package org.whispersystems.curve25519.java;

import java.nio.ByteBuffer;
import java.security.MessageDigest;

/* loaded from: input_file:org/whispersystems/curve25519/java/veddsa.class */
public class veddsa {
    static final int BLOCKLEN = 128;
    static final int HASHLEN = 64;
    static final int RANDLEN = 32;
    static final int MSTART = 2048;
    static final int MSGMAXLEN = 1048576;
    static final int BUFLEN = 1024;
    static final int VRFOUTPUTLEN = 32;
    static final int LABELSETMAXLEN = 512;
    static final int LABELMAXLEN = 127;
    public static final byte[] B_bytes;
    static final /* synthetic */ boolean $assertionsDisabled;

    private static byte[] labelset_new(String str, byte[] bArr, byte b) {
        if (LABELSETMAXLEN < 3 + str.length() + bArr.length + 2 || str.length() > LABELMAXLEN || bArr.length > LABELMAXLEN) {
            return null;
        }
        byte[] bytes = str.getBytes();
        ByteBuffer allocate = ByteBuffer.allocate(3 + bytes.length + bArr.length + 2);
        allocate.put((byte) 3);
        allocate.put((byte) bytes.length);
        allocate.put(bytes);
        allocate.put((byte) bArr.length);
        allocate.put(bArr);
        if (!$assertionsDisabled && allocate.position() != 3 + str.length() + bArr.length) {
            throw new AssertionError();
        }
        allocate.put((byte) 1);
        allocate.put(b);
        if ($assertionsDisabled || allocate.position() < LABELSETMAXLEN) {
            return allocate.array();
        }
        throw new AssertionError();
    }

    private static boolean generalized_commit(Sha512 sha512, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i, byte[] bArr5, byte[] bArr6, byte[] bArr7, byte[] bArr8) {
        ge_p3 ge_p3Var = new ge_p3();
        byte[] bArr9 = new byte[64];
        if (bArr == null || bArr.length != 32 || bArr2 == null || bArr2.length != 32 || bArr5 == null || bArr5.length != 32 || bArr6 == null || bArr6.length != 32 || bArr7 == null || bArr7.length != 32 || bArr4 == null || bArr4.length == 0) {
            return false;
        }
        int length = 0 + 32 + bArr3.length + 32;
        int i2 = (BLOCKLEN - (length % BLOCKLEN)) % BLOCKLEN;
        int i3 = (BLOCKLEN - (((length + i2) + 32) % BLOCKLEN)) % BLOCKLEN;
        MessageDigest initDigest = sha512.initDigest();
        sha512.updateDigest(initDigest, B_bytes, 32L);
        sha512.updateDigest(initDigest, bArr3, bArr3.length);
        sha512.updateDigest(initDigest, bArr7, 32L);
        sha512.updateDigest(initDigest, new byte[i2], i2);
        sha512.updateDigest(initDigest, bArr6, 32L);
        sha512.updateDigest(initDigest, new byte[i3], i3);
        sha512.updateDigest(initDigest, bArr3, bArr3.length);
        sha512.updateDigest(initDigest, bArr5, 32L);
        sha512.updateDigest(initDigest, bArr4, i);
        sha512.updateDigest(initDigest, bArr8, bArr8.length);
        sha512.finishDigest(bArr9, initDigest);
        sc_reduce.sc_reduce(bArr9);
        ge_scalarmult_base.ge_scalarmult_base(ge_p3Var, bArr9);
        ge_p3_tobytes.ge_p3_tobytes(bArr, ge_p3Var);
        System.arraycopy(bArr9, 0, bArr2, 0, 32);
        return true;
    }

    private static boolean generalized_challenge(Sha512 sha512, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6) {
        byte[] bArr7 = new byte[64];
        if (bArr == null || bArr.length != 32 || bArr4 == null || bArr4.length != 32 || bArr5 == null || bArr5.length != 32 || bArr3 == null) {
            return false;
        }
        MessageDigest initDigest = sha512.initDigest();
        sha512.updateDigest(initDigest, B_bytes, 32L);
        sha512.updateDigest(initDigest, bArr2, bArr2.length);
        sha512.updateDigest(initDigest, bArr4, 32L);
        sha512.updateDigest(initDigest, bArr2, bArr2.length);
        sha512.updateDigest(initDigest, bArr5, 32L);
        sha512.updateDigest(initDigest, bArr3, bArr3.length);
        sha512.updateDigest(initDigest, bArr6, bArr6.length);
        sha512.finishDigest(bArr7, initDigest);
        sc_reduce.sc_reduce(bArr7);
        System.arraycopy(bArr7, 0, bArr, 0, 32);
        return true;
    }

