package org.bouncycastle.pqc.crypto.newhope;

import com.appodeal.ads.a.d;
import java.security.SecureRandom;
import kotlin.UByte;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.digests.SHAKEDigest;

/* loaded from: classes5.dex */
public class NewHope {
    public static final int AGREEMENT_SIZE = 32;
    public static final int POLY_SIZE = 1024;
    public static final int SENDA_BYTES = 1824;
    public static final int SENDB_BYTES = 2048;
    private static final boolean STATISTICAL_TEST = false;

    public static void a(short[] sArr, byte[] bArr) {
        SHAKEDigest sHAKEDigest = new SHAKEDigest(128);
        sHAKEDigest.update(bArr, 0, bArr.length);
        int i = 0;
        while (true) {
            byte[] bArr2 = new byte[256];
            sHAKEDigest.doOutput(bArr2, 0, 256);
            for (int i2 = 0; i2 < 256; i2 += 2) {
                int i3 = (bArr2[i2] & UByte.MAX_VALUE) | ((bArr2[i2 + 1] & UByte.MAX_VALUE) << 8);
                if (i3 < 61445) {
                    int i4 = i + 1;
                    sArr[i] = (short) i3;
                    if (i4 == 1024) {
                        return;
                    } else {
                        i = i4;
                    }
                }
            }
        }
    }

    public static void b(byte[] bArr) {
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        sHA3Digest.update(bArr, 0, 32);
        sHA3Digest.doFinal(bArr, 0);
    }

    public static void keygen(SecureRandom secureRandom, byte[] bArr, short[] sArr) {
        byte[] bArr2 = new byte[32];
        secureRandom.nextBytes(bArr2);
        b(bArr2);
        short[] sArr2 = new short[1024];
        a(sArr2, bArr2);
        byte[] bArr3 = new byte[32];
        secureRandom.nextBytes(bArr3);
        Poly.c(sArr, bArr3, (byte) 0);
        Poly.f(sArr);
        short[] sArr3 = new short[1024];
        Poly.c(sArr3, bArr3, (byte) 1);
        Poly.f(sArr3);
        short[] sArr4 = new short[1024];
        Poly.d(sArr2, sArr, sArr4);
        short[] sArr5 = new short[1024];
        Poly.a(sArr4, sArr3, sArr5);
        Poly.e(bArr, sArr5);
        System.arraycopy(bArr2, 0, bArr, 1792, 32);
    }

    public static void sharedA(byte[] bArr, short[] sArr, byte[] bArr2) {
        short[] sArr2 = new short[1024];
        short[] sArr3 = new short[1024];
        Poly.b(sArr2, bArr2);
        for (int i = 0; i < 256; i++) {
            int i2 = i * 4;
            int i3 = bArr2[i + 1792] & UByte.MAX_VALUE;
            sArr3[i2 + 0] = (short) (i3 & 3);
            sArr3[i2 + 1] = (short) ((i3 >>> 2) & 3);
            sArr3[i2 + 2] = (short) ((i3 >>> 4) & 3);
            sArr3[i2 + 3] = (short) (i3 >>> 6);
        }
        short[] sArr4 = new short[1024];
        Poly.d(sArr, sArr2, sArr4);
        NTT.a(sArr4);
        NTT.b(sArr4, Precomp.b);
        NTT.c(sArr4, Precomp.f19066d);
        ErrorCorrection.c(bArr, sArr4, sArr3);
        b(bArr);
    }

    public static void sharedB(SecureRandom secureRandom, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        short[] sArr = new short[1024];
        byte[] bArr4 = new byte[32];
        Poly.b(sArr, bArr3);
        int i = 0;
        System.arraycopy(bArr3, 1792, bArr4, 0, 32);
        short[] sArr2 = new short[1024];
        a(sArr2, bArr4);
        byte[] bArr5 = new byte[32];
        secureRandom.nextBytes(bArr5);
        short[] sArr3 = new short[1024];
        Poly.c(sArr3, bArr5, (byte) 0);
        Poly.f(sArr3);
        short[] sArr4 = new short[1024];
        int i2 = 1;
        Poly.c(sArr4, bArr5, (byte) 1);
        Poly.f(sArr4);
        short[] sArr5 = new short[1024];
        Poly.d(sArr2, sArr3, sArr5);
        Poly.a(sArr5, sArr4, sArr5);
        short[] sArr6 = new short[1024];
        Poly.d(sArr, sArr3, sArr6);
        NTT.a(sArr6);
        NTT.b(sArr6, Precomp.b);
        NTT.c(sArr6, Precomp.f19066d);
        short[] sArr7 = new short[1024];
        Poly.c(sArr7, bArr5, (byte) 2);
        Poly.a(sArr6, sArr7, sArr6);
        short[] sArr8 = new short[1024];
        byte[] bArr6 = new byte[8];
        bArr6[0] = 3;
        byte[] bArr7 = new byte[32];
        d.L(bArr5, bArr6, bArr7, 0, 32);
        int[] iArr = new int[8];
        int i3 = 4;
        int[] iArr2 = new int[4];
        int i4 = 0;
        while (i4 < 256) {
            int i5 = i4 + 0;
            int i6 = ((bArr7[i4 >>> 3] >>> (i4 & 7)) & i2) * 4;
            int a2 = ErrorCorrection.a(iArr, i, i3, (sArr6[i5] * 8) + i6);
            int i7 = i4 + 256;
            int a3 = ErrorCorrection.a(iArr, i2, 5, (sArr6[i7] * 8) + i6) + a2;
            int i8 = i4 + 512;
            int a4 = ErrorCorrection.a(iArr, 2, 6, (sArr6[i8] * 8) + i6) + a3;
            int i9 = i4 + 768;
            int a5 = (24577 - (ErrorCorrection.a(iArr, 3, 7, (sArr6[i9] * 8) + i6) + a4)) >> 31;
            int i10 = ~a5;
            iArr2[0] = (i10 & iArr[0]) ^ (a5 & iArr[4]);
            iArr2[1] = (i10 & iArr[1]) ^ (a5 & iArr[5]);
            iArr2[2] = (i10 & iArr[2]) ^ (iArr[6] & a5);
            iArr2[3] = (i10 & iArr[3]) ^ (iArr[7] & a5);
            sArr8[i5] = (short) ((iArr2[0] - iArr2[3]) & 3);
            sArr8[i7] = (short) ((iArr2[1] - iArr2[3]) & 3);
            sArr8[i8] = (short) ((iArr2[2] - iArr2[3]) & 3);
            sArr8[i9] = (short) (((iArr2[3] * 2) + (-a5)) & 3);
            i4++;
            i3 = 4;
            i = 0;
            i2 = 1;
        }
        Poly.e(bArr2, sArr5);
        for (int i11 = 0; i11 < 256; i11++) {
            int i12 = i11 * 4;
            bArr2[i11 + 1792] = (byte) ((sArr8[i12 + 3] << 6) | sArr8[i12] | (sArr8[i12 + 1] << 2) | (sArr8[i12 + 2] << 4));
        }
        ErrorCorrection.c(bArr, sArr6, sArr8);
        b(bArr);
    }
}
