package org.bouncycastle.pqc.crypto.crystals.kyber;

import com.vungle.ads.internal.protos.Sdk;
import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.util.Arrays;

/* loaded from: classes7.dex */
public class KyberKEMExtractor implements EncapsulatedSecretExtractor {
    private KyberEngine engine;
    private KyberPrivateKeyParameters key;

    public KyberKEMExtractor(KyberPrivateKeyParameters kyberPrivateKeyParameters) {
        this.key = kyberPrivateKeyParameters;
        initCipher(kyberPrivateKeyParameters);
    }

    private void initCipher(AsymmetricKeyParameter asymmetricKeyParameter) {
        this.engine = ((KyberPrivateKeyParameters) asymmetricKeyParameter).getParameters().getEngine();
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public byte[] extractSecret(byte[] bArr) {
        KyberEngine kyberEngine;
        byte[] bArr2;
        byte[] bArr3;
        KyberIndCpa kyberIndCpa;
        KyberEngine kyberEngine2;
        KyberEngine kyberEngine3 = this.engine;
        byte[] privateKey = this.key.getPrivateKey();
        kyberEngine3.getClass();
        byte[] bArr4 = new byte[64];
        byte[] bArr5 = new byte[64];
        byte[] copyOfRange = Arrays.copyOfRange(privateKey, kyberEngine3.i, privateKey.length);
        KyberIndCpa kyberIndCpa2 = kyberEngine3.f30917b;
        KyberEngine kyberEngine4 = kyberIndCpa2.f30923a;
        PolyVec polyVec = new PolyVec(kyberEngine4);
        PolyVec polyVec2 = new PolyVec(kyberEngine4);
        Poly poly = new Poly(kyberEngine4);
        Poly poly2 = new Poly(kyberEngine4);
        int i = kyberEngine4.f30919f;
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 0, i);
        int i2 = polyVec.f30934c;
        int i3 = i2 * Sdk.SDKError.Reason.WEBVIEW_ERROR_VALUE;
        Poly[] polyArr = polyVec.f30932a;
        if (i == i3) {
            short[] sArr = new short[4];
            int i4 = 0;
            int i5 = 0;
            while (i4 < i2) {
                byte[] bArr6 = bArr5;
                KyberIndCpa kyberIndCpa3 = kyberIndCpa2;
                int i6 = 0;
                for (int i7 = 64; i6 < i7; i7 = 64) {
                    int i8 = (copyOfRange2[i5] & 255) >> 0;
                    KyberEngine kyberEngine5 = kyberEngine3;
                    int i9 = copyOfRange2[i5 + 1] & 255;
                    byte[] bArr7 = bArr4;
                    sArr[0] = (short) (((short) (i9 << 8)) | i8);
                    int i10 = copyOfRange2[i5 + 2] & 255;
                    sArr[1] = (short) ((i9 >> 2) | ((short) (i10 << 6)));
                    int i11 = copyOfRange2[i5 + 3] & 255;
                    sArr[2] = (short) ((i10 >> 4) | ((short) (i11 << 4)));
                    sArr[3] = (short) ((i11 >> 6) | ((short) ((copyOfRange2[i5 + 4] & 255) << 2)));
                    i5 += 5;
                    int i12 = 0;
                    while (i12 < 4) {
                        Poly poly3 = polyArr[i4];
                        KyberEngine kyberEngine6 = kyberEngine4;
                        poly3.f30929a[(i6 * 4) + i12] = (short) ((((sArr[i12] & 1023) * 3329) + 512) >> 10);
                        i12++;
                        kyberEngine4 = kyberEngine6;
                    }
                    i6++;
                    bArr4 = bArr7;
                    kyberEngine3 = kyberEngine5;
                }
                i4++;
                kyberIndCpa2 = kyberIndCpa3;
                bArr5 = bArr6;
            }
            kyberEngine = kyberEngine3;
            bArr2 = bArr4;
            bArr3 = bArr5;
            kyberIndCpa = kyberIndCpa2;
            kyberEngine2 = kyberEngine4;
        } else {
            kyberEngine = kyberEngine3;
            bArr2 = bArr4;
            bArr3 = bArr5;
            kyberIndCpa = kyberIndCpa2;
            kyberEngine2 = kyberEngine4;
            if (i != i2 * 352) {
                throw new RuntimeException("Kyber PolyVecCompressedBytes neither 320 * KyberK or 352 * KyberK!");
            }
            short[] sArr2 = new short[8];
            int i13 = 0;
            for (int i14 = 0; i14 < i2; i14++) {
                int i15 = 0;
                while (i15 < 32) {
                    int i16 = (copyOfRange2[i13] & 255) >> 0;
                    int i17 = copyOfRange2[i13 + 1] & 255;
                    sArr2[0] = (short) (i16 | (((short) i17) << 8));
                    int i18 = copyOfRange2[i13 + 2] & 255;
                    sArr2[1] = (short) ((i17 >> 3) | (((short) i18) << 5));
                    int i19 = (i18 >> 6) | (((short) (copyOfRange2[i13 + 3] & 255)) << 2);
                    int i20 = copyOfRange2[i13 + 4] & 255;
                    sArr2[2] = (short) (i19 | ((short) (i20 << 10)));
                    int i21 = i20 >> 1;
                    int i22 = copyOfRange2[i13 + 5] & 255;
                    sArr2[3] = (short) (i21 | (((short) i22) << 7));
