package de.authada.org.bouncycastle.tls.crypto.impl;

import de.authada.org.bouncycastle.tls.ProtocolVersion;
import de.authada.org.bouncycastle.tls.SecurityParameters;
import de.authada.org.bouncycastle.tls.TlsFatalAlert;
import de.authada.org.bouncycastle.tls.TlsUtils;
import de.authada.org.bouncycastle.tls.crypto.TlsCipher;
import de.authada.org.bouncycastle.tls.crypto.TlsCryptoParameters;
import de.authada.org.bouncycastle.tls.crypto.TlsDecodeResult;
import de.authada.org.bouncycastle.tls.crypto.TlsEncodeResult;
import de.authada.org.bouncycastle.tls.crypto.TlsHMAC;
import de.authada.org.bouncycastle.util.Arrays;
import de.authada.org.bouncycastle.util.Integers;
import de.authada.org.bouncycastle.util.Pack;

/* loaded from: classes6.dex */
public final class TlsBlockCipher implements TlsCipher {
    private final boolean acceptExtraPadding;
    private final TlsCryptoParameters cryptoParams;
    private final TlsBlockCipherImpl decryptCipher;
    private final byte[] decryptConnectionID;
    private final boolean decryptUseInnerPlaintext;
    private final TlsBlockCipherImpl encryptCipher;
    private final byte[] encryptConnectionID;
    private final boolean encryptThenMAC;
    private final boolean encryptUseInnerPlaintext;
    private final byte[] randomData;
    private final TlsSuiteMac readMac;
    private final boolean useExplicitIV;
    private final boolean useExtraPadding;
    private final TlsSuiteMac writeMac;

    public TlsBlockCipher(TlsCryptoParameters tlsCryptoParameters, TlsBlockCipherImpl tlsBlockCipherImpl, TlsBlockCipherImpl tlsBlockCipherImpl2, TlsHMAC tlsHMAC, TlsHMAC tlsHMAC2, int i10) {
        TlsSuiteHMac tlsSuiteHMac;
        SecurityParameters securityParametersHandshake = tlsCryptoParameters.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        if (TlsImplUtils.isTLSv13(negotiatedVersion)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.decryptConnectionID = securityParametersHandshake.getConnectionIDPeer();
        this.encryptConnectionID = securityParametersHandshake.getConnectionIDLocal();
        boolean z8 = true;
        this.decryptUseInnerPlaintext = !Arrays.isNullOrEmpty(r2);
        this.encryptUseInnerPlaintext = !Arrays.isNullOrEmpty(r4);
        this.cryptoParams = tlsCryptoParameters;
        this.randomData = tlsCryptoParameters.getNonceGenerator().generateNonce(256);
        boolean isEncryptThenMAC = securityParametersHandshake.isEncryptThenMAC();
        this.encryptThenMAC = isEncryptThenMAC;
        boolean isTLSv11 = TlsImplUtils.isTLSv11(negotiatedVersion);
        this.useExplicitIV = isTLSv11;
        this.acceptExtraPadding = !negotiatedVersion.isSSL();
        if (!securityParametersHandshake.isExtendedPadding() || !ProtocolVersion.TLSv10.isEqualOrEarlierVersionOf(negotiatedVersion) || (!isEncryptThenMAC && securityParametersHandshake.isTruncatedHMac())) {
            z8 = false;
        }
        this.useExtraPadding = z8;
        this.encryptCipher = tlsBlockCipherImpl;
        this.decryptCipher = tlsBlockCipherImpl2;
        if (tlsCryptoParameters.isServer()) {
            tlsBlockCipherImpl2 = tlsBlockCipherImpl;
            tlsBlockCipherImpl = tlsBlockCipherImpl2;
        }
        int macLength = tlsHMAC2.getMacLength() + tlsHMAC.getMacLength() + (i10 * 2);
        if (!isTLSv11) {
            macLength += tlsBlockCipherImpl2.getBlockSize() + tlsBlockCipherImpl.getBlockSize();
        }
        byte[] calculateKeyBlock = TlsImplUtils.calculateKeyBlock(tlsCryptoParameters, macLength);
        tlsHMAC.setKey(calculateKeyBlock, 0, tlsHMAC.getMacLength());
        int macLength2 = tlsHMAC.getMacLength();
        tlsHMAC2.setKey(calculateKeyBlock, macLength2, tlsHMAC2.getMacLength());
        int macLength3 = tlsHMAC2.getMacLength() + macLength2;
        tlsBlockCipherImpl.setKey(calculateKeyBlock, macLength3, i10);
        int i11 = macLength3 + i10;
        tlsBlockCipherImpl2.setKey(calculateKeyBlock, i11, i10);
        int i12 = i11 + i10;
        int blockSize = tlsBlockCipherImpl.getBlockSize();
        int blockSize2 = tlsBlockCipherImpl2.getBlockSize();
        if (isTLSv11) {
            tlsBlockCipherImpl.init(new byte[blockSize], 0, blockSize);
            tlsBlockCipherImpl2.init(new byte[blockSize2], 0, blockSize2);
        } else {
            tlsBlockCipherImpl.init(calculateKeyBlock, i12, blockSize);
            int i13 = i12 + blockSize;
            tlsBlockCipherImpl2.init(calculateKeyBlock, i13, blockSize2);
            i12 = i13 + blockSize2;
        }
        if (i12 != macLength) {
            throw new TlsFatalAlert((short) 80);
        }
        if (tlsCryptoParameters.isServer()) {
            this.writeMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC2);
            tlsSuiteHMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC);
        } else {
            this.writeMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC);
            tlsSuiteHMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC2);
        }
        this.readMac = tlsSuiteHMac;
    }

