package com.google.crypto.tink.subtle; import java.security.GeneralSecurityException; import java.security.MessageDigest; import java.util.Arrays; /* JADX INFO: Access modifiers changed from: package-private */ /* loaded from: classes4.dex */ public final class Ed25519 { public static final int PUBLIC_KEY_LEN = 32; public static final int SECRET_KEY_LEN = 32; public static final int SIGNATURE_LEN = 64; private static final CachedXYT CACHED_NEUTRAL = new CachedXYT(new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0}, new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0}, new long[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0}); private static final PartialXYZT NEUTRAL = new PartialXYZT(new XYZ(new long[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0}, new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0}), new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0}); static final byte[] GROUP_ORDER = {-19, -45, -11, 92, 26, 99, 18, 88, -42, -100, -9, -94, -34, -7, -34, 20, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 16}; private static int eq(int a2, int b) { int i = (~(a2 ^ b)) & 255; int i2 = i & (i << 4); int i3 = i2 & (i2 << 2); return ((i3 & (i3 << 1)) >> 7) & 1; } /* JADX INFO: Access modifiers changed from: private */ /* loaded from: classes4.dex */ public static class XYZ { final long[] x; final long[] y; final long[] z; XYZ() { this(new long[10], new long[10], new long[10]); } XYZ(long[] x, long[] y, long[] z) { this.x = x; this.y = y; this.z = z; } XYZ(XYZ xyz) { this.x = Arrays.copyOf(xyz.x, 10); this.y = Arrays.copyOf(xyz.y, 10); this.z = Arrays.copyOf(xyz.z, 10); } XYZ(PartialXYZT partialXYZT) { this(); fromPartialXYZT(this, partialXYZT); } static XYZ fromPartialXYZT(XYZ out, PartialXYZT in) { Field25519.mult(out.x, in.xyz.x, in.t); Field25519.mult(out.y, in.xyz.y, in.xyz.z); Field25519.mult(out.z, in.xyz.z, in.t); return out; } byte[] toBytes() { long[] jArr = new long[10]; long[] jArr2 = new long[10]; long[] jArr3 = new long[10]; Field25519.inverse(jArr, this.z); Field25519.mult(jArr2, this.x, jArr); Field25519.mult(jArr3, this.y, jArr); byte[] contract = Field25519.contract(jArr3); contract[31] = (byte) ((Ed25519.getLsb(jArr2) << 7) ^ contract[31]); return contract; } boolean isOnCurve() { long[] jArr = new long[10]; Field25519.square(jArr, this.x); long[] jArr2 = new long[10]; Field25519.square(jArr2, this.y); long[] jArr3 = new long[10]; Field25519.square(jArr3, this.z); long[] jArr4 = new long[10]; Field25519.square(jArr4, jArr3); long[] jArr5 = new long[10]; Field25519.sub(jArr5, jArr2, jArr); Field25519.mult(jArr5, jArr5, jArr3); long[] jArr6 = new long[10]; Field25519.mult(jArr6, jArr, jArr2); Field25519.mult(jArr6, jArr6, Ed25519Constants.D); Field25519.sum(jArr6, jArr4); Field25519.reduce(jArr6, jArr6); return Bytes.equal(Field25519.contract(jArr5), Field25519.contract(jArr6)); } } /* JADX INFO: Access modifiers changed from: private */ /* loaded from: classes4.dex */ public static class XYZT { final long[] t; final XYZ xyz; XYZT() { this(new XYZ(), new long[10]); } XYZT(XYZ xyz, long[] t) { this.xyz = xyz; this.t = t; } XYZT(PartialXYZT partialXYZT) { this(); fromPartialXYZT(this, partialXYZT); } /* JADX INFO: Access modifiers changed from: private */ public static XYZT fromPartialXYZT(XYZT out, PartialXYZT in) { Field25519.mult(out.xyz.x, in.xyz.x, in.t); Field25519.mult(out.xyz.y, in.xyz.y, in.xyz.z); Field25519.mult(out.xyz.z, in.xyz.z, in.t); Field25519.mult(out.t, in.xyz.x, in.xyz.y); return out; } /* JADX INFO: Access modifiers changed from: private */ public static XYZT fromBytesNegateVarTime(byte[] s) throws GeneralSecurityException { long[] jArr = new long[10]; long[] expand = Field25519.expand(s); long[] jArr2 = new long[10]; jArr2[0] = 1; long[] jArr3 = new long[10]; long[] jArr4 = new long[10]; long[] jArr5 = new long[10]; long[] jArr6 = new long[10]; long[] jArr7 = new long[10]; Field25519.square(jArr4, expand); Field25519.mult(jArr5, jArr4, Ed25519Constants.D); Field25519.sub(jArr4, jArr4, jArr2); Field25519.sum(jArr5, jArr5, jArr2); long[] jArr8 = new long[10]; Field25519.square(jArr8, jArr5); Field25519.mult(jArr8, jArr8, jArr5); Field25519.square(jArr, jArr8); Field25519.mult(jArr, jArr, jArr5); Field25519.mult(jArr, jArr, jArr4); Ed25519.pow2252m3(jArr, jArr); Field25519.mult(jArr, jArr, jArr8); Field25519.mult(jArr, jArr, jArr4); Field25519.square(jArr6, jArr); Field25519.mult(jArr6, jArr6, jArr5); Field25519.sub(jArr7, jArr6, jArr4); if (Ed25519.isNonZeroVarTime(jArr7)) { Field25519.sum(jArr7, jArr6, jArr4); if (Ed25519.isNonZeroVarTime(jArr7)) { throw new GeneralSecurityException("Cannot convert given bytes to extended projective coordinates. No square root exists for modulo 2^255-19"); } Field25519.mult(jArr, jArr, Ed25519Constants.SQRTM1); } if (Ed25519.isNonZeroVarTime(jArr) || ((s[31] & 255) >> 7) == 0) { if (Ed25519.getLsb(jArr) == ((s[31] & 255) >> 7)) { Ed25519.neg(jArr, jArr); } Field25519.mult(jArr3, jArr, expand); return