package org.spongycastle.crypto.engines;

import org.spongycastle.asn1.cmc.BodyPartID;
import org.spongycastle.crypto.CipherParameters;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.MaxBytesExceededException;
import org.spongycastle.crypto.OutputLengthException;
import org.spongycastle.crypto.SkippingStreamCipher;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.util.Pack;
import org.spongycastle.util.Strings;

/* loaded from: classes9.dex */
public class Salsa20Engine implements SkippingStreamCipher {
    public static final int DEFAULT_ROUNDS = 20;
    private static final int STATE_SIZE = 16;
    private static final int[] TAU_SIGMA = Pack.littleEndianToInt(Strings.toByteArray("expand 16-byte kexpand 32-byte k"), 0, 8);
    protected static final byte[] sigma = Strings.toByteArray("expand 32-byte k");
    protected static final byte[] tau = Strings.toByteArray("expand 16-byte k");
    private int cW0;
    private int cW1;
    private int cW2;
    protected int[] engineState;
    private int index;
    private boolean initialised;
    private byte[] keyStream;
    protected int rounds;

    /* renamed from: x, reason: collision with root package name */
    protected int[] f238378x;

    public Salsa20Engine() {
        this(20);
    }

    public Salsa20Engine(int i14) {
        this.index = 0;
        this.engineState = new int[16];
        this.f238378x = new int[16];
        this.keyStream = new byte[64];
        this.initialised = false;
        if (i14 <= 0 || (i14 & 1) != 0) {
            throw new IllegalArgumentException("'rounds' must be a positive, even number");
        }
        this.rounds = i14;
    }

    private boolean limitExceeded() {
        int i14 = this.cW0 + 1;
        this.cW0 = i14;
        if (i14 == 0) {
            int i15 = this.cW1 + 1;
            this.cW1 = i15;
            if (i15 == 0) {
                int i16 = this.cW2 + 1;
                this.cW2 = i16;
                return (i16 & 32) != 0;
            }
        }
        return false;
    }

    private boolean limitExceeded(int i14) {
        int i15 = this.cW0 + i14;
        this.cW0 = i15;
        if (i15 >= i14 || i15 < 0) {
            return false;
        }
        int i16 = this.cW1 + 1;
        this.cW1 = i16;
        if (i16 != 0) {
            return false;
        }
        int i17 = this.cW2 + 1;
        this.cW2 = i17;
        return (i17 & 32) != 0;
    }

    private void resetLimitCounter() {
        this.cW0 = 0;
        this.cW1 = 0;
        this.cW2 = 0;
    }

    public static int rotl(int i14, int i15) {
        return (i14 >>> (-i15)) | (i14 << i15);
    }

