package org.bouncycastle.pqc.crypto.cmce;

import a.a;
import java.lang.reflect.Array;
import java.security.SecureRandom;
import org.apache.sshd.agent.SshAgentConstants;
import org.bouncycastle.crypto.digests.SHAKEDigest;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class CMCEEngine {
    private int COND_BYTES;
    private int GFBITS;
    private int GFMASK;
    private int IRR_BYTES;
    private int PK_NCOLS;
    private int PK_NROWS;
    private int PK_ROW_BYTES;
    private int SYND_BYTES;
    private int SYS_N;
    private int SYS_T;
    private BENES benes;
    private boolean countErrorIndices;
    private final int defaultKeySize;
    private GF gf;
    private int[] poly;
    private boolean usePadding;
    private boolean usePivots;

    public CMCEEngine(int i5, int i6, int i7, int[] iArr, boolean z5, int i8) {
        BENES benes13;
        this.usePivots = z5;
        this.SYS_N = i6;
        this.SYS_T = i7;
        this.GFBITS = i5;
        this.poly = iArr;
        this.defaultKeySize = i8;
        this.IRR_BYTES = i7 * 2;
        this.COND_BYTES = ((i5 * 2) - 1) * (1 << (i5 - 4));
        int i9 = i7 * i5;
        this.PK_NROWS = i9;
        int i10 = i6 - i9;
        this.PK_NCOLS = i10;
        this.PK_ROW_BYTES = (i10 + 7) / 8;
        this.SYND_BYTES = (i9 + 7) / 8;
        this.GFMASK = (1 << i5) - 1;
        if (i5 == 12) {
            this.gf = new GF12();
            benes13 = new BENES12(this.SYS_N, this.SYS_T, this.GFBITS);
        } else {
            this.gf = new GF13();
            benes13 = new BENES13(this.SYS_N, this.SYS_T, this.GFBITS);
        }
        this.benes = benes13;
        this.usePadding = this.SYS_T % 8 != 0;
        this.countErrorIndices = (1 << this.GFBITS) > this.SYS_N;
    }

    private void bm(short[] sArr, short[] sArr2) {
        int i5;
        int i6 = this.SYS_T;
        short[] sArr3 = new short[i6 + 1];
        short[] sArr4 = new short[i6 + 1];
        short s5 = 1;
        short[] sArr5 = new short[i6 + 1];
        int i7 = 0;
        for (int i8 = 0; i8 < this.SYS_T + 1; i8++) {
            sArr5[i8] = 0;
            sArr4[i8] = 0;
        }
        sArr4[0] = 1;
        sArr5[1] = 1;
        short s6 = 1;
        short s7 = 0;
        short s8 = 0;
        while (s7 < this.SYS_T * 2) {
            int i9 = 0;
            for (int i10 = 0; i10 <= min(s7, this.SYS_T); i10++) {
                i9 ^= this.gf.gf_mul_ext(sArr4[i10], sArr2[s7 - i10]);
            }
            short gf_reduce = this.gf.gf_reduce(i9);
            short s9 = (short) (((short) (((short) (((short) (gf_reduce - 1)) >> 15)) & s5)) - s5);
            short s10 = (short) (((short) (((short) (((short) (((short) (s7 - (s8 * 2))) >> 15)) & s5)) - s5)) & s9);
            for (int i11 = 0; i11 <= this.SYS_T; i11++) {
                sArr3[i11] = sArr4[i11];
            }
            short gf_frac = this.gf.gf_frac(s6, gf_reduce);
            int i12 = 0;
            while (true) {
                i5 = this.SYS_T;
                if (i12 > i5) {
                    break;
                }
                sArr4[i12] = (short) ((this.gf.gf_mul(gf_frac, sArr5[i12]) & s9) ^ sArr4[i12]);
                i12++;
            }
            int i13 = ~s10;
            int i14 = s7 + 1;
            s8 = (short) (((i14 - s8) & s10) | (s8 & i13));
            for (int i15 = i5 - 1; i15 >= 0; i15--) {
                sArr5[i15 + 1] = (short) ((sArr5[i15] & i13) | (sArr3[i15] & s10));
            }
            sArr5[0] = 0;
            s6 = (short) ((i13 & s6) | (gf_reduce & s10));
            s7 = (short) i14;
            s5 = 1;
        }
        while (true) {
            int i16 = this.SYS_T;
            if (i7 > i16) {
                return;
            }
            sArr[i7] = sArr4[i16 - i7];
            i7++;
        }
    }

