From 170f972d3b37d62e4ebdeaa84a23066eda6178b2 Mon Sep 17 00:00:00 2001 From: Gregg Date: Sat, 6 Feb 2021 16:29:55 -0600 Subject: [PATCH] Fixed bug in pairing logic that would drop leading zeros when transmitting SALT A 16-byte SALT with a leading zero would be sent as only a 15-byte number. The chance of this occuring is 1 in 256, which is small but still significant. Solution is to specify required size of MPI output in loadTLV. This forces mbedtls_mpi_write_binary() to pad with leading zeros. Also eliminated unused code (TLV pack_old). --- src/HAP.cpp | 6 +++--- src/SRP.cpp | 3 +-- src/SRP.h | 5 +++-- src/TLV.h | 24 ------------------------ src/src.ino | 2 +- 5 files changed, 8 insertions(+), 32 deletions(-) diff --git a/src/HAP.cpp b/src/HAP.cpp index 2fd8b05..32c854d 100644 --- a/src/HAP.cpp +++ b/src/HAP.cpp @@ -451,8 +451,8 @@ int HAPClient::postPairSetupURL(){ tlv8.clear(); tlv8.val(kTLVType_State,pairState_M2); // set State= srp.createPublicKey(); // create accessory public key from random Pair-Setup code (displayed to user) - srp.loadTLV(kTLVType_PublicKey,&srp.B); // load server public key, B - srp.loadTLV(kTLVType_Salt,&srp.s); // load salt, s + srp.loadTLV(kTLVType_PublicKey,&srp.B,384); // load server public key, B + srp.loadTLV(kTLVType_Salt,&srp.s,16); // load salt, s tlvRespond(); // send response to client pairStatus=pairState_M3; // set next expected pair-state request from client @@ -489,7 +489,7 @@ int HAPClient::postPairSetupURL(){ srp.createProof(); // M1 has been successully verified; now create accessory proof M2 tlv8.clear(); // clear TLV records tlv8.val(kTLVType_State,pairState_M4); // set State= - srp.loadTLV(kTLVType_Proof,&srp.M2); // load M2 counter-proof + srp.loadTLV(kTLVType_Proof,&srp.M2,64); // load M2 counter-proof tlvRespond(); // send response to client pairStatus=pairState_M5; // set next expected pair-state request from client diff --git a/src/SRP.cpp b/src/SRP.cpp index adce154..d18259a 100644 --- a/src/SRP.cpp +++ b/src/SRP.cpp @@ -238,9 +238,8 @@ void SRP6A::createProof(){ ////////////////////////////////////// -int SRP6A::loadTLV(kTLVType tag, mbedtls_mpi *mpi){ +int SRP6A::loadTLV(kTLVType tag, mbedtls_mpi *mpi, int nBytes){ - int nBytes=mbedtls_mpi_size(mpi); uint8_t *buf=HAPClient::tlv8.buf(tag,nBytes); if(!buf) diff --git a/src/SRP.h b/src/SRP.h index d5f1066..01c5f47 100644 --- a/src/SRP.h +++ b/src/SRP.h @@ -81,8 +81,9 @@ struct SRP6A { void createPublicKey(); // computes x, v, and B from random s, P, and b void createSessionKey(); // computes u from A and B, and then S from A, v, u, and b - int loadTLV(kTLVType tag, mbedtls_mpi *mpi); // load binary contents of mpi into a TLV record and set its length - int writeTLV(kTLVType tag, mbedtls_mpi *mpi); // write binary contents of a TLV record into an mpi + int loadTLV(kTLVType tag, mbedtls_mpi *mpi, int nBytes); // load binary contents of mpi into a TLV record and set its length + int writeTLV(kTLVType tag, mbedtls_mpi *mpi); // write binary contents of a TLV record into an mpi + int verifyProof(); // verify M1 SRP6A Proof received from HAP client (return 1 on success, 0 on failure) void createProof(); // create M2 server-side SRP6A Proof based on M1 as received from HAP Client diff --git a/src/TLV.h b/src/TLV.h index ce11cde..30ddb67 100644 --- a/src/TLV.h +++ b/src/TLV.h @@ -215,30 +215,6 @@ void TLV::print(){ } // loop over all TLVs } -////////////////////////////////////// -// TLV pack_old(buf) - -template -int TLV::pack_old(uint8_t *buf){ - - int n=0; - - for(int i=0;i0){ - *buf++=tlv[i].tag; - *buf++=tlv[i].len; - memcpy(buf,tlv[i].val,tlv[i].len); - buf+=tlv[i].len; - n+=tlv[i].len+2; - } // len>0 - - } // loop over all TLVs - -return(n); - -} - ////////////////////////////////////// // TLV pack(tlvBuf) diff --git a/src/src.ino b/src/src.ino index 635b658..54b38c0 100644 --- a/src/src.ino +++ b/src/src.ino @@ -8,7 +8,7 @@ void setup() { Serial.begin(115200); - homeSpan.setLogLevel(1); + homeSpan.setLogLevel(2); homeSpan.setHostNameSuffix(""); homeSpan.setPortNum(1200);