ruby_home 0.1.0

data/lib/ruby_home/hap/http_decryption.rb

@@ -0,0 +1,58 @@
+require 'rbnacl/libsodium'
+
+module RubyHome
+  module HAP
+    class HTTPDecryption
+      AAD_LENGTH_BYTES = 2
+      AUTHENTICATE_TAG_LENGTH_BYTES = 16
+
+      def initialize(key, count: 0)
+        @key = key
+        @count = count
+      end
+
+      def decrypt(data)
+        decrypted_data = []
+        read_pointer = 0
+
+        while read_pointer < data.length
+          little_endian_length_of_encrypted_data = data[read_pointer...read_pointer+AAD_LENGTH_BYTES]
+          length_of_encrypted_data = little_endian_length_of_encrypted_data.unpack('v').first
+          read_pointer += AAD_LENGTH_BYTES
+
+          message = data[read_pointer...read_pointer+length_of_encrypted_data]
+          read_pointer += length_of_encrypted_data
+
+          auth_tag = data[read_pointer...read_pointer+AUTHENTICATE_TAG_LENGTH_BYTES]
+          read_pointer += AUTHENTICATE_TAG_LENGTH_BYTES
+
+          ciphertext = message + auth_tag
+          additional_data = little_endian_length_of_encrypted_data
+          decrypted_data << chacha20poly1305ietf.decrypt(nonce, ciphertext, additional_data)
+
+          increment_count!
+        end
+
+        decrypted_data
+      end
+
+      attr_reader :count
+
+      private
+
+      attr_reader :key
+
+      def increment_count!
+        @count += 1
+      end
+
+      def nonce
+        HexPad.pad([count].pack('Q<'))
+      end
+
+      def chacha20poly1305ietf
+        RbNaCl::AEAD::ChaCha20Poly1305IETF.new(key)
+      end
+    end
+  end
+end

data/lib/ruby_home/hap/http_encryption.rb

@@ -0,0 +1,43 @@
+require 'rbnacl/libsodium'
+
+module RubyHome
+  module HAP
+    class HTTPEncryption
+      def initialize(key, count: 0)
+        @key = key
+        @count = count
+      end
+
+      def encrypt(data)
+        data.chars.each_slice(1024).map(&:join).map do |message|
+          additional_data = [message.length].pack('v')
+
+          encrypted_data = chacha20poly1305ietf.encrypt(nonce, message, additional_data)
+          increment_count!
+
+          [additional_data, encrypted_data].join
+        end
+      end
+
+      attr_reader :count
+
+      private
+
+      attr_reader :key
+
+      def increment_count!
+        @count += 1
+      end
+
+      def nonce
+        HexPad.pad([count].pack('Q<'))
+      end
+
+      def chacha20poly1305ietf
+        RbNaCl::AEAD::ChaCha20Poly1305IETF.new(key)
+      end
+    end
+  end
+end
+
+

data/lib/ruby_home/hap/service.rb

@@ -0,0 +1,38 @@
+Dir[File.dirname(__FILE__) + '/services/*.rb'].each { |file| require file }
+require_relative 'characteristic'
+
+module RubyHome
+  class Service
+    def initialize(accessory: , primary: false, hidden: false, name:, description:, uuid:)
+      @accessory = accessory
+      @primary = primary
+      @hidden = hidden
+      @name = name
+      @description = description
+      @uuid = uuid
+      @characteristics = []
+    end
+
+    attr_reader :accessory, :characteristics, :primary, :hidden, :name, :description, :uuid
+    attr_accessor :instance_id
+
+    def characteristic(characteristic_name)
+      characteristics.find do |characteristic|
+        characteristic.name == characteristic_name
+      end
+    end
+
+    def save
+      IdentifierCache.add_accessory(accessory)
+      IdentifierCache.add_service(self)
+    end
+
+    def inspect
+      {
+        primary: primary,
+        hidden: hidden,
+        characteristics: characteristics
+      }
+    end
+  end
+end

data/lib/ruby_home/http/application.rb

@@ -0,0 +1,28 @@
+require 'sinatra/base'
+require_relative '../rack/handler/hap_server'
+require_relative 'cache'
+
+Rack::Handler.register 'hap_server', RubyHome::Rack::Handler::HAPServer
+
+module RubyHome
+  module HTTP
+    class Application < Sinatra::Base
+      Dir[File.dirname(__FILE__) + '/controllers/*.rb'].each {|file| require file }
+
+      disable :protection
+      disable :logging
+      set :bind, '0.0.0.0'
+      set :quiet, true
+      set :server, :hap_server
+      set :server_settings, AcceptCallback: -> (sock) do
+        self.set :request_id, sock.object_id
+      end
+
+      use AccessoriesController
+      use CharacteristicsController
+      use PairSetupsController
+      use PairVerifiesController
+      use PairingsController
+    end
+  end
+end

