package org.bouncycastle.crypto.engines;

import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
import org.bouncycastle.crypto.modes.AEADCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Longs;
import org.bouncycastle.util.Pack;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/bundled-dependencies/bcprov-jdk18on-1.78.1.jar:org/bouncycastle/crypto/engines/AsconEngine.class
 */
/* loaded from: input_file:META-INF/bundled-dependencies/bouncy-castle-bc-3.0.10-pkg.jar:lib/bcprov-jdk18on-1.78.1.jar:org/bouncycastle/crypto/engines/AsconEngine.class */
public class AsconEngine implements AEADCipher {
    private final AsconParameters asconParameters;
    private byte[] mac;
    private byte[] initialAssociatedText;
    private final String algorithmName;
    private final int CRYPTO_KEYBYTES;
    private final int CRYPTO_ABYTES;
    private final int ASCON_AEAD_RATE;
    private final int nr;
    private long K0;
    private long K1;
    private long K2;
    private long N0;
    private long N1;
    private final long ASCON_IV;
    private long x0;
    private long x1;
    private long x2;
    private long x3;
    private long x4;
    private final int m_bufferSizeDecrypt;
    private final byte[] m_buf;
    private State m_state = State.Uninitialized;
    private int m_bufPos = 0;

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/bundled-dependencies/bcprov-jdk18on-1.78.1.jar:org/bouncycastle/crypto/engines/AsconEngine$AsconParameters.class
     */
    /* loaded from: input_file:META-INF/bundled-dependencies/bouncy-castle-bc-3.0.10-pkg.jar:lib/bcprov-jdk18on-1.78.1.jar:org/bouncycastle/crypto/engines/AsconEngine$AsconParameters.class */
    public enum AsconParameters {
        ascon80pq,
        ascon128a,
        ascon128
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/bundled-dependencies/bcprov-jdk18on-1.78.1.jar:org/bouncycastle/crypto/engines/AsconEngine$State.class
     */
    /* loaded from: input_file:META-INF/bundled-dependencies/bouncy-castle-bc-3.0.10-pkg.jar:lib/bcprov-jdk18on-1.78.1.jar:org/bouncycastle/crypto/engines/AsconEngine$State.class */
    public enum State {
        Uninitialized,
        EncInit,
        EncAad,
        EncData,
        EncFinal,
        DecInit,
        DecAad,
        DecData,
        DecFinal
    }

    public AsconEngine(AsconParameters asconParameters) {
        this.asconParameters = asconParameters;
        switch (asconParameters) {
            case ascon80pq:
                this.CRYPTO_KEYBYTES = 20;
                this.CRYPTO_ABYTES = 16;
                this.ASCON_AEAD_RATE = 8;
                this.ASCON_IV = -6899501409222262784L;
                this.algorithmName = "Ascon-80pq AEAD";
                break;
            case ascon128a:
                this.CRYPTO_KEYBYTES = 16;
                this.CRYPTO_ABYTES = 16;
                this.ASCON_AEAD_RATE = 16;
                this.ASCON_IV = -9187330011336540160L;
                this.algorithmName = "Ascon-128a AEAD";
                break;
            case ascon128:
                this.CRYPTO_KEYBYTES = 16;
                this.CRYPTO_ABYTES = 16;
                this.ASCON_AEAD_RATE = 8;
                this.ASCON_IV = -9205344418435956736L;
                this.algorithmName = "Ascon-128 AEAD";
                break;
            default:
                throw new IllegalArgumentException("invalid parameter setting for ASCON AEAD");
        }
        this.nr = this.ASCON_AEAD_RATE == 8 ? 6 : 8;
        this.m_bufferSizeDecrypt = this.ASCON_AEAD_RATE + this.CRYPTO_ABYTES;
        this.m_buf = new byte[this.m_bufferSizeDecrypt];
    }

