package org.bouncycastle.pqc.crypto.ntru;

import com.tencent.android.tpush.common.Constants;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.pqc.math.ntru.HPSPolynomial;
import org.bouncycastle.pqc.math.ntru.Polynomial;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPSParameterSet;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUParameterSet;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class NTRUKEMExtractor implements EncapsulatedSecretExtractor {
    public final NTRUPrivateKeyParameters ntruPrivateKey;
    public final NTRUParameters params;

    public NTRUKEMExtractor(NTRUPrivateKeyParameters nTRUPrivateKeyParameters) {
        this.params = nTRUPrivateKeyParameters.params;
        this.ntruPrivateKey = nTRUPrivateKeyParameters;
    }

    public final byte[] extractSecret(byte[] bArr) {
        byte[] bArr2;
        NTRUParameterSet nTRUParameterSet;
        int i;
        NTRUParameterSet nTRUParameterSet2;
        NTRUParameterSet nTRUParameterSet3 = this.params.parameterSet;
        byte[] bArr3 = this.ntruPrivateKey.privateKey;
        int ntruCiphertextBytes = nTRUParameterSet3.ntruCiphertextBytes() + nTRUParameterSet3.prfKeyBytes;
        byte[] bArr4 = new byte[ntruCiphertextBytes];
        NTRUOWCPA ntruowcpa = new NTRUOWCPA(nTRUParameterSet3);
        byte[] bArr5 = this.ntruPrivateKey.privateKey;
        int packTrinaryBytes = nTRUParameterSet3.packTrinaryBytes() * 2;
        byte[] bArr6 = new byte[packTrinaryBytes];
        Polynomial createPolynomial = nTRUParameterSet3.createPolynomial();
        Polynomial createPolynomial2 = nTRUParameterSet3.createPolynomial();
        Polynomial createPolynomial3 = nTRUParameterSet3.createPolynomial();
        Polynomial createPolynomial4 = nTRUParameterSet3.createPolynomial();
        createPolynomial.rqSumZeroFromBytes(bArr);
        createPolynomial2.s3FromBytes(bArr5);
        createPolynomial2.z3ToZq();
        createPolynomial3.rqMul(createPolynomial, createPolynomial2);
        int length = createPolynomial2.coeffs.length;
        int i2 = 0;
        while (i2 < length) {
            short[] sArr = createPolynomial2.coeffs;
            int i3 = length;
            int i4 = createPolynomial3.coeffs[i2] & Constants.PROTOCOL_NONE;
            int i5 = ntruCiphertextBytes;
            int i6 = createPolynomial2.params.logQ;
            short s = (short) (i4 % (1 << i6));
            sArr[i2] = s;
            sArr[i2] = (short) (s + (((short) (s >>> (i6 - 1))) << (1 - (i6 & 1))));
            i2++;
            length = i3;
            ntruCiphertextBytes = i5;
            bArr4 = bArr4;
        }
        byte[] bArr7 = bArr4;
        int i7 = ntruCiphertextBytes;
        createPolynomial2.mod3PhiN();
        createPolynomial3.s3FromBytes(Arrays.copyOfRange(bArr5, ntruowcpa.params.packTrinaryBytes(), bArr5.length));
        createPolynomial4.rqMul(createPolynomial2, createPolynomial3);
        createPolynomial4.mod3PhiN();
        byte[] s3ToBytes = createPolynomial4.s3ToBytes(packTrinaryBytes - ntruowcpa.params.packTrinaryBytes());
        short s2 = bArr[ntruowcpa.params.ntruCiphertextBytes() - 1];
        NTRUParameterSet nTRUParameterSet4 = ntruowcpa.params;
        int i8 = ((((~((short) (s2 & (255 << (8 - (((nTRUParameterSet4.n - 1) * nTRUParameterSet4.logQ) & 7)))))) + 1) >>> 15) & 1) | 0;
        if (nTRUParameterSet4 instanceof NTRUHPSParameterSet) {
            HPSPolynomial hPSPolynomial = (HPSPolynomial) createPolynomial4;
            int i9 = 0;
            short s3 = 0;
            short s4 = 0;
            while (true) {
