package org.bouncycastle.pqc.crypto.cmce;

import com.jcraft.jzlib.GZIPHeader;
import java.lang.reflect.Array;
import java.security.SecureRandom;
import org.apache.commons.net.bsd.RCommandClient;
import org.bouncycastle.crypto.digests.SHAKEDigest;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes8.dex */
public class CMCEEngine {
    private int COND_BYTES;
    private int GFBITS;
    private int GFMASK;
    private int IRR_BYTES;
    private int PK_NCOLS;
    private int PK_NROWS;
    private int PK_ROW_BYTES;
    private int SYND_BYTES;
    private int SYS_N;
    private int SYS_T;
    private BENES benes;
    private boolean countErrorIndices;
    private final int defaultKeySize;
    private GF gf;
    private int[] poly;
    private boolean usePadding;
    private boolean usePivots;

    public CMCEEngine(int i10, int i11, int i12, int[] iArr, boolean z10, int i13) {
        BENES benes13;
        this.usePivots = z10;
        this.SYS_N = i11;
        this.SYS_T = i12;
        this.GFBITS = i10;
        this.poly = iArr;
        this.defaultKeySize = i13;
        this.IRR_BYTES = i12 * 2;
        this.COND_BYTES = ((i10 * 2) - 1) * (1 << (i10 - 4));
        int i14 = i12 * i10;
        this.PK_NROWS = i14;
        int i15 = i11 - i14;
        this.PK_NCOLS = i15;
        this.PK_ROW_BYTES = (i15 + 7) / 8;
        this.SYND_BYTES = (i14 + 7) / 8;
        this.GFMASK = (1 << i10) - 1;
        if (i10 == 12) {
            this.gf = new GF12();
            benes13 = new BENES12(this.SYS_N, this.SYS_T, this.GFBITS);
        } else {
            this.gf = new GF13();
            benes13 = new BENES13(this.SYS_N, this.SYS_T, this.GFBITS);
        }
        this.benes = benes13;
        this.usePadding = this.SYS_T % 8 != 0;
        this.countErrorIndices = (1 << this.GFBITS) > this.SYS_N;
    }

    private void bm(short[] sArr, short[] sArr2) {
        int i10;
        int i11 = this.SYS_T;
        short[] sArr3 = new short[i11 + 1];
        short[] sArr4 = new short[i11 + 1];
        short s10 = 1;
        short[] sArr5 = new short[i11 + 1];
        int i12 = 0;
        for (int i13 = 0; i13 < this.SYS_T + 1; i13++) {
            sArr5[i13] = 0;
            sArr4[i13] = 0;
        }
        sArr4[0] = 1;
        sArr5[1] = 1;
        short s11 = 1;
        short s12 = 0;
        short s13 = 0;
        while (s12 < this.SYS_T * 2) {
            int i14 = 0;
            for (int i15 = 0; i15 <= min(s12, this.SYS_T); i15++) {
                i14 ^= this.gf.gf_mul_ext(sArr4[i15], sArr2[s12 - i15]);
            }
            short gf_reduce = this.gf.gf_reduce(i14);
            short s14 = (short) (((short) (((short) (((short) (gf_reduce - 1)) >> 15)) & s10)) - s10);
            short s15 = (short) (((short) (((short) (((short) (((short) (s12 - (s13 * 2))) >> 15)) & s10)) - s10)) & s14);
            for (int i16 = 0; i16 <= this.SYS_T; i16++) {
                sArr3[i16] = sArr4[i16];
            }
            short gf_frac = this.gf.gf_frac(s11, gf_reduce);
            int i17 = 0;
            while (true) {
                i10 = this.SYS_T;
                if (i17 > i10) {
                    break;
                }
                sArr4[i17] = (short) ((this.gf.gf_mul(gf_frac, sArr5[i17]) & s14) ^ sArr4[i17]);
                i17++;
            }
            int i18 = ~s15;
            int i19 = s12 + 1;
            s13 = (short) (((i19 - s13) & s15) | (s13 & i18));
            for (int i20 = i10 - 1; i20 >= 0; i20--) {
                sArr5[i20 + 1] = (short) ((sArr5[i20] & i18) | (sArr3[i20] & s15));
            }
            sArr5[0] = 0;
            s11 = (short) ((i18 & s11) | (gf_reduce & s15));
            s12 = (short) i19;
            s10 = 1;
        }
        while (true) {
            int i21 = this.SYS_T;
            if (i12 > i21) {
                return;
            }
            sArr[i12] = sArr4[i21 - i12];
            i12++;
        }
    }

