package org.bouncycastle.crypto.engines;

import org.bouncycastle.asn1.cmc.BodyPartID;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.MaxBytesExceededException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.SkippingStreamCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.Pack;
import org.bouncycastle.util.Strings;

/* loaded from: classes11.dex */
public class Salsa20Engine implements SkippingStreamCipher {
    public static final int DEFAULT_ROUNDS = 20;
    private static final int STATE_SIZE = 16;
    private static final int[] TAU_SIGMA = Pack.littleEndianToInt(Strings.toByteArray("expand 16-byte kexpand 32-byte k"), 0, 8);
    protected static final byte[] sigma = Strings.toByteArray("expand 32-byte k");
    protected static final byte[] tau = Strings.toByteArray("expand 16-byte k");

    /* renamed from: cW0, reason: collision with root package name */
    private int f150844cW0;
    private int cW1;
    private int cW2;
    protected int[] engineState;
    private int index;
    private boolean initialised;
    private byte[] keyStream;
    protected int rounds;

    /* renamed from: x, reason: collision with root package name */
    protected int[] f150845x;

    public Salsa20Engine() {
        this(20);
    }

    public Salsa20Engine(int i12) {
        this.index = 0;
        this.engineState = new int[16];
        this.f150845x = new int[16];
        this.keyStream = new byte[64];
        this.initialised = false;
        if (i12 <= 0 || (i12 & 1) != 0) {
            throw new IllegalArgumentException("'rounds' must be a positive, even number");
        }
        this.rounds = i12;
    }

    private boolean limitExceeded() {
        int i12 = this.f150844cW0 + 1;
        this.f150844cW0 = i12;
        if (i12 == 0) {
            int i13 = this.cW1 + 1;
            this.cW1 = i13;
            if (i13 == 0) {
                int i14 = this.cW2 + 1;
                this.cW2 = i14;
                if ((i14 & 32) != 0) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean limitExceeded(int i12) {
        int i13 = this.f150844cW0 + i12;
        this.f150844cW0 = i13;
        if (i13 < i12 && i13 >= 0) {
            int i14 = this.cW1 + 1;
            this.cW1 = i14;
            if (i14 == 0) {
                int i15 = this.cW2 + 1;
                this.cW2 = i15;
                if ((i15 & 32) != 0) {
                    return true;
                }
            }
        }
        return false;
    }

    private void resetLimitCounter() {
        this.f150844cW0 = 0;
        this.cW1 = 0;
        this.cW2 = 0;
    }

