package com.google.crypto.tink.subtle;

import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.Ed25519;
import com.google.crypto.tink.internal.Ed25519Constants;
import com.google.crypto.tink.internal.Field25519;
import com.google.crypto.tink.internal.Util;
import com.google.errorprone.annotations.Immutable;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Arrays;

@Immutable
/* loaded from: classes.dex */
public final class Ed25519Verify {
    public final byte[] messageSuffix;
    public final byte[] outputPrefix;
    public final com.google.crypto.tink.util.Bytes publicKey;

    public Ed25519Verify(byte[] bArr) {
        byte[] bArr2 = new byte[0];
        byte[] bArr3 = new byte[0];
        if (TinkFipsUtil.isRestrictedToFips.get()) {
            throw new IllegalStateException(new GeneralSecurityException("Can not use Ed25519 in FIPS-mode."));
        }
        if (bArr.length != 32) {
            throw new IllegalArgumentException("Given public key's length is not 32.");
        }
        int length = bArr.length;
        this.publicKey = new com.google.crypto.tink.util.Bytes(length > bArr.length ? bArr.length : length, bArr);
        this.outputPrefix = bArr2;
        this.messageSuffix = bArr3;
        if (Ed25519Constants.D == null) {
            throw new IllegalStateException("Could not initialize Ed25519.");
        }
    }

