package org.bouncycastle.pqc.crypto.cmce;

import java.lang.reflect.Array;
import java.security.SecureRandom;
import org.bouncycastle.asn1.cmc.BodyPartID;
import org.bouncycastle.crypto.digests.SHAKEDigest;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes12.dex */
public class CMCEEngine {
    private int COND_BYTES;
    private int GFBITS;
    private int GFMASK;
    private int IRR_BYTES;
    private int PK_NCOLS;
    private int PK_NROWS;
    private int PK_ROW_BYTES;
    private int SYND_BYTES;
    private int SYS_N;
    private int SYS_T;
    private BENES benes;
    private boolean countErrorIndices;
    private final int defaultKeySize;

    /* renamed from: gf, reason: collision with root package name */
    private GF f341821gf;
    private int[] poly;
    private boolean usePadding;
    private boolean usePivots;

    public CMCEEngine(int i15, int i16, int i17, int[] iArr, boolean z15, int i18) {
        BENES benes13;
        this.usePivots = z15;
        this.SYS_N = i16;
        this.SYS_T = i17;
        this.GFBITS = i15;
        this.poly = iArr;
        this.defaultKeySize = i18;
        this.IRR_BYTES = i17 * 2;
        this.COND_BYTES = ((i15 * 2) - 1) * (1 << (i15 - 4));
        int i19 = i17 * i15;
        this.PK_NROWS = i19;
        int i25 = i16 - i19;
        this.PK_NCOLS = i25;
        this.PK_ROW_BYTES = (i25 + 7) / 8;
        this.SYND_BYTES = (i19 + 7) / 8;
        this.GFMASK = (1 << i15) - 1;
        if (i15 == 12) {
            this.f341821gf = new GF12(i15);
            benes13 = new BENES12(this.SYS_N, this.SYS_T, this.GFBITS);
        } else {
            this.f341821gf = new GF13(i15);
            benes13 = new BENES13(this.SYS_N, this.SYS_T, this.GFBITS);
        }
        this.benes = benes13;
        this.usePadding = this.SYS_T % 8 != 0;
        this.countErrorIndices = (1 << this.GFBITS) > this.SYS_N;
    }

    private void GF_mul(short[] sArr, short[] sArr2, short[] sArr3) {
        int i15;
        int i16;
        short[] sArr4 = new short[(this.SYS_T * 2) - 1];
        for (int i17 = 0; i17 < (this.SYS_T * 2) - 1; i17++) {
            sArr4[i17] = 0;
        }
        int i18 = 0;
        while (true) {
            i15 = this.SYS_T;
            if (i18 >= i15) {
                break;
            }
            for (int i19 = 0; i19 < this.SYS_T; i19++) {
                int i25 = i18 + i19;
                sArr4[i25] = (short) (this.f341821gf.gf_mul(sArr2[i18], sArr3[i19]) ^ sArr4[i25]);
            }
            i18++;
        }
        int i26 = (i15 - 1) * 2;
        while (true) {
            i16 = this.SYS_T;
            if (i26 < i16) {
                break;
            }
            int i27 = 0;
            while (true) {
                int[] iArr = this.poly;
                if (i27 != iArr.length) {
                    int i28 = iArr[i27];
                    if (i28 == 0 && this.GFBITS == 12) {
                        int i29 = i26 - this.SYS_T;
                        sArr4[i29] = (short) (sArr4[i29] ^ this.f341821gf.gf_mul(sArr4[i26], (short) 2));
                    } else {
                        int i35 = (i26 - this.SYS_T) + i28;
                        sArr4[i35] = (short) (sArr4[i35] ^ sArr4[i26]);
                    }
                    i27++;
                }
            }
            i26--;
        }
        System.arraycopy(sArr4, 0, sArr, 0, i16);
        for (int i36 = 0; i36 < this.SYS_T; i36++) {
            sArr[i36] = sArr4[i36];
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void bm(short[] sArr, short[] sArr2) {
        int i15;
        int i16 = this.SYS_T;
        short[] sArr3 = new short[i16 + 1];
        short[] sArr4 = new short[i16 + 1];
        short[] sArr5 = new short[i16 + 1];
        int i17 = 0;
        for (int i18 = 0; i18 < this.SYS_T + 1; i18++) {
            sArr5[i18] = 0;
            sArr4[i18] = 0;
        }
        sArr4[0] = 1;
        sArr5[1] = 1;
        short s15 = 1;
        short s16 = 0;
        short s17 = 0;
        while (s16 < this.SYS_T * 2) {
            short s18 = i17;
            short s19 = s18;
            for (int i19 = s18; i19 <= min(s16, this.SYS_T); i19++) {
                s19 = (short) (s19 ^ this.f341821gf.gf_mul(sArr4[i19], sArr2[s16 - i19]));
            }
            short s25 = (short) (((short) (((short) (((short) (s19 - 1)) >> 15)) & 1)) - 1);
            short s26 = (short) (((short) (((short) (((short) (((short) (s16 - (s17 * 2))) >> 15)) & 1)) - 1)) & s25);
            for (int i25 = i17; i25 <= this.SYS_T; i25++) {
                sArr3[i25] = sArr4[i25];
            }
            short gf_frac = this.f341821gf.gf_frac(s15, s19);
            for (int i26 = i17; i26 <= this.SYS_T; i26++) {
                sArr4[i26] = (short) ((this.f341821gf.gf_mul(gf_frac, sArr5[i26]) & s25) ^ sArr4[i26]);
            }
            int i27 = ~s26;
            int i28 = s16 + 1;
            s17 = (short) (((i28 - s17) & s26) | (s17 & i27));
            int i29 = 0;
            while (true) {
                i15 = this.SYS_T;
                if (i29 > i15) {
                    break;
                }
                sArr5[i29] = (short) ((sArr5[i29] & i27) | (sArr3[i29] & s26));
                i29++;
            }
            s15 = (short) ((i27 & s15) | (s19 & s26));
            while (i15 >= 1) {
                sArr5[i15] = sArr5[i15 - 1];
                i15--;
            }
            i17 = 0;
            sArr5[0] = 0;
            s16 = (short) i28;
        }
        while (true) {
            int i35 = this.SYS_T;
            if (i17 > i35) {
                return;
            }
            sArr[i17] = sArr4[i35 - i17];
            i17++;
        }
    }

