package org.bouncycastle.crypto.modes;

import java.util.Vector;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:org/bouncycastle/crypto/modes/OCBBlockCipher.class */
public class OCBBlockCipher implements AEADBlockCipher {

    /* renamed from: a, reason: collision with root package name */
    private BlockCipher f5706a;
    private BlockCipher b;
    private boolean c;
    private int d;
    private byte[] e;
    private Vector f;
    private byte[] g;
    private byte[] h;
    private byte[] l;
    private byte[] m;
    private int n;
    private int o;
    private long p;
    private long q;
    private byte[] r;
    private byte[] s;
    private byte[] u;
    private byte[] v;
    private byte[] i = null;
    private byte[] j = new byte[24];
    private byte[] k = new byte[16];
    private byte[] t = new byte[16];

    public OCBBlockCipher(BlockCipher blockCipher, BlockCipher blockCipher2) {
        if (blockCipher == null) {
            throw new IllegalArgumentException("'hashCipher' cannot be null");
        }
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("'hashCipher' must have a block size of 16");
        }
        if (blockCipher2 == null) {
            throw new IllegalArgumentException("'mainCipher' cannot be null");
        }
        if (blockCipher2.getBlockSize() != 16) {
            throw new IllegalArgumentException("'mainCipher' must have a block size of 16");
        }
        if (!blockCipher.getAlgorithmName().equals(blockCipher2.getAlgorithmName())) {
            throw new IllegalArgumentException("'hashCipher' and 'mainCipher' must be the same algorithm");
        }
        this.f5706a = blockCipher;
        this.b = blockCipher2;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public BlockCipher getUnderlyingCipher() {
        return this.b;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public String getAlgorithmName() {
        return this.b.getAlgorithmName() + "/OCB";
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public void init(boolean z, CipherParameters cipherParameters) {
        byte[] iv;
        KeyParameter keyParameter;
        boolean z2 = this.c;
        this.c = z;
        this.v = null;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            iv = aEADParameters.getNonce();
            this.e = aEADParameters.getAssociatedText();
            int macSize = aEADParameters.getMacSize();
            if (macSize < 64 || macSize > 128 || macSize % 8 != 0) {
                throw new IllegalArgumentException("Invalid value for MAC size: " + macSize);
            }
            this.d = macSize / 8;
            keyParameter = aEADParameters.getKey();
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to OCB");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            iv = parametersWithIV.getIV();
            this.e = null;
            this.d = 16;
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
        }
        this.l = new byte[16];
        this.m = new byte[z ? 16 : 16 + this.d];
        if (iv == null) {
            iv = new byte[0];
        }
        if (iv.length > 15) {
            throw new IllegalArgumentException("IV must be no more than 15 bytes");
        }
        if (keyParameter != null) {
            this.f5706a.init(true, keyParameter);
            this.b.init(z, keyParameter);
            this.i = null;
        } else if (z2 != z) {
            throw new IllegalArgumentException("cannot change encrypting state without providing key.");
        }
        this.g = new byte[16];
        this.f5706a.processBlock(this.g, 0, this.g, 0);
        this.h = OCB_double(this.g);
        this.f = new Vector();
        this.f.addElement(OCB_double(this.h));
        int processNonce = processNonce(iv);
        int i = processNonce % 8;
        int i2 = processNonce / 8;
        if (i == 0) {
            System.arraycopy(this.j, i2, this.k, 0, 16);
        } else {
            for (int i3 = 0; i3 < 16; i3++) {
                int i4 = this.j[i2] & 255;
                i2++;
                this.k[i3] = (byte) ((i4 << i) | ((this.j[i2] & 255) >>> (8 - i)));
            }
        }
        this.n = 0;
        this.o = 0;
        this.p = 0L;
        this.q = 0L;
        this.r = new byte[16];
        this.s = new byte[16];
        System.arraycopy(this.k, 0, this.t, 0, 16);
        this.u = new byte[16];
        if (this.e != null) {
            processAADBytes(this.e, 0, this.e.length);
        }
    }

