package org.bouncycastle.crypto.engines;

import java.io.ByteArrayOutputStream;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
import org.bouncycastle.crypto.modes.AEADCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes10.dex */
public class XoodyakEngine implements AEADCipher {
    public byte[] K;
    public int Rabsorb;
    public boolean aadFinished;
    public boolean encrypted;
    public boolean forEncryption;
    public byte[] iv;
    public MODE mode;
    public int phase;
    public byte[] state;
    public byte[] tag;
    public final int f_bPrime = 48;
    public final int Rkout = 24;
    public final int PhaseDown = 1;
    public final int PhaseUp = 2;
    public final int NLANES = 12;
    public final int NROWS = 3;
    public final int NCOLUMS = 4;
    public final int MAXROUNDS = 12;
    public final int TAGLEN = 16;
    public final int Rkin = 44;
    public final int[] RC = {88, 56, 960, 208, 288, 20, 96, 44, 896, 240, 416, 18};
    public boolean initialised = false;
    public final ByteArrayOutputStream aadData = new ByteArrayOutputStream();
    public final ByteArrayOutputStream message = new ByteArrayOutputStream();

    /* loaded from: classes10.dex */
    public enum MODE {
        ModeHash,
        ModeKeyed
    }

    private void AbsorbAny(byte[] bArr, int i, int i2, int i3, int i4) {
        while (true) {
            if (this.phase != 2) {
                Up(null, 0, 0);
            }
            int min = Math.min(i2, i3);
            Down(bArr, i, min, i4);
            int i5 = min;
            while (i5 != 0) {
                int i6 = i ^ i5;
                i5 = (i & i5) << 1;
                i = i6;
            }
            i2 -= min;
            if (i2 == 0) {
                return;
            } else {
                i4 = 0;
            }
        }
    }

    private int ROTL32(int i, int i2) {
        int i3 = 32 - i2;
        return (i << (31 & i2)) ^ (i >>> ((i3 + 31) - (i3 | 31)));
    }

    private void Up(byte[] bArr, int i, int i2) {
        int i3;
        if (this.mode != MODE.ModeHash) {
            byte[] bArr2 = this.state;
            byte b = bArr2[47];
            bArr2[47] = (byte) ((b | i2) & ((~b) | (~i2)));
        }
        int i4 = 12;
        int[] iArr = new int[12];
        Pack.littleEndianToInt(this.state, 0, iArr, 0, 12);
        int[] iArr2 = new int[12];
        int[] iArr3 = new int[4];
        int[] iArr4 = new int[4];
        for (int i5 = 0; i5 < i4; i5 = (i5 & 1) + (i5 | 1)) {
            int i6 = 0;
            while (i6 < 4) {
                int i7 = iArr[index(i6, 1)] ^ iArr[index(i6, 0)];
                int i8 = iArr[index(i6, 2)];
                iArr3[i6] = (i7 | i8) & ((~i7) | (~i8));
                int i9 = 1;
                while (i9 != 0) {
                    int i10 = i6 ^ i9;
                    i9 = (i6 & i9) << 1;
                    i6 = i10;
                }
            }
            int i11 = 0;
            while (true) {
                i3 = 3;
                if (i11 >= 4) {
                    break;
                }
                int i12 = 3;
                int i13 = i11;
                while (i12 != 0) {
                    int i14 = i13 ^ i12;
                    i12 = (i13 & i12) << 1;
                    i13 = i14;
                }
                int i15 = iArr3[(3 + i13) - (3 | i13)];
                int ROTL32 = ROTL32(i15, 5);
                int ROTL322 = ROTL32(i15, 14);
                iArr4[i11] = (ROTL322 | ROTL32) & ((~ROTL322) | (~ROTL32));
                i11++;
            }
            for (int i16 = 0; i16 < 4; i16++) {
                int i17 = 0;
                while (i17 < 3) {
                    int index = index(i16, i17);
                    iArr[index] = iArr[index] ^ iArr4[i16];
                    int i18 = 1;
                    while (i18 != 0) {
                        int i19 = i17 ^ i18;
                        i18 = (i17 & i18) << 1;
                        i17 = i19;
                    }
                }
            }
            int i20 = 0;
            while (i20 < 4) {
                iArr2[index(i20, 0)] = iArr[index(i20, 0)];
                iArr2[index(i20, 1)] = iArr[index(3 + i20, 1)];
                iArr2[index(i20, 2)] = ROTL32(iArr[index(i20, 2)], 11);
                int i21 = 1;
                while (i21 != 0) {
                    int i22 = i20 ^ i21;
                    i21 = (i20 & i21) << 1;
                    i20 = i22;
                }
            }
            iArr2[0] = iArr2[0] ^ this.RC[i5];
            int i23 = 0;
            while (i23 < 4) {
                int i24 = 0;
                while (i24 < i3) {
                    int index2 = index(i23, i24);
                    int i25 = iArr2[index(i23, i24)];
                    int i26 = (i24 & 1) + (1 | i24);
                    int i27 = ~iArr2[index(i23, i26)];
                    int i28 = iArr2[index(i23, (i24 & 2) + (i24 | 2))];
                    iArr[index2] = ((i27 + i28) - (i27 | i28)) ^ i25;
                    i24 = i26;
                    i3 = 3;
                }
                int i29 = 1;
                while (i29 != 0) {
                    int i30 = i23 ^ i29;
                    i29 = (i23 & i29) << 1;
                    i23 = i30;
                }
                i3 = 3;
            }
            for (int i31 = 0; i31 < 4; i31 = (i31 & 1) + (i31 | 1)) {
                iArr2[index(i31, 0)] = iArr[index(i31, 0)];
                iArr2[index(i31, 1)] = ROTL32(iArr[index(i31, 1)], 1);
                int index3 = index(i31, 2);
                int i32 = 2;
                int i33 = i31;
                while (i32 != 0) {
                    int i34 = i33 ^ i32;
                    i32 = (i33 & i32) << 1;
                    i33 = i34;
                }
                iArr2[index3] = ROTL32(iArr[index(i33, 2)], 8);
            }
            i4 = 12;
            System.arraycopy(iArr2, 0, iArr, 0, 12);
        }
        Pack.intToLittleEndian(iArr, 0, i4, this.state, 0);
        this.phase = 2;
        if (bArr != null) {
            System.arraycopy(this.state, 0, bArr, 0, i);
        }
    }

