package org.bouncycastle.pqc.crypto.sphincs;

import android.support.v4.media.session.PlaybackStateCompat;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.pqc.crypto.MessageSigner;
import org.bouncycastle.pqc.crypto.sphincs.b;
import org.bouncycastle.util.Pack;

/* loaded from: classes4.dex */
public class SPHINCS256Signer implements MessageSigner {
    private final da.a hashFunctions;
    private byte[] keyData;

    public SPHINCS256Signer(Digest digest, Digest digest2) {
        if (digest.getDigestSize() != 32) {
            throw new IllegalArgumentException("n-digest needs to produce 32 bytes of output");
        }
        if (digest2.getDigestSize() != 64) {
            throw new IllegalArgumentException("2n-digest needs to produce 64 bytes of output");
        }
        this.hashFunctions = new da.a(digest, digest2);
    }

    public static void compute_authpath_wots(da.a aVar, byte[] bArr, byte[] bArr2, int i10, b.a aVar2, byte[] bArr3, byte[] bArr4, int i11) {
        int i12 = aVar2.f14732a;
        long j10 = aVar2.b;
        byte[] bArr5 = new byte[2048];
        byte[] bArr6 = new byte[1024];
        byte[] bArr7 = new byte[68608];
        for (long j11 = 0; j11 < 32; j11++) {
            int i13 = (int) (j11 * 32);
            byte[] bArr8 = new byte[40];
            for (int i14 = 0; i14 < 32; i14++) {
                bArr8[i14] = bArr3[i14];
            }
            Pack.longToLittleEndian(i12 | (j10 << 4) | (j11 << 59), bArr8, 32);
            aVar.f9307a.update(bArr8, 0, 40);
            aVar.f9307a.doFinal(bArr6, i13);
        }
        for (long j12 = 0; j12 < 32; j12++) {
            int i15 = (int) (67 * j12 * 32);
            c4.b.c(bArr7, i15, bArr6, (int) (j12 * 32));
            int i16 = 0;
            while (i16 < 67) {
                int i17 = (i16 * 32) + i15;
                c4.b.d(aVar, bArr7, i17, bArr7, i17, bArr4, 0, 15);
                i16++;
                i15 = i15;
            }
        }
        for (long j13 = 0; j13 < 32; j13++) {
            b.a(aVar, bArr5, (int) ((j13 * 32) + 1024), bArr7, (int) (j13 * 67 * 32), bArr4, 0);
        }
        int i18 = 0;
        for (int i19 = 32; i19 > 0; i19 >>>= 1) {
            for (int i20 = 0; i20 < i19; i20 += 2) {
                aVar.a(bArr5, ((i20 >>> 1) * 32) + ((i19 >>> 1) * 32), bArr5, (i20 * 32) + (i19 * 32), bArr4, (i18 + 7) * 2 * 32);
            }
            i18++;
        }
        int i21 = (int) aVar2.f14733c;
        for (int i22 = 0; i22 < i11; i22++) {
            System.arraycopy(bArr5, (((i21 >>> i22) ^ 1) * 32) + ((32 >>> i22) * 32), bArr2, (i22 * 32) + i10, 32);
        }
        System.arraycopy(bArr5, 32, bArr, 0, 32);
    }

    public static void validate_authpath(da.a aVar, byte[] bArr, byte[] bArr2, int i10, byte[] bArr3, int i11, byte[] bArr4, int i12) {
        byte[] bArr5 = new byte[64];
        if ((i10 & 1) != 0) {
            for (int i13 = 0; i13 < 32; i13++) {
                bArr5[i13 + 32] = bArr2[i13];
            }
            for (int i14 = 0; i14 < 32; i14++) {
                bArr5[i14] = bArr3[i11 + i14];
            }
        } else {
            for (int i15 = 0; i15 < 32; i15++) {
                bArr5[i15] = bArr2[i15];
            }
            for (int i16 = 0; i16 < 32; i16++) {
                bArr5[i16 + 32] = bArr3[i11 + i16];
            }
        }
        int i17 = i11 + 32;
        int i18 = 0;
        int i19 = i10;
