package org.bouncycastle.pqc.crypto.crystals.kyber;

import org.bouncycastle.crypto.EncapsulatedSecretExtractor;
import org.bouncycastle.util.Arrays;

/* loaded from: classes6.dex */
public class KyberKEMExtractor implements EncapsulatedSecretExtractor {
    public KyberEngine engine;
    public KyberPrivateKeyParameters key;

    public KyberKEMExtractor(KyberPrivateKeyParameters kyberPrivateKeyParameters) {
        this.key = kyberPrivateKeyParameters;
        KyberParameters kyberParameters = kyberPrivateKeyParameters.params;
        this.engine = new KyberEngine(kyberParameters.k, kyberParameters.usingAes);
    }

    public final byte[] extractSecret(byte[] bArr) {
        KyberEngine kyberEngine;
        byte[] bArr2;
        byte[] bArr3;
        KyberEngine kyberEngine2 = this.engine;
        byte[] privateKey = this.key.getPrivateKey();
        byte[] bArr4 = new byte[64];
        byte[] bArr5 = new byte[64];
        byte[] copyOfRange = Arrays.copyOfRange(privateKey, kyberEngine2.KyberIndCpaSecretKeyBytes, privateKey.length);
        KyberIndCpa kyberIndCpa = kyberEngine2.indCpa;
        PolyVec polyVec = new PolyVec(kyberIndCpa.engine);
        PolyVec polyVec2 = new PolyVec(kyberIndCpa.engine);
        Poly poly = new Poly(kyberIndCpa.engine);
        Poly poly2 = new Poly(kyberIndCpa.engine);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 0, kyberIndCpa.engine.KyberPolyVecCompressedBytes);
        int i = polyVec.engine.KyberPolyVecCompressedBytes;
        int i2 = polyVec.kyberK;
        if (i == i2 * 320) {
            short[] sArr = new short[4];
            int i3 = 0;
            int i4 = 0;
            while (i3 < polyVec.kyberK) {
                byte[] bArr6 = copyOfRange;
                int i5 = 0;
                while (i5 < 64) {
                    int i6 = (copyOfRange2[i4] & 255) >> 0;
                    byte[] bArr7 = bArr5;
                    int i7 = copyOfRange2[i4 + 1] & 255;
                    KyberEngine kyberEngine3 = kyberEngine2;
                    sArr[0] = (short) (((short) (i7 << 8)) | i6);
                    int i8 = i7 >> 2;
                    int i9 = copyOfRange2[i4 + 2] & 255;
                    sArr[1] = (short) (i8 | ((short) (i9 << 6)));
                    int i10 = copyOfRange2[i4 + 3] & 255;
                    sArr[2] = (short) ((i9 >> 4) | ((short) (i10 << 4)));
                    sArr[3] = (short) ((i10 >> 6) | ((short) ((copyOfRange2[i4 + 4] & 255) << 2)));
                    i4 += 5;
                    int i11 = 0;
                    while (i11 < 4) {
                        Poly poly3 = polyVec.vec[i3];
                        int i12 = i4;
                        poly3.coeffs[(i5 * 4) + i11] = (short) ((((sArr[i11] & 1023) * 3329) + 512) >> 10);
                        i11++;
                        i4 = i12;
                    }
                    i5++;
                    kyberEngine2 = kyberEngine3;
                    bArr5 = bArr7;
                }
                i3++;
                copyOfRange = bArr6;
            }
            kyberEngine = kyberEngine2;
            bArr2 = bArr5;
            bArr3 = copyOfRange;
        } else {
            kyberEngine = kyberEngine2;
            bArr2 = bArr5;
            bArr3 = copyOfRange;
            if (i != i2 * 352) {
                throw new RuntimeException("Kyber PolyVecCompressedBytes neither 320 * KyberK or 352 * KyberK!");
            }
            short[] sArr2 = new short[8];
            int i13 = 0;
            for (int i14 = 0; i14 < polyVec.kyberK; i14++) {
                int i15 = 0;
                while (i15 < 32) {
                    int i16 = (copyOfRange2[i13] & 255) >> 0;
                    int i17 = copyOfRange2[i13 + 1] & 255;
                    sArr2[0] = (short) (i16 | (((short) i17) << 8));
                    int i18 = copyOfRange2[i13 + 2] & 255;
                    sArr2[1] = (short) ((i17 >> 3) | (((short) i18) << 5));
                    int i19 = (i18 >> 6) | (((short) (copyOfRange2[i13 + 3] & 255)) << 2);
                    int i20 = copyOfRange2[i13 + 4] & 255;
                    sArr2[2] = (short) (i19 | ((short) (i20 << 10)));
                    int i21 = i20 >> 1;
                    int i22 = copyOfRange2[i13 + 5] & 255;
                    sArr2[3] = (short) (i21 | (((short) i22) << 7));
                    int i23 = copyOfRange2[i13 + 6] & 255;
                    byte[] bArr8 = bArr4;
                    sArr2[4] = (short) ((((short) i23) << 4) | (i22 >> 4));
                    int i24 = (i23 >> 7) | (((short) (copyOfRange2[i13 + 7] & 255)) << 1);
                    int i25 = copyOfRange2[i13 + 8] & 255;
                    sArr2[5] = (short) (i24 | ((short) (i25 << 9)));
