package fr.acinq.lightning.crypto.sphinx;

import app.michaelwuensch.bitbanana.lnurl.pay.LnUrlPaySuccessAction;
import fr.acinq.bitcoin.ByteVector;
import fr.acinq.bitcoin.ByteVector32;
import fr.acinq.bitcoin.Crypto;
import fr.acinq.bitcoin.PrivateKey;
import fr.acinq.bitcoin.PublicKey;
import fr.acinq.bitcoin.crypto.Digest;
import fr.acinq.bitcoin.crypto.HMacKt;
import fr.acinq.bitcoin.io.ByteArrayInput;
import fr.acinq.bitcoin.utils.Either;
import fr.acinq.bitcoin.utils.Try;
import fr.acinq.lightning.crypto.ChaCha20;
import fr.acinq.lightning.utils.ByteArraysKt;
import fr.acinq.lightning.wire.FailureMessage;
import fr.acinq.lightning.wire.InvalidOnionHmac;
import fr.acinq.lightning.wire.InvalidOnionKey;
import fr.acinq.lightning.wire.InvalidOnionVersion;
import fr.acinq.lightning.wire.LightningCodecs;
import fr.acinq.lightning.wire.OnionRoutingPacket;
import fr.acinq.lightning.wire.OnionRoutingPacketSerializer;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Pair;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.IntRange;
import kotlin.text.StringsKt;

/* compiled from: Sphinx.kt */
@Metadata(d1 = {"\u0000j\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0006\n\u0002\u0010\u000e\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\b\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0016\u0010\u0007\u001a\u00020\u00042\u0006\u0010\b\u001a\u00020\u00042\u0006\u0010\t\u001a\u00020\nJ\u001c\u0010\u0007\u001a\u00020\u00042\u0006\u0010\b\u001a\u00020\u00042\f\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\n0\fJ\u0016\u0010\r\u001a\u00020\n2\u0006\u0010\b\u001a\u00020\u00042\u0006\u0010\u000e\u001a\u00020\u000fJ4\u0010\u0010\u001a\u001a\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00040\f\u0012\n\u0012\b\u0012\u0004\u0012\u00020\n0\f0\u00112\u0006\u0010\u0012\u001a\u00020\u00132\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00040\fJa\u0010\u0010\u001a\u001a\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00040\f\u0012\n\u0012\b\u0012\u0004\u0012\u00020\n0\f0\u00112\u0006\u0010\u0012\u001a\u00020\u00132\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00040\f2\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00040\f2\f\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\n0\f2\f\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\n0\fH\u0082\u0010J\u0016\u0010\u0017\u001a\u00020\n2\u0006\u0010\b\u001a\u00020\u00042\u0006\u0010\u000e\u001a\u00020\u0013J<\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u0012\u001a\u00020\u00132\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00040\f2\f\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u001b0\f2\b\u0010\u001c\u001a\u0004\u0018\u00010\n2\u0006\u0010\u001d\u001a\u00020\u0006J\u000e\u0010\u001e\u001a\u00020\u00062\u0006\u0010\u001f\u001a\u00020\u001bJ2\u0010 \u001a\u00020\u001b2\u0006\u0010!\u001a\u00020\"2\f\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\n0\f2\f\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u001b0\f2\u0006\u0010\u001d\u001a\u00020\u0006J\u0018\u0010#\u001a\u00020\n2\u0006\u0010!\u001a\u00020\u001b2\u0006\u0010\u000e\u001a\u00020\nH\u0002J\u0016\u0010#\u001a\u00020\n2\u0006\u0010!\u001a\u00020\"2\u0006\u0010\u000e\u001a\u00020\nJ\u0016\u0010$\u001a\u00020\u001b2\u0006\u0010%\u001a\u00020\n2\u0006\u0010&\u001a\u00020\u0006J\u000e\u0010'\u001a\u00020\n2\u0006\u0010(\u001a\u00020)J\u0016\u0010*\u001a\u00020\n2\u0006\u0010%\u001a\u00020\u000f2\u0006\u0010+\u001a\u00020\u000fJ\u0016\u0010*\u001a\u00020\n2\u0006\u0010%\u001a\u00020\u001b2\u0006\u0010+\u001a\u00020\u001bJ*\u0010,\u001a\u000e\u0012\u0004\u0012\u00020.\u0012\u0004\u0012\u00020/0-2\u0006\u00100\u001a\u00020\u00132\u0006\u0010\u001c\u001a\u00020\u000f2\u0006\u00101\u001a\u00020)JH\u00102\u001a\u00020)2\u0006\u0010\u001f\u001a\u00020\u001b2\b\u0010\u001c\u001a\u0004\u0018\u00010\n2\u0006\u00103\u001a\u00020\u00042\u0006\u00104\u001a\u00020\n2\u0012\u00101\u001a\u000e\u0012\u0004\u0012\u00020\u000f\u0012\u0004\u0012\u00020)0-2\b\b\u0002\u00105\u001a\u00020\u000fH\u0002J\u000e\u00106\u001a\u00020\u001b2\u0006\u0010&\u001a\u00020\u0006R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0086T¢\u0006\u0002\n\u0000¨\u00067"}, d2 = {"Lfr/acinq/lightning/crypto/sphinx/Sphinx;", "", "()V", "CurveG", "Lfr/acinq/bitcoin/PublicKey;", "MacLength", "", "blind", "pub", "blindingFactor", "Lfr/acinq/bitcoin/ByteVector32;", "blindingFactors", "", "computeBlindingFactor", "secret", "Lfr/acinq/bitcoin/ByteVector;", "computeEphemeralPublicKeysAndSharedSecrets", "Lkotlin/Pair;", "sessionKey", "Lfr/acinq/bitcoin/PrivateKey;", "publicKeys", "ephemeralPublicKeys", "sharedSecrets", "computeSharedSecret", "create", "Lfr/acinq/lightning/crypto/sphinx/PacketAndSecrets;", "payloads", "", "associatedData", "packetLength", "decodePayloadLength", "payload", "generateFiller", "keyType", "", "generateKey", "generateStream", "key", "length", "hash", "onion", "Lfr/acinq/lightning/wire/OnionRoutingPacket;", "mac", LnUrlPaySuccessAction.TAG_MESSAGE, "peel", "Lfr/acinq/bitcoin/utils/Either;", "Lfr/acinq/lightning/wire/FailureMessage;", "Lfr/acinq/lightning/crypto/sphinx/DecryptedPacket;", "privateKey", "packet", "wrap", "ephemeralPublicKey", "sharedSecret", "onionPayloadFiller", "zeroes", "lightning-kmp"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class Sphinx {
    public static final int MacLength = 32;
    public static final Sphinx INSTANCE = new Sphinx();
    private static final PublicKey CurveG = new PublicKey(new ByteVector("0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"));