new XYZT(new XYZ(jArr, expand, jArr2), jArr3); } throw new GeneralSecurityException("Cannot convert given bytes to extended projective coordinates. Computed x is zero and encoded x's least significant bit is not zero"); } } /* JADX INFO: Access modifiers changed from: private */ /* loaded from: classes4.dex */ public static class PartialXYZT { final long[] t; final XYZ xyz; PartialXYZT() { this(new XYZ(), new long[10]); } PartialXYZT(XYZ xyz, long[] t) { this.xyz = xyz; this.t = t; } PartialXYZT(PartialXYZT other) { this.xyz = new XYZ(other.xyz); this.t = Arrays.copyOf(other.t, 10); } } /* JADX INFO: Access modifiers changed from: package-private */ /* loaded from: classes4.dex */ public static class CachedXYT { final long[] t2d; final long[] yMinusX; final long[] yPlusX; CachedXYT() { this(new long[10], new long[10], new long[10]); } /* JADX INFO: Access modifiers changed from: package-private */ public CachedXYT(long[] yPlusX, long[] yMinusX, long[] t2d) { this.yPlusX = yPlusX; this.yMinusX = yMinusX; this.t2d = t2d; } CachedXYT(CachedXYT other) { this.yPlusX = Arrays.copyOf(other.yPlusX, 10); this.yMinusX = Arrays.copyOf(other.yMinusX, 10); this.t2d = Arrays.copyOf(other.t2d, 10); } void multByZ(long[] output, long[] in) { System.arraycopy(in, 0, output, 0, 10); } void copyConditional(CachedXYT other, int icopy) { Curve25519.copyConditional(this.yPlusX, other.yPlusX, icopy); Curve25519.copyConditional(this.yMinusX, other.yMinusX, icopy); Curve25519.copyConditional(this.t2d, other.t2d, icopy); } } /* JADX INFO: Access modifiers changed from: private */ /* loaded from: classes5.dex */ public static class CachedXYZT extends CachedXYT { private final long[] z; CachedXYZT() { this(new long[10], new long[10], new long[10], new long[10]); } CachedXYZT(XYZT xyzt) { this(); Field25519.sum(this.yPlusX, xyzt.xyz.y, xyzt.xyz.x); Field25519.sub(this.yMinusX, xyzt.xyz.y, xyzt.xyz.x); System.arraycopy(xyzt.xyz.z, 0, this.z, 0, 10); Field25519.mult(this.t2d, xyzt.t, Ed25519Constants.D2); } CachedXYZT(long[] yPlusX, long[] yMinusX, long[] z, long[] t2d) { super(yPlusX, yMinusX, t2d); this.z = z; } @Override // com.google.crypto.tink.subtle.Ed25519.CachedXYT public void multByZ(long[] output, long[] in) { Field25519.mult(output, in, this.z); } } private static void add(PartialXYZT partialXYZT, XYZT extended, CachedXYT cached) { long[] jArr = new long[10]; Field25519.sum(partialXYZT.xyz.x, extended.xyz.y, extended.xyz.x); Field25519.sub(partialXYZT.xyz.y, extended.xyz.y, extended.xyz.x); Field25519.mult(partialXYZT.xyz.y, partialXYZT.xyz.y, cached.yMinusX); Field25519.mult(partialXYZT.xyz.z, partialXYZT.xyz.x, cached.yPlusX); Field25519.mult(partialXYZT.t, extended.t, cached.t2d); cached.multByZ(partialXYZT.xyz.x, extended.xyz.z); Field25519.sum(jArr, partialXYZT.xyz.x, partialXYZT.xyz.x); Field25519.sub(partialXYZT.xyz.x, partialXYZT.xyz.z, partialXYZT.xyz.y); Field25519.sum(partialXYZT.xyz.y, partialXYZT.xyz.z, partialXYZT.xyz.y); Field25519.sum(partialXYZT.xyz.z, jArr, partialXYZT.t); Field25519.sub(partialXYZT.t, jArr, partialXYZT.t); } private static void sub(PartialXYZT partialXYZT, XYZT extended, CachedXYT cached) { long[] jArr = new long[10]; Field25519.sum(partialXYZT.xyz.x, extended.xyz.y, extended.xyz.x); Field25519.sub(partialXYZT.xyz.y, extended.xyz.y, extended.xyz.x); Field25519.mult(partialXYZT.xyz.y, partialXYZT.xyz.y, cached.yPlusX); Field25519.mult(partialXYZT.xyz.z, partialXYZT.xyz.x, cached.yMinusX); Field25519.mult(partialXYZT.t, extended.t, cached.t2d); cached.multByZ(partialXYZT.xyz.x, extended.xyz.z); Field25519.sum(jArr, partialXYZT.xyz.x, partialXYZT.xyz.x); Field25519.sub(partialXYZT.xyz.x, partialXYZT.xyz.z, partialXYZT.xyz.y); Field25519.sum(partialXYZT.xyz.y, partialXYZT.xyz.z, partialXYZT.xyz.y); Field25519.sub(partialXYZT.xyz.z, jArr, partialXYZT.t); Field25519.sum(partialXYZT.t, jArr, partialXYZT.t); } private static void doubleXYZ(PartialXYZT partialXYZT, XYZ p) { long[] jArr = new long[10]; Field25519.square(partialXYZT.xyz.x, p.x); Field25519.square(partialXYZT.xyz.z, p.y); Field25519.square(partialXYZT.t, p.z); Field25519.sum(partialXYZT.t, partialXYZT.t, partialXYZT.t); Field25519.sum(partialXYZT.xyz.y, p.x, p.y); Field25519.square(jArr, partialXYZT.xyz.y); Field25519.sum(partialXYZT.xyz.y, partialXYZT.xyz.z, partialXYZT.xyz.x); Field25519.sub(partialXYZT.xyz.z, partialXYZT.xyz.z, partialXYZT.xyz.x); Field25519.sub(partialXYZT.xyz.x, jArr, partialXYZT.xyz.y); Field25519.sub(partialXYZT.t, partialXYZT.t, partialXYZT.xyz.z); } private static void doubleXYZT(PartialXYZT partialXYZT, XYZT p) { doubleXYZ(partialXYZT, p.xyz); } private static void select(CachedXYT t, int pos, byte b) { int i = (b & 255) >> 7; int i2 = b - (((-i) & b) << 1); t.copyConditional(Ed25519Constants.B_TABLE[pos][0], eq(i2, 1)); t.copyConditional(Ed25519Constants.B_TABLE[pos][1], eq(i2, 2)); t.copyConditional(Ed25519Constants.B_TABLE[pos][2], eq(i2, 