package org.bouncycastle.tls.crypto.impl;

import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
import org.bouncycastle.tls.crypto.TlsEncodeResult;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public final class TlsAEADCipher implements TlsCipher {
    public static final int AEAD_CCM = 1;
    public static final int AEAD_CHACHA20_POLY1305 = 2;
    public static final int AEAD_GCM = 3;
    private static final int NONCE_RFC5288 = 1;
    private static final int NONCE_RFC7905 = 2;
    private static final long SEQUENCE_NUMBER_PLACEHOLDER = -1;
    private final TlsCryptoParameters cryptoParams;
    private final TlsAEADCipherImpl decryptCipher;
    private final byte[] decryptConnectionID;
    private final byte[] decryptNonce;
    private final boolean decryptUseInnerPlaintext;
    private final TlsAEADCipherImpl encryptCipher;
    private final byte[] encryptConnectionID;
    private final byte[] encryptNonce;
    private final boolean encryptUseInnerPlaintext;
    private final int fixed_iv_length;
    private final boolean isTLSv13;
    private final int keySize;
    private final int macSize;
    private final int nonceMode;
    private final int record_iv_length;

    public TlsAEADCipher(TlsCryptoParameters tlsCryptoParameters, TlsAEADCipherImpl tlsAEADCipherImpl, TlsAEADCipherImpl tlsAEADCipherImpl2, int i5, int i6, int i7) {
        int i8;
        SecurityParameters securityParametersHandshake = tlsCryptoParameters.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        if (!TlsImplUtils.isTLSv12(negotiatedVersion)) {
            throw new TlsFatalAlert((short) 80);
        }
        boolean isTLSv13 = TlsImplUtils.isTLSv13(negotiatedVersion);
        this.isTLSv13 = isTLSv13;
        int nonceMode = getNonceMode(isTLSv13, i7);
        this.nonceMode = nonceMode;
        byte[] connectionIDPeer = securityParametersHandshake.getConnectionIDPeer();
        this.decryptConnectionID = connectionIDPeer;
        byte[] connectionIDLocal = securityParametersHandshake.getConnectionIDLocal();
        this.encryptConnectionID = connectionIDLocal;
        this.decryptUseInnerPlaintext = isTLSv13 || !Arrays.isNullOrEmpty(connectionIDPeer);
        this.encryptUseInnerPlaintext = isTLSv13 || !Arrays.isNullOrEmpty(connectionIDLocal);
        if (nonceMode == 1) {
            this.fixed_iv_length = 4;
            this.record_iv_length = 8;
        } else {
            if (nonceMode != 2) {
                throw new TlsFatalAlert((short) 80);
            }
            this.fixed_iv_length = 12;
            this.record_iv_length = 0;
        }
        this.cryptoParams = tlsCryptoParameters;
        this.keySize = i5;
        this.macSize = i6;
        this.decryptCipher = tlsAEADCipherImpl2;
        this.encryptCipher = tlsAEADCipherImpl;
        int i9 = this.fixed_iv_length;
        byte[] bArr = new byte[i9];
        this.decryptNonce = bArr;
        byte[] bArr2 = new byte[i9];
        this.encryptNonce = bArr2;
        boolean isServer = tlsCryptoParameters.isServer();
        if (isTLSv13) {
            rekeyCipher(securityParametersHandshake, tlsAEADCipherImpl2, bArr, !isServer);
            rekeyCipher(securityParametersHandshake, tlsAEADCipherImpl, bArr2, isServer);
            return;
        }
        int i10 = (i5 * 2) + (this.fixed_iv_length * 2);
        byte[] calculateKeyBlock = TlsImplUtils.calculateKeyBlock(tlsCryptoParameters, i10);
        if (isServer) {
            tlsAEADCipherImpl2.setKey(calculateKeyBlock, 0, i5);
            tlsAEADCipherImpl.setKey(calculateKeyBlock, i5, i5);
            int i11 = i5 + i5;
            System.arraycopy(calculateKeyBlock, i11, bArr, 0, this.fixed_iv_length);
            int i12 = this.fixed_iv_length;
            i8 = i11 + i12;
            System.arraycopy(calculateKeyBlock, i8, bArr2, 0, i12);
        } else {
            tlsAEADCipherImpl.setKey(calculateKeyBlock, 0, i5);
            tlsAEADCipherImpl2.setKey(calculateKeyBlock, i5, i5);
            int i13 = i5 + i5;
            System.arraycopy(calculateKeyBlock, i13, bArr2, 0, this.fixed_iv_length);
            int i14 = this.fixed_iv_length;
            i8 = i13 + i14;
            System.arraycopy(calculateKeyBlock, i8, bArr, 0, i14);
        }
        if (i10 != i8 + this.fixed_iv_length) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    private byte[] getAdditionalData(long j5, short s5, ProtocolVersion protocolVersion, int i5, int i6, byte[] bArr) {
        if (!Arrays.isNullOrEmpty(bArr)) {
            int length = bArr.length;
            byte[] bArr2 = new byte[length + 23];
            TlsUtils.writeUint64(-1L, bArr2, 0);
            TlsUtils.writeUint8((short) 25, bArr2, 8);
            TlsUtils.writeUint8(length, bArr2, 9);
            TlsUtils.writeUint8((short) 25, bArr2, 10);
            TlsUtils.writeVersion(protocolVersion, bArr2, 11);
            TlsUtils.writeUint64(j5, bArr2, 13);
            System.arraycopy(bArr, 0, bArr2, 21, length);
            TlsUtils.writeUint16(i6, bArr2, length + 21);
            return bArr2;
        }
        if (this.isTLSv13) {
            byte[] bArr3 = new byte[5];
            TlsUtils.writeUint8(s5, bArr3, 0);
            TlsUtils.writeVersion(protocolVersion, bArr3, 1);
            TlsUtils.writeUint16(i5, bArr3, 3);
            return bArr3;
        }
        byte[] bArr4 = new byte[13];
        TlsUtils.writeUint64(j5, bArr4, 0);
        TlsUtils.writeUint8(s5, bArr4, 8);
        TlsUtils.writeVersion(protocolVersion, bArr4, 9);
        TlsUtils.writeUint16(i6, bArr4, 11);
        return bArr4;
    }

