package org.bouncycastle.pqc.crypto.cmce;

import com.tencent.tpns.dataacquisition.DeviceInfos;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHAKEDigest;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes4.dex */
public class CMCEKEMExtractor implements EncapsulatedSecretExtractor {
    public CMCEEngine engine;
    public CMCEPrivateKeyParameters key;

    public CMCEKEMExtractor(CMCEPrivateKeyParameters cMCEPrivateKeyParameters) {
        byte[] bArr;
        int i;
        int i2;
        this.key = cMCEPrivateKeyParameters;
        this.engine = cMCEPrivateKeyParameters.params.engine;
        if (Arrays.clone(cMCEPrivateKeyParameters.privateKey).length < this.engine.getPrivateKeySize()) {
            CMCEParameters cMCEParameters = cMCEPrivateKeyParameters.params;
            CMCEEngine cMCEEngine = this.engine;
            byte[] clone = Arrays.clone(cMCEPrivateKeyParameters.privateKey);
            byte[] bArr2 = new byte[cMCEEngine.getPrivateKeySize()];
            System.arraycopy(clone, 0, bArr2, 0, clone.length);
            int i3 = ((1 << cMCEEngine.GFBITS) * 4) + (cMCEEngine.SYS_N / 8) + cMCEEngine.IRR_BYTES + 32;
            byte[] bArr3 = new byte[i3];
            SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
            sHAKEDigest.update((byte) 64);
            sHAKEDigest.absorb(clone, 0, 32);
            sHAKEDigest.doFinal(bArr3, 0, i3);
            if (clone.length <= 40) {
                short[] sArr = new short[cMCEEngine.SYS_T];
                int i4 = cMCEEngine.IRR_BYTES;
                byte[] bArr4 = new byte[i4];
                int i5 = (i3 - 32) - i4;
                for (int i6 = 0; i6 < cMCEEngine.SYS_T; i6++) {
                    sArr[i6] = (short) (Pack.littleEndianToShort((i6 * 2) + i5, bArr3) & cMCEEngine.GFMASK);
                }
                cMCEEngine.generate_irr_poly(sArr);
                for (int i7 = 0; i7 < cMCEEngine.SYS_T; i7++) {
                    int i8 = i7 * 2;
                    short s = sArr[i7];
                    bArr4[i8 + 0] = (byte) (s & 255);
                    bArr4[i8 + 1] = (byte) (s >> 8);
                }
                System.arraycopy(bArr4, 0, bArr2, 40, cMCEEngine.IRR_BYTES);
            }
            int length = clone.length;
            int i9 = cMCEEngine.IRR_BYTES;
            if (length <= i9 + 40) {
                int i10 = 1 << cMCEEngine.GFBITS;
                int[] iArr = new int[i10];
                short[] sArr2 = new short[i10];
                int i11 = ((i3 - 32) - i9) - (i10 * 4);
                int i12 = 0;
                while (true) {
                    i2 = 1 << cMCEEngine.GFBITS;
                    if (i12 >= i2) {
                        break;
                    }
                    iArr[i12] = Pack.littleEndianToInt((i12 * 4) + i11, bArr3);
                    i12++;
                }
                if (cMCEEngine.usePivots) {
                    cMCEEngine.pk_gen(null, bArr2, iArr, sArr2, new long[]{0});
                    bArr = bArr3;
                } else {
                    long[] jArr = new long[i2];
                    int i13 = 0;
                    for (int i14 = 1; i13 < (i14 << cMCEEngine.GFBITS); i14 = 1) {
                        long j = iArr[i13];
                        jArr[i13] = j;
                        long j2 = j << 31;
                        jArr[i13] = j2;
                        long j3 = j2 | i13;
                        jArr[i13] = j3;
                        jArr[i13] = j3 & Long.MAX_VALUE;
                        i13++;
                        bArr3 = bArr3;
                    }
                    bArr = bArr3;
                    CMCEEngine.sort64(jArr, i2);
                    for (int i15 = 0; i15 < (1 << cMCEEngine.GFBITS); i15++) {
                        sArr2[i15] = (short) (jArr[i15] & cMCEEngine.GFMASK);
                    }
                }
                int i16 = cMCEEngine.COND_BYTES;
                byte[] bArr5 = new byte[i16];
                CMCEEngine.controlbitsfrompermutation(bArr5, sArr2, cMCEEngine.GFBITS, 1 << r5);
                i = 0;
