package org.bouncycastle.pqc.crypto.mlkem;

import androidx.emoji2.text.MetadataRepo;
import org.bouncycastle.crypto.digests.SHAKEDigest;

/* loaded from: classes.dex */
public final class MLKEMIndCpa {
    public final int KyberGenerateMatrixNBlocks;
    public final MLKEMEngine engine;
    public final int indCpaBytes;
    public final int indCpaPublicKeyBytes;
    public final int kyberK;
    public final int polyCompressedBytes;
    public final int polyVecBytes;
    public final int polyVecCompressedBytes;
    public final MetadataRepo symmetric;

    public MLKEMIndCpa(MLKEMEngine mLKEMEngine) {
        this.engine = mLKEMEngine;
        this.kyberK = mLKEMEngine.KyberK;
        this.indCpaPublicKeyBytes = mLKEMEngine.KyberPublicKeyBytes;
        this.polyVecBytes = mLKEMEngine.KyberPolyVecBytes;
        this.indCpaBytes = mLKEMEngine.KyberIndCpaBytes;
        this.polyVecCompressedBytes = mLKEMEngine.KyberPolyVecCompressedBytes;
        this.polyCompressedBytes = mLKEMEngine.KyberPolyCompressedBytes;
        MetadataRepo metadataRepo = mLKEMEngine.symmetric;
        this.symmetric = metadataRepo;
        metadataRepo.getClass();
        this.KyberGenerateMatrixNBlocks = 3;
    }

    public static int rejectionSampling(Poly poly, int i, int i2, byte[] bArr, int i3) {
        int i4 = 0;
        int i5 = 0;
        while (i4 < i2) {
            int i6 = i5 + 3;
            if (i6 > i3) {
                break;
            }
            short s = (short) (bArr[i5] & 255);
            short s2 = (short) (bArr[i5 + 1] & 255);
            short s3 = (short) ((s | (s2 << 8)) & 4095);
            short s4 = (short) (((((short) (bArr[i5 + 2] & 255)) << 4) | (s2 >> 4)) & 4095);
            if (s3 < 3329) {
                ((short[]) poly.coeffs)[i + i4] = s3;
                i4++;
            }
            if (i4 < i2 && s4 < 3329) {
                ((short[]) poly.coeffs)[i + i4] = s4;
                i4++;
            }
            i5 = i6;
        }
        return i4;
    }

    public final byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        boolean z;
        int i;
        Poly[] polyArr;
        int i2;
        int i3;
        char c;
        char c2;
        char c3;
        MLKEMEngine mLKEMEngine = this.engine;
        Poly poly = new Poly(mLKEMEngine, 3);
        Poly poly2 = new Poly(mLKEMEngine, 3);
        Poly poly3 = new Poly(mLKEMEngine, 3);
        Poly poly4 = new Poly(mLKEMEngine, 3);
        Poly[] polyArr2 = new Poly[mLKEMEngine.KyberK];
        Poly poly5 = new Poly(mLKEMEngine, 0);
        Poly poly6 = new Poly(mLKEMEngine, 0);
        short[] sArr = new short[256];
        int i4 = 32;
        byte[] bArr4 = new byte[32];
        poly2.fromBytes(bArr);
        System.arraycopy(bArr, this.polyVecBytes, bArr4, 0, 32);
        if (bArr2.length != 32) {
            throw new RuntimeException("KYBER_INDCPA_MSGBYTES must be equal to KYBER_N/8 bytes!");
        }
        int i5 = 0;
        while (true) {
            z = true;
            if (i5 >= i4) {
                break;
            }
            int i6 = i4;
            int i7 = 0;
            for (int i8 = 8; i7 < i8; i8 = i8) {
                sArr[(i5 * 8) + i7] = (short) (((short) (((short) (((bArr2[i5] & 255) >> i7) & 1)) * (-1))) & 1665);
                i7++;
            }
            i5++;
            i4 = i6;
        }
        int i9 = i4;
        int i10 = 0;
        while (true) {
