package org.rx.net.shadowsocks.encryption;

import io.netty.buffer.ByteBuf;
import java.nio.ByteBuffer;
import java.util.Arrays;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.modes.AEADCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.rx.io.Bytes;

/* loaded from: input_file:org/rx/net/shadowsocks/encryption/CryptoAeadBase.class */
public abstract class CryptoAeadBase implements ICrypto {
    protected static int PAYLOAD_SIZE_MASK = 16383;
    private static final byte[] info = "ss-subkey".getBytes();
    private static final byte[] ZERO_NONCE = new byte[getNonceLength()];
    protected final String _name;
    protected final ShadowSocksKey _ssKey;
    private boolean forUdp;
    protected boolean _encryptSaltSet;
    protected boolean _decryptSaltSet;
    protected AEADCipher encCipher;
    protected AEADCipher decCipher;
    private byte[] encSubkey;
    private byte[] decSubkey;
    protected byte[] encNonce;
    protected byte[] decNonce;
    protected final Object encLock = new Object();
    protected final Object decLock = new Object();
    protected byte[] encBuffer = new byte[((2 + getTagLength()) + PAYLOAD_SIZE_MASK) + getTagLength()];
    protected byte[] decBuffer = new byte[PAYLOAD_SIZE_MASK + getTagLength()];
    protected int payloadLenRead = 0;
    protected int payloadRead = 0;
    protected final int _keyLength = getKeyLength();

    private static int getNonceLength() {
        return 12;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int getTagLength() {
        return 16;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void increment(byte[] bArr) {
        for (int i = 0; i < bArr.length; i++) {
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] + 1);
            if (bArr[i] != 0) {
                return;
            }
        }
    }

    public CryptoAeadBase(String str, String str2) {
        this._name = str.toLowerCase();
        this._ssKey = new ShadowSocksKey(str2, this._keyLength);
    }

    @Override // org.rx.net.shadowsocks.encryption.ICrypto
    public void setForUdp(boolean z) {
        this.forUdp = z;
        if (!z && this.encNonce == null && this.decNonce == null) {
            this.encNonce = new byte[getNonceLength()];
            this.decNonce = new byte[getNonceLength()];
        }
    }

    @Override // org.rx.net.shadowsocks.encryption.ICrypto
    public void encrypt(byte[] bArr, ByteBuf byteBuf) {
        synchronized (this.encLock) {
            byteBuf.clear();
            if (!this._encryptSaltSet || this.forUdp) {
                byte[] randomBytes = Bytes.randomBytes(getSaltLength());
                byteBuf.writeBytes(randomBytes);
                this.encSubkey = genSubkey(randomBytes);
                this.encCipher = getCipher(true);
                this._encryptSaltSet = true;
            }
            if (this.forUdp) {
                _udpEncrypt(bArr, byteBuf);
            } else {
                _tcpEncrypt(bArr, byteBuf);
            }
        }
    }

    @Override // org.rx.net.shadowsocks.encryption.ICrypto
    public void encrypt(byte[] bArr, int i, ByteBuf byteBuf) {
        encrypt(Arrays.copyOfRange(bArr, 0, i), byteBuf);
    }

    @Override // org.rx.net.shadowsocks.encryption.ICrypto
    public void decrypt(byte[] bArr, ByteBuf byteBuf) {
        byte[] bArr2;
        synchronized (this.decLock) {
            byteBuf.clear();
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            if (this.decCipher == null || this.forUdp) {
                this._decryptSaltSet = true;
                byte[] bArr3 = new byte[getSaltLength()];
                wrap.get(bArr3);
                this.decSubkey = genSubkey(bArr3);
                this.decCipher = getCipher(false);
                bArr2 = new byte[wrap.remaining()];
                wrap.get(bArr2);
            } else {
                bArr2 = bArr;
            }
            if (this.forUdp) {
                _udpDecrypt(bArr2, byteBuf);
            } else {
                _tcpDecrypt(bArr2, byteBuf);
            }
        }
    }

    @Override // org.rx.net.shadowsocks.encryption.ICrypto
    public void decrypt(byte[] bArr, int i, ByteBuf byteBuf) {
        decrypt(Arrays.copyOfRange(bArr, 0, i), byteBuf);
    }

    private byte[] genSubkey(byte[] bArr) {
        HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA1Digest());
        hKDFBytesGenerator.init(new HKDFParameters(this._ssKey.getEncoded(), bArr, info));
        byte[] bArr2 = new byte[getKeyLength()];
        hKDFBytesGenerator.generateBytes(bArr2, 0, getKeyLength());
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CipherParameters getCipherParameters(boolean z) {
        byte[] bArr;
        if (this.forUdp) {
            bArr = ZERO_NONCE;
        } else {
            bArr = z ? Arrays.copyOf(this.encNonce, getNonceLength()) : Arrays.copyOf(this.decNonce, getNonceLength());
        }
        return new AEADParameters(new KeyParameter(z ? this.encSubkey : this.decSubkey), getTagLength() * 8, bArr);
    }

    protected abstract int getKeyLength();

    protected abstract int getSaltLength();

    protected abstract AEADCipher getCipher(boolean z);

    protected abstract void _tcpEncrypt(byte[] bArr, ByteBuf byteBuf);

    protected abstract void _tcpDecrypt(byte[] bArr, ByteBuf byteBuf);

    protected abstract void _udpEncrypt(byte[] bArr, ByteBuf byteBuf);

    protected abstract void _udpDecrypt(byte[] bArr, ByteBuf byteBuf);
}
