package org.bouncycastle.pqc.crypto.sike;

import java.security.SecureRandom;
import org.bouncycastle.crypto.digests.SHAKEDigest;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:brooklyn-jmxmp-agent-shaded-1.2.0-cloudsoft-amp-7.3.0-m1-beta4.jar:org/bouncycastle/pqc/crypto/sike/SIKEEngine.class */
public class SIKEEngine {
    protected Internal params;
    protected Isogeny isogeny;
    protected Fpx fpx;
    private SIDH sidh;
    private SIDH_Compressed sidhCompressed;
    private boolean isCompressed;

    public int getDefaultSessionKeySize() {
        return this.params.MSG_BYTES * 8;
    }

    public int getCipherTextSize() {
        return this.params.CRYPTO_CIPHERTEXTBYTES;
    }

    public int getPrivateKeySize() {
        return this.params.CRYPTO_SECRETKEYBYTES;
    }

    public int getPublicKeySize() {
        return this.params.CRYPTO_PUBLICKEYBYTES;
    }

    public SIKEEngine(int i, boolean z) {
        this.isCompressed = z;
        switch (i) {
            case 434:
                this.params = new P434(z);
                break;
            case 503:
                this.params = new P503(z);
                break;
            case 610:
                this.params = new P610(z);
                break;
            case 751:
                this.params = new P751(z);
                break;
        }
        this.fpx = new Fpx(this);
        this.isogeny = new Isogeny(this);
        if (z) {
            this.sidhCompressed = new SIDH_Compressed(this);
        }
        this.sidh = new SIDH(this);
    }

    public int crypto_kem_keypair(byte[] bArr, byte[] bArr2, SecureRandom secureRandom) {
        byte[] bArr3 = new byte[this.params.MSG_BYTES];
        secureRandom.nextBytes(bArr3);
        if (!this.isCompressed) {
            byte[] bArr4 = new byte[this.params.SECRETKEY_B_BYTES];
            secureRandom.nextBytes(bArr4);
            int i = this.params.SECRETKEY_B_BYTES - 1;
            bArr4[i] = (byte) (bArr4[i] & this.params.MASK_BOB);
            System.arraycopy(bArr3, 0, bArr2, 0, this.params.MSG_BYTES);
            System.arraycopy(bArr4, 0, bArr2, this.params.MSG_BYTES, this.params.SECRETKEY_B_BYTES);
            this.sidh.EphemeralKeyGeneration_B(bArr2, bArr);
            System.arraycopy(bArr, 0, bArr2, this.params.MSG_BYTES + this.params.SECRETKEY_B_BYTES, this.params.CRYPTO_PUBLICKEYBYTES);
            return 0;
        }
        byte[] bArr5 = new byte[this.params.SECRETKEY_A_BYTES];
        secureRandom.nextBytes(bArr5);
        bArr5[0] = (byte) (bArr5[0] & 254);
        int i2 = this.params.SECRETKEY_A_BYTES - 1;
        bArr5[i2] = (byte) (bArr5[i2] & this.params.MASK_ALICE);
        System.arraycopy(bArr3, 0, bArr2, 0, this.params.MSG_BYTES);
        System.arraycopy(bArr5, 0, bArr2, this.params.MSG_BYTES, this.params.SECRETKEY_A_BYTES);
        this.sidhCompressed.EphemeralKeyGeneration_A_extended(bArr2, bArr);
        System.arraycopy(bArr, 0, bArr2, this.params.MSG_BYTES + this.params.SECRETKEY_A_BYTES, this.params.CRYPTO_PUBLICKEYBYTES);
        return 0;
    }