    private long PAD(int i) {
        return 128 << (56 - (i << 3));
    }

    private void ROUND(long j) {
        long j2 = ((((this.x0 ^ this.x1) ^ this.x2) ^ this.x3) ^ j) ^ (this.x1 & (((this.x0 ^ this.x2) ^ this.x4) ^ j));
        long j3 = ((((this.x0 ^ this.x2) ^ this.x3) ^ this.x4) ^ j) ^ (((this.x1 ^ this.x2) ^ j) & (this.x1 ^ this.x3));
        long j4 = (((this.x1 ^ this.x2) ^ this.x4) ^ j) ^ (this.x3 & this.x4);
        long j5 = (((this.x0 ^ this.x1) ^ this.x2) ^ j) ^ ((this.x0 ^ (-1)) & (this.x3 ^ this.x4));
        long j6 = ((this.x1 ^ this.x3) ^ this.x4) ^ ((this.x0 ^ this.x4) & this.x1);
        this.x0 = (j2 ^ Longs.rotateRight(j2, 19)) ^ Longs.rotateRight(j2, 28);
        this.x1 = (j3 ^ Longs.rotateRight(j3, 39)) ^ Longs.rotateRight(j3, 61);
        this.x2 = ((j4 ^ Longs.rotateRight(j4, 1)) ^ Longs.rotateRight(j4, 6)) ^ (-1);
        this.x3 = (j5 ^ Longs.rotateRight(j5, 10)) ^ Longs.rotateRight(j5, 17);
        this.x4 = (j6 ^ Longs.rotateRight(j6, 7)) ^ Longs.rotateRight(j6, 41);
    }

    private void P(int i) {
        if (i >= 8) {
            if (i == 12) {
                ROUND(240L);
                ROUND(225L);
                ROUND(210L);
                ROUND(195L);
            }
            ROUND(180L);
            ROUND(165L);
        }
        ROUND(150L);
        ROUND(135L);
        ROUND(120L);
        ROUND(105L);
        ROUND(90L);
        ROUND(75L);
    }

    private void ascon_aeadinit() {
        this.x0 = this.ASCON_IV;
        if (this.CRYPTO_KEYBYTES == 20) {
            this.x0 ^= this.K0;
        }
        this.x1 = this.K1;
        this.x2 = this.K2;
        this.x3 = this.N0;
        this.x4 = this.N1;
        P(12);
        if (this.CRYPTO_KEYBYTES == 20) {
            this.x2 ^= this.K0;
        }
        this.x3 ^= this.K1;
        this.x4 ^= this.K2;
    }

    private void checkAAD() {
        switch (this.m_state) {
            case DecInit:
                this.m_state = State.DecAad;
                return;
            case EncInit:
                this.m_state = State.EncAad;
                return;
            case DecAad:
            case EncAad:
                return;
            case EncFinal:
                throw new IllegalStateException(getAlgorithmName() + " cannot be reused for encryption");
            default:
                throw new IllegalStateException(getAlgorithmName() + " needs to be initialized");
        }
    }

    private boolean checkData() {
        switch (this.m_state) {
            case DecInit:
            case DecAad:
                finishAAD(State.DecData);
                return false;
            case EncInit:
            case EncAad:
                finishAAD(State.EncData);
                return true;
            case EncFinal:
                throw new IllegalStateException(getAlgorithmName() + " cannot be reused for encryption");
            case DecData:
                return false;
            case EncData:
                return true;
            default:
                throw new IllegalStateException(getAlgorithmName() + " needs to be initialized");
        }
    }

    private void processBufferAAD(byte[] bArr, int i) {
        this.x0 ^= Pack.bigEndianToLong(bArr, i);
        if (this.ASCON_AEAD_RATE == 16) {
            this.x1 ^= Pack.bigEndianToLong(bArr, 8 + i);
        }
        P(this.nr);
    }

    private void finishAAD(State state) {
        switch (this.m_state) {
            case DecAad:
            case EncAad:
                this.m_buf[this.m_bufPos] = Byte.MIN_VALUE;
                if (this.m_bufPos >= 8) {
                    this.x0 ^= Pack.bigEndianToLong(this.m_buf, 0);
                    this.x1 ^= Pack.bigEndianToLong(this.m_buf, 8) & ((-1) << (56 - ((this.m_bufPos - 8) << 3)));
                } else {
                    this.x0 ^= Pack.bigEndianToLong(this.m_buf, 0) & ((-1) << (56 - (this.m_bufPos << 3)));
                }
                P(this.nr);
                break;
        }
        this.x4 ^= 1;
        this.m_bufPos = 0;
        this.m_state = state;
    }

    private void processBufferDecrypt(byte[] bArr, int i, byte[] bArr2, int i2) {
        if (i2 + this.ASCON_AEAD_RATE > bArr2.length) {
            throw new OutputLengthException("output buffer too short");
        }
        long bigEndianToLong = Pack.bigEndianToLong(bArr, i);
        Pack.longToBigEndian(this.x0 ^ bigEndianToLong, bArr2, i2);
        this.x0 = bigEndianToLong;
        if (this.ASCON_AEAD_RATE == 16) {
            long bigEndianToLong2 = Pack.bigEndianToLong(bArr, i + 8);
            Pack.longToBigEndian(this.x1 ^ bigEndianToLong2, bArr2, i2 + 8);
            this.x1 = bigEndianToLong2;
        }
        P(this.nr);
    }

