package org.miracl.core.BLS12381;

import org.miracl.core.HMAC;

/* loaded from: input_file:org/miracl/core/BLS12381/BLS.class */
public class BLS {
    public static final int BFS = 48;
    public static final int BGS = 48;
    public static final int BLS_OK = 0;
    public static final int BLS_FAIL = -1;
    public static FP4[] G2_TAB;

    static int ceil(int i, int i2) {
        return ((i - 1) / i2) + 1;
    }

    static FP[] hash_to_field(int i, int i2, byte[] bArr, byte[] bArr2, int i3) {
        BIG big = new BIG(ROM.Modulus);
        int nbits = big.nbits();
        int ceil = ceil(nbits + 128, 8);
        FP[] fpArr = new FP[i3];
        byte[] bArr3 = new byte[ceil];
        byte[] XMD_Expand = HMAC.XMD_Expand(i, i2, ceil * i3, bArr, bArr2);
        for (int i4 = 0; i4 < i3; i4++) {
            for (int i5 = 0; i5 < ceil; i5++) {
                bArr3[i5] = XMD_Expand[(i4 * ceil) + i5];
            }
            fpArr[i4] = new FP(DBIG.fromBytes(bArr3).ctmod(big, (8 * ceil) - nbits));
        }
        return fpArr;
    }

    public static ECP bls_hash_to_point(byte[] bArr) {
        FP[] hash_to_field = hash_to_field(2, 32, new String("BLS_SIG_BLS12381G1_XMD:SHA-256_SSWU_RO_NUL_").getBytes(), bArr, 2);
        ECP map2point = ECP.map2point(hash_to_field[0]);
        map2point.add(ECP.map2point(hash_to_field[1]));
        map2point.cfp();
        map2point.affine();
        return map2point;
    }

    public static int init() {
        ECP2 generator = ECP2.generator();
        if (generator.is_infinity()) {
            return -1;
        }
        G2_TAB = PAIR.precomp(generator);
        return 0;
    }

    public static int KeyPairGenerate(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        BIG big = new BIG(ROM.CURVE_Order);
        int nbits = big.nbits();
        int ceil = ceil(3 * ceil(nbits, 8), 2);
        ECP2 generator = ECP2.generator();
        byte[] inttoBytes = HMAC.inttoBytes(ceil, 2);
        byte[] bArr4 = new byte[bArr.length + 1];
        for (int i = 0; i < bArr.length; i++) {
            bArr4[i] = bArr[i];
        }
        bArr4[bArr.length] = 0;
        BIG ctmod = DBIG.fromBytes(HMAC.HKDF_Expand(2, 32, ceil, HMAC.HKDF_Extract(2, 32, new String("BLS-SIG-KEYGEN-SALT-").getBytes(), bArr4), inttoBytes)).ctmod(big, (8 * ceil) - nbits);
        ctmod.toBytes(bArr2);
        PAIR.G2mul(generator, ctmod).toBytes(bArr3, true);
        return 0;
    }

    public static int core_sign(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        PAIR.G1mul(bls_hash_to_point(bArr2), BIG.fromBytes(bArr3)).toBytes(bArr, true);
        return 0;
    }

    public static int core_verify(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        ECP bls_hash_to_point = bls_hash_to_point(bArr2);
        ECP fromBytes = ECP.fromBytes(bArr);
        if (!PAIR.G1member(fromBytes)) {
            return -1;
        }
        fromBytes.neg();
        ECP2 fromBytes2 = ECP2.fromBytes(bArr3);
        if (!PAIR.G2member(fromBytes2)) {
            return -1;
        }
        ECP2 generator = ECP2.generator();
        return (!generator.is_infinity() && PAIR.fexp(PAIR.ate2(generator, fromBytes, fromBytes2, bls_hash_to_point)).isunity()) ? 0 : -1;
    }
}
