package org.bouncycastle.crypto.engines;

import java.io.ByteArrayOutputStream;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
import org.bouncycastle.crypto.modes.AEADCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Pack;

/* loaded from: input_file:lib/bcprov-jdk15to18-1.73.jar:org/bouncycastle/crypto/engines/SparkleEngine.class */
public class SparkleEngine implements AEADCipher {
    private String algorithmName;
    private boolean forEncryption;
    private final int[] state;
    private final int[] k;
    private final int[] npub;
    private byte[] tag;
    private boolean initialised;
    private boolean encrypted;
    private boolean aadFinished;
    private final ByteArrayOutputStream aadData = new ByteArrayOutputStream();
    private final ByteArrayOutputStream message = new ByteArrayOutputStream();
    private final int SCHWAEMM_KEY_LEN;
    private final int SCHWAEMM_NONCE_LEN;
    private final int SPARKLE_STEPS_SLIM;
    private final int SPARKLE_STEPS_BIG;
    private final int KEY_WORDS;
    private final int KEY_BYTES;
    private final int TAG_WORDS;
    private final int TAG_BYTES;
    private final int STATE_BRANS;
    private final int STATE_WORDS;
    private final int RATE_WORDS;
    private final int RATE_BYTES;
    private final int CAP_WORDS;
    private final int _A0;
    private final int _A1;
    private final int _M2;
    private final int _M3;
    private static final int[] RCON = {-1209970334, -1083090816, 951376470, 844003128, -1156479509, 1333558103, -809524792, -1028445891};

    /* loaded from: input_file:lib/bcprov-jdk15to18-1.73.jar:org/bouncycastle/crypto/engines/SparkleEngine$SparkleParameters.class */
    public enum SparkleParameters {
        SCHWAEMM128_128,
        SCHWAEMM256_128,
        SCHWAEMM192_192,
        SCHWAEMM256_256
    }

    public SparkleEngine(SparkleParameters sparkleParameters) {
        int i;
        int i2;
        int i3;
        switch (sparkleParameters) {
            case SCHWAEMM128_128:
                this.SCHWAEMM_KEY_LEN = 128;
                this.SCHWAEMM_NONCE_LEN = 128;
                i = 128;
                i2 = 256;
                i3 = 128;
                this.SPARKLE_STEPS_SLIM = 7;
                this.SPARKLE_STEPS_BIG = 10;
                this.algorithmName = "SCHWAEMM128-128";
                break;
            case SCHWAEMM256_128:
                this.SCHWAEMM_KEY_LEN = 128;
                this.SCHWAEMM_NONCE_LEN = 256;
                i = 128;
                i2 = 384;
                i3 = 128;
                this.SPARKLE_STEPS_SLIM = 7;
                this.SPARKLE_STEPS_BIG = 11;
                this.algorithmName = "SCHWAEMM256-128";
                break;
            case SCHWAEMM192_192:
                this.SCHWAEMM_KEY_LEN = 192;
                this.SCHWAEMM_NONCE_LEN = 192;
                i = 192;
                i2 = 384;
                i3 = 192;
                this.SPARKLE_STEPS_SLIM = 7;
                this.SPARKLE_STEPS_BIG = 11;
                this.algorithmName = "SCHWAEMM192-192";
                break;
            case SCHWAEMM256_256:
                this.SCHWAEMM_KEY_LEN = 256;
                this.SCHWAEMM_NONCE_LEN = 256;
                i = 256;
                i2 = 512;
                i3 = 256;
                this.SPARKLE_STEPS_SLIM = 8;
                this.SPARKLE_STEPS_BIG = 12;
                this.algorithmName = "SCHWAEMM256-256";
                break;
            default:
                throw new IllegalArgumentException("Invalid definition of SCHWAEMM instance");
        }
        this.KEY_WORDS = this.SCHWAEMM_KEY_LEN >>> 5;
        this.KEY_BYTES = this.SCHWAEMM_KEY_LEN >>> 3;
        this.TAG_WORDS = i >>> 5;
        this.TAG_BYTES = i >>> 3;
        this.STATE_BRANS = i2 >>> 6;
        this.STATE_WORDS = i2 >>> 5;
        this.RATE_WORDS = this.SCHWAEMM_NONCE_LEN >>> 5;
        this.RATE_BYTES = this.SCHWAEMM_NONCE_LEN >>> 3;
        int i4 = i3 >>> 6;
        this.CAP_WORDS = i3 >>> 5;
        this._A0 = (1 << i4) << 24;
        this._A1 = (1 ^ (1 << i4)) << 24;
        this._M2 = (2 ^ (1 << i4)) << 24;
        this._M3 = (3 ^ (1 << i4)) << 24;
        this.state = new int[this.STATE_WORDS];
        this.k = new int[this.KEY_WORDS];
        this.npub = new int[this.RATE_WORDS];
        this.initialised = false;
    }

