package org.bouncycastle.tls.crypto.impl;

import java.io.IOException;
import java.security.SecureRandom;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsDecodeResult;
import org.bouncycastle.tls.crypto.TlsEncodeResult;
import org.bouncycastle.tls.crypto.TlsHMAC;

/* loaded from: classes5.dex */
public class TlsBlockCipher implements TlsCipher {
    protected final boolean acceptExtraPadding;
    protected final TlsCrypto crypto;
    protected final TlsCryptoParameters cryptoParams;
    protected final TlsBlockCipherImpl decryptCipher;
    protected final TlsBlockCipherImpl encryptCipher;
    protected final boolean encryptThenMAC;
    protected final byte[] randomData;
    protected final TlsSuiteMac readMac;
    protected final boolean useExplicitIV;
    protected final boolean useExtraPadding;
    protected final TlsSuiteMac writeMac;

    public TlsBlockCipher(TlsCrypto tlsCrypto, TlsCryptoParameters tlsCryptoParameters, TlsBlockCipherImpl tlsBlockCipherImpl, TlsBlockCipherImpl tlsBlockCipherImpl2, TlsHMAC tlsHMAC, TlsHMAC tlsHMAC2, int i11) throws IOException {
        TlsSuiteHMac tlsSuiteHMac;
        SecurityParameters securityParametersHandshake = tlsCryptoParameters.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        if (TlsImplUtils.isTLSv13(negotiatedVersion)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.cryptoParams = tlsCryptoParameters;
        this.crypto = tlsCrypto;
        this.randomData = tlsCryptoParameters.getNonceGenerator().generateNonce(256);
        boolean isEncryptThenMAC = securityParametersHandshake.isEncryptThenMAC();
        this.encryptThenMAC = isEncryptThenMAC;
        boolean isTLSv11 = TlsImplUtils.isTLSv11(negotiatedVersion);
        this.useExplicitIV = isTLSv11;
        boolean z11 = true;
        this.acceptExtraPadding = !negotiatedVersion.isSSL();
        if (!securityParametersHandshake.isExtendedPadding() || !ProtocolVersion.TLSv10.isEqualOrEarlierVersionOf(negotiatedVersion) || (!isEncryptThenMAC && securityParametersHandshake.isTruncatedHMac())) {
            z11 = false;
        }
        this.useExtraPadding = z11;
        this.encryptCipher = tlsBlockCipherImpl;
        this.decryptCipher = tlsBlockCipherImpl2;
        if (tlsCryptoParameters.isServer()) {
            tlsBlockCipherImpl2 = tlsBlockCipherImpl;
            tlsBlockCipherImpl = tlsBlockCipherImpl2;
        }
        int macLength = (i11 * 2) + tlsHMAC.getMacLength() + tlsHMAC2.getMacLength();
        macLength = isTLSv11 ? macLength : macLength + tlsBlockCipherImpl.getBlockSize() + tlsBlockCipherImpl2.getBlockSize();
        byte[] calculateKeyBlock = TlsImplUtils.calculateKeyBlock(tlsCryptoParameters, macLength);
        tlsHMAC.setKey(calculateKeyBlock, 0, tlsHMAC.getMacLength());
        int macLength2 = tlsHMAC.getMacLength();
        tlsHMAC2.setKey(calculateKeyBlock, macLength2, tlsHMAC2.getMacLength());
        int macLength3 = macLength2 + tlsHMAC2.getMacLength();
        tlsBlockCipherImpl.setKey(calculateKeyBlock, macLength3, i11);
        int i12 = macLength3 + i11;
        tlsBlockCipherImpl2.setKey(calculateKeyBlock, i12, i11);
        int i13 = i12 + i11;
        if (!isTLSv11) {
            tlsBlockCipherImpl.init(calculateKeyBlock, i13, tlsBlockCipherImpl.getBlockSize());
            int blockSize = i13 + tlsBlockCipherImpl.getBlockSize();
            tlsBlockCipherImpl2.init(calculateKeyBlock, blockSize, tlsBlockCipherImpl2.getBlockSize());
            i13 = blockSize + tlsBlockCipherImpl2.getBlockSize();
        }
        if (i13 != macLength) {
            throw new TlsFatalAlert((short) 80);
        }
        if (tlsCryptoParameters.isServer()) {
            this.writeMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC2);
            tlsSuiteHMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC);
        } else {
            this.writeMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC);
            tlsSuiteHMac = new TlsSuiteHMac(tlsCryptoParameters, tlsHMAC2);
        }
        this.readMac = tlsSuiteHMac;
    }