    public static void cbrecursion(byte[] bArr, long j6, long j7, short[] sArr, int i5, long j8, long j9, int[] iArr) {
        long j10;
        long j11 = j9;
        if (j8 == 1) {
            int i6 = (int) (j6 >> 3);
            bArr[i6] = (byte) ((get_q_short(iArr, i5) << ((int) (j6 & 7))) ^ bArr[i6]);
            return;
        }
        if (sArr != null) {
            for (long j12 = 0; j12 < j11; j12++) {
                int i7 = (int) j12;
                iArr[i7] = sArr[(int) (j12 ^ 1)] | ((sArr[i7] ^ 1) << 16);
            }
        } else {
            for (long j13 = 0; j13 < j11; j13++) {
                long j14 = i5;
                iArr[(int) j13] = ((get_q_short(iArr, (int) (j14 + j13)) ^ 1) << 16) | get_q_short(iArr, (int) (j14 + (j13 ^ 1)));
            }
        }
        int i8 = (int) j11;
        sort32(iArr, 0, i8);
        for (long j15 = 0; j15 < j11; j15++) {
            int i9 = (int) j15;
            int i10 = 65535 & iArr[i9];
            if (j15 >= i10) {
                i9 = i10;
            }
            iArr[(int) (j11 + j15)] = i9 | (i10 << 16);
        }
        for (long j16 = 0; j16 < j11; j16++) {
            iArr[(int) j16] = (int) ((iArr[r7] << 16) | j16);
        }
        sort32(iArr, 0, i8);
        for (long j17 = 0; j17 < j11; j17++) {
            int i11 = (int) j17;
            iArr[i11] = (iArr[i11] << 16) + (iArr[(int) (j11 + j17)] >> 16);
        }
        sort32(iArr, 0, i8);
        if (j8 <= 10) {
            for (long j18 = 0; j18 < j11; j18++) {
                int i12 = (int) (j11 + j18);
                iArr[i12] = ((iArr[(int) j18] & 65535) << 10) | (iArr[i12] & 1023);
            }
            long j19 = 1;
            for (long j20 = 1; j19 < j8 - j20; j20 = 1) {
                long j21 = 0;
                while (j21 < j11) {
                    iArr[(int) j21] = (int) (((iArr[(int) (j11 + j21)] & (-1024)) << 6) | j21);
                    j21++;
                    j19 = j19;
                }
                long j22 = j19;
                sort32(iArr, 0, i8);
                for (long j23 = 0; j23 < j11; j23++) {
                    int i13 = (int) j23;
                    iArr[i13] = (iArr[i13] << 20) | iArr[(int) (j11 + j23)];
                }
                sort32(iArr, 0, i8);
                for (long j24 = 0; j24 < j11; j24++) {
                    int i14 = iArr[(int) j24];
                    int i15 = 1048575 & i14;
                    int i16 = (int) (j11 + j24);
                    int i17 = (i14 & 1047552) | (iArr[i16] & 1023);
                    if (i15 >= i17) {
                        i15 = i17;
                    }
                    iArr[i16] = i15;
                }
                j19 = j22 + 1;
            }
            for (long j25 = 0; j25 < j11; j25++) {
                int i18 = (int) (j11 + j25);
                iArr[i18] = iArr[i18] & 1023;
            }
        } else {
            for (long j26 = 0; j26 < j11; j26++) {
                int i19 = (int) (j11 + j26);
                iArr[i19] = (iArr[(int) j26] << 16) | (iArr[i19] & 65535);
            }
            long j27 = 1;
            for (long j28 = 1; j27 < j8 - j28; j28 = 1) {
                for (long j29 = 0; j29 < j11; j29++) {
                    iArr[(int) j29] = (int) ((iArr[(int) (j11 + j29)] & (-65536)) | j29);
                }
                sort32(iArr, 0, i8);
                for (long j30 = 0; j30 < j11; j30++) {
                    int i20 = (int) j30;
                    iArr[i20] = (iArr[i20] << 16) | (iArr[(int) (j11 + j30)] & 65535);
                }
                if (j27 < j8 - 2) {
                    for (long j31 = 0; j31 < j11; j31++) {
                        int i21 = (int) (j11 + j31);
                        iArr[i21] = (iArr[(int) j31] & (-65536)) | (iArr[i21] >> 16);
                    }
                    sort32(iArr, i8, (int) (j11 * 2));
                    for (long j32 = 0; j32 < j11; j32++) {
                        int i22 = (int) (j11 + j32);
                        iArr[i22] = (iArr[i22] << 16) | (iArr[(int) j32] & 65535);
                    }
                }
                sort32(iArr, 0, i8);
                for (long j33 = 0; j33 < j11; j33++) {
                    int i23 = (int) (j11 + j33);
                    int i24 = iArr[i23];
                    int i25 = (i24 & (-65536)) | (iArr[(int) j33] & 65535);
                    if (i25 < i24) {
                        iArr[i23] = i25;
                    }
                }
                j27++;
            }
            for (long j34 = 0; j34 < j11; j34++) {
                int i26 = (int) (j11 + j34);
                iArr[i26] = iArr[i26] & 65535;
            }
        }
        long j35 = 0;
        if (sArr != null) {
            while (j35 < j11) {
                iArr[(int) j35] = (int) ((sArr[r0] << 16) + j35);
                j35++;
            }
        } else {
            while (j35 < j11) {
                iArr[(int) j35] = (int) ((get_q_short(iArr, (int) (i5 + j35)) << 16) + j35);
                j35++;
            }
        }
        sort32(iArr, 0, i8);
        long j36 = j6;
        long j37 = 2;
        long j38 = 0;
        while (true) {
            j10 = j11 / j37;
            if (j38 >= j10) {
                break;
            }
            long j39 = j38 * j37;
            long j40 = j11 + j39;
            int i27 = (int) j40;
            int i28 = iArr[i27] & 1;
            int i29 = (int) (i28 + j39);
            int i30 = (int) (j36 >> 3);
            bArr[i30] = (byte) ((i28 << ((int) (j36 & 7))) ^ bArr[i30]);
            j36 += j7;
            iArr[i27] = (iArr[(int) j39] << 16) | i29;
            iArr[(int) (j40 + 1)] = (iArr[(int) (j39 + 1)] << 16) | (i29 ^ 1);
            j38++;
            j11 = j9;
            i8 = i8;
            j37 = 2;
        }
        long j41 = j37;
        long j42 = j9 * j41;
        sort32(iArr, i8, (int) j42);
        long j43 = j8 * j41;
        long j44 = ((j43 - 3) * j7 * j10) + j36;
        long j45 = 0;
        while (j45 < j10) {
            long j46 = j45 * j41;
            long j47 = j9 + j46;
            int i31 = iArr[(int) j47];
            int i32 = i31 & 1;
            long j48 = j44;
            int i33 = (int) (i32 + j46);
            long j49 = j42;
            int i34 = (int) (j48 >> 3);
            bArr[i34] = (byte) (bArr[i34] ^ (i32 << ((int) (j48 & 7))));
            iArr[(int) j46] = (i31 & 65535) | (i33 << 16);
            iArr[(int) (j46 + 1)] = (iArr[(int) (j47 + 1)] & 65535) | ((i33 ^ 1) << 16);
            j45++;
            j44 = j48 + j7;
            j42 = j49;
            j43 = j43;
            j41 = 2;
        }
        long j50 = j42;
        sort32(iArr, 0, i8);
        long j51 = 2;
        long j52 = j44 - (((j43 - 2) * j7) * j10);
        short[] sArr2 = new short[i8 * 4];
        long j53 = 0;
        while (j53 < j50) {
            long j54 = j53 * j51;
            int i35 = iArr[(int) j53];
            sArr2[(int) (j54 + 0)] = (short) i35;
            sArr2[(int) (j54 + 1)] = (short) ((i35 & (-65536)) >> 16);
            j53++;
            j51 = 2;
        }
        for (long j55 = 0; j55 < j10; j55++) {
            long j56 = j55 * 2;
            sArr2[(int) j55] = (short) ((iArr[(int) j56] & 65535) >>> 1);
            sArr2[(int) (j55 + j10)] = (short) ((iArr[(int) (j56 + 1)] & 65535) >>> 1);
        }
        for (long j57 = 0; j57 < j10; j57++) {
            long j58 = j57 * 2;
            iArr[(int) ((j9 / 4) + j9 + j57)] = (sArr2[(int) (j58 + 1)] << 16) | sArr2[(int) j58];
        }
        long j59 = j7 * 2;
        long j60 = (j9 / 4) + j9;
        long j61 = j8 - 1;
        cbrecursion(bArr, j52, j59, null, ((int) j60) * 2, j61, j10, iArr);
        cbrecursion(bArr, j52 + j7, j59, null, (int) ((j60 * 2) + j10), j61, j10, iArr);
    }

