package io.moatwel.crypto.eddsa.ed25519;

import io.moatwel.crypto.EdDsaSigner;
import io.moatwel.crypto.HashAlgorithm;
import io.moatwel.crypto.Hashes;
import io.moatwel.crypto.KeyPair;
import io.moatwel.crypto.Signature;
import io.moatwel.crypto.eddsa.Coordinate;
import io.moatwel.crypto.eddsa.Curve;
import io.moatwel.crypto.eddsa.DecodeException;
import io.moatwel.crypto.eddsa.Point;
import io.moatwel.crypto.eddsa.SchemeProvider;
import io.moatwel.util.ByteUtils;
import java.math.BigInteger;

/* loaded from: classes.dex */
public class Ed25519Signer implements EdDsaSigner {
    private static final Curve CURVE = Curve25519.getInstance();
    private final HashAlgorithm hashAlgorithm;
    private final SchemeProvider schemeProvider;

    public Ed25519Signer(HashAlgorithm hashAlgorithm, SchemeProvider schemeProvider) {
        this.hashAlgorithm = hashAlgorithm;
        this.schemeProvider = schemeProvider;
    }

    private byte[] beNonNullContext(byte[] bArr) {
        return bArr == null ? new byte[0] : bArr;
    }

    private void checkContextLength(byte[] bArr) {
        if (bArr.length > 255) {
            throw new IllegalStateException("context length in byte must be less than 256 bytes.");
        }
    }

    @Override // io.moatwel.crypto.EdDsaSigner
    public Signature sign(KeyPair keyPair, byte[] bArr, byte[] bArr2) {
        byte[] beNonNullContext = beNonNullContext(bArr2);
        checkContextLength(beNonNullContext);
        byte[] hash = Hashes.hash(this.hashAlgorithm, keyPair.getPrivateKey().getRaw());
        byte[] bArr3 = ByteUtils.split(hash, 32)[0];
        bArr3[0] = (byte) (bArr3[0] & 248);
        bArr3[31] = (byte) (bArr3[31] & Byte.MAX_VALUE);
        bArr3[31] = (byte) (bArr3[31] | 64);
        BigInteger bigInteger = new BigInteger(ByteUtils.reverse(bArr3));
        byte[] dom = this.schemeProvider.dom(beNonNullContext);
        byte[] bArr4 = ByteUtils.split(hash, 32)[1];
        byte[] preHash = this.schemeProvider.preHash(bArr);
        BigInteger bigInteger2 = new BigInteger(1, ByteUtils.reverse(Hashes.hash(this.hashAlgorithm, dom, bArr4, preHash)));
        byte[] value = CURVE.getBasePoint().scalarMultiply(bigInteger2).encode().getValue();
        return new SignatureEd25519(ByteUtils.paddingZeroOnTail(value, 32), ByteUtils.paddingZeroOnTail(new CoordinateEd25519(new BigInteger(1, ByteUtils.reverse(Hashes.hash(this.hashAlgorithm, dom, value, keyPair.getPublicKey().getRaw(), preHash))).mod(CURVE.getPrimeL()).multiply(bigInteger).add(bigInteger2).mod(CURVE.getPrimeL())).encode().getValue(), 32));
    }

    @Override // io.moatwel.crypto.EdDsaSigner
    public boolean verify(KeyPair keyPair, byte[] bArr, byte[] bArr2, Signature signature) {
        try {
            byte[] beNonNullContext = beNonNullContext(bArr2);
            checkContextLength(beNonNullContext);
            Point decode = new EncodedPointEd25519(signature.getR()).decode();
            Point decode2 = new EncodedPointEd25519(keyPair.getPublicKey().getRaw()).decode();
            Coordinate decode3 = new EncodedCoordinateEd25519(signature.getS()).decode();
            return decode.add(decode2.scalarMultiply(new EncodedCoordinateEd25519(Hashes.hash(this.hashAlgorithm, this.schemeProvider.dom(beNonNullContext), decode.encode().getValue(), decode2.encode().getValue(), this.schemeProvider.preHash(bArr))).decode().getInteger())).isEqual(CURVE.getBasePoint().scalarMultiply(decode3.getInteger()));
        } catch (DecodeException unused) {
            return false;
        }
    }
}