    private static int getNonceMode(boolean z5, int i5) {
        if (i5 != 1) {
            if (i5 == 2) {
                return 2;
            }
            if (i5 != 3) {
                throw new TlsFatalAlert((short) 80);
            }
        }
        return z5 ? 2 : 1;
    }

    private void rekeyCipher(SecurityParameters securityParameters, TlsAEADCipherImpl tlsAEADCipherImpl, byte[] bArr, boolean z5) {
        if (!this.isTLSv13) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsSecret trafficSecretServer = z5 ? securityParameters.getTrafficSecretServer() : securityParameters.getTrafficSecretClient();
        if (trafficSecretServer == null) {
            throw new TlsFatalAlert((short) 80);
        }
        setup13Cipher(tlsAEADCipherImpl, bArr, trafficSecretServer, securityParameters.getPRFCryptoHashAlgorithm());
    }

    private void setup13Cipher(TlsAEADCipherImpl tlsAEADCipherImpl, byte[] bArr, TlsSecret tlsSecret, int i5) {
        byte[] bArr2 = TlsUtils.EMPTY_BYTES;
        byte[] extract = TlsCryptoUtils.hkdfExpandLabel(tlsSecret, i5, "key", bArr2, this.keySize).extract();
        byte[] extract2 = TlsCryptoUtils.hkdfExpandLabel(tlsSecret, i5, "iv", bArr2, this.fixed_iv_length).extract();
        tlsAEADCipherImpl.setKey(extract, 0, this.keySize);
        System.arraycopy(extract2, 0, bArr, 0, this.fixed_iv_length);
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x0071, code lost:
    
        if (r12.decryptUseInnerPlaintext != false) goto L20;
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x0073, code lost:
    
        r9 = r9 - 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x0075, code lost:
    
        if (r9 < 0) goto L39;
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x0077, code lost:
    
        r13 = r17[r0 + r9];
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x007b, code lost:
    
