package org.bouncycastle.crypto.digests;

import java.io.ByteArrayOutputStream;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: input_file:BOOT-INF/lib/bcprov-jdk18on-1.76.jar:org/bouncycastle/crypto/digests/XoodyakDigest.class */
public class XoodyakDigest implements Digest {
    private int phase;
    private MODE mode;
    private int Rabsorb;
    private final int f_bPrime = 48;
    private final int Rhash = 16;
    private final int PhaseDown = 1;
    private final int PhaseUp = 2;
    private final int NLANES = 12;
    private final int NROWS = 3;
    private final int NCOLUMS = 4;
    private final int MAXROUNDS = 12;
    private final int TAGLEN = 16;
    private final int[] RC = {88, 56, 960, 208, 288, 20, 96, 44, 896, 240, 416, 18};
    private final ByteArrayOutputStream buffer = new ByteArrayOutputStream();
    private byte[] state = new byte[48];

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/bcprov-jdk18on-1.76.jar:org/bouncycastle/crypto/digests/XoodyakDigest$MODE.class */
    public enum MODE {
        ModeHash,
        ModeKeyed
    }

    public XoodyakDigest() {
        reset();
    }

    @Override // org.bouncycastle.crypto.Digest
    public String getAlgorithmName() {
        return "Xoodyak Hash";
    }

    @Override // org.bouncycastle.crypto.Digest
    public int getDigestSize() {
        return 32;
    }

    @Override // org.bouncycastle.crypto.Digest
    public void update(byte b) {
        this.buffer.write(b);
    }

    @Override // org.bouncycastle.crypto.Digest
    public void update(byte[] bArr, int i, int i2) {
        if (i + i2 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        this.buffer.write(bArr, i, i2);
    }

    @Override // org.bouncycastle.crypto.Digest
    public int doFinal(byte[] bArr, int i) {
        if (32 + i > bArr.length) {
            throw new OutputLengthException("output buffer is too short");
        }
        byte[] byteArray = this.buffer.toByteArray();
        int i2 = 0;
        int size = this.buffer.size();
        int i3 = 3;
        do {
            if (this.phase != 2) {
                Up(null, 0, 0, 0);
            }
            int min = Math.min(size, this.Rabsorb);
            Down(byteArray, i2, min, i3);
            i3 = 0;
            i2 += min;
            size -= min;
        } while (size != 0);
        Up(bArr, i, 16, 64);
        Down(null, 0, 0, 0);
        Up(bArr, i + 16, 16, 0);
        return 32;
    }

    @Override // org.bouncycastle.crypto.Digest
    public void reset() {
        Arrays.fill(this.state, (byte) 0);
        this.phase = 2;
        this.mode = MODE.ModeHash;
        this.Rabsorb = 16;
        this.buffer.reset();
    }

    private void Up(byte[] bArr, int i, int i2, int i3) {
        if (this.mode != MODE.ModeHash) {
            byte[] bArr2 = this.state;
            bArr2[47] = (byte) (bArr2[47] ^ i3);
        }
        int[] iArr = new int[12];
        Pack.littleEndianToInt(this.state, 0, iArr, 0, iArr.length);
        int[] iArr2 = new int[12];
        int[] iArr3 = new int[4];
        int[] iArr4 = new int[4];
        for (int i4 = 0; i4 < 12; i4++) {
            for (int i5 = 0; i5 < 4; i5++) {
                iArr3[i5] = (iArr[index(i5, 0)] ^ iArr[index(i5, 1)]) ^ iArr[index(i5, 2)];
            }
            for (int i6 = 0; i6 < 4; i6++) {
                int i7 = iArr3[(i6 + 3) & 3];
                iArr4[i6] = ROTL32(i7, 5) ^ ROTL32(i7, 14);
            }
            for (int i8 = 0; i8 < 4; i8++) {
                for (int i9 = 0; i9 < 3; i9++) {
                    int index = index(i8, i9);
                    iArr[index] = iArr[index] ^ iArr4[i8];
                }
            }
            for (int i10 = 0; i10 < 4; i10++) {
                iArr2[index(i10, 0)] = iArr[index(i10, 0)];
                iArr2[index(i10, 1)] = iArr[index(i10 + 3, 1)];
                iArr2[index(i10, 2)] = ROTL32(iArr[index(i10, 2)], 11);
            }
            iArr2[0] = iArr2[0] ^ this.RC[i4];
            for (int i11 = 0; i11 < 4; i11++) {
                for (int i12 = 0; i12 < 3; i12++) {
                    iArr[index(i11, i12)] = iArr2[index(i11, i12)] ^ ((iArr2[index(i11, i12 + 1)] ^ (-1)) & iArr2[index(i11, i12 + 2)]);
                }
            }
            for (int i13 = 0; i13 < 4; i13++) {
                iArr2[index(i13, 0)] = iArr[index(i13, 0)];
                iArr2[index(i13, 1)] = ROTL32(iArr[index(i13, 1)], 1);
                iArr2[index(i13, 2)] = ROTL32(iArr[index(i13 + 2, 2)], 8);
            }
            System.arraycopy(iArr2, 0, iArr, 0, 12);
        }
        Pack.intToLittleEndian(iArr, 0, iArr.length, this.state, 0);
        this.phase = 2;
        if (bArr != null) {
            System.arraycopy(this.state, 0, bArr, i, i2);
        }
    }

    void Down(byte[] bArr, int i, int i2, int i3) {
        for (int i4 = 0; i4 < i2; i4++) {
            byte[] bArr2 = this.state;
            int i5 = i4;
            int i6 = i;
            i++;
            bArr2[i5] = (byte) (bArr2[i5] ^ bArr[i6]);
        }
        byte[] bArr3 = this.state;
        bArr3[i2] = (byte) (bArr3[i2] ^ 1);
        byte[] bArr4 = this.state;
        bArr4[47] = (byte) (bArr4[47] ^ (this.mode == MODE.ModeHash ? i3 & 1 : i3));
        this.phase = 1;
    }

    private int index(int i, int i2) {
        return ((i2 % 3) * 4) + (i % 4);
    }

    private int ROTL32(int i, int i2) {
        return (i << (i2 & 31)) ^ (i >>> ((32 - i2) & 31));
    }
}