    private int encrypt(byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        int i4 = i3;
        byte[] bArr3 = new byte[24];
        int i5 = this.encrypted ? 0 : 128;
        int i6 = i2;
        while (true) {
            if (i6 == 0 && this.encrypted) {
                return i2;
            }
            int min = Math.min(i6, 24);
            if (this.forEncryption) {
                System.arraycopy(bArr, i, bArr3, 0, min);
            }
            Up(null, 0, i5);
            int i7 = 0;
            while (i7 < min) {
                int i8 = i4 + i7;
                int i9 = 1;
                int i10 = i;
                while (i9 != 0) {
                    int i11 = i10 ^ i9;
                    i9 = (i10 & i9) << 1;
                    i10 = i11;
                }
                byte b = bArr[i];
                byte b2 = this.state[i7];
                bArr2[i8] = (byte) ((b | b2) & ((~b) | (~b2)));
                int i12 = 1;
                while (i12 != 0) {
                    int i13 = i7 ^ i12;
                    i12 = (i7 & i12) << 1;
                    i7 = i13;
                }
                i = i10;
            }
            if (this.forEncryption) {
                Down(bArr3, 0, min, 0);
            } else {
                Down(bArr2, i4, min, 0);
            }
            int i14 = min;
            while (i14 != 0) {
                int i15 = i4 ^ i14;
                i14 = (i4 & i14) << 1;
                i4 = i15;
            }
            i6 -= min;
            this.encrypted = true;
            i5 = 0;
        }
    }

    private int index(int i, int i2) {
        int i3 = (i2 % 3) * 4;
        int i4 = i % 4;
        while (i4 != 0) {
            int i5 = i3 ^ i4;
            i4 = (i3 & i4) << 1;
            i3 = i5;
        }
        return i3;
    }

    private void processAAD() {
        if (this.aadFinished) {
            return;
        }
        byte[] byteArray = this.aadData.toByteArray();
        AbsorbAny(byteArray, 0, byteArray.length, this.Rabsorb, 3);
        this.aadFinished = true;
    }

