package org.bouncycastle.pqc.crypto.ntru;

import kotlin.UShort;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.pqc.math.ntru.HPSPolynomial;
import org.bouncycastle.pqc.math.ntru.Polynomial;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPSParameterSet;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUParameterSet;
import org.bouncycastle.util.Arrays;

/* loaded from: classes5.dex */
public class NTRUKEMExtractor implements EncapsulatedSecretExtractor {

    /* renamed from: a, reason: collision with root package name */
    public final NTRUParameters f61495a;

    /* renamed from: b, reason: collision with root package name */
    public final NTRUPrivateKeyParameters f61496b;

    public NTRUKEMExtractor(NTRUPrivateKeyParameters nTRUPrivateKeyParameters) {
        this.f61495a = nTRUPrivateKeyParameters.f61501b;
        this.f61496b = nTRUPrivateKeyParameters;
    }

    public final byte[] a(byte[] bArr) {
        NTRUParameterSet nTRUParameterSet;
        short[] sArr;
        NTRUParameterSet nTRUParameterSet2 = this.f61495a.f61510b;
        NTRUPrivateKeyParameters nTRUPrivateKeyParameters = this.f61496b;
        byte[] bArr2 = nTRUPrivateKeyParameters.f61511c;
        int b10 = nTRUParameterSet2.b() + 32;
        byte[] bArr3 = new byte[b10];
        new NTRUOWCPA(nTRUParameterSet2);
        int c8 = nTRUParameterSet2.c() * 2;
        byte[] bArr4 = new byte[c8];
        Polynomial a10 = nTRUParameterSet2.a();
        Polynomial a11 = nTRUParameterSet2.a();
        Polynomial a12 = nTRUParameterSet2.a();
        Polynomial a13 = nTRUParameterSet2.a();
        a10.d(bArr);
        byte[] bArr5 = nTRUPrivateKeyParameters.f61511c;
        a11.e(bArr5);
        a11.j();
        a12.c(a10, a11);
        short[] sArr2 = a11.f62779a;
        int length = sArr2.length;
        for (int i = 0; i < length; i++) {
            int i6 = a12.f62779a[i] & UShort.MAX_VALUE;
            int i10 = a11.f62780b.f62782b;
            short s10 = (short) (i6 % (1 << i10));
            sArr2[i] = s10;
            sArr2[i] = (short) (s10 + (((short) (s10 >>> (i10 - 1))) << (1 - (i10 & 1))));
        }
        a11.b();
        a12.e(Arrays.r(bArr5, nTRUParameterSet2.c(), bArr5.length));
        a13.c(a11, a12);
        a13.b();
        byte[] f10 = a13.f(c8 - nTRUParameterSet2.c());
        short s11 = bArr[nTRUParameterSet2.b() - 1];
        int i11 = nTRUParameterSet2.f62781a;
        int i12 = i11 - 1;
        int i13 = nTRUParameterSet2.f62782b;
        int i14 = ((~((short) (s11 & (255 << (8 - ((i12 * i13) & 7)))))) + 1) >>> 15;
        int i15 = i14 & 1;
        if (nTRUParameterSet2 instanceof NTRUHPSParameterSet) {
            HPSPolynomial hPSPolynomial = (HPSPolynomial) a13;
            nTRUParameterSet = nTRUParameterSet2;
            int i16 = 0;
            short s12 = 0;
            short s13 = 0;
            while (i16 < i12) {
                int i17 = i16;
                short s14 = hPSPolynomial.f62779a[i17];
                short s15 = (short) (s12 + (s14 & 1));
                s13 = (short) (s13 + (s14 & 2));
                i16 = i17 + 1;
                s12 = s15;
            }
            i15 = ((((~((s12 ^ (s13 >>> 1)) | (s13 ^ (((1 << ((NTRUHPSParameterSet) nTRUParameterSet).f62782b) / 8) - 2)))) + 1) >>> 31) | i14) & 1;
        } else {
            nTRUParameterSet = nTRUParameterSet2;
        }
        a11.a(a13);
        for (int i18 = 0; i18 < i11; i18++) {
            short[] sArr3 = a10.f62779a;
            sArr3[i18] = (short) (sArr3[i18] - sArr2[i18]);
        }
        a12.g(Arrays.r(bArr5, nTRUParameterSet.c() * 2, bArr5.length));
        a13.h(a10, a12);
        int i19 = 0;
        int i20 = 0;
        while (true) {
            sArr = a13.f62779a;
            if (i19 >= i12) {
                break;
            }
            short s16 = sArr[i19];
            i20 = i20 | ((s16 + 1) & ((1 << i13) - 4)) | ((s16 + 2) & 4);
            i19++;
        }
        int i21 = i15 | ((((~(sArr[i12] | i20)) + 1) >>> 31) & 1);
        int length2 = sArr.length;
        for (int i22 = 0; i22 < length2; i22++) {
            int i23 = sArr[i22] & UShort.MAX_VALUE;
            int i24 = a13.f62780b.f62782b;
            short s17 = (short) (i23 % (1 << i24));
            sArr[i22] = s17;
            sArr[i22] = (short) ((s17 ^ (s17 >>> (i24 - 1))) & 3);
        }
        byte[] f11 = a13.f(nTRUParameterSet.c() * 2);
        System.arraycopy(f11, 0, bArr4, 0, f11.length);
        System.arraycopy(f10, 0, bArr4, nTRUParameterSet.c(), f10.length);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        int i25 = sHA3Digest.i();
        byte[] bArr6 = new byte[i25];
        sHA3Digest.k(0, c8, bArr4);
        sHA3Digest.d(0, bArr6);
        for (int i26 = 0; i26 < 32; i26++) {
            bArr3[i26] = bArr2[((((i11 - 1) * i13) + 7) / 8) + (nTRUParameterSet.c() * 2) + i26];
        }
        for (int i27 = 0; i27 < nTRUParameterSet.b(); i27++) {
            bArr3[32 + i27] = bArr[i27];
        }
        sHA3Digest.c();
        sHA3Digest.k(0, b10, bArr3);
        sHA3Digest.d(0, bArr4);
        byte b11 = (byte) ((~((byte) i21)) + 1);
        for (int i28 = 0; i28 < i25; i28++) {
            byte b12 = bArr6[i28];
            bArr6[i28] = (byte) (b12 ^ ((bArr4[i28] ^ b12) & b11));
        }
        byte[] r = Arrays.r(bArr6, 0, 32);
        java.util.Arrays.fill(bArr6, (byte) 0);
        return r;
    }
}