data/lib/ruby_home/http/cache.rb

@@ -0,0 +1,30 @@
+require 'singleton'
+
+module RubyHome
+  module ActLikeHash
+    def [](key)
+      store[key]
+    end
+
+    def []=(key, value)
+      store[key] = value
+    end
+  end
+
+  class Cache
+    include ActLikeHash
+
+    def store
+      @store ||= {}
+    end
+  end
+
+  class GlobalCache
+    include Singleton
+    include ActLikeHash
+
+    def store
+      @@store ||= {}
+    end
+  end
+end

data/lib/ruby_home/http/controllers/accessories_controller.rb

@@ -0,0 +1,19 @@
+require_relative 'application_controller'
+require_relative '../serializers/accessory_serializer'
+
+module RubyHome
+  module HTTP
+    class AccessoriesController < ApplicationController
+      get '/accessories' do
+        content_type 'application/hap+json'
+
+        if cache[:controller_to_accessory_key] && cache[:accessory_to_controller_key]
+          AccessorySerializer.new(identifier_cache.accessories).serialized_json
+        else
+          status 401
+          JSON.generate({"status" => -70401})
+        end
+      end
+    end
+  end
+end

data/lib/ruby_home/http/controllers/application_controller.rb

@@ -0,0 +1,37 @@
+module RubyHome
+  module HTTP
+    class ApplicationController < Sinatra::Base
+      disable :protection
+
+      def unpack_request
+        @_unpack_request ||= begin
+          request.body.rewind
+          TLV.unpack(request.body.read)
+        end
+      end
+
+      def json_body
+        @_json_body ||= begin
+          request.body.rewind
+          JSON.parse(request.body.read)
+        end
+      end
+
+      def accessory_info
+        AccessoryInfo
+      end
+
+      def identifier_cache
+        IdentifierCache
+      end
+
+      def request_id
+        Application.request_id
+      end
+
+      def cache
+        GlobalCache.instance[request_id] ||= Cache.new
+      end
+    end
+  end
+end

data/lib/ruby_home/http/controllers/characteristics_controller.rb

@@ -0,0 +1,49 @@
+require_relative 'application_controller'
+require_relative '../serializers/characteristic_value_serializer'
+
+module RubyHome
+  module HTTP
+    class CharacteristicsController < ApplicationController
+      get '/characteristics' do
+        content_type 'application/hap+json'
+
+        if cache[:controller_to_accessory_key] && cache[:accessory_to_controller_key]
+          accessory_id, instance_id = params[:id].split('.')
+          characteristics = IdentifierCache.find_characteristics(
+            accessory_id: accessory_id.to_i,
+            instance_id: instance_id.to_i
+          )
+
+          CharacteristicValueSerializer.new(characteristics).serialized_json
+        else
+          status 401
+          JSON.generate({"status" => -70401})
+        end
+      end
+
+      put '/characteristics' do
+        content_type 'application/hap+json'
+
+        if cache[:controller_to_accessory_key] && cache[:accessory_to_controller_key]
+          json_body.fetch('characteristics', []).each do |characteristic_params|
+            accessory_id = characteristic_params['aid']
+            instance_id = characteristic_params['iid']
+            characteristic = IdentifierCache.find_characteristics(
+              accessory_id: accessory_id.to_i,
+              instance_id: instance_id.to_i
+            ).first
+
+            if characteristic_params['value']
+              characteristic.value = characteristic_params['value']
+            end
+          end
+
+          status 204
+        else
+          status 401
+          JSON.generate({"status" => -70401})
+        end
+      end
+    end
+  end
+end

