package ch.bitagent.bitcoin.lib.ecc;

import ch.bitagent.bitcoin.lib.helper.Bytes;
import ch.bitagent.bitcoin.lib.helper.Hash;
import java.math.BigInteger;
import java.util.Arrays;

/* loaded from: input_file:ch/bitagent/bitcoin/lib/ecc/Schnorr.class */
public class Schnorr {
    private static final Int P = Hex.parse("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F");
    private static final int BYTES_LENGTH = 32;

    private Schnorr() {
    }

    private static byte[] getNumBytes(PointOperators pointOperators) {
        return Point.getNum(pointOperators).toBytes(BYTES_LENGTH);
    }

    private static boolean hasEvenY(S256Point s256Point) {
        return Point.getNum(s256Point.getY()).mod(Int.parse(2)).eq(Int.parse(0));
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [byte[], byte[][]] */
    private static byte[] taggedHash(String str, byte[] bArr) {
        byte[] sha256 = Hash.sha256(str.getBytes());
        return Hash.sha256(Bytes.add(new byte[]{sha256, sha256, bArr}));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v44, types: [ch.bitagent.bitcoin.lib.ecc.Int] */
    /* JADX WARN: Type inference failed for: r1v11, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v18, types: [byte[], byte[][]] */
    public static byte[] sign(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        Hex parse = Hex.parse(bArr2);
        if (parse.lt(Int.parse(1)) || parse.gt(S256Point.N.sub((PointOperators) Int.parse(1)))) {
            throw new IllegalArgumentException("The secret key must be an integer in the range 1..n-1.");
        }
        if (bArr3.length != BYTES_LENGTH) {
            throw new IllegalArgumentException(String.format("aux_rand must be %s bytes instead of %s.", Integer.valueOf(BYTES_LENGTH), Integer.valueOf(bArr3.length)));
        }
        S256Point mul = S256Point.getG().mul((Int) parse);
        Hex hex = parse;
        if (!hasEvenY(mul)) {
            hex = S256Point.N.sub((PointOperators) parse);
        }
        Int mod = Hex.parse(taggedHash("BIP0340/nonce", Bytes.add(new byte[]{Bytes.xor(hex.toBytes(BYTES_LENGTH), taggedHash("BIP0340/aux", bArr3)), getNumBytes(mul.getX()), bArr}))).mod(S256Point.N);
        if (mod.eq(Int.parse(0))) {
            throw new IllegalStateException("Failure. This happens only with negligible probability.");
        }
        S256Point mul2 = S256Point.getG().mul(mod);
        Int r17 = mod;
        if (!hasEvenY(mul2)) {
            r17 = S256Point.N.sub((PointOperators) mod);
        }
        byte[] add = Bytes.add(getNumBytes(mul2.getX()), Hex.parse(taggedHash("BIP0340/challenge", Bytes.add(new byte[]{getNumBytes(mul2.getX()), getNumBytes(mul.getX()), bArr}))).mod(S256Point.N).mul((PointOperators) hex).add((PointOperators) r17).mod(S256Point.N).toBytes(BYTES_LENGTH));
        if (verify(bArr, getNumBytes(mul.getX()), add)) {
            return add;
        }
        throw new IllegalStateException("The created signature does not pass verification.");
    }

    private static S256Point liftX(Int r5) {
        if (r5.ge(P)) {
            return null;
        }
        Int mod = r5.powMod(Int.parse(3), P).add((PointOperators) Int.parse(7)).mod(P);
        Int powMod = mod.powMod(P.add((PointOperators) Int.parse(1)).div((PointOperators) Int.parse(4)), P);
        if (powMod.powMod(Int.parse(2), P).ne(mod)) {
            return null;
        }
        return new S256Point(new S256Field(r5), powMod.bigInt().and(BigInteger.ONE).compareTo(BigInteger.ZERO) == 0 ? new S256Field(powMod) : new S256Field(P.sub((PointOperators) powMod)));
    }

    /* JADX WARN: Type inference failed for: r1v7, types: [byte[], byte[][]] */
    public static boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        S256Point add;
        if (bArr2.length != BYTES_LENGTH) {
            throw new IllegalArgumentException("'The public key must be a 32-byte array.'");
        }
        if (bArr3.length != 64) {
            throw new IllegalArgumentException("The signature must be a 64-byte array.");
        }
        S256Point liftX = liftX(Hex.parse(bArr2));
        if (liftX == null) {
            return false;
        }
        Hex parse = Hex.parse(Arrays.copyOfRange(bArr3, 0, BYTES_LENGTH));
        if (parse.ge(P)) {
            return false;
        }
        Hex parse2 = Hex.parse(Arrays.copyOfRange(bArr3, BYTES_LENGTH, 64));
        return (parse2.ge(S256Point.N) || (add = S256Point.getG().mul((Int) parse2).add((Point) liftX.mul(S256Point.N.sub((PointOperators) Hex.parse(taggedHash("BIP0340/challenge", Bytes.add(new byte[]{Arrays.copyOfRange(bArr3, 0, BYTES_LENGTH), bArr2, bArr}))).mod(S256Point.N))))) == null || !hasEvenY(add) || Point.getNum(add.getX()).ne(parse)) ? false : true;
    }
}
