Seich
/
HomeSpan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create SRP6A:loadVerifyCode() 

And updated other SRP routines to complete implementation of use of stored verification code instead of live setup code.

Next up: Add method to change setup code in serial interface and implement similar code after network configuration routines.
This commit is contained in:
Gregg 2020-09-21 07:10:23 -05:00
parent 446679abab
commit 49b1aa277d
5 changed files with 21 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/HAP.cpp
View File

@ -24,6 +24,7 @@ void HAPClient::init(){
if(!nvs_get_blob(srpHandle,"VERIFYDATA",NULL,&len)){ // if found verification code data in NVS
nvs_get_blob(srpHandle,"VERIFYDATA",&verifyData,&len); // retrieve data
srp.loadVerifyCode(verifyData.verifyCode,verifyData.salt); // load verification code and salt into SRP structure
// Serial.print("Found SRP Verification Data\n\n");
// hexPrintRow(verifyData.salt,16); Serial.print("\n");
// hexPrintRow(verifyData.verifyCode,384); Serial.print("\n");

3
src/HomeSpan.h
View File

@ -48,7 +48,8 @@ struct Span{
char *modelName; // model name of this device - broadcast as Bonjour field "md"
char category[3]=""; // category ID of primary accessory - broadcast as Bonjour field "ci" (HAP Section 13)
unsigned long snapTime; // current time (in millis) snapped before entering Service loops() or updates()
char *defaultSetupCode="46637726"; // default Setup Code upon factory reset; user will change to desired code when configuring network
char *defaultSetupCode=(char *)DEFAULT_SETUP_CODE; // default Setup Code upon factory reset; user will change to desired code when configuring network
int resetPin=21; // drive this pin low to "factory" reset NVS data on start-up
int resetPressed=0; // tracks pressing of reset button

63
src/SRP.cpp
View File

@ -89,27 +89,19 @@ void SRP6A::createVerifyCode(const char *setupCode, uint8_t *verifyCode, uint8_t
//////////////////////////////////////
void SRP6A::createPublicKey(){
uint8_t tBuf[80]; // temporary buffer for staging
uint8_t tHash[64]; // temporary buffer for storing SHA-512 results
char icp[22]; // storage for I:P
getSalt(); // create and load s (random 16 bytes)
getPrivateKey(); // create and load b (random 32 bytes)
getSetupCode(icp); // I="Pair-Setup" and P=Pair-Setup Code (in form XXX-XX-XXX)
// compute x = SHA512( s | SHA512( I | ":" | P ) )
mbedtls_mpi_write_binary(&s,tBuf,16); // write s into first 16 bytes of staging buffer
mbedtls_sha512_ret((uint8_t *)icp,strlen(icp),tBuf+16,0); // create hash of username:password and write into last 64 bytes of staging buffer
mbedtls_sha512_ret(tBuf,80,tHash,0); // create second hash of salted, hashed username:password
mbedtls_mpi_read_binary(&x,tHash,64); // load hash result into mpi structure x
// compute v = g^x % N
void SRP6A::loadVerifyCode(uint8_t *verifyCode, uint8_t *salt){
mbedtls_mpi_exp_mod(&v,&g,&x,&N,&_rr); // create verifier, v (_rr is an internal "helper" structure that mbedtls uses to speed up subsequent exponential calculations)
mbedtls_mpi_read_binary(&s,salt,16);
mbedtls_mpi_read_binary(&v,verifyCode,384);
}
//////////////////////////////////////
void SRP6A::createPublicKey(){
getPrivateKey(); // create and load b (random 32 bytes)
// compute B = kv + g^b %N
mbedtls_mpi_mul_mpi(&t1,&k,&v); // t1 = k*v
@ -121,45 +113,14 @@ void SRP6A::createPublicKey(){
//////////////////////////////////////
void SRP6A::getSalt(){
uint8_t salt[16];
randombytes_buf(salt,16); // generate 16 random bytes using libsodium (which uses the ESP32 hardware-based random number generator)
mbedtls_mpi_read_binary(&s,salt,16);
}
//////////////////////////////////////
void SRP6A::getPrivateKey(){
uint8_t privateKey[32];
randombytes_buf(privateKey,16); // generate 32 random bytes using libsodium (which uses the ESP32 hardware-based random number generator)
randombytes_buf(privateKey,16); // generate 32 random bytes using libsodium (which uses the ESP32 hardware-based random number generator)
mbedtls_mpi_read_binary(&b,privateKey,32);
}
//////////////////////////////////////
void SRP6A::getSetupCode(char *c){
sprintf(c,"Pair-Setup:%d%d%d-%d%d-%d%d%d",
randombytes_uniform(10),
randombytes_uniform(10),
randombytes_uniform(10),
randombytes_uniform(10),
randombytes_uniform(10),
randombytes_uniform(10),
randombytes_uniform(10),
randombytes_uniform(10)
);
Serial.print("\n\n");
Serial.print("SET-UP CODE: ");
Serial.print(c+11);
Serial.print("\n\n");
}
//////////////////////////////////////
void SRP6A::createSessionKey(){

1
src/SRP.h
View File

@ -42,6 +42,7 @@ struct SRP6A {
SRP6A(); // initializes N, G, and computes k
void createVerifyCode(const char *setupCode, uint8_t *verifyCode, uint8_t *salt);
void loadVerifyCode(uint8_t *verifyCode, uint8_t *salt);
void getSalt(); // generates and stores random 16-byte salt, s
void getPrivateKey(); // generates and stores random 32-byte private key, b

5
src/Settings.h
View File

@ -8,6 +8,11 @@
const char HOMESPAN_VERSION[]="1.0.0";
//////////////////////////////////////////////////////
// DEFAULT SETUP CODE //
const char DEFAULT_SETUP_CODE[]="46637726";
//////////////////////////////////////////////////////
// Maximum number of simultaenous IP connections //
// HAP requires at least 8 //