package org.bouncycastle.crypto.modes;

import javax.security.auth.DestroyFailedException;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.ExceptionMessages;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.NativeServices;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.PacketCipherException;
import org.bouncycastle.crypto.engines.AESNativeGCMPacketCipher;
import org.bouncycastle.crypto.engines.AESPacketCipher;
import org.bouncycastle.crypto.modes.gcm.GCMUtil;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: input_file:bcprov-lts8on-2.73.6.jar:org/bouncycastle/crypto/modes/AESGCMPacketCipher.class */
public class AESGCMPacketCipher implements AESGCMModePacketCipher {
    private boolean destroyed = false;
    private byte[] lastIV;
    private byte[] lastKey;
    private static final byte[] deadKeyInstance = new byte[0];

    public static AESGCMModePacketCipher newInstance() {
        return CryptoServicesRegistrar.hasEnabledService(NativeServices.AES_GCM_PC) ? new AESNativeGCMPacketCipher() : new AESGCMPacketCipher();
    }

    @Override // org.bouncycastle.crypto.PacketCipher
    public int getOutputSize(boolean z, CipherParameters cipherParameters, int i) {
        if (i < 0) {
            throw new IllegalArgumentException(ExceptionMessages.LEN_NEGATIVE);
        }
        int checkParameters = checkParameters(cipherParameters);
        if (z) {
            return PacketCipherChecks.addCheckInputOverflow(i, checkParameters);
        }
        if (i < checkParameters) {
            throw new OutputLengthException(ExceptionMessages.OUTPUT_LENGTH);
        }
        return i - checkParameters;
    }

    @Override // org.bouncycastle.crypto.PacketCipher
    public int processPacket(boolean z, CipherParameters cipherParameters, byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws PacketCipherException {
        byte[] clone;
        byte[] bArr3;
        int i4;
        byte[] bArr4;
        long j;
        PacketCipherChecks.checkBoundsInput(bArr, i, i2, bArr2, i3);
        long[][] jArr = new long[256][2];
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            clone = aEADParameters.getNonce();
            bArr3 = aEADParameters.getAssociatedText();
            int macSize = aEADParameters.getMacSize();
            if (macSize < 32 || macSize > 128 || (macSize & 7) != 0) {
                throw PacketCipherException.from(new IllegalArgumentException(ExceptionMessages.GCM_INVALID_MAC_SIZE + macSize));
            }
            i4 = macSize >> 3;
            if (aEADParameters.getKey() != null) {
                PacketCipherChecks.checkKeyLength(aEADParameters.getKey().getKeyLength());
                bArr4 = Arrays.clone(aEADParameters.getKey().getKey());
            } else {
                bArr4 = null;
            }
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw PacketCipherException.from(new IllegalArgumentException(ExceptionMessages.GCM_INVALID_PARAMETER));
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            clone = Arrays.clone(parametersWithIV.getIV());
            bArr3 = null;
            i4 = 16;
            if (parametersWithIV.getParameters() != null) {
                PacketCipherChecks.checkKeyLength(((KeyParameter) parametersWithIV.getParameters()).getKeyLength());
                bArr4 = Arrays.clone(((KeyParameter) parametersWithIV.getParameters()).getKey());
            } else {
                bArr4 = null;
            }
        }
        if (clone.length < 12) {
            PacketCipherException.from(new IllegalArgumentException(ExceptionMessages.GCM_IV_TOO_SHORT));
        }
        if (z && this.lastIV != null && Arrays.areEqual(this.lastIV, clone)) {
            if (bArr4 == null) {
                throw PacketCipherException.from(new IllegalArgumentException("cannot reuse nonce for GCM encryption"));
            }
            if (this.lastKey != null && Arrays.areEqual(this.lastKey, bArr4)) {
                throw PacketCipherException.from(new IllegalArgumentException("cannot reuse nonce for GCM encryption"));
            }
        }
        byte[] clone2 = bArr4 != null ? bArr4 : Arrays.clone(this.lastKey);
        this.lastIV = Arrays.clone(clone);
        this.lastKey = Arrays.clone(clone2);
        int i5 = z ? i2 : i2 - i4;
        long j2 = i5;
        int i6 = z ? i2 + i4 : i2 - i4;
        PacketCipherChecks.checkInputAndOutputAEAD(z, bArr, i, i2, bArr2, i3, i4);
        byte[] createS = AESPacketCipher.createS(true);
        int[][] generateWorkingKey = AESPacketCipher.generateWorkingKey(true, clone2);
        byte[] bArr5 = new byte[16];
        AESPacketCipher.processBlock(true, generateWorkingKey, createS, bArr5, 0, bArr5, 0);
        initMultiplier(jArr, bArr5);
        byte[] bArr6 = new byte[16];
        if (clone.length == 12) {
            System.arraycopy(clone, 0, bArr6, 0, clone.length);
            bArr6[bArr6.length - 1] = 1;
        } else {
            gHASH(bArr6, clone, clone.length, jArr);
            byte[] bArr7 = new byte[16];
            Pack.longToBigEndian(clone.length * 8, bArr7, 8);
            gHASHBlock(bArr6, bArr7, jArr);
        }
        byte[] bArr8 = new byte[16];
        if (bArr3 != null) {
            j = bArr3.length;
            int length = bArr3.length;
            int i7 = 0;
            while (length > bArr8.length) {
                gHASHBlock(bArr8, bArr3, i7, jArr);
                i7 += bArr8.length;
                length -= bArr8.length;
            }
            gHASHPartial(bArr8, bArr3, i7, length, jArr);
        } else {
            j = 0;
        }
        byte[] clone3 = Arrays.clone(bArr6);
        int i8 = -2;
        byte[] bArr9 = new byte[16];
        while (i5 > 16) {
            i8 = assertBlocksRemaining(i8);
            getNextCtrBlock(clone3);
            AESPacketCipher.processBlock(true, generateWorkingKey, createS, clone3, 0, bArr9, 0);
            GCMUtil.xor(bArr9, bArr, i);
            if (z) {
                gHASHBlock(bArr8, bArr9, jArr);
            } else {
                gHASHBlock(bArr8, bArr, i, jArr);
            }
            System.arraycopy(bArr9, 0, bArr2, i3, 16);
            i5 -= 16;
            i3 += 16;
            i += 16;
        }
        assertBlocksRemaining(i8);
        getNextCtrBlock(clone3);
        AESPacketCipher.processBlock(true, generateWorkingKey, createS, clone3, 0, bArr9, 0);
        if (z) {
            GCMUtil.xor(bArr9, 0, bArr, i, i5);
            gHASHPartial(bArr8, bArr9, 0, i5, jArr);
        } else {
            gHASHPartial(bArr8, bArr, i, i5, jArr);
            GCMUtil.xor(bArr9, 0, bArr, i, i5);
        }
        int i9 = i + i5;
        System.arraycopy(bArr9, 0, bArr2, i3, i5);
        int i10 = i3 + i5;
        byte[] bArr10 = new byte[16];
        Pack.longToBigEndian(j * 8, bArr10, 0);
        Pack.longToBigEndian(j2 * 8, bArr10, 8);
        gHASHBlock(bArr8, bArr10, jArr);
        byte[] bArr11 = new byte[16];
        AESPacketCipher.processBlock(true, generateWorkingKey, createS, bArr6, 0, bArr11, 0);
        GCMUtil.xor(bArr11, bArr8);
        if (z) {
            System.arraycopy(bArr11, 0, bArr2, i10, i4);
        } else if (!Arrays.constantTimeAreEqual(i4, bArr11, 0, bArr, i9)) {
            Arrays.clear(bArr2, i3, (int) j2);
            throw PacketCipherException.from(new InvalidCipherTextException("mac check in GCM failed"));
        }
        Arrays.clear(clone);
        Arrays.clear(bArr8);
        Arrays.clear(bArr6);
        Arrays.clear(bArr10);
        Arrays.clear(bArr5);
        Arrays.clear(jArr);
        Arrays.clear(generateWorkingKey);
        Arrays.clear(clone2);
        return i6;
    }

