package org.bouncycastle.pqc.crypto.cmce;

import androidx.core.internal.view.SupportMenu;
import androidx.media.AudioAttributesCompat;
import java.lang.reflect.Array;
import java.security.SecureRandom;
import org.bouncycastle.crypto.digests.SHAKEDigest;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class CMCEEngine {
    private int COND_BYTES;
    private int GFBITS;
    private int GFMASK;
    private int IRR_BYTES;
    private int PK_NCOLS;
    private int PK_NROWS;
    private int PK_ROW_BYTES;
    private int SYND_BYTES;
    private int SYS_N;
    private int SYS_T;
    private BENES benes;
    private boolean countErrorIndices;
    private final int defaultKeySize;

    /* renamed from: gf, reason: collision with root package name */
    private GF f16077gf;
    private int[] poly;
    private boolean usePadding;
    private boolean usePivots;

    public CMCEEngine(int i11, int i12, int i13, int[] iArr, boolean z11, int i14) {
        BENES benes13;
        this.usePivots = z11;
        this.SYS_N = i12;
        this.SYS_T = i13;
        this.GFBITS = i11;
        this.poly = iArr;
        this.defaultKeySize = i14;
        this.IRR_BYTES = i13 * 2;
        this.COND_BYTES = (1 << (i11 - 4)) * ((i11 * 2) - 1);
        int i15 = i13 * i11;
        this.PK_NROWS = i15;
        int i16 = i12 - i15;
        this.PK_NCOLS = i16;
        this.PK_ROW_BYTES = (i16 + 7) / 8;
        this.SYND_BYTES = (i15 + 7) / 8;
        this.GFMASK = (1 << i11) - 1;
        if (i11 == 12) {
            this.f16077gf = new GF12(i11);
            benes13 = new BENES12(this.SYS_N, this.SYS_T, this.GFBITS);
        } else {
            this.f16077gf = new GF13(i11);
            benes13 = new BENES13(this.SYS_N, this.SYS_T, this.GFBITS);
        }
        this.benes = benes13;
        this.usePadding = this.SYS_T % 8 != 0;
        this.countErrorIndices = (1 << this.GFBITS) > this.SYS_N;
    }

    private void GF_mul(short[] sArr, short[] sArr2, short[] sArr3) {
        int i11;
        int i12;
        short[] sArr4 = new short[(this.SYS_T * 2) - 1];
        for (int i13 = 0; i13 < (this.SYS_T * 2) - 1; i13++) {
            sArr4[i13] = 0;
        }
        int i14 = 0;
        while (true) {
            i11 = this.SYS_T;
            if (i14 >= i11) {
                break;
            }
            for (int i15 = 0; i15 < this.SYS_T; i15++) {
                int i16 = i14 + i15;
                sArr4[i16] = (short) (this.f16077gf.gf_mul(sArr2[i14], sArr3[i15]) ^ sArr4[i16]);
            }
            i14++;
        }
        int i17 = (i11 - 1) * 2;
        while (true) {
            i12 = this.SYS_T;
            if (i17 < i12) {
                break;
            }
            int i18 = 0;
            while (true) {
                int[] iArr = this.poly;
                if (i18 != iArr.length) {
                    int i19 = iArr[i18];
                    if (i19 == 0 && this.GFBITS == 12) {
                        int i21 = i17 - this.SYS_T;
                        sArr4[i21] = (short) (sArr4[i21] ^ this.f16077gf.gf_mul(sArr4[i17], (short) 2));
                    } else {
                        int i22 = (i17 - this.SYS_T) + i19;
                        sArr4[i22] = (short) (sArr4[i22] ^ sArr4[i17]);
                    }
                    i18++;
                }
            }
            i17--;
        }
        System.arraycopy(sArr4, 0, sArr, 0, i12);
        for (int i23 = 0; i23 < this.SYS_T; i23++) {
            sArr[i23] = sArr4[i23];
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void bm(short[] sArr, short[] sArr2) {
        int i11;
        int i12 = this.SYS_T;
        short[] sArr3 = new short[i12 + 1];
        short[] sArr4 = new short[i12 + 1];
        short[] sArr5 = new short[i12 + 1];
        int i13 = 0;
        for (int i14 = 0; i14 < this.SYS_T + 1; i14++) {
            sArr5[i14] = 0;
            sArr4[i14] = 0;
        }
        sArr4[0] = 1;
        sArr5[1] = 1;
        short s11 = 1;
        short s12 = 0;
        short s13 = 0;
        while (s12 < this.SYS_T * 2) {
            short s14 = i13;
            short s15 = s14;
            for (int i15 = s14; i15 <= min(s12, this.SYS_T); i15++) {
                s15 = (short) (s15 ^ this.f16077gf.gf_mul(sArr4[i15], sArr2[s12 - i15]));
            }
            short s16 = (short) (((short) (((short) (((short) (s15 - 1)) >> 15)) & 1)) - 1);
            short s17 = (short) (((short) (((short) (((short) (((short) (s12 - (s13 * 2))) >> 15)) & 1)) - 1)) & s16);
            for (int i16 = i13; i16 <= this.SYS_T; i16++) {
                sArr3[i16] = sArr4[i16];
            }
            short gf_frac = this.f16077gf.gf_frac(s11, s15);
            for (int i17 = i13; i17 <= this.SYS_T; i17++) {
                sArr4[i17] = (short) ((this.f16077gf.gf_mul(gf_frac, sArr5[i17]) & s16) ^ sArr4[i17]);
            }
            int i18 = ~s17;
            int i19 = s12 + 1;
            s13 = (short) (((i19 - s13) & s17) | (s13 & i18));
            int i21 = 0;
            while (true) {
                i11 = this.SYS_T;
                if (i21 > i11) {
                    break;
                }
                sArr5[i21] = (short) ((sArr5[i21] & i18) | (sArr3[i21] & s17));
                i21++;
            }
            s11 = (short) ((i18 & s11) | (s15 & s17));
            while (i11 >= 1) {
                sArr5[i11] = sArr5[i11 - 1];
                i11--;
            }
            i13 = 0;
            sArr5[0] = 0;
            s12 = (short) i19;
        }
        while (true) {
            int i22 = this.SYS_T;
            if (i13 > i22) {
                return;
            }
            sArr[i13] = sArr4[i22 - i13];
            i13++;
        }
    }

