package org.rfc8452.aead;

import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.rfc8452.authenticator.Polyval;

/* loaded from: input_file:org/rfc8452/aead/AesGcmSiv.class */
public class AesGcmSiv implements AEAD {
    static final int AES_BLOCK_SIZE = 16;
    private static final int NONCE_BYTE_LENGTH = 12;
    private final byte[] key;

    public AesGcmSiv(byte[] bArr) {
        this.key = bArr;
    }

    public AesGcmSiv(String str) {
        this.key = Conversion.hexStringToBytes(str);
    }

    private static Cipher initAesEcbNoPaddingCipher(byte[] bArr) throws GeneralSecurityException {
        if (bArr.length != AES_BLOCK_SIZE && bArr.length != 32) {
            throw new InvalidKeyException(String.format("Key length is %d, expected length is 16 or 32 bytes", Integer.valueOf(bArr.length)));
        }
        Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
        cipher.init(1, new SecretKeySpec(bArr, "AES"));
        return cipher;
    }

    @Override // org.rfc8452.aead.AEAD
    public byte[] seal(byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        byte[] deriveKey = deriveKey(this.key, bArr3, 0, 1);
        byte[] deriveKey2 = deriveKey(this.key, bArr3, 2, this.key.length == AES_BLOCK_SIZE ? 3 : 5);
        byte[] tag = getTag(deriveKey2, deriveKey, bArr, bArr2, bArr3);
        byte[] aesCtr = aesCtr(deriveKey2, tag, bArr);
        byte[] bArr4 = new byte[tag.length + aesCtr.length];
        System.arraycopy(tag, 0, bArr4, bArr.length, tag.length);
        System.arraycopy(aesCtr, 0, bArr4, 0, aesCtr.length);
        return bArr4;
    }

    @Override // org.rfc8452.aead.AEAD
    public byte[] seal(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        byte[] bArr3 = new byte[NONCE_BYTE_LENGTH];
        SecureRandom.getInstanceStrong().nextBytes(bArr3);
        byte[] seal = seal(bArr, bArr2, bArr3);
        byte[] bArr4 = new byte[bArr3.length + seal.length];
        System.arraycopy(bArr3, 0, bArr4, 0, bArr3.length);
        System.arraycopy(seal, 0, bArr4, bArr3.length, seal.length);
        return bArr4;
    }

    @Override // org.rfc8452.aead.AEAD
    public String seal(String str, String str2, String str3) throws GeneralSecurityException {
        return Conversion.bytesToHexString(seal(Conversion.hexStringToBytes(str), Conversion.hexStringToBytes(str2), Conversion.hexStringToBytes(str3)));
    }

    @Override // org.rfc8452.aead.AEAD
    public byte[] open(byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        byte[] bArr4 = new byte[AES_BLOCK_SIZE];
        byte[] bArr5 = new byte[bArr.length - AES_BLOCK_SIZE];
        System.arraycopy(bArr, 0, bArr5, 0, bArr5.length);
        System.arraycopy(bArr, bArr5.length, bArr4, 0, bArr4.length);
        byte[] deriveKey = deriveKey(this.key, bArr3, 0, 1);
        byte[] deriveKey2 = deriveKey(this.key, bArr3, 2, this.key.length == AES_BLOCK_SIZE ? 3 : 5);
        byte[] aesCtr = aesCtr(deriveKey2, bArr4, bArr5);
        if (Arrays.equals(bArr4, getTag(deriveKey2, deriveKey, aesCtr, bArr2, bArr3))) {
            return aesCtr;
        }
        return null;
    }

    @Override // org.rfc8452.aead.AEAD
    public byte[] open(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (bArr.length < NONCE_BYTE_LENGTH) {
            return null;
        }
        byte[] bArr3 = new byte[NONCE_BYTE_LENGTH];
        byte[] bArr4 = new byte[bArr.length - NONCE_BYTE_LENGTH];
        System.arraycopy(bArr, 0, bArr3, 0, bArr3.length);
        System.arraycopy(bArr, bArr3.length, bArr4, 0, bArr4.length);
        return open(bArr4, bArr2, bArr3);
    }

