package net.sf.ntru.sign;

import java.math.BigDecimal;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import net.sf.ntru.arith.BigIntEuclidean;
import net.sf.ntru.exception.NtruException;
import net.sf.ntru.polynomial.BigDecimalPolynomial;
import net.sf.ntru.polynomial.BigIntPolynomial;
import net.sf.ntru.polynomial.DenseTernaryPolynomial;
import net.sf.ntru.polynomial.IntegerPolynomial;
import net.sf.ntru.polynomial.Polynomial;
import net.sf.ntru.polynomial.ProductFormPolynomial;
import net.sf.ntru.polynomial.Resultant;
import net.sf.ntru.sign.SignatureParameters;

/* loaded from: input_file:net/sf/ntru/sign/NtruSign.class */
public class NtruSign {
    private SignatureParameters params;
    private MessageDigest hashAlg;
    private SignatureKeyPair signingKeyPair;
    private SignaturePublicKey verificationKey;

    /* loaded from: input_file:net/sf/ntru/sign/NtruSign$BasisGenerationTask.class */
    private class BasisGenerationTask implements Callable<Basis> {
        private BasisGenerationTask() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Basis call() throws Exception {
            return NtruSign.this.generateBoundedBasis();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/sf/ntru/sign/NtruSign$FGBasis.class */
    public static class FGBasis extends Basis {
        IntegerPolynomial F;
        IntegerPolynomial G;
        int q;
        double keyNormBoundSq;

        /* JADX INFO: Access modifiers changed from: package-private */
        public FGBasis(Polynomial polynomial, Polynomial polynomial2, IntegerPolynomial integerPolynomial, IntegerPolynomial integerPolynomial2, IntegerPolynomial integerPolynomial3, int i, SignatureParameters.TernaryPolynomialType ternaryPolynomialType, SignatureParameters.BasisType basisType, double d) {
            super(polynomial, polynomial2, integerPolynomial, i, ternaryPolynomialType, basisType, d);
            this.F = integerPolynomial2;
            this.G = integerPolynomial3;
            this.q = i;
            this.keyNormBoundSq = d;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean isNormOk() {
            return ((double) this.F.centeredNormSq(this.q)) < this.keyNormBoundSq && ((double) this.G.centeredNormSq(this.q)) < this.keyNormBoundSq;
        }
    }

    public NtruSign(SignatureParameters signatureParameters) {
        this.params = signatureParameters;
    }

    public SignatureKeyPair generateKeyPair() {
        int availableProcessors = Runtime.getRuntime().availableProcessors();
        SignaturePrivateKey signaturePrivateKey = new SignaturePrivateKey(this.params);
        int i = this.params.B;
        if (availableProcessors == 1) {
            for (int i2 = i; i2 >= 0; i2--) {
                signaturePrivateKey.add(generateBoundedBasis());
            }
        } else {
            ArrayList arrayList = new ArrayList();
            int min = Math.min(i, availableProcessors - 1);
            if (min > 0) {
                ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(min);
                for (int i3 = i - 1; i3 >= 0; i3--) {
                    arrayList.add(newFixedThreadPool.submit(new BasisGenerationTask()));
                }
                newFixedThreadPool.shutdown();
            }
            Basis generateBoundedBasis = generateBoundedBasis();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                try {
                    signaturePrivateKey.add((Basis) ((Future) it.next()).get());
                } catch (Exception e) {
                    throw new NtruException(e);
                }
            }
            signaturePrivateKey.add(generateBoundedBasis);
        }
        SignaturePublicKey signaturePublicKey = new SignaturePublicKey(signaturePrivateKey.getBasis(0).h, this.params.q);
        signaturePrivateKey.getBasis(0).h = null;
        return new SignatureKeyPair(signaturePrivateKey, signaturePublicKey);
    }

    public SignatureKeyPair generateKeyPairSingleThread() {
        SignaturePrivateKey signaturePrivateKey = new SignaturePrivateKey(this.params);
        Basis generateBoundedBasis = generateBoundedBasis();
        SignaturePublicKey signaturePublicKey = new SignaturePublicKey(generateBoundedBasis.h, this.params.q);
        generateBoundedBasis.h = null;
        signaturePrivateKey.add(generateBoundedBasis);
        for (int i = this.params.B; i > 0; i--) {
            signaturePrivateKey.add(generateBoundedBasis());
        }
        return new SignatureKeyPair(signaturePrivateKey, signaturePublicKey);
    }

    public void initSign(SignatureKeyPair signatureKeyPair) {
        this.signingKeyPair = signatureKeyPair;
        try {
            this.hashAlg = MessageDigest.getInstance(this.params.hashAlg);
            this.hashAlg.reset();
        } catch (NoSuchAlgorithmException e) {
            throw new NtruException(e);
        }
    }

