package de.authada.org.bouncycastle.tls.crypto.impl;

import de.authada.org.bouncycastle.tls.ProtocolVersion;
import de.authada.org.bouncycastle.tls.SecurityParameters;
import de.authada.org.bouncycastle.tls.TlsFatalAlert;
import de.authada.org.bouncycastle.tls.TlsUtils;
import de.authada.org.bouncycastle.tls.crypto.TlsCipher;
import de.authada.org.bouncycastle.tls.crypto.TlsCryptoParameters;
import de.authada.org.bouncycastle.tls.crypto.TlsCryptoUtils;
import de.authada.org.bouncycastle.tls.crypto.TlsDecodeResult;
import de.authada.org.bouncycastle.tls.crypto.TlsEncodeResult;
import de.authada.org.bouncycastle.tls.crypto.TlsSecret;
import de.authada.org.bouncycastle.util.Arrays;

/* loaded from: classes6.dex */
public final class TlsAEADCipher implements TlsCipher {
    public static final int AEAD_CCM = 1;
    public static final int AEAD_CHACHA20_POLY1305 = 2;
    public static final int AEAD_GCM = 3;
    private static final int NONCE_RFC5288 = 1;
    private static final int NONCE_RFC7905 = 2;
    private static final long SEQUENCE_NUMBER_PLACEHOLDER = -1;
    private final TlsCryptoParameters cryptoParams;
    private final TlsAEADCipherImpl decryptCipher;
    private final byte[] decryptConnectionID;
    private final byte[] decryptNonce;
    private final boolean decryptUseInnerPlaintext;
    private final TlsAEADCipherImpl encryptCipher;
    private final byte[] encryptConnectionID;
    private final byte[] encryptNonce;
    private final boolean encryptUseInnerPlaintext;
    private final int fixed_iv_length;
    private final boolean isTLSv13;
    private final int keySize;
    private final int macSize;
    private final int nonceMode;
    private final int record_iv_length;

    public TlsAEADCipher(TlsCryptoParameters tlsCryptoParameters, TlsAEADCipherImpl tlsAEADCipherImpl, TlsAEADCipherImpl tlsAEADCipherImpl2, int i10, int i11, int i12) {
        int i13;
        SecurityParameters securityParametersHandshake = tlsCryptoParameters.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        if (!TlsImplUtils.isTLSv12(negotiatedVersion)) {
            throw new TlsFatalAlert((short) 80);
        }
        boolean isTLSv13 = TlsImplUtils.isTLSv13(negotiatedVersion);
        this.isTLSv13 = isTLSv13;
        int nonceMode = getNonceMode(isTLSv13, i12);
        this.nonceMode = nonceMode;
        byte[] connectionIDPeer = securityParametersHandshake.getConnectionIDPeer();
        this.decryptConnectionID = connectionIDPeer;
        byte[] connectionIDLocal = securityParametersHandshake.getConnectionIDLocal();
        this.encryptConnectionID = connectionIDLocal;
        this.decryptUseInnerPlaintext = isTLSv13 || !Arrays.isNullOrEmpty(connectionIDPeer);
        this.encryptUseInnerPlaintext = isTLSv13 || !Arrays.isNullOrEmpty(connectionIDLocal);
        if (nonceMode == 1) {
            this.fixed_iv_length = 4;
            this.record_iv_length = 8;
        } else {
            if (nonceMode != 2) {
                throw new TlsFatalAlert((short) 80);
            }
            this.fixed_iv_length = 12;
            this.record_iv_length = 0;
        }
        this.cryptoParams = tlsCryptoParameters;
        this.keySize = i10;
        this.macSize = i11;
        this.decryptCipher = tlsAEADCipherImpl2;
        this.encryptCipher = tlsAEADCipherImpl;
        int i14 = this.fixed_iv_length;
        byte[] bArr = new byte[i14];
        this.decryptNonce = bArr;
        byte[] bArr2 = new byte[i14];
        this.encryptNonce = bArr2;
        boolean isServer = tlsCryptoParameters.isServer();
        if (isTLSv13) {
            rekeyCipher(securityParametersHandshake, tlsAEADCipherImpl2, bArr, !isServer);
            rekeyCipher(securityParametersHandshake, tlsAEADCipherImpl, bArr2, isServer);
            return;
        }
        int i15 = (this.fixed_iv_length * 2) + (i10 * 2);
        byte[] calculateKeyBlock = TlsImplUtils.calculateKeyBlock(tlsCryptoParameters, i15);
        if (isServer) {
            tlsAEADCipherImpl2.setKey(calculateKeyBlock, 0, i10);
            tlsAEADCipherImpl.setKey(calculateKeyBlock, i10, i10);
            int i16 = i10 + i10;
            System.arraycopy(calculateKeyBlock, i16, bArr, 0, this.fixed_iv_length);
            int i17 = this.fixed_iv_length;
            i13 = i16 + i17;
            System.arraycopy(calculateKeyBlock, i13, bArr2, 0, i17);
        } else {
            tlsAEADCipherImpl.setKey(calculateKeyBlock, 0, i10);
            tlsAEADCipherImpl2.setKey(calculateKeyBlock, i10, i10);
            int i18 = i10 + i10;
            System.arraycopy(calculateKeyBlock, i18, bArr2, 0, this.fixed_iv_length);
            int i19 = this.fixed_iv_length;
            i13 = i18 + i19;
            System.arraycopy(calculateKeyBlock, i13, bArr, 0, i19);
        }
        if (i15 != i13 + this.fixed_iv_length) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    private byte[] getAdditionalData(long j10, short s10, ProtocolVersion protocolVersion, int i10, int i11, byte[] bArr) {
        if (!Arrays.isNullOrEmpty(bArr)) {
            int length = bArr.length;
            byte[] bArr2 = new byte[length + 23];
            TlsUtils.writeUint64(-1L, bArr2, 0);
            TlsUtils.writeUint8((short) 25, bArr2, 8);
            TlsUtils.writeUint8(length, bArr2, 9);
            TlsUtils.writeUint8((short) 25, bArr2, 10);
            TlsUtils.writeVersion(protocolVersion, bArr2, 11);
            TlsUtils.writeUint64(j10, bArr2, 13);
            System.arraycopy(bArr, 0, bArr2, 21, length);
            TlsUtils.writeUint16(i11, bArr2, length + 21);
            return bArr2;
        }
        if (this.isTLSv13) {
            byte[] bArr3 = new byte[5];
            TlsUtils.writeUint8(s10, bArr3, 0);
            TlsUtils.writeVersion(protocolVersion, bArr3, 1);
            TlsUtils.writeUint16(i10, bArr3, 3);
            return bArr3;
        }
        byte[] bArr4 = new byte[13];
        TlsUtils.writeUint64(j10, bArr4, 0);
        TlsUtils.writeUint8(s10, bArr4, 8);
        TlsUtils.writeVersion(protocolVersion, bArr4, 9);
        TlsUtils.writeUint16(i11, bArr4, 11);
        return bArr4;
    }