    private static boolean generalized_prove(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        if (bArr == null || bArr.length != 32 || bArr2 == null || bArr2.length != 32 || bArr3 == null || bArr3.length != 32 || bArr4 == null || bArr4.length != 32) {
            return false;
        }
        sc_muladd.sc_muladd(bArr, bArr4, bArr3, bArr2);
        return true;
    }

    private static boolean generalized_solve_commitment(byte[] bArr, ge_p3 ge_p3Var, ge_p3 ge_p3Var2, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        if (bArr == null || bArr.length != 32 || bArr2 == null || bArr2.length != 32 || bArr3 == null || bArr3.length != 32 || bArr4 == null || bArr4.length != 32) {
            return false;
        }
        ge_p3 ge_p3Var3 = new ge_p3();
        ge_p2 ge_p2Var = new ge_p2();
        if (ge_frombytes.ge_frombytes_negate_vartime(ge_p3Var3, bArr3) != 0) {
            return false;
        }
        ge_double_scalarmult.ge_double_scalarmult_vartime(ge_p2Var, bArr4, ge_p3Var3, bArr2, ge_p3Var2);
        ge_tobytes.ge_tobytes(bArr, ge_p2Var);
        if (ge_p3Var == null) {
            return true;
        }
        ge_neg.ge_neg(ge_p3Var, ge_p3Var3);
        return true;
    }

    private static boolean generalized_calculate_Bv(Sha512 sha512, ge_p3 ge_p3Var, byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2) {
        int length;
        if (ge_p3Var == null || bArr2 == null || bArr3 == null || (length = 64 + bArr.length) > i) {
            return false;
        }
        int i3 = i - length;
        System.arraycopy(B_bytes, 0, bArr3, i3, 32);
        System.arraycopy(bArr, 0, bArr3, i3 + 32, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, i3 + 32 + bArr.length, 32);
        byte[] copyOfRange = java.util.Arrays.copyOfRange(bArr3, i3, i + i2);
        System.arraycopy(bArr3, i, copyOfRange, copyOfRange.length - i2, i2);
        elligator.hash_to_point(sha512, ge_p3Var, copyOfRange);
        return true;
    }

