package org.jitsi.impl.neomedia.transform.srtp;

import java.util.Arrays;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.Mac;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.engines.TwofishEngine;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.jitsi.bccontrib.macs.SkeinMac;
import org.jitsi.bccontrib.params.ParametersForSkein;
import org.jitsi.impl.neomedia.RawPacket;

/* loaded from: input_file:org/jitsi/impl/neomedia/transform/srtp/SRTPCryptoContext.class */
public class SRTPCryptoContext {
    private static final long REPLAY_WINDOW_SIZE = 64;
    private long ssrcCtx;
    private byte[] mki;
    private int roc;
    private int guessedROC;
    private int seqNum;
    private boolean seqNumSet;
    private long keyDerivationRate;
    private long replayWindow;
    private byte[] masterKey;
    private byte[] masterSalt;
    private byte[] encKey;
    private byte[] authKey;
    private byte[] saltKey;
    private final SRTPPolicy policy;
    private Mac mac;
    private BlockCipher cipher;
    private BlockCipher cipherF8;
    private final SRTPCipherCTR cipherCtr;
    private final byte[] tagStore;
    private final byte[] ivStore;
    private final byte[] rbStore;
    private final byte[] tempStore;

    public SRTPCryptoContext(long j) {
        this.cipher = null;
        this.cipherF8 = null;
        this.cipherCtr = new SRTPCipherCTR();
        this.ivStore = new byte[16];
        this.rbStore = new byte[4];
        this.tempStore = new byte[100];
        this.ssrcCtx = j;
        this.mki = null;
        this.roc = 0;
        this.guessedROC = 0;
        this.seqNum = 0;
        this.keyDerivationRate = 0L;
        this.masterKey = null;
        this.masterSalt = null;
        this.encKey = null;
        this.authKey = null;
        this.saltKey = null;
        this.seqNumSet = false;
        this.policy = null;
        this.tagStore = null;
    }

    public SRTPCryptoContext(long j, int i, long j2, byte[] bArr, byte[] bArr2, SRTPPolicy sRTPPolicy) {
        this.cipher = null;
        this.cipherF8 = null;
        this.cipherCtr = new SRTPCipherCTR();
        this.ivStore = new byte[16];
        this.rbStore = new byte[4];
        this.tempStore = new byte[100];
        this.ssrcCtx = j;
        this.mki = null;
        this.roc = i;
        this.guessedROC = 0;
        this.seqNum = 0;
        this.keyDerivationRate = j2;
        this.seqNumSet = false;
        this.policy = sRTPPolicy;
        this.masterKey = new byte[this.policy.getEncKeyLength()];
        System.arraycopy(bArr, 0, this.masterKey, 0, this.policy.getEncKeyLength());
        this.masterSalt = new byte[this.policy.getSaltKeyLength()];
        System.arraycopy(bArr2, 0, this.masterSalt, 0, this.policy.getSaltKeyLength());
        this.mac = new HMac(new SHA1Digest());
        switch (this.policy.getEncType()) {
            case 0:
                this.encKey = null;
                this.saltKey = null;
                break;
            case 2:
                this.cipherF8 = new AESFastEngine();
            case 1:
                this.cipher = new AESFastEngine();
                this.encKey = new byte[this.policy.getEncKeyLength()];
                this.saltKey = new byte[this.policy.getSaltKeyLength()];
                break;
            case 4:
                this.cipherF8 = new TwofishEngine();
            case 3:
                this.cipher = new TwofishEngine();
                this.encKey = new byte[this.policy.getEncKeyLength()];
                this.saltKey = new byte[this.policy.getSaltKeyLength()];
                break;
        }
        switch (this.policy.getAuthType()) {
            case 0:
                this.authKey = null;
                this.tagStore = null;
                return;
            case 1:
                this.mac = new HMac(new SHA1Digest());
                this.authKey = new byte[this.policy.getAuthKeyLength()];
                this.tagStore = new byte[this.mac.getMacSize()];
                return;
            case 2:
                this.mac = new SkeinMac();
                this.authKey = new byte[this.policy.getAuthKeyLength()];
                this.tagStore = new byte[this.policy.getAuthTagLength()];
                return;
            default:
                this.tagStore = null;
                return;
        }
    }