    private static int getNonceMode(boolean z8, int i10) {
        if (i10 != 1) {
            if (i10 == 2) {
                return 2;
            }
            if (i10 != 3) {
                throw new TlsFatalAlert((short) 80);
            }
        }
        return z8 ? 2 : 1;
    }

    private void rekeyCipher(SecurityParameters securityParameters, TlsAEADCipherImpl tlsAEADCipherImpl, byte[] bArr, boolean z8) {
        if (!this.isTLSv13) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsSecret trafficSecretServer = z8 ? securityParameters.getTrafficSecretServer() : securityParameters.getTrafficSecretClient();
        if (trafficSecretServer == null) {
            throw new TlsFatalAlert((short) 80);
        }
        setup13Cipher(tlsAEADCipherImpl, bArr, trafficSecretServer, securityParameters.getPRFCryptoHashAlgorithm());
    }

    private void setup13Cipher(TlsAEADCipherImpl tlsAEADCipherImpl, byte[] bArr, TlsSecret tlsSecret, int i10) {
        byte[] bArr2 = TlsUtils.EMPTY_BYTES;
        byte[] extract = TlsCryptoUtils.hkdfExpandLabel(tlsSecret, i10, "key", bArr2, this.keySize).extract();
        byte[] extract2 = TlsCryptoUtils.hkdfExpandLabel(tlsSecret, i10, "iv", bArr2, this.fixed_iv_length).extract();
        tlsAEADCipherImpl.setKey(extract, 0, this.keySize);
        System.arraycopy(extract2, 0, bArr, 0, this.fixed_iv_length);
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public TlsDecodeResult decodeCiphertext(long j10, short s10, ProtocolVersion protocolVersion, byte[] bArr, int i10, int i11) {
        short s11;
        byte b10;
        if (getPlaintextDecodeLimit(i11) < 0) {
            throw new TlsFatalAlert((short) 50);
        }
        byte[] bArr2 = this.decryptNonce;
        int length = bArr2.length + this.record_iv_length;
        byte[] bArr3 = new byte[length];
        int i12 = this.nonceMode;
        int i13 = 0;
        if (i12 == 1) {
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            int i14 = this.record_iv_length;
            System.arraycopy(bArr, i10, bArr3, length - i14, i14);
        } else {
            if (i12 != 2) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.writeUint64(j10, bArr3, length - 8);
            while (true) {
                byte[] bArr4 = this.decryptNonce;
                if (i13 >= bArr4.length) {
                    break;
                }
                bArr3[i13] = (byte) (bArr4[i13] ^ bArr3[i13]);
                i13++;
            }
        }
        this.decryptCipher.init(bArr3, this.macSize);
        int i15 = this.record_iv_length;
        int i16 = i10 + i15;
        int i17 = i11 - i15;
        int outputSize = this.decryptCipher.getOutputSize(i17);
        try {
            if (this.decryptCipher.doFinal(getAdditionalData(j10, s10, protocolVersion, i11, outputSize, this.decryptConnectionID), bArr, i16, i17, bArr, i16) != outputSize) {
                throw new TlsFatalAlert((short) 80);
            }
            if (!this.decryptUseInnerPlaintext) {
                s11 = s10;
                return new TlsDecodeResult(bArr, i16, outputSize, s11);
            }
            do {
                outputSize--;
                if (outputSize < 0) {
                    throw new TlsFatalAlert((short) 10);
                }
                b10 = bArr[i16 + outputSize];
            } while (b10 == 0);
            s11 = (short) (b10 & 255);
            return new TlsDecodeResult(bArr, i16, outputSize, s11);
        } catch (RuntimeException e10) {
            throw new TlsFatalAlert((short) 20, (Throwable) e10);
        }