    public static void cbrecursion(byte[] bArr, long j11, long j12, short[] sArr, int i11, long j13, long j14, int[] iArr) {
        long j15;
        long j16 = j14;
        if (j13 == 1) {
            int i12 = (int) (j11 >> 3);
            bArr[i12] = (byte) ((get_q_short(iArr, i11) << ((int) (j11 & 7))) ^ bArr[i12]);
            return;
        }
        if (sArr != null) {
            for (long j17 = 0; j17 < j16; j17++) {
                int i13 = (int) j17;
                iArr[i13] = sArr[(int) (j17 ^ 1)] | ((sArr[i13] ^ 1) << 16);
            }
        } else {
            for (long j18 = 0; j18 < j16; j18++) {
                long j19 = i11;
                iArr[(int) j18] = ((get_q_short(iArr, (int) (j19 + j18)) ^ 1) << 16) | get_q_short(iArr, (int) (j19 + (j18 ^ 1)));
            }
        }
        int i14 = (int) j16;
        sort32(iArr, 0, i14);
        for (long j21 = 0; j21 < j16; j21++) {
            int i15 = (int) j21;
            int i16 = 65535 & iArr[i15];
            if (j21 >= i16) {
                i15 = i16;
            }
            iArr[(int) (j16 + j21)] = i15 | (i16 << 16);
        }
        for (long j22 = 0; j22 < j16; j22++) {
            iArr[(int) j22] = (int) ((iArr[r7] << 16) | j22);
        }
        sort32(iArr, 0, i14);
        for (long j23 = 0; j23 < j16; j23++) {
            int i17 = (int) j23;
            iArr[i17] = (iArr[i17] << 16) + (iArr[(int) (j16 + j23)] >> 16);
        }
        sort32(iArr, 0, i14);
        if (j13 <= 10) {
            for (long j24 = 0; j24 < j16; j24++) {
                int i18 = (int) (j16 + j24);
                iArr[i18] = ((iArr[(int) j24] & 65535) << 10) | (iArr[i18] & AudioAttributesCompat.FLAG_ALL);
            }
            long j25 = 1;
            for (long j26 = 1; j25 < j13 - j26; j26 = 1) {
                long j27 = 0;
                while (j27 < j16) {
                    iArr[(int) j27] = (int) (((iArr[(int) (j16 + j27)] & (-1024)) << 6) | j27);
                    j27++;
                    j25 = j25;
                }
                long j28 = j25;
                sort32(iArr, 0, i14);
                for (long j29 = 0; j29 < j16; j29++) {
                    int i19 = (int) j29;
                    iArr[i19] = (iArr[i19] << 20) | iArr[(int) (j16 + j29)];
                }
                sort32(iArr, 0, i14);
                for (long j30 = 0; j30 < j16; j30++) {
                    int i21 = iArr[(int) j30];
                    int i22 = 1048575 & i21;
                    int i23 = (int) (j16 + j30);
                    int i24 = (i21 & 1047552) | (iArr[i23] & AudioAttributesCompat.FLAG_ALL);
                    if (i22 >= i24) {
                        i22 = i24;
                    }
                    iArr[i23] = i22;
                }
                j25 = j28 + 1;
            }
            for (long j31 = 0; j31 < j16; j31++) {
                int i25 = (int) (j16 + j31);
                iArr[i25] = iArr[i25] & AudioAttributesCompat.FLAG_ALL;
            }
        } else {
            for (long j32 = 0; j32 < j16; j32++) {
                int i26 = (int) (j16 + j32);
                iArr[i26] = (iArr[(int) j32] << 16) | (iArr[i26] & 65535);
            }
            long j33 = 1;
            for (long j34 = 1; j33 < j13 - j34; j34 = 1) {
                for (long j35 = 0; j35 < j16; j35++) {
                    iArr[(int) j35] = (int) ((iArr[(int) (j16 + j35)] & SupportMenu.CATEGORY_MASK) | j35);
                }
                sort32(iArr, 0, i14);
                for (long j36 = 0; j36 < j16; j36++) {
                    int i27 = (int) j36;
                    iArr[i27] = (iArr[i27] << 16) | (iArr[(int) (j16 + j36)] & 65535);
                }
                if (j33 < j13 - 2) {
                    for (long j37 = 0; j37 < j16; j37++) {
                        int i28 = (int) (j16 + j37);
                        iArr[i28] = (iArr[(int) j37] & SupportMenu.CATEGORY_MASK) | (iArr[i28] >> 16);
                    }
                    sort32(iArr, i14, (int) (j16 * 2));
                    for (long j38 = 0; j38 < j16; j38++) {
                        int i29 = (int) (j16 + j38);
                        iArr[i29] = (iArr[i29] << 16) | (iArr[(int) j38] & 65535);
                    }
                }
                sort32(iArr, 0, i14);
                for (long j39 = 0; j39 < j16; j39++) {
                    int i30 = (int) (j16 + j39);
                    int i31 = iArr[i30];
                    int i32 = (i31 & SupportMenu.CATEGORY_MASK) | (iArr[(int) j39] & 65535);
                    if (i32 < i31) {
                        iArr[i30] = i32;
                    }
                }
                j33++;
            }
            for (long j40 = 0; j40 < j16; j40++) {
                int i33 = (int) (j16 + j40);
                iArr[i33] = iArr[i33] & 65535;
            }
        }
        long j41 = 0;
        if (sArr != null) {
            while (j41 < j16) {
                iArr[(int) j41] = (int) ((sArr[r0] << 16) + j41);
                j41++;
            }
        } else {
            while (j41 < j16) {
                iArr[(int) j41] = (int) ((get_q_short(iArr, (int) (i11 + j41)) << 16) + j41);
                j41++;
            }
        }
        sort32(iArr, 0, i14);
        long j42 = j11;
        long j43 = 2;
        long j44 = 0;
        while (true) {
            j15 = j16 / j43;
            if (j44 >= j15) {
                break;
            }
            long j45 = j44 * j43;
            long j46 = j16 + j45;
            int i34 = (int) j46;
            int i35 = iArr[i34] & 1;
            int i36 = (int) (i35 + j45);
            int i37 = (int) (j42 >> 3);
            bArr[i37] = (byte) ((i35 << ((int) (j42 & 7))) ^ bArr[i37]);
            j42 += j12;
            iArr[i34] = (iArr[(int) j45] << 16) | i36;
            iArr[(int) (j46 + 1)] = (iArr[(int) (j45 + 1)] << 16) | (i36 ^ 1);
            j44++;
            j16 = j14;
            i14 = i14;
            j43 = 2;
        }
        long j47 = j43;
        long j48 = j14 * j47;
        sort32(iArr, i14, (int) j48);
        long j49 = j13 * j47;
        long j50 = j42 + ((j49 - 3) * j12 * j15);
        long j51 = 0;
        while (j51 < j15) {
            long j52 = j51 * j47;
            long j53 = j14 + j52;
            int i38 = iArr[(int) j53];
            int i39 = i38 & 1;
            long j54 = j50;
            int i40 = (int) (i39 + j52);
            long j55 = j48;
            int i41 = (int) (j54 >> 3);
            bArr[i41] = (byte) (bArr[i41] ^ (i39 << ((int) (j54 & 7))));
            iArr[(int) j52] = (i38 & 65535) | (i40 << 16);
            iArr[(int) (j52 + 1)] = (iArr[(int) (j53 + 1)] & 65535) | ((i40 ^ 1) << 16);
            j51++;
            j50 = j54 + j12;
            j48 = j55;
            j49 = j49;
            j47 = 2;
        }
        long j56 = j48;
        sort32(iArr, 0, i14);
        long j57 = 2;
        long j58 = j50 - (((j49 - 2) * j12) * j15);
        short[] sArr2 = new short[i14 * 4];
        long j59 = 0;
        while (j59 < j56) {
            long j60 = j59 * j57;
            int i42 = iArr[(int) j59];
            sArr2[(int) (j60 + 0)] = (short) i42;
            sArr2[(int) (j60 + 1)] = (short) ((i42 & SupportMenu.CATEGORY_MASK) >> 16);
            j59++;
            j57 = 2;
        }
        for (long j61 = 0; j61 < j15; j61++) {
            long j62 = j61 * 2;
            sArr2[(int) j61] = (short) ((iArr[(int) j62] & 65535) >>> 1);
            sArr2[(int) (j61 + j15)] = (short) ((iArr[(int) (j62 + 1)] & 65535) >>> 1);
        }
        for (long j63 = 0; j63 < j15; j63++) {
            long j64 = j63 * 2;
            iArr[(int) (j14 + (j14 / 4) + j63)] = (sArr2[(int) (j64 + 1)] << 16) | sArr2[(int) j64];
        }
        long j65 = j12 * 2;
        long j66 = j14 + (j14 / 4);
        long j67 = j13 - 1;
        cbrecursion(bArr, j58, j65, null, ((int) j66) * 2, j67, j15, iArr);
        cbrecursion(bArr, j58 + j12, j65, null, (int) ((j66 * 2) + j15), j67, j15, iArr);
    }

