Hi,
I'm implementing the SRP pairing for a Python-based IP accessory. By talking to the iOS device (iOS 11.0.2) via HTTP/1.1, I am able to verify the iOS device's proof in state <M3>. However, when I send the accessory proof in <M4>, the iOS device closes the HTTP/1.1 connection immediately without any error message. After a few seconds the home app tries to connect again, same behavior and then runs in a timeout.
Ideas how to debug the problem or other suggestions?
Cheers, Marc
Hi Marc,
quite old question, but...
I've had the same problem right now...
I would guess, that you are developing a non 'mfi-certified' accessory...
According to the docs, I did set the feature flag 'ff' in the Bonjour advert to '1'. Later I found out, that the '1' signals an 'mfi' certified accessory; for uncertified accessories, the flag has to be '0' (undocumented!).
The next difference to an mfi certified accessory is, that in the pair-setup process the first method call would not go to method '1' (pair-setup), but to method '0' (pair-setup-non-mfi, again undocumented!).
In fact, the docs are terrible!
Greetings,
LaborEtArs
Hi Laboretars,
i had a question, i'm developing a non 'mfi' accessory, in pair setup M6, i receive ios'M5(encryptedData with authTag), need verify the authTag failed,
According to the document, i use chacha20-ploy1305 aead decrypy and nonce= (0x00,0x00,0x00,0x00,"PS-Mag05"), session key = (SRP shared key), aad = NULL, decrypt the M5 encrpyt data with authTag and lenth (138+16)bytes, verify all fail. did you met the question?
thank you !
This tripped me up too. It's another thing missing from the documentation. The session key is NOT the SRP shared key, but rather a session key derived from that key just as the "pair verify" session key is derived. While the pair verify session key is derived using HKDF-SHA-512 from the Curve25519 shared secret, the salt "Pair-Verify-Encrypt-Salt" and the info "Pair-Verify-Encrypt-Info", the pair setup session key is derived using HKDF-SHA-512 from the SRP shared secret, the salt "Pair-Setup-Encrypt-Salt", and the info "Pair-Setup-Encrypt-Info". Output size 32 bytes. See step 6 in 4.8.2 "Verify Start Response" and substitute accordingly.
Hi agaskill :
first, thank you very much! now, i got pair setup session key(SK) is derived using HKDF-SHA-512 from the SRP shared secret, the salt "Pair-Setup-Encrypt-Salt", and the info "Pair-Setup-Encrypt-Info". Output size 32 bytes. i use chacha20-ploy1305 aead decrypy and nonce= (0x00,0x00,0x00,0x00,"PS-Mag05"), session key = SK aad = NULL, decrypt the M5 encrpyt data with authTag and lenth (138+16)bytes, Also calculate verify fail. The last 16 bytes of encrpt data were used as authTag data.I'm going crazy.my spec is Non-Commercial version and no 'MFI',Are there any other hidden problems?
Thank you very much for your help!
Hi agaskill:
thanks, i had found the error. my HKDF is error.I have passed this step.
Thanks again!
What was the error? What did you need to change to get it to work?