3)); t.copyConditional(Ed25519Constants.B_TABLE[pos][3], eq(i2, 4)); t.copyConditional(Ed25519Constants.B_TABLE[pos][4], eq(i2, 5)); t.copyConditional(Ed25519Constants.B_TABLE[pos][5], eq(i2, 6)); t.copyConditional(Ed25519Constants.B_TABLE[pos][6], eq(i2, 7)); t.copyConditional(Ed25519Constants.B_TABLE[pos][7], eq(i2, 8)); long[] copyOf = Arrays.copyOf(t.yMinusX, 10); long[] copyOf2 = Arrays.copyOf(t.yPlusX, 10); long[] copyOf3 = Arrays.copyOf(t.t2d, 10); neg(copyOf3, copyOf3); t.copyConditional(new CachedXYT(copyOf, copyOf2, copyOf3), i); } private static XYZ scalarMultWithBase(byte[] a2) { int i; byte[] bArr = new byte[64]; int i2 = 0; while (true) { if (i2 >= 32) { break; } int i3 = i2 * 2; bArr[i3] = (byte) (a2[i2] & 15); bArr[i3 + 1] = (byte) (((a2[i2] & 255) >> 4) & 15); i2++; } int i4 = 0; byte b = 0; while (i4 < 63) { byte b2 = (byte) (bArr[i4] + b); bArr[i4] = b2; int i5 = (b2 + 8) >> 4; bArr[i4] = (byte) (b2 - (i5 << 4)); i4++; b = i5; } bArr[63] = (byte) (bArr[63] + b); PartialXYZT partialXYZT = new PartialXYZT(NEUTRAL); XYZT xyzt = new XYZT(); for (i = 1; i < 64; i += 2) { CachedXYT cachedXYT = new CachedXYT(CACHED_NEUTRAL); select(cachedXYT, i / 2, bArr[i]); add(partialXYZT, XYZT.fromPartialXYZT(xyzt, partialXYZT), cachedXYT); } XYZ xyz = new XYZ(); doubleXYZ(partialXYZT, XYZ.fromPartialXYZT(xyz, partialXYZT)); doubleXYZ(partialXYZT, XYZ.fromPartialXYZT(xyz, partialXYZT)); doubleXYZ(partialXYZT, XYZ.fromPartialXYZT(xyz, partialXYZT)); doubleXYZ(partialXYZT, XYZ.fromPartialXYZT(xyz, partialXYZT)); for (int i6 = 0; i6 < 64; i6 += 2) { CachedXYT cachedXYT2 = new CachedXYT(CACHED_NEUTRAL); select(cachedXYT2, i6 / 2, bArr[i6]); add(partialXYZT, XYZT.fromPartialXYZT(xyzt, partialXYZT), cachedXYT2); } XYZ xyz2 = new XYZ(partialXYZT); if (xyz2.isOnCurve()) { return xyz2; } throw new IllegalStateException("arithmetic error in scalar multiplication"); } /* JADX INFO: Access modifiers changed from: package-private */ public static byte[] scalarMultWithBaseToBytes(byte[] a2) { return scalarMultWithBase(a2).toBytes(); } private static byte[] slide(byte[] a2) { int i; byte[] bArr = new byte[256]; for (int i2 = 0; i2 < 256; i2++) { bArr[i2] = (byte) (1 & ((a2[i2 >> 3] & 255) >> (i2 & 7))); } for (int i3 = 0; i3 < 256; i3++) { if (bArr[i3] != 0) { for (int i4 = 1; i4 <= 6 && (i = i3 + i4) < 256; i4++) { byte b = bArr[i]; if (b != 0) { byte b2 = bArr[i3]; if ((b << i4) + b2 <= 15) { bArr[i3] = (byte) (b2 + (b << i4)); bArr[i] = 0; } else if (b2 - (b << i4) >= -15) { bArr[i3] = (byte) (b2 - (b << i4)); while (true) { if (i >= 256) { break; } else if (bArr[i] == 0) { bArr[i] = 1; break; } else { bArr[i] = 0; i++; } } } } } } } return bArr; } private static XYZ doubleScalarMultVarTime(byte[] a2, XYZT pointA, byte[] b) { CachedXYZT[] cachedXYZTArr = new CachedXYZT[8]; cachedXYZTArr[0] = new CachedXYZT(pointA); PartialXYZT partialXYZT = new PartialXYZT(); doubleXYZT(partialXYZT, pointA); XYZT xyzt = new XYZT(partialXYZT); for (int i = 1; i < 8; i++) { add(partialXYZT, xyzt, cachedXYZTArr[i - 1]); cachedXYZTArr[i] = new CachedXYZT(new XYZT(partialXYZT)); } byte[] slide = slide(a2); byte[] slide2 = slide(b); PartialXYZT partialXYZT2 = new PartialXYZT(NEUTRAL); XYZT xyzt2 = new XYZT(); int i2 = 255; while (i2 >= 0 && slide[i2] == 0 && slide2[i2] == 0) { i2--; } while (i2 >= 0) { doubleXYZ(partialXYZT2, new XYZ(partialXYZT2)); byte b2 = slide[i2]; if (b2 > 0) { add(partialXYZT2, XYZT.fromPartialXYZT(xyzt2, partialXYZT2), cachedXYZTArr[slide[i2] / 2]); } else if (b2 < 0) { sub(partialXYZT2, XYZT.fromPartialXYZT(xyzt2, partialXYZT2), cachedXYZTArr[(-slide[i2]) / 2]); } byte b3 = slide2[i2]; if (b3 > 0) { add(partialXYZT2, XYZT.fromPartialXYZT(xyzt2, partialXYZT2), Ed25519Constants.B2[slide2[i2] / 2]); } else if (b3 < 0) { sub(partialXYZT2, XYZT.fromPartialXYZT(xyzt2, partialXYZT2), Ed25519Constants.B2[(-slide2[i2]) / 2]); } i2--; } return new XYZ(partialXYZT2); } /* JADX INFO: Access modifiers changed from: private */ public static boolean isNonZeroVarTime(long[] in) { long[] jArr = new long[in.length + 1]; System.arraycopy(in, 0, jArr, 0, in.length); Field25519.reduceCoefficients(jArr); for (byte b : Field25519.contract(jArr)) { if (b != 0) { return true; } } return false; } /* JADX INFO: Access modifiers changed from: private */ public static int getLsb(long[] in) { return Field25519.contract(in)[0] & 1; } /* JADX INFO: Access modifiers changed from: private */ public static void neg(long[] out, long[] in) { for (int i = 0; i < in.length; i++) { out[i] = -in[i]; } } /* JADX INFO: Access modifiers changed from: private */ public static void pow2252m3(long[] out, long[] in) { long[] jArr = new long[10]; long[] jArr2 = new long[10]; long[] jArr3 = new long[10]; Field25519.square(jArr, in); Field25519.square(jArr2, jArr); Field25519.square(jArr2, jArr2); Field25519.mult(jArr2, in, jArr2); Field25519.mult(jArr, jArr, jArr2); Field25519.square(jArr, jArr); Field25519.mult(jArr, jArr2, jArr); Field25519.square(jArr2, jArr); for (int i = 1; i < 5; i++) { Field25519.square(jArr2, jArr2); } Field25519.mult(jArr, jArr2, jArr); Field25519.square(jArr2, jArr); for (int i2 = 1; i2 < 10; i2++) { Field25519.square(jArr2, jArr2); } Field25519.mult(jArr2, jArr2, jArr); Field25519.square(jArr3, jArr2); for (int i3 = 1; i3 < 20; i3++) { Field25519.square(jArr3, jArr3); } Field25519.mult(jArr2, jArr3, jArr2); Field25519.square(jArr2, jArr2); for (int i4 = 1; i4 < 10; i4++) { Field25519.square(jArr2, jArr2); } Field25519.mult(jArr, jArr2, jArr); Field25519.square(jArr2, jArr); for (int i5 = 1; i5 < 50; i5++) { Field25519.square(jArr2, jArr2); } Field25519.mult(jArr2, jArr2, jArr); Field25519.square(jArr3, jArr2); for (int i6 = 1; i6 < 100; i6++) { Field25519.square(jArr3, jArr3); } Field25519.mult(jArr2, jArr3, jArr2); Field25519.square(jArr2, jArr2); for (int i7 = 1; i7 < 50; i7++) { Field25519.square(jArr2, jArr2); } Field25519.mult(jArr, jArr2, jArr); Field25519.square(jArr, jArr); Field25519.square(jArr, jArr); Field25519.mult(out, jArr, in); } private static long load3(byte[] in, int idx) { return ((in[idx + 2] & 255) << 16) | (in[idx] & 255) | ((in[idx + 1] & 255) << 8); } private static long load4(byte[] in, int idx) { return ((in[idx + 3] & 255) << 24) | load3(in, idx); } private static void reduce(byte[] s) { long load3 = (load3(s, 47) >> 2) & 2097151; long load4 = (load4(s, 49) >> 7) & 2097151; long load42 = (load4(s, 52) >> 4) & 2097151; long load32 = (load3(s, 55) >> 1) & 2097151; long load43 = (load4(s, 57) >> 6) & 2097151; long load44 = load4(s, 60) >> 3; long load33 = (load3(s, 42) & 2097151) - (load44 * 683901); long load34 = ((load3(s, 26) >> 2) & 2097151) + (load43 * 666643); long load45 = ((load4(s, 28) >> 7) & 2097151) + (load44 * 666643) + (load43 * 470296); long load46 = ((load4(s, 31) >> 4) & 2097151) + (load44 * 470296) + (load43 * 654183); long load35 = (((load3(s, 34) >> 1) & 2097151) + (load44 * 654183)) - (load43 * 997805); long load36 = (((load3(s, 39) >> 3) & 2097151) + (load44 * 136657)) - (load43 * 683901); long load47 = ((load4(s, 23) >> 5) & 2097151) + (load32 * 666643); long load48 = ((((load4(s, 36) >> 6) & 2097151) - (load44 * 997805)) + (load43 * 136657)) - (load32 * 683901); long load37 = (load3(s, 21) & 2097151) + (load42 * 666643); long load38 = ((load3(s, 18) >> 3) & 2097151) + (load4 * 666643); long j = ((load46 - (load32 * 997805)) + (load42 * 136657)) - (load4 * 683901); long load49 = ((load4(s, 15) >> 6) & 2097151) + (load3 * 666643); long j2 = load38 + (load3 * 470296); long j3 = load37 + (load4 * 470296) + (load3 * 654183); long j4 = ((load47 + (load42 * 470296)) + (load4 * 654183)) - (load3 * 997805); long j5 = (((load34 + (load32 * 470296)) + (load42 * 654183)) - (load4 * 997805)) + (load3 * 136657); long j6 = (((load45 + (load32 * 654183)) - (load42 * 997805)) + (load4 * 136657)) - (load3 * 683901); long j7 = (load49 + 1048576) >> 21; long j8 = j2 + j7; long j9 = load49 - (j7 << 21); long j10 = (j3 + 1048576) >> 21; long j11 = j4 + j10; long j12 = j3 - (j10 << 21); long j13 = (j5 + 1048576) >> 21; long j14 = j6 + j13; long j15 = j5 - (j13 << 21); long j16 = (j + 1048576) >> 21; long j17 = ((load35 + (load32 * 136657)) - (load42 * 683901)) + j16; long j18 = j - (j16 << 21); long j19 = (load48 + 1048576) >> 21; long j20 = load36 + j19; long j21 = load48 - (j19 << 21); long j22 = (load33 + 1048576) >> 21; long load410 = ((load4(s, 44) >> 5) & 2097151) + j22; long j23 = load33 - (j22 << 21); long j24 = (j8 + 1048576) >> 21; long j25 = j12 + j24; long j26 = j8 - (j24 << 21); long j27 = (j11 + 1048576) >> 21; long j28 = j15 + j27; long j29 = j11 - (j27 << 21); long j30 = (j14 + 1048576) >> 21; long j31 = j18 + j30; long j32 = j14 - (j30 << 21); long j33 = (j17 + 1048576) >> 21; long j34 = j21 + j33; long j35 = j17 - (j33 << 21); long j36 = (j20 + 1048576) >> 21; long j37 = j23 + j36; long j38 = j20 - (j36 << 21); long load39 = ((load3(s, 13) >> 1) & 2097151) + (load410 * 666643); long j39 = j28 - (load410 * 683901); long load411 = ((load4(s, 10) >> 4) & 2097151) + (j37 * 666643); long load412 = ((load4(s, 7) >> 7) & 2097151) + (j38 * 666643); long j40 = ((j25 - (load410 * 997805)) + (j37 * 136657)) - (j38 * 683901); long load310 = ((load3(s, 5) >> 2) & 2097151) + (j34 * 666643); long load413 = ((load4(s, 2) >> 5) & 2097151) + (j35 * 666643); long j41 = ((((j9 + (load410 * 470296)) + (j37 * 654183)) - (j38 * 997805)) + (j34 * 136657)) - (j35 * 683901); long load311 = (load3(s, 0) & 2097151) + (j31 * 666643); long j42 = load413 + (j31 * 470296); long j43 = load310 + (j35 * 470296) + (j31 * 654183); long j44 = ((load412 + (j34 * 470296)) + (j35 * 654183)) - (j31 * 997805); long j45 = (((load411 + (j38 * 470296)) + (j34 * 654183)) - (j35 * 997805)) + (j31 * 136657); long j46 = ((((load39 + (j37 * 470296)) + (j38 * 654183)) - (j34 * 997805)) + (j35 * 136657)) - (j31 * 683901); long j47 = (load311 + 1048576) >> 21; long j48 = j42 + j47; long j49 = load311 - (j47 << 21); long