package org.exploit.crypto.schnorr;

import at.favre.lib.bytes.Bytes;
import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.custom.sec.SecP256K1Curve;
import org.bouncycastle.util.BigIntegers;
import org.exploit.crypto.Hash;
import org.exploit.crypto.curve.Secp256k1Provider;
import org.exploit.crypto.key.ECPrivateKey;
import org.exploit.crypto.key.ECPublicKey;
import org.exploit.crypto.key.secp256k1.Secp256k1PrivateKey;
import org.exploit.crypto.key.secp256k1.Secp256k1PublicKey;
import org.exploit.crypto.key.secp256k1.tweak.TweakedKeyPair;
import org.exploit.crypto.signature.SchnorrSignature;
import org.exploit.crypto.utils.Schnorr;

/* loaded from: input_file:org/exploit/crypto/schnorr/TaprootSchnorrSigner.class */
public class TaprootSchnorrSigner {
    private static final SecureRandom RANDOM = new SecureRandom();

    /* JADX WARN: Type inference failed for: r0v36, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v58, types: [byte[], byte[][]] */
    public SchnorrSignature sign(Secp256k1PrivateKey secp256k1PrivateKey, byte[] bArr) {
        if (bArr.length != 32) {
            throw new IllegalArgumentException("Invalid message length. Expected 32, got: " + bArr.length);
        }
        TweakedKeyPair tweakedKeyPair = new TweakedKeyPair(secp256k1PrivateKey, new byte[0]);
        ECPrivateKey privateKey = tweakedKeyPair.privateKey();
        ECPublicKey publicKey = tweakedKeyPair.publicKey();
        byte[] bArr2 = new byte[32];
        RANDOM.nextBytes(bArr2);
        BigInteger bigInt = privateKey.toBigInt();
        BigInteger curveOrder = Secp256k1Provider.getCurveOrder();
        if (bigInt.equals(BigInteger.ZERO) || bigInt.compareTo(curveOrder) >= 0) {
            throw new IllegalArgumentException("Invalid secret key");
        }
        ECPoint point = publicKey.point();
        if (!(!point.getAffineYCoord().toBigInteger().testBit(0))) {
            bigInt = curveOrder.subtract(bigInt);
        }
        byte[] xorBytes = xorBytes(BigIntegers.asUnsignedByteArray(32, bigInt), Hash.taggedHash(bArr2, "BIP0340/aux"));
        byte[] asUnsignedByteArray = BigIntegers.asUnsignedByteArray(32, point.getAffineXCoord().toBigInteger());
        BigInteger mod = new BigInteger(1, Hash.taggedHash(Bytes.from((byte[][]) new byte[]{xorBytes, asUnsignedByteArray, bArr}).array(), "BIP0340/nonce")).mod(curveOrder);
        if (mod.equals(BigInteger.ZERO)) {
            throw new IllegalArgumentException("Nonce generation failed");
        }
        ECPoint point2 = Secp256k1Provider.getInstance().getPublicKey((ECPrivateKey) Secp256k1PrivateKey.create(mod)).point();
        if (!(!point2.getAffineYCoord().toBigInteger().testBit(0))) {
            mod = curveOrder.subtract(mod);
        }
        byte[] asUnsignedByteArray2 = BigIntegers.asUnsignedByteArray(32, point2.getAffineXCoord().toBigInteger());
        return new SchnorrSignature(asUnsignedByteArray2, BigIntegers.asUnsignedByteArray(32, mod.add(new BigInteger(1, Hash.taggedHash(Bytes.from((byte[][]) new byte[]{asUnsignedByteArray2, asUnsignedByteArray, bArr}).array(), "BIP0340/challenge")).mod(curveOrder).multiply(bigInt)).mod(curveOrder)));
    }

    /* JADX WARN: Type inference failed for: r0v23, types: [byte[], byte[][]] */
    public boolean verify(Secp256k1PublicKey secp256k1PublicKey, byte[] bArr, SchnorrSignature schnorrSignature) {
        ECPoint liftX;
        BigInteger bigInteger = SecP256K1Curve.q;
        BigInteger curveOrder = Secp256k1Provider.getCurveOrder();
        BigInteger bigInteger2 = new BigInteger(1, secp256k1PublicKey.x());
        if (bigInteger2.compareTo(bigInteger) >= 0 || (liftX = Schnorr.liftX(bigInteger2)) == null) {
            return false;
        }
        byte[] r = schnorrSignature.getR();
        byte[] s = schnorrSignature.getS();
        BigInteger bigInteger3 = new BigInteger(1, r);
        BigInteger bigInteger4 = new BigInteger(1, s);
        if (bigInteger3.compareTo(bigInteger) >= 0 || bigInteger4.compareTo(curveOrder) >= 0) {
            return false;
        }
        ECPoint normalize = Secp256k1Provider.CURVE.getG().multiply(bigInteger4).subtract(liftX.multiply(new BigInteger(1, Hash.taggedHash(Bytes.from((byte[][]) new byte[]{r, BigIntegers.asUnsignedByteArray(32, bigInteger2), bArr}).array(), "BIP0340/challenge")).mod(curveOrder))).normalize();
        if (normalize.isInfinity() || normalize.getAffineYCoord().toBigInteger().testBit(0)) {
            return false;
        }
        return normalize.getAffineXCoord().toBigInteger().equals(bigInteger3);
    }

    private static byte[] xorBytes(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }
}