    public static void cbrecursion(byte[] bArr, long j10, long j11, short[] sArr, int i10, long j12, long j13, int[] iArr) {
        long j14;
        long j15 = j13;
        if (j12 == 1) {
            int i11 = (int) (j10 >> 3);
            bArr[i11] = (byte) ((get_q_short(iArr, i10) << ((int) (j10 & 7))) ^ bArr[i11]);
            return;
        }
        if (sArr != null) {
            for (long j16 = 0; j16 < j15; j16++) {
                int i12 = (int) j16;
                iArr[i12] = sArr[(int) (j16 ^ 1)] | ((sArr[i12] ^ 1) << 16);
            }
        } else {
            for (long j17 = 0; j17 < j15; j17++) {
                long j18 = i10;
                iArr[(int) j17] = ((get_q_short(iArr, (int) (j18 + j17)) ^ 1) << 16) | get_q_short(iArr, (int) (j18 + (j17 ^ 1)));
            }
        }
        int i13 = (int) j15;
        sort32(iArr, 0, i13);
        for (long j19 = 0; j19 < j15; j19++) {
            int i14 = (int) j19;
            int i15 = 65535 & iArr[i14];
            if (j19 >= i15) {
                i14 = i15;
            }
            iArr[(int) (j15 + j19)] = i14 | (i15 << 16);
        }
        for (long j20 = 0; j20 < j15; j20++) {
            iArr[(int) j20] = (int) ((iArr[r7] << 16) | j20);
        }
        sort32(iArr, 0, i13);
        for (long j21 = 0; j21 < j15; j21++) {
            int i16 = (int) j21;
            iArr[i16] = (iArr[i16] << 16) + (iArr[(int) (j15 + j21)] >> 16);
        }
        sort32(iArr, 0, i13);
        if (j12 <= 10) {
            for (long j22 = 0; j22 < j15; j22++) {
                int i17 = (int) (j15 + j22);
                iArr[i17] = ((iArr[(int) j22] & 65535) << 10) | (iArr[i17] & RCommandClient.MAX_CLIENT_PORT);
            }
            long j23 = 1;
            for (long j24 = 1; j23 < j12 - j24; j24 = 1) {
                long j25 = 0;
                while (j25 < j15) {
                    iArr[(int) j25] = (int) (((iArr[(int) (j15 + j25)] & (-1024)) << 6) | j25);
                    j25++;
                    j23 = j23;
                }
                long j26 = j23;
                sort32(iArr, 0, i13);
                for (long j27 = 0; j27 < j15; j27++) {
                    int i18 = (int) j27;
                    iArr[i18] = (iArr[i18] << 20) | iArr[(int) (j15 + j27)];
                }
                sort32(iArr, 0, i13);
                for (long j28 = 0; j28 < j15; j28++) {
                    int i19 = iArr[(int) j28];
                    int i20 = 1048575 & i19;
                    int i21 = (int) (j15 + j28);
                    int i22 = (i19 & 1047552) | (iArr[i21] & RCommandClient.MAX_CLIENT_PORT);
                    if (i20 >= i22) {
                        i20 = i22;
                    }
                    iArr[i21] = i20;
                }
                j23 = j26 + 1;
            }
            for (long j29 = 0; j29 < j15; j29++) {
                int i23 = (int) (j15 + j29);
                iArr[i23] = iArr[i23] & RCommandClient.MAX_CLIENT_PORT;
            }
        } else {
            for (long j30 = 0; j30 < j15; j30++) {
                int i24 = (int) (j15 + j30);
                iArr[i24] = (iArr[(int) j30] << 16) | (iArr[i24] & 65535);
            }
            long j31 = 1;
            for (long j32 = 1; j31 < j12 - j32; j32 = 1) {
                for (long j33 = 0; j33 < j15; j33++) {
                    iArr[(int) j33] = (int) ((iArr[(int) (j15 + j33)] & (-65536)) | j33);
                }
                sort32(iArr, 0, i13);
                for (long j34 = 0; j34 < j15; j34++) {
                    int i25 = (int) j34;
                    iArr[i25] = (iArr[i25] << 16) | (iArr[(int) (j15 + j34)] & 65535);
                }
                if (j31 < j12 - 2) {
                    for (long j35 = 0; j35 < j15; j35++) {
                        int i26 = (int) (j15 + j35);
                        iArr[i26] = (iArr[(int) j35] & (-65536)) | (iArr[i26] >> 16);
                    }
                    sort32(iArr, i13, (int) (j15 * 2));
                    for (long j36 = 0; j36 < j15; j36++) {
                        int i27 = (int) (j15 + j36);
                        iArr[i27] = (iArr[i27] << 16) | (iArr[(int) j36] & 65535);
                    }
                }
                sort32(iArr, 0, i13);
                for (long j37 = 0; j37 < j15; j37++) {
                    int i28 = (int) (j15 + j37);
                    int i29 = iArr[i28];
                    int i30 = (i29 & (-65536)) | (iArr[(int) j37] & 65535);
                    if (i30 < i29) {
                        iArr[i28] = i30;
                    }
                }
                j31++;
            }
            for (long j38 = 0; j38 < j15; j38++) {
                int i31 = (int) (j15 + j38);
                iArr[i31] = iArr[i31] & 65535;
            }
        }
        long j39 = 0;
        if (sArr != null) {
            while (j39 < j15) {
                iArr[(int) j39] = (int) ((sArr[r0] << 16) + j39);
                j39++;
            }
        } else {
            while (j39 < j15) {
                iArr[(int) j39] = (int) ((get_q_short(iArr, (int) (i10 + j39)) << 16) + j39);
                j39++;
            }
        }
        sort32(iArr, 0, i13);
        long j40 = j10;
        long j41 = 2;
        long j42 = 0;
        while (true) {
            j14 = j15 / j41;
            if (j42 >= j14) {
                break;
            }
            long j43 = j42 * j41;
            long j44 = j15 + j43;
            int i32 = (int) j44;
            int i33 = iArr[i32] & 1;
            int i34 = (int) (i33 + j43);
            int i35 = (int) (j40 >> 3);
            bArr[i35] = (byte) ((i33 << ((int) (j40 & 7))) ^ bArr[i35]);
            j40 += j11;
            iArr[i32] = (iArr[(int) j43] << 16) | i34;
            iArr[(int) (j44 + 1)] = (iArr[(int) (j43 + 1)] << 16) | (i34 ^ 1);
            j42++;
            j15 = j13;
            i13 = i13;
            j41 = 2;
        }
        long j45 = j41;
        long j46 = j13 * j45;
        sort32(iArr, i13, (int) j46);
        long j47 = j12 * j45;
        long j48 = ((j47 - 3) * j11 * j14) + j40;
        long j49 = 0;
        while (j49 < j14) {
            long j50 = j49 * j45;
            long j51 = j13 + j50;
            int i36 = iArr[(int) j51];
            int i37 = i36 & 1;
            long j52 = j48;
            int i38 = (int) (i37 + j50);
            long j53 = j46;
            int i39 = (int) (j52 >> 3);
            bArr[i39] = (byte) (bArr[i39] ^ (i37 << ((int) (j52 & 7))));
            iArr[(int) j50] = (i36 & 65535) | (i38 << 16);
            iArr[(int) (j50 + 1)] = (iArr[(int) (j51 + 1)] & 65535) | ((i38 ^ 1) << 16);
            j49++;
            j48 = j52 + j11;
            j46 = j53;
            j47 = j47;
            j45 = 2;
        }
        long j54 = j46;
        sort32(iArr, 0, i13);
        long j55 = 2;
        long j56 = j48 - (((j47 - 2) * j11) * j14);
        short[] sArr2 = new short[i13 * 4];
        long j57 = 0;
        while (j57 < j54) {
            long j58 = j57 * j55;
            int i40 = iArr[(int) j57];
            sArr2[(int) j58] = (short) i40;
            sArr2[(int) (j58 + 1)] = (short) ((i40 & (-65536)) >> 16);
            j57++;
            j55 = 2;
        }
        for (long j59 = 0; j59 < j14; j59++) {
            long j60 = j59 * 2;
            sArr2[(int) j59] = (short) ((iArr[(int) j60] & 65535) >>> 1);
            sArr2[(int) (j59 + j14)] = (short) ((iArr[(int) (j60 + 1)] & 65535) >>> 1);
        }
        for (long j61 = 0; j61 < j14; j61++) {
            long j62 = j61 * 2;
            iArr[(int) ((j13 / 4) + j13 + j61)] = (sArr2[(int) (j62 + 1)] << 16) | sArr2[(int) j62];
        }
        long j63 = j11 * 2;
        long j64 = (j13 / 4) + j13;
        long j65 = j12 - 1;
        cbrecursion(bArr, j56, j63, null, ((int) j64) * 2, j65, j14, iArr);
        cbrecursion(bArr, j56 + j11, j63, null, (int) ((j64 * 2) + j14), j65, j14, iArr);
    }

