package org.bouncycastle.pqc.crypto.crystals.kyber;

import com.contentsquare.android.api.Currencies;
import com.google.common.base.Ascii;
import nf.a;
import nf.b;
import nf.d;
import nf.e;
import nf.f;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.util.Arrays;

/* loaded from: classes8.dex */
public class KyberKEMExtractor implements EncapsulatedSecretExtractor {

    /* renamed from: a, reason: collision with root package name */
    public a f79600a;

    /* renamed from: a, reason: collision with other field name */
    public final KyberPrivateKeyParameters f31907a;

    public KyberKEMExtractor(KyberPrivateKeyParameters kyberPrivateKeyParameters) {
        this.f31907a = kyberPrivateKeyParameters;
        KyberParameters parameters = kyberPrivateKeyParameters.getParameters();
        this.f79600a = new a(parameters.f79605a, parameters.f31910a);
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public byte[] extractSecret(byte[] bArr) {
        a aVar;
        byte[] bArr2;
        byte[] bArr3;
        b bVar;
        d dVar;
        a aVar2 = this.f79600a;
        byte[] privateKey = this.f31907a.getPrivateKey();
        aVar2.getClass();
        byte[] bArr4 = new byte[64];
        byte[] bArr5 = new byte[64];
        byte[] copyOfRange = Arrays.copyOfRange(privateKey, aVar2.g, privateKey.length);
        b bVar2 = aVar2.f29819a;
        a aVar3 = bVar2.f29821a;
        e eVar = new e(aVar3);
        e eVar2 = new e(aVar3);
        short[] sArr = new short[256];
        d dVar2 = new d(aVar3);
        int i4 = aVar3.f76968d;
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 0, i4);
        int i5 = eVar.f76984a;
        int i10 = i5 * Currencies.GTQ;
        d[] dVarArr = eVar.f29826a;
        if (i4 == i10) {
            short[] sArr2 = new short[4];
            int i11 = 0;
            int i12 = 0;
            while (i11 < i5) {
                byte[] bArr6 = bArr5;
                b bVar3 = bVar2;
                int i13 = 0;
                for (int i14 = 64; i13 < i14; i14 = 64) {
                    int i15 = (copyOfRange2[i12] & 255) >> 0;
                    a aVar4 = aVar2;
                    int i16 = copyOfRange2[i12 + 1] & 255;
                    byte[] bArr7 = bArr4;
                    sArr2[0] = (short) (((short) (i16 << 8)) | i15);
                    int i17 = copyOfRange2[i12 + 2] & 255;
                    sArr2[1] = (short) ((i16 >> 2) | ((short) (i17 << 6)));
                    int i18 = copyOfRange2[i12 + 3] & 255;
                    sArr2[2] = (short) ((i17 >> 4) | ((short) (i18 << 4)));
                    sArr2[3] = (short) ((i18 >> 6) | ((short) ((copyOfRange2[i12 + 4] & 255) << 2)));
                    i12 += 5;
                    int i19 = 0;
                    while (i19 < 4) {
                        d dVar3 = dVarArr[i11];
                        d dVar4 = dVar2;
                        dVar3.f29824a[(i13 * 4) + i19] = (short) ((((sArr2[i19] & 1023) * 3329) + 512) >> 10);
                        i19++;
                        dVar2 = dVar4;
                    }
                    i13++;
                    bArr4 = bArr7;
                    aVar2 = aVar4;
                }
                i11++;
                bVar2 = bVar3;
                bArr5 = bArr6;
            }
            aVar = aVar2;
            bArr2 = bArr4;
            bArr3 = bArr5;
            bVar = bVar2;
            dVar = dVar2;
        } else {
            aVar = aVar2;
            bArr2 = bArr4;
            bArr3 = bArr5;
            bVar = bVar2;
            dVar = dVar2;
            if (i4 != i5 * Currencies.ISK) {
                throw new RuntimeException("Kyber PolyVecCompressedBytes neither 320 * KyberK or 352 * KyberK!");
            }
            short[] sArr3 = new short[8];
            int i20 = 0;
            for (int i21 = 0; i21 < i5; i21++) {
                int i22 = 0;
                while (i22 < 32) {
                    int i23 = (copyOfRange2[i20] & 255) >> 0;
                    int i24 = copyOfRange2[i20 + 1] & 255;
                    sArr3[0] = (short) (i23 | (((short) i24) << 8));
                    int i25 = copyOfRange2[i20 + 2] & 255;
                    sArr3[1] = (short) ((i24 >> 3) | (((short) i25) << 5));
                    int i26 = (i25 >> 6) | (((short) (copyOfRange2[i20 + 3] & 255)) << 2);
                    int i27 = copyOfRange2[i20 + 4] & 255;
                    sArr3[2] = (short) (i26 | ((short) (i27 << 10)));
                    int i28 = i27 >> 1;
                    int i29 = copyOfRange2[i20 + 5] & 255;
                    sArr3[3] = (short) (i28 | (((short) i29) << 7));
