ruby_home 0.1.0

data/lib/ruby_home/http/controllers/pair_verifies_controller.rb

@@ -0,0 +1,81 @@
+require 'x25519'
+require_relative '../../hap/hex_pad'
+require_relative '../../hap/hkdf_encryption'
+require_relative '../../tlv'
+require_relative 'application_controller'
+
+module RubyHome
+  module HTTP
+    class PairVerifiesController < ApplicationController
+      post '/pair-verify' do
+        content_type 'application/pairing+tlv8'
+
+        case unpack_request['kTLVType_State']
+        when 1
+          verify_start_response
+        when 3
+          verify_finish_response
+        end
+      end
+
+      private
+
+      def verify_start_response
+        secret_key = X25519::Scalar.generate
+        public_key = secret_key.public_key.to_bytes.unpack('H*')[0]
+        client_public_key = X25519::MontgomeryU.new([unpack_request['kTLVType_PublicKey']].pack('H*'))
+        shared_secret = secret_key.multiply(client_public_key).to_bytes
+        cache[:shared_secret] = shared_secret
+
+        accessoryinfo = [
+          public_key,
+          TLV::Utf8.pack(accessory_info.device_id),
+          client_public_key.to_bytes.unpack('H*')[0]
+        ].join
+
+        signing_key = accessory_info.signing_key
+        accessorysignature = signing_key.sign([accessoryinfo].pack('H*')).unpack('H*')[0]
+
+        subtlv = TLV.pack({
+          'kTLVType_Identifier' => accessory_info.device_id,
+          'kTLVType_Signature' => accessorysignature
+        })
+
+        hkdf = HAP::HKDFEncryption.new(info: 'Pair-Verify-Encrypt-Info', salt: 'Pair-Verify-Encrypt-Salt')
+        session_key = hkdf.encrypt(shared_secret)
+        cache[:session_key] = session_key
+
+        chacha20poly1305ietf = RbNaCl::AEAD::ChaCha20Poly1305IETF.new(session_key)
+        nonce = HAP::HexPad.pad('PV-Msg02')
+        encrypted_data = chacha20poly1305ietf.encrypt(nonce, subtlv, nil).unpack('H*')[0]
+
+        TLV.pack({
+          'kTLVType_State' => 2,
+          'kTLVType_PublicKey' => public_key,
+          'kTLVType_EncryptedData' => encrypted_data
+        })
+      end
+
+      def verify_finish_response
+        encrypted_data = unpack_request['kTLVType_EncryptedData']
+
+        chacha20poly1305ietf = RbNaCl::AEAD::ChaCha20Poly1305IETF.new(cache[:session_key])
+        nonce = HAP::HexPad.pad('PV-Msg03')
+        decrypted_data = chacha20poly1305ietf.decrypt(nonce, [encrypted_data].pack('H*'), nil)
+        unpacked_decrypted_data = TLV.unpack(decrypted_data)
+
+        if accessory_info.paired_clients.any? {|h| h[:identifier] == unpacked_decrypted_data['kTLVType_Identifier']}
+          hkdf = HAP::HKDFEncryption.new(info: 'Control-Write-Encryption-Key', salt: 'Control-Salt')
+          cache[:controller_to_accessory_key] = hkdf.encrypt(cache[:shared_secret])
+
+          hkdf = HAP::HKDFEncryption.new(info: 'Control-Read-Encryption-Key', salt: 'Control-Salt')
+          cache[:accessory_to_controller_key] = hkdf.encrypt(cache[:shared_secret])
+
+          TLV.pack({'kTLVType_State' => 4})
+        else
+          TLV.pack({'kTLVType_State' => 4, 'kTLVType_Error' => 2})
+        end
+      end
+    end
+  end
+end

data/lib/ruby_home/http/controllers/pairings_controller.rb

@@ -0,0 +1,38 @@
+require_relative 'application_controller'
+
+module RubyHome
+  module HTTP
+    class PairingsController < ApplicationController
+      post '/pairings' do
+        content_type 'application/pairing+tlv8'
+
+        case unpack_request['kTLVType_Method']
+        when 3
+          add_pairing
+        when 4
+          remove_pairing
+        end
+      end
+
+      private
+
+      def add_pairing
+        pairing_params = {
+          admin: !!unpack_request['kTLVType_Permissions'],
+          identifier: unpack_request['kTLVType_Identifier'],
+          public_key: unpack_request['kTLVType_PublicKey']
+        }
+        accessory_info.add_paired_client pairing_params
+
+        TLV.pack({'kTLVType_State' => 2})
+      end
+
+      def remove_pairing
+        accessory_info.remove_paired_client(unpack_request['kTLVType_Identifier'])
+
+        response['connection'] = 'close'
+        TLV.pack({'kTLVType_State' => 2})
+      end
+    end
+  end
+end

