package org.bouncycastle.pqc.crypto.ntru;

import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.pqc.math.ntru.HPSPolynomial;
import org.bouncycastle.pqc.math.ntru.Polynomial;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPSParameterSet;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUParameterSet;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class NTRUKEMExtractor implements EncapsulatedSecretExtractor {

    /* renamed from: a, reason: collision with root package name */
    public final NTRUParameters f38613a;

    /* renamed from: b, reason: collision with root package name */
    public final NTRUPrivateKeyParameters f38614b;

    public NTRUKEMExtractor(NTRUPrivateKeyParameters nTRUPrivateKeyParameters) {
        this.f38613a = nTRUPrivateKeyParameters.f38619b;
        this.f38614b = nTRUPrivateKeyParameters;
    }

    public final byte[] a(byte[] bArr) {
        byte[] bArr2;
        NTRUParameterSet nTRUParameterSet;
        int i9;
        NTRUParameterSet nTRUParameterSet2;
        NTRUParameterSet nTRUParameterSet3 = this.f38613a.f38627b;
        byte[] bArr3 = this.f38614b.f38628c;
        int b10 = nTRUParameterSet3.b() + nTRUParameterSet3.f39897c;
        byte[] bArr4 = new byte[b10];
        NTRUOWCPA ntruowcpa = new NTRUOWCPA(nTRUParameterSet3);
        byte[] bArr5 = this.f38614b.f38628c;
        int c10 = nTRUParameterSet3.c() * 2;
        byte[] bArr6 = new byte[c10];
        Polynomial a10 = nTRUParameterSet3.a();
        Polynomial a11 = nTRUParameterSet3.a();
        Polynomial a12 = nTRUParameterSet3.a();
        Polynomial a13 = nTRUParameterSet3.a();
        a10.h(bArr);
        a11.i(bArr5);
        a11.o();
        a12.g(a10, a11);
        int length = a11.f39893a.length;
        int i10 = 0;
        while (i10 < length) {
            short[] sArr = a11.f39893a;
            int i11 = length;
            int i12 = a12.f39893a[i10] & 65535;
            int i13 = b10;
            int i14 = a11.f39894b.f39896b;
            short s9 = (short) (i12 % (1 << i14));
            sArr[i10] = s9;
            sArr[i10] = (short) (s9 + (((short) (s9 >>> (i14 - 1))) << (1 - (i14 & 1))));
            i10++;
            length = i11;
            b10 = i13;
            bArr4 = bArr4;
        }
        byte[] bArr7 = bArr4;
        int i15 = b10;
        a11.b();
        a12.i(Arrays.o(bArr5, ntruowcpa.f38620a.c(), bArr5.length));
        a13.g(a11, a12);
        a13.b();
        byte[] l10 = a13.l(c10 - ntruowcpa.f38620a.c());
        short s10 = bArr[ntruowcpa.f38620a.b() - 1];
        NTRUParameterSet nTRUParameterSet4 = ntruowcpa.f38620a;
        int i16 = ((((~((short) (s10 & (255 << (8 - (((nTRUParameterSet4.f39895a - 1) * nTRUParameterSet4.f39896b) & 7)))))) + 1) >>> 15) & 1) | 0;
        if (nTRUParameterSet4 instanceof NTRUHPSParameterSet) {
            HPSPolynomial hPSPolynomial = (HPSPolynomial) a13;
            int i17 = 0;
            short s11 = 0;
            short s12 = 0;
            while (true) {
                nTRUParameterSet2 = ntruowcpa.f38620a;
                bArr2 = bArr3;
                if (i17 >= nTRUParameterSet2.f39895a - 1) {
                    break;
                }
                short s13 = hPSPolynomial.f39893a[i17];
                s11 = (short) (s11 + (s13 & 2));
                i17++;
                s12 = (short) (s12 + (s13 & 1));
                bArr3 = bArr2;
            }
            i16 |= (((~(((((1 << ((NTRUHPSParameterSet) nTRUParameterSet2).f39896b) / 8) - 2) ^ s11) | (((s11 >>> 1) ^ s12) | 0))) + 1) >>> 31) & 1;
        } else {
            bArr2 = bArr3;
        }
        a11.a(a13);
        int i18 = 0;
        while (true) {
            nTRUParameterSet = ntruowcpa.f38620a;
            if (i18 >= nTRUParameterSet.f39895a) {
                break;
            }
            short[] sArr2 = a10.f39893a;
            sArr2[i18] = (short) (sArr2[i18] - a11.f39893a[i18]);
            i18++;
        }
        a12.m(Arrays.o(bArr5, nTRUParameterSet.c() * 2, bArr5.length));
        a13.g(a10, a12);
        int i19 = a13.f39894b.f39895a;
        for (int i20 = 0; i20 < i19; i20++) {
            short[] sArr3 = a13.f39893a;
            sArr3[i20] = (short) (sArr3[i20] - sArr3[i19 - 1]);
        }
        int i21 = 0;
        int i22 = 0;
        while (true) {
            i9 = ntruowcpa.f38620a.f39895a - 1;
            if (i21 >= i9) {
                break;
            }
            short s14 = a13.f39893a[i21];
            i22 = i22 | (((1 << r5.f39896b) - 4) & (s14 + 1)) | ((s14 + 2) & 4);
            i21++;
        }
        short[] sArr4 = a13.f39893a;
        int i23 = ((((~(i22 | sArr4[i9])) + 1) >>> 31) & 1) | i16;
        int length2 = sArr4.length;
        for (int i24 = 0; i24 < length2; i24++) {
            short[] sArr5 = a13.f39893a;
            int i25 = sArr5[i24] & 65535;
            int i26 = a13.f39894b.f39896b;
            short s15 = (short) (i25 % (1 << i26));
            sArr5[i24] = s15;
            sArr5[i24] = (short) ((s15 ^ (s15 >>> (i26 - 1))) & 3);
        }
        byte[] l11 = a13.l(ntruowcpa.f38620a.c() * 2);
        System.arraycopy(l11, 0, bArr6, 0, l11.length);
        System.arraycopy(l10, 0, bArr6, ntruowcpa.f38620a.c(), l10.length);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        int i27 = sHA3Digest.f34997f / 8;
        byte[] bArr8 = new byte[i27];
        sHA3Digest.c(bArr6, 0, c10);
        sHA3Digest.doFinal(bArr8, 0);
        for (int i28 = 0; i28 < nTRUParameterSet3.f39897c; i28++) {
            bArr7[i28] = bArr2[((((nTRUParameterSet3.f39895a - 1) * nTRUParameterSet3.f39896b) + 7) / 8) + (nTRUParameterSet3.c() * 2) + i28];
        }
        for (int i29 = 0; i29 < nTRUParameterSet3.b(); i29++) {
            bArr7[nTRUParameterSet3.f39897c + i29] = bArr[i29];
        }
        sHA3Digest.reset();
        sHA3Digest.c(bArr7, 0, i15);
        sHA3Digest.doFinal(bArr6, 0);
        byte b11 = (byte) ((~((byte) i23)) + 1);
        for (int i30 = 0; i30 < i27; i30++) {
            byte b12 = bArr8[i30];
            bArr8[i30] = (byte) (b12 ^ ((bArr6[i30] ^ b12) & b11));
        }
        byte[] o10 = Arrays.o(bArr8, 0, nTRUParameterSet3.f39898d);
        Arrays.a(bArr8);
        return o10;
    }
}
