package org.bouncycastle.pqc.crypto.ntru;

import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.pqc.math.ntru.HPSPolynomial;
import org.bouncycastle.pqc.math.ntru.Polynomial;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPSParameterSet;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUParameterSet;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class NTRUKEMExtractor implements EncapsulatedSecretExtractor {

    /* renamed from: a, reason: collision with root package name */
    public final NTRUParameters f39377a;

    /* renamed from: b, reason: collision with root package name */
    public final NTRUPrivateKeyParameters f39378b;

    public NTRUKEMExtractor(NTRUPrivateKeyParameters nTRUPrivateKeyParameters) {
        this.f39377a = nTRUPrivateKeyParameters.f39383b;
        this.f39378b = nTRUPrivateKeyParameters;
    }

    public final byte[] a(byte[] bArr) {
        byte[] bArr2;
        NTRUParameterSet nTRUParameterSet;
        int i4;
        NTRUParameterSet nTRUParameterSet2;
        NTRUParameterSet nTRUParameterSet3 = this.f39377a.f39391b;
        byte[] bArr3 = this.f39378b.f39392c;
        int b10 = nTRUParameterSet3.b() + nTRUParameterSet3.f40661c;
        byte[] bArr4 = new byte[b10];
        NTRUOWCPA ntruowcpa = new NTRUOWCPA(nTRUParameterSet3);
        byte[] bArr5 = this.f39378b.f39392c;
        int c10 = nTRUParameterSet3.c() * 2;
        byte[] bArr6 = new byte[c10];
        Polynomial a10 = nTRUParameterSet3.a();
        Polynomial a11 = nTRUParameterSet3.a();
        Polynomial a12 = nTRUParameterSet3.a();
        Polynomial a13 = nTRUParameterSet3.a();
        a10.h(bArr);
        a11.i(bArr5);
        a11.o();
        a12.g(a10, a11);
        int length = a11.f40657a.length;
        int i9 = 0;
        while (i9 < length) {
            short[] sArr = a11.f40657a;
            int i10 = length;
            int i11 = a12.f40657a[i9] & 65535;
            int i12 = b10;
            int i13 = a11.f40658b.f40660b;
            short s9 = (short) (i11 % (1 << i13));
            sArr[i9] = s9;
            sArr[i9] = (short) (s9 + (((short) (s9 >>> (i13 - 1))) << (1 - (i13 & 1))));
            i9++;
            length = i10;
            b10 = i12;
            bArr4 = bArr4;
        }
        byte[] bArr7 = bArr4;
        int i14 = b10;
        a11.b();
        a12.i(Arrays.o(bArr5, ntruowcpa.f39384a.c(), bArr5.length));
        a13.g(a11, a12);
        a13.b();
        byte[] l8 = a13.l(c10 - ntruowcpa.f39384a.c());
        short s10 = bArr[ntruowcpa.f39384a.b() - 1];
        NTRUParameterSet nTRUParameterSet4 = ntruowcpa.f39384a;
        int i15 = ((((~((short) (s10 & (255 << (8 - (((nTRUParameterSet4.f40659a - 1) * nTRUParameterSet4.f40660b) & 7)))))) + 1) >>> 15) & 1) | 0;
        if (nTRUParameterSet4 instanceof NTRUHPSParameterSet) {
            HPSPolynomial hPSPolynomial = (HPSPolynomial) a13;
            int i16 = 0;
            short s11 = 0;
            short s12 = 0;
            while (true) {
                nTRUParameterSet2 = ntruowcpa.f39384a;
                bArr2 = bArr3;
                if (i16 >= nTRUParameterSet2.f40659a - 1) {
                    break;
                }
                short s13 = hPSPolynomial.f40657a[i16];
                s11 = (short) (s11 + (s13 & 2));
                i16++;
                s12 = (short) (s12 + (s13 & 1));
                bArr3 = bArr2;
            }
            i15 |= (((~(((((1 << ((NTRUHPSParameterSet) nTRUParameterSet2).f40660b) / 8) - 2) ^ s11) | (((s11 >>> 1) ^ s12) | 0))) + 1) >>> 31) & 1;
        } else {
            bArr2 = bArr3;
        }
        a11.a(a13);
        int i17 = 0;
        while (true) {
            nTRUParameterSet = ntruowcpa.f39384a;
            if (i17 >= nTRUParameterSet.f40659a) {
                break;
            }
            short[] sArr2 = a10.f40657a;
            sArr2[i17] = (short) (sArr2[i17] - a11.f40657a[i17]);
            i17++;
        }
        a12.m(Arrays.o(bArr5, nTRUParameterSet.c() * 2, bArr5.length));
        a13.g(a10, a12);
        int i18 = a13.f40658b.f40659a;
        for (int i19 = 0; i19 < i18; i19++) {
            short[] sArr3 = a13.f40657a;
            sArr3[i19] = (short) (sArr3[i19] - sArr3[i18 - 1]);
        }
        int i20 = 0;
        int i21 = 0;
        while (true) {
            i4 = ntruowcpa.f39384a.f40659a - 1;
            if (i20 >= i4) {
                break;
            }
            short s14 = a13.f40657a[i20];
            i21 = i21 | (((1 << r5.f40660b) - 4) & (s14 + 1)) | ((s14 + 2) & 4);
            i20++;
        }
        short[] sArr4 = a13.f40657a;
        int i22 = ((((~(i21 | sArr4[i4])) + 1) >>> 31) & 1) | i15;
        int length2 = sArr4.length;
        for (int i23 = 0; i23 < length2; i23++) {
            short[] sArr5 = a13.f40657a;
            int i24 = sArr5[i23] & 65535;
            int i25 = a13.f40658b.f40660b;
            short s15 = (short) (i24 % (1 << i25));
            sArr5[i23] = s15;
            sArr5[i23] = (short) ((s15 ^ (s15 >>> (i25 - 1))) & 3);
        }
        byte[] l9 = a13.l(ntruowcpa.f39384a.c() * 2);
        System.arraycopy(l9, 0, bArr6, 0, l9.length);
        System.arraycopy(l8, 0, bArr6, ntruowcpa.f39384a.c(), l8.length);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        int i26 = sHA3Digest.f35761f / 8;
        byte[] bArr8 = new byte[i26];
        sHA3Digest.c(bArr6, 0, c10);
        sHA3Digest.doFinal(bArr8, 0);
        for (int i27 = 0; i27 < nTRUParameterSet3.f40661c; i27++) {
            bArr7[i27] = bArr2[((((nTRUParameterSet3.f40659a - 1) * nTRUParameterSet3.f40660b) + 7) / 8) + (nTRUParameterSet3.c() * 2) + i27];
        }
        for (int i28 = 0; i28 < nTRUParameterSet3.b(); i28++) {
            bArr7[nTRUParameterSet3.f40661c + i28] = bArr[i28];
        }
        sHA3Digest.reset();
        sHA3Digest.c(bArr7, 0, i14);
        sHA3Digest.doFinal(bArr6, 0);
        byte b11 = (byte) ((~((byte) i22)) + 1);
        for (int i29 = 0; i29 < i26; i29++) {
            byte b12 = bArr8[i29];
            bArr8[i29] = (byte) (b12 ^ ((bArr6[i29] ^ b12) & b11));
        }
        byte[] o10 = Arrays.o(bArr8, 0, nTRUParameterSet3.f40662d);
        Arrays.a(bArr8);
        return o10;
    }
}