j50 = (j43 + 1048576) >> 21; long j51 = j44 + j50; long j52 = j43 - (j50 << 21); long j53 = (j45 + 1048576) >> 21; long j54 = j46 + j53; long j55 = j45 - (j53 << 21); long j56 = (j41 + 1048576) >> 21; long j57 = ((((j26 + (load410 * 654183)) - (j37 * 997805)) + (j38 * 136657)) - (j34 * 683901)) + j56; long j58 = j41 - (j56 << 21); long j59 = (j40 + 1048576) >> 21; long j60 = ((j29 + (load410 * 136657)) - (j37 * 683901)) + j59; long j61 = j40 - (j59 << 21); long j62 = (j39 + 1048576) >> 21; long j63 = j32 + j62; long j64 = j39 - (j62 << 21); long j65 = (j48 + 1048576) >> 21; long j66 = j52 + j65; long j67 = j48 - (j65 << 21); long j68 = (j51 + 1048576) >> 21; long j69 = j55 + j68; long j70 = j51 - (j68 << 21); long j71 = (j54 + 1048576) >> 21; long j72 = j58 + j71; long j73 = j54 - (j71 << 21); long j74 = (j57 + 1048576) >> 21; long j75 = j61 + j74; long j76 = j57 - (j74 << 21); long j77 = (j60 + 1048576) >> 21; long j78 = j64 + j77; long j79 = j60 - (j77 << 21); long j80 = (j63 + 1048576) >> 21; long j81 = j49 + (j80 * 666643); long j82 = j81 >> 21; long j83 = j67 + (j80 * 470296) + j82; long j84 = j81 - (j82 << 21); long j85 = j83 >> 21; long j86 = j66 + (j80 * 654183) + j85; long j87 = j83 - (j85 << 21); long j88 = j86 >> 21; long j89 = (j70 - (j80 * 997805)) + j88; long j90 = j86 - (j88 << 21); long j91 = j89 >> 21; long j92 = j69 + (j80 * 136657) + j91; long j93 = j89 - (j91 << 21); long j94 = j92 >> 21; long j95 = (j73 - (j80 * 683901)) + j94; long j96 = j92 - (j94 << 21); long j97 = j95 >> 21; long j98 = j72 + j97; long j99 = j95 - (j97 << 21); long j100 = j98 >> 21; long j101 = j76 + j100; long j102 = j98 - (j100 << 21); long j103 = j101 >> 21; long j104 = j75 + j103; long j105 = j101 - (j103 << 21); long j106 = j104 >> 21; long j107 = j79 + j106; long j108 = j104 - (j106 << 21); long j109 = j107 >> 21; long j110 = j78 + j109; long j111 = j107 - (j109 << 21); long j112 = j110 >> 21; long j113 = (j63 - (j80 << 21)) + j112; long j114 = j110 - (j112 << 21); long j115 = j113 >> 21; long j116 = j84 + (666643 * j115); long j117 = j99 - (j115 * 683901); long j118 = j116 >> 21; long j119 = j87 + (470296 * j115) + j118; long j120 = j116 - (j118 << 21); long j121 = j119 >> 21; long j122 = j90 + (654183 * j115) + j121; long j123 = j119 - (j121 << 21); long j124 = j122 >> 21; long j125 = (j93 - (997805 * j115)) + j124; long j126 = j122 - (j124 << 21); long j127 = j125 >> 21; long j128 = j96 + (136657 * j115) + j127; long j129 = j125 - (j127 << 21); long j130 = j128 >> 21; long j131 = j117 + j130; long j132 = j128 - (j130 << 21); long j133 = j131 >> 21; long j134 = j102 + j133; long j135 = j131 - (j133 << 21); long j136 = j134 >> 21; long j137 = j105 + j136; long j138 = j134 - (j136 << 21); long j139 = j137 >> 21; long j140 = j108 + j139; long j141 = j137 - (j139 << 21); long j142 = j140 >> 21; long j143 = j111 + j142; long j144 = j140 - (j142 << 21); long j145 = j143 >> 21; long j146 = j114 + j145; long j147 = j143 - (j145 << 21); long j148 = j146 >> 21; long j149 = (j113 - (j115 << 21)) + j148; long j150 = j146 - (j148 << 21); s[0] = (byte) j120; s[1] = (byte) (j120 >> 8); s[2] = (byte) ((j120 >> 16) | (j123 << 5)); s[3] = (byte) (j123 >> 3); s[4] = (byte) (j123 >> 11); s[5] = (byte) ((j123 >> 19) | (j126 << 2)); s[6] = (byte) (j126 >> 6); s[7] = (byte) ((j126 >> 14) | (j129 << 7)); s[8] = (byte) (j129 >> 1); s[9] = (byte) (j129 >> 9); s[10] = (byte) ((j129 >> 17) | (j132 << 4)); s[11] = (byte) (j132 >> 4); s[12] = (byte) (j132 >> 12); s[13] = (byte) ((j132 >> 20) | (j135 << 1)); s[14] = (byte) (j135 >> 7); s[15] = (byte) ((j135 >> 15) | (j138 << 6)); s[16] = (byte) (j138 >> 2); s[17] = (byte) (j138 >> 10); s[18] = (byte) ((j138 >> 18) | (j141 << 3)); s[19] = (byte) (j141 >> 5); s[20] = (byte) (j141 >> 13); s[21] = (byte) j144; s[22] = (byte) (j144 >> 8); s[23] = (byte) ((j144 >> 16) | (j147 << 5)); s[24] = (byte) (j147 >> 3); s[25] = (byte) (j147 >> 11); s[26] = (byte) ((j147 >> 19) | (j150 << 2)); s[27] = (byte) (j150 >> 6); s[28] = (byte) ((j150 >> 14) | (j149 << 7)); s[29] = (byte) (j149 >> 1); s[30] = (byte) (j149 >> 9); s[31] = (byte) (j149 >> 17); } private static void mulAdd(byte[] s, byte[] a2, byte[] b, byte[] c) { long load3 = load3(a2, 0) & 2097151; long load4 = (load4(a2, 2) >> 5) & 2097151; long load32 = (load3(a2, 5) >> 2) & 2097151; long load42 = (load4(a2, 7) >> 7) & 2097151; long load43 = (load4(a2, 10) >> 4) & 2097151; long load33 = (load3(a2, 13) >> 1) & 2097151; long load44 = (load4(a2, 15) >> 6) & 2097151; long load34 = (load3(a2, 18) >> 3) & 2097151; long load35 = load3(a2, 21) & 2097151; long load45 = (load4(a2, 23) >> 5) & 2097151; long load36 = (load3(a2, 26) >> 2) & 2097151; long load46 = load4(a2, 28) >> 7; long load37 = load3(b, 0) & 2097151; long load47 = (load4(b, 2) >> 5) & 2097151; long load38 = (load3(b, 5) >> 2) & 2097151; long load48 = (load4(b, 7) >> 7) & 2097151; long load49 = (load4(b, 10) >> 4) & 2097151; long load39 = (load3(b, 13) >> 1) & 