    public static void salsaCore(int i12, int[] iArr, int[] iArr2) {
        if (iArr.length != 16) {
            throw new IllegalArgumentException();
        }
        if (iArr2.length != 16) {
            throw new IllegalArgumentException();
        }
        if (i12 % 2 != 0) {
            throw new IllegalArgumentException("Number of rounds must be even");
        }
        int i13 = iArr[0];
        int i14 = iArr[1];
        int i15 = iArr[2];
        int i16 = iArr[3];
        int i17 = iArr[4];
        int i18 = iArr[5];
        int i19 = iArr[6];
        int i22 = 7;
        int i23 = iArr[7];
        int i24 = iArr[8];
        int i25 = 9;
        int i26 = iArr[9];
        int i27 = iArr[10];
        int i28 = iArr[11];
        int i29 = iArr[12];
        int i32 = 13;
        int i33 = iArr[13];
        int i34 = iArr[14];
        int i35 = iArr[15];
        int i36 = i34;
        int i37 = i33;
        int i38 = i29;
        int i39 = i28;
        int i42 = i27;
        int i43 = i26;
        int i44 = i24;
        int i45 = i23;
        int i46 = i19;
        int i47 = i18;
        int i48 = i17;
        int i49 = i16;
        int i52 = i15;
        int i53 = i14;
        int i54 = i13;
        int i55 = i12;
        while (i55 > 0) {
            int rotateLeft = Integers.rotateLeft(i54 + i38, i22) ^ i48;
            int rotateLeft2 = i44 ^ Integers.rotateLeft(rotateLeft + i54, i25);
            int rotateLeft3 = i38 ^ Integers.rotateLeft(rotateLeft2 + rotateLeft, i32);
            int rotateLeft4 = i54 ^ Integers.rotateLeft(rotateLeft3 + rotateLeft2, 18);
            int rotateLeft5 = i43 ^ Integers.rotateLeft(i47 + i53, i22);
            int rotateLeft6 = i37 ^ Integers.rotateLeft(rotateLeft5 + i47, i25);
            int rotateLeft7 = Integers.rotateLeft(rotateLeft6 + rotateLeft5, i32) ^ i53;
            int rotateLeft8 = Integers.rotateLeft(rotateLeft7 + rotateLeft6, 18) ^ i47;
            int rotateLeft9 = i36 ^ Integers.rotateLeft(i42 + i46, 7);
            int rotateLeft10 = i52 ^ Integers.rotateLeft(rotateLeft9 + i42, 9);
            int rotateLeft11 = i46 ^ Integers.rotateLeft(rotateLeft10 + rotateLeft9, 13);
            int rotateLeft12 = i42 ^ Integers.rotateLeft(rotateLeft11 + rotateLeft10, 18);
            int rotateLeft13 = i49 ^ Integers.rotateLeft(i35 + i39, 7);
            int rotateLeft14 = i45 ^ Integers.rotateLeft(rotateLeft13 + i35, 9);
            int rotateLeft15 = i39 ^ Integers.rotateLeft(rotateLeft14 + rotateLeft13, 13);
            int rotateLeft16 = i35 ^ Integers.rotateLeft(rotateLeft15 + rotateLeft14, 18);
            int rotateLeft17 = rotateLeft7 ^ Integers.rotateLeft(rotateLeft4 + rotateLeft13, 7);
            int rotateLeft18 = Integers.rotateLeft(rotateLeft17 + rotateLeft4, 9) ^ rotateLeft10;
            int rotateLeft19 = rotateLeft13 ^ Integers.rotateLeft(rotateLeft18 + rotateLeft17, 13);
            i54 = rotateLeft4 ^ Integers.rotateLeft(rotateLeft19 + rotateLeft18, 18);
            int rotateLeft20 = Integers.rotateLeft(rotateLeft8 + rotateLeft, 7) ^ rotateLeft11;
            int rotateLeft21 = Integers.rotateLeft(rotateLeft20 + rotateLeft8, 9) ^ rotateLeft14;
            int rotateLeft22 = rotateLeft ^ Integers.rotateLeft(rotateLeft21 + rotateLeft20, 13);
            i47 = rotateLeft8 ^ Integers.rotateLeft(rotateLeft22 + rotateLeft21, 18);
            i39 = rotateLeft15 ^ Integers.rotateLeft(rotateLeft12 + rotateLeft5, 7);
            int rotateLeft23 = Integers.rotateLeft(i39 + rotateLeft12, 9) ^ rotateLeft2;
            int rotateLeft24 = Integers.rotateLeft(rotateLeft23 + i39, 13) ^ rotateLeft5;
            i42 = rotateLeft12 ^ Integers.rotateLeft(rotateLeft24 + rotateLeft23, 18);
            i38 = rotateLeft3 ^ Integers.rotateLeft(rotateLeft16 + rotateLeft9, 7);
            i37 = rotateLeft6 ^ Integers.rotateLeft(i38 + rotateLeft16, 9);
            i36 = rotateLeft9 ^ Integers.rotateLeft(i37 + i38, 13);
            i35 = rotateLeft16 ^ Integers.rotateLeft(i36 + i37, 18);
            i55 -= 2;
            i44 = rotateLeft23;
            i53 = rotateLeft17;
            i46 = rotateLeft20;
            i48 = rotateLeft22;
            i45 = rotateLeft21;
            i43 = rotateLeft24;
            i22 = 7;
            i52 = rotateLeft18;
            i49 = rotateLeft19;
            i25 = 9;
            i32 = 13;
        }
        iArr2[0] = i54 + iArr[0];
        iArr2[1] = i53 + iArr[1];
        iArr2[2] = i52 + iArr[2];
        iArr2[3] = i49 + iArr[3];
        iArr2[4] = i48 + iArr[4];
        iArr2[5] = i47 + iArr[5];
        iArr2[6] = i46 + iArr[6];
        iArr2[7] = i45 + iArr[7];
        iArr2[8] = i44 + iArr[8];
        iArr2[9] = i43 + iArr[9];
        iArr2[10] = i42 + iArr[10];
        iArr2[11] = i39 + iArr[11];
        iArr2[12] = i38 + iArr[12];
        iArr2[13] = i37 + iArr[13];
        iArr2[14] = i36 + iArr[14];
        iArr2[15] = i35 + iArr[15];
    }

