package org.qortal.crypto;

import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collection;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.math.ec.rfc7748.X25519Field;
import org.bouncycastle.math.ec.rfc8032.Ed25519;
import org.bouncycastle.math.raw.Nat256;
import org.qortal.crypto.BouncyCastleEd25519;

/* loaded from: input_file:org/qortal/crypto/Qortal25519Extras.class */
public abstract class Qortal25519Extras extends BouncyCastleEd25519 {
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();

    public static byte[] toX25519PublicKey(byte[] bArr) {
        int[] iArr = new int[10];
        X25519Field.one(iArr);
        BouncyCastleEd25519.PointAffine pointAffine = new BouncyCastleEd25519.PointAffine();
        if (!decodePointVar(bArr, 0, true, pointAffine)) {
            return null;
        }
        int[] iArr2 = pointAffine.y;
        int[] iArr3 = new int[10];
        X25519Field.sub(iArr, iArr2, iArr3);
        int[] iArr4 = new int[10];
        X25519Field.add(iArr, iArr2, iArr4);
        int[] iArr5 = new int[10];
        X25519Field.inv(iArr3, iArr5);
        int[] iArr6 = new int[10];
        X25519Field.mul(iArr4, iArr5, iArr6);
        X25519Field.normalize(iArr6);
        byte[] bArr2 = new byte[32];
        X25519Field.encode(iArr6, bArr2, 0);
        return bArr2;
    }

    public static byte[] toX25519PrivateKey(byte[] bArr) {
        Digest createPrehash = Ed25519.createPrehash();
        byte[] bArr2 = new byte[createPrehash.getDigestSize()];
        createPrehash.update(bArr, 0, bArr.length);
        createPrehash.doFinal(bArr2, 0);
        byte[] bArr3 = new byte[32];
        System.arraycopy(bArr2, 0, bArr3, 0, 32);
        bArr3[0] = (byte) (bArr3[0] & 248);
        bArr3[31] = (byte) (bArr3[31] & Byte.MAX_VALUE);
        bArr3[31] = (byte) (bArr3[31] | 64);
        return bArr3;
    }

    public static BouncyCastleEd25519.PointAccum newPointAccum() {
        return new BouncyCastleEd25519.PointAccum();
    }

    public static byte[] aggregatePublicKeys(Collection<byte[]> collection) {
        BouncyCastleEd25519.PointAccum pointAccum = null;
        for (byte[] bArr : collection) {
            BouncyCastleEd25519.PointAffine pointAffine = new BouncyCastleEd25519.PointAffine();
            if (!decodePointVar(bArr, 0, false, pointAffine)) {
                return null;
            }
            if (pointAccum == null) {
                pointAccum = new BouncyCastleEd25519.PointAccum();
                pointCopy(pointAffine, pointAccum);
            } else {
                pointAdd(pointCopy(pointAffine), pointAccum);
            }
        }
        byte[] bArr2 = new byte[32];
        if (0 == encodePoint(pointAccum, bArr2, 0)) {
            return null;
        }
        return bArr2;
    }

    public static byte[] aggregateSignatures(Collection<byte[]> collection) {
        BouncyCastleEd25519.PointAccum pointAccum = null;
        int[] iArr = new int[8];
        byte[] bArr = new byte[32];
        int[] iArr2 = new int[8];
        for (byte[] bArr2 : collection) {
            System.arraycopy(bArr2, 0, bArr, 0, bArr.length);
            BouncyCastleEd25519.PointAffine pointAffine = new BouncyCastleEd25519.PointAffine();
            if (!decodePointVar(bArr, 0, false, pointAffine)) {
                return null;
            }
            if (pointAccum == null) {
                pointAccum = new BouncyCastleEd25519.PointAccum();
                pointCopy(pointAffine, pointAccum);
                decode32(bArr2, bArr.length, iArr, 0, 8);
            } else {
                pointAdd(pointCopy(pointAffine), pointAccum);
                decode32(bArr2, bArr.length, iArr2, 0, 8);
                Nat256.addTo(iArr2, iArr);
                if (Nat256.gte(iArr, L)) {
                    Nat256.subFrom(L, iArr);
                }
            }
        }
        byte[] bArr3 = new byte[64];
        if (0 == encodePoint(pointAccum, bArr3, 0)) {
            return null;
        }
        for (int i = 0; i < iArr.length; i++) {
            encode32(iArr[i], bArr3, 32 + (i * 4));
        }
        return bArr3;
    }

    public static byte[] signForAggregation(byte[] bArr, byte[] bArr2) {
        SHA512Digest sHA512Digest = new SHA512Digest();
        byte[] bArr3 = new byte[sHA512Digest.getDigestSize()];
        sHA512Digest.reset();
        sHA512Digest.update(bArr, 0, bArr.length);
        sHA512Digest.doFinal(bArr3, 0);
        byte[] bArr4 = new byte[32];
        pruneScalar(bArr3, 0, bArr4);
        scalarMultBaseEncoded(bArr4, new byte[32], 0);
        byte[] bArr5 = new byte[sHA512Digest.getDigestSize()];
        SECURE_RANDOM.nextBytes(bArr5);
        byte[] bArr6 = new byte[32];
        pruneScalar(bArr5, 0, bArr6);
        byte[] bArr7 = new byte[32];
        scalarMultBaseEncoded(bArr6, bArr7, 0);
        sHA512Digest.reset();
        sHA512Digest.update(bArr2, 0, bArr2.length);
        sHA512Digest.doFinal(bArr3, 0);
        byte[] calculateS = calculateS(bArr6, reduceScalar(bArr3), bArr4);
        byte[] bArr8 = new byte[64];
        System.arraycopy(bArr7, 0, bArr8, 0, 32);
        System.arraycopy(calculateS, 0, bArr8, 32, 32);
        return bArr8;
    }

    public static boolean verifyAggregated(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] copyOfRange = Arrays.copyOfRange(bArr2, 0, 32);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr2, 32, 64);
        if (!checkPointVar(copyOfRange) || !checkScalarVar(copyOfRange2)) {
            return false;
        }
        scalarMultBaseEncoded(copyOfRange2, new byte[32], 0);
        BouncyCastleEd25519.PointAffine pointAffine = new BouncyCastleEd25519.PointAffine();
        if (!decodePointVar(bArr, 0, true, pointAffine)) {
            return false;
        }
        SHA512Digest sHA512Digest = new SHA512Digest();
        byte[] bArr4 = new byte[sHA512Digest.getDigestSize()];
        sHA512Digest.update(bArr3, 0, bArr3.length);
        sHA512Digest.doFinal(bArr4, 0);
        byte[] reduceScalar = reduceScalar(bArr4);
        int[] iArr = new int[8];
        decodeScalar(copyOfRange2, 0, iArr);
        int[] iArr2 = new int[8];
        decodeScalar(reduceScalar, 0, iArr2);
        BouncyCastleEd25519.PointAccum pointAccum = new BouncyCastleEd25519.PointAccum();
        scalarMultStrausVar(iArr, iArr2, pointAffine, pointAccum);
        byte[] bArr5 = new byte[32];
        if (0 == encodePoint(pointAccum, bArr5, 0)) {
            return false;
        }
        return Arrays.equals(bArr5, copyOfRange);
    }
}