    private Sphinx() {
    }

    private final Pair<List<PublicKey>, List<ByteVector32>> computeEphemeralPublicKeysAndSharedSecrets(PrivateKey sessionKey, List<PublicKey> publicKeys, List<PublicKey> ephemeralPublicKeys, List<ByteVector32> blindingFactors, List<ByteVector32> sharedSecrets) {
        while (!publicKeys.isEmpty()) {
            PublicKey blind = blind((PublicKey) CollectionsKt.last((List) ephemeralPublicKeys), (ByteVector32) CollectionsKt.last((List) blindingFactors));
            ByteVector32 computeSharedSecret = computeSharedSecret(blind((PublicKey) CollectionsKt.first((List) publicKeys), blindingFactors), sessionKey);
            ByteVector32 computeBlindingFactor = computeBlindingFactor(blind, computeSharedSecret);
            publicKeys = CollectionsKt.drop(publicKeys, 1);
            ephemeralPublicKeys = CollectionsKt.plus((Collection<? extends PublicKey>) ephemeralPublicKeys, blind);
            blindingFactors = CollectionsKt.plus((Collection<? extends ByteVector32>) blindingFactors, computeBlindingFactor);
            sharedSecrets = CollectionsKt.plus((Collection<? extends ByteVector32>) sharedSecrets, computeSharedSecret);
        }
        return new Pair<>(ephemeralPublicKeys, sharedSecrets);
    }

    private static final OnionRoutingPacket create$loop(ByteVector32 byteVector32, List<byte[]> list, List<PublicKey> list2, List<ByteVector32> list3, OnionRoutingPacket onionRoutingPacket) {
        while (!list.isEmpty()) {
            onionRoutingPacket = wrap$default(INSTANCE, (byte[]) CollectionsKt.last((List) list), byteVector32, (PublicKey) CollectionsKt.last((List) list2), (ByteVector32) CollectionsKt.last((List) list3), new Either.Right(onionRoutingPacket), null, 32, null);
            list = CollectionsKt.dropLast(list, 1);
            list2 = CollectionsKt.dropLast(list2, 1);
            list3 = CollectionsKt.dropLast(list3, 1);
        }
        return onionRoutingPacket;
    }