        while (i18 < i12 - 1) {
            int i20 = i19 >>> 1;
            if ((i20 & 1) != 0) {
                aVar.a(bArr5, 32, bArr5, 0, bArr4, (i18 + 7) * 2 * 32);
                for (int i21 = 0; i21 < 32; i21++) {
                    bArr5[i21] = bArr3[i17 + i21];
                }
            } else {
                aVar.a(bArr5, 0, bArr5, 0, bArr4, (i18 + 7) * 2 * 32);
                for (int i22 = 0; i22 < 32; i22++) {
                    bArr5[i22 + 32] = bArr3[i17 + i22];
                }
            }
            i17 += 32;
            i18++;
            i19 = i20;
        }
        aVar.a(bArr, 0, bArr5, 0, bArr4, ((i12 + 7) - 1) * 2 * 32);
    }

    private void zerobytes(byte[] bArr, int i10, int i11) {
        for (int i12 = 0; i12 != i11; i12++) {
            bArr[i10 + i12] = 0;
        }
    }

    public byte[] crypto_sign(da.a aVar, byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[41000];
        byte[] bArr4 = new byte[32];
        byte[] bArr5 = new byte[64];
        long[] jArr = new long[8];
        byte[] bArr6 = new byte[32];
        byte[] bArr7 = new byte[32];
        byte[] bArr8 = new byte[1024];
        byte[] bArr9 = new byte[1088];
        for (int i10 = 0; i10 < 1088; i10++) {
            bArr9[i10] = bArr2[i10];
        }
        System.arraycopy(bArr9, 1056, bArr3, 40968, 32);
        Digest digest = aVar.b;
        byte[] bArr10 = new byte[digest.getDigestSize()];
        digest.update(bArr3, 40968, 32);
        digest.update(bArr, 0, bArr.length);
        digest.doFinal(bArr10, 0);
        zerobytes(bArr3, 40968, 32);
        for (int i11 = 0; i11 != 8; i11++) {
            jArr[i11] = Pack.littleEndianToLong(bArr10, i11 * 8);
        }
        long j10 = jArr[0] & 1152921504606846975L;
        System.arraycopy(bArr10, 16, bArr4, 0, 32);
        System.arraycopy(bArr4, 0, bArr3, 39912, 32);
        b.a aVar2 = new b.a();
        aVar2.f14732a = 11;
        aVar2.b = 0L;
        aVar2.f14733c = 0L;
        System.arraycopy(bArr9, 32, bArr3, 39944, 1024);
        b.b(aVar, bArr3, 40968, bArr9, aVar2, bArr3, 39944);
        Digest digest2 = aVar.b;
        digest2.update(bArr3, 39912, 1088);
        digest2.update(bArr, 0, bArr.length);
        digest2.doFinal(bArr5, 0);
        b.a aVar3 = new b.a();
        aVar3.f14732a = 12;
        aVar3.f14733c = (int) (j10 & 31);
        aVar3.b = j10 >>> 5;
        int i12 = 32;
        for (int i13 = 0; i13 < 32; i13++) {
            bArr3[i13] = bArr4[i13];
        }
        byte[] bArr11 = bArr9;
        byte[] bArr12 = bArr8;
        System.arraycopy(bArr11, 32, bArr12, 0, 1024);
        int i14 = 0;
        while (i14 < 8) {
            bArr3[i12 + i14] = (byte) ((j10 >>> (i14 * 8)) & 255);
            i14++;
            i12 = 32;
        }
        byte[] bArr13 = bArr7;
        a.a(aVar, bArr13, bArr11, aVar3);
        byte[] bArr14 = new byte[2097152];
        byte[] bArr15 = new byte[4194272];
        a.b(bArr14, 0, PlaybackStateCompat.ACTION_SET_SHUFFLE_MODE, bArr13, 0);
        for (int i15 = 0; i15 < 65536; i15++) {
            aVar.b(bArr15, (i15 + 65535) * 32, bArr14, i15 * 32);
        }
        int i16 = 0;
        while (i16 < 16) {
            long j11 = (1 << r17) - 1;
            int i17 = 1 << ((16 - i16) - 1);
            byte[] bArr16 = bArr5;
            long j12 = i17 - 1;
            int i18 = 0;
            while (i18 < i17) {
                int i19 = i16;