    private static void controlbitsfrompermutation(byte[] bArr, short[] sArr, long j11, long j12) {
        long j13 = 2;
        int[] iArr = new int[(int) (j12 * 2)];
        int i11 = (int) j12;
        short[] sArr2 = new short[i11];
        while (true) {
            short s11 = 0;
            for (int i12 = 0; i12 < (((((j11 * j13) - 1) * j12) / j13) + 7) / 8; i12++) {
                bArr[i12] = 0;
            }
            int i13 = i11;
            short[] sArr3 = sArr2;
            int[] iArr2 = iArr;
            cbrecursion(bArr, 0L, 1L, sArr, 0, j11, j12, iArr);
            for (int i14 = 0; i14 < j12; i14++) {
                sArr3[i14] = (short) i14;
            }
            int i15 = 0;
            for (int i16 = 0; i16 < j11; i16++) {
                layer(sArr3, bArr, i15, i16, i13);
                i15 = (int) (i15 + (j12 >> 4));
            }
            for (int i17 = (int) (j11 - 2); i17 >= 0; i17--) {
                layer(sArr3, bArr, i15, i17, i13);
                i15 = (int) (i15 + (j12 >> 4));
            }
            int i18 = 0;
            while (i18 < j12) {
                short s12 = (short) (s11 | (sArr[i18] ^ sArr3[i18]));
                i18++;
                s11 = s12;
            }
            if (s11 == 0) {
                return;
            }
            sArr2 = sArr3;
            i11 = i13;
            iArr = iArr2;
            j13 = 2;
        }
    }

    private static int ctz(long j11) {
        int i11 = 0;
        int i12 = 0;
        for (int i13 = 0; i13 < 64; i13++) {
            int i14 = (int) ((j11 >> i13) & 1);
            i12 |= i14;
            i11 += (i14 ^ 1) & (i12 ^ 1);
        }
        return i11;
    }

