package org.bouncycastle.pqc.crypto.sphincs;

import l6.d;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.Blake2xsDigest;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.bouncycastle.pqc.crypto.MessageSigner;
import org.bouncycastle.pqc.crypto.sphincs.b;
import org.bouncycastle.util.Pack;

/* loaded from: classes.dex */
public class SPHINCS256Signer implements MessageSigner {
    private final l6.a hashFunctions;
    private byte[] keyData;

    public SPHINCS256Signer(Digest digest, Digest digest2) {
        if (digest.getDigestSize() != 32) {
            throw new IllegalArgumentException("n-digest needs to produce 32 bytes of output");
        }
        if (digest2.getDigestSize() != 64) {
            throw new IllegalArgumentException("2n-digest needs to produce 64 bytes of output");
        }
        this.hashFunctions = new l6.a(digest, digest2);
    }

    public static void compute_authpath_wots(l6.a aVar, byte[] bArr, byte[] bArr2, int i7, b.a aVar2, byte[] bArr3, byte[] bArr4, int i8) {
        int i9 = aVar2.f5351a;
        long j7 = aVar2.f5352b;
        byte[] bArr5 = new byte[2048];
        byte[] bArr6 = new byte[1024];
        byte[] bArr7 = new byte[68608];
        for (long j8 = 0; j8 < 32; j8++) {
            int i10 = (int) (j8 * 32);
            byte[] bArr8 = new byte[40];
            for (int i11 = 0; i11 < 32; i11++) {
                bArr8[i11] = bArr3[i11];
            }
            Pack.longToLittleEndian(i9 | (j7 << 4) | (j8 << 59), bArr8, 32);
            aVar.f4012a.update(bArr8, 0, 40);
            aVar.f4012a.doFinal(bArr6, i10);
        }
        d dVar = new d();
        for (long j9 = 0; j9 < 32; j9++) {
            dVar.c(aVar, bArr7, (int) (67 * j9 * 32), bArr6, (int) (j9 * 32), bArr4, 0);
        }
        for (long j10 = 0; j10 < 32; j10++) {
            b.a(aVar, bArr5, (int) ((j10 * 32) + 1024), bArr7, (int) (j10 * 67 * 32), bArr4, 0);
        }
        int i12 = 0;
        for (int i13 = 32; i13 > 0; i13 >>>= 1) {
            for (int i14 = 0; i14 < i13; i14 += 2) {
                aVar.a(bArr5, ((i14 >>> 1) * 32) + ((i13 >>> 1) * 32), bArr5, (i14 * 32) + (i13 * 32), bArr4, (i12 + 7) * 2 * 32);
            }
            i12++;
        }
        int i15 = (int) aVar2.f5353c;
        for (int i16 = 0; i16 < i8; i16++) {
            System.arraycopy(bArr5, (((i15 >>> i16) ^ 1) * 32) + ((32 >>> i16) * 32), bArr2, (i16 * 32) + i7, 32);
        }
        System.arraycopy(bArr5, 32, bArr, 0, 32);
    }

    public static void validate_authpath(l6.a aVar, byte[] bArr, byte[] bArr2, int i7, byte[] bArr3, int i8, byte[] bArr4, int i9) {
        byte[] bArr5 = new byte[64];
        if ((i7 & 1) != 0) {
            for (int i10 = 0; i10 < 32; i10++) {
                bArr5[i10 + 32] = bArr2[i10];
            }
            for (int i11 = 0; i11 < 32; i11++) {
                bArr5[i11] = bArr3[i8 + i11];
            }
        } else {
            for (int i12 = 0; i12 < 32; i12++) {
                bArr5[i12] = bArr2[i12];
            }
            for (int i13 = 0; i13 < 32; i13++) {
                bArr5[i13 + 32] = bArr3[i8 + i13];
            }
        }
        int i14 = i8 + 32;
        int i15 = 0;
        int i16 = i7;
        while (i15 < i9 - 1) {
            int i17 = i16 >>> 1;
            if ((i17 & 1) != 0) {
                aVar.a(bArr5, 32, bArr5, 0, bArr4, (i15 + 7) * 2 * 32);
                for (int i18 = 0; i18 < 32; i18++) {
                    bArr5[i18] = bArr3[i14 + i18];
                }
            } else {
                aVar.a(bArr5, 0, bArr5, 0, bArr4, (i15 + 7) * 2 * 32);
                for (int i19 = 0; i19 < 32; i19++) {
                    bArr5[i19 + 32] = bArr3[i14 + i19];
                }
            }
            i14 += 32;
            i15++;
            i16 = i17;
        }
        aVar.a(bArr, 0, bArr5, 0, bArr4, ((i9 + 7) - 1) * 2 * 32);
    }