    private static void controlbitsfrompermutation(byte[] bArr, short[] sArr, long j6, long j7) {
        long j8 = 2;
        int[] iArr = new int[(int) (j7 * 2)];
        int i5 = (int) j7;
        short[] sArr2 = new short[i5];
        while (true) {
            short s5 = 0;
            for (int i6 = 0; i6 < (((((j6 * j8) - 1) * j7) / j8) + 7) / 8; i6++) {
                bArr[i6] = 0;
            }
            int i7 = i5;
            short[] sArr3 = sArr2;
            int[] iArr2 = iArr;
            cbrecursion(bArr, 0L, 1L, sArr, 0, j6, j7, iArr);
            for (int i8 = 0; i8 < j7; i8++) {
                sArr3[i8] = (short) i8;
            }
            int i9 = 0;
            for (int i10 = 0; i10 < j6; i10++) {
                layer(sArr3, bArr, i9, i10, i7);
                i9 = (int) (i9 + (j7 >> 4));
            }
            for (int i11 = (int) (j6 - 2); i11 >= 0; i11--) {
                layer(sArr3, bArr, i9, i11, i7);
                i9 = (int) (i9 + (j7 >> 4));
            }
            int i12 = 0;
            while (i12 < j7) {
                short s6 = (short) (s5 | (sArr[i12] ^ sArr3[i12]));
                i12++;
                s5 = s6;
            }
            if (s5 == 0) {
                return;
            }
            sArr2 = sArr3;
            i5 = i7;
            iArr = iArr2;
            j8 = 2;
        }
    }

    private static int ctz(long j6) {
        long j7 = ~j6;
        long j8 = 72340172838076673L;
        long j9 = 0;
        for (int i5 = 0; i5 < 8; i5++) {
            j8 &= j7 >>> i5;
            j9 += j8;
        }
        long j10 = 578721382704613384L & j9;
        long j11 = j10 | (j10 >>> 1);
        long j12 = j11 | (j11 >>> 2);
        long j13 = j9 >>> 8;
        long j14 = j9 + (j13 & j12);
        for (int i6 = 2; i6 < 8; i6++) {
            j12 &= j12 >>> 8;
            j13 >>>= 8;
            j14 += j13 & j12;
        }
        return ((int) j14) & 255;
    }

    private int decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i5;
        int i6;
        int i7 = this.SYS_T;
        short[] sArr = new short[i7 + 1];
        int i8 = this.SYS_N;
        short[] sArr2 = new short[i8];
        short[] sArr3 = new short[i7 * 2];
        short[] sArr4 = new short[i7 * 2];
        short[] sArr5 = new short[i7 + 1];
        short[] sArr6 = new short[i8];
        byte[] bArr4 = new byte[i8 / 8];
        int i9 = 0;
        while (true) {
            i5 = this.SYND_BYTES;
            if (i9 >= i5) {
                break;
            }
            bArr4[i9] = bArr3[i9];
            i9++;
        }
        while (i5 < this.SYS_N / 8) {
            bArr4[i5] = 0;
            i5++;
        }
        int i10 = 0;
        while (true) {
            i6 = this.SYS_T;
            if (i10 >= i6) {
                break;
            }
            sArr[i10] = Utils.load_gf(bArr2, (i10 * 2) + 40, this.GFMASK);
            i10++;
        }
        sArr[i6] = 1;
        this.benes.support_gen(sArr2, bArr2);
        synd(sArr3, sArr, sArr2, bArr4);
        bm(sArr5, sArr3);
        root(sArr6, sArr5, sArr2);
        for (int i11 = 0; i11 < this.SYS_N / 8; i11++) {
            bArr[i11] = 0;
        }
        int i12 = 0;
        for (int i13 = 0; i13 < this.SYS_N; i13++) {
            short gf_iszero = (short) (this.gf.gf_iszero(sArr6[i13]) & 1);
            int i14 = i13 / 8;
            bArr[i14] = (byte) (bArr[i14] | (gf_iszero << (i13 % 8)));
            i12 += gf_iszero;
        }
        synd(sArr4, sArr, sArr2, bArr);
        int i15 = this.SYS_T ^ i12;
        for (int i16 = 0; i16 < this.SYS_T * 2; i16++) {
            i15 |= sArr3[i16] ^ sArr4[i16];
        }
        return (((i15 - 1) >> 15) & 1) ^ 1;
    }

    private void encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        generate_error_vector(bArr3, secureRandom);
        syndrome(bArr, bArr2, bArr3);
    }

    private short eval(short[] sArr, short s5) {
        int i5 = this.SYS_T;
        short s6 = sArr[i5];
        for (int i6 = i5 - 1; i6 >= 0; i6--) {
            s6 = (short) (this.gf.gf_mul(s6, s5) ^ sArr[i6]);
        }
        return s6;
    }

    private void generate_error_vector(byte[] bArr, SecureRandom secureRandom) {
        int i5;
        int i6 = this.SYS_T;
        short[] sArr = new short[i6 * 2];
        short[] sArr2 = new short[i6];
        byte[] bArr2 = new byte[i6];
        while (true) {
            if (this.countErrorIndices) {
                byte[] bArr3 = new byte[this.SYS_T * 4];
                secureRandom.nextBytes(bArr3);
                for (int i7 = 0; i7 < this.SYS_T * 2; i7++) {
                    sArr[i7] = Utils.load_gf(bArr3, i7 * 2, this.GFMASK);
                }
                int i8 = 0;
                int i9 = 0;
                while (true) {
                    i5 = this.SYS_T;
                    if (i8 >= i5 * 2 || i9 >= i5) {
                        break;
                    }
                    short s5 = sArr[i8];
                    if (s5 < this.SYS_N) {
                        sArr2[i9] = s5;
                        i9++;
                    }
                    i8++;
                }
                if (i9 < i5) {
                    continue;
                }
            } else {
                byte[] bArr4 = new byte[this.SYS_T * 2];
                secureRandom.nextBytes(bArr4);
                for (int i10 = 0; i10 < this.SYS_T; i10++) {
                    sArr2[i10] = Utils.load_gf(bArr4, i10 * 2, this.GFMASK);
                }
            }
            boolean z5 = false;
            for (int i11 = 1; i11 < this.SYS_T && !z5; i11++) {
                int i12 = 0;
                while (true) {
                    if (i12 >= i11) {
                        break;
                    }
                    if (sArr2[i11] == sArr2[i12]) {
                        z5 = true;
                        break;
                    }
                    i12++;
                }
            }
            if (!z5) {
                break;
            }
        }
        for (int i13 = 0; i13 < this.SYS_T; i13++) {
            bArr2[i13] = (byte) (1 << (sArr2[i13] & 7));
        }
        for (short s6 = 0; s6 < this.SYS_N / 8; s6 = (short) (s6 + 1)) {
            bArr[s6] = 0;
            for (int i14 = 0; i14 < this.SYS_T; i14++) {
                bArr[s6] = (byte) ((((short) (same_mask32(s6, (short) (sArr2[i14] >> 3)) & 255)) & bArr2[i14]) | bArr[s6]);
            }
        }
    }