    public static void salsaCore(int i14, int[] iArr, int[] iArr2) {
        if (iArr.length != 16) {
            throw new IllegalArgumentException();
        }
        if (iArr2.length != 16) {
            throw new IllegalArgumentException();
        }
        if (i14 % 2 != 0) {
            throw new IllegalArgumentException("Number of rounds must be even");
        }
        boolean z14 = false;
        int i15 = iArr[0];
        int i16 = iArr[1];
        int i17 = iArr[2];
        int i18 = iArr[3];
        int i19 = iArr[4];
        int i24 = iArr[5];
        int i25 = iArr[6];
        int i26 = 7;
        int i27 = iArr[7];
        int i28 = iArr[8];
        int i29 = 9;
        int i34 = iArr[9];
        int i35 = iArr[10];
        int i36 = iArr[11];
        int i37 = iArr[12];
        int i38 = 13;
        int i39 = iArr[13];
        int i44 = iArr[14];
        int i45 = iArr[15];
        int i46 = i44;
        int i47 = i39;
        int i48 = i37;
        int i49 = i36;
        int i54 = i35;
        int i55 = i34;
        int i56 = i28;
        int i57 = i27;
        int i58 = i25;
        int i59 = i24;
        int i64 = i19;
        int i65 = i18;
        int i66 = i17;
        int i67 = i16;
        int i68 = i15;
        int i69 = i14;
        while (i69 > 0) {
            int rotl = rotl(i68 + i48, i26) ^ i64;
            int rotl2 = i56 ^ rotl(rotl + i68, i29);
            int rotl3 = i48 ^ rotl(rotl2 + rotl, i38);
            int rotl4 = rotl(rotl3 + rotl2, 18) ^ i68;
            int rotl5 = i55 ^ rotl(i59 + i67, i26);
            int rotl6 = i47 ^ rotl(rotl5 + i59, i29);
            int rotl7 = i67 ^ rotl(rotl6 + rotl5, i38);
            int rotl8 = rotl(rotl7 + rotl6, 18) ^ i59;
            int rotl9 = i46 ^ rotl(i54 + i58, 7);
            int rotl10 = i66 ^ rotl(rotl9 + i54, 9);
            int rotl11 = i58 ^ rotl(rotl10 + rotl9, 13);
            int rotl12 = i54 ^ rotl(rotl11 + rotl10, 18);
            int rotl13 = i65 ^ rotl(i45 + i49, 7);
            int rotl14 = i57 ^ rotl(rotl13 + i45, 9);
            int i74 = i69;
            int rotl15 = i49 ^ rotl(rotl14 + rotl13, 13);
            int rotl16 = i45 ^ rotl(rotl15 + rotl14, 18);
            i67 = rotl7 ^ rotl(rotl4 + rotl13, 7);
            i66 = rotl10 ^ rotl(i67 + rotl4, 9);
            int rotl17 = rotl13 ^ rotl(i66 + i67, 13);
            int rotl18 = rotl4 ^ rotl(rotl17 + i66, 18);
            i58 = rotl11 ^ rotl(rotl8 + rotl, 7);
            i57 = rotl14 ^ rotl(i58 + rotl8, 9);
            int rotl19 = rotl(i57 + i58, 13) ^ rotl;
            i59 = rotl8 ^ rotl(rotl19 + i57, 18);
            i49 = rotl15 ^ rotl(rotl12 + rotl5, 7);
            int rotl20 = rotl(i49 + rotl12, 9) ^ rotl2;
            i55 = rotl5 ^ rotl(rotl20 + i49, 13);
            i54 = rotl12 ^ rotl(i55 + rotl20, 18);
            i48 = rotl3 ^ rotl(rotl16 + rotl9, 7);
            i47 = rotl6 ^ rotl(i48 + rotl16, 9);
            i46 = rotl9 ^ rotl(i47 + i48, 13);
            i45 = rotl16 ^ rotl(i46 + i47, 18);
            i65 = rotl17;
            i56 = rotl20;
            i68 = rotl18;
            i64 = rotl19;
            z14 = false;
            i38 = 13;
            i29 = 9;
            i26 = 7;
            i69 = i74 - 2;
        }
        boolean z15 = z14;
        iArr2[z15 ? 1 : 0] = i68 + iArr[z15 ? 1 : 0];
        iArr2[1] = i67 + iArr[1];
        iArr2[2] = i66 + iArr[2];
        iArr2[3] = i65 + iArr[3];
        iArr2[4] = i64 + iArr[4];
        iArr2[5] = i59 + iArr[5];
        iArr2[6] = i58 + iArr[6];
        iArr2[7] = i57 + iArr[7];
        iArr2[8] = i56 + iArr[8];
        iArr2[9] = i55 + iArr[9];
        iArr2[10] = i54 + iArr[10];
        iArr2[11] = i49 + iArr[11];
        iArr2[12] = i48 + iArr[12];
        iArr2[13] = i47 + iArr[13];
        iArr2[14] = i46 + iArr[14];
        iArr2[15] = i45 + iArr[15];
    }

    public void advanceCounter() {
        int[] iArr = this.engineState;
        int i14 = iArr[8] + 1;
        iArr[8] = i14;
        if (i14 == 0) {
            iArr[9] = iArr[9] + 1;
        }
    }