    private void zerobytes(byte[] bArr, int i7, int i8) {
        for (int i9 = 0; i9 != i8; i9++) {
            bArr[i7 + i9] = 0;
        }
    }

    public byte[] crypto_sign(l6.a aVar, byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[41000];
        byte[] bArr4 = new byte[32];
        byte[] bArr5 = new byte[64];
        long[] jArr = new long[8];
        byte[] bArr6 = new byte[32];
        byte[] bArr7 = new byte[32];
        byte[] bArr8 = new byte[1024];
        byte[] bArr9 = new byte[1088];
        for (int i7 = 0; i7 < 1088; i7++) {
            bArr9[i7] = bArr2[i7];
        }
        System.arraycopy(bArr9, 1056, bArr3, 40968, 32);
        Digest digest = aVar.f4013b;
        byte[] bArr10 = new byte[digest.getDigestSize()];
        digest.update(bArr3, 40968, 32);
        digest.update(bArr, 0, bArr.length);
        digest.doFinal(bArr10, 0);
        zerobytes(bArr3, 40968, 32);
        for (int i8 = 0; i8 != 8; i8++) {
            jArr[i8] = Pack.littleEndianToLong(bArr10, i8 * 8);
        }
        long j7 = jArr[0] & 1152921504606846975L;
        System.arraycopy(bArr10, 16, bArr4, 0, 32);
        System.arraycopy(bArr4, 0, bArr3, 39912, 32);
        b.a aVar2 = new b.a();
        aVar2.f5351a = 11;
        aVar2.f5352b = 0L;
        aVar2.f5353c = 0L;
        System.arraycopy(bArr9, 32, bArr3, 39944, 1024);
        b.b(aVar, bArr3, 40968, 5, bArr9, aVar2, bArr3, 39944);
        Digest digest2 = aVar.f4013b;
        digest2.update(bArr3, 39912, 1088);
        digest2.update(bArr, 0, bArr.length);
        digest2.doFinal(bArr5, 0);
        b.a aVar3 = new b.a();
        aVar3.f5351a = 12;
        aVar3.f5353c = (int) (j7 & 31);
        aVar3.f5352b = j7 >>> 5;
        int i9 = 32;
        for (int i10 = 0; i10 < 32; i10++) {
            bArr3[i10] = bArr4[i10];
        }
        byte[] bArr11 = bArr9;
        byte[] bArr12 = bArr8;
        System.arraycopy(bArr11, 32, bArr12, 0, 1024);
        int i11 = 0;
        while (i11 < 8) {
            bArr3[i9 + i11] = (byte) ((j7 >>> (i11 * 8)) & 255);
            i11++;
            i9 = 32;
        }
        int i12 = 40;
        byte[] bArr13 = bArr7;
        a.a(aVar, bArr13, 0, bArr11, aVar3);
        new l6.b();
        byte[] bArr14 = new byte[PKIFailureInfo.badSenderNonce];
        byte[] bArr15 = new byte[4194272];
        a.b(bArr14, 0, 2097152L, bArr13, 0);
        for (int i13 = 0; i13 < 65536; i13++) {
            aVar.b(bArr15, (i13 + Blake2xsDigest.UNKNOWN_DIGEST_LENGTH) * 32, bArr14, i13 * 32);
        }
        int i14 = 0;
        while (i14 < 16) {
            long j8 = (1 << r17) - 1;
            int i15 = 1 << ((16 - i14) - 1);
            byte[] bArr16 = bArr5;
            long j9 = i15 - 1;
            int i16 = 0;
            while (i16 < i15) {
                aVar.a(bArr15, (int) ((i16 + j9) * 32), bArr15, (int) (((i16 * 2) + j8) * 32), bArr12, i14 * 2 * 32);
                i16++;
                bArr13 = bArr13;
                bArr11 = bArr11;
                bArr14 = bArr14;
                i15 = i15;
                i14 = i14;
                j8 = j8;
            }
            i14++;
            bArr5 = bArr16;
        }
        byte[] bArr17 = bArr14;
        byte[] bArr18 = bArr13;
        byte[] bArr19 = bArr11;
        byte[] bArr20 = bArr5;
        int i17 = 2016;