    public static void cbrecursion(byte[] bArr, long j15, long j16, short[] sArr, int i15, long j17, long j18, int[] iArr) {
        long j19;
        long j25 = j18;
        if (j17 == 1) {
            int i16 = (int) (j15 >> 3);
            bArr[i16] = (byte) ((get_q_short(iArr, i15) << ((int) (j15 & 7))) ^ bArr[i16]);
            return;
        }
        if (sArr != null) {
            for (long j26 = 0; j26 < j25; j26++) {
                int i17 = (int) j26;
                iArr[i17] = sArr[(int) (j26 ^ 1)] | ((sArr[i17] ^ 1) << 16);
            }
        } else {
            for (long j27 = 0; j27 < j25; j27++) {
                long j28 = i15;
                iArr[(int) j27] = ((get_q_short(iArr, (int) (j28 + j27)) ^ 1) << 16) | get_q_short(iArr, (int) (j28 + (j27 ^ 1)));
            }
        }
        int i18 = (int) j25;
        sort32(iArr, 0, i18);
        for (long j29 = 0; j29 < j25; j29++) {
            int i19 = (int) j29;
            int i25 = 65535 & iArr[i19];
            if (j29 >= i25) {
                i19 = i25;
            }
            iArr[(int) (j25 + j29)] = i19 | (i25 << 16);
        }
        for (long j35 = 0; j35 < j25; j35++) {
            iArr[(int) j35] = (int) ((iArr[r7] << 16) | j35);
        }
        sort32(iArr, 0, i18);
        for (long j36 = 0; j36 < j25; j36++) {
            int i26 = (int) j36;
            iArr[i26] = (iArr[i26] << 16) + (iArr[(int) (j25 + j36)] >> 16);
        }
        sort32(iArr, 0, i18);
        if (j17 <= 10) {
            for (long j37 = 0; j37 < j25; j37++) {
                int i27 = (int) (j25 + j37);
                iArr[i27] = ((iArr[(int) j37] & 65535) << 10) | (iArr[i27] & 1023);
            }
            long j38 = 1;
            for (long j39 = 1; j38 < j17 - j39; j39 = 1) {
                long j45 = 0;
                while (j45 < j25) {
                    iArr[(int) j45] = (int) (((iArr[(int) (j25 + j45)] & (-1024)) << 6) | j45);
                    j45++;
                    j38 = j38;
                }
                long j46 = j38;
                sort32(iArr, 0, i18);
                for (long j47 = 0; j47 < j25; j47++) {
                    int i28 = (int) j47;
                    iArr[i28] = (iArr[i28] << 20) | iArr[(int) (j25 + j47)];
                }
                sort32(iArr, 0, i18);
                for (long j48 = 0; j48 < j25; j48++) {
                    int i29 = iArr[(int) j48];
                    int i35 = 1048575 & i29;
                    int i36 = (int) (j25 + j48);
                    int i37 = (i29 & 1047552) | (iArr[i36] & 1023);
                    if (i35 >= i37) {
                        i35 = i37;
                    }
                    iArr[i36] = i35;
                }
                j38 = j46 + 1;
            }
            for (long j49 = 0; j49 < j25; j49++) {
                int i38 = (int) (j25 + j49);
                iArr[i38] = iArr[i38] & 1023;
            }
        } else {
            for (long j55 = 0; j55 < j25; j55++) {
                int i39 = (int) (j25 + j55);
                iArr[i39] = (iArr[(int) j55] << 16) | (iArr[i39] & 65535);
            }
            long j56 = 1;
            for (long j57 = 1; j56 < j17 - j57; j57 = 1) {
                for (long j58 = 0; j58 < j25; j58++) {
                    iArr[(int) j58] = (int) ((iArr[(int) (j25 + j58)] & (-65536)) | j58);
                }
                sort32(iArr, 0, i18);
                for (long j59 = 0; j59 < j25; j59++) {
                    int i45 = (int) j59;
                    iArr[i45] = (iArr[i45] << 16) | (iArr[(int) (j25 + j59)] & 65535);
                }
                if (j56 < j17 - 2) {
                    for (long j64 = 0; j64 < j25; j64++) {
                        int i46 = (int) (j25 + j64);
                        iArr[i46] = (iArr[(int) j64] & (-65536)) | (iArr[i46] >> 16);
                    }
                    sort32(iArr, i18, (int) (j25 * 2));
                    for (long j65 = 0; j65 < j25; j65++) {
                        int i47 = (int) (j25 + j65);
                        iArr[i47] = (iArr[i47] << 16) | (iArr[(int) j65] & 65535);
                    }
                }
                sort32(iArr, 0, i18);
                for (long j66 = 0; j66 < j25; j66++) {
                    int i48 = (int) (j25 + j66);
                    int i49 = iArr[i48];
                    int i55 = (i49 & (-65536)) | (iArr[(int) j66] & 65535);
                    if (i55 < i49) {
                        iArr[i48] = i55;
                    }
                }
                j56++;
            }
            for (long j67 = 0; j67 < j25; j67++) {
                int i56 = (int) (j25 + j67);
                iArr[i56] = iArr[i56] & 65535;
            }
        }
        long j68 = 0;
        if (sArr != null) {
            while (j68 < j25) {
                iArr[(int) j68] = (int) ((sArr[r0] << 16) + j68);
                j68++;
            }
        } else {
            while (j68 < j25) {
                iArr[(int) j68] = (int) ((get_q_short(iArr, (int) (i15 + j68)) << 16) + j68);
                j68++;
            }
        }
        sort32(iArr, 0, i18);
        long j69 = j15;
        long j74 = 2;
        long j75 = 0;
        while (true) {
            j19 = j25 / j74;
            if (j75 >= j19) {
                break;
            }
            long j76 = j75 * j74;
            long j77 = j25 + j76;
            int i57 = (int) j77;
            int i58 = iArr[i57] & 1;
            int i59 = (int) (i58 + j76);
            int i64 = (int) (j69 >> 3);
            bArr[i64] = (byte) ((i58 << ((int) (j69 & 7))) ^ bArr[i64]);
            j69 += j16;
            iArr[i57] = (iArr[(int) j76] << 16) | i59;
            iArr[(int) (j77 + 1)] = (iArr[(int) (j76 + 1)] << 16) | (i59 ^ 1);
            j75++;
            j25 = j18;
            i18 = i18;
            j74 = 2;
        }
        long j78 = j74;
        long j79 = j18 * j78;
        sort32(iArr, i18, (int) j79);
        long j84 = j17 * j78;
        long j85 = ((j84 - 3) * j16 * j19) + j69;
        long j86 = 0;
        while (j86 < j19) {
            long j87 = j86 * j78;
            long j88 = j18 + j87;
            int i65 = iArr[(int) j88];
            int i66 = i65 & 1;
            long j89 = j85;
            int i67 = (int) (i66 + j87);
            long j94 = j79;
            int i68 = (int) (j89 >> 3);
            bArr[i68] = (byte) (bArr[i68] ^ (i66 << ((int) (j89 & 7))));
            iArr[(int) j87] = (i65 & 65535) | (i67 << 16);
            iArr[(int) (j87 + 1)] = (iArr[(int) (j88 + 1)] & 65535) | ((i67 ^ 1) << 16);
            j86++;
            j85 = j89 + j16;
            j79 = j94;
            j84 = j84;
            j78 = 2;
        }
        long j95 = j79;
        sort32(iArr, 0, i18);
        long j96 = 2;
        long j97 = j85 - (((j84 - 2) * j16) * j19);
        short[] sArr2 = new short[i18 * 4];
        long j98 = 0;
        while (j98 < j95) {
            long j99 = j98 * j96;
            int i69 = iArr[(int) j98];
            sArr2[(int) j99] = (short) i69;
            sArr2[(int) (j99 + 1)] = (short) ((i69 & (-65536)) >> 16);
            j98++;
            j96 = 2;
        }
        for (long j100 = 0; j100 < j19; j100++) {
            long j101 = j100 * 2;
            sArr2[(int) j100] = (short) ((iArr[(int) j101] & 65535) >>> 1);
            sArr2[(int) (j100 + j19)] = (short) ((iArr[(int) (j101 + 1)] & 65535) >>> 1);
        }
        for (long j102 = 0; j102 < j19; j102++) {
            long j103 = j102 * 2;
            iArr[(int) ((j18 / 4) + j18 + j102)] = (sArr2[(int) (j103 + 1)] << 16) | sArr2[(int) j103];
        }
        long j104 = j16 * 2;
        long j105 = (j18 / 4) + j18;
        long j106 = j17 - 1;
        cbrecursion(bArr, j97, j104, null, ((int) j105) * 2, j106, j19, iArr);
        cbrecursion(bArr, j97 + j16, j104, null, (int) ((j105 * 2) + j19), j106, j19, iArr);
    }

