package org.bouncycastle.pqc.jcajce.provider.newhope;

import com.umeng.commonsdk.framework.c;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.ShortBufferException;
import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi;
import org.bouncycastle.pqc.crypto.newhope.ChaCha20;
import org.bouncycastle.pqc.crypto.newhope.ErrorCorrection;
import org.bouncycastle.pqc.crypto.newhope.NHAgreement;
import org.bouncycastle.pqc.crypto.newhope.NHExchangePairGenerator;
import org.bouncycastle.pqc.crypto.newhope.NHPrivateKeyParameters;
import org.bouncycastle.pqc.crypto.newhope.NHPublicKeyParameters;
import org.bouncycastle.pqc.crypto.newhope.NewHope;
import org.bouncycastle.pqc.crypto.newhope.Poly;
import org.bouncycastle.util.Arrays;

/* loaded from: classes2.dex */
public class KeyAgreementSpi extends BaseAgreementSpi {
    public NHAgreement i;
    public BCNHPublicKey j;
    public NHExchangePairGenerator k;
    public byte[] l;

    public KeyAgreementSpi() {
        super("NH", null);
    }

    @Override // org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi
    public byte[] a() {
        return engineGenerateSecret();
    }

    @Override // javax.crypto.KeyAgreementSpi
    public Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        if (!z) {
            throw new IllegalStateException("NewHope can only be between two parties.");
        }
        BCNHPublicKey bCNHPublicKey = (BCNHPublicKey) key;
        this.j = bCNHPublicKey;
        NHExchangePairGenerator nHExchangePairGenerator = this.k;
        int i = 256;
        int i2 = 0;
        if (nHExchangePairGenerator == null) {
            NHAgreement nHAgreement = this.i;
            NHPublicKeyParameters nHPublicKeyParameters = bCNHPublicKey.a;
            if (nHAgreement == null) {
                throw null;
            }
            byte[] bArr = new byte[32];
            short[] sArr = nHAgreement.a.b;
            byte[] bArr2 = nHPublicKeyParameters.b;
            short[] sArr2 = new short[1024];
            short[] sArr3 = new short[1024];
            Poly.a(sArr2, bArr2);
            for (int i3 = 0; i3 < 256; i3++) {
                int i4 = i3 * 4;
                int i5 = bArr2[i3 + 1792] & 255;
                sArr3[i4 + 0] = (short) (i5 & 3);
                sArr3[i4 + 1] = (short) ((i5 >>> 2) & 3);
                sArr3[i4 + 2] = (short) ((i5 >>> 4) & 3);
                sArr3[i4 + 3] = (short) (i5 >>> 6);
            }
            short[] sArr4 = new short[1024];
            Poly.b(sArr, sArr2, sArr4);
            Poly.a(sArr4);
            ErrorCorrection.a(bArr, sArr4, sArr3);
            NewHope.a(bArr);
            this.l = bArr;
            return null;
        }
        NHPublicKeyParameters nHPublicKeyParameters2 = bCNHPublicKey.a;
        byte[] bArr3 = new byte[32];
        byte[] bArr4 = new byte[2048];
        SecureRandom secureRandom = nHExchangePairGenerator.a;
        byte[] bArr5 = nHPublicKeyParameters2.b;
        short[] sArr5 = new short[1024];
        byte[] bArr6 = new byte[32];
        Poly.a(sArr5, bArr5);
        System.arraycopy(bArr5, 1792, bArr6, 0, 32);
        short[] sArr6 = new short[1024];
        NewHope.a(sArr6, bArr6);
        byte[] bArr7 = new byte[32];
        secureRandom.nextBytes(bArr7);
        short[] sArr7 = new short[1024];
        Poly.a(sArr7, bArr7, (byte) 0);
        Poly.b(sArr7);
        short[] sArr8 = new short[1024];
        int i6 = 1;
        Poly.a(sArr8, bArr7, (byte) 1);
        Poly.b(sArr8);
        short[] sArr9 = new short[1024];
        Poly.b(sArr6, sArr7, sArr9);
