From bf5a24bf5cd8de2aa7f9874fd16330957ed57585 Mon Sep 17 00:00:00 2001
From: Andreas Schultz <aschultz@tpip.net>
Date: Thu, 20 Sep 2012 14:28:47 +0200
Subject: SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suites

---
 lib/ssl/src/ssl_handshake.erl | 130 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 126 insertions(+), 4 deletions(-)

(limited to 'lib/ssl/src/ssl_handshake.erl')

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 889d310ca8..d0bf710e03 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -372,6 +372,8 @@ certificate_request(ConnectionStates, CertDbHandle, CertDbRef) ->
 		   {premaster_secret, binary(), public_key_info()} |
 		   {dh, binary()} |
 		   {dh, {binary(), binary()}, #'DHParameter'{}, {HashAlgo::atom(), SignAlgo::atom()},
+		   {psk, binary()} |
+		   {dhe_psk, binary(), binary()},
 		   binary(), binary(), private_key()}) ->
     #client_key_exchange{} | #server_key_exchange{}.
 %%
@@ -388,6 +390,27 @@ key_exchange(client, _Version, {dh, <<?UINT32(Len), PublicKey:Len/binary>>}) ->
 		dh_public = PublicKey}
 	       };
 
+key_exchange(client, _Version, {psk, Identity}) ->
+    #client_key_exchange{
+	      exchange_keys = #client_psk_identity{
+		identity = Identity}
+	       };
+
+key_exchange(client, _Version, {dhe_psk, Identity, <<?UINT32(Len), PublicKey:Len/binary>>}) ->
+    #client_key_exchange{
+	      exchange_keys = #client_dhe_psk_identity{
+		identity = Identity,
+		dh_public = PublicKey}
+	       };
+
+key_exchange(client, _Version, {psk_premaster_secret, PskIdentity, Secret, {_, PublicKey, _}}) ->
+    EncPremasterSecret =
+	encrypted_premaster_secret(Secret, PublicKey),
+    #client_key_exchange{
+		exchange_keys = #client_rsa_psk_identity{
+		  identity = PskIdentity,
+		  exchange_keys = EncPremasterSecret}};
+
 key_exchange(server, Version, {dh, {<<?UINT32(Len), PublicKey:Len/binary>>, _},
 		      #'DHParameter'{prime = P, base = G},
 		      HashSign, ClientRandom, ServerRandom, PrivateKey}) ->
@@ -396,6 +419,25 @@ key_exchange(server, Version, {dh, {<<?UINT32(Len), PublicKey:Len/binary>>, _},
     ServerDHParams = #server_dh_params{dh_p = PBin, 
 				       dh_g = GBin, dh_y = PublicKey},    
     enc_server_key_exchange(Version, ServerDHParams, HashSign,
+			    ClientRandom, ServerRandom, PrivateKey);
+
+key_exchange(server, Version, {psk, PskIdentityHint,
+			       HashSign, ClientRandom, ServerRandom, PrivateKey}) ->
+    ServerPSKParams = #server_psk_params{hint = PskIdentityHint},
+    enc_server_key_exchange(Version, ServerPSKParams, HashSign,
+			    ClientRandom, ServerRandom, PrivateKey);
+
+key_exchange(server, Version, {dhe_psk, PskIdentityHint, {<<?UINT32(Len), PublicKey:Len/binary>>, _},
+			       #'DHParameter'{prime = P, base = G},
+			       HashSign, ClientRandom, ServerRandom, PrivateKey}) ->
+    <<?UINT32(_), PBin/binary>> = crypto:mpint(P),
+    <<?UINT32(_), GBin/binary>> = crypto:mpint(G),
+    ServerEDHPSKParams = #server_dhe_psk_params{
+      hint = PskIdentityHint,
+      dh_params = #server_dh_params{dh_p = PBin,
+				    dh_g = GBin, dh_y = PublicKey}
+     },
+    enc_server_key_exchange(Version, ServerEDHPSKParams, HashSign,
 			    ClientRandom, ServerRandom, PrivateKey).
 
 enc_server_key_exchange(Version, Params, {HashAlgo, SignAlgo},
@@ -525,7 +567,11 @@ get_tls_handshake(Version, Data, Buffer) ->
 