2097151; long load410 = (load4(b, 15) >> 6) & 2097151; long load310 = (load3(b, 18) >> 3) & 2097151; long load311 = load3(b, 21) & 2097151; long load411 = (load4(b, 23) >> 5) & 2097151; long load312 = (load3(b, 26) >> 2) & 2097151; long load412 = load4(b, 28) >> 7; long load313 = (load3(c, 26) >> 2) & 2097151; long load314 = (load3(c, 0) & 2097151) + (load3 * load37); long load413 = ((load4(c, 2) >> 5) & 2097151) + (load3 * load47) + (load4 * load37); long load315 = ((load3(c, 5) >> 2) & 2097151) + (load3 * load38) + (load4 * load47) + (load32 * load37); long load414 = ((load4(c, 7) >> 7) & 2097151) + (load3 * load48) + (load4 * load38) + (load32 * load47) + (load42 * load37); long load415 = ((load4(c, 10) >> 4) & 2097151) + (load3 * load49) + (load4 * load48) + (load32 * load38) + (load42 * load47) + (load43 * load37); long load316 = ((load3(c, 13) >> 1) & 2097151) + (load3 * load39) + (load4 * load49) + (load32 * load48) + (load42 * load38) + (load43 * load47) + (load33 * load37); long load416 = ((load4(c, 15) >> 6) & 2097151) + (load3 * load410) + (load4 * load39) + (load32 * load49) + (load42 * load48) + (load43 * load38) + (load33 * load47) + (load44 * load37); long load317 = ((load3(c, 18) >> 3) & 2097151) + (load3 * load310) + (load4 * load410) + (load32 * load39) + (load42 * load49) + (load43 * load48) + (load33 * load38) + (load44 * load47) + (load34 * load37); long load318 = (load3(c, 21) & 2097151) + (load3 * load311) + (load4 * load310) + (load32 * load410) + (load42 * load39) + (load43 * load49) + (load33 * load48) + (load44 * load38) + (load34 * load47) + (load35 * load37); long load417 = ((load4(c, 23) >> 5) & 2097151) + (load3 * load411) + (load4 * load311) + (load32 * load310) + (load42 * load410) + (load43 * load39) + (load33 * load49) + (load44 * load48) + (load34 * load38) + (load35 * load47) + (load45 * load37); long j = load313 + (load3 * load312) + (load4 * load411) + (load32 * load311) + (load42 * load310) + (load43 * load410) + (load33 * load39) + (load44 * load49) + (load34 * load48) + (load35 * load38) + (load45 * load47) + (load36 * load37); long j2 = (load4 * load412) + (load32 * load312) + (load42 * load411) + (load43 * load311) + (load33 * load310) + (load44 * load410) + (load34 * load39) + (load35 * load49) + (load45 * load48) + (load36 * load38) + (load47 * load46); long j3 = (load42 * load412) + (load43 * load312) + (load33 * load411) + (load44 * load311) + (load34 * load310) + (load35 * load410) + (load45 * load39) + (load36 * load49) + (load48 * load46); long j4 = (load33 * load412) + (load44 * load312) + (load34 * load411) + (load35 * load311) + (load45 * load310) + (load36 * load410) + (load39 * load46); long j5 = (load34 * load412) + (load35 * load312) + (load45 * load411) + (load36 * load311) + (load310 * load46); long j6 = (load45 * load412) + (load36 * load312) + (load411 * load46); long j7 = load46 * load412; long j8 = (load314 + 1048576) >> 21; long j9 = load413 + j8; long j10 = load314 - (j8 << 21); long j11 = (load315 + 1048576) >> 21; long j12 = load414 + j11; long j13 = load315 - (j11 << 21); long j14 = (load415 + 1048576) >> 21; long j15 = load316 + j14; long j16 = load415 - (j14 << 21); long j17 = (load416 + 1048576) >> 21; long j18 = load317 + j17; long j19 = load416 - (j17 << 21); long j20 = (load318 + 1048576) >> 21; long j21 = load417 + j20; long j22 = load318 - (j20 << 21); long j23 = (j + 1048576) >> 21; long load418 = (load4(c, 28) >> 7) + (load3 * load412) + (load4 * load312) + (load32 * load411) + (load42 * load311) + (load43 * load310) + (load33 * load410) + (load44 * load39) + (load34 * load49) + (load35 * load48) + (load45 * load38) + (load36 * load47) + (load37 * load46) + j23; long j24 = j - (j23 << 21); long j25 = (j2 + 1048576) >> 21; long j26 = (load32 * load412) + (load42 * load312) + (load43 * load411) + (load33 * load311) + (load44 * load310) + (load34 * load410) + (load35 * load39) + (load45 * load49) + (load36 * load48) + (load38 * load46) + j25; long j27 = j2 - (j25 << 21); long j28 = (j3 + 1048576) >> 21; long j29 = (load43 * load412) + (load33 * load312) + (load44 * load411) + (load34 * load311) + (load35 * load310) + (load45 * load410) + (load36 * load39) + (load49 * load46) + j28; long j30 = j3 - (j28 << 21); long j31 = (j4 + 1048576) >> 21; long j32 = (load44 * load412) + (load34 * load312) + (load35 * load411) + (load45 * load311) + (load36 * load310) + (load410 * load46) + j31; long j33 = j4 - (j31 << 21); long j34 = (j5 + 1048576) >> 21; long j35 = (load35 * load412) + (load45 * load312) + (load36 * load411) + (load311 * load46) + j34; long j36 = j5 - (j34 << 21); long j37 = (j6 + 1048576) >> 21; long j38 = (load36 * load412) + (load312 * load46) + j37; long j39 = j6 - (j37 << 21); long j40 = (j7 + 1048576) >> 21; long j41 = (j9 + 1048576) >> 21; long j42 = j13 + j41; long j43 = j9 - (j41 << 21); long j44 = (j12 + 1048576) >> 21; long j45 = j16 + j44; long j46 = j12 - (j44 << 21); long j47 = (j15 + 1048576) >> 