package org.bouncycastle.pqc.crypto.ntru;

import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.pqc.math.ntru.HPSPolynomial;
import org.bouncycastle.pqc.math.ntru.Polynomial;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPSParameterSet;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUParameterSet;
import org.bouncycastle.util.Arrays;

/* loaded from: classes6.dex */
public class NTRUKEMExtractor implements EncapsulatedSecretExtractor {

    /* renamed from: a, reason: collision with root package name */
    public final NTRUParameters f58102a;

    /* renamed from: b, reason: collision with root package name */
    public final NTRUPrivateKeyParameters f58103b;

    public NTRUKEMExtractor(NTRUPrivateKeyParameters nTRUPrivateKeyParameters) {
        this.f58102a = nTRUPrivateKeyParameters.f58108d;
        this.f58103b = nTRUPrivateKeyParameters;
    }

    public final byte[] a(byte[] bArr) {
        byte[] bArr2;
        int i2;
        short[] sArr;
        int i3;
        NTRUParameterSet nTRUParameterSet = this.f58102a.f58115d;
        NTRUPrivateKeyParameters nTRUPrivateKeyParameters = this.f58103b;
        byte[] bArr3 = nTRUPrivateKeyParameters.f58116e;
        int b2 = nTRUParameterSet.b() + nTRUParameterSet.f59358c;
        byte[] bArr4 = new byte[b2];
        new NTRUOWCPA(nTRUParameterSet);
        int c2 = nTRUParameterSet.c() * 2;
        byte[] bArr5 = new byte[c2];
        Polynomial a2 = nTRUParameterSet.a();
        Polynomial a3 = nTRUParameterSet.a();
        Polynomial a4 = nTRUParameterSet.a();
        Polynomial a5 = nTRUParameterSet.a();
        a2.h(bArr);
        byte[] bArr6 = nTRUPrivateKeyParameters.f58116e;
        a3.i(bArr6);
        a3.o();
        a4.g(a2, a3);
        short[] sArr2 = a3.f59354a;
        int length = sArr2.length;
        int i4 = 0;
        while (i4 < length) {
            int i5 = a4.f59354a[i4] & 65535;
            int i6 = length;
            int i7 = a3.f59355b.f59357b;
            short s2 = (short) (i5 % (1 << i7));
            sArr2[i4] = s2;
            sArr2[i4] = (short) (s2 + (((short) (s2 >>> (i7 - 1))) << (1 - (i7 & 1))));
            i4++;
            length = i6;
            b2 = b2;
        }
        int i8 = b2;
        a3.b();
        a4.i(Arrays.o(nTRUParameterSet.c(), bArr6.length, bArr6));
        a5.g(a3, a4);
        a5.b();
        byte[] l2 = a5.l(c2 - nTRUParameterSet.c());
        short s3 = bArr[nTRUParameterSet.b() - 1];
        int i9 = nTRUParameterSet.f59356a;
        int i10 = i9 - 1;
        int i11 = nTRUParameterSet.f59357b;
        int i12 = ((((~((short) (s3 & (255 << (8 - ((i10 * i11) & 7)))))) + 1) >>> 15) & 1) | 0;
        if (nTRUParameterSet instanceof NTRUHPSParameterSet) {
            HPSPolynomial hPSPolynomial = (HPSPolynomial) a5;
            bArr2 = bArr3;
            int i13 = 0;
            short s4 = 0;
            short s5 = 0;
            while (i13 < i10) {
                int i14 = c2;
                short s6 = hPSPolynomial.f59354a[i13];
                i13++;
                s5 = (short) (s5 + (s6 & 1));
                s4 = (short) (s4 + (s6 & 2));
                c2 = i14;
                hPSPolynomial = hPSPolynomial;
            }
            i2 = c2;
            i12 |= (((~((((s4 >>> 1) ^ s5) | 0) | (s4 ^ (((1 << ((NTRUHPSParameterSet) nTRUParameterSet).f59357b) / 8) - 2)))) + 1) >>> 31) & 1;
        } else {
            bArr2 = bArr3;
            i2 = c2;
        }
        a3.a(a5);
        for (int i15 = 0; i15 < i9; i15++) {
            short[] sArr3 = a2.f59354a;
            sArr3[i15] = (short) (sArr3[i15] - sArr2[i15]);
        }
        a4.m(Arrays.o(nTRUParameterSet.c() * 2, bArr6.length, bArr6));
        a5.g(a2, a4);
        NTRUParameterSet nTRUParameterSet2 = a5.f59355b;
        int i16 = nTRUParameterSet2.f59356a;
        int i17 = 0;
        while (true) {
            sArr = a5.f59354a;
            if (i17 >= i16) {
                break;
            }
            sArr[i17] = (short) (sArr[i17] - sArr[i16 - 1]);
            i17++;
        }
        int i18 = 0;
        for (int i19 = 0; i19 < i10; i19++) {
            short s7 = sArr[i19];
            i18 = i18 | ((s7 + 1) & ((1 << i11) - 4)) | ((s7 + 2) & 4);
        }
        int i20 = ((((~(sArr[i10] | i18)) + 1) >>> 31) & 1) | i12;
        int length2 = sArr.length;
        for (int i21 = 0; i21 < length2; i21++) {
            int i22 = sArr[i21] & 65535;
            int i23 = nTRUParameterSet2.f59357b;
            short s8 = (short) (i22 % (1 << i23));
            sArr[i21] = s8;
            sArr[i21] = (short) ((s8 ^ (s8 >>> (i23 - 1))) & 3);
        }
        byte[] l3 = a5.l(nTRUParameterSet.c() * 2);
        System.arraycopy(l3, 0, bArr5, 0, l3.length);
        System.arraycopy(l2, 0, bArr5, nTRUParameterSet.c(), l2.length);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        int i24 = sHA3Digest.f54601f / 8;
        byte[] bArr7 = new byte[i24];
        sHA3Digest.j(0, i2, bArr5);
        sHA3Digest.c(0, bArr7);
        int i25 = 0;
        while (true) {
            i3 = nTRUParameterSet.f59358c;
            if (i25 >= i3) {
                break;
            }
            bArr4[i25] = bArr2[((((i9 - 1) * i11) + 7) / 8) + (nTRUParameterSet.c() * 2) + i25];
            i25++;
        }
        for (int i26 = 0; i26 < nTRUParameterSet.b(); i26++) {
            bArr4[i3 + i26] = bArr[i26];
        }
        sHA3Digest.reset();
        sHA3Digest.j(0, i8, bArr4);
        sHA3Digest.c(0, bArr5);
        byte b3 = (byte) ((~((byte) i20)) + 1);
        for (int i27 = 0; i27 < i24; i27++) {
            byte b4 = bArr7[i27];
            bArr7[i27] = (byte) (b4 ^ ((bArr5[i27] ^ b4) & b3));
        }
        byte[] o2 = Arrays.o(0, nTRUParameterSet.f59359d, bArr7);
        Arrays.a(bArr7);
        return o2;
    }
}