    private static void controlbitsfrompermutation(byte[] bArr, short[] sArr, long j10, long j11) {
        long j12 = 2;
        int[] iArr = new int[(int) (j11 * 2)];
        int i10 = (int) j11;
        short[] sArr2 = new short[i10];
        while (true) {
            short s10 = 0;
            for (int i11 = 0; i11 < (((((j10 * j12) - 1) * j11) / j12) + 7) / 8; i11++) {
                bArr[i11] = 0;
            }
            int i12 = i10;
            short[] sArr3 = sArr2;
            int[] iArr2 = iArr;
            cbrecursion(bArr, 0L, 1L, sArr, 0, j10, j11, iArr);
            for (int i13 = 0; i13 < j11; i13++) {
                sArr3[i13] = (short) i13;
            }
            int i14 = 0;
            for (int i15 = 0; i15 < j10; i15++) {
                layer(sArr3, bArr, i14, i15, i12);
                i14 = (int) (i14 + (j11 >> 4));
            }
            for (int i16 = (int) (j10 - 2); i16 >= 0; i16--) {
                layer(sArr3, bArr, i14, i16, i12);
                i14 = (int) (i14 + (j11 >> 4));
            }
            int i17 = 0;
            while (i17 < j11) {
                short s11 = (short) (s10 | (sArr[i17] ^ sArr3[i17]));
                i17++;
                s10 = s11;
            }
            if (s10 == 0) {
                return;
            }
            sArr2 = sArr3;
            i10 = i12;
            iArr = iArr2;
            j12 = 2;
        }
    }

    private static int ctz(long j10) {
        long j11 = ~j10;
        long j12 = 72340172838076673L;
        long j13 = 0;
        for (int i10 = 0; i10 < 8; i10++) {
            j12 &= j11 >>> i10;
            j13 += j12;
        }
        long j14 = 578721382704613384L & j13;
        long j15 = j14 | (j14 >>> 1);
        long j16 = j15 | (j15 >>> 2);
        long j17 = j13 >>> 8;
        long j18 = j13 + (j17 & j16);
        for (int i11 = 2; i11 < 8; i11++) {
            j16 &= j16 >>> 8;
            j17 >>>= 8;
            j18 += j17 & j16;
        }
        return ((int) j18) & 255;
    }

    private int decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i10;
        int i11;
        int i12 = this.SYS_T;
        short[] sArr = new short[i12 + 1];
        int i13 = this.SYS_N;
        short[] sArr2 = new short[i13];
        short[] sArr3 = new short[i12 * 2];
        short[] sArr4 = new short[i12 * 2];
        short[] sArr5 = new short[i12 + 1];
        short[] sArr6 = new short[i13];
        byte[] bArr4 = new byte[i13 / 8];
        int i14 = 0;
        while (true) {
            i10 = this.SYND_BYTES;
            if (i14 >= i10) {
                break;
            }
            bArr4[i14] = bArr3[i14];
            i14++;
        }
        while (i10 < this.SYS_N / 8) {
            bArr4[i10] = 0;
            i10++;
        }
        int i15 = 0;
        while (true) {
            i11 = this.SYS_T;
            if (i15 >= i11) {
                break;
            }
            sArr[i15] = Utils.load_gf(bArr2, (i15 * 2) + 40, this.GFMASK);
            i15++;
        }
        sArr[i11] = 1;
        this.benes.support_gen(sArr2, bArr2);
        synd(sArr3, sArr, sArr2, bArr4);
        bm(sArr5, sArr3);
        root(sArr6, sArr5, sArr2);
        for (int i16 = 0; i16 < this.SYS_N / 8; i16++) {
            bArr[i16] = 0;
        }
        int i17 = 0;
        for (int i18 = 0; i18 < this.SYS_N; i18++) {
            short gf_iszero = (short) (this.gf.gf_iszero(sArr6[i18]) & 1);
            int i19 = i18 / 8;
            bArr[i19] = (byte) (bArr[i19] | (gf_iszero << (i18 % 8)));
            i17 += gf_iszero;
        }
        synd(sArr4, sArr, sArr2, bArr);
        int i20 = this.SYS_T ^ i17;
        for (int i21 = 0; i21 < this.SYS_T * 2; i21++) {
            i20 |= sArr3[i21] ^ sArr4[i21];
        }
        return (((i20 - 1) >> 15) & 1) ^ 1;
    }

    private void encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        generate_error_vector(bArr3, secureRandom);
        syndrome(bArr, bArr2, bArr3);
    }

    private short eval(short[] sArr, short s10) {
        int i10 = this.SYS_T;
        short s11 = sArr[i10];
        for (int i11 = i10 - 1; i11 >= 0; i11--) {
            s11 = (short) (this.gf.gf_mul(s11, s10) ^ sArr[i11]);
        }
        return s11;
    }

    private void generate_error_vector(byte[] bArr, SecureRandom secureRandom) {
        int i10;
        int i11 = this.SYS_T;
        short[] sArr = new short[i11 * 2];
        short[] sArr2 = new short[i11];
        byte[] bArr2 = new byte[i11];
        while (true) {
            if (this.countErrorIndices) {
                byte[] bArr3 = new byte[this.SYS_T * 4];
                secureRandom.nextBytes(bArr3);
                for (int i12 = 0; i12 < this.SYS_T * 2; i12++) {
                    sArr[i12] = Utils.load_gf(bArr3, i12 * 2, this.GFMASK);
                }
                int i13 = 0;
                int i14 = 0;
                while (true) {
                    i10 = this.SYS_T;
                    if (i13 >= i10 * 2 || i14 >= i10) {
                        break;
                    }
                    short s10 = sArr[i13];
                    if (s10 < this.SYS_N) {
                        sArr2[i14] = s10;
                        i14++;
                    }
                    i13++;
                }
                if (i14 < i10) {
                    continue;
                }
            } else {
                byte[] bArr4 = new byte[this.SYS_T * 2];
                secureRandom.nextBytes(bArr4);
                for (int i15 = 0; i15 < this.SYS_T; i15++) {
                    sArr2[i15] = Utils.load_gf(bArr4, i15 * 2, this.GFMASK);
                }
            }
            boolean z10 = false;
            for (int i16 = 1; i16 < this.SYS_T && !z10; i16++) {
                int i17 = 0;
                while (true) {
                    if (i17 >= i16) {
                        break;
                    }
                    if (sArr2[i16] == sArr2[i17]) {
                        z10 = true;
                        break;
                    }
                    i17++;
                }
            }
            if (!z10) {
                break;
            }
        }
        for (int i18 = 0; i18 < this.SYS_T; i18++) {
            bArr2[i18] = (byte) (1 << (sArr2[i18] & 7));
        }
        for (short s11 = 0; s11 < this.SYS_N / 8; s11 = (short) (s11 + 1)) {
            bArr[s11] = 0;
            for (int i19 = 0; i19 < this.SYS_T; i19++) {
                bArr[s11] = (byte) ((((short) (same_mask32(s11, (short) (sArr2[i19] >> 3)) & 255)) & bArr2[i19]) | bArr[s11]);
            }
        }
    }

