6 files changed, 52 insertions, 20 deletions

diff --git a/NEWS b/NEWS
index 027165d549..978f3bdbd6 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ Version 0.6.1
   distinguished name in a single string.
 - Added gnutls_openpgp_extract_key_name_string() which returns
   an openpgp user ID in a single string.
+- Added SRP-6 support. Follows draft-ietf-tls-srp-04.
 
 Version 0.6.0 (8/12/2002)
 - Added "gnutls/compat4.h" header. This is included in gnutls.h
diff --git a/configure.in b/configure.in
index 9aa94b428f..a16e5de184 100644
--- a/configure.in
+++ b/configure.in
@@ -12,7 +12,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name])
 dnl Gnutls Version
 GNUTLS_MAJOR_VERSION=0
 GNUTLS_MINOR_VERSION=6
-GNUTLS_MICRO_VERSION=0
+GNUTLS_MICRO_VERSION=1
 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION
 
 AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls])
diff --git a/lib/debug.c b/lib/debug.c
index 7047bcefc1..18e9a1f137 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -28,7 +28,7 @@
 
 void _gnutls_dump_mpi(char* prefix, GNUTLS_MPI a)
 {
-	char buf[400];
+	char buf[1024];
 	size_t n = sizeof buf;
 	
 	if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, &n, a))
diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h
index 20299db27d..37d1963b2e 100644
--- a/lib/gnutls_mpi.h
+++ b/lib/gnutls_mpi.h
@@ -20,6 +20,7 @@
 #define _gnutls_mpi_mulm gcry_mpi_mulm
 #define _gnutls_mpi_mul gcry_mpi_mul
 #define _gnutls_mpi_add gcry_mpi_add
+#define _gnutls_mpi_mul_ui gcry_mpi_mul_ui
 
 # define _gnutls_mpi_alloc_like(x) _gnutls_mpi_new(_gnutls_mpi_get_nbits(x)) 
 
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 3c386c40c7..92a23b3c43 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -327,8 +327,8 @@ ssize_t gnutls_send_int( gnutls_session session, ContentType type, HandshakeType
 	headers[1]=_gnutls_version_get_major( lver);
 	headers[2]=_gnutls_version_get_minor( lver);
 
-	_gnutls_record_log( "REC: Sending Packet[%d] %s(%d) with length: %d\n",
-		(int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, sizeofdata);
+	_gnutls_record_log( "REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n",
+		session, (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, sizeofdata);
 
 	if ( sizeofdata > MAX_RECORD_SEND_SIZE)
 		data2send_size = MAX_RECORD_SEND_SIZE;
@@ -428,8 +428,8 @@ ssize_t gnutls_send_int( gnutls_session session, ContentType type, HandshakeType
 
 	session->internals.record_send_buffer_user_size = 0;
 
-	_gnutls_record_log( "REC: Sent Packet[%d] %s(%d) with length: %d\n",
-	(int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, cipher_size);
+	_gnutls_record_log( "REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n",
+	session, (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, cipher_size);
 
 	return retval;
 }
@@ -441,7 +441,7 @@ ssize_t _gnutls_send_change_cipher_spec( gnutls_session session, int again)
 {
 	opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC };
 
-	_gnutls_handshake_log( "REC: Sent ChangeCipherSpec\n");
+	_gnutls_handshake_log( "REC[%x]: Sent ChangeCipherSpec\n", session);
 
 	if (again==0)
 		return gnutls_send_int( session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1);
@@ -522,7 +522,7 @@ static int _gnutls_check_record_headers( gnutls_session session, uint8 headers[R
 		 */
 		session->internals.v2_hello = *length;
 
-		_gnutls_record_log( "REC: V2 packet received. Length: %d\n", *length);
+		_gnutls_record_log( "REC[%x]: V2 packet received. Length: %d\n", session, *length);
 
 	} else {
 		/* version 3.x 
@@ -550,7 +550,8 @@ static int _gnutls_check_record_version( gnutls_session session, HandshakeType h
 	if ( (htype!=GNUTLS_CLIENT_HELLO && htype!=GNUTLS_SERVER_HELLO) && gnutls_protocol_get_version(session) != version) {
 		gnutls_assert();
 
-		_gnutls_record_log( "REC: INVALID VERSION PACKET: (%d) %d.%d\n", htype, _gnutls_version_get_major(version), _gnutls_version_get_minor(version));
+		_gnutls_record_log( "REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", 
+			session, htype, _gnutls_version_get_major(version), _gnutls_version_get_minor(version));
 
 		return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
 	}
@@ -573,7 +574,8 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t
 		switch (recv_type) {
 		case GNUTLS_ALERT:
 
-			_gnutls_record_log( "REC: Alert[%d|%d] - %s - was received\n", data[0], data[1], gnutls_alert_get_name((int)data[1]));
+			_gnutls_record_log( "REC[%x]: Alert[%d|%d] - %s - was received\n", 
+				session, data[0], data[1], gnutls_alert_get_name((int)data[1]));
 
 			session->internals.last_alert = data[1];
 
@@ -649,7 +651,8 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t
 			break;
 		default:
 
-			_gnutls_record_log( "REC: Received Unknown packet %d expecting %d\n", recv_type, type);
+			_gnutls_record_log( "REC[%x]: Received Unknown packet %d expecting %d\n", 
+				session, recv_type, type);
 
 			gnutls_assert();
 			return GNUTLS_E_INTERNAL_ERROR;
@@ -746,14 +749,14 @@ ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType
 		return ret;
 	}
 
