package org.bouncycastle.pqc.crypto.snova;

import java.security.SecureRandom;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.digests.SHAKEDigest;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.pqc.crypto.MessageSigner;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.GF16;

/* loaded from: input_file:META-INF/jars/bcprov-jdk18on-1.81.jar:org/bouncycastle/pqc/crypto/snova/SnovaSigner.class */
public class SnovaSigner implements MessageSigner {
    private SnovaParameters params;
    private SnovaEngine engine;
    private SecureRandom random;
    private final SHAKEDigest shake = new SHAKEDigest(256);
    private SnovaPublicKeyParameters pubKey;
    private SnovaPrivateKeyParameters privKey;

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public void init(boolean z, CipherParameters cipherParameters) {
        if (z) {
            this.pubKey = null;
            if (cipherParameters instanceof ParametersWithRandom) {
                ParametersWithRandom parametersWithRandom = (ParametersWithRandom) cipherParameters;
                this.privKey = (SnovaPrivateKeyParameters) parametersWithRandom.getParameters();
                this.random = parametersWithRandom.getRandom();
            } else {
                this.privKey = (SnovaPrivateKeyParameters) cipherParameters;
                this.random = CryptoServicesRegistrar.getSecureRandom();
            }
            this.params = this.privKey.getParameters();
        } else {
            this.pubKey = (SnovaPublicKeyParameters) cipherParameters;
            this.params = this.pubKey.getParameters();
            this.privKey = null;
            this.random = null;
        }
        this.engine = new SnovaEngine(this.params);
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public byte[] generateSignature(byte[] bArr) {
        byte[] copyOfRange;
        byte[] copyOfRange2;
        byte[] messageHash = getMessageHash(bArr);
        byte[] bArr2 = new byte[this.params.getSaltLength()];
        this.random.nextBytes(bArr2);
        byte[] bArr3 = new byte[(((this.params.getN() * this.params.getLsq()) + 1) >>> 1) + this.params.getSaltLength()];
        SnovaKeyElements snovaKeyElements = new SnovaKeyElements(this.params);
        if (this.params.isSkIsSeed()) {
            byte[] privateKey = this.privKey.getPrivateKey();
            copyOfRange = Arrays.copyOfRange(privateKey, 0, 16);
            copyOfRange2 = Arrays.copyOfRange(privateKey, 16, privateKey.length);
            this.engine.genMap1T12Map2(snovaKeyElements, copyOfRange, copyOfRange2);
        } else {
            byte[] privateKey2 = this.privKey.getPrivateKey();
            byte[] bArr4 = new byte[((privateKey2.length - 16) - 32) << 1];
            GF16Utils.decodeMergeInHalf(privateKey2, bArr4, bArr4.length);
            SnovaKeyElements.copy4d(bArr4, SnovaKeyElements.copy4d(bArr4, SnovaKeyElements.copy4d(bArr4, SnovaKeyElements.copy3d(bArr4, SnovaKeyElements.copy3d(bArr4, SnovaKeyElements.copy3d(bArr4, SnovaKeyElements.copy3d(bArr4, SnovaKeyElements.copy3d(bArr4, 0, snovaKeyElements.map1.aAlpha), snovaKeyElements.map1.bAlpha), snovaKeyElements.map1.qAlpha1), snovaKeyElements.map1.qAlpha2), snovaKeyElements.T12), snovaKeyElements.map2.f11), snovaKeyElements.map2.f12), snovaKeyElements.map2.f21);
            copyOfRange = Arrays.copyOfRange(privateKey2, (privateKey2.length - 16) - 32, privateKey2.length - 32);
            copyOfRange2 = Arrays.copyOfRange(privateKey2, privateKey2.length - 32, privateKey2.length);
        }
        signDigestCore(bArr3, messageHash, bArr2, snovaKeyElements.map1.aAlpha, snovaKeyElements.map1.bAlpha, snovaKeyElements.map1.qAlpha1, snovaKeyElements.map1.qAlpha2, snovaKeyElements.T12, snovaKeyElements.map2.f11, snovaKeyElements.map2.f12, snovaKeyElements.map2.f21, copyOfRange, copyOfRange2);
        return Arrays.concatenate(bArr3, bArr);
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public boolean verifySignature(byte[] bArr, byte[] bArr2) {
        byte[] messageHash = getMessageHash(bArr);
        MapGroup1 mapGroup1 = new MapGroup1(this.params);
        byte[] encoded = this.pubKey.getEncoded();
        byte[] copyOf = Arrays.copyOf(encoded, 16);
        byte[] copyOfRange = Arrays.copyOfRange(encoded, 16, encoded.length);
        this.engine.genABQP(mapGroup1, copyOf);
        byte[][][][] bArr3 = new byte[this.params.getM()][this.params.getO()][this.params.getO()][this.params.getLsq()];
        if ((this.params.getLsq() & 1) == 0) {
            MapGroup1.decodeP(copyOfRange, 0, bArr3, copyOfRange.length << 1);
        } else {
            byte[] bArr4 = new byte[copyOfRange.length << 1];
            GF16.decode(copyOfRange, bArr4, bArr4.length);
            MapGroup1.fillP(bArr4, 0, bArr3, bArr4.length);
        }
        return verifySignatureCore(messageHash, bArr2, copyOf, mapGroup1, bArr3);
    }

