package org.bouncycastle.crypto.modes;

import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.modes.gcm.BasicGCMExponentiator;
import org.bouncycastle.crypto.modes.gcm.GCMExponentiator;
import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
import org.bouncycastle.crypto.modes.gcm.GCMUtil;
import org.bouncycastle.crypto.modes.gcm.Tables4kGCMMultiplier;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: input_file:org/bouncycastle/crypto/modes/GCMBlockCipher.class */
public class GCMBlockCipher implements AEADBlockCipher {

    /* renamed from: a, reason: collision with root package name */
    private BlockCipher f5199a;
    private GCMMultiplier b;
    private GCMExponentiator c;
    private boolean d;
    private boolean e;
    private int f;
    private byte[] g;
    private byte[] h;
    private byte[] i;
    private byte[] j;
    private byte[] k;
    private byte[] l;
    private byte[] m;
    private byte[] n;
    private byte[] o;
    private byte[] p;
    private byte[] q;
    private int r;
    private int s;
    private long t;
    private byte[] u;
    private int v;
    private long w;
    private long x;

    public GCMBlockCipher(BlockCipher blockCipher) {
        this(blockCipher, null);
    }

    public GCMBlockCipher(BlockCipher blockCipher, GCMMultiplier gCMMultiplier) {
        if (blockCipher.getBlockSize() != 16) {
            throw new IllegalArgumentException("cipher required with a block size of 16.");
        }
        gCMMultiplier = gCMMultiplier == null ? new Tables4kGCMMultiplier() : gCMMultiplier;
        this.f5199a = blockCipher;
        this.b = gCMMultiplier;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public BlockCipher getUnderlyingCipher() {
        return this.f5199a;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public String getAlgorithmName() {
        return this.f5199a.getAlgorithmName() + "/GCM";
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public void init(boolean z, CipherParameters cipherParameters) {
        byte[] iv;
        KeyParameter keyParameter;
        this.d = z;
        this.m = null;
        this.e = true;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            iv = aEADParameters.getNonce();
            this.i = aEADParameters.getAssociatedText();
            int macSize = aEADParameters.getMacSize();
            if (macSize < 32 || macSize > 128 || macSize % 8 != 0) {
                throw new IllegalArgumentException("Invalid value for MAC size: " + macSize);
            }
            this.f = macSize / 8;
            keyParameter = aEADParameters.getKey();
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to GCM");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            iv = parametersWithIV.getIV();
            this.i = null;
            this.f = 16;
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
        }
        this.l = new byte[z ? 16 : 16 + this.f];
        if (iv == null || iv.length <= 0) {
            throw new IllegalArgumentException("IV must be at least 1 byte");
        }
        if (z && this.h != null && Arrays.areEqual(this.h, iv)) {
            if (keyParameter == null) {
                throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
            }
            if (this.g != null && Arrays.areEqual(this.g, keyParameter.getKey())) {
                throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
            }
        }
        this.h = iv;
        if (keyParameter != null) {
            this.g = keyParameter.getKey();
        }
        if (keyParameter != null) {
            this.f5199a.init(true, keyParameter);
            this.j = new byte[16];
            this.f5199a.processBlock(this.j, 0, this.j, 0);
            this.b.init(this.j);
            this.c = null;
        } else if (this.j == null) {
            throw new IllegalArgumentException("Key must be specified in initial init");
        }
        this.k = new byte[16];
        if (this.h.length == 12) {
            System.arraycopy(this.h, 0, this.k, 0, this.h.length);
            this.k[15] = 1;
        } else {
            a(this.k, this.h, this.h.length);
            byte[] bArr = new byte[16];
            Pack.longToBigEndian(this.h.length << 3, bArr, 8);
            a(this.k, bArr);
        }
        this.n = new byte[16];
        this.o = new byte[16];
        this.p = new byte[16];
        this.u = new byte[16];
        this.v = 0;
        this.w = 0L;
        this.x = 0L;
        this.q = Arrays.clone(this.k);
        this.r = -2;
        this.s = 0;
        this.t = 0L;
        if (this.i != null) {
            processAADBytes(this.i, 0, this.i.length);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public byte[] getMac() {
        return this.m == null ? new byte[this.f] : Arrays.clone(this.m);
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public int getOutputSize(int i) {
        int i2 = i + this.s;
        if (this.d) {
            return i2 + this.f;
        }
        if (i2 < this.f) {
            return 0;
        }
        return i2 - this.f;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public int getUpdateOutputSize(int i) {
        int i2 = i + this.s;
        if (!this.d) {
            if (i2 < this.f) {
                return 0;
            }
            i2 -= this.f;
        }
        int i3 = i2;
        return i3 - (i3 % 16);
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public void processAADByte(byte b) {
        b();
        this.u[this.v] = b;
        int i = this.v + 1;
        this.v = i;
        if (i == 16) {
            a(this.o, this.u);
            this.v = 0;
            this.w += 16;
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public void processAADBytes(byte[] bArr, int i, int i2) {
        b();
        for (int i3 = 0; i3 < i2; i3++) {
            this.u[this.v] = bArr[i + i3];
            int i4 = this.v + 1;
            this.v = i4;
            if (i4 == 16) {
                a(this.o, this.u);
                this.v = 0;
                this.w += 16;
            }
        }
    }