-	_gnutls_record_log( "REC: Expected Packet[%d] %s(%d) with length: %d\n",
-		(int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata);
-	_gnutls_record_log( "REC: Received Packet[%d] %s(%d) with length: %d\n",
-		(int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, length);
+	_gnutls_record_log( "REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n",
+		session, (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata);
+	_gnutls_record_log( "REC[%x]: Received Packet[%d] %s(%d) with length: %d\n",
+		session, (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, length);
 
 	if (length > MAX_RECV_SIZE) {
 
-		_gnutls_record_log( "REC: FATAL ERROR: Received packet with length: %d\n", length);
+		_gnutls_record_log( "REC[%x]: FATAL ERROR: Received packet with length: %d\n", session, length);
 
 		_gnutls_session_unresumable( session);
 		_gnutls_session_invalidate( session);
@@ -802,7 +805,7 @@ ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType
 	 */
 	if (type == GNUTLS_CHANGE_CIPHER_SPEC && recv_type == GNUTLS_CHANGE_CIPHER_SPEC) {
 
-		_gnutls_record_log( "REC: ChangeCipherSpec Packet was received\n");
+		_gnutls_record_log( "REC[%x]: ChangeCipherSpec Packet was received\n", session);
 
 		if ((size_t)tmplen!=sizeofdata) { /* sizeofdata should be 1 */
 			gnutls_assert();
@@ -815,8 +818,8 @@ ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType
 		return tmplen;
 	}
 
-	_gnutls_record_log( "REC: Decrypted Packet[%d] %s(%d) with length: %d\n",
-		(int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, tmplen);
+	_gnutls_record_log( "REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n",
+		session, (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, tmplen);
 
 	/* increase sequence number */
 	if (_gnutls_uint64pp( &session->connection_state.read_sequence_number)!=0) {
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index cb033b5511..1b268b797b 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -177,6 +177,8 @@ int _gnutls_gen_srp_server_kx0(gnutls_session state, opaque ** data)
 		return GNUTLS_E_MPI_PRINT_FAILED;
 	_gnutls_write_uint16( n_b, data_b);
 
+	_gnutls_hard_log( "INT: SRP B[%d]: %s\n", n_b, _gnutls_bin2hex(&data_b[2], n_b));
+
 	_gnutls_srp_entry_free( pwd_entry);
 
 	return data_size;
@@ -229,12 +231,20 @@ int _gnutls_gen_srp_client_kx0(gnutls_session state, opaque ** data)
 		return GNUTLS_E_MEMORY_ERROR;
 	}
 
+#ifdef HARD_DEBUG
+	_gnutls_dump_mpi( "SRP U: ", state->key->u);
+#endif
+
 	/* S = (B - g^x) ^ (a + u * x) % N */
 	S = _gnutls_calc_srp_S2( B, G, state->key->x, _a, state->key->u, N);
 	if (S==NULL) {
 		gnutls_assert();
 		return GNUTLS_E_MEMORY_ERROR;
 	}
+
+#ifdef HARD_DEBUG
+	_gnutls_dump_mpi( "SRP B: ", B);
+#endif
 	
 	_gnutls_mpi_release(&_b);
 	_gnutls_mpi_release(&V);
@@ -264,6 +274,8 @@ int _gnutls_gen_srp_client_kx0(gnutls_session state, opaque ** data)
 		gnutls_free( *data);
 		return GNUTLS_E_MPI_PRINT_FAILED;
 	}
+	_gnutls_hard_log( "INT: SRP A[%d]: %s\n", n_a, _gnutls_bin2hex(&data_a[2], n_a));
+
 	_gnutls_mpi_release(&A);
 
 	_gnutls_write_uint16( n_a, data_a);
@@ -288,6 +300,13 @@ int _gnutls_proc_srp_client_kx0(gnutls_session state, opaque * data, size_t _dat
 		return GNUTLS_E_MPI_SCAN_FAILED;
 	}
 
+#ifdef HARD_DEBUG
+	_gnutls_dump_mpi( "SRP A: ", A);
+#endif
+#ifdef HARD_DEBUG
+	_gnutls_dump_mpi( "SRP B: ", B);
+#endif
+
 	/* Start the SRP calculations.
 	 * - Calculate u 
 	 */
@@ -297,6 +316,10 @@ int _gnutls_proc_srp_client_kx0(gnutls_session state, opaque * data, size_t _dat
 		return GNUTLS_E_MEMORY_ERROR;
 	}
 
+#ifdef HARD_DEBUG
+	_gnutls_dump_mpi( "SRP U: ", state->key->u);
+#endif
+
 	/* S = (A * v^u) ^ b % N 
 	 */
 	S = _gnutls_calc_srp_S1( A, _b, state->key->u, V, N);
@@ -305,6 +328,10 @@ int _gnutls_proc_srp_client_kx0(gnutls_session state, opaque * data, size_t _dat
 		return GNUTLS_E_MEMORY_ERROR;
 	}
 
+#ifdef HARD_DEBUG
+	_gnutls_dump_mpi( "SRP S: ", S);
+#endif
+
 	_gnutls_mpi_release(&A);
 	_gnutls_mpi_release(&_b);
 	_gnutls_mpi_release(&V);
@@ -389,7 +416,7 @@ int _gnutls_proc_srp_server_kx0(gnutls_session state, opaque * data, size_t _dat
 	/* Read B 
 	 */
 	DECR_LEN( data_size, 2);
-	n_b = data[i];
+	n_b = _gnutls_read_uint16( &data[i]);
 	i += 2;
 
 	DECR_LEN( data_size, n_b);