update

hathach · hathach · commit 5f491c5239a0 · 2018-01-17T11:32:15.000+07:00
diff --git a/libraries/BLEHomekit/src/HAPCharacteristic.cpp b/libraries/BLEHomekit/src/HAPCharacteristic.cpp
@@ -271,7 +271,7 @@ void HAPCharacteristic::_eventHandler(ble_evt_t* event)
           hap_resp = createHapResponse(hap_req->header.tid, HAP_STATUS_INVALID_INSTANCE_ID);
         }else
         {
-          LOG_LV2("HAP", "Recv %s request", hap_opcode_str[hap_req->header.opcode]);
+          LOG_LV2("HAP", "Recv %s request, TID = %02X, CS_ID = %04X", hap_opcode_str[hap_req->header.opcode], hap_req->header.tid, hap_req->header.instance_id);
           switch(hap_req->header.opcode)
           {
             case HAP_OPCODE_CHR_SIGNATURE_READ:
@@ -314,7 +314,7 @@ void HAPCharacteristic::_eventHandler(ble_evt_t* event)
           reply.params.write.gatt_status = BLE_GATT_STATUS_ATTERR_INSUF_RESOURCES;
         }
 
-        LOG_LV2("HAP", "Response Data");
+        LOG_LV2("HAP", "Response: Control = %02X, TID = %02X, Status = %02X", hap_resp->header.control, hap_resp->header.tid, hap_resp->header.status);
         LOG_LV2_BUFFER(NULL, hap_resp, reply.params.write.len);
         err_t err = sd_ble_gatts_rw_authorize_reply(conn_hdl, &reply);
 
diff --git a/libraries/BLEHomekit/src/crypto/srp/srp.c b/libraries/BLEHomekit/src/crypto/srp/srp.c
@@ -64,10 +64,11 @@ static const uint8_t srp_N_hash_srp_G_hash[] =
     0x68, 0x3C, 0x9E, 0x78, 0x32, 0x96, 0xDD, 0x16, 0x93, 0xEB, 0xC7, 0x1C, 0xF5, 0xA5, 0x3D, 0xA3
 };
 
-#define HOMEKIT_CONFIG_PINCODE  "112-23-344"
-
+#define HOMEKIT_CONFIG_PINCODE  "111-22-333"
 static const uint8_t pincode[21] = "Pair-Setup:" HOMEKIT_CONFIG_PINCODE;
 
+//#define HOMEKIT_CONFIG_PINCODE  "password123"
+
 srp_keys_t srp;
 
 //static void MPI_ERROR_CHECK(int CODE)
diff --git a/libraries/BLEHomekit/src/service/HAPPairing.cpp b/libraries/BLEHomekit/src/service/HAPPairing.cpp
@@ -37,9 +37,52 @@
 #include <bluefruit.h>
 #include "HAPUuid.h"
 #include "HAPPairing.h"
+#include <Nffs.h>
 
 #include "crypto/crypto.h"
 
+/*
+The following is a description of SRP-6 and 6a, the latest versions of SRP:
+
+  N    A large safe prime (N = 2q+1, where q is prime)
+       All arithmetic is done modulo N.
+  g    A generator modulo N
+  k    Multiplier parameter (k = H(N, g) in SRP-6a, k = 3 for legacy SRP-6)
+  s    User's salt
+  I    Username
+  p    Cleartext Password
+  H()  One-way hash function
+  ^    (Modular) Exponentiation
+  u    Random scrambling parameter
+  a,b  Secret ephemeral values
+  A,B  Public ephemeral values
+  x    Private key (derived from p and s)
+  v    Password verifier
+
+The host stores passwords using the following formula:
+  x = H(s, p)               (s is chosen randomly)
+  v = g^x                   (computes password verifier)
+The host then keeps {I, s, v} in its password database. The authentication protocol itself goes as follows:
+User -> Host:  I, A = g^a                  (identifies self, a = random number)
+Host -> User:  s, B = kv + g^b             (sends salt, b = random number)
+
+        Both:  u = H(A, B)
+
+        User:  x = H(s, p)                 (user enters password)
+        User:  S = (B - kg^x) ^ (a + ux)   (computes session key)
+        User:  K = H(S)
+
+        Host:  S = (Av^u) ^ b              (computes session key)
+        Host:  K = H(S)
+Now the two parties have a shared, strong session key K. To complete authentication, they need to prove to each other that their keys match. One possible way:
+User -> Host:  M = H(H(N) xor H(g), H(I), s, A, B, K)
+Host -> User:  H(A, M, K)
+The two parties also employ the following safeguards:
+The user will abort if he receives B == 0 (mod N) or u == 0.
+The host will abort if it detects that A == 0 (mod N).
+The user must show his proof of K first. If the server detects that the user's proof is incorrect, it must abort without showing its own proof of K.
+ */
+
 // kTLV type for pairing
 enum {
   PAIRING_TYPE_METHOD = 0,
@@ -131,11 +174,33 @@ err_t HAPPairing::begin(void)
   VERIFY_STATUS( _pairing.begin() );
 
