package cn.hutool.crypto.asymmetric;

import cn.hutool.core.util.ObjectUtil;
import cn.hutool.crypto.CryptoException;
import java.math.BigInteger;
import java.util.Random;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.math.ec.ECConstants;
import org.bouncycastle.math.ec.ECFieldElement;
import org.bouncycastle.math.ec.ECMultiplier;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.Memoable;
import org.bouncycastle.util.Pack;

/* loaded from: input_file:BOOT-INF/lib/hutool-all-4.6.8.jar:cn/hutool/crypto/asymmetric/SM2Engine.class */
public class SM2Engine {
    private final Digest digest;
    private boolean forEncryption;
    private ECKeyParameters ecKey;
    private ECDomainParameters ecParams;
    private int curveLength;
    private Random random;
    private SM2Mode mode;

    /* loaded from: input_file:BOOT-INF/lib/hutool-all-4.6.8.jar:cn/hutool/crypto/asymmetric/SM2Engine$SM2Mode.class */
    public enum SM2Mode {
        C1C2C3,
        C1C3C2
    }

    public SM2Engine() {
        this(new SM3Digest());
    }

    public SM2Engine(SM2Mode sM2Mode) {
        this(new SM3Digest(), sM2Mode);
    }

    public SM2Engine(Digest digest) {
        this(digest, null);
    }

    public SM2Engine(Digest digest, SM2Mode sM2Mode) {
        this.digest = digest;
        this.mode = (SM2Mode) ObjectUtil.defaultIfNull(sM2Mode, SM2Mode.C1C3C2);
    }

    public void init(boolean z, CipherParameters cipherParameters) {
        this.forEncryption = z;
        if (cipherParameters instanceof ParametersWithRandom) {
            ParametersWithRandom parametersWithRandom = (ParametersWithRandom) cipherParameters;
            this.ecKey = (ECKeyParameters) parametersWithRandom.getParameters();
            this.random = parametersWithRandom.getRandom();
        } else {
            this.ecKey = (ECKeyParameters) cipherParameters;
        }
        this.ecParams = this.ecKey.getParameters();
        if (z) {
            if (((ECPublicKeyParameters) this.ecKey).getQ().multiply(this.ecParams.getH()).isInfinity()) {
                throw new IllegalArgumentException("invalid key: [h]Q at infinity");
            }
            if (null == this.random) {
                this.random = CryptoServicesRegistrar.getSecureRandom();
            }
        }
        this.curveLength = (this.ecParams.getCurve().getFieldSize() + 7) / 8;
    }

    public byte[] processBlock(byte[] bArr, int i, int i2) {
        return this.forEncryption ? encrypt(bArr, i, i2) : decrypt(bArr, i, i2);
    }

    public SM2Engine setMode(SM2Mode sM2Mode) {
        this.mode = sM2Mode;
        return this;
    }

    protected ECMultiplier createBasePointMultiplier() {
        return new FixedPointCombMultiplier();
    }

