bArr5 = new byte[i9];
        this.f49351v = bArr5;
        System.arraycopy(this.f49350u, 0, bArr5, 0, i9);
        int i10 = this.f49344o;
        if (this.f49332c) {
            int length2 = bArr.length;
            int i11 = i2 + i10;
            int i12 = this.f49333d;
            if (length2 < i11 + i12) {
                throw new OutputLengthException("Output buffer too short");
            }
            System.arraycopy(this.f49351v, 0, bArr, i11, i12);
            i10 += this.f49333d;
        } else if (!Arrays.constantTimeAreEqual(this.f49351v, bArr2)) {
            throw new InvalidCipherTextException("mac check in OCB failed");
        }
        reset(false);
        return i10;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return this.f49331b.getAlgorithmName() + "/OCB";
    }

    protected byte[] getLSub(int i2) {
        while (i2 >= this.f49335f.size()) {
            Vector vector = this.f49335f;
            vector.addElement(OCB_double((byte[]) vector.lastElement()));
        }
        return (byte[]) this.f49335f.elementAt(i2);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        byte[] bArr = this.f49351v;
        return bArr == null ? new byte[this.f49333d] : Arrays.clone(bArr);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i2) {
        int i3 = i2 + this.f49344o;
        if (this.f49332c) {
            return i3 + this.f49333d;
        }
        int i4 = this.f49333d;
        if (i3 < i4) {
            return 0;
        }
        return i3 - i4;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public BlockCipher getUnderlyingCipher() {
        return this.f49331b;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i2) {
        int i3 = i2 + this.f49344o;
        if (!this.f49332c) {
            int i4 = this.f49333d;
            if (i3 < i4) {
                return 0;
            }
            i3 -= i4;
        }
        return i3 - (i3 % 16);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z2, CipherParameters cipherParameters) throws IllegalArgumentException {
        byte[] iv;
        KeyParameter keyParameter;
        boolean z3 = this.f49332c;
        this.f49332c = z2;
        this.f49351v = null;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            iv = aEADParameters.getNonce();
            this.f49334e = aEADParameters.getAssociatedText();
            int macSize = aEADParameters.getMacSize();
            if (macSize < 64 || macSize > 128 || macSize % 8 != 0) {
                throw new IllegalArgumentException("Invalid value for MAC size: " + macSize);
            }
            this.f49333d = macSize / 8;
            keyParameter = aEADParameters.getKey();
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to OCB");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            iv = parametersWithIV.getIV();
            this.f49334e = null;
            this.f49333d = 16;
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
        }
        this.f49341l = new byte[16];
        this.f49342m = new byte[z2 ? 16 : this.f49333d + 16];
        if (iv == null) {
            iv = new byte[0];
        }
        if (iv.length > 15) {
            throw new IllegalArgumentException("IV must be no more than 15 bytes");
        }
        if (keyParameter != null) {
            this.f49330a.init(true, keyParameter);
            this.f49331b.init(z2, keyParameter);
            this.f49338i = null;
        } else if (z3 != z2) {
            throw new IllegalArgumentException("cannot change encrypting state without providing key.");
        }
        byte[] bArr = new byte[16];
        this.f49336g = bArr;
        this.f49330a.processBlock(bArr, 0, bArr, 0);
        this.f49337h = OCB_double(this.f49336g);
        Vector vector = new Vector();
        this.f49335f = vector;
        vector.addElement(OCB_double(this.f49337h));
        int processNonce = processNonce(iv);
        int i2 = processNonce % 8;
        int i3 = processNonce / 8;
        if (i2 == 0) {
            System.arraycopy(this.f49339j, i3, this.f49340k, 0, 16);
        } else {
            for (int i4 = 0; i4 < 16; i4++) {
                byte[] bArr2 = this.f49339j;
                int i5 = bArr2[i3] & 255;
                i3++;
                this.f49340k[i4] = (byte) (((bArr2[i3] & 255) >>> (8 - i2)) | (i5 << i2));
            }
        }
        this.f49343n = 0;
        this.f49344o = 0;
        this.f49345p = 0L;
        this.f49346q = 0L;
        this.f49347r = new byte[16];
        this.f49348s = new byte[16];
        System.arraycopy(this.f49340k, 0, this.f49349t, 0, 16);
        this.f49350u = new byte[16];
        byte[] bArr3 = this.f49334e;
        if (bArr3 != null) {
            processAADBytes(bArr3, 0, bArr3.length);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADByte(byte b2) {
        byte[] bArr = this.f49341l;
        int i2 = this.f49343n;
        bArr[i2] = b2;
        int i3 = i2 + 1;
        this.f49343n = i3;
        if (i3 == bArr.length) {
            processHashBlock();
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i2, int i3) {
        for (int i4 = 0; i4 < i3; i4++) {
            byte[] bArr2 = this.f49341l;
            int i5 = this.f49343n;
            bArr2[i5] = bArr[i2 + i4];
            int i6 = i5 + 1;
            this.f49343n = i6;
            if (i6 == bArr2.length) {
                processHashBlock();
            }
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b2, byte[] bArr, int i2) throws DataLengthException {
        byte[] bArr2 = this.f49342m;
        int i3 = this.f49344o;
        bArr2[i3] = b2;
        int i4 = i3 + 1;
        this.f49344o = i4;
        if (i4 != bArr2.length) {
            return 0;
        }
        processMainBlock(bArr, i2);
        return 16;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i2, int i3, byte[] bArr2, int i4) throws DataLengthException {
        if (bArr.length < i2 + i3) {
            throw new DataLengthException("Input buffer too short");
        }
        int i5 = 0;
        for (int i6 = 0; i6 < i3; i6++) {
            byte[] bArr3 = this.f49342m;
            int i7 = this.f49344o;
            bArr3[i7] = bArr[i2 + i6];
            int i8 = i7 + 1;
            this.f49344o = i8;
            if (i8 == bArr3.length) {
                processMainBlock(bArr2, i4 + i5);
                i5 += 16;
            }
        }
        return i5;
    }