    private static void controlbitsfrompermutation(byte[] bArr, short[] sArr, long j15, long j16) {
        long j17 = 2;
        int[] iArr = new int[(int) (j16 * 2)];
        int i15 = (int) j16;
        short[] sArr2 = new short[i15];
        while (true) {
            short s15 = 0;
            for (int i16 = 0; i16 < (((((j15 * j17) - 1) * j16) / j17) + 7) / 8; i16++) {
                bArr[i16] = 0;
            }
            int i17 = i15;
            short[] sArr3 = sArr2;
            int[] iArr2 = iArr;
            cbrecursion(bArr, 0L, 1L, sArr, 0, j15, j16, iArr);
            for (int i18 = 0; i18 < j16; i18++) {
                sArr3[i18] = (short) i18;
            }
            int i19 = 0;
            for (int i25 = 0; i25 < j15; i25++) {
                layer(sArr3, bArr, i19, i25, i17);
                i19 = (int) (i19 + (j16 >> 4));
            }
            for (int i26 = (int) (j15 - 2); i26 >= 0; i26--) {
                layer(sArr3, bArr, i19, i26, i17);
                i19 = (int) (i19 + (j16 >> 4));
            }
            int i27 = 0;
            while (i27 < j16) {
                short s16 = (short) (s15 | (sArr[i27] ^ sArr3[i27]));
                i27++;
                s15 = s16;
            }
            if (s15 == 0) {
                return;
            }
            sArr2 = sArr3;
            i15 = i17;
            iArr = iArr2;
            j17 = 2;
        }
    }

    private static int ctz(long j15) {
        int i15 = 0;
        int i16 = 0;
        for (int i17 = 0; i17 < 64; i17++) {
            int i18 = (int) ((j15 >> i17) & 1);
            i16 |= i18;
            i15 += (i18 ^ 1) & (i16 ^ 1);
        }
        return i15;
    }

    private int decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i15;
        int i16;
        int i17 = this.SYS_T;
        short[] sArr = new short[i17 + 1];
        int i18 = this.SYS_N;
        short[] sArr2 = new short[i18];
        short[] sArr3 = new short[i17 * 2];
        short[] sArr4 = new short[i17 * 2];
        short[] sArr5 = new short[i17 + 1];
        short[] sArr6 = new short[i18];
        byte[] bArr4 = new byte[i18 / 8];
        int i19 = 0;
        while (true) {
            i15 = this.SYND_BYTES;
            if (i19 >= i15) {
                break;
            }
            bArr4[i19] = bArr3[i19];
            i19++;
        }
        while (i15 < this.SYS_N / 8) {
            bArr4[i15] = 0;
            i15++;
        }
        int i25 = 0;
        while (true) {
            i16 = this.SYS_T;
            if (i25 >= i16) {
                break;
            }
            sArr[i25] = Utils.load_gf(bArr2, (i25 * 2) + 40, this.GFMASK);
            i25++;
        }
        sArr[i16] = 1;
        this.benes.support_gen(sArr2, bArr2);
        synd(sArr3, sArr, sArr2, bArr4);
        bm(sArr5, sArr3);
        root(sArr6, sArr5, sArr2);
        for (int i26 = 0; i26 < this.SYS_N / 8; i26++) {
            bArr[i26] = 0;
        }
        int i27 = 0;
        for (int i28 = 0; i28 < this.SYS_N; i28++) {
            short gf_iszero = (short) (this.f341821gf.gf_iszero(sArr6[i28]) & 1);
            int i29 = i28 / 8;
            bArr[i29] = (byte) (bArr[i29] | (gf_iszero << (i28 % 8)));
            i27 += gf_iszero;
        }
        synd(sArr4, sArr, sArr2, bArr);
        int i35 = this.SYS_T ^ i27;
        for (int i36 = 0; i36 < this.SYS_T * 2; i36++) {
            i35 |= sArr3[i36] ^ sArr4[i36];
        }
        return (((i35 - 1) >> 15) & 1) ^ 1;
    }

    private void encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        generate_error_vector(bArr3, secureRandom);
        syndrome(bArr, bArr2, bArr3);
    }

    private short eval(short[] sArr, short s15) {
        int i15 = this.SYS_T;
        short s16 = sArr[i15];
        for (int i16 = i15 - 1; i16 >= 0; i16--) {
            s16 = this.f341821gf.gf_add(this.f341821gf.gf_mul(s16, s15), sArr[i16]);
        }
        return s16;
    }