   // Init cryptography
+  Nffs.mkdir_p("/adafruit/homekit");
   crypto_init();
 
   return ERROR_NONE;
 }
 
+HAPResponse_t* createSrpResponse(uint8_t tid, uint8_t status, TLV8_t ktlv[], uint8_t count)
+{
+  HAPResponse_t* hap_resp = NULL;
+
+  uint16_t srplen = tlv8_calculate_encode_len(ktlv, count);
+  uint8_t* srpbuf = (uint8_t*) rtos_malloc(srplen);
+  VERIFY( srpbuf != NULL, NULL );
+
+  if( srplen == tlv8_encode_n(srpbuf, srplen, ktlv, count) )
+  {
+    LOG_LV2_BUFFER("PAIR-SETUP", srpbuf, srplen);
+    TLV8_t tlv = { .type = HAP_PARAM_VALUE, .len = srplen, .value = srpbuf };
+    hap_resp = createHapResponse(tid, status, &tlv, 1);
+  }
+
+//  LOG_LV2_BUFFER("PAIR-SETUP", hap_resp, hap_resp->body_len + sizeof(HAPResponseHeader_t) + 2);
+
+  rtos_free(srpbuf);
+  return hap_resp;
+}
+
 
 static HAPResponse_t* pairing_setup_write_cb (HAPCharacteristic* chr, ble_gatts_evt_write_t const* gatt_req, HAPRequest_t const* hap_req)
 {
@@ -185,19 +250,38 @@ static HAPResponse_t* pairing_setup_write_cb (HAPCharacteristic* chr, ble_gatts_
         LOG_LV2("HAP", "Method %s", pairing_method_str[ *((uint8_t const*)ktlv.value) ]);
       break;
 
+      // TODO multiple pairing support
       case PAIRING_TYPE_STATE:
       {
         uint8_t state = *((uint8_t const*)ktlv.value);
         LOG_LV2("HAP", "State = M%d", state);
+
         switch (state)
         {
           case 1: // M1
             // if paired return PAIRING_ERROR_UNAVAILABLE
             // tries more than 100 time return PAIRING_ERROR_MAX_TRIES
             // pairing with other iOS return PAIRING_ERROR_BUSY
 
-          break;
+            // step 4
+            srp_start();
 
+            // step 5 : username (I = "Pair-Setup"
+            // step 6 : 16 bytes salt already created in srp_init()
+            // step 7,8 : password (p = setup code) done in srp_init()
+            // step 9 : public key (B) done in srp_init()
+
+            uint8_t mstate = 2;
+
+            TLV8_t tlv_para[] =
+            {
+                { .type  = PAIRING_TYPE_STATE      , .len = 1  , .value = &mstate       },
+                { .type  = PAIRING_TYPE_PUBLIC_KEY , .len = 384, .value = srp_getB()    },
+                { .type  = PAIRING_TYPE_SALT       , .len = 16 , .value = srp_getSalt() },
+            };
+
+            hap_resp = createSrpResponse(hap_req->header.tid, HAP_STATUS_SUCCESS, tlv_para, arrcount(tlv_para));
+          break;
         }
       }
       break;
diff --git a/libraries/Bluefruit52Lib/examples/Projects/homekit/homekit_lightbulb/homekit_lightbulb.ino b/libraries/Bluefruit52Lib/examples/Projects/homekit/homekit_lightbulb/homekit_lightbulb.ino
@@ -12,6 +12,7 @@
  any redistribution
 *********************************************************************/
 
