package com.google.crypto.tink.subtle;

import com.google.crypto.tink.config.internal.TinkFipsUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.channels.ReadableByteChannel;
import java.nio.channels.SeekableByteChannel;
import java.nio.channels.WritableByteChannel;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public final class AesCtrHmacStreaming extends e {
    public static final TinkFipsUtil.AlgorithmFipsCompatibility FIPS = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_NOT_FIPS;

    /* renamed from: a, reason: collision with root package name */
    private final int f19868a;

    /* renamed from: b, reason: collision with root package name */
    private final String f19869b;

    /* renamed from: c, reason: collision with root package name */
    private final int f19870c;

    /* renamed from: d, reason: collision with root package name */
    private final int f19871d;

    /* renamed from: e, reason: collision with root package name */
    private final int f19872e;

    /* renamed from: f, reason: collision with root package name */
    private final int f19873f;

    /* renamed from: g, reason: collision with root package name */
    private final String f19874g;

    /* renamed from: h, reason: collision with root package name */
    private final byte[] f19875h;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class a implements StreamSegmentDecrypter {

        /* renamed from: a, reason: collision with root package name */
        private SecretKeySpec f19876a;

        /* renamed from: b, reason: collision with root package name */
        private SecretKeySpec f19877b;

        /* renamed from: c, reason: collision with root package name */
        private Cipher f19878c;

        /* renamed from: d, reason: collision with root package name */
        private Mac f19879d;

        /* renamed from: e, reason: collision with root package name */
        private byte[] f19880e;

        a() {
        }

        @Override // com.google.crypto.tink.subtle.StreamSegmentDecrypter
        public synchronized void decryptSegment(ByteBuffer byteBuffer, int i2, boolean z2, ByteBuffer byteBuffer2) throws GeneralSecurityException {
            int position = byteBuffer.position();
            byte[] p2 = AesCtrHmacStreaming.this.p(this.f19880e, i2, z2);
            int remaining = byteBuffer.remaining();
            if (remaining < AesCtrHmacStreaming.this.f19870c) {
                throw new GeneralSecurityException("Ciphertext too short");
            }
            int i3 = position + (remaining - AesCtrHmacStreaming.this.f19870c);
            ByteBuffer duplicate = byteBuffer.duplicate();
            duplicate.limit(i3);
            ByteBuffer duplicate2 = byteBuffer.duplicate();
            duplicate2.position(i3);
            this.f19879d.init(this.f19877b);
            this.f19879d.update(p2);
            this.f19879d.update(duplicate);
            byte[] copyOf = Arrays.copyOf(this.f19879d.doFinal(), AesCtrHmacStreaming.this.f19870c);
            byte[] bArr = new byte[AesCtrHmacStreaming.this.f19870c];
            duplicate2.get(bArr);
            if (!Bytes.equal(bArr, copyOf)) {
                throw new GeneralSecurityException("Tag mismatch");
            }
            byteBuffer.limit(i3);
            this.f19878c.init(1, this.f19876a, new IvParameterSpec(p2));
            this.f19878c.doFinal(byteBuffer, byteBuffer2);
        }

        @Override // com.google.crypto.tink.subtle.StreamSegmentDecrypter
        public synchronized void init(ByteBuffer byteBuffer, byte[] bArr) throws GeneralSecurityException {
            if (byteBuffer.remaining() != AesCtrHmacStreaming.this.getHeaderLength()) {
                throw new InvalidAlgorithmParameterException("Invalid header length");
            }
            if (byteBuffer.get() != AesCtrHmacStreaming.this.getHeaderLength()) {
                throw new GeneralSecurityException("Invalid ciphertext");
            }
            this.f19880e = new byte[7];
            byte[] bArr2 = new byte[AesCtrHmacStreaming.this.f19868a];
            byteBuffer.get(bArr2);
            byteBuffer.get(this.f19880e);
            byte[] m2 = AesCtrHmacStreaming.this.m(bArr2, bArr);
            this.f19876a = AesCtrHmacStreaming.this.n(m2);
            this.f19877b = AesCtrHmacStreaming.this.l(m2);
            this.f19878c = AesCtrHmacStreaming.a();
            this.f19879d = AesCtrHmacStreaming.this.o();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class b implements StreamSegmentEncrypter {

        /* renamed from: a, reason: collision with root package name */
        private final SecretKeySpec f19882a;

        /* renamed from: b, reason: collision with root package name */
        private final SecretKeySpec f19883b;

        /* renamed from: c, reason: collision with root package name */
        private final Cipher f19884c = AesCtrHmacStreaming.a();

        /* renamed from: d, reason: collision with root package name */
        private final Mac f19885d;

        /* renamed from: e, reason: collision with root package name */
        private final byte[] f19886e;

