package com.android.internal.net.ipsec.ike.crypto;

import android.net.IpSecAlgorithm;
import android.util.SparseArray;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;

/* loaded from: input_file:com/android/internal/net/ipsec/ike/crypto/IkeCipher.class */
public abstract class IkeCipher extends IkeCrypto {
    private static final int KEY_LEN_3DES = 24;
    private static final int KEY_LEN_CHACHA20_POLY1305 = 32;
    private static final int IV_LEN_3DES = 8;
    private static final int IV_LEN_AES_CBC = 16;
    private static final int IV_LEN_AES_CTR = 8;
    private static final int IV_LEN_AES_GCM = 8;
    private static final int IV_LEN_CHACHA20_POLY1305 = 8;
    private static final int SALT_LEN_AES_GCM = 4;
    private static final int SALT_LEN_AES_CTR = 4;
    private static final int SALT_LEN_AES_CHACHA20_POLY1305 = 4;
    private static final int BLOCK_SIZE_CHACHA_POLY = 4;
    protected static final int SALT_LEN_NOT_INCLUDED = 0;
    protected static final int BLOCK_SIZE_NOT_SPECIFIED = 0;
    private static final SparseArray<String> IKE_ALGO_TO_IPSEC_ALGO = new SparseArray<>();
    private final boolean mIsAead;
    private final int mIvLen;
    private final int mBlockSize;
    protected final int mSaltLen;
    protected final Cipher mCipher;

    /* JADX INFO: Access modifiers changed from: protected */
    public IkeCipher(int i, int i2, int i3, String str, boolean z, int i4, int i5) {
        super(i, i2, str);
        this.mIvLen = i3;
        this.mIsAead = z;
        this.mSaltLen = i4;
        try {
            this.mCipher = Cipher.getInstance(getAlgorithmName());
            this.mBlockSize = i5 == 0 ? this.mCipher.getBlockSize() : i5;
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalArgumentException("Failed to construct " + getTypeString(), e);
        }
    }

    public static IkeCipher create(IkeSaPayload.EncryptionTransform encryptionTransform) {
        int i = encryptionTransform.id;
        switch (i) {
            case 3:
                return new IkeNormalModeCipher(i, 24, 8, "DESede/CBC/NoPadding");
            case 12:
                return new IkeNormalModeCipher(i, encryptionTransform.getSpecifiedKeyLength() / 8, 16, "AES/CBC/NoPadding");
            case 13:
                return new IkeNormalModeCipher(i, encryptionTransform.getSpecifiedKeyLength() / 8, 8, "AES/CTR/NoPadding", 4);
            case 18:
            case 19:
            case 20:
                return new IkeCombinedModeCipher(i, encryptionTransform.getSpecifiedKeyLength() / 8, 8, "AES/GCM/NoPadding", 4);
            case 28:
                return new IkeCombinedModeCipher(i, 32, 8, "ChaCha20/Poly1305/NoPadding", 4, 4);
            default:
                throw new IllegalArgumentException("Unrecognized Encryption Algorithm ID: " + i);
        }
    }

    public boolean isAead() {
        return this.mIsAead;
    }

    public int getBlockSize() {
        return this.mBlockSize;
    }

    public int getIvLen() {
        return this.mIvLen;
    }

    public byte[] generateIv() {
        byte[] bArr = new byte[getIvLen()];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    protected void validateKeyLenOrThrow(byte[] bArr) {
        if (bArr.length != getKeyLength()) {
            throw new IllegalArgumentException("Expected key with length of : " + getKeyLength() + " Received key with length of : " + bArr.length);
        }
    }

    @Override // com.android.internal.net.ipsec.ike.crypto.IkeCrypto
    public int getKeyLength() {
        return super.getKeyLength() + this.mSaltLen;
    }

    public static String getIpSecAlgorithmName(int i) {
        return IKE_ALGO_TO_IPSEC_ALGO.get(i);
    }

    protected abstract IpSecAlgorithm buildIpSecAlgorithmWithKeyImpl(byte[] bArr);

    public IpSecAlgorithm buildIpSecAlgorithmWithKey(byte[] bArr) {
        validateKeyLenOrThrow(bArr);
        if (getIpSecAlgorithmName(getAlgorithmId()) == null) {
            throw new IllegalStateException("Unsupported algorithm " + getAlgorithmId() + " in IPsec");
        }
        return buildIpSecAlgorithmWithKeyImpl(bArr);
    }

    @Override // com.android.internal.net.ipsec.ike.crypto.IkeCrypto
    public String getTypeString() {
        return "Encryption Algorithm";
    }

    static {
        IKE_ALGO_TO_IPSEC_ALGO.put(12, IpSecAlgorithm.CRYPT_AES_CBC);
        IKE_ALGO_TO_IPSEC_ALGO.put(13, IpSecAlgorithm.CRYPT_AES_CTR);
        IKE_ALGO_TO_IPSEC_ALGO.put(18, IpSecAlgorithm.AUTH_CRYPT_AES_GCM);
        IKE_ALGO_TO_IPSEC_ALGO.put(19, IpSecAlgorithm.AUTH_CRYPT_AES_GCM);
        IKE_ALGO_TO_IPSEC_ALGO.put(20, IpSecAlgorithm.AUTH_CRYPT_AES_GCM);
        IKE_ALGO_TO_IPSEC_ALGO.put(28, IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305);
    }
}
