ruby_home 0.1.2 → 0.1.3

data/lib/ruby_home/http/controllers/characteristics_controller.rb

@@ -1,10 +1,9 @@
 require_relative 'application_controller'
-require_relative '../serializers/characteristic_value_serializer'
 
 module RubyHome
   module HTTP
     class CharacteristicsController < ApplicationController
-      get '/characteristics' do
+      get '/' do
         content_type 'application/hap+json'
 
         if cache[:controller_to_accessory_key] && cache[:accessory_to_controller_key]
@@ -21,7 +20,7 @@ module RubyHome
         end
       end
 
-      put '/characteristics' do
+      put '/' do
         content_type 'application/hap+json'
 
         if cache[:controller_to_accessory_key] && cache[:accessory_to_controller_key]

data/lib/ruby_home/http/controllers/pair_setups_controller.rb

@@ -1,81 +1,75 @@
-require 'hkdf'
-require 'openssl'
-require 'rbnacl/libsodium'
-require 'ruby_home-srp'
-require_relative '../../hap/hex_pad'
-require_relative '../../hap/tlv'
 require_relative 'application_controller'
 
 module RubyHome
   module HTTP
     class PairSetupsController < ApplicationController
-      post '/pair-setup' do
+      post '/' do
         content_type 'application/pairing+tlv8'
 
-        case unpack_request['kTLVType_State']
+        case unpack_request[:state]
         when 1
-          srp_start_response
+          start
         when 3
-          srp_verify_response
+          verify
         when 5
-          exchange_response
+          exchange
         end
       end
 
       private
 
-      def srp_start_response
-        username = 'Pair-Setup'
-        password = '031-45-154'
+      def pairing_failed
+        clear_cache
 
-        auth = srp_verifier.generate_userauth(username, password)
+        tlv state: 4, error: 2
+      end
 
-        verifier = auth[:verifier]
-        salt = auth[:salt]
+      def start
+        start_srp = StartSRPService.new(
+          username: accessory_info.username,
+          password: accessory_info.password
+        )
 
-        challenge_and_proof = srp_verifier.get_challenge_and_proof(username, verifier, salt)
-        store_proof(challenge_and_proof[:proof])
+        cache[:srp_session] = start_srp.proof
 
-        HAP::TLV.encode({
-          'kTLVType_Salt' => [challenge_and_proof[:challenge][:salt]].pack('H*'),
-          'kTLVType_PublicKey' => [challenge_and_proof[:challenge][:B]].pack('H*'),
-          'kTLVType_State' => 2
-        })
+        tlv salt: start_srp.salt_bytes, public_key: start_srp.public_key_bytes, state: 2
       end
 
-      def srp_verify_response
-        proof = retrieve_proof.dup
-        proof[:A] = unpack_request['kTLVType_PublicKey'].unpack1('H*')
-
-        server_m2_proof = srp_verifier.verify_session(proof, unpack_request['kTLVType_Proof'].unpack1('H*'))
+      def verify
+        verify_srp = VerifySRPService.new(
+          device_proof: unpack_request[:proof],
+          srp_session: cache[:srp_session],
+          public_key: unpack_request[:public_key],
+        )
 
-        store_session_key(srp_verifier.K)
-        forget_proof!
+        if verify_srp.valid?
+          cache[:session_key] = verify_srp.session_key
+          cache.delete(:srp_session)
 
-        HAP::TLV.encode({
-          'kTLVType_State' => 4,
-          'kTLVType_Proof' => [server_m2_proof].pack('H*')
-        })
+          tlv state: 4, proof: verify_srp.server_proof
+        else
+          pairing_failed
+        end
       end
 
-      def exchange_response
-        encrypted_data = unpack_request['kTLVType_EncryptedData']
+      def exchange
+        encrypted_data = unpack_request[:encrypted_data]
 
         hkdf = HAP::Crypto::HKDF.new(info: 'Pair-Setup-Encrypt-Info', salt: 'Pair-Setup-Encrypt-Salt')
-        key = hkdf.encrypt(session_key)
+        key = hkdf.encrypt(cache[:session_key])
 
         chacha20poly1305ietf = HAP::Crypto::ChaCha20Poly1305.new(key)
 