    protected int checkPaddingConstantTime(byte[] bArr, int i11, int i12, int i13, int i14) {
        byte b11;
        int i15;
        int i16 = i11 + i12;
        byte b12 = bArr[i16 - 1];
        int i17 = (b12 & 255) + 1;
        if (this.acceptExtraPadding) {
            i13 = 256;
        }
        if (i17 > Math.min(i13, i12 - i14)) {
            i15 = 0;
            b11 = 0;
            i17 = 0;
        } else {
            int i18 = i16 - i17;
            b11 = 0;
            while (true) {
                int i19 = i18 + 1;
                b11 = (byte) ((bArr[i18] ^ b12) | b11);
                if (i19 >= i16) {
                    break;
                }
                i18 = i19;
            }
            i15 = i17;
            if (b11 != 0) {
                i17 = 0;
            }
        }
        byte[] bArr2 = this.randomData;
        while (i15 < 256) {
            b11 = (byte) ((bArr2[i15] ^ b12) | b11);
            i15++;
        }
        bArr2[0] = (byte) (bArr2[0] ^ b11);
        return i17;
    }

    protected int chooseExtraPadBlocks(SecureRandom secureRandom, int i11) {
        return Math.min(lowestBitSet(secureRandom.nextInt()), i11);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public TlsDecodeResult decodeCiphertext(long j11, short s11, ProtocolVersion protocolVersion, byte[] bArr, int i11, int i12) throws IOException {
        int i13;
        int i14;
        byte[] bArr2;
        int i15 = i11;
        int blockSize = this.decryptCipher.getBlockSize();
        int size = this.readMac.getSize();
        int max = this.encryptThenMAC ? blockSize + size : Math.max(blockSize, size + 1);
        if (this.useExplicitIV) {
            max += blockSize;
        }
        if (i12 < max) {
            throw new TlsFatalAlert((short) 50);
        }
        boolean z11 = this.encryptThenMAC;
        int i16 = z11 ? i12 - size : i12;
        if (i16 % blockSize != 0) {
            throw new TlsFatalAlert((short) 21);
        }
        if (z11) {
            i13 = 0;
            if (!TlsUtils.constantTimeAreEqual(size, this.readMac.calculateMac(j11, s11, bArr, i11, i12 - size), 0, bArr, (i12 + i15) - size)) {
                throw new TlsFatalAlert((short) 20);
            }
        } else {
            i13 = 0;
        }
        if (this.useExplicitIV) {
            this.decryptCipher.init(bArr, i15, blockSize);
            i15 += blockSize;
            i16 -= blockSize;
        }
        int i17 = i15;
        int i18 = i16;
        int i19 = i13;
        this.decryptCipher.doFinal(bArr, i17, i18, bArr, i17);
        int checkPaddingConstantTime = checkPaddingConstantTime(bArr, i17, i18, blockSize, this.encryptThenMAC ? i19 : size);
        int i21 = checkPaddingConstantTime == 0 ? 1 : i19;
        int i22 = i18 - checkPaddingConstantTime;
        if (this.encryptThenMAC) {
            i14 = i17;
            bArr2 = bArr;
        } else {
            i22 -= size;
            i14 = i17;
            bArr2 = bArr;
            i21 |= !TlsUtils.constantTimeAreEqual(size, this.readMac.calculateMacConstantTime(j11, s11, bArr, i17, i22, i18 - size, this.randomData), i19, bArr2, i14 + i22) ? 1 : 0;
        }
        if (i21 == 0) {
            return new TlsDecodeResult(bArr2, i14, i22, s11);
        }
        throw new TlsFatalAlert((short) 20);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public TlsEncodeResult encodePlaintext(long j11, short s11, ProtocolVersion protocolVersion, int i11, byte[] bArr, int i12, int i13) throws IOException {
        byte[] bArr2;
        int i14;
        int i15;
        int i16;
        int blockSize = this.encryptCipher.getBlockSize();
