package org.spongycastle.pqc.crypto.newhope;

import java.security.SecureRandom;
import org.spongycastle.asn1.cmp.PKIFailureInfo;
import org.spongycastle.crypto.digests.SHA3Digest;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.pqc.crypto.ExchangePair;
import org.spongycastle.pqc.crypto.ExchangePairGenerator;

/* loaded from: classes5.dex */
public class NHExchangePairGenerator implements ExchangePairGenerator {
    private final SecureRandom random;

    public NHExchangePairGenerator(SecureRandom secureRandom) {
        this.random = secureRandom;
    }

    public ExchangePair GenerateExchange(AsymmetricKeyParameter asymmetricKeyParameter) {
        return generateExchange(asymmetricKeyParameter);
    }

    public ExchangePair generateExchange(AsymmetricKeyParameter asymmetricKeyParameter) {
        byte[] bArr = new byte[32];
        byte[] bArr2 = new byte[PKIFailureInfo.wrongIntegrity];
        SecureRandom secureRandom = this.random;
        byte[] bArr3 = ((NHPublicKeyParameters) asymmetricKeyParameter).pubData;
        short[] sArr = new short[1024];
        byte[] bArr4 = new byte[32];
        Poly.b(sArr, bArr3);
        int i2 = 0;
        System.arraycopy(bArr3, 1792, bArr4, 0, 32);
        short[] sArr2 = new short[1024];
        NewHope.a(sArr2, bArr4);
        byte[] bArr5 = new byte[32];
        secureRandom.nextBytes(bArr5);
        short[] sArr3 = new short[1024];
        Poly.c(sArr3, bArr5, (byte) 0);
        Poly.g(sArr3);
        short[] sArr4 = new short[1024];
        int i3 = 1;
        Poly.c(sArr4, bArr5, (byte) 1);
        Poly.g(sArr4);
        short[] sArr5 = new short[1024];
        Poly.e(sArr2, sArr3, sArr5);
        Poly.a(sArr5, sArr4, sArr5);
        short[] sArr6 = new short[1024];
        Poly.e(sArr, sArr3, sArr6);
        NTT.a(sArr6);
        NTT.b(sArr6, Precomp.f20768b);
        NTT.c(sArr6, Precomp.f20770d);
        short[] sArr7 = new short[1024];
        Poly.c(sArr7, bArr5, (byte) 2);
        Poly.a(sArr6, sArr7, sArr6);
        short[] sArr8 = new short[1024];
        byte[] bArr6 = new byte[8];
        bArr6[0] = 3;
        byte[] bArr7 = new byte[32];
        ChaCha20.a(bArr5, bArr6, bArr7, 0, 32);
        int[] iArr = new int[8];
        int i4 = 4;
        int[] iArr2 = new int[4];
        int i5 = 0;
        while (i5 < 256) {
            int i6 = i5 + 0;
            int i7 = ((bArr7[i5 >>> 3] >>> (i5 & 7)) & i3) * 4;
            int a2 = ErrorCorrection.a(iArr, i2, i4, (sArr6[i6] * 8) + i7);
            int i8 = i5 + 256;
            int i9 = i5 + 512;
            int i10 = i5 + 768;
            int a3 = (24577 - (((a2 + ErrorCorrection.a(iArr, i3, 5, (sArr6[i8] * 8) + i7)) + ErrorCorrection.a(iArr, 2, 6, (sArr6[i9] * 8) + i7)) + ErrorCorrection.a(iArr, 3, 7, (sArr6[i10] * 8) + i7))) >> 31;
            int i11 = ~a3;
            iArr2[0] = (i11 & iArr[0]) ^ (a3 & iArr[4]);
            iArr2[1] = (i11 & iArr[1]) ^ (a3 & iArr[5]);
            iArr2[2] = (i11 & iArr[2]) ^ (a3 & iArr[6]);
            iArr2[3] = (i11 & iArr[3]) ^ (iArr[7] & a3);
            sArr8[i6] = (short) ((iArr2[0] - iArr2[3]) & 3);
            sArr8[i8] = (short) ((iArr2[1] - iArr2[3]) & 3);
            sArr8[i9] = (short) ((iArr2[2] - iArr2[3]) & 3);
            sArr8[i10] = (short) (((iArr2[3] * 2) + (-a3)) & 3);
            i5++;
            i4 = 4;
            i2 = 0;
            i3 = 1;
        }
        Poly.f(bArr2, sArr5);
        for (int i12 = 0; i12 < 256; i12++) {
            int i13 = i12 * 4;
            bArr2[i12 + 1792] = (byte) ((sArr8[i13 + 3] << 6) | sArr8[i13] | (sArr8[i13 + 1] << 2) | (sArr8[i13 + 2] << 4));
        }
        ErrorCorrection.c(bArr, sArr6, sArr8);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        sHA3Digest.update(bArr, 0, 32);
        sHA3Digest.doFinal(bArr, 0);
        return new ExchangePair(new NHPublicKeyParameters(bArr2), bArr);
    }
}