    private int checkPaddingConstantTime(byte[] bArr, int i10, int i11, int i12, int i13) {
        byte b10;
        int i14;
        int i15 = i10 + i11;
        byte b11 = bArr[i15 - 1];
        int i16 = (b11 & 255) + 1;
        if (this.acceptExtraPadding) {
            i12 = 256;
        }
        if (i16 > Math.min(i12, i11 - i13)) {
            i14 = 0;
            b10 = 0;
            i16 = 0;
        } else {
            int i17 = i15 - i16;
            b10 = 0;
            while (true) {
                int i18 = i17 + 1;
                b10 = (byte) ((bArr[i17] ^ b11) | b10);
                if (i18 >= i15) {
                    break;
                }
                i17 = i18;
            }
            i14 = i16;
            if (b10 != 0) {
                i16 = 0;
            }
        }
        byte[] bArr2 = this.randomData;
        while (i14 < 256) {
            b10 = (byte) ((bArr2[i14] ^ b11) | b10);
            i14++;
        }
        bArr2[0] = (byte) (bArr2[0] ^ b10);
        return i16;
    }

    private int chooseExtraPadBlocks(int i10) {
        return Math.min(Integers.numberOfTrailingZeros(Pack.littleEndianToInt(this.cryptoParams.getNonceGenerator().generateNonce(4), 0)), i10);
    }

    private int getCiphertextLength(int i10, int i11, int i12, int i13) {
        if (this.useExplicitIV) {
            i13 += i10;
        }
        int i14 = i13 + i12;
        if (this.encryptThenMAC) {
            return (i14 - (i14 % i10)) + i11;
        }
        int i15 = i14 + i11;
        return i15 - (i15 % i10);
    }