    private void a() {
        if (this.w > 0) {
            System.arraycopy(this.o, 0, this.p, 0, 16);
            this.x = this.w;
        }
        if (this.v > 0) {
            a(this.p, this.u, 0, this.v);
            this.x += this.v;
        }
        if (this.x > 0) {
            System.arraycopy(this.p, 0, this.n, 0, 16);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public int processByte(byte b, byte[] bArr, int i) {
        b();
        this.l[this.s] = b;
        int i2 = this.s + 1;
        this.s = i2;
        if (i2 != this.l.length) {
            return 0;
        }
        a(this.l, 0, bArr, i);
        if (this.d) {
            this.s = 0;
            return 16;
        }
        System.arraycopy(this.l, 16, this.l, 0, this.f);
        this.s = this.f;
        return 16;
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x0028, code lost:
    
        if (r10 <= 0) goto L30;
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x002b, code lost:
    
        r10 = r10 - 1;
        r3 = r9;
        r9 = r9 + 1;
        r7.l[r7.s] = r8[r3];
        r1 = r7.s + 1;
        r7.s = r1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x004a, code lost:
    
        if (r1 != 16) goto L32;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x004d, code lost:
    
        a(r7.l, 0, r11, r12);
        r7.s = 0;
        r13 = 0 + 16;
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x0065, code lost:
    
        if (r10 < 16) goto L33;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x0068, code lost:
    
        a(r8, r9, r11, r12 + r13);
        r9 = r9 + 16;
        r10 = r10 - 16;
        r13 = r13 + 16;
     */
    /* JADX WARN: Code restructure failed: missing block: B:24:0x0082, code lost:
    
        if (r10 <= 0) goto L28;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x0085, code lost:
    
        java.lang.System.arraycopy(r8, r9, r7.l, 0, r10);
        r7.s = r10;
     */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x0024, code lost:
    
        if (r7.s != 0) goto L10;
     */
    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int processBytes(byte[] r8, int r9, int r10, byte[] r11, int r12) {
        /*
            Method dump skipped, instructions count: 249
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.crypto.modes.GCMBlockCipher.processBytes(byte[], int, int, byte[], int):int");
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public int doFinal(byte[] bArr, int i) {
        b();
        if (this.t == 0) {
            a();
        }
        int i2 = this.s;
        if (this.d) {
            if (bArr.length - i < i2 + this.f) {
                throw new OutputLengthException("Output buffer too short");
            }
        } else {
            if (i2 < this.f) {
                throw new InvalidCipherTextException("data too short");
            }
            i2 -= this.f;
            if (bArr.length - i < i2) {
                throw new OutputLengthException("Output buffer too short");
            }
        }
        if (i2 > 0) {
            byte[] bArr2 = this.l;
            int i3 = i2;
            byte[] bArr3 = new byte[16];
            a(bArr3);
            if (this.d) {
                GCMUtil.xor(bArr2, 0, bArr3, 0, i3);
                a(this.n, bArr2, 0, i3);
            } else {
                a(this.n, bArr2, 0, i3);
                GCMUtil.xor(bArr2, 0, bArr3, 0, i3);
            }
            System.arraycopy(bArr2, 0, bArr, i, i3);
            this.t += i3;
        }
        this.w += this.v;
        if (this.w > this.x) {
            if (this.v > 0) {
                a(this.o, this.u, 0, this.v);
            }
            if (this.x > 0) {
                GCMUtil.xor(this.o, this.p);
            }
            long j = ((this.t << 3) + 127) >>> 7;
            byte[] bArr4 = new byte[16];
            if (this.c == null) {
                this.c = new BasicGCMExponentiator();
                this.c.init(this.j);
            }
            this.c.exponentiateX(j, bArr4);
            GCMUtil.multiply(this.o, bArr4);
            GCMUtil.xor(this.n, this.o);
        }
        byte[] bArr5 = new byte[16];
        Pack.longToBigEndian(this.w << 3, bArr5, 0);
        Pack.longToBigEndian(this.t << 3, bArr5, 8);
        a(this.n, bArr5);
        byte[] bArr6 = new byte[16];
        this.f5199a.processBlock(this.k, 0, bArr6, 0);
        GCMUtil.xor(bArr6, this.n);
        int i4 = i2;
        this.m = new byte[this.f];
        System.arraycopy(bArr6, 0, this.m, 0, this.f);
        if (this.d) {
            System.arraycopy(this.m, 0, bArr, i + this.s, this.f);
            i4 += this.f;
        } else {
            byte[] bArr7 = new byte[this.f];
            System.arraycopy(this.l, i2, bArr7, 0, this.f);
            if (!Arrays.constantTimeAreEqual(this.m, bArr7)) {
                throw new InvalidCipherTextException("mac check in GCM failed");
            }
        }
        a(false);
        return i4;
    }

