package org.spongycastle.pqc.crypto.ntru;

import com.openpath.mobileaccesscore.v$b$$ExternalSyntheticLambda2;
import java.security.SecureRandom;
import org.spongycastle.crypto.AsymmetricBlockCipher;
import org.spongycastle.crypto.CipherParameters;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.params.ParametersWithRandom;
import org.spongycastle.pqc.crypto.ntru.IndexGenerator;
import org.spongycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.Polynomial;
import org.spongycastle.pqc.math.ntru.polynomial.ProductFormPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.SparseTernaryPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.TernaryPolynomial;
import org.spongycastle.util.Arrays;

/* loaded from: classes9.dex */
public class NTRUEngine implements AsymmetricBlockCipher {
    public boolean forEncryption;
    public NTRUEncryptionParameters params;
    public NTRUEncryptionPrivateKeyParameters privKey;
    public NTRUEncryptionPublicKeyParameters pubKey;
    public SecureRandom random;

    public static byte[] buildSData(byte[] bArr, byte[] bArr2, int i2, byte[] bArr3, byte[] bArr4) {
        byte[] bArr5 = new byte[bArr.length + i2 + bArr3.length + bArr4.length];
        System.arraycopy(bArr, 0, bArr5, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr5, bArr.length, bArr2.length);
        System.arraycopy(bArr3, 0, bArr5, bArr.length + bArr2.length, bArr3.length);
        System.arraycopy(bArr4, 0, bArr5, bArr.length + bArr2.length + bArr3.length, bArr4.length);
        return bArr5;
    }

    public final IntegerPolynomial MGF(byte[] bArr, int i2, int i3, boolean z2) {
        Digest digest = this.params.hashAlg;
        int digestSize = digest.getDigestSize();
        byte[] bArr2 = new byte[i3 * digestSize];
        if (z2) {
            byte[] bArr3 = new byte[digest.getDigestSize()];
            digest.update(bArr, 0, bArr.length);
            digest.doFinal(bArr3, 0);
            bArr = bArr3;
        }
        int i4 = 0;
        while (i4 < i3) {
            digest.update(bArr, 0, bArr.length);
            digest.update((byte) (i4 >> 24));
            digest.update((byte) (i4 >> 16));
            digest.update((byte) (i4 >> 8));
            digest.update((byte) i4);
            byte[] bArr4 = new byte[digest.getDigestSize()];
            digest.doFinal(bArr4, 0);
            System.arraycopy(bArr4, 0, bArr2, i4 * digestSize, digestSize);
            i4++;
        }
        IntegerPolynomial integerPolynomial = new IntegerPolynomial(i2);
        while (true) {
            int i5 = 0;
            for (int i6 = 0; i6 != bArr2.length; i6++) {
                int i7 = bArr2[i6] & 255;
                if (i7 < 243) {
                    for (int i8 = 0; i8 < 4; i8++) {
                        int i9 = i7 % 3;
                        integerPolynomial.coeffs[i5] = i9 - 1;
                        i5++;
                        if (i5 == i2) {
                            return integerPolynomial;
                        }
                        i7 = (i7 - i9) / 3;
                    }
                    integerPolynomial.coeffs[i5] = i7 - 1;
                    i5++;
                    if (i5 == i2) {
                        return integerPolynomial;
                    }
                }
            }
            if (i5 >= i2) {
                return integerPolynomial;
            }
            digest.update(bArr, 0, bArr.length);
            digest.update((byte) (i4 >> 24));
            digest.update((byte) (i4 >> 16));
            digest.update((byte) (i4 >> 8));
            digest.update((byte) i4);
            bArr2 = new byte[digest.getDigestSize()];
            digest.doFinal(bArr2, 0);
            i4++;
        }
    }

    public IntegerPolynomial decrypt(IntegerPolynomial integerPolynomial, Polynomial polynomial, IntegerPolynomial integerPolynomial2) {
        IntegerPolynomial mult;
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        if (nTRUEncryptionParameters.fastFp) {
            mult = polynomial.mult(integerPolynomial, nTRUEncryptionParameters.f7737q);
            mult.mult(3);
            mult.add(integerPolynomial);
        } else {
            mult = polynomial.mult(integerPolynomial, nTRUEncryptionParameters.f7737q);
        }
        mult.center0(this.params.f7737q);
        mult.mod3();
        if (!this.params.fastFp) {
            mult = new DenseTernaryPolynomial(mult).mult(integerPolynomial2, 3);
        }
        mult.center0(3);
        return mult;
    }