    protected int processNonce(byte[] bArr) {
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 16 - bArr.length, bArr.length);
        bArr2[0] = (byte) (this.d << 4);
        int length = 15 - bArr.length;
        bArr2[length] = (byte) (bArr2[length] | 1);
        int i = bArr2[15] & 63;
        bArr2[15] = (byte) (bArr2[15] & 192);
        if (this.i == null || !Arrays.areEqual(bArr2, this.i)) {
            byte[] bArr3 = new byte[16];
            this.i = bArr2;
            this.f5706a.processBlock(this.i, 0, bArr3, 0);
            System.arraycopy(bArr3, 0, this.j, 0, 16);
            for (int i2 = 0; i2 < 8; i2++) {
                this.j[i2 + 16] = (byte) (bArr3[i2] ^ bArr3[i2 + 1]);
            }
        }
        return i;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public byte[] getMac() {
        return this.v == null ? new byte[this.d] : Arrays.clone(this.v);
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public int getOutputSize(int i) {
        int i2 = i + this.o;
        if (this.c) {
            return i2 + this.d;
        }
        if (i2 < this.d) {
            return 0;
        }
        return i2 - this.d;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public int getUpdateOutputSize(int i) {
        int i2 = i + this.o;
        if (!this.c) {
            if (i2 < this.d) {
                return 0;
            }
            i2 -= this.d;
        }
        int i3 = i2;
        return i3 - (i3 % 16);
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public void processAADByte(byte b) {
        this.l[this.n] = b;
        int i = this.n + 1;
        this.n = i;
        if (i == this.l.length) {
            processHashBlock();
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public void processAADBytes(byte[] bArr, int i, int i2) {
        for (int i3 = 0; i3 < i2; i3++) {
            this.l[this.n] = bArr[i + i3];
            int i4 = this.n + 1;
            this.n = i4;
            if (i4 == this.l.length) {
                processHashBlock();
            }
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public int processByte(byte b, byte[] bArr, int i) {
        this.m[this.o] = b;
        int i2 = this.o + 1;
        this.o = i2;
        if (i2 != this.m.length) {
            return 0;
        }
        processMainBlock(bArr, i);
        return 16;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public int processBytes(byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        if (bArr.length < i + i2) {
            throw new DataLengthException("Input buffer too short");
        }
        int i4 = 0;
        for (int i5 = 0; i5 < i2; i5++) {
            this.m[this.o] = bArr[i + i5];
            int i6 = this.o + 1;
            this.o = i6;
            if (i6 == this.m.length) {
                processMainBlock(bArr2, i3 + i4);
                i4 += 16;
            }
        }
        return i4;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public int doFinal(byte[] bArr, int i) {
        byte[] bArr2 = null;
        if (!this.c) {
            if (this.o < this.d) {
                throw new InvalidCipherTextException("data too short");
            }
            this.o -= this.d;
            bArr2 = new byte[this.d];
            System.arraycopy(this.m, this.o, bArr2, 0, this.d);
        }
        if (this.n > 0) {
            OCB_extend(this.l, this.n);
            updateHASH(this.g);
        }
        if (this.o > 0) {
            if (this.c) {
                OCB_extend(this.m, this.o);
                xor(this.u, this.m);
            }
            xor(this.t, this.g);
            byte[] bArr3 = new byte[16];
            this.f5706a.processBlock(this.t, 0, bArr3, 0);
            xor(this.m, bArr3);
            if (bArr.length < i + this.o) {
                throw new OutputLengthException("Output buffer too short");
            }
            System.arraycopy(this.m, 0, bArr, i, this.o);
            if (!this.c) {
                OCB_extend(this.m, this.o);
                xor(this.u, this.m);
            }
        }
        xor(this.u, this.t);
        xor(this.u, this.h);
        this.f5706a.processBlock(this.u, 0, this.u, 0);
        xor(this.u, this.s);
        this.v = new byte[this.d];
        System.arraycopy(this.u, 0, this.v, 0, this.d);
        int i2 = this.o;
        if (this.c) {
            if (bArr.length < i + i2 + this.d) {
                throw new OutputLengthException("Output buffer too short");
            }
            System.arraycopy(this.v, 0, bArr, i + i2, this.d);
            i2 += this.d;
        } else if (!Arrays.constantTimeAreEqual(this.v, bArr2)) {
            throw new InvalidCipherTextException("mac check in OCB failed");
        }
        reset(false);
        return i2;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public void reset() {
        reset(true);
    }