    private int generate_irr_poly(short[] sArr) {
        int i5;
        int i6 = this.SYS_T;
        short[][] sArr2 = (short[][]) Array.newInstance((Class<?>) Short.TYPE, i6 + 1, i6);
        sArr2[0][0] = 1;
        System.arraycopy(sArr, 0, sArr2[1], 0, this.SYS_T);
        int i7 = 2;
        int[] iArr = new int[(this.SYS_T * 2) - 1];
        while (true) {
            i5 = this.SYS_T;
            if (i7 >= i5) {
                break;
            }
            this.gf.gf_sqr_poly(i5, this.poly, sArr2[i7], sArr2[i7 >>> 1], iArr);
            this.gf.gf_mul_poly(this.SYS_T, this.poly, sArr2[i7 + 1], sArr2[i7], sArr, iArr);
            i7 += 2;
        }
        if (i7 == i5) {
            this.gf.gf_sqr_poly(i5, this.poly, sArr2[i7], sArr2[i7 >>> 1], iArr);
        }
        int i8 = 0;
        while (true) {
            int i9 = this.SYS_T;
            if (i8 >= i9) {
                System.arraycopy(sArr2[i9], 0, sArr, 0, i9);
                return 0;
            }
            int i10 = i8 + 1;
            for (int i11 = i10; i11 < this.SYS_T; i11++) {
                short gf_iszero = this.gf.gf_iszero(sArr2[i8][i8]);
                for (int i12 = i8; i12 < this.SYS_T + 1; i12++) {
                    short[] sArr3 = sArr2[i12];
                    sArr3[i8] = (short) (sArr3[i8] ^ ((short) (sArr3[i11] & gf_iszero)));
                }
            }
            short s5 = sArr2[i8][i8];
            if (s5 == 0) {
                return -1;
            }
            short gf_inv = this.gf.gf_inv(s5);
            for (int i13 = i8; i13 < this.SYS_T + 1; i13++) {
                short[] sArr4 = sArr2[i13];
                sArr4[i8] = this.gf.gf_mul(sArr4[i8], gf_inv);
            }
            for (int i14 = 0; i14 < this.SYS_T; i14++) {
                if (i14 != i8) {
                    short s6 = sArr2[i8][i14];
                    for (int i15 = i8; i15 <= this.SYS_T; i15++) {
                        short[] sArr5 = sArr2[i15];
                        sArr5[i14] = (short) (sArr5[i14] ^ this.gf.gf_mul(sArr5[i8], s6));
                    }
                }
            }
            i8 = i10;
        }
    }

    public static short get_q_short(int[] iArr, int i5) {
        int i6 = i5 / 2;
        return (short) (i5 % 2 == 0 ? iArr[i6] : (iArr[i6] & (-65536)) >> 16);
    }

    private static void layer(short[] sArr, byte[] bArr, int i5, int i6, int i7) {
        int i8 = 1 << i6;
        int i9 = 0;
        for (int i10 = 0; i10 < i7; i10 += i8 * 2) {
            for (int i11 = 0; i11 < i8; i11++) {
                int i12 = i10 + i11;
                short s5 = sArr[i12];
                int i13 = i12 + i8;
                int i14 = (sArr[i13] ^ s5) & (-((bArr[(i9 >> 3) + i5] >> (i9 & 7)) & 1));
                sArr[i12] = (short) (s5 ^ i14);
                sArr[i13] = (short) (sArr[i13] ^ i14);
                i9++;
            }
        }
    }

    private static int min(short s5, int i5) {
        return s5 < i5 ? s5 : i5;
    }

    private int mov_columns(byte[][] bArr, short[] sArr, long[] jArr) {
        byte[] bArr2;
        long load8;
        long[] jArr2 = new long[64];
        int i5 = 32;
        long[] jArr3 = new long[32];
        byte[] bArr3 = new byte[9];
        int i6 = this.PK_NROWS - 32;
        int i7 = i6 / 8;
        int i8 = i6 % 8;
        char c6 = 0;
        if (this.usePadding) {
            for (int i9 = 0; i9 < 32; i9++) {
                for (int i10 = 0; i10 < 9; i10++) {
                    bArr3[i10] = bArr[i6 + i9][i7 + i10];
                }
                int i11 = 0;
                while (i11 < 8) {
                    int i12 = i11 + 1;
                    bArr3[i11] = (byte) (((bArr3[i11] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >> i8) | (bArr3[i12] << (8 - i8)));
                    i11 = i12;
                }
                jArr2[i9] = Utils.load8(bArr3, 0);
            }
        } else {
            for (int i13 = 0; i13 < 32; i13++) {
                jArr2[i13] = Utils.load8(bArr[i6 + i13], i7);
            }
        }
        long j6 = 0;
        jArr[0] = 0;
        int i14 = 0;
        while (i14 < 32) {
            long j7 = jArr2[i14];
            int i15 = i14 + 1;
            for (int i16 = i15; i16 < 32; i16++) {
                j7 |= jArr2[i16];
            }
            if (j7 == j6) {
                return -1;
            }
            int ctz = ctz(j7);
            long j8 = ctz;
            jArr3[i14] = j8;
            jArr[c6] = jArr[c6] | (1 << ((int) j8));
            for (int i17 = i15; i17 < 32; i17++) {
                long j9 = jArr2[i14];
                jArr2[i14] = j9 ^ (jArr2[i17] & (((j9 >> ctz) & 1) - 1));
            }
            int i18 = i15;
            while (i18 < 32) {
                long j10 = jArr2[i18];
                jArr2[i18] = j10 ^ (jArr2[i14] & (-((j10 >> ctz) & 1)));
                i18++;
                ctz = ctz;
                c6 = 0;
            }
            i14 = i15;
            j6 = 0;
        }
        int i19 = 0;
        while (i19 < 32) {
            int i20 = i19 + 1;
            int i21 = i20;
            while (i21 < 64) {
                long same_mask64 = same_mask64((short) i21, (short) jArr3[i19]) & (sArr[r12] ^ sArr[r17]);
                sArr[i6 + i19] = (short) (sArr[r12] ^ same_mask64);
                sArr[i6 + i21] = (short) (same_mask64 ^ sArr[r17]);
                i21++;
                bArr3 = bArr3;
            }
            i19 = i20;
        }
        byte[] bArr4 = bArr3;
        int i22 = 0;
        while (i22 < this.PK_NROWS) {
            if (this.usePadding) {
                for (int i23 = 0; i23 < 9; i23++) {
                    bArr4[i23] = bArr[i22][i7 + i23];
                }
                int i24 = 0;
                while (i24 < 8) {
                    int i25 = i24 + 1;
                    bArr4[i24] = (byte) (((bArr4[i24] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >> i8) | (bArr4[i25] << (8 - i8)));
                    i24 = i25;
                }
                bArr2 = bArr4;
                load8 = Utils.load8(bArr2, 0);
            } else {
                bArr2 = bArr4;
                load8 = Utils.load8(bArr[i22], i7);
            }
            int i26 = 0;
            while (i26 < i5) {
                long j11 = jArr3[i26];
                long j12 = ((load8 >> i26) ^ (load8 >> ((int) j11))) & 1;
                load8 = (j12 << i26) ^ ((j12 << ((int) j11)) ^ load8);
                i26++;
                i5 = 32;
            }
            if (this.usePadding) {
                Utils.store8(bArr2, 0, load8);
                byte[] bArr5 = bArr[i22];
                int i27 = i7 + 8;
                int i28 = 8 - i8;
                bArr5[i27] = (byte) ((((bArr5[i27] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >>> i8) << i8) | ((bArr2[7] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >>> i28));
                bArr5[i7 + 0] = (byte) (((bArr2[0] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) << i8) | (((bArr5[i7] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) << i28) >>> i28));
                for (int i29 = 7; i29 >= 1; i29--) {
                    bArr[i22][i7 + i29] = (byte) (((bArr2[i29] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) << i8) | ((bArr2[i29 - 1] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >>> i28));
                }
            } else {
                Utils.store8(bArr[i22], i7, load8);
            }
            i22++;
            bArr4 = bArr2;
            i5 = 32;
        }
        return 0;
    }

