package org.alephium.crypto;

import akka.util.ByteString;
import akka.util.ByteString$;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import org.alephium.serde.RandomBytes;
import org.alephium.util.AVector;
import org.alephium.util.U256$;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.custom.sec.SecP256K1Curve;
import scala.Array$;
import scala.Predef$;
import scala.Tuple2;
import scala.collection.immutable.Seq;
import scala.reflect.ClassTag$;
import scala.runtime.BoxesRunTime;
import scala.util.control.NonFatal$;

/* compiled from: BIP340Schnorr.scala */
/* loaded from: input_file:org/alephium/crypto/BIP340Schnorr$.class */
public final class BIP340Schnorr$ implements SecP256K1CurveCommon, SignatureSchema<BIP340SchnorrPrivateKey, BIP340SchnorrPublicKey, BIP340SchnorrSignature> {
    public static final BIP340Schnorr$ MODULE$ = new BIP340Schnorr$();
    private static Sha256 auxTag;
    private static Sha256 nonceTag;
    private static Sha256 challengeTag;
    private static BigInteger ySqOrder;
    private static final BigInteger three;
    private static BigInteger four;
    private static final BigInteger seven;
    private static X9ECParameters params;
    private static ECDomainParameters domain;
    private static BigInteger halfCurveOrder;
    private static SecP256K1Curve curve;
    private static volatile byte bitmap$0;

    static {
        SecP256K1CurveCommon.$init$(MODULE$);
        SignatureSchema.$init$(MODULE$);
        three = BigInteger.valueOf(3L);
        four = BigInteger.valueOf(4L);
        seven = BigInteger.valueOf(7L);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.alephium.crypto.Signature, org.alephium.crypto.BIP340SchnorrSignature] */
    @Override // org.alephium.crypto.SignatureSchema
    public BIP340SchnorrSignature sign(ByteString byteString, BIP340SchnorrPrivateKey bIP340SchnorrPrivateKey) {
        ?? sign;
        sign = sign(byteString, (ByteString) bIP340SchnorrPrivateKey);
        return sign;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.alephium.crypto.Signature, org.alephium.crypto.BIP340SchnorrSignature] */
    @Override // org.alephium.crypto.SignatureSchema
    public BIP340SchnorrSignature sign(RandomBytes randomBytes, BIP340SchnorrPrivateKey bIP340SchnorrPrivateKey) {
        ?? sign;
        sign = sign(randomBytes, bIP340SchnorrPrivateKey);
        return sign;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.alephium.crypto.Signature, org.alephium.crypto.BIP340SchnorrSignature] */
    @Override // org.alephium.crypto.SignatureSchema
    public BIP340SchnorrSignature sign(AVector aVector, BIP340SchnorrPrivateKey bIP340SchnorrPrivateKey) {
        ?? sign;
        sign = sign((AVector<Object>) aVector, (AVector<Object>) ((AVector) bIP340SchnorrPrivateKey));
        return sign;
    }

    @Override // org.alephium.crypto.SignatureSchema
    public boolean verify(ByteString byteString, BIP340SchnorrSignature bIP340SchnorrSignature, BIP340SchnorrPublicKey bIP340SchnorrPublicKey) {
        boolean verify;
        verify = verify(byteString, (ByteString) bIP340SchnorrSignature, (ByteString) ((Signature) bIP340SchnorrPublicKey));
        return verify;
    }

    @Override // org.alephium.crypto.SignatureSchema
    public boolean verify(AVector aVector, BIP340SchnorrSignature bIP340SchnorrSignature, BIP340SchnorrPublicKey bIP340SchnorrPublicKey) {
        boolean verify;
        verify = verify((AVector<Object>) aVector, (AVector<Object>) ((AVector) bIP340SchnorrSignature), (AVector) ((Signature) bIP340SchnorrPublicKey));
        return verify;
    }

    @Override // org.alephium.crypto.SecP256K1CurveCommon
    public X9ECParameters params() {
        return params;
    }

    @Override // org.alephium.crypto.SecP256K1CurveCommon
    public ECDomainParameters domain() {
        return domain;
    }

    @Override // org.alephium.crypto.SecP256K1CurveCommon
    public BigInteger halfCurveOrder() {
        return halfCurveOrder;
    }

    @Override // org.alephium.crypto.SecP256K1CurveCommon
    public SecP256K1Curve curve() {
        return curve;
    }

    @Override // org.alephium.crypto.SecP256K1CurveCommon
    public void org$alephium$crypto$SecP256K1CurveCommon$_setter_$params_$eq(X9ECParameters x9ECParameters) {
        params = x9ECParameters;
    }

    @Override // org.alephium.crypto.SecP256K1CurveCommon
    public void org$alephium$crypto$SecP256K1CurveCommon$_setter_$domain_$eq(ECDomainParameters eCDomainParameters) {
        domain = eCDomainParameters;
    }

    @Override // org.alephium.crypto.SecP256K1CurveCommon
    public void org$alephium$crypto$SecP256K1CurveCommon$_setter_$halfCurveOrder_$eq(BigInteger bigInteger) {
        halfCurveOrder = bigInteger;
    }