        /* renamed from: f, reason: collision with root package name */
        private ByteBuffer f19887f;

        /* renamed from: g, reason: collision with root package name */
        private long f19888g;

        public b(byte[] bArr) throws GeneralSecurityException {
            this.f19888g = 0L;
            this.f19885d = AesCtrHmacStreaming.this.o();
            this.f19888g = 0L;
            byte[] r2 = AesCtrHmacStreaming.this.r();
            byte[] q2 = AesCtrHmacStreaming.this.q();
            this.f19886e = q2;
            ByteBuffer allocate = ByteBuffer.allocate(AesCtrHmacStreaming.this.getHeaderLength());
            this.f19887f = allocate;
            allocate.put((byte) AesCtrHmacStreaming.this.getHeaderLength());
            this.f19887f.put(r2);
            this.f19887f.put(q2);
            this.f19887f.flip();
            byte[] m2 = AesCtrHmacStreaming.this.m(r2, bArr);
            this.f19882a = AesCtrHmacStreaming.this.n(m2);
            this.f19883b = AesCtrHmacStreaming.this.l(m2);
        }

        @Override // com.google.crypto.tink.subtle.StreamSegmentEncrypter
        public synchronized void encryptSegment(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, boolean z2, ByteBuffer byteBuffer3) throws GeneralSecurityException {
            int position = byteBuffer3.position();
            byte[] p2 = AesCtrHmacStreaming.this.p(this.f19886e, this.f19888g, z2);
            this.f19884c.init(1, this.f19882a, new IvParameterSpec(p2));
            this.f19888g++;
            this.f19884c.update(byteBuffer, byteBuffer3);
            this.f19884c.doFinal(byteBuffer2, byteBuffer3);
            ByteBuffer duplicate = byteBuffer3.duplicate();
            duplicate.flip();
            duplicate.position(position);
            this.f19885d.init(this.f19883b);
            this.f19885d.update(p2);
            this.f19885d.update(duplicate);
            byteBuffer3.put(this.f19885d.doFinal(), 0, AesCtrHmacStreaming.this.f19870c);
        }

        @Override // com.google.crypto.tink.subtle.StreamSegmentEncrypter
        public synchronized void encryptSegment(ByteBuffer byteBuffer, boolean z2, ByteBuffer byteBuffer2) throws GeneralSecurityException {
            int position = byteBuffer2.position();
            byte[] p2 = AesCtrHmacStreaming.this.p(this.f19886e, this.f19888g, z2);
            this.f19884c.init(1, this.f19882a, new IvParameterSpec(p2));
            this.f19888g++;
            this.f19884c.doFinal(byteBuffer, byteBuffer2);
            ByteBuffer duplicate = byteBuffer2.duplicate();
            duplicate.flip();
            duplicate.position(position);
            this.f19885d.init(this.f19883b);
            this.f19885d.update(p2);
            this.f19885d.update(duplicate);
            byteBuffer2.put(this.f19885d.doFinal(), 0, AesCtrHmacStreaming.this.f19870c);
        }

        @Override // com.google.crypto.tink.subtle.StreamSegmentEncrypter
        public ByteBuffer getHeader() {
            return this.f19887f.asReadOnlyBuffer();
        }
    }

    public AesCtrHmacStreaming(byte[] bArr, String str, int i2, String str2, int i3, int i4, int i5) throws GeneralSecurityException {
        if (!FIPS.isCompatible()) {
            throw new GeneralSecurityException("Can not use AES-CTR-HMAC streaming in FIPS-mode.");
        }
        s(bArr.length, i2, str2, i3, i4, i5);
        this.f19875h = Arrays.copyOf(bArr, bArr.length);
        this.f19874g = str;
        this.f19868a = i2;
        this.f19869b = str2;
        this.f19870c = i3;
        this.f19871d = i4;
        this.f19873f = i5;
        this.f19872e = i4 - i3;
    }

    static /* synthetic */ Cipher a() throws GeneralSecurityException {
        return k();
    }

    private static Cipher k() throws GeneralSecurityException {
        return EngineFactory.CIPHER.getInstance("AES/CTR/NoPadding");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SecretKeySpec l(byte[] bArr) throws GeneralSecurityException {
        return new SecretKeySpec(bArr, this.f19868a, 32, this.f19869b);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] m(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        return Hkdf.computeHkdf(this.f19874g, this.f19875h, bArr, bArr2, this.f19868a + 32);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SecretKeySpec n(byte[] bArr) throws GeneralSecurityException {
        return new SecretKeySpec(bArr, 0, this.f19868a, "AES");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Mac o() throws GeneralSecurityException {
        return EngineFactory.MAC.getInstance(this.f19869b);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] p(byte[] bArr, long j2, boolean z2) throws GeneralSecurityException {
        ByteBuffer allocate = ByteBuffer.allocate(16);
        allocate.order(ByteOrder.BIG_ENDIAN);
        allocate.put(bArr);
        SubtleUtil.putAsUnsigedInt(allocate, j2);
        allocate.put(z2 ? (byte) 1 : (byte) 0);
        allocate.putInt(0);
        return allocate.array();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] q() {
        return Random.randBytes(7);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] r() {
        return Random.randBytes(this.f19868a);
    }