    private int decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i11;
        int i12;
        int i13 = this.SYS_T;
        short[] sArr = new short[i13 + 1];
        int i14 = this.SYS_N;
        short[] sArr2 = new short[i14];
        short[] sArr3 = new short[i13 * 2];
        short[] sArr4 = new short[i13 * 2];
        short[] sArr5 = new short[i13 + 1];
        short[] sArr6 = new short[i14];
        byte[] bArr4 = new byte[i14 / 8];
        int i15 = 0;
        while (true) {
            i11 = this.SYND_BYTES;
            if (i15 >= i11) {
                break;
            }
            bArr4[i15] = bArr3[i15];
            i15++;
        }
        while (i11 < this.SYS_N / 8) {
            bArr4[i11] = 0;
            i11++;
        }
        int i16 = 0;
        while (true) {
            i12 = this.SYS_T;
            if (i16 >= i12) {
                break;
            }
            sArr[i16] = Utils.load_gf(bArr2, (i16 * 2) + 40, this.GFMASK);
            i16++;
        }
        sArr[i12] = 1;
        this.benes.support_gen(sArr2, bArr2);
        synd(sArr3, sArr, sArr2, bArr4);
        bm(sArr5, sArr3);
        root(sArr6, sArr5, sArr2);
        for (int i17 = 0; i17 < this.SYS_N / 8; i17++) {
            bArr[i17] = 0;
        }
        int i18 = 0;
        for (int i19 = 0; i19 < this.SYS_N; i19++) {
            short gf_iszero = (short) (this.f16077gf.gf_iszero(sArr6[i19]) & 1);
            int i21 = i19 / 8;
            bArr[i21] = (byte) (bArr[i21] | (gf_iszero << (i19 % 8)));
            i18 += gf_iszero;
        }
        synd(sArr4, sArr, sArr2, bArr);
        int i22 = this.SYS_T ^ i18;
        for (int i23 = 0; i23 < this.SYS_T * 2; i23++) {
            i22 |= sArr3[i23] ^ sArr4[i23];
        }
        return (((i22 - 1) >> 15) & 1) ^ 1;
    }

    private void encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        generate_error_vector(bArr3, secureRandom);
        syndrome(bArr, bArr2, bArr3);
    }

    private short eval(short[] sArr, short s11) {
        int i11 = this.SYS_T;
        short s12 = sArr[i11];
        for (int i12 = i11 - 1; i12 >= 0; i12--) {
            s12 = this.f16077gf.gf_add(this.f16077gf.gf_mul(s12, s11), sArr[i12]);
        }
        return s12;
    }

    private void generate_error_vector(byte[] bArr, SecureRandom secureRandom) {
        int i11;
        int i12 = this.SYS_T;
        short[] sArr = new short[i12 * 2];
        short[] sArr2 = new short[i12];
        byte[] bArr2 = new byte[i12];
        while (true) {
            if (this.countErrorIndices) {
                byte[] bArr3 = new byte[this.SYS_T * 4];
                secureRandom.nextBytes(bArr3);
                for (int i13 = 0; i13 < this.SYS_T * 2; i13++) {
                    sArr[i13] = Utils.load_gf(bArr3, i13 * 2, this.GFMASK);
                }
                int i14 = 0;
                int i15 = 0;
                while (true) {
                    i11 = this.SYS_T;
                    if (i14 >= i11 * 2 || i15 >= i11) {
                        break;
                    }
                    short s11 = sArr[i14];
                    if (s11 < this.SYS_N) {
                        sArr2[i15] = s11;
                        i15++;
                    }
                    i14++;
                }
                if (i15 < i11) {
                    continue;
                }
            } else {
                byte[] bArr4 = new byte[this.SYS_T * 2];
                secureRandom.nextBytes(bArr4);
                for (int i16 = 0; i16 < this.SYS_T; i16++) {
                    sArr2[i16] = Utils.load_gf(bArr4, i16 * 2, this.GFMASK);
                }
            }
            boolean z11 = false;
            for (int i17 = 1; i17 < this.SYS_T && !z11; i17++) {
                int i18 = 0;
                while (true) {
                    if (i18 >= i17) {
                        break;
                    }
                    if (sArr2[i17] == sArr2[i18]) {
                        z11 = true;
                        break;
                    }
                    i18++;
                }
            }
            if (!z11) {
                break;
            }
        }
        for (int i19 = 0; i19 < this.SYS_T; i19++) {
            bArr2[i19] = (byte) (1 << (sArr2[i19] & 7));
        }
        for (short s12 = 0; s12 < this.SYS_N / 8; s12 = (short) (s12 + 1)) {
            bArr[s12] = 0;
            for (int i21 = 0; i21 < this.SYS_T; i21++) {
                bArr[s12] = (byte) ((((short) (same_mask32(s12, (short) (sArr2[i21] >> 3)) & 255)) & bArr2[i21]) | bArr[s12]);
            }
        }
    }

    private int generate_irr_poly(short[] sArr) {
        int i11 = this.SYS_T;
        short[][] sArr2 = (short[][]) Array.newInstance((Class<?>) Short.TYPE, i11 + 1, i11);
        sArr2[0][0] = 1;
        for (int i12 = 1; i12 < this.SYS_T; i12++) {
            sArr2[0][i12] = 0;
        }
        for (int i13 = 0; i13 < this.SYS_T; i13++) {
            sArr2[1][i13] = sArr[i13];
        }
        for (int i14 = 2; i14 <= this.SYS_T; i14++) {
            GF_mul(sArr2[i14], sArr2[i14 - 1], sArr);
        }
        int i15 = 0;
        while (i15 < this.SYS_T) {
            int i16 = i15 + 1;
            for (int i17 = i16; i17 < this.SYS_T; i17++) {
                short gf_iszero = this.f16077gf.gf_iszero(sArr2[i15][i15]);
                for (int i18 = i15; i18 < this.SYS_T + 1; i18++) {
                    short[] sArr3 = sArr2[i18];
                    sArr3[i15] = (short) (sArr3[i15] ^ (sArr3[i17] & gf_iszero));
                }
            }
            short s11 = sArr2[i15][i15];
            if (s11 == 0) {
                return -1;
            }
            short gf_inv = this.f16077gf.gf_inv(s11);
            for (int i19 = i15; i19 < this.SYS_T + 1; i19++) {
                short[] sArr4 = sArr2[i19];
                sArr4[i15] = this.f16077gf.gf_mul(sArr4[i15], gf_inv);
            }
            for (int i21 = 0; i21 < this.SYS_T; i21++) {
                if (i21 != i15) {
                    short s12 = sArr2[i15][i21];
                    for (int i22 = i15; i22 < this.SYS_T + 1; i22++) {
                        short[] sArr5 = sArr2[i22];
                        sArr5[i21] = (short) (sArr5[i21] ^ this.f16077gf.gf_mul(sArr5[i15], s12));
                    }
                }
            }
            i15 = i16;
        }
        int i23 = 0;
        while (true) {
            int i24 = this.SYS_T;
            if (i23 >= i24) {
                return 0;
            }
            sArr[i23] = sArr2[i24][i23];
            i23++;
        }
    }