                byte[] bArr17 = bArr15;
                aVar.a(bArr15, (int) ((i18 + j12) * 32), bArr17, (int) (((i18 * 2) + j11) * 32), bArr12, i19 * 2 * 32);
                i18++;
                bArr13 = bArr13;
                bArr11 = bArr11;
                bArr14 = bArr14;
                i16 = i19;
                i17 = i17;
                bArr15 = bArr17;
                bArr12 = bArr12;
                j11 = j11;
            }
            bArr5 = bArr16;
            i16++;
        }
        byte[] bArr18 = bArr15;
        byte[] bArr19 = bArr14;
        byte[] bArr20 = bArr13;
        byte[] bArr21 = bArr11;
        byte[] bArr22 = bArr12;
        byte[] bArr23 = bArr5;
        int i20 = 2016;
        int i21 = 40;
        while (i20 < 4064) {
            bArr3[i21] = bArr18[i20];
            i20++;
            i21++;
        }
        int i22 = 0;
        while (true) {
            if (i22 >= 32) {
                break;
            }
            int i23 = i22 * 2;
            int i24 = (bArr23[i23] & 255) + ((bArr23[i23 + 1] & 255) << 8);
            int i25 = 0;
            for (int i26 = 32; i25 < i26; i26 = 32) {
                bArr3[i21] = bArr19[(i24 * 32) + i25];
                i25++;
                i21++;
            }
            int i27 = i24 + 65535;
            for (int i28 = 0; i28 < 10; i28++) {
                int i29 = (i27 & 1) != 0 ? i27 + 1 : i27 - 1;
                int i30 = 0;
                while (i30 < 32) {
                    bArr3[i21] = bArr18[(i29 * 32) + i30];
                    i30++;
                    i21++;
                }
                i27 = (i29 - 1) / 2;
            }
            i22++;
        }
        for (int i31 = 0; i31 < 32; i31++) {
            bArr6[i31] = bArr18[i31];
        }
        int i32 = 13352;
        int i33 = 0;
        for (int i34 = 12; i33 < i34; i34 = 12) {
            aVar3.f14732a = i33;
            a.a(aVar, bArr20, bArr21, aVar3);
            int[] iArr = new int[67];
            int i35 = 0;
            int i36 = 0;
            while (i35 < 64) {
                int i37 = i35 / 2;
                iArr[i35] = bArr6[i37] & 15;
                int i38 = i35 + 1;
                iArr[i38] = (bArr6[i37] & 255) >>> 4;
                i36 = (15 - iArr[i38]) + (15 - iArr[i35]) + i36;
                i35 += 2;
            }
            while (i35 < 67) {
                iArr[i35] = i36 & 15;
                i36 >>>= 4;
                i35++;
            }
            c4.b.c(bArr3, i32, bArr20, 0);
            int i39 = 0;
            for (int i40 = 67; i39 < i40; i40 = 67) {
                int i41 = (i39 * 32) + i32;
                c4.b.d(aVar, bArr3, i41, bArr3, i41, bArr22, 0, iArr[i39]);
                i39++;
                iArr = iArr;
            }
            int i42 = i32 + 2144;
            compute_authpath_wots(aVar, bArr6, bArr3, i42, aVar3, bArr21, bArr22, 5);
            i32 = i42 + 160;
            long j13 = aVar3.b;
            aVar3.f14733c = (int) (j13 & 31);
            aVar3.b = j13 >>> 5;
            i33++;
        }
        zerobytes(bArr21, 0, 1088);
        return bArr3;
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public byte[] generateSignature(byte[] bArr) {
        return crypto_sign(this.hashFunctions, bArr, this.keyData);
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public void init(boolean z10, org.bouncycastle.crypto.a aVar) {
