package org.bouncycastle.pqc.crypto.ntruprime;

import h.j;
import org.bouncycastle.asn1.cmc.BodyPartID;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.util.Arrays;

/* loaded from: classes7.dex */
public class SNTRUPrimeKEMExtractor implements EncapsulatedSecretExtractor {
    private final SNTRUPrimePrivateKeyParameters privateKey;

    public SNTRUPrimeKEMExtractor(SNTRUPrimePrivateKeyParameters sNTRUPrimePrivateKeyParameters) {
        this.privateKey = sNTRUPrimePrivateKeyParameters;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public byte[] extractSecret(byte[] bArr) {
        SNTRUPrimeParameters parameters = this.privateKey.getParameters();
        int p10 = parameters.getP();
        int q10 = parameters.getQ();
        int w10 = parameters.getW();
        int roundedPolynomialBytes = parameters.getRoundedPolynomialBytes();
        byte[] bArr2 = new byte[p10];
        j.K1(p10, bArr2, this.privateKey.getF());
        byte[] bArr3 = new byte[p10];
        j.K1(p10, bArr3, this.privateKey.getGinv());
        short[] sArr = new short[p10];
        j.o2(p10, q10, bArr, sArr);
        short[] sArr2 = new short[p10];
        j.a3(p10, q10, bArr2, sArr2, sArr);
        short[] sArr3 = new short[p10];
        for (int i10 = 0; i10 < p10; i10++) {
            sArr3[i10] = (short) j.g2(3 * sArr2[i10], q10);
        }
        byte[] bArr4 = new byte[p10];
        for (int i11 = 0; i11 < p10; i11++) {
            bArr4[i11] = (byte) j.g2(sArr3[i11], 3);
        }
        byte[] bArr5 = new byte[p10];
        int i12 = p10 + p10;
        int i13 = i12 - 1;
        byte[] bArr6 = new byte[i13];
        for (int i14 = 0; i14 < p10; i14++) {
            int i15 = 0;
            byte b = 0;
            while (i15 <= i14) {
                int i16 = bArr4[i15] * bArr3[i14 - i15];
                i15++;
                b = (byte) j.g2(i16 + b, 3);
                parameters = parameters;
            }
            bArr6[i14] = b;
        }
        SNTRUPrimeParameters sNTRUPrimeParameters = parameters;
        for (int i17 = p10; i17 < i13; i17++) {
            byte b10 = 0;
            for (int i18 = (i17 - p10) + 1; i18 < p10; i18++) {
                b10 = (byte) j.g2((bArr4[i18] * bArr3[i17 - i18]) + b10, 3);
            }
            bArr6[i17] = b10;
        }
        for (int i19 = i12 - 2; i19 >= p10; i19--) {
            int i20 = i19 - p10;
            bArr6[i20] = (byte) j.g2(bArr6[i20] + bArr6[i19], 3);
            int i21 = i20 + 1;
            bArr6[i21] = (byte) j.g2(bArr6[i21] + bArr6[i19], 3);
        }
        for (int i22 = 0; i22 < p10; i22++) {
            bArr5[i22] = bArr6[i22];
        }
        byte[] bArr7 = new byte[p10];
        int i23 = 0;
        for (int i24 = 0; i24 != p10; i24++) {
            i23 += bArr5[i24] & 1;
        }
        int i25 = -((int) ((-((i23 - w10) & BodyPartID.bodyIdMax)) >>> 63));
        for (int i26 = 0; i26 < w10; i26++) {
            bArr7[i26] = (byte) (((bArr5[i26] ^ 1) & (~i25)) ^ 1);
        }
        while (w10 < p10) {
            bArr7[w10] = (byte) (bArr5[w10] & (~i25));
            w10++;
        }
        int i27 = (p10 + 3) / 4;
        byte[] bArr8 = new byte[i27];
        j.Z1(p10, bArr8, bArr7);
        short[] sArr4 = new short[p10];
        j.J1(p10, q10, this.privateKey.getPk(), sArr4);
        short[] sArr5 = new short[p10];
        j.a3(p10, q10, bArr7, sArr5, sArr4);
        short[] sArr6 = new short[p10];
        j.K3(sArr6, sArr5);
        byte[] bArr9 = new byte[roundedPolynomialBytes];
        j.p2(p10, q10, bArr9, sArr6);
        byte[] a22 = j.a2(new byte[]{3}, bArr8);
        byte[] bArr10 = new byte[this.privateKey.getHash().length + 32];
        System.arraycopy(a22, 0, bArr10, 0, 32);
        System.arraycopy(this.privateKey.getHash(), 0, bArr10, 32, this.privateKey.getHash().length);
        byte[] a23 = j.a2(new byte[]{2}, bArr10);
        int i28 = roundedPolynomialBytes + 32;
        byte[] bArr11 = new byte[i28];
        System.arraycopy(bArr9, 0, bArr11, 0, roundedPolynomialBytes);
        System.arraycopy(a23, 0, bArr11, roundedPolynomialBytes, 32);
        int i29 = Arrays.areEqual(bArr, bArr11) ? 0 : -1;
        byte[] rho = this.privateKey.getRho();
        for (int i30 = 0; i30 < i27; i30++) {
            byte b11 = bArr8[i30];
            bArr8[i30] = (byte) (b11 ^ ((rho[i30] ^ b11) & i29));
        }
        byte[] bArr12 = new byte[roundedPolynomialBytes + 64];
        System.arraycopy(j.a2(new byte[]{3}, bArr8), 0, bArr12, 0, 32);
        System.arraycopy(bArr11, 0, bArr12, 32, i28);
        return Arrays.copyOfRange(j.a2(new byte[]{(byte) (i29 + 1)}, bArr12), 0, sNTRUPrimeParameters.getSessionKeySize() / 8);
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public int getEncapsulationLength() {
        return this.privateKey.getParameters().getRoundedPolynomialBytes() + 32;
    }
}
