package org.spongycastle.pqc.crypto.ntru;

import java.security.SecureRandom;
import org.spongycastle.crypto.AsymmetricBlockCipher;
import org.spongycastle.crypto.CipherParameters;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.params.ParametersWithRandom;
import org.spongycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.Polynomial;
import org.spongycastle.pqc.math.ntru.polynomial.ProductFormPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.SparseTernaryPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.TernaryPolynomial;
import org.spongycastle.util.Arrays;

/* loaded from: classes8.dex */
public class NTRUEngine implements AsymmetricBlockCipher {
    private boolean forEncryption;
    private NTRUEncryptionParameters params;
    private NTRUEncryptionPrivateKeyParameters privKey;
    private NTRUEncryptionPublicKeyParameters pubKey;
    private SecureRandom random;

    /* JADX WARN: Code restructure failed: missing block: B:31:0x0061, code lost:
    
        if (r4 < r12) goto L28;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.spongycastle.pqc.math.ntru.polynomial.IntegerPolynomial MGF(byte[] r11, int r12, int r13, boolean r14) {
        /*
            r10 = this;
            org.spongycastle.pqc.crypto.ntru.NTRUEncryptionParameters r0 = r10.params
            org.spongycastle.crypto.Digest r0 = r0.hashAlg
            int r1 = r0.getDigestSize()
            int r2 = r13 * r1
            byte[] r2 = new byte[r2]
            if (r14 == 0) goto L12
            byte[] r11 = r10.calcHash(r0, r11)
        L12:
            r14 = 0
            r3 = r14
        L14:
            if (r3 >= r13) goto L29
            int r4 = r11.length
            r0.update(r11, r14, r4)
            r10.putInt(r0, r3)
            byte[] r4 = r10.calcHash(r0)
            int r5 = r3 * r1
            java.lang.System.arraycopy(r4, r14, r2, r5, r1)
            int r3 = r3 + 1
            goto L14
        L29:
            org.spongycastle.pqc.math.ntru.polynomial.IntegerPolynomial r13 = new org.spongycastle.pqc.math.ntru.polynomial.IntegerPolynomial
            r13.<init>(r12)
        L2e:
            r1 = r14
            r4 = r1
        L30:
            int r5 = r2.length
            if (r1 == r5) goto L61
            r5 = r2[r1]
            r5 = r5 & 255(0xff, float:3.57E-43)
            r6 = 243(0xf3, float:3.4E-43)
            if (r5 < r6) goto L3c
            goto L5e
        L3c:
            r6 = r14
        L3d:
            r7 = 4
            if (r6 >= r7) goto L53
            int r7 = r5 % 3
            int[] r8 = r13.coeffs
            int r9 = r7 + (-1)
            r8[r4] = r9
            int r4 = r4 + 1
            if (r4 != r12) goto L4d
            goto L63
        L4d:
            int r5 = r5 - r7
            int r5 = r5 / 3
            int r6 = r6 + 1
            goto L3d
        L53:
            int[] r6 = r13.coeffs
            int r5 = r5 + (-1)
            r6[r4] = r5
            int r4 = r4 + 1
            if (r4 != r12) goto L5e
            goto L63
        L5e:
            int r1 = r1 + 1
            goto L30
        L61:
            if (r4 < r12) goto L64
        L63:
            return r13
        L64:
            int r1 = r11.length
            r0.update(r11, r14, r1)
            r10.putInt(r0, r3)
            byte[] r2 = r10.calcHash(r0)
            int r3 = r3 + 1
            goto L2e
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.pqc.crypto.ntru.NTRUEngine.MGF(byte[], int, int, boolean):org.spongycastle.pqc.math.ntru.polynomial.IntegerPolynomial");
    }

    private byte[] buildSData(byte[] bArr, byte[] bArr2, int i11, byte[] bArr3, byte[] bArr4) {
        byte[] bArr5 = new byte[bArr.length + i11 + bArr3.length + bArr4.length];
        System.arraycopy(bArr, 0, bArr5, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr5, bArr.length, bArr2.length);
        System.arraycopy(bArr3, 0, bArr5, bArr.length + bArr2.length, bArr3.length);
        System.arraycopy(bArr4, 0, bArr5, bArr.length + bArr2.length + bArr3.length, bArr4.length);
        return bArr5;
    }