    private void generate_error_vector(byte[] bArr, SecureRandom secureRandom) {
        int i15;
        int i16 = this.SYS_T;
        short[] sArr = new short[i16 * 2];
        short[] sArr2 = new short[i16];
        byte[] bArr2 = new byte[i16];
        while (true) {
            if (this.countErrorIndices) {
                byte[] bArr3 = new byte[this.SYS_T * 4];
                secureRandom.nextBytes(bArr3);
                for (int i17 = 0; i17 < this.SYS_T * 2; i17++) {
                    sArr[i17] = Utils.load_gf(bArr3, i17 * 2, this.GFMASK);
                }
                int i18 = 0;
                int i19 = 0;
                while (true) {
                    i15 = this.SYS_T;
                    if (i18 >= i15 * 2 || i19 >= i15) {
                        break;
                    }
                    short s15 = sArr[i18];
                    if (s15 < this.SYS_N) {
                        sArr2[i19] = s15;
                        i19++;
                    }
                    i18++;
                }
                if (i19 < i15) {
                    continue;
                }
            } else {
                byte[] bArr4 = new byte[this.SYS_T * 2];
                secureRandom.nextBytes(bArr4);
                for (int i25 = 0; i25 < this.SYS_T; i25++) {
                    sArr2[i25] = Utils.load_gf(bArr4, i25 * 2, this.GFMASK);
                }
            }
            boolean z15 = false;
            for (int i26 = 1; i26 < this.SYS_T && !z15; i26++) {
                int i27 = 0;
                while (true) {
                    if (i27 >= i26) {
                        break;
                    }
                    if (sArr2[i26] == sArr2[i27]) {
                        z15 = true;
                        break;
                    }
                    i27++;
                }
            }
            if (!z15) {
                break;
            }
        }
        for (int i28 = 0; i28 < this.SYS_T; i28++) {
            bArr2[i28] = (byte) (1 << (sArr2[i28] & 7));
        }
        for (short s16 = 0; s16 < this.SYS_N / 8; s16 = (short) (s16 + 1)) {
            bArr[s16] = 0;
            for (int i29 = 0; i29 < this.SYS_T; i29++) {
                bArr[s16] = (byte) ((((short) (same_mask32(s16, (short) (sArr2[i29] >> 3)) & 255)) & bArr2[i29]) | bArr[s16]);
            }
        }
    }

    private int generate_irr_poly(short[] sArr) {
        int i15 = this.SYS_T;
        short[][] sArr2 = (short[][]) Array.newInstance((Class<?>) Short.TYPE, i15 + 1, i15);
        sArr2[0][0] = 1;
        for (int i16 = 1; i16 < this.SYS_T; i16++) {
            sArr2[0][i16] = 0;
        }
        for (int i17 = 0; i17 < this.SYS_T; i17++) {
            sArr2[1][i17] = sArr[i17];
        }
        for (int i18 = 2; i18 <= this.SYS_T; i18++) {
            GF_mul(sArr2[i18], sArr2[i18 - 1], sArr);
        }
        int i19 = 0;
        while (i19 < this.SYS_T) {
            int i25 = i19 + 1;
            for (int i26 = i25; i26 < this.SYS_T; i26++) {
                short gf_iszero = this.f341821gf.gf_iszero(sArr2[i19][i19]);
                for (int i27 = i19; i27 < this.SYS_T + 1; i27++) {
                    short[] sArr3 = sArr2[i27];
                    sArr3[i19] = (short) (sArr3[i19] ^ (sArr3[i26] & gf_iszero));
                }
            }
            short s15 = sArr2[i19][i19];
            if (s15 == 0) {
                return -1;
            }
            short gf_inv = this.f341821gf.gf_inv(s15);
            for (int i28 = i19; i28 < this.SYS_T + 1; i28++) {
                short[] sArr4 = sArr2[i28];
                sArr4[i19] = this.f341821gf.gf_mul(sArr4[i19], gf_inv);
            }
            for (int i29 = 0; i29 < this.SYS_T; i29++) {
                if (i29 != i19) {
                    short s16 = sArr2[i19][i29];
                    for (int i35 = i19; i35 < this.SYS_T + 1; i35++) {
                        short[] sArr5 = sArr2[i35];
                        sArr5[i29] = (short) (sArr5[i29] ^ this.f341821gf.gf_mul(sArr5[i19], s16));
                    }
                }
            }
            i19 = i25;
        }
        int i36 = 0;
        while (true) {
            int i37 = this.SYS_T;
            if (i36 >= i37) {
                return 0;
            }
            sArr[i36] = sArr2[i37][i36];
            i36++;
        }
    }

    public static short get_q_short(int[] iArr, int i15) {
        int i16 = i15 / 2;
        return (short) (i15 % 2 == 0 ? iArr[i16] : (iArr[i16] & (-65536)) >> 16);
    }

    private static void layer(short[] sArr, byte[] bArr, int i15, int i16, int i17) {
        int i18 = 1 << i16;
        int i19 = 0;
        for (int i25 = 0; i25 < i17; i25 += i18 * 2) {
            for (int i26 = 0; i26 < i18; i26++) {
                int i27 = i25 + i26;
                short s15 = sArr[i27];
                int i28 = i27 + i18;
                int i29 = (sArr[i28] ^ s15) & (-((bArr[(i19 >> 3) + i15] >> (i19 & 7)) & 1));
                sArr[i27] = (short) (s15 ^ i29);
                sArr[i28] = (short) (sArr[i28] ^ i29);
                i19++;
            }
        }
    }

    private static int min(short s15, int i15) {
        return s15 < i15 ? s15 : i15;
    }