    void createSignedHash(byte[] bArr, int i, byte[] bArr2, int i2, byte[] bArr3, int i3, int i4, byte[] bArr4, int i5) {
        this.shake.update(bArr, 0, i);
        this.shake.update(bArr2, 0, i2);
        this.shake.update(bArr3, i3, i4);
        this.shake.doFinal(bArr4, 0, i5);
    }

    void signDigestCore(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[][][] bArr4, byte[][][] bArr5, byte[][][] bArr6, byte[][][] bArr7, byte[][][] bArr8, byte[][][][] bArr9, byte[][][][] bArr10, byte[][][][] bArr11, byte[] bArr12, byte[] bArr13) {
        int m = this.params.getM();
        int l = this.params.getL();
        int lsq = this.params.getLsq();
        int alpha = this.params.getAlpha();
        int v = this.params.getV();
        int o = this.params.getO();
        int i = m * lsq;
        int i2 = o * lsq;
        int i3 = v * lsq;
        int i4 = (i2 + 1) >>> 1;
        byte[][] bArr14 = new byte[i][i + 1];
        byte[][] bArr15 = new byte[lsq][lsq];
        byte[] bArr16 = new byte[i];
        byte[][][] bArr17 = new byte[alpha][v][lsq];
        byte[][][] bArr18 = new byte[alpha][v][lsq];
        byte[] bArr19 = new byte[lsq];
        byte[] bArr20 = new byte[lsq];
        byte[] bArr21 = new byte[lsq];
        byte[] bArr22 = new byte[i];
        byte[] bArr23 = new byte[this.params.getN() * lsq];
        byte[] bArr24 = new byte[i4];
        byte[] bArr25 = new byte[(i3 + 1) >>> 1];
        byte[] bArr26 = new byte[l];
        byte b = 0;
        createSignedHash(bArr12, bArr12.length, bArr2, bArr2.length, bArr3, 0, bArr3.length, bArr24, i4);
        GF16.decode(bArr24, 0, bArr22, 0, bArr22.length);
        do {
            for (byte[] bArr27 : bArr14) {
                Arrays.fill(bArr27, (byte) 0);
            }
            b = (byte) (b + 1);
            for (int i5 = 0; i5 < i; i5++) {
                bArr14[i5][i] = bArr22[i5];
            }
            this.shake.update(bArr13, 0, bArr13.length);
            this.shake.update(bArr2, 0, bArr2.length);
            this.shake.update(bArr3, 0, bArr3.length);
            this.shake.update(b);
            this.shake.doFinal(bArr25, 0, bArr25.length);
            GF16.decode(bArr25, bArr23, bArr25.length << 1);
            int i6 = 0;
            int i7 = 0;
            while (true) {
                int i8 = i7;
                if (i6 >= m) {
                    break;
                }
                Arrays.fill(bArr21, (byte) 0);
                int i9 = 0;
                int i10 = i6;
                while (i9 < alpha) {
                    if (i10 >= o) {
                        i10 -= o;
                    }
                    int i11 = 0;
                    int i12 = 0;
                    while (true) {
                        int i13 = i12;
                        if (i11 >= v) {
                            break;
                        }
                        GF16Utils.gf16mTranMulMul(bArr23, i13, bArr4[i6][i9], bArr5[i6][i9], bArr6[i6][i9], bArr7[i6][i9], bArr26, bArr17[i9][i11], bArr18[i9][i11], l);
                        i11++;
                        i12 = i13 + lsq;
                    }
                    for (int i14 = 0; i14 < v; i14++) {
                        for (int i15 = 0; i15 < v; i15++) {
                            GF16Utils.gf16mMulMulTo(bArr17[i9][i14], bArr9[i10][i14][i15], bArr18[i9][i15], bArr26, bArr21, l);
                        }
                    }
                    i9++;
                    i10++;
                }
                int i16 = 0;
                for (int i17 = 0; i17 < l; i17++) {
                    for (int i18 = 0; i18 < l; i18++) {
                        byte[] bArr28 = bArr14[i8 + i16];
                        int i19 = i16;
                        i16++;
                        bArr28[i] = (byte) (bArr28[i] ^ bArr21[i19]);
                    }
                }
                int i20 = 0;
                int i21 = 0;
                while (true) {
                    int i22 = i21;
                    if (i20 < o) {
                        int i23 = 0;
                        int i24 = i6;
                        while (i23 < alpha) {
                            if (i24 >= o) {
                                i24 -= o;
                            }
                            for (int i25 = 0; i25 < lsq; i25++) {
                                Arrays.fill(bArr15[i25], (byte) 0);
                            }
                            for (int i26 = 0; i26 < v; i26++) {
                                GF16Utils.gf16mMulMul(bArr17[i23][i26], bArr10[i24][i26][i20], bArr7[i6][i23], bArr26, bArr19, l);
                                GF16Utils.gf16mMulMul(bArr6[i6][i23], bArr11[i24][i20][i26], bArr18[i23][i26], bArr26, bArr20, l);