    private static void s(int i2, int i3, String str, int i4, int i5, int i6) throws InvalidAlgorithmParameterException {
        if (i2 < 16 || i2 < i3) {
            throw new InvalidAlgorithmParameterException("ikm too short, must be >= " + Math.max(16, i3));
        }
        Validators.validateAesKeySize(i3);
        if (i4 < 10) {
            throw new InvalidAlgorithmParameterException("tag size too small " + i4);
        }
        if ((str.equals("HmacSha1") && i4 > 20) || ((str.equals("HmacSha256") && i4 > 32) || (str.equals("HmacSha512") && i4 > 64))) {
            throw new InvalidAlgorithmParameterException("tag size too big");
        }
        if (((((i5 - i6) - i4) - i3) - 7) - 1 <= 0) {
            throw new InvalidAlgorithmParameterException("ciphertextSegmentSize too small");
        }
    }

    public long expectedCiphertextSize(long j2) {
        long ciphertextOffset = j2 + getCiphertextOffset();
        int i2 = this.f19872e;
        long j3 = (ciphertextOffset / i2) * this.f19871d;
        long j4 = ciphertextOffset % i2;
        return j4 > 0 ? j3 + j4 + this.f19870c : j3;
    }

    @Override // com.google.crypto.tink.subtle.e
    public int getCiphertextOffset() {
        return getHeaderLength() + this.f19873f;
    }

    @Override // com.google.crypto.tink.subtle.e
    public int getCiphertextOverhead() {
        return this.f19870c;
    }

    @Override // com.google.crypto.tink.subtle.e
    public int getCiphertextSegmentSize() {
        return this.f19871d;
    }

    public int getFirstSegmentOffset() {
        return this.f19873f;
    }

    @Override // com.google.crypto.tink.subtle.e
    public int getHeaderLength() {
        return this.f19868a + 1 + 7;
    }

    @Override // com.google.crypto.tink.subtle.e
    public int getPlaintextSegmentSize() {
        return this.f19872e;
    }

    @Override // com.google.crypto.tink.subtle.e, com.google.crypto.tink.StreamingAead
    public /* bridge */ /* synthetic */ ReadableByteChannel newDecryptingChannel(ReadableByteChannel readableByteChannel, byte[] bArr) throws GeneralSecurityException, IOException {
        return super.newDecryptingChannel(readableByteChannel, bArr);
    }

    @Override // com.google.crypto.tink.subtle.e, com.google.crypto.tink.StreamingAead
    public /* bridge */ /* synthetic */ InputStream newDecryptingStream(InputStream inputStream, byte[] bArr) throws GeneralSecurityException, IOException {
        return super.newDecryptingStream(inputStream, bArr);
    }

    @Override // com.google.crypto.tink.subtle.e, com.google.crypto.tink.StreamingAead
    public /* bridge */ /* synthetic */ WritableByteChannel newEncryptingChannel(WritableByteChannel writableByteChannel, byte[] bArr) throws GeneralSecurityException, IOException {
        return super.newEncryptingChannel(writableByteChannel, bArr);
    }

    @Override // com.google.crypto.tink.subtle.e, com.google.crypto.tink.StreamingAead
    public /* bridge */ /* synthetic */ OutputStream newEncryptingStream(OutputStream outputStream, byte[] bArr) throws GeneralSecurityException, IOException {
        return super.newEncryptingStream(outputStream, bArr);
    }

    @Override // com.google.crypto.tink.subtle.e, com.google.crypto.tink.StreamingAead
    public /* bridge */ /* synthetic */ SeekableByteChannel newSeekableDecryptingChannel(SeekableByteChannel seekableByteChannel, byte[] bArr) throws GeneralSecurityException, IOException {
        return super.newSeekableDecryptingChannel(seekableByteChannel, bArr);
    }

    @Override // com.google.crypto.tink.subtle.e
    public a newStreamSegmentDecrypter() throws GeneralSecurityException {
        return new a();
    }

    @Override // com.google.crypto.tink.subtle.e
    public b newStreamSegmentEncrypter(byte[] bArr) throws GeneralSecurityException {
        return new b(bArr);
    }
}