21; long j48 = j19 + j47; long j49 = j15 - (j47 << 21); long j50 = (j18 + 1048576) >> 21; long j51 = j22 + j50; long j52 = j18 - (j50 << 21); long j53 = (j21 + 1048576) >> 21; long j54 = j24 + j53; long j55 = j21 - (j53 << 21); long j56 = (load418 + 1048576) >> 21; long j57 = j27 + j56; long j58 = load418 - (j56 << 21); long j59 = (j26 + 1048576) >> 21; long j60 = j30 + j59; long j61 = j26 - (j59 << 21); long j62 = (j29 + 1048576) >> 21; long j63 = j33 + j62; long j64 = j29 - (j62 << 21); long j65 = (j32 + 1048576) >> 21; long j66 = j36 + j65; long j67 = j32 - (j65 << 21); long j68 = (j35 + 1048576) >> 21; long j69 = j39 + j68; long j70 = j35 - (j68 << 21); long j71 = (j38 + 1048576) >> 21; long j72 = (j7 - (j40 << 21)) + j71; long j73 = j38 - (j71 << 21); long j74 = j63 - (j40 * 683901); long j75 = ((j60 - (j40 * 997805)) + (j72 * 136657)) - (j73 * 683901); long j76 = ((((j57 + (j40 * 470296)) + (j72 * 654183)) - (j73 * 997805)) + (j69 * 136657)) - (j70 * 683901); long j77 = j48 + (j66 * 666643); long j78 = j51 + (j69 * 666643) + (j70 * 470296) + (j66 * 654183); long j79 = ((((j54 + (j72 * 666643)) + (j73 * 470296)) + (j69 * 654183)) - (j70 * 997805)) + (j66 * 136657); long j80 = (j77 + 1048576) >> 21; long j81 = j52 + (j70 * 666643) + (j66 * 470296) + j80; long j82 = j77 - (j80 << 21); long j83 = (j78 + 1048576) >> 21; long j84 = ((((j55 + (j73 * 666643)) + (j69 * 470296)) + (j70 * 654183)) - (j66 * 997805)) + j83; long j85 = j78 - (j83 << 21); long j86 = (j79 + 1048576) >> 21; long j87 = ((((((j58 + (j40 * 666643)) + (j72 * 470296)) + (j73 * 654183)) - (j69 * 997805)) + (j70 * 136657)) - (j66 * 683901)) + j86; long j88 = j79 - (j86 << 21); long j89 = (j76 + 1048576) >> 21; long j90 = ((((j61 + (j40 * 654183)) - (j72 * 997805)) + (j73 * 136657)) - (j69 * 683901)) + j89; long j91 = j76 - (j89 << 21); long j92 = (j75 + 1048576) >> 21; long j93 = ((j64 + (j40 * 136657)) - (j72 * 683901)) + j92; long j94 = j75 - (j92 << 21); long j95 = (j74 + 1048576) >> 21; long j96 = j67 + j95; long j97 = j74 - (j95 << 21); long j98 = (j81 + 1048576) >> 21; long j99 = j85 + j98; long j100 = j81 - (j98 << 21); long j101 = (j84 + 1048576) >> 21; long j102 = j88 + j101; long j103 = j84 - (j101 << 21); long j104 = (j87 + 1048576) >> 21; long j105 = j91 + j104; long j106 = j87 - (j104 << 21); long j107 = (j90 + 1048576) >> 21; long j108 = j94 + j107; long j109 = j90 - (j107 << 21); long j110 = (j93 + 1048576) >> 21; long j111 = j97 + j110; long j112 = j93 - (j110 << 21); long j113 = j102 - (j96 * 683901); long j114 = ((j99 - (j96 * 997805)) + (j111 * 136657)) - (j112 * 683901); long j115 = ((((j82 + (j96 * 470296)) + (j111 * 654183)) - (j112 * 997805)) + (j108 * 136657)) - (j109 * 683901); long j116 = j10 + (j105 * 666643); long j117 = j42 + (j108 * 666643) + (j109 * 470296) + (j105 * 654183); long j118 = ((((j45 + (j111 * 666643)) + (j112 * 470296)) + (j108 * 654183)) - (j109 * 997805)) + (j105 * 136657); long j119 = (j116 + 1048576) >> 21; long j120 = j43 + (j109 * 666643) + (j105 * 470296) + j119; long j121 = j116 - (j119 << 21); long j122 = (j117 + 1048576) >> 21; long j123 = ((((j46 + (j112 * 666643)) + (j108 * 470296)) + (j109 * 654183)) - (j105 * 997805)) + j122; long j124 = j117 - (j122 << 21); long j125 = (j118 + 1048576) >> 21; long j126 = ((((((j49 + (j96 * 666643)) + (j111 * 470296)) + (j112 * 654183)) - (j108 * 997805)) + (j109 * 136657)) - (j105 * 683901)) + j125; long j127 = j118 - (j125 << 21); long j128 = (j115 + 1048576) >> 21; long j129 = ((((j100 + (j96 * 654183)) - (j111 * 997805)) + (j112 * 136657)) - (j108 * 683901)) + j128; long j130 = j115 - (j128 << 21); long j131 = (j114 + 1048576) >> 21; long j132 = ((j103 + (j96 * 136657)) - (j111 * 683901)) + j131; long j133 = j114 - (j131 << 21); long j134 = (j113 + 1048576) >> 21; long j135 = j106 + j134; long j136 = j113 - (j134 << 21); long j137 = (j120 + 1048576) >> 21; long j138 = j124 + j137; long j139 = j120 - (j137 << 21); long j140 = (j123 + 1048576) >> 21; long j141 = j127 + j140; long j142 = j123 - (j140 << 21); long j143 = (j126 + 1048576) >> 21; long j144 = j130 + j143; long j145 = j126 - (j143 << 21); long j146 = (j129 + 1048576) >> 21; long j147 = j133 + j146; long j148 = j129 - (j146 << 21); long j149 = (j132 + 1048576) >> 21; long j150 = j136 + j149; long j151 = j132 - (j149 << 21); long j152 = (1048576 + j135) >> 21; long j153 = j121 + (j152 * 666643); long j154 = j153 >> 21; long j155 = j139 + (j152 * 470296) + j154; long j156 = j153 - (j154 << 21); long j157 = j155 >> 21; long j158 = j138 + (j152 * 654183) + j157; long j159 = j155 - (j157 << 21); long j160 = j158 >> 21; long j161 = (j142 - (j152 * 997805)) + j160; long j162 = j158 - (j160 << 21); long j163 = j161 >> 21; long j164 = j141 + (j152 * 136657) + j163; long j165 = j161 - (j163 << 21); long j166 = j164 >> 21; long j167 = (j145 - (j152 * 683901)) + j166; long j168 = j164 - (j166 << 21); long j169 = j167 >> 21; long j170 = j144 + j169; long j171 = j167 - (j169 << 21); long j172 = j170 >> 21; long j173 = j148 + j172; long j174 = j170 - (j172 << 21); long j175 = j173 >> 21; long j176 = j147 + j175; long j177 = j173 - (j175 << 21); long j178 = j176 >> 21; long j179 = j151 + j178; long j180 = j176 - (j178 << 21); long j181 = j179 >> 21; long j182 = j150 + j181; long j183 = j179 - (j181 << 21); long j184 = j182 >> 21; long j185 = (j135 - (j152 << 21)) + j184; long j186 = j182 - (j184 << 21); long j187 = j185 >> 21; long j188 = j185 - (j187 << 21); long j189 = j156 + (666643 * j187); long j190 = j171 - (j187 * 683901); long j191 = j189 >> 21; long j192 = j159 + (470296 * j187) + j191; long j193 = j189 - (j191 << 21); long j194 = j192 >> 21; long j195 = j162 + (654183 * j187) + j194; long j196 = j192 - (j194 << 21); long j197 = j195 >> 21; long j198 = (j165 - (997805 * j187)) + j197; long j199 = j195 - (j197 << 21); long j200 = j198 >> 21; long j201 = j168 + (136657 * j187) + j200; long j202 = j198 - (j200 << 21); long j203 = j201 >> 21; long j204 = j190 + j203; long j205 = j201 - (j203 << 21); long j206 = j204 >> 21; long j207 = j174 + j206; long j208 = j204 - (j206 << 21); long j209 = j207 >> 21; long j210 = j177 + j209; long j211 = j207 - (j209 << 21); long j212 = j210 >> 21; long j213 = j180 + j212; long j214 = j210 - (j212 << 21); long j215 = j213 >> 21; long j216 = j183 + j215; long j217 = j213 - (j215 << 21); long j218 = j216 >> 21; long j219 = j186 + j218; long j220 = j216 - (j218 << 21); long j221 = j219 >> 21; long j222 = j188 + j221; long j223 = j219 - (j221 << 21); s[0] = (byte) j193; s[1] = (byte) (j193 >> 8); s[2] = (byte) ((j193 >> 16) | (j196 << 5)); s[3] = (byte) (j196 >> 3); s[4] = (byte) (j196 >> 11); s[5] = (byte) ((j196 >> 19) | (j199 << 2)); s[6] = (byte) (j199 >> 6); s[7] = (byte) ((j199 >> 14) | (j202 << 7)); s[8] = (byte) (j202 >> 1); s[9] = (byte) (j202 >> 9); s[10] = (byte) ((j202 >> 17) | (j205 << 4)); s[11] = (byte) (j205 >> 4); s[12] = (byte) (j205 >> 12); s[13] = (byte) ((j205 >> 20) | (j208 << 1)); s[14] = (byte) (j208 >> 7); s[15] = (byte) ((j208 >> 15) | (j211 << 6)); s[16] = (byte) (j211 >> 2); s[17] = (byte) (j211 >> 10); s[18] = (byte) ((j211 >> 18) | (j214 << 3)); s[19] = (byte) (j214 >> 5); s[20] = (byte) (j214 >> 13); s[21] = (byte) j217; s[22] = (byte) (j217 >> 8); s[23] = (byte) ((j217 >> 16) | (j220 << 5)); s[24] = (byte) (j220 >> 3); s[25] = (byte) (j220 >> 11); s[26] = (byte) ((j220 >> 19) | (j223 << 2)); s[27] = (byte) (j223 >> 6); s[28] = (byte) ((j223 >> 14) | (j222 << 7)); s[29] = (byte) (j222 >> 1); s[30] = (byte) (j222 >> 9); s[31] = (byte) (j222 >> 17); } /* JADX INFO: Access modifiers changed from: package-private */ public static byte[] getHashedScalar(final byte[] privateKey) throws GeneralSecurityException { MessageDigest engineFactory = EngineFactory.MESSAGE_DIGEST.getInstance("SHA-512"); engineFactory.update(privateKey, 0, 32); byte[] digest = engineFactory.digest(); digest[0] = (byte) (digest[0] & 248); byte b = (byte) (digest[31] & Byte.MAX_VALUE); digest[31] = b; digest[31] = (byte) (b | 64); return digest; } /* JADX INFO: Access modifiers changed from: package-private */ public static byte[] sign(final byte[] message, final byte[] publicKey, final byte[] hashedPrivateKey) throws GeneralSecurityException { byte[] copyOfRange = Arrays.copyOfRange(message, 0, message.length); MessageDigest engineFactory = EngineFactory.MESSAGE_DIGEST.getInstance("SHA-512"); engineFactory.update(hashedPrivateKey, 32, 32); engineFactory.update(copyOfRange); byte[] digest = engineFactory.digest(); reduce(digest); byte[] copyOfRange2 = Arrays.copyOfRange(scalarMultWithBase(digest).toBytes(), 0, 32); engineFactory.reset(); engineFactory.update(copyOfRange2); engineFactory.update(publicKey); engineFactory.update(copyOfRange); byte[] digest2 = engineFactory.digest(); reduce(digest2); byte[] bArr = new byte[32]; mulAdd(bArr, digest2, hashedPrivateKey, digest); return Bytes.concat(copyOfRange2, bArr); } private static boolean isSmallerThanGroupOrder(byte[] s) { for (int i = 31; i >= 0; i--) { int i2 = s[i] & 255; int i3 = GROUP_ORDER[i] & 255; if (i2 != i3) { return i2 < i3; } } return false; } /* JADX INFO: Access modifiers changed from: package-private */ public static boolean verify(final byte[] message, final byte[] signature, final byte[] publicKey) throws GeneralSecurityException { if (signature.length != 64) { return false; } byte[] copyOfRange = Arrays.copyOfRange(signature, 32, 64); if (isSmallerThanGroupOrder(copyOfRange)) { MessageDigest engineFactory = EngineFactory.MESSAGE_DIGEST.getInstance("SHA-512"); engineFactory.update(signature, 0, 32); engineFactory.update(publicKey); engineFactory.update(message); byte[] digest = engineFactory.digest(); reduce(digest); byte[] bytes = doubleScalarMultVarTime(digest, XYZT.fromBytesNegateVarTime(publicKey), copyOfRange).toBytes(); for (int i = 0; i < 32; i++) { if (bytes[i] != signature[i]) { return false; } } return true; } return false; } private Ed25519() { } }