 %%--------------------------------------------------------------------
 -spec decode_client_key(binary(), key_algo(), tls_version()) ->
-			    #encrypted_premaster_secret{} | #client_diffie_hellman_public{}.
+			    #encrypted_premaster_secret{}
+			    | #client_diffie_hellman_public{}
+			    | #client_psk_identity{}
+			    | #client_dhe_psk_identity{}
+			    | #client_rsa_psk_identity{}.
 %%
 %% Description: Decode client_key data and return appropriate type
 %%--------------------------------------------------------------------
@@ -1029,7 +1075,20 @@ dec_client_key(<<>>, ?KEY_EXCHANGE_DIFFIE_HELLMAN, _) ->
     throw(?ALERT_REC(?FATAL, ?UNSUPPORTED_CERTIFICATE));
 dec_client_key(<<?UINT16(DH_YLen), DH_Y:DH_YLen/binary>>,
 	       ?KEY_EXCHANGE_DIFFIE_HELLMAN, _) ->
-    #client_diffie_hellman_public{dh_public = DH_Y}.
+    #client_diffie_hellman_public{dh_public = DH_Y};
+dec_client_key(<<?UINT16(Len), Id:Len/binary>>,
+	       ?KEY_EXCHANGE_PSK, _) ->
+    #client_psk_identity{identity = Id};
+dec_client_key(<<?UINT16(Len), Id:Len/binary,
+		 ?UINT16(DH_YLen), DH_Y:DH_YLen/binary>>,
+	       ?KEY_EXCHANGE_DHE_PSK, _) ->
+    #client_dhe_psk_identity{identity = Id, dh_public = DH_Y};
+dec_client_key(<<?UINT16(Len), Id:Len/binary, PKEPMS/binary>>,
+	       ?KEY_EXCHANGE_RSA_PSK, {3, 0}) ->
+    #client_rsa_psk_identity{identity = Id, exchange_keys = #encrypted_premaster_secret{premaster_secret = PKEPMS}};
+dec_client_key(<<?UINT16(Len), Id:Len/binary, ?UINT16(_), PKEPMS/binary>>,
+	       ?KEY_EXCHANGE_RSA_PSK, _) ->
+    #client_rsa_psk_identity{identity = Id, exchange_keys = #encrypted_premaster_secret{premaster_secret = PKEPMS}}.
 
 dec_ske_params(Len, Keys, Version) ->
     <<Params:Len/bytes, Signature/binary>> = Keys,
@@ -1064,6 +1123,30 @@ dec_server_key(<<?UINT16(PLen), P:PLen/binary,
 		       params_bin = BinMsg,
 		       hashsign = HashSign,
 		       signature = Signature};
+dec_server_key(<<?UINT16(Len), PskIdentityHint:Len/binary>> = KeyStruct,
+	       KeyExchange, Version)
+  when KeyExchange == ?KEY_EXCHANGE_PSK; KeyExchange == ?KEY_EXCHANGE_RSA_PSK ->
+    Params = #server_psk_params{
+      hint = PskIdentityHint},
+    {BinMsg, HashSign, Signature} = dec_ske_params(Len + 2, KeyStruct, Version),
+    #server_key_params{params = Params,
+		       params_bin = BinMsg,
+		       hashsign = HashSign,
+		       signature = Signature};
+dec_server_key(<<?UINT16(Len), IdentityHint:Len/binary,
+		 ?UINT16(PLen), P:PLen/binary,
+		 ?UINT16(GLen), G:GLen/binary,
+		 ?UINT16(YLen), Y:YLen/binary, _/binary>> = KeyStruct,
+	       ?KEY_EXCHANGE_DHE_PSK, Version) ->
+    DHParams = #server_dh_params{dh_p = P, dh_g = G, dh_y = Y},
+    Params = #server_dhe_psk_params{
+      hint = IdentityHint,
+      dh_params = DHParams},
+    {BinMsg, HashSign, Signature} = dec_ske_params(Len + PLen + GLen + YLen + 8, KeyStruct, Version),
+    #server_key_params{params = Params,
+		       params_bin = BinMsg,
+		       hashsign = HashSign,
+		       signature = Signature};
 dec_server_key(_, _, _) ->
     throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE)).
 