    private byte[] calcHash(Digest digest) {
        byte[] bArr = new byte[digest.getDigestSize()];
        digest.doFinal(bArr, 0);
        return bArr;
    }

    private byte[] calcHash(Digest digest, byte[] bArr) {
        byte[] bArr2 = new byte[digest.getDigestSize()];
        digest.update(bArr, 0, bArr.length);
        digest.doFinal(bArr2, 0);
        return bArr2;
    }

    private byte[] copyOf(byte[] bArr, int i11) {
        byte[] bArr2 = new byte[i11];
        if (i11 >= bArr.length) {
            i11 = bArr.length;
        }
        System.arraycopy(bArr, 0, bArr2, 0, i11);
        return bArr2;
    }

    private byte[] decrypt(byte[] bArr, NTRUEncryptionPrivateKeyParameters nTRUEncryptionPrivateKeyParameters) throws InvalidCipherTextException {
        Polynomial polynomial = nTRUEncryptionPrivateKeyParameters.f93289t;
        IntegerPolynomial integerPolynomial = nTRUEncryptionPrivateKeyParameters.f93287fp;
        IntegerPolynomial integerPolynomial2 = nTRUEncryptionPrivateKeyParameters.f93288h;
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        int i11 = nTRUEncryptionParameters.N;
        int i12 = nTRUEncryptionParameters.f93286q;
        int i13 = nTRUEncryptionParameters.f93281db;
        int i14 = nTRUEncryptionParameters.maxMsgLenBytes;
        int i15 = nTRUEncryptionParameters.f93284dm0;
        int i16 = nTRUEncryptionParameters.pkLen;
        int i17 = nTRUEncryptionParameters.minCallsMask;
        boolean z11 = nTRUEncryptionParameters.hashSeed;
        byte[] bArr2 = nTRUEncryptionParameters.oid;
        if (i14 > 255) {
            throw new DataLengthException("maxMsgLenBytes values bigger than 255 are not supported");
        }
        int i18 = i13 / 8;
        IntegerPolynomial fromBinary = IntegerPolynomial.fromBinary(bArr, i11, i12);
        IntegerPolynomial decrypt = decrypt(fromBinary, polynomial, integerPolynomial);
        if (decrypt.count(-1) < i15) {
            throw new InvalidCipherTextException("Less than dm0 coefficients equal -1");
        }
        if (decrypt.count(0) < i15) {
            throw new InvalidCipherTextException("Less than dm0 coefficients equal 0");
        }
        if (decrypt.count(1) < i15) {
            throw new InvalidCipherTextException("Less than dm0 coefficients equal 1");
        }
        IntegerPolynomial integerPolynomial3 = (IntegerPolynomial) fromBinary.clone();
        integerPolynomial3.sub(decrypt);
        integerPolynomial3.modPositive(i12);
        IntegerPolynomial integerPolynomial4 = (IntegerPolynomial) integerPolynomial3.clone();
        integerPolynomial4.modPositive(4);
        decrypt.sub(MGF(integerPolynomial4.toBinary(4), i11, i17, z11));
        decrypt.mod3();
        byte[] binary3Sves = decrypt.toBinary3Sves();
        byte[] bArr3 = new byte[i18];
        System.arraycopy(binary3Sves, 0, bArr3, 0, i18);
        int i19 = binary3Sves[i18] & 255;
        if (i19 > i14) {
            throw new InvalidCipherTextException("Message too long: " + i19 + ">" + i14);
        }
        byte[] bArr4 = new byte[i19];
        int i21 = i18 + 1;
        System.arraycopy(binary3Sves, i21, bArr4, 0, i19);
        int i22 = i21 + i19;
        int length = binary3Sves.length - i22;
        byte[] bArr5 = new byte[length];
        System.arraycopy(binary3Sves, i22, bArr5, 0, length);
        if (!Arrays.constantTimeAreEqual(bArr5, new byte[length])) {
            throw new InvalidCipherTextException("The message is not followed by zeroes");
        }
        IntegerPolynomial mult = generateBlindingPoly(buildSData(bArr2, bArr4, i19, bArr3, copyOf(integerPolynomial2.toBinary(i12), i16 / 8)), bArr4).mult(integerPolynomial2);
        mult.modPositive(i12);
        if (mult.equals(integerPolynomial3)) {
            return bArr4;
        }
        throw new InvalidCipherTextException("Invalid message encoding");
    }