    protected void processHashBlock() {
        long j2 = this.f49345p + 1;
        this.f49345p = j2;
        updateHASH(getLSub(OCB_ntz(j2)));
        this.f49343n = 0;
    }

    protected void processMainBlock(byte[] bArr, int i2) {
        if (bArr.length < i2 + 16) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (this.f49332c) {
            xor(this.f49350u, this.f49342m);
            this.f49344o = 0;
        }
        byte[] bArr2 = this.f49349t;
        long j2 = this.f49346q + 1;
        this.f49346q = j2;
        xor(bArr2, getLSub(OCB_ntz(j2)));
        xor(this.f49342m, this.f49349t);
        BlockCipher blockCipher = this.f49331b;
        byte[] bArr3 = this.f49342m;
        blockCipher.processBlock(bArr3, 0, bArr3, 0);
        xor(this.f49342m, this.f49349t);
        System.arraycopy(this.f49342m, 0, bArr, i2, 16);
        if (this.f49332c) {
            return;
        }
        xor(this.f49350u, this.f49342m);
        byte[] bArr4 = this.f49342m;
        System.arraycopy(bArr4, 16, bArr4, 0, this.f49333d);
        this.f49344o = this.f49333d;
    }

    protected int processNonce(byte[] bArr) {
        byte[] bArr2 = new byte[16];
        int i2 = 0;
        System.arraycopy(bArr, 0, bArr2, 16 - bArr.length, bArr.length);
        bArr2[0] = (byte) (this.f49333d << 4);
        int length = 15 - bArr.length;
        bArr2[length] = (byte) (bArr2[length] | 1);
        byte b2 = bArr2[15];
        int i3 = b2 & Utf8.REPLACEMENT_BYTE;
        bArr2[15] = (byte) (b2 & 192);
        byte[] bArr3 = this.f49338i;
        if (bArr3 == null || !Arrays.areEqual(bArr2, bArr3)) {
            byte[] bArr4 = new byte[16];
            this.f49338i = bArr2;
            this.f49330a.processBlock(bArr2, 0, bArr4, 0);
            System.arraycopy(bArr4, 0, this.f49339j, 0, 16);
            while (i2 < 8) {
                byte[] bArr5 = this.f49339j;
                int i4 = i2 + 16;
                byte b3 = bArr4[i2];
                i2++;
                bArr5[i4] = (byte) (b3 ^ bArr4[i2]);
            }
        }
        return i3;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void reset() {
        reset(true);
    }

    protected void reset(boolean z2) {
        this.f49330a.reset();
        this.f49331b.reset();
        clear(this.f49341l);
        clear(this.f49342m);
        this.f49343n = 0;
        this.f49344o = 0;
        this.f49345p = 0L;
        this.f49346q = 0L;
        clear(this.f49347r);
        clear(this.f49348s);
        System.arraycopy(this.f49340k, 0, this.f49349t, 0, 16);
        clear(this.f49350u);
        if (z2) {
            this.f49351v = null;
        }
        byte[] bArr = this.f49334e;
        if (bArr != null) {
            processAADBytes(bArr, 0, bArr.length);
        }
    }

    protected void updateHASH(byte[] bArr) {
        xor(this.f49347r, bArr);
        xor(this.f49341l, this.f49347r);
        BlockCipher blockCipher = this.f49330a;
        byte[] bArr2 = this.f49341l;
        blockCipher.processBlock(bArr2, 0, bArr2, 0);
        xor(this.f49348s, this.f49341l);
    }
}
