package ca.uwaterloo.crysp.otr;

import ca.uwaterloo.crysp.otr.crypt.MPI;
import ca.uwaterloo.crysp.otr.crypt.Provider;

/* loaded from: classes.dex */
public class SM {
    public static final byte[] MODULUS_S = Util.hexStringToBytes("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF");
    public static final byte[] MODULUS_MINUS_2 = Util.hexStringToBytes("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFD");
    public static final byte[] ORDER_S = Util.hexStringToBytes("7FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFAE5B7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E9267AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA36046511B993FFFFFFFFFFFFFFFF");
    public static final byte[] GENERATOR_S = Util.hexStringToBytes("02");

    public static int checkEqualCoords(MPI mpi, MPI mpi2, MPI mpi3, MPI mpi4, MPI mpi5, SMState sMState, int i, Provider provider) throws OTRException {
        return provider.compareMPI(mpi, hash(i, provider.mulm(provider.powm(sMState.g3, mpi2, new MPI(MODULUS_S)), provider.powm(mpi4, mpi, new MPI(MODULUS_S)), new MPI(MODULUS_S)), provider.mulm(provider.powm(mpi5, mpi, new MPI(MODULUS_S)), provider.mulm(provider.powm(sMState.g1, mpi2, new MPI(MODULUS_S)), provider.powm(sMState.g2, mpi3, new MPI(MODULUS_S)), new MPI(MODULUS_S)), new MPI(MODULUS_S)), provider));
    }

    public static int checkEqualLogs(MPI mpi, MPI mpi2, MPI mpi3, SMState sMState, int i, Provider provider) throws OTRException {
        return provider.compareMPI(mpi, hash(i, provider.mulm(provider.powm(sMState.g1, mpi2, new MPI(MODULUS_S)), provider.powm(sMState.g3o, mpi, new MPI(MODULUS_S)), new MPI(MODULUS_S)), provider.mulm(provider.powm(sMState.qab, mpi2, new MPI(MODULUS_S)), provider.powm(mpi3, mpi, new MPI(MODULUS_S)), new MPI(MODULUS_S)), provider));
    }

    public static boolean checkExpon(MPI mpi, Provider provider) {
        return provider.compareMPI(mpi, new MPI(new byte[]{1})) < 0 || provider.compareMPI(mpi, new MPI(ORDER_S)) >= 0;
    }

    public static boolean checkGroupElem(MPI mpi, Provider provider) {
        return provider.compareMPI(mpi, new MPI(new byte[]{2})) < 0 || provider.compareMPI(mpi, new MPI(MODULUS_MINUS_2)) > 0;
    }

    public static int checkKnowLog(MPI mpi, MPI mpi2, MPI mpi3, MPI mpi4, int i, Provider provider) throws OTRException {
        return provider.compareMPI(hash(i, provider.mulm(provider.powm(mpi3, mpi2, new MPI(MODULUS_S)), provider.powm(mpi4, mpi, new MPI(MODULUS_S)), new MPI(MODULUS_S)), null, provider), mpi);
    }

    public static MPI hash(int i, MPI mpi, MPI mpi2, Provider provider) throws OTRException {
        int length = mpi.getLength() + 5;
        if (mpi2 != null) {
            length += mpi2.getLength() + 4;
        }
        OutBuf outBuf = new OutBuf(new byte[length]);
        outBuf.writeByte((byte) i);
        outBuf.writeUInt(mpi.getLength());
        mpi.writeRaw(outBuf);
        if (mpi2 != null) {
            outBuf.writeUInt(mpi2.getLength());
            mpi2.writeRaw(outBuf);
        }
        return new MPI(provider.getSHA256().hash(outBuf.getBytes()));
    }

    public static MPI[] proofEqualCoords(SMState sMState, MPI mpi, int i, Provider provider) throws OTRException {
        MPI randomExponent = randomExponent(provider);
        MPI randomExponent2 = randomExponent(provider);
        MPI hash = hash(i, provider.powm(sMState.g3, randomExponent, new MPI(MODULUS_S)), provider.mulm(provider.powm(sMState.g1, randomExponent, new MPI(MODULUS_S)), provider.powm(sMState.g2, randomExponent2, new MPI(MODULUS_S)), new MPI(MODULUS_S)), provider);
        return new MPI[]{hash, provider.subm(randomExponent, provider.mulm(mpi, hash, new MPI(ORDER_S)), new MPI(ORDER_S)), provider.subm(randomExponent2, provider.mulm(sMState.secret, hash, new MPI(ORDER_S)), new MPI(ORDER_S))};
    }