    private void reset(boolean z) {
        if (z) {
            this.tag = null;
        }
        Arrays.fill(this.state, (byte) 0);
        this.aadFinished = false;
        this.encrypted = false;
        this.phase = 2;
        this.message.reset();
        this.aadData.reset();
        int length = this.K.length;
        int length2 = this.iv.length;
        byte[] bArr = new byte[44];
        this.mode = MODE.ModeKeyed;
        this.Rabsorb = 44;
        System.arraycopy(this.K, 0, bArr, 0, length);
        System.arraycopy(this.iv, 0, bArr, length, length2);
        int i = length + length2;
        bArr[i] = (byte) length2;
        AbsorbAny(bArr, 0, i + 1, this.Rabsorb, 2);
    }

    public void Down(byte[] bArr, int i, int i2, int i3) {
        int i4 = 0;
        while (i4 < i2) {
            byte[] bArr2 = this.state;
            byte b = bArr2[i4];
            byte b2 = bArr[i];
            bArr2[i4] = (byte) ((b2 | b) & ((~b2) | (~b)));
            i4 = (i4 & 1) + (i4 | 1);
            i = (i & 1) + (1 | i);
        }
        byte[] bArr3 = this.state;
        byte b3 = bArr3[i2];
        bArr3[i2] = (byte) ((b3 | 1) & ((~b3) | (~1)));
        byte b4 = bArr3[47];
        if (this.mode == MODE.ModeHash) {
            i3 = (i3 + 1) - (i3 | 1);
        }
        bArr3[47] = (byte) ((b4 | i3) & ((~b4) | (~i3)));
        this.phase = 1;
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0026, code lost:
    
        if (r2 <= r11.length) goto L11;
     */
    @Override // org.bouncycastle.crypto.modes.AEADCipher
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int doFinal(byte[] r11, int r12) throws java.lang.IllegalStateException, org.bouncycastle.crypto.InvalidCipherTextException {
        /*
            r10 = this;
            r7 = r10
            r12 = r12
            boolean r0 = r7.initialised
            if (r0 == 0) goto L8e
            java.io.ByteArrayOutputStream r0 = r7.message
            byte[] r8 = r0.toByteArray()
            java.io.ByteArrayOutputStream r0 = r7.message
            int r10 = r0.size()
            boolean r3 = r7.forEncryption
            r11 = r11
            if (r3 == 0) goto L28
            r0 = 16
            int r2 = r10 + r0
            r1 = r12
        L1c:
            if (r1 == 0) goto L25
            r0 = r2 ^ r1
            r2 = r2 & r1
            int r1 = r2 << 1
            r2 = r0
            goto L1c
        L25:
            int r0 = r11.length
            if (r2 > r0) goto L86
        L28:
            if (r3 != 0) goto L34
            r0 = -16
            r1 = r10 & r0
            r0 = r0 | r10
            int r1 = r1 + r0
            int r1 = r1 + r12
            int r0 = r11.length
            if (r1 > r0) goto L86
        L34:
            r7.processAAD()
            boolean r0 = r7.forEncryption
            r2 = 64
            r4 = 0
            r3 = 16
            if (r0 == 0) goto L59
            r9 = 0
            r7.encrypt(r8, r9, r10, r11, r12)
            r1 = r12 & r10
            r12 = r12 | r10
            int r1 = r1 + r12
            byte[] r0 = new byte[r3]
            r7.tag = r0
            r7.Up(r0, r3, r2)
            byte[] r0 = r7.tag
            java.lang.System.arraycopy(r0, r4, r11, r1, r3)
            int r10 = r10 + r3
        L55:
            r7.reset(r4)
            return r10
        L59:
            int r10 = r10 - r3
            r9 = 0
            r7.encrypt(r8, r9, r10, r11, r12)
            byte[] r0 = new byte[r3]
            r7.tag = r0
            r7.Up(r0, r3, r2)
            r6 = r10
            r5 = r4
        L67:
            if (r5 >= r3) goto L55
            byte[] r0 = r7.tag
            r1 = r0[r5]
            r0 = 1
            r2 = r6 & r0
            r0 = r0 | r6
            int r2 = r2 + r0
            r0 = r8[r6]
            if (r1 != r0) goto L7e
            r1 = 1
            r0 = r5 & r1
            r5 = r5 | r1
            int r0 = r0 + r5
            r5 = r0
            r6 = r2
            goto L67
        L7e:
            java.lang.IllegalArgumentException r1 = new java.lang.IllegalArgumentException
            java.lang.String r0 = "Mac does not match"
            r1.<init>(r0)
            throw r1
        L86:
            org.bouncycastle.crypto.OutputLengthException r1 = new org.bouncycastle.crypto.OutputLengthException
            java.lang.String r0 = "output buffer too short"
            r1.<init>(r0)
            throw r1
        L8e:
            java.lang.IllegalArgumentException r1 = new java.lang.IllegalArgumentException
            java.lang.String r0 = "Need call init function before encryption/decryption"
            r1.<init>(r0)
            throw r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.crypto.engines.XoodyakEngine.doFinal(byte[], int):int");
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return "Xoodyak AEAD";
    }