    private void processBufferEncrypt(byte[] bArr, int i, byte[] bArr2, int i2) {
        if (i2 + this.ASCON_AEAD_RATE > bArr2.length) {
            throw new OutputLengthException("output buffer too short");
        }
        this.x0 ^= Pack.bigEndianToLong(bArr, i);
        Pack.longToBigEndian(this.x0, bArr2, i2);
        if (this.ASCON_AEAD_RATE == 16) {
            this.x1 ^= Pack.bigEndianToLong(bArr, i + 8);
            Pack.longToBigEndian(this.x1, bArr2, i2 + 8);
        }
        P(this.nr);
    }

    private void processFinalDecrypt(byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        if (i2 >= 8) {
            long bigEndianToLong = Pack.bigEndianToLong(bArr, i);
            this.x0 ^= bigEndianToLong;
            Pack.longToBigEndian(this.x0, bArr2, i3);
            this.x0 = bigEndianToLong;
            int i4 = i + 8;
            int i5 = i3 + 8;
            int i6 = i2 - 8;
            this.x1 ^= PAD(i6);
            if (i6 != 0) {
                long littleEndianToLong_High = Pack.littleEndianToLong_High(bArr, i4, i6);
                this.x1 ^= littleEndianToLong_High;
                Pack.longToLittleEndian_High(this.x1, bArr2, i5, i6);
                this.x1 &= (-1) >>> (i6 << 3);
                this.x1 ^= littleEndianToLong_High;
            }
        } else {
            this.x0 ^= PAD(i2);
            if (i2 != 0) {
                long littleEndianToLong_High2 = Pack.littleEndianToLong_High(bArr, i, i2);
                this.x0 ^= littleEndianToLong_High2;
                Pack.longToLittleEndian_High(this.x0, bArr2, i3, i2);
                this.x0 &= (-1) >>> (i2 << 3);
                this.x0 ^= littleEndianToLong_High2;
            }
        }
        finishData(State.DecFinal);
    }

    private void processFinalEncrypt(byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        if (i2 >= 8) {
            this.x0 ^= Pack.bigEndianToLong(bArr, i);
            Pack.longToBigEndian(this.x0, bArr2, i3);
            int i4 = i + 8;
            int i5 = i3 + 8;
            int i6 = i2 - 8;
            this.x1 ^= PAD(i6);
            if (i6 != 0) {
                this.x1 ^= Pack.littleEndianToLong_High(bArr, i4, i6);
                Pack.longToLittleEndian_High(this.x1, bArr2, i5, i6);
            }
        } else {
            this.x0 ^= PAD(i2);
            if (i2 != 0) {
                this.x0 ^= Pack.littleEndianToLong_High(bArr, i, i2);
                Pack.longToLittleEndian_High(this.x0, bArr2, i3, i2);
            }
        }
        finishData(State.EncFinal);
    }

    private void finishData(State state) {
        switch (this.asconParameters) {
            case ascon80pq:
                this.x1 ^= (this.K0 << 32) | (this.K1 >> 32);
                this.x2 ^= (this.K1 << 32) | (this.K2 >> 32);
                this.x3 ^= this.K2 << 32;
                break;
            case ascon128a:
                this.x2 ^= this.K1;
                this.x3 ^= this.K2;
                break;
            case ascon128:
                this.x1 ^= this.K1;
                this.x2 ^= this.K2;
                break;
            default:
                throw new IllegalStateException();
        }
        P(12);
        this.x3 ^= this.K1;
        this.x4 ^= this.K2;
        this.m_state = state;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z, CipherParameters cipherParameters) throws IllegalArgumentException {
        KeyParameter keyParameter;
        byte[] iv;
        if (cipherParameters instanceof AEADParameters) {
            AEADParameters aEADParameters = (AEADParameters) cipherParameters;
            keyParameter = aEADParameters.getKey();
            iv = aEADParameters.getNonce();
            this.initialAssociatedText = aEADParameters.getAssociatedText();
            int macSize = aEADParameters.getMacSize();
            if (macSize != this.CRYPTO_ABYTES * 8) {
                throw new IllegalArgumentException("Invalid value for MAC size: " + macSize);
            }
        } else {
            if (!(cipherParameters instanceof ParametersWithIV)) {
                throw new IllegalArgumentException("invalid parameters passed to Ascon");
            }
            ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
            keyParameter = (KeyParameter) parametersWithIV.getParameters();
            iv = parametersWithIV.getIV();
            this.initialAssociatedText = null;
        }
        if (keyParameter == null) {
            throw new IllegalArgumentException("Ascon Init parameters must include a key");
        }
        if (iv == null || iv.length != this.CRYPTO_ABYTES) {
            throw new IllegalArgumentException(this.asconParameters + " requires exactly " + this.CRYPTO_ABYTES + " bytes of IV");
        }
        byte[] key = keyParameter.getKey();
        if (key.length != this.CRYPTO_KEYBYTES) {
            throw new IllegalArgumentException(this.asconParameters + " key must be " + this.CRYPTO_KEYBYTES + " bytes long");
        }
        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties(getAlgorithmName(), 128, cipherParameters, Utils.getPurpose(z)));
        this.N0 = Pack.bigEndianToLong(iv, 0);
        this.N1 = Pack.bigEndianToLong(iv, 8);
        if (this.CRYPTO_KEYBYTES == 16) {
            this.K1 = Pack.bigEndianToLong(key, 0);
            this.K2 = Pack.bigEndianToLong(key, 8);
        } else {
            if (this.CRYPTO_KEYBYTES != 20) {
                throw new IllegalStateException();
            }
            this.K0 = Pack.bigEndianToInt(key, 0);
            this.K1 = Pack.bigEndianToLong(key, 4);
            this.K2 = Pack.bigEndianToLong(key, 12);
        }
        this.m_state = z ? State.EncInit : State.DecInit;
        reset(true);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return this.algorithmName;
    }

