package org.bouncycastle.tls.crypto.impl.bc;

import java.io.IOException;
import org.bouncycastle.crypto.engines.ChaCha7539Engine;
import org.bouncycastle.crypto.macs.Poly1305;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: input_file:WEB-INF/lib-provided/gmssl-jsse-provider-1.3.5-SNAPSHOT.jar:org/bouncycastle/tls/crypto/impl/bc/BcChaCha20Poly1305.class */
public class BcChaCha20Poly1305 implements TlsAEADCipherImpl {
    private static final byte[] ZEROES = new byte[15];
    protected final ChaCha7539Engine cipher = new ChaCha7539Engine();
    protected final Poly1305 mac = new Poly1305();
    protected final boolean isEncrypting;
    protected int additionalDataLength;

    public BcChaCha20Poly1305(boolean z) {
        this.isEncrypting = z;
    }

    @Override // org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl
    public int doFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws IOException {
        if (this.isEncrypting) {
            if (i2 != this.cipher.processBytes(bArr, i, i2, bArr2, i3)) {
                throw new IllegalStateException();
            }
            updateMAC(bArr2, i3, i2);
            byte[] bArr3 = new byte[16];
            Pack.longToLittleEndian(this.additionalDataLength & 4294967295L, bArr3, 0);
            Pack.longToLittleEndian(i2 & 4294967295L, bArr3, 8);
            this.mac.update(bArr3, 0, 16);
            this.mac.doFinal(bArr2, i3 + i2);
            return i2 + 16;
        }
        int i4 = i2 - 16;
        updateMAC(bArr, i, i4);
        byte[] bArr4 = new byte[16];
        Pack.longToLittleEndian(this.additionalDataLength & 4294967295L, bArr4, 0);
        Pack.longToLittleEndian(i4 & 4294967295L, bArr4, 8);
        this.mac.update(bArr4, 0, 16);
        this.mac.doFinal(bArr4, 0);
        if (!Arrays.constantTimeAreEqual(bArr4, Arrays.copyOfRange(bArr, i + i4, i + i2))) {
            throw new TlsFatalAlert((short) 20);
        }
        if (i4 != this.cipher.processBytes(bArr, i, i4, bArr2, i3)) {
            throw new IllegalStateException();
        }
        return i4;
    }

    @Override // org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl
    public int getOutputSize(int i) {
        return this.isEncrypting ? i + 16 : i - 16;
    }

    @Override // org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl
    public void init(byte[] bArr, int i, byte[] bArr2) throws IOException {
        if (bArr == null || bArr.length != 12 || i != 16) {
            throw new TlsFatalAlert((short) 80);
        }
        this.cipher.init(this.isEncrypting, new ParametersWithIV(null, bArr));
        initMAC();
        if (bArr2 == null) {
            this.additionalDataLength = 0;
        } else {
            this.additionalDataLength = bArr2.length;
            updateMAC(bArr2, 0, bArr2.length);
        }
    }

    @Override // org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl
    public void setKey(byte[] bArr, int i, int i2) throws IOException {
        this.cipher.init(this.isEncrypting, new ParametersWithIV(new KeyParameter(bArr, i, i2), ZEROES, 0, 12));
    }

    protected void initMAC() {
        byte[] bArr = new byte[64];
        this.cipher.processBytes(bArr, 0, 64, bArr, 0);
        this.mac.init(new KeyParameter(bArr, 0, 32));
        Arrays.fill(bArr, (byte) 0);
    }

    protected void updateMAC(byte[] bArr, int i, int i2) {
        this.mac.update(bArr, i, i2);
        int i3 = i2 % 16;
        if (i3 != 0) {
            this.mac.update(ZEROES, 0, 16 - i3);
        }
    }
}