        while (i17 < 4064) {
            bArr3[i12] = bArr15[i17];
            i17++;
            i12++;
        }
        int i18 = 0;
        while (true) {
            if (i18 >= 32) {
                break;
            }
            int i19 = i18 * 2;
            int i20 = (bArr20[i19] & 255) + ((bArr20[i19 + 1] & 255) << 8);
            int i21 = 0;
            for (int i22 = 32; i21 < i22; i22 = 32) {
                bArr3[i12] = bArr17[(i20 * 32) + i21];
                i21++;
                i12++;
            }
            int i23 = i20 + Blake2xsDigest.UNKNOWN_DIGEST_LENGTH;
            for (int i24 = 0; i24 < 10; i24++) {
                int i25 = (i23 & 1) != 0 ? i23 + 1 : i23 - 1;
                int i26 = 0;
                while (i26 < 32) {
                    bArr3[i12] = bArr15[(i25 * 32) + i26];
                    i26++;
                    i12++;
                }
                i23 = (i25 - 1) / 2;
            }
            i18++;
        }
        for (int i27 = 0; i27 < 32; i27++) {
            bArr6[i27] = bArr15[i27];
        }
        new d();
        int i28 = 13352;
        int i29 = 0;
        for (int i30 = 12; i29 < i30; i30 = 12) {
            aVar3.f5351a = i29;
            a.a(aVar, bArr18, 0, bArr19, aVar3);
            int[] iArr = new int[67];
            int i31 = 0;
            int i32 = 0;
            while (i31 < 64) {
                int i33 = i31 / 2;
                iArr[i31] = bArr6[i33] & 15;
                int i34 = i31 + 1;
                iArr[i34] = (bArr6[i33] & 255) >>> 4;
                i32 = (15 - iArr[i34]) + (15 - iArr[i31]) + i32;
                i31 += 2;
            }
            while (i31 < 67) {
                iArr[i31] = i32 & 15;
                i32 >>>= 4;
                i31++;
            }
            d.a(bArr3, i28, bArr18, 0);
            int i35 = 0;
            for (int i36 = 67; i35 < i36; i36 = 67) {
                int i37 = (i35 * 32) + i28;
                d.b(aVar, bArr3, i37, bArr3, i37, bArr12, 0, iArr[i35]);
                i35++;
                bArr12 = bArr12;
                iArr = iArr;
            }
            byte[] bArr21 = bArr12;
            int i38 = i28 + 2144;
            compute_authpath_wots(aVar, bArr6, bArr3, i38, aVar3, bArr19, bArr21, 5);
            i28 = i38 + CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256;
            long j10 = aVar3.f5352b;
            aVar3.f5353c = (int) (j10 & 31);
            aVar3.f5352b = j10 >>> 5;
            i29++;
            bArr12 = bArr21;
        }
        zerobytes(bArr19, 0, 1088);
        return bArr3;
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public byte[] generateSignature(byte[] bArr) {
        return crypto_sign(this.hashFunctions, bArr, this.keyData);
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public void init(boolean z6, CipherParameters cipherParameters) {
        if (!z6) {
            this.keyData = ((SPHINCSPublicKeyParameters) cipherParameters).getKeyData();
        } else if (cipherParameters instanceof ParametersWithRandom) {
            this.keyData = ((SPHINCSPrivateKeyParameters) ((ParametersWithRandom) cipherParameters).getParameters()).getKeyData();
        } else {
            this.keyData = ((SPHINCSPrivateKeyParameters) cipherParameters).getKeyData();
        }
    }