    public static short get_q_short(int[] iArr, int i11) {
        int i12 = i11 / 2;
        return (short) (i11 % 2 == 0 ? iArr[i12] : (iArr[i12] & SupportMenu.CATEGORY_MASK) >> 16);
    }

    private static void layer(short[] sArr, byte[] bArr, int i11, int i12, int i13) {
        int i14 = 1 << i12;
        int i15 = 0;
        for (int i16 = 0; i16 < i13; i16 += i14 * 2) {
            for (int i17 = 0; i17 < i14; i17++) {
                int i18 = i16 + i17;
                short s11 = sArr[i18];
                int i19 = i18 + i14;
                int i21 = (sArr[i19] ^ s11) & (-((bArr[(i15 >> 3) + i11] >> (i15 & 7)) & 1));
                sArr[i18] = (short) (s11 ^ i21);
                sArr[i19] = (short) (sArr[i19] ^ i21);
                i15++;
            }
        }
    }

    private static int min(short s11, int i11) {
        return s11 < i11 ? s11 : i11;
    }

    private int mov_columns(byte[][] bArr, short[] sArr, long[] jArr) {
        byte[] bArr2;
        long load8;
        long[] jArr2 = new long[64];
        int i11 = 32;
        long[] jArr3 = new long[32];
        byte[] bArr3 = new byte[9];
        int i12 = this.PK_NROWS - 32;
        int i13 = i12 / 8;
        int i14 = i12 % 8;
        if (this.usePadding) {
            for (int i15 = 0; i15 < 32; i15++) {
                for (int i16 = 0; i16 < 9; i16++) {
                    bArr3[i16] = bArr[i12 + i15][i13 + i16];
                }
                int i17 = 0;
                while (i17 < 8) {
                    int i18 = i17 + 1;
                    bArr3[i17] = (byte) (((bArr3[i17] & 255) >> i14) | (bArr3[i18] << (8 - i14)));
                    i17 = i18;
                }
                jArr2[i15] = Utils.load8(bArr3, 0);
            }
        } else {
            for (int i19 = 0; i19 < 32; i19++) {
                jArr2[i19] = Utils.load8(bArr[i12 + i19], i13);
            }
        }
        long j11 = 0;
        jArr[0] = 0;
        int i21 = 0;
        while (i21 < 32) {
            long j12 = jArr2[i21];
            int i22 = i21 + 1;
            for (int i23 = i22; i23 < 32; i23++) {
                j12 |= jArr2[i23];
            }
            if (j12 == j11) {
                return -1;
            }
            int ctz = ctz(j12);
            long j13 = ctz;
            jArr3[i21] = j13;
            jArr[0] = jArr[0] | (1 << ((int) j13));
            for (int i24 = i22; i24 < 32; i24++) {
                long j14 = jArr2[i21];
                jArr2[i21] = j14 ^ (jArr2[i24] & (((j14 >> ctz) & 1) - 1));
            }
            int i25 = i22;
            while (i25 < 32) {
                long j15 = jArr2[i25];
                jArr2[i25] = j15 ^ (jArr2[i21] & (-((j15 >> ctz) & 1)));
                i25++;
                bArr3 = bArr3;
            }
            i21 = i22;
            j11 = 0;
        }
        byte[] bArr4 = bArr3;
        int i26 = 0;
        while (i26 < 32) {
            int i27 = i26 + 1;
            for (int i28 = i27; i28 < 64; i28++) {
                long same_mask64 = same_mask64((short) i28, (short) jArr3[i26]) & (sArr[r10] ^ sArr[r13]);
                sArr[i12 + i26] = (short) (sArr[r10] ^ same_mask64);
                sArr[i12 + i28] = (short) (sArr[r13] ^ same_mask64);
            }
            i26 = i27;
        }
        int i29 = 0;
        while (i29 < this.PK_NROWS) {
            if (this.usePadding) {
                for (int i30 = 0; i30 < 9; i30++) {
                    bArr4[i30] = bArr[i29][i13 + i30];
                }
                int i31 = 0;
                while (i31 < 8) {
                    int i32 = i31 + 1;
                    bArr4[i31] = (byte) (((bArr4[i31] & 255) >> i14) | (bArr4[i32] << (8 - i14)));
                    i31 = i32;
                }
                bArr2 = bArr4;
                load8 = Utils.load8(bArr2, 0);
            } else {
                bArr2 = bArr4;
                load8 = Utils.load8(bArr[i29], i13);
            }
            int i33 = 0;
            while (i33 < i11) {
                long j16 = jArr3[i33];
                long j17 = ((load8 >> i33) ^ (load8 >> ((int) j16))) & 1;
                load8 = (load8 ^ (j17 << ((int) j16))) ^ (j17 << i33);
                i33++;
                i11 = 32;
            }
            if (this.usePadding) {
                Utils.store8(bArr2, 0, load8);
                byte[] bArr5 = bArr[i29];
                int i34 = i13 + 8;
                int i35 = 8 - i14;
                bArr5[i34] = (byte) ((((bArr5[i34] & 255) >>> i14) << i14) | ((bArr2[7] & 255) >>> i35));
                bArr5[i13 + 0] = (byte) (((bArr2[0] & 255) << i14) | (((bArr5[i13] & 255) << i35) >>> i35));
                for (int i36 = 7; i36 >= 1; i36--) {
                    bArr[i29][i13 + i36] = (byte) (((bArr2[i36] & 255) << i14) | ((bArr2[i36 - 1] & 255) >>> i35));
                }
            } else {
                Utils.store8(bArr[i29], i13, load8);
            }
            i29++;
            bArr4 = bArr2;
            i11 = 32;
        }
        return 0;
    }