        if (!z10) {
            this.keyData = ((SPHINCSPublicKeyParameters) aVar).getKeyData();
        } else if (aVar instanceof ParametersWithRandom) {
            this.keyData = ((SPHINCSPrivateKeyParameters) ((ParametersWithRandom) aVar).getParameters()).getKeyData();
        } else {
            this.keyData = ((SPHINCSPrivateKeyParameters) aVar).getKeyData();
        }
    }

    public boolean verify(da.a aVar, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i10;
        boolean z10;
        int i11;
        int i12;
        byte[] bArr4;
        byte[] bArr5 = new byte[2144];
        byte[] bArr6 = new byte[32];
        byte[] bArr7 = new byte[32];
        byte[] bArr8 = new byte[41000];
        byte[] bArr9 = new byte[1056];
        if (bArr2.length != 41000) {
            throw new IllegalArgumentException("signature wrong size");
        }
        byte[] bArr10 = new byte[64];
        int i13 = 0;
        for (int i14 = 0; i14 < 1056; i14++) {
            bArr9[i14] = bArr3[i14];
        }
        byte[] bArr11 = new byte[32];
        for (int i15 = 0; i15 < 32; i15++) {
            bArr11[i15] = bArr2[i15];
        }
        System.arraycopy(bArr2, 0, bArr8, 0, 41000);
        Digest digest = aVar.b;
        digest.update(bArr11, 0, 32);
        digest.update(bArr9, 0, 1056);
        digest.update(bArr, 0, bArr.length);
        digest.doFinal(bArr10, 0);
        int i16 = 0;
        long j10 = 0;
        while (true) {
            i10 = 8;
            if (i16 >= 8) {
                break;
            }
            j10 ^= (bArr8[32 + i16] & 255) << (i16 * 8);
            i16++;
        }
        byte[] bArr12 = new byte[1024];
        int i17 = 2088;
        int i18 = 0;
        while (true) {
            z10 = true;
            if (i18 < 32) {
                int i19 = i18 * 2;
                int i20 = (bArr10[i19] & 255) + ((bArr10[i19 + 1] & 255) << i10);
                if ((i20 & 1) == 0) {
                    aVar.b(bArr12, i13, bArr8, i17);
                    for (int i21 = 0; i21 < 32; i21++) {
                        bArr12[i21 + 32] = bArr8[i17 + 32 + i21];
                    }
                } else {
                    aVar.b(bArr12, 32, bArr8, i17);
                    for (int i22 = 0; i22 < 32; i22++) {
                        bArr12[i22] = bArr8[i17 + 32 + i22];
                    }
                }
                int i23 = i17 + 64;
                int i24 = i20;
                int i25 = 1;
                while (i25 < 10) {
                    int i26 = i24 >>> 1;
                    if ((i26 & 1) == 0) {
                        i11 = i25;
                        i12 = i18;
                        bArr4 = bArr12;
                        aVar.a(bArr12, 0, bArr12, 0, bArr9, (i25 - 1) * 2 * 32);
                        for (int i27 = 0; i27 < 32; i27++) {
                            bArr4[i27 + 32] = bArr8[i23 + i27];
                        }
                    } else {
                        i11 = i25;
                        i12 = i18;
                        bArr4 = bArr12;
                        aVar.a(bArr4, 32, bArr4, 0, bArr9, (i11 - 1) * 2 * 32);
                        for (int i28 = 0; i28 < 32; i28++) {
                            bArr4[i28] = bArr8[i23 + i28];
                        }
                    }
                    i23 += 32;
                    i25 = i11 + 1;
                    i24 = i26;
                    i18 = i12;