    private int generate_irr_poly(short[] sArr) {
        int i10;
        int i11 = this.SYS_T;
        int i12 = 2;
        short[][] sArr2 = (short[][]) Array.newInstance((Class<?>) Short.TYPE, i11 + 1, i11);
        sArr2[0][0] = 1;
        System.arraycopy(sArr, 0, sArr2[1], 0, this.SYS_T);
        int[] iArr = new int[(this.SYS_T * 2) - 1];
        while (true) {
            i10 = this.SYS_T;
            if (i12 >= i10) {
                break;
            }
            this.gf.gf_sqr_poly(i10, this.poly, sArr2[i12], sArr2[i12 >>> 1], iArr);
            this.gf.gf_mul_poly(this.SYS_T, this.poly, sArr2[i12 + 1], sArr2[i12], sArr, iArr);
            i12 += 2;
        }
        if (i12 == i10) {
            this.gf.gf_sqr_poly(i10, this.poly, sArr2[i12], sArr2[i12 >>> 1], iArr);
        }
        int i13 = 0;
        while (true) {
            int i14 = this.SYS_T;
            if (i13 >= i14) {
                System.arraycopy(sArr2[i14], 0, sArr, 0, i14);
                return 0;
            }
            int i15 = i13 + 1;
            for (int i16 = i15; i16 < this.SYS_T; i16++) {
                short gf_iszero = this.gf.gf_iszero(sArr2[i13][i13]);
                for (int i17 = i13; i17 < this.SYS_T + 1; i17++) {
                    short[] sArr3 = sArr2[i17];
                    sArr3[i13] = (short) (sArr3[i13] ^ ((short) (sArr3[i16] & gf_iszero)));
                }
            }
            short s10 = sArr2[i13][i13];
            if (s10 == 0) {
                return -1;
            }
            short gf_inv = this.gf.gf_inv(s10);
            for (int i18 = i13; i18 < this.SYS_T + 1; i18++) {
                short[] sArr4 = sArr2[i18];
                sArr4[i13] = this.gf.gf_mul(sArr4[i13], gf_inv);
            }
            for (int i19 = 0; i19 < this.SYS_T; i19++) {
                if (i19 != i13) {
                    short s11 = sArr2[i13][i19];
                    for (int i20 = i13; i20 <= this.SYS_T; i20++) {
                        short[] sArr5 = sArr2[i20];
                        sArr5[i19] = (short) (sArr5[i19] ^ this.gf.gf_mul(sArr5[i13], s11));
                    }
                }
            }
            i13 = i15;
        }
    }

    public static short get_q_short(int[] iArr, int i10) {
        int i11 = i10 / 2;
        return (short) (i10 % 2 == 0 ? iArr[i11] : (iArr[i11] & (-65536)) >> 16);
    }

    private static void layer(short[] sArr, byte[] bArr, int i10, int i11, int i12) {
        int i13 = 1 << i11;
        int i14 = 0;
        for (int i15 = 0; i15 < i12; i15 += i13 * 2) {
            for (int i16 = 0; i16 < i13; i16++) {
                int i17 = i15 + i16;
                short s10 = sArr[i17];
                int i18 = i17 + i13;
                int i19 = (sArr[i18] ^ s10) & (-((bArr[(i14 >> 3) + i10] >> (i14 & 7)) & 1));
                sArr[i17] = (short) (s10 ^ i19);
                sArr[i18] = (short) (sArr[i18] ^ i19);
                i14++;
            }
        }
    }

    private static int min(short s10, int i10) {
        return s10 < i10 ? s10 : i10;
    }

    private int mov_columns(byte[][] bArr, short[] sArr, long[] jArr) {
        byte[] bArr2;
        long load8;
        long[] jArr2 = new long[64];
        int i10 = 32;
        long[] jArr3 = new long[32];
        byte[] bArr3 = new byte[9];
        int i11 = this.PK_NROWS - 32;
        int i12 = i11 / 8;
        int i13 = i11 % 8;
        char c10 = 0;
        if (this.usePadding) {
            for (int i14 = 0; i14 < 32; i14++) {
                for (int i15 = 0; i15 < 9; i15++) {
                    bArr3[i15] = bArr[i11 + i14][i12 + i15];
                }
                int i16 = 0;
                while (i16 < 8) {
                    int i17 = i16 + 1;
                    bArr3[i16] = (byte) (((bArr3[i16] & GZIPHeader.OS_UNKNOWN) >> i13) | (bArr3[i17] << (8 - i13)));
                    i16 = i17;
                }
                jArr2[i14] = Utils.load8(bArr3, 0);
            }
        } else {
            for (int i18 = 0; i18 < 32; i18++) {
                jArr2[i18] = Utils.load8(bArr[i11 + i18], i12);
            }
        }
        long j10 = 0;
        jArr[0] = 0;
        int i19 = 0;
        while (i19 < 32) {
            long j11 = jArr2[i19];
            int i20 = i19 + 1;
            for (int i21 = i20; i21 < 32; i21++) {
                j11 |= jArr2[i21];
            }
            if (j11 == j10) {
                return -1;
            }
            int ctz = ctz(j11);
            long j12 = ctz;
            jArr3[i19] = j12;
            jArr[c10] = jArr[c10] | (1 << ((int) j12));
            for (int i22 = i20; i22 < 32; i22++) {
                long j13 = jArr2[i19];
                jArr2[i19] = j13 ^ (jArr2[i22] & (((j13 >> ctz) & 1) - 1));
            }
            int i23 = i20;
            while (i23 < 32) {
                long j14 = jArr2[i23];
                jArr2[i23] = j14 ^ (jArr2[i19] & (-((j14 >> ctz) & 1)));
                i23++;
                ctz = ctz;
                c10 = 0;
            }
            i19 = i20;
            j10 = 0;
        }
        int i24 = 0;
        while (i24 < 32) {
            int i25 = i24 + 1;
            int i26 = i25;
            while (i26 < 64) {
                long same_mask64 = same_mask64((short) i26, (short) jArr3[i24]) & (sArr[r12] ^ sArr[r17]);
                sArr[i11 + i24] = (short) (sArr[r12] ^ same_mask64);
                sArr[i11 + i26] = (short) (same_mask64 ^ sArr[r17]);
                i26++;
                bArr3 = bArr3;
            }
            i24 = i25;
        }
        byte[] bArr4 = bArr3;
        int i27 = 0;
        while (i27 < this.PK_NROWS) {
            if (this.usePadding) {
                for (int i28 = 0; i28 < 9; i28++) {
                    bArr4[i28] = bArr[i27][i12 + i28];
                }
                int i29 = 0;
                while (i29 < 8) {
                    int i30 = i29 + 1;
                    bArr4[i29] = (byte) (((bArr4[i29] & GZIPHeader.OS_UNKNOWN) >> i13) | (bArr4[i30] << (8 - i13)));
                    i29 = i30;
                }
                bArr2 = bArr4;
                load8 = Utils.load8(bArr2, 0);
            } else {
                bArr2 = bArr4;
                load8 = Utils.load8(bArr[i27], i12);
            }
            int i31 = 0;
            while (i31 < i10) {
                long j15 = jArr3[i31];
                long j16 = ((load8 >> i31) ^ (load8 >> ((int) j15))) & 1;
                load8 = (j16 << i31) ^ ((j16 << ((int) j15)) ^ load8);
                i31++;
                i10 = 32;
            }
            if (this.usePadding) {
                Utils.store8(bArr2, 0, load8);
                byte[] bArr5 = bArr[i27];
                int i32 = i12 + 8;
                int i33 = 8 - i13;
                bArr5[i32] = (byte) ((((bArr5[i32] & GZIPHeader.OS_UNKNOWN) >>> i13) << i13) | ((bArr2[7] & GZIPHeader.OS_UNKNOWN) >>> i33));
                bArr5[i12] = (byte) (((bArr2[0] & GZIPHeader.OS_UNKNOWN) << i13) | (((bArr5[i12] & GZIPHeader.OS_UNKNOWN) << i33) >>> i33));
                for (int i34 = 7; i34 >= 1; i34--) {
                    bArr[i27][i12 + i34] = (byte) (((bArr2[i34] & GZIPHeader.OS_UNKNOWN) << i13) | ((bArr2[i34 - 1] & GZIPHeader.OS_UNKNOWN) >>> i33));
                }
            } else {
                Utils.store8(bArr[i27], i12, load8);
            }
            i27++;
            bArr4 = bArr2;
            i10 = 32;
        }
        return 0;
    }