    private byte[] encrypt(byte[] bArr, int i, int i2) {
        byte[] encoded;
        ECPoint normalize;
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
        ECMultiplier createBasePointMultiplier = createBasePointMultiplier();
        do {
            BigInteger nextK = nextK();
            encoded = createBasePointMultiplier.multiply(this.ecParams.getG(), nextK).normalize().getEncoded(false);
            normalize = ((ECPublicKeyParameters) this.ecKey).getQ().multiply(nextK).normalize();
            kdf(normalize, bArr2);
        } while (notEncrypted(bArr2, bArr, i));
        byte[] bArr3 = new byte[this.digest.getDigestSize()];
        addFieldElement(normalize.getAffineXCoord());
        this.digest.update(bArr, i, i2);
        addFieldElement(normalize.getAffineYCoord());
        this.digest.doFinal(bArr3, 0);
        switch (this.mode) {
            case C1C3C2:
                return Arrays.concatenate(encoded, bArr3, bArr2);
            default:
                return Arrays.concatenate(encoded, bArr2, bArr3);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private byte[] decrypt(byte[] bArr, int i, int i2) {
        byte[] bArr2 = new byte[(this.curveLength * 2) + 1];
        System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
        ECPoint decodePoint = this.ecParams.getCurve().decodePoint(bArr2);
        if (decodePoint.multiply(this.ecParams.getH()).isInfinity()) {
            throw new CryptoException("[h]C1 at infinity");
        }
        ECPoint normalize = decodePoint.multiply(((ECPrivateKeyParameters) this.ecKey).getD()).normalize();
        int digestSize = this.digest.getDigestSize();
        byte[] bArr3 = new byte[(i2 - bArr2.length) - digestSize];
        if (SM2Mode.C1C3C2 == this.mode) {
            System.arraycopy(bArr, i + bArr2.length + digestSize, bArr3, 0, bArr3.length);
        } else {
            System.arraycopy(bArr, i + bArr2.length, bArr3, 0, bArr3.length);
        }
        kdf(normalize, bArr3);
        byte[] bArr4 = new byte[digestSize];
        addFieldElement(normalize.getAffineXCoord());
        this.digest.update(bArr3, 0, bArr3.length);
        addFieldElement(normalize.getAffineYCoord());
        this.digest.doFinal(bArr4, 0);
        Object[] objArr = false;
        for (int i3 = 0; i3 != bArr4.length; i3++) {
            objArr = (objArr == true ? 1 : 0) | (bArr4[i3] ^ bArr[((i + bArr2.length) + (SM2Mode.C1C3C2 == this.mode ? 0 : bArr3.length)) + i3]) ? 1 : 0;
        }
        Arrays.fill(bArr2, (byte) 0);
        Arrays.fill(bArr4, (byte) 0);
        if (objArr != true) {
            return bArr3;
        }
        Arrays.fill(bArr3, (byte) 0);
        throw new CryptoException("invalid cipher text");
    }

    private boolean notEncrypted(byte[] bArr, byte[] bArr2, int i) {
        for (int i2 = 0; i2 != bArr.length; i2++) {
            if (bArr[i2] != bArr2[i + i2]) {
                return false;
            }
        }
        return true;
    }

    private void kdf(ECPoint eCPoint, byte[] bArr) {
        Digest digest = this.digest;
        int digestSize = digest.getDigestSize();
        byte[] bArr2 = new byte[Math.max(4, digestSize)];
        int i = 0;
        Memoable memoable = null;
        Memoable memoable2 = null;
        if (digest instanceof Memoable) {
            addFieldElement(eCPoint.getAffineXCoord());
            addFieldElement(eCPoint.getAffineYCoord());
            memoable = (Memoable) digest;
            memoable2 = memoable.copy();
        }
        int i2 = 0;
        while (i < bArr.length) {
            if (memoable != null) {
                memoable.reset(memoable2);
            } else {
                addFieldElement(eCPoint.getAffineXCoord());
                addFieldElement(eCPoint.getAffineYCoord());
            }
            i2++;
            Pack.intToBigEndian(i2, bArr2, 0);
            digest.update(bArr2, 0, 4);
            digest.doFinal(bArr2, 0);
            int min = Math.min(digestSize, bArr.length - i);
            xor(bArr, bArr2, i, min);
            i += min;
        }
    }

    private void xor(byte[] bArr, byte[] bArr2, int i, int i2) {
        for (int i3 = 0; i3 != i2; i3++) {
            int i4 = i + i3;
            bArr[i4] = (byte) (bArr[i4] ^ bArr2[i3]);
        }
    }

    private BigInteger nextK() {
        int bitLength = this.ecParams.getN().bitLength();
        while (true) {
            BigInteger bigInteger = new BigInteger(bitLength, this.random);
            if (!bigInteger.equals(ECConstants.ZERO) && bigInteger.compareTo(this.ecParams.getN()) < 0) {
                return bigInteger;
            }
        }
    }

    private void addFieldElement(ECFieldElement eCFieldElement) {
        byte[] asUnsignedByteArray = BigIntegers.asUnsignedByteArray(this.curveLength, eCFieldElement.toBigInteger());
        this.digest.update(asUnsignedByteArray, 0, asUnsignedByteArray.length);
    }
}