    public IntegerPolynomial encrypt(IntegerPolynomial integerPolynomial, TernaryPolynomial ternaryPolynomial, IntegerPolynomial integerPolynomial2) {
        IntegerPolynomial mult = ternaryPolynomial.mult(integerPolynomial2, this.params.f7737q);
        mult.add(integerPolynomial, this.params.f7737q);
        mult.ensurePositive(this.params.f7737q);
        return mult;
    }

    public final int[] generateBlindingCoeffs(IndexGenerator indexGenerator, int i2) {
        int leadingAsInt;
        int i3;
        int i4;
        int i5;
        int[] iArr = new int[this.params.N];
        for (int i6 = -1; i6 <= 1; i6 += 2) {
            int i7 = 0;
            while (i7 < i2) {
                if (!indexGenerator.initialized) {
                    indexGenerator.buf = new IndexGenerator.BitString();
                    byte[] bArr = new byte[indexGenerator.hashAlg.getDigestSize()];
                    while (true) {
                        int i8 = indexGenerator.counter;
                        i5 = indexGenerator.minCallsR;
                        if (i8 >= i5) {
                            break;
                        }
                        indexGenerator.appendHash(indexGenerator.buf, bArr);
                        indexGenerator.counter++;
                    }
                    indexGenerator.remLen = i5 * 8 * indexGenerator.hLen;
                    indexGenerator.initialized = true;
                }
                do {
                    IndexGenerator.BitString trailing = indexGenerator.buf.getTrailing(indexGenerator.remLen);
                    int i9 = indexGenerator.remLen;
                    int i10 = indexGenerator.f7733c;
                    if (i9 < i10) {
                        int i11 = i10 - i9;
                        int i12 = indexGenerator.counter;
                        int i13 = indexGenerator.hLen;
                        int i14 = (((i11 + i13) - 1) / i13) + i12;
                        int digestSize = indexGenerator.hashAlg.getDigestSize();
                        byte[] bArr2 = new byte[digestSize];
                        while (indexGenerator.counter < i14) {
                            indexGenerator.appendHash(trailing, bArr2);
                            indexGenerator.counter++;
                            int i15 = indexGenerator.hLen * 8;
                            if (i11 > i15) {
                                i11 -= i15;
                            }
                        }
                        indexGenerator.remLen = (indexGenerator.hLen * 8) - i11;
                        IndexGenerator.BitString bitString = new IndexGenerator.BitString();
                        indexGenerator.buf = bitString;
                        for (int i16 = 0; i16 != digestSize; i16++) {
                            bitString.appendBits(bArr2[i16]);
                        }
                    } else {
                        indexGenerator.remLen = i9 - i10;
                    }
                    leadingAsInt = trailing.getLeadingAsInt(indexGenerator.f7733c);
                    i3 = 1 << indexGenerator.f7733c;
                    i4 = indexGenerator.N;
                } while (leadingAsInt >= i3 - (i3 % i4));
                int i17 = leadingAsInt % i4;
                if (iArr[i17] == 0) {
                    iArr[i17] = i6;
                    i7++;
                }
            }
        }
        return iArr;
    }

