package org.bouncycastle.pqc.crypto.frodo;

import androidx.camera.video.y0;
import k9.a;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.Xof;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes7.dex */
public class FrodoKEMExtractor implements EncapsulatedSecretExtractor {
    private a engine;
    private FrodoKeyParameters key;

    public FrodoKEMExtractor(FrodoKeyParameters frodoKeyParameters) {
        this.key = frodoKeyParameters;
        initCipher(frodoKeyParameters.getParameters());
    }

    private void initCipher(FrodoParameters frodoParameters) {
        this.engine = frodoParameters.getEngine();
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public byte[] extractSecret(byte[] bArr) {
        a aVar = this.engine;
        byte[] bArr2 = new byte[aVar.f28298p];
        byte[] privateKey = ((FrodoPrivateKeyParameters) this.key).getPrivateKey();
        int i10 = aVar.f28285c;
        int i11 = i10 * 8;
        int i12 = aVar.f28284a;
        int i13 = (i11 * i12) / 8;
        int i14 = 0;
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, i13);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, i13, y0.z(i12, 64, 8, i13));
        int i15 = aVar.f28295m;
        byte[] copyOfRange3 = Arrays.copyOfRange(privateKey, 0, i15);
        int i16 = i15 + 16;
        byte[] copyOfRange4 = Arrays.copyOfRange(privateKey, i15, i16);
        int i17 = (((i12 * i10) * 8) / 8) + i16;
        byte[] copyOfRange5 = Arrays.copyOfRange(privateKey, i16, i17);
        int z9 = y0.z(i10, 128, 8, i17);
        byte[] copyOfRange6 = Arrays.copyOfRange(privateKey, i17, z9);
        short[] sArr = new short[i11];
        for (int i18 = 8; i14 < i18; i18 = 8) {
            for (int i19 = 0; i19 < i10; i19++) {
                int i20 = i14 * i10;
                sArr[i20 + i19] = Pack.littleEndianToShort(copyOfRange6, (i19 * 2) + (i20 * 2));
            }
            i14++;
        }
        short[] d10 = a.d(sArr, i10);
        int i21 = aVar.f28297o;
        byte[] copyOfRange7 = Arrays.copyOfRange(privateKey, z9, z9 + i21);
        short[] g4 = aVar.g(8, i10, copyOfRange);
        short[] g10 = aVar.g(8, 8, copyOfRange2);
        short[] c10 = aVar.c(g4, 8, aVar.f28285c, d10, 8);
        short[] sArr2 = new short[64];
        int i22 = 0;
        while (true) {
            if (i22 >= 8) {
                break;
            }
            int i23 = 0;
            for (int i24 = 8; i23 < i24; i24 = 8) {
                int i25 = (i22 * 8) + i23;
                sArr2[i25] = (short) (((g10[i25] - c10[i25]) & 65535) % aVar.b);
                i23++;
                c10 = c10;
            }
            i22++;
        }
        int i26 = aVar.f28286d;
        short s10 = (short) ((1 << i26) - 1);
        short s11 = (short) ((1 << i12) - 1);
        byte[] bArr3 = new byte[i26 * 8];
        int i27 = 0;
        int i28 = 8;
        int i29 = 0;
        while (i27 < i28) {
            byte[] bArr4 = copyOfRange2;
            long j5 = 0;
            int i30 = 0;
            int i31 = i29;
            while (i30 < i28) {
                int i32 = i12 - i26;
                j5 |= (((short) (((sArr2[i31] & s11) + (1 << (i32 - 1))) >> i32)) & s10) << (i26 * i30);
                i31++;
                i30++;
                s10 = s10;
                s11 = s11;
                i28 = 8;
            }
            short s12 = s10;
            short s13 = s11;
            int i33 = 0;
            while (i33 < i26) {
                bArr3[(i27 * i26) + i33] = (byte) ((j5 >> (i33 * 8)) & 255);
                i33++;
                sArr2 = sArr2;
                i26 = i26;
            }
            i27++;
            i29 = i31;
            s10 = s12;
            copyOfRange2 = bArr4;
            s11 = s13;
            i28 = 8;
        }
        byte[] bArr5 = copyOfRange2;
        int i34 = aVar.f28294l;
        int i35 = aVar.f28296n + i34;
        byte[] bArr6 = new byte[i35];
        Xof xof = aVar.f28299q;
        xof.update(copyOfRange7, 0, i21);
        xof.update(bArr3, 0, aVar.f28293k);
        xof.doFinal(bArr6, 0, i35);
        byte[] copyOfRange8 = Arrays.copyOfRange(bArr6, i34, i35);
        int i36 = i10 * 16;
        int i37 = i36 + 64;
        int i38 = i37 * 2;
        byte[] bArr7 = new byte[i38];
        xof.update((byte) -106);
        xof.update(bArr6, 0, i34);
        xof.doFinal(bArr7, 0, i38);
        short[] sArr3 = new short[i37];
        for (int i39 = 0; i39 < i37; i39++) {
            sArr3[i39] = Pack.littleEndianToShort(bArr7, i39 * 2);
        }
        short[] f10 = aVar.f(sArr3, 0, 8, i10);
        short[] f11 = aVar.f(sArr3, i11, 8, i10);
        short[] a10 = aVar.f28300r.a(copyOfRange4);
        int i40 = aVar.f28285c;
        short[] b = aVar.b(aVar.c(f10, 8, i40, a10, i40), f11, 8, i10);
        short[] b10 = aVar.b(aVar.b(aVar.c(f10, 8, aVar.f28285c, aVar.g(i10, 8, copyOfRange5), 8), aVar.f(sArr3, i36, 8, 8), 8, 8), aVar.a(bArr3), 8, 8);
        short s14 = 0;
        for (short s15 = 0; s15 < g4.length; s15 = (short) (s15 + 1)) {
            s14 = (short) (s14 | (g4[s15] ^ b[s15]));
        }
        for (short s16 = 0; s16 < g10.length; s16 = (short) (s16 + 1)) {
            s14 = (short) (s14 | (g10[s16] ^ b10[s16]));
        }
        byte b11 = s14 == 0 ? (byte) 0 : (byte) -1;
        int length = copyOfRange8.length;
        byte[] bArr8 = new byte[length];
        for (int i41 = 0; i41 < copyOfRange8.length; i41++) {
            bArr8[i41] = (byte) (((~b11) & copyOfRange8[i41] & 255) | (copyOfRange3[i41] & b11 & 255));
        }
        xof.update(copyOfRange, 0, copyOfRange.length);
        xof.update(bArr5, 0, bArr5.length);
        xof.update(bArr8, 0, length);
        xof.doFinal(bArr2, 0, aVar.f28298p);
        return bArr2;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public int getEncapsulationLength() {
        return this.engine.f28289g;
    }
}