        Poly.a(sArr9, sArr8, sArr9);
        short[] sArr10 = new short[1024];
        Poly.b(sArr5, sArr7, sArr10);
        Poly.a(sArr10);
        short[] sArr11 = new short[1024];
        Poly.a(sArr11, bArr7, (byte) 2);
        Poly.a(sArr10, sArr11, sArr10);
        short[] sArr12 = new short[1024];
        byte[] bArr8 = new byte[8];
        bArr8[0] = 3;
        byte[] bArr9 = new byte[32];
        ChaCha20.a(bArr7, bArr8, bArr9, 0, 32);
        int[] iArr = new int[8];
        int i7 = 4;
        int[] iArr2 = new int[4];
        int i8 = 0;
        while (i8 < i) {
            int i9 = i8 + 0;
            int i10 = ((bArr9[i8 >>> 3] >>> (i8 & 7)) & 1) * 4;
            int a = ErrorCorrection.a(iArr, i2, i7, (sArr10[i9] * 8) + i10);
            int i11 = i8 + 256;
            int a2 = ErrorCorrection.a(iArr, i6, 5, (sArr10[i11] * 8) + i10) + a;
            int i12 = i8 + 512;
            int a3 = ErrorCorrection.a(iArr, 2, 6, (sArr10[i12] * 8) + i10) + a2;
            int i13 = i8 + c.h;
            int i14 = (sArr10[i13] * 8) + i10;
            byte[] bArr10 = bArr9;
            int a4 = (24577 - (ErrorCorrection.a(iArr, 3, 7, i14) + a3)) >> 31;
            int i15 = ~a4;
            iArr2[0] = (i15 & iArr[0]) ^ (a4 & iArr[4]);
            iArr2[1] = (i15 & iArr[1]) ^ (a4 & iArr[5]);
            iArr2[2] = (i15 & iArr[2]) ^ (iArr[6] & a4);
            iArr2[3] = (i15 & iArr[3]) ^ (iArr[7] & a4);
            sArr12[i9] = (short) ((iArr2[0] - iArr2[3]) & 3);
            i6 = 1;
            sArr12[i11] = (short) ((iArr2[1] - iArr2[3]) & 3);
            sArr12[i12] = (short) ((iArr2[2] - iArr2[3]) & 3);
            sArr12[i13] = (short) (((iArr2[3] * 2) + (-a4)) & 3);
            i8++;
            bArr9 = bArr10;
            i = 256;
            i2 = 0;
            i7 = 4;
        }
        Poly.a(bArr4, sArr9);
        int i16 = 0;
        for (int i17 = 256; i16 < i17; i17 = 256) {
            int i18 = i16 * 4;
            bArr4[i16 + 1792] = (byte) ((sArr12[i18 + 3] << 6) | sArr12[i18] | (sArr12[i18 + 1] << 2) | (sArr12[i18 + 2] << 4));
            i16++;
        }
        ErrorCorrection.a(bArr3, sArr10, sArr12);
        NewHope.a(bArr3);
        NHPublicKeyParameters nHPublicKeyParameters3 = new NHPublicKeyParameters(bArr4);
        this.l = Arrays.b(Arrays.b(bArr3));
        return new BCNHPublicKey(nHPublicKeyParameters3);
    }

    @Override // org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi, javax.crypto.KeyAgreementSpi
    public int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        byte[] bArr2 = this.l;
        System.arraycopy(bArr2, 0, bArr, i, bArr2.length);
        Arrays.a(this.l, (byte) 0);
        return this.l.length;
    }

    @Override // org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi, javax.crypto.KeyAgreementSpi
    public byte[] engineGenerateSecret() throws IllegalStateException {
        byte[] b = Arrays.b(this.l);
        Arrays.a(this.l, (byte) 0);
        return b;
    }

    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (key == null) {
            this.k = new NHExchangePairGenerator(secureRandom);
            return;
        }
        NHAgreement nHAgreement = new NHAgreement();
        this.i = nHAgreement;
        NHPrivateKeyParameters nHPrivateKeyParameters = ((BCNHPrivateKey) key).a;
        if (nHAgreement == null) {
            throw null;
        }
        nHAgreement.a = nHPrivateKeyParameters;
    }

    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        throw new InvalidAlgorithmParameterException("NewHope does not require parameters");
    }
}