    private int pk_gen(byte[] bArr, byte[] bArr2, int[] iArr, short[] sArr, long[] jArr) {
        int i10;
        int i11;
        int i12 = this.SYS_T;
        short[] sArr2 = new short[i12 + 1];
        sArr2[i12] = 1;
        int i13 = 0;
        for (int i14 = 0; i14 < this.SYS_T; i14++) {
            sArr2[i14] = Utils.load_gf(bArr2, (i14 * 2) + 40, this.GFMASK);
        }
        int i15 = 1 << this.GFBITS;
        long[] jArr2 = new long[i15];
        for (int i16 = 0; i16 < (1 << this.GFBITS); i16++) {
            long j10 = iArr[i16];
            jArr2[i16] = j10;
            long j11 = j10 << 31;
            jArr2[i16] = j11;
            long j12 = j11 | i16;
            jArr2[i16] = j12;
            jArr2[i16] = j12 & Long.MAX_VALUE;
        }
        sort64(jArr2, 0, i15);
        for (int i17 = 1; i17 < (1 << this.GFBITS); i17++) {
            if ((jArr2[i17 - 1] >> 31) == (jArr2[i17] >> 31)) {
                return -1;
            }
        }
        short[] sArr3 = new short[this.SYS_N];
        for (int i18 = 0; i18 < (1 << this.GFBITS); i18++) {
            sArr[i18] = (short) (jArr2[i18] & this.GFMASK);
        }
        int i19 = 0;
        while (true) {
            i10 = this.SYS_N;
            if (i19 >= i10) {
                break;
            }
            sArr3[i19] = Utils.bitrev(sArr[i19], this.GFBITS);
            i19++;
        }
        short[] sArr4 = new short[i10];
        root(sArr4, sArr2, sArr3);
        int i20 = 0;
        while (true) {
            i11 = this.SYS_N;
            if (i20 >= i11) {
                break;
            }
            sArr4[i20] = this.gf.gf_inv(sArr4[i20]);
            i20++;
        }
        byte[][] bArr3 = (byte[][]) Array.newInstance((Class<?>) Byte.TYPE, this.PK_NROWS, i11 / 8);
        for (int i21 = 0; i21 < this.PK_NROWS; i21++) {
            for (int i22 = 0; i22 < this.SYS_N / 8; i22++) {
                bArr3[i21][i22] = 0;
            }
        }
        int i23 = 0;
        while (i23 < this.SYS_T) {
            for (int i24 = 0; i24 < this.SYS_N; i24 += 8) {
                int i25 = 0;
                while (true) {
                    int i26 = this.GFBITS;
                    if (i25 < i26) {
                        bArr3[(i26 * i23) + i25][i24 / 8] = (byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) ((sArr4[i24 + 7] >>> i25) & 1)) << 1)) | ((sArr4[i24 + 6] >>> i25) & 1))) << 1)) | ((sArr4[i24 + 5] >>> i25) & 1))) << 1)) | ((sArr4[i24 + 4] >>> i25) & 1))) << 1)) | ((sArr4[i24 + 3] >>> i25) & 1))) << 1)) | ((sArr4[i24 + 2] >>> i25) & 1))) << 1)) | ((sArr4[i24 + 1] >>> i25) & 1))) << 1)) | ((sArr4[i24] >>> i25) & 1));
                        i25++;
                    }
                }
            }
            for (int i27 = 0; i27 < this.SYS_N; i27++) {
                sArr4[i27] = this.gf.gf_mul(sArr4[i27], sArr3[i27]);
            }
            i23++;
        }
        int i28 = 0;
        while (true) {
            int i29 = this.PK_NROWS;
            if (i28 < i29) {
                i23 = i28 >>> 3;
                int i30 = i28 & 7;
                if (this.usePivots && i28 == i29 - 32) {
                    if (mov_columns(bArr3, sArr, jArr) != 0) {
                        return -1;
                    }
                }
                int i31 = i28 + 1;
                int i32 = i31;
                while (i32 < this.PK_NROWS) {
                    byte b10 = (byte) (-((byte) (((byte) (((byte) (bArr3[i28][i23] ^ bArr3[i32][i23])) >> i30)) & 1)));
                    for (int i33 = i13; i33 < this.SYS_N / 8; i33++) {
                        byte[] bArr4 = bArr3[i28];
                        bArr4[i33] = (byte) (bArr4[i33] ^ (bArr3[i32][i33] & b10));
                    }
                    i32++;
                    i13 = 0;
                }
                if (((bArr3[i28][i23] >> i30) & 1) == 0) {
                    return -1;
                }
                for (int i34 = 0; i34 < this.PK_NROWS; i34++) {
                    if (i34 != i28) {
                        byte b11 = (byte) (-((byte) (((byte) (bArr3[i34][i23] >> i30)) & 1)));
                        for (int i35 = 0; i35 < this.SYS_N / 8; i35++) {
                            byte[] bArr5 = bArr3[i34];
                            bArr5[i35] = (byte) (bArr5[i35] ^ (bArr3[i28][i35] & b11));
                        }
                    }
                }
                i28 = i31;
                i13 = 0;
            } else {
                if (bArr == null) {
                    return 0;
                }
                if (this.usePadding) {
                    int i36 = i29 % 8;
                    if (i36 == 0) {
                        System.arraycopy(bArr3[i23], (i29 - 1) / 8, bArr, 0, this.SYS_N / 8);
                        return 0;
                    }
                    int i37 = 0;
                    int i38 = 0;
                    while (true) {
                        int i39 = this.PK_NROWS;
                        if (i37 >= i39) {
                            return 0;
                        }
                        int i40 = (i39 - 1) / 8;
                        while (i40 < (this.SYS_N / 8) - 1) {
                            byte[] bArr6 = bArr3[i37];
                            int i41 = (bArr6[i40] & GZIPHeader.OS_UNKNOWN) >>> i36;
                            i40++;
                            bArr[i38] = (byte) ((bArr6[i40] << (8 - i36)) | i41);
                            i38++;
                        }
                        bArr[i38] = (byte) ((bArr3[i37][i40] & GZIPHeader.OS_UNKNOWN) >>> i36);
                        i37++;
                        i38++;
                    }
                } else {
                    int i42 = ((this.SYS_N - i29) + 7) / 8;
                    int i43 = 0;
                    while (true) {
                        int i44 = this.PK_NROWS;
                        if (i43 >= i44) {
                            return 0;
                        }
                        System.arraycopy(bArr3[i43], i44 / 8, bArr, i42 * i43, i42);
                        i43++;
                    }
                }
            }
        }
    }