    public void advanceCounter() {
        int[] iArr = this.engineState;
        int i12 = iArr[8] + 1;
        iArr[8] = i12;
        if (i12 == 0) {
            iArr[9] = iArr[9] + 1;
        }
    }

    public void advanceCounter(long j12) {
        int i12 = (int) (j12 >>> 32);
        int i13 = (int) j12;
        if (i12 > 0) {
            int[] iArr = this.engineState;
            iArr[9] = iArr[9] + i12;
        }
        int[] iArr2 = this.engineState;
        int i14 = iArr2[8];
        int i15 = i13 + i14;
        iArr2[8] = i15;
        if (i14 == 0 || i15 >= i14) {
            return;
        }
        iArr2[9] = iArr2[9] + 1;
    }

    public void generateKeyStream(byte[] bArr) {
        salsaCore(this.rounds, this.engineState, this.f150845x);
        Pack.intToLittleEndian(this.f150845x, bArr, 0);
    }

    @Override // org.bouncycastle.crypto.StreamCipher
    public String getAlgorithmName() {
        if (this.rounds == 20) {
            return "Salsa20";
        }
        return "Salsa20/" + this.rounds;
    }

    public long getCounter() {
        int[] iArr = this.engineState;
        return (iArr[9] << 32) | (iArr[8] & BodyPartID.bodyIdMax);
    }

    public int getNonceSize() {
        return 8;
    }

    @Override // org.bouncycastle.crypto.SkippingCipher
    public long getPosition() {
        return (getCounter() * 64) + this.index;
    }

    @Override // org.bouncycastle.crypto.StreamCipher
    public void init(boolean z12, CipherParameters cipherParameters) {
        if (!(cipherParameters instanceof ParametersWithIV)) {
            throw new IllegalArgumentException(getAlgorithmName() + " Init parameters must include an IV");
        }
        ParametersWithIV parametersWithIV = (ParametersWithIV) cipherParameters;
        byte[] iv2 = parametersWithIV.getIV();
        if (iv2 == null || iv2.length != getNonceSize()) {
            throw new IllegalArgumentException(getAlgorithmName() + " requires exactly " + getNonceSize() + " bytes of IV");
        }
        CipherParameters parameters = parametersWithIV.getParameters();
        if (parameters == null) {
            if (!this.initialised) {
                throw new IllegalStateException(getAlgorithmName() + " KeyParameter can not be null for first initialisation");
            }
            setKey(null, iv2);
        } else {
            if (!(parameters instanceof KeyParameter)) {
                throw new IllegalArgumentException(getAlgorithmName() + " Init parameters must contain a KeyParameter (or null for re-init)");
            }
            setKey(((KeyParameter) parameters).getKey(), iv2);
        }
        reset();
        this.initialised = true;
    }

    public void packTauOrSigma(int i12, int[] iArr, int i13) {
        int i14 = (i12 - 16) / 4;
        int[] iArr2 = TAU_SIGMA;
        iArr[i13] = iArr2[i14];
        iArr[i13 + 1] = iArr2[i14 + 1];
        iArr[i13 + 2] = iArr2[i14 + 2];
        iArr[i13 + 3] = iArr2[i14 + 3];
    }

    @Override // org.bouncycastle.crypto.StreamCipher
    public int processBytes(byte[] bArr, int i12, int i13, byte[] bArr2, int i14) {
        if (!this.initialised) {
            throw new IllegalStateException(getAlgorithmName() + " not initialised");
        }
        if (i12 + i13 > bArr.length) {
            throw new DataLengthException("input buffer too short");
        }
        if (i14 + i13 > bArr2.length) {
            throw new OutputLengthException("output buffer too short");
        }
        if (limitExceeded(i13)) {
            throw new MaxBytesExceededException("2^70 byte limit per IV would be exceeded; Change IV");
        }
        for (int i15 = 0; i15 < i13; i15++) {
            byte[] bArr3 = this.keyStream;
            int i16 = this.index;
            bArr2[i15 + i14] = (byte) (bArr3[i16] ^ bArr[i15 + i12]);
            int i17 = (i16 + 1) & 63;
            this.index = i17;
            if (i17 == 0) {
                advanceCounter();
                generateKeyStream(this.keyStream);
            }
        }
        return i13;
    }