                nTRUParameterSet2 = ntruowcpa.params;
                bArr2 = bArr3;
                if (i9 >= nTRUParameterSet2.n - 1) {
                    break;
                }
                short s5 = hPSPolynomial.coeffs[i9];
                s3 = (short) (s3 + (s5 & 2));
                i9++;
                s4 = (short) (s4 + (s5 & 1));
                bArr3 = bArr2;
            }
            i8 |= (((~(((((1 << ((NTRUHPSParameterSet) nTRUParameterSet2).logQ) / 8) - 2) ^ s3) | (((s3 >>> 1) ^ s4) | 0))) + 1) >>> 31) & 1;
        } else {
            bArr2 = bArr3;
        }
        createPolynomial2.lift(createPolynomial4);
        int i10 = 0;
        while (true) {
            nTRUParameterSet = ntruowcpa.params;
            if (i10 >= nTRUParameterSet.n) {
                break;
            }
            short[] sArr2 = createPolynomial.coeffs;
            sArr2[i10] = (short) (sArr2[i10] - createPolynomial2.coeffs[i10]);
            i10++;
        }
        createPolynomial3.sqFromBytes(Arrays.copyOfRange(bArr5, nTRUParameterSet.packTrinaryBytes() * 2, bArr5.length));
        createPolynomial4.rqMul(createPolynomial, createPolynomial3);
        int i11 = createPolynomial4.params.n;
        for (int i12 = 0; i12 < i11; i12++) {
            short[] sArr3 = createPolynomial4.coeffs;
            sArr3[i12] = (short) (sArr3[i12] - sArr3[i11 - 1]);
        }
        int i13 = 0;
        int i14 = 0;
        while (true) {
            i = ntruowcpa.params.n - 1;
            if (i13 >= i) {
                break;
            }
            short s6 = createPolynomial4.coeffs[i13];
            i14 = i14 | (((1 << r5.logQ) - 4) & (s6 + 1)) | ((s6 + 2) & 4);
            i13++;
        }
        short[] sArr4 = createPolynomial4.coeffs;
        int i15 = ((((~(i14 | sArr4[i])) + 1) >>> 31) & 1) | i8;
        int length2 = sArr4.length;
        for (int i16 = 0; i16 < length2; i16++) {
            short[] sArr5 = createPolynomial4.coeffs;
            int i17 = sArr5[i16] & Constants.PROTOCOL_NONE;
            int i18 = createPolynomial4.params.logQ;
            short s7 = (short) (i17 % (1 << i18));
            sArr5[i16] = s7;
            sArr5[i16] = (short) ((s7 ^ (s7 >>> (i18 - 1))) & 3);
        }
        byte[] s3ToBytes2 = createPolynomial4.s3ToBytes(ntruowcpa.params.packTrinaryBytes() * 2);
        System.arraycopy(s3ToBytes2, 0, bArr6, 0, s3ToBytes2.length);
        System.arraycopy(s3ToBytes, 0, bArr6, ntruowcpa.params.packTrinaryBytes(), s3ToBytes.length);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        int i19 = sHA3Digest.fixedOutputLength / 8;
        byte[] bArr8 = new byte[i19];
        sHA3Digest.absorb(bArr6, 0, packTrinaryBytes);
        sHA3Digest.doFinal(0, bArr8);
        for (int i20 = 0; i20 < nTRUParameterSet3.prfKeyBytes; i20++) {
            bArr7[i20] = bArr2[((((nTRUParameterSet3.n - 1) * nTRUParameterSet3.logQ) + 7) / 8) + (nTRUParameterSet3.packTrinaryBytes() * 2) + i20];
        }
        for (int i21 = 0; i21 < nTRUParameterSet3.ntruCiphertextBytes(); i21++) {
            bArr7[nTRUParameterSet3.prfKeyBytes + i21] = bArr[i21];
        }
        sHA3Digest.reset();
        sHA3Digest.absorb(bArr7, 0, i7);
        sHA3Digest.doFinal(0, bArr6);
        byte b = (byte) ((~((byte) i15)) + 1);
        for (int i22 = 0; i22 < i19; i22++) {
            byte b2 = bArr8[i22];
            bArr8[i22] = (byte) (b2 ^ ((bArr6[i22] ^ b2) & b));
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr8, 0, nTRUParameterSet3.sharedKeyBytes);
        Arrays.clear(bArr8);
        return copyOfRange;
    }
}