data/lib/ruby_home/http/hap_request.rb

@@ -0,0 +1,56 @@
+require 'webrick/httprequest'
+require_relative '../hap/http_decryption'
+
+module RubyHome
+  module HTTP
+    class HAPRequest < WEBrick::HTTPRequest
+      def initialize(*args, request_id: )
+        @_request_id = request_id
+        cache[:controller_to_accessory_count] ||= 0
+
+        super(*args)
+      end
+
+      def parse(socket=nil)
+        if decryption_time?
+          request_line = socket.read_nonblock(@buffer_size)
+
+          decrypted_request = decrypter.decrypt(request_line).join
+          cache[:controller_to_accessory_count] = decrypter.count
+
+          super(StringIO.new(decrypted_request))
+        else
+          super(socket)
+        end
+      end
+
+      def received_encrypted_request?
+        cache[:controller_to_accessory_count] >= 1
+      end
+
+      private
+
+      def decrypter
+        @_decrypter ||= RubyHome::HAP::HTTPDecryption.new(decryption_key, decrypter_params)
+      end
+
+      def decrypter_params
+        {
+          count: cache[:controller_to_accessory_count]
+        }
+      end
+
+      def decryption_time?
+        !!decryption_key
+      end
+
+      def decryption_key
+        cache[:controller_to_accessory_key]
+      end
+
+      def cache
+        GlobalCache.instance[@_request_id] ||= Cache.new
+      end
+    end
+  end
+end

data/lib/ruby_home/http/hap_response.rb

@@ -0,0 +1,57 @@
+require 'webrick/httpresponse'
+require_relative '../hap/http_encryption'
+
+module RubyHome
+  module HTTP
+    class HAPResponse < WEBrick::HTTPResponse
+      def initialize(*args, request_id: )
+        @_request_id = request_id
+        cache[:accessory_to_controller_count] ||= 0
+
+        super(*args)
+      end
+
+      def send_response(socket)
+        if encryption_time?
+          response = String.new
+          super(response)
+
+          encrypted_response = encrypter.encrypt(response).join
+          cache[:accessory_to_controller_count] = encrypter.count
+
+          _write_data(socket, encrypted_response)
+        else
+          super(socket)
+        end
+      end
+
+      attr_writer :received_encrypted_request
+
+      private
+
+      def encrypter
+        @_encrypter ||= RubyHome::HAP::HTTPEncryption.new(encryption_key, encrypter_params)
+      end
+
+      def encrypter_params
+        {
+          count: cache[:accessory_to_controller_count]
+        }
+      end
+
+      def encryption_time?
+        encryption_key && !!@received_encrypted_request
+      end
+
+      def encryption_key
+        cache[:accessory_to_controller_key]
+      end
+
+      def cache
+        GlobalCache.instance[@_request_id] ||= Cache.new
+      end
+    end
+  end
+end
+
+

data/lib/ruby_home/http/hap_server.rb

@@ -0,0 +1,65 @@
+require 'webrick/httpserver'
+require 'webrick/httpstatus'
+require_relative 'hap_request'
+require_relative 'hap_response'
+
+module RubyHome
+  module HTTP
+    class HAPServer < WEBrick::HTTPServer
+      def run(sock)
+        while true
+          res = RubyHome::HTTP::HAPResponse.new(@config, request_id: sock.object_id)
+          req = RubyHome::HTTP::HAPRequest.new(@config, request_id: sock.object_id)
+          server = self
+          begin
+            timeout = @config[:RequestTimeout]
+            while timeout > 0
+              break if sock.to_io.wait_readable(0.5)
+              break if @status != :Running
+              timeout -= 0.5
+            end
+            raise WEBrick::HTTPStatus::EOFError if timeout <= 0 || @status != :Running
+            raise WEBrick::HTTPStatus::EOFError if sock.eof?
+            req.parse(sock)
+            res.received_encrypted_request = req.received_encrypted_request?
+            res.request_method = req.request_method
+            res.request_uri = req.request_uri
+            res.request_http_version = req.http_version
+            res.keep_alive = req.keep_alive?
+            server = lookup_server(req) || self
+            if callback = server[:RequestCallback]
+              callback.call(req, res)
+            elsif callback = server[:RequestHandler]
+              msg = ':RequestHandler is deprecated, please use :RequestCallback'
+              @logger.warn(msg)
+              callback.call(req, res)
+            end
+            server.service(req, res)
+          rescue WEBrick::HTTPStatus::EOFError, WEBrick::HTTPStatus::RequestTimeout => ex
+            res.set_error(ex)
+          rescue WEBrick::HTTPStatus::Error => ex
+            @logger.error(ex.message)
+            res.set_error(ex)
+          rescue WEBrick::HTTPStatus::Status => ex
+            res.status = ex.code
+          rescue StandardError => ex
+            @logger.error(ex)
+            res.set_error(ex, true)
+          ensure
+            if req.request_line
+              if req.keep_alive? && res.keep_alive?
+                req.fixup()
+              end
+              res.send_response(sock)
+              server.access_log(@config, req, res)
+            end
+          end
+
+          break if @http_version < '1.1'
+          break unless req.keep_alive?
+          break unless res.keep_alive?
+        end
+      end
+    end
+  end
+end