    public void update(byte[] bArr) {
        if (this.hashAlg == null) {
            throw new NtruException("Call initSign or initVerify first!");
        }
        this.hashAlg.update(bArr);
    }

    public byte[] sign(byte[] bArr) {
        if (this.hashAlg == null || this.signingKeyPair == null) {
            throw new NtruException("Call initSign first!");
        }
        return signHash(this.hashAlg.digest(bArr), this.signingKeyPair);
    }

    public byte[] sign(byte[] bArr, SignatureKeyPair signatureKeyPair) {
        try {
            return signHash(MessageDigest.getInstance(this.params.hashAlg).digest(bArr), signatureKeyPair);
        } catch (NoSuchAlgorithmException e) {
            throw new NtruException(e);
        }
    }

    private byte[] signHash(byte[] bArr, SignatureKeyPair signatureKeyPair) {
        IntegerPolynomial createMsgRep;
        IntegerPolynomial sign;
        int i = 0;
        do {
            i++;
            if (i > this.params.signFailTolerance) {
                throw new NtruException("Signing failed: too many retries (max=" + this.params.signFailTolerance + ")");
            }
            createMsgRep = createMsgRep(bArr, i);
            sign = sign(createMsgRep, signatureKeyPair);
        } while (!verify(createMsgRep, sign, signatureKeyPair.pub.h));
        byte[] binary = sign.toBinary(this.params.q);
        ByteBuffer allocate = ByteBuffer.allocate(binary.length + 4);
        allocate.put(binary);
        allocate.putInt(i);
        return allocate.array();
    }

    private IntegerPolynomial sign(IntegerPolynomial integerPolynomial, SignatureKeyPair signatureKeyPair) {
        int i = this.params.N;
        int i2 = this.params.q;
        int i3 = this.params.B;
        IntegerPolynomial integerPolynomial2 = new IntegerPolynomial(i);
        for (int i4 = i3; i4 >= 1; i4--) {
            Polynomial polynomial = signatureKeyPair.priv.getBasis(i4).f;
            Polynomial polynomial2 = signatureKeyPair.priv.getBasis(i4).fPrime;
            IntegerPolynomial mult = polynomial.mult(integerPolynomial);
            mult.div(i2);
            IntegerPolynomial mult2 = polynomial2.mult(mult);
            IntegerPolynomial mult3 = polynomial2.mult(integerPolynomial);
            mult3.div(i2);
            mult2.sub(polynomial.mult(mult3));
            integerPolynomial2.add(mult2);
            IntegerPolynomial m10clone = signatureKeyPair.priv.getBasis(i4).h.m10clone();
            if (i4 > 1) {
                m10clone.sub(signatureKeyPair.priv.getBasis(i4 - 1).h);
            } else {
                m10clone.sub(signatureKeyPair.pub.h);
            }
            integerPolynomial = mult2.mult(m10clone, i2);
        }
        Polynomial polynomial3 = signatureKeyPair.priv.getBasis(0).f;
        Polynomial polynomial4 = signatureKeyPair.priv.getBasis(0).fPrime;
        IntegerPolynomial mult4 = polynomial3.mult(integerPolynomial);
        mult4.div(i2);
        IntegerPolynomial mult5 = polynomial4.mult(mult4);
        IntegerPolynomial mult6 = polynomial4.mult(integerPolynomial);
        mult6.div(i2);
        mult5.sub(polynomial3.mult(mult6));
        integerPolynomial2.add(mult5);
        integerPolynomial2.modPositive(i2);
        return integerPolynomial2;
    }

    public void initVerify(SignaturePublicKey signaturePublicKey) {
        this.verificationKey = signaturePublicKey;
        try {
            this.hashAlg = MessageDigest.getInstance(this.params.hashAlg);
            this.hashAlg.reset();
        } catch (NoSuchAlgorithmException e) {
            throw new NtruException(e);
        }
    }

    public boolean verify(byte[] bArr) {
        if (this.hashAlg == null || this.verificationKey == null) {
            throw new NtruException("Call initVerify first!");
        }
        return verifyHash(this.hashAlg.digest(), bArr, this.verificationKey);
    }

    public boolean verify(byte[] bArr, byte[] bArr2, SignaturePublicKey signaturePublicKey) {
        try {
            return verifyHash(MessageDigest.getInstance(this.params.hashAlg).digest(bArr), bArr2, signaturePublicKey);
        } catch (NoSuchAlgorithmException e) {
            throw new NtruException(e);
        }
    }

    private boolean verifyHash(byte[] bArr, byte[] bArr2, SignaturePublicKey signaturePublicKey) {
        ByteBuffer wrap = ByteBuffer.wrap(bArr2);
        byte[] bArr3 = new byte[bArr2.length - 4];
        wrap.get(bArr3);
        return verify(createMsgRep(bArr, wrap.getInt()), IntegerPolynomial.fromBinary(bArr3, this.params.N, this.params.q), signaturePublicKey.h);
    }