    private int assertBlocksRemaining(int i) throws PacketCipherException {
        if (i == 0) {
            throw PacketCipherException.from(new IllegalStateException("Attempt to process too many blocks"));
        }
        return i - 1;
    }

    private static void getNextCtrBlock(byte[] bArr) {
        int i = 1 + (bArr[15] & 255);
        bArr[15] = (byte) i;
        int i2 = (i >>> 8) + (bArr[14] & 255);
        bArr[14] = (byte) i2;
        int i3 = (i2 >>> 8) + (bArr[13] & 255);
        bArr[13] = (byte) i3;
        bArr[12] = (byte) ((i3 >>> 8) + (bArr[12] & 255));
    }

    private static void gHASH(byte[] bArr, byte[] bArr2, int i, long[][] jArr) {
        for (int i2 = 0; i2 < i; i2 += 16) {
            gHASHPartial(bArr, bArr2, i2, Math.min(i - i2, 16), jArr);
        }
    }

    private static void gHASHBlock(byte[] bArr, byte[] bArr2, long[][] jArr) {
        GCMUtil.xor(bArr, bArr2);
        multiplyH(bArr, jArr);
    }

    private static void gHASHBlock(byte[] bArr, byte[] bArr2, int i, long[][] jArr) {
        GCMUtil.xor(bArr, bArr2, i);
        multiplyH(bArr, jArr);
    }

    private static void gHASHPartial(byte[] bArr, byte[] bArr2, int i, int i2, long[][] jArr) {
        GCMUtil.xor(bArr, bArr2, i, i2);
        multiplyH(bArr, jArr);
    }

    private static void multiplyH(byte[] bArr, long[][] jArr) {
        long[] jArr2 = jArr[bArr[15] & 255];
        long j = jArr2[0];
        long j2 = jArr2[1];
        for (int i = 14; i >= 0; i--) {
            long[] jArr3 = jArr[bArr[i] & 255];
            long j3 = j2 << 56;
            j2 = jArr3[1] ^ ((j2 >>> 8) | (j << 56));
            j = ((((jArr3[0] ^ (j >>> 8)) ^ j3) ^ (j3 >>> 1)) ^ (j3 >>> 2)) ^ (j3 >>> 7);
        }
        Pack.longToBigEndian(j, bArr, 0);
        Pack.longToBigEndian(j2, bArr, 8);
    }

    protected static void initMultiplier(long[][] jArr, byte[] bArr) {
        GCMUtil.asLongs(bArr, jArr[1]);
        GCMUtil.multiplyP7(jArr[1], jArr[1]);
        for (int i = 2; i < 256; i += 2) {
            GCMUtil.divideP(jArr[i >> 1], jArr[i]);
            GCMUtil.xor(jArr[i], jArr[1], jArr[i + 1]);
        }
    }

    public String toString() {
        return "GCM-PS[Java](AES[Java])";
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        this.destroyed = true;
        Arrays.clear(this.lastKey);
        Arrays.clear(this.lastIV);
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }
}