@@ -1231,13 +1314,46 @@ enc_cke(#encrypted_premaster_secret{premaster_secret = PKEPMS}, _) ->
     <<?UINT16(PKEPMSLen), PKEPMS/binary>>;
 enc_cke(#client_diffie_hellman_public{dh_public = DHPublic}, _) ->
     Len = byte_size(DHPublic),
-    <<?UINT16(Len), DHPublic/binary>>.
+    <<?UINT16(Len), DHPublic/binary>>;
+enc_cke(#client_psk_identity{identity = undefined}, _) ->
+    Id = <<"psk_identity">>,
+    Len = byte_size(Id),
+    <<?UINT16(Len), Id/binary>>;
+enc_cke(#client_psk_identity{identity = Id}, _) ->
+    Len = byte_size(Id),
+    <<?UINT16(Len), Id/binary>>;
+enc_cke(Identity = #client_dhe_psk_identity{identity = undefined}, Version) ->
+    enc_cke(Identity#client_dhe_psk_identity{identity = <<"psk_identity">>}, Version);
+enc_cke(#client_dhe_psk_identity{identity = Id, dh_public = DHPublic}, _) ->
+    Len = byte_size(Id),
+    DHLen = byte_size(DHPublic),
+    <<?UINT16(Len), Id/binary, ?UINT16(DHLen), DHPublic/binary>>;
+enc_cke(Identity = #client_rsa_psk_identity{identity = undefined}, Version) ->
+    enc_cke(Identity#client_rsa_psk_identity{identity = <<"psk_identity">>}, Version);
+enc_cke(#client_rsa_psk_identity{identity = Id, exchange_keys = ExchangeKeys}, Version) ->
+    EncPMS = enc_cke(ExchangeKeys, Version),
+    Len = byte_size(Id),
+    <<?UINT16(Len), Id/binary, EncPMS/binary>>.
 
 enc_server_key(#server_dh_params{dh_p = P, dh_g = G, dh_y = Y}) ->
     PLen = byte_size(P),
     GLen = byte_size(G),
     YLen = byte_size(Y),
-    <<?UINT16(PLen), P/binary, ?UINT16(GLen), G/binary, ?UINT16(YLen), Y/binary>>.
+    <<?UINT16(PLen), P/binary, ?UINT16(GLen), G/binary, ?UINT16(YLen), Y/binary>>;
+enc_server_key(#server_psk_params{hint = PskIdentityHint}) ->
+    Len = byte_size(PskIdentityHint),
+    <<?UINT16(Len), PskIdentityHint/binary>>;
+enc_server_key(Params = #server_dhe_psk_params{hint = undefined}) ->
+    enc_server_key(Params#server_dhe_psk_params{hint = <<>>});
+enc_server_key(#server_dhe_psk_params{
+		  hint = PskIdentityHint,
+		  dh_params = #server_dh_params{dh_p = P, dh_g = G, dh_y = Y}}) ->
+    Len = byte_size(PskIdentityHint),
+    PLen = byte_size(P),
+    GLen = byte_size(G),
+    YLen = byte_size(Y),
+    <<?UINT16(Len), PskIdentityHint/binary,
+      ?UINT16(PLen), P/binary, ?UINT16(GLen), G/binary, ?UINT16(YLen), Y/binary>>.
 
 enc_sign({_, anon}, _Sign, _Version) ->
     <<>>;
@@ -1395,6 +1511,12 @@ key_exchange_alg(rsa) ->
 key_exchange_alg(Alg) when Alg == dhe_rsa; Alg == dhe_dss;
 			    Alg == dh_dss; Alg == dh_rsa; Alg == dh_anon ->
     ?KEY_EXCHANGE_DIFFIE_HELLMAN;
+key_exchange_alg(psk) ->
+    ?KEY_EXCHANGE_PSK;
+key_exchange_alg(dhe_psk) ->
+    ?KEY_EXCHANGE_DHE_PSK;
+key_exchange_alg(rsa_psk) ->
+    ?KEY_EXCHANGE_RSA_PSK;
 key_exchange_alg(_) ->
     ?NULL.
 
