package org.spongycastle.pqc.crypto.newhope;

import com.google.crypto.tink.shaded.protobuf.ByteString;
import java.security.SecureRandom;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.spongycastle.crypto.digests.SHA3Digest;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.pqc.crypto.ExchangePair;
import org.spongycastle.pqc.crypto.ExchangePairGenerator;

/* loaded from: classes3.dex */
public class NHExchangePairGenerator implements ExchangePairGenerator {

    /* renamed from: a, reason: collision with root package name */
    public final SecureRandom f29033a;

    public NHExchangePairGenerator(SecureRandom secureRandom) {
        this.f29033a = secureRandom;
    }

    public final ExchangePair a(AsymmetricKeyParameter asymmetricKeyParameter) {
        byte[] bArr = new byte[32];
        byte[] bArr2 = new byte[2048];
        SecureRandom secureRandom = this.f29033a;
        byte[] bArr3 = ((NHPublicKeyParameters) asymmetricKeyParameter).f29036c;
        short[] sArr = new short[ByteArrayOutputStream.DEFAULT_SIZE];
        byte[] bArr4 = new byte[32];
        Poly.b(bArr3, sArr);
        int i13 = 0;
        System.arraycopy(bArr3, 1792, bArr4, 0, 32);
        short[] sArr2 = new short[ByteArrayOutputStream.DEFAULT_SIZE];
        NewHope.a(bArr4, sArr2);
        byte[] bArr5 = new byte[32];
        secureRandom.nextBytes(bArr5);
        short[] sArr3 = new short[ByteArrayOutputStream.DEFAULT_SIZE];
        Poly.d(sArr3, bArr5, (byte) 0);
        short[] sArr4 = Precomp.f29040c;
        for (int i14 = 0; i14 < 1024; i14++) {
            sArr3[i14] = Reduce.a((sArr3[i14] & 65535) * (65535 & sArr4[i14]));
        }
        NTT.a(sArr3, Precomp.f29038a);
        short[] sArr5 = new short[ByteArrayOutputStream.DEFAULT_SIZE];
        int i15 = 1;
        Poly.d(sArr5, bArr5, (byte) 1);
        short[] sArr6 = Precomp.f29040c;
        for (int i16 = 0; i16 < 1024; i16++) {
            sArr5[i16] = Reduce.a((sArr5[i16] & 65535) * (sArr6[i16] & 65535));
        }
        NTT.a(sArr5, Precomp.f29038a);
        short[] sArr7 = new short[ByteArrayOutputStream.DEFAULT_SIZE];
        Poly.f(sArr2, sArr3, sArr7);
        Poly.a(sArr7, sArr5, sArr7);
        short[] sArr8 = new short[ByteArrayOutputStream.DEFAULT_SIZE];
        Poly.f(sArr, sArr3, sArr8);
        Poly.c(sArr8);
        short[] sArr9 = new short[ByteArrayOutputStream.DEFAULT_SIZE];
        Poly.d(sArr9, bArr5, (byte) 2);
        Poly.a(sArr8, sArr9, sArr8);
        short[] sArr10 = new short[ByteArrayOutputStream.DEFAULT_SIZE];
        byte[] bArr6 = new byte[8];
        bArr6[0] = 3;
        byte[] bArr7 = new byte[32];
        ChaCha20.a(32, bArr5, bArr6, bArr7);
        int[] iArr = new int[8];
        int i17 = 0;
        while (i17 < 256) {
            int i18 = i17 + 0;
            int i19 = ((bArr7[i17 >>> 3] >>> (i17 & 7)) & i15) * 4;
            int a13 = ErrorCorrection.a(iArr, i13, 4, (sArr8[i18] * 8) + i19);
            int i23 = i17 + ByteString.MIN_READ_FROM_CHUNK_SIZE;
            int i24 = i17 + 512;
            int i25 = i17 + 768;
            int a14 = (24577 - (((a13 + ErrorCorrection.a(iArr, i15, 5, (sArr8[i23] * 8) + i19)) + ErrorCorrection.a(iArr, 2, 6, (sArr8[i24] * 8) + i19)) + ErrorCorrection.a(iArr, 3, 7, (sArr8[i25] * 8) + i19))) >> 31;
            int i26 = ~a14;
            int i27 = (i26 & iArr[0]) ^ (iArr[4] & a14);
            int i28 = (iArr[1] & i26) ^ (iArr[5] & a14);
            int i29 = (iArr[2] & i26) ^ (iArr[6] & a14);
            int i33 = (iArr[7] & a14) ^ (i26 & iArr[3]);
            sArr10[i18] = (short) ((i27 - i33) & 3);
            sArr10[i23] = (short) ((i28 - i33) & 3);
            sArr10[i24] = (short) ((i29 - i33) & 3);
            sArr10[i25] = (short) (((i33 * 2) + (-a14)) & 3);
            i17++;
            i15 = 1;
            i13 = 0;
        }
        Poly.g(bArr2, sArr7);
        for (int i34 = 0; i34 < 256; i34++) {
            int i35 = i34 * 4;
            bArr2[i34 + 1792] = (byte) ((sArr10[i35 + 3] << 6) | sArr10[i35] | (sArr10[i35 + 1] << 2) | (sArr10[i35 + 2] << 4));
        }
        ErrorCorrection.c(bArr, sArr8, sArr10);
        SHA3Digest sHA3Digest = new SHA3Digest(ByteString.MIN_READ_FROM_CHUNK_SIZE);
        sHA3Digest.update(bArr, 0, 32);
        sHA3Digest.d(0, bArr);
        return new ExchangePair(new NHPublicKeyParameters(bArr2), bArr);
    }
}
