package org.bouncycastle.pqc.crypto.crystals.kyber;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes6.dex */
public class KyberIndCpa {
    public final int KyberGenerateMatrixNBlocks;
    public KyberEngine engine;
    public int indCpaBytes;
    public int indCpaPublicKeyBytes;
    public int kyberK;
    public int polyCompressedBytes;
    public int polyVecBytes;
    public int polyVecCompressedBytes;
    public Symmetric symmetric;

    public KyberIndCpa(KyberEngine kyberEngine) {
        this.engine = kyberEngine;
        this.kyberK = kyberEngine.KyberK;
        this.indCpaPublicKeyBytes = kyberEngine.KyberPublicKeyBytes;
        this.polyVecBytes = kyberEngine.KyberPolyVecBytes;
        this.indCpaBytes = kyberEngine.KyberIndCpaBytes;
        this.polyVecCompressedBytes = kyberEngine.KyberPolyVecCompressedBytes;
        this.polyCompressedBytes = kyberEngine.KyberPolyCompressedBytes;
        Symmetric symmetric = kyberEngine.symmetric;
        this.symmetric = symmetric;
        int i = symmetric.xofBlockBytes;
        this.KyberGenerateMatrixNBlocks = (i + 472) / i;
    }

    public static int rejectionSampling(Poly poly, int i, int i2, byte[] bArr, int i3) {
        int i4 = 0;
        int i5 = 0;
        while (i4 < i2) {
            int i6 = i5 + 3;
            if (i6 > i3) {
                break;
            }
            int i7 = ((short) (bArr[i5] & 255)) >> 0;
            short s = (short) (bArr[i5 + 1] & 255);
            short s2 = (short) ((i7 | (s << 8)) & 4095);
            short s3 = (short) (((((short) (bArr[i5 + 2] & 255)) << 4) | (s >> 4)) & 4095);
            if (s2 < 3329) {
                poly.coeffs[i + i4] = s2;
                i4++;
            }
            if (i4 < i2 && s3 < 3329) {
                poly.coeffs[i + i4] = s3;
                i4++;
            }
            i5 = i6;
        }
        return i4;
    }

    public final byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        char c;
        int i;
        PolyVec polyVec = new PolyVec(this.engine);
        PolyVec polyVec2 = new PolyVec(this.engine);
        PolyVec polyVec3 = new PolyVec(this.engine);
        PolyVec polyVec4 = new PolyVec(this.engine);
        KyberEngine kyberEngine = this.engine;
        PolyVec[] polyVecArr = new PolyVec[kyberEngine.KyberK];
        Poly poly = new Poly(kyberEngine);
        Poly poly2 = new Poly(this.engine);
        Poly poly3 = new Poly(this.engine);
        int i2 = 32;
        byte[] bArr4 = new byte[32];
        polyVec2.fromBytes(bArr2);
        System.arraycopy(bArr2, this.polyVecBytes, bArr4, 0, 32);
        if (bArr.length != 32) {
            throw new RuntimeException("KYBER_INDCPA_MSGBYTES must be equal to KYBER_N/8 bytes!");
        }
        int i3 = 0;
        while (true) {
            int i4 = 8;
            int i5 = 1;
            if (i3 >= i2) {
                break;
            }
            int i6 = 0;
            while (i6 < i4) {
                poly3.coeffs[(i3 * 8) + i6] = (short) (((short) (((short) (((bArr[i3] & 255) >> i6) & i5)) * (-1))) & 1665);
                i6++;
                i4 = 8;
                i5 = 1;
            }
            i3++;
            i2 = 32;
        }
        for (int i7 = 0; i7 < this.kyberK; i7++) {
            polyVecArr[i7] = new PolyVec(this.engine);
        }
        generateMatrix(polyVecArr, bArr4, true);
        byte b = 0;
        for (int i8 = 0; i8 < this.kyberK; i8++) {
            polyVec.vec[i8].getEta1Noise(b, bArr3);
            b = (byte) (b + 1);
        }
        int i9 = 0;
        while (true) {
            c = 2;
            if (i9 >= this.kyberK) {
                break;
            }
            Poly poly4 = polyVec3.vec[i9];
            byte[] bArr5 = new byte[128];
            poly4.symmetric.prf(bArr5, bArr3, b);
            CBD.kyberCBD(poly4, bArr5, 2);
            b = (byte) (b + 1);
            i9++;
        }
        byte[] bArr6 = new byte[128];