    private final ByteVector32 generateKey(byte[] keyType, ByteVector32 secret) {
        return mac(keyType, secret.toByteArray());
    }

    private final OnionRoutingPacket wrap(byte[] payload, ByteVector32 associatedData, PublicKey ephemeralPublicKey, ByteVector32 sharedSecret, Either<? extends ByteVector, OnionRoutingPacket> packet, ByteVector onionPayloadFiller) {
        int size;
        Pair pair;
        boolean z = packet instanceof Either.Left;
        if (z) {
            size = ((ByteVector) ((Either.Left) packet).getValue()).getSize();
        } else {
            if (!(packet instanceof Either.Right)) {
                throw new NoWhenBranchMatchedException();
            }
            size = ((OnionRoutingPacket) ((Either.Right) packet).getValue()).getPayload().getSize();
        }
        int i = size - 32;
        if (!(payload.length <= i)) {
            throw new IllegalArgumentException(("packet payload cannot exceed " + i + " bytes, is " + payload.length + " bytes").toString());
        }
        if (z) {
            Either.Left left = (Either.Left) packet;
            if (!(((ByteVector) left.getValue()).getSize() == size)) {
                throw new IllegalArgumentException("invalid initial random bytes length".toString());
            }
            pair = new Pair(ByteVector32.Zeroes, left.getValue());
        } else {
            if (!(packet instanceof Either.Right)) {
                throw new NoWhenBranchMatchedException();
            }
            Either.Right right = (Either.Right) packet;
            pair = new Pair(((OnionRoutingPacket) right.getValue()).getHmac(), ((OnionRoutingPacket) right.getValue()).getPayload());
        }
        byte[] plus = ArraysKt.plus(CollectionsKt.toByteArray(ArraysKt.dropLast(ByteArraysKt.xor(ByteArraysKt.toByteVector(payload).plus((ByteVector32) pair.component1()).plus(((ByteVector) pair.component2()).dropRight(payload.length + 32)).toByteArray(), generateStream(generateKey("rho", sharedSecret), size)), onionPayloadFiller.getSize())), onionPayloadFiller.toByteArray());
        return new OnionRoutingPacket(0, ephemeralPublicKey.value, ByteArraysKt.toByteVector(plus), mac(generateKey("mu", sharedSecret), ByteArraysKt.toByteVector(plus).plus(associatedData != null ? associatedData : ByteVector.empty)));
    }

    static /* synthetic */ OnionRoutingPacket wrap$default(Sphinx sphinx, byte[] bArr, ByteVector32 byteVector32, PublicKey publicKey, ByteVector32 byteVector322, Either either, ByteVector byteVector, int i, Object obj) {
        if ((i & 32) != 0) {
            byteVector = ByteVector.empty;
        }
        return sphinx.wrap(bArr, byteVector32, publicKey, byteVector322, either, byteVector);
    }

    public final PublicKey blind(PublicKey pub, ByteVector32 blindingFactor) {
        Intrinsics.checkNotNullParameter(pub, "pub");
        Intrinsics.checkNotNullParameter(blindingFactor, "blindingFactor");
        return pub.times(new PrivateKey(blindingFactor));
    }

    public final PublicKey blind(PublicKey pub, List<ByteVector32> blindingFactors) {
        Intrinsics.checkNotNullParameter(pub, "pub");
        Intrinsics.checkNotNullParameter(blindingFactors, "blindingFactors");
        Iterator<T> it = blindingFactors.iterator();
        while (it.hasNext()) {
            pub = INSTANCE.blind(pub, (ByteVector32) it.next());
        }
        return pub;
    }

    public final ByteVector32 computeBlindingFactor(PublicKey pub, ByteVector secret) {
        Intrinsics.checkNotNullParameter(pub, "pub");
        Intrinsics.checkNotNullParameter(secret, "secret");
        return ByteArraysKt.toByteVector32(Crypto.sha256(pub.value.plus(secret)));
    }