            i = this.kyberK;
            if (i10 >= i) {
                break;
            }
            polyArr2[i10] = new Poly(mLKEMEngine, 3);
            i10++;
        }
        generateMatrix(polyArr2, bArr4, true);
        byte b = 0;
        for (int i11 = 0; i11 < i; i11++) {
            ((Poly[]) poly.coeffs)[i11].getEta1Noise(b, bArr3);
            b = (byte) (b + 1);
        }
        int i12 = 0;
        while (i12 < i) {
            boolean z2 = z;
            Poly poly7 = ((Poly[]) poly3.coeffs)[i12];
            byte[] bArr5 = new byte[128];
            MetadataRepo metadataRepo = (MetadataRepo) poly7.symmetric;
            metadataRepo.getClass();
            int i13 = i12;
            int length = bArr3.length + 1;
            Poly[] polyArr3 = polyArr2;
            byte[] bArr6 = new byte[length];
            byte b2 = b;
            System.arraycopy(bArr3, 0, bArr6, 0, bArr3.length);
            bArr6[bArr3.length] = b2;
            SHAKEDigest sHAKEDigest = (SHAKEDigest) metadataRepo.mTypeface;
            sHAKEDigest.absorb(bArr6, 0, length);
            sHAKEDigest.doFinal(bArr5, 0, 128);
            Ntt.mlkemCBD(poly7, bArr5, 2);
            b = (byte) (b2 + 1);
            i12 = i13 + 1;
            z = z2;
            polyArr2 = polyArr3;
        }
        Poly[] polyArr4 = polyArr2;
        byte b3 = b;
        boolean z3 = z;
        byte[] bArr7 = new byte[128];
        MetadataRepo metadataRepo2 = (MetadataRepo) poly5.symmetric;
        metadataRepo2.getClass();
        int length2 = bArr3.length + 1;
        byte[] bArr8 = new byte[length2];
        System.arraycopy(bArr3, 0, bArr8, 0, bArr3.length);
        bArr8[bArr3.length] = b3;
        SHAKEDigest sHAKEDigest2 = (SHAKEDigest) metadataRepo2.mTypeface;
        sHAKEDigest2.absorb(bArr8, 0, length2);
        sHAKEDigest2.doFinal(bArr7, 0, 128);
        Ntt.mlkemCBD(poly5, bArr7, 2);
        poly.polyVecNtt();
        for (int i14 = 0; i14 < i; i14++) {
            Poly.pointwiseAccountMontgomery(((Poly[]) poly4.coeffs)[i14], polyArr4[i14], poly, mLKEMEngine);
        }
        Poly.pointwiseAccountMontgomery(poly6, poly2, poly, mLKEMEngine);
        for (int i15 = 0; i15 < poly4.polyCompressedBytes; i15++) {
            ((Poly[]) poly4.coeffs)[i15].polyInverseNttToMont();
        }
        poly6.polyInverseNttToMont();
        for (int i16 = 0; i16 < poly4.polyCompressedBytes; i16++) {
            ((Poly[]) poly4.coeffs)[i16].addCoeffs(((Poly[]) poly3.coeffs)[i16]);
        }
        poly6.addCoeffs(poly5);
        for (int i17 = 0; i17 < 256; i17++) {
            short[] sArr2 = (short[]) poly6.coeffs;
            sArr2[i17] = (short) (sArr2[i17] + sArr[i17]);
        }
        for (int i18 = 0; i18 < poly4.polyCompressedBytes; i18++) {
            ((Poly[]) poly4.coeffs)[i18].reduce();
        }
        poly6.reduce();
        byte[] bArr9 = new byte[this.indCpaBytes];
        int i19 = 0;
        while (true) {
            polyArr = (Poly[]) poly4.coeffs;
            i2 = poly4.polyCompressedBytes;
            if (i19 >= i2) {
                break;
            }
            polyArr[i19].conditionalSubQ();
            i19++;
        }
        int i20 = ((MLKEMEngine) poly4.symmetric).KyberPolyVecCompressedBytes;
        byte[] bArr10 = new byte[i20];
        int i21 = 4;
        if (i20 == i2 * 320) {
            short[] sArr3 = new short[4];
            int i22 = 0;
            for (int i23 = 0; i23 < i2; i23++) {
