package org.bouncycastle.pqc.crypto.saber;

import com.tencent.tpns.dataacquisition.DeviceInfos;
import java.lang.reflect.Array;
import okhttp3.internal.http2.Settings;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class SABERKEMExtractor implements EncapsulatedSecretExtractor {
    public SABEREngine engine;
    public SABERKeyParameters key;

    public SABERKEMExtractor(SABERPrivateKeyParameters sABERPrivateKeyParameters) {
        this.key = sABERPrivateKeyParameters;
        this.engine = sABERPrivateKeyParameters.params.engine;
    }

    public final byte[] extractSecret(byte[] bArr) {
        byte[] bArr2;
        int i;
        SABEREngine sABEREngine = this.engine;
        byte[] bArr3 = new byte[sABEREngine.defaultKeySize / 8];
        byte[] clone = Arrays.clone(((SABERPrivateKeyParameters) this.key).privateKey);
        byte[] bArr4 = new byte[sABEREngine.SABER_BYTES_CCA_DEC];
        byte[] bArr5 = new byte[64];
        byte[] bArr6 = new byte[64];
        byte[] copyOfRange = Arrays.copyOfRange(clone, sABEREngine.SABER_INDCPA_SECRETKEYBYTES, clone.length);
        short[][] sArr = (short[][]) Array.newInstance((Class<?>) Short.TYPE, sABEREngine.SABER_L, 256);
        short[][] sArr2 = (short[][]) Array.newInstance((Class<?>) Short.TYPE, sABEREngine.SABER_L, 256);
        short[] sArr3 = new short[256];
        short[] sArr4 = new short[256];
        sABEREngine.utils.BS2POLVECq(clone, 0, sArr);
        sABEREngine.utils.BS2POLVECp(bArr, sArr2);
        Poly poly = sABEREngine.poly;
        for (int i2 = 0; i2 < poly.SABER_L; i2++) {
            poly.poly_mul_acc(sArr2[i2], sArr[i2], sArr3);
        }
        Utils utils = sABEREngine.utils;
        int i3 = sABEREngine.SABER_POLYVECCOMPRESSEDBYTES;
        int i4 = utils.SABER_ET;
        if (i4 == 3) {
            short s = 0;
            for (short s2 = 32; s < s2; s2 = 32) {
                short s3 = (short) (s * 8);
                int i5 = ((short) (s * 3)) + i3;
                byte b = bArr[i5 + 0];
                sArr4[s3 + 0] = (short) (b & 7);
                sArr4[s3 + 1] = (short) ((b >> 3) & 7);
                byte b2 = bArr[i5 + 1];
                sArr4[s3 + 2] = (short) (((b >> 6) & 3) | ((b2 & 1) << 2));
                sArr4[s3 + 3] = (short) ((b2 >> 1) & 7);
                sArr4[s3 + 4] = (short) ((b2 >> 4) & 7);
                byte b3 = bArr[i5 + 2];
                sArr4[s3 + 5] = (short) (((b2 >> 7) & 1) | ((b3 & 3) << 1));
                sArr4[s3 + 6] = (short) ((b3 >> 2) & 7);
                sArr4[s3 + 7] = (short) ((b3 >> 5) & 7);
                s = (short) (s + 1);
                bArr3 = bArr3;
            }
            bArr2 = bArr3;
        } else {
            bArr2 = bArr3;
            if (i4 == 4) {
                for (short s4 = 0; s4 < 128; s4 = (short) (s4 + 1)) {
                    short s5 = (short) (s4 * 2);
                    byte b4 = bArr[i3 + s4];
                    sArr4[s5] = (short) (b4 & 15);
                    sArr4[s5 + 1] = (short) ((b4 >> 4) & 15);
                }
            } else if (i4 == 6) {
                for (short s6 = 0; s6 < 64; s6 = (short) (s6 + 1)) {
                    short s7 = (short) (s6 * 4);
                    int i6 = ((short) (s6 * 3)) + i3;
                    byte b5 = bArr[i6 + 0];
                    sArr4[s7 + 0] = (short) (b5 & 63);
                    byte b6 = bArr[i6 + 1];
                    sArr4[s7 + 1] = (short) (((b5 >> 6) & 3) | ((b6 & 15) << 2));
                    int i7 = (b6 & DeviceInfos.NETWORK_TYPE_UNCONNECTED) >> 4;
                    byte b7 = bArr[i6 + 2];
                    sArr4[s7 + 2] = (short) (i7 | ((b7 & 3) << 4));
                    sArr4[s7 + 3] = (short) ((b7 & DeviceInfos.NETWORK_TYPE_UNCONNECTED) >> 2);
                }
            }
        }
        for (int i8 = 0; i8 < 256; i8++) {
            sArr3[i8] = (short) ((((sArr3[i8] + sABEREngine.h2) - (sArr4[i8] << (10 - sABEREngine.SABER_ET))) & Settings.DEFAULT_INITIAL_WINDOW_SIZE) >> 9);
        }
        sABEREngine.utils.getClass();
        byte b8 = 0;
        while (true) {
            if (b8 >= 32) {
                break;
            }
            for (byte b9 = 0; b9 < 8; b9 = (byte) (b9 + 1)) {
                bArr5[b8] = (byte) (bArr5[b8] | ((sArr3[(b8 * 8) + b9] & 1) << b9));
            }
            b8 = (byte) (b8 + 1);
        }
        int i9 = 0;
        for (i = 32; i9 < i; i = 32) {
            bArr5[i9 + 32] = clone[(sABEREngine.SABER_SECRETKEYBYTES - 64) + i9];
            i9++;
        }
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        SHA3Digest sHA3Digest2 = new SHA3Digest(512);
        sHA3Digest2.absorb(bArr5, 0, 64);
        sHA3Digest2.doFinal(0, bArr6);
        sABEREngine.indcpa_kem_enc(bArr5, Arrays.copyOfRange(bArr6, 32, 64), copyOfRange, bArr4);
        long j = 0;
        for (int i10 = 0; i10 < sABEREngine.SABER_BYTES_CCA_DEC; i10++) {
            j |= bArr[i10] ^ bArr4[i10];
        }
        sHA3Digest.absorb(bArr, 0, sABEREngine.SABER_BYTES_CCA_DEC);
        int i11 = 32;
        sHA3Digest.doFinal(32, bArr6);
        int i12 = sABEREngine.SABER_SECRETKEYBYTES - 32;
        byte b10 = (byte) (-((byte) ((-j) >>> 63)));
        int i13 = 0;
        while (i13 < i11) {
            byte b11 = bArr6[i13];
            bArr6[i13] = (byte) (b11 ^ ((clone[i13 + i12] ^ b11) & b10));
            i13++;
            i11 = 32;
        }
        byte[] bArr7 = new byte[i11];
        sHA3Digest.absorb(bArr6, 0, 64);
        sHA3Digest.doFinal(0, bArr7);
        int i14 = sABEREngine.defaultKeySize / 8;
        byte[] bArr8 = bArr2;
        System.arraycopy(bArr7, 0, bArr8, 0, i14);
        return bArr8;
    }

    public final int getEncapsulationLength() {
        return this.engine.SABER_BYTES_CCA_DEC;
    }
}
