package org.bouncycastle.pqc.crypto.cmce;

import java.lang.reflect.Array;
import java.security.SecureRandom;
import org.bouncycastle.asn1.cmc.BodyPartID;
import org.bouncycastle.crypto.digests.Blake2xsDigest;
import org.bouncycastle.crypto.digests.SHAKEDigest;
import org.bouncycastle.util.Arrays;
import org.xbet.casino.navigation.CasinoCategoryItemModel;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes6.dex */
public class CMCEEngine {
    private int COND_BYTES;
    private int GFBITS;
    private int GFMASK;
    private int IRR_BYTES;
    private int PK_NCOLS;
    private int PK_NROWS;
    private int PK_ROW_BYTES;
    private int SYND_BYTES;
    private int SYS_N;
    private int SYS_T;
    private BENES benes;
    private boolean countErrorIndices;
    private final int defaultKeySize;

    /* renamed from: gf, reason: collision with root package name */
    private GF f78335gf;
    private int[] poly;
    private boolean usePadding;
    private boolean usePivots;

    public CMCEEngine(int i14, int i15, int i16, int[] iArr, boolean z14, int i17) {
        BENES benes13;
        this.usePivots = z14;
        this.SYS_N = i15;
        this.SYS_T = i16;
        this.GFBITS = i14;
        this.poly = iArr;
        this.defaultKeySize = i17;
        this.IRR_BYTES = i16 * 2;
        this.COND_BYTES = (1 << (i14 - 4)) * ((i14 * 2) - 1);
        int i18 = i16 * i14;
        this.PK_NROWS = i18;
        int i19 = i15 - i18;
        this.PK_NCOLS = i19;
        this.PK_ROW_BYTES = (i19 + 7) / 8;
        this.SYND_BYTES = (i18 + 7) / 8;
        this.GFMASK = (1 << i14) - 1;
        if (i14 == 12) {
            this.f78335gf = new GF12(i14);
            benes13 = new BENES12(this.SYS_N, this.SYS_T, this.GFBITS);
        } else {
            this.f78335gf = new GF13(i14);
            benes13 = new BENES13(this.SYS_N, this.SYS_T, this.GFBITS);
        }
        this.benes = benes13;
        this.usePadding = this.SYS_T % 8 != 0;
        this.countErrorIndices = (1 << this.GFBITS) > this.SYS_N;
    }

    private void GF_mul(short[] sArr, short[] sArr2, short[] sArr3) {
        int i14;
        int i15;
        short[] sArr4 = new short[(this.SYS_T * 2) - 1];
        for (int i16 = 0; i16 < (this.SYS_T * 2) - 1; i16++) {
            sArr4[i16] = 0;
        }
        int i17 = 0;
        while (true) {
            i14 = this.SYS_T;
            if (i17 >= i14) {
                break;
            }
            for (int i18 = 0; i18 < this.SYS_T; i18++) {
                int i19 = i17 + i18;
                sArr4[i19] = (short) (this.f78335gf.gf_mul(sArr2[i17], sArr3[i18]) ^ sArr4[i19]);
            }
            i17++;
        }
        int i24 = (i14 - 1) * 2;
        while (true) {
            i15 = this.SYS_T;
            if (i24 < i15) {
                break;
            }
            int i25 = 0;
            while (true) {
                int[] iArr = this.poly;
                if (i25 != iArr.length) {
                    int i26 = iArr[i25];
                    if (i26 == 0 && this.GFBITS == 12) {
                        int i27 = i24 - this.SYS_T;
                        sArr4[i27] = (short) (sArr4[i27] ^ this.f78335gf.gf_mul(sArr4[i24], (short) 2));
                    } else {
                        int i28 = (i24 - this.SYS_T) + i26;
                        sArr4[i28] = (short) (sArr4[i28] ^ sArr4[i24]);
                    }
                    i25++;
                }
            }
            i24--;
        }
        System.arraycopy(sArr4, 0, sArr, 0, i15);
        for (int i29 = 0; i29 < this.SYS_T; i29++) {
            sArr[i29] = sArr4[i29];
        }
    }

    private void bm(short[] sArr, short[] sArr2) {
        int i14;
        int i15 = this.SYS_T;
        short[] sArr3 = new short[i15 + 1];
        short[] sArr4 = new short[i15 + 1];
        short[] sArr5 = new short[i15 + 1];
        int i16 = 0;
        for (int i17 = 0; i17 < this.SYS_T + 1; i17++) {
            sArr5[i17] = 0;
            sArr4[i17] = 0;
        }
        sArr4[0] = 1;
        sArr5[1] = 1;
        short s14 = 0;
        short s15 = 0;
        short s16 = 1;
        while (s14 < this.SYS_T * 2) {
            short s17 = 0;
            for (int i18 = 0; i18 <= min(s14, this.SYS_T); i18++) {
                s17 = (short) (s17 ^ this.f78335gf.gf_mul(sArr4[i18], sArr2[s14 - i18]));
            }
            short s18 = (short) (((short) (((short) (((short) (s17 - 1)) >> 15)) & 1)) - 1);
            short s19 = (short) (((short) (((short) (((short) (((short) (s14 - (s15 * 2))) >> 15)) & 1)) - 1)) & s18);
            for (int i19 = 0; i19 <= this.SYS_T; i19++) {
                sArr3[i19] = sArr4[i19];
            }
            short gf_frac = this.f78335gf.gf_frac(s16, s17);
            for (int i24 = 0; i24 <= this.SYS_T; i24++) {
                sArr4[i24] = (short) ((this.f78335gf.gf_mul(gf_frac, sArr5[i24]) & s18) ^ sArr4[i24]);
            }
            int i25 = ~s19;
            int i26 = s14 + 1;
            s15 = (short) (((i26 - s15) & s19) | (s15 & i25));
            int i27 = 0;
            while (true) {
                i14 = this.SYS_T;
                if (i27 > i14) {
                    break;
                }
                sArr5[i27] = (short) ((sArr5[i27] & i25) | (sArr3[i27] & s19));
                i27++;
            }
            s16 = (short) ((i25 & s16) | (s17 & s19));
            while (i14 >= 1) {
                sArr5[i14] = sArr5[i14 - 1];
                i14--;
            }
            i16 = 0;
            sArr5[0] = 0;
            s14 = (short) i26;
        }
        while (true) {
            int i28 = this.SYS_T;
            if (i16 > i28) {
                return;
            }
            sArr[i16] = sArr4[i28 - i16];
            i16++;
        }
    }

