1 files changed, 63 insertions, 0 deletions

diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java
index ad5ceac..6bcf018 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java
@@ -60,6 +60,69 @@ public class SRP6Util
 
         return val;
     }
+    /** 
+	 * Computes the client evidence message (M1) according to the standard routine:
+	 * M1 = H( A | B | S )
+	 * @param digest The Digest used as the hashing function H
+	 * @param N Modulus used to get the pad length
+	 * @param A The public client value
+	 * @param B The public server value
+	 * @param S The secret calculated by both sides
+	 * @return M1 The calculated client evidence message
+	 */
+	public static BigInteger calculateM1(Digest digest, BigInteger N, BigInteger A, BigInteger B, BigInteger S) {
+		BigInteger M1 = hashPaddedTriplet(digest,N,A,B,S);
+		return M1;
+	}
+
+	/** 
+	 * Computes the server evidence message (M2) according to the standard routine:
+	 * M2 = H( A | M1 | S )
+	 * @param digest The Digest used as the hashing function H
+	 * @param N Modulus used to get the pad length
+	 * @param A The public client value
+	 * @param M1 The client evidence message
+	 * @param S The secret calculated by both sides
+	 * @return M2 The calculated server evidence message
+	 */
+	public static BigInteger calculateM2(Digest digest, BigInteger N, BigInteger A, BigInteger M1, BigInteger S){
+		BigInteger M2 = hashPaddedTriplet(digest,N,A,M1,S);
+		return M2;
+	}
+
+	/**
+	 * Computes the final Key according to the standard routine: Key = H(S)
+	 * @param digest The Digest used as the hashing function H
+	 * @param N Modulus used to get the pad length
+	 * @param S The secret calculated by both sides
+	 * @return
+	 */
+	public static BigInteger calculateKey(Digest digest, BigInteger N, BigInteger S) {
+		int padLength = (N.bitLength() + 7) / 8;
+		byte[] _S = getPadded(S,padLength);
+		digest.update(_S, 0, _S.length);
+		
+		byte[] output = new byte[digest.getDigestSize()];
+        digest.doFinal(output, 0);
+        return new BigInteger(1, output);
+	}
+	
+	private static BigInteger hashPaddedTriplet(Digest digest, BigInteger N, BigInteger n1, BigInteger n2, BigInteger n3){
+        int padLength = (N.bitLength() + 7) / 8;
+
+        byte[] n1_bytes = getPadded(n1, padLength);
+        byte[] n2_bytes = getPadded(n2, padLength);
+        byte[] n3_bytes = getPadded(n3, padLength);
+
+        digest.update(n1_bytes, 0, n1_bytes.length);
+        digest.update(n2_bytes, 0, n2_bytes.length);
+        digest.update(n3_bytes, 0, n3_bytes.length);
+
+        byte[] output = new byte[digest.getDigestSize()];
+        digest.doFinal(output, 0);
+
+        return new BigInteger(1, output);
+    }
 
     private static BigInteger hashPaddedPair(Digest digest, BigInteger N, BigInteger n1, BigInteger n2)
     {