package org.bouncycastle.crypto.engines;

import java.io.ByteArrayOutputStream;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
import org.bouncycastle.crypto.modes.AEADCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumEngine;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;
import org.openintents.openpgp.util.OpenPgpApi;

/* loaded from: classes3.dex */
public class XoodyakEngine implements AEADCipher {

    /* renamed from: K, reason: collision with root package name */
    private byte[] f11495K;
    private int Rabsorb;
    private boolean aadFinished;
    private boolean encrypted;
    private boolean forEncryption;
    private byte[] iv;
    private MODE mode;
    private int phase;
    private byte[] state;
    private byte[] tag;
    private final int f_bPrime = 48;
    private final int Rkout = 24;
    private final int PhaseDown = 1;
    private final int PhaseUp = 2;
    private final int NLANES = 12;
    private final int NROWS = 3;
    private final int NCOLUMS = 4;
    private final int MAXROUNDS = 12;
    private final int TAGLEN = 16;
    final int Rkin = 44;
    private final int[] RC = {88, 56, 960, 208, 288, 20, 96, 44, 896, 240, DilithiumEngine.DilithiumPolyT0PackedBytes, 18};
    private boolean initialised = false;
    private final ByteArrayOutputStream aadData = new ByteArrayOutputStream();
    private final ByteArrayOutputStream message = new ByteArrayOutputStream();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public enum MODE {
        ModeHash,
        ModeKeyed
    }

    private void AbsorbAny(byte[] bArr, int i5, int i6, int i7, int i8) {
        while (true) {
            if (this.phase != 2) {
                Up(null, 0, 0);
            }
            int min = Math.min(i6, i7);
            Down(bArr, i5, min, i8);
            i5 += min;
            i6 -= min;
            if (i6 == 0) {
                return;
            } else {
                i8 = 0;
            }
        }
    }

    private int ROTL32(int i5, int i6) {
        return (i5 >>> ((32 - i6) & 31)) ^ (i5 << (i6 & 31));
    }

    private void Up(byte[] bArr, int i5, int i6) {
        int i7;
        if (this.mode != MODE.ModeHash) {
            byte[] bArr2 = this.state;
            bArr2[47] = (byte) (bArr2[47] ^ i6);
        }
        int i8 = 12;
        int[] iArr = new int[12];
        Pack.littleEndianToInt(this.state, 0, iArr, 0, 12);
        int[] iArr2 = new int[12];
        int[] iArr3 = new int[4];
        int[] iArr4 = new int[4];
        for (int i9 = 0; i9 < i8; i9++) {
            for (int i10 = 0; i10 < 4; i10++) {
                iArr3[i10] = (iArr[index(i10, 1)] ^ iArr[index(i10, 0)]) ^ iArr[index(i10, 2)];
            }
            int i11 = 0;
            while (true) {
                i7 = 3;
                if (i11 >= 4) {
                    break;
                }
                int i12 = iArr3[3 & (i11 + 3)];
                iArr4[i11] = ROTL32(i12, 14) ^ ROTL32(i12, 5);
                i11++;
            }
            for (int i13 = 0; i13 < 4; i13++) {
                for (int i14 = 0; i14 < 3; i14++) {
                    int index = index(i13, i14);
                    iArr[index] = iArr[index] ^ iArr4[i13];
                }
            }
            for (int i15 = 0; i15 < 4; i15++) {
                iArr2[index(i15, 0)] = iArr[index(i15, 0)];
                iArr2[index(i15, 1)] = iArr[index(i15 + 3, 1)];
                iArr2[index(i15, 2)] = ROTL32(iArr[index(i15, 2)], 11);
            }
            iArr2[0] = iArr2[0] ^ this.RC[i9];
            int i16 = 0;
            while (i16 < 4) {
                int i17 = 0;
                while (i17 < i7) {
                    int i18 = i17 + 1;
                    iArr[index(i16, i17)] = ((~iArr2[index(i16, i18)]) & iArr2[index(i16, i17 + 2)]) ^ iArr2[index(i16, i17)];
                    i17 = i18;
                    i7 = 3;
                }
                i16++;
                i7 = 3;
            }
            for (int i19 = 0; i19 < 4; i19++) {
                iArr2[index(i19, 0)] = iArr[index(i19, 0)];
                iArr2[index(i19, 1)] = ROTL32(iArr[index(i19, 1)], 1);
                iArr2[index(i19, 2)] = ROTL32(iArr[index(i19 + 2, 2)], 8);
            }
            i8 = 12;
            System.arraycopy(iArr2, 0, iArr, 0, 12);
        }
        Pack.intToLittleEndian(iArr, 0, i8, this.state, 0);
        this.phase = 2;
        if (bArr != null) {
            System.arraycopy(this.state, 0, bArr, 0, i5);
        }
    }

