package org.spongycastle.pqc.crypto.ntru;

import java.security.SecureRandom;
import org.spongycastle.crypto.AsymmetricBlockCipher;
import org.spongycastle.crypto.CipherParameters;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.params.ParametersWithRandom;
import org.spongycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.Polynomial;
import org.spongycastle.pqc.math.ntru.polynomial.ProductFormPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.SparseTernaryPolynomial;
import org.spongycastle.pqc.math.ntru.polynomial.TernaryPolynomial;
import org.spongycastle.util.Arrays;

/* loaded from: classes3.dex */
public class NTRUEngine implements AsymmetricBlockCipher {
    private boolean forEncryption;
    private NTRUEncryptionParameters params;
    private NTRUEncryptionPrivateKeyParameters privKey;
    private NTRUEncryptionPublicKeyParameters pubKey;
    private SecureRandom random;

    private IntegerPolynomial MGF(byte[] bArr, int i10, int i11, boolean z10) {
        Digest digest = this.params.hashAlg;
        int digestSize = digest.getDigestSize();
        byte[] bArr2 = new byte[i11 * digestSize];
        if (z10) {
            bArr = calcHash(digest, bArr);
        }
        int i12 = 0;
        while (i12 < i11) {
            digest.update(bArr, 0, bArr.length);
            putInt(digest, i12);
            System.arraycopy(calcHash(digest), 0, bArr2, i12 * digestSize, digestSize);
            i12++;
        }
        IntegerPolynomial integerPolynomial = new IntegerPolynomial(i10);
        while (true) {
            int i13 = 0;
            for (int i14 = 0; i14 != bArr2.length; i14++) {
                int i15 = bArr2[i14] & 255;
                if (i15 < 243) {
                    for (int i16 = 0; i16 < 4; i16++) {
                        int i17 = i15 % 3;
                        integerPolynomial.coeffs[i13] = i17 - 1;
                        i13++;
                        if (i13 == i10) {
                            return integerPolynomial;
                        }
                        i15 = (i15 - i17) / 3;
                    }
                    integerPolynomial.coeffs[i13] = i15 - 1;
                    i13++;
                    if (i13 == i10) {
                        return integerPolynomial;
                    }
                }
            }
            if (i13 >= i10) {
                return integerPolynomial;
            }
            digest.update(bArr, 0, bArr.length);
            putInt(digest, i12);
            bArr2 = calcHash(digest);
            i12++;
        }
    }

    private byte[] buildSData(byte[] bArr, byte[] bArr2, int i10, byte[] bArr3, byte[] bArr4) {
        byte[] bArr5 = new byte[bArr.length + i10 + bArr3.length + bArr4.length];
        System.arraycopy(bArr, 0, bArr5, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr5, bArr.length, bArr2.length);
        System.arraycopy(bArr3, 0, bArr5, bArr.length + bArr2.length, bArr3.length);
        System.arraycopy(bArr4, 0, bArr5, bArr.length + bArr2.length + bArr3.length, bArr4.length);
        return bArr5;
    }

    private byte[] calcHash(Digest digest) {
        byte[] bArr = new byte[digest.getDigestSize()];
        digest.doFinal(bArr, 0);
        return bArr;
    }

    private byte[] calcHash(Digest digest, byte[] bArr) {
        byte[] bArr2 = new byte[digest.getDigestSize()];
        digest.update(bArr, 0, bArr.length);
        digest.doFinal(bArr2, 0);
        return bArr2;
    }

    private byte[] copyOf(byte[] bArr, int i10) {
        byte[] bArr2 = new byte[i10];
        if (i10 >= bArr.length) {
            i10 = bArr.length;
        }
        System.arraycopy(bArr, 0, bArr2, 0, i10);
        return bArr2;
    }