    public static void cbrecursion(byte[] bArr, long j14, long j15, short[] sArr, int i14, long j16, long j17, int[] iArr) {
        long j18;
        long j19 = j17;
        long j24 = 1;
        if (j16 == 1) {
            int i15 = (int) (j14 >> 3);
            bArr[i15] = (byte) ((get_q_short(iArr, i14) << ((int) (j14 & 7))) ^ bArr[i15]);
            return;
        }
        if (sArr != null) {
            for (long j25 = 0; j25 < j19; j25++) {
                int i16 = (int) j25;
                iArr[i16] = sArr[(int) (j25 ^ 1)] | ((sArr[i16] ^ 1) << 16);
            }
        } else {
            for (long j26 = 0; j26 < j19; j26++) {
                long j27 = i14;
                iArr[(int) j26] = ((get_q_short(iArr, (int) (j27 + j26)) ^ 1) << 16) | get_q_short(iArr, (int) (j27 + (j26 ^ 1)));
            }
        }
        int i17 = (int) j19;
        int i18 = 0;
        sort32(iArr, 0, i17);
        for (long j28 = 0; j28 < j19; j28++) {
            int i19 = (int) j28;
            int i24 = 65535 & iArr[i19];
            if (j28 >= i24) {
                i19 = i24;
            }
            iArr[(int) (j19 + j28)] = (i24 << 16) | i19;
        }
        for (long j29 = 0; j29 < j19; j29++) {
            iArr[(int) j29] = (int) ((iArr[r11] << 16) | j29);
        }
        sort32(iArr, 0, i17);
        long j34 = 0;
        while (j34 < j19) {
            int i25 = (int) j34;
            iArr[i25] = (iArr[i25] << 16) + (iArr[(int) (j19 + j34)] >> 16);
            j34++;
            i18 = 0;
        }
        sort32(iArr, i18, i17);
        long j35 = 0;
        if (j16 <= 10) {
            while (j35 < j19) {
                int i26 = (int) (j19 + j35);
                iArr[i26] = ((iArr[(int) j35] & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH) << 10) | (iArr[i26] & 1023);
                j35++;
            }
            long j36 = 1;
            while (j36 < j16 - j24) {
                for (long j37 = 0; j37 < j19; j37 += j24) {
                    iArr[(int) j37] = (int) (((iArr[(int) (j19 + j37)] & (-1024)) << 6) | j37);
                }
                sort32(iArr, 0, i17);
                for (long j38 = 0; j38 < j19; j38++) {
                    int i27 = (int) j38;
                    iArr[i27] = iArr[(int) (j19 + j38)] | (iArr[i27] << 20);
                }
                sort32(iArr, 0, i17);
                for (long j39 = 0; j39 < j19; j39++) {
                    int i28 = iArr[(int) j39];
                    int i29 = 1048575 & i28;
                    int i34 = (int) (j19 + j39);
                    int i35 = (i28 & 1047552) | (iArr[i34] & 1023);
                    if (i29 >= i35) {
                        i29 = i35;
                    }
                    iArr[i34] = i29;
                }
                j36++;
                j24 = 1;
            }
            long j44 = j24;
            for (long j45 = 0; j45 < j19; j45 += j44) {
                int i36 = (int) (j19 + j45);
                iArr[i36] = iArr[i36] & 1023;
            }
        } else {
            while (j35 < j19) {
                int i37 = (int) (j19 + j35);
                iArr[i37] = (iArr[(int) j35] << 16) | (iArr[i37] & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH);
                j35++;
            }
            long j46 = 1;
            for (long j47 = 1; j46 < j16 - j47; j47 = 1) {
                for (long j48 = 0; j48 < j19; j48++) {
                    iArr[(int) j48] = (int) ((iArr[(int) (j19 + j48)] & (-65536)) | j48);
                }
                sort32(iArr, 0, i17);
                for (long j49 = 0; j49 < j19; j49++) {
                    int i38 = (int) j49;
                    iArr[i38] = (iArr[i38] << 16) | (iArr[(int) (j19 + j49)] & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH);
                }
                if (j46 < j16 - 2) {
                    for (long j54 = 0; j54 < j19; j54++) {
                        int i39 = (int) (j19 + j54);
                        iArr[i39] = (iArr[(int) j54] & (-65536)) | (iArr[i39] >> 16);
                    }
                    sort32(iArr, i17, (int) (j19 * 2));
                    for (long j55 = 0; j55 < j19; j55++) {
                        int i44 = (int) (j19 + j55);
                        iArr[i44] = (iArr[i44] << 16) | (iArr[(int) j55] & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH);
                    }
                }
                sort32(iArr, 0, i17);
                for (long j56 = 0; j56 < j19; j56++) {
                    int i45 = (int) (j19 + j56);
                    int i46 = iArr[i45];
                    int i47 = (iArr[(int) j56] & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH) | (i46 & (-65536));
                    if (i47 < i46) {
                        iArr[i45] = i47;
                    }
                }
                j46++;
            }
            for (long j57 = 0; j57 < j19; j57++) {
                int i48 = (int) (j19 + j57);
                iArr[i48] = iArr[i48] & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH;
            }
        }
        long j58 = 0;
        if (sArr != null) {
            while (j58 < j19) {
                iArr[(int) j58] = (int) ((sArr[r0] << 16) + j58);
                j58++;
            }
        } else {
            while (j58 < j19) {
                iArr[(int) j58] = (int) ((get_q_short(iArr, (int) (i14 + j58)) << 16) + j58);
                j58++;
            }
        }
        sort32(iArr, 0, i17);
        long j59 = j14;
        long j64 = 0;
        while (true) {
            j18 = j19 / 2;
            if (j64 >= j18) {
                break;
            }
            long j65 = j64 * 2;
            long j66 = j19 + j65;
            int i49 = (int) j66;
            int i54 = iArr[i49] & 1;
            int i55 = (int) (i54 + j65);
            int i56 = (int) (j59 >> 3);
            bArr[i56] = (byte) (bArr[i56] ^ (i54 << ((int) (j59 & 7))));
            j59 += j15;
            iArr[i49] = (iArr[(int) j65] << 16) | i55;
            iArr[(int) (j66 + 1)] = (iArr[(int) (j65 + 1)] << 16) | (i55 ^ 1);
            j64++;
        }
        long j67 = j19 * 2;
        sort32(iArr, i17, (int) j67);
        long j68 = j16 * 2;
        long j69 = j59 + ((j68 - 3) * j15 * j18);
        long j74 = 0;
        while (j74 < j18) {
            long j75 = j74 * 2;
            long j76 = j67;
            long j77 = j19 + j75;
            int i57 = iArr[(int) j77];
            int i58 = i57 & 1;
            int i59 = (int) (i58 + j75);
            int i64 = (int) (j69 >> 3);
            bArr[i64] = (byte) (bArr[i64] ^ (i58 << ((int) (j69 & 7))));
            j69 += j15;
            iArr[(int) j75] = (i57 & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH) | (i59 << 16);
            iArr[(int) (j75 + 1)] = ((i59 ^ 1) << 16) | (iArr[(int) (j77 + 1)] & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH);
            j68 = j68;
            j67 = j76;
            j74++;
            j19 = j17;
        }
        long j78 = j67;
        sort32(iArr, 0, i17);
        long j79 = j69 - (((j68 - 2) * j15) * j18);
        short[] sArr2 = new short[i17 * 4];
        for (long j84 = 0; j84 < j78; j84++) {
            long j85 = j84 * 2;
            int i65 = iArr[(int) j84];
            sArr2[(int) (j85 + 0)] = (short) i65;
            sArr2[(int) (j85 + 1)] = (short) ((i65 & (-65536)) >> 16);
        }
        for (long j86 = 0; j86 < j18; j86++) {
            long j87 = j86 * 2;
            sArr2[(int) j86] = (short) ((iArr[(int) j87] & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH) >>> 1);
            sArr2[(int) (j86 + j18)] = (short) ((iArr[(int) (j87 + 1)] & Blake2xsDigest.UNKNOWN_DIGEST_LENGTH) >>> 1);
        }
        for (long j88 = 0; j88 < j18; j88++) {
            long j89 = j88 * 2;
            iArr[(int) (j17 + (j17 / 4) + j88)] = (sArr2[(int) (j89 + 1)] << 16) | sArr2[(int) j89];
        }
        long j94 = j15 * 2;
        long j95 = j17 + (j17 / 4);
        long j96 = j16 - 1;
        cbrecursion(bArr, j79, j94, null, ((int) j95) * 2, j96, j18, iArr);
        cbrecursion(bArr, j79 + j15, j94, null, (int) ((j95 * 2) + j18), j96, j18, iArr);
    }