    private static boolean generalized_calculate_vrf_output(Sha512 sha512, byte[] bArr, byte[] bArr2, ge_p3 ge_p3Var) {
        byte[] bArr3 = new byte[32];
        byte[] bArr4 = new byte[64];
        if (bArr == null || bArr.length != 32 || bArr2.length + 64 > BUFLEN || ge_p3Var == null) {
            return false;
        }
        ge_p3_tobytes.ge_p3_tobytes(bArr3, ge_p3Var);
        MessageDigest initDigest = sha512.initDigest();
        sha512.updateDigest(initDigest, B_bytes, 32L);
        sha512.updateDigest(initDigest, bArr2, bArr2.length);
        sha512.updateDigest(initDigest, bArr3, bArr3.length);
        sha512.finishDigest(bArr4, initDigest);
        System.arraycopy(bArr4, 0, bArr, 0, 32);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean generalized_veddsa_25519_sign(Sha512 sha512, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6) {
        if (bArr == null || bArr.length != 96 || bArr2 == null || bArr3 == null || bArr6 == null || bArr6.length > LABELMAXLEN || bArr4 == null || bArr4.length > MSGMAXLEN) {
            return false;
        }
        ge_p3 ge_p3Var = new ge_p3();
        ge_p3 ge_p3Var2 = new ge_p3();
        ge_p3 ge_p3Var3 = new ge_p3();
        byte[] bArr7 = new byte[32];
        byte[] bArr8 = new byte[32];
        byte[] bArr9 = new byte[32];
        byte[] bArr10 = new byte[32];
        byte[] bArr11 = new byte[32];
        byte[] bArr12 = new byte[32];
        byte[] bArr13 = new byte[32];
        byte[] bArr14 = new byte[96];
        byte[] bArr15 = new byte[bArr4.length + MSTART];
        System.arraycopy(bArr4, 0, bArr15, MSTART, bArr4.length);
        byte[] labelset_new = labelset_new("VEdDSA_25519_SHA512_Elligator2", bArr6, (byte) 49);
        if (labelset_new == null) {
            return false;
        }
        generalized_calculate_Bv(sha512, ge_p3Var, labelset_new, bArr2, bArr15, MSTART, bArr4.length);
        ge_scalarmult.ge_scalarmult(ge_p3Var2, bArr3, ge_p3Var);
        ge_p3_tobytes.ge_p3_tobytes(bArr7, ge_p3Var);
        ge_p3_tobytes.ge_p3_tobytes(bArr8, ge_p3Var2);
        labelset_new[labelset_new.length - 1] = 50;
        System.arraycopy(bArr7, 0, bArr14, 0, 32);
        System.arraycopy(bArr8, 0, bArr14, 32, 32);
        if (!generalized_commit(sha512, bArr10, bArr11, labelset_new, bArr14, 64, bArr2, bArr3, bArr5, bArr4)) {
            return false;
        }
        ge_scalarmult.ge_scalarmult(ge_p3Var3, bArr11, ge_p3Var);
        ge_p3_tobytes.ge_p3_tobytes(bArr9, ge_p3Var3);
        labelset_new[labelset_new.length - 1] = 51;
        System.arraycopy(bArr9, 0, bArr14, 64, 32);
        if (!generalized_challenge(sha512, bArr12, labelset_new, bArr14, bArr10, bArr2, bArr4) || !generalized_prove(bArr13, bArr11, bArr3, bArr12)) {
            return false;
        }
        System.arraycopy(bArr8, 0, bArr, 0, 32);
        System.arraycopy(bArr12, 0, bArr, 32, 32);
        System.arraycopy(bArr13, 0, bArr, 64, 32);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean generalized_veddsa_25519_verify(Sha512 sha512, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        byte[] labelset_new;
        if (bArr2 == null || bArr2.length != 96 || bArr3 == null || bArr3.length != 32 || bArr4 == null || bArr4.length > MSGMAXLEN || bArr5 == null || bArr5.length > LABELMAXLEN || bArr == null || bArr.length != 32) {
            return false;
        }
        ge_p3 ge_p3Var = new ge_p3();
        ge_p3 ge_p3Var2 = new ge_p3();
        ge_p3 ge_p3Var3 = new ge_p3();
        ge_p3 ge_p3Var4 = new ge_p3();
        ge_p3 ge_p3Var5 = new ge_p3();
        byte[] bArr6 = new byte[32];
        byte[] bArr7 = new byte[32];
        byte[] bArr8 = new byte[32];
        byte[] bArr9 = new byte[32];
        byte[] bArr10 = new byte[96];
        byte[] bArr11 = new byte[bArr4.length + MSTART];
        System.arraycopy(bArr4, 0, bArr11, MSTART, bArr4.length);
        byte[] bArr12 = new byte[32];
        System.arraycopy(bArr2, 0, bArr12, 0, 32);
        byte[] bArr13 = new byte[32];
        System.arraycopy(bArr2, 32, bArr13, 0, 32);
        byte[] bArr14 = new byte[32];
        System.arraycopy(bArr2, 64, bArr14, 0, 32);
        if (!point_isreduced.point_isreduced(bArr3) || !point_isreduced.point_isreduced(bArr12) || !sc_isreduced.sc_isreduced(bArr13) || !sc_isreduced.sc_isreduced(bArr14) || (labelset_new = labelset_new("VEdDSA_25519_SHA512_Elligator2", bArr5, (byte) 49)) == null || !generalized_calculate_Bv(sha512, ge_p3Var, labelset_new, bArr3, bArr11, MSTART, bArr4.length)) {
            return false;
        }
        ge_p3_tobytes.ge_p3_tobytes(bArr6, ge_p3Var);
        if (!generalized_solve_commitment(bArr7, ge_p3Var2, null, bArr14, bArr3, bArr13) || !generalized_solve_commitment(bArr8, ge_p3Var3, ge_p3Var, bArr14, bArr12, bArr13)) {
            return false;
        }
        ge_scalarmult_cofactor.ge_scalarmult_cofactor(ge_p3Var4, ge_p3Var2);
        ge_scalarmult_cofactor.ge_scalarmult_cofactor(ge_p3Var5, ge_p3Var3);
        if (ge_isneutral.ge_isneutral(ge_p3Var4) || ge_isneutral.ge_isneutral(ge_p3Var5) || ge_isneutral.ge_isneutral(ge_p3Var)) {
            return false;
        }
        labelset_new[labelset_new.length - 1] = 51;
        System.arraycopy(bArr6, 0, bArr10, 0, 32);
        System.arraycopy(bArr12, 0, bArr10, 32, 32);
        System.arraycopy(bArr8, 0, bArr10, 64, 32);
        if (!generalized_challenge(sha512, bArr9, labelset_new, bArr10, bArr7, bArr3, bArr4) || !java.util.Arrays.equals(bArr13, bArr9)) {
            return false;
        }
        labelset_new[labelset_new.length - 1] = 52;
        return generalized_calculate_vrf_output(sha512, bArr, labelset_new, ge_p3Var5);
    }

    static {
        $assertionsDisabled = !veddsa.class.desiredAssertionStatus();
        B_bytes = new byte[]{88, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102, 102};
    }
}
