package org.bouncycastle.pqc.crypto.crystals.dilithium;

import androidx.appcompat.widget.a;
import com.pdf.pdfreader.viewer.editor.free.officetool.xs.common.shape.ShapeTypes;
import com.pdf.pdfreader.viewer.editor.free.officetool.xs.fc.ShapeKit;
import java.security.SecureRandom;
import org.bouncycastle.crypto.digests.SHAKEDigest;
import org.bouncycastle.pqc.crypto.crystals.dilithium.Symmetric;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class DilithiumEngine {
    public static final int CrhBytes = 64;
    public static final int DilithiumD = 13;
    public static final int DilithiumN = 256;
    public static final int DilithiumPolyT0PackedBytes = 416;
    public static final int DilithiumPolyT1PackedBytes = 320;
    public static final int DilithiumQ = 8380417;
    public static final int DilithiumQinv = 58728449;
    public static final int DilithiumRootOfUnity = 1753;
    public static final int SeedBytes = 32;
    private final int CryptoBytes;
    private final int CryptoPublicKeyBytes;
    private final int CryptoSecretKeyBytes;
    private final int DilithiumBeta;
    private final int DilithiumEta;
    private final int DilithiumGamma1;
    private final int DilithiumGamma2;
    private final int DilithiumK;
    private final int DilithiumL;
    private final int DilithiumMode;
    private final int DilithiumOmega;
    private final int DilithiumPolyEtaPackedBytes;
    private final int DilithiumPolyVecHPackedBytes;
    private final int DilithiumPolyW1PackedBytes;
    private final int DilithiumPolyZPackedBytes;
    private final int DilithiumTau;
    private final int PolyUniformGamma1NBlocks;
    private final SecureRandom random;
    private final SHAKEDigest shake128Digest = new SHAKEDigest(128);
    private final SHAKEDigest shake256Digest = new SHAKEDigest(256);
    private final Symmetric symmetric;

    public DilithiumEngine(int i2, SecureRandom secureRandom, boolean z2) {
        int i3;
        int i4;
        this.DilithiumMode = i2;
        if (i2 == 2) {
            this.DilithiumK = 4;
            this.DilithiumL = 4;
            this.DilithiumEta = 2;
            this.DilithiumTau = 39;
            this.DilithiumBeta = 78;
            this.DilithiumGamma1 = 131072;
            this.DilithiumGamma2 = 95232;
            this.DilithiumOmega = 80;
            this.DilithiumPolyZPackedBytes = ShapeKit.MASTER_DPI;
            this.DilithiumPolyW1PackedBytes = 192;
            this.DilithiumPolyEtaPackedBytes = 96;
        } else if (i2 == 3) {
            this.DilithiumK = 6;
            this.DilithiumL = 5;
            this.DilithiumEta = 4;
            this.DilithiumTau = 49;
            this.DilithiumBeta = ShapeTypes.ActionButtonBeginning;
            this.DilithiumGamma1 = 524288;
            this.DilithiumGamma2 = 261888;
            this.DilithiumOmega = 55;
            this.DilithiumPolyZPackedBytes = 640;
            this.DilithiumPolyW1PackedBytes = 128;
            this.DilithiumPolyEtaPackedBytes = 128;
        } else {
            if (i2 != 5) {
                throw new IllegalArgumentException(a.h(i2, "The mode ", "is not supported by Crystals Dilithium!"));
            }
            this.DilithiumK = 8;
            this.DilithiumL = 7;
            this.DilithiumEta = 2;
            this.DilithiumTau = 60;
            this.DilithiumBeta = 120;
            this.DilithiumGamma1 = 524288;
            this.DilithiumGamma2 = 261888;
            this.DilithiumOmega = 75;
            this.DilithiumPolyZPackedBytes = 640;
            this.DilithiumPolyW1PackedBytes = 128;
            this.DilithiumPolyEtaPackedBytes = 96;
        }
        this.symmetric = z2 ? new Symmetric.AesSymmetric() : new Symmetric.ShakeSymmetric();
        this.random = secureRandom;
        int i5 = this.DilithiumOmega;
        int i6 = this.DilithiumK;
        int i7 = i5 + i6;
        this.DilithiumPolyVecHPackedBytes = i7;
        this.CryptoPublicKeyBytes = (i6 * 320) + 32;
        int i8 = this.DilithiumL;
        int i9 = this.DilithiumPolyEtaPackedBytes;
        this.CryptoSecretKeyBytes = (i6 * 416) + (i9 * i6) + (i8 * i9) + 96;
        this.CryptoBytes = kotlin.collections.unsigned.a.a(i8, this.DilithiumPolyZPackedBytes, 32, i7);
        int i10 = this.DilithiumGamma1;
        if (i10 == 131072) {
            i3 = this.symmetric.b;
            i4 = i3 + 575;
        } else {
            if (i10 != 524288) {
                throw new RuntimeException("Wrong Dilithium Gamma1!");
            }
            i3 = this.symmetric.b;
            i4 = i3 + 639;
        }
        this.PolyUniformGamma1NBlocks = i4 / i3;
    }

