package org.bouncycastle.pqc.crypto.ntru;

import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.pqc.math.ntru.HPSPolynomial;
import org.bouncycastle.pqc.math.ntru.Polynomial;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPSParameterSet;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUParameterSet;
import org.bouncycastle.util.Arrays;

/* loaded from: classes8.dex */
public class NTRUKEMExtractor implements EncapsulatedSecretExtractor {

    /* renamed from: a, reason: collision with root package name */
    public final NTRUParameters f79690a;

    /* renamed from: a, reason: collision with other field name */
    public final NTRUPrivateKeyParameters f31962a;

    public NTRUKEMExtractor(NTRUPrivateKeyParameters nTRUPrivateKeyParameters) {
        this.f79690a = nTRUPrivateKeyParameters.getParameters();
        this.f31962a = nTRUPrivateKeyParameters;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public byte[] extractSecret(byte[] bArr) {
        NTRUParameterSet nTRUParameterSet = this.f79690a.f31964a;
        NTRUPrivateKeyParameters nTRUPrivateKeyParameters = this.f31962a;
        byte[] bArr2 = nTRUPrivateKeyParameters.f79696a;
        int ntruCiphertextBytes = nTRUParameterSet.ntruCiphertextBytes() + nTRUParameterSet.prfKeyBytes();
        byte[] bArr3 = new byte[ntruCiphertextBytes];
        byte[] bArr4 = nTRUPrivateKeyParameters.f79696a;
        int owcpaMsgBytes = nTRUParameterSet.owcpaMsgBytes();
        byte[] bArr5 = new byte[owcpaMsgBytes];
        Polynomial createPolynomial = nTRUParameterSet.createPolynomial();
        Polynomial createPolynomial2 = nTRUParameterSet.createPolynomial();
        Polynomial createPolynomial3 = nTRUParameterSet.createPolynomial();
        Polynomial createPolynomial4 = nTRUParameterSet.createPolynomial();
        createPolynomial.rqSumZeroFromBytes(bArr);
        createPolynomial2.s3FromBytes(bArr4);
        createPolynomial2.z3ToZq();
        createPolynomial3.rqMul(createPolynomial, createPolynomial2);
        createPolynomial2.rqToS3(createPolynomial3);
        createPolynomial3.s3FromBytes(Arrays.copyOfRange(bArr4, nTRUParameterSet.packTrinaryBytes(), bArr4.length));
        createPolynomial4.s3Mul(createPolynomial2, createPolynomial3);
        byte[] s3ToBytes = createPolynomial4.s3ToBytes(owcpaMsgBytes - nTRUParameterSet.packTrinaryBytes());
        int i4 = 0;
        int i5 = ((((~((short) (bArr[nTRUParameterSet.ntruCiphertextBytes() - 1] & (255 << (8 - ((nTRUParameterSet.packDegree() * nTRUParameterSet.logQ()) & 7)))))) + 1) >>> 15) & 1) | 0;
        if (nTRUParameterSet instanceof NTRUHPSParameterSet) {
            HPSPolynomial hPSPolynomial = (HPSPolynomial) createPolynomial4;
            short s10 = 0;
            short s11 = 0;
            while (i4 < nTRUParameterSet.n() - 1) {
                short s12 = hPSPolynomial.coeffs[i4];
                i4++;
                s10 = (short) (s10 + (s12 & 2));
                s11 = (short) (s11 + (s12 & 1));
                hPSPolynomial = hPSPolynomial;
            }
            i5 |= (((~((((s10 >>> 1) ^ s11) | 0) | (((NTRUHPSParameterSet) nTRUParameterSet).weight() ^ s10))) + 1) >>> 31) & 1;
        }
        createPolynomial2.lift(createPolynomial4);
        int i10 = 0;
        while (i10 < nTRUParameterSet.n()) {
            short[] sArr = createPolynomial.coeffs;
            sArr[i10] = (short) (sArr[i10] - createPolynomial2.coeffs[i10]);
            i10++;
            ntruCiphertextBytes = ntruCiphertextBytes;
        }
        int i11 = ntruCiphertextBytes;
        createPolynomial3.sqFromBytes(Arrays.copyOfRange(bArr4, nTRUParameterSet.packTrinaryBytes() * 2, bArr4.length));
        createPolynomial4.sqMul(createPolynomial, createPolynomial3);
        int i12 = 0;
        for (int i13 = 0; i13 < nTRUParameterSet.n() - 1; i13++) {
            short s13 = createPolynomial4.coeffs[i13];
            i12 = i12 | ((s13 + 1) & (nTRUParameterSet.q() - 4)) | ((s13 + 2) & 4);
        }
        int i14 = ((((~(createPolynomial4.coeffs[nTRUParameterSet.n() - 1] | i12)) + 1) >>> 31) & 1) | i5;
        createPolynomial4.trinaryZqToZ3();
        byte[] s3ToBytes2 = createPolynomial4.s3ToBytes(nTRUParameterSet.owcpaMsgBytes());
        System.arraycopy(s3ToBytes2, 0, bArr5, 0, s3ToBytes2.length);
        System.arraycopy(s3ToBytes, 0, bArr5, nTRUParameterSet.packTrinaryBytes(), s3ToBytes.length);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        int digestSize = sHA3Digest.getDigestSize();
        byte[] bArr6 = new byte[digestSize];
        sHA3Digest.update(bArr5, 0, bArr5.length);
        sHA3Digest.doFinal(bArr6, 0);
        for (int i15 = 0; i15 < nTRUParameterSet.prfKeyBytes(); i15++) {
            bArr3[i15] = bArr2[nTRUParameterSet.owcpaSecretKeyBytes() + i15];
        }
        for (int i16 = 0; i16 < nTRUParameterSet.ntruCiphertextBytes(); i16++) {
            bArr3[nTRUParameterSet.prfKeyBytes() + i16] = bArr[i16];
        }
        sHA3Digest.reset();
        sHA3Digest.update(bArr3, 0, i11);
        sHA3Digest.doFinal(bArr5, 0);
        byte b3 = (byte) ((~((byte) i14)) + 1);
        for (int i17 = 0; i17 < digestSize; i17++) {
            byte b10 = bArr6[i17];
            bArr6[i17] = (byte) (b10 ^ ((bArr5[i17] ^ b10) & b3));
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr6, 0, nTRUParameterSet.sharedKeyBytes());
        Arrays.clear(bArr6);
        return copyOfRange;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public int getEncapsulationLength() {
        return this.f79690a.f31964a.ntruCiphertextBytes();
    }
}