    public static MPI[] proofEqualLogs(SMState sMState, int i, Provider provider) throws OTRException {
        MPI randomExponent = randomExponent(provider);
        MPI hash = hash(i, provider.powm(sMState.g1, randomExponent, new MPI(MODULUS_S)), provider.powm(sMState.qab, randomExponent, new MPI(MODULUS_S)), provider);
        return new MPI[]{hash, provider.subm(randomExponent, provider.mulm(sMState.x3, hash, new MPI(ORDER_S)), new MPI(ORDER_S))};
    }

    public static MPI[] proofKnowLog(MPI mpi, MPI mpi2, int i, Provider provider) throws OTRException {
        MPI randomExponent = randomExponent(provider);
        MPI hash = hash(i, provider.powm(mpi, randomExponent, new MPI(MODULUS_S)), null, provider);
        return new MPI[]{hash, provider.subm(randomExponent, provider.mulm(mpi2, hash, new MPI(ORDER_S)), new MPI(ORDER_S))};
    }

    public static MPI randomExponent(Provider provider) {
        byte[] bArr = new byte[192];
        provider.getSecureRandom().nextBytes(bArr);
        return new MPI(bArr);
    }

    public static byte[] serializeMPIArray(MPI[] mpiArr) throws OTRException {
        int i = 0;
        for (MPI mpi : mpiArr) {
            i += mpi.getLength() + 4;
        }
        OutBuf outBuf = new OutBuf(new byte[i + 4]);
        outBuf.writeUInt(mpiArr.length);
        for (MPI mpi2 : mpiArr) {
            mpi2.write(outBuf);
        }
        return outBuf.getBytes();
    }

    public static byte[] step1(SMState sMState, byte[] bArr, Provider provider) throws OTRException {
        sMState.secret = new MPI(bArr);
        sMState.receivedQuestion = 0;
        sMState.x2 = randomExponent(provider);
        sMState.x3 = randomExponent(provider);
        MPI[] proofKnowLog = proofKnowLog(sMState.g1, sMState.x2, 1, provider);
        MPI[] proofKnowLog2 = proofKnowLog(sMState.g1, sMState.x3, 2, provider);
        byte[] serializeMPIArray = serializeMPIArray(new MPI[]{provider.powm(sMState.g1, sMState.x2, new MPI(MODULUS_S)), proofKnowLog[0], proofKnowLog[1], provider.powm(sMState.g1, sMState.x3, new MPI(MODULUS_S)), proofKnowLog2[0], proofKnowLog2[1]});
        sMState.smProgState = 0;
        return serializeMPIArray;
    }

    public static void step2a(SMState sMState, byte[] bArr, int i, Provider provider) throws OTRException {
        sMState.receivedQuestion = i;
        sMState.smProgState = -2;
        MPI[] unserializeMPIArray = unserializeMPIArray(bArr);
        if (checkGroupElem(unserializeMPIArray[0], provider) || checkExpon(unserializeMPIArray[2], provider) || checkGroupElem(unserializeMPIArray[3], provider) || checkExpon(unserializeMPIArray[5], provider)) {
            throw new OTRException("Invalid parameter");
        }
        sMState.g3o = unserializeMPIArray[3];
        if (checkKnowLog(unserializeMPIArray[1], unserializeMPIArray[2], sMState.g1, unserializeMPIArray[0], 1, provider) != 0 || checkKnowLog(unserializeMPIArray[4], unserializeMPIArray[5], sMState.g1, unserializeMPIArray[3], 2, provider) != 0) {
            throw new OTRException("Proof checking failed");
        }
        sMState.x2 = randomExponent(provider);
        sMState.x3 = randomExponent(provider);
        sMState.g2 = provider.powm(unserializeMPIArray[0], sMState.x2, new MPI(MODULUS_S));
        sMState.g3 = provider.powm(unserializeMPIArray[3], sMState.x3, new MPI(MODULUS_S));
        sMState.smProgState = 0;
    }

