package com.tencent.kona.crypto.provider;

import com.tencent.kona.crypto.CryptoUtils;
import com.tencent.kona.crypto.spec.SM2ParameterSpec;
import com.tencent.kona.sun.security.ec.ECOperations;
import com.tencent.kona.sun.security.util.DerInputStream;
import com.tencent.kona.sun.security.util.DerOutputStream;
import com.tencent.kona.sun.security.util.DerValue;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.interfaces.ECKey;
import java.security.spec.ECPoint;
import java.util.Arrays;
import javax.crypto.BadPaddingException;

/* loaded from: classes3.dex */
public final class SM2Engine {
    private boolean forEncryption;
    private SM2PrivateKey privateKey;
    private SM2PublicKey publicKey;
    private SecureRandom random;
    private SM3Engine sm3;

    private byte[] c(ECPoint eCPoint, byte[] bArr, byte[] bArr2) {
        DerValue[] derValueArr = {new DerValue((byte) 2, eCPoint.getAffineX().toByteArray()), new DerValue((byte) 2, eCPoint.getAffineY().toByteArray()), new DerValue((byte) 4, bArr), new DerValue((byte) 4, bArr2)};
        DerOutputStream derOutputStream = new DerOutputStream();
        derOutputStream.putSequence(derValueArr);
        return derOutputStream.toByteArray();
    }

    private static boolean checkInputBound(byte[] bArr, int i8, int i9) {
        return bArr != null && i8 >= 0 && i9 > 0 && bArr.length >= i8 + i9;
    }

    private byte[] decrypt(byte[] bArr, int i8, int i9) {
        byte[] bArr2 = new byte[i9];
        System.arraycopy(bArr, i8, bArr2, 0, i9);
        try {
            DerInputStream derInputStream = new DerInputStream(bArr2);
            DerValue[] sequence = derInputStream.getSequence(2);
            if (sequence.length != 4 || derInputStream.available() != 0) {
                throw new BadPaddingException("Invalid encoding for SM2 ciphertext");
            }
            byte[] dataBytes = sequence[0].getDataBytes();
            byte[] dataBytes2 = sequence[1].getDataBytes();
            byte[] dataBytes3 = sequence[2].getDataBytes();
            byte[] dataBytes4 = sequence[3].getDataBytes();
            ECPoint eCPoint = new ECPoint(new BigInteger(1, dataBytes), new BigInteger(1, dataBytes2));
            byte[] byteArrayLE = CryptoUtils.toByteArrayLE(SM2ParameterSpec.COFACTOR);
            ECOperations eCOperations = ECOperations.SM2OPS;
            if (!eCOperations.checkOrder(eCOperations.multiply(eCPoint, byteArrayLE).asAffine().toECPoint())) {
                throw new BadPaddingException("The peer public point is invalid");
            }
            ECPoint eCPoint2 = eCOperations.multiply(eCPoint, CryptoUtils.toByteArrayLE(this.privateKey.getS())).asAffine().toECPoint();
            byte[] kdf = kdf(eCPoint2, dataBytes4.length);
            if (isAllZero(kdf)) {
                throw new BadPaddingException("Derived key is zero");
            }
            xor(dataBytes4, kdf);
            byte[] bArr3 = new byte[32];
            this.sm3.update(CryptoUtils.bigIntToBytes32(eCPoint2.getAffineX()));
            this.sm3.update(dataBytes4);
            this.sm3.update(CryptoUtils.bigIntToBytes32(eCPoint2.getAffineY()));
            this.sm3.doFinal(bArr3);
            boolean isEqual = MessageDigest.isEqual(bArr3, dataBytes3);
            Arrays.fill(dataBytes, (byte) 0);
            Arrays.fill(dataBytes2, (byte) 0);
            Arrays.fill(dataBytes3, (byte) 0);
            if (isEqual) {
                return dataBytes4;
            }
            Arrays.fill(dataBytes4, (byte) 0);
            throw new BadPaddingException("Invalid ciphertext");
        } catch (IOException unused) {
            throw new BadPaddingException("Decode SM2 ciphertext failed");
        }
    }

