package org.bouncycastle.crypto.engines;

import java.io.ByteArrayOutputStream;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
import org.bouncycastle.crypto.modes.AEADCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.Pack;
import org.codehaus.groovy.antlr.parser.GroovyTokenTypes;

/* loaded from: input_file:WEB-INF/detached-plugins/bouncycastle-api.hpi:WEB-INF/optional-lib/bcprov-jdk18on-1.79.jar:org/bouncycastle/crypto/engines/XoodyakEngine.class */
public class XoodyakEngine implements AEADCipher {
    private boolean forEncryption;
    private byte[] state;
    private int phase;
    private MODE mode;
    private int Rabsorb;
    private byte[] K;
    private byte[] iv;
    private byte[] tag;
    private boolean aadFinished;
    private boolean encrypted;
    private final int f_bPrime = 48;
    private final int Rkout = 24;
    private final int PhaseDown = 1;
    private final int PhaseUp = 2;
    private final int MAXROUNDS = 12;
    private final int TAGLEN = 16;
    final int Rkin = 44;
    private final int[] RC = {88, 56, 960, GroovyTokenTypes.ONE_NL, 288, 20, 96, 44, 896, 240, 416, 18};
    private boolean initialised = false;
    private final ByteArrayOutputStream aadData = new ByteArrayOutputStream();
    private final ByteArrayOutputStream message = new ByteArrayOutputStream();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/detached-plugins/bouncycastle-api.hpi:WEB-INF/optional-lib/bcprov-jdk18on-1.79.jar:org/bouncycastle/crypto/engines/XoodyakEngine$MODE.class */
    public enum MODE {
        ModeHash,
        ModeKeyed
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z, CipherParameters cipherParameters) throws IllegalArgumentException {
        this.forEncryption = z;
        if (!(cipherParameters instanceof ParametersWithIV)) {
            throw new IllegalArgumentException("Xoodyak init parameters must include an IV");
        }
        ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
        this.iv = parametersWithIV.getIV();
        if (this.iv == null || this.iv.length != 16) {
            throw new IllegalArgumentException("Xoodyak requires exactly 16 bytes of IV");
        }
        if (!(parametersWithIV.getParameters() instanceof KeyParameter)) {
            throw new IllegalArgumentException("Xoodyak init parameters must include a key");
        }
        this.K = ((KeyParameter) parametersWithIV.getParameters()).getKey();
        if (this.K.length != 16) {
            throw new IllegalArgumentException("Xoodyak key must be 128 bits long");
        }
        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties(getAlgorithmName(), 128, cipherParameters, Utils.getPurpose(z)));
        this.state = new byte[48];
        this.tag = new byte[16];
        this.initialised = true;
        reset();
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return "Xoodyak AEAD";
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADByte(byte b) {
        if (this.aadFinished) {
            throw new IllegalArgumentException("AAD cannot be added after reading a full block(" + getBlockSize() + " bytes) of input for " + (this.forEncryption ? "encryption" : "decryption"));
        }
        this.aadData.write(b);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i, int i2) {
        if (this.aadFinished) {
            throw new IllegalArgumentException("AAD cannot be added after reading a full block(" + getBlockSize() + " bytes) of input for " + (this.forEncryption ? "encryption" : "decryption"));
        }
        if (i + i2 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        this.aadData.write(bArr, i, i2);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b, byte[] bArr, int i) throws DataLengthException {
        return processBytes(new byte[]{b}, 0, 1, bArr, i);
    }

    private void processAAD() {
        if (this.aadFinished) {
            return;
        }
        byte[] byteArray = this.aadData.toByteArray();
        AbsorbAny(byteArray, 0, byteArray.length, this.Rabsorb, 3);
        this.aadFinished = true;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws DataLengthException {
        if (!this.initialised) {
            throw new IllegalArgumentException("Need call init function before encryption/decryption");
        }
        if (this.mode != MODE.ModeKeyed) {
            throw new IllegalArgumentException("Xoodyak has not been initialised");
        }
        if (i + i2 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        this.message.write(bArr, i, i2);
        int size = this.message.size() - (this.forEncryption ? 0 : 16);
        if (size < getBlockSize()) {
            return 0;
        }
        byte[] byteArray = this.message.toByteArray();
        int blockSize = (size / getBlockSize()) * getBlockSize();
        if (blockSize + i3 > bArr2.length) {
            throw new OutputLengthException("output buffer is too short");
        }
        processAAD();
        encrypt(byteArray, 0, blockSize, bArr2, i3);
        this.message.reset();
        this.message.write(byteArray, blockSize, byteArray.length - blockSize);
        return blockSize;
    }