                int i24 = 0;
                while (i24 < 64) {
                    int i25 = 0;
                    while (i25 < i21) {
                        sArr3[i25] = (short) (((((((short[]) polyArr[i23].coeffs)[(i24 * 4) + i25] << 10) + 1665) * 1290167) >> i9) & 1023);
                        i25++;
                        i21 = i21;
                    }
                    int i26 = i21;
                    short s = sArr3[0];
                    bArr10[i22] = (byte) s;
                    short s2 = sArr3[z3 ? 1 : 0];
                    bArr10[i22 + 1] = (byte) ((s >> 8) | (s2 << 2));
                    short s3 = sArr3[2];
                    bArr10[i22 + 2] = (byte) ((s2 >> 6) | (s3 << 4));
                    short s4 = sArr3[3];
                    bArr10[i22 + 3] = (byte) ((s3 >> 4) | (s4 << 6));
                    bArr10[i22 + 4] = (byte) (s4 >> 2);
                    i22 += 5;
                    i24++;
                    i21 = i26;
                }
            }
            i3 = i21;
            c = 7;
            c2 = 5;
            c3 = 3;
        } else {
            i3 = 4;
            c = 7;
            c2 = 5;
            c3 = 3;
            if (i20 != i2 * 352) {
                throw new RuntimeException("Kyber PolyVecCompressedBytes neither 320 * KyberK or 352 * KyberK!");
            }
            int i27 = 8;
            short[] sArr4 = new short[8];
            int i28 = 0;
            int i29 = 0;
            while (i28 < i2) {
                int i30 = 0;
                for (int i31 = i9; i30 < i31; i31 = 32) {
                    int i32 = 0;
                    while (i32 < i27) {
                        sArr4[i32] = (short) (((((((short[]) polyArr[i28].coeffs)[(i30 * 8) + i32] << 11) + 1664) * 645084) >> 31) & 2047);
                        i32++;
                        i27 = 8;
                    }
                    short s5 = sArr4[0];
                    bArr10[i29] = (byte) s5;
                    short s6 = sArr4[z3 ? 1 : 0];
                    bArr10[i29 + 1] = (byte) ((s5 >> 8) | (s6 << 3));
                    short s7 = sArr4[2];
                    bArr10[i29 + 2] = (byte) ((s6 >> 5) | (s7 << 6));
                    bArr10[i29 + 3] = (byte) (s7 >> 2);
                    short s8 = sArr4[3];
                    bArr10[i29 + 4] = (byte) ((s7 >> 10) | (s8 << 1));
                    int i33 = s8 >> 7;
                    short s9 = sArr4[4];
                    bArr10[i29 + 5] = (byte) (i33 | (s9 << 4));
                    int i34 = s9 >> 4;
                    short s10 = sArr4[5];
                    bArr10[i29 + 6] = (byte) (i34 | (s10 << 7));
                    bArr10[i29 + 7] = (byte) (s10 >> 1);
                    int i35 = s10 >> 9;
                    short s11 = sArr4[6];
                    bArr10[i29 + 8] = (byte) (i35 | (s11 << 2));
                    int i36 = s11 >> 6;
                    short s12 = sArr4[7];
                    bArr10[i29 + 9] = (byte) (i36 | (s12 << 5));
                    bArr10[i29 + 10] = (byte) (s12 >> 3);
                    i29 += 11;
                    i30++;
                    i27 = 8;
                }
                i28++;
                i27 = 8;
                i9 = 32;
            }
        }
        int i37 = this.polyVecCompressedBytes;
        System.arraycopy(bArr10, 0, bArr9, 0, i37);
        int i38 = 8;
        byte[] bArr11 = new byte[8];