        if (r13 == 0) goto L41;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x007d, code lost:
    
        r15 = (short) (r13 & 255);
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x0088, code lost:
    
        throw new org.bouncycastle.tls.TlsFatalAlert(10);
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x008e, code lost:
    
        return new org.bouncycastle.tls.crypto.TlsDecodeResult(r17, r0, r9, r15);
     */
    @Override // org.bouncycastle.tls.crypto.TlsCipher
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.bouncycastle.tls.crypto.TlsDecodeResult decodeCiphertext(long r13, short r15, org.bouncycastle.tls.ProtocolVersion r16, byte[] r17, int r18, int r19) {
        /*
            r12 = this;
            r2 = r17
            r0 = r18
            r8 = r19
            int r1 = r12.getPlaintextDecodeLimit(r8)
            if (r1 < 0) goto L9f
            byte[] r1 = r12.decryptNonce
            int r3 = r1.length
            int r4 = r12.record_iv_length
            int r3 = r3 + r4
            byte[] r4 = new byte[r3]
            int r5 = r12.nonceMode
            r11 = 80
            r6 = 1
            r7 = 0
            if (r5 == r6) goto L3a
            r1 = 2
            if (r5 != r1) goto L34
            int r3 = r3 + (-8)
            org.bouncycastle.tls.TlsUtils.writeUint64(r13, r4, r3)
        L24:
            byte[] r1 = r12.decryptNonce
            int r3 = r1.length
            if (r7 >= r3) goto L44
            r3 = r4[r7]
            r1 = r1[r7]
            r1 = r1 ^ r3
            byte r1 = (byte) r1
            r4[r7] = r1
            int r7 = r7 + 1
            goto L24
        L34:
            org.bouncycastle.tls.TlsFatalAlert r13 = new org.bouncycastle.tls.TlsFatalAlert
            r13.<init>(r11)
            throw r13
        L3a:
            int r5 = r1.length
            java.lang.System.arraycopy(r1, r7, r4, r7, r5)
            int r1 = r12.record_iv_length
            int r3 = r3 - r1
            java.lang.System.arraycopy(r2, r0, r4, r3, r1)
        L44:
            org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl r1 = r12.decryptCipher
            int r3 = r12.macSize
            r1.init(r4, r3)
            int r1 = r12.record_iv_length
            int r0 = r0 + r1
            int r1 = r8 - r1
            org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl r3 = r12.decryptCipher
            int r9 = r3.getOutputSize(r1)
            byte[] r10 = r12.decryptConnectionID
            r3 = r12
            r4 = r13
            r6 = r15
            r7 = r16
            byte[] r13 = r3.getAdditionalData(r4, r6, r7, r8, r9, r10)
            r3 = r0
            org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl r0 = r12.decryptCipher     // Catch: java.lang.RuntimeException -> L95
            r5 = r17
            r6 = r3
            r4 = r1
            r1 = r13
            int r13 = r0.doFinal(r1, r2, r3, r4, r5, r6)     // Catch: java.lang.RuntimeException -> L95
            if (r13 != r9) goto L8f
            boolean r13 = r12.decryptUseInnerPlaintext
            if (r13 == 0) goto L89
        L73:
            int r9 = r9 + (-1)
            if (r9 < 0) goto L81
            int r0 = r3 + r9
            r13 = r2[r0]
            if (r13 == 0) goto L73
            r13 = r13 & 255(0xff, float:3.57E-43)
            short r15 = (short) r13
            goto L89
        L81:
            org.bouncycastle.tls.TlsFatalAlert r13 = new org.bouncycastle.tls.TlsFatalAlert
            r15 = 10
            r13.<init>(r15)
            throw r13
        L89:
            org.bouncycastle.tls.crypto.TlsDecodeResult r13 = new org.bouncycastle.tls.crypto.TlsDecodeResult
            r13.<init>(r2, r3, r9, r15)
            return r13
        L8f:
            org.bouncycastle.tls.TlsFatalAlert r13 = new org.bouncycastle.tls.TlsFatalAlert
            r13.<init>(r11)
            throw r13
        L95:
            r0 = move-exception
            r13 = r0
            org.bouncycastle.tls.TlsFatalAlert r15 = new org.bouncycastle.tls.TlsFatalAlert