    private static void controlbitsfrompermutation(byte[] bArr, short[] sArr, long j14, long j15) {
        long j16 = 2;
        int[] iArr = new int[(int) (j15 * 2)];
        int i14 = (int) j15;
        short[] sArr2 = new short[i14];
        while (true) {
            short s14 = 0;
            for (int i15 = 0; i15 < (((((j14 * j16) - 1) * j15) / j16) + 7) / 8; i15++) {
                bArr[i15] = 0;
            }
            int i16 = i14;
            short[] sArr3 = sArr2;
            int[] iArr2 = iArr;
            cbrecursion(bArr, 0L, 1L, sArr, 0, j14, j15, iArr);
            for (int i17 = 0; i17 < j15; i17++) {
                sArr3[i17] = (short) i17;
            }
            int i18 = 0;
            for (int i19 = 0; i19 < j14; i19++) {
                layer(sArr3, bArr, i18, i19, i16);
                i18 = (int) (i18 + (j15 >> 4));
            }
            for (int i24 = (int) (j14 - 2); i24 >= 0; i24--) {
                layer(sArr3, bArr, i18, i24, i16);
                i18 = (int) (i18 + (j15 >> 4));
            }
            int i25 = 0;
            while (i25 < j15) {
                short s15 = (short) (s14 | (sArr[i25] ^ sArr3[i25]));
                i25++;
                s14 = s15;
            }
            if (s14 == 0) {
                return;
            }
            sArr2 = sArr3;
            i14 = i16;
            iArr = iArr2;
            j16 = 2;
        }
    }

    private static int ctz(long j14) {
        int i14 = 0;
        int i15 = 0;
        for (int i16 = 0; i16 < 64; i16++) {
            int i17 = (int) ((j14 >> i16) & 1);
            i15 |= i17;
            i14 += (i15 ^ 1) & (i17 ^ 1);
        }
        return i14;
    }