    @Override // org.alephium.crypto.SecP256K1CurveCommon
    public void org$alephium$crypto$SecP256K1CurveCommon$_setter_$curve_$eq(SecP256K1Curve secP256K1Curve) {
        curve = secP256K1Curve;
    }

    public BIP340SchnorrPrivateKey privateKeyUnsafe(ByteString byteString) {
        Predef$.MODULE$.assume(byteString.length() == 32);
        return new BIP340SchnorrPrivateKey(U256$.MODULE$.toBytes$extension(U256$.MODULE$.unsafe(new BigInteger(1, byteString.toArrayUnsafe()).mod(params().getN()))));
    }

    @Override // org.alephium.crypto.SignatureSchema
    public Tuple2<BIP340SchnorrPrivateKey, BIP340SchnorrPublicKey> generatePriPub() {
        BIP340SchnorrPrivateKey bIP340SchnorrPrivateKey = (BIP340SchnorrPrivateKey) BIP340SchnorrPrivateKey$.MODULE$.generate();
        return new Tuple2<>(bIP340SchnorrPrivateKey, bIP340SchnorrPrivateKey.publicKey());
    }

    @Override // org.alephium.crypto.SignatureSchema
    public Tuple2<BIP340SchnorrPrivateKey, BIP340SchnorrPublicKey> secureGeneratePriPub() {
        BIP340SchnorrPrivateKey bIP340SchnorrPrivateKey = (BIP340SchnorrPrivateKey) BIP340SchnorrPrivateKey$.MODULE$.secureGenerate();
        return new Tuple2<>(bIP340SchnorrPrivateKey, bIP340SchnorrPrivateKey.publicKey());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.alephium.crypto.SignatureSchema
    public BIP340SchnorrSignature sign(byte[] bArr, byte[] bArr2) {
        return sign(bArr, bArr2, ((Byte32) Byte32$.MODULE$.generate()).bytes().toArrayUnsafe());
    }

    public BIP340SchnorrSignature sign(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        Predef$.MODULE$.require(bArr.length == 32);
        BigInteger bigInteger = new BigInteger(1, bArr2);
        Predef$.MODULE$.require(bigInteger.compareTo(BigInteger.ZERO) > 0 && bigInteger.compareTo(params().getN()) < 0);
        Predef$.MODULE$.require(bArr3.length == 32);
        ECPoint normalize = params().getG().multiply(bigInteger).normalize();
        ByteString fromArrayUnsafe = ByteString$.MODULE$.fromArrayUnsafe(normalize.getAffineXCoord().getEncoded());
        Predef$.MODULE$.require(!normalize.isInfinity());
        BigInteger subtract = normalize.getAffineYCoord().testBitZero() ? params().getN().subtract(bigInteger) : bigInteger;
        BigInteger mod = new BigInteger(1, taggedHash(nonceTag(), xorBytes(toByte32(subtract), taggedHash(auxTag(), bArr3).bytes()).$plus$plus(fromArrayUnsafe).$plus$plus(ByteString$.MODULE$.fromArrayUnsafe(bArr)).toArrayUnsafe()).bytes().toArrayUnsafe()).mod(params().getN());
        Predef$.MODULE$.require(!BoxesRunTime.equalsNumNum(mod, BigInteger.ZERO));
        ECPoint normalize2 = params().getG().multiply(mod).normalize();
        Predef$.MODULE$.require(!normalize2.isInfinity());
        ByteString fromArrayUnsafe2 = ByteString$.MODULE$.fromArrayUnsafe(normalize2.getAffineXCoord().getEncoded());
        return (BIP340SchnorrSignature) BIP340SchnorrSignature$.MODULE$.unsafe().apply(fromArrayUnsafe2.$plus$plus(toByte32((normalize2.getAffineYCoord().testBitZero() ? params().getN().subtract(mod) : mod).add(new BigInteger(1, taggedHash(challengeTag(), fromArrayUnsafe2.$plus$plus(fromArrayUnsafe).$plus$plus(ByteString$.MODULE$.fromArrayUnsafe(bArr)).toArrayUnsafe()).bytes().toArrayUnsafe()).mod(params().getN()).multiply(subtract)).mod(params().getN()))));
    }

    private ByteString xorBytes(ByteString byteString, ByteString byteString2) {
        Predef$.MODULE$.assume(byteString.length() == byteString2.length());
        return ByteString$.MODULE$.fromArrayUnsafe((byte[]) Array$.MODULE$.tabulate(byteString.length(), obj -> {
            return BoxesRunTime.boxToByte($anonfun$xorBytes$1(byteString, byteString2, BoxesRunTime.unboxToInt(obj)));
        }, ClassTag$.MODULE$.Byte()));
    }

