package org.bouncycastle.pqc.crypto.frodo;

import androidx.core.content.e;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.Xof;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes15.dex */
public class FrodoKEMExtractor implements EncapsulatedSecretExtractor {
    private FrodoEngine engine;
    private FrodoKeyParameters key;

    public FrodoKEMExtractor(FrodoKeyParameters frodoKeyParameters) {
        this.key = frodoKeyParameters;
        initCipher(frodoKeyParameters.getParameters());
    }

    private void initCipher(FrodoParameters frodoParameters) {
        this.engine = frodoParameters.getEngine();
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public byte[] extractSecret(byte[] bArr) {
        FrodoEngine frodoEngine = this.engine;
        byte[] bArr2 = new byte[frodoEngine.p];
        byte[] privateKey = ((FrodoPrivateKeyParameters) this.key).getPrivateKey();
        int i = frodoEngine.f30947c;
        int i2 = i * 8;
        int i3 = frodoEngine.f30945a;
        int B = e.B(i2, i3, 8, 0);
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, B);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, B, ((i3 * 64) / 8) + B);
        int i4 = frodoEngine.f30950m + 0;
        byte[] copyOfRange3 = Arrays.copyOfRange(privateKey, 0, i4);
        int i5 = i4 + 16;
        byte[] copyOfRange4 = Arrays.copyOfRange(privateKey, i4, i5);
        int i6 = (((i3 * i) * 8) / 8) + i5;
        byte[] copyOfRange5 = Arrays.copyOfRange(privateKey, i5, i6);
        int B2 = e.B(i2, 16, 8, i6);
        byte[] copyOfRange6 = Arrays.copyOfRange(privateKey, i6, B2);
        short[] sArr = new short[i2];
        for (int i7 = 0; i7 < 8; i7++) {
            int i8 = 0;
            while (i8 < i) {
                int i9 = i7 * i;
                sArr[i9 + i8] = Pack.littleEndianToShort(copyOfRange6, (i8 * 2) + (i9 * 2));
                i8++;
                copyOfRange5 = copyOfRange5;
            }
        }
        byte[] bArr3 = copyOfRange5;
        short[] sArr2 = new short[i2];
        for (int i10 = 0; i10 < i; i10++) {
            for (int i11 = 0; i11 < 8; i11++) {
                sArr2[(i10 * 8) + i11] = sArr[(i11 * i) + i10];
            }
        }
        int i12 = frodoEngine.o;
        byte[] copyOfRange7 = Arrays.copyOfRange(privateKey, B2, B2 + i12);
        short[] f2 = frodoEngine.f(8, i, copyOfRange);
        short[] f3 = frodoEngine.f(8, 8, copyOfRange2);
        short[] c2 = frodoEngine.c(f2, 8, frodoEngine.f30947c, sArr2, 8);
        short[] sArr3 = new short[64];
        int i13 = 0;
        while (true) {
            int i14 = 8;
            if (i13 >= 8) {
                break;
            }
            int i15 = 0;
            while (i15 < i14) {
                int i16 = (i13 * 8) + i15;
                sArr3[i16] = (short) (((f3[i16] - c2[i16]) & 65535) % frodoEngine.f30946b);
                i15++;
                i14 = 8;
                c2 = c2;
            }
            i13++;
        }
        int i17 = frodoEngine.d;
        short s = (short) ((1 << i17) - 1);
        short s2 = (short) ((1 << i3) - 1);
        byte[] bArr4 = new byte[i17 * 8];
        int i18 = 0;
        int i19 = 0;
        int i20 = 8;
        while (i19 < i20) {
            long j = 0;
            byte[] bArr5 = copyOfRange;
            int i21 = 0;
            while (i21 < i20) {
                int i22 = i3 - i17;
                j |= (((short) (((sArr3[i18] & s2) + (1 << (i22 - 1))) >> i22)) & s) << (i17 * i21);
                i18++;
                i21++;
                i20 = 8;
                sArr3 = sArr3;
                s2 = s2;
            }
            short s3 = s2;
            short[] sArr4 = sArr3;
            for (int i23 = 0; i23 < i17; i23++) {
                bArr4[(i19 * i17) + i23] = (byte) ((j >> (i23 * 8)) & 255);
            }
            i19++;
            i20 = 8;
            copyOfRange = bArr5;
            sArr3 = sArr4;
            s2 = s3;
        }
        byte[] bArr6 = copyOfRange;
        int i24 = frodoEngine.f30951n;
        int i25 = frodoEngine.f30949l;
        int i26 = i24 + i25;
        byte[] bArr7 = new byte[i26];
        Xof xof = frodoEngine.q;
        xof.update(copyOfRange7, 0, i12);
        xof.update(bArr4, 0, frodoEngine.k);
        xof.doFinal(bArr7, 0, i26);
        byte[] copyOfRange8 = Arrays.copyOfRange(bArr7, i25, i26);
        int i27 = i * 16;
        int i28 = i27 + 64;
        int i29 = i28 * 2;
        byte[] bArr8 = new byte[i29];
        xof.update((byte) -106);
        xof.update(bArr7, 0, i25);
        xof.doFinal(bArr8, 0, i29);
        short[] sArr5 = new short[i28];
        for (int i30 = 0; i30 < i28; i30++) {
            sArr5[i30] = Pack.littleEndianToShort(bArr8, i30 * 2);
        }
        short[] e = frodoEngine.e(sArr5, 0, 8, i);
        short[] e2 = frodoEngine.e(sArr5, i2, 8, i);
        short[] a2 = frodoEngine.r.a(copyOfRange4);
        int i31 = frodoEngine.f30947c;
        short[] b2 = frodoEngine.b(frodoEngine.c(e, 8, i31, a2, i31), e2, 8, i);
        short[] b3 = frodoEngine.b(frodoEngine.b(frodoEngine.c(e, 8, frodoEngine.f30947c, frodoEngine.f(i, 8, bArr3), 8), frodoEngine.e(sArr5, i27, 8, 8), 8, 8), frodoEngine.a(bArr4), 8, 8);
        short s4 = 0;
        for (short s5 = 0; s5 < f2.length; s5 = (short) (s5 + 1)) {
            s4 = (short) (s4 | (f2[s5] ^ b2[s5]));
        }
        for (short s6 = 0; s6 < f3.length; s6 = (short) (s6 + 1)) {
            s4 = (short) (s4 | (f3[s6] ^ b3[s6]));
        }
        byte b4 = s4 == 0 ? (byte) 0 : (byte) -1;
        int length = copyOfRange8.length;
        byte[] bArr9 = new byte[length];
        for (int i32 = 0; i32 < copyOfRange8.length; i32++) {
            bArr9[i32] = (byte) (((~b4) & copyOfRange8[i32] & 255) | (copyOfRange3[i32] & b4 & 255));
        }
        xof.update(bArr6, 0, bArr6.length);
        xof.update(copyOfRange2, 0, copyOfRange2.length);
        xof.update(bArr9, 0, length);
        xof.doFinal(bArr2, 0, frodoEngine.p);
        return bArr2;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public int getEncapsulationLength() {
        return this.engine.g;
    }
}
