// poly_simple.go - NewHope-Simple polynomial.
//
// To the extent possible under law, Yawning Angel has waived all copyright
// and related or neighboring rights to newhope, using the Creative
// Commons "CC0" public domain dedication. See LICENSE or
// <http://creativecommons.org/publicdomain/zero/1.0/> for full details.

package newhope

func coeffFreeze(x uint16) uint16 {
	var c int16

	r := barrettReduce(x)
	m := r - paramQ
	c = int16(m)
	c >>= 15
	r = m ^ ((r ^ m) & uint16(c))

	return r
}

// Computes abs(x-Q/2)
func flipAbs(x uint16) uint16 {
	r := int16(coeffFreeze(x))
	r = r - paramQ/2
	m := r >> 15
	return uint16((r + m) ^ m)
}

func (p *poly) compress(r []byte) {
	var t [8]uint32

	for i, k := 0, 0; i < paramN; i, k = i+8, k+3 {
		for j := range t {
			t[j] = uint32(coeffFreeze(p.coeffs[i+j]))
			t[j] = (((t[j] << 3) + paramQ/2) / paramQ) & 0x7
		}

		r[k] = byte(t[0]) | byte(t[1]<<3) | byte(t[2]<<6)
		r[k+1] = byte(t[2]>>2) | byte(t[3]<<1) | byte(t[4]<<4) | byte(t[5]<<7)
		r[k+2] = byte(t[5]>>1) | byte(t[6]<<2) | byte(t[7]<<5)
	}

	for i := range t {
		t[i] = 0
	}
}

func (p *poly) decompress(a []byte) {
	for i := 0; i < paramN; i += 8 {
		a0, a1, a2 := uint16(a[0]), uint16(a[1]), uint16(a[2])
		p.coeffs[i+0] = a0 & 7
		p.coeffs[i+1] = (a0 >> 3) & 7
		p.coeffs[i+2] = (a0 >> 6) | ((a1 << 2) & 4)
		p.coeffs[i+3] = (a1 >> 1) & 7
		p.coeffs[i+4] = (a1 >> 4) & 7
		p.coeffs[i+5] = (a1 >> 7) | ((a2 << 1) & 6)
		p.coeffs[i+6] = (a2 >> 2) & 7
		p.coeffs[i+7] = (a2 >> 5)
		a = a[3:]
		for j := 0; j < 8; j++ {
			p.coeffs[i+j] = uint16((uint32(p.coeffs[i+j])*paramQ + 4) >> 3)
		}
	}
}

func (p *poly) fromMsg(msg []byte) {
	for i := uint(0); i < 32; i++ { // XXX: const for 32
		for j := uint(0); j < 8; j++ {
			mask := -(uint16((msg[i] >> j) & 1))
			p.coeffs[8*i+j+0] = mask & (paramQ / 2)
			p.coeffs[8*i+j+256] = mask & (paramQ / 2)
			p.coeffs[8*i+j+512] = mask & (paramQ / 2)
			p.coeffs[8*i+j+768] = mask & (paramQ / 2)
		}
	}
}

func (p *poly) toMsg(msg []byte) {
	memwipe(msg[0:32])

	for i := uint(0); i < 256; i++ {
		t := flipAbs(p.coeffs[i+0])
		t += flipAbs(p.coeffs[i+256])
		t += flipAbs(p.coeffs[i+512])
		t += flipAbs(p.coeffs[i+768])

		//t = (~(t - PARAM_Q));
		t = (t - paramQ)
		t >>= 15
		msg[i>>3] |= byte(t << (i & 7))
	}
}

func (p *poly) sub(a, b *poly) {
	for i := range p.coeffs {
		p.coeffs[i] = barrettReduce(a.coeffs[i] + 3*paramQ - b.coeffs[i])
	}
}