    private int encrypt(byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        int i4 = i2;
        byte[] bArr3 = new byte[24];
        int i5 = this.encrypted ? 0 : 128;
        while (true) {
            if (i4 == 0 && this.encrypted) {
                return i2;
            }
            int min = Math.min(i4, 24);
            if (this.forEncryption) {
                System.arraycopy(bArr, i, bArr3, 0, min);
            }
            Up(null, 0, i5);
            for (int i6 = 0; i6 < min; i6++) {
                int i7 = i;
                i++;
                bArr2[i3 + i6] = (byte) (bArr[i7] ^ this.state[i6]);
            }
            if (this.forEncryption) {
                Down(bArr3, 0, min, 0);
            } else {
                Down(bArr2, i3, min, 0);
            }
            i5 = 0;
            i3 += min;
            i4 -= min;
            this.encrypted = true;
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int doFinal(byte[] bArr, int i) throws IllegalStateException, InvalidCipherTextException {
        int i2;
        if (!this.initialised) {
            throw new IllegalArgumentException("Need call init function before encryption/decryption");
        }
        byte[] byteArray = this.message.toByteArray();
        int size = this.message.size();
        if ((this.forEncryption && size + 16 + i > bArr.length) || (!this.forEncryption && (size - 16) + i > bArr.length)) {
            throw new OutputLengthException("output buffer too short");
        }
        processAAD();
        if (this.forEncryption) {
            encrypt(byteArray, 0, size, bArr, i);
            this.tag = new byte[16];
            Up(this.tag, 16, 64);
            System.arraycopy(this.tag, 0, bArr, i + size, 16);
            i2 = size + 16;
        } else {
            int i3 = size - 16;
            i2 = i3;
            encrypt(byteArray, 0, i3, bArr, i);
            this.tag = new byte[16];
            Up(this.tag, 16, 64);
            for (int i4 = 0; i4 < 16; i4++) {
                int i5 = i3;
                i3++;
                if (this.tag[i4] != byteArray[i5]) {
                    throw new IllegalArgumentException("Mac does not match");
                }
            }
        }
        reset(false);
        return i2;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        return this.tag;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i) {
        return i;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i) {
        return i + 16;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void reset() {
        if (!this.initialised) {
            throw new IllegalArgumentException("Need call init function before encryption/decryption");
        }
        reset(true);
    }

    private void reset(boolean z) {
        if (z) {
            this.tag = null;
        }
        Arrays.fill(this.state, (byte) 0);
        this.aadFinished = false;
        this.encrypted = false;
        this.phase = 2;
        this.message.reset();
        this.aadData.reset();
        int length = this.K.length;
        int length2 = this.iv.length;
        byte[] bArr = new byte[44];
        this.mode = MODE.ModeKeyed;
        this.Rabsorb = 44;
        System.arraycopy(this.K, 0, bArr, 0, length);
        System.arraycopy(this.iv, 0, bArr, length, length2);
        bArr[length + length2] = (byte) length2;
        AbsorbAny(bArr, 0, length + length2 + 1, this.Rabsorb, 2);
    }

    private void AbsorbAny(byte[] bArr, int i, int i2, int i3, int i4) {
        do {
            if (this.phase != 2) {
                Up(null, 0, 0);
            }
            int min = Math.min(i2, i3);
            Down(bArr, i, min, i4);
            i4 = 0;
            i += min;
            i2 -= min;
        } while (i2 != 0);
    }

