package net.i2p.crypto.eddsa;

import java.io.ByteArrayOutputStream;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import net.i2p.crypto.eddsa.math.Curve;
import net.i2p.crypto.eddsa.math.FieldElement;
import net.i2p.crypto.eddsa.math.GroupElement;
import net.i2p.crypto.eddsa.math.ScalarOps;
import sun.security.x509.X509Key;

/* loaded from: classes2.dex */
public final class EdDSAEngine extends Signature {
    public static final AlgorithmParameterSpec ONE_SHOT_MODE = new OneShotSpec(0);
    private ByteArrayOutputStream baos;
    private MessageDigest digest;
    private EdDSAKey key;
    private byte[] oneShotBytes;
    private int oneShotLength;
    private boolean oneShotMode;
    private int oneShotOffset;

    /* loaded from: classes2.dex */
    static class OneShotSpec implements AlgorithmParameterSpec {
        private OneShotSpec() {
        }

        /* synthetic */ OneShotSpec(byte b) {
            this();
        }
    }

    public EdDSAEngine() {
        super("NONEwithEdDSA");
    }

    public EdDSAEngine(MessageDigest messageDigest) {
        this();
        this.digest = messageDigest;
    }

    private void digestInitSign(EdDSAPrivateKey edDSAPrivateKey) {
        int i = edDSAPrivateKey.edDsaSpec.curve.f.b;
        int i2 = i / 8;
        this.digest.update(edDSAPrivateKey.h, i2, (i / 4) - i2);
    }

    private void reset() {
        if (this.digest != null) {
            this.digest.reset();
        }
        if (this.baos != null) {
            this.baos.reset();
        }
        this.oneShotMode = false;
        this.oneShotBytes = null;
    }

    @Override // java.security.SignatureSpi
    protected final Object engineGetParameter(String str) {
        throw new UnsupportedOperationException("engineSetParameter unsupported");
    }

    @Override // java.security.SignatureSpi
    protected final void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        reset();
        if (!(privateKey instanceof EdDSAPrivateKey)) {
            throw new InvalidKeyException("cannot identify EdDSA private key: " + privateKey.getClass());
        }
        EdDSAPrivateKey edDSAPrivateKey = (EdDSAPrivateKey) privateKey;
        this.key = edDSAPrivateKey;
        if (this.digest == null) {
            try {
                this.digest = MessageDigest.getInstance(this.key.getParams().hashAlgo);
            } catch (NoSuchAlgorithmException unused) {
                throw new InvalidKeyException("cannot get required digest " + this.key.getParams().hashAlgo + " for private key.");
            }
        } else if (!this.key.getParams().hashAlgo.equals(this.digest.getAlgorithm())) {
            throw new InvalidKeyException("Key hash algorithm does not match chosen digest");
        }
        digestInitSign(edDSAPrivateKey);
    }

    @Override // java.security.SignatureSpi
    protected final void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        while (true) {
            reset();
            if (publicKey instanceof EdDSAPublicKey) {
                this.key = (EdDSAPublicKey) publicKey;
                if (this.digest != null) {
                    if (!this.key.getParams().hashAlgo.equals(this.digest.getAlgorithm())) {
                        throw new InvalidKeyException("Key hash algorithm does not match chosen digest");
                    }
                    return;
                }
                try {
                    this.digest = MessageDigest.getInstance(this.key.getParams().hashAlgo);
                    return;
                } catch (NoSuchAlgorithmException unused) {
                    throw new InvalidKeyException("cannot get required digest " + this.key.getParams().hashAlgo + " for private key.");
                }
            }
            if (!(publicKey instanceof X509Key)) {
                throw new InvalidKeyException("cannot identify EdDSA public key: " + publicKey.getClass());
            }
            try {
                publicKey = new EdDSAPublicKey(new X509EncodedKeySpec(publicKey.getEncoded()));
            } catch (InvalidKeySpecException unused2) {
                throw new InvalidKeyException("cannot handle X.509 EdDSA public key: " + publicKey.getAlgorithm());
            }
        }
    }

    @Override // java.security.SignatureSpi
    protected final void engineSetParameter(String str, Object obj) {
        throw new UnsupportedOperationException("engineSetParameter unsupported");
    }

    @Override // java.security.SignatureSpi
    protected final void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (!algorithmParameterSpec.equals(ONE_SHOT_MODE)) {
            super.engineSetParameter(algorithmParameterSpec);
        } else {
            if (this.oneShotBytes != null || (this.baos != null && this.baos.size() > 0)) {
                throw new InvalidAlgorithmParameterException("update() already called");
            }
            this.oneShotMode = true;
        }
    }

