package io.moatwel.crypto.eddsa.ed25519;

import io.moatwel.crypto.eddsa.Coordinate;
import io.moatwel.crypto.eddsa.Curve;
import io.moatwel.crypto.eddsa.DecodeException;
import io.moatwel.crypto.eddsa.EncodedPoint;
import io.moatwel.crypto.eddsa.Point;
import io.moatwel.util.ByteUtils;
import java.math.BigInteger;

/* loaded from: input_file:io/moatwel/crypto/eddsa/ed25519/EncodedPointEd25519.class */
public class EncodedPointEd25519 extends EncodedPoint {
    private static final Curve curve = Curve25519.getInstance();

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncodedPointEd25519(byte[] bArr) {
        if (bArr.length != 32) {
            throw new IllegalArgumentException("EncodedPoint on ed25519 curve must have 32 byte length.");
        }
        this.value = bArr;
    }

    @Override // io.moatwel.crypto.eddsa.EncodedPoint
    public Point decode() {
        int readBit = ByteUtils.readBit(this.value[this.value.length - 1], 7);
        byte[] bArr = this.value;
        int length = this.value.length - 1;
        bArr[length] = (byte) (bArr[length] & Byte.MAX_VALUE);
        BigInteger bigInteger = new BigInteger(ByteUtils.reverse(this.value));
        if (bigInteger.compareTo(curve.getPrimePowerP()) >= 1) {
            throw new DecodeException("EdDsa decoding failed. This point is not on the edwards Curve25519.");
        }
        Coordinate coordinateEd25519 = new CoordinateEd25519(bigInteger);
        Coordinate mod = coordinateEd25519.multiply(coordinateEd25519).subtract(CoordinateEd25519.ONE).mod().multiply(curve.getD().multiply(coordinateEd25519).multiply(coordinateEd25519).add(CoordinateEd25519.ONE).mod().inverse()).mod();
        Coordinate powerMod = mod.powerMod(curve.getPrimePowerP().add(new BigInteger("3")).divide(new BigInteger("8")));
        if (powerMod.multiply(powerMod).subtract(mod).mod().getInteger().compareTo(BigInteger.ZERO) != 0) {
            powerMod = powerMod.multiply(new CoordinateEd25519(BigInteger.ONE.shiftLeft(1).modPow(curve.getPrimePowerP().subtract(BigInteger.ONE).divide(BigInteger.ONE.shiftLeft(2)), curve.getPrimePowerP()))).mod();
        }
        if (powerMod.getInteger().mod(BigInteger.ONE.shiftLeft(1)).compareTo(BigInteger.valueOf(readBit)) != 0) {
            powerMod = new CoordinateEd25519(curve.getPrimePowerP().subtract(powerMod.getInteger()).mod(curve.getPrimePowerP()));
        }
        return new PointEd25519(powerMod, coordinateEd25519);
    }
}