    protected void clear(byte[] bArr) {
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
    }

    protected byte[] getLSub(int i) {
        while (i >= this.f.size()) {
            this.f.addElement(OCB_double((byte[]) this.f.lastElement()));
        }
        return (byte[]) this.f.elementAt(i);
    }

    protected void processHashBlock() {
        long j = this.p + 1;
        this.p = j;
        updateHASH(getLSub(OCB_ntz(j)));
        this.n = 0;
    }

    protected void processMainBlock(byte[] bArr, int i) {
        if (bArr.length < i + 16) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (this.c) {
            xor(this.u, this.m);
            this.o = 0;
        }
        byte[] bArr2 = this.t;
        long j = this.q + 1;
        this.q = j;
        xor(bArr2, getLSub(OCB_ntz(j)));
        xor(this.m, this.t);
        this.b.processBlock(this.m, 0, this.m, 0);
        xor(this.m, this.t);
        System.arraycopy(this.m, 0, bArr, i, 16);
        if (this.c) {
            return;
        }
        xor(this.u, this.m);
        System.arraycopy(this.m, 16, this.m, 0, this.d);
        this.o = this.d;
    }

    protected void reset(boolean z) {
        this.f5706a.reset();
        this.b.reset();
        clear(this.l);
        clear(this.m);
        this.n = 0;
        this.o = 0;
        this.p = 0L;
        this.q = 0L;
        clear(this.r);
        clear(this.s);
        System.arraycopy(this.k, 0, this.t, 0, 16);
        clear(this.u);
        if (z) {
            this.v = null;
        }
        if (this.e != null) {
            processAADBytes(this.e, 0, this.e.length);
        }
    }

    protected void updateHASH(byte[] bArr) {
        xor(this.r, bArr);
        xor(this.l, this.r);
        this.f5706a.processBlock(this.l, 0, this.l, 0);
        xor(this.s, this.l);
    }

    protected static byte[] OCB_double(byte[] bArr) {
        byte[] bArr2 = new byte[16];
        bArr2[15] = (byte) (bArr2[15] ^ (135 >>> ((1 - shiftLeft(bArr, bArr2)) << 3)));
        return bArr2;
    }

    protected static void OCB_extend(byte[] bArr, int i) {
        bArr[i] = Byte.MIN_VALUE;
        while (true) {
            i++;
            if (i >= 16) {
                return;
            } else {
                bArr[i] = 0;
            }
        }
    }

    protected static int OCB_ntz(long j) {
        if (j == 0) {
            return 64;
        }
        int i = 0;
        while ((j & 1) == 0) {
            i++;
            j >>>= 1;
        }
        return i;
    }

    protected static int shiftLeft(byte[] bArr, byte[] bArr2) {
        int i = 16;
        int i2 = 0;
        while (true) {
            int i3 = i2;
            i--;
            if (i < 0) {
                return i3;
            }
            int i4 = bArr[i] & 255;
            bArr2[i] = (byte) ((i4 << 1) | i3);
            i2 = (i4 >>> 7) & 1;
        }
    }

    protected static void xor(byte[] bArr, byte[] bArr2) {
        for (int i = 15; i >= 0; i--) {
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] ^ bArr2[i]);
        }
    }
}