    public final Polynomial generateBlindingPoly(byte[] bArr) {
        IndexGenerator indexGenerator = new IndexGenerator(bArr, this.params);
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        if (nTRUEncryptionParameters.polyType == 1) {
            return new ProductFormPolynomial(new SparseTernaryPolynomial(generateBlindingCoeffs(indexGenerator, nTRUEncryptionParameters.dr1)), new SparseTernaryPolynomial(generateBlindingCoeffs(indexGenerator, this.params.dr2)), new SparseTernaryPolynomial(generateBlindingCoeffs(indexGenerator, this.params.dr3)));
        }
        int i2 = nTRUEncryptionParameters.dr;
        boolean z2 = nTRUEncryptionParameters.sparse;
        int[] generateBlindingCoeffs = generateBlindingCoeffs(indexGenerator, i2);
        return z2 ? new SparseTernaryPolynomial(generateBlindingCoeffs) : new DenseTernaryPolynomial(generateBlindingCoeffs);
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public int getInputBlockSize() {
        return this.params.maxMsgLenBytes;
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public int getOutputBlockSize() {
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        int i2 = nTRUEncryptionParameters.N;
        if (nTRUEncryptionParameters.f7737q == 2048) {
            return ((i2 * 11) + 7) / 8;
        }
        throw new IllegalStateException("log2 not fully implemented");
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public void init(boolean z2, CipherParameters cipherParameters) {
        this.forEncryption = z2;
        if (!z2) {
            NTRUEncryptionPrivateKeyParameters nTRUEncryptionPrivateKeyParameters = (NTRUEncryptionPrivateKeyParameters) cipherParameters;
            this.privKey = nTRUEncryptionPrivateKeyParameters;
            this.params = nTRUEncryptionPrivateKeyParameters.getParameters();
            return;
        }
        if (cipherParameters instanceof ParametersWithRandom) {
            ParametersWithRandom parametersWithRandom = (ParametersWithRandom) cipherParameters;
            this.random = parametersWithRandom.getRandom();
            this.pubKey = (NTRUEncryptionPublicKeyParameters) parametersWithRandom.getParameters();
        } else {
            this.random = new SecureRandom();
            this.pubKey = (NTRUEncryptionPublicKeyParameters) cipherParameters;
        }
        this.params = this.pubKey.getParameters();
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public byte[] processBlock(byte[] bArr, int i2, int i3) throws InvalidCipherTextException {
        byte[] bArr2 = new byte[i3];
        System.arraycopy(bArr, i2, bArr2, 0, i3);
        if (!this.forEncryption) {
            NTRUEncryptionPrivateKeyParameters nTRUEncryptionPrivateKeyParameters = this.privKey;
            Polynomial polynomial = nTRUEncryptionPrivateKeyParameters.f7739t;
            IntegerPolynomial integerPolynomial = nTRUEncryptionPrivateKeyParameters.fp;
            IntegerPolynomial integerPolynomial2 = nTRUEncryptionPrivateKeyParameters.f7738h;
            NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
            int i4 = nTRUEncryptionParameters.N;
            int i5 = nTRUEncryptionParameters.f7737q;
            int i6 = nTRUEncryptionParameters.db;
            int i7 = nTRUEncryptionParameters.maxMsgLenBytes;
            int i8 = nTRUEncryptionParameters.dm0;
            int i9 = nTRUEncryptionParameters.pkLen;
            int i10 = nTRUEncryptionParameters.minCallsMask;
            boolean z2 = nTRUEncryptionParameters.hashSeed;
            byte[] bArr3 = nTRUEncryptionParameters.oid;
            if (i7 > 255) {
                throw new DataLengthException("maxMsgLenBytes values bigger than 255 are not supported");
            }
            int i11 = i6 / 8;
            IntegerPolynomial fromBinary = IntegerPolynomial.fromBinary(bArr2, i4, i5);
            IntegerPolynomial decrypt = decrypt(fromBinary, polynomial, integerPolynomial);
            if (decrypt.count(-1) < i8) {
                throw new InvalidCipherTextException("Less than dm0 coefficients equal -1");
            }
            if (decrypt.count(0) < i8) {
                throw new InvalidCipherTextException("Less than dm0 coefficients equal 0");
            }
            if (decrypt.count(1) < i8) {
                throw new InvalidCipherTextException("Less than dm0 coefficients equal 1");
            }
            IntegerPolynomial integerPolynomial3 = (IntegerPolynomial) fromBinary.clone();
            integerPolynomial3.sub(decrypt);