    public int crypto_kem_enc(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        if (this.isCompressed) {
            byte[] bArr4 = new byte[this.params.SECRETKEY_B_BYTES];
            byte[] bArr5 = new byte[this.params.FP2_ENCODED_BYTES];
            byte[] bArr6 = new byte[this.params.MSG_BYTES];
            byte[] bArr7 = new byte[this.params.CRYPTO_CIPHERTEXTBYTES + this.params.MSG_BYTES];
            byte[] bArr8 = new byte[this.params.MSG_BYTES];
            secureRandom.nextBytes(bArr8);
            System.arraycopy(bArr8, 0, bArr7, 0, this.params.MSG_BYTES);
            System.arraycopy(bArr3, 0, bArr7, this.params.MSG_BYTES, this.params.CRYPTO_PUBLICKEYBYTES);
            SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
            sHAKEDigest.update(bArr7, 0, this.params.CRYPTO_PUBLICKEYBYTES + this.params.MSG_BYTES);
            sHAKEDigest.doFinal(bArr4, 0, this.params.SECRETKEY_B_BYTES);
            this.sidhCompressed.FormatPrivKey_B(bArr4);
            this.sidhCompressed.EphemeralKeyGeneration_B_extended(bArr4, bArr, 1);
            this.sidhCompressed.EphemeralSecretAgreement_B(bArr4, bArr3, bArr5);
            sHAKEDigest.update(bArr5, 0, this.params.FP2_ENCODED_BYTES);
            sHAKEDigest.doFinal(bArr6, 0, this.params.MSG_BYTES);
            for (int i = 0; i < this.params.MSG_BYTES; i++) {
                bArr[i + this.params.PARTIALLY_COMPRESSED_CHUNK_CT] = (byte) (bArr7[i] ^ bArr6[i]);
            }
            System.arraycopy(bArr, 0, bArr7, this.params.MSG_BYTES, this.params.CRYPTO_CIPHERTEXTBYTES);
            sHAKEDigest.update(bArr7, 0, this.params.CRYPTO_CIPHERTEXTBYTES + this.params.MSG_BYTES);
            sHAKEDigest.doFinal(bArr2, 0, this.params.CRYPTO_BYTES);
            return 0;
        }
        byte[] bArr9 = new byte[this.params.SECRETKEY_A_BYTES];
        byte[] bArr10 = new byte[this.params.FP2_ENCODED_BYTES];
        byte[] bArr11 = new byte[this.params.MSG_BYTES];
        byte[] bArr12 = new byte[this.params.CRYPTO_CIPHERTEXTBYTES + this.params.MSG_BYTES];
        byte[] bArr13 = new byte[this.params.MSG_BYTES];
        secureRandom.nextBytes(bArr13);
        System.arraycopy(bArr13, 0, bArr12, 0, this.params.MSG_BYTES);
        System.arraycopy(bArr3, 0, bArr12, this.params.MSG_BYTES, this.params.CRYPTO_PUBLICKEYBYTES);
        SHAKEDigest sHAKEDigest2 = new SHAKEDigest(256);
        sHAKEDigest2.update(bArr12, 0, this.params.CRYPTO_PUBLICKEYBYTES + this.params.MSG_BYTES);
        sHAKEDigest2.doFinal(bArr9, 0, this.params.SECRETKEY_A_BYTES);
        int i2 = this.params.SECRETKEY_A_BYTES - 1;
        bArr9[i2] = (byte) (bArr9[i2] & this.params.MASK_ALICE);
        this.sidh.EphemeralKeyGeneration_A(bArr9, bArr);
        this.sidh.EphemeralSecretAgreement_A(bArr9, bArr3, bArr10);
        sHAKEDigest2.update(bArr10, 0, this.params.FP2_ENCODED_BYTES);
        sHAKEDigest2.doFinal(bArr11, 0, this.params.MSG_BYTES);
        for (int i3 = 0; i3 < this.params.MSG_BYTES; i3++) {
            bArr[i3 + this.params.CRYPTO_PUBLICKEYBYTES] = (byte) (bArr12[i3] ^ bArr11[i3]);
        }
        System.arraycopy(bArr, 0, bArr12, this.params.MSG_BYTES, this.params.CRYPTO_CIPHERTEXTBYTES);
        sHAKEDigest2.update(bArr12, 0, this.params.CRYPTO_CIPHERTEXTBYTES + this.params.MSG_BYTES);
        sHAKEDigest2.doFinal(bArr2, 0, this.params.CRYPTO_BYTES);
        return 0;
    }