                    int i30 = copyOfRange2[i20 + 6] & 255;
                    int i31 = i5;
                    sArr3[4] = (short) ((i29 >> 4) | (((short) i30) << 4));
                    int i32 = (i30 >> 7) | (((short) (copyOfRange2[i20 + 7] & 255)) << 1);
                    int i33 = copyOfRange2[i20 + 8] & 255;
                    sArr3[5] = (short) (i32 | ((short) (i33 << 9)));
                    int i34 = i33 >> 2;
                    int i35 = copyOfRange2[i20 + 9] & 255;
                    sArr3[6] = (short) (i34 | (((short) i35) << 6));
                    sArr3[7] = (short) ((i35 >> 5) | (((short) (copyOfRange2[i20 + 10] & 255)) << 3));
                    i20 += 11;
                    for (int i36 = 0; i36 < 8; i36++) {
                        d dVar5 = dVarArr[i21];
                        dVar5.f29824a[(i22 * 8) + i36] = (short) ((((sArr3[i36] & 2047) * 3329) + 1024) >> 11);
                    }
                    i22++;
                    i5 = i31;
                }
            }
        }
        byte[] copyOfRange3 = Arrays.copyOfRange(bArr, i4, bArr.length);
        int i37 = aVar3.f76967c;
        if (i37 == 128) {
            int i38 = 0;
            for (int i39 = 0; i39 < 128; i39++) {
                int i40 = i39 * 2;
                int i41 = copyOfRange3[i38] & 255;
                sArr[i40 + 0] = (short) (((((short) (i41 & 15)) * 3329) + 8) >> 4);
                sArr[i40 + 1] = (short) (((((short) (i41 >> 4)) * 3329) + 8) >> 4);
                i38++;
            }
        } else {
            if (i37 != 160) {
                throw new RuntimeException("PolyCompressedBytes is neither 128 or 160!");
            }
            byte[] bArr8 = new byte[8];
            int i42 = 0;
            for (int i43 = 0; i43 < 32; i43++) {
                int i44 = i42 + 0;
                bArr8[0] = (byte) ((copyOfRange3[i44] & 255) >> 0);
                int i45 = i42 + 1;
                bArr8[1] = (byte) (((copyOfRange3[i44] & 255) >> 5) | ((copyOfRange3[i45] & 255) << 3));
                bArr8[2] = (byte) ((copyOfRange3[i45] & 255) >> 2);
                int i46 = (copyOfRange3[i45] & 255) >> 7;
                int i47 = i42 + 2;
                bArr8[3] = (byte) (i46 | ((copyOfRange3[i47] & 255) << 1));
                int i48 = i42 + 3;
                bArr8[4] = (byte) (((copyOfRange3[i47] & 255) >> 4) | ((copyOfRange3[i48] & 255) << 4));
                bArr8[5] = (byte) ((copyOfRange3[i48] & 255) >> 1);
                int i49 = (copyOfRange3[i48] & 255) >> 6;
                int i50 = i42 + 4;
                bArr8[6] = (byte) (i49 | ((copyOfRange3[i50] & 255) << 2));
                bArr8[7] = (byte) ((copyOfRange3[i50] & 255) >> 3);
                i42 += 5;
                for (int i51 = 0; i51 < 8; i51++) {
                    sArr[(i43 * 8) + i51] = (short) ((((bArr8[i51] & Ascii.US) * 3329) + 16) >> 5);
                }
            }
        }
        eVar2.a(privateKey);
        eVar.c();
        d dVar6 = dVar;
        e.b(dVar6, eVar2, eVar, aVar3);
        dVar6.e();
        for (int i52 = 0; i52 < 256; i52++) {
            short s10 = sArr[i52];
            short[] sArr4 = dVar6.f29824a;
            sArr4[i52] = (short) (s10 - sArr4[i52]);
        }
        dVar6.f();
        byte[] bArr9 = new byte[32];
        dVar6.c();
        int i53 = 0;
        for (int i54 = 32; i53 < i54; i54 = 32) {
            bArr9[i53] = 0;
            for (int i55 = 0; i55 < 8; i55++) {
                bArr9[i53] = (byte) (((byte) (((short) (((((short) (dVar6.f29824a[(i53 * 8) + i55] << 1)) + 1664) / 3329) & 1)) << i55)) | bArr9[i53]);
            }
            i53++;
        }
        byte[] bArr10 = bArr2;
        System.arraycopy(bArr9, 0, bArr10, 0, 32);
        a aVar5 = aVar;
        int i56 = aVar5.f76972j;
        System.arraycopy(privateKey, i56 - 64, bArr10, 32, 32);
        f fVar = aVar5.f29820a;
        byte[] bArr11 = bArr3;
        fVar.a(bArr11, bArr10);
        boolean z2 = !Arrays.constantTimeAreEqual(bArr, bVar.a(Arrays.copyOfRange(bArr10, 0, 32), copyOfRange, Arrays.copyOfRange(bArr11, 32, 64)));
        fVar.b(32, bArr11, bArr);
        byte[] copyOfRange4 = Arrays.copyOfRange(privateKey, i56 - 32, i56);
        if (z2) {
            System.arraycopy(copyOfRange4, 0, bArr11, 0, 32);
        } else {
            System.arraycopy(bArr11, 0, bArr11, 0, 32);
        }
        byte[] bArr12 = new byte[aVar5.f76974l];
        fVar.c(bArr12, bArr11);
        return bArr12;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public int getEncapsulationLength() {
        return this.f79600a.f76973k;
    }
}