    public void advanceCounter(long j14) {
        int i14 = (int) (j14 >>> 32);
        int i15 = (int) j14;
        if (i14 > 0) {
            int[] iArr = this.engineState;
            iArr[9] = iArr[9] + i14;
        }
        int[] iArr2 = this.engineState;
        int i16 = iArr2[8];
        int i17 = i15 + i16;
        iArr2[8] = i17;
        if (i16 == 0 || i17 >= i16) {
            return;
        }
        iArr2[9] = iArr2[9] + 1;
    }

    public void generateKeyStream(byte[] bArr) {
        salsaCore(this.rounds, this.engineState, this.f238378x);
        Pack.intToLittleEndian(this.f238378x, bArr, 0);
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public String getAlgorithmName() {
        if (this.rounds == 20) {
            return "Salsa20";
        }
        return "Salsa20/" + this.rounds;
    }

    public long getCounter() {
        int[] iArr = this.engineState;
        return (iArr[9] << 32) | (iArr[8] & BodyPartID.bodyIdMax);
    }

    public int getNonceSize() {
        return 8;
    }

    @Override // org.spongycastle.crypto.SkippingCipher
    public long getPosition() {
        return (getCounter() * 64) + this.index;
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public void init(boolean z14, CipherParameters cipherParameters) {
        if (!(cipherParameters instanceof ParametersWithIV)) {
            throw new IllegalArgumentException(getAlgorithmName() + " Init parameters must include an IV");
        }
        ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
        byte[] iv3 = parametersWithIV.getIV();
        if (iv3 == null || iv3.length != getNonceSize()) {
            throw new IllegalArgumentException(getAlgorithmName() + " requires exactly " + getNonceSize() + " bytes of IV");
        }
        CipherParameters parameters = parametersWithIV.getParameters();
        if (parameters == null) {
            if (!this.initialised) {
                throw new IllegalStateException(getAlgorithmName() + " KeyParameter can not be null for first initialisation");
            }
            setKey(null, iv3);
        } else {
            if (!(parameters instanceof KeyParameter)) {
                throw new IllegalArgumentException(getAlgorithmName() + " Init parameters must contain a KeyParameter (or null for re-init)");
            }
            setKey(((KeyParameter) parameters).getKey(), iv3);
        }
        reset();
        this.initialised = true;
    }

    public void packTauOrSigma(int i14, int[] iArr, int i15) {
        int i16 = (i14 - 16) / 4;
        int[] iArr2 = TAU_SIGMA;
        iArr[i15] = iArr2[i16];
        iArr[i15 + 1] = iArr2[i16 + 1];
        iArr[i15 + 2] = iArr2[i16 + 2];
        iArr[i15 + 3] = iArr2[i16 + 3];
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public int processBytes(byte[] bArr, int i14, int i15, byte[] bArr2, int i16) {
        if (!this.initialised) {
            throw new IllegalStateException(getAlgorithmName() + " not initialised");
        }
        if (i14 + i15 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        if (i16 + i15 > bArr2.length) {
            throw new OutputLengthException("output buffer too short");
        }
        if (limitExceeded(i15)) {
            throw new MaxBytesExceededException("2^70 byte limit per IV would be exceeded; Change IV");
        }
        for (int i17 = 0; i17 < i15; i17++) {
            byte[] bArr3 = this.keyStream;
            int i18 = this.index;
            bArr2[i17 + i16] = (byte) (bArr3[i18] ^ bArr[i17 + i14]);
            int i19 = (i18 + 1) & 63;
            this.index = i19;
            if (i19 == 0) {
                advanceCounter();
                generateKeyStream(this.keyStream);
            }
        }
        return i15;
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public void reset() {
        this.index = 0;
        resetLimitCounter();
        resetCounter();
        generateKeyStream(this.keyStream);
    }

