package com.google.crypto.tink.subtle;

import com.google.crypto.tink.PublicKeyVerify;
import com.google.crypto.tink.subtle.Ed25519;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Arrays;

/* loaded from: classes.dex */
public final class Ed25519Verify implements PublicKeyVerify {
    public static final int PUBLIC_KEY_LEN = 32;
    public static final int SIGNATURE_LEN = 64;
    public final ImmutableByteArray publicKey;

    public Ed25519Verify(byte[] bArr) {
        if (bArr.length != 32) {
            throw new IllegalArgumentException(String.format("Given public key's length is not %s.", 32));
        }
        this.publicKey = ImmutableByteArray.of(bArr);
    }

    @Override // com.google.crypto.tink.PublicKeyVerify
    public void verify(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        boolean z;
        byte b;
        boolean z2 = false;
        if (bArr.length != 64) {
            throw new GeneralSecurityException(String.format("The length of the signature is not %s.", 64));
        }
        byte[] bytes = this.publicKey.getBytes();
        if (bArr.length == 64) {
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 32, 64);
            int i = 31;
            while (true) {
                if (i < 0) {
                    break;
                }
                int i2 = copyOfRange[i] & 255;
                int i3 = Ed25519.GROUP_ORDER[i] & 255;
                if (i2 == i3) {
                    i--;
                } else if (i2 < i3) {
                    z = true;
                }
            }
            z = false;
            if (z) {
                MessageDigest engineFactory = EngineFactory.MESSAGE_DIGEST.getInstance("SHA-512");
                engineFactory.update(bArr, 0, 32);
                engineFactory.update(bytes);
                engineFactory.update(bArr2);
                byte[] digest = engineFactory.digest();
                Ed25519.reduce(digest);
                long[] jArr = new long[10];
                long[] expand = Field25519.expand(bytes);
                long[] jArr2 = new long[10];
                jArr2[0] = 1;
                long[] jArr3 = new long[10];
                long[] jArr4 = new long[10];
                long[] jArr5 = new long[10];
                long[] jArr6 = new long[10];
                long[] jArr7 = new long[10];
                Field25519.square(jArr4, expand);
                Field25519.mult(jArr5, jArr4, Ed25519Constants.D);
                Field25519.sub(jArr4, jArr4, jArr2);
                Field25519.sum(jArr5, jArr5, jArr2);
                long[] jArr8 = new long[10];
                Field25519.square(jArr8, jArr5);
                Field25519.mult(jArr8, jArr8, jArr5);
                Field25519.square(jArr, jArr8);
                Field25519.mult(jArr, jArr, jArr5);
                Field25519.mult(jArr, jArr, jArr4);
                long[] jArr9 = new long[10];
                long[] jArr10 = new long[10];
                long[] jArr11 = new long[10];
                Field25519.square(jArr9, jArr);
                Field25519.square(jArr10, jArr9);
                for (int i4 = 1; i4 < 2; i4++) {
                    Field25519.square(jArr10, jArr10);
                }
                Field25519.mult(jArr10, jArr, jArr10);
                Field25519.mult(jArr9, jArr9, jArr10);
                Field25519.square(jArr9, jArr9);
                Field25519.mult(jArr9, jArr10, jArr9);
                Field25519.square(jArr10, jArr9);
                for (int i5 = 1; i5 < 5; i5++) {
                    Field25519.square(jArr10, jArr10);
                }
                Field25519.mult(jArr9, jArr10, jArr9);
                Field25519.square(jArr10, jArr9);
                for (int i6 = 1; i6 < 10; i6++) {
                    Field25519.square(jArr10, jArr10);
                }
                Field25519.mult(jArr10, jArr10, jArr9);
                Field25519.square(jArr11, jArr10);
                for (int i7 = 1; i7 < 20; i7++) {
                    Field25519.square(jArr11, jArr11);
                }
                Field25519.mult(jArr10, jArr11, jArr10);
                Field25519.square(jArr10, jArr10);
                for (int i8 = 1; i8 < 10; i8++) {
                    Field25519.square(jArr10, jArr10);
                }
                Field25519.mult(jArr9, jArr10, jArr9);
                Field25519.square(jArr10, jArr9);
                for (int i9 = 1; i9 < 50; i9++) {
                    Field25519.square(jArr10, jArr10);
                }
                Field25519.mult(jArr10, jArr10, jArr9);
                Field25519.square(jArr11, jArr10);
                for (int i10 = 1; i10 < 100; i10++) {
                    Field25519.square(jArr11, jArr11);
                }
                Field25519.mult(jArr10, jArr11, jArr10);