    private int ROT(int i, int i2) {
        return (i >>> i2) | (i << (32 - i2));
    }

    private int ELL(int i) {
        return ROT(i ^ (i << 16), 16);
    }

    void sparkle_opt(int[] iArr, int i, int i2) {
        for (int i3 = 0; i3 < i2; i3++) {
            iArr[1] = iArr[1] ^ RCON[i3 & 7];
            iArr[3] = iArr[3] ^ i3;
            for (int i4 = 0; i4 < 2 * i; i4 += 2) {
                int i5 = RCON[i4 >>> 1];
                int i6 = i4;
                iArr[i6] = iArr[i6] + ROT(iArr[i4 + 1], 31);
                int i7 = i4 + 1;
                iArr[i7] = iArr[i7] ^ ROT(iArr[i4], 24);
                int i8 = i4;
                iArr[i8] = iArr[i8] ^ i5;
                int i9 = i4;
                iArr[i9] = iArr[i9] + ROT(iArr[i4 + 1], 17);
                int i10 = i4 + 1;
                iArr[i10] = iArr[i10] ^ ROT(iArr[i4], 17);
                int i11 = i4;
                iArr[i11] = iArr[i11] ^ i5;
                int i12 = i4;
                iArr[i12] = iArr[i12] + iArr[i4 + 1];
                int i13 = i4 + 1;
                iArr[i13] = iArr[i13] ^ ROT(iArr[i4], 31);
                int i14 = i4;
                iArr[i14] = iArr[i14] ^ i5;
                int i15 = i4;
                iArr[i15] = iArr[i15] + ROT(iArr[i4 + 1], 24);
                int i16 = i4 + 1;
                iArr[i16] = iArr[i16] ^ ROT(iArr[i4], 16);
                int i17 = i4;
                iArr[i17] = iArr[i17] ^ i5;
            }
            int i18 = iArr[0];
            int i19 = i18;
            int i20 = iArr[1];
            int i21 = i20;
            for (int i22 = 2; i22 < i; i22 += 2) {
                i19 ^= iArr[i22];
                i21 ^= iArr[i22 + 1];
            }
            int ELL = ELL(i19);
            int ELL2 = ELL(i21);
            for (int i23 = 2; i23 < i; i23 += 2) {
                iArr[i23 - 2] = (iArr[i23 + i] ^ iArr[i23]) ^ ELL2;
                iArr[i23 + i] = iArr[i23];
                iArr[i23 - 1] = (iArr[(i23 + i) + 1] ^ iArr[i23 + 1]) ^ ELL;
                iArr[i23 + i + 1] = iArr[i23 + 1];
            }
            iArr[i - 2] = (iArr[i] ^ i18) ^ ELL2;
            iArr[i] = i18;
            iArr[i - 1] = (iArr[i + 1] ^ i20) ^ ELL;
            iArr[i + 1] = i20;
        }
    }

    private int CAP_INDEX(int i) {
        return this.RATE_WORDS > this.CAP_WORDS ? i & (this.CAP_WORDS - 1) : i;
    }