    private int pk_gen(byte[] bArr, byte[] bArr2, int[] iArr, short[] sArr, long[] jArr) {
        int i5;
        int i6;
        int i7 = this.SYS_T;
        short[] sArr2 = new short[i7 + 1];
        sArr2[i7] = 1;
        int i8 = 0;
        for (int i9 = 0; i9 < this.SYS_T; i9++) {
            sArr2[i9] = Utils.load_gf(bArr2, (i9 * 2) + 40, this.GFMASK);
        }
        int i10 = 1 << this.GFBITS;
        long[] jArr2 = new long[i10];
        for (int i11 = 0; i11 < (1 << this.GFBITS); i11++) {
            long j6 = iArr[i11];
            jArr2[i11] = j6;
            long j7 = j6 << 31;
            jArr2[i11] = j7;
            long j8 = j7 | i11;
            jArr2[i11] = j8;
            jArr2[i11] = j8 & Long.MAX_VALUE;
        }
        sort64(jArr2, 0, i10);
        for (int i12 = 1; i12 < (1 << this.GFBITS); i12++) {
            if ((jArr2[i12 - 1] >> 31) == (jArr2[i12] >> 31)) {
                return -1;
            }
        }
        short[] sArr3 = new short[this.SYS_N];
        for (int i13 = 0; i13 < (1 << this.GFBITS); i13++) {
            sArr[i13] = (short) (jArr2[i13] & this.GFMASK);
        }
        int i14 = 0;
        while (true) {
            i5 = this.SYS_N;
            if (i14 >= i5) {
                break;
            }
            sArr3[i14] = Utils.bitrev(sArr[i14], this.GFBITS);
            i14++;
        }
        short[] sArr4 = new short[i5];
        root(sArr4, sArr2, sArr3);
        int i15 = 0;
        while (true) {
            i6 = this.SYS_N;
            if (i15 >= i6) {
                break;
            }
            sArr4[i15] = this.gf.gf_inv(sArr4[i15]);
            i15++;
        }
        byte[][] bArr3 = (byte[][]) Array.newInstance((Class<?>) Byte.TYPE, this.PK_NROWS, i6 / 8);
        for (int i16 = 0; i16 < this.PK_NROWS; i16++) {
            for (int i17 = 0; i17 < this.SYS_N / 8; i17++) {
                bArr3[i16][i17] = 0;
            }
        }
        int i18 = 0;
        while (i18 < this.SYS_T) {
            for (int i19 = 0; i19 < this.SYS_N; i19 += 8) {
                int i20 = 0;
                while (true) {
                    int i21 = this.GFBITS;
                    if (i20 < i21) {
                        bArr3[(i21 * i18) + i20][i19 / 8] = (byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) (((byte) ((sArr4[i19 + 7] >>> i20) & 1)) << 1)) | ((sArr4[i19 + 6] >>> i20) & 1))) << 1)) | ((sArr4[i19 + 5] >>> i20) & 1))) << 1)) | ((sArr4[i19 + 4] >>> i20) & 1))) << 1)) | ((sArr4[i19 + 3] >>> i20) & 1))) << 1)) | ((sArr4[i19 + 2] >>> i20) & 1))) << 1)) | ((sArr4[i19 + 1] >>> i20) & 1))) << 1)) | ((sArr4[i19 + 0] >>> i20) & 1));
                        i20++;
                    }
                }
            }
            for (int i22 = 0; i22 < this.SYS_N; i22++) {
                sArr4[i22] = this.gf.gf_mul(sArr4[i22], sArr3[i22]);
            }
            i18++;
        }
        int i23 = 0;
        while (true) {
            int i24 = this.PK_NROWS;
            if (i23 < i24) {
                i18 = i23 >>> 3;
                int i25 = i23 & 7;
                if (this.usePivots && i23 == i24 - 32) {
                    if (mov_columns(bArr3, sArr, jArr) != 0) {
                        return -1;
                    }
                }
                int i26 = i23 + 1;
                int i27 = i26;
                while (i27 < this.PK_NROWS) {
                    byte b6 = (byte) (-((byte) (((byte) (((byte) (bArr3[i23][i18] ^ bArr3[i27][i18])) >> i25)) & 1)));
                    for (int i28 = i8; i28 < this.SYS_N / 8; i28++) {
                        byte[] bArr4 = bArr3[i23];
                        bArr4[i28] = (byte) (bArr4[i28] ^ (bArr3[i27][i28] & b6));
                    }
                    i27++;
                    i8 = 0;
                }
                if (((bArr3[i23][i18] >> i25) & 1) == 0) {
                    return -1;
                }
                for (int i29 = 0; i29 < this.PK_NROWS; i29++) {
                    if (i29 != i23) {
                        byte b7 = (byte) (-((byte) (((byte) (bArr3[i29][i18] >> i25)) & 1)));
                        for (int i30 = 0; i30 < this.SYS_N / 8; i30++) {
                            byte[] bArr5 = bArr3[i29];
                            bArr5[i30] = (byte) (bArr5[i30] ^ (bArr3[i23][i30] & b7));
                        }
                    }
                }
                i23 = i26;
                i8 = 0;
            } else {
                if (bArr == null) {
                    return 0;
                }
                if (this.usePadding) {
                    int i31 = i24 % 8;
                    if (i31 == 0) {
                        System.arraycopy(bArr3[i18], (i24 - 1) / 8, bArr, 0, this.SYS_N / 8);
                        int i32 = this.SYS_N / 8;
                        return 0;
                    }
                    int i33 = 0;
                    int i34 = 0;
                    while (true) {
                        int i35 = this.PK_NROWS;
                        if (i33 >= i35) {
                            return 0;
                        }
                        int i36 = (i35 - 1) / 8;
                        while (i36 < (this.SYS_N / 8) - 1) {
                            byte[] bArr6 = bArr3[i33];
                            int i37 = (bArr6[i36] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >>> i31;
                            i36++;
                            bArr[i34] = (byte) ((bArr6[i36] << (8 - i31)) | i37);
                            i34++;
                        }
                        bArr[i34] = (byte) ((bArr3[i33][i36] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >>> i31);
                        i33++;
                        i34++;
                    }
                } else {
                    int i38 = ((this.SYS_N - i24) + 7) / 8;
                    int i39 = 0;
                    while (true) {
                        int i40 = this.PK_NROWS;
                        if (i39 >= i40) {
                            return 0;
                        }
                        System.arraycopy(bArr3[i39], i40 / 8, bArr, i38 * i39, i38);
                        i39++;
                    }
                }
            }
        }
    }