                                int i27 = 0;
                                int i28 = 0;
                                int i29 = 0;
                                while (i27 < lsq) {
                                    if (i28 == l) {
                                        i28 = 0;
                                        i29 += l;
                                    }
                                    byte b2 = bArr19[i29];
                                    byte b3 = bArr20[i28];
                                    int i30 = 0;
                                    int i31 = 0;
                                    int i32 = 0;
                                    int i33 = 0;
                                    int i34 = 0;
                                    while (true) {
                                        int i35 = i34;
                                        if (i30 < lsq) {
                                            if (i31 == l) {
                                                i31 = 0;
                                                i35 = 0;
                                                i32++;
                                                i33 += l;
                                                b2 = bArr19[i29 + i32];
                                                b3 = bArr20[i33 + i28];
                                            }
                                            byte b4 = bArr5[i6][i23][i35 + i28];
                                            byte b5 = bArr4[i6][i23][i29 + i31];
                                            byte[] bArr29 = bArr15[i27];
                                            int i36 = i30;
                                            bArr29[i36] = (byte) (bArr29[i36] ^ (GF16.mul(b2, b4) ^ GF16.mul(b5, b3)));
                                            i30++;
                                            i31++;
                                            i34 = i35 + l;
                                        }
                                    }
                                    i27++;
                                    i28++;
                                }
                            }
                            for (int i37 = 0; i37 < lsq; i37++) {
                                for (int i38 = 0; i38 < lsq; i38++) {
                                    byte[] bArr30 = bArr14[i8 + i37];
                                    int i39 = i22 + i38;
                                    bArr30[i39] = (byte) (bArr30[i39] ^ bArr15[i37][i38]);
                                }
                            }
                            i23++;
                            i24++;
                        }
                        i20++;
                        i21 = i22 + lsq;
                    }
                }
                i6++;
                i7 = i8 + lsq;
            }
        } while (performGaussianElimination(bArr14, bArr16, i) != 0);
        int i40 = 0;
        int i41 = 0;
        while (true) {
            int i42 = i41;
            if (i40 >= v) {
                System.arraycopy(bArr16, 0, bArr23, i3, i2);
                GF16.encode(bArr23, bArr, bArr23.length);
                System.arraycopy(bArr3, 0, bArr, bArr.length - 16, 16);
                return;
            }
            int i43 = 0;
            int i44 = 0;
            while (true) {
                int i45 = i44;
                if (i43 < o) {
                    GF16Utils.gf16mMulTo(bArr8[i40][i43], bArr16, i45, bArr23, i42, l);
                    i43++;
                    i44 = i45 + lsq;
                }
            }
            i40++;
            i41 = i42 + lsq;
        }
    }

    boolean verifySignatureCore(byte[] bArr, byte[] bArr2, byte[] bArr3, MapGroup1 mapGroup1, byte[][][][] bArr4) {
        int lsq = this.params.getLsq();
        int o = this.params.getO() * lsq;
        int i = (o + 1) >>> 1;
        int saltLength = this.params.getSaltLength();
        int m = this.params.getM();
        int n = this.params.getN() * lsq;
        int i2 = (n + 1) >>> 1;
        byte[] bArr5 = new byte[i];
        createSignedHash(bArr3, bArr3.length, bArr, bArr.length, bArr2, i2, saltLength, bArr5, i);
        if ((o & 1) != 0) {
            int i3 = i - 1;
            bArr5[i3] = (byte) (bArr5[i3] & 15);
        }
        byte[] bArr6 = new byte[n];
        GF16.decode(bArr2, 0, bArr6, 0, bArr6.length);
        byte[] bArr7 = new byte[m * lsq];
        evaluation(bArr7, mapGroup1, bArr4, bArr6);
        byte[] bArr8 = new byte[i];
        GF16.encode(bArr7, bArr8, bArr7.length);
        return Arrays.areEqual(bArr5, bArr8);
    }