    @Override // java.security.SignatureSpi
    protected final byte[] engineSign() throws SignatureException {
        byte[] byteArray;
        int length;
        try {
            Curve curve = this.key.getParams().curve;
            ScalarOps scalarOps = this.key.getParams().sc;
            byte[] bArr = ((EdDSAPrivateKey) this.key).a;
            int i = 0;
            if (!this.oneShotMode) {
                byteArray = this.baos == null ? new byte[0] : this.baos.toByteArray();
                length = byteArray.length;
            } else {
                if (this.oneShotBytes == null) {
                    throw new SignatureException("update() not called first");
                }
                byteArray = this.oneShotBytes;
                i = this.oneShotOffset;
                length = this.oneShotLength;
            }
            this.digest.update(byteArray, i, length);
            byte[] reduce = scalarOps.reduce(this.digest.digest());
            byte[] byteArray2 = this.key.getParams().B.scalarMultiply(reduce).toByteArray();
            this.digest.update(byteArray2);
            this.digest.update(((EdDSAPrivateKey) this.key).Abyte);
            this.digest.update(byteArray, i, length);
            byte[] multiplyAndAdd = scalarOps.multiplyAndAdd(scalarOps.reduce(this.digest.digest()), bArr, reduce);
            ByteBuffer allocate = ByteBuffer.allocate(curve.f.b / 4);
            allocate.put(byteArray2).put(multiplyAndAdd);
            return allocate.array();
        } finally {
            reset();
            digestInitSign((EdDSAPrivateKey) this.key);
        }
    }

    @Override // java.security.SignatureSpi
    protected final void engineUpdate(byte b) throws SignatureException {
        if (this.oneShotMode) {
            throw new SignatureException("unsupported in one-shot mode");
        }
        if (this.baos == null) {
            this.baos = new ByteArrayOutputStream(256);
        }
        this.baos.write(b);
    }

    @Override // java.security.SignatureSpi
    protected final void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (!this.oneShotMode) {
            if (this.baos == null) {
                this.baos = new ByteArrayOutputStream(256);
            }
            this.baos.write(bArr, i, i2);
        } else {
            if (this.oneShotBytes != null) {
                throw new SignatureException("update() already called");
            }
            this.oneShotBytes = bArr;
            this.oneShotOffset = i;
            this.oneShotLength = i2;
        }
    }

    @Override // java.security.SignatureSpi
    protected final boolean engineVerify(byte[] bArr) throws SignatureException {
        byte[] byteArray;
        int length;
        int i;
        try {
            int i2 = this.key.getParams().curve.f.b;
            if (bArr.length != i2 / 4) {
                throw new SignatureException("signature length is wrong");
            }
            boolean z = false;
            this.digest.update(bArr, 0, i2 / 8);
            this.digest.update(((EdDSAPublicKey) this.key).Abyte);
            if (!this.oneShotMode) {
                byteArray = this.baos == null ? new byte[0] : this.baos.toByteArray();
                length = byteArray.length;
                i = 0;
            } else {
                if (this.oneShotBytes == null) {
                    throw new SignatureException("update() not called first");
                }
                byteArray = this.oneShotBytes;
                i = this.oneShotOffset;
                length = this.oneShotLength;
            }
            this.digest.update(byteArray, i, length);
            byte[] reduce = this.key.getParams().sc.reduce(this.digest.digest());
            byte[] copyOfRange = Arrays.copyOfRange(bArr, i2 / 8, i2 / 4);
            GroupElement groupElement = this.key.getParams().B;
            EdDSAPublicKey edDSAPublicKey = (EdDSAPublicKey) this.key;
            GroupElement groupElement2 = edDSAPublicKey.Aneg;
            if (groupElement2 == null) {
                GroupElement groupElement3 = edDSAPublicKey.A;
                if (groupElement3.repr != GroupElement.Representation.P3) {
                    throw new UnsupportedOperationException();
                }
                GroupElement zero = groupElement3.curve.getZero(GroupElement.Representation.P3);
                GroupElement rep = groupElement3.toRep(GroupElement.Representation.CACHED);
                if (zero.repr != GroupElement.Representation.P3) {
                    throw new UnsupportedOperationException();
                }
                if (rep.repr != GroupElement.Representation.CACHED) {
                    throw new IllegalArgumentException();
                }
                FieldElement add = zero.Y.add(zero.X);
                FieldElement subtract = zero.Y.subtract(zero.X);
                FieldElement multiply = add.multiply(rep.Y);
                FieldElement multiply2 = subtract.multiply(rep.X);
                FieldElement multiply3 = rep.T.multiply(zero.T);
                FieldElement multiply4 = zero.Z.multiply(rep.Z);
                FieldElement add2 = multiply4.add(multiply4);
                groupElement2 = GroupElement.p1p1(zero.curve, multiply.subtract(multiply2), multiply.add(multiply2), add2.subtract(multiply3), add2.add(multiply3)).toRep(GroupElement.Representation.P3PrecomputedDouble);
                edDSAPublicKey.Aneg = groupElement2;
            }
            byte[] byteArray2 = groupElement.doubleScalarMultiplyVariableTime(groupElement2, reduce, copyOfRange).toByteArray();
            int i3 = 0;
            while (true) {
                if (i3 >= byteArray2.length) {
                    z = true;
                    break;
                }
                if (byteArray2[i3] != bArr[i3]) {
                    break;
                }
                i3++;
            }
            return z;
        } finally {
            reset();
        }
    }
}