    private void root(short[] sArr, short[] sArr2, short[] sArr3) {
        for (int i10 = 0; i10 < this.SYS_N; i10++) {
            sArr[i10] = eval(sArr2, sArr3[i10]);
        }
    }

    private static byte same_mask32(short s10, short s11) {
        return (byte) ((-(((s10 ^ s11) - 1) >>> 31)) & 255);
    }

    private static long same_mask64(short s10, short s11) {
        return -(((s10 ^ s11) - 1) >>> 63);
    }

    private static void sort32(int[] iArr, int i10, int i11) {
        int i12 = i11 - i10;
        if (i12 < 2) {
            return;
        }
        int i13 = 1;
        while (i13 < i12 - i13) {
            i13 += i13;
        }
        for (int i14 = i13; i14 > 0; i14 >>>= 1) {
            int i15 = 0;
            for (int i16 = 0; i16 < i12 - i14; i16++) {
                if ((i16 & i14) == 0) {
                    int i17 = i10 + i16;
                    int i18 = i17 + i14;
                    int i19 = iArr[i18];
                    int i20 = iArr[i17];
                    int i21 = i19 ^ i20;
                    int i22 = i19 - i20;
                    int i23 = ((((i19 ^ i22) & i21) ^ i22) >> 31) & i21;
                    iArr[i17] = i20 ^ i23;
                    iArr[i18] = iArr[i18] ^ i23;
                }
            }
            for (int i24 = i13; i24 > i14; i24 >>>= 1) {
                while (i15 < i12 - i24) {
                    if ((i15 & i14) == 0) {
                        int i25 = i10 + i15;
                        int i26 = i25 + i14;
                        int i27 = iArr[i26];
                        for (int i28 = i24; i28 > i14; i28 >>>= 1) {
                            int i29 = i25 + i28;
                            int i30 = iArr[i29];
                            int i31 = i30 ^ i27;
                            int i32 = i30 - i27;
                            int i33 = i31 & ((i32 ^ ((i32 ^ i30) & i31)) >> 31);
                            i27 ^= i33;
                            iArr[i29] = i30 ^ i33;
                        }
                        iArr[i26] = i27;
                    }
                    i15++;
                }
            }
        }
    }

    private static void sort64(long[] jArr, int i10, int i11) {
        int i12 = i11 - i10;
        if (i12 < 2) {
            return;
        }
        int i13 = 1;
        while (i13 < i12 - i13) {
            i13 += i13;
        }
        for (int i14 = i13; i14 > 0; i14 >>>= 1) {
            int i15 = 0;
            for (int i16 = 0; i16 < i12 - i14; i16++) {
                if ((i16 & i14) == 0) {
                    int i17 = i10 + i16;
                    int i18 = i17 + i14;
                    long j10 = jArr[i18];
                    long j11 = jArr[i17];
                    long j12 = (j10 ^ j11) & (-((j10 - j11) >>> 63));
                    jArr[i17] = j11 ^ j12;
                    jArr[i18] = jArr[i18] ^ j12;
                }
            }
            for (int i19 = i13; i19 > i14; i19 >>>= 1) {
                while (i15 < i12 - i19) {
                    if ((i15 & i14) == 0) {
                        int i20 = i10 + i15;
                        int i21 = i20 + i14;
                        long j13 = jArr[i21];
                        for (int i22 = i19; i22 > i14; i22 >>>= 1) {
                            int i23 = i20 + i22;
                            long j14 = jArr[i23];
                            long j15 = (-((j14 - j13) >>> 63)) & (j13 ^ j14);
                            j13 ^= j15;
                            jArr[i23] = j14 ^ j15;
                        }
                        jArr[i21] = j13;
                    }
                    i15++;
                }
            }
        }
    }

    private void synd(short[] sArr, short[] sArr2, short[] sArr3, byte[] bArr) {
        short s10 = (short) (bArr[0] & 1);
        short s11 = sArr3[0];
        short eval = eval(sArr2, s11);
        GF gf = this.gf;
        short gf_inv = (short) ((-s10) & gf.gf_inv(gf.gf_sq(eval)));
        sArr[0] = gf_inv;
        for (int i10 = 1; i10 < this.SYS_T * 2; i10++) {
            gf_inv = this.gf.gf_mul(gf_inv, s11);
            sArr[i10] = gf_inv;
        }
        for (int i11 = 1; i11 < this.SYS_N; i11++) {
            short s12 = (short) ((bArr[i11 / 8] >> (i11 % 8)) & 1);
            short s13 = sArr3[i11];
            short eval2 = eval(sArr2, s13);
            GF gf2 = this.gf;
            short gf_mul = this.gf.gf_mul(gf2.gf_inv(gf2.gf_sq(eval2)), s12);
            sArr[0] = (short) (sArr[0] ^ gf_mul);
            for (int i12 = 1; i12 < this.SYS_T * 2; i12++) {
                gf_mul = this.gf.gf_mul(gf_mul, s13);
                sArr[i12] = (short) (sArr[i12] ^ gf_mul);
            }
        }
    }