-- 
cgit v1.2.3


From 52a70455853d625f8e92c1c5e7f22b6f75adff63 Mon Sep 17 00:00:00 2001
From: Andreas Schultz <aschultz@tpip.net>
Date: Thu, 20 Sep 2012 14:42:40 +0200
Subject: SSL: add TLS-SRP (RFC 5054) cipher suites

---
 lib/ssl/src/ssl_handshake.erl | 100 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 90 insertions(+), 10 deletions(-)

(limited to 'lib/ssl/src/ssl_handshake.erl')

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index d0bf710e03..83c0092de2 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -28,6 +28,7 @@
 -include("ssl_cipher.hrl").
 -include("ssl_alert.hrl").
 -include("ssl_internal.hrl").
+-include("ssl_srp.hrl").
 -include_lib("public_key/include/public_key.hrl").
 
 -export([master_secret/4, client_hello/8, server_hello/5, hello/4,
@@ -65,6 +66,7 @@ client_hello(Host, Port, ConnectionStates,
     Pending = ssl_record:pending_connection_state(ConnectionStates, read),
     SecParams = Pending#connection_state.security_parameters,
     Ciphers = available_suites(UserSuites, Version),
+    SRP = srp_user(SslOpts),
 
     Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert),
 
@@ -76,6 +78,7 @@ client_hello(Host, Port, ConnectionStates,
 
 		  renegotiation_info =
 		      renegotiation_info(client, ConnectionStates, Renegotiation),
+		  srp = SRP,
 		  hash_signs = default_hash_signs(),
 		  next_protocol_negotiation =
 		      encode_client_protocol_negotiation(SslOpts#ssl_options.next_protocol_selector, Renegotiation)
@@ -162,7 +165,8 @@ hello(#server_hello{cipher_suite = CipherSuite, server_version = Version,
 			       
 hello(#client_hello{client_version = ClientVersion, random = Random,
 		    cipher_suites = CipherSuites,
-		    renegotiation_info = Info} = Hello,
+		    renegotiation_info = Info,
+		    srp = SRP} = Hello,
       #ssl_options{versions = Versions,
 		   secure_renegotiate = SecureRenegotation} = SslOpts,
       {Port, Session0, Cache, CacheCb, ConnectionStates0, Cert}, Renegotiation) ->
@@ -171,13 +175,14 @@ hello(#client_hello{client_version = ClientVersion, random = Random,
     case ssl_record:is_acceptable_version(Version, Versions) of
 	true ->
 	    {Type, #session{cipher_suite = CipherSuite,
-			    compression_method = Compression} = Session} 
+			    compression_method = Compression} = Session1}
 		= select_session(Hello, Port, Session0, Version, 
 				 SslOpts, Cache, CacheCb, Cert),
 	    case CipherSuite of 
 		no_suite ->
 		    ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY);
 		_ ->
+		    Session = handle_srp_info(SRP, Session1),
 		    case handle_renegotiation_info(server, Info, ConnectionStates0,
 						   Renegotiation, SecureRenegotation, 
 						   CipherSuites) of
@@ -372,8 +377,10 @@ certificate_request(ConnectionStates, CertDbHandle, CertDbRef) ->
 		   {premaster_secret, binary(), public_key_info()} |
 		   {dh, binary()} |
 		   {dh, {binary(), binary()}, #'DHParameter'{}, {HashAlgo::atom(), SignAlgo::atom()},
+		   binary(), binary(), private_key()} |
 		   {psk, binary()} |
-		   {dhe_psk, binary(), binary()},
+		   {dhe_psk, binary(), binary()} |
+		   {srp, {binary(), binary()}, #srp_user{}, {HashAlgo::atom(), SignAlgo::atom()},
 		   binary(), binary(), private_key()}) ->
     #client_key_exchange{} | #server_key_exchange{}.
 %%
@@ -411,6 +418,12 @@ key_exchange(client, _Version, {psk_premaster_secret, PskIdentity, Secret, {_, P
 		  identity = PskIdentity,
 		  exchange_keys = EncPremasterSecret}};
 