    public static byte[] step2b(SMState sMState, byte[] bArr, Provider provider) throws OTRException {
        sMState.secret = new MPI(bArr);
        MPI[] proofKnowLog = proofKnowLog(sMState.g1, sMState.x2, 3, provider);
        MPI[] proofKnowLog2 = proofKnowLog(sMState.g1, sMState.x3, 4, provider);
        MPI randomExponent = randomExponent(provider);
        sMState.p = provider.powm(sMState.g3, randomExponent, new MPI(MODULUS_S));
        sMState.q = provider.mulm(provider.powm(sMState.g1, randomExponent, new MPI(MODULUS_S)), provider.powm(sMState.g2, sMState.secret, new MPI(MODULUS_S)), new MPI(MODULUS_S));
        MPI[] proofEqualCoords = proofEqualCoords(sMState, randomExponent, 5, provider);
        return serializeMPIArray(new MPI[]{provider.powm(sMState.g1, sMState.x2, new MPI(MODULUS_S)), proofKnowLog[0], proofKnowLog[1], provider.powm(sMState.g1, sMState.x3, new MPI(MODULUS_S)), proofKnowLog2[0], proofKnowLog2[1], sMState.p, sMState.q, proofEqualCoords[0], proofEqualCoords[1], proofEqualCoords[2]});
    }

    public static byte[] step3(SMState sMState, byte[] bArr, Provider provider) throws OTRException {
        sMState.smProgState = -2;
        MPI[] unserializeMPIArray = unserializeMPIArray(bArr);
        if (checkGroupElem(unserializeMPIArray[0], provider) || checkGroupElem(unserializeMPIArray[3], provider) || checkGroupElem(unserializeMPIArray[6], provider) || checkGroupElem(unserializeMPIArray[7], provider) || checkExpon(unserializeMPIArray[2], provider) || checkExpon(unserializeMPIArray[5], provider) || checkExpon(unserializeMPIArray[9], provider) || checkExpon(unserializeMPIArray[10], provider)) {
            throw new OTRException("Invalid Parameter");
        }
        MPI[] mpiArr = new MPI[8];
        sMState.g3o = unserializeMPIArray[3];
        if (checkKnowLog(unserializeMPIArray[1], unserializeMPIArray[2], sMState.g1, unserializeMPIArray[0], 3, provider) != 0 || checkKnowLog(unserializeMPIArray[4], unserializeMPIArray[5], sMState.g1, unserializeMPIArray[3], 4, provider) != 0) {
            throw new OTRException("Proof checking failed");
        }
        sMState.g2 = provider.powm(unserializeMPIArray[0], sMState.x2, new MPI(MODULUS_S));
        sMState.g3 = provider.powm(unserializeMPIArray[3], sMState.x3, new MPI(MODULUS_S));
        if (checkEqualCoords(unserializeMPIArray[8], unserializeMPIArray[9], unserializeMPIArray[10], unserializeMPIArray[6], unserializeMPIArray[7], sMState, 5, provider) != 0) {
            throw new OTRException("Invalid Parameter");
        }
        MPI randomExponent = randomExponent(provider);
        sMState.p = provider.powm(sMState.g3, randomExponent, new MPI(MODULUS_S));
        mpiArr[0] = sMState.p;
        sMState.q = provider.mulm(provider.powm(sMState.g1, randomExponent, new MPI(MODULUS_S)), provider.powm(sMState.g2, sMState.secret, new MPI(MODULUS_S)), new MPI(MODULUS_S));
        mpiArr[1] = sMState.q;
        MPI[] proofEqualCoords = proofEqualCoords(sMState, randomExponent, 6, provider);
        mpiArr[2] = proofEqualCoords[0];
        mpiArr[3] = proofEqualCoords[1];
        mpiArr[4] = proofEqualCoords[2];
        sMState.pab = provider.mulm(sMState.p, provider.invm(unserializeMPIArray[6], new MPI(MODULUS_S)), new MPI(MODULUS_S));
        sMState.qab = provider.mulm(sMState.q, provider.invm(unserializeMPIArray[7], new MPI(MODULUS_S)), new MPI(MODULUS_S));
        mpiArr[5] = provider.powm(sMState.qab, sMState.x3, new MPI(MODULUS_S));
        MPI[] proofEqualLogs = proofEqualLogs(sMState, 7, provider);
        mpiArr[6] = proofEqualLogs[0];
        mpiArr[7] = proofEqualLogs[1];
        byte[] serializeMPIArray = serializeMPIArray(mpiArr);
        sMState.smProgState = 0;
        return serializeMPIArray;
    }