    private void root(short[] sArr, short[] sArr2, short[] sArr3) {
        for (int i5 = 0; i5 < this.SYS_N; i5++) {
            sArr[i5] = eval(sArr2, sArr3[i5]);
        }
    }

    private static byte same_mask32(short s5, short s6) {
        return (byte) ((-(((s5 ^ s6) - 1) >>> 31)) & 255);
    }

    private static long same_mask64(short s5, short s6) {
        return -(((s5 ^ s6) - 1) >>> 63);
    }

    private static void sort32(int[] iArr, int i5, int i6) {
        int i7 = i6 - i5;
        if (i7 < 2) {
            return;
        }
        int i8 = 1;
        while (i8 < i7 - i8) {
            i8 += i8;
        }
        for (int i9 = i8; i9 > 0; i9 >>>= 1) {
            int i10 = 0;
            for (int i11 = 0; i11 < i7 - i9; i11++) {
                if ((i11 & i9) == 0) {
                    int i12 = i5 + i11;
                    int i13 = i12 + i9;
                    int i14 = iArr[i13];
                    int i15 = iArr[i12];
                    int i16 = i14 ^ i15;
                    int i17 = i14 - i15;
                    int i18 = ((((i14 ^ i17) & i16) ^ i17) >> 31) & i16;
                    iArr[i12] = i15 ^ i18;
                    iArr[i13] = iArr[i13] ^ i18;
                }
            }
            for (int i19 = i8; i19 > i9; i19 >>>= 1) {
                while (i10 < i7 - i19) {
                    if ((i10 & i9) == 0) {
                        int i20 = i5 + i10;
                        int i21 = i20 + i9;
                        int i22 = iArr[i21];
                        for (int i23 = i19; i23 > i9; i23 >>>= 1) {
                            int i24 = i20 + i23;
                            int i25 = iArr[i24];
                            int i26 = i25 ^ i22;
                            int i27 = i25 - i22;
                            int i28 = i26 & ((i27 ^ ((i27 ^ i25) & i26)) >> 31);
                            i22 ^= i28;
                            iArr[i24] = i25 ^ i28;
                        }
                        iArr[i21] = i22;
                    }
                    i10++;
                }
            }
        }
    }

    private static void sort64(long[] jArr, int i5, int i6) {
        int i7 = i6 - i5;
        if (i7 < 2) {
            return;
        }
        int i8 = 1;
        while (i8 < i7 - i8) {
            i8 += i8;
        }
        for (int i9 = i8; i9 > 0; i9 >>>= 1) {
            int i10 = 0;
            for (int i11 = 0; i11 < i7 - i9; i11++) {
                if ((i11 & i9) == 0) {
                    int i12 = i5 + i11;
                    int i13 = i12 + i9;
                    long j6 = jArr[i13];
                    long j7 = jArr[i12];
                    long j8 = (j6 ^ j7) & (-((j6 - j7) >>> 63));
                    jArr[i12] = j7 ^ j8;
                    jArr[i13] = jArr[i13] ^ j8;
                }
            }
            for (int i14 = i8; i14 > i9; i14 >>>= 1) {
                while (i10 < i7 - i14) {
                    if ((i10 & i9) == 0) {
                        int i15 = i5 + i10;
                        int i16 = i15 + i9;
                        long j9 = jArr[i16];
                        for (int i17 = i14; i17 > i9; i17 >>>= 1) {
                            int i18 = i15 + i17;
                            long j10 = jArr[i18];
                            long j11 = (-((j10 - j9) >>> 63)) & (j9 ^ j10);
                            j9 ^= j11;
                            jArr[i18] = j10 ^ j11;
                        }
                        jArr[i16] = j9;
                    }
                    i10++;
                }
            }
        }
    }

    private void synd(short[] sArr, short[] sArr2, short[] sArr3, byte[] bArr) {
        short s5 = (short) (bArr[0] & 1);
        short s6 = sArr3[0];
        short eval = eval(sArr2, s6);
        GF gf = this.gf;
        short gf_inv = (short) ((-s5) & gf.gf_inv(gf.gf_sq(eval)));
        sArr[0] = gf_inv;
        for (int i5 = 1; i5 < this.SYS_T * 2; i5++) {
            gf_inv = this.gf.gf_mul(gf_inv, s6);
            sArr[i5] = gf_inv;
        }
        for (int i6 = 1; i6 < this.SYS_N; i6++) {
            short s7 = (short) ((bArr[i6 / 8] >> (i6 % 8)) & 1);
            short s8 = sArr3[i6];
            short eval2 = eval(sArr2, s8);
            GF gf2 = this.gf;
            short gf_mul = this.gf.gf_mul(gf2.gf_inv(gf2.gf_sq(eval2)), s7);
            sArr[0] = (short) (sArr[0] ^ gf_mul);
            for (int i7 = 1; i7 < this.SYS_T * 2; i7++) {
                gf_mul = this.gf.gf_mul(gf_mul, s8);
                sArr[i7] = (short) (sArr[i7] ^ gf_mul);
            }
        }
    }

