Fixed bug in pairing logic that would drop leading zeros when transmitting SALT

A 16-byte SALT with a leading zero would be sent as only a 15-byte number.  The chance of this occuring is 1 in 256, which is small but still significant.  Solution is to specify required size of MPI output in loadTLV.  This forces mbedtls_mpi_write_binary() to pad with leading zeros.

Also eliminated unused code (TLV pack_old).

src/HAP.cpp

@@ -451,8 +451,8 @@ int HAPClient::postPairSetupURL(){
       tlv8.clear();
       tlv8.val(kTLVType_State,pairState_M2);            // set State=<M2>
       srp.createPublicKey();                          // create accessory public key from random Pair-Setup code (displayed to user)
-      srp.loadTLV(kTLVType_PublicKey,&srp.B);         // load server public key, B
+      srp.loadTLV(kTLVType_PublicKey,&srp.B,384);         // load server public key, B
-      srp.loadTLV(kTLVType_Salt,&srp.s);              // load salt, s
+      srp.loadTLV(kTLVType_Salt,&srp.s,16);              // load salt, s
       tlvRespond();                                   // send response to client
 
       pairStatus=pairState_M3;                        // set next expected pair-state request from client
@@ -489,7 +489,7 @@ int HAPClient::postPairSetupURL(){
       srp.createProof();                                  // M1 has been successully verified; now create accessory proof M2
       tlv8.clear();                                         // clear TLV records
       tlv8.val(kTLVType_State,pairState_M4);                // set State=<M4>
-      srp.loadTLV(kTLVType_Proof,&srp.M2);                // load M2 counter-proof
+      srp.loadTLV(kTLVType_Proof,&srp.M2,64);               // load M2 counter-proof
       tlvRespond();                                       // send response to client
 
       pairStatus=pairState_M5;                            // set next expected pair-state request from client

src/SRP.cpp

@@ -238,9 +238,8 @@ void SRP6A::createProof(){
 
 //////////////////////////////////////
 
-int SRP6A::loadTLV(kTLVType tag, mbedtls_mpi *mpi){
+int SRP6A::loadTLV(kTLVType tag, mbedtls_mpi *mpi, int nBytes){
 
-  int nBytes=mbedtls_mpi_size(mpi);
   uint8_t *buf=HAPClient::tlv8.buf(tag,nBytes);
 
   if(!buf)

src/SRP.h

@@ -81,8 +81,9 @@ struct SRP6A {
   void createPublicKey();                          // computes x, v, and B from random s, P, and b
   void createSessionKey();                         // computes u from A and B, and then S from A, v, u, and b
   
-  int loadTLV(kTLVType tag, mbedtls_mpi *mpi);     // load binary contents of mpi into a TLV record and set its length
+  int loadTLV(kTLVType tag, mbedtls_mpi *mpi, int nBytes);     // load binary contents of mpi into a TLV record and set its length
   int writeTLV(kTLVType tag, mbedtls_mpi *mpi);                // write binary contents of a TLV record into an mpi
+  
   int verifyProof();                               // verify M1 SRP6A Proof received from HAP client (return 1 on success, 0 on failure)
   void createProof();                              // create M2 server-side SRP6A Proof based on M1 as received from HAP Client
 

src/TLV.h

@@ -215,30 +215,6 @@ void TLV<tagType, maxTags>::print(){
   } // loop over all TLVs
 }
 
-//////////////////////////////////////
-// TLV pack_old(buf)
-
-template<class tagType, int maxTags>
-int TLV<tagType, maxTags>::pack_old(uint8_t *buf){
-
-  int n=0;
-
-  for(int i=0;i<numTags;i++){
-    
-    if(tlv[i].len>0){
-      *buf++=tlv[i].tag;
-      *buf++=tlv[i].len;
-      memcpy(buf,tlv[i].val,tlv[i].len);
-      buf+=tlv[i].len;
-      n+=tlv[i].len+2;      
-    } // len>0
-    
-  } // loop over all TLVs
-
-return(n);
-  
-}
-
 //////////////////////////////////////
 // TLV pack(tlvBuf)
 

src/src.ino

@@ -8,7 +8,7 @@ void setup() {
  
   Serial.begin(115200);
  
-  homeSpan.setLogLevel(1);
+  homeSpan.setLogLevel(2);
   
   homeSpan.setHostNameSuffix("");
   homeSpan.setPortNum(1200);