package de.rub.nds.tlsattacker.core.crypto.cipher;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.CipherAlgorithm;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.engines.ChaCha7539Engine;
import org.bouncycastle.crypto.macs.Poly1305;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/crypto/cipher/ChaCha20Poly1305Cipher.class */
public class ChaCha20Poly1305Cipher implements EncryptionCipher, DecryptionCipher {
    private byte[] key;
    private int additionalDataLength = 0;
    private final ChaCha7539Engine cipher = new ChaCha7539Engine();
    private final Poly1305 mac = new Poly1305();
    private static final CipherAlgorithm algorithm = CipherAlgorithm.ChaCha20Poly1305;
    private static final Logger LOGGER = LogManager.getLogger();
    private static final byte[] ZEROES = new byte[15];

    public ChaCha20Poly1305Cipher(byte[] bArr) {
        this.key = bArr;
    }

    private byte[] calculateRFC7905Iv(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = {0, 0, 0, 0};
        byte[] concatenate = ArrayConverter.concatenate(bArr3, ArrayConverter.longToUint64Bytes(ArrayConverter.bytesToLong(bArr)), 12 - bArr3.length);
        for (int i = 0; i < 12; i++) {
            int i2 = i;
            concatenate[i2] = (byte) (concatenate[i2] ^ bArr2[i]);
        }
        return concatenate;
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.DecryptionCipher
    public byte[] decrypt(byte[] bArr) throws CryptoException {
        throw new UnsupportedOperationException("ChaCha20Poly1305 can only be used as an AEAD Cipher!");
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.DecryptionCipher
    public byte[] decrypt(byte[] bArr, byte[] bArr2) {
        throw new UnsupportedOperationException("ChaCha20Poly1305 can only be used as an AEAD Cipher!");
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.DecryptionCipher
    public byte[] decrypt(byte[] bArr, int i, byte[] bArr2) {
        throw new UnsupportedOperationException("ChaCha20Poly1305 can only be used as an AEAD Cipher!");
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.DecryptionCipher
    public byte[] decrypt(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
        this.cipher.init(false, new ParametersWithIV(new KeyParameter(this.key, 0, this.key.length), ZEROES, 0, 12));
        this.additionalDataLength = bArr2.length;
        int length = bArr3.length - 16;
        byte[] bArr4 = new byte[getOutputSize(false, bArr3.length)];
        int length2 = bArr.length;
        this.cipher.init(false, new ParametersWithIV((CipherParameters) null, calculateRFC7905Iv(Arrays.copyOfRange(bArr, length2 - 8, length2), Arrays.copyOfRange(bArr, 0, length2 - 8))));
        initMAC();
        updateMAC(bArr2, 0, this.additionalDataLength);
        updateMAC(bArr3, 0, length);
        byte[] concatenate = ArrayConverter.concatenate(ArrayConverter.reverseByteOrder(ArrayConverter.longToBytes(Long.valueOf(this.additionalDataLength).longValue(), 8)), ArrayConverter.reverseByteOrder(ArrayConverter.longToBytes(Long.valueOf(length).longValue(), 8)), 8);
        this.mac.update(concatenate, 0, 16);
        this.mac.doFinal(concatenate, 0);
        if (!Arrays.areEqual(concatenate, Arrays.copyOfRange(bArr3, length, bArr3.length))) {
            LOGGER.warn("MAC verification failed, continuing anyways.");
        }
        this.cipher.processBytes(bArr3, 0, length, bArr4, 0);
        return bArr4;
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.EncryptionCipher
    public byte[] encrypt(byte[] bArr) throws CryptoException {
        throw new UnsupportedOperationException("ChaCha20Poly1305 can only be used as an AEAD Cipher!");
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.EncryptionCipher
    public byte[] encrypt(byte[] bArr, byte[] bArr2) {
        throw new UnsupportedOperationException("ChaCha20Poly1305 can only be used as an AEAD Cipher!");
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.EncryptionCipher
    public byte[] encrypt(byte[] bArr, int i, byte[] bArr2) {
        throw new UnsupportedOperationException("ChaCha20Poly1305 can only be used as an AEAD Cipher!");
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.EncryptionCipher
    public byte[] encrypt(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
        int length = bArr.length;
        byte[] copyOfRange = Arrays.copyOfRange(bArr, length - 8, length);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 0, length - 8);
        this.cipher.init(true, new ParametersWithIV(new KeyParameter(this.key, 0, this.key.length), ZEROES, 0, 12));
        int length2 = bArr2.length;
        int length3 = bArr3.length;
        byte[] bArr4 = new byte[getOutputSize(true, length3)];
        this.cipher.init(true, new ParametersWithIV((CipherParameters) null, calculateRFC7905Iv(copyOfRange, copyOfRange2)));
        initMAC();
        updateMAC(bArr2, 0, length2);
        this.cipher.processBytes(bArr3, 0, length3, bArr4, 0);
        updateMAC(bArr4, 0, length3);
        this.mac.update(ArrayConverter.concatenate(ArrayConverter.reverseByteOrder(ArrayConverter.longToBytes(Long.valueOf(length2).longValue(), 8)), ArrayConverter.reverseByteOrder(ArrayConverter.longToBytes(Long.valueOf(length3).longValue(), 8)), 8), 0, 16);
        this.mac.doFinal(bArr4, 0 + length3);
        return bArr4;
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.EncryptionCipher, de.rub.nds.tlsattacker.core.crypto.cipher.DecryptionCipher
    public int getBlocksize() {
        throw new UnsupportedOperationException("ChaCha20Poly1305 can only be used as an AEAD Cipher!");
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.EncryptionCipher, de.rub.nds.tlsattacker.core.crypto.cipher.DecryptionCipher
    public byte[] getIv() {
        throw new UnsupportedOperationException();
    }

    private int getOutputSize(boolean z, int i) {
        return z ? i + 16 : i - 16;
    }

    private void initMAC() {
        byte[] bArr = new byte[64];
        this.cipher.processBytes(bArr, 0, 64, bArr, 0);
        this.mac.init(new KeyParameter(bArr, 0, 32));
    }

    @Override // de.rub.nds.tlsattacker.core.crypto.cipher.EncryptionCipher, de.rub.nds.tlsattacker.core.crypto.cipher.DecryptionCipher
    public void setIv(byte[] bArr) {
        throw new UnsupportedOperationException("The IV has to be passed with the encrypt() call!");
    }

    private void updateMAC(byte[] bArr, int i, int i2) {
        this.mac.update(bArr, i, i2);
        int i3 = i2 % 16;
        if (i3 != 0) {
            this.mac.update(ZEROES, 0, 16 - i3);
        }
    }
}