    void ProcessAssocData(int[] iArr) {
        int size = this.aadData.size();
        if (this.aadFinished || size == 0) {
            return;
        }
        this.aadFinished = true;
        byte[] byteArray = this.aadData.toByteArray();
        int i = 0;
        int[] littleEndianToInt = Pack.littleEndianToInt(byteArray, 0, byteArray.length >>> 2);
        while (size > this.RATE_BYTES) {
            int i2 = 0;
            int i3 = this.RATE_WORDS / 2;
            while (i2 < this.RATE_WORDS / 2) {
                int i4 = iArr[i2];
                iArr[i2] = (iArr[i3] ^ littleEndianToInt[i2 + (i >> 2)]) ^ iArr[this.RATE_WORDS + i2];
                int i5 = i3;
                iArr[i5] = iArr[i5] ^ ((i4 ^ littleEndianToInt[i3 + (i >> 2)]) ^ iArr[this.RATE_WORDS + CAP_INDEX(i3)]);
                i2++;
                i3++;
            }
            sparkle_opt(iArr, this.STATE_BRANS, this.SPARKLE_STEPS_SLIM);
            size -= this.RATE_BYTES;
            i += this.RATE_BYTES;
        }
        int i6 = this.STATE_WORDS - 1;
        iArr[i6] = iArr[i6] ^ (size < this.RATE_BYTES ? this._A0 : this._A1);
        int[] iArr2 = new int[this.RATE_WORDS];
        int i7 = 0;
        while (i7 < size) {
            int i8 = i7 >>> 2;
            int i9 = i;
            i++;
            iArr2[i8] = iArr2[i8] | (byteArray[i9] << ((i7 & 3) << 3));
            i7++;
        }
        if (size < this.RATE_BYTES) {
            int i10 = i7 >>> 2;
            iArr2[i10] = iArr2[i10] | (128 << ((i7 & 3) << 3));
        }
        int i11 = 0;
        int i12 = this.RATE_WORDS / 2;
        while (i11 < this.RATE_WORDS / 2) {
            int i13 = iArr[i11];
            iArr[i11] = (iArr[i12] ^ iArr2[i11]) ^ iArr[this.RATE_WORDS + i11];
            int i14 = i12;
            iArr[i14] = iArr[i14] ^ ((i13 ^ iArr2[i12]) ^ iArr[this.RATE_WORDS + CAP_INDEX(i12)]);
            i11++;
            i12++;
        }
        sparkle_opt(iArr, this.STATE_BRANS, this.SPARKLE_STEPS_BIG);
    }

