package org.bouncycastle.tls.crypto.impl;

import java.io.IOException;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:org/bouncycastle/tls/crypto/impl/TlsAEADCipher.class */
public class TlsAEADCipher implements TlsCipher {
    public static final int NONCE_RFC5288 = 1;
    public static final int NONCE_RFC7905 = 2;
    public static final byte[] EPOCH_1 = {0, 1};
    private static Class fipsNonceGeneratorClass = lookup("org.bouncycastle.crypto.fips.FipsNonceGenerator");
    protected final TlsCryptoParameters cryptoParams;
    protected final int macSize;
    protected final int record_iv_length;
    protected final TlsAEADCipherImpl decryptCipher;
    protected final TlsAEADCipherImpl encryptCipher;
    protected final byte[] encryptImplicitNonce;
    protected final byte[] decryptImplicitNonce;
    protected final int nonceMode;
    protected final AEADNonceGenerator encryptNonceGenerator;

    public TlsAEADCipher(TlsCryptoParameters tlsCryptoParameters, TlsAEADCipherImpl tlsAEADCipherImpl, TlsAEADCipherImpl tlsAEADCipherImpl2, int i, int i2) throws IOException {
        this(tlsCryptoParameters, tlsAEADCipherImpl, tlsAEADCipherImpl2, i, i2, 1);
    }