    private byte[] decrypt(byte[] bArr, NTRUEncryptionPrivateKeyParameters nTRUEncryptionPrivateKeyParameters) throws InvalidCipherTextException {
        Polynomial polynomial = nTRUEncryptionPrivateKeyParameters.f24172t;
        IntegerPolynomial integerPolynomial = nTRUEncryptionPrivateKeyParameters.fp;
        IntegerPolynomial integerPolynomial2 = nTRUEncryptionPrivateKeyParameters.f24171h;
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        int i10 = nTRUEncryptionParameters.N;
        int i11 = nTRUEncryptionParameters.f24170q;
        int i12 = nTRUEncryptionParameters.f24167db;
        int i13 = nTRUEncryptionParameters.maxMsgLenBytes;
        int i14 = nTRUEncryptionParameters.dm0;
        int i15 = nTRUEncryptionParameters.pkLen;
        int i16 = nTRUEncryptionParameters.minCallsMask;
        boolean z10 = nTRUEncryptionParameters.hashSeed;
        byte[] bArr2 = nTRUEncryptionParameters.oid;
        if (i13 > 255) {
            throw new DataLengthException("maxMsgLenBytes values bigger than 255 are not supported");
        }
        int i17 = i12 / 8;
        IntegerPolynomial fromBinary = IntegerPolynomial.fromBinary(bArr, i10, i11);
        IntegerPolynomial decrypt = decrypt(fromBinary, polynomial, integerPolynomial);
        if (decrypt.count(-1) < i14) {
            throw new InvalidCipherTextException("Less than dm0 coefficients equal -1");
        }
        if (decrypt.count(0) < i14) {
            throw new InvalidCipherTextException("Less than dm0 coefficients equal 0");
        }
        if (decrypt.count(1) < i14) {
            throw new InvalidCipherTextException("Less than dm0 coefficients equal 1");
        }
        IntegerPolynomial integerPolynomial3 = (IntegerPolynomial) fromBinary.clone();
        integerPolynomial3.sub(decrypt);
        integerPolynomial3.modPositive(i11);
        IntegerPolynomial integerPolynomial4 = (IntegerPolynomial) integerPolynomial3.clone();
        integerPolynomial4.modPositive(4);
        decrypt.sub(MGF(integerPolynomial4.toBinary(4), i10, i16, z10));
        decrypt.mod3();
        byte[] binary3Sves = decrypt.toBinary3Sves();
        byte[] bArr3 = new byte[i17];
        System.arraycopy(binary3Sves, 0, bArr3, 0, i17);
        int i18 = 255 & binary3Sves[i17];
        if (i18 > i13) {
            throw new InvalidCipherTextException("Message too long: " + i18 + ">" + i13);
        }
        byte[] bArr4 = new byte[i18];
        int i19 = i17 + 1;
        System.arraycopy(binary3Sves, i19, bArr4, 0, i18);
        int i20 = i19 + i18;
        int length = binary3Sves.length - i20;
        byte[] bArr5 = new byte[length];
        System.arraycopy(binary3Sves, i20, bArr5, 0, length);
        if (!Arrays.constantTimeAreEqual(bArr5, new byte[length])) {
            throw new InvalidCipherTextException("The message is not followed by zeroes");
        }
        IntegerPolynomial mult = generateBlindingPoly(buildSData(bArr2, bArr4, i18, bArr3, copyOf(integerPolynomial2.toBinary(i11), i15 / 8)), bArr4).mult(integerPolynomial2);
        mult.modPositive(i11);
        if (mult.equals(integerPolynomial3)) {
            return bArr4;
        }
        throw new InvalidCipherTextException("Invalid message encoding");
    }

    private byte[] encrypt(byte[] bArr, NTRUEncryptionPublicKeyParameters nTRUEncryptionPublicKeyParameters) {
        byte[] bArr2 = bArr;
        IntegerPolynomial integerPolynomial = nTRUEncryptionPublicKeyParameters.f24173h;
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        int i10 = nTRUEncryptionParameters.N;
        int i11 = nTRUEncryptionParameters.f24170q;
        int i12 = nTRUEncryptionParameters.maxMsgLenBytes;
        int i13 = nTRUEncryptionParameters.f24167db;
        int i14 = nTRUEncryptionParameters.bufferLenBits;
        int i15 = nTRUEncryptionParameters.dm0;
        int i16 = nTRUEncryptionParameters.pkLen;
        int i17 = nTRUEncryptionParameters.minCallsMask;
        boolean z10 = nTRUEncryptionParameters.hashSeed;
        byte[] bArr3 = nTRUEncryptionParameters.oid;
        int length = bArr2.length;
        if (i12 > 255) {
            throw new IllegalArgumentException("llen values bigger than 1 are not supported");
        }
        if (length > i12) {
            throw new DataLengthException("Message too long: " + length + ">" + i12);
        }
        while (true) {
            int i18 = i13 / 8;
            byte[] bArr4 = new byte[i18];
            boolean z11 = z10;
            this.random.nextBytes(bArr4);
            int i19 = (i12 + 1) - length;
            int i20 = i17;
            int i21 = i13;
            byte[] bArr5 = new byte[i14 / 8];
            int i22 = i14;
            System.arraycopy(bArr4, 0, bArr5, 0, i18);
            bArr5[i18] = (byte) length;
            int i23 = i18 + 1;
            System.arraycopy(bArr2, 0, bArr5, i23, bArr2.length);
            System.arraycopy(new byte[i19], 0, bArr5, i23 + bArr2.length, i19);
            IntegerPolynomial fromBinary3Sves = IntegerPolynomial.fromBinary3Sves(bArr5, i10);
            int i24 = length;
            byte[] bArr6 = bArr3;
            int i25 = i16;
            IntegerPolynomial mult = generateBlindingPoly(buildSData(bArr3, bArr, i24, bArr4, copyOf(integerPolynomial.toBinary(i11), i16 / 8)), bArr5).mult(integerPolynomial, i11);
            IntegerPolynomial integerPolynomial2 = (IntegerPolynomial) mult.clone();
            integerPolynomial2.modPositive(4);
            fromBinary3Sves.add(MGF(integerPolynomial2.toBinary(4), i10, i20, z11));
            fromBinary3Sves.mod3();
            if (fromBinary3Sves.count(-1) >= i15 && fromBinary3Sves.count(0) >= i15 && fromBinary3Sves.count(1) >= i15) {
                mult.add(fromBinary3Sves, i11);
                mult.ensurePositive(i11);
                return mult.toBinary(i11);
            }
            z10 = z11;
            i17 = i20;
            i16 = i25;
            i13 = i21;
            i14 = i22;
            length = i24;
            bArr3 = bArr6;
            bArr2 = bArr;
        }
    }

