package com.tencent.kona.crypto.provider;

import com.tencent.kona.crypto.CryptoUtils;
import com.tencent.kona.crypto.spec.SM2KeyAgreementParamSpec;
import com.tencent.kona.crypto.spec.SM2ParameterSpec;
import com.tencent.kona.crypto.util.Constants;
import com.tencent.kona.sun.security.ec.ECOperations;
import com.tencent.kona.sun.security.ec.point.MutablePoint;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes3.dex */
public class SM2KeyAgreement extends KeyAgreementSpi {
    private static final byte[] A;
    private static final byte[] B;
    private static final byte[] GEN_X;
    private static final byte[] GEN_Y;
    private static final BigInteger TWO_POW_W;
    private static final BigInteger TWO_POW_W_SUB_ONE;
    private ECPrivateKey ephemeralPrivateKey;
    private SM2KeyAgreementParamSpec paramSpec;
    private ECPublicKey peerEphemeralPublicKey;
    private final SM3Engine sm3 = new SM3Engine();

    static {
        BigInteger bigInteger = BigInteger.ONE;
        BigInteger shiftLeft = bigInteger.shiftLeft(w());
        TWO_POW_W = shiftLeft;
        TWO_POW_W_SUB_ONE = shiftLeft.subtract(bigInteger);
        EllipticCurve ellipticCurve = SM2ParameterSpec.CURVE;
        A = CryptoUtils.bigIntToBytes32(ellipticCurve.getA());
        B = CryptoUtils.bigIntToBytes32(ellipticCurve.getB());
        ECPoint eCPoint = SM2ParameterSpec.GENERATOR;
        GEN_X = CryptoUtils.bigIntToBytes32(eCPoint.getAffineX());
        GEN_Y = CryptoUtils.bigIntToBytes32(eCPoint.getAffineY());
    }

    private byte[] combine(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        byte[] bArr5 = new byte[bArr.length + bArr2.length + bArr3.length + bArr4.length];
        System.arraycopy(bArr, 0, bArr5, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr5, bArr.length, bArr2.length);
        if (this.paramSpec.isInitiator) {
            System.arraycopy(bArr3, 0, bArr5, bArr.length + bArr2.length, bArr3.length);
            System.arraycopy(bArr4, 0, bArr5, bArr.length + bArr2.length + bArr3.length, bArr4.length);
        } else {
            System.arraycopy(bArr4, 0, bArr5, bArr.length + bArr2.length, bArr4.length);
            System.arraycopy(bArr3, 0, bArr5, bArr.length + bArr2.length + bArr4.length, bArr3.length);
        }
        return bArr5;
    }

    private byte[] kdf(byte[] bArr) {
        int i8 = this.paramSpec.sharedKeyLength;
        byte[] bArr2 = new byte[i8];
        byte[] bArr3 = new byte[32];
        int i9 = i8 % 32;
        int i10 = 1;
        int i11 = (i8 / 32) + (i9 == 0 ? 0 : 1);
        while (i10 <= i11) {
            this.sm3.update(bArr);
            this.sm3.update(CryptoUtils.intToBytes4(i10));
            this.sm3.doFinal(bArr3);
            System.arraycopy(bArr3, 0, bArr2, (i10 - 1) * 32, (i10 != i11 || i9 == 0) ? 32 : i9);
            i10++;
        }
        return bArr2;
    }

    private static int w() {
        return ((int) Math.ceil(SM2ParameterSpec.ORDER.subtract(BigInteger.ONE).bitLength() / 2.0d)) - 1;
    }

    private byte[] z(byte[] bArr, ECPoint eCPoint) {
        if (bArr == null) {
            bArr = Constants.defaultId();
        }
        int length = bArr.length << 3;
        this.sm3.update((byte) (length >>> 8));
        this.sm3.update((byte) length);
        this.sm3.update(bArr);
        this.sm3.update(A);
        this.sm3.update(B);
        this.sm3.update(GEN_X);
        this.sm3.update(GEN_Y);
        this.sm3.update(CryptoUtils.bigIntToBytes32(eCPoint.getAffineX()));
        this.sm3.update(CryptoUtils.bigIntToBytes32(eCPoint.getAffineY()));
        return this.sm3.doFinal();
    }