    public void close() {
        Arrays.fill(this.masterKey, (byte) 0);
        Arrays.fill(this.masterSalt, (byte) 0);
    }

    public int getAuthTagLength() {
        return this.policy.getAuthTagLength();
    }

    public int getMKILength() {
        if (this.mki != null) {
            return this.mki.length;
        }
        return 0;
    }

    public long getSSRC() {
        return this.ssrcCtx;
    }

    public int getROC() {
        return this.roc;
    }

    public void setROC(int i) {
        this.roc = i;
    }

    public void transformPacket(RawPacket rawPacket) {
        if (this.policy.getEncType() == 1 || this.policy.getEncType() == 3) {
            processPacketAESCM(rawPacket);
        } else if (this.policy.getEncType() == 2 || this.policy.getEncType() == 4) {
            processPacketAESF8(rawPacket);
        }
        if (this.policy.getAuthType() != 0) {
            authenticatePacketHMCSHA1(rawPacket, this.roc);
            rawPacket.append(this.tagStore, this.policy.getAuthTagLength());
        }
        if (rawPacket.getSequenceNumber() == 65535) {
            this.roc++;
        }
    }

    public boolean reverseTransformPacket(RawPacket rawPacket) {
        int sequenceNumber = rawPacket.getSequenceNumber();
        if (!this.seqNumSet) {
            this.seqNumSet = true;
            this.seqNum = sequenceNumber;
        }
        long guessIndex = guessIndex(sequenceNumber);
        if (!checkReplay(sequenceNumber, guessIndex)) {
            return false;
        }
        if (this.policy.getAuthType() != 0) {
            int authTagLength = this.policy.getAuthTagLength();
            rawPacket.readRegionToBuff(rawPacket.getLength() - authTagLength, authTagLength, this.tempStore);
            rawPacket.shrink(authTagLength);
            authenticatePacketHMCSHA1(rawPacket, this.guessedROC);
            for (int i = 0; i < authTagLength; i++) {
                if ((this.tempStore[i] & 255) != (this.tagStore[i] & 255)) {
                    return false;
                }
            }
        }
        if (this.policy.getEncType() == 1 || this.policy.getEncType() == 3) {
            processPacketAESCM(rawPacket);
        } else if (this.policy.getEncType() == 2 || this.policy.getEncType() == 4) {
            processPacketAESF8(rawPacket);
        }
        update(sequenceNumber, guessIndex);
        return true;
    }

    public void processPacketAESCM(RawPacket rawPacket) {
        long ssrc = rawPacket.getSSRC();
        long sequenceNumber = (this.roc << 16) | rawPacket.getSequenceNumber();
        this.ivStore[0] = this.saltKey[0];
        this.ivStore[1] = this.saltKey[1];
        this.ivStore[2] = this.saltKey[2];
        this.ivStore[3] = this.saltKey[3];
        for (int i = 4; i < 8; i++) {
            this.ivStore[i] = (byte) ((255 & (ssrc >> ((7 - i) * 8))) ^ this.saltKey[i]);
        }
        for (int i2 = 8; i2 < 14; i2++) {
            this.ivStore[i2] = (byte) ((255 & ((byte) (sequenceNumber >> ((13 - i2) * 8)))) ^ this.saltKey[i2]);
        }
        byte[] bArr = this.ivStore;
        this.ivStore[15] = 0;
        bArr[14] = 0;
        this.cipherCtr.process(this.cipher, rawPacket.getBuffer(), rawPacket.getOffset() + rawPacket.getHeaderLength(), rawPacket.getPayloadLength(), this.ivStore);
    }

    public void processPacketAESF8(RawPacket rawPacket) {
        System.arraycopy(rawPacket.getBuffer(), rawPacket.getOffset(), this.ivStore, 0, 12);
        this.ivStore[0] = 0;
        this.ivStore[12] = (byte) (this.roc >> 24);
        this.ivStore[13] = (byte) (this.roc >> 16);
        this.ivStore[14] = (byte) (this.roc >> 8);
        this.ivStore[15] = (byte) this.roc;
        int headerLength = rawPacket.getHeaderLength();
        SRTPCipherF8.process(this.cipher, rawPacket.getBuffer(), rawPacket.getOffset() + headerLength, rawPacket.getPayloadLength(), this.ivStore, this.cipherF8);
    }