+#include <Nffs.h>
 #include <bluefruit.h>
 #include <BLEHomekit.h>
 
@@ -38,12 +39,11 @@ void setup()
   Bluefruit.setTxPower(4);
   Bluefruit.setName("Bluefruit52");
 
+  Nffs.listDir("/adafruit/homekit");  
   homekit.begin();
 
   // Set up and start advertising
   startAdv();
-  
-  //dbgMemInfo();
 }
 
 void startAdv(void)
diff --git a/platform.txt b/platform.txt
@@ -121,11 +121,11 @@ recipe.output.save_file={build.project_name}.{build.variant}.hex
 
 #**********************************************
 # nrfutil for uploading
+# Note : For MacOS, make a symlink to /usr/local/bin/nrfutil if installed to other location
 #**********************************************
 
 tools.nrfutil.cmd=nrfutil
 tools.nrfutil.cmd.windows={runtime.platform.path}/tools/nrfutil-0.5.2/binaries/win32/nrfutil.exe
-# MacOS nrfutil location, make a symlink if installed to other location
 tools.nrfutil.cmd.macosx=/usr/local/bin/nrfutil
 
 tools.nrfutil.upload.params.verbose=--verbose
diff --git a/programmers.txt b/programmers.txt
@@ -7,13 +7,17 @@ nrfjprog.program.tool=bootburn
 nrfjprog.program.path=
 nrfjprog.program.cmd=nrfjprog
 nrfjprog.program.cmd.windows=nrfjprog.exe
+
 nrfjprog.program.pattern="{program.path}{program.cmd}" --program "{runtime.platform.path}/bin/bootloader/{build.variant}/{build.sd_version}/{build.bootfile}.hex" -f nrf52 --chiperase --reset
 
 #**********************************************
 # nrfutil to upgrade bootloader
+# # Note : For MacOS, make a symlink to /usr/local/bin/nrfutil if installed to other location
 #**********************************************
 nrfutil_boot.name=Bootloader DFU for Bluefruit nRF52
 nrfutil_boot.program.tool=bootburn
 nrfutil_boot.program.cmd=nrfutil
 nrfutil_boot.program.cmd.windows={runtime.platform.path}/tools/nrfutil-0.5.2/binaries/win32/nrfutil.exe
+nrfutil_boot.program.cmd.macosx=/usr/local/bin/nrfutil
+
 nrfutil_boot.program.pattern={program.cmd} --verbose dfu serial -pkg "{runtime.platform.path}/bin/bootloader/{build.variant}/{build.sd_version}/{build.bootfile}.zip" -p {serial.port} -b 115200

Original file line number	Diff line number	Diff line change
`@@ -271,7 +271,7 @@ void HAPCharacteristic::_eventHandler(ble_evt_t* event)`
`271`	`271`	`hap_resp = createHapResponse(hap_req->header.tid, HAP_STATUS_INVALID_INSTANCE_ID);`
`272`	`272`	`}else`
`273`	`273`	`{`
`274`		`- LOG_LV2("HAP", "Recv %s request", hap_opcode_str[hap_req->header.opcode]);`
	`274`	`+ LOG_LV2("HAP", "Recv %s request, TID = %02X, CS_ID = %04X", hap_opcode_str[hap_req->header.opcode], hap_req->header.tid, hap_req->header.instance_id);`
`275`	`275`	`switch(hap_req->header.opcode)`
`276`	`276`	`{`
`277`	`277`	`case HAP_OPCODE_CHR_SIGNATURE_READ:`
`@@ -314,7 +314,7 @@ void HAPCharacteristic::_eventHandler(ble_evt_t* event)`
`314`	`314`	`reply.params.write.gatt_status = BLE_GATT_STATUS_ATTERR_INSUF_RESOURCES;`
`315`	`315`	`}`
`316`	`316`
`317`		`- LOG_LV2("HAP", "Response Data");`
	`317`	`+ LOG_LV2("HAP", "Response: Control = %02X, TID = %02X, Status = %02X", hap_resp->header.control, hap_resp->header.tid, hap_resp->header.status);`
`318`	`318`	`LOG_LV2_BUFFER(NULL, hap_resp, reply.params.write.len);`
`319`	`319`	`err_t err = sd_ble_gatts_rw_authorize_reply(conn_hdl, &reply);`
`320`	`320`