    private int decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i14;
        int i15;
        int i16 = this.SYS_T;
        short[] sArr = new short[i16 + 1];
        int i17 = this.SYS_N;
        short[] sArr2 = new short[i17];
        short[] sArr3 = new short[i16 * 2];
        short[] sArr4 = new short[i16 * 2];
        short[] sArr5 = new short[i16 + 1];
        short[] sArr6 = new short[i17];
        byte[] bArr4 = new byte[i17 / 8];
        int i18 = 0;
        while (true) {
            i14 = this.SYND_BYTES;
            if (i18 >= i14) {
                break;
            }
            bArr4[i18] = bArr3[i18];
            i18++;
        }
        while (i14 < this.SYS_N / 8) {
            bArr4[i14] = 0;
            i14++;
        }
        int i19 = 0;
        while (true) {
            i15 = this.SYS_T;
            if (i19 >= i15) {
                break;
            }
            sArr[i19] = Utils.load_gf(bArr2, (i19 * 2) + 40, this.GFMASK);
            i19++;
        }
        sArr[i15] = 1;
        this.benes.support_gen(sArr2, bArr2);
        synd(sArr3, sArr, sArr2, bArr4);
        bm(sArr5, sArr3);
        root(sArr6, sArr5, sArr2);
        for (int i24 = 0; i24 < this.SYS_N / 8; i24++) {
            bArr[i24] = 0;
        }
        int i25 = 0;
        for (int i26 = 0; i26 < this.SYS_N; i26++) {
            short gf_iszero = (short) (this.f78335gf.gf_iszero(sArr6[i26]) & 1);
            int i27 = i26 / 8;
            bArr[i27] = (byte) (bArr[i27] | (gf_iszero << (i26 % 8)));
            i25 += gf_iszero;
        }
        synd(sArr4, sArr, sArr2, bArr);
        int i28 = this.SYS_T ^ i25;
        for (int i29 = 0; i29 < this.SYS_T * 2; i29++) {
            i28 |= sArr3[i29] ^ sArr4[i29];
        }
        return (((i28 - 1) >> 15) & 1) ^ 1;
    }

    private void encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        generate_error_vector(bArr3, secureRandom);
        syndrome(bArr, bArr2, bArr3);
    }

    private short eval(short[] sArr, short s14) {
        int i14 = this.SYS_T;
        short s15 = sArr[i14];
        for (int i15 = i14 - 1; i15 >= 0; i15--) {
            s15 = this.f78335gf.gf_add(this.f78335gf.gf_mul(s15, s14), sArr[i15]);
        }
        return s15;
    }

    private void generate_error_vector(byte[] bArr, SecureRandom secureRandom) {
        int i14;
        int i15 = this.SYS_T;
        short[] sArr = new short[i15 * 2];
        short[] sArr2 = new short[i15];
        byte[] bArr2 = new byte[i15];
        while (true) {
            if (this.countErrorIndices) {
                byte[] bArr3 = new byte[this.SYS_T * 4];
                secureRandom.nextBytes(bArr3);
                for (int i16 = 0; i16 < this.SYS_T * 2; i16++) {
                    sArr[i16] = Utils.load_gf(bArr3, i16 * 2, this.GFMASK);
                }
                int i17 = 0;
                int i18 = 0;
                while (true) {
                    i14 = this.SYS_T;
                    if (i17 >= i14 * 2 || i18 >= i14) {
                        break;
                    }
                    short s14 = sArr[i17];
                    if (s14 < this.SYS_N) {
                        sArr2[i18] = s14;
                        i18++;
                    }
                    i17++;
                }
                if (i18 < i14) {
                    continue;
                }
            } else {
                byte[] bArr4 = new byte[this.SYS_T * 2];
                secureRandom.nextBytes(bArr4);
                for (int i19 = 0; i19 < this.SYS_T; i19++) {
                    sArr2[i19] = Utils.load_gf(bArr4, i19 * 2, this.GFMASK);
                }
            }
            boolean z14 = false;
            for (int i24 = 1; i24 < this.SYS_T && !z14; i24++) {
                int i25 = 0;
                while (true) {
                    if (i25 >= i24) {
                        break;
                    }
                    if (sArr2[i24] == sArr2[i25]) {
                        z14 = true;
                        break;
                    }
                    i25++;
                }
            }
            if (!z14) {
                break;
            }
        }
        for (int i26 = 0; i26 < this.SYS_T; i26++) {
            bArr2[i26] = (byte) (1 << (sArr2[i26] & 7));
        }
        for (short s15 = 0; s15 < this.SYS_N / 8; s15 = (short) (s15 + 1)) {
            bArr[s15] = 0;
            for (int i27 = 0; i27 < this.SYS_T; i27++) {
                bArr[s15] = (byte) ((((short) (same_mask32(s15, (short) (sArr2[i27] >> 3)) & 255)) & bArr2[i27]) | bArr[s15]);
            }
        }
    }

    private int generate_irr_poly(short[] sArr) {
        int i14 = this.SYS_T;
        short[][] sArr2 = (short[][]) Array.newInstance((Class<?>) Short.TYPE, i14 + 1, i14);
        sArr2[0][0] = 1;
        for (int i15 = 1; i15 < this.SYS_T; i15++) {
            sArr2[0][i15] = 0;
        }
        for (int i16 = 0; i16 < this.SYS_T; i16++) {
            sArr2[1][i16] = sArr[i16];
        }
        for (int i17 = 2; i17 <= this.SYS_T; i17++) {
            GF_mul(sArr2[i17], sArr2[i17 - 1], sArr);
        }
        int i18 = 0;
        while (i18 < this.SYS_T) {
            int i19 = i18 + 1;
            for (int i24 = i19; i24 < this.SYS_T; i24++) {
                short gf_iszero = this.f78335gf.gf_iszero(sArr2[i18][i18]);
                for (int i25 = i18; i25 < this.SYS_T + 1; i25++) {
                    short[] sArr3 = sArr2[i25];
                    sArr3[i18] = (short) (sArr3[i18] ^ (sArr3[i24] & gf_iszero));
                }
            }
            short s14 = sArr2[i18][i18];
            if (s14 == 0) {
                return -1;
            }
            short gf_inv = this.f78335gf.gf_inv(s14);
            for (int i26 = i18; i26 < this.SYS_T + 1; i26++) {
                short[] sArr4 = sArr2[i26];
                sArr4[i18] = this.f78335gf.gf_mul(sArr4[i18], gf_inv);
            }
            for (int i27 = 0; i27 < this.SYS_T; i27++) {
                if (i27 != i18) {
                    short s15 = sArr2[i18][i27];
                    for (int i28 = i18; i28 < this.SYS_T + 1; i28++) {
                        short[] sArr5 = sArr2[i28];
                        sArr5[i27] = (short) (sArr5[i27] ^ this.f78335gf.gf_mul(sArr5[i18], s15));
                    }
                }
            }
            i18 = i19;
        }
        int i29 = 0;
        while (true) {
            int i34 = this.SYS_T;
            if (i29 >= i34) {
                return 0;
            }
            sArr[i29] = sArr2[i34][i29];
            i29++;
        }
    }

