package com.hierynomus.sshj.transport.cipher;

import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.cipher.BaseCipher;
import net.schmizz.sshj.transport.cipher.Cipher;

/* loaded from: input_file:marathon-cli.zip:marathon-0.7.3/lib/sshj-0.33.0.jar:com/hierynomus/sshj/transport/cipher/ChachaPolyCipher.class */
public class ChachaPolyCipher extends BaseCipher {
    private static final int CHACHA_KEY_SIZE = 32;
    private static final int AAD_LENGTH = 4;
    private static final int POLY_TAG_LENGTH = 16;
    private static final String CIPHER_CHACHA = "CHACHA";
    private static final String MAC_POLY1305 = "POLY1305";
    private static final byte[] POLY_KEY_INPUT = new byte[32];
    private final int authSize;
    private byte[] encryptedAad;
    protected Cipher.Mode mode;
    protected javax.crypto.Cipher aadCipher;
    protected Mac mac;
    protected Key cipherKey;
    protected Key aadCipherKey;

    public ChachaPolyCipher(int i, int i2, String str) {
        super(0, i2, str, CIPHER_CHACHA);
        this.authSize = i;
    }

    @Override // net.schmizz.sshj.transport.cipher.BaseCipher, net.schmizz.sshj.transport.cipher.Cipher
    public int getAuthenticationTagSize() {
        return this.authSize;
    }

    @Override // net.schmizz.sshj.transport.cipher.BaseCipher, net.schmizz.sshj.transport.cipher.Cipher
    public void setSequenceNumber(long j) {
        IvParameterSpec ivParameterSpec = new IvParameterSpec(longToBytes(j));
        try {
            this.cipher.init(getMode(this.mode), this.cipherKey, ivParameterSpec);
            this.aadCipher.init(getMode(this.mode), this.aadCipherKey, ivParameterSpec);
            byte[] update = this.cipher.update(POLY_KEY_INPUT);
            this.cipher.update(POLY_KEY_INPUT);
            try {
                this.mac.init(getKeySpec(update));
                this.encryptedAad = null;
            } catch (GeneralSecurityException e) {
                throw new SSHRuntimeException(e);
            }
        } catch (GeneralSecurityException e2) {
            throw new SSHRuntimeException(e2);
        }
    }

    @Override // net.schmizz.sshj.transport.cipher.BaseCipher
    protected void initCipher(javax.crypto.Cipher cipher, Cipher.Mode mode, byte[] bArr, byte[] bArr2) throws InvalidKeyException, InvalidAlgorithmParameterException {
        this.mode = mode;
        this.cipherKey = getKeySpec(Arrays.copyOfRange(bArr, 0, 32));
        this.aadCipherKey = getKeySpec(Arrays.copyOfRange(bArr, 32, 64));
        try {
            this.aadCipher = SecurityUtils.getCipher(CIPHER_CHACHA);
            this.mac = SecurityUtils.getMAC(MAC_POLY1305);
            setSequenceNumber(0L);
        } catch (GeneralSecurityException e) {
            this.aadCipher = null;
            this.mac = null;
            throw new SSHRuntimeException(e);
        }
    }

    @Override // net.schmizz.sshj.transport.cipher.BaseCipher, net.schmizz.sshj.transport.cipher.Cipher
    public void updateAAD(byte[] bArr, int i, int i2) {
        if (i != 0 || i2 != 4) {
            throw new IllegalArgumentException(String.format("updateAAD called with offset %d and length %d", Integer.valueOf(i), Integer.valueOf(i2)));
        }
        if (this.mode == Cipher.Mode.Decrypt) {
            this.encryptedAad = Arrays.copyOfRange(bArr, 0, 4);
        }
        try {
            this.aadCipher.update(bArr, 0, 4, bArr, 0);
        } catch (GeneralSecurityException e) {
            throw new SSHRuntimeException("Error updating data through cipher", e);
        }
    }

    @Override // net.schmizz.sshj.transport.cipher.BaseCipher, net.schmizz.sshj.transport.cipher.Cipher
    public void updateAAD(byte[] bArr) {
        updateAAD(bArr, 0, 4);
    }

    @Override // net.schmizz.sshj.transport.cipher.BaseCipher, net.schmizz.sshj.transport.cipher.Cipher
    public void update(byte[] bArr, int i, int i2) {
        if (i != 4) {
            throw new IllegalArgumentException("updateAAD called with inputOffset " + i);
        }
        int i3 = 4 + i2;
        if (this.mode == Cipher.Mode.Decrypt) {
            byte[] bArr2 = new byte[i3];
            System.arraycopy(this.encryptedAad, 0, bArr2, 0, 4);
            System.arraycopy(bArr, 4, bArr2, 4, i2);
            if (!Arrays.equals(Arrays.copyOfRange(bArr, i3, i3 + 16), this.mac.doFinal(bArr2))) {
                throw new SSHRuntimeException("MAC Error");
            }
        }
        try {
            this.cipher.update(bArr, 4, i2, bArr, 4);
            if (this.mode == Cipher.Mode.Encrypt) {
                System.arraycopy(this.mac.doFinal(Arrays.copyOf(bArr, i3)), 0, bArr, i3, 16);
            }
        } catch (GeneralSecurityException e) {
            throw new SSHRuntimeException("Error updating data through cipher", e);
        }
    }

    private byte[] longToBytes(long j) {
        return new byte[]{(byte) (j >> 56), (byte) (j >> 48), (byte) (j >> 40), (byte) (j >> 32), (byte) (j >> 24), (byte) (j >> 16), (byte) (j >> 8), (byte) j};
    }
}