+key_exchange(client, _Version, {srp, PublicKey}) ->
+    #client_key_exchange{
+	      exchange_keys = #client_srp_public{
+		srp_a = PublicKey}
+	       };
+
 key_exchange(server, Version, {dh, {<<?UINT32(Len), PublicKey:Len/binary>>, _},
 		      #'DHParameter'{prime = P, base = G},
 		      HashSign, ClientRandom, ServerRandom, PrivateKey}) ->
@@ -437,7 +450,16 @@ key_exchange(server, Version, {dhe_psk, PskIdentityHint, {<<?UINT32(Len), Public
       dh_params = #server_dh_params{dh_p = PBin,
 				    dh_g = GBin, dh_y = PublicKey}
      },
-    enc_server_key_exchange(Version, ServerEDHPSKParams, HashSign,
+    enc_server_key_exchange(Version, ServerEDHPSKParams,
+			    HashSign, ClientRandom, ServerRandom, PrivateKey);
+
+key_exchange(server, Version, {srp, {PublicKey, _},
+			       #srp_user{generator = Generator, prime = Prime,
+					 salt = Salt},
+			       HashSign, ClientRandom, ServerRandom, PrivateKey}) ->
+    ServerSRPParams = #server_srp_params{srp_n = Prime, srp_g = Generator,
+					 srp_s = Salt, srp_b = PublicKey},
+    enc_server_key_exchange(Version, ServerSRPParams, HashSign,
 			    ClientRandom, ServerRandom, PrivateKey).
 
 enc_server_key_exchange(Version, Params, {HashAlgo, SignAlgo},
@@ -571,7 +593,8 @@ get_tls_handshake(Version, Data, Buffer) ->
 			    | #client_diffie_hellman_public{}
 			    | #client_psk_identity{}
 			    | #client_dhe_psk_identity{}
-			    | #client_rsa_psk_identity{}.
+			    | #client_rsa_psk_identity{}
+			    | #client_srp_public{}.
 %%
 %% Description: Decode client_key data and return appropriate type
 %%--------------------------------------------------------------------
@@ -723,6 +746,11 @@ cipher_suites(Suites, false) ->
 cipher_suites(Suites, true) ->
     Suites.
 
+srp_user(#ssl_options{srp_identity = {UserName, _}}) ->
+    #srp{username = UserName};
+srp_user(_) ->
+    undefined.
+
 renegotiation_info(client, _, false) ->
     #renegotiation_info{renegotiated_connection = undefined};
 renegotiation_info(server, ConnectionStates, false) ->
@@ -805,6 +833,11 @@ select_next_protocol(Protocols, NextProtocolSelector) ->
 	    Protocol
     end.
 
+handle_srp_info(undefined, Session) ->
+    Session;
+handle_srp_info(#srp{username = Username}, Session) ->
+    Session#session{srp_username = Username}.
+
 handle_renegotiation_info(_, #renegotiation_info{renegotiated_connection = ?byte(0)}, 
 			  ConnectionStates, false, _, _) ->
     {ok, ssl_record:set_renegotiation_flag(true, ConnectionStates)};
@@ -987,6 +1020,7 @@ dec_hs(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:32/binary,
 
     DecodedExtensions = dec_hello_extensions(Extensions),
     RenegotiationInfo = proplists:get_value(renegotiation_info, DecodedExtensions, undefined),
+    SRP = proplists:get_value(srp, DecodedExtensions, undefined),
     HashSigns = proplists:get_value(hash_signs, DecodedExtensions, undefined),
     NextProtocolNegotiation = proplists:get_value(next_protocol_negotiation, DecodedExtensions, undefined),
 
@@ -997,6 +1031,7 @@ dec_hs(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:32/binary,
        cipher_suites = from_2bytes(CipherSuites),
        compression_methods = Comp_methods,
        renegotiation_info = RenegotiationInfo,
+	srp = SRP,
        hash_signs = HashSigns,
        next_protocol_negotiation = NextProtocolNegotiation
       };
@@ -1088,7 +1123,10 @@ dec_client_key(<<?UINT16(Len), Id:Len/binary, PKEPMS/binary>>,
     #client_rsa_psk_identity{identity = Id, exchange_keys = #encrypted_premaster_secret{premaster_secret = PKEPMS}};
 dec_client_key(<<?UINT16(Len), Id:Len/binary, ?UINT16(_), PKEPMS/binary>>,
 	       ?KEY_EXCHANGE_RSA_PSK, _) ->
-    #client_rsa_psk_identity{identity = Id, exchange_keys = #encrypted_premaster_secret{premaster_secret = PKEPMS}}.
+    #client_rsa_psk_identity{identity = Id, exchange_keys = #encrypted_premaster_secret{premaster_secret = PKEPMS}};
+dec_client_key(<<?UINT16(ALen), A:ALen/binary>>,
+	       ?KEY_EXCHANGE_SRP, _) ->
+    #client_srp_public{srp_a = A}.
 