    private int getPlaintextLength(int i10, int i11, int i12) {
        int i13;
        if (this.encryptThenMAC) {
            i13 = i12 - i11;
            i11 = i13 % i10;
        } else {
            i13 = i12 - (i12 % i10);
        }
        int i14 = (i13 - i11) - 1;
        return this.useExplicitIV ? i14 - i10 : i14;
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public TlsDecodeResult decodeCiphertext(long j10, short s10, ProtocolVersion protocolVersion, byte[] bArr, int i10, int i11) {
        int i12;
        int i13;
        byte[] bArr2;
        short s11;
        byte b10;
        int blockSize = this.decryptCipher.getBlockSize();
        int size = this.readMac.getSize();
        int max = this.encryptThenMAC ? blockSize + size : Math.max(blockSize, size + 1);
        if (this.useExplicitIV) {
            max += blockSize;
        }
        if (i11 < max) {
            throw new TlsFatalAlert((short) 50);
        }
        boolean z8 = this.encryptThenMAC;
        int i14 = z8 ? i11 - size : i11;
        if (i14 % blockSize != 0) {
            throw new TlsFatalAlert((short) 21);
        }
        if (z8 && !TlsUtils.constantTimeAreEqual(size, this.readMac.calculateMac(j10, s10, this.decryptConnectionID, bArr, i10, i11 - size), 0, bArr, (i10 + i11) - size)) {
            throw new TlsFatalAlert((short) 20);
        }
        this.decryptCipher.doFinal(bArr, i10, i14, bArr, i10);
        if (this.useExplicitIV) {
            i14 -= blockSize;
            i12 = i10 + blockSize;
        } else {
            i12 = i10;
        }
        int checkPaddingConstantTime = checkPaddingConstantTime(bArr, i12, i14, blockSize, this.encryptThenMAC ? 0 : size);
        boolean z10 = checkPaddingConstantTime == 0;
        int i15 = i14 - checkPaddingConstantTime;
        if (this.encryptThenMAC) {
            i13 = i12;
            bArr2 = bArr;
        } else {
            i15 -= size;
            bArr2 = bArr;
            i13 = i12;
            z10 |= !TlsUtils.constantTimeAreEqual(size, this.readMac.calculateMacConstantTime(j10, s10, this.decryptConnectionID, bArr, r18, i15, i14 - size, this.randomData), 0, bArr2, i13 + i15);
        }
        if (z10) {
            throw new TlsFatalAlert((short) 20);
        }
        byte[] bArr3 = bArr2;
        if (!this.decryptUseInnerPlaintext) {
            s11 = s10;
            return new TlsDecodeResult(bArr3, i13, i15, s11);
        }
        do {
            i15--;
            if (i15 < 0) {
                throw new TlsFatalAlert((short) 10);
            }
            b10 = bArr3[i13 + i15];
        } while (b10 == 0);
        s11 = (short) (b10 & 255);
        return new TlsDecodeResult(bArr3, i13, i15, s11);
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public TlsEncodeResult encodePlaintext(long j10, short s10, ProtocolVersion protocolVersion, int i10, byte[] bArr, int i11, int i12) {
        byte[] bArr2;
        int i13;
        int i14;
        short s11;
        int i15;
        int i16;
        int blockSize = this.encryptCipher.getBlockSize();
        int size = this.writeMac.getSize();
        int i17 = i12 + (this.encryptUseInnerPlaintext ? 1 : 0);
        int i18 = blockSize - ((!this.encryptThenMAC ? i17 + size : i17) % blockSize);
        if (this.useExtraPadding) {
            i18 += chooseExtraPadBlocks((256 - i18) / blockSize) * blockSize;
        }
        int i19 = size + i17 + i18;
        boolean z8 = this.useExplicitIV;
        if (z8) {
            i19 += blockSize;
        }
        int i20 = i10 + i19;
        byte[] bArr3 = new byte[i20];
        if (z8) {
            System.arraycopy(this.cryptoParams.getNonceGenerator().generateNonce(blockSize), 0, bArr3, i10, blockSize);
            i14 = blockSize + i10;
            bArr2 = bArr;
            i13 = i11;
        } else {
            bArr2 = bArr;
            i13 = i11;
            i14 = i10;
        }
        System.arraycopy(bArr2, i13, bArr3, i14, i12);
        int i21 = i12 + i14;
        if (this.encryptUseInnerPlaintext) {
            bArr3[i21] = (byte) s10;
            s11 = 25;
            i21++;
        } else {
            s11 = s10;
        }
        if (this.encryptThenMAC) {
            i15 = i20;
            i16 = 0;
        } else {
            i15 = i20;
            i16 = 0;
            byte[] calculateMac = this.writeMac.calculateMac(j10, s11, this.encryptConnectionID, bArr3, i14, i17);
            System.arraycopy(calculateMac, 0, bArr3, i21, calculateMac.length);
            i21 += calculateMac.length;
        }
        byte b10 = (byte) (i18 - 1);
        int i22 = i21;
        int i23 = i16;
        while (i23 < i18) {
            bArr3[i22] = b10;
            i23++;
            i22++;
        }
        int i24 = i22 - i10;
        short s12 = s11;
        int i25 = i15;
        int i26 = i16;
        this.encryptCipher.doFinal(bArr3, i10, i24, bArr3, i10);
        if (this.encryptThenMAC) {
            byte[] calculateMac2 = this.writeMac.calculateMac(j10, s12, this.encryptConnectionID, bArr3, i10, i24);
            System.arraycopy(calculateMac2, i26, bArr3, i22, calculateMac2.length);
            i22 += calculateMac2.length;
        }
        if (i22 == i25) {
            return new TlsEncodeResult(bArr3, i26, i25, s12);
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextDecodeLimit(int i10) {
        return getCiphertextLength(this.decryptCipher.getBlockSize(), this.readMac.getSize(), 256, i10 + (this.decryptUseInnerPlaintext ? 1 : 0));
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextEncodeLimit(int i10) {
        int blockSize = this.encryptCipher.getBlockSize();
        return getCiphertextLength(blockSize, this.writeMac.getSize(), this.useExtraPadding ? 256 : blockSize, i10 + (this.encryptUseInnerPlaintext ? 1 : 0));
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextDecodeLimit(int i10) {
        return getPlaintextLength(this.decryptCipher.getBlockSize(), this.readMac.getSize(), i10) - (this.decryptUseInnerPlaintext ? 1 : 0);
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextEncodeLimit(int i10) {
        return getPlaintextLength(this.encryptCipher.getBlockSize(), this.writeMac.getSize(), i10) - (this.encryptUseInnerPlaintext ? 1 : 0);
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyDecoder() {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyEncoder() {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public boolean usesOpaqueRecordTypeDecode() {
        return this.decryptUseInnerPlaintext;
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public boolean usesOpaqueRecordTypeEncode() {
        return this.encryptUseInnerPlaintext;
    }
}