                System.arraycopy(bArr5, 0, bArr2, cMCEEngine.IRR_BYTES + 40, i16);
            } else {
                bArr = bArr3;
                i = 0;
            }
            int privateKeySize = cMCEEngine.getPrivateKeySize();
            int i17 = cMCEEngine.SYS_N / 8;
            System.arraycopy(bArr, i, bArr2, privateKeySize - i17, i17);
            this.key = new CMCEPrivateKeyParameters(cMCEParameters, bArr2);
        }
    }

    public final byte[] extractSecret(byte[] bArr) {
        int i;
        int i2;
        int i3;
        CMCEEngine cMCEEngine = this.engine;
        int i4 = cMCEEngine.defaultKeySize / 8;
        byte[] bArr2 = new byte[i4];
        byte[] clone = Arrays.clone(this.key.privateKey);
        byte[] bArr3 = new byte[32];
        int i5 = cMCEEngine.SYS_N;
        int i6 = i5 / 8;
        byte[] bArr4 = new byte[i6];
        int i7 = cMCEEngine.usePadding ? ((byte) ((((byte) (((byte) ((bArr[cMCEEngine.SYND_BYTES - 1] & DeviceInfos.NETWORK_TYPE_UNCONNECTED) >>> (cMCEEngine.PK_NROWS % 8))) - 1)) & DeviceInfos.NETWORK_TYPE_UNCONNECTED) >>> 7)) - 1 : 0;
        int i8 = cMCEEngine.SYS_T;
        int i9 = i8 + 1;
        short[] sArr = new short[i9];
        short[] sArr2 = new short[i5];
        int i10 = i8 * 2;
        short[] sArr3 = new short[i10];
        short[] sArr4 = new short[i10];
        short[] sArr5 = new short[i9];
        short[] sArr6 = new short[i5];
        byte[] bArr5 = new byte[i6];
        int i11 = i7;
        int i12 = 0;
        while (true) {
            i = cMCEEngine.SYND_BYTES;
            if (i12 >= i) {
                break;
            }
            bArr5[i12] = bArr[i12];
            i12++;
        }
        while (i < cMCEEngine.SYS_N / 8) {
            bArr5[i] = 0;
            i++;
        }
        int i13 = 0;
        while (true) {
            i2 = cMCEEngine.SYS_T;
            if (i13 >= i2) {
                break;
            }
            sArr[i13] = (short) (cMCEEngine.GFMASK & Pack.littleEndianToShort((i13 * 2) + 40, clone));
            i13++;
            i4 = i4;
        }
        int i14 = i4;
        sArr[i2] = 1;
        cMCEEngine.benes.support_gen(clone, sArr2);
        cMCEEngine.synd(sArr3, sArr, sArr2, bArr5);
        int i15 = cMCEEngine.SYS_T + 1;
        short[] sArr7 = new short[i15];
        short[] sArr8 = new short[i15];
        short[] sArr9 = new short[i15];
        for (int i16 = 0; i16 < cMCEEngine.SYS_T + 1; i16++) {
            sArr9[i16] = 0;
            sArr8[i16] = 0;
        }
        sArr8[0] = 1;
        sArr9[1] = 1;
        short s = 1;
        short s2 = 0;
        short s3 = 0;
        while (s2 < cMCEEngine.SYS_T * 2) {
            byte[] bArr6 = bArr3;
            int i17 = i6;
            int i18 = 0;
            short s4 = 0;
            while (true) {
                int i19 = cMCEEngine.SYS_T;
                if (s2 < i19) {
                    i19 = s2;
                }
                if (i18 > i19) {
                    break;
                }
                s4 = (short) (s4 ^ cMCEEngine.gf.gf_mul(sArr8[i18], sArr3[s2 - i18]));
                i18++;
                sArr4 = sArr4;
                sArr = sArr;
            }
            short[] sArr10 = sArr4;
            short[] sArr11 = sArr;
            short s5 = (short) (((short) (((short) (((short) (s4 - 1)) >> 15)) & 1)) - 1);
            short s6 = (short) (((short) (((short) (((short) (((short) (s2 - (s3 * 2))) >> 15)) & 1)) - 1)) & s5);
            for (int i20 = 0; i20 <= cMCEEngine.SYS_T; i20++) {
                sArr7[i20] = sArr8[i20];
            }
            short s7 = s;
            short gf_frac = cMCEEngine.gf.gf_frac(s7, s4);
            short[] sArr12 = sArr3;
            byte[] bArr7 = bArr4;
            int i21 = 0;
            while (i21 <= cMCEEngine.SYS_T) {
                sArr8[i21] = (short) ((cMCEEngine.gf.gf_mul(gf_frac, sArr9[i21]) & s5) ^ sArr8[i21]);
                i21++;
                sArr6 = sArr6;
                sArr2 = sArr2;
            }
            short[] sArr13 = sArr6;
            short[] sArr14 = sArr2;
            int i22 = ~s6;
            int i23 = s2 + 1;