        poly.symmetric.prf(bArr6, bArr3, b);
        CBD.kyberCBD(poly, bArr6, 2);
        polyVec.polyVecNtt();
        for (int i10 = 0; i10 < this.kyberK; i10++) {
            PolyVec.pointwiseAccountMontgomery(polyVec4.vec[i10], polyVecArr[i10], polyVec, this.engine);
        }
        PolyVec.pointwiseAccountMontgomery(poly2, polyVec2, polyVec, this.engine);
        for (int i11 = 0; i11 < polyVec4.kyberK; i11++) {
            polyVec4.vec[i11].polyInverseNttToMont();
        }
        poly2.polyInverseNttToMont();
        for (int i12 = 0; i12 < polyVec4.kyberK; i12++) {
            polyVec4.vec[i12].addCoeffs(polyVec3.vec[i12]);
        }
        poly2.addCoeffs(poly);
        poly2.addCoeffs(poly3);
        for (int i13 = 0; i13 < polyVec4.kyberK; i13++) {
            polyVec4.vec[i13].reduce();
        }
        poly2.reduce();
        byte[] bArr7 = new byte[this.indCpaBytes];
        int i14 = 0;
        while (true) {
            i = polyVec4.kyberK;
            if (i14 >= i) {
                break;
            }
            polyVec4.vec[i14].conditionalSubQ();
            i14++;
        }
        int i15 = polyVec4.engine.KyberPolyVecCompressedBytes;
        byte[] bArr8 = new byte[i15];
        if (i15 == i * 320) {
            short[] sArr = new short[4];
            int i16 = 0;
            for (int i17 = 0; i17 < polyVec4.kyberK; i17++) {
                for (int i18 = 0; i18 < 64; i18++) {
                    for (int i19 = 0; i19 < 4; i19++) {
                        sArr[i19] = (short) ((((polyVec4.vec[i17].coeffs[(i18 * 4) + i19] << 10) + 1664) / 3329) & 1023);
                    }
                    short s = sArr[0];
                    bArr8[i16 + 0] = (byte) (s >> 0);
                    short s2 = sArr[1];
                    bArr8[i16 + 1] = (byte) ((s >> 8) | (s2 << 2));
                    short s3 = sArr[2];
                    bArr8[i16 + 2] = (byte) ((s2 >> 6) | (s3 << 4));
                    int i20 = s3 >> 4;
                    short s4 = sArr[3];
                    bArr8[i16 + 3] = (byte) (i20 | (s4 << 6));
                    bArr8[i16 + 4] = (byte) (s4 >> 2);
                    i16 += 5;
                }
            }
        } else {
            if (i15 != i * 352) {
                throw new RuntimeException("Kyber PolyVecCompressedBytes neither 320 * KyberK or 352 * KyberK!");
            }
            int i21 = 8;
            short[] sArr2 = new short[8];
            int i22 = 0;
            int i23 = 0;
            while (i22 < polyVec4.kyberK) {
                int i24 = 0;
                while (i24 < 32) {
                    int i25 = 0;
                    while (i25 < i21) {
                        sArr2[i25] = (short) ((((polyVec4.vec[i22].coeffs[(i24 * 8) + i25] << 11) + 1664) / 3329) & 2047);
                        i25++;
                        i21 = 8;
                    }
                    short s5 = sArr2[0];
                    bArr8[i23 + 0] = (byte) (s5 >> 0);
                    short s6 = sArr2[1];
                    bArr8[i23 + 1] = (byte) ((s5 >> 8) | (s6 << 3));
                    short s7 = sArr2[c];
                    bArr8[i23 + 2] = (byte) ((s6 >> 5) | (s7 << 6));
                    bArr8[i23 + 3] = (byte) (s7 >> 2);
                    int i26 = s7 >> 10;
                    short s8 = sArr2[3];
                    bArr8[i23 + 4] = (byte) (i26 | (s8 << 1));
                    short s9 = sArr2[4];
                    bArr8[i23 + 5] = (byte) ((s8 >> 7) | (s9 << 4));
                    int i27 = s9 >> 4;
                    short s10 = sArr2[5];
                    bArr8[i23 + 6] = (byte) (i27 | (s10 << 7));
                    bArr8[i23 + 7] = (byte) (s10 >> 1);
                    int i28 = s10 >> 9;
                    short s11 = sArr2[6];
                    bArr8[i23 + 8] = (byte) (i28 | (s11 << 2));
                    short s12 = sArr2[7];