    public int crypto_kem_dec(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (this.isCompressed) {
            byte[] bArr4 = new byte[this.params.SECRETKEY_B_BYTES];
            byte[] bArr5 = new byte[this.params.FP2_ENCODED_BYTES + (2 * this.params.FP2_ENCODED_BYTES) + this.params.SECRETKEY_A_BYTES];
            byte[] bArr6 = new byte[this.params.MSG_BYTES];
            byte[] bArr7 = new byte[this.params.CRYPTO_CIPHERTEXTBYTES + this.params.MSG_BYTES];
            this.sidhCompressed.EphemeralSecretAgreement_A_extended(bArr3, this.params.MSG_BYTES, bArr2, bArr5, 1);
            SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
            sHAKEDigest.update(bArr5, 0, this.params.FP2_ENCODED_BYTES);
            sHAKEDigest.doFinal(bArr6, 0, this.params.MSG_BYTES);
            for (int i = 0; i < this.params.MSG_BYTES; i++) {
                bArr7[i] = (byte) (bArr2[i + this.params.PARTIALLY_COMPRESSED_CHUNK_CT] ^ bArr6[i]);
            }
            System.arraycopy(bArr3, this.params.MSG_BYTES + this.params.SECRETKEY_A_BYTES, bArr7, this.params.MSG_BYTES, this.params.CRYPTO_PUBLICKEYBYTES);
            sHAKEDigest.update(bArr7, 0, this.params.CRYPTO_PUBLICKEYBYTES + this.params.MSG_BYTES);
            sHAKEDigest.doFinal(bArr4, 0, this.params.SECRETKEY_B_BYTES);
            this.sidhCompressed.FormatPrivKey_B(bArr4);
            this.fpx.ct_cmov(bArr7, bArr3, this.params.MSG_BYTES, this.sidhCompressed.validate_ciphertext(bArr4, bArr2, bArr3, this.params.MSG_BYTES + this.params.SECRETKEY_A_BYTES + this.params.CRYPTO_PUBLICKEYBYTES, bArr5, this.params.FP2_ENCODED_BYTES));
            System.arraycopy(bArr2, 0, bArr7, this.params.MSG_BYTES, this.params.CRYPTO_CIPHERTEXTBYTES);
            sHAKEDigest.update(bArr7, 0, this.params.CRYPTO_CIPHERTEXTBYTES + this.params.MSG_BYTES);
            sHAKEDigest.doFinal(bArr, 0, this.params.CRYPTO_BYTES);
            return 0;
        }
        byte[] bArr8 = new byte[this.params.SECRETKEY_A_BYTES];
        byte[] bArr9 = new byte[this.params.FP2_ENCODED_BYTES];
        byte[] bArr10 = new byte[this.params.MSG_BYTES];
        byte[] bArr11 = new byte[this.params.CRYPTO_PUBLICKEYBYTES];
        byte[] bArr12 = new byte[this.params.CRYPTO_CIPHERTEXTBYTES + this.params.MSG_BYTES];
        this.sidh.EphemeralSecretAgreement_B(bArr3, bArr2, bArr9);
        SHAKEDigest sHAKEDigest2 = new SHAKEDigest(256);
        sHAKEDigest2.update(bArr9, 0, this.params.FP2_ENCODED_BYTES);
        sHAKEDigest2.doFinal(bArr10, 0, this.params.MSG_BYTES);
        for (int i2 = 0; i2 < this.params.MSG_BYTES; i2++) {
            bArr12[i2] = (byte) (bArr2[i2 + this.params.CRYPTO_PUBLICKEYBYTES] ^ bArr10[i2]);
        }
        System.arraycopy(bArr3, this.params.MSG_BYTES + this.params.SECRETKEY_B_BYTES, bArr12, this.params.MSG_BYTES, this.params.CRYPTO_PUBLICKEYBYTES);
        sHAKEDigest2.update(bArr12, 0, this.params.CRYPTO_PUBLICKEYBYTES + this.params.MSG_BYTES);
        sHAKEDigest2.doFinal(bArr8, 0, this.params.SECRETKEY_A_BYTES);
        int i3 = this.params.SECRETKEY_A_BYTES - 1;
        bArr8[i3] = (byte) (bArr8[i3] & this.params.MASK_ALICE);
        this.sidh.EphemeralKeyGeneration_A(bArr8, bArr11);
        this.fpx.ct_cmov(bArr12, bArr3, this.params.MSG_BYTES, this.fpx.ct_compare(bArr11, bArr2, this.params.CRYPTO_PUBLICKEYBYTES));
        System.arraycopy(bArr2, 0, bArr12, this.params.MSG_BYTES, this.params.CRYPTO_CIPHERTEXTBYTES);
        sHAKEDigest2.update(bArr12, 0, this.params.CRYPTO_CIPHERTEXTBYTES + this.params.MSG_BYTES);
        sHAKEDigest2.doFinal(bArr, 0, this.params.CRYPTO_BYTES);
        return 0;
    }
}