    private boolean verify(IntegerPolynomial integerPolynomial, IntegerPolynomial integerPolynomial2, IntegerPolynomial integerPolynomial3) {
        int i = this.params.q;
        double d = this.params.normBoundSq;
        double d2 = this.params.betaSq;
        IntegerPolynomial mult = integerPolynomial3.mult(integerPolynomial2, i);
        mult.sub(integerPolynomial);
        return ((double) ((long) (((double) integerPolynomial2.centeredNormSq(i)) + (d2 * ((double) mult.centeredNormSq(i)))))) <= d;
    }

    IntegerPolynomial createMsgRep(byte[] bArr, int i) {
        int i2 = this.params.N;
        int numberOfLeadingZeros = 31 - Integer.numberOfLeadingZeros(this.params.q);
        int i3 = (numberOfLeadingZeros + 7) / 8;
        IntegerPolynomial integerPolynomial = new IntegerPolynomial(i2);
        ByteBuffer allocate = ByteBuffer.allocate(bArr.length + 4);
        allocate.put(bArr);
        allocate.putInt(i);
        Prng prng = new Prng(allocate.array(), this.params.hashAlg);
        for (int i4 = 0; i4 < i2; i4++) {
            byte[] nextBytes = prng.nextBytes(i3);
            nextBytes[nextBytes.length - 1] = (byte) ((nextBytes[nextBytes.length - 1] >> ((8 * i3) - numberOfLeadingZeros)) << ((8 * i3) - numberOfLeadingZeros));
            ByteBuffer allocate2 = ByteBuffer.allocate(4);
            allocate2.put(nextBytes);
            allocate2.rewind();
            integerPolynomial.coeffs[i4] = Integer.reverseBytes(allocate2.getInt());
        }
        return integerPolynomial;
    }

    Basis generateBoundedBasis() {
        FGBasis generateBasis;
        do {
            generateBasis = generateBasis();
        } while (!generateBasis.isNormOk());
        return generateBasis;
    }

