package org.bouncycastle.tls.crypto.impl;

import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsDecodeResult;
import org.bouncycastle.tls.crypto.TlsEncodeResult;
import org.bouncycastle.tls.crypto.TlsHMAC;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.Pack;

/* loaded from: classes.dex */
public final class TlsBlockCipher implements TlsCipher {
    private final boolean acceptExtraPadding;
    private final TlsCryptoParameters cryptoParams;
    private final TlsBlockCipherImpl decryptCipher;
    private final byte[] decryptConnectionID;
    private final boolean decryptUseInnerPlaintext;
    private final TlsBlockCipherImpl encryptCipher;
    private final byte[] encryptConnectionID;
    private final boolean encryptThenMAC;
    private final boolean encryptUseInnerPlaintext;
    private final byte[] randomData;
    private final TlsSuiteMac readMac;
    private final boolean useExplicitIV;
    private final boolean useExtraPadding;
    private final TlsSuiteMac writeMac;

    public TlsBlockCipher(TlsCryptoParameters tlsCryptoParameters, TlsBlockCipherImpl tlsBlockCipherImpl, TlsBlockCipherImpl tlsBlockCipherImpl2, TlsHMAC tlsHMAC, TlsHMAC tlsHMAC2, int i5) {
        TlsSuiteHMac tlsSuiteHMac;
        SecurityParameters securityParametersHandshake = tlsCryptoParameters.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        if (TlsImplUtils.isTLSv13(negotiatedVersion)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.decryptConnectionID = securityParametersHandshake.getConnectionIDPeer();
        this.encryptConnectionID = securityParametersHandshake.getConnectionIDLocal();
        boolean z5 = true;
        this.decryptUseInnerPlaintext = !Arrays.isNullOrEmpty(r2);
        this.encryptUseInnerPlaintext = !Arrays.isNullOrEmpty(r4);
        this.cryptoParams = tlsCryptoParameters;
        this.randomData = tlsCryptoParameters.getNonceGenerator().generateNonce(256);
        boolean isEncryptThenMAC = securityParametersHandshake.isEncryptThenMAC();
        this.encryptThenMAC = isEncryptThenMAC;
        boolean isTLSv11 = TlsImplUtils.isTLSv11(negotiatedVersion);
        this.useExplicitIV = isTLSv11;
        this.acceptExtraPadding = !negotiatedVersion.isSSL();
        if (!securityParametersHandshake.isExtendedPadding() || !ProtocolVersion.TLSv10.isEqualOrEarlierVersionOf(negotiatedVersion) || (!isEncryptThenMAC && securityParametersHandshake.isTruncatedHMac())) {
            z5 = false;
        }
        this.useExtraPadding = z5;
        this.encryptCipher = tlsBlockCipherImpl;
        this.decryptCipher = tlsBlockCipherImpl2;
        if (tlsCryptoParameters.isServer()) {
            tlsBlockCipherImpl2 = tlsBlockCipherImpl;
            tlsBlockCipherImpl = tlsBlockCipherImpl2;
        }
        int macLength = (i5 * 2) + tlsHMAC.getMacLength() + tlsHMAC2.getMacLength();
        macLength = isTLSv11 ? macLength : macLength + tlsBlockCipherImpl.getBlockSize() + tlsBlockCipherImpl2.getBlockSize();
        byte[] calculateKeyBlock = TlsImplUtils.calculateKeyBlock(tlsCryptoParameters, macLength);
        tlsHMAC.setKey(calculateKeyBlock, 0, tlsHMAC.getMacLength());
        int macLength2 = tlsHMAC.getMacLength();
        tlsHMAC2.setKey(calculateKeyBlock, macLength2, tlsHMAC2.getMacLength());
        int macLength3 = macLength2 + tlsHMAC2.getMacLength();
        tlsBlockCipherImpl.setKey(calculateKeyBlock, macLength3, i5);
        int i6 = macLength3 + i5;
        tlsBlockCipherImpl2.setKey(calculateKeyBlock, i6, i5);
        int i7 = i6 + i5;
        int blockSize = tlsBlockCipherImpl.getBlockSize();
        int blockSize2 = tlsBlockCipherImpl2.getBlockSize();
        if (isTLSv11) {
            tlsBlockCipherImpl.init(new byte[blockSize], 0, blockSize);
            tlsBlockCipherImpl2.init(new byte[blockSize2], 0, blockSize2);
        } else {
            tlsBlockCipherImpl.init(calculateKeyBlock, i7, blockSize);
            int i8 = i7 + blockSize;
            tlsBlockCipherImpl2.init(calculateKeyBlock, i8, blockSize2);
            i7 = i8 + blockSize2;
        }
        if (i7 != macLength) {
            throw new TlsFatalAlert((short) 80);
        }
        if (tlsCryptoParameters.isServer()) {
            this.writeMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC2);
            tlsSuiteHMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC);
        } else {
            this.writeMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC);
            tlsSuiteHMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC2);
        }
        this.readMac = tlsSuiteHMac;
    }