    public final Pair<List<PublicKey>, List<ByteVector32>> computeEphemeralPublicKeysAndSharedSecrets(PrivateKey sessionKey, List<PublicKey> publicKeys) {
        Intrinsics.checkNotNullParameter(sessionKey, "sessionKey");
        Intrinsics.checkNotNullParameter(publicKeys, "publicKeys");
        PublicKey blind = blind(CurveG, sessionKey.value);
        ByteVector32 computeSharedSecret = computeSharedSecret((PublicKey) CollectionsKt.first((List) publicKeys), sessionKey);
        return computeEphemeralPublicKeysAndSharedSecrets(sessionKey, CollectionsKt.drop(publicKeys, 1), CollectionsKt.listOf(blind), CollectionsKt.listOf(computeBlindingFactor(blind, computeSharedSecret)), CollectionsKt.listOf(computeSharedSecret));
    }

    public final ByteVector32 computeSharedSecret(PublicKey pub, PrivateKey secret) {
        Intrinsics.checkNotNullParameter(pub, "pub");
        Intrinsics.checkNotNullParameter(secret, "secret");
        return ByteArraysKt.toByteVector32(Crypto.sha256(pub.times(secret).value));
    }

    public final PacketAndSecrets create(PrivateKey sessionKey, List<PublicKey> publicKeys, List<byte[]> payloads, ByteVector32 associatedData, int packetLength) {
        Intrinsics.checkNotNullParameter(sessionKey, "sessionKey");
        Intrinsics.checkNotNullParameter(publicKeys, "publicKeys");
        Intrinsics.checkNotNullParameter(payloads, "payloads");
        Pair<List<PublicKey>, List<ByteVector32>> computeEphemeralPublicKeysAndSharedSecrets = computeEphemeralPublicKeysAndSharedSecrets(sessionKey, publicKeys);
        List<PublicKey> component1 = computeEphemeralPublicKeysAndSharedSecrets.component1();
        List<ByteVector32> component2 = computeEphemeralPublicKeysAndSharedSecrets.component2();
        byte[] generateFiller = generateFiller("rho", CollectionsKt.dropLast(component2, 1), CollectionsKt.dropLast(payloads, 1), packetLength);
        return new PacketAndSecrets(create$loop(associatedData, CollectionsKt.dropLast(payloads, 1), CollectionsKt.dropLast(component1, 1), CollectionsKt.dropLast(component2, 1), wrap((byte[]) CollectionsKt.last((List) payloads), associatedData, (PublicKey) CollectionsKt.last((List) component1), (ByteVector32) CollectionsKt.last((List) component2), new Either.Left(ByteArraysKt.toByteVector(generateStream(generateKey("pad", sessionKey.value), packetLength))), ByteArraysKt.toByteVector(generateFiller))), new SharedSecrets(CollectionsKt.zip(component2, publicKeys)));
    }

    public final int decodePayloadLength(byte[] payload) {
        Intrinsics.checkNotNullParameter(payload, "payload");
        ByteArrayInput byteArrayInput = new ByteArrayInput(payload);
        long bigSize = LightningCodecs.bigSize(byteArrayInput);
        if (bigSize > 0) {
            return ((int) bigSize) + 32 + (payload.length - byteArrayInput.getAvailableBytes());
        }
        throw new IllegalArgumentException("legacy onion format is not supported".toString());
    }

    public final byte[] generateFiller(String keyType, List<ByteVector32> sharedSecrets, List<byte[]> payloads, int packetLength) {
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        Intrinsics.checkNotNullParameter(sharedSecrets, "sharedSecrets");
        Intrinsics.checkNotNullParameter(payloads, "payloads");
        if (!(sharedSecrets.size() == payloads.size())) {
            throw new IllegalArgumentException("the number of secrets should equal the number of payloads".toString());
        }
        List<Pair> zip = CollectionsKt.zip(sharedSecrets, payloads);
        byte[] bArr = new byte[0];
        for (Pair pair : zip) {
            ByteVector32 byteVector32 = (ByteVector32) pair.component1();
            byte[] bArr2 = (byte[]) pair.component2();
            Sphinx sphinx = INSTANCE;
            int decodePayloadLength = sphinx.decodePayloadLength(bArr2);
            if (!(decodePayloadLength == bArr2.length + 32)) {
                throw new IllegalArgumentException(("invalid payload: length isn't correctly encoded: " + bArr2).toString());
            }
            ByteVector32 generateKey = sphinx.generateKey(keyType, byteVector32);
            byte[] plus = ArraysKt.plus(bArr, new byte[decodePayloadLength]);
            bArr = ByteArraysKt.xor(plus, CollectionsKt.toByteArray(ArraysKt.takeLast(sphinx.generateStream(generateKey, decodePayloadLength + packetLength), plus.length)));
        }
        return bArr;
    }

