package org.bouncycastle.pqc.crypto.ntruprime;

import androidx.compose.foundation.layout.b;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.util.Arrays;

/* loaded from: classes12.dex */
public class NTRULPRimeKEMExtractor implements EncapsulatedSecretExtractor {
    private final NTRULPRimePrivateKeyParameters privateKey;

    public NTRULPRimeKEMExtractor(NTRULPRimePrivateKeyParameters nTRULPRimePrivateKeyParameters) {
        this.privateKey = nTRULPRimePrivateKeyParameters;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public byte[] extractSecret(byte[] bArr) {
        NTRULPRimeParameters parameters = this.privateKey.getParameters();
        int p = parameters.getP();
        int q = parameters.getQ();
        int w = parameters.getW();
        int roundedPolynomialBytes = parameters.getRoundedPolynomialBytes();
        int tau0 = parameters.getTau0();
        int tau1 = parameters.getTau1();
        int tau2 = parameters.getTau2();
        int tau3 = parameters.getTau3();
        byte[] bArr2 = new byte[p];
        Utils.f(p, bArr2, this.privateKey.getEncoded());
        byte[] bArr3 = new byte[roundedPolynomialBytes];
        System.arraycopy(bArr, 0, bArr3, 0, roundedPolynomialBytes);
        short[] sArr = new short[p];
        Utils.l(p, q, bArr3, sArr);
        byte[] bArr4 = new byte[128];
        System.arraycopy(bArr, roundedPolynomialBytes, bArr4, 0, 128);
        byte[] bArr5 = new byte[256];
        int i = 0;
        while (i < 128) {
            int i2 = i * 2;
            bArr5[i2] = (byte) (bArr4[i] & 15);
            bArr5[i2 + 1] = (byte) (bArr4[i] >>> 4);
            i++;
            tau1 = tau1;
        }
        int i3 = tau1;
        short[] sArr2 = new short[p];
        Utils.p(p, q, bArr2, sArr2, sArr);
        int i4 = 256;
        byte[] bArr6 = new byte[256];
        int i5 = 0;
        while (i5 < i4) {
            bArr6[i5] = (byte) (-(-(Utils.i(b.b(w, 4, Utils.i((bArr5[i5] * tau3) - tau2, q) - sArr2[i5], 1), q) >>> 31)));
            i5++;
            i4 = 256;
            sArr2 = sArr2;
        }
        byte[] bArr7 = new byte[32];
        for (int i6 = 0; i6 < 256; i6++) {
            int i7 = i6 >>> 3;
            bArr7[i7] = (byte) (bArr7[i7] | (bArr6[i6] << (i6 & 7)));
        }
        int publicKeyBytes = parameters.getPublicKeyBytes() - 32;
        byte[] bArr8 = new byte[publicKeyBytes];
        System.arraycopy(this.privateKey.getPk(), 32, bArr8, 0, publicKeyBytes);
        short[] sArr3 = new short[p];
        Utils.l(p, q, bArr8, sArr3);
        byte[] bArr9 = new byte[32];
        System.arraycopy(this.privateKey.getPk(), 0, bArr9, 0, 32);
        short[] sArr4 = new short[p];
        Utils.d(p, q, bArr9, sArr4);
        int[] iArr = new int[p];
        Utils.c(Arrays.copyOfRange(Utils.h(new byte[]{5}, bArr7), 0, 32), iArr);
        byte[] bArr10 = new byte[p];
        Utils.r(bArr10, p, iArr, w);
        short[] sArr5 = new short[p];
        Utils.p(p, q, bArr10, sArr5, sArr4);
        short[] sArr6 = new short[p];
        Utils.q(sArr6, sArr5);
        Utils.m(p, q, new byte[roundedPolynomialBytes], sArr6);
        short[] sArr7 = new short[p];
        Utils.p(p, q, bArr10, sArr7, sArr3);
        Utils.t(new byte[256], sArr7, bArr6, q, tau0, i3);
        byte[] bArr11 = new byte[128];
        int i8 = 0;
        for (int i9 = 128; i8 < i9; i9 = 128) {
            int i10 = i8 * 2;
            bArr11[i8] = (byte) (bArr5[i10] + (bArr5[i10 + 1] << 4));
            i8++;
        }
        byte[] bArr12 = new byte[this.privateKey.getHash().length + 32];
        System.arraycopy(bArr7, 0, bArr12, 0, 32);
        System.arraycopy(this.privateKey.getHash(), 0, bArr12, 32, this.privateKey.getHash().length);
        byte[] h = Utils.h(new byte[]{2}, bArr12);
        int i11 = roundedPolynomialBytes + 128;
        int i12 = i11 + 32;
        byte[] bArr13 = new byte[i12];
        System.arraycopy(bArr3, 0, bArr13, 0, roundedPolynomialBytes);
        System.arraycopy(bArr4, 0, bArr13, roundedPolynomialBytes, 128);
        System.arraycopy(h, 0, bArr13, i11, 32);
        int i13 = Arrays.areEqual(bArr, bArr13) ? 0 : -1;
        byte[] rho = this.privateKey.getRho();
        int i14 = 0;
        for (int i15 = 32; i14 < i15; i15 = 32) {
            byte b2 = bArr7[i14];
            bArr7[i14] = (byte) (b2 ^ ((rho[i14] ^ b2) & i13));
            i14++;
        }
        byte[] bArr14 = new byte[i12 + 32];
        System.arraycopy(bArr7, 0, bArr14, 0, 32);
        System.arraycopy(bArr13, 0, bArr14, 32, i12);
        return Arrays.copyOfRange(Utils.h(new byte[]{1}, bArr14), 0, parameters.getSessionKeySize() / 8);
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public int getEncapsulationLength() {
        return this.privateKey.getParameters().getRoundedPolynomialBytes() + 128 + 32;
    }
}