    private int[] generateBlindingCoeffs(IndexGenerator indexGenerator, int i10) {
        int[] iArr = new int[this.params.N];
        for (int i11 = -1; i11 <= 1; i11 += 2) {
            int i12 = 0;
            while (i12 < i10) {
                int nextIndex = indexGenerator.nextIndex();
                if (iArr[nextIndex] == 0) {
                    iArr[nextIndex] = i11;
                    i12++;
                }
            }
        }
        return iArr;
    }

    private Polynomial generateBlindingPoly(byte[] bArr, byte[] bArr2) {
        IndexGenerator indexGenerator = new IndexGenerator(bArr, this.params);
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        if (nTRUEncryptionParameters.polyType == 1) {
            return new ProductFormPolynomial(new SparseTernaryPolynomial(generateBlindingCoeffs(indexGenerator, nTRUEncryptionParameters.dr1)), new SparseTernaryPolynomial(generateBlindingCoeffs(indexGenerator, this.params.dr2)), new SparseTernaryPolynomial(generateBlindingCoeffs(indexGenerator, this.params.dr3)));
        }
        int i10 = nTRUEncryptionParameters.dr;
        boolean z10 = nTRUEncryptionParameters.sparse;
        int[] generateBlindingCoeffs = generateBlindingCoeffs(indexGenerator, i10);
        return z10 ? new SparseTernaryPolynomial(generateBlindingCoeffs) : new DenseTernaryPolynomial(generateBlindingCoeffs);
    }

    private int log2(int i10) {
        if (i10 == 2048) {
            return 11;
        }
        throw new IllegalStateException("log2 not fully implemented");
    }

    private void putInt(Digest digest, int i10) {
        digest.update((byte) (i10 >> 24));
        digest.update((byte) (i10 >> 16));
        digest.update((byte) (i10 >> 8));
        digest.update((byte) i10);
    }

    protected IntegerPolynomial decrypt(IntegerPolynomial integerPolynomial, Polynomial polynomial, IntegerPolynomial integerPolynomial2) {
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        boolean z10 = nTRUEncryptionParameters.fastFp;
        IntegerPolynomial mult = polynomial.mult(integerPolynomial, nTRUEncryptionParameters.f24170q);
        if (z10) {
            mult.mult(3);
            mult.add(integerPolynomial);
        }
        mult.center0(this.params.f24170q);
        mult.mod3();
        if (!this.params.fastFp) {
            mult = new DenseTernaryPolynomial(mult).mult(integerPolynomial2, 3);
        }
        mult.center0(3);
        return mult;
    }

    protected IntegerPolynomial encrypt(IntegerPolynomial integerPolynomial, TernaryPolynomial ternaryPolynomial, IntegerPolynomial integerPolynomial2) {
        IntegerPolynomial mult = ternaryPolynomial.mult(integerPolynomial2, this.params.f24170q);
        mult.add(integerPolynomial, this.params.f24170q);
        mult.ensurePositive(this.params.f24170q);
        return mult;
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public int getInputBlockSize() {
        return this.params.maxMsgLenBytes;
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public int getOutputBlockSize() {
        NTRUEncryptionParameters nTRUEncryptionParameters = this.params;
        return ((nTRUEncryptionParameters.N * log2(nTRUEncryptionParameters.f24170q)) + 7) / 8;
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public void init(boolean z10, CipherParameters cipherParameters) {
        NTRUEncryptionParameters parameters;
        this.forEncryption = z10;
        if (z10) {
            if (cipherParameters instanceof ParametersWithRandom) {
                ParametersWithRandom parametersWithRandom = (ParametersWithRandom) cipherParameters;
                this.random = parametersWithRandom.getRandom();
                this.pubKey = (NTRUEncryptionPublicKeyParameters) parametersWithRandom.getParameters();
            } else {
                this.random = new SecureRandom();
                this.pubKey = (NTRUEncryptionPublicKeyParameters) cipherParameters;
            }
            parameters = this.pubKey.getParameters();
        } else {
            NTRUEncryptionPrivateKeyParameters nTRUEncryptionPrivateKeyParameters = (NTRUEncryptionPrivateKeyParameters) cipherParameters;
            this.privKey = nTRUEncryptionPrivateKeyParameters;
            parameters = nTRUEncryptionPrivateKeyParameters.getParameters();
        }
        this.params = parameters;
    }

    @Override // org.spongycastle.crypto.AsymmetricBlockCipher
    public byte[] processBlock(byte[] bArr, int i10, int i11) throws InvalidCipherTextException {
        byte[] bArr2 = new byte[i11];
        System.arraycopy(bArr, i10, bArr2, 0, i11);
        return this.forEncryption ? encrypt(bArr2, this.pubKey) : decrypt(bArr2, this.privKey);
    }
}
