package org.bouncycastle.pqc.crypto.newhope;

import java.security.SecureRandom;
import java.util.Arrays;
import org.bouncycastle.crypto.engines.Salsa20Engine;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.pqc.crypto.ExchangePair;
import org.bouncycastle.pqc.crypto.ExchangePairGenerator;

/* loaded from: classes4.dex */
public class NHExchangePairGenerator implements ExchangePairGenerator {

    /* renamed from: a, reason: collision with root package name */
    public final SecureRandom f31436a;

    public NHExchangePairGenerator(SecureRandom secureRandom) {
        this.f31436a = secureRandom;
    }

    public final ExchangePair a(NHPublicKeyParameters nHPublicKeyParameters) {
        byte[] bArr = new byte[32];
        byte[] bArr2 = new byte[2048];
        byte[] bArr3 = nHPublicKeyParameters.s;
        short[] sArr = new short[1024];
        byte[] bArr4 = new byte[32];
        for (int i2 = 0; i2 < 256; i2++) {
            int i3 = i2 * 7;
            int i4 = bArr3[i3] & 255;
            byte b = bArr3[i3 + 1];
            int i5 = bArr3[i3 + 2] & 255;
            byte b2 = bArr3[i3 + 3];
            int i6 = bArr3[i3 + 4] & 255;
            byte b3 = bArr3[i3 + 5];
            int i7 = bArr3[i3 + 6] & 255;
            int i8 = i2 * 4;
            sArr[i8] = (short) (i4 | ((b & 63) << 8));
            sArr[i8 + 1] = (short) (((b & 255) >>> 6) | (i5 << 2) | ((b2 & 15) << 10));
            sArr[i8 + 2] = (short) (((b3 & 3) << 12) | ((b2 & 255) >>> 4) | (i6 << 4));
            sArr[i8 + 3] = (short) (((b3 & 255) >>> 2) | (i7 << 6));
        }
        int i9 = 0;
        System.arraycopy(bArr3, 1792, bArr4, 0, 32);
        short[] sArr2 = new short[1024];
        NewHope.a(bArr4, sArr2);
        byte[] bArr5 = new byte[32];
        this.f31436a.nextBytes(bArr5);
        short[] sArr3 = new short[1024];
        Poly.b(sArr3, bArr5, (byte) 0);
        short[] sArr4 = Precomp.c;
        int i10 = 0;
        for (int i11 = 1024; i10 < i11; i11 = 1024) {
            sArr3[i10] = Reduce.b((sArr3[i10] & 65535) * (65535 & sArr4[i10]));
            i10++;
        }
        short[] sArr5 = Precomp.f31438a;
        NTT.a(sArr3, sArr5);
        short[] sArr6 = new short[1024];
        int i12 = 1;
        Poly.b(sArr6, bArr5, (byte) 1);
        int i13 = 0;
        for (int i14 = 1024; i13 < i14; i14 = 1024) {
            sArr6[i13] = Reduce.b((sArr6[i13] & 65535) * (sArr4[i13] & 65535));
            i13++;
        }
        NTT.a(sArr6, sArr5);
        short[] sArr7 = new short[1024];
        Poly.d(sArr2, sArr3, sArr7);
        Poly.a(sArr7, sArr6, sArr7);
        short[] sArr8 = new short[1024];
        Poly.d(sArr, sArr3, sArr8);
        for (int i15 = 0; i15 < 1024; i15++) {
            short s = NTT.f31437a[i15];
            if (i15 < s) {
                short s2 = sArr8[i15];
                sArr8[i15] = sArr8[s];
                sArr8[s] = s2;
            }
        }
        NTT.a(sArr8, Precomp.b);