    private void syndrome(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        short[] sArr = new short[this.SYS_N / 8];
        int i10 = this.PK_NROWS % 8;
        for (int i11 = 0; i11 < this.SYND_BYTES; i11++) {
            bArr[i11] = 0;
        }
        int i12 = 0;
        for (int i13 = 0; i13 < this.PK_NROWS; i13++) {
            for (int i14 = 0; i14 < this.SYS_N / 8; i14++) {
                sArr[i14] = 0;
            }
            int i15 = 0;
            while (true) {
                int i16 = this.PK_ROW_BYTES;
                if (i15 >= i16) {
                    break;
                }
                sArr[((this.SYS_N / 8) - i16) + i15] = bArr2[i12 + i15];
                i15++;
            }
            if (this.usePadding) {
                for (int i17 = (this.SYS_N / 8) - 1; i17 >= (this.SYS_N / 8) - this.PK_ROW_BYTES; i17--) {
                    sArr[i17] = (short) ((((sArr[i17] & 255) << i10) | ((sArr[i17 - 1] & 255) >>> (8 - i10))) & 255);
                }
            }
            int i18 = i13 / 8;
            int i19 = i13 % 8;
            sArr[i18] = (short) (sArr[i18] | (1 << i19));
            byte b10 = 0;
            for (int i20 = 0; i20 < this.SYS_N / 8; i20++) {
                b10 = (byte) (b10 ^ (sArr[i20] & bArr3[i20]));
            }
            byte b11 = (byte) ((b10 >>> 4) ^ b10);
            byte b12 = (byte) (b11 ^ (b11 >>> 2));
            bArr[i18] = (byte) ((((byte) (1 & ((byte) (b12 ^ (b12 >>> 1))))) << i19) | bArr[i18]);
            i12 += this.PK_ROW_BYTES;
        }
    }

    public int check_c_padding(byte[] bArr) {
        return ((byte) ((((byte) (((byte) ((bArr[this.SYND_BYTES - 1] & GZIPHeader.OS_UNKNOWN) >>> (this.PK_NROWS % 8))) - 1)) & GZIPHeader.OS_UNKNOWN) >>> 7)) - 1;
    }

    public int check_pk_padding(byte[] bArr) {
        byte b10 = 0;
        for (int i10 = 0; i10 < this.PK_NROWS; i10++) {
            int i11 = this.PK_ROW_BYTES;
            b10 = (byte) (b10 | bArr[((i10 * i11) + i11) - 1]);
        }
        return ((byte) ((((byte) (((byte) ((b10 & GZIPHeader.OS_UNKNOWN) >>> (this.PK_NCOLS % 8))) - 1)) & GZIPHeader.OS_UNKNOWN) >>> 7)) - 1;
    }

    public byte[] decompress_private_key(byte[] bArr) {
        int i10;
        byte[] bArr2 = new byte[getPrivateKeySize()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        int i11 = ((1 << this.GFBITS) * 4) + (this.SYS_N / 8) + this.IRR_BYTES;
        int i12 = i11 + 32;
        byte[] bArr3 = new byte[i12];
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i12);
        if (bArr.length <= 40) {
            short[] sArr = new short[this.SYS_T];
            int i13 = this.IRR_BYTES;
            byte[] bArr4 = new byte[i13];
            int i14 = i11 - i13;
            for (int i15 = 0; i15 < this.SYS_T; i15++) {
                sArr[i15] = Utils.load_gf(bArr3, (i15 * 2) + i14, this.GFMASK);
            }
            generate_irr_poly(sArr);
            for (int i16 = 0; i16 < this.SYS_T; i16++) {
                Utils.store_gf(bArr4, i16 * 2, sArr[i16]);
            }
            System.arraycopy(bArr4, 0, bArr2, 40, this.IRR_BYTES);
        }
        int length = bArr.length;
        int i17 = this.IRR_BYTES;
        if (length <= i17 + 40) {
            int i18 = this.GFBITS;
            int[] iArr = new int[1 << i18];
            short[] sArr2 = new short[1 << i18];
            int i19 = (i11 - i17) - ((1 << i18) * 4);
            int i20 = 0;
            while (true) {
                i10 = this.GFBITS;
                if (i20 >= (1 << i10)) {
                    break;
                }
                iArr[i20] = Utils.load4(bArr3, (i20 * 4) + i19);
                i20++;
            }
            if (this.usePivots) {
                pk_gen(null, bArr2, iArr, sArr2, new long[]{0});
            } else {
                int i21 = 1 << i10;
                long[] jArr = new long[i21];
                for (int i22 = 0; i22 < (1 << this.GFBITS); i22++) {
                    long j10 = iArr[i22];
                    jArr[i22] = j10;
                    long j11 = j10 << 31;
                    jArr[i22] = j11;
                    long j12 = j11 | i22;
                    jArr[i22] = j12;
                    jArr[i22] = j12 & Long.MAX_VALUE;
                }
                sort64(jArr, 0, i21);
                for (int i23 = 0; i23 < (1 << this.GFBITS); i23++) {
                    sArr2[i23] = (short) (jArr[i23] & this.GFMASK);
                }
            }
            int i24 = this.COND_BYTES;
            byte[] bArr5 = new byte[i24];
            controlbitsfrompermutation(bArr5, sArr2, this.GFBITS, 1 << r2);
            System.arraycopy(bArr5, 0, bArr2, this.IRR_BYTES + 40, i24);
        }
        int privateKeySize = getPrivateKeySize();
        int i25 = this.SYS_N;
        System.arraycopy(bArr3, 0, bArr2, privateKeySize - (i25 / 8), i25 / 8);
        return bArr2;
    }

    public byte[] generate_public_key_from_private_key(byte[] bArr) {
        byte[] bArr2 = new byte[getPublicKeySize()];
        int i10 = this.GFBITS;
        short[] sArr = new short[1 << i10];
        long[] jArr = {0};
        int[] iArr = new int[1 << i10];
        int i11 = ((1 << i10) * 4) + (this.SYS_N / 8);
        byte[] bArr3 = new byte[i11];
        int i12 = ((i11 - 32) - this.IRR_BYTES) - ((1 << i10) * 4);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i11);
        for (int i13 = 0; i13 < (1 << this.GFBITS); i13++) {
            iArr[i13] = Utils.load4(bArr3, (i13 * 4) + i12);
        }
        pk_gen(bArr2, bArr, iArr, sArr, jArr);
        return bArr2;
    }