-        nonce = HAP::HexPad.pad('PS-Msg05')
+        nonce = HexHelper.pad('PS-Msg05')
         decrypted_data = chacha20poly1305ietf.decrypt(nonce, encrypted_data)
         unpacked_decrypted_data = HAP::TLV.read(decrypted_data)
 
-        iosdevicepairingid = unpacked_decrypted_data['kTLVType_Identifier']
-        iosdevicesignature = unpacked_decrypted_data['kTLVType_Signature']
-        iosdeviceltpk = unpacked_decrypted_data['kTLVType_PublicKey']
+        iosdevicepairingid = unpacked_decrypted_data[:identifier]
+        iosdevicesignature = unpacked_decrypted_data[:signature]
+        iosdeviceltpk = unpacked_decrypted_data[:public_key]
 
         hkdf = HAP::Crypto::HKDF.new(info: 'Pair-Setup-Controller-Sign-Info', salt: 'Pair-Setup-Controller-Sign-Salt')
-        iosdevicex = hkdf.encrypt(session_key)
+        iosdevicex = hkdf.encrypt(cache[:session_key])
 
         iosdeviceinfo = [
           iosdevicex.unpack1('H*'),
@@ -86,7 +80,7 @@ module RubyHome
 
         if verify_key.verify(iosdevicesignature, [iosdeviceinfo].pack('H*'))
           hkdf = HAP::Crypto::HKDF.new(info: 'Pair-Setup-Accessory-Sign-Info', salt: 'Pair-Setup-Accessory-Sign-Salt')
-          accessory_x = hkdf.encrypt(session_key)
+          accessory_x = hkdf.encrypt(cache[:session_key])
 
           signing_key = accessory_info.signing_key
           accessoryltpk = signing_key.verify_key.to_bytes
@@ -98,48 +92,17 @@ module RubyHome
 
           accessorysignature = signing_key.sign([accessoryinfo].pack('H*'))
 
-          subtlv = HAP::TLV.encode({
-            'kTLVType_Identifier' => accessory_info.device_id,
-            'kTLVType_PublicKey' => accessoryltpk,
-            'kTLVType_Signature' => accessorysignature
-          })
+          subtlv = tlv(identifier: accessory_info.device_id, public_key: accessoryltpk, signature: accessorysignature)
 
-          nonce = HAP::HexPad.pad('PS-Msg06')
+          nonce = HexHelper.pad('PS-Msg06')
           encrypted_data = chacha20poly1305ietf.encrypt(nonce, subtlv)
 
           pairing_params = { admin: true, identifier: iosdevicepairingid, public_key: iosdeviceltpk.unpack1('H*') }
           accessory_info.add_paired_client pairing_params
 
-          HAP::TLV.encode({
-            'kTLVType_State' => 6,
-            'kTLVType_EncryptedData' => encrypted_data
-          })
+          tlv state: 6, encrypted_data: encrypted_data
         end
       end
-
-      def srp_verifier
-        @_verifier ||= RubyHome::SRP::Verifier.new
-      end
-
-      def store_proof(proof)
-        cache[:proof] = proof
-      end
-
-      def retrieve_proof
-        cache[:proof]
-      end
-
-      def forget_proof!
-        cache[:proof] = nil
-      end
-
-      def store_session_key(key)
-        cache[:session_key] = key
-      end
-
-      def session_key
-        cache[:session_key]
-      end
     end
   end
 end

data/lib/ruby_home/http/controllers/pair_verifies_controller.rb

@@ -1,16 +1,14 @@
-require 'x25519'
-require_relative '../../hap/crypto/hkdf'
-require_relative '../../hap/hex_pad'
-require_relative '../../hap/tlv'
 require_relative 'application_controller'
 
 module RubyHome
   module HTTP
     class PairVerifiesController < ApplicationController
-      post '/pair-verify' do
+      post '/' do
         content_type 'application/pairing+tlv8'
 
-        case unpack_request['kTLVType_State']
+        verify_accessory_paired
+
+        case unpack_request[:state]
         when 1
           verify_start_response
         when 3
@@ -21,10 +19,10 @@ module RubyHome
       private
 
       def verify_start_response
-        secret_key = X25519::Scalar.generate
+        secret_key = RbNaCl::PrivateKey.generate
         public_key = secret_key.public_key.to_bytes
-        client_public_key = X25519::MontgomeryU.new(unpack_request['kTLVType_PublicKey'])