    @Override // org.rfc8452.aead.AEAD
    public String open(String str, String str2, String str3) throws GeneralSecurityException {
        byte[] open = open(Conversion.hexStringToBytes(str), Conversion.hexStringToBytes(str2), Conversion.hexStringToBytes(str3));
        if (null == open) {
            return null;
        }
        return Conversion.bytesToHexString(open);
    }

    private static byte[] getTag(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) throws GeneralSecurityException {
        if (bArr5.length != NONCE_BYTE_LENGTH) {
            throw new GeneralSecurityException("Expected nonce length is 12 bytes");
        }
        byte[] bArr6 = new byte[AES_BLOCK_SIZE];
        ByteOperations.inPlaceUpdate(bArr6, bArr4.length * 8, 0);
        ByteOperations.inPlaceUpdate(bArr6, bArr3.length * 8, 8);
        Polyval polyval = new Polyval(bArr2);
        polyval.update(bArr4);
        polyval.update(bArr3);
        polyval.update(bArr6);
        byte[] digest = polyval.digest();
        for (int i = 0; i < bArr5.length; i++) {
            int i2 = i;
            digest[i2] = (byte) (digest[i2] ^ bArr5[i]);
        }
        int length = digest.length - 1;
        digest[length] = (byte) (digest[length] & Byte.MAX_VALUE);
        initAesEcbNoPaddingCipher(bArr).update(digest, 0, digest.length, digest, 0);
        return digest;
    }

    private static byte[] deriveKey(byte[] bArr, byte[] bArr2, int i, int i2) throws GeneralSecurityException {
        if (bArr2.length != NONCE_BYTE_LENGTH) {
            throw new GeneralSecurityException("Expected nonce length is 12 bytes");
        }
        Cipher initAesEcbNoPaddingCipher = initAesEcbNoPaddingCipher(bArr);
        byte[] bArr3 = new byte[AES_BLOCK_SIZE];
        System.arraycopy(bArr2, 0, bArr3, bArr3.length - bArr2.length, bArr2.length);
        byte[] bArr4 = new byte[((i2 - i) + 1) * 8];
        byte[] bArr5 = new byte[AES_BLOCK_SIZE];
        for (int i3 = i; i3 <= i2; i3++) {
            ByteOperations.inPlaceUpdate(bArr3, i3);
            initAesEcbNoPaddingCipher.update(bArr3, 0, AES_BLOCK_SIZE, bArr5, 0);
            System.arraycopy(bArr5, 0, bArr4, (i3 - i) * 8, 8);
        }
        return bArr4;
    }

    private static byte[] aesCtr(byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        byte[] bArr4 = new byte[bArr3.length];
        byte[] copyOf = Arrays.copyOf(bArr2, bArr2.length);
        byte[] bArr5 = new byte[AES_BLOCK_SIZE];
        Cipher initAesEcbNoPaddingCipher = initAesEcbNoPaddingCipher(bArr);
        int length = copyOf.length - 1;
        copyOf[length] = (byte) (copyOf[length] | Byte.MIN_VALUE);
        for (int i = 0; i < bArr3.length; i += AES_BLOCK_SIZE) {
            initAesEcbNoPaddingCipher.update(copyOf, 0, copyOf.length, bArr5, 0);
            for (int i2 = 0; i2 < Math.min(AES_BLOCK_SIZE, bArr3.length - i); i2++) {
                bArr4[i + i2] = (byte) (bArr3[i + i2] ^ bArr5[i2]);
            }
            for (int i3 = 0; i3 < 4; i3++) {
                int i4 = i3;
                byte b = (byte) (copyOf[i4] + 1);
                copyOf[i4] = b;
                if (b != 0) {
                    break;
                }
            }
        }
        return bArr4;
    }

    @Override // org.rfc8452.aead.AEAD
    public void resetKey() throws GeneralSecurityException {
        SecureRandom.getInstanceStrong().nextBytes(this.key);
    }
}