    public final Symmetric a() {
        return this.symmetric;
    }

    public byte[][] generateKeyPair() {
        byte[] bArr = new byte[32];
        byte[] bArr2 = new byte[128];
        byte[] bArr3 = new byte[32];
        byte[] bArr4 = new byte[32];
        byte[] bArr5 = new byte[64];
        byte[] bArr6 = new byte[32];
        PolyVecMatrix polyVecMatrix = new PolyVecMatrix(this);
        PolyVecL polyVecL = new PolyVecL(this);
        PolyVecK polyVecK = new PolyVecK(this);
        PolyVecK polyVecK2 = new PolyVecK(this);
        PolyVecK polyVecK3 = new PolyVecK(this);
        this.random.nextBytes(bArr);
        this.shake256Digest.update(bArr, 0, 32);
        this.shake256Digest.doFinal(bArr2, 0, 128);
        System.arraycopy(bArr2, 0, bArr4, 0, 32);
        System.arraycopy(bArr2, 32, bArr5, 0, 64);
        System.arraycopy(bArr2, 96, bArr6, 0, 32);
        polyVecMatrix.expandMatrix(bArr4);
        polyVecL.uniformEta(bArr5, (short) 0);
        polyVecK.uniformEta(bArr5, (short) this.DilithiumL);
        PolyVecL polyVecL2 = new PolyVecL(this);
        polyVecL.copyPolyVecL(polyVecL2);
        polyVecL2.polyVecNtt();
        polyVecMatrix.pointwiseMontgomery(polyVecK2, polyVecL2);
        polyVecK2.reduce();
        polyVecK2.invNttToMont();
        polyVecK2.addPolyVecK(polyVecK);
        polyVecK2.conditionalAddQ();
        polyVecK2.power2Round(polyVecK3);
        int cryptoPublicKeyBytes = getCryptoPublicKeyBytes() - 32;
        byte[] bArr7 = new byte[cryptoPublicKeyBytes];
        for (int i2 = 0; i2 < getDilithiumK(); i2++) {
            System.arraycopy(polyVecK2.getVectorIndex(i2).polyt1Pack(), 0, bArr7, i2 * 320, 320);
        }
        this.shake256Digest.update(bArr4, 0, 32);
        this.shake256Digest.update(bArr7, 0, cryptoPublicKeyBytes);
        this.shake256Digest.doFinal(bArr3, 0, 32);
        byte[][] bArr8 = new byte[6];
        bArr8[0] = bArr4;
        bArr8[1] = bArr6;
        bArr8[2] = bArr3;
        char c2 = 3;
        bArr8[3] = new byte[getDilithiumL() * getDilithiumPolyEtaPackedBytes()];
        int i3 = 0;
        while (i3 < getDilithiumL()) {
            polyVecL.getVectorIndex(i3).polyEtaPack(bArr8[c2], getDilithiumPolyEtaPackedBytes() * i3);
            i3++;
            c2 = 3;
        }
        char c3 = 4;
        bArr8[4] = new byte[getDilithiumK() * getDilithiumPolyEtaPackedBytes()];
        int i4 = 0;
        while (i4 < getDilithiumK()) {
            polyVecK.getVectorIndex(i4).polyEtaPack(bArr8[c3], getDilithiumPolyEtaPackedBytes() * i4);
            i4++;
            c3 = 4;
        }
        bArr8[5] = new byte[getDilithiumK() * 416];
        for (int i5 = 0; i5 < getDilithiumK(); i5++) {
            polyVecK3.getVectorIndex(i5).polyt0Pack(bArr8[5], i5 * 416);
        }
        return new byte[][]{bArr8[0], bArr8[1], bArr8[2], bArr8[3], bArr8[4], bArr8[5], bArr7};
    }

    public int getCryptoBytes() {
        return this.CryptoBytes;
    }

    public int getCryptoPublicKeyBytes() {
        return this.CryptoPublicKeyBytes;
    }