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public TlsEncodeResult encodePlaintext(long j10, short s10, ProtocolVersion protocolVersion, int i10, byte[] bArr, int i11, int i12) {
        short s11;
        int i13 = i10;
        byte[] bArr2 = this.encryptNonce;
        int length = bArr2.length + this.record_iv_length;
        byte[] bArr3 = new byte[length];
        int i14 = this.nonceMode;
        if (i14 == 1) {
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            TlsUtils.writeUint64(j10, bArr3, this.encryptNonce.length);
        } else {
            if (i14 != 2) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.writeUint64(j10, bArr3, length - 8);
            int i15 = 0;
            while (true) {
                byte[] bArr4 = this.encryptNonce;
                if (i15 >= bArr4.length) {
                    break;
                }
                bArr3[i15] = (byte) (bArr4[i15] ^ bArr3[i15]);
                i15++;
            }
        }
        int i16 = i12 + (this.encryptUseInnerPlaintext ? 1 : 0);
        this.encryptCipher.init(bArr3, this.macSize);
        int outputSize = this.encryptCipher.getOutputSize(i16);
        int i17 = this.record_iv_length;
        int i18 = i17 + outputSize;
        int i19 = i13 + i18;
        byte[] bArr5 = new byte[i19];
        if (i17 != 0) {
            System.arraycopy(bArr3, length - i17, bArr5, i13, i17);
            i13 += this.record_iv_length;
        }
        if (this.encryptUseInnerPlaintext) {
            s11 = this.isTLSv13 ? (short) 23 : (short) 25;
        } else {
            s11 = s10;
        }
        short s12 = s11;
        byte[] additionalData = getAdditionalData(j10, s11, protocolVersion, i18, i16, this.encryptConnectionID);
        try {
            System.arraycopy(bArr, i11, bArr5, i13, i12);
            if (this.encryptUseInnerPlaintext) {
                bArr5[i13 + i12] = (byte) s10;
            }
            if (i13 + this.encryptCipher.doFinal(additionalData, bArr5, i13, i16, bArr5, i13) == i19) {
                return new TlsEncodeResult(bArr5, 0, i19, s12);
            }
            throw new TlsFatalAlert((short) 80);
        } catch (RuntimeException e10) {
            throw new TlsFatalAlert((short) 80, (Throwable) e10);
        }
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextDecodeLimit(int i10) {
        return i10 + (this.decryptUseInnerPlaintext ? 1 : 0) + this.macSize + this.record_iv_length;
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextEncodeLimit(int i10) {
        return i10 + (this.encryptUseInnerPlaintext ? 1 : 0) + this.macSize + this.record_iv_length;
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextDecodeLimit(int i10) {
        return ((i10 - this.macSize) - this.record_iv_length) - (this.decryptUseInnerPlaintext ? 1 : 0);
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextEncodeLimit(int i10) {
        return ((i10 - this.macSize) - this.record_iv_length) - (this.encryptUseInnerPlaintext ? 1 : 0);
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyDecoder() {
        rekeyCipher(this.cryptoParams.getSecurityParametersConnection(), this.decryptCipher, this.decryptNonce, !this.cryptoParams.isServer());
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyEncoder() {
        rekeyCipher(this.cryptoParams.getSecurityParametersConnection(), this.encryptCipher, this.encryptNonce, this.cryptoParams.isServer());
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public boolean usesOpaqueRecordTypeDecode() {
        return this.decryptUseInnerPlaintext;
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsCipher
    public boolean usesOpaqueRecordTypeEncode() {
        return this.encryptUseInnerPlaintext;
    }
}