    private void authenticatePacketHMCSHA1(RawPacket rawPacket, int i) {
        this.mac.update(rawPacket.getBuffer(), rawPacket.getOffset(), rawPacket.getLength());
        this.rbStore[0] = (byte) (i >> 24);
        this.rbStore[1] = (byte) (i >> 16);
        this.rbStore[2] = (byte) (i >> 8);
        this.rbStore[3] = (byte) i;
        this.mac.update(this.rbStore, 0, this.rbStore.length);
        this.mac.doFinal(this.tagStore, 0);
    }

    boolean checkReplay(int i, long j) {
        long j2 = j - ((this.roc << 16) | this.seqNum);
        if (j2 > 0) {
            return true;
        }
        return (-j2) <= REPLAY_WINDOW_SIZE && ((this.replayWindow >> ((int) (-j2))) & 1) == 0;
    }

    private void computeIv(long j, long j2) {
        long j3 = this.keyDerivationRate == 0 ? j << 48 : (j << 48) | (j2 / this.keyDerivationRate);
        for (int i = 0; i < 7; i++) {
            this.ivStore[i] = this.masterSalt[i];
        }
        for (int i2 = 7; i2 < 14; i2++) {
            this.ivStore[i2] = (byte) (((byte) (255 & (j3 >> (8 * (13 - i2))))) ^ this.masterSalt[i2]);
        }
        byte[] bArr = this.ivStore;
        this.ivStore[15] = 0;
        bArr[14] = 0;
    }

    public void deriveSrtpKeys(long j) {
        computeIv(0L, j);
        this.cipher.init(true, new KeyParameter(this.masterKey));
        Arrays.fill(this.masterKey, (byte) 0);
        this.cipherCtr.getCipherStream(this.cipher, this.encKey, this.policy.getEncKeyLength(), this.ivStore);
        if (this.authKey != null) {
            computeIv(1L, j);
            this.cipherCtr.getCipherStream(this.cipher, this.authKey, this.policy.getAuthKeyLength(), this.ivStore);
            switch (this.policy.getAuthType()) {
                case 1:
                    this.mac.init(new KeyParameter(this.authKey));
                    break;
                case 2:
                    this.mac.init(new ParametersForSkein(new KeyParameter(this.authKey), 512, this.tagStore.length * 8));
                    break;
            }
        }
        Arrays.fill(this.authKey, (byte) 0);
        computeIv(2L, j);
        this.cipherCtr.getCipherStream(this.cipher, this.saltKey, this.policy.getSaltKeyLength(), this.ivStore);
        Arrays.fill(this.masterSalt, (byte) 0);
        if (this.cipherF8 != null) {
            SRTPCipherF8.deriveForIV(this.cipherF8, this.encKey, this.saltKey);
        }
        this.cipher.init(true, new KeyParameter(this.encKey));
        Arrays.fill(this.encKey, (byte) 0);
    }

    private long guessIndex(int i) {
        if (this.seqNum < 32768) {
            if (i - this.seqNum > 32768) {
                this.guessedROC = this.roc - 1;
            } else {
                this.guessedROC = this.roc;
            }
        } else if (this.seqNum - 32768 > i) {
            this.guessedROC = this.roc + 1;
        } else {
            this.guessedROC = this.roc;
        }
        return (this.guessedROC << 16) | i;
    }

    private void update(int i, long j) {
        long j2 = j - ((this.roc << 16) | this.seqNum);
        if (j2 > 0) {
            this.replayWindow <<= (int) j2;
            this.replayWindow |= 1;
        } else {
            this.replayWindow |= 1 << ((int) j2);
        }
        if (i > this.seqNum) {
            this.seqNum = i & 65535;
        }
        if (this.guessedROC > this.roc) {
            this.roc = this.guessedROC;
            this.seqNum = i & 65535;
        }
    }

    public SRTPCryptoContext deriveContext(long j, int i, long j2) {
        return new SRTPCryptoContext(j, i, j2, this.masterKey, this.masterSalt, this.policy);
    }
}