    private byte[] encrypt(byte[] bArr, NTRUEncryptionPublicKeyParameters nTRUEncryptionPublicKeyParameters) {
        byte[] bArr2 = bArr;
        IntegerPolynomial integerPolynomial = nTRUEncryptionPublicKeyParameters.f93290h;
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        int i11 = nTRUEncryptionParameters.N;
        int i12 = nTRUEncryptionParameters.f93286q;
        int i13 = nTRUEncryptionParameters.maxMsgLenBytes;
        int i14 = nTRUEncryptionParameters.f93281db;
        int i15 = nTRUEncryptionParameters.bufferLenBits;
        int i16 = nTRUEncryptionParameters.f93284dm0;
        int i17 = nTRUEncryptionParameters.pkLen;
        int i18 = nTRUEncryptionParameters.minCallsMask;
        boolean z11 = nTRUEncryptionParameters.hashSeed;
        byte[] bArr3 = nTRUEncryptionParameters.oid;
        int length = bArr2.length;
        if (i13 > 255) {
            throw new IllegalArgumentException("llen values bigger than 1 are not supported");
        }
        if (length > i13) {
            throw new DataLengthException("Message too long: " + length + ">" + i13);
        }
        while (true) {
            int i19 = i14 / 8;
            byte[] bArr4 = new byte[i19];
            byte[] bArr5 = bArr3;
            this.random.nextBytes(bArr4);
            int i21 = (i13 + 1) - length;
            int i22 = i14;
            int i23 = i15;
            byte[] bArr6 = new byte[i23 / 8];
            int i24 = i17;
            System.arraycopy(bArr4, 0, bArr6, 0, i19);
            bArr6[i19] = (byte) length;
            int i25 = i19 + 1;
            System.arraycopy(bArr2, 0, bArr6, i25, bArr2.length);
            System.arraycopy(new byte[i21], 0, bArr6, i25 + bArr2.length, i21);
            IntegerPolynomial fromBinary3Sves = IntegerPolynomial.fromBinary3Sves(bArr6, i11);
            length = length;
            bArr3 = bArr5;
            IntegerPolynomial mult = generateBlindingPoly(buildSData(bArr3, bArr2, length, bArr4, copyOf(integerPolynomial.toBinary(i12), i24 / 8)), bArr6).mult(integerPolynomial, i12);
            IntegerPolynomial integerPolynomial2 = (IntegerPolynomial) mult.clone();
            integerPolynomial2.modPositive(4);
            fromBinary3Sves.add(MGF(integerPolynomial2.toBinary(4), i11, i18, z11));
            fromBinary3Sves.mod3();
            if (fromBinary3Sves.count(-1) >= i16 && fromBinary3Sves.count(0) >= i16 && fromBinary3Sves.count(1) >= i16) {
                mult.add(fromBinary3Sves, i12);
                mult.ensurePositive(i12);
                return mult.toBinary(i12);
            }
            bArr2 = bArr;
            i14 = i22;
            i15 = i23;
            i17 = i24;
        }
    }

    private int[] generateBlindingCoeffs(IndexGenerator indexGenerator, int i11) {
        int[] iArr = new int[this.params.N];
        for (int i12 = -1; i12 <= 1; i12 += 2) {
            int i13 = 0;
            while (i13 < i11) {
                int nextIndex = indexGenerator.nextIndex();
                if (iArr[nextIndex] == 0) {
                    iArr[nextIndex] = i12;
                    i13++;
                }
            }
        }
        return iArr;
    }