                    bArr8[i23 + 9] = (byte) ((s11 >> 6) | (s12 << 5));
                    bArr8[i23 + 10] = (byte) (s12 >> 3);
                    i23 += 11;
                    i24++;
                    i21 = 8;
                    c = 2;
                }
                i22++;
                i21 = 8;
                c = 2;
            }
        }
        System.arraycopy(bArr8, 0, bArr7, 0, this.polyVecCompressedBytes);
        int i29 = 8;
        byte[] bArr9 = new byte[8];
        byte[] bArr10 = new byte[poly2.polyCompressedBytes];
        poly2.conditionalSubQ();
        int i30 = poly2.polyCompressedBytes;
        if (i30 == 128) {
            int i31 = 0;
            int i32 = 0;
            while (i31 < 32) {
                int i33 = 0;
                while (i33 < i29) {
                    bArr9[i33] = (byte) ((((poly2.coeffs[(i31 * 8) + i33] << 4) + 1664) / 3329) & 15);
                    i33++;
                    i29 = 8;
                }
                bArr10[i32 + 0] = (byte) ((bArr9[1] << 4) | bArr9[0]);
                bArr10[i32 + 1] = (byte) ((bArr9[3] << 4) | bArr9[2]);
                bArr10[i32 + 2] = (byte) (bArr9[4] | (bArr9[5] << 4));
                bArr10[i32 + 3] = (byte) (bArr9[6] | (bArr9[7] << 4));
                i32 += 4;
                i31++;
                i29 = 8;
            }
        } else {
            if (i30 != 160) {
                throw new RuntimeException("PolyCompressedBytes is neither 128 or 160!");
            }
            int i34 = 0;
            for (int i35 = 0; i35 < 32; i35++) {
                for (int i36 = 0; i36 < 8; i36++) {
                    bArr9[i36] = (byte) ((((poly2.coeffs[(i35 * 8) + i36] << 5) + 1664) / 3329) & 31);
                }
                bArr10[i34 + 0] = (byte) ((bArr9[1] << 5) | (bArr9[0] >> 0));
                bArr10[i34 + 1] = (byte) ((bArr9[1] >> 3) | (bArr9[2] << 2) | (bArr9[3] << 7));
                bArr10[i34 + 2] = (byte) ((bArr9[3] >> 1) | (bArr9[4] << 4));
                bArr10[i34 + 3] = (byte) ((bArr9[4] >> 4) | (bArr9[5] << 1) | (bArr9[6] << 6));
                bArr10[i34 + 4] = (byte) ((bArr9[6] >> 2) | (bArr9[7] << 3));
                i34 += 5;
            }
        }
        System.arraycopy(bArr10, 0, bArr7, this.polyVecCompressedBytes, this.polyCompressedBytes);
        return bArr7;
    }

    public final void generateMatrix(PolyVec[] polyVecArr, byte[] bArr, boolean z) {
        byte b;
        byte b2;
        byte[] bArr2 = new byte[(this.KyberGenerateMatrixNBlocks * this.symmetric.xofBlockBytes) + 2];
        for (int i = 0; i < this.kyberK; i++) {
            for (int i2 = 0; i2 < this.kyberK; i2++) {
                Symmetric symmetric = this.symmetric;
                if (z) {
                    b = (byte) i;
                    b2 = (byte) i2;
                } else {
                    b = (byte) i2;
                    b2 = (byte) i;
                }
                symmetric.xofAbsorb(bArr, b, b2);
                Symmetric symmetric2 = this.symmetric;
                symmetric2.xofSqueezeBlocks(bArr2, 0, symmetric2.xofBlockBytes * this.KyberGenerateMatrixNBlocks);
                int i3 = this.KyberGenerateMatrixNBlocks * this.symmetric.xofBlockBytes;
                int rejectionSampling = rejectionSampling(polyVecArr[i].vec[i2], 0, 256, bArr2, i3);
                while (rejectionSampling < 256) {
                    int i4 = i3 % 3;
                    for (int i5 = 0; i5 < i4; i5++) {
                        bArr2[i5] = bArr2[(i3 - i4) + i5];
                    }
                    Symmetric symmetric3 = this.symmetric;
                    symmetric3.xofSqueezeBlocks(bArr2, i4, symmetric3.xofBlockBytes * 2);
                    i3 = this.symmetric.xofBlockBytes + i4;
                    rejectionSampling += rejectionSampling(polyVecArr[i].vec[i2], rejectionSampling, 256 - rejectionSampling, bArr2, i3);
                }
            }
        }
    }
}