    public String getAlgorithmVersion() {
        return "v1.2";
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADByte(byte b) {
        checkAAD();
        this.m_buf[this.m_bufPos] = b;
        int i = this.m_bufPos + 1;
        this.m_bufPos = i;
        if (i == this.ASCON_AEAD_RATE) {
            processBufferAAD(this.m_buf, 0);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i, int i2) {
        if (i + i2 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        if (i2 <= 0) {
            return;
        }
        checkAAD();
        if (this.m_bufPos > 0) {
            int i3 = this.ASCON_AEAD_RATE - this.m_bufPos;
            if (i2 < i3) {
                System.arraycopy(bArr, i, this.m_buf, this.m_bufPos, i2);
                this.m_bufPos += i2;
                return;
            } else {
                System.arraycopy(bArr, i, this.m_buf, this.m_bufPos, i3);
                i += i3;
                i2 -= i3;
                processBufferAAD(this.m_buf, 0);
            }
        }
        while (i2 >= this.ASCON_AEAD_RATE) {
            processBufferAAD(bArr, i);
            i += this.ASCON_AEAD_RATE;
            i2 -= this.ASCON_AEAD_RATE;
        }
        System.arraycopy(bArr, i, this.m_buf, 0, i2);
        this.m_bufPos = i2;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b, byte[] bArr, int i) throws DataLengthException {
        return processBytes(new byte[]{b}, 0, 1, bArr, i);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws DataLengthException {
        if (i + i2 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        int i4 = 0;
        if (!checkData()) {
            int i5 = this.m_bufferSizeDecrypt - this.m_bufPos;
            if (i2 < i5) {
                System.arraycopy(bArr, i, this.m_buf, this.m_bufPos, i2);
                this.m_bufPos += i2;
                return 0;
            }
            while (this.m_bufPos >= this.ASCON_AEAD_RATE) {
                processBufferDecrypt(this.m_buf, 0, bArr2, i3 + i4);
                this.m_bufPos -= this.ASCON_AEAD_RATE;
                System.arraycopy(this.m_buf, this.ASCON_AEAD_RATE, this.m_buf, 0, this.m_bufPos);
                i4 += this.ASCON_AEAD_RATE;
                i5 += this.ASCON_AEAD_RATE;
                if (i2 < i5) {
                    System.arraycopy(bArr, i, this.m_buf, this.m_bufPos, i2);
                    this.m_bufPos += i2;
                    return i4;
                }
            }
            int i6 = this.ASCON_AEAD_RATE - this.m_bufPos;
            System.arraycopy(bArr, i, this.m_buf, this.m_bufPos, i6);
            i += i6;
            i2 -= i6;
            processBufferDecrypt(this.m_buf, 0, bArr2, i3 + i4);
            int i7 = i4;
            int i8 = this.ASCON_AEAD_RATE;
            while (true) {
                i4 = i7 + i8;
                if (i2 < this.m_bufferSizeDecrypt) {
                    break;
                }
                processBufferDecrypt(bArr, i, bArr2, i3 + i4);
                i += this.ASCON_AEAD_RATE;
                i2 -= this.ASCON_AEAD_RATE;
                i7 = i4;
                i8 = this.ASCON_AEAD_RATE;
            }
        } else {
            if (this.m_bufPos > 0) {
                int i9 = this.ASCON_AEAD_RATE - this.m_bufPos;
                if (i2 < i9) {
                    System.arraycopy(bArr, i, this.m_buf, this.m_bufPos, i2);
                    this.m_bufPos += i2;
                    return 0;
                }
                System.arraycopy(bArr, i, this.m_buf, this.m_bufPos, i9);
                i += i9;
                i2 -= i9;
                processBufferEncrypt(this.m_buf, 0, bArr2, i3);
                i4 = this.ASCON_AEAD_RATE;
            }
            while (i2 >= this.ASCON_AEAD_RATE) {
                processBufferEncrypt(bArr, i, bArr2, i3 + i4);
                i += this.ASCON_AEAD_RATE;
                i2 -= this.ASCON_AEAD_RATE;
                i4 += this.ASCON_AEAD_RATE;
            }
        }
        System.arraycopy(bArr, i, this.m_buf, 0, i2);