    private int mov_columns(byte[][] bArr, short[] sArr, long[] jArr) {
        byte[] bArr2;
        long load8;
        long[] jArr2 = new long[64];
        int i15 = 32;
        long[] jArr3 = new long[32];
        byte[] bArr3 = new byte[9];
        int i16 = this.PK_NROWS - 32;
        int i17 = i16 / 8;
        int i18 = i16 % 8;
        char c15 = 0;
        if (this.usePadding) {
            for (int i19 = 0; i19 < 32; i19++) {
                for (int i25 = 0; i25 < 9; i25++) {
                    bArr3[i25] = bArr[i16 + i19][i17 + i25];
                }
                int i26 = 0;
                while (i26 < 8) {
                    int i27 = i26 + 1;
                    bArr3[i26] = (byte) (((bArr3[i26] & 255) >> i18) | (bArr3[i27] << (8 - i18)));
                    i26 = i27;
                }
                jArr2[i19] = Utils.load8(bArr3, 0);
            }
        } else {
            for (int i28 = 0; i28 < 32; i28++) {
                jArr2[i28] = Utils.load8(bArr[i16 + i28], i17);
            }
        }
        long j15 = 0;
        jArr[0] = 0;
        int i29 = 0;
        while (i29 < 32) {
            long j16 = jArr2[i29];
            int i35 = i29 + 1;
            for (int i36 = i35; i36 < 32; i36++) {
                j16 |= jArr2[i36];
            }
            if (j16 == j15) {
                return -1;
            }
            int ctz = ctz(j16);
            long j17 = ctz;
            jArr3[i29] = j17;
            jArr[c15] = jArr[c15] | (1 << ((int) j17));
            for (int i37 = i35; i37 < 32; i37++) {
                long j18 = jArr2[i29];
                jArr2[i29] = j18 ^ (jArr2[i37] & (((j18 >> ctz) & 1) - 1));
            }
            int i38 = i35;
            while (i38 < 32) {
                long j19 = jArr2[i38];
                jArr2[i38] = j19 ^ (jArr2[i29] & (-((j19 >> ctz) & 1)));
                i38++;
                ctz = ctz;
                c15 = 0;
            }
            i29 = i35;
            j15 = 0;
        }
        int i39 = 0;
        while (i39 < 32) {
            int i45 = i39 + 1;
            int i46 = i45;
            while (i46 < 64) {
                long same_mask64 = same_mask64((short) i46, (short) jArr3[i39]) & (sArr[r12] ^ sArr[r17]);
                sArr[i16 + i39] = (short) (sArr[r12] ^ same_mask64);
                sArr[i16 + i46] = (short) (same_mask64 ^ sArr[r17]);
                i46++;
                bArr3 = bArr3;
            }
            i39 = i45;
        }
        byte[] bArr4 = bArr3;
        int i47 = 0;
        while (i47 < this.PK_NROWS) {
            if (this.usePadding) {
                for (int i48 = 0; i48 < 9; i48++) {
                    bArr4[i48] = bArr[i47][i17 + i48];
                }
                int i49 = 0;
                while (i49 < 8) {
                    int i55 = i49 + 1;
                    bArr4[i49] = (byte) (((bArr4[i49] & 255) >> i18) | (bArr4[i55] << (8 - i18)));
                    i49 = i55;
                }
                bArr2 = bArr4;
                load8 = Utils.load8(bArr2, 0);
            } else {
                bArr2 = bArr4;
                load8 = Utils.load8(bArr[i47], i17);
            }
            int i56 = 0;
            while (i56 < i15) {
                long j25 = jArr3[i56];
                long j26 = ((load8 >> i56) ^ (load8 >> ((int) j25))) & 1;
                load8 = (j26 << i56) ^ ((j26 << ((int) j25)) ^ load8);
                i56++;
                i15 = 32;
            }
            if (this.usePadding) {
                Utils.store8(bArr2, 0, load8);
                byte[] bArr5 = bArr[i47];
                int i57 = i17 + 8;
                int i58 = 8 - i18;
                bArr5[i57] = (byte) ((((bArr5[i57] & 255) >>> i18) << i18) | ((bArr2[7] & 255) >>> i58));
                bArr5[i17] = (byte) (((bArr2[0] & 255) << i18) | (((bArr5[i17] & 255) << i58) >>> i58));
                for (int i59 = 7; i59 >= 1; i59--) {
                    bArr[i47][i17 + i59] = (byte) (((bArr2[i59] & 255) << i18) | ((bArr2[i59 - 1] & 255) >>> i58));
                }
            } else {
                Utils.store8(bArr[i47], i17, load8);
            }
            i47++;
            bArr4 = bArr2;
            i15 = 32;
        }
        return 0;
    }

    private int pk_gen(byte[] bArr, byte[] bArr2, int[] iArr, short[] sArr, long[] jArr) {
        int i15;
        int i16;
        int i17 = this.SYS_T;
        short[] sArr2 = new short[i17 + 1];
        sArr2[i17] = 1;
        for (int i18 = 0; i18 < this.SYS_T; i18++) {
            sArr2[i18] = Utils.load_gf(bArr2, (i18 * 2) + 40, this.GFMASK);
        }
        int i19 = 1 << this.GFBITS;
        long[] jArr2 = new long[i19];
        for (int i25 = 0; i25 < (1 << this.GFBITS); i25++) {
            long j15 = iArr[i25];
            jArr2[i25] = j15;
            long j16 = j15 << 31;
            jArr2[i25] = j16;
            long j17 = j16 | i25;
            jArr2[i25] = j17;
            jArr2[i25] = j17 & Long.MAX_VALUE;
        }
        sort64(jArr2, 0, i19);
        for (int i26 = 1; i26 < (1 << this.GFBITS); i26++) {
            if ((jArr2[i26 - 1] >> 31) == (jArr2[i26] >> 31)) {
                return -1;
            }
        }
        short[] sArr3 = new short[this.SYS_N];
        for (int i27 = 0; i27 < (1 << this.GFBITS); i27++) {
            sArr[i27] = (short) (jArr2[i27] & this.GFMASK);
        }
        int i28 = 0;
        while (true) {
            i15 = this.SYS_N;
            if (i28 >= i15) {
                break;
            }
            sArr3[i28] = Utils.bitrev(sArr[i28], this.GFBITS);
            i28++;
        }
        short[] sArr4 = new short[i15];
        root(sArr4, sArr2, sArr3);
        int i29 = 0;
        while (true) {
            i16 = this.SYS_N;
            if (i29 >= i16) {
                break;
            }
            sArr4[i29] = this.f341821gf.gf_inv(sArr4[i29]);
            i29++;
        }
        byte[][] bArr3 = (byte[][]) Array.newInstance((Class<?>) Byte.TYPE, this.PK_NROWS, i16 / 8);
        for (int i35 = 0; i35 < this.PK_NROWS; i35++) {
            for (int i36 = 0; i36 < this.SYS_N / 8; i36++) {
                bArr3[i35][i36] = 0;
            }
        }
        for (int i37 = 0; i37 < this.SYS_T; i37++) {
            for (int i38 = 0; i38 < this.SYS_N; i38 += 8) {
                int i39 = 0;
                while (true) {
                    int i45 = this.GFBITS;
                    if (i39 < i45) {
                        bArr3[(i45 * i37) + i39][i38 / 8] = (byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) ((sArr4[i38 + 7] >>> i39) & 1)) << 1)) | ((sArr4[i38 + 6] >>> i39) & 1))) << 1)) | ((sArr4[i38 + 5] >>> i39) & 1))) << 1)) | ((sArr4[i38 + 4] >>> i39) & 1))) << 1)) | ((sArr4[i38 + 3] >>> i39) & 1))) << 1)) | ((sArr4[i38 + 2] >>> i39) & 1))) << 1)) | ((sArr4[i38 + 1] >>> i39) & 1))) << 1)) | ((sArr4[i38] >>> i39) & 1));
                        i39++;
                    }
                }
            }
            for (int i46 = 0; i46 < this.SYS_N; i46++) {
                sArr4[i46] = this.f341821gf.gf_mul(sArr4[i46], sArr3[i46]);
            }
        }
        int i47 = 0;
        while (true) {
            int i48 = this.PK_NROWS;
            if (i47 >= (i48 + 7) / 8) {
                if (bArr != null) {
                    if (this.usePadding) {
                        int i49 = i48 % 8;
                        int i55 = 0;
                        int i56 = 0;
                        while (true) {
                            int i57 = this.PK_NROWS;
                            if (i55 >= i57) {
                                break;
                            }
                            int i58 = (i57 - 1) / 8;
                            while (i58 < (this.SYS_N / 8) - 1) {
                                byte[] bArr4 = bArr3[i55];
                                int i59 = (bArr4[i58] & 255) >>> i49;
                                i58++;
                                bArr[i56] = (byte) ((bArr4[i58] << (8 - i49)) | i59);
                                i56++;
                            }
                            bArr[i56] = (byte) ((bArr3[i55][i58] & 255) >>> i49);
                            i55++;
                            i56++;
                        }
                    } else {
                        for (int i64 = 0; i64 < this.PK_NROWS; i64++) {
                            int i65 = 0;
                            int i66 = 0;
                            while (true) {
                                int i67 = this.SYS_N;
                                int i68 = this.PK_NROWS;
                                if (i65 < ((i67 - i68) + 7) / 8) {
                                    bArr[((((i67 - i68) + 7) / 8) * i64) + i66] = bArr3[i64][(i68 / 8) + i65];
                                    i66++;
                                    i65++;
                                }
                            }
                        }
                    }
                }
                return 0;
            }
            for (int i69 = 0; i69 < 8; i69++) {
                int i74 = (i47 * 8) + i69;
                int i75 = this.PK_NROWS;
                if (i74 >= i75) {
                    break;
                }
                if (this.usePivots && i74 == i75 - 32) {
                    if (mov_columns(bArr3, sArr, jArr) != 0) {
                        return -1;
                    }
                }
                for (int i76 = i74 + 1; i76 < this.PK_NROWS; i76++) {
                    byte b5 = (byte) (-((byte) (((byte) (((byte) (bArr3[i74][i47] ^ bArr3[i76][i47])) >> i69)) & 1)));
                    for (int i77 = 0; i77 < this.SYS_N / 8; i77++) {
                        byte[] bArr5 = bArr3[i74];
                        bArr5[i77] = (byte) (bArr5[i77] ^ (bArr3[i76][i77] & b5));
                    }
                }
                if (((bArr3[i74][i47] >> i69) & 1) == 0) {
                    return -1;
                }
                for (int i78 = 0; i78 < this.PK_NROWS; i78++) {
                    if (i78 != i74) {
                        byte b15 = (byte) (-((byte) (((byte) (bArr3[i78][i47] >> i69)) & 1)));
                        for (int i79 = 0; i79 < this.SYS_N / 8; i79++) {
                            byte[] bArr6 = bArr3[i78];
                            bArr6[i79] = (byte) (bArr6[i79] ^ (bArr3[i74][i79] & b15));
                        }
                    }
                }
            }
            i47++;
        }
    }