    @Override // javax.crypto.KeyAgreementSpi
    public Key engineDoPhase(Key key, boolean z8) {
        if (this.ephemeralPrivateKey == null || this.paramSpec == null) {
            throw new IllegalStateException("Not initialized");
        }
        if (this.peerEphemeralPublicKey != null) {
            throw new IllegalStateException("Phase already executed");
        }
        if (!z8) {
            throw new IllegalStateException("Only two party agreement supported, lastPhase must be true");
        }
        if (!(key instanceof ECPublicKey)) {
            throw new InvalidKeyException("Only accept ECPublicKey");
        }
        this.peerEphemeralPublicKey = (ECPublicKey) key;
        return null;
    }

    @Override // javax.crypto.KeyAgreementSpi
    public int engineGenerateSecret(byte[] bArr, int i8) {
        if (this.paramSpec.sharedKeyLength + i8 <= bArr.length) {
            byte[] engineGenerateSecret = engineGenerateSecret();
            System.arraycopy(engineGenerateSecret, 0, bArr, i8, engineGenerateSecret.length);
            return engineGenerateSecret.length;
        }
        throw new ShortBufferException("Need " + this.paramSpec.sharedKeyLength + " bytes, only " + (bArr.length - i8) + " available");
    }

    @Override // javax.crypto.KeyAgreementSpi
    public SecretKey engineGenerateSecret(String str) {
        if (str != null) {
            return new SecretKeySpec(engineGenerateSecret(), str);
        }
        throw new NoSuchAlgorithmException("Algorithm must not be null");
    }

    @Override // javax.crypto.KeyAgreementSpi
    public byte[] engineGenerateSecret() {
        BigInteger s8 = this.ephemeralPrivateKey.getS();
        ECOperations eCOperations = ECOperations.SM2OPS;
        BigInteger asBigInteger = eCOperations.multiply(SM2ParameterSpec.GENERATOR, CryptoUtils.toByteArrayLE(s8)).asAffine().getX().asBigInteger();
        BigInteger bigInteger = TWO_POW_W;
        BigInteger bigInteger2 = TWO_POW_W_SUB_ONE;
        BigInteger mod = this.paramSpec.privateKey.getS().add(bigInteger.add(asBigInteger.and(bigInteger2)).multiply(s8)).mod(SM2ParameterSpec.ORDER);
        ECPoint w8 = this.peerEphemeralPublicKey.getW();
        BigInteger add = bigInteger.add(w8.getAffineX().and(bigInteger2));
        ECPoint w9 = this.paramSpec.peerPublicKey.getW();
        MutablePoint multiply = eCOperations.multiply(w8, CryptoUtils.toByteArrayLE(add));
        eCOperations.setSum(multiply, eCOperations.toAffinePoint(w9));
        ECPoint eCPoint = ECOperations.toECPoint(eCOperations.multiply(multiply.asAffine(), CryptoUtils.toByteArrayLE(SM2ParameterSpec.COFACTOR.multiply(mod))));
        if (eCPoint.equals(ECOperations.INFINITY)) {
            throw new IllegalStateException("Generate secret failed");
        }
        byte[] bigIntToBytes32 = CryptoUtils.bigIntToBytes32(eCPoint.getAffineX());
        byte[] bigIntToBytes322 = CryptoUtils.bigIntToBytes32(eCPoint.getAffineY());
        SM2KeyAgreementParamSpec sM2KeyAgreementParamSpec = this.paramSpec;
        byte[] z8 = z(sM2KeyAgreementParamSpec.id, sM2KeyAgreementParamSpec.publicKey.getW());
        SM2KeyAgreementParamSpec sM2KeyAgreementParamSpec2 = this.paramSpec;
        return kdf(combine(bigIntToBytes32, bigIntToBytes322, z8, z(sM2KeyAgreementParamSpec2.peerId, sM2KeyAgreementParamSpec2.peerPublicKey.getW())));
    }

    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, SecureRandom secureRandom) {
        throw new UnsupportedOperationException("Use init(Key, AlgorithmParameterSpec, SecureRandom) instead");
    }

    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) {
        if (!(key instanceof ECPrivateKey)) {
            throw new InvalidKeyException("Only accept ECPrivateKey");
        }
        if (!(algorithmParameterSpec instanceof SM2KeyAgreementParamSpec)) {
            throw new InvalidAlgorithmParameterException("Only accept SM2KeyAgreementParamSpec");
        }
        this.paramSpec = (SM2KeyAgreementParamSpec) algorithmParameterSpec;
        this.ephemeralPrivateKey = (ECPrivateKey) key;
    }
}