        this.m_bufPos = i2;
        return i4;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int doFinal(byte[] bArr, int i) throws IllegalStateException, InvalidCipherTextException, DataLengthException {
        int i2;
        if (checkData()) {
            i2 = this.m_bufPos + this.CRYPTO_ABYTES;
            if (i + i2 > bArr.length) {
                throw new OutputLengthException("output buffer too short");
            }
            processFinalEncrypt(this.m_buf, 0, this.m_bufPos, bArr, i);
            this.mac = new byte[this.CRYPTO_ABYTES];
            Pack.longToBigEndian(this.x3, this.mac, 0);
            Pack.longToBigEndian(this.x4, this.mac, 8);
            System.arraycopy(this.mac, 0, bArr, i + this.m_bufPos, this.CRYPTO_ABYTES);
            reset(false);
        } else {
            if (this.m_bufPos < this.CRYPTO_ABYTES) {
                throw new InvalidCipherTextException("data too short");
            }
            this.m_bufPos -= this.CRYPTO_ABYTES;
            i2 = this.m_bufPos;
            if (i + i2 > bArr.length) {
                throw new OutputLengthException("output buffer too short");
            }
            processFinalDecrypt(this.m_buf, 0, this.m_bufPos, bArr, i);
            this.x3 ^= Pack.bigEndianToLong(this.m_buf, this.m_bufPos);
            this.x4 ^= Pack.bigEndianToLong(this.m_buf, this.m_bufPos + 8);
            if ((this.x3 | this.x4) != 0) {
                throw new InvalidCipherTextException("mac check in " + getAlgorithmName() + " failed");
            }
            reset(true);
        }
        return i2;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        return this.mac;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i) {
        int max = Math.max(0, i);
        switch (this.m_state) {
            case DecInit:
            case DecAad:
                max = Math.max(0, max - this.CRYPTO_ABYTES);
                break;
            case EncFinal:
            case EncData:
                max += this.m_bufPos;
                break;
            case DecData:
            case DecFinal:
                max = Math.max(0, (max + this.m_bufPos) - this.CRYPTO_ABYTES);
                break;
        }
        return max - (max % this.ASCON_AEAD_RATE);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i) {
        int max = Math.max(0, i);
        switch (this.m_state) {
            case DecInit:
            case DecAad:
                return Math.max(0, max - this.CRYPTO_ABYTES);
            case EncInit:
            case EncAad:
            default:
                return max + this.CRYPTO_ABYTES;
            case EncFinal:
            case EncData:
                return max + this.m_bufPos + this.CRYPTO_ABYTES;
            case DecData:
            case DecFinal:
                return Math.max(0, (max + this.m_bufPos) - this.CRYPTO_ABYTES);
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void reset() {
        reset(true);
    }

    private void reset(boolean z) {
        if (z) {
            this.mac = null;
        }
        Arrays.clear(this.m_buf);
        this.m_bufPos = 0;
        switch (this.m_state) {
            case DecInit:
            case EncInit:
                break;
            case DecAad:
            case DecData:
            case DecFinal:
                this.m_state = State.DecInit;
                break;
            case EncAad:
            case EncFinal:
            case EncData:
                this.m_state = State.EncFinal;
                return;
            default:
                throw new IllegalStateException(getAlgorithmName() + " needs to be initialized");
        }
        ascon_aeadinit();
        if (this.initialAssociatedText != null) {
            processAADBytes(this.initialAssociatedText, 0, this.initialAssociatedText.length);
        }
    }

    public int getKeyBytesSize() {
        return this.CRYPTO_KEYBYTES;
    }

    public int getIVBytesSize() {
        return this.CRYPTO_ABYTES;
    }
}