    public static short get_q_short(int[] iArr, int i14) {
        int i15 = i14 / 2;
        return (short) (i14 % 2 == 0 ? iArr[i15] : (iArr[i15] & (-65536)) >> 16);
    }

    private static void layer(short[] sArr, byte[] bArr, int i14, int i15, int i16) {
        int i17 = 1 << i15;
        int i18 = 0;
        for (int i19 = 0; i19 < i16; i19 += i17 * 2) {
            for (int i24 = 0; i24 < i17; i24++) {
                int i25 = i19 + i24;
                short s14 = sArr[i25];
                int i26 = i25 + i17;
                int i27 = (sArr[i26] ^ s14) & (-((bArr[(i18 >> 3) + i14] >> (i18 & 7)) & 1));
                sArr[i25] = (short) (s14 ^ i27);
                sArr[i26] = (short) (sArr[i26] ^ i27);
                i18++;
            }
        }
    }

    private static int min(short s14, int i14) {
        return s14 < i14 ? s14 : i14;
    }

    private int mov_columns(byte[][] bArr, short[] sArr, long[] jArr) {
        byte[] bArr2;
        long load8;
        long[] jArr2 = new long[64];
        int i14 = 32;
        long[] jArr3 = new long[32];
        byte[] bArr3 = new byte[9];
        int i15 = this.PK_NROWS - 32;
        int i16 = i15 / 8;
        int i17 = i15 % 8;
        char c14 = 0;
        if (this.usePadding) {
            for (int i18 = 0; i18 < 32; i18++) {
                for (int i19 = 0; i19 < 9; i19++) {
                    bArr3[i19] = bArr[i15 + i18][i16 + i19];
                }
                int i24 = 0;
                while (i24 < 8) {
                    int i25 = i24 + 1;
                    bArr3[i24] = (byte) (((bArr3[i24] & 255) >> i17) | (bArr3[i25] << (8 - i17)));
                    i24 = i25;
                }
                jArr2[i18] = Utils.load8(bArr3, 0);
            }
        } else {
            for (int i26 = 0; i26 < 32; i26++) {
                jArr2[i26] = Utils.load8(bArr[i15 + i26], i16);
            }
        }
        long j14 = 0;
        jArr[0] = 0;
        int i27 = 0;
        while (i27 < 32) {
            long j15 = jArr2[i27];
            int i28 = i27 + 1;
            for (int i29 = i28; i29 < 32; i29++) {
                j15 |= jArr2[i29];
            }
            if (j15 == j14) {
                return -1;
            }
            int ctz = ctz(j15);
            long j16 = ctz;
            jArr3[i27] = j16;
            jArr[c14] = jArr[c14] | (1 << ((int) j16));
            for (int i34 = i28; i34 < 32; i34++) {
                long j17 = jArr2[i27];
                jArr2[i27] = j17 ^ (jArr2[i34] & (((j17 >> ctz) & 1) - 1));
            }
            int i35 = i28;
            while (i35 < 32) {
                long j18 = jArr2[i35];
                jArr2[i35] = j18 ^ (jArr2[i27] & (-((j18 >> ctz) & 1)));
                i35++;
                ctz = ctz;
                c14 = 0;
            }
            i27 = i28;
            j14 = 0;
        }
        int i36 = 0;
        while (i36 < 32) {
            int i37 = i36 + 1;
            int i38 = i37;
            while (i38 < 64) {
                long same_mask64 = same_mask64((short) i38, (short) jArr3[i36]) & (sArr[r12] ^ sArr[r17]);
                sArr[i15 + i36] = (short) (sArr[r12] ^ same_mask64);
                sArr[i15 + i38] = (short) (same_mask64 ^ sArr[r17]);
                i38++;
                bArr3 = bArr3;
            }
            i36 = i37;
        }
        byte[] bArr4 = bArr3;
        int i39 = 0;
        while (i39 < this.PK_NROWS) {
            if (this.usePadding) {
                for (int i44 = 0; i44 < 9; i44++) {
                    bArr4[i44] = bArr[i39][i16 + i44];
                }
                int i45 = 0;
                while (i45 < 8) {
                    int i46 = i45 + 1;
                    bArr4[i45] = (byte) (((bArr4[i45] & 255) >> i17) | (bArr4[i46] << (8 - i17)));
                    i45 = i46;
                }
                bArr2 = bArr4;
                load8 = Utils.load8(bArr2, 0);
            } else {
                bArr2 = bArr4;
                load8 = Utils.load8(bArr[i39], i16);
            }
            int i47 = 0;
            while (i47 < i14) {
                long j19 = jArr3[i47];
                long j24 = ((load8 >> i47) ^ (load8 >> ((int) j19))) & 1;
                load8 = (j24 << i47) ^ ((j24 << ((int) j19)) ^ load8);
                i47++;
                i14 = 32;
            }
            if (this.usePadding) {
                Utils.store8(bArr2, 0, load8);
                byte[] bArr5 = bArr[i39];
                int i48 = i16 + 8;
                int i49 = 8 - i17;
                bArr5[i48] = (byte) ((((bArr5[i48] & 255) >>> i17) << i17) | ((bArr2[7] & 255) >>> i49));
                bArr5[i16 + 0] = (byte) (((bArr2[0] & 255) << i17) | (((bArr5[i16] & 255) << i49) >>> i49));
                for (int i54 = 7; i54 >= 1; i54--) {
                    bArr[i39][i16 + i54] = (byte) (((bArr2[i54] & 255) << i17) | ((bArr2[i54 - 1] & 255) >>> i49));
                }
            } else {
                Utils.store8(bArr[i39], i16, load8);
            }
            i39++;
            bArr4 = bArr2;
            i14 = 32;
        }
        return 0;
    }