    private void root(short[] sArr, short[] sArr2, short[] sArr3) {
        for (int i15 = 0; i15 < this.SYS_N; i15++) {
            sArr[i15] = eval(sArr2, sArr3[i15]);
        }
    }

    private static byte same_mask32(short s15, short s16) {
        return (byte) ((-(((s15 ^ s16) - 1) >>> 31)) & 255);
    }

    private static long same_mask64(short s15, short s16) {
        return -(((s15 ^ s16) - 1) >>> 63);
    }

    private static void sort32(int[] iArr, int i15, int i16) {
        int i17 = i16 - i15;
        if (i17 < 2) {
            return;
        }
        int i18 = 1;
        while (i18 < i17 - i18) {
            i18 += i18;
        }
        for (int i19 = i18; i19 > 0; i19 >>>= 1) {
            int i25 = 0;
            for (int i26 = 0; i26 < i17 - i19; i26++) {
                if ((i26 & i19) == 0) {
                    int i27 = i15 + i26;
                    int i28 = i27 + i19;
                    int i29 = iArr[i28];
                    int i35 = iArr[i27];
                    int i36 = i29 ^ i35;
                    int i37 = i29 - i35;
                    int i38 = ((((i29 ^ i37) & i36) ^ i37) >> 31) & i36;
                    iArr[i27] = i35 ^ i38;
                    iArr[i28] = iArr[i28] ^ i38;
                }
            }
            for (int i39 = i18; i39 > i19; i39 >>>= 1) {
                while (i25 < i17 - i39) {
                    if ((i25 & i19) == 0) {
                        int i45 = i15 + i25;
                        int i46 = i45 + i19;
                        int i47 = iArr[i46];
                        for (int i48 = i39; i48 > i19; i48 >>>= 1) {
                            int i49 = i45 + i48;
                            int i55 = iArr[i49];
                            int i56 = i55 ^ i47;
                            int i57 = i55 - i47;
                            int i58 = i56 & ((i57 ^ ((i57 ^ i55) & i56)) >> 31);
                            i47 ^= i58;
                            iArr[i49] = i55 ^ i58;
                        }
                        iArr[i46] = i47;
                    }
                    i25++;
                }
            }
        }
    }

    private static void sort64(long[] jArr, int i15, int i16) {
        int i17 = i16 - i15;
        if (i17 < 2) {
            return;
        }
        int i18 = 1;
        while (i18 < i17 - i18) {
            i18 += i18;
        }
        for (int i19 = i18; i19 > 0; i19 >>>= 1) {
            int i25 = 0;
            for (int i26 = 0; i26 < i17 - i19; i26++) {
                if ((i26 & i19) == 0) {
                    int i27 = i15 + i26;
                    int i28 = i27 + i19;
                    long j15 = jArr[i28];
                    long j16 = jArr[i27];
                    long j17 = (j15 ^ j16) & (-((j15 - j16) >>> 63));
                    jArr[i27] = j16 ^ j17;
                    jArr[i28] = jArr[i28] ^ j17;
                }
            }
            for (int i29 = i18; i29 > i19; i29 >>>= 1) {
                while (i25 < i17 - i29) {
                    if ((i25 & i19) == 0) {
                        int i35 = i15 + i25;
                        int i36 = i35 + i19;
                        long j18 = jArr[i36];
                        for (int i37 = i29; i37 > i19; i37 >>>= 1) {
                            int i38 = i35 + i37;
                            long j19 = jArr[i38];
                            long j25 = (-((j19 - j18) >>> 63)) & (j18 ^ j19);
                            j18 ^= j25;
                            jArr[i38] = j19 ^ j25;
                        }
                        jArr[i36] = j18;
                    }
                    i25++;
                }
            }
        }
    }

    private void synd(short[] sArr, short[] sArr2, short[] sArr3, byte[] bArr) {
        for (int i15 = 0; i15 < this.SYS_T * 2; i15++) {
            sArr[i15] = 0;
        }
        for (int i16 = 0; i16 < this.SYS_N; i16++) {
            short s15 = (short) ((bArr[i16 / 8] >> (i16 % 8)) & 1);
            short eval = eval(sArr2, sArr3[i16]);
            GF gf4 = this.f341821gf;
            short gf_inv = gf4.gf_inv(gf4.gf_mul(eval, eval));
            for (int i17 = 0; i17 < this.SYS_T * 2; i17++) {
                GF gf5 = this.f341821gf;
                sArr[i17] = gf5.gf_add(sArr[i17], gf5.gf_mul(gf_inv, s15));
                gf_inv = this.f341821gf.gf_mul(gf_inv, sArr3[i16]);
            }
        }
    }

