package com.aostarit.bouncycastle.crypto.tls;

import com.aostarit.bouncycastle.crypto.BlockCipher;
import com.aostarit.bouncycastle.crypto.Digest;
import com.aostarit.bouncycastle.crypto.params.KeyParameter;
import com.aostarit.bouncycastle.crypto.params.ParametersWithIV;
import com.aostarit.bouncycastle.util.Arrays;
import java.io.IOException;
import java.security.SecureRandom;

/* loaded from: input_file:com/aostarit/bouncycastle/crypto/tls/TlsBlockCipher.class */
public class TlsBlockCipher implements TlsCipher {
    protected TlsClientContext context;
    protected BlockCipher encryptCipher;
    protected BlockCipher decryptCipher;
    protected TlsMac writeMac;
    protected TlsMac readMac;

    public TlsBlockCipher(TlsClientContext tlsClientContext, BlockCipher blockCipher, BlockCipher blockCipher2, Digest digest, Digest digest2, int i) {
        this.context = tlsClientContext;
        this.encryptCipher = blockCipher;
        this.decryptCipher = blockCipher2;
        int digestSize = (2 * i) + digest.getDigestSize() + digest2.getDigestSize() + blockCipher.getBlockSize() + blockCipher2.getBlockSize();
        SecurityParameters securityParameters = tlsClientContext.getSecurityParameters();
        byte[] PRF = TlsUtils.PRF(securityParameters.masterSecret, "key expansion", TlsUtils.concat(securityParameters.serverRandom, securityParameters.clientRandom), digestSize);
        this.writeMac = new TlsMac(digest, PRF, 0, digest.getDigestSize());
        int digestSize2 = 0 + digest.getDigestSize();
        this.readMac = new TlsMac(digest2, PRF, digestSize2, digest2.getDigestSize());
        int digestSize3 = digestSize2 + digest2.getDigestSize();
        initCipher(true, blockCipher, PRF, i, digestSize3, digestSize3 + (i * 2));
        int i2 = digestSize3 + i;
        initCipher(false, blockCipher2, PRF, i, i2, i2 + i + blockCipher.getBlockSize());
    }

    protected void initCipher(boolean z, BlockCipher blockCipher, byte[] bArr, int i, int i2, int i3) {
        blockCipher.init(z, new ParametersWithIV(new KeyParameter(bArr, i2, i), bArr, i3, blockCipher.getBlockSize()));
    }

    @Override // com.aostarit.bouncycastle.crypto.tls.TlsCipher
    public byte[] encodePlaintext(short s, byte[] bArr, int i, int i2) {
        int blockSize = this.encryptCipher.getBlockSize();
        int size = blockSize - (((i2 + this.writeMac.getSize()) + 1) % blockSize);
        int chooseExtraPadBlocks = size + (chooseExtraPadBlocks(this.context.getSecureRandom(), (CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV - size) / blockSize) * blockSize);
        int size2 = i2 + this.writeMac.getSize() + chooseExtraPadBlocks + 1;
        byte[] bArr2 = new byte[size2];
        System.arraycopy(bArr, i, bArr2, 0, i2);
        byte[] calculateMac = this.writeMac.calculateMac(s, bArr, i, i2);
        System.arraycopy(calculateMac, 0, bArr2, i2, calculateMac.length);
        int length = i2 + calculateMac.length;
        for (int i3 = 0; i3 <= chooseExtraPadBlocks; i3++) {
            bArr2[i3 + length] = (byte) chooseExtraPadBlocks;
        }
        int i4 = 0;
        while (true) {
            int i5 = i4;
            if (i5 >= size2) {
                return bArr2;
            }
            this.encryptCipher.processBlock(bArr2, i5, bArr2, i5);
            i4 = i5 + blockSize;
        }
    }

    @Override // com.aostarit.bouncycastle.crypto.tls.TlsCipher
    public byte[] decodeCiphertext(short s, byte[] bArr, int i, int i2) throws IOException {
        int size = this.readMac.getSize() + 1;
        int blockSize = this.decryptCipher.getBlockSize();
        boolean z = false;
        if (i2 < size) {
            throw new TlsFatalAlert((short) 50);
        }
        if (i2 % blockSize != 0) {
            throw new TlsFatalAlert((short) 21);
        }
        int i3 = 0;
        while (true) {
            int i4 = i3;
            if (i4 >= i2) {
                break;
            }
            this.decryptCipher.processBlock(bArr, i4 + i, bArr, i4 + i);
            i3 = i4 + blockSize;
        }
        int i5 = (i + i2) - 1;
        byte b = bArr[i5];
        int i6 = b & CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
        if (i6 > i2 - size) {
            z = true;
            i6 = 0;
        } else {
            byte b2 = 0;
            for (int i7 = i5 - i6; i7 < i5; i7++) {
                b2 = (byte) (b2 | (bArr[i7] ^ b));
            }
            if (b2 != 0) {
                z = true;
                i6 = 0;
            }
        }
        int i8 = (i2 - size) - i6;
        byte[] calculateMac = this.readMac.calculateMac(s, bArr, i, i8);
        byte[] bArr2 = new byte[calculateMac.length];
        System.arraycopy(bArr, i + i8, bArr2, 0, calculateMac.length);
        if (!Arrays.constantTimeAreEqual(calculateMac, bArr2)) {
            z = true;
        }
        if (z) {
            throw new TlsFatalAlert((short) 20);
        }
        byte[] bArr3 = new byte[i8];
        System.arraycopy(bArr, i, bArr3, 0, i8);
        return bArr3;
    }

    protected int chooseExtraPadBlocks(SecureRandom secureRandom, int i) {
        return Math.min(lowestBitSet(secureRandom.nextInt()), i);
    }

    protected int lowestBitSet(int i) {
        if (i == 0) {
            return 32;
        }
        int i2 = 0;
        while ((i & 1) == 0) {
            i2++;
            i >>= 1;
        }
        return i2;
    }
}