    /* JADX WARN: Code restructure failed: missing block: B:109:0x01e4, code lost:
    
        continue;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int pk_gen(byte[] r18, byte[] r19, int[] r20, short[] r21, long[] r22) {
        /*
            Method dump skipped, instructions count: 592
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pqc.crypto.cmce.CMCEEngine.pk_gen(byte[], byte[], int[], short[], long[]):int");
    }

    private void root(short[] sArr, short[] sArr2, short[] sArr3) {
        for (int i14 = 0; i14 < this.SYS_N; i14++) {
            sArr[i14] = eval(sArr2, sArr3[i14]);
        }
    }

    private static byte same_mask32(short s14, short s15) {
        return (byte) ((-(((s14 ^ s15) - 1) >>> 31)) & 255);
    }

    private static long same_mask64(short s14, short s15) {
        return -(((s14 ^ s15) - 1) >>> 63);
    }

    private static void sort32(int[] iArr, int i14, int i15) {
        int i16 = i15 - i14;
        if (i16 < 2) {
            return;
        }
        int i17 = 1;
        while (i17 < i16 - i17) {
            i17 += i17;
        }
        for (int i18 = i17; i18 > 0; i18 >>>= 1) {
            int i19 = 0;
            for (int i24 = 0; i24 < i16 - i18; i24++) {
                if ((i24 & i18) == 0) {
                    int i25 = i14 + i24;
                    int i26 = i25 + i18;
                    int i27 = iArr[i26];
                    int i28 = iArr[i25];
                    int i29 = i27 ^ i28;
                    int i34 = i27 - i28;
                    int i35 = ((((i27 ^ i34) & i29) ^ i34) >> 31) & i29;
                    iArr[i25] = i28 ^ i35;
                    iArr[i26] = iArr[i26] ^ i35;
                }
            }
            for (int i36 = i17; i36 > i18; i36 >>>= 1) {
                while (i19 < i16 - i36) {
                    if ((i19 & i18) == 0) {
                        int i37 = i14 + i19;
                        int i38 = i37 + i18;
                        int i39 = iArr[i38];
                        for (int i44 = i36; i44 > i18; i44 >>>= 1) {
                            int i45 = i37 + i44;
                            int i46 = iArr[i45];
                            int i47 = i46 ^ i39;
                            int i48 = i46 - i39;
                            int i49 = i47 & ((i48 ^ ((i48 ^ i46) & i47)) >> 31);
                            i39 ^= i49;
                            iArr[i45] = i46 ^ i49;
                        }
                        iArr[i38] = i39;
                    }
                    i19++;
                }
            }
        }
    }

    private static void sort64(long[] jArr, int i14, int i15) {
        int i16 = i15 - i14;
        if (i16 < 2) {
            return;
        }
        int i17 = 1;
        while (i17 < i16 - i17) {
            i17 += i17;
        }
        for (int i18 = i17; i18 > 0; i18 >>>= 1) {
            int i19 = 0;
            for (int i24 = 0; i24 < i16 - i18; i24++) {
                if ((i24 & i18) == 0) {
                    int i25 = i14 + i24;
                    int i26 = i25 + i18;
                    long j14 = jArr[i26];
                    long j15 = jArr[i25];
                    long j16 = (j14 ^ j15) & (-((j14 - j15) >>> 63));
                    jArr[i25] = j15 ^ j16;
                    jArr[i26] = jArr[i26] ^ j16;
                }
            }
            for (int i27 = i17; i27 > i18; i27 >>>= 1) {
                while (i19 < i16 - i27) {
                    if ((i19 & i18) == 0) {
                        int i28 = i14 + i19;
                        int i29 = i28 + i18;
                        long j17 = jArr[i29];
                        for (int i34 = i27; i34 > i18; i34 >>>= 1) {
                            int i35 = i28 + i34;
                            long j18 = jArr[i35];
                            long j19 = (-((j18 - j17) >>> 63)) & (j17 ^ j18);
                            j17 ^= j19;
                            jArr[i35] = j18 ^ j19;
                        }
                        jArr[i29] = j17;
                    }
                    i19++;
                }
            }
        }
    }

    private void synd(short[] sArr, short[] sArr2, short[] sArr3, byte[] bArr) {
        for (int i14 = 0; i14 < this.SYS_T * 2; i14++) {
            sArr[i14] = 0;
        }
        for (int i15 = 0; i15 < this.SYS_N; i15++) {
            short s14 = (short) ((bArr[i15 / 8] >> (i15 % 8)) & 1);
            short eval = eval(sArr2, sArr3[i15]);
            GF gf4 = this.f78335gf;
            short gf_inv = gf4.gf_inv(gf4.gf_mul(eval, eval));
            for (int i16 = 0; i16 < this.SYS_T * 2; i16++) {
                GF gf5 = this.f78335gf;
                sArr[i16] = gf5.gf_add(sArr[i16], gf5.gf_mul(gf_inv, s14));
                gf_inv = this.f78335gf.gf_mul(gf_inv, sArr3[i15]);
            }
        }
    }

    private void syndrome(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        short[] sArr = new short[this.SYS_N / 8];
        int i14 = this.PK_NROWS % 8;
        for (int i15 = 0; i15 < this.SYND_BYTES; i15++) {
            bArr[i15] = 0;
        }
        int i16 = 0;
        for (int i17 = 0; i17 < this.PK_NROWS; i17++) {
            for (int i18 = 0; i18 < this.SYS_N / 8; i18++) {
                sArr[i18] = 0;
            }
            int i19 = 0;
            while (true) {
                int i24 = this.PK_ROW_BYTES;
                if (i19 >= i24) {
                    break;
                }
                sArr[((this.SYS_N / 8) - i24) + i19] = bArr2[i16 + i19];
                i19++;
            }
            if (this.usePadding) {
                for (int i25 = (this.SYS_N / 8) - 1; i25 >= (this.SYS_N / 8) - this.PK_ROW_BYTES; i25--) {
                    sArr[i25] = (short) ((((sArr[i25] & 255) << i14) | ((sArr[i25 - 1] & 255) >>> (8 - i14))) & 255);
                }
            }
            int i26 = i17 / 8;
            int i27 = i17 % 8;
            sArr[i26] = (short) (sArr[i26] | (1 << i27));
            byte b14 = 0;
            for (int i28 = 0; i28 < this.SYS_N / 8; i28++) {
                b14 = (byte) (b14 ^ (sArr[i28] & bArr3[i28]));
            }
            byte b15 = (byte) ((b14 >>> 4) ^ b14);
            byte b16 = (byte) (b15 ^ (b15 >>> 2));
            bArr[i26] = (byte) ((((byte) (1 & ((byte) (b16 ^ (b16 >>> 1))))) << i27) | bArr[i26]);
            i16 += this.PK_ROW_BYTES;
        }
    }

