package org.bouncycastle.pqc.crypto.ntru;

import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.pqc.math.ntru.HPSPolynomial;
import org.bouncycastle.pqc.math.ntru.Polynomial;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPSParameterSet;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUParameterSet;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class NTRUKEMExtractor implements EncapsulatedSecretExtractor {

    /* renamed from: a, reason: collision with root package name */
    public final NTRUParameters f38548a;

    /* renamed from: b, reason: collision with root package name */
    public final NTRUPrivateKeyParameters f38549b;

    public NTRUKEMExtractor(NTRUPrivateKeyParameters nTRUPrivateKeyParameters) {
        this.f38548a = nTRUPrivateKeyParameters.f38554b;
        this.f38549b = nTRUPrivateKeyParameters;
    }

    public final byte[] a(byte[] bArr) {
        byte[] bArr2;
        NTRUParameterSet nTRUParameterSet;
        int i10;
        NTRUParameterSet nTRUParameterSet2;
        NTRUParameterSet nTRUParameterSet3 = this.f38548a.f38562b;
        byte[] bArr3 = this.f38549b.f38563c;
        int b10 = nTRUParameterSet3.b() + nTRUParameterSet3.f39832c;
        byte[] bArr4 = new byte[b10];
        NTRUOWCPA ntruowcpa = new NTRUOWCPA(nTRUParameterSet3);
        byte[] bArr5 = this.f38549b.f38563c;
        int c10 = nTRUParameterSet3.c() * 2;
        byte[] bArr6 = new byte[c10];
        Polynomial a10 = nTRUParameterSet3.a();
        Polynomial a11 = nTRUParameterSet3.a();
        Polynomial a12 = nTRUParameterSet3.a();
        Polynomial a13 = nTRUParameterSet3.a();
        a10.h(bArr);
        a11.i(bArr5);
        a11.o();
        a12.g(a10, a11);
        int length = a11.f39828a.length;
        int i11 = 0;
        while (i11 < length) {
            short[] sArr = a11.f39828a;
            int i12 = length;
            int i13 = a12.f39828a[i11] & 65535;
            int i14 = b10;
            int i15 = a11.f39829b.f39831b;
            short s10 = (short) (i13 % (1 << i15));
            sArr[i11] = s10;
            sArr[i11] = (short) (s10 + (((short) (s10 >>> (i15 - 1))) << (1 - (i15 & 1))));
            i11++;
            length = i12;
            b10 = i14;
            bArr4 = bArr4;
        }
        byte[] bArr7 = bArr4;
        int i16 = b10;
        a11.b();
        a12.i(Arrays.o(bArr5, ntruowcpa.f38555a.c(), bArr5.length));
        a13.g(a11, a12);
        a13.b();
        byte[] l10 = a13.l(c10 - ntruowcpa.f38555a.c());
        short s11 = bArr[ntruowcpa.f38555a.b() - 1];
        NTRUParameterSet nTRUParameterSet4 = ntruowcpa.f38555a;
        int i17 = ((((~((short) (s11 & (255 << (8 - (((nTRUParameterSet4.f39830a - 1) * nTRUParameterSet4.f39831b) & 7)))))) + 1) >>> 15) & 1) | 0;
        if (nTRUParameterSet4 instanceof NTRUHPSParameterSet) {
            HPSPolynomial hPSPolynomial = (HPSPolynomial) a13;
            int i18 = 0;
            short s12 = 0;
            short s13 = 0;
            while (true) {
                nTRUParameterSet2 = ntruowcpa.f38555a;
                bArr2 = bArr3;
                if (i18 >= nTRUParameterSet2.f39830a - 1) {
                    break;
                }
                short s14 = hPSPolynomial.f39828a[i18];
                s12 = (short) (s12 + (s14 & 2));
                i18++;
                s13 = (short) (s13 + (s14 & 1));
                bArr3 = bArr2;
            }
            i17 |= (((~(((((1 << ((NTRUHPSParameterSet) nTRUParameterSet2).f39831b) / 8) - 2) ^ s12) | (((s12 >>> 1) ^ s13) | 0))) + 1) >>> 31) & 1;
        } else {
            bArr2 = bArr3;
        }
        a11.a(a13);
        int i19 = 0;
        while (true) {
            nTRUParameterSet = ntruowcpa.f38555a;
            if (i19 >= nTRUParameterSet.f39830a) {
                break;
            }
            short[] sArr2 = a10.f39828a;
            sArr2[i19] = (short) (sArr2[i19] - a11.f39828a[i19]);
            i19++;
        }
        a12.m(Arrays.o(bArr5, nTRUParameterSet.c() * 2, bArr5.length));
        a13.g(a10, a12);
        int i20 = a13.f39829b.f39830a;
        for (int i21 = 0; i21 < i20; i21++) {
            short[] sArr3 = a13.f39828a;
            sArr3[i21] = (short) (sArr3[i21] - sArr3[i20 - 1]);
        }
        int i22 = 0;
        int i23 = 0;
        while (true) {
            i10 = ntruowcpa.f38555a.f39830a - 1;
            if (i22 >= i10) {
                break;
            }
            short s15 = a13.f39828a[i22];
            i23 = i23 | (((1 << r5.f39831b) - 4) & (s15 + 1)) | ((s15 + 2) & 4);
            i22++;
        }
        short[] sArr4 = a13.f39828a;
        int i24 = ((((~(i23 | sArr4[i10])) + 1) >>> 31) & 1) | i17;
        int length2 = sArr4.length;
        for (int i25 = 0; i25 < length2; i25++) {
            short[] sArr5 = a13.f39828a;
            int i26 = sArr5[i25] & 65535;
            int i27 = a13.f39829b.f39831b;
            short s16 = (short) (i26 % (1 << i27));
            sArr5[i25] = s16;
            sArr5[i25] = (short) ((s16 ^ (s16 >>> (i27 - 1))) & 3);
        }
        byte[] l11 = a13.l(ntruowcpa.f38555a.c() * 2);
        System.arraycopy(l11, 0, bArr6, 0, l11.length);
        System.arraycopy(l10, 0, bArr6, ntruowcpa.f38555a.c(), l10.length);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        int i28 = sHA3Digest.f34932f / 8;
        byte[] bArr8 = new byte[i28];
        sHA3Digest.c(bArr6, 0, c10);
        sHA3Digest.doFinal(bArr8, 0);
        for (int i29 = 0; i29 < nTRUParameterSet3.f39832c; i29++) {
            bArr7[i29] = bArr2[((((nTRUParameterSet3.f39830a - 1) * nTRUParameterSet3.f39831b) + 7) / 8) + (nTRUParameterSet3.c() * 2) + i29];
        }
        for (int i30 = 0; i30 < nTRUParameterSet3.b(); i30++) {
            bArr7[nTRUParameterSet3.f39832c + i30] = bArr[i30];
        }
        sHA3Digest.reset();
        sHA3Digest.c(bArr7, 0, i16);
        sHA3Digest.doFinal(bArr6, 0);
        byte b11 = (byte) ((~((byte) i24)) + 1);
        for (int i31 = 0; i31 < i28; i31++) {
            byte b12 = bArr8[i31];
            bArr8[i31] = (byte) (b12 ^ ((bArr6[i31] ^ b12) & b11));
        }
        byte[] o9 = Arrays.o(bArr8, 0, nTRUParameterSet3.f39833d);
        Arrays.a(bArr8);
        return o9;
    }
}
