package io.moatwel.crypto.eddsa.ed448;

import io.moatwel.crypto.EdDsaSigner;
import io.moatwel.crypto.HashAlgorithm;
import io.moatwel.crypto.Hashes;
import io.moatwel.crypto.KeyPair;
import io.moatwel.crypto.Signature;
import io.moatwel.crypto.eddsa.Curve;
import io.moatwel.crypto.eddsa.DecodeException;
import io.moatwel.crypto.eddsa.Point;
import io.moatwel.crypto.eddsa.SchemeProvider;
import io.moatwel.util.ByteUtils;
import java.math.BigInteger;

/* loaded from: input_file:io/moatwel/crypto/eddsa/ed448/Ed448Signer.class */
public class Ed448Signer implements EdDsaSigner {
    private static final Curve CURVE = Curve448.getInstance();
    private final HashAlgorithm algorithm;
    private final SchemeProvider scheme;

    public Ed448Signer(HashAlgorithm hashAlgorithm, SchemeProvider schemeProvider) {
        this.algorithm = hashAlgorithm;
        this.scheme = schemeProvider;
    }

    /* JADX WARN: Type inference failed for: r2v1, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v16, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v19, types: [byte[], byte[][]] */
    @Override // io.moatwel.crypto.EdDsaSigner
    public Signature sign(KeyPair keyPair, byte[] bArr, byte[] bArr2) {
        byte[] beNonNullContext = beNonNullContext(bArr2);
        checkContextLength(beNonNullContext);
        byte[] hash = Hashes.hash(this.algorithm, 114, new byte[]{keyPair.getPrivateKey().getRaw()});
        byte[] bArr3 = ByteUtils.split(hash, 57)[0];
        bArr3[0] = (byte) (bArr3[0] & 252);
        bArr3[56] = (byte) (bArr3[56] & 0);
        bArr3[55] = (byte) (bArr3[55] | 128);
        BigInteger bigInteger = new BigInteger(ByteUtils.reverse(bArr3));
        byte[] dom = this.scheme.dom(beNonNullContext);
        byte[] bArr4 = ByteUtils.split(hash, 57)[1];
        byte[] preHash = this.scheme.preHash(bArr);
        BigInteger mod = new BigInteger(1, ByteUtils.reverse(Hashes.hash(this.algorithm, 114, new byte[]{dom, bArr4, preHash}))).mod(CURVE.getPrimeL());
        byte[] value = CURVE.getBasePoint().scalarMultiply(mod).encode().getValue();
        return new SignatureEd448(ByteUtils.paddingZeroOnTail(value, 57), ByteUtils.paddingZeroOnTail(new CoordinateEd448(new BigInteger(1, ByteUtils.reverse(Hashes.hash(this.algorithm, 114, new byte[]{dom, value, keyPair.getPublicKey().getRaw(), preHash}))).mod(CURVE.getPrimeL()).multiply(bigInteger).add(mod).mod(CURVE.getPrimeL())).encode().getValue(), 57));
    }

    /* JADX WARN: Type inference failed for: r2v7, types: [byte[], byte[][]] */
    @Override // io.moatwel.crypto.EdDsaSigner
    public boolean verify(KeyPair keyPair, byte[] bArr, byte[] bArr2, Signature signature) {
        try {
            byte[] beNonNullContext = beNonNullContext(bArr2);
            checkContextLength(beNonNullContext);
            Point decode = new EncodedPointEd448(signature.getR()).decode();
            Point decode2 = new EncodedPointEd448(keyPair.getPublicKey().getRaw()).decode();
            BigInteger integer = new EncodedCoordinateEd448(signature.getS()).decode().getInteger();
            if (integer.compareTo(BigInteger.ZERO) < 0 || integer.compareTo(CURVE.getPrimeL()) > 0) {
                return false;
            }
            return decode.add(decode2.scalarMultiply(new EncodedCoordinateEd448(Hashes.hash(this.algorithm, 114, new byte[]{this.scheme.dom(beNonNullContext), decode.encode().getValue(), decode2.encode().getValue(), this.scheme.preHash(bArr)})).decode().getInteger())).isEqual(CURVE.getBasePoint().scalarMultiply(integer));
        } catch (DecodeException e) {
            return false;
        }
    }

    private byte[] beNonNullContext(byte[] bArr) {
        if (bArr == null) {
            bArr = new byte[0];
        }
        return bArr;
    }

    private void checkContextLength(byte[] bArr) {
        if (bArr.length > 255) {
            throw new IllegalStateException("context length in byte must be less than 256 bytes.");
        }
    }
}