    public int check_c_padding(byte[] bArr) {
        return ((byte) ((((byte) (((byte) ((bArr[this.SYND_BYTES - 1] & 255) >>> (this.PK_NROWS % 8))) - 1)) & 255) >>> 7)) - 1;
    }

    public int check_pk_padding(byte[] bArr) {
        byte b14 = 0;
        for (int i14 = 0; i14 < this.PK_NROWS; i14++) {
            int i15 = this.PK_ROW_BYTES;
            b14 = (byte) (b14 | bArr[((i14 * i15) + i15) - 1]);
        }
        return ((byte) ((((byte) (((byte) ((b14 & 255) >>> (this.PK_NCOLS % 8))) - 1)) & 255) >>> 7)) - 1;
    }

    public byte[] decompress_private_key(byte[] bArr) {
        int i14;
        byte[] bArr2 = new byte[getPrivateKeySize()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        int i15 = (this.SYS_N / 8) + ((1 << this.GFBITS) * 4) + this.IRR_BYTES + 32;
        byte[] bArr3 = new byte[i15];
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i15);
        if (bArr.length <= 40) {
            short[] sArr = new short[this.SYS_T];
            int i16 = this.IRR_BYTES;
            byte[] bArr4 = new byte[i16];
            int i17 = (i15 - 32) - i16;
            for (int i18 = 0; i18 < this.SYS_T; i18++) {
                sArr[i18] = Utils.load_gf(bArr3, (i18 * 2) + i17, this.GFMASK);
            }
            generate_irr_poly(sArr);
            for (int i19 = 0; i19 < this.SYS_T; i19++) {
                Utils.store_gf(bArr4, i19 * 2, sArr[i19]);
            }
            System.arraycopy(bArr4, 0, bArr2, 40, this.IRR_BYTES);
        }
        int length = bArr.length;
        int i24 = this.IRR_BYTES;
        if (length <= i24 + 40) {
            int i25 = this.GFBITS;
            int[] iArr = new int[1 << i25];
            short[] sArr2 = new short[1 << i25];
            int i26 = ((i15 - 32) - i24) - ((1 << i25) * 4);
            int i27 = 0;
            while (true) {
                i14 = this.GFBITS;
                if (i27 >= (1 << i14)) {
                    break;
                }
                iArr[i27] = Utils.load4(bArr3, (i27 * 4) + i26);
                i27++;
            }
            if (this.usePivots) {
                pk_gen(null, bArr2, iArr, sArr2, new long[]{0});
            } else {
                int i28 = 1 << i14;
                long[] jArr = new long[i28];
                for (int i29 = 0; i29 < (1 << this.GFBITS); i29++) {
                    long j14 = iArr[i29];
                    jArr[i29] = j14;
                    long j15 = j14 << 31;
                    jArr[i29] = j15;
                    long j16 = i29 | j15;
                    jArr[i29] = j16;
                    jArr[i29] = j16 & CasinoCategoryItemModel.ALL_FILTERS;
                }
                sort64(jArr, 0, i28);
                for (int i34 = 0; i34 < (1 << this.GFBITS); i34++) {
                    sArr2[i34] = (short) (jArr[i34] & this.GFMASK);
                }
            }
            int i35 = this.COND_BYTES;
            byte[] bArr5 = new byte[i35];
            controlbitsfrompermutation(bArr5, sArr2, this.GFBITS, 1 << r2);
            System.arraycopy(bArr5, 0, bArr2, this.IRR_BYTES + 40, i35);
        }
        int privateKeySize = getPrivateKeySize();
        int i36 = this.SYS_N;
        System.arraycopy(bArr3, 0, bArr2, privateKeySize - (i36 / 8), i36 / 8);
        return bArr2;
    }

    public byte[] generate_public_key_from_private_key(byte[] bArr) {
        byte[] bArr2 = new byte[getPublicKeySize()];
        int i14 = this.GFBITS;
        short[] sArr = new short[1 << i14];
        long[] jArr = {0};
        int[] iArr = new int[1 << i14];
        int i15 = (this.SYS_N / 8) + ((1 << i14) * 4);
        byte[] bArr3 = new byte[i15];
        int i16 = ((i15 - 32) - this.IRR_BYTES) - ((1 << i14) * 4);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i15);
        for (int i17 = 0; i17 < (1 << this.GFBITS); i17++) {
            iArr[i17] = Utils.load4(bArr3, (i17 * 4) + i16);
        }
        pk_gen(bArr2, bArr, iArr, sArr, jArr);
        return bArr2;
    }

    public int getCipherTextSize() {
        return this.SYND_BYTES + 32;
    }

    public int getCondBytes() {
        return this.COND_BYTES;
    }

    public int getDefaultSessionKeySize() {
        return this.defaultKeySize;
    }

    public int getIrrBytes() {
        return this.IRR_BYTES;
    }

    public int getPrivateKeySize() {
        return this.COND_BYTES + this.IRR_BYTES + (this.SYS_N / 8) + 40;
    }

    public int getPublicKeySize() {
        if (!this.usePadding) {
            return (this.PK_NROWS * this.PK_NCOLS) / 8;
        }
        int i14 = this.PK_NROWS;
        return i14 * ((this.SYS_N / 8) - ((i14 - 1) / 8));
    }