    private int ProcessPlainText(int[] iArr, byte[] bArr, byte[] bArr2, int i, int i2) {
        int i3 = 0;
        int[] littleEndianToInt = Pack.littleEndianToInt(bArr2, i, bArr2.length >>> 2);
        int[] iArr2 = new int[bArr.length >>> 2];
        int i4 = 0;
        while (i2 > this.RATE_BYTES) {
            int i5 = 0;
            int i6 = this.RATE_WORDS / 2;
            while (i5 < this.RATE_WORDS / 2) {
                int i7 = iArr[i5];
                int i8 = iArr[i6];
                if (this.forEncryption) {
                    iArr[i5] = (iArr[i6] ^ littleEndianToInt[i5 + (i >> 2)]) ^ iArr[this.RATE_WORDS + i5];
                    int i9 = i6;
                    iArr[i9] = iArr[i9] ^ ((i7 ^ littleEndianToInt[i6 + (i >> 2)]) ^ iArr[this.RATE_WORDS + CAP_INDEX(i6)]);
                } else {
                    int i10 = i5;
                    iArr[i10] = iArr[i10] ^ ((iArr[i6] ^ littleEndianToInt[i5 + (i >> 2)]) ^ iArr[this.RATE_WORDS + i5]);
                    iArr[i6] = (i7 ^ littleEndianToInt[i6 + (i >> 2)]) ^ iArr[this.RATE_WORDS + CAP_INDEX(i6)];
                }
                iArr2[i5] = littleEndianToInt[i5] ^ i7;
                iArr2[i6] = littleEndianToInt[i6] ^ i8;
                i5++;
                i6++;
            }
            Pack.intToLittleEndian(iArr2, 0, this.RATE_WORDS, bArr, i3);
            sparkle_opt(iArr, this.STATE_BRANS, this.SPARKLE_STEPS_SLIM);
            i2 -= this.RATE_BYTES;
            i3 += this.RATE_BYTES;
            i += this.RATE_BYTES;
            i4 += this.RATE_BYTES;
            this.encrypted = true;
        }
        return i4;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void init(boolean z, CipherParameters cipherParameters) throws IllegalArgumentException {
        this.forEncryption = z;
        if (!(cipherParameters instanceof ParametersWithIV)) {
            throw new IllegalArgumentException(this.algorithmName + " init parameters must include an IV");
        }
        ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
        byte[] iv = parametersWithIV.getIV();
        if (iv == null || iv.length != this.RATE_BYTES) {
            throw new IllegalArgumentException(this.algorithmName + " requires exactly " + this.RATE_BYTES + " bytes of IV");
        }
        Pack.littleEndianToInt(iv, 0, this.npub, 0, this.RATE_WORDS);
        if (!(parametersWithIV.getParameters() instanceof KeyParameter)) {
            throw new IllegalArgumentException(this.algorithmName + " init parameters must include a key");
        }
        byte[] key = ((KeyParameter) parametersWithIV.getParameters()).getKey();
        if (key.length != this.KEY_BYTES) {
            throw new IllegalArgumentException(this.algorithmName + " key must be " + this.KEY_BYTES + " bits long");
        }
        Pack.littleEndianToInt(key, 0, this.k, 0, this.KEY_WORDS);
        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties(getAlgorithmName(), 128, cipherParameters, Utils.getPurpose(z)));
        this.initialised = true;
        reset();
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public String getAlgorithmName() {
        return this.algorithmName;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADByte(byte b) {
        if (this.encrypted) {
            throw new IllegalArgumentException(this.algorithmName + ": AAD cannot be added after reading a full block(" + getBlockSize() + " bytes) of input for " + (this.forEncryption ? "encryption" : "decryption"));
        }
        this.aadData.write(b);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void processAADBytes(byte[] bArr, int i, int i2) {
        if (this.encrypted) {
            throw new IllegalArgumentException(this.algorithmName + ": AAD cannot be added after reading a full block(" + getBlockSize() + " bytes) of input for " + (this.forEncryption ? "encryption" : "decryption"));
        }
        if (i + i2 > bArr.length) {
            throw new DataLengthException(this.algorithmName + " input buffer too short");
        }
        this.aadData.write(bArr, i, i2);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processByte(byte b, byte[] bArr, int i) throws DataLengthException {
        return processBytes(new byte[]{b}, 0, 1, bArr, i);
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int processBytes(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws DataLengthException {
        if (!this.initialised) {
            throw new IllegalArgumentException(this.algorithmName + " Need call init function before encryption/decryption");
        }
        if (i + i2 > bArr.length) {
            throw new DataLengthException(this.algorithmName + " input buffer too short");
        }
        this.message.write(bArr, i, i2);
        int i4 = 0;
        if ((this.forEncryption && this.message.size() > getBlockSize()) || (!this.forEncryption && this.message.size() - this.TAG_BYTES > getBlockSize())) {
            i4 = this.message.size() - (this.forEncryption ? 0 : this.TAG_BYTES);
            if (((i4 / this.RATE_BYTES) * this.RATE_BYTES) + i3 > bArr2.length) {
                throw new OutputLengthException(this.algorithmName + " output buffer is too short");
            }
            byte[] byteArray = this.message.toByteArray();
            ProcessAssocData(this.state);
            if (i4 != 0) {
                i4 = ProcessPlainText(this.state, bArr2, byteArray, 0, i4);