    private int checkPaddingConstantTime(byte[] bArr, int i5, int i6, int i7, int i8) {
        byte b6;
        int i9;
        int i10 = i5 + i6;
        byte b7 = bArr[i10 - 1];
        int i11 = (b7 & 255) + 1;
        if (this.acceptExtraPadding) {
            i7 = 256;
        }
        if (i11 > Math.min(i7, i6 - i8)) {
            i9 = 0;
            b6 = 0;
            i11 = 0;
        } else {
            int i12 = i10 - i11;
            b6 = 0;
            while (true) {
                int i13 = i12 + 1;
                b6 = (byte) ((bArr[i12] ^ b7) | b6);
                if (i13 >= i10) {
                    break;
                }
                i12 = i13;
            }
            i9 = i11;
            if (b6 != 0) {
                i11 = 0;
            }
        }
        byte[] bArr2 = this.randomData;
        while (i9 < 256) {
            b6 = (byte) ((bArr2[i9] ^ b7) | b6);
            i9++;
        }
        bArr2[0] = (byte) (bArr2[0] ^ b6);
        return i11;
    }

    private int chooseExtraPadBlocks(int i5) {
        return Math.min(Integers.numberOfTrailingZeros(Pack.littleEndianToInt(this.cryptoParams.getNonceGenerator().generateNonce(4), 0)), i5);
    }

    private int getCiphertextLength(int i5, int i6, int i7, int i8) {
        if (this.useExplicitIV) {
            i8 += i5;
        }
        int i9 = i8 + i7;
        if (this.encryptThenMAC) {
            return (i9 - (i9 % i5)) + i6;
        }
        int i10 = i9 + i6;
        return i10 - (i10 % i5);
    }