    @Override // org.bouncycastle.crypto.modes.AEADBlockCipher
    public void reset() {
        a(true);
    }

    private void a(boolean z) {
        this.f5199a.reset();
        this.n = new byte[16];
        this.o = new byte[16];
        this.p = new byte[16];
        this.u = new byte[16];
        this.v = 0;
        this.w = 0L;
        this.x = 0L;
        this.q = Arrays.clone(this.k);
        this.r = -2;
        this.s = 0;
        this.t = 0L;
        if (this.l != null) {
            Arrays.fill(this.l, (byte) 0);
        }
        if (z) {
            this.m = null;
        }
        if (this.d) {
            this.e = false;
        } else if (this.i != null) {
            processAADBytes(this.i, 0, this.i.length);
        }
    }

    private void a(byte[] bArr, int i, byte[] bArr2, int i2) {
        if (bArr2.length - i2 < 16) {
            throw new OutputLengthException("Output buffer too short");
        }
        if (this.t == 0) {
            a();
        }
        byte[] bArr3 = new byte[16];
        a(bArr3);
        if (this.d) {
            GCMUtil.xor(bArr3, bArr, i);
            a(this.n, bArr3);
            System.arraycopy(bArr3, 0, bArr2, i2, 16);
        } else {
            b(this.n, bArr, i);
            GCMUtil.xor(bArr3, 0, bArr, i, bArr2, i2);
        }
        this.t += 16;
    }

    private void a(byte[] bArr, byte[] bArr2, int i) {
        for (int i2 = 0; i2 < i; i2 += 16) {
            a(bArr, bArr2, i2, Math.min(i - i2, 16));
        }
    }

    private void a(byte[] bArr, byte[] bArr2) {
        GCMUtil.xor(bArr, bArr2);
        this.b.multiplyH(bArr);
    }

    private void b(byte[] bArr, byte[] bArr2, int i) {
        GCMUtil.xor(bArr, bArr2, i);
        this.b.multiplyH(bArr);
    }

    private void a(byte[] bArr, byte[] bArr2, int i, int i2) {
        GCMUtil.xor(bArr, bArr2, i, i2);
        this.b.multiplyH(bArr);
    }

    private void a(byte[] bArr) {
        if (this.r == 0) {
            throw new IllegalStateException("Attempt to process too many blocks");
        }
        this.r--;
        int i = 1 + (this.q[15] & 255);
        this.q[15] = (byte) i;
        int i2 = (i >>> 8) + (this.q[14] & 255);
        this.q[14] = (byte) i2;
        int i3 = (i2 >>> 8) + (this.q[13] & 255);
        this.q[13] = (byte) i3;
        this.q[12] = (byte) ((i3 >>> 8) + (this.q[12] & 255));
        this.f5199a.processBlock(this.q, 0, bArr, 0);
    }

    private void b() {
        if (this.e) {
            return;
        }
        if (!this.d) {
            throw new IllegalStateException("GCM cipher needs to be initialised");
        }
        throw new IllegalStateException("GCM cipher cannot be reused for encryption");
    }
}