    @Override // org.bouncycastle.crypto.StreamCipher
    public void reset() {
        this.index = 0;
        resetLimitCounter();
        resetCounter();
        generateKeyStream(this.keyStream);
    }

    public void resetCounter() {
        int[] iArr = this.engineState;
        iArr[9] = 0;
        iArr[8] = 0;
    }

    public void retreatCounter() {
        int[] iArr = this.engineState;
        int i12 = iArr[8];
        if (i12 == 0 && iArr[9] == 0) {
            throw new IllegalStateException("attempt to reduce counter past zero.");
        }
        int i13 = i12 - 1;
        iArr[8] = i13;
        if (i13 == -1) {
            iArr[9] = iArr[9] - 1;
        }
    }

    public void retreatCounter(long j12) {
        int i12 = (int) (j12 >>> 32);
        int i13 = (int) j12;
        if (i12 != 0) {
            int[] iArr = this.engineState;
            int i14 = iArr[9];
            if ((i14 & BodyPartID.bodyIdMax) < (i12 & BodyPartID.bodyIdMax)) {
                throw new IllegalStateException("attempt to reduce counter past zero.");
            }
            iArr[9] = i14 - i12;
        }
        int[] iArr2 = this.engineState;
        int i15 = iArr2[8];
        if ((i15 & BodyPartID.bodyIdMax) >= (BodyPartID.bodyIdMax & i13)) {
            iArr2[8] = i15 - i13;
            return;
        }
        int i16 = iArr2[9];
        if (i16 == 0) {
            throw new IllegalStateException("attempt to reduce counter past zero.");
        }
        iArr2[9] = i16 - 1;
        iArr2[8] = i15 - i13;
    }

    @Override // org.bouncycastle.crypto.StreamCipher
    public byte returnByte(byte b12) {
        if (limitExceeded()) {
            throw new MaxBytesExceededException("2^70 byte limit per IV; Change IV");
        }
        byte[] bArr = this.keyStream;
        int i12 = this.index;
        byte b13 = (byte) (b12 ^ bArr[i12]);
        int i13 = (i12 + 1) & 63;
        this.index = i13;
        if (i13 == 0) {
            advanceCounter();
            generateKeyStream(this.keyStream);
        }
        return b13;
    }

    @Override // org.bouncycastle.crypto.SkippingCipher
    public long seekTo(long j12) {
        reset();
        return skip(j12);
    }

    public void setKey(byte[] bArr, byte[] bArr2) {
        if (bArr != null) {
            if (bArr.length != 16 && bArr.length != 32) {
                throw new IllegalArgumentException(getAlgorithmName() + " requires 128 bit or 256 bit key");
            }
            int length = (bArr.length - 16) / 4;
            int[] iArr = this.engineState;
            int[] iArr2 = TAU_SIGMA;
            iArr[0] = iArr2[length];
            iArr[5] = iArr2[length + 1];
            iArr[10] = iArr2[length + 2];
            iArr[15] = iArr2[length + 3];
            Pack.littleEndianToInt(bArr, 0, iArr, 1, 4);
            Pack.littleEndianToInt(bArr, bArr.length - 16, this.engineState, 11, 4);
        }
        Pack.littleEndianToInt(bArr2, 0, this.engineState, 6, 2);
    }

    @Override // org.bouncycastle.crypto.SkippingCipher
    public long skip(long j12) {
        long j13;
        if (j12 >= 0) {
            if (j12 >= 64) {
                long j14 = j12 / 64;
                advanceCounter(j14);
                j13 = j12 - (j14 * 64);
            } else {
                j13 = j12;
            }
            int i12 = this.index;
            int i13 = (((int) j13) + i12) & 63;
            this.index = i13;
            if (i13 < i12) {
                advanceCounter();
            }
        } else {
            long j15 = -j12;
            if (j15 >= 64) {
                long j16 = j15 / 64;
                retreatCounter(j16);
                j15 -= j16 * 64;
            }
            for (long j17 = 0; j17 < j15; j17++) {
                if (this.index == 0) {
                    retreatCounter();
                }
                this.index = (this.index - 1) & 63;
            }
        }
        generateKeyStream(this.keyStream);
        return j12;
    }
}
