package org.bouncycastle.pqc.crypto.ntruprime;

import com.alipay.sdk.m.m.b$$ExternalSyntheticOutline0;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class NTRULPRimeKEMExtractor implements EncapsulatedSecretExtractor {
    public final NTRULPRimePrivateKeyParameters privateKey;

    public NTRULPRimeKEMExtractor(NTRULPRimePrivateKeyParameters nTRULPRimePrivateKeyParameters) {
        this.privateKey = nTRULPRimePrivateKeyParameters;
    }

    public final byte[] extractSecret(byte[] bArr) {
        NTRULPRimePrivateKeyParameters nTRULPRimePrivateKeyParameters = this.privateKey;
        NTRULPRimeParameters nTRULPRimeParameters = nTRULPRimePrivateKeyParameters.params;
        int i = nTRULPRimeParameters.p;
        int i2 = nTRULPRimeParameters.q;
        int i3 = nTRULPRimeParameters.w;
        int i4 = nTRULPRimeParameters.roundedPolynomialBytes;
        int i5 = nTRULPRimeParameters.tau0;
        int i6 = nTRULPRimeParameters.tau1;
        int i7 = nTRULPRimeParameters.tau2;
        int i8 = nTRULPRimeParameters.tau3;
        byte[] bArr2 = new byte[i];
        Utils.getDecodedSmallPolynomial(bArr2, nTRULPRimePrivateKeyParameters.getEncoded(), i);
        byte[] bArr3 = new byte[i4];
        System.arraycopy(bArr, 0, bArr3, 0, i4);
        short[] sArr = new short[i];
        Utils.getRoundedDecodedPolynomial(i, i2, bArr3, sArr);
        byte[] bArr4 = new byte[128];
        System.arraycopy(bArr, i4, bArr4, 0, 128);
        byte[] bArr5 = new byte[256];
        int i9 = 0;
        while (i9 < 128) {
            int i10 = i9 * 2;
            bArr5[i10] = (byte) (bArr4[i9] & 15);
            bArr5[i10 + 1] = (byte) (bArr4[i9] >>> 4);
            i9++;
            i6 = i6;
        }
        int i11 = i6;
        short[] sArr2 = new short[i];
        Utils.multiplicationInRQ(i, i2, bArr2, sArr2, sArr);
        int i12 = 256;
        byte[] bArr6 = new byte[256];
        int i13 = 0;
        while (i13 < i12) {
            bArr6[i13] = (byte) (-(-(Utils.getModFreeze(b$$ExternalSyntheticOutline0.m$1(i3, 4, Utils.getModFreeze((bArr5[i13] * i8) - i7, i2) - sArr2[i13], 1), i2) >>> 31)));
            i13++;
            i12 = 256;
            sArr2 = sArr2;
        }
        byte[] bArr7 = new byte[32];
        for (int i14 = 0; i14 < 256; i14++) {
            int i15 = i14 >>> 3;
            bArr7[i15] = (byte) (bArr7[i15] | (bArr6[i14] << (i14 & 7)));
        }
        int i16 = nTRULPRimeParameters.publicKeyBytes - 32;
        byte[] bArr8 = new byte[i16];
        System.arraycopy(Arrays.clone(this.privateKey.pk), 32, bArr8, 0, i16);
        short[] sArr3 = new short[i];
        Utils.getRoundedDecodedPolynomial(i, i2, bArr8, sArr3);
        byte[] bArr9 = new byte[32];
        System.arraycopy(Arrays.clone(this.privateKey.pk), 0, bArr9, 0, 32);
        short[] sArr4 = new short[i];
        Utils.generatePolynomialInRQFromSeed(i, i2, bArr9, sArr4);
        int[] iArr = new int[i];
        Utils.expand(Arrays.copyOfRange(Utils.getHashWithPrefix(new byte[]{5}, bArr7), 0, 32), iArr);
        byte[] bArr10 = new byte[i];
        Utils.sortGenerateShortPolynomial(i, i3, bArr10, iArr);
        short[] sArr5 = new short[i];
        Utils.multiplicationInRQ(i, i2, bArr10, sArr5, sArr4);
        short[] sArr6 = new short[i];
        Utils.roundPolynomial(sArr6, sArr5);
        Utils.getRoundedEncodedPolynomial(i, i2, new byte[i4], sArr6);
        short[] sArr7 = new short[i];
        Utils.multiplicationInRQ(i, i2, bArr10, sArr7, sArr3);
        Utils.top(new byte[256], sArr7, bArr6, i2, i5, i11);
        byte[] bArr11 = new byte[128];
        int i17 = 0;
        for (int i18 = 128; i17 < i18; i18 = 128) {
            int i19 = i17 * 2;
            bArr11[i17] = (byte) (bArr5[i19] + (bArr5[i19 + 1] << 4));
            i17++;
        }
        byte[] bArr12 = new byte[Arrays.clone(this.privateKey.hash).length + 32];
        System.arraycopy(bArr7, 0, bArr12, 0, 32);
        System.arraycopy(Arrays.clone(this.privateKey.hash), 0, bArr12, 32, Arrays.clone(this.privateKey.hash).length);
        byte[] hashWithPrefix = Utils.getHashWithPrefix(new byte[]{2}, bArr12);
        int i20 = i4 + 128;
        int i21 = i20 + 32;
        byte[] bArr13 = new byte[i21];
        System.arraycopy(bArr3, 0, bArr13, 0, i4);
        System.arraycopy(bArr4, 0, bArr13, i4, 128);
        System.arraycopy(hashWithPrefix, 0, bArr13, i20, 32);
        int i22 = java.util.Arrays.equals(bArr, bArr13) ? 0 : -1;
        byte[] clone = Arrays.clone(this.privateKey.rho);
        for (int i23 = 0; i23 < 32; i23++) {
            byte b = bArr7[i23];
            bArr7[i23] = (byte) (b ^ ((clone[i23] ^ b) & i22));
        }
        byte[] bArr14 = new byte[i21 + 32];
        System.arraycopy(bArr7, 0, bArr14, 0, 32);
        System.arraycopy(bArr13, 0, bArr14, 32, i21);
        return Arrays.copyOfRange(Utils.getHashWithPrefix(new byte[]{1}, bArr14), 0, (nTRULPRimeParameters.sharedKeyBytes * 8) / 8);
    }
}