    public int getCryptoSecretKeyBytes() {
        return this.CryptoSecretKeyBytes;
    }

    public int getDilithiumBeta() {
        return this.DilithiumBeta;
    }

    public int getDilithiumEta() {
        return this.DilithiumEta;
    }

    public int getDilithiumGamma1() {
        return this.DilithiumGamma1;
    }

    public int getDilithiumGamma2() {
        return this.DilithiumGamma2;
    }

    public int getDilithiumK() {
        return this.DilithiumK;
    }

    public int getDilithiumL() {
        return this.DilithiumL;
    }

    public int getDilithiumMode() {
        return this.DilithiumMode;
    }

    public int getDilithiumOmega() {
        return this.DilithiumOmega;
    }

    public int getDilithiumPolyEtaPackedBytes() {
        return this.DilithiumPolyEtaPackedBytes;
    }

    public int getDilithiumPolyVecHPackedBytes() {
        return this.DilithiumPolyVecHPackedBytes;
    }

    public int getDilithiumPolyW1PackedBytes() {
        return this.DilithiumPolyW1PackedBytes;
    }

    public int getDilithiumPolyZPackedBytes() {
        return this.DilithiumPolyZPackedBytes;
    }

    public int getDilithiumTau() {
        return this.DilithiumTau;
    }

    public int getPolyUniformGamma1NBlocks() {
        return this.PolyUniformGamma1NBlocks;
    }

    public SHAKEDigest getShake128Digest() {
        return this.shake128Digest;
    }

    public SHAKEDigest getShake256Digest() {
        return this.shake256Digest;
    }

    public byte[] sign(byte[] bArr, int i2, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, byte[] bArr7) {
        return signSignature(bArr, i2, bArr2, bArr3, bArr4, bArr5, bArr6, bArr7);
    }

    public boolean signOpen(byte[] bArr, byte[] bArr2, int i2, byte[] bArr3, byte[] bArr4) {
        return signVerify(bArr2, i2, bArr, bArr.length, bArr3, bArr4);
    }

