package com.google.crypto.tink.aead.internal;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.aead.AesGcmSivKey;
import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.subtle.Bytes;
import com.google.crypto.tink.subtle.Hex;
import com.google.crypto.tink.subtle.Random;
import com.google.crypto.tink.subtle.Validators;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/google/crypto/tink/aead/internal/AesGcmSiv.class */
public final class AesGcmSiv implements Aead {
    private static final byte[] testPlaintext = Hex.decode("7a806c");
    private static final byte[] testAad = Hex.decode("46bb91c3c5");
    private static final byte[] testKey = Hex.decode("36864200e0eaf5284d884a0e77d31646");
    private static final byte[] testNounce = Hex.decode("bae8e37fc83441b16034566b");
    private static final byte[] testResult = Hex.decode("af60eb711bd85bc1e4d3e0a462e074eea428a8");
    private static final int IV_SIZE_IN_BYTES = 12;
    private static final int TAG_SIZE_IN_BYTES = 16;
    private final ThrowingSupplier<Cipher> cipherSupplier;
    private final SecretKey keySpec;
    private final byte[] outputPrefix;

    /* loaded from: input_file:com/google/crypto/tink/aead/internal/AesGcmSiv$ThrowingSupplier.class */
    public interface ThrowingSupplier<T> {
        T get() throws GeneralSecurityException;
    }

    public static boolean isAesGcmSivCipher(Cipher cipher) {
        try {
            cipher.init(2, new SecretKeySpec(testKey, "AES"), getParams(testNounce));
            cipher.updateAAD(testAad);
            return Bytes.equal(cipher.doFinal(testResult, 0, testResult.length), testPlaintext);
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    @AccessesPartialKey
    public static Aead create(AesGcmSivKey aesGcmSivKey, ThrowingSupplier<Cipher> throwingSupplier) throws GeneralSecurityException {
        if (isAesGcmSivCipher(throwingSupplier.get())) {
            return new AesGcmSiv(aesGcmSivKey.getKeyBytes().toByteArray(InsecureSecretKeyAccess.get()), aesGcmSivKey.getOutputPrefix().toByteArray(), throwingSupplier);
        }
        throw new IllegalStateException("Cipher does not implement AES GCM SIV.");
    }

    private AesGcmSiv(byte[] bArr, byte[] bArr2, ThrowingSupplier<Cipher> throwingSupplier) throws GeneralSecurityException {
        this.outputPrefix = bArr2;
        Validators.validateAesKeySize(bArr.length);
        this.keySpec = new SecretKeySpec(bArr, "AES");
        this.cipherSupplier = throwingSupplier;
    }

    @Override // com.google.crypto.tink.Aead
    public byte[] encrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        Cipher cipher = this.cipherSupplier.get();
        if (bArr.length > 2147483619 - this.outputPrefix.length) {
            throw new GeneralSecurityException("plaintext too long");
        }
        byte[] copyOf = Arrays.copyOf(this.outputPrefix, this.outputPrefix.length + 12 + bArr.length + 16);
        byte[] randBytes = Random.randBytes(12);
        System.arraycopy(randBytes, 0, copyOf, this.outputPrefix.length, 12);
        cipher.init(1, this.keySpec, getParams(randBytes));
        if (bArr2 != null && bArr2.length != 0) {
            cipher.updateAAD(bArr2);
        }
        int doFinal = cipher.doFinal(bArr, 0, bArr.length, copyOf, this.outputPrefix.length + 12);
        if (doFinal != bArr.length + 16) {
            throw new GeneralSecurityException(String.format("encryption failed; AES-GCM-SIV tag must be %s bytes, but got only %s bytes", 16, Integer.valueOf(doFinal - bArr.length)));
        }
        return copyOf;
    }

    @Override // com.google.crypto.tink.Aead
    public byte[] decrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (bArr.length < this.outputPrefix.length + 12 + 16) {
            throw new GeneralSecurityException("ciphertext too short");
        }
        if (!Util.isPrefix(this.outputPrefix, bArr)) {
            throw new GeneralSecurityException("Decryption failed (OutputPrefix mismatch).");
        }
        Cipher cipher = this.cipherSupplier.get();
        cipher.init(2, this.keySpec, getParams(bArr, this.outputPrefix.length, 12));
        if (bArr2 != null && bArr2.length != 0) {
            cipher.updateAAD(bArr2);
        }
        return cipher.doFinal(bArr, this.outputPrefix.length + 12, (bArr.length - this.outputPrefix.length) - 12);
    }

    private static AlgorithmParameterSpec getParams(byte[] bArr) {
        return getParams(bArr, 0, bArr.length);
    }

    private static AlgorithmParameterSpec getParams(byte[] bArr, int i, int i2) {
        return new GCMParameterSpec(128, bArr, i, i2);
    }
}