                Field25519.square(jArr10, jArr10);
                for (int i11 = 1; i11 < 50; i11++) {
                    Field25519.square(jArr10, jArr10);
                }
                Field25519.mult(jArr9, jArr10, jArr9);
                Field25519.square(jArr9, jArr9);
                for (int i12 = 1; i12 < 2; i12++) {
                    Field25519.square(jArr9, jArr9);
                }
                Field25519.mult(jArr, jArr9, jArr);
                Field25519.mult(jArr, jArr, jArr8);
                Field25519.mult(jArr, jArr, jArr4);
                Field25519.square(jArr6, jArr);
                Field25519.mult(jArr6, jArr6, jArr5);
                Field25519.sub(jArr7, jArr6, jArr4);
                if (Ed25519.access$200(jArr7)) {
                    Field25519.sum(jArr7, jArr6, jArr4);
                    if (Ed25519.access$200(jArr7)) {
                        throw new GeneralSecurityException("Cannot convert given bytes to extended projective coordinates. No square root exists for modulo 2^255-19");
                    }
                    Field25519.mult(jArr, jArr, Ed25519Constants.SQRTM1);
                }
                if (!Ed25519.access$200(jArr) && ((bytes[31] & 255) >> 7) != 0) {
                    throw new GeneralSecurityException("Cannot convert given bytes to extended projective coordinates. Computed x is zero and encoded x's least significant bit is not zero");
                }
                if ((Field25519.contract(jArr)[0] & 1) == ((bytes[31] & 255) >> 7)) {
                    for (int i13 = 0; i13 < 10; i13++) {
                        jArr[i13] = -jArr[i13];
                    }
                }
                Field25519.mult(jArr3, jArr, expand);
                Ed25519.XYZ xyz = new Ed25519.XYZ(jArr, expand, jArr2);
                Ed25519.CachedXYZT[] cachedXYZTArr = new Ed25519.CachedXYZT[8];
                cachedXYZTArr[0] = new Ed25519.CachedXYZT(new Ed25519.XYZT(xyz, jArr3));
                Ed25519.PartialXYZT partialXYZT = new Ed25519.PartialXYZT();
                Ed25519.doubleXYZ(partialXYZT, xyz);
                Ed25519.XYZT xyzt = new Ed25519.XYZT();
                Ed25519.XYZT.fromPartialXYZT(xyzt, partialXYZT);
                for (int i14 = 1; i14 < 8; i14++) {
                    Ed25519.add(partialXYZT, xyzt, cachedXYZTArr[i14 - 1]);
                    Ed25519.XYZT xyzt2 = new Ed25519.XYZT();
                    Ed25519.XYZT.fromPartialXYZT(xyzt2, partialXYZT);
                    cachedXYZTArr[i14] = new Ed25519.CachedXYZT(xyzt2);
                }
                byte[] slide = Ed25519.slide(digest);
                byte[] slide2 = Ed25519.slide(copyOfRange);
                Ed25519.PartialXYZT partialXYZT2 = new Ed25519.PartialXYZT(Ed25519.NEUTRAL);
                Ed25519.XYZT xyzt3 = new Ed25519.XYZT();
                int i15 = 255;
                while (i15 >= 0 && slide[i15] == 0 && slide2[i15] == 0) {
                    i15--;
                }
                while (i15 >= 0) {
                    Ed25519.doubleXYZ(partialXYZT2, new Ed25519.XYZ(partialXYZT2));
                    if (slide[i15] > 0) {
                        Ed25519.XYZT.fromPartialXYZT(xyzt3, partialXYZT2);
                        b = 2;
                        Ed25519.add(partialXYZT2, xyzt3, cachedXYZTArr[slide[i15] / 2]);
                    } else {
                        b = 2;
                        if (slide[i15] < 0) {
                            Ed25519.XYZT.fromPartialXYZT(xyzt3, partialXYZT2);
                            Ed25519.sub(partialXYZT2, xyzt3, cachedXYZTArr[(-slide[i15]) / 2]);
                        }
                    }
                    if (slide2[i15] > 0) {
                        Ed25519.XYZT.fromPartialXYZT(xyzt3, partialXYZT2);
                        Ed25519.add(partialXYZT2, xyzt3, Ed25519Constants.B2[slide2[i15] / b]);
                    } else if (slide2[i15] < 0) {
                        Ed25519.XYZT.fromPartialXYZT(xyzt3, partialXYZT2);
                        Ed25519.sub(partialXYZT2, xyzt3, Ed25519Constants.B2[(-slide2[i15]) / b]);
                    }
                    i15--;
                }
                byte[] bytes2 = new Ed25519.XYZ(partialXYZT2).toBytes();
                int i16 = 0;
                while (true) {
                    if (i16 >= 32) {
                        z2 = true;
                        break;
                    } else {
                        if (bytes2[i16] != bArr[i16]) {
                            z2 = false;
                            break;
                        }
                        i16++;
                    }
                }
            }
        }
        if (!z2) {
            throw new GeneralSecurityException("Signature check failed.");
        }
    }
}