    private byte[] encrypt(byte[] bArr, int i8, int i9) {
        ECPoint eCPoint;
        ECPoint eCPoint2;
        byte[] kdf;
        byte[] bArr2 = new byte[i9];
        System.arraycopy(bArr, i8, bArr2, 0, i9);
        do {
            byte[] nextK = nextK();
            ECOperations eCOperations = ECOperations.SM2OPS;
            eCPoint = eCOperations.multiply(SM2ParameterSpec.GENERATOR, nextK).asAffine().toECPoint();
            eCPoint2 = eCOperations.multiply(this.publicKey.getW(), nextK).asAffine().toECPoint();
            kdf = kdf(eCPoint2, i9);
        } while (isAllZero(kdf));
        xor(bArr2, kdf);
        byte[] bArr3 = new byte[32];
        this.sm3.update(CryptoUtils.bigIntToBytes32(eCPoint2.getAffineX()));
        this.sm3.update(bArr, i8, i9);
        this.sm3.update(CryptoUtils.bigIntToBytes32(eCPoint2.getAffineY()));
        this.sm3.doFinal(bArr3);
        return c(eCPoint, bArr3, bArr2);
    }

    private static boolean isAllZero(byte[] bArr) {
        boolean z8 = true;
        for (byte b9 : bArr) {
            z8 &= b9 == 0;
        }
        return z8;
    }

    private byte[] kdf(ECPoint eCPoint, int i8) {
        byte[] bigIntToBytes32 = CryptoUtils.bigIntToBytes32(eCPoint.getAffineX());
        byte[] bigIntToBytes322 = CryptoUtils.bigIntToBytes32(eCPoint.getAffineY());
        byte[] bArr = new byte[bigIntToBytes32.length + bigIntToBytes322.length];
        System.arraycopy(bigIntToBytes32, 0, bArr, 0, bigIntToBytes32.length);
        System.arraycopy(bigIntToBytes322, 0, bArr, bigIntToBytes32.length, bigIntToBytes322.length);
        return kdf(bArr, i8);
    }

    private byte[] kdf(byte[] bArr, int i8) {
        byte[] bArr2 = new byte[i8];
        byte[] bArr3 = new byte[32];
        int i9 = i8 % 32;
        int i10 = 1;
        int i11 = ((i8 + 32) - 1) / 32;
        while (i10 <= i11) {
            this.sm3.update(bArr);
            this.sm3.update(CryptoUtils.intToBytes4(i10));
            this.sm3.doFinal(bArr3);
            System.arraycopy(bArr3, 0, bArr2, (i10 - 1) * 32, (i10 != i11 || i9 == 0) ? 32 : i9);
            i10++;
        }
        return bArr2;
    }

    private byte[] nextK() {
        return ECOperations.SM2OPS.generatePrivateScalar(this.random);
    }

    private void xor(byte[] bArr, byte[] bArr2) {
        for (int i8 = 0; i8 < bArr.length; i8++) {
            bArr[i8] = (byte) (bArr[i8] ^ bArr2[i8]);
        }
    }

    public void init(boolean z8, ECKey eCKey, SecureRandom secureRandom) {
        this.publicKey = null;
        this.privateKey = null;
        this.sm3 = null;
        if (z8) {
            this.publicKey = (SM2PublicKey) eCKey;
        } else {
            this.privateKey = (SM2PrivateKey) eCKey;
        }
        this.random = secureRandom;
        this.forEncryption = z8;
        this.sm3 = new SM3Engine();
    }

    public byte[] processBlock(byte[] bArr, int i8, int i9) {
        if (checkInputBound(bArr, i8, i9)) {
            return this.forEncryption ? encrypt(bArr, i8, i9) : decrypt(bArr, i8, i9);
        }
        throw new BadPaddingException("Invalid input");
    }
}