            r0 = 20
            r15.<init>(r0, r13)
            throw r15
        L9f:
            org.bouncycastle.tls.TlsFatalAlert r13 = new org.bouncycastle.tls.TlsFatalAlert
            r15 = 50
            r13.<init>(r15)
            throw r13
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(long, short, org.bouncycastle.tls.ProtocolVersion, byte[], int, int):org.bouncycastle.tls.crypto.TlsDecodeResult");
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public TlsEncodeResult encodePlaintext(long j5, short s5, ProtocolVersion protocolVersion, int i5, byte[] bArr, int i6, int i7) {
        int i8 = i5;
        byte[] bArr2 = this.encryptNonce;
        int length = bArr2.length + this.record_iv_length;
        byte[] bArr3 = new byte[length];
        int i9 = this.nonceMode;
        if (i9 == 1) {
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            TlsUtils.writeUint64(j5, bArr3, this.encryptNonce.length);
        } else {
            if (i9 != 2) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.writeUint64(j5, bArr3, length - 8);
            int i10 = 0;
            while (true) {
                byte[] bArr4 = this.encryptNonce;
                if (i10 >= bArr4.length) {
                    break;
                }
                bArr3[i10] = (byte) (bArr4[i10] ^ bArr3[i10]);
                i10++;
            }
        }
        int i11 = i7 + (this.encryptUseInnerPlaintext ? 1 : 0);
        this.encryptCipher.init(bArr3, this.macSize);
        int outputSize = this.encryptCipher.getOutputSize(i11);
        int i12 = this.record_iv_length;
        int i13 = outputSize + i12;
        int i14 = i8 + i13;
        byte[] bArr5 = new byte[i14];
        if (i12 != 0) {
            System.arraycopy(bArr3, length - i12, bArr5, i8, i12);
            i8 += this.record_iv_length;
        }
        short s6 = this.encryptUseInnerPlaintext ? this.isTLSv13 ? (short) 23 : (short) 25 : s5;
        byte[] additionalData = getAdditionalData(j5, s6, protocolVersion, i13, i11, this.encryptConnectionID);
        try {
            System.arraycopy(bArr, i6, bArr5, i8, i7);
            if (this.encryptUseInnerPlaintext) {
                bArr5[i8 + i7] = (byte) s5;
            }
            int i15 = i8;
            if (this.encryptCipher.doFinal(additionalData, bArr5, i15, i11, bArr5, i8) + i15 == i14) {
                return new TlsEncodeResult(bArr5, 0, i14, s6);
            }
            throw new TlsFatalAlert((short) 80);
        } catch (RuntimeException e5) {
            throw new TlsFatalAlert((short) 80, (Throwable) e5);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextDecodeLimit(int i5) {
        return i5 + (this.decryptUseInnerPlaintext ? 1 : 0) + this.macSize + this.record_iv_length;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getCiphertextEncodeLimit(int i5) {
        return i5 + (this.encryptUseInnerPlaintext ? 1 : 0) + this.macSize + this.record_iv_length;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextDecodeLimit(int i5) {
        return ((i5 - this.macSize) - this.record_iv_length) - (this.decryptUseInnerPlaintext ? 1 : 0);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public int getPlaintextEncodeLimit(int i5) {
        return ((i5 - this.macSize) - this.record_iv_length) - (this.encryptUseInnerPlaintext ? 1 : 0);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyDecoder() {
        rekeyCipher(this.cryptoParams.getSecurityParametersConnection(), this.decryptCipher, this.decryptNonce, !this.cryptoParams.isServer());
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public void rekeyEncoder() {
        rekeyCipher(this.cryptoParams.getSecurityParametersConnection(), this.encryptCipher, this.encryptNonce, this.cryptoParams.isServer());
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public boolean usesOpaqueRecordTypeDecode() {
        return this.decryptUseInnerPlaintext;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public boolean usesOpaqueRecordTypeEncode() {
        return this.encryptUseInnerPlaintext;
    }
}
