package org.bouncycastle.pqc.crypto.ntru;

import java.security.SecureRandom;
import org.bouncycastle.crypto.EncapsulatedSecretGenerator;
import org.bouncycastle.crypto.SecretWithEncapsulation;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.pqc.crypto.util.SecretWithEncapsulationImpl;
import org.bouncycastle.pqc.math.ntru.HPSPolynomial;
import org.bouncycastle.pqc.math.ntru.HRSSPolynomial;
import org.bouncycastle.pqc.math.ntru.Polynomial;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPSParameterSet;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUHRSSParameterSet;
import org.bouncycastle.pqc.math.ntru.parameters.NTRUParameterSet;
import org.bouncycastle.util.Arrays;

/* loaded from: classes7.dex */
public class NTRUKEMGenerator implements EncapsulatedSecretGenerator {
    private final SecureRandom random;

    public NTRUKEMGenerator(SecureRandom secureRandom) {
        this.random = secureRandom;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretGenerator
    public SecretWithEncapsulation generateEncapsulated(AsymmetricKeyParameter asymmetricKeyParameter) {
        PolynomialPair polynomialPair;
        NTRUPublicKeyParameters nTRUPublicKeyParameters = (NTRUPublicKeyParameters) asymmetricKeyParameter;
        NTRUParameterSet nTRUParameterSet = nTRUPublicKeyParameters.getParameters().parameterSet;
        NTRUSampling nTRUSampling = new NTRUSampling(nTRUParameterSet);
        new NTRUOWCPA(nTRUParameterSet);
        int owcpaMsgBytes = nTRUParameterSet.owcpaMsgBytes();
        byte[] bArr = new byte[owcpaMsgBytes];
        int sampleRmBytes = nTRUParameterSet.sampleRmBytes();
        byte[] bArr2 = new byte[sampleRmBytes];
        this.random.nextBytes(bArr2);
        if (nTRUParameterSet instanceof NTRUHRSSParameterSet) {
            polynomialPair = new PolynomialPair((HRSSPolynomial) nTRUSampling.b(Arrays.copyOfRange(bArr2, 0, nTRUParameterSet.sampleIidBytes())), (HRSSPolynomial) nTRUSampling.b(Arrays.copyOfRange(bArr2, nTRUParameterSet.sampleIidBytes(), sampleRmBytes)));
        } else {
            if (!(nTRUParameterSet instanceof NTRUHPSParameterSet)) {
                throw new IllegalArgumentException("Invalid polynomial type");
            }
            polynomialPair = new PolynomialPair((HPSPolynomial) nTRUSampling.b(Arrays.copyOfRange(bArr2, 0, nTRUParameterSet.sampleIidBytes())), nTRUSampling.a(Arrays.copyOfRange(bArr2, nTRUParameterSet.sampleIidBytes(), sampleRmBytes)));
        }
        int owcpaMsgBytes2 = nTRUParameterSet.owcpaMsgBytes();
        Polynomial polynomial = polynomialPair.f31039a;
        byte[] s3ToBytes = polynomial.s3ToBytes(owcpaMsgBytes2);
        System.arraycopy(s3ToBytes, 0, bArr, 0, s3ToBytes.length);
        int packTrinaryBytes = owcpaMsgBytes - nTRUParameterSet.packTrinaryBytes();
        Polynomial polynomial2 = polynomialPair.f31040b;
        byte[] s3ToBytes2 = polynomial2.s3ToBytes(packTrinaryBytes);
        System.arraycopy(s3ToBytes2, 0, bArr, nTRUParameterSet.packTrinaryBytes(), s3ToBytes2.length);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        sHA3Digest.update(bArr, 0, owcpaMsgBytes);
        byte[] bArr3 = new byte[sHA3Digest.getDigestSize()];
        sHA3Digest.doFinal(bArr3, 0);
        polynomial.z3ToZq();
        byte[] bArr4 = nTRUPublicKeyParameters.publicKey;
        Polynomial createPolynomial = nTRUParameterSet.createPolynomial();
        Polynomial createPolynomial2 = nTRUParameterSet.createPolynomial();
        createPolynomial.rqSumZeroFromBytes(bArr4);
        createPolynomial2.rqMul(polynomial, createPolynomial);
        createPolynomial.lift(polynomial2);
        for (int i = 0; i < nTRUParameterSet.n(); i++) {
            short[] sArr = createPolynomial2.coeffs;
            sArr[i] = (short) (sArr[i] + createPolynomial.coeffs[i]);
        }
        byte[] rqSumZeroToBytes = createPolynomial2.rqSumZeroToBytes(nTRUParameterSet.ntruCiphertextBytes());
        byte[] copyOfRange = Arrays.copyOfRange(bArr3, 0, nTRUParameterSet.sharedKeyBytes());
        Arrays.clear(bArr3);
        return new SecretWithEncapsulationImpl(copyOfRange, rqSumZeroToBytes);
    }
}