            s3 = (short) (((i23 - s3) & s6) | (s3 & i22));
            int i24 = 0;
            while (true) {
                i3 = cMCEEngine.SYS_T;
                if (i24 > i3) {
                    break;
                }
                sArr9[i24] = (short) ((sArr9[i24] & i22) | (sArr7[i24] & s6));
                i24++;
            }
            short s8 = (short) ((i22 & s7) | (s4 & s6));
            while (i3 >= 1) {
                int i25 = i3 - 1;
                sArr9[i3] = sArr9[i25];
                i3 = i25;
            }
            sArr9[0] = 0;
            s2 = (short) i23;
            sArr3 = sArr12;
            bArr3 = bArr6;
            i6 = i17;
            sArr4 = sArr10;
            bArr4 = bArr7;
            sArr = sArr11;
            sArr6 = sArr13;
            sArr2 = sArr14;
            s = s8;
        }
        short[] sArr15 = sArr3;
        byte[] bArr8 = bArr3;
        short[] sArr16 = sArr6;
        int i26 = i6;
        byte[] bArr9 = bArr4;
        short[] sArr17 = sArr4;
        short[] sArr18 = sArr;
        short[] sArr19 = sArr2;
        int i27 = 0;
        while (true) {
            int i28 = cMCEEngine.SYS_T;
            if (i27 > i28) {
                break;
            }
            sArr5[i27] = sArr8[i28 - i27];
            i27++;
        }
        for (int i29 = 0; i29 < cMCEEngine.SYS_N; i29++) {
            short s9 = sArr19[i29];
            int i30 = cMCEEngine.SYS_T;
            short s10 = sArr5[i30];
            while (true) {
                i30--;
                if (i30 >= 0) {
                    short gf_mul = cMCEEngine.gf.gf_mul(s10, s9);
                    GF gf = cMCEEngine.gf;
                    short s11 = sArr5[i30];
                    gf.getClass();
                    s10 = (short) (gf_mul ^ s11);
                }
            }
            sArr16[i29] = s10;
        }
        for (int i31 = 0; i31 < cMCEEngine.SYS_N / 8; i31++) {
            bArr9[i31] = 0;
        }
        int i32 = 0;
        for (int i33 = 0; i33 < cMCEEngine.SYS_N; i33++) {
            GF gf2 = cMCEEngine.gf;
            short s12 = sArr16[i33];
            gf2.getClass();
            short s13 = (short) (((short) ((s12 - 1) >>> 19)) & 1);
            int i34 = i33 / 8;
            bArr9[i34] = (byte) (bArr9[i34] | (s13 << (i33 % 8)));
            i32 += s13;
        }
        cMCEEngine.synd(sArr17, sArr18, sArr19, bArr9);
        int i35 = i32 ^ cMCEEngine.SYS_T;
        for (int i36 = 0; i36 < cMCEEngine.SYS_T * 2; i36++) {
            i35 |= sArr15[i36] ^ sArr17[i36];
        }
        byte b = (byte) ((((i35 - 1) >> 15) & 1) ^ 1);
        SHAKEDigest sHAKEDigest = new SHAKEDigest(256);
        sHAKEDigest.update((byte) 2);
        sHAKEDigest.absorb(bArr9, 0, i26);
        sHAKEDigest.doFinal(bArr8, 0, 32);
        int i37 = 0;
        byte b2 = 0;
        for (int i38 = 32; i37 < i38; i38 = 32) {
            b2 = (byte) (b2 | (bArr8[i37] ^ bArr[cMCEEngine.SYND_BYTES + i37]));
            i37++;
        }
        short s14 = (short) (((short) (((short) (((short) (b | b2)) - 1)) >> 8)) & 255);
        int i39 = cMCEEngine.SYND_BYTES + 32 + (cMCEEngine.SYS_N / 8) + 1;
        byte[] bArr10 = new byte[i39];
        bArr10[0] = (byte) (s14 & 1);
        int i40 = 0;
        while (i40 < cMCEEngine.SYS_N / 8) {
            int i41 = i40 + 1;
            bArr10[i41] = (byte) ((bArr9[i40] & s14) | ((~s14) & clone[i40 + 40 + cMCEEngine.IRR_BYTES + cMCEEngine.COND_BYTES]));
            i40 = i41;
        }
        for (int i42 = 0; i42 < cMCEEngine.SYND_BYTES + 32; i42++) {
            bArr10[(cMCEEngine.SYS_N / 8) + 1 + i42] = bArr[i42];
        }
        SHAKEDigest sHAKEDigest2 = new SHAKEDigest(256);
        sHAKEDigest2.absorb(bArr10, 0, i39);
        sHAKEDigest2.doFinal(bArr2, 0, i14);
        if (cMCEEngine.usePadding) {
            byte b3 = (byte) i11;
            for (int i43 = 0; i43 < i14; i43++) {
                bArr2[i43] = (byte) (bArr2[i43] | b3);
            }
        }
        return bArr2;
    }

    public final int getEncapsulationLength() {
        return this.engine.SYND_BYTES + 32;
    }
}
