package org.bouncycastle.pqc.crypto.newhope;

import com.google.android.material.internal.ViewUtils;
import java.security.SecureRandom;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.digests.SHAKEDigest;
import org.bouncycastle.crypto.engines.ChaChaEngine;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

/* loaded from: classes5.dex */
class NewHope {
    public static final int AGREEMENT_SIZE = 32;
    public static final int POLY_SIZE = 1024;
    public static final int SENDA_BYTES = 1824;
    public static final int SENDB_BYTES = 2048;
    private static final boolean STATISTICAL_TEST = false;

    public static void a(byte[] bArr, short[] sArr) {
        SHAKEDigest sHAKEDigest = new SHAKEDigest(128);
        sHAKEDigest.update(bArr, 0, bArr.length);
        int i2 = 0;
        while (true) {
            byte[] bArr2 = new byte[256];
            sHAKEDigest.doOutput(bArr2, 0, 256);
            for (int i3 = 0; i3 < 256; i3 += 2) {
                int i4 = (bArr2[i3] & 255) | ((bArr2[i3 + 1] & 255) << 8);
                if (i4 < 61445) {
                    int i5 = i2 + 1;
                    sArr[i2] = (short) i4;
                    if (i5 == 1024) {
                        return;
                    } else {
                        i2 = i5;
                    }
                }
            }
        }
    }

    public static void b(byte[] bArr) {
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        sHA3Digest.update(bArr, 0, 32);
        sHA3Digest.doFinal(bArr, 0);
    }

    public static void keygen(SecureRandom secureRandom, byte[] bArr, short[] sArr) {
        byte[] bArr2 = new byte[32];
        secureRandom.nextBytes(bArr2);
        b(bArr2);
        short[] sArr2 = new short[1024];
        a(bArr2, sArr2);
        byte[] bArr3 = new byte[32];
        secureRandom.nextBytes(bArr3);
        Poly.c(sArr, bArr3, (byte) 0);
        short[] sArr3 = Precomp.f13565c;
        for (int i2 = 0; i2 < 1024; i2++) {
            sArr[i2] = Reduce.b((sArr[i2] & 65535) * (65535 & sArr3[i2]));
        }
        short[] sArr4 = Precomp.f13564a;
        NTT.b(sArr, sArr4);
        short[] sArr5 = new short[1024];
        Poly.c(sArr5, bArr3, (byte) 1);
        for (int i3 = 0; i3 < 1024; i3++) {
            sArr5[i3] = Reduce.b((sArr5[i3] & 65535) * (sArr3[i3] & 65535));
        }
        NTT.b(sArr5, sArr4);
        short[] sArr6 = new short[1024];
        Poly.d(sArr2, sArr, sArr6);
        short[] sArr7 = new short[1024];
        Poly.a(sArr6, sArr5, sArr7);
        Poly.e(bArr, sArr7);
        System.arraycopy(bArr2, 0, bArr, 1792, 32);
    }

    public static void sharedA(byte[] bArr, short[] sArr, byte[] bArr2) {
        short[] sArr2 = new short[1024];
        short[] sArr3 = new short[1024];
        Poly.b(bArr2, sArr2);
        for (int i2 = 0; i2 < 256; i2++) {
            int i3 = i2 * 4;
            byte b = bArr2[i2 + 1792];
            int i4 = b & 255;
            sArr3[i3] = (short) (b & 3);
            sArr3[i3 + 1] = (short) ((i4 >>> 2) & 3);
            sArr3[i3 + 2] = (short) ((i4 >>> 4) & 3);
            sArr3[i3 + 3] = (short) (i4 >>> 6);
        }
        short[] sArr4 = new short[1024];
        Poly.d(sArr, sArr2, sArr4);
        NTT.a(sArr4);
        NTT.b(sArr4, Precomp.b);
        short[] sArr5 = Precomp.f13566d;
        for (int i5 = 0; i5 < 1024; i5++) {
            sArr4[i5] = Reduce.b((sArr4[i5] & 65535) * (65535 & sArr5[i5]));
        }
        ErrorCorrection.c(bArr, sArr4, sArr3);
        b(bArr);
    }