    public int kem_dec(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[32];
        int i14 = this.SYS_N / 8;
        byte[] bArr5 = new byte[i14];
        int check_c_padding = this.usePadding ? check_c_padding(bArr2) : 0;
        byte decrypt = (byte) decrypt(bArr5, bArr3, bArr2);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 2);
        sHAKEDigest.update(bArr5, 0, i14);
        sHAKEDigest.doFinal(bArr4, 0, 32);
        byte b14 = 0;
        for (int i15 = 0; i15 < 32; i15++) {
            b14 = (byte) (b14 | (bArr4[i15] ^ bArr2[this.SYND_BYTES + i15]));
        }
        short s14 = (short) (((short) (((short) (((short) (decrypt | b14)) - 1)) >> 8)) & 255);
        int i16 = (this.SYS_N / 8) + 1 + this.SYND_BYTES + 32;
        byte[] bArr6 = new byte[i16];
        bArr6[0] = (byte) (s14 & 1);
        int i17 = 0;
        while (i17 < this.SYS_N / 8) {
            int i18 = i17 + 1;
            bArr6[i18] = (byte) ((bArr3[i17 + 40 + this.IRR_BYTES + this.COND_BYTES] & (~s14)) | (bArr5[i17] & s14));
            i17 = i18;
        }
        for (int i19 = 0; i19 < this.SYND_BYTES + 32; i19++) {
            bArr6[(this.SYS_N / 8) + 1 + i19] = bArr2[i19];
        }
        SHAKEDigest sHAKEDigest2 = new SHAKEDigest(256);
        sHAKEDigest2.update(bArr6, 0, i16);
        sHAKEDigest2.doFinal(bArr, 0, bArr.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b15 = (byte) check_c_padding;
        for (int i24 = 0; i24 < bArr.length; i24++) {
            bArr[i24] = (byte) (bArr[i24] | b15);
        }
        return check_c_padding;
    }

    public int kem_enc(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        int i14 = this.SYS_N / 8;
        byte[] bArr4 = new byte[i14];
        int check_pk_padding = this.usePadding ? check_pk_padding(bArr3) : 0;
        encrypt(bArr, bArr3, bArr4, secureRandom);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 2);
        sHAKEDigest.update(bArr4, 0, i14);
        sHAKEDigest.doFinal(bArr, this.SYND_BYTES, 32);
        sHAKEDigest.update((byte) 1);
        sHAKEDigest.update(bArr4, 0, i14);
        sHAKEDigest.update(bArr, 0, bArr.length);
        sHAKEDigest.doFinal(bArr2, 0, bArr2.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b14 = (byte) (((byte) check_pk_padding) ^ 255);
        for (int i15 = 0; i15 < this.SYND_BYTES + 32; i15++) {
            bArr[i15] = (byte) (bArr[i15] & b14);
        }
        for (int i16 = 0; i16 < 32; i16++) {
            bArr2[i16] = (byte) (bArr2[i16] & b14);
        }
        return check_pk_padding;
    }

    public void kem_keypair(byte[] bArr, byte[] bArr2, SecureRandom secureRandom) {
        int i14;
        int i15;
        short[] sArr;
        byte[] bArr3;
        int i16;
        long j14;
        int i17 = 32;
        byte[] bArr4 = new byte[32];
        byte[] bArr5 = {64};
        secureRandom.nextBytes(bArr4);
        int i18 = (this.SYS_N / 8) + ((1 << this.GFBITS) * 4) + (this.SYS_T * 2) + 32;
        byte[] bArr6 = new byte[i18];
        long[] jArr = {0};
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        byte[] bArr7 = bArr4;
        while (true) {
            sHAKEDigest.update(bArr5, 0, 1);
            sHAKEDigest.update(bArr4, 0, bArr4.length);
            sHAKEDigest.doFinal(bArr6, 0, i18);
            int i19 = i18 - 32;
            byte[] copyOfRange = Arrays.copyOfRange(bArr6, i19, i19 + 32);
            System.arraycopy(bArr7, 0, bArr2, 0, i17);
            byte[] copyOfRange2 = Arrays.copyOfRange(copyOfRange, 0, i17);
            int i24 = this.SYS_T;
            short[] sArr2 = new short[i24];
            int i25 = i19 - (i24 * 2);
            for (int i26 = 0; i26 < this.SYS_T; i26++) {
                sArr2[i26] = Utils.load_gf(bArr6, (i26 * 2) + i25, this.GFMASK);
            }
            if (generate_irr_poly(sArr2) != -1) {
                for (int i27 = 0; i27 < this.SYS_T; i27++) {
                    Utils.store_gf(bArr2, 40 + (i27 * 2), sArr2[i27]);
                }
                int i28 = this.GFBITS;
                int[] iArr = new int[1 << i28];
                i14 = i25 - ((1 << i28) * 4);
                int i29 = 0;
                while (true) {
                    i15 = this.GFBITS;
                    if (i29 >= (1 << i15)) {
                        break;
                    }
                    iArr[i29] = Utils.load4(bArr6, i14 + (i29 * 4));
                    i29++;
                }
                sArr = new short[1 << i15];
                bArr3 = copyOfRange;
                if (pk_gen(bArr, bArr2, iArr, sArr, jArr) != -1) {
                    break;
                }
            } else {
                bArr3 = copyOfRange;
            }
            bArr7 = copyOfRange2;
            bArr4 = bArr3;
            i17 = 32;
        }
        int i34 = this.COND_BYTES;
        byte[] bArr8 = new byte[i34];
        controlbitsfrompermutation(bArr8, sArr, this.GFBITS, 1 << r2);
        System.arraycopy(bArr8, 0, bArr2, this.IRR_BYTES + 40, i34);
        int i35 = this.SYS_N;
        System.arraycopy(bArr6, i14 - (i35 / 8), bArr2, bArr2.length - (i35 / 8), i35 / 8);
        if (this.usePivots) {
            i16 = 32;
            j14 = jArr[0];
        } else {
            j14 = BodyPartID.bodyIdMax;
            i16 = 32;
        }
        Utils.store8(bArr2, i16, j14);
    }
}
