package org.bouncycastle.pqc.crypto.lms;

import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes8.dex */
public final class LMS {
    public static LMSPrivateKeyParameters generateKeys(LMSigParameters lMSigParameters, LMOtsParameters lMOtsParameters, int i, byte[] bArr, byte[] bArr2) throws IllegalArgumentException {
        if (bArr2 != null && bArr2.length >= lMSigParameters.getM()) {
            return new LMSPrivateKeyParameters(lMSigParameters, lMOtsParameters, i, bArr, 1 << lMSigParameters.getH(), bArr2);
        }
        throw new IllegalArgumentException("root seed is less than " + lMSigParameters.getM());
    }

    public static LMSSignature generateSign(LMSContext lMSContext) {
        LMOtsPrivateKey lMOtsPrivateKey = lMSContext.key;
        byte[] bArr = new byte[34];
        lMSContext.digest.doFinal(bArr, 0);
        lMSContext.digest = null;
        LMOtsParameters lMOtsParameters = lMOtsPrivateKey.parameter;
        int n = lMOtsParameters.getN();
        int p = lMOtsParameters.getP();
        int w = lMOtsParameters.getW();
        byte[] bArr2 = new byte[p * n];
        ExtendedDigest digest = DigestUtil.getDigest(lMOtsParameters.getDigestOID());
        SeedDerive seedDerive = new SeedDerive(DigestUtil.getDigest(lMOtsPrivateKey.parameter.getDigestOID()), lMOtsPrivateKey.I, lMOtsPrivateKey.masterSecret);
        seedDerive.q = lMOtsPrivateKey.q;
        int cksm = LM_OTS.cksm(bArr, n, lMOtsParameters);
        bArr[n] = (byte) ((cksm >>> 8) & 255);
        bArr[n + 1] = (byte) cksm;
        int i = n + 23;
        byte[] build = Composer.compose().bytes(lMOtsPrivateKey.I).u32str(lMOtsPrivateKey.q).padUntil(0, i).build();
        seedDerive.j = 0;
        int i2 = 0;
        while (i2 < p) {
            Pack.shortToBigEndian((short) i2, build, 20);
            int i3 = 23;
            seedDerive.deriveSeed(23, build, i2 < p + (-1));
            int coef = LM_OTS.coef(i2, w, bArr);
            for (int i4 = 0; i4 < coef; i4++) {
                build[22] = (byte) i4;
                digest.update(build, 0, i);
                i3 = 23;
                digest.doFinal(build, 23);
            }
            System.arraycopy(build, i3, bArr2, n * i2, n);
            i2++;
        }
        return new LMSSignature(lMSContext.key.q, new LMOtsSignature(lMOtsParameters, lMSContext.C, bArr2), lMSContext.sigParams, lMSContext.path);
    }

    public static boolean verifySignature(LMSPublicKeyParameters lMSPublicKeyParameters, LMSContext lMSContext) {
        LMSSignature lMSSignature = (LMSSignature) lMSContext.getSignature();
        LMSigParameters lMSigParameters = lMSSignature.parameter;
        int h = lMSigParameters.getH();
        LMOtsPublicKey publicKey = lMSContext.getPublicKey();
        LMOtsParameters lMOtsParameters = publicKey.parameter;
        Object signature = lMSContext.getSignature();
        LMOtsSignature lMOtsSignature = signature instanceof LMSSignature ? ((LMSSignature) signature).otsSignature : (LMOtsSignature) signature;
        int n = lMOtsParameters.getN();
        int w = lMOtsParameters.getW();
        int p = lMOtsParameters.getP();
        byte[] bArr = new byte[34];
        lMSContext.digest.doFinal(bArr, 0);
        lMSContext.digest = null;
        int cksm = LM_OTS.cksm(bArr, n, lMOtsParameters);
        bArr[n] = (byte) ((cksm >>> 8) & 255);
        bArr[n + 1] = (byte) cksm;
        ExtendedDigest digest = DigestUtil.getDigest(lMOtsParameters.getDigestOID());
        byte[] bArr2 = publicKey.I;
        LmsUtils.byteArray(digest, bArr2);
        int i = publicKey.q;
        LmsUtils.u32str(i, digest);
        LmsUtils.u16str((short) -32640, digest);
        Composer u32str = Composer.compose().bytes(bArr2).u32str(i);
        int i2 = n + 23;
        byte[] build = u32str.padUntil(0, i2).build();
        int i3 = (1 << w) - 1;
        byte[] bArr3 = lMOtsSignature.y;
        ExtendedDigest digest2 = DigestUtil.getDigest(lMOtsParameters.getDigestOID());
        for (int i4 = 0; i4 < p; i4++) {
            Pack.shortToBigEndian((short) i4, build, 20);
            int i5 = 23;
            System.arraycopy(bArr3, i4 * n, build, 23, n);
            for (int coef = LM_OTS.coef(i4, w, bArr); coef < i3; coef++) {
                build[22] = (byte) coef;
                digest2.update(build, 0, i2);
                i5 = 23;
                digest2.doFinal(build, 23);
            }
            digest.update(build, i5, n);
        }
        byte[] bArr4 = new byte[n];
        digest.doFinal(bArr4, 0);
        int i6 = (1 << h) + lMSSignature.q;
        byte[] i7 = lMSPublicKeyParameters.getI();
        ExtendedDigest digest3 = DigestUtil.getDigest(lMSigParameters.getDigestOID());
        int digestSize = digest3.getDigestSize();
        byte[] bArr5 = new byte[digestSize];
        digest3.update(i7, 0, i7.length);
        LmsUtils.u32str(i6, digest3);
        LmsUtils.u16str((short) -32126, digest3);
        digest3.update(bArr4, 0, n);
        digest3.doFinal(bArr5, 0);
        int i8 = 0;
        while (i6 > 1) {
            int i9 = i6 & 1;
            byte[][] bArr6 = lMSSignature.y;
            if (i9 == 1) {
                digest3.update(i7, 0, i7.length);
                LmsUtils.u32str(i6 / 2, digest3);
                LmsUtils.u16str((short) -31869, digest3);
                byte[] bArr7 = bArr6[i8];
                digest3.update(bArr7, 0, bArr7.length);
                digest3.update(bArr5, 0, digestSize);
            } else {
                digest3.update(i7, 0, i7.length);
                LmsUtils.u32str(i6 / 2, digest3);
                LmsUtils.u16str((short) -31869, digest3);
                digest3.update(bArr5, 0, digestSize);
                byte[] bArr8 = bArr6[i8];
                digest3.update(bArr8, 0, bArr8.length);
            }
            digest3.doFinal(bArr5, 0);
            i6 /= 2;
            i8++;
        }
        return Arrays.constantTimeAreEqual(lMSPublicKeyParameters.T1, bArr5);
    }

    public static boolean verifySignature(LMSPublicKeyParameters lMSPublicKeyParameters, LMSSignature lMSSignature, byte[] bArr) {
        LMSContext generateOtsContext = lMSPublicKeyParameters.generateOtsContext(lMSSignature);
        generateOtsContext.update(bArr, 0, bArr.length);
        return verifySignature(lMSPublicKeyParameters, generateOtsContext);
    }
}