    public final void noPrefixVerify(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        byte[] bArr3 = bArr;
        if (bArr3.length != 64) {
            throw new GeneralSecurityException("The length of the signature is not 64.");
        }
        byte[] bArr4 = this.publicKey.data;
        byte[] bArr5 = new byte[bArr4.length];
        int i = 0;
        System.arraycopy(bArr4, 0, bArr5, 0, bArr4.length);
        if (bArr3.length == 64) {
            int i2 = 32;
            byte[] copyOfRange = Arrays.copyOfRange(bArr3, 32, 64);
            int i3 = 31;
            while (true) {
                if (i3 < 0) {
                    break;
                }
                int i4 = copyOfRange[i3] & 255;
                int i5 = Ed25519.GROUP_ORDER[i3] & 255;
                if (i4 == i5) {
                    i3--;
                    bArr3 = bArr;
                    copyOfRange = copyOfRange;
                    i2 = 32;
                    i = 0;
                } else if (i4 < i5) {
                    MessageDigest messageDigest = (MessageDigest) EngineFactory.MESSAGE_DIGEST.policy.getInstance();
                    messageDigest.update(bArr3, i, i2);
                    messageDigest.update(bArr5);
                    messageDigest.update(bArr2);
                    byte[] digest = messageDigest.digest();
                    Ed25519.reduce(digest);
                    long[] jArr = new long[10];
                    long[] expand = Field25519.expand(bArr5);
                    long[] jArr2 = new long[10];
                    jArr2[i] = 1;
                    long[] jArr3 = new long[10];
                    long[] jArr4 = new long[10];
                    long[] jArr5 = new long[10];
                    long[] jArr6 = new long[10];
                    long[] jArr7 = new long[10];
                    Field25519.square(jArr4, expand);
                    Field25519.mult(jArr5, jArr4, Ed25519Constants.D);
                    Field25519.sub(jArr4, jArr4, jArr2);
                    Field25519.sum(jArr5, jArr5, jArr2);
                    long[] jArr8 = new long[10];
                    Field25519.square(jArr8, jArr5);
                    Field25519.mult(jArr8, jArr8, jArr5);
                    Field25519.square(jArr, jArr8);
                    Field25519.mult(jArr, jArr, jArr5);
                    Field25519.mult(jArr, jArr, jArr4);
                    long[] jArr9 = new long[10];
                    long[] jArr10 = new long[10];
                    long[] jArr11 = new long[10];
                    Field25519.square(jArr9, jArr);
                    Field25519.square(jArr10, jArr9);
                    Field25519.square(jArr10, jArr10);
                    Field25519.mult(jArr10, jArr, jArr10);
                    Field25519.mult(jArr9, jArr9, jArr10);
                    Field25519.square(jArr9, jArr9);
                    Field25519.mult(jArr9, jArr10, jArr9);
                    Field25519.square(jArr10, jArr9);
                    byte[] bArr6 = copyOfRange;
                    for (int i6 = 1; i6 < 5; i6++) {
                        Field25519.square(jArr10, jArr10);
                    }
                    Field25519.mult(jArr9, jArr10, jArr9);
                    Field25519.square(jArr10, jArr9);
                    int i7 = 1;
                    for (int i8 = 10; i7 < i8; i8 = 10) {
                        Field25519.square(jArr10, jArr10);
                        i7++;
                    }
                    Field25519.mult(jArr10, jArr10, jArr9);
                    Field25519.square(jArr11, jArr10);
                    for (int i9 = 1; i9 < 20; i9++) {
                        Field25519.square(jArr11, jArr11);
                    }
                    Field25519.mult(jArr10, jArr11, jArr10);
                    Field25519.square(jArr10, jArr10);
                    int i10 = 1;
                    for (int i11 = 10; i10 < i11; i11 = 10) {
                        Field25519.square(jArr10, jArr10);
                        i10++;
                    }
                    Field25519.mult(jArr9, jArr10, jArr9);
                    Field25519.square(jArr10, jArr9);
                    for (int i12 = 1; i12 < 50; i12++) {
                        Field25519.square(jArr10, jArr10);
                    }
                    Field25519.mult(jArr10, jArr10, jArr9);
                    Field25519.square(jArr11, jArr10);
                    for (int i13 = 1; i13 < 100; i13++) {
                        Field25519.square(jArr11, jArr11);
                    }
                    Field25519.mult(jArr10, jArr11, jArr10);
                    Field25519.square(jArr10, jArr10);
                    for (int i14 = 1; i14 < 50; i14++) {
                        Field25519.square(jArr10, jArr10);
                    }
                    Field25519.mult(jArr9, jArr10, jArr9);
                    Field25519.square(jArr9, jArr9);
                    Field25519.square(jArr9, jArr9);
                    Field25519.mult(jArr, jArr9, jArr);
                    Field25519.mult(jArr, jArr, jArr8);
                    Field25519.mult(jArr, jArr, jArr4);
                    Field25519.square(jArr6, jArr);
                    Field25519.mult(jArr6, jArr6, jArr5);
                    Field25519.sub(jArr7, jArr6, jArr4);
                    if (Ed25519.access$200(jArr7)) {
                        Field25519.sum(jArr7, jArr6, jArr4);
                        if (Ed25519.access$200(jArr7)) {
                            throw new GeneralSecurityException("Cannot convert given bytes to extended projective coordinates. No square root exists for modulo 2^255-19");
                        }
                        Field25519.mult(jArr, jArr, Ed25519Constants.SQRTM1);
                    }
                    if (!Ed25519.access$200(jArr) && ((bArr5[31] & 255) >> 7) != 0) {
                        throw new GeneralSecurityException("Cannot convert given bytes to extended projective coordinates. Computed x is zero and encoded x's least significant bit is not zero");
                    }
                    if ((Field25519.contract(jArr)[0] & 1) == ((bArr5[31] & 255) >> 7)) {
                        int i15 = 0;
                        for (int i16 = 10; i15 < i16; i16 = 10) {
                            jArr[i15] = -jArr[i15];
                            i15++;
                        }
                    }
                    Field25519.mult(jArr3, jArr, expand);
                    Ed25519.XYZ xyz = new Ed25519.XYZ(jArr, expand, jArr2);
                    Ed25519.CachedXYZT[] cachedXYZTArr = new Ed25519.CachedXYZT[8];
                    cachedXYZTArr[0] = new Ed25519.CachedXYZT(new Ed25519.XYZT(xyz, jArr3));
                    Ed25519.PartialXYZT partialXYZT = new Ed25519.PartialXYZT(new Ed25519.XYZ(), new long[10]);
                    Ed25519.doubleXYZ(partialXYZT, xyz);
                    Ed25519.XYZT xyzt = new Ed25519.XYZT(partialXYZT);
                    for (int i17 = 1; i17 < 8; i17++) {
                        Ed25519.add(partialXYZT, xyzt, cachedXYZTArr[i17 - 1]);
                        cachedXYZTArr[i17] = new Ed25519.CachedXYZT(new Ed25519.XYZT(partialXYZT));
                    }
                    byte[] slide = Ed25519.slide(digest);
                    byte[] slide2 = Ed25519.slide(bArr6);
                    Ed25519.PartialXYZT partialXYZT2 = new Ed25519.PartialXYZT();
                    Ed25519.XYZT xyzt2 = new Ed25519.XYZT();
                    int i18 = 255;
                    while (i18 >= 0 && slide[i18] == 0 && slide2[i18] == 0) {
                        i18--;
                    }
                    while (i18 >= 0) {
                        Ed25519.doubleXYZ(partialXYZT2, new Ed25519.XYZ(partialXYZT2));
                        byte b = slide[i18];
                        if (b > 0) {
                            Ed25519.XYZT.fromPartialXYZT(xyzt2, partialXYZT2);
                            Ed25519.add(partialXYZT2, xyzt2, cachedXYZTArr[slide[i18] / 2]);
                        } else if (b < 0) {
                            Ed25519.XYZT.fromPartialXYZT(xyzt2, partialXYZT2);
                            Ed25519.sub(partialXYZT2, xyzt2, cachedXYZTArr[(-slide[i18]) / 2]);
                        }
                        byte b2 = slide2[i18];
                        if (b2 > 0) {
                            Ed25519.XYZT.fromPartialXYZT(xyzt2, partialXYZT2);
                            Ed25519.add(partialXYZT2, xyzt2, Ed25519Constants.B2[slide2[i18] / 2]);
                        } else if (b2 < 0) {
                            Ed25519.XYZT.fromPartialXYZT(xyzt2, partialXYZT2);
                            Ed25519.sub(partialXYZT2, xyzt2, Ed25519Constants.B2[(-slide2[i18]) / 2]);
                        }
                        i18--;
                    }
                    byte[] bytes = new Ed25519.XYZ(partialXYZT2).toBytes();
                    for (int i19 = 0; i19 < 32; i19++) {
                        if (bytes[i19] == bArr[i19]) {
                        }
                    }
                    return;
                }
            }
        }
        throw new GeneralSecurityException("Signature check failed.");
    }

    public final void verify(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        byte[] bArr3 = this.outputPrefix;
        int length = bArr3.length;
        byte[] bArr4 = this.messageSuffix;
        if (length == 0 && bArr4.length == 0) {
            noPrefixVerify(bArr, bArr2);
            return;
        }
        int i = Util.$r8$clinit;
        if (bArr.length >= bArr3.length) {
            for (int i2 = 0; i2 < bArr3.length; i2++) {
                if (bArr[i2] == bArr3[i2]) {
                }
            }
            if (bArr4.length != 0) {
                bArr2 = Bytes.concat(bArr2, bArr4);
            }
            noPrefixVerify(Arrays.copyOfRange(bArr, bArr3.length, bArr.length), bArr2);
            return;
        }
        throw new GeneralSecurityException("Invalid signature (output prefix mismatch)");
    }
}