    public TlsAEADCipher(TlsCryptoParameters tlsCryptoParameters, TlsAEADCipherImpl tlsAEADCipherImpl, TlsAEADCipherImpl tlsAEADCipherImpl2, int i, int i2, int i3) throws IOException {
        int i4;
        TlsAEADCipherImpl tlsAEADCipherImpl3;
        TlsAEADCipherImpl tlsAEADCipherImpl4;
        if (!TlsImplUtils.isTLSv12(tlsCryptoParameters)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.nonceMode = i3;
        switch (i3) {
            case 1:
                i4 = 4;
                this.record_iv_length = 8;
                break;
            case 2:
                i4 = 12;
                this.record_iv_length = 0;
                break;
            default:
                throw new TlsFatalAlert((short) 80);
        }
        this.cryptoParams = tlsCryptoParameters;
        this.macSize = i2;
        this.encryptCipher = tlsAEADCipherImpl;
        this.decryptCipher = tlsAEADCipherImpl2;
        if (tlsCryptoParameters.isServer()) {
            tlsAEADCipherImpl3 = tlsAEADCipherImpl2;
            tlsAEADCipherImpl4 = tlsAEADCipherImpl;
        } else {
            tlsAEADCipherImpl3 = tlsAEADCipherImpl;
            tlsAEADCipherImpl4 = tlsAEADCipherImpl2;
        }
        int i5 = (2 * i) + (2 * i4);
        byte[] calculateKeyBlock = TlsImplUtils.calculateKeyBlock(tlsCryptoParameters, i5);
        tlsAEADCipherImpl3.setKey(calculateKeyBlock, 0, i);
        int i6 = 0 + i;
        tlsAEADCipherImpl4.setKey(calculateKeyBlock, i6, i);
        int i7 = i6 + i;
        byte[] copyOfRange = Arrays.copyOfRange(calculateKeyBlock, i7, i7 + i4);
        int i8 = i7 + i4;
        byte[] copyOfRange2 = Arrays.copyOfRange(calculateKeyBlock, i8, i8 + i4);
        if (i8 + i4 != i5) {
            throw new TlsFatalAlert((short) 80);
        }
        if (tlsCryptoParameters.isServer()) {
            this.encryptImplicitNonce = copyOfRange2;
            this.decryptImplicitNonce = copyOfRange;
        } else {
            this.encryptImplicitNonce = copyOfRange;
            this.decryptImplicitNonce = copyOfRange2;
        }
        byte[] bArr = new byte[i4 + this.record_iv_length];
        this.encryptCipher.init(bArr, i2, null);
        this.decryptCipher.init(bArr, i2, null);
        if (i3 != 1 || fipsNonceGeneratorClass == null) {
            this.encryptNonceGenerator = null;
            return;
        }
        int i9 = 64;
        byte[] copyOf = Arrays.copyOf(this.encryptImplicitNonce, this.encryptImplicitNonce.length + this.record_iv_length);
        if (tlsCryptoParameters.getServerVersion().isDTLS()) {
            i9 = 48;
            int length = copyOf.length - 8;
            copyOf[length] = (byte) (copyOf[length] ^ EPOCH_1[0]);
            int length2 = copyOf.length - 7;
            copyOf[length2] = (byte) (copyOf[length2] ^ EPOCH_1[1]);
        }
        this.encryptNonceGenerator = new BCFipsAEADNonceGenerator(copyOf, i9);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextLimit(int i) {
        return i + this.macSize + this.record_iv_length;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextLimit(int i) {
        return (i - this.macSize) - this.record_iv_length;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public byte[] encodePlaintext(long j, short s, byte[] bArr, int i, int i2) throws IOException {
        byte[] bArr2 = new byte[this.encryptImplicitNonce.length + this.record_iv_length];
        switch (this.nonceMode) {
            case 1:
                if (this.encryptNonceGenerator != null) {
                    this.encryptNonceGenerator.generateNonce(bArr2);
                    break;
                } else {
                    System.arraycopy(this.encryptImplicitNonce, 0, bArr2, 0, this.encryptImplicitNonce.length);
                    TlsUtils.writeUint64(j, bArr2, this.encryptImplicitNonce.length);
                    break;
                }
            case 2:
                TlsUtils.writeUint64(j, bArr2, bArr2.length - 8);
                for (int i3 = 0; i3 < this.encryptImplicitNonce.length; i3++) {
                    int i4 = i3;
                    bArr2[i4] = (byte) (bArr2[i4] ^ this.encryptImplicitNonce[i3]);
                }
                break;
            default:
                throw new TlsFatalAlert((short) 80);
        }
        byte[] bArr3 = new byte[this.record_iv_length + this.encryptCipher.getOutputSize(i2)];
        if (this.record_iv_length != 0) {
            System.arraycopy(bArr2, bArr2.length - this.record_iv_length, bArr3, 0, this.record_iv_length);
        }
        int i5 = this.record_iv_length;
        try {
            this.encryptCipher.init(bArr2, this.macSize, getAdditionalData(j, s, i2));
            if (i5 + this.encryptCipher.doFinal(bArr, i, i2, bArr3, i5) != bArr3.length) {
                throw new TlsFatalAlert((short) 80);
            }
            return bArr3;
        } catch (Exception e) {
            throw new TlsFatalAlert((short) 80, e);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public byte[] decodeCiphertext(long j, short s, byte[] bArr, int i, int i2) throws IOException {
        if (getPlaintextLimit(i2) < 0) {
            throw new TlsFatalAlert((short) 50);
        }
        byte[] bArr2 = new byte[this.decryptImplicitNonce.length + this.record_iv_length];
        switch (this.nonceMode) {
            case 1:
                System.arraycopy(this.decryptImplicitNonce, 0, bArr2, 0, this.decryptImplicitNonce.length);
                System.arraycopy(bArr, i, bArr2, bArr2.length - this.record_iv_length, this.record_iv_length);
                break;
            case 2:
                TlsUtils.writeUint64(j, bArr2, bArr2.length - 8);
                for (int i3 = 0; i3 < this.decryptImplicitNonce.length; i3++) {
                    int i4 = i3;
                    bArr2[i4] = (byte) (bArr2[i4] ^ this.decryptImplicitNonce[i3]);
                }
                break;
            default:
                throw new TlsFatalAlert((short) 80);
        }
        int i5 = i + this.record_iv_length;
        int i6 = i2 - this.record_iv_length;
        int outputSize = this.decryptCipher.getOutputSize(i6);
        byte[] bArr3 = new byte[outputSize];
        try {
            this.decryptCipher.init(bArr2, this.macSize, getAdditionalData(j, s, outputSize));
            if (0 + this.decryptCipher.doFinal(bArr, i5, i6, bArr3, 0) != bArr3.length) {
                throw new TlsFatalAlert((short) 80);
            }
            return bArr3;
        } catch (Exception e) {
            throw new TlsFatalAlert((short) 20, e);
        }
    }

    protected byte[] getAdditionalData(long j, short s, int i) throws IOException {
        byte[] bArr = new byte[13];
        TlsUtils.writeUint64(j, bArr, 0);
        TlsUtils.writeUint8(s, bArr, 8);
        TlsUtils.writeVersion(this.cryptoParams.getServerVersion(), bArr, 9);
        TlsUtils.writeUint16(i, bArr, 11);
        return bArr;
    }

    private static Class lookup(String str) {
        try {
            return TlsAEADCipher.class.getClassLoader().loadClass(str);
        } catch (Exception e) {
            return null;
        }
    }
}