                    bArr12 = bArr4;
                }
                int i29 = i18;
                byte[] bArr13 = bArr12;
                int i30 = i24 >>> 1;
                aVar.a(bArr13, 0, bArr13, 0, bArr9, 576);
                int i31 = 0;
                while (i31 < 32) {
                    int i32 = i30;
                    if (bArr8[com.google.android.gms.analytics.a.a(i32, 32, 40, i31)] != bArr13[i31]) {
                        for (int i33 = 0; i33 < 32; i33++) {
                            bArr7[i33] = 0;
                        }
                    } else {
                        i31++;
                        i30 = i32;
                    }
                }
                i18 = i29 + 1;
                i10 = 8;
                i13 = 0;
                i17 = i23;
                bArr12 = bArr13;
            } else {
                byte[] bArr14 = bArr12;
                for (int i34 = 0; i34 < 32; i34++) {
                    aVar.a(bArr14, i34 * 32, bArr8, (i34 * 2 * 32) + 40, bArr9, 640);
                }
                for (int i35 = 0; i35 < 16; i35++) {
                    aVar.a(bArr14, i35 * 32, bArr14, i35 * 2 * 32, bArr9, 704);
                }
                for (int i36 = 0; i36 < 8; i36++) {
                    aVar.a(bArr14, i36 * 32, bArr14, i36 * 2 * 32, bArr9, 768);
                }
                for (int i37 = 0; i37 < 4; i37++) {
                    aVar.a(bArr14, i37 * 32, bArr14, i37 * 2 * 32, bArr9, 832);
                }
                int i38 = 0;
                for (int i39 = 2; i38 < i39; i39 = 2) {
                    aVar.a(bArr14, i38 * 32, bArr14, i38 * 2 * 32, bArr9, 896);
                    i38++;
                }
                aVar.a(bArr7, 0, bArr14, 0, bArr9, 960);
            }
        }
        int i40 = 4;
        long j11 = j10;
        int i41 = 13352;
        int i42 = 0;
        while (i42 < 12) {
            int i43 = 67;
            int[] iArr = new int[67];
            int i44 = 0;
            int i45 = 0;
            while (i44 < 64) {
                int i46 = i44 / 2;
                iArr[i44] = bArr7[i46] & 15;
                int i47 = i44 + 1;
                iArr[i47] = (bArr7[i46] & 255) >>> i40;
                i45 = (15 - iArr[i47]) + (15 - iArr[i44]) + i45;
                i44 += 2;
            }
            while (i44 < 67) {
                iArr[i44] = i45 & 15;
                i45 >>>= i40;
                i44++;
            }
            int i48 = 0;
            while (i48 < i43) {
                int i49 = i48 * 32;
                c4.b.d(aVar, bArr5, i49, bArr8, i41 + i49, bArr9, iArr[i48] * 32, 15 - iArr[i48]);
                i48++;
                i43 = 67;
                i41 = i41;
                iArr = iArr;
            }
            int i50 = i41 + 2144;
            b.a(aVar, bArr6, 0, bArr5, 0, bArr9, 0);
            validate_authpath(aVar, bArr7, bArr6, (int) (j11 & 31), bArr8, i50, bArr9, 5);
            j11 >>= 5;
            i41 = i50 + 160;
            i42++;
            i40 = 4;
        }
        for (int i51 = 0; i51 < 32; i51++) {
            if (bArr7[i51] != bArr9[i51 + 1024]) {
                z10 = false;
            }
        }
        return z10;
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public boolean verifySignature(byte[] bArr, byte[] bArr2) {
        return verify(this.hashFunctions, bArr, bArr2, this.keyData);
    }
}