    public static void sharedB(SecureRandom secureRandom, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        short[] sArr = new short[1024];
        byte[] bArr4 = new byte[32];
        Poly.b(bArr3, sArr);
        int i2 = 0;
        System.arraycopy(bArr3, 1792, bArr4, 0, 32);
        short[] sArr2 = new short[1024];
        a(bArr4, sArr2);
        byte[] bArr5 = new byte[32];
        secureRandom.nextBytes(bArr5);
        short[] sArr3 = new short[1024];
        Poly.c(sArr3, bArr5, (byte) 0);
        short[] sArr4 = Precomp.f13565c;
        for (int i3 = 0; i3 < 1024; i3++) {
            sArr3[i3] = Reduce.b((sArr3[i3] & 65535) * (65535 & sArr4[i3]));
        }
        short[] sArr5 = Precomp.f13564a;
        NTT.b(sArr3, sArr5);
        short[] sArr6 = new short[1024];
        int i4 = 1;
        Poly.c(sArr6, bArr5, (byte) 1);
        for (int i5 = 0; i5 < 1024; i5++) {
            sArr6[i5] = Reduce.b((sArr6[i5] & 65535) * (sArr4[i5] & 65535));
        }
        NTT.b(sArr6, sArr5);
        short[] sArr7 = new short[1024];
        Poly.d(sArr2, sArr3, sArr7);
        Poly.a(sArr7, sArr6, sArr7);
        short[] sArr8 = new short[1024];
        Poly.d(sArr, sArr3, sArr8);
        NTT.a(sArr8);
        NTT.b(sArr8, Precomp.b);
        short[] sArr9 = Precomp.f13566d;
        for (int i6 = 0; i6 < 1024; i6++) {
            sArr8[i6] = Reduce.b((sArr8[i6] & 65535) * (sArr9[i6] & 65535));
        }
        short[] sArr10 = new short[1024];
        int i7 = 2;
        Poly.c(sArr10, bArr5, (byte) 2);
        Poly.a(sArr8, sArr10, sArr8);
        short[] sArr11 = new short[1024];
        short s = 8;
        byte[] bArr6 = new byte[8];
        bArr6[0] = 3;
        byte[] bArr7 = new byte[32];
        ChaChaEngine chaChaEngine = new ChaChaEngine(20);
        chaChaEngine.init(true, new ParametersWithIV(new KeyParameter(bArr5), bArr6));
        chaChaEngine.processBytes(bArr7, 0, 32, bArr7, 0);
        int[] iArr = new int[8];
        int i8 = 0;
        while (i8 < 256) {
            int i9 = ((bArr7[i8 >>> 3] >>> (i8 & 7)) & i4) * 4;
            int i10 = i8 + 256;
            int a2 = ErrorCorrection.a(iArr, i2, 4, (sArr8[i8] * s) + i9) + ErrorCorrection.a(iArr, i4, 5, (sArr8[i10] * 8) + i9);
            int i11 = i8 + 512;
            int a3 = a2 + ErrorCorrection.a(iArr, i7, 6, (sArr8[i11] * 8) + i9);
            int i12 = i8 + ViewUtils.EDGE_TO_EDGE_FLAGS;
            int a4 = (24577 - (a3 + ErrorCorrection.a(iArr, 3, 7, (sArr8[i12] * 8) + i9))) >> 31;
            int i13 = ~a4;
            int[] iArr2 = {(i13 & iArr[0]) ^ (a4 & iArr[4]), (i13 & iArr[i4]) ^ (a4 & iArr[5]), (i13 & iArr[i7]) ^ (a4 & iArr[6]), (iArr[7] & a4) ^ (i13 & iArr[3])};
            int i14 = iArr2[0];
            int i15 = iArr2[3];
            sArr11[i8] = (short) ((i14 - i15) & 3);
            sArr11[i10] = (short) ((iArr2[1] - i15) & 3);
            sArr11[i11] = (short) ((iArr2[2] - i15) & 3);
            sArr11[i12] = (short) (((i15 * 2) + (-a4)) & 3);
            i8++;
            i2 = 0;
            i4 = 1;
            s = 8;
            i7 = 2;
        }
        Poly.e(bArr2, sArr7);
        while (i2 < 256) {
            int i16 = i2 * 4;
            bArr2[i2 + 1792] = (byte) ((sArr11[i16 + 3] << 6) | sArr11[i16] | (sArr11[i16 + 1] << 2) | (sArr11[i16 + 2] << 4));
            i2++;
        }
        ErrorCorrection.c(bArr, sArr8, sArr11);
        b(bArr);
    }
}