    public void resetCounter() {
        int[] iArr = this.engineState;
        iArr[9] = 0;
        iArr[8] = 0;
    }

    public void retreatCounter() {
        int[] iArr = this.engineState;
        int i14 = iArr[8];
        if (i14 == 0 && iArr[9] == 0) {
            throw new IllegalStateException("attempt to reduce counter past zero.");
        }
        int i15 = i14 - 1;
        iArr[8] = i15;
        if (i15 == -1) {
            iArr[9] = iArr[9] - 1;
        }
    }

    public void retreatCounter(long j14) {
        int i14 = (int) (j14 >>> 32);
        int i15 = (int) j14;
        if (i14 != 0) {
            int[] iArr = this.engineState;
            int i16 = iArr[9];
            if ((i16 & BodyPartID.bodyIdMax) < (i14 & BodyPartID.bodyIdMax)) {
                throw new IllegalStateException("attempt to reduce counter past zero.");
            }
            iArr[9] = i16 - i14;
        }
        int[] iArr2 = this.engineState;
        int i17 = iArr2[8];
        if ((i17 & BodyPartID.bodyIdMax) >= (BodyPartID.bodyIdMax & i15)) {
            iArr2[8] = i17 - i15;
            return;
        }
        int i18 = iArr2[9];
        if (i18 == 0) {
            throw new IllegalStateException("attempt to reduce counter past zero.");
        }
        iArr2[9] = i18 - 1;
        iArr2[8] = i17 - i15;
    }

    @Override // org.spongycastle.crypto.StreamCipher
    public byte returnByte(byte b14) {
        if (limitExceeded()) {
            throw new MaxBytesExceededException("2^70 byte limit per IV; Change IV");
        }
        byte[] bArr = this.keyStream;
        int i14 = this.index;
        byte b15 = (byte) (b14 ^ bArr[i14]);
        int i15 = (i14 + 1) & 63;
        this.index = i15;
        if (i15 == 0) {
            advanceCounter();
            generateKeyStream(this.keyStream);
        }
        return b15;
    }

    @Override // org.spongycastle.crypto.SkippingCipher
    public long seekTo(long j14) {
        reset();
        return skip(j14);
    }

    public void setKey(byte[] bArr, byte[] bArr2) {
        if (bArr != null) {
            if (bArr.length != 16 && bArr.length != 32) {
                throw new IllegalArgumentException(getAlgorithmName() + " requires 128 bit or 256 bit key");
            }
            int length = (bArr.length - 16) / 4;
            int[] iArr = this.engineState;
            int[] iArr2 = TAU_SIGMA;
            iArr[0] = iArr2[length];
            iArr[5] = iArr2[length + 1];
            iArr[10] = iArr2[length + 2];
            iArr[15] = iArr2[length + 3];
            Pack.littleEndianToInt(bArr, 0, iArr, 1, 4);
            Pack.littleEndianToInt(bArr, bArr.length - 16, this.engineState, 11, 4);
        }
        Pack.littleEndianToInt(bArr2, 0, this.engineState, 6, 2);
    }

    @Override // org.spongycastle.crypto.SkippingCipher
    public long skip(long j14) {
        long j15;
        if (j14 >= 0) {
            if (j14 >= 64) {
                long j16 = j14 / 64;
                advanceCounter(j16);
                j15 = j14 - (j16 * 64);
            } else {
                j15 = j14;
            }
            int i14 = this.index;
            int i15 = (((int) j15) + i14) & 63;
            this.index = i15;
            if (i15 < i14) {
                advanceCounter();
            }
        } else {
            long j17 = -j14;
            if (j17 >= 64) {
                long j18 = j17 / 64;
                retreatCounter(j18);
                j17 -= j18 * 64;
            }
            for (long j19 = 0; j19 < j17; j19++) {
                if (this.index == 0) {
                    retreatCounter();
                }
                this.index = (this.index - 1) & 63;
            }
        }
        generateKeyStream(this.keyStream);
        return j14;
    }
}