    private void syndrome(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        short[] sArr = new short[this.SYS_N / 8];
        int i5 = this.PK_NROWS % 8;
        for (int i6 = 0; i6 < this.SYND_BYTES; i6++) {
            bArr[i6] = 0;
        }
        int i7 = 0;
        for (int i8 = 0; i8 < this.PK_NROWS; i8++) {
            for (int i9 = 0; i9 < this.SYS_N / 8; i9++) {
                sArr[i9] = 0;
            }
            int i10 = 0;
            while (true) {
                int i11 = this.PK_ROW_BYTES;
                if (i10 >= i11) {
                    break;
                }
                sArr[((this.SYS_N / 8) - i11) + i10] = bArr2[i7 + i10];
                i10++;
            }
            if (this.usePadding) {
                for (int i12 = (this.SYS_N / 8) - 1; i12 >= (this.SYS_N / 8) - this.PK_ROW_BYTES; i12--) {
                    sArr[i12] = (short) ((((sArr[i12] & 255) << i5) | ((sArr[i12 - 1] & 255) >>> (8 - i5))) & 255);
                }
            }
            int i13 = i8 / 8;
            int i14 = i8 % 8;
            sArr[i13] = (short) (sArr[i13] | (1 << i14));
            byte b6 = 0;
            for (int i15 = 0; i15 < this.SYS_N / 8; i15++) {
                b6 = (byte) (b6 ^ (sArr[i15] & bArr3[i15]));
            }
            byte b7 = (byte) ((b6 >>> 4) ^ b6);
            byte b8 = (byte) (b7 ^ (b7 >>> 2));
            bArr[i13] = (byte) ((((byte) (1 & ((byte) (b8 ^ (b8 >>> 1))))) << i14) | bArr[i13]);
            i7 += this.PK_ROW_BYTES;
        }
    }

    public int check_c_padding(byte[] bArr) {
        return ((byte) ((((byte) (((byte) ((bArr[this.SYND_BYTES - 1] & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >>> (this.PK_NROWS % 8))) - 1)) & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >>> 7)) - 1;
    }

    public int check_pk_padding(byte[] bArr) {
        byte b6 = 0;
        for (int i5 = 0; i5 < this.PK_NROWS; i5++) {
            int i6 = this.PK_ROW_BYTES;
            b6 = (byte) (b6 | bArr[((i5 * i6) + i6) - 1]);
        }
        return ((byte) ((((byte) (((byte) ((b6 & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >>> (this.PK_NCOLS % 8))) - 1)) & SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION) >>> 7)) - 1;
    }

    public byte[] decompress_private_key(byte[] bArr) {
        int i5;
        byte[] bArr2 = new byte[getPrivateKeySize()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        int i6 = ((1 << this.GFBITS) * 4) + (this.SYS_N / 8) + this.IRR_BYTES + 32;
        byte[] bArr3 = new byte[i6];
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i6);
        if (bArr.length <= 40) {
            short[] sArr = new short[this.SYS_T];
            int i7 = this.IRR_BYTES;
            byte[] bArr4 = new byte[i7];
            int i8 = (i6 - 32) - i7;
            for (int i9 = 0; i9 < this.SYS_T; i9++) {
                sArr[i9] = Utils.load_gf(bArr3, (i9 * 2) + i8, this.GFMASK);
            }
            generate_irr_poly(sArr);
            for (int i10 = 0; i10 < this.SYS_T; i10++) {
                Utils.store_gf(bArr4, i10 * 2, sArr[i10]);
            }
            System.arraycopy(bArr4, 0, bArr2, 40, this.IRR_BYTES);
        }
        int length = bArr.length;
        int i11 = this.IRR_BYTES;
        if (length <= i11 + 40) {
            int i12 = this.GFBITS;
            int[] iArr = new int[1 << i12];
            short[] sArr2 = new short[1 << i12];
            int i13 = ((i6 - 32) - i11) - ((1 << i12) * 4);
            int i14 = 0;
            while (true) {
                i5 = this.GFBITS;
                if (i14 >= (1 << i5)) {
                    break;
                }
                iArr[i14] = Utils.load4(bArr3, (i14 * 4) + i13);
                i14++;
            }
            if (this.usePivots) {
                pk_gen(null, bArr2, iArr, sArr2, new long[]{0});
            } else {
                int i15 = 1 << i5;
                long[] jArr = new long[i15];
                for (int i16 = 0; i16 < (1 << this.GFBITS); i16++) {
                    long j6 = iArr[i16];
                    jArr[i16] = j6;
                    long j7 = j6 << 31;
                    jArr[i16] = j7;
                    long j8 = i16 | j7;
                    jArr[i16] = j8;
                    jArr[i16] = j8 & Long.MAX_VALUE;
                }
                sort64(jArr, 0, i15);
                for (int i17 = 0; i17 < (1 << this.GFBITS); i17++) {
                    sArr2[i17] = (short) (jArr[i17] & this.GFMASK);
                }
            }
            int i18 = this.COND_BYTES;
            byte[] bArr5 = new byte[i18];
            controlbitsfrompermutation(bArr5, sArr2, this.GFBITS, 1 << r2);
            System.arraycopy(bArr5, 0, bArr2, this.IRR_BYTES + 40, i18);
        }
        int privateKeySize = getPrivateKeySize();
        int i19 = this.SYS_N;
        System.arraycopy(bArr3, 0, bArr2, privateKeySize - (i19 / 8), i19 / 8);
        return bArr2;
    }

    public byte[] generate_public_key_from_private_key(byte[] bArr) {
        byte[] bArr2 = new byte[getPublicKeySize()];
        int i5 = this.GFBITS;
        short[] sArr = new short[1 << i5];
        long[] jArr = {0};
        int[] iArr = new int[1 << i5];
        int i6 = ((1 << i5) * 4) + (this.SYS_N / 8);
        byte[] bArr3 = new byte[i6];
        int i7 = ((i6 - 32) - this.IRR_BYTES) - ((1 << i5) * 4);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 64);
        sHAKEDigest.update(bArr, 0, 32);
        sHAKEDigest.doFinal(bArr3, 0, i6);
        for (int i8 = 0; i8 < (1 << this.GFBITS); i8++) {
            iArr[i8] = Utils.load4(bArr3, (i8 * 4) + i7);
        }
        pk_gen(bArr2, bArr, iArr, sArr, jArr);
        return bArr2;
    }