    private FGBasis generateBasis() {
        Polynomial generateRandom;
        IntegerPolynomial integerPolynomial;
        IntegerPolynomial invertFq;
        Polynomial generateRandom2;
        IntegerPolynomial integerPolynomial2;
        Resultant resultant;
        BigIntEuclidean calculate;
        BigIntPolynomial round;
        Polynomial polynomial;
        IntegerPolynomial mult;
        int i = this.params.N;
        int i2 = this.params.q;
        int i3 = this.params.d;
        int i4 = this.params.d1;
        int i5 = this.params.d2;
        int i6 = this.params.d3;
        SignatureParameters.BasisType basisType = this.params.basisType;
        int i7 = (2 * i) + 1;
        boolean z = this.params.primeCheck;
        SecureRandom secureRandom = new SecureRandom();
        while (true) {
            generateRandom = this.params.polyType == SignatureParameters.TernaryPolynomialType.SIMPLE ? DenseTernaryPolynomial.generateRandom(i, i3 + 1, i3, secureRandom) : ProductFormPolynomial.generateRandom(i, i4, i5, i6 + 1, i6, secureRandom);
            integerPolynomial = generateRandom.toIntegerPolynomial();
            if (!z || !integerPolynomial.resultant(i7).res.equals(BigInteger.ZERO)) {
                invertFq = integerPolynomial.invertFq(i2);
                if (invertFq != null) {
                    break;
                }
            }
        }
        Resultant resultant2 = integerPolynomial.resultant();
        while (true) {
            generateRandom2 = this.params.polyType == SignatureParameters.TernaryPolynomialType.SIMPLE ? DenseTernaryPolynomial.generateRandom(i, i3 + 1, i3, secureRandom) : ProductFormPolynomial.generateRandom(i, i4, i5, i6 + 1, i6, secureRandom);
            integerPolynomial2 = generateRandom2.toIntegerPolynomial();
            if (!z || !integerPolynomial2.resultant(i7).res.equals(BigInteger.ZERO)) {
                if (integerPolynomial2.isInvertiblePow2()) {
                    resultant = integerPolynomial2.resultant();
                    calculate = BigIntEuclidean.calculate(resultant2.res, resultant.res);
                    if (calculate.gcd.equals(BigInteger.ONE)) {
                        break;
                    }
                } else {
                    continue;
                }
            }
        }
        BigIntPolynomial m8clone = resultant2.rho.m8clone();
        m8clone.mult(calculate.x.multiply(BigInteger.valueOf(i2)));
        BigIntPolynomial m8clone2 = resultant.rho.m8clone();
        m8clone2.mult(calculate.y.multiply(BigInteger.valueOf(-i2)));
        if (this.params.keyGenAlg == SignatureParameters.KeyGenAlg.RESULTANT) {
            int[] iArr = new int[i];
            int[] iArr2 = new int[i];
            iArr[0] = integerPolynomial.coeffs[0];
            iArr2[0] = integerPolynomial2.coeffs[0];
            for (int i8 = 1; i8 < i; i8++) {
                iArr[i8] = integerPolynomial.coeffs[i - i8];
                iArr2[i8] = integerPolynomial2.coeffs[i - i8];
            }
            IntegerPolynomial integerPolynomial3 = new IntegerPolynomial(iArr);
            IntegerPolynomial integerPolynomial4 = new IntegerPolynomial(iArr2);
            IntegerPolynomial mult2 = generateRandom.mult(integerPolynomial3);
            mult2.add(generateRandom2.mult(integerPolynomial4));
            Resultant resultant3 = mult2.resultant();
            BigIntPolynomial mult3 = integerPolynomial3.mult(m8clone2);
            mult3.add(integerPolynomial4.mult(m8clone));
            round = mult3.multBig(resultant3.rho);
            round.div(resultant3.res);
        } else {
            int i9 = 0;
            int i10 = 1;
            while (true) {
                int i11 = i10;
                if (i11 >= i) {
                    break;
                }
                i9++;
                i10 = i11 * 10;
            }
            BigDecimalPolynomial div = resultant2.rho.div(new BigDecimal(resultant2.res), m8clone2.getMaxCoeffLength() + 1 + i9);
            BigDecimalPolynomial div2 = resultant.rho.div(new BigDecimal(resultant.res), m8clone.getMaxCoeffLength() + 1 + i9);
            BigDecimalPolynomial mult4 = div.mult(m8clone2);
            mult4.add(div2.mult(m8clone));
            mult4.halve();
            round = mult4.round();
        }
        BigIntPolynomial m8clone3 = m8clone2.m8clone();
        m8clone3.sub(generateRandom.mult(round));
        BigIntPolynomial m8clone4 = m8clone.m8clone();
        m8clone4.sub(generateRandom2.mult(round));
        IntegerPolynomial integerPolynomial5 = new IntegerPolynomial(m8clone3);
        IntegerPolynomial integerPolynomial6 = new IntegerPolynomial(m8clone4);
        minimizeFG(integerPolynomial, integerPolynomial2, integerPolynomial5, integerPolynomial6, i);
        if (basisType == SignatureParameters.BasisType.STANDARD) {
            polynomial = integerPolynomial5;
            mult = generateRandom2.mult(invertFq, i2);
        } else {
            polynomial = generateRandom2;
            mult = integerPolynomial5.mult(invertFq, i2);
        }
        mult.modPositive(i2);
        return new FGBasis(generateRandom, polynomial, mult, integerPolynomial5, integerPolynomial6, this.params.q, this.params.polyType, this.params.basisType, this.params.keyNormBoundSq);
    }

    private void minimizeFG(IntegerPolynomial integerPolynomial, IntegerPolynomial integerPolynomial2, IntegerPolynomial integerPolynomial3, IntegerPolynomial integerPolynomial4, int i) {
        int i2 = 0;
        for (int i3 = 0; i3 < i; i3++) {
            i2 += 2 * i * ((integerPolynomial.coeffs[i3] * integerPolynomial.coeffs[i3]) + (integerPolynomial2.coeffs[i3] * integerPolynomial2.coeffs[i3]));
        }
        int i4 = i2 - 4;
        IntegerPolynomial m10clone = integerPolynomial.m10clone();
        IntegerPolynomial m10clone2 = integerPolynomial2.m10clone();
        int i5 = 0;
        int i6 = 0;
        while (i6 < i && i5 < i) {
            int i7 = 0;
            for (int i8 = 0; i8 < i; i8++) {
                i7 += 4 * i * ((integerPolynomial3.coeffs[i8] * integerPolynomial.coeffs[i8]) + (integerPolynomial4.coeffs[i8] * integerPolynomial2.coeffs[i8]));
            }
            int sumCoeffs = i7 - (4 * (integerPolynomial3.sumCoeffs() + integerPolynomial4.sumCoeffs()));
            if (sumCoeffs > i4) {
                integerPolynomial3.sub(m10clone);
                integerPolynomial4.sub(m10clone2);
                i6++;
                i5 = 0;
            } else if (sumCoeffs < (-i4)) {
                integerPolynomial3.add(m10clone);
                integerPolynomial4.add(m10clone2);
                i6++;
                i5 = 0;
            }
            i5++;
            m10clone.rotate1();
            m10clone2.rotate1();
        }
    }
}