    private Polynomial generateBlindingPoly(byte[] bArr, byte[] bArr2) {
        IndexGenerator indexGenerator = new IndexGenerator(bArr, this.params);
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        if (nTRUEncryptionParameters.polyType == 1) {
            return new ProductFormPolynomial(new SparseTernaryPolynomial(generateBlindingCoeffs(indexGenerator, nTRUEncryptionParameters.dr1)), new SparseTernaryPolynomial(generateBlindingCoeffs(indexGenerator, this.params.dr2)), new SparseTernaryPolynomial(generateBlindingCoeffs(indexGenerator, this.params.dr3)));
        }
        int i11 = nTRUEncryptionParameters.f93285dr;
        boolean z11 = nTRUEncryptionParameters.sparse;
        int[] generateBlindingCoeffs = generateBlindingCoeffs(indexGenerator, i11);
        return z11 ? new SparseTernaryPolynomial(generateBlindingCoeffs) : new DenseTernaryPolynomial(generateBlindingCoeffs);
    }

    private int log2(int i11) {
        if (i11 == 2048) {
            return 11;
        }
        throw new IllegalStateException("log2 not fully implemented");
    }

    private void putInt(Digest digest, int i11) {
        digest.update((byte) (i11 >> 24));
        digest.update((byte) (i11 >> 16));
        digest.update((byte) (i11 >> 8));
        digest.update((byte) i11);
    }

    protected IntegerPolynomial decrypt(IntegerPolynomial integerPolynomial, Polynomial polynomial, IntegerPolynomial integerPolynomial2) {
        IntegerPolynomial mult;
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        if (nTRUEncryptionParameters.fastFp) {
            mult = polynomial.mult(integerPolynomial, nTRUEncryptionParameters.f93286q);
            mult.mult(3);
            mult.add(integerPolynomial);
        } else {
            mult = polynomial.mult(integerPolynomial, nTRUEncryptionParameters.f93286q);
        }
        mult.center0(this.params.f93286q);
        mult.mod3();
        if (!this.params.fastFp) {
            mult = new DenseTernaryPolynomial(mult).mult(integerPolynomial2, 3);
        }
        mult.center0(3);
        return mult;
    }

    protected IntegerPolynomial encrypt(IntegerPolynomial integerPolynomial, TernaryPolynomial ternaryPolynomial, IntegerPolynomial integerPolynomial2) {
        IntegerPolynomial mult = ternaryPolynomial.mult(integerPolynomial2, this.params.f93286q);
        mult.add(integerPolynomial, this.params.f93286q);
        mult.ensurePositive(this.params.f93286q);
        return mult;
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public int getInputBlockSize() {
        return this.params.maxMsgLenBytes;
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public int getOutputBlockSize() {
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        return ((nTRUEncryptionParameters.N * log2(nTRUEncryptionParameters.f93286q)) + 7) / 8;
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public void init(boolean z11, CipherParameters cipherParameters) {
        this.forEncryption = z11;
        if (!z11) {
            NTRUEncryptionPrivateKeyParameters nTRUEncryptionPrivateKeyParameters = (NTRUEncryptionPrivateKeyParameters) cipherParameters;
            this.privKey = nTRUEncryptionPrivateKeyParameters;
            this.params = nTRUEncryptionPrivateKeyParameters.getParameters();
            return;
        }
        if (cipherParameters instanceof ParametersWithRandom) {
            ParametersWithRandom parametersWithRandom = (ParametersWithRandom) cipherParameters;
            this.random = parametersWithRandom.getRandom();
            this.pubKey = (NTRUEncryptionPublicKeyParameters) parametersWithRandom.getParameters();
        } else {
            this.random = new SecureRandom();
            this.pubKey = (NTRUEncryptionPublicKeyParameters) cipherParameters;
        }
        this.params = this.pubKey.getParameters();
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public byte[] processBlock(byte[] bArr, int i11, int i12) throws InvalidCipherTextException {
        byte[] bArr2 = new byte[i12];
        System.arraycopy(bArr, i11, bArr2, 0, i12);
        return this.forEncryption ? encrypt(bArr2, this.pubKey) : decrypt(bArr2, this.privKey);
    }
}