    /* JADX WARN: Code restructure failed: missing block: B:109:0x01e2, code lost:
    
        continue;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int pk_gen(byte[] r18, byte[] r19, int[] r20, short[] r21, long[] r22) {
        /*
            Method dump skipped, instructions count: 589
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pqc.crypto.cmce.CMCEEngine.pk_gen(byte[], byte[], int[], short[], long[]):int");
    }

    private void root(short[] sArr, short[] sArr2, short[] sArr3) {
        for (int i11 = 0; i11 < this.SYS_N; i11++) {
            sArr[i11] = eval(sArr2, sArr3[i11]);
        }
    }

    private static byte same_mask32(short s11, short s12) {
        return (byte) ((-(((s11 ^ s12) - 1) >>> 31)) & 255);
    }

    private static long same_mask64(short s11, short s12) {
        return -(((s11 ^ s12) - 1) >>> 63);
    }

    private static void sort32(int[] iArr, int i11, int i12) {
        int i13 = i12 - i11;
        if (i13 < 2) {
            return;
        }
        int i14 = 1;
        while (i14 < i13 - i14) {
            i14 += i14;
        }
        for (int i15 = i14; i15 > 0; i15 >>>= 1) {
            int i16 = 0;
            for (int i17 = 0; i17 < i13 - i15; i17++) {
                if ((i17 & i15) == 0) {
                    int i18 = i11 + i17;
                    int i19 = i18 + i15;
                    int i21 = iArr[i19];
                    int i22 = iArr[i18];
                    int i23 = i21 ^ i22;
                    int i24 = i21 - i22;
                    int i25 = ((((i21 ^ i24) & i23) ^ i24) >> 31) & i23;
                    iArr[i18] = i22 ^ i25;
                    iArr[i19] = iArr[i19] ^ i25;
                }
            }
            for (int i26 = i14; i26 > i15; i26 >>>= 1) {
                while (i16 < i13 - i26) {
                    if ((i16 & i15) == 0) {
                        int i27 = i11 + i16;
                        int i28 = i27 + i15;
                        int i29 = iArr[i28];
                        for (int i30 = i26; i30 > i15; i30 >>>= 1) {
                            int i31 = i27 + i30;
                            int i32 = iArr[i31];
                            int i33 = i32 ^ i29;
                            int i34 = i32 - i29;
                            int i35 = i33 & ((i34 ^ ((i34 ^ i32) & i33)) >> 31);
                            i29 ^= i35;
                            iArr[i31] = i32 ^ i35;
                        }
                        iArr[i28] = i29;
                    }
                    i16++;
                }
            }
        }
    }

    private static void sort64(long[] jArr, int i11, int i12) {
        int i13 = i12 - i11;
        if (i13 < 2) {
            return;
        }
        int i14 = 1;
        while (i14 < i13 - i14) {
            i14 += i14;
        }
        for (int i15 = i14; i15 > 0; i15 >>>= 1) {
            int i16 = 0;
            for (int i17 = 0; i17 < i13 - i15; i17++) {
                if ((i17 & i15) == 0) {
                    int i18 = i11 + i17;
                    int i19 = i18 + i15;
                    long j11 = jArr[i19];
                    long j12 = jArr[i18];
                    long j13 = (j11 ^ j12) & (-((j11 - j12) >>> 63));
                    jArr[i18] = j12 ^ j13;
                    jArr[i19] = jArr[i19] ^ j13;
                }
            }
            for (int i21 = i14; i21 > i15; i21 >>>= 1) {
                while (i16 < i13 - i21) {
                    if ((i16 & i15) == 0) {
                        int i22 = i11 + i16;
                        int i23 = i22 + i15;
                        long j14 = jArr[i23];
                        for (int i24 = i21; i24 > i15; i24 >>>= 1) {
                            int i25 = i22 + i24;
                            long j15 = jArr[i25];
                            long j16 = (-((j15 - j14) >>> 63)) & (j14 ^ j15);
                            j14 ^= j16;
                            jArr[i25] = j15 ^ j16;
                        }
                        jArr[i23] = j14;
                    }
                    i16++;
                }
            }
        }
    }

    private void synd(short[] sArr, short[] sArr2, short[] sArr3, byte[] bArr) {
        for (int i11 = 0; i11 < this.SYS_T * 2; i11++) {
            sArr[i11] = 0;
        }
        for (int i12 = 0; i12 < this.SYS_N; i12++) {
            short s11 = (short) ((bArr[i12 / 8] >> (i12 % 8)) & 1);
            short eval = eval(sArr2, sArr3[i12]);
            GF gf2 = this.f16077gf;
            short gf_inv = gf2.gf_inv(gf2.gf_mul(eval, eval));
            for (int i13 = 0; i13 < this.SYS_T * 2; i13++) {
                GF gf3 = this.f16077gf;
                sArr[i13] = gf3.gf_add(sArr[i13], gf3.gf_mul(gf_inv, s11));
                gf_inv = this.f16077gf.gf_mul(gf_inv, sArr3[i12]);
            }
        }
    }

    private void syndrome(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        short[] sArr = new short[this.SYS_N / 8];
        int i11 = this.PK_NROWS % 8;
        for (int i12 = 0; i12 < this.SYND_BYTES; i12++) {
            bArr[i12] = 0;
        }
        int i13 = 0;
        for (int i14 = 0; i14 < this.PK_NROWS; i14++) {
            for (int i15 = 0; i15 < this.SYS_N / 8; i15++) {
                sArr[i15] = 0;
            }
            int i16 = 0;
            while (true) {
                int i17 = this.PK_ROW_BYTES;
                if (i16 >= i17) {
                    break;
                }
                sArr[((this.SYS_N / 8) - i17) + i16] = bArr2[i13 + i16];
                i16++;
            }
            if (this.usePadding) {
                for (int i18 = (this.SYS_N / 8) - 1; i18 >= (this.SYS_N / 8) - this.PK_ROW_BYTES; i18--) {
                    sArr[i18] = (short) ((((sArr[i18] & 255) << i11) | ((sArr[i18 - 1] & 255) >>> (8 - i11))) & 255);
                }
            }
            int i19 = i14 / 8;
            int i21 = i14 % 8;
            sArr[i19] = (short) (sArr[i19] | (1 << i21));
            byte b11 = 0;
            for (int i22 = 0; i22 < this.SYS_N / 8; i22++) {
                b11 = (byte) (b11 ^ (sArr[i22] & bArr3[i22]));
            }
            byte b12 = (byte) ((b11 >>> 4) ^ b11);
            byte b13 = (byte) (b12 ^ (b12 >>> 2));
            bArr[i19] = (byte) ((((byte) (1 & ((byte) (b13 ^ (b13 >>> 1))))) << i21) | bArr[i19]);
            i13 += this.PK_ROW_BYTES;
        }
    }

