package org.bouncycastle.pqc.crypto.crystals.kyber;

import com.itextpdf.text.pdf.codec.TIFFConstants;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.util.Arrays;
import y3.l;

/* loaded from: classes7.dex */
public class KyberKEMExtractor implements EncapsulatedSecretExtractor {
    private a engine;
    private KyberPrivateKeyParameters key;

    public KyberKEMExtractor(KyberPrivateKeyParameters kyberPrivateKeyParameters) {
        this.key = kyberPrivateKeyParameters;
        initCipher(kyberPrivateKeyParameters);
    }

    private void initCipher(AsymmetricKeyParameter asymmetricKeyParameter) {
        this.engine = ((KyberPrivateKeyParameters) asymmetricKeyParameter).getParameters().getEngine();
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public byte[] extractSecret(byte[] bArr) {
        a aVar;
        byte[] bArr2;
        b bVar;
        a aVar2 = this.engine;
        byte[] privateKey = this.key.getPrivateKey();
        aVar2.getClass();
        byte[] bArr3 = new byte[64];
        byte[] bArr4 = new byte[64];
        byte[] copyOfRange = Arrays.copyOfRange(privateKey, aVar2.f29640i, privateKey.length);
        b bVar2 = aVar2.b;
        a aVar3 = bVar2.f29647a;
        com.wxiwei.office.fc.hssf.formula.c cVar = new com.wxiwei.office.fc.hssf.formula.c(aVar3);
        com.wxiwei.office.fc.hssf.formula.c cVar2 = new com.wxiwei.office.fc.hssf.formula.c(aVar3);
        short[] sArr = new short[256];
        d dVar = new d(aVar3);
        int i10 = aVar3.f29637f;
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 0, i10);
        int i11 = ((a) cVar.f25628g).f29637f;
        int i12 = cVar.f25625c;
        if (i11 == i12 * TIFFConstants.TIFFTAG_COLORMAP) {
            short[] sArr2 = new short[4];
            int i13 = 0;
            int i14 = 0;
            while (i13 < cVar.f25625c) {
                b bVar3 = bVar2;
                int i15 = 0;
                while (i15 < 64) {
                    int i16 = copyOfRange2[i14] & 255;
                    byte[] bArr5 = bArr4;
                    int i17 = copyOfRange2[i14 + 1] & 255;
                    a aVar4 = aVar2;
                    sArr2[0] = (short) (((short) (i17 << 8)) | i16);
                    int i18 = i17 >> 2;
                    int i19 = copyOfRange2[i14 + 2] & 255;
                    sArr2[1] = (short) (i18 | ((short) (i19 << 6)));
                    int i20 = copyOfRange2[i14 + 3] & 255;
                    sArr2[2] = (short) ((i19 >> 4) | ((short) (i20 << 4)));
                    sArr2[3] = (short) ((i20 >> 6) | ((short) ((copyOfRange2[i14 + 4] & 255) << 2)));
                    i14 += 5;
                    int i21 = 0;
                    while (i21 < 4) {
                        d dVar2 = ((d[]) cVar.f25627f)[i13];
                        int i22 = i14;
                        dVar2.f29656a[(i15 * 4) + i21] = (short) ((((sArr2[i21] & 1023) * 3329) + 512) >> 10);
                        i21++;
                        i14 = i22;
                    }
                    i15++;
                    aVar2 = aVar4;
                    bArr4 = bArr5;
                }
                i13++;
                bVar2 = bVar3;
            }
            aVar = aVar2;
            bArr2 = bArr4;
            bVar = bVar2;
        } else {
            aVar = aVar2;
            bArr2 = bArr4;
            bVar = bVar2;
            if (i11 != i12 * 352) {
                throw new RuntimeException("Kyber PolyVecCompressedBytes neither 320 * KyberK or 352 * KyberK!");
            }
            short[] sArr3 = new short[8];
            int i23 = 0;
            for (int i24 = 0; i24 < cVar.f25625c; i24++) {
                int i25 = 0;
                while (i25 < 32) {
                    int i26 = copyOfRange2[i23] & 255;
                    int i27 = copyOfRange2[i23 + 1] & 255;
                    sArr3[0] = (short) (i26 | (((short) i27) << 8));
                    int i28 = i27 >> 3;
                    int i29 = copyOfRange2[i23 + 2] & 255;
                    sArr3[1] = (short) (i28 | (((short) i29) << 5));
                    int i30 = (i29 >> 6) | (((short) (copyOfRange2[i23 + 3] & 255)) << 2);
                    int i31 = copyOfRange2[i23 + 4] & 255;
                    sArr3[2] = (short) (i30 | ((short) (i31 << 10)));
                    int i32 = i31 >> 1;
                    int i33 = copyOfRange2[i23 + 5] & 255;
                    sArr3[3] = (short) (i32 | (((short) i33) << 7));
                    int i34 = copyOfRange2[i23 + 6] & 255;
                    byte[] bArr6 = bArr3;