    public byte[] signSignature(byte[] bArr, int i2, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, byte[] bArr7) {
        PolyVecK polyVecK;
        byte[] bArr8 = new byte[this.CryptoBytes + i2];
        byte[] bArr9 = new byte[64];
        byte[] bArr10 = new byte[64];
        PolyVecL polyVecL = new PolyVecL(this);
        PolyVecL polyVecL2 = new PolyVecL(this);
        PolyVecL polyVecL3 = new PolyVecL(this);
        PolyVecK polyVecK2 = new PolyVecK(this);
        PolyVecK polyVecK3 = new PolyVecK(this);
        PolyVecK polyVecK4 = new PolyVecK(this);
        PolyVecK polyVecK5 = new PolyVecK(this);
        PolyVecK polyVecK6 = new PolyVecK(this);
        Poly poly = new Poly(this);
        PolyVecMatrix polyVecMatrix = new PolyVecMatrix(this);
        PolyVecK polyVecK7 = polyVecK6;
        int i3 = 0;
        while (i3 < getDilithiumL()) {
            polyVecL.getVectorIndex(i3).polyEtaUnpack(bArr6, i3 * getDilithiumPolyEtaPackedBytes());
            i3++;
            bArr8 = bArr8;
            poly = poly;
        }
        byte[] bArr11 = bArr8;
        Poly poly2 = poly;
        for (int i4 = 0; i4 < getDilithiumK(); i4++) {
            polyVecK3.getVectorIndex(i4).polyEtaUnpack(bArr7, getDilithiumPolyEtaPackedBytes() * i4);
        }
        for (int i5 = 0; i5 < getDilithiumK(); i5++) {
            polyVecK2.getVectorIndex(i5).polyt0Unpack(bArr5, i5 * 416);
        }
        this.shake256Digest.update(bArr4, 0, 32);
        this.shake256Digest.update(bArr, 0, i2);
        this.shake256Digest.doFinal(bArr9, 0, 64);
        SecureRandom secureRandom = this.random;
        if (secureRandom != null) {
            secureRandom.nextBytes(bArr10);
        } else {
            byte[] copyOf = Arrays.copyOf(bArr3, 96);
            System.arraycopy(bArr9, 0, copyOf, 32, 64);
            this.shake256Digest.update(copyOf, 0, 96);
            this.shake256Digest.doFinal(bArr10, 0, 64);
        }
        polyVecMatrix.expandMatrix(bArr2);
        polyVecL.polyVecNtt();
        polyVecK3.polyVecNtt();
        polyVecK2.polyVecNtt();
        int i6 = 0;
        short s = 0;
        while (i6 < 1000) {
            int i7 = i6 + 1;
            short s2 = (short) (s + 1);
            polyVecL2.uniformGamma1(bArr10, s);
            polyVecL2.copyPolyVecL(polyVecL3);
            polyVecL3.polyVecNtt();
            polyVecMatrix.pointwiseMontgomery(polyVecK4, polyVecL3);
            polyVecK4.reduce();
            polyVecK4.invNttToMont();
            polyVecK4.conditionalAddQ();
            polyVecK4.decompose(polyVecK5);
            byte[] bArr12 = bArr11;
            System.arraycopy(polyVecK4.packW1(), 0, bArr12, 0, this.DilithiumK * this.DilithiumPolyW1PackedBytes);
            this.shake256Digest.update(bArr9, 0, 64);
            this.shake256Digest.update(bArr12, 0, this.DilithiumK * this.DilithiumPolyW1PackedBytes);
            this.shake256Digest.doFinal(bArr12, 0, 32);
            Poly poly3 = poly2;
            poly3.challenge(Arrays.copyOfRange(bArr12, 0, 32));
            poly3.polyNtt();
            polyVecL3.pointwisePolyMontgomery(poly3, polyVecL);
            polyVecL3.invNttToMont();
            polyVecL3.addPolyVecL(polyVecL2);
            polyVecL3.reduce();
            if (polyVecL3.checkNorm(this.DilithiumGamma1 - this.DilithiumBeta)) {
                polyVecK = polyVecK7;
            } else {
                polyVecK = polyVecK7;
                polyVecK.pointwisePolyMontgomery(poly3, polyVecK3);
                polyVecK.invNttToMont();
                polyVecK5.subtract(polyVecK);
                polyVecK5.reduce();
                if (polyVecK5.checkNorm(this.DilithiumGamma2 - this.DilithiumBeta)) {
                    continue;
                } else {
                    polyVecK.pointwisePolyMontgomery(poly3, polyVecK2);
                    polyVecK.invNttToMont();
                    polyVecK.reduce();
                    if (polyVecK.checkNorm(this.DilithiumGamma2)) {
                        continue;
                    } else {
                        polyVecK5.addPolyVecK(polyVecK);
                        polyVecK5.conditionalAddQ();
                        if (polyVecK.makeHint(polyVecK5, polyVecK4) <= this.DilithiumOmega) {
                            byte[] bArr13 = new byte[getCryptoBytes()];
                            int i8 = 0;
                            System.arraycopy(bArr12, 0, bArr13, 0, 32);
                            int i9 = 0;
                            while (i9 < getDilithiumL()) {
                                System.arraycopy(polyVecL3.getVectorIndex(i9).zPack(), i8, bArr13, (getDilithiumPolyZPackedBytes() * i9) + 32, getDilithiumPolyZPackedBytes());
                                i9++;
                                i8 = 0;
                            }
                            int dilithiumL = (getDilithiumL() * getDilithiumPolyZPackedBytes()) + 32;
                            for (int i10 = 0; i10 < getDilithiumOmega() + getDilithiumK(); i10++) {
                                bArr13[dilithiumL + i10] = 0;
                            }
                            int i11 = 0;
                            for (int i12 = 0; i12 < getDilithiumK(); i12++) {
                                for (int i13 = 0; i13 < 256; i13++) {
                                    if (polyVecK.getVectorIndex(i12).getCoeffIndex(i13) != 0) {
                                        bArr13[i11 + dilithiumL] = (byte) i13;
                                        i11++;
                                    }
                                }
                                bArr13[getDilithiumOmega() + dilithiumL + i12] = (byte) i11;
                            }
                            return bArr13;
                        }
                    }
                }
            }
            poly2 = poly3;
            polyVecK7 = polyVecK;
            s = s2;
            i6 = i7;
            bArr11 = bArr12;
        }
        return null;
    }