    public int check_c_padding(byte[] bArr) {
        return ((byte) ((((byte) (((byte) ((bArr[this.SYND_BYTES - 1] & 255) >>> (this.PK_NROWS % 8))) - 1)) & 255) >>> 7)) - 1;
    }

    public int check_pk_padding(byte[] bArr) {
        byte b11 = 0;
        for (int i11 = 0; i11 < this.PK_NROWS; i11++) {
            int i12 = this.PK_ROW_BYTES;
            b11 = (byte) (b11 | bArr[((i11 * i12) + i12) - 1]);
        }
        return ((byte) ((((byte) (((byte) ((b11 & 255) >>> (this.PK_NCOLS % 8))) - 1)) & 255) >>> 7)) - 1;
    }

    public byte[] decompress_private_key(byte[] bArr) {
        int i11;
        byte[] bArr2 = new byte[getPrivateKeySize()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        int i12 = (this.SYS_N / 8) + ((1 << this.GFBITS) * 4) + this.IRR_BYTES + 32;
        byte[] bArr3 = new byte[i12];
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i12);
        if (bArr.length <= 40) {
            short[] sArr = new short[this.SYS_T];
            int i13 = this.IRR_BYTES;
            byte[] bArr4 = new byte[i13];
            int i14 = (i12 - 32) - i13;
            for (int i15 = 0; i15 < this.SYS_T; i15++) {
                sArr[i15] = Utils.load_gf(bArr3, (i15 * 2) + i14, this.GFMASK);
            }
            generate_irr_poly(sArr);
            for (int i16 = 0; i16 < this.SYS_T; i16++) {
                Utils.store_gf(bArr4, i16 * 2, sArr[i16]);
            }
            System.arraycopy(bArr4, 0, bArr2, 40, this.IRR_BYTES);
        }
        int length = bArr.length;
        int i17 = this.IRR_BYTES;
        if (length <= i17 + 40) {
            int i18 = this.GFBITS;
            int[] iArr = new int[1 << i18];
            short[] sArr2 = new short[1 << i18];
            int i19 = ((i12 - 32) - i17) - ((1 << i18) * 4);
            int i21 = 0;
            while (true) {
                i11 = this.GFBITS;
                if (i21 >= (1 << i11)) {
                    break;
                }
                iArr[i21] = Utils.load4(bArr3, (i21 * 4) + i19);
                i21++;
            }
            if (this.usePivots) {
                pk_gen(null, bArr2, iArr, sArr2, new long[]{0});
            } else {
                int i22 = 1 << i11;
                long[] jArr = new long[i22];
                for (int i23 = 0; i23 < (1 << this.GFBITS); i23++) {
                    long j11 = iArr[i23];
                    jArr[i23] = j11;
                    long j12 = j11 << 31;
                    jArr[i23] = j12;
                    long j13 = i23 | j12;
                    jArr[i23] = j13;
                    jArr[i23] = j13 & Long.MAX_VALUE;
                }
                sort64(jArr, 0, i22);
                for (int i24 = 0; i24 < (1 << this.GFBITS); i24++) {
                    sArr2[i24] = (short) (jArr[i24] & this.GFMASK);
                }
            }
            int i25 = this.COND_BYTES;
            byte[] bArr5 = new byte[i25];
            controlbitsfrompermutation(bArr5, sArr2, this.GFBITS, 1 << r2);
            System.arraycopy(bArr5, 0, bArr2, this.IRR_BYTES + 40, i25);
        }
        int privateKeySize = getPrivateKeySize();
        int i26 = this.SYS_N;
        System.arraycopy(bArr3, 0, bArr2, privateKeySize - (i26 / 8), i26 / 8);
        return bArr2;
    }

    public byte[] generate_public_key_from_private_key(byte[] bArr) {
        byte[] bArr2 = new byte[getPublicKeySize()];
        int i11 = this.GFBITS;
        short[] sArr = new short[1 << i11];
        long[] jArr = {0};
        int[] iArr = new int[1 << i11];
        int i12 = (this.SYS_N / 8) + ((1 << i11) * 4);
        byte[] bArr3 = new byte[i12];
        int i13 = ((i12 - 32) - this.IRR_BYTES) - ((1 << i11) * 4);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i12);
        for (int i14 = 0; i14 < (1 << this.GFBITS); i14++) {
            iArr[i14] = Utils.load4(bArr3, (i14 * 4) + i13);
        }
        pk_gen(bArr2, bArr, iArr, sArr, jArr);
        return bArr2;
    }

    public int getCipherTextSize() {
        return this.SYND_BYTES + 32;
    }

    public int getCondBytes() {
        return this.COND_BYTES;
    }

    public int getDefaultSessionKeySize() {
        return this.defaultKeySize;
    }

    public int getIrrBytes() {
        return this.IRR_BYTES;
    }

    public int getPrivateKeySize() {
        return this.COND_BYTES + this.IRR_BYTES + (this.SYS_N / 8) + 40;
    }

    public int getPublicKeySize() {
        if (!this.usePadding) {
            return (this.PK_NROWS * this.PK_NCOLS) / 8;
        }
        int i11 = this.PK_NROWS;
        return i11 * ((this.SYS_N / 8) - ((i11 - 1) / 8));
    }