    public int getCipherTextSize() {
        return this.SYND_BYTES;
    }

    public int getCondBytes() {
        return this.COND_BYTES;
    }

    public int getDefaultSessionKeySize() {
        return this.defaultKeySize;
    }

    public int getIrrBytes() {
        return this.IRR_BYTES;
    }

    public int getPrivateKeySize() {
        return (this.SYS_N / 8) + this.COND_BYTES + this.IRR_BYTES + 40;
    }

    public int getPublicKeySize() {
        if (!this.usePadding) {
            return (this.PK_NROWS * this.PK_NCOLS) / 8;
        }
        int i5 = this.PK_NROWS;
        return ((this.SYS_N / 8) - ((i5 - 1) / 8)) * i5;
    }

    public int kem_dec(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i5 = this.SYS_N;
        byte[] bArr4 = new byte[i5 / 8];
        int i6 = (i5 / 8) + 1 + this.SYND_BYTES;
        byte[] bArr5 = new byte[i6];
        int check_c_padding = this.usePadding ? check_c_padding(bArr2) : 0;
        short decrypt = (short) (((short) (((short) (((byte) decrypt(bArr4, bArr3, bArr2)) - 1)) >> 8)) & 255);
        bArr5[0] = (byte) (decrypt & 1);
        int i7 = 0;
        while (i7 < this.SYS_N / 8) {
            int i8 = i7 + 1;
            bArr5[i8] = (byte) ((bArr4[i7] & decrypt) | ((~decrypt) & bArr3[i7 + 40 + this.IRR_BYTES + this.COND_BYTES]));
            i7 = i8;
        }
        for (int i9 = 0; i9 < this.SYND_BYTES; i9++) {
            bArr5[(this.SYS_N / 8) + 1 + i9] = bArr2[i9];
        }
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update(bArr5, 0, i6);
        sHAKEDigest.doFinal(bArr, 0, bArr.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b6 = (byte) check_c_padding;
        for (int i10 = 0; i10 < bArr.length; i10++) {
            bArr[i10] = (byte) (bArr[i10] | b6);
        }
        return check_c_padding;
    }

    public int kem_enc(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        int i5 = this.SYS_N / 8;
        byte[] bArr4 = new byte[i5];
        int check_pk_padding = this.usePadding ? check_pk_padding(bArr3) : 0;
        encrypt(bArr, bArr3, bArr4, secureRandom);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 1);
        sHAKEDigest.update(bArr4, 0, i5);
        sHAKEDigest.update(bArr, 0, bArr.length);
        sHAKEDigest.doFinal(bArr2, 0, bArr2.length);
        if (!this.usePadding) {
            return 0;
        }
        byte b6 = (byte) (((byte) check_pk_padding) ^ SshAgentConstants.SSH_AGENT_CONSTRAIN_EXTENSION);
        for (int i6 = 0; i6 < this.SYND_BYTES; i6++) {
            bArr[i6] = (byte) (bArr[i6] & b6);
        }
        for (int i7 = 0; i7 < 32; i7++) {
            bArr2[i7] = (byte) (bArr2[i7] & b6);
        }
        return check_pk_padding;
    }

    public void kem_keypair(byte[] bArr, byte[] bArr2, SecureRandom secureRandom) {
        int i5;
        int i6;
        short[] sArr;
        int i7;
        long j6;
        int i8 = 32;
        byte[] bArr3 = new byte[32];
        int i9 = 0;
        byte[] bArr4 = {64};
        secureRandom.nextBytes(bArr3);
        int E = a.E(this.SYS_T, 2, ((1 << this.GFBITS) * 4) + (this.SYS_N / 8), 32);
        byte[] bArr5 = new byte[E];
        long[] jArr = {0};
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        byte[] bArr6 = bArr3;
        while (true) {
            sHAKEDigest.update(bArr4, i9, 1);
            sHAKEDigest.update(bArr3, i9, bArr3.length);
            sHAKEDigest.doFinal(bArr5, i9, E);
            int i10 = E - 32;
            byte[] copyOfRange = Arrays.copyOfRange(bArr5, i10, i10 + 32);
            System.arraycopy(bArr6, i9, bArr2, i9, i8);
            byte[] copyOfRange2 = Arrays.copyOfRange(copyOfRange, i9, i8);
            int i11 = this.SYS_T;
            short[] sArr2 = new short[i11];
            int i12 = i10 - (i11 * 2);
            for (int i13 = i9; i13 < this.SYS_T; i13++) {
                sArr2[i13] = Utils.load_gf(bArr5, (i13 * 2) + i12, this.GFMASK);
            }
            if (generate_irr_poly(sArr2) != -1) {
                for (int i14 = i9; i14 < this.SYS_T; i14++) {
                    Utils.store_gf(bArr2, (i14 * 2) + 40, sArr2[i14]);
                }
                int i15 = this.GFBITS;
                int[] iArr = new int[1 << i15];
                i5 = i12 - ((1 << i15) * 4);
                int i16 = i9;
                while (true) {
                    i6 = this.GFBITS;
                    if (i16 >= (1 << i6)) {
                        break;
                    }
                    iArr[i16] = Utils.load4(bArr5, (i16 * 4) + i5);
                    i16++;
                }
                sArr = new short[1 << i6];
                if (pk_gen(bArr, bArr2, iArr, sArr, jArr) != -1) {
                    break;
                }
            }
            i8 = 32;
            bArr3 = copyOfRange;
            bArr6 = copyOfRange2;
            i9 = 0;
        }
        int i17 = this.COND_BYTES;
        byte[] bArr7 = new byte[i17];
        controlbitsfrompermutation(bArr7, sArr, this.GFBITS, 1 << r2);
        System.arraycopy(bArr7, 0, bArr2, this.IRR_BYTES + 40, i17);
        int i18 = this.SYS_N;
        System.arraycopy(bArr5, i5 - (i18 / 8), bArr2, bArr2.length - (i18 / 8), i18 / 8);
        if (this.usePivots) {
            i7 = 32;
            j6 = jArr[0];
        } else {
            j6 = 4294967295L;
            i7 = 32;
        }
        Utils.store8(bArr2, i7, j6);
    }
}