 dec_ske_params(Len, Keys, Version) ->
     <<Params:Len/bytes, Signature/binary>> = Keys,
@@ -1147,6 +1185,17 @@ dec_server_key(<<?UINT16(Len), IdentityHint:Len/binary,
 		       params_bin = BinMsg,
 		       hashsign = HashSign,
 		       signature = Signature};
+dec_server_key(<<?UINT16(NLen), N:NLen/binary,
+		 ?UINT16(GLen), G:GLen/binary,
+		 ?BYTE(SLen), S:SLen/binary,
+		 ?UINT16(BLen), B:BLen/binary, _/binary>> = KeyStruct,
+	       ?KEY_EXCHANGE_SRP, Version) ->
+    Params = #server_srp_params{srp_n = N, srp_g = G, srp_s = S, srp_b = B},
+    {BinMsg, HashSign, Signature} = dec_ske_params(NLen + GLen + SLen + BLen + 7, KeyStruct, Version),
+    #server_key_params{params = Params,
+		       params_bin = BinMsg,
+		       hashsign = HashSign,
+		       signature = Signature};
 dec_server_key(_, _, _) ->
     throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE)).
 
@@ -1174,6 +1223,11 @@ dec_hello_extensions(<<?UINT16(?RENEGOTIATION_EXT), ?UINT16(Len), Info:Len/binar
     dec_hello_extensions(Rest, [{renegotiation_info, 
 			   #renegotiation_info{renegotiated_connection = RenegotiateInfo}} | Acc]);
 
+dec_hello_extensions(<<?UINT16(?SRP_EXT), ?UINT16(Len), ?BYTE(SRPLen), SRP:SRPLen/binary, Rest/binary>>, Acc)
+  when Len == SRPLen + 2 ->
+    dec_hello_extensions(Rest, [{srp,
+			   #srp{username = SRP}} | Acc]);
+
 dec_hello_extensions(<<?UINT16(?SIGNATURE_ALGORITHMS_EXT), ?UINT16(Len),
 		       ExtData:Len/binary, Rest/binary>>, Acc) ->
     SignAlgoListLen = Len - 2,
@@ -1231,6 +1285,7 @@ enc_hs(#client_hello{client_version = {Major, Minor},
 		     cipher_suites = CipherSuites,
 		     compression_methods = CompMethods, 
 		     renegotiation_info = RenegotiationInfo,
+		     srp = SRP,
 		     hash_signs = HashSigns,
 		     next_protocol_negotiation = NextProtocolNegotiation}, _Version) ->
     SIDLength = byte_size(SessionID),
@@ -1238,7 +1293,7 @@ enc_hs(#client_hello{client_version = {Major, Minor},
     CmLength = byte_size(BinCompMethods),
     BinCipherSuites = list_to_binary(CipherSuites),
     CsLength = byte_size(BinCipherSuites),
-    Extensions0 = hello_extensions(RenegotiationInfo, NextProtocolNegotiation),
+    Extensions0 = hello_extensions(RenegotiationInfo, SRP, NextProtocolNegotiation),
     Extensions1 = if
 		      Major == 3, Minor >=3 -> Extensions0 ++ hello_extensions(HashSigns);
 		      true -> Extensions0
@@ -1333,7 +1388,10 @@ enc_cke(Identity = #client_rsa_psk_identity{identity = undefined}, Version) ->
 enc_cke(#client_rsa_psk_identity{identity = Id, exchange_keys = ExchangeKeys}, Version) ->
     EncPMS = enc_cke(ExchangeKeys, Version),
     Len = byte_size(Id),
-    <<?UINT16(Len), Id/binary, EncPMS/binary>>.
+    <<?UINT16(Len), Id/binary, EncPMS/binary>>;
+enc_cke(#client_srp_public{srp_a = A}, _) ->
+    Len = byte_size(A),
+    <<?UINT16(Len), A/binary>>.
 