    public static byte[] step4(SMState sMState, byte[] bArr, Provider provider) throws OTRException {
        MPI[] unserializeMPIArray = unserializeMPIArray(bArr);
        sMState.smProgState = -2;
        MPI[] mpiArr = new MPI[3];
        if (!checkGroupElem(unserializeMPIArray[0], provider)) {
            if (!checkGroupElem(unserializeMPIArray[1], provider) && !checkGroupElem(unserializeMPIArray[5], provider) && !checkExpon(unserializeMPIArray[3], provider) && !checkExpon(unserializeMPIArray[4], provider) && !checkExpon(unserializeMPIArray[7], provider)) {
                if (checkEqualCoords(unserializeMPIArray[2], unserializeMPIArray[3], unserializeMPIArray[4], unserializeMPIArray[0], unserializeMPIArray[1], sMState, 6, provider) != 0) {
                    throw new OTRException("Invalid Parameter");
                }
                sMState.pab = provider.mulm(unserializeMPIArray[0], provider.invm(sMState.p, new MPI(MODULUS_S)), new MPI(MODULUS_S));
                sMState.qab = provider.mulm(unserializeMPIArray[1], provider.invm(sMState.q, new MPI(MODULUS_S)), new MPI(MODULUS_S));
                if (checkEqualLogs(unserializeMPIArray[6], unserializeMPIArray[7], unserializeMPIArray[5], sMState, 7, provider) != 0) {
                    throw new OTRException("Proof checking failed");
                }
                mpiArr[0] = provider.powm(sMState.qab, sMState.x3, new MPI(MODULUS_S));
                MPI[] proofEqualLogs = proofEqualLogs(sMState, 8, provider);
                mpiArr[1] = proofEqualLogs[0];
                mpiArr[2] = proofEqualLogs[1];
                byte[] serializeMPIArray = serializeMPIArray(mpiArr);
                sMState.smProgState = provider.compareMPI(provider.powm(unserializeMPIArray[5], sMState.x3, new MPI(MODULUS_S)), sMState.pab) != 0 ? -1 : 1;
                return serializeMPIArray;
            }
        }
        throw new OTRException("Invalid Parameter");
    }

    public static void step5(SMState sMState, byte[] bArr, Provider provider) throws OTRException {
        MPI[] unserializeMPIArray = unserializeMPIArray(bArr);
        sMState.smProgState = -2;
        if (checkGroupElem(unserializeMPIArray[0], provider) || checkExpon(unserializeMPIArray[2], provider)) {
            throw new OTRException("Invalid Parameter");
        }
        if (checkEqualLogs(unserializeMPIArray[1], unserializeMPIArray[2], unserializeMPIArray[0], sMState, 8, provider) != 0) {
            throw new OTRException("Invalid Parameter");
        }
        sMState.smProgState = provider.compareMPI(provider.powm(unserializeMPIArray[0], sMState.x3, new MPI(MODULUS_S)), sMState.pab) != 0 ? -1 : 1;
    }

    public static MPI[] unserializeMPIArray(byte[] bArr) throws OTRException {
        InBuf inBuf = new InBuf(bArr);
        int readUInt = (int) inBuf.readUInt();
        if (readUInt <= 0) {
            throw new OTRException("Invalid count");
        }
        MPI[] mpiArr = new MPI[readUInt];
        for (int i = 0; i < readUInt; i++) {
            mpiArr[i] = MPI.readMPI(inBuf);
        }
        return mpiArr;
    }
}
