package com.tencent.kona.crypto.provider;

import com.tencent.kona.crypto.CryptoUtils;
import com.tencent.kona.crypto.spec.SM2KeyAgreementParamSpec;
import com.tencent.kona.crypto.spec.SM2ParameterSpec;
import com.tencent.kona.crypto.util.Constants;
import com.tencent.kona.sun.security.ec.ECOperations;
import com.tencent.kona.sun.security.ec.point.MutablePoint;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECPoint;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/tencent/kona/crypto/provider/SM2KeyAgreement.class */
public class SM2KeyAgreement extends KeyAgreementSpi {
    private SM2KeyAgreementParamSpec paramSpec;
    private ECPrivateKey ephemeralPrivateKey;
    private ECPublicKey peerEphemeralPublicKey;
    private final MessageDigest sm3MD = new SM3MessageDigest();
    private static final BigInteger TWO_POW_W = BigInteger.ONE.shiftLeft(w());
    private static final BigInteger TWO_POW_W_SUB_ONE = TWO_POW_W.subtract(BigInteger.ONE);
    private static final byte[] A = CryptoUtils.intToBytes32(SM2ParameterSpec.CURVE.getA());
    private static final byte[] B = CryptoUtils.intToBytes32(SM2ParameterSpec.CURVE.getB());
    private static final byte[] GEN_X = CryptoUtils.intToBytes32(SM2ParameterSpec.GENERATOR.getAffineX());
    private static final byte[] GEN_Y = CryptoUtils.intToBytes32(SM2ParameterSpec.GENERATOR.getAffineY());

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, SecureRandom secureRandom) {
        throw new UnsupportedOperationException("Use init(Key, AlgorithmParameterSpec, SecureRandom) instead");
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (!(key instanceof ECPrivateKey)) {
            throw new InvalidKeyException("Only accept ECPrivateKey");
        }
        if (!(algorithmParameterSpec instanceof SM2KeyAgreementParamSpec)) {
            throw new InvalidAlgorithmParameterException("Only accept SM2KeyAgreementParamSpec");
        }
        this.paramSpec = (SM2KeyAgreementParamSpec) algorithmParameterSpec;
        this.ephemeralPrivateKey = (ECPrivateKey) key;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        if (this.ephemeralPrivateKey == null || this.paramSpec == null) {
            throw new IllegalStateException("Not initialized");
        }
        if (this.peerEphemeralPublicKey != null) {
            throw new IllegalStateException("Phase already executed");
        }
        if (!z) {
            throw new IllegalStateException("Only two party agreement supported, lastPhase must be true");
        }
        if (!(key instanceof ECPublicKey)) {
            throw new InvalidKeyException("Only accept ECPublicKey");
        }
        this.peerEphemeralPublicKey = (ECPublicKey) key;
        return null;
    }

    private static int w() {
        return ((int) Math.ceil(SM2ParameterSpec.ORDER.subtract(BigInteger.ONE).bitLength() / 2.0d)) - 1;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        BigInteger s = this.ephemeralPrivateKey.getS();
        BigInteger mod = this.paramSpec.privateKey.getS().add(TWO_POW_W.add(ECOperations.SM2OPS.multiply(SM2ParameterSpec.GENERATOR, CryptoUtils.toByteArrayLE(s)).asAffine().getX().asBigInteger().and(TWO_POW_W_SUB_ONE)).multiply(s)).mod(SM2ParameterSpec.ORDER);
        ECPoint w = this.peerEphemeralPublicKey.getW();
        BigInteger add = TWO_POW_W.add(w.getAffineX().and(TWO_POW_W_SUB_ONE));
        ECPoint w2 = this.paramSpec.peerPublicKey.getW();
        MutablePoint multiply = ECOperations.SM2OPS.multiply(w, CryptoUtils.toByteArrayLE(add));
        ECOperations.SM2OPS.setSum(multiply, ECOperations.SM2OPS.toAffinePoint(w2));
        ECPoint eCPoint = ECOperations.toECPoint(ECOperations.SM2OPS.multiply(multiply.asAffine(), CryptoUtils.toByteArrayLE(SM2ParameterSpec.COFACTOR.multiply(mod))));
        if (eCPoint.equals(ECOperations.INFINITY)) {
            throw new IllegalStateException("Generate secret failed");
        }
        return kdf(CryptoUtils.intToBytes32(eCPoint.getAffineX()), CryptoUtils.intToBytes32(eCPoint.getAffineY()), z(this.paramSpec.id, this.paramSpec.publicKey.getW()), z(this.paramSpec.peerId, this.paramSpec.peerPublicKey.getW()));
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        if (i + this.paramSpec.sharedKeyLength > bArr.length) {
            throw new ShortBufferException("Need " + this.paramSpec.sharedKeyLength + " bytes, only " + (bArr.length - i) + " available");
        }
        byte[] engineGenerateSecret = engineGenerateSecret();
        System.arraycopy(engineGenerateSecret, 0, bArr, i, engineGenerateSecret.length);
        return engineGenerateSecret.length;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException {
        if (str == null) {
            throw new NoSuchAlgorithmException("Algorithm must not be null");
        }
        return new SecretKeySpec(engineGenerateSecret(), str);
    }

    private byte[] z(byte[] bArr, ECPoint eCPoint) {
        byte[] defaultId = bArr == null ? Constants.defaultId() : bArr;
        int length = defaultId.length << 3;
        this.sm3MD.update((byte) (length >>> 8));
        this.sm3MD.update((byte) length);
        this.sm3MD.update(defaultId);
        this.sm3MD.update(A);
        this.sm3MD.update(B);
        this.sm3MD.update(GEN_X);
        this.sm3MD.update(GEN_Y);
        this.sm3MD.update(CryptoUtils.intToBytes32(eCPoint.getAffineX()));
        this.sm3MD.update(CryptoUtils.intToBytes32(eCPoint.getAffineY()));
        return this.sm3MD.digest();
    }

    private byte[] kdf(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        byte[] combine = combine(bArr, bArr2, bArr3, bArr4);
        byte[] bArr5 = new byte[this.paramSpec.sharedKeyLength];
        int i = this.paramSpec.sharedKeyLength % 32;
        int i2 = (this.paramSpec.sharedKeyLength / 32) + (i == 0 ? 0 : 1);
        int i3 = 1;
        while (i3 <= i2) {
            int i4 = (i3 != i2 || i == 0) ? 32 : i;
            this.sm3MD.update(combine);
            this.sm3MD.update(CryptoUtils.intToBytes4(i3));
            System.arraycopy(this.sm3MD.digest(), 0, bArr5, (i3 - 1) * 32, i4);
            i3++;
        }
        return bArr5;
    }

    private byte[] combine(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        byte[] bArr5 = new byte[bArr.length + bArr2.length + bArr3.length + bArr4.length];
        System.arraycopy(bArr, 0, bArr5, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr5, bArr.length, bArr2.length);
        if (this.paramSpec.isInitiator) {
            System.arraycopy(bArr3, 0, bArr5, bArr.length + bArr2.length, bArr3.length);
            System.arraycopy(bArr4, 0, bArr5, bArr.length + bArr2.length + bArr3.length, bArr4.length);
        } else {
            System.arraycopy(bArr4, 0, bArr5, bArr.length + bArr2.length, bArr4.length);
            System.arraycopy(bArr3, 0, bArr5, bArr.length + bArr2.length + bArr4.length, bArr3.length);
        }
        return bArr5;
    }
}