                    int i23 = copyOfRange2[i13 + 6] & 255;
                    int i24 = i2;
                    sArr2[4] = (short) ((i22 >> 4) | (((short) i23) << 4));
                    int i25 = (i23 >> 7) | (((short) (copyOfRange2[i13 + 7] & 255)) << 1);
                    int i26 = copyOfRange2[i13 + 8] & 255;
                    sArr2[5] = (short) (i25 | ((short) (i26 << 9)));
                    int i27 = i26 >> 2;
                    int i28 = copyOfRange2[i13 + 9] & 255;
                    sArr2[6] = (short) (i27 | (((short) i28) << 6));
                    sArr2[7] = (short) ((i28 >> 5) | (((short) (copyOfRange2[i13 + 10] & 255)) << 3));
                    i13 += 11;
                    for (int i29 = 0; i29 < 8; i29++) {
                        Poly poly4 = polyArr[i14];
                        poly4.f30929a[(i15 * 8) + i29] = (short) ((((sArr2[i29] & 2047) * 3329) + 1024) >> 11);
                    }
                    i15++;
                    i2 = i24;
                }
            }
        }
        byte[] copyOfRange3 = Arrays.copyOfRange(bArr, i, bArr.length);
        int i30 = poly.f30930b.e;
        if (i30 == 128) {
            int i31 = 0;
            int i32 = 0;
            for (int i33 = 128; i31 < i33; i33 = 128) {
                int i34 = i31 * 2;
                int i35 = copyOfRange3[i32] & 255;
                short[] sArr3 = poly.f30929a;
                sArr3[i34 + 0] = (short) (((((short) (i35 & 15)) * 3329) + 8) >> 4);
                sArr3[i34 + 1] = (short) (((((short) (i35 >> 4)) * 3329) + 8) >> 4);
                i32++;
                i31++;
            }
        } else {
            if (i30 != 160) {
                throw new RuntimeException("PolyCompressedBytes is neither 128 or 160!");
            }
            byte[] bArr8 = new byte[8];
            int i36 = 0;
            for (int i37 = 0; i37 < 32; i37++) {
                int i38 = i36 + 0;
                bArr8[0] = (byte) ((copyOfRange3[i38] & 255) >> 0);
                int i39 = i36 + 1;
                bArr8[1] = (byte) (((copyOfRange3[i38] & 255) >> 5) | ((copyOfRange3[i39] & 255) << 3));
                bArr8[2] = (byte) ((copyOfRange3[i39] & 255) >> 2);
                int i40 = (copyOfRange3[i39] & 255) >> 7;
                int i41 = i36 + 2;
                bArr8[3] = (byte) (i40 | ((copyOfRange3[i41] & 255) << 1));
                int i42 = i36 + 3;
                bArr8[4] = (byte) (((copyOfRange3[i41] & 255) >> 4) | ((copyOfRange3[i42] & 255) << 4));
                bArr8[5] = (byte) ((copyOfRange3[i42] & 255) >> 1);
                int i43 = (copyOfRange3[i42] & 255) >> 6;
                int i44 = i36 + 4;
                bArr8[6] = (byte) (i43 | ((copyOfRange3[i44] & 255) << 2));
                bArr8[7] = (byte) ((copyOfRange3[i44] & 255) >> 3);
                i36 += 5;
                for (int i45 = 0; i45 < 8; i45++) {
                    poly.f30929a[(i37 * 8) + i45] = (short) ((((bArr8[i45] & 31) * 3329) + 16) >> 5);
                }
            }
        }
        polyVec2.a(privateKey);
        polyVec.c();
        PolyVec.b(poly2, polyVec2, polyVec, kyberEngine2);
        poly2.e();
        for (int i46 = 0; i46 < 256; i46++) {
            short s = poly.f30929a[i46];
            short[] sArr4 = poly2.f30929a;
            sArr4[i46] = (short) (s - sArr4[i46]);
        }
        poly2.f();
        int i47 = 32;
        byte[] bArr9 = new byte[32];
        poly2.c();
        int i48 = 0;
        while (i48 < i47) {
            bArr9[i48] = 0;
            for (int i49 = 0; i49 < 8; i49++) {
                bArr9[i48] = (byte) (((byte) (((short) (((((short) (poly2.f30929a[(i48 * 8) + i49] << 1)) + 1664) / 3329) & 1)) << i49)) | bArr9[i48]);
            }
            i48++;
            i47 = 32;
        }
        int i50 = i47;
        byte[] bArr10 = bArr2;
        System.arraycopy(bArr9, 0, bArr10, 0, i50);
        KyberEngine kyberEngine7 = kyberEngine;
        int i51 = kyberEngine7.f30920l;
        System.arraycopy(privateKey, i51 - 64, bArr10, i50, i50);
        Symmetric symmetric = kyberEngine7.o;
        byte[] bArr11 = bArr3;
        symmetric.a(bArr11, bArr10);
        boolean z2 = !Arrays.constantTimeAreEqual(bArr, kyberIndCpa.a(Arrays.copyOfRange(bArr10, 0, i50), copyOfRange, Arrays.copyOfRange(bArr11, i50, 64)));
        symmetric.b(i50, bArr11, bArr);
        byte[] copyOfRange4 = Arrays.copyOfRange(privateKey, i51 - 32, i51);
        if (z2) {
            System.arraycopy(copyOfRange4, 0, bArr11, 0, i50);
        } else {
            System.arraycopy(bArr11, 0, bArr11, 0, i50);
        }
        byte[] bArr12 = new byte[kyberEngine7.f30922n];
        symmetric.c(bArr12, bArr11);
        return bArr12;
    }

    @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
    public int getEncapsulationLength() {
        return this.engine.f30921m;
    }
}