        int size = this.writeMac.getSize();
        int i17 = blockSize - ((!this.encryptThenMAC ? i13 + size : i13) % blockSize);
        if (this.useExtraPadding) {
            i17 += chooseExtraPadBlocks(this.crypto.getSecureRandom(), (256 - i17) / blockSize) * blockSize;
        }
        int i18 = size + i13 + i17;
        boolean z11 = this.useExplicitIV;
        if (z11) {
            i18 += blockSize;
        }
        int i19 = i11 + i18;
        byte[] bArr3 = new byte[i19];
        if (z11) {
            byte[] generateNonce = this.cryptoParams.getNonceGenerator().generateNonce(blockSize);
            this.encryptCipher.init(generateNonce, 0, blockSize);
            System.arraycopy(generateNonce, 0, bArr3, i11, blockSize);
            i15 = blockSize + i11;
            bArr2 = bArr;
            i14 = i12;
        } else {
            bArr2 = bArr;
            i14 = i12;
            i15 = i11;
        }
        System.arraycopy(bArr2, i14, bArr3, i15, i13);
        int i21 = i15 + i13;
        if (!this.encryptThenMAC) {
            byte[] calculateMac = this.writeMac.calculateMac(j11, s11, bArr, i12, i13);
            System.arraycopy(calculateMac, 0, bArr3, i21, calculateMac.length);
            i21 += calculateMac.length;
        }
        byte b11 = (byte) (i17 - 1);
        int i22 = 0;
        while (i22 < i17) {
            bArr3[i21] = b11;
            i22++;
            i21++;
        }
        this.encryptCipher.doFinal(bArr3, i15, i21 - i15, bArr3, i15);
        if (this.encryptThenMAC) {
            i16 = 0;
            byte[] calculateMac2 = this.writeMac.calculateMac(j11, s11, bArr3, i11, i21 - i11);
            System.arraycopy(calculateMac2, 0, bArr3, i21, calculateMac2.length);
            i21 += calculateMac2.length;
        } else {
            i16 = 0;
        }
        if (i21 == i19) {
            return new TlsEncodeResult(bArr3, i16, i19, s11);
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextDecodeLimit(int i11) {
        return getCiphertextLength(this.decryptCipher.getBlockSize(), this.readMac.getSize(), 256, i11);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextEncodeLimit(int i11, int i12) {
        int blockSize = this.encryptCipher.getBlockSize();
        return getCiphertextLength(blockSize, this.writeMac.getSize(), this.useExtraPadding ? 256 : blockSize, i11);
    }

    protected int getCiphertextLength(int i11, int i12, int i13, int i14) {
        if (this.useExplicitIV) {
            i14 += i11;
        }
        int i15 = i14 + i13;
        if (this.encryptThenMAC) {
            return (i15 - (i15 % i11)) + i12;
        }
        int i16 = i15 + i12;
        return i16 - (i16 % i11);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextLimit(int i11) {
        int i12;
        int blockSize = this.encryptCipher.getBlockSize();
        int size = this.writeMac.getSize();
        if (this.encryptThenMAC) {
            i12 = i11 - size;
            size = i12 % blockSize;
        } else {
            i12 = i11 - (i11 % blockSize);
        }
        int i13 = (i12 - size) - 1;
        return this.useExplicitIV ? i13 - blockSize : i13;
    }

    protected int lowestBitSet(int i11) {
        if (i11 == 0) {
            return 32;
        }
        int i12 = 0;
        while ((i11 & 1) == 0) {
            i12++;
            i11 >>= 1;
        }
        return i12;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyDecoder() throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyEncoder() throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public boolean usesOpaqueRecordType() {
        return false;
    }
}