        short[] sArr9 = Precomp.d;
        for (int i16 = 0; i16 < 1024; i16++) {
            sArr8[i16] = Reduce.b((sArr8[i16] & 65535) * (65535 & sArr9[i16]));
        }
        short[] sArr10 = new short[1024];
        Poly.b(sArr10, bArr5, (byte) 2);
        Poly.a(sArr8, sArr10, sArr8);
        short[] sArr11 = new short[1024];
        short s3 = 8;
        byte[] bArr6 = new byte[8];
        bArr6[0] = 3;
        byte[] bArr7 = new byte[32];
        Salsa20Engine salsa20Engine = new Salsa20Engine(20);
        salsa20Engine.init(true, new ParametersWithIV(new KeyParameter(bArr5, 0, 32), bArr6, 0, 8));
        salsa20Engine.processBytes(bArr7, 0, 32, bArr7, 0);
        int[] iArr = new int[8];
        int i17 = 0;
        while (i17 < 256) {
            int i18 = ((bArr7[i17 >>> 3] >>> (i17 & 7)) & i12) * 4;
            int i19 = i17 + 256;
            int a2 = ErrorCorrection.a(i9, 4, (sArr8[i17] * s3) + i18, iArr) + ErrorCorrection.a(i12, 5, (sArr8[i19] * 8) + i18, iArr);
            int i20 = i17 + 512;
            int i21 = i17 + 768;
            int a3 = (24577 - ((a2 + ErrorCorrection.a(2, 6, (sArr8[i20] * 8) + i18, iArr)) + ErrorCorrection.a(3, 7, (sArr8[i21] * 8) + i18, iArr))) >> 31;
            int i22 = ~a3;
            int[] iArr2 = {(i22 & iArr[0]) ^ (a3 & iArr[4]), (i22 & iArr[1]) ^ (a3 & iArr[5]), (i22 & iArr[2]) ^ (a3 & iArr[6]), (i22 & iArr[3]) ^ (a3 & iArr[7])};
            int i23 = iArr2[0];
            int i24 = iArr2[3];
            sArr11[i17] = (short) ((i23 - i24) & 3);
            i12 = 1;
            sArr11[i19] = (short) ((iArr2[1] - i24) & 3);
            sArr11[i20] = (short) ((iArr2[2] - i24) & 3);
            sArr11[i21] = (short) (((i24 * 2) + (-a3)) & 3);
            i17++;
            i9 = 0;
            s3 = 8;
        }
        Poly.e(bArr2, sArr7);
        for (int i25 = 0; i25 < 256; i25++) {
            int i26 = i25 * 4;
            bArr2[i25 + 1792] = (byte) ((sArr11[i26 + 3] << 6) | sArr11[i26] | (sArr11[i26 + 1] << 2) | (sArr11[i26 + 2] << 4));
        }
        Arrays.fill(bArr, (byte) 0);
        for (int i27 = 0; i27 < 256; i27++) {
            int i28 = (sArr8[i27] * 8) + 196624;
            int i29 = sArr11[i27] * 2;
            int i30 = i27 + 768;
            short s4 = sArr11[i30];
            int i31 = i28 - ((i29 + s4) * 12289);
            int i32 = i27 + 256;
            int i33 = ((sArr8[i32] * 8) + 196624) - (((sArr11[i32] * 2) + s4) * 12289);
            int i34 = i27 + 512;
            int[] iArr3 = {i31, i33, ((sArr8[i34] * 8) + 196624) - (((sArr11[i34] * 2) + s4) * 12289), ((sArr8[i30] * 8) + 196624) - (s4 * 12289)};
            int i35 = i27 >>> 3;
            bArr[i35] = (byte) ((((short) (((((ErrorCorrection.b(iArr3[0]) + ErrorCorrection.b(iArr3[1])) + ErrorCorrection.b(iArr3[2])) + ErrorCorrection.b(iArr3[3])) - 98312) >>> 31)) << (i27 & 7)) | bArr[i35]);
        }
        NewHope.b(bArr);
        return new ExchangePair(new NHPublicKeyParameters(bArr2), bArr);
    }
}