data/lib/ruby_home/http/controllers/pair_setups_controller.rb

@@ -0,0 +1,146 @@
+require 'hkdf'
+require 'openssl'
+require 'rbnacl/libsodium'
+require 'ruby_home-srp'
+require_relative '../../hap/hex_pad'
+require_relative '../../tlv'
+require_relative 'application_controller'
+
+module RubyHome
+  module HTTP
+    class PairSetupsController < ApplicationController
+      post '/pair-setup' do
+        content_type 'application/pairing+tlv8'
+
+        case unpack_request['kTLVType_State']
+        when 1
+          srp_start_response
+        when 3
+          srp_verify_response
+        when 5
+          exchange_response
+        end
+      end
+
+      private
+
+      def srp_start_response
+        username = 'Pair-Setup'
+        password = '031-45-154'
+
+        auth = srp_verifier.generate_userauth(username, password)
+
+        verifier = auth[:verifier]
+        salt = auth[:salt]
+
+        challenge_and_proof = srp_verifier.get_challenge_and_proof(username, verifier, salt)
+        store_proof(challenge_and_proof[:proof])
+
+        TLV.pack({
+          'kTLVType_Salt' => challenge_and_proof[:challenge][:salt],
+          'kTLVType_PublicKey' => challenge_and_proof[:challenge][:B],
+          'kTLVType_State' => 2
+        })
+      end
+
+      def srp_verify_response
+        proof = retrieve_proof.dup
+        proof[:A] = unpack_request['kTLVType_PublicKey']
+
+        client_m1_proof = unpack_request['kTLVType_Proof']
+        server_m2_proof = srp_verifier.verify_session(proof, unpack_request['kTLVType_Proof'])
+
+        store_session_key(srp_verifier.K)
+        forget_proof!
+
+        TLV.pack({
+          'kTLVType_State' => 4,
+          'kTLVType_Proof' => server_m2_proof
+        })
+      end
+
+      def exchange_response
+        encrypted_data = unpack_request['kTLVType_EncryptedData']
+
+        hkdf = HAP::HKDFEncryption.new(info: 'Pair-Setup-Encrypt-Info', salt: 'Pair-Setup-Encrypt-Salt')
+        key = hkdf.encrypt([session_key].pack('H*'))
+
+        chacha20poly1305ietf = RbNaCl::AEAD::ChaCha20Poly1305IETF.new(key)
+
+        nonce = HAP::HexPad.pad('PS-Msg05')
+        decrypted_data = chacha20poly1305ietf.decrypt(nonce, [encrypted_data].pack('H*'), nil)
+        unpacked_decrypted_data = TLV.unpack(decrypted_data)
+
+        iosdevicepairingid = unpacked_decrypted_data['kTLVType_Identifier']
+        iosdevicesignature = unpacked_decrypted_data['kTLVType_Signature']
+        iosdeviceltpk = unpacked_decrypted_data['kTLVType_PublicKey']
+
+        hkdf = HAP::HKDFEncryption.new(info: 'Pair-Setup-Controller-Sign-Info', salt: 'Pair-Setup-Controller-Sign-Salt')
+        iosdevicex = hkdf.encrypt([session_key].pack('H*'))
+
+        iosdeviceinfo = [
+          iosdevicex.unpack('H*'),
+          TLV::Utf8.pack(iosdevicepairingid),
+          iosdeviceltpk
+        ].join
+        verify_key = RbNaCl::Signatures::Ed25519::VerifyKey.new([iosdeviceltpk].pack('H*'))
+
+        if verify_key.verify([iosdevicesignature].pack('H*'), [iosdeviceinfo].pack('H*'))
+          hkdf = HAP::HKDFEncryption.new(info: 'Pair-Setup-Accessory-Sign-Info', salt: 'Pair-Setup-Accessory-Sign-Salt')
+          accessory_x = hkdf.encrypt([session_key].pack('H*'))
+
+          signing_key = accessory_info.signing_key
+          accessoryltpk = signing_key.verify_key.to_bytes.unpack('H*')[0]
+          accessoryinfo = [
+            accessory_x.unpack('H*'),
+            TLV::Utf8.pack(accessory_info.device_id),
+            accessoryltpk
+          ].join
+
+          accessorysignature = signing_key.sign([accessoryinfo].pack('H*')).unpack('H*')[0]
+
+          subtlv = TLV.pack({
+            'kTLVType_Identifier' => accessory_info.device_id,
+            'kTLVType_PublicKey' => accessoryltpk,
+            'kTLVType_Signature' => accessorysignature
+          })
+
+          nonce = HAP::HexPad.pad('PS-Msg06')
+          encrypted_data = chacha20poly1305ietf.encrypt(nonce, subtlv, nil).unpack('H*')[0]
+
+          pairing_params = { admin: true, identifier: iosdevicepairingid, public_key: iosdeviceltpk }
+          accessory_info.add_paired_client pairing_params
+
+          TLV.pack({
+            'kTLVType_State' => 6,
+            'kTLVType_EncryptedData' => encrypted_data
+          })
+        end
+      end
+
+      def srp_verifier
+        @_verifier ||= RubyHome::SRP::Verifier.new
+      end
+
+      def store_proof(proof)
+        cache[:proof] = proof
+      end
+
+      def retrieve_proof
+        cache[:proof]
+      end
+
+      def forget_proof!
+        cache[:proof] = nil
+      end
+
+      def store_session_key(key)
+        cache[:session_key] = key
+      end
+
+      def session_key
+        cache[:session_key]
+      end
+    end
+  end
+end