    private void syndrome(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        short[] sArr = new short[this.SYS_N / 8];
        int i15 = this.PK_NROWS % 8;
        for (int i16 = 0; i16 < this.SYND_BYTES; i16++) {
            bArr[i16] = 0;
        }
        int i17 = 0;
        for (int i18 = 0; i18 < this.PK_NROWS; i18++) {
            for (int i19 = 0; i19 < this.SYS_N / 8; i19++) {
                sArr[i19] = 0;
            }
            int i25 = 0;
            while (true) {
                int i26 = this.PK_ROW_BYTES;
                if (i25 >= i26) {
                    break;
                }
                sArr[((this.SYS_N / 8) - i26) + i25] = bArr2[i17 + i25];
                i25++;
            }
            if (this.usePadding) {
                for (int i27 = (this.SYS_N / 8) - 1; i27 >= (this.SYS_N / 8) - this.PK_ROW_BYTES; i27--) {
                    sArr[i27] = (short) ((((sArr[i27] & 255) << i15) | ((sArr[i27 - 1] & 255) >>> (8 - i15))) & 255);
                }
            }
            int i28 = i18 / 8;
            int i29 = i18 % 8;
            sArr[i28] = (short) (sArr[i28] | (1 << i29));
            byte b5 = 0;
            for (int i35 = 0; i35 < this.SYS_N / 8; i35++) {
                b5 = (byte) (b5 ^ (sArr[i35] & bArr3[i35]));
            }
            byte b15 = (byte) ((b5 >>> 4) ^ b5);
            byte b16 = (byte) (b15 ^ (b15 >>> 2));
            bArr[i28] = (byte) ((((byte) (1 & ((byte) (b16 ^ (b16 >>> 1))))) << i29) | bArr[i28]);
            i17 += this.PK_ROW_BYTES;
        }
    }

    public int check_c_padding(byte[] bArr) {
        return ((byte) ((((byte) (((byte) ((bArr[this.SYND_BYTES - 1] & 255) >>> (this.PK_NROWS % 8))) - 1)) & 255) >>> 7)) - 1;
    }

    public int check_pk_padding(byte[] bArr) {
        byte b5 = 0;
        for (int i15 = 0; i15 < this.PK_NROWS; i15++) {
            int i16 = this.PK_ROW_BYTES;
            b5 = (byte) (b5 | bArr[((i15 * i16) + i16) - 1]);
        }
        return ((byte) ((((byte) (((byte) ((b5 & 255) >>> (this.PK_NCOLS % 8))) - 1)) & 255) >>> 7)) - 1;
    }

    public byte[] decompress_private_key(byte[] bArr) {
        int i15;
        byte[] bArr2 = new byte[getPrivateKeySize()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        int i16 = ((1 << this.GFBITS) * 4) + (this.SYS_N / 8) + this.IRR_BYTES;
        int i17 = i16 + 32;
        byte[] bArr3 = new byte[i17];
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i17);
        if (bArr.length <= 40) {
            short[] sArr = new short[this.SYS_T];
            int i18 = this.IRR_BYTES;
            byte[] bArr4 = new byte[i18];
            int i19 = i16 - i18;
            for (int i25 = 0; i25 < this.SYS_T; i25++) {
                sArr[i25] = Utils.load_gf(bArr3, (i25 * 2) + i19, this.GFMASK);
            }
            generate_irr_poly(sArr);
            for (int i26 = 0; i26 < this.SYS_T; i26++) {
                Utils.store_gf(bArr4, i26 * 2, sArr[i26]);
            }
            System.arraycopy(bArr4, 0, bArr2, 40, this.IRR_BYTES);
        }
        int length = bArr.length;
        int i27 = this.IRR_BYTES;
        if (length <= i27 + 40) {
            int i28 = this.GFBITS;
            int[] iArr = new int[1 << i28];
            short[] sArr2 = new short[1 << i28];
            int i29 = (i16 - i27) - ((1 << i28) * 4);
            int i35 = 0;
            while (true) {
                i15 = this.GFBITS;
                if (i35 >= (1 << i15)) {
                    break;
                }
                iArr[i35] = Utils.load4(bArr3, (i35 * 4) + i29);
                i35++;
            }
            if (this.usePivots) {
                pk_gen(null, bArr2, iArr, sArr2, new long[]{0});
            } else {
                int i36 = 1 << i15;
                long[] jArr = new long[i36];
                for (int i37 = 0; i37 < (1 << this.GFBITS); i37++) {
                    long j15 = iArr[i37];
                    jArr[i37] = j15;
                    long j16 = j15 << 31;
                    jArr[i37] = j16;
                    long j17 = j16 | i37;
                    jArr[i37] = j17;
                    jArr[i37] = j17 & Long.MAX_VALUE;
                }
                sort64(jArr, 0, i36);
                for (int i38 = 0; i38 < (1 << this.GFBITS); i38++) {
                    sArr2[i38] = (short) (jArr[i38] & this.GFMASK);
                }
            }
            int i39 = this.COND_BYTES;
            byte[] bArr5 = new byte[i39];
            controlbitsfrompermutation(bArr5, sArr2, this.GFBITS, 1 << r2);
            System.arraycopy(bArr5, 0, bArr2, this.IRR_BYTES + 40, i39);
        }
        int privateKeySize = getPrivateKeySize();
        int i45 = this.SYS_N;
        System.arraycopy(bArr3, 0, bArr2, privateKeySize - (i45 / 8), i45 / 8);
        return bArr2;
    }

    public byte[] generate_public_key_from_private_key(byte[] bArr) {
        byte[] bArr2 = new byte[getPublicKeySize()];
        int i15 = this.GFBITS;
        short[] sArr = new short[1 << i15];
        long[] jArr = {0};
        int[] iArr = new int[1 << i15];
        int i16 = ((1 << i15) * 4) + (this.SYS_N / 8);
        byte[] bArr3 = new byte[i16];
        int i17 = ((i16 - 32) - this.IRR_BYTES) - ((1 << i15) * 4);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i16);
        for (int i18 = 0; i18 < (1 << this.GFBITS); i18++) {
            iArr[i18] = Utils.load4(bArr3, (i18 * 4) + i17);
        }
        pk_gen(bArr2, bArr, iArr, sArr, jArr);
        return bArr2;
    }

    public int getCipherTextSize() {
        return this.SYND_BYTES + 32;
    }

    public int getCondBytes() {
        return this.COND_BYTES;
    }

    public int getDefaultSessionKeySize() {
        return this.defaultKeySize;
    }

    public int getIrrBytes() {
        return this.IRR_BYTES;
    }

    public int getPrivateKeySize() {
        return (this.SYS_N / 8) + this.COND_BYTES + this.IRR_BYTES + 40;
    }