                    int i26 = i25 >> 2;
                    int i27 = copyOfRange2[i13 + 9] & 255;
                    sArr2[6] = (short) (i26 | (((short) i27) << 6));
                    sArr2[7] = (short) ((i27 >> 5) | (((short) (copyOfRange2[i13 + 10] & 255)) << 3));
                    i13 += 11;
                    for (int i28 = 0; i28 < 8; i28++) {
                        Poly poly4 = polyVec.vec[i14];
                        poly4.coeffs[(i15 * 8) + i28] = (short) ((((sArr2[i28] & 2047) * 3329) + 1024) >> 11);
                    }
                    i15++;
                    bArr4 = bArr8;
                }
            }
        }
        byte[] bArr9 = bArr4;
        byte[] copyOfRange3 = Arrays.copyOfRange(bArr, kyberIndCpa.engine.KyberPolyVecCompressedBytes, bArr.length);
        int i29 = poly.engine.KyberPolyCompressedBytes;
        if (i29 == 128) {
            int i30 = 0;
            int i31 = 0;
            for (int i32 = 128; i30 < i32; i32 = 128) {
                int i33 = i30 * 2;
                int i34 = copyOfRange3[i31] & 255;
                short[] sArr3 = poly.coeffs;
                sArr3[i33 + 0] = (short) (((((short) (i34 & 15)) * 3329) + 8) >> 4);
                sArr3[i33 + 1] = (short) (((((short) (i34 >> 4)) * 3329) + 8) >> 4);
                i31++;
                i30++;
            }
        } else {
            if (i29 != 160) {
                throw new RuntimeException("PolyCompressedBytes is neither 128 or 160!");
            }
            byte[] bArr10 = new byte[8];
            int i35 = 0;
            for (int i36 = 0; i36 < 32; i36++) {
                int i37 = i35 + 0;
                bArr10[0] = (byte) ((copyOfRange3[i37] & 255) >> 0);
                int i38 = i35 + 1;
                bArr10[1] = (byte) (((copyOfRange3[i37] & 255) >> 5) | ((copyOfRange3[i38] & 255) << 3));
                bArr10[2] = (byte) ((copyOfRange3[i38] & 255) >> 2);
                int i39 = (copyOfRange3[i38] & 255) >> 7;
                int i40 = i35 + 2;
                bArr10[3] = (byte) (i39 | ((copyOfRange3[i40] & 255) << 1));
                int i41 = i35 + 3;
                bArr10[4] = (byte) (((copyOfRange3[i40] & 255) >> 4) | ((copyOfRange3[i41] & 255) << 4));
                bArr10[5] = (byte) ((copyOfRange3[i41] & 255) >> 1);
                int i42 = (copyOfRange3[i41] & 255) >> 6;
                int i43 = i35 + 4;
                bArr10[6] = (byte) (i42 | ((copyOfRange3[i43] & 255) << 2));
                bArr10[7] = (byte) ((copyOfRange3[i43] & 255) >> 3);
                i35 += 5;
                for (int i44 = 0; i44 < 8; i44++) {
                    poly.coeffs[(i36 * 8) + i44] = (short) ((((bArr10[i44] & 31) * 3329) + 16) >> 5);
                }
            }
        }
        polyVec2.fromBytes(privateKey);
        polyVec.polyVecNtt();
        PolyVec.pointwiseAccountMontgomery(poly2, polyVec2, polyVec, kyberIndCpa.engine);
        poly2.polyInverseNttToMont();
        for (int i45 = 0; i45 < 256; i45++) {
            short s = poly.coeffs[i45];
            short[] sArr4 = poly2.coeffs;
            sArr4[i45] = (short) (s - sArr4[i45]);
        }
        poly2.reduce();
        int i46 = 32;
        byte[] bArr11 = new byte[32];
        poly2.conditionalSubQ();
        int i47 = 0;
        while (i47 < i46) {
            bArr11[i47] = 0;
            for (int i48 = 0; i48 < 8; i48++) {
                bArr11[i47] = (byte) (((byte) (((short) (((((short) (poly2.coeffs[(i47 * 8) + i48] << 1)) + 1664) / 3329) & 1)) << i48)) | bArr11[i47]);
            }
            i47++;
            i46 = 32;
        }
        int i49 = i46;
        System.arraycopy(bArr11, 0, bArr9, 0, i49);
        KyberEngine kyberEngine4 = kyberEngine;
        System.arraycopy(privateKey, kyberEngine4.KyberSecretKeyBytes - 64, bArr9, i49, i49);
        byte[] bArr12 = bArr2;
        kyberEngine4.symmetric.hash_g(bArr12, bArr9);
        boolean z = !Arrays.constantTimeAreEqual(bArr, kyberEngine4.indCpa.encrypt(Arrays.copyOfRange(bArr9, 0, i49), bArr3, Arrays.copyOfRange(bArr12, i49, 64)));
        kyberEngine4.symmetric.hash_h(i49, bArr12, bArr);
        int i50 = kyberEngine4.KyberSecretKeyBytes;
        byte[] copyOfRange4 = Arrays.copyOfRange(privateKey, i50 - 32, i50);
        if (z) {
            System.arraycopy(copyOfRange4, 0, bArr12, 0, i49);
        } else {
            System.arraycopy(bArr12, 0, bArr12, 0, i49);
        }
        byte[] bArr13 = new byte[kyberEngine4.sessionKeyLength];
        kyberEngine4.symmetric.kdf(bArr13, bArr12);
        return bArr13;
    }

    public final int getEncapsulationLength() {
        return this.engine.CryptoCipherTextBytes;
    }
}