    private void evaluation(byte[] bArr, MapGroup1 mapGroup1, byte[][][][] bArr2, byte[] bArr3) {
        int m = this.params.getM();
        int alpha = this.params.getAlpha();
        int n = this.params.getN();
        int l = this.params.getL();
        int lsq = this.params.getLsq();
        int o = this.params.getO();
        byte[][][] bArr4 = new byte[alpha][n][lsq];
        byte[][][] bArr5 = new byte[alpha][n][lsq];
        byte[] bArr6 = new byte[lsq];
        int i = 0;
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i >= m) {
                return;
            }
            int i4 = 0;
            int i5 = 0;
            while (true) {
                int i6 = i5;
                if (i4 >= n) {
                    break;
                }
                for (int i7 = 0; i7 < alpha; i7++) {
                    GF16Utils.gf16mTranMulMul(bArr3, i6, mapGroup1.aAlpha[i][i7], mapGroup1.bAlpha[i][i7], mapGroup1.qAlpha1[i][i7], mapGroup1.qAlpha2[i][i7], bArr6, bArr4[i7][i4], bArr5[i7][i4], l);
                }
                i4++;
                i5 = i6 + lsq;
            }
            int i8 = 0;
            int i9 = i;
            while (i8 < alpha) {
                if (i9 >= o) {
                    i9 -= o;
                }
                for (int i10 = 0; i10 < n; i10++) {
                    GF16Utils.gf16mMul(getPMatrix(mapGroup1, bArr2, i9, i10, 0), bArr5[i8][0], bArr6, l);
                    for (int i11 = 1; i11 < n; i11++) {
                        GF16Utils.gf16mMulTo(getPMatrix(mapGroup1, bArr2, i9, i10, i11), bArr5[i8][i11], bArr6, l);
                    }
                    GF16Utils.gf16mMulTo(bArr4[i8][i10], bArr6, bArr, i3, l);
                }
                i8++;
                i9++;
            }
            i++;
            i2 = i3 + lsq;
        }
    }

    private byte[] getPMatrix(MapGroup1 mapGroup1, byte[][][][] bArr, int i, int i2, int i3) {
        int v = this.params.getV();
        return i2 < v ? i3 < v ? mapGroup1.p11[i][i2][i3] : mapGroup1.p12[i][i2][i3 - v] : i3 < v ? mapGroup1.p21[i][i2 - v][i3] : bArr[i][i2 - v][i3 - v];
    }

    private int performGaussianElimination(byte[][] bArr, byte[] bArr2, int i) {
        int i2 = i + 1;
        for (int i3 = 0; i3 < i; i3++) {
            int i4 = i3;
            while (i4 < i && bArr[i4][i3] == 0) {
                i4++;
            }
            if (i4 >= i) {
                return 1;
            }
            if (i4 != i3) {
                byte[] bArr3 = bArr[i3];
                bArr[i3] = bArr[i4];
                bArr[i4] = bArr3;
            }
            byte inv = GF16.inv(bArr[i3][i3]);
            for (int i5 = i3; i5 < i2; i5++) {
                bArr[i3][i5] = GF16.mul(bArr[i3][i5], inv);
            }
            for (int i6 = i3 + 1; i6 < i; i6++) {
                byte b = bArr[i6][i3];
                if (b != 0) {
                    for (int i7 = i3; i7 < i2; i7++) {
                        byte[] bArr4 = bArr[i6];
                        int i8 = i7;
                        bArr4[i8] = (byte) (bArr4[i8] ^ GF16.mul(bArr[i3][i7], b));
                    }
                }
            }
        }
        for (int i9 = i - 1; i9 >= 0; i9--) {
            byte b2 = bArr[i9][i];
            for (int i10 = i9 + 1; i10 < i; i10++) {
                b2 = (byte) (b2 ^ GF16.mul(bArr[i9][i10], bArr2[i10]));
            }
            bArr2[i9] = b2;
        }
        return 0;
    }

    private byte[] getMessageHash(byte[] bArr) {
        byte[] bArr2 = new byte[this.shake.getDigestSize()];
        this.shake.update(bArr, 0, bArr.length);
        this.shake.doFinal(bArr2, 0);
        return bArr2;
    }
}