    public boolean signVerify(byte[] bArr, int i2, byte[] bArr2, int i3, byte[] bArr3, byte[] bArr4) {
        byte b;
        int i4;
        byte[] bArr5 = new byte[64];
        byte[] bArr6 = new byte[32];
        Poly poly = new Poly(this);
        PolyVecMatrix polyVecMatrix = new PolyVecMatrix(this);
        PolyVecL polyVecL = new PolyVecL(this);
        PolyVecK polyVecK = new PolyVecK(this);
        PolyVecK polyVecK2 = new PolyVecK(this);
        PolyVecK polyVecK3 = new PolyVecK(this);
        if (i2 != this.CryptoBytes) {
            return false;
        }
        int i5 = 0;
        while (i5 < getDilithiumK()) {
            Poly vectorIndex = polyVecK.getVectorIndex(i5);
            int i6 = i5 * 320;
            i5++;
            vectorIndex.polyt1Unpack(Arrays.copyOfRange(bArr4, i6, (i5 * 320) + 32));
            bArr6 = bArr6;
        }
        byte[] bArr7 = bArr6;
        int i7 = 0;
        while (i7 < getDilithiumL()) {
            Poly vectorIndex2 = polyVecL.getVectorIndex(i7);
            int dilithiumPolyZPackedBytes = (getDilithiumPolyZPackedBytes() * i7) + 32;
            i7++;
            vectorIndex2.a(Arrays.copyOfRange(bArr, dilithiumPolyZPackedBytes, (getDilithiumPolyZPackedBytes() * i7) + 32));
        }
        int dilithiumL = (getDilithiumL() * getDilithiumPolyZPackedBytes()) + 32;
        int i8 = 0;
        byte b2 = 0;
        while (true) {
            if (i8 >= getDilithiumK()) {
                PolyVecK polyVecK4 = polyVecK;
                for (int i9 = b2; i9 < getDilithiumOmega(); i9++) {
                    if ((bArr[dilithiumL + i9] & 255) != 0) {
                        return false;
                    }
                }
                byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 32);
                if (polyVecL.checkNorm(getDilithiumGamma1() - getDilithiumBeta())) {
                    return false;
                }
                this.shake256Digest.update(bArr3, 0, bArr3.length);
                this.shake256Digest.update(bArr4, 0, bArr4.length);
                this.shake256Digest.doFinal(bArr5, 0, 32);
                this.shake256Digest.update(bArr5, 0, 32);
                this.shake256Digest.update(bArr2, 0, i3);
                this.shake256Digest.doFinal(bArr5, 0);
                poly.challenge(copyOfRange);
                polyVecMatrix.expandMatrix(bArr3);
                polyVecL.polyVecNtt();
                polyVecMatrix.pointwiseMontgomery(polyVecK2, polyVecL);
                poly.polyNtt();
                polyVecK4.shiftLeft();
                polyVecK4.polyVecNtt();
                polyVecK4.pointwisePolyMontgomery(poly, polyVecK4);
                polyVecK2.subtract(polyVecK4);
                polyVecK2.reduce();
                polyVecK2.invNttToMont();
                polyVecK2.conditionalAddQ();
                polyVecK2.useHint(polyVecK2, polyVecK3);
                byte[] packW1 = polyVecK2.packW1();
                SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
                sHAKEDigest.update(bArr5, 0, 64);
                sHAKEDigest.update(packW1, 0, this.DilithiumK * this.DilithiumPolyW1PackedBytes);
                sHAKEDigest.doFinal(bArr7, 0, 32);
                for (int i10 = 0; i10 < 32; i10++) {
                    if (copyOfRange[i10] != bArr7[i10]) {
                        return false;
                    }
                }
                return true;
            }
            int i11 = 0;
            for (int i12 = 256; i11 < i12; i12 = 256) {
                polyVecK3.getVectorIndex(i8).setCoeffIndex(i11, 0);
                i11++;
                polyVecK = polyVecK;
            }
            PolyVecK polyVecK5 = polyVecK;
            if ((bArr[getDilithiumOmega() + dilithiumL + i8] & 255) < b2 || (bArr[getDilithiumOmega() + dilithiumL + i8] & 255) > getDilithiumOmega()) {
                return false;
            }
            int i13 = b2;
            byte b3 = b2;
            while (i13 < (bArr[getDilithiumOmega() + dilithiumL + i8] & 255)) {
                if (i13 > b3) {
                    int i14 = dilithiumL + i13;
                    b = b3;
                    i4 = 1;
                    if ((bArr[i14] & 255) <= (bArr[i14 - 1] & 255)) {
                        return false;
                    }
                } else {
                    b = b3;
                    i4 = 1;
                }
                polyVecK3.getVectorIndex(i8).setCoeffIndex(bArr[dilithiumL + i13] & 255, i4);
                i13++;
                b3 = b;
            }
            byte b4 = bArr[getDilithiumOmega() + dilithiumL + i8];
            i8++;
            polyVecK = polyVecK5;
            b2 = b4;
        }
    }
}
