package org.bouncycastle.pqc.crypto.saber;

import j9.g;
import java.lang.reflect.Array;
import l9.a;
import l9.b;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.util.Arrays;

/* loaded from: classes7.dex */
public class SABERKEMExtractor implements EncapsulatedSecretExtractor {
    private b engine;
    private SABERKeyParameters key;

    public SABERKEMExtractor(SABERKeyParameters sABERKeyParameters) {
        this.key = sABERKeyParameters;
        initCipher(sABERKeyParameters.getParameters());
    }

    private void initCipher(SABERParameters sABERParameters) {
        this.engine = sABERParameters.getEngine();
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public byte[] extractSecret(byte[] bArr) {
        byte[] bArr2;
        int i10;
        int i11;
        b bVar = this.engine;
        byte[] bArr3 = new byte[bVar.f28645l / 8];
        byte[] privateKey = ((SABERPrivateKeyParameters) this.key).getPrivateKey();
        int i12 = bVar.f28644k;
        byte[] bArr4 = new byte[i12];
        byte[] bArr5 = new byte[64];
        byte[] bArr6 = new byte[64];
        byte[] copyOfRange = Arrays.copyOfRange(privateKey, bVar.f28641h, privateKey.length);
        int i13 = bVar.f28635a;
        Class cls = Short.TYPE;
        short[][] sArr = (short[][]) Array.newInstance((Class<?>) cls, i13, 256);
        short[][] sArr2 = (short[][]) Array.newInstance((Class<?>) cls, i13, 256);
        short[] sArr3 = new short[256];
        short[] sArr4 = new short[256];
        g gVar = bVar.f28647n;
        int i14 = 0;
        gVar.b(privateKey, 0, sArr);
        gVar.a(bArr, sArr2);
        while (true) {
            a aVar = bVar.f28648o;
            bArr2 = bArr3;
            if (i14 >= aVar.f28632c) {
                break;
            }
            aVar.f(sArr2[i14], sArr[i14], sArr3);
            i14++;
            bArr3 = bArr2;
            sArr2 = sArr2;
        }
        int i15 = gVar.b;
        int i16 = bVar.f28639f;
        if (i15 == 3) {
            short s10 = 0;
            for (short s11 = 32; s10 < s11; s11 = 32) {
                short s12 = (short) (s10 * 8);
                int i17 = ((short) (s10 * 3)) + i16;
                byte b = bArr[i17];
                sArr4[s12] = (short) (b & 7);
                sArr4[s12 + 1] = (short) ((b >> 3) & 7);
                byte b10 = bArr[i17 + 1];
                int i18 = i12;
                sArr4[s12 + 2] = (short) (((b >> 6) & 3) | ((b10 & 1) << 2));
                sArr4[s12 + 3] = (short) ((b10 >> 1) & 7);
                sArr4[s12 + 4] = (short) ((b10 >> 4) & 7);
                int i19 = (b10 >> 7) & 1;
                byte b11 = bArr[i17 + 2];
                sArr4[s12 + 5] = (short) (i19 | ((b11 & 3) << 1));
                sArr4[s12 + 6] = (short) ((b11 >> 2) & 7);
                sArr4[s12 + 7] = (short) ((b11 >> 5) & 7);
                s10 = (short) (s10 + 1);
                i12 = i18;
            }
            i10 = i12;
        } else {
            i10 = i12;
            if (i15 == 4) {
                for (short s13 = 0; s13 < 128; s13 = (short) (s13 + 1)) {
                    short s14 = (short) (s13 * 2);
                    byte b12 = bArr[i16 + s13];
                    sArr4[s14] = (short) (b12 & 15);
                    sArr4[s14 + 1] = (short) ((b12 >> 4) & 15);
                }
            } else if (i15 == 6) {
                for (short s15 = 0; s15 < 64; s15 = (short) (s15 + 1)) {
                    short s16 = (short) (s15 * 4);
                    int i20 = ((short) (s15 * 3)) + i16;
                    byte b13 = bArr[i20];
                    sArr4[s16] = (short) (b13 & 63);
                    byte b14 = bArr[i20 + 1];
                    sArr4[s16 + 1] = (short) (((b13 >> 6) & 3) | ((b14 & 15) << 2));
                    byte b15 = bArr[i20 + 2];
                    sArr4[s16 + 2] = (short) (((b14 & 255) >> 4) | ((b15 & 3) << 4));
                    sArr4[s16 + 3] = (short) ((b15 & 255) >> 2);
                }
            }
        }
        for (int i21 = 0; i21 < 256; i21++) {
            sArr3[i21] = (short) ((((sArr3[i21] + bVar.f28646m) - (sArr4[i21] << (10 - bVar.f28636c))) & 65535) >> 9);
        }
        for (byte b16 = 0; b16 < 32; b16 = (byte) (b16 + 1)) {
            for (byte b17 = 0; b17 < 8; b17 = (byte) (b17 + 1)) {
                bArr5[b16] = (byte) (bArr5[b16] | ((sArr3[(b16 * 8) + b17] & 1) << b17));
            }
        }
        int i22 = 0;
        while (true) {
            i11 = bVar.f28643j;
            if (i22 >= 32) {
                break;
            }
            bArr5[i22 + 32] = privateKey[(i11 - 64) + i22];
            i22++;
        }
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        SHA3Digest sHA3Digest2 = new SHA3Digest(512);
        sHA3Digest2.update(bArr5, 0, 64);
        sHA3Digest2.doFinal(bArr6, 0);
        bVar.a(bArr5, Arrays.copyOfRange(bArr6, 32, 64), copyOfRange, bArr4);
        long j5 = 0;
        int i23 = i10;
        for (int i24 = 0; i24 < i23; i24++) {
            j5 |= bArr[i24] ^ bArr4[i24];
        }
        sHA3Digest.update(bArr, 0, i23);
        int i25 = 32;
        sHA3Digest.doFinal(bArr6, 32);
        int i26 = i11 - 32;
        byte b18 = (byte) (-((byte) ((-j5) >>> 63)));
        int i27 = 0;
        while (i27 < i25) {
            byte b19 = bArr6[i27];
            bArr6[i27] = (byte) (b19 ^ ((privateKey[i27 + i26] ^ b19) & b18));
            i27++;
            i25 = 32;
        }
        byte[] bArr7 = new byte[i25];
        sHA3Digest.update(bArr6, 0, 64);
        sHA3Digest.doFinal(bArr7, 0);
        System.arraycopy(bArr7, 0, bArr2, 0, bVar.f28645l / 8);
        return bArr2;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public int getEncapsulationLength() {
        return this.engine.f28644k;
    }
}