    public ByteString toByte32(BigInteger bigInteger) {
        return U256$.MODULE$.toBytes$extension(U256$.MODULE$.unsafe(bigInteger));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v12, types: [byte] */
    private Sha256 auxTag$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (bitmap$0 & 1)) == 0) {
                auxTag = Sha256$.MODULE$.hash((Seq<Object>) ByteString$.MODULE$.fromString("BIP0340/aux", StandardCharsets.UTF_8));
                r0 = (byte) (bitmap$0 | 1);
                bitmap$0 = r0;
            }
            return auxTag;
        }
    }

    private Sha256 auxTag() {
        return ((byte) (bitmap$0 & 1)) == 0 ? auxTag$lzycompute() : auxTag;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v12, types: [byte] */
    private Sha256 nonceTag$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (bitmap$0 & 2)) == 0) {
                nonceTag = Sha256$.MODULE$.hash((Seq<Object>) ByteString$.MODULE$.fromString("BIP0340/nonce", StandardCharsets.UTF_8));
                r0 = (byte) (bitmap$0 | 2);
                bitmap$0 = r0;
            }
            return nonceTag;
        }
    }

    private Sha256 nonceTag() {
        return ((byte) (bitmap$0 & 2)) == 0 ? nonceTag$lzycompute() : nonceTag;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v12, types: [byte] */
    private Sha256 challengeTag$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (bitmap$0 & 4)) == 0) {
                challengeTag = Sha256$.MODULE$.hash((Seq<Object>) ByteString$.MODULE$.fromString("BIP0340/challenge", StandardCharsets.UTF_8));
                r0 = (byte) (bitmap$0 | 4);
                bitmap$0 = r0;
            }
            return challengeTag;
        }
    }

    private Sha256 challengeTag() {
        return ((byte) (bitmap$0 & 4)) == 0 ? challengeTag$lzycompute() : challengeTag;
    }

    private Sha256 taggedHash(Sha256 sha256, byte[] bArr) {
        return Sha256$.MODULE$.hash((Seq<Object>) sha256.bytes().$plus$plus(sha256.bytes()).$plus$plus(ByteString$.MODULE$.fromArrayUnsafe(bArr)));
    }

    @Override // org.alephium.crypto.SignatureSchema
    public boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            Predef$.MODULE$.require(bArr.length == 32);
            Predef$.MODULE$.require(bArr2.length == 64);
            Predef$.MODULE$.require(bArr3.length == 32);
            ECPoint liftX = liftX(bArr3);
            BigInteger bigInteger = new BigInteger(1, bArr2, 0, 32);
            BigInteger bigInteger2 = new BigInteger(1, bArr2, 32, 32);
            if (bigInteger.compareTo(curve().getQ()) >= 0 || bigInteger2.compareTo(params().getN()) >= 0) {
                return false;
            }
            ECPoint normalize = params().getG().multiply(bigInteger2).add(liftX.multiply(params().getN().subtract(new BigInteger(1, taggedHash(challengeTag(), ByteString$.MODULE$.fromArrayUnsafe(bArr2, 0, 32).$plus$plus(ByteString$.MODULE$.fromArrayUnsafe(bArr3)).$plus$plus(ByteString$.MODULE$.fromArrayUnsafe(bArr)).toArrayUnsafe()).bytes().toArrayUnsafe()).mod(params().getN())))).normalize();
            if (!normalize.isInfinity() && !normalize.getAffineYCoord().testBitZero()) {
                if (BoxesRunTime.equalsNumNum(normalize.getAffineXCoord().toBigInteger(), bigInteger)) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            if (th == null || NonFatal$.MODULE$.unapply(th).isEmpty()) {
                throw th;
            }
            return false;
        }
    }

    private BigInteger three() {
        return three;
    }

    private BigInteger four() {
        return four;
    }

    private BigInteger seven() {
        return seven;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v15, types: [byte] */
    private BigInteger ySqOrder$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (bitmap$0 & 8)) == 0) {
                ySqOrder = curve().getQ().add(BigInteger.ONE).divide(four());
                r0 = (byte) (bitmap$0 | 8);
                bitmap$0 = r0;
            }
            four = null;
            return ySqOrder;
        }
    }

    private BigInteger ySqOrder() {
        return ((byte) (bitmap$0 & 8)) == 0 ? ySqOrder$lzycompute() : ySqOrder;
    }

    private ECPoint liftX(byte[] bArr) {
        BigInteger bigInteger = new BigInteger(1, bArr);
        Predef$.MODULE$.require(bigInteger.compareTo(curve().getQ()) < 0);
        BigInteger mod = bigInteger.modPow(three(), curve().getQ()).add(seven()).mod(curve().getQ());
        BigInteger modPow = mod.modPow(ySqOrder(), curve().getQ());
        Predef$.MODULE$.require(BoxesRunTime.equalsNumNum(modPow.modPow(BigInteger.TWO, curve().getQ()), mod));
        return curve().createPoint(bigInteger, modPow.testBit(0) ? curve().getQ().subtract(modPow) : modPow);
    }

    public static final /* synthetic */ byte $anonfun$xorBytes$1(ByteString byteString, ByteString byteString2, int i) {
        return (byte) (byteString.apply(i) ^ byteString2.apply(i));
    }

    private BIP340Schnorr$() {
    }
}