    private int encrypt(byte[] bArr, int i5, int i6, byte[] bArr2, int i7) {
        byte[] bArr3 = new byte[24];
        int i8 = this.encrypted ? 0 : 128;
        int i9 = i6;
        while (true) {
            if (i9 == 0 && this.encrypted) {
                return i6;
            }
            int min = Math.min(i9, 24);
            if (this.forEncryption) {
                System.arraycopy(bArr, i5, bArr3, 0, min);
            }
            Up(null, 0, i8);
            int i10 = 0;
            while (i10 < min) {
                bArr2[i7 + i10] = (byte) (bArr[i5] ^ this.state[i10]);
                i10++;
                i5++;
            }
            if (this.forEncryption) {
                Down(bArr3, 0, min, 0);
            } else {
                Down(bArr2, i7, min, 0);
            }
            i7 += min;
            i9 -= min;
            this.encrypted = true;
            i8 = 0;
        }
    }

    private int index(int i5, int i6) {
        return ((i6 % 3) * 4) + (i5 % 4);
    }

    private void processAAD() {
        if (this.aadFinished) {
            return;
        }
        byte[] byteArray = this.aadData.toByteArray();
        AbsorbAny(byteArray, 0, byteArray.length, this.Rabsorb, 3);
        this.aadFinished = true;
    }

    private void reset(boolean z5) {
        if (z5) {
            this.tag = null;
        }
        Arrays.fill(this.state, (byte) 0);
        this.aadFinished = false;
        this.encrypted = false;
        this.phase = 2;
        this.message.reset();
        this.aadData.reset();
        byte[] bArr = this.f11495K;
        int length = bArr.length;
        int length2 = this.iv.length;
        byte[] bArr2 = new byte[44];
        this.mode = MODE.ModeKeyed;
        this.Rabsorb = 44;
        System.arraycopy(bArr, 0, bArr2, 0, length);
        System.arraycopy(this.iv, 0, bArr2, length, length2);
        int i5 = length + length2;
        bArr2[i5] = (byte) length2;
        AbsorbAny(bArr2, 0, i5 + 1, this.Rabsorb, 2);
    }

    void Down(byte[] bArr, int i5, int i6, int i7) {
        int i8 = 0;
        while (i8 < i6) {
            byte[] bArr2 = this.state;
            bArr2[i8] = (byte) (bArr[i5] ^ bArr2[i8]);
            i8++;
            i5++;
        }
        byte[] bArr3 = this.state;
        bArr3[i6] = (byte) (bArr3[i6] ^ 1);
        byte b5 = bArr3[47];
        if (this.mode == MODE.ModeHash) {
            i7 &= 1;
        }
        bArr3[47] = (byte) (b5 ^ i7);
        this.phase = 1;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int doFinal(byte[] bArr, int i5) {
        int i6;
        if (!this.initialised) {
            throw new IllegalArgumentException("Need call init function before encryption/decryption");
        }
        byte[] byteArray = this.message.toByteArray();
        int size = this.message.size();
        boolean z5 = this.forEncryption;
        if ((z5 && size + 16 + i5 > bArr.length) || (!z5 && (size - 16) + i5 > bArr.length)) {
            throw new OutputLengthException("output buffer too short");
        }
        processAAD();
        if (this.forEncryption) {
            encrypt(byteArray, 0, size, bArr, i5);
            byte[] bArr2 = new byte[16];
            this.tag = bArr2;
            Up(bArr2, 16, 64);
            System.arraycopy(this.tag, 0, bArr, i5 + size, 16);
            i6 = size + 16;
        } else {
            i6 = size - 16;
            encrypt(byteArray, 0, i6, bArr, i5);
            byte[] bArr3 = new byte[16];
            this.tag = bArr3;
            Up(bArr3, 16, 64);
            int i7 = i6;
            int i8 = 0;
            while (i8 < 16) {
                int i9 = i7 + 1;
                if (this.tag[i8] != byteArray[i7]) {
                    throw new IllegalArgumentException("Mac does not match");
                }
                i8++;
                i7 = i9;
            }
        }
        reset(false);
        return i6;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return "Xoodyak AEAD";
    }

    public int getBlockSize() {
        return 24;
    }

    public int getIVBytesSize() {
        return 16;
    }

    public int getKeyBytesSize() {
        return 16;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        return this.tag;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i5) {
        return i5 + 16;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i5) {
        return i5;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z5, CipherParameters cipherParameters) {
        this.forEncryption = z5;
        if (!(cipherParameters instanceof ParametersWithIV)) {
            throw new IllegalArgumentException("Xoodyak init parameters must include an IV");
        }
        ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
        byte[] iv = parametersWithIV.getIV();
        this.iv = iv;
        if (iv == null || iv.length != 16) {
            throw new IllegalArgumentException("Xoodyak requires exactly 16 bytes of IV");
        }
        if (!(parametersWithIV.getParameters() instanceof KeyParameter)) {
            throw new IllegalArgumentException("Xoodyak init parameters must include a key");
        }
        byte[] key = ((KeyParameter) parametersWithIV.getParameters()).getKey();
        this.f11495K = key;
        if (key.length != 16) {
            throw new IllegalArgumentException("Xoodyak key must be 128 bits long");
        }
        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties(getAlgorithmName(), 128, cipherParameters, Utils.getPurpose(z5)));
        this.state = new byte[48];
        this.tag = new byte[16];
        this.initialised = true;
        reset();
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADByte(byte b5) {
        if (!this.aadFinished) {
            this.aadData.write(b5);
            return;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("AAD cannot be added after reading a full block(");
        sb.append(getBlockSize());
        sb.append(" bytes) of input for ");
        sb.append(this.forEncryption ? "encryption" : OpenPgpApi.RESULT_DECRYPTION);
        throw new IllegalArgumentException(sb.toString());
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i5, int i6) {
        if (!this.aadFinished) {
            if (i5 + i6 > bArr.length) {
                throw new DataLengthException("input buffer too short");
            }
            this.aadData.write(bArr, i5, i6);
        } else {
            StringBuilder sb = new StringBuilder();
            sb.append("AAD cannot be added after reading a full block(");
            sb.append(getBlockSize());
            sb.append(" bytes) of input for ");
            sb.append(this.forEncryption ? "encryption" : OpenPgpApi.RESULT_DECRYPTION);
            throw new IllegalArgumentException(sb.toString());
        }
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b5, byte[] bArr, int i5) {
        return processBytes(new byte[]{b5}, 0, 1, bArr, i5);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i5, int i6, byte[] bArr2, int i7) {
        if (!this.initialised) {
            throw new IllegalArgumentException("Need call init function before encryption/decryption");
        }
        if (this.mode != MODE.ModeKeyed) {
            throw new IllegalArgumentException("Xoodyak has not been initialised");
        }
        if (i5 + i6 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        this.message.write(bArr, i5, i6);
        int size = this.message.size() - (this.forEncryption ? 0 : 16);
        if (size < getBlockSize()) {
            return 0;
        }
        byte[] byteArray = this.message.toByteArray();
        int blockSize = (size / getBlockSize()) * getBlockSize();
        if (blockSize + i7 > bArr2.length) {
            throw new OutputLengthException("output buffer is too short");
        }
        processAAD();
        encrypt(byteArray, 0, blockSize, bArr2, i7);
        this.message.reset();
        this.message.write(byteArray, blockSize, byteArray.length - blockSize);
        return blockSize;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void reset() {
        if (!this.initialised) {
            throw new IllegalArgumentException("Need call init function before encryption/decryption");
        }
        reset(true);
    }
}