    public int getCipherTextSize() {
        return this.SYND_BYTES;
    }

    public int getCondBytes() {
        return this.COND_BYTES;
    }

    public int getDefaultSessionKeySize() {
        return this.defaultKeySize;
    }

    public int getIrrBytes() {
        return this.IRR_BYTES;
    }

    public int getPrivateKeySize() {
        return (this.SYS_N / 8) + this.COND_BYTES + this.IRR_BYTES + 40;
    }

    public int getPublicKeySize() {
        if (!this.usePadding) {
            return (this.PK_NROWS * this.PK_NCOLS) / 8;
        }
        int i10 = this.PK_NROWS;
        return ((this.SYS_N / 8) - ((i10 - 1) / 8)) * i10;
    }

    public int kem_dec(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i10 = this.SYS_N;
        byte[] bArr4 = new byte[i10 / 8];
        int i11 = (i10 / 8) + 1 + this.SYND_BYTES;
        byte[] bArr5 = new byte[i11];
        int check_c_padding = this.usePadding ? check_c_padding(bArr2) : 0;
        short decrypt = (short) (((short) (((short) (((byte) decrypt(bArr4, bArr3, bArr2)) - 1)) >> 8)) & 255);
        bArr5[0] = (byte) (decrypt & 1);
        int i12 = 0;
        while (i12 < this.SYS_N / 8) {
            int i13 = i12 + 1;
            bArr5[i13] = (byte) ((bArr4[i12] & decrypt) | ((~decrypt) & bArr3[i12 + 40 + this.IRR_BYTES + this.COND_BYTES]));
            i12 = i13;
        }
        for (int i14 = 0; i14 < this.SYND_BYTES; i14++) {
            bArr5[(this.SYS_N / 8) + 1 + i14] = bArr2[i14];
        }
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update(bArr5, 0, i11);
        sHAKEDigest.doFinal(bArr, 0, bArr.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b10 = (byte) check_c_padding;
        for (int i15 = 0; i15 < bArr.length; i15++) {
            bArr[i15] = (byte) (bArr[i15] | b10);
        }
        return check_c_padding;
    }

    public int kem_enc(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        int i10 = this.SYS_N / 8;
        byte[] bArr4 = new byte[i10];
        int check_pk_padding = this.usePadding ? check_pk_padding(bArr3) : 0;
        encrypt(bArr, bArr3, bArr4, secureRandom);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 1);
        sHAKEDigest.update(bArr4, 0, i10);
        sHAKEDigest.update(bArr, 0, bArr.length);
        sHAKEDigest.doFinal(bArr2, 0, bArr2.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b10 = (byte) (((byte) check_pk_padding) ^ GZIPHeader.OS_UNKNOWN);
        for (int i11 = 0; i11 < this.SYND_BYTES; i11++) {
            bArr[i11] = (byte) (bArr[i11] & b10);
        }
        for (int i12 = 0; i12 < 32; i12++) {
            bArr2[i12] = (byte) (bArr2[i12] & b10);
        }
        return check_pk_padding;
    }

    public void kem_keypair(byte[] bArr, byte[] bArr2, SecureRandom secureRandom) {
        int i10;
        int i11;
        short[] sArr;
        byte[] bArr3;
        SHAKEDigest sHAKEDigest;
        int i12;
        long j10;
        int i13 = 32;
        byte[] bArr4 = new byte[32];
        int i14 = 0;
        byte[] bArr5 = {64};
        secureRandom.nextBytes(bArr4);
        int i15 = (this.SYS_T * 2) + ((1 << this.GFBITS) * 4) + (this.SYS_N / 8);
        int i16 = i15 + 32;
        byte[] bArr6 = new byte[i16];
        long[] jArr = {0};
        SHAKEDigest sHAKEDigest2 = new SHAKEDigest(256);
        byte[] bArr7 = bArr4;
        while (true) {
            sHAKEDigest2.update(bArr5, i14, 1);
            sHAKEDigest2.update(bArr4, i14, bArr4.length);
            sHAKEDigest2.doFinal(bArr6, i14, i16);
            byte[] copyOfRange = Arrays.copyOfRange(bArr6, i15, i15 + 32);
            System.arraycopy(bArr7, i14, bArr2, i14, i13);
            byte[] copyOfRange2 = Arrays.copyOfRange(copyOfRange, i14, i13);
            int i17 = this.SYS_T;
            short[] sArr2 = new short[i17];
            int i18 = i15 - (i17 * 2);
            for (int i19 = i14; i19 < this.SYS_T; i19++) {
                sArr2[i19] = Utils.load_gf(bArr6, (i19 * 2) + i18, this.GFMASK);
            }
            if (generate_irr_poly(sArr2) != -1) {
                for (int i20 = i14; i20 < this.SYS_T; i20++) {
                    Utils.store_gf(bArr2, (i20 * 2) + 40, sArr2[i20]);
                }
                int i21 = this.GFBITS;
                int[] iArr = new int[1 << i21];
                i10 = i18 - ((1 << i21) * 4);
                int i22 = 0;
                while (true) {
                    i11 = this.GFBITS;
                    if (i22 >= (1 << i11)) {
                        break;
                    }
                    iArr[i22] = Utils.load4(bArr6, (i22 * 4) + i10);
                    i22++;
                }
                sArr = new short[1 << i11];
                bArr3 = copyOfRange;
                sHAKEDigest = sHAKEDigest2;
                if (pk_gen(bArr, bArr2, iArr, sArr, jArr) != -1) {
                    break;
                }
            } else {
                bArr3 = copyOfRange;
                sHAKEDigest = sHAKEDigest2;
            }
            bArr7 = copyOfRange2;
            bArr4 = bArr3;
            sHAKEDigest2 = sHAKEDigest;
            i13 = 32;
            i14 = 0;
        }
        int i23 = this.COND_BYTES;
        byte[] bArr8 = new byte[i23];
        controlbitsfrompermutation(bArr8, sArr, this.GFBITS, 1 << r2);
        System.arraycopy(bArr8, 0, bArr2, this.IRR_BYTES + 40, i23);
        int i24 = this.SYS_N;
        System.arraycopy(bArr6, i10 - (i24 / 8), bArr2, bArr2.length - (i24 / 8), i24 / 8);
        if (this.usePivots) {
            i12 = 32;
            j10 = jArr[0];
        } else {
            j10 = 4294967295L;
            i12 = 32;
        }
        Utils.store8(bArr2, i12, j10);
    }
}