 enc_server_key(#server_dh_params{dh_p = P, dh_g = G, dh_y = Y}) ->
     PLen = byte_size(P),
@@ -1353,7 +1411,14 @@ enc_server_key(#server_dhe_psk_params{
     GLen = byte_size(G),
     YLen = byte_size(Y),
     <<?UINT16(Len), PskIdentityHint/binary,
-      ?UINT16(PLen), P/binary, ?UINT16(GLen), G/binary, ?UINT16(YLen), Y/binary>>.
+      ?UINT16(PLen), P/binary, ?UINT16(GLen), G/binary, ?UINT16(YLen), Y/binary>>;
+enc_server_key(#server_srp_params{srp_n = N, srp_g = G,	srp_s = S, srp_b = B}) ->
+    NLen = byte_size(N),
+    GLen = byte_size(G),
+    SLen = byte_size(S),
+    BLen = byte_size(B),
+    <<?UINT16(NLen), N/binary, ?UINT16(GLen), G/binary,
+      ?BYTE(SLen), S/binary, ?UINT16(BLen), B/binary>>.
 
 enc_sign({_, anon}, _Sign, _Version) ->
     <<>>;
@@ -1369,13 +1434,20 @@ enc_sign(_HashSign, Sign, _Version) ->
 hello_extensions(RenegotiationInfo, NextProtocolNegotiation) ->
     hello_extensions(RenegotiationInfo) ++ next_protocol_extension(NextProtocolNegotiation).
 
+hello_extensions(RenegotiationInfo, SRP, NextProtocolNegotiation) ->
+    hello_extensions(RenegotiationInfo) ++ hello_extensions(SRP) ++ next_protocol_extension(NextProtocolNegotiation).
+
 %% Renegotiation info
 hello_extensions(#renegotiation_info{renegotiated_connection = undefined}) ->
     [];
 hello_extensions(#renegotiation_info{} = Info) ->
     [Info];
+hello_extensions(#srp{} = Info) ->
+    [Info];
 hello_extensions(#hash_sign_algos{} = Info) ->
-    [Info].
+    [Info];
+hello_extensions(undefined) ->
+    [].
 
 next_protocol_extension(undefined) ->
     [];
@@ -1402,6 +1474,11 @@ enc_hello_extensions([#renegotiation_info{renegotiated_connection = Info} | Rest
     Len = InfoLen +1,
     enc_hello_extensions(Rest, <<?UINT16(?RENEGOTIATION_EXT), ?UINT16(Len), ?BYTE(InfoLen), Info/binary, Acc/binary>>);
 
+enc_hello_extensions([#srp{username = UserName} | Rest], Acc) ->
+    SRPLen = byte_size(UserName),
+    Len = SRPLen + 2,
+    enc_hello_extensions(Rest, <<?UINT16(?SRP_EXT), ?UINT16(Len), ?BYTE(SRPLen), UserName/binary, Acc/binary>>);
+
 enc_hello_extensions([#hash_sign_algos{hash_sign_algos = HashSignAlgos} | Rest], Acc) ->
     SignAlgoList = << <<(ssl_cipher:hash_algorithm(Hash)):8, (ssl_cipher:sign_algorithm(Sign)):8>> ||
 		       {Hash, Sign} <- HashSignAlgos >>,
@@ -1517,6 +1594,9 @@ key_exchange_alg(dhe_psk) ->
     ?KEY_EXCHANGE_DHE_PSK;
 key_exchange_alg(rsa_psk) ->
     ?KEY_EXCHANGE_RSA_PSK;
+key_exchange_alg(Alg)
+  when Alg == srp_rsa; Alg == srp_dss; Alg == srp_anon ->
+    ?KEY_EXCHANGE_SRP;
 key_exchange_alg(_) ->
     ?NULL.
 
-- 
cgit v1.2.3