    public int getBlockSize() {
        return 24;
    }

    public int getIVBytesSize() {
        return 16;
    }

    public int getKeyBytesSize() {
        return 16;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        return this.tag;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i) {
        int i2 = 16;
        while (i2 != 0) {
            int i3 = i ^ i2;
            i2 = (i & i2) << 1;
            i = i3;
        }
        return i;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i) {
        return i;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z, CipherParameters cipherParameters) throws IllegalArgumentException {
        this.forEncryption = z;
        if (!(cipherParameters instanceof ParametersWithIV)) {
            throw new IllegalArgumentException("Xoodyak init parameters must include an IV");
        }
        ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
        byte[] iv = parametersWithIV.getIV();
        this.iv = iv;
        if (iv == null || iv.length != 16) {
            throw new IllegalArgumentException("Xoodyak requires exactly 16 bytes of IV");
        }
        if (!(parametersWithIV.getParameters() instanceof KeyParameter)) {
            throw new IllegalArgumentException("Xoodyak init parameters must include a key");
        }
        byte[] key = ((KeyParameter) parametersWithIV.getParameters()).getKey();
        this.K = key;
        if (key.length != 16) {
            throw new IllegalArgumentException("Xoodyak key must be 128 bits long");
        }
        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties(getAlgorithmName(), 128, cipherParameters, Utils.getPurpose(z)));
        this.state = new byte[48];
        this.tag = new byte[16];
        this.initialised = true;
        reset();
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADByte(byte b) {
        if (this.aadFinished) {
            throw new IllegalArgumentException("AAD cannot be added after reading a full block(" + getBlockSize() + " bytes) of input for " + (this.forEncryption ? "encryption" : "decryption"));
        }
        this.aadData.write(b);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i, int i2) {
        if (this.aadFinished) {
            throw new IllegalArgumentException("AAD cannot be added after reading a full block(" + getBlockSize() + " bytes) of input for " + (this.forEncryption ? "encryption" : "decryption"));
        }
        if ((i & i2) + (i | i2) > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        this.aadData.write(bArr, i, i2);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b, byte[] bArr, int i) throws DataLengthException {
        return processBytes(new byte[]{b}, 0, 1, bArr, i);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws DataLengthException {
        if (!this.initialised) {
            throw new IllegalArgumentException("Need call init function before encryption/decryption");
        }
        if (this.mode != MODE.ModeKeyed) {
            throw new IllegalArgumentException("Xoodyak has not been initialised");
        }
        if (i + i2 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        this.message.write(bArr, i, i2);
        int size = this.message.size() - (this.forEncryption ? 0 : 16);
        if (size < getBlockSize()) {
            return 0;
        }
        byte[] byteArray = this.message.toByteArray();
        int blockSize = (size / getBlockSize()) * getBlockSize();
        if ((blockSize & i3) + (blockSize | i3) > bArr2.length) {
            throw new OutputLengthException("output buffer is too short");
        }
        processAAD();
        encrypt(byteArray, 0, blockSize, bArr2, i3);
        this.message.reset();
        this.message.write(byteArray, blockSize, byteArray.length - blockSize);
        return blockSize;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void reset() {
        if (!this.initialised) {
            throw new IllegalArgumentException("Need call init function before encryption/decryption");
        }
        reset(true);
    }
}