    public final ByteVector32 generateKey(String keyType, ByteVector32 secret) {
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        Intrinsics.checkNotNullParameter(secret, "secret");
        return generateKey(StringsKt.encodeToByteArray(keyType), secret);
    }

    public final byte[] generateStream(ByteVector32 key, int length) {
        Intrinsics.checkNotNullParameter(key, "key");
        return ChaCha20.Companion.encrypt$default(ChaCha20.INSTANCE, zeroes(length), key.toByteArray(), zeroes(12), 0, 8, null);
    }

    public final ByteVector32 hash(OnionRoutingPacket onion) {
        Intrinsics.checkNotNullParameter(onion, "onion");
        return ByteArraysKt.toByteVector32(Crypto.sha256(new OnionRoutingPacketSerializer(onion.getPayload().getSize()).write(onion)));
    }

    public final ByteVector32 mac(ByteVector key, ByteVector message) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(message, "message");
        return mac(key.toByteArray(), message.toByteArray());
    }

    public final ByteVector32 mac(byte[] key, byte[] message) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(message, "message");
        return ByteArraysKt.toByteVector32(HMacKt.hmac(Digest.INSTANCE.sha256(), key, message, 64));
    }

    public final Either<FailureMessage, DecryptedPacket> peel(PrivateKey privateKey, ByteVector associatedData, OnionRoutingPacket packet) {
        Try failure;
        Try failure2;
        PublicKey publicKey;
        Intrinsics.checkNotNullParameter(privateKey, "privateKey");
        Intrinsics.checkNotNullParameter(associatedData, "associatedData");
        Intrinsics.checkNotNullParameter(packet, "packet");
        if (packet.getVersion() != 0) {
            return new Either.Left(new InvalidOnionVersion(hash(packet)));
        }
        try {
            Sphinx sphinx = this;
            publicKey = new PublicKey(packet.getPublicKey());
        } catch (Throwable th) {
            failure = new Try.Failure(th);
        }
        if (!publicKey.isValid()) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        failure = new Try.Success(publicKey);
        if (!(failure instanceof Try.Success)) {
            return new Either.Left(new InvalidOnionKey(hash(packet)));
        }
        PublicKey publicKey2 = (PublicKey) ((Try.Success) failure).getResult();
        ByteVector32 computeSharedSecret = computeSharedSecret(publicKey2, privateKey);
        if (!Intrinsics.areEqual(mac(generateKey("mu", computeSharedSecret), packet.getPayload().plus(associatedData)), packet.getHmac())) {
            return new Either.Left(new InvalidOnionHmac(hash(packet)));
        }
        int size = packet.getPayload().getSize();
        byte[] xor = ByteArraysKt.xor(ArraysKt.plus(packet.getPayload().toByteArray(), new byte[size]), generateStream(generateKey("rho", computeSharedSecret), size * 2));
        try {
            Sphinx sphinx2 = this;
            failure2 = new Try.Success(Integer.valueOf(decodePayloadLength(xor)));
        } catch (Throwable th2) {
            failure2 = new Try.Failure(th2);
        }
        if (!(failure2 instanceof Try.Success)) {
            return new Either.Left(new InvalidOnionVersion(hash(packet)));
        }
        Try.Success success = (Try.Success) failure2;
        return new Either.Right(new DecryptedPacket(ByteArraysKt.toByteVector(CollectionsKt.toByteArray(ArraysKt.take(xor, ((Number) success.getResult()).intValue() - 32))), new OnionRoutingPacket(0, blind(publicKey2, computeBlindingFactor(publicKey2, computeSharedSecret)).value, ByteArraysKt.toByteVector(CollectionsKt.toByteArray(CollectionsKt.take(ArraysKt.drop(xor, ((Number) success.getResult()).intValue()), size))), new ByteVector32(CollectionsKt.toByteArray(ArraysKt.slice(xor, new IntRange(((Number) success.getResult()).intValue() - 32, ((Number) success.getResult()).intValue()))))), computeSharedSecret));
    }

    public final byte[] zeroes(int length) {
        return new byte[length];
    }
}