    private void Up(byte[] bArr, int i, int i2) {
        if (this.mode != MODE.ModeHash) {
            byte[] bArr2 = this.state;
            bArr2[47] = (byte) (bArr2[47] ^ i2);
        }
        int littleEndianToInt = Pack.littleEndianToInt(this.state, 0);
        int littleEndianToInt2 = Pack.littleEndianToInt(this.state, 4);
        int littleEndianToInt3 = Pack.littleEndianToInt(this.state, 8);
        int littleEndianToInt4 = Pack.littleEndianToInt(this.state, 12);
        int littleEndianToInt5 = Pack.littleEndianToInt(this.state, 16);
        int littleEndianToInt6 = Pack.littleEndianToInt(this.state, 20);
        int littleEndianToInt7 = Pack.littleEndianToInt(this.state, 24);
        int littleEndianToInt8 = Pack.littleEndianToInt(this.state, 28);
        int littleEndianToInt9 = Pack.littleEndianToInt(this.state, 32);
        int littleEndianToInt10 = Pack.littleEndianToInt(this.state, 36);
        int littleEndianToInt11 = Pack.littleEndianToInt(this.state, 40);
        int littleEndianToInt12 = Pack.littleEndianToInt(this.state, 44);
        for (int i3 = 0; i3 < 12; i3++) {
            int i4 = (littleEndianToInt ^ littleEndianToInt5) ^ littleEndianToInt9;
            int i5 = (littleEndianToInt2 ^ littleEndianToInt6) ^ littleEndianToInt10;
            int i6 = (littleEndianToInt3 ^ littleEndianToInt7) ^ littleEndianToInt11;
            int i7 = (littleEndianToInt4 ^ littleEndianToInt8) ^ littleEndianToInt12;
            int rotateLeft = Integers.rotateLeft(i7, 5) ^ Integers.rotateLeft(i7, 14);
            int rotateLeft2 = Integers.rotateLeft(i4, 5) ^ Integers.rotateLeft(i4, 14);
            int rotateLeft3 = Integers.rotateLeft(i5, 5) ^ Integers.rotateLeft(i5, 14);
            int rotateLeft4 = Integers.rotateLeft(i6, 5) ^ Integers.rotateLeft(i6, 14);
            int i8 = littleEndianToInt ^ rotateLeft;
            int i9 = littleEndianToInt5 ^ rotateLeft;
            int i10 = littleEndianToInt9 ^ rotateLeft;
            int i11 = littleEndianToInt2 ^ rotateLeft2;
            int i12 = littleEndianToInt6 ^ rotateLeft2;
            int i13 = littleEndianToInt10 ^ rotateLeft2;
            int i14 = littleEndianToInt3 ^ rotateLeft3;
            int i15 = littleEndianToInt7 ^ rotateLeft3;
            int i16 = littleEndianToInt11 ^ rotateLeft3;
            int i17 = littleEndianToInt4 ^ rotateLeft4;
            int i18 = littleEndianToInt8 ^ rotateLeft4;
            int i19 = littleEndianToInt12 ^ rotateLeft4;
            int rotateLeft5 = Integers.rotateLeft(i10, 11);
            int rotateLeft6 = Integers.rotateLeft(i13, 11);
            int rotateLeft7 = Integers.rotateLeft(i16, 11);
            int rotateLeft8 = Integers.rotateLeft(i19, 11);
            int i20 = i8 ^ this.RC[i3];
            littleEndianToInt = i20 ^ ((i18 ^ (-1)) & rotateLeft5);
            littleEndianToInt2 = i11 ^ ((i9 ^ (-1)) & rotateLeft6);
            littleEndianToInt3 = i14 ^ ((i12 ^ (-1)) & rotateLeft7);
            littleEndianToInt4 = i17 ^ ((i15 ^ (-1)) & rotateLeft8);
            int i21 = i18 ^ ((rotateLeft5 ^ (-1)) & i20);
            int i22 = i9 ^ ((rotateLeft6 ^ (-1)) & i11);
            int i23 = i12 ^ ((rotateLeft7 ^ (-1)) & i14);
            int i24 = i15 ^ ((rotateLeft8 ^ (-1)) & i17);
            int i25 = rotateLeft5 ^ ((i20 ^ (-1)) & i18);
            int i26 = rotateLeft6 ^ ((i11 ^ (-1)) & i9);
            littleEndianToInt5 = Integers.rotateLeft(i21, 1);
            littleEndianToInt6 = Integers.rotateLeft(i22, 1);
            littleEndianToInt7 = Integers.rotateLeft(i23, 1);
            littleEndianToInt8 = Integers.rotateLeft(i24, 1);
            littleEndianToInt9 = Integers.rotateLeft(rotateLeft7 ^ ((i14 ^ (-1)) & i12), 8);
            littleEndianToInt10 = Integers.rotateLeft(rotateLeft8 ^ ((i17 ^ (-1)) & i15), 8);
            littleEndianToInt11 = Integers.rotateLeft(i25, 8);
            littleEndianToInt12 = Integers.rotateLeft(i26, 8);
        }
        Pack.intToLittleEndian(littleEndianToInt, this.state, 0);
        Pack.intToLittleEndian(littleEndianToInt2, this.state, 4);
        Pack.intToLittleEndian(littleEndianToInt3, this.state, 8);
        Pack.intToLittleEndian(littleEndianToInt4, this.state, 12);
        Pack.intToLittleEndian(littleEndianToInt5, this.state, 16);
        Pack.intToLittleEndian(littleEndianToInt6, this.state, 20);
        Pack.intToLittleEndian(littleEndianToInt7, this.state, 24);
        Pack.intToLittleEndian(littleEndianToInt8, this.state, 28);
        Pack.intToLittleEndian(littleEndianToInt9, this.state, 32);
        Pack.intToLittleEndian(littleEndianToInt10, this.state, 36);
        Pack.intToLittleEndian(littleEndianToInt11, this.state, 40);
        Pack.intToLittleEndian(littleEndianToInt12, this.state, 44);
        this.phase = 2;
        if (bArr != null) {
            System.arraycopy(this.state, 0, bArr, 0, i);
        }
    }

    void Down(byte[] bArr, int i, int i2, int i3) {
        for (int i4 = 0; i4 < i2; i4++) {
            byte[] bArr2 = this.state;
            int i5 = i4;
            int i6 = i;
            i++;
            bArr2[i5] = (byte) (bArr2[i5] ^ bArr[i6]);
        }
        byte[] bArr3 = this.state;
        bArr3[i2] = (byte) (bArr3[i2] ^ 1);
        byte[] bArr4 = this.state;
        bArr4[47] = (byte) (bArr4[47] ^ (this.mode == MODE.ModeHash ? i3 & 1 : i3));
        this.phase = 1;
    }

    public int getBlockSize() {
        return 24;
    }

    public int getKeyBytesSize() {
        return 16;
    }

    public int getIVBytesSize() {
        return 16;
    }
}