    public int kem_dec(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[32];
        int i11 = this.SYS_N / 8;
        byte[] bArr5 = new byte[i11];
        int check_c_padding = this.usePadding ? check_c_padding(bArr2) : 0;
        byte decrypt = (byte) decrypt(bArr5, bArr3, bArr2);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 2);
        sHAKEDigest.update(bArr5, 0, i11);
        sHAKEDigest.doFinal(bArr4, 0, 32);
        byte b11 = 0;
        for (int i12 = 0; i12 < 32; i12++) {
            b11 = (byte) (b11 | (bArr4[i12] ^ bArr2[this.SYND_BYTES + i12]));
        }
        short s11 = (short) (((short) (((short) (((short) (decrypt | b11)) - 1)) >> 8)) & 255);
        int i13 = (this.SYS_N / 8) + 1 + this.SYND_BYTES + 32;
        byte[] bArr6 = new byte[i13];
        bArr6[0] = (byte) (s11 & 1);
        int i14 = 0;
        while (i14 < this.SYS_N / 8) {
            int i15 = i14 + 1;
            bArr6[i15] = (byte) ((bArr3[i14 + 40 + this.IRR_BYTES + this.COND_BYTES] & (~s11)) | (bArr5[i14] & s11));
            i14 = i15;
        }
        for (int i16 = 0; i16 < this.SYND_BYTES + 32; i16++) {
            bArr6[(this.SYS_N / 8) + 1 + i16] = bArr2[i16];
        }
        SHAKEDigest sHAKEDigest2 = new SHAKEDigest(256);
        sHAKEDigest2.update(bArr6, 0, i13);
        sHAKEDigest2.doFinal(bArr, 0, bArr.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b12 = (byte) check_c_padding;
        for (int i17 = 0; i17 < bArr.length; i17++) {
            bArr[i17] = (byte) (bArr[i17] | b12);
        }
        return check_c_padding;
    }

    public int kem_enc(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        int i11 = this.SYS_N / 8;
        byte[] bArr4 = new byte[i11];
        int check_pk_padding = this.usePadding ? check_pk_padding(bArr3) : 0;
        encrypt(bArr, bArr3, bArr4, secureRandom);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 2);
        sHAKEDigest.update(bArr4, 0, i11);
        sHAKEDigest.doFinal(bArr, this.SYND_BYTES, 32);
        sHAKEDigest.update((byte) 1);
        sHAKEDigest.update(bArr4, 0, i11);
        sHAKEDigest.update(bArr, 0, bArr.length);
        sHAKEDigest.doFinal(bArr2, 0, bArr2.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b11 = (byte) (((byte) check_pk_padding) ^ 255);
        for (int i12 = 0; i12 < this.SYND_BYTES + 32; i12++) {
            bArr[i12] = (byte) (bArr[i12] & b11);
        }
        for (int i13 = 0; i13 < 32; i13++) {
            bArr2[i13] = (byte) (bArr2[i13] & b11);
        }
        return check_pk_padding;
    }

    public void kem_keypair(byte[] bArr, byte[] bArr2, SecureRandom secureRandom) {
        int i11;
        int i12;
        short[] sArr;
        byte[] bArr3;
        int i13;
        long j11;
        int i14 = 32;
        byte[] bArr4 = new byte[32];
        byte[] bArr5 = {64};
        secureRandom.nextBytes(bArr4);
        int i15 = (this.SYS_N / 8) + ((1 << this.GFBITS) * 4) + (this.SYS_T * 2) + 32;
        byte[] bArr6 = new byte[i15];
        long[] jArr = {0};
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        byte[] bArr7 = bArr4;
        while (true) {
            sHAKEDigest.update(bArr5, 0, 1);
            sHAKEDigest.update(bArr4, 0, bArr4.length);
            sHAKEDigest.doFinal(bArr6, 0, i15);
            int i16 = i15 - 32;
            byte[] copyOfRange = Arrays.copyOfRange(bArr6, i16, i16 + 32);
            System.arraycopy(bArr7, 0, bArr2, 0, i14);
            byte[] copyOfRange2 = Arrays.copyOfRange(copyOfRange, 0, i14);
            int i17 = this.SYS_T;
            short[] sArr2 = new short[i17];
            int i18 = i16 - (i17 * 2);
            for (int i19 = 0; i19 < this.SYS_T; i19++) {
                sArr2[i19] = Utils.load_gf(bArr6, (i19 * 2) + i18, this.GFMASK);
            }
            if (generate_irr_poly(sArr2) != -1) {
                for (int i21 = 0; i21 < this.SYS_T; i21++) {
                    Utils.store_gf(bArr2, 40 + (i21 * 2), sArr2[i21]);
                }
                int i22 = this.GFBITS;
                int[] iArr = new int[1 << i22];
                i11 = i18 - ((1 << i22) * 4);
                int i23 = 0;
                while (true) {
                    i12 = this.GFBITS;
                    if (i23 >= (1 << i12)) {
                        break;
                    }
                    iArr[i23] = Utils.load4(bArr6, i11 + (i23 * 4));
                    i23++;
                }
                sArr = new short[1 << i12];
                bArr3 = copyOfRange;
                if (pk_gen(bArr, bArr2, iArr, sArr, jArr) != -1) {
                    break;
                }
            } else {
                bArr3 = copyOfRange;
            }
            bArr7 = copyOfRange2;
            bArr4 = bArr3;
            i14 = 32;
        }
        int i24 = this.COND_BYTES;
        byte[] bArr8 = new byte[i24];
        controlbitsfrompermutation(bArr8, sArr, this.GFBITS, 1 << r2);
        System.arraycopy(bArr8, 0, bArr2, this.IRR_BYTES + 40, i24);
        int i25 = this.SYS_N;
        System.arraycopy(bArr6, i11 - (i25 / 8), bArr2, bArr2.length - (i25 / 8), i25 / 8);
        if (this.usePivots) {
            i13 = 32;
            j11 = jArr[0];
        } else {
            j11 = 4294967295L;
            i13 = 32;
        }
        Utils.store8(bArr2, i13, j11);
    }
}