                    sArr3[4] = (short) ((((short) i34) << 4) | (i33 >> 4));
                    int i35 = (i34 >> 7) | (((short) (copyOfRange2[i23 + 7] & 255)) << 1);
                    int i36 = copyOfRange2[i23 + 8] & 255;
                    sArr3[5] = (short) (i35 | ((short) (i36 << 9)));
                    int i37 = i36 >> 2;
                    int i38 = copyOfRange2[i23 + 9] & 255;
                    sArr3[6] = (short) (i37 | (((short) i38) << 6));
                    sArr3[7] = (short) ((i38 >> 5) | (((short) (copyOfRange2[i23 + 10] & 255)) << 3));
                    i23 += 11;
                    for (int i39 = 0; i39 < 8; i39++) {
                        d dVar3 = ((d[]) cVar.f25627f)[i24];
                        dVar3.f29656a[(i25 * 8) + i39] = (short) ((((sArr3[i39] & 2047) * 3329) + 1024) >> 11);
                    }
                    i25++;
                    bArr3 = bArr6;
                }
            }
        }
        byte[] bArr7 = bArr3;
        byte[] copyOfRange3 = Arrays.copyOfRange(bArr, i10, bArr.length);
        int i40 = aVar3.f29636e;
        if (i40 == 128) {
            int i41 = 0;
            for (int i42 = 0; i42 < 128; i42++) {
                int i43 = i42 * 2;
                byte b = copyOfRange3[i41];
                sArr[i43] = (short) (((((short) (b & 15)) * 3329) + 8) >> 4);
                sArr[i43 + 1] = (short) (((((short) ((b & 255) >> 4)) * 3329) + 8) >> 4);
                i41++;
            }
        } else {
            if (i40 != 160) {
                throw new RuntimeException("PolyCompressedBytes is neither 128 or 160!");
            }
            byte[] bArr8 = new byte[8];
            int i44 = 0;
            for (int i45 = 0; i45 < 32; i45++) {
                bArr8[0] = (byte) (copyOfRange3[i44] & 255);
                int i46 = i44 + 1;
                bArr8[1] = (byte) (((copyOfRange3[i44] & 255) >> 5) | ((copyOfRange3[i46] & 255) << 3));
                bArr8[2] = (byte) ((copyOfRange3[i46] & 255) >> 2);
                int i47 = (copyOfRange3[i46] & 255) >> 7;
                int i48 = i44 + 2;
                bArr8[3] = (byte) (i47 | ((copyOfRange3[i48] & 255) << 1));
                int i49 = i44 + 3;
                bArr8[4] = (byte) (((copyOfRange3[i48] & 255) >> 4) | ((copyOfRange3[i49] & 255) << 4));
                bArr8[5] = (byte) ((copyOfRange3[i49] & 255) >> 1);
                int i50 = (copyOfRange3[i49] & 255) >> 6;
                int i51 = i44 + 4;
                bArr8[6] = (byte) (i50 | ((copyOfRange3[i51] & 255) << 2));
                bArr8[7] = (byte) ((copyOfRange3[i51] & 255) >> 3);
                i44 += 5;
                for (int i52 = 0; i52 < 8; i52++) {
                    sArr[(i45 * 8) + i52] = (short) ((((bArr8[i52] & 31) * 3329) + 16) >> 5);
                }
            }
        }
        cVar2.b(privateKey);
        cVar.e();
        com.wxiwei.office.fc.hssf.formula.c.d(dVar, cVar2, cVar, aVar3);
        dVar.e();
        for (int i53 = 0; i53 < 256; i53++) {
            short s10 = sArr[i53];
            short[] sArr4 = dVar.f29656a;
            sArr4[i53] = (short) (s10 - sArr4[i53]);
        }
        dVar.f();
        int i54 = 32;
        byte[] bArr9 = new byte[32];
        dVar.c();
        int i55 = 0;
        while (i55 < i54) {
            bArr9[i55] = 0;
            for (int i56 = 0; i56 < 8; i56++) {
                bArr9[i55] = (byte) (((byte) (((short) (((((short) (dVar.f29656a[(i55 * 8) + i56] << 1)) + 1664) / 3329) & 1)) << i56)) | bArr9[i55]);
            }
            i55++;
            i54 = 32;
        }
        int i57 = i54;
        System.arraycopy(bArr9, 0, bArr7, 0, i57);
        a aVar5 = aVar;
        int i58 = aVar5.f29643l;
        System.arraycopy(privateKey, i58 - 64, bArr7, i57, i57);
        l lVar = aVar5.f29646o;
        byte[] bArr10 = bArr2;
        lVar.b(bArr10, bArr7);
        boolean z9 = !Arrays.constantTimeAreEqual(bArr, bVar.a(Arrays.copyOfRange(bArr7, 0, i57), copyOfRange, Arrays.copyOfRange(bArr10, i57, 64)));
        lVar.c(i57, bArr10, bArr);
        byte[] copyOfRange4 = Arrays.copyOfRange(privateKey, i58 - 32, i58);
        if (z9) {
            System.arraycopy(copyOfRange4, 0, bArr10, 0, i57);
        } else {
            System.arraycopy(bArr10, 0, bArr10, 0, i57);
        }
        byte[] bArr11 = new byte[aVar5.f29645n];
        lVar.d(bArr11, bArr10);
        return bArr11;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public int getEncapsulationLength() {
        return this.engine.f29644m;
    }
}