        int i39 = poly6.polyCompressedBytes;
        byte[] bArr12 = new byte[i39];
        poly6.conditionalSubQ();
        if (i39 == 128) {
            int i40 = 0;
            int i41 = 0;
            while (i40 < 32) {
                int i42 = 0;
                while (i42 < i38) {
                    bArr11[i42] = (byte) (((((((short[]) poly6.coeffs)[(i40 * 8) + i42] << 4) + 1665) * 80635) >> 28) & 15);
                    i42++;
                    i38 = 8;
                }
                bArr12[i41] = (byte) (bArr11[0] | (bArr11[z3 ? 1 : 0] << 4));
                bArr12[i41 + 1] = (byte) (bArr11[2] | (bArr11[c3] << 4));
                bArr12[i41 + 2] = (byte) (bArr11[i3] | (bArr11[c2] << 4));
                bArr12[i41 + 3] = (byte) (bArr11[6] | (bArr11[c] << 4));
                i41 += 4;
                i40++;
                i38 = 8;
            }
        } else {
            if (i39 != 160) {
                throw new RuntimeException("PolyCompressedBytes is neither 128 or 160!");
            }
            int i43 = 0;
            for (int i44 = 0; i44 < 32; i44++) {
                for (int i45 = 0; i45 < 8; i45++) {
                    bArr11[i45] = (byte) (((((((short[]) poly6.coeffs)[(i44 * 8) + i45] << 5) + 1664) * 40318) >> 27) & 31);
                }
                bArr12[i43] = (byte) (bArr11[0] | (bArr11[z3 ? 1 : 0] << 5));
                bArr12[i43 + 1] = (byte) ((bArr11[z3 ? 1 : 0] >> 3) | (bArr11[2] << 2) | (bArr11[c3] << 7));
                bArr12[i43 + 2] = (byte) ((bArr11[c3] >> 1) | (bArr11[i3] << 4));
                bArr12[i43 + 3] = (byte) ((bArr11[i3] >> 4) | (bArr11[c2] << 1) | (bArr11[6] << 6));
                bArr12[i43 + 4] = (byte) ((bArr11[6] >> 2) | (bArr11[c] << 3));
                i43 += 5;
            }
        }
        System.arraycopy(bArr12, 0, bArr9, i37, this.polyCompressedBytes);
        return bArr9;
    }

    public final void generateMatrix(Poly[] polyArr, byte[] bArr, boolean z) {
        byte b;
        byte b2;
        MetadataRepo metadataRepo = this.symmetric;
        metadataRepo.getClass();
        int i = this.KyberGenerateMatrixNBlocks * 168;
        byte[] bArr2 = new byte[i + 2];
        int i2 = 0;
        while (true) {
            int i3 = this.kyberK;
            if (i2 >= i3) {
                return;
            }
            for (int i4 = 0; i4 < i3; i4++) {
                if (z) {
                    b = (byte) i2;
                    b2 = (byte) i4;
                } else {
                    b = (byte) i4;
                    b2 = (byte) i2;
                }
                metadataRepo.xofAbsorb(bArr, b, b2);
                SHAKEDigest sHAKEDigest = (SHAKEDigest) metadataRepo.mMetadataList;
                sHAKEDigest.doOutput(bArr2, 0, i);
                int rejectionSampling = rejectionSampling(((Poly[]) polyArr[i2].coeffs)[i4], 0, 256, bArr2, i);
                int i5 = i;
                while (rejectionSampling < 256) {
                    int i6 = i5 % 3;
                    for (int i7 = 0; i7 < i6; i7++) {
                        bArr2[i7] = bArr2[(i5 - i6) + i7];
                    }
                    sHAKEDigest.doOutput(bArr2, i6, 336);
                    i5 = i6 + 168;
                    rejectionSampling += rejectionSampling(((Poly[]) polyArr[i2].coeffs)[i4], rejectionSampling, 256 - rejectionSampling, bArr2, i5);
                }
            }
            i2++;
        }
    }
}