    public boolean verify(l6.a aVar, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i7;
        boolean z6;
        int i8;
        int i9;
        int i10;
        byte[] bArr4;
        byte[] bArr5 = new byte[2144];
        byte[] bArr6 = new byte[32];
        byte[] bArr7 = new byte[32];
        byte[] bArr8 = new byte[41000];
        byte[] bArr9 = new byte[1056];
        if (bArr2.length != 41000) {
            throw new IllegalArgumentException("signature wrong size");
        }
        byte[] bArr10 = new byte[64];
        int i11 = 0;
        for (int i12 = 0; i12 < 1056; i12++) {
            bArr9[i12] = bArr3[i12];
        }
        byte[] bArr11 = new byte[32];
        for (int i13 = 0; i13 < 32; i13++) {
            bArr11[i13] = bArr2[i13];
        }
        System.arraycopy(bArr2, 0, bArr8, 0, 41000);
        Digest digest = aVar.f4013b;
        digest.update(bArr11, 0, 32);
        digest.update(bArr9, 0, 1056);
        digest.update(bArr, 0, bArr.length);
        digest.doFinal(bArr10, 0);
        long j7 = 0;
        int i14 = 0;
        while (true) {
            i7 = 8;
            if (i14 >= 8) {
                break;
            }
            j7 ^= (bArr8[32 + i14] & 255) << (i14 * 8);
            i14++;
        }
        new l6.b();
        byte[] bArr12 = new byte[1024];
        int i15 = 2088;
        int i16 = 0;
        while (true) {
            z6 = true;
            if (i16 < 32) {
                int i17 = i16 * 2;
                int i18 = (bArr10[i17] & 255) + ((bArr10[i17 + 1] & 255) << i7);
                if ((i18 & 1) == 0) {
                    aVar.b(bArr12, i11, bArr8, i15);
                    for (int i19 = 0; i19 < 32; i19++) {
                        bArr12[i19 + 32] = bArr8[i15 + 32 + i19];
                    }
                } else {
                    aVar.b(bArr12, 32, bArr8, i15);
                    for (int i20 = 0; i20 < 32; i20++) {
                        bArr12[i20] = bArr8[i15 + 32 + i20];
                    }
                }
                int i21 = i15 + 64;
                int i22 = 1;
                while (i22 < 10) {
                    int i23 = i18 >>> 1;
                    if ((i23 & 1) == 0) {
                        i9 = i22;
                        i10 = i16;
                        bArr4 = bArr12;
                        aVar.a(bArr12, 0, bArr12, 0, bArr9, (i22 - 1) * 2 * 32);
                        for (int i24 = 0; i24 < 32; i24++) {
                            bArr4[i24 + 32] = bArr8[i21 + i24];
                        }
                    } else {
                        i9 = i22;
                        i10 = i16;
                        bArr4 = bArr12;
                        aVar.a(bArr4, 32, bArr4, 0, bArr9, (i9 - 1) * 2 * 32);
                        for (int i25 = 0; i25 < 32; i25++) {
                            bArr4[i25] = bArr8[i21 + i25];
                        }
                    }
                    i21 += 32;
                    i22 = i9 + 1;
                    i18 = i23;
                    i16 = i10;
                    bArr12 = bArr4;
                }
                int i26 = i16;
                byte[] bArr13 = bArr12;
                int i27 = i18 >>> 1;
                aVar.a(bArr13, 0, bArr13, 0, bArr9, 576);
                for (int i28 = 0; i28 < 32; i28++) {
                    if (bArr8[(i27 * 32) + 40 + i28] != bArr13[i28]) {
                        for (int i29 = 0; i29 < 32; i29++) {
                            bArr7[i29] = 0;
                        }
                        i8 = 4;
                    }
                }
                i16 = i26 + 1;
                i15 = i21;
                bArr12 = bArr13;
                i7 = 8;
                i11 = 0;
            } else {
                byte[] bArr14 = bArr12;
                for (int i30 = 0; i30 < 32; i30++) {
                    aVar.a(bArr14, i30 * 32, bArr8, (i30 * 2 * 32) + 40, bArr9, 640);
                }
                for (int i31 = 0; i31 < 16; i31++) {
                    aVar.a(bArr14, i31 * 32, bArr14, i31 * 2 * 32, bArr9, 704);
                }
                for (int i32 = 0; i32 < 8; i32++) {
                    aVar.a(bArr14, i32 * 32, bArr14, i32 * 2 * 32, bArr9, 768);
                }
                i8 = 4;
                for (int i33 = 0; i33 < 4; i33++) {
                    aVar.a(bArr14, i33 * 32, bArr14, i33 * 2 * 32, bArr9, 832);
                }
                int i34 = 0;
                for (int i35 = 2; i34 < i35; i35 = 2) {
                    aVar.a(bArr14, i34 * 32, bArr14, i34 * 2 * 32, bArr9, 896);
                    i34++;
                }
                aVar.a(bArr7, 0, bArr14, 0, bArr9, 960);
            }
        }
        new d();
        int i36 = 0;
        int i37 = 13352;
        while (i36 < 12) {
            int[] iArr = new int[67];
            int i38 = 0;
            int i39 = 0;
            while (i38 < 64) {
                int i40 = i38 / 2;
                iArr[i38] = bArr7[i40] & 15;
                int i41 = i38 + 1;
                iArr[i41] = (bArr7[i40] & 255) >>> i8;
                i39 = (15 - iArr[i41]) + (15 - iArr[i38]) + i39;
                i38 += 2;
            }
            while (i38 < 67) {
                iArr[i38] = i39 & 15;
                i39 >>>= i8;
                i38++;
            }
            int i42 = 0;
            for (int i43 = 67; i42 < i43; i43 = 67) {
                int i44 = i42 * 32;
                d.b(aVar, bArr5, i44, bArr8, i37 + i44, bArr9, iArr[i42] * 32, 15 - iArr[i42]);
                i42++;
                i37 = i37;
                iArr = iArr;
                i36 = i36;
            }
            int i45 = i37 + 2144;
            b.a(aVar, bArr6, 0, bArr5, 0, bArr9, 0);
            validate_authpath(aVar, bArr7, bArr6, (int) (j7 & 31), bArr8, i45, bArr9, 5);
            j7 >>= 5;
            i37 = i45 + CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256;
            i36++;
            i8 = 4;
        }
        for (int i46 = 0; i46 < 32; i46++) {
            if (bArr7[i46] != bArr9[i46 + 1024]) {
                z6 = false;
            }
        }
        return z6;
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public boolean verifySignature(byte[] bArr, byte[] bArr2) {
        return verify(this.hashFunctions, bArr, bArr2, this.keyData);
    }
}