            integerPolynomial3.modPositive(i5);
            IntegerPolynomial integerPolynomial4 = (IntegerPolynomial) integerPolynomial3.clone();
            integerPolynomial4.modPositive(4);
            decrypt.sub(MGF(integerPolynomial4.toBinary(4), i4, i10, z2));
            decrypt.mod3();
            byte[] binary3Sves = decrypt.toBinary3Sves();
            byte[] bArr4 = new byte[i11];
            System.arraycopy(binary3Sves, 0, bArr4, 0, i11);
            int i12 = binary3Sves[i11] & 255;
            if (i12 > i7) {
                throw new InvalidCipherTextException(v$b$$ExternalSyntheticLambda2.m("Message too long: ", i12, ">", i7));
            }
            byte[] bArr5 = new byte[i12];
            int i13 = i11 + 1;
            System.arraycopy(binary3Sves, i13, bArr5, 0, i12);
            int i14 = i13 + i12;
            int length = binary3Sves.length - i14;
            byte[] bArr6 = new byte[length];
            System.arraycopy(binary3Sves, i14, bArr6, 0, length);
            if (!Arrays.constantTimeAreEqual(bArr6, new byte[length])) {
                throw new InvalidCipherTextException("The message is not followed by zeroes");
            }
            byte[] binary = integerPolynomial2.toBinary(i5);
            int i15 = i9 / 8;
            byte[] bArr7 = new byte[i15];
            if (i15 >= binary.length) {
                i15 = binary.length;
            }
            System.arraycopy(binary, 0, bArr7, 0, i15);
            IntegerPolynomial mult = generateBlindingPoly(buildSData(bArr3, bArr5, i12, bArr4, bArr7)).mult(integerPolynomial2);
            mult.modPositive(i5);
            if (mult.equals(integerPolynomial3)) {
                return bArr5;
            }
            throw new InvalidCipherTextException("Invalid message encoding");
        }
        IntegerPolynomial integerPolynomial5 = this.pubKey.f7740h;
        NTRUEncryptionParameters nTRUEncryptionParameters2 = this.params;
        int i16 = nTRUEncryptionParameters2.N;
        int i17 = nTRUEncryptionParameters2.f7737q;
        int i18 = nTRUEncryptionParameters2.maxMsgLenBytes;
        int i19 = nTRUEncryptionParameters2.db;
        int i20 = nTRUEncryptionParameters2.bufferLenBits;
        int i21 = nTRUEncryptionParameters2.dm0;
        int i22 = nTRUEncryptionParameters2.pkLen;
        int i23 = nTRUEncryptionParameters2.minCallsMask;
        boolean z3 = nTRUEncryptionParameters2.hashSeed;
        byte[] bArr8 = nTRUEncryptionParameters2.oid;
        if (i18 > 255) {
            throw new IllegalArgumentException("llen values bigger than 1 are not supported");
        }
        if (i3 > i18) {
            throw new DataLengthException(v$b$$ExternalSyntheticLambda2.m("Message too long: ", i3, ">", i18));
        }
        while (true) {
            int i24 = i19 / 8;
            byte[] bArr9 = new byte[i24];
            int i25 = i19;
            this.random.nextBytes(bArr9);
            int i26 = (i18 + 1) - i3;
            int i27 = i18;
            int i28 = i21;
            byte[] bArr10 = new byte[i20 / 8];
            int i29 = i20;
            System.arraycopy(bArr9, 0, bArr10, 0, i24);
            bArr10[i24] = (byte) i3;
            int i30 = i24 + 1;
            System.arraycopy(bArr2, 0, bArr10, i30, i3);
            System.arraycopy(new byte[i26], 0, bArr10, i30 + i3, i26);
            IntegerPolynomial fromBinary3Sves = IntegerPolynomial.fromBinary3Sves(bArr10, i16);
            byte[] binary2 = integerPolynomial5.toBinary(i17);
            int i31 = i22 / 8;
            byte[] bArr11 = new byte[i31];
            if (i31 >= binary2.length) {
                i31 = binary2.length;
            }
            System.arraycopy(binary2, 0, bArr11, 0, i31);
            IntegerPolynomial mult2 = generateBlindingPoly(buildSData(bArr8, bArr2, i3, bArr9, bArr11)).mult(integerPolynomial5, i17);
            IntegerPolynomial integerPolynomial6 = (IntegerPolynomial) mult2.clone();
            integerPolynomial6.modPositive(4);
            fromBinary3Sves.add(MGF(integerPolynomial6.toBinary(4), i16, i23, z3));
            fromBinary3Sves.mod3();
            if (fromBinary3Sves.count(-1) >= i28 && fromBinary3Sves.count(0) >= i28 && fromBinary3Sves.count(1) >= i28) {
                mult2.add(fromBinary3Sves, i17);
                mult2.ensurePositive(i17);
                return mult2.toBinary(i17);
            }
            i21 = i28;
            i18 = i27;
            i20 = i29;
            i19 = i25;
        }
    }
}