            }
            this.message.reset();
            this.message.write(byteArray, i4, byteArray.length - i4);
        }
        return i4;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int doFinal(byte[] bArr, int i) throws IllegalStateException, InvalidCipherTextException {
        if (!this.initialised) {
            throw new IllegalArgumentException(this.algorithmName + " needs call init function before dofinal");
        }
        int size = this.message.size() - (this.forEncryption ? 0 : this.TAG_BYTES);
        if ((this.forEncryption && size + this.TAG_BYTES + i > bArr.length) || (!this.forEncryption && size + i > bArr.length)) {
            throw new OutputLengthException("output buffer is too short");
        }
        ProcessAssocData(this.state);
        byte[] byteArray = this.message.toByteArray();
        int i2 = 0;
        if (this.encrypted || size != 0) {
            int[] iArr = this.state;
            int i3 = this.STATE_WORDS - 1;
            iArr[i3] = iArr[i3] ^ (size < this.RATE_BYTES ? this._M2 : this._M3);
            int[] iArr2 = new int[this.RATE_WORDS];
            int i4 = 0;
            while (i4 < size) {
                int i5 = i4 >>> 2;
                int i6 = i2;
                i2++;
                iArr2[i5] = iArr2[i5] | ((byteArray[i6] & 255) << ((i4 & 3) << 3));
                i4++;
            }
            if (size < this.RATE_BYTES) {
                if (!this.forEncryption) {
                    int i7 = (i4 & 3) << 3;
                    int i8 = i4 >>> 2;
                    iArr2[i8] = iArr2[i8] | ((this.state[i4 >>> 2] >>> i7) << i7);
                    int i9 = (i4 >>> 2) + 1;
                    System.arraycopy(this.state, i9, iArr2, i9, this.RATE_WORDS - i9);
                }
                int i10 = i4 >>> 2;
                iArr2[i10] = iArr2[i10] ^ (128 << ((i4 & 3) << 3));
            }
            int i11 = 0;
            int i12 = this.RATE_WORDS / 2;
            while (i11 < this.RATE_WORDS / 2) {
                int i13 = this.state[i11];
                int i14 = this.state[i12];
                if (this.forEncryption) {
                    this.state[i11] = (this.state[i12] ^ iArr2[i11]) ^ this.state[this.RATE_WORDS + i11];
                    int[] iArr3 = this.state;
                    int i15 = i12;
                    iArr3[i15] = iArr3[i15] ^ ((i13 ^ iArr2[i12]) ^ this.state[this.RATE_WORDS + CAP_INDEX(i12)]);
                } else {
                    int[] iArr4 = this.state;
                    int i16 = i11;
                    iArr4[i16] = iArr4[i16] ^ ((this.state[i12] ^ iArr2[i11]) ^ this.state[this.RATE_WORDS + i11]);
                    this.state[i12] = (i13 ^ iArr2[i12]) ^ this.state[this.RATE_WORDS + CAP_INDEX(i12)];
                }
                int i17 = i11;
                iArr2[i17] = iArr2[i17] ^ i13;
                int i18 = i12;
                iArr2[i18] = iArr2[i18] ^ i14;
                i11++;
                i12++;
            }
            for (int i19 = 0; i19 < size; i19++) {
                int i20 = i;
                i++;
                bArr[i20] = (byte) (iArr2[i19 >>> 2] >>> ((i19 & 3) << 3));
            }
            sparkle_opt(this.state, this.STATE_BRANS, this.SPARKLE_STEPS_BIG);
        }
        for (int i21 = 0; i21 < this.KEY_WORDS; i21++) {
            int[] iArr5 = this.state;
            int i22 = this.RATE_WORDS + i21;
            iArr5[i22] = iArr5[i22] ^ this.k[i21];
        }
        this.tag = new byte[this.TAG_BYTES];
        Pack.intToLittleEndian(this.state, this.RATE_WORDS, this.TAG_WORDS, this.tag, 0);
        if (this.forEncryption) {
            System.arraycopy(this.tag, 0, bArr, i, this.TAG_BYTES);
            size += this.TAG_BYTES;
        } else {
            for (int i23 = 0; i23 < this.TAG_BYTES; i23++) {
                if (this.tag[i23] != byteArray[size + i23]) {
                    throw new IllegalArgumentException(this.algorithmName + " mac does not match");
                }
            }
        }
        reset(false);
        return size;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public byte[] getMac() {
        return this.tag;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getUpdateOutputSize(int i) {
        return i;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public int getOutputSize(int i) {
        return i + this.TAG_BYTES;
    }

    @Override // org.bouncycastle.crypto.modes.AEADCipher
    public void reset() {
        if (!this.initialised) {
            throw new IllegalArgumentException(this.algorithmName + " needs call init function before reset");
        }
        reset(true);
    }

    private void reset(boolean z) {
        if (z) {
            this.tag = null;
        }
        System.arraycopy(this.npub, 0, this.state, 0, this.RATE_WORDS);
        System.arraycopy(this.k, 0, this.state, this.RATE_WORDS, this.KEY_WORDS);
        sparkle_opt(this.state, this.STATE_BRANS, this.SPARKLE_STEPS_BIG);
        this.aadData.reset();
        this.message.reset();
        this.encrypted = false;
        this.aadFinished = false;
    }

    public int getBlockSize() {
        return this.RATE_BYTES;
    }

    public int getKeyBytesSize() {
        return this.KEY_BYTES;
    }

    public int getIVBytesSize() {
        return this.RATE_BYTES;
    }
}