data/lib/ruby_home/http/serializers/accessory_serializer.rb

@@ -0,0 +1,21 @@
+require_relative 'object_serializer'
+require_relative 'service_serializer'
+
+module RubyHome
+  module HTTP
+    class AccessorySerializer
+      include ObjectSerializer
+
+      def root
+        'accessories'
+      end
+
+      def record_hash(accessory)
+        {
+          'aid' => accessory.id,
+          'services' => ServiceSerializer.new(accessory.services).serializable_hash,
+        }
+      end
+    end
+  end
+end

data/lib/ruby_home/http/serializers/characteristic_serializer.rb

@@ -0,0 +1,26 @@
+require_relative 'object_serializer'
+
+module RubyHome
+  module HTTP
+    class CharacteristicSerializer
+      include ObjectSerializer
+
+      def record_hash(characteristic)
+        record_hash = {}
+
+        record_hash['iid'] = characteristic.instance_id
+        record_hash['type'] = characteristic.uuid
+        record_hash['perms'] = characteristic.properties.map do |property|
+          RubyHome::Characteristic::PROPERTIES[property]
+        end.compact
+        record_hash['format'] = characteristic.format
+        if characteristic.value != nil
+          record_hash['value'] = characteristic.value
+        end
+        record_hash['description'] = characteristic.description
+
+        record_hash
+      end
+    end
+  end
+end

data/lib/ruby_home/http/serializers/characteristic_value_serializer.rb

@@ -0,0 +1,21 @@
+require_relative 'object_serializer'
+
+module RubyHome
+  module HTTP
+    class CharacteristicValueSerializer
+      include ObjectSerializer
+
+      def root
+        'characteristics'
+      end
+
+      def record_hash(characteristic)
+        {
+          'aid' => characteristic.accessory_id,
+          'iid' => characteristic.instance_id,
+          'value' => characteristic.value,
+        }
+      end
+    end
+  end
+end

data/lib/ruby_home/http/serializers/object_serializer.rb

@@ -0,0 +1,39 @@
+require 'oj'
+
+module RubyHome
+  module HTTP
+    module ObjectSerializer
+      def initialize(resource)
+        if resource.respond_to?(:each) && !resource.respond_to?(:each_pair)
+          @resources = resource
+        else
+          @resource = resource
+        end
+      end
+
+      def root
+        nil
+      end
+
+      def serializable_hash
+        serializable_hash = if @resource
+          record_hash(resource)
+        elsif @resources
+          @resources.map do |resource|
+            record_hash(resource)
+          end
+        end
+
+        if root
+          {root => serializable_hash}
+        else
+          serializable_hash
+        end
+      end
+
+      def serialized_json
+        Oj.dump(serializable_hash)
+      end
+    end
+  end
+end

data/lib/ruby_home/http/serializers/service_serializer.rb

@@ -0,0 +1,20 @@
+require_relative 'characteristic_serializer'
+require_relative 'object_serializer'
+
+module RubyHome
+  module HTTP
+    class ServiceSerializer
+      include ObjectSerializer
+
+      def record_hash(service)
+        {
+          'iid' => service.instance_id,
+          'type' => service.uuid,
+          'characteristics' => CharacteristicSerializer.new(service.characteristics).serializable_hash,
+          'primary' => service.primary,
+          'hidden' => service.hidden,
+        }
+      end
+    end
+  end
+end

data/lib/ruby_home/identifier_cache.rb

@@ -0,0 +1,59 @@
+module RubyHome
+  class IdentifierCache
+    class << self
+      attr_accessor :accessories
+
+      def accessories
+        @@accessories ||= []
+      end
+
+      def reset!
+        @@accessories = []
+      end
+
+      def services
+        accessories.flat_map(&:services)
+      end
+
+      def characteristics
+        services.flat_map(&:characteristics)
+      end
+
+      def find_characteristics(attributes)
+        characteristics.select do |characteristic|
+          attributes.all? do |key, value|
+            characteristic.send(key) == value
+          end
+        end
+      end
+
+      def add_accessory(accessory)
+        return true if accessories.include?(accessory)
+
+        accessories << accessory.tap do |a|
+          a.id = accessories.size + 1
+        end
+
+      end
+
+      def add_service(service)
+        return true if services.include?(service)
+
+        accessory = service.accessory
+        accessory.services << service.tap do |s|
+          s.instance_id = accessory.next_available_instance_id
+        end
+
+      end
+
+      def add_characteristic(characteristic)
+        return true if characteristics.include?(characteristic)
+
+        service = characteristic.service
+        service.characteristics << characteristic.tap do |c|
+          c.instance_id = characteristic.accessory.next_available_instance_id
+        end
+      end
+    end
+  end
+end