    private int getPlaintextLength(int i5, int i6, int i7) {
        int i8;
        if (this.encryptThenMAC) {
            i8 = i7 - i6;
            i6 = i8 % i5;
        } else {
            i8 = i7 - (i7 % i5);
        }
        int i9 = (i8 - i6) - 1;
        return this.useExplicitIV ? i9 - i5 : i9;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public TlsDecodeResult decodeCiphertext(long j5, short s5, ProtocolVersion protocolVersion, byte[] bArr, int i5, int i6) {
        byte[] bArr2;
        int i7;
        int i8;
        int i9;
        byte[] bArr3;
        short s6;
        byte b6;
        int blockSize = this.decryptCipher.getBlockSize();
        int size = this.readMac.getSize();
        int max = this.encryptThenMAC ? blockSize + size : Math.max(blockSize, size + 1);
        if (this.useExplicitIV) {
            max += blockSize;
        }
        if (i6 < max) {
            throw new TlsFatalAlert((short) 50);
        }
        boolean z5 = this.encryptThenMAC;
        int i10 = z5 ? i6 - size : i6;
        if (i10 % blockSize != 0) {
            throw new TlsFatalAlert((short) 21);
        }
        if (z5) {
            bArr2 = bArr;
            if (!TlsUtils.constantTimeAreEqual(size, this.readMac.calculateMac(j5, s5, this.decryptConnectionID, bArr, i5, i6 - size), 0, bArr2, (i5 + i6) - size)) {
                throw new TlsFatalAlert((short) 20);
            }
        } else {
            bArr2 = bArr;
        }
        int i11 = i10;
        this.decryptCipher.doFinal(bArr2, i5, i11, bArr, i5);
        if (this.useExplicitIV) {
            i7 = i5 + blockSize;
            i8 = i11 - blockSize;
        } else {
            i7 = i5;
            i8 = i11;
        }
        int checkPaddingConstantTime = checkPaddingConstantTime(bArr, i7, i8, blockSize, this.encryptThenMAC ? 0 : size);
        boolean z6 = checkPaddingConstantTime == 0;
        int i12 = i8 - checkPaddingConstantTime;
        if (this.encryptThenMAC) {
            i9 = i7;
            bArr3 = bArr;
        } else {
            i9 = i7;
            bArr3 = bArr;
            z6 |= !TlsUtils.constantTimeAreEqual(size, this.readMac.calculateMacConstantTime(j5, s5, this.decryptConnectionID, bArr, i9, r7, i8 - size, this.randomData), 0, bArr3, i9 + r7);
            i12 -= size;
        }
        if (z6) {
            throw new TlsFatalAlert((short) 20);
        }
        if (!this.decryptUseInnerPlaintext) {
            s6 = s5;
            return new TlsDecodeResult(bArr3, i9, i12, s6);
        }
        do {
            i12--;
            if (i12 < 0) {
                throw new TlsFatalAlert((short) 10);
            }
            b6 = bArr3[i9 + i12];
        } while (b6 == 0);
        s6 = (short) (b6 & 255);
        return new TlsDecodeResult(bArr3, i9, i12, s6);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public TlsEncodeResult encodePlaintext(long j5, short s5, ProtocolVersion protocolVersion, int i5, byte[] bArr, int i6, int i7) {
        int i8;
        byte[] bArr2;
        int i9;
        short s6;
        int blockSize = this.encryptCipher.getBlockSize();
        int size = this.writeMac.getSize();
        int i10 = i7 + (this.encryptUseInnerPlaintext ? 1 : 0);
        int i11 = blockSize - ((!this.encryptThenMAC ? i10 + size : i10) % blockSize);
        if (this.useExtraPadding) {
            i11 += chooseExtraPadBlocks((256 - i11) / blockSize) * blockSize;
        }
        int i12 = size + i10 + i11;
        boolean z5 = this.useExplicitIV;
        if (z5) {
            i12 += blockSize;
        }
        int i13 = i12 + i5;
        byte[] bArr3 = new byte[i13];
        if (z5) {
            System.arraycopy(this.cryptoParams.getNonceGenerator().generateNonce(blockSize), 0, bArr3, i5, blockSize);
            i8 = blockSize + i5;
            i9 = i6;
            bArr2 = bArr;
        } else {
            i8 = i5;
            bArr2 = bArr;
            i9 = i6;
        }
        System.arraycopy(bArr2, i9, bArr3, i8, i7);
        int i14 = i7 + i8;
        if (this.encryptUseInnerPlaintext) {
            bArr3[i14] = (byte) s5;
            s6 = 25;
            i14++;
        } else {
            s6 = s5;
        }
        if (!this.encryptThenMAC) {
            byte[] calculateMac = this.writeMac.calculateMac(j5, s6, this.encryptConnectionID, bArr3, i8, i10);
            System.arraycopy(calculateMac, 0, bArr3, i14, calculateMac.length);
            i14 += calculateMac.length;
        }
        byte b6 = (byte) (i11 - 1);
        int i15 = i14;
        int i16 = 0;
        while (i16 < i11) {
            bArr3[i15] = b6;
            i16++;
            i15++;
        }
        int i17 = i15 - i5;
        this.encryptCipher.doFinal(bArr3, i5, i17, bArr3, i5);
        if (this.encryptThenMAC) {
            byte[] calculateMac2 = this.writeMac.calculateMac(j5, s6, this.encryptConnectionID, bArr3, i5, i17);
            System.arraycopy(calculateMac2, 0, bArr3, i15, calculateMac2.length);
            i15 += calculateMac2.length;
        }
        if (i15 == i13) {
            return new TlsEncodeResult(bArr3, 0, i13, s6);
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextDecodeLimit(int i5) {
        return getCiphertextLength(this.decryptCipher.getBlockSize(), this.readMac.getSize(), 256, i5 + (this.decryptUseInnerPlaintext ? 1 : 0));
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextEncodeLimit(int i5) {
        int blockSize = this.encryptCipher.getBlockSize();
        return getCiphertextLength(blockSize, this.writeMac.getSize(), this.useExtraPadding ? 256 : blockSize, i5 + (this.encryptUseInnerPlaintext ? 1 : 0));
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextDecodeLimit(int i5) {
        return getPlaintextLength(this.decryptCipher.getBlockSize(), this.readMac.getSize(), i5) - (this.decryptUseInnerPlaintext ? 1 : 0);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextEncodeLimit(int i5) {
        return getPlaintextLength(this.encryptCipher.getBlockSize(), this.writeMac.getSize(), i5) - (this.encryptUseInnerPlaintext ? 1 : 0);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyDecoder() {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyEncoder() {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public boolean usesOpaqueRecordTypeDecode() {
        return this.decryptUseInnerPlaintext;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public boolean usesOpaqueRecordTypeEncode() {
        return this.encryptUseInnerPlaintext;
    }
}