    public int getPublicKeySize() {
        if (!this.usePadding) {
            return (this.PK_NROWS * this.PK_NCOLS) / 8;
        }
        int i15 = this.PK_NROWS;
        return ((this.SYS_N / 8) - ((i15 - 1) / 8)) * i15;
    }

    public int kem_dec(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[32];
        int i15 = this.SYS_N / 8;
        byte[] bArr5 = new byte[i15];
        int check_c_padding = this.usePadding ? check_c_padding(bArr2) : 0;
        byte decrypt = (byte) decrypt(bArr5, bArr3, bArr2);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 2);
        sHAKEDigest.update(bArr5, 0, i15);
        sHAKEDigest.doFinal(bArr4, 0, 32);
        byte b5 = 0;
        for (int i16 = 0; i16 < 32; i16++) {
            b5 = (byte) (b5 | (bArr4[i16] ^ bArr2[this.SYND_BYTES + i16]));
        }
        short s15 = (short) (((short) (((short) (((short) (decrypt | b5)) - 1)) >> 8)) & 255);
        int i17 = this.SYND_BYTES + 32 + (this.SYS_N / 8) + 1;
        byte[] bArr6 = new byte[i17];
        bArr6[0] = (byte) (s15 & 1);
        int i18 = 0;
        while (i18 < this.SYS_N / 8) {
            int i19 = i18 + 1;
            bArr6[i19] = (byte) ((bArr3[i18 + 40 + this.IRR_BYTES + this.COND_BYTES] & (~s15)) | (bArr5[i18] & s15));
            i18 = i19;
        }
        for (int i25 = 0; i25 < this.SYND_BYTES + 32; i25++) {
            bArr6[(this.SYS_N / 8) + 1 + i25] = bArr2[i25];
        }
        SHAKEDigest sHAKEDigest2 = new SHAKEDigest(256);
        sHAKEDigest2.update(bArr6, 0, i17);
        sHAKEDigest2.doFinal(bArr, 0, bArr.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b15 = (byte) check_c_padding;
        for (int i26 = 0; i26 < bArr.length; i26++) {
            bArr[i26] = (byte) (bArr[i26] | b15);
        }
        return check_c_padding;
    }

    public int kem_enc(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        int i15 = this.SYS_N / 8;
        byte[] bArr4 = new byte[i15];
        int check_pk_padding = this.usePadding ? check_pk_padding(bArr3) : 0;
        encrypt(bArr, bArr3, bArr4, secureRandom);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 2);
        sHAKEDigest.update(bArr4, 0, i15);
        sHAKEDigest.doFinal(bArr, this.SYND_BYTES, 32);
        sHAKEDigest.update((byte) 1);
        sHAKEDigest.update(bArr4, 0, i15);
        sHAKEDigest.update(bArr, 0, bArr.length);
        sHAKEDigest.doFinal(bArr2, 0, bArr2.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b5 = (byte) (((byte) check_pk_padding) ^ 255);
        for (int i16 = 0; i16 < this.SYND_BYTES + 32; i16++) {
            bArr[i16] = (byte) (bArr[i16] & b5);
        }
        for (int i17 = 0; i17 < 32; i17++) {
            bArr2[i17] = (byte) (bArr2[i17] & b5);
        }
        return check_pk_padding;
    }

    public void kem_keypair(byte[] bArr, byte[] bArr2, SecureRandom secureRandom) {
        int i15;
        int i16;
        short[] sArr;
        byte[] bArr3;
        SHAKEDigest sHAKEDigest;
        int i17;
        long j15;
        int i18 = 32;
        byte[] bArr4 = new byte[32];
        int i19 = 0;
        byte[] bArr5 = {64};
        secureRandom.nextBytes(bArr4);
        int i25 = (this.SYS_T * 2) + ((1 << this.GFBITS) * 4) + (this.SYS_N / 8);
        int i26 = i25 + 32;
        byte[] bArr6 = new byte[i26];
        long[] jArr = {0};
        SHAKEDigest sHAKEDigest2 = new SHAKEDigest(256);
        byte[] bArr7 = bArr4;
        while (true) {
            sHAKEDigest2.update(bArr5, i19, 1);
            sHAKEDigest2.update(bArr4, i19, bArr4.length);
            sHAKEDigest2.doFinal(bArr6, i19, i26);
            byte[] copyOfRange = Arrays.copyOfRange(bArr6, i25, i25 + 32);
            System.arraycopy(bArr7, i19, bArr2, i19, i18);
            byte[] copyOfRange2 = Arrays.copyOfRange(copyOfRange, i19, i18);
            int i27 = this.SYS_T;
            short[] sArr2 = new short[i27];
            int i28 = i25 - (i27 * 2);
            for (int i29 = i19; i29 < this.SYS_T; i29++) {
                sArr2[i29] = Utils.load_gf(bArr6, (i29 * 2) + i28, this.GFMASK);
            }
            if (generate_irr_poly(sArr2) != -1) {
                for (int i35 = i19; i35 < this.SYS_T; i35++) {
                    Utils.store_gf(bArr2, (i35 * 2) + 40, sArr2[i35]);
                }
                int i36 = this.GFBITS;
                int[] iArr = new int[1 << i36];
                i15 = i28 - ((1 << i36) * 4);
                int i37 = 0;
                while (true) {
                    i16 = this.GFBITS;
                    if (i37 >= (1 << i16)) {
                        break;
                    }
                    iArr[i37] = Utils.load4(bArr6, (i37 * 4) + i15);
                    i37++;
                }
                sArr = new short[1 << i16];
                bArr3 = copyOfRange;
                sHAKEDigest = sHAKEDigest2;
                if (pk_gen(bArr, bArr2, iArr, sArr, jArr) != -1) {
                    break;
                }
            } else {
                bArr3 = copyOfRange;
                sHAKEDigest = sHAKEDigest2;
            }
            bArr7 = copyOfRange2;
            bArr4 = bArr3;
            sHAKEDigest2 = sHAKEDigest;
            i18 = 32;
            i19 = 0;
        }
        int i38 = this.COND_BYTES;
        byte[] bArr8 = new byte[i38];
        controlbitsfrompermutation(bArr8, sArr, this.GFBITS, 1 << r2);
        System.arraycopy(bArr8, 0, bArr2, this.IRR_BYTES + 40, i38);
        int i39 = this.SYS_N;
        System.arraycopy(bArr6, i15 - (i39 / 8), bArr2, bArr2.length - (i39 / 8), i39 / 8);
        if (this.usePivots) {
            i17 = 32;
            j15 = jArr[0];
        } else {
            j15 = BodyPartID.bodyIdMax;
            i17 = 32;
        }
        Utils.store8(bArr2, i17, j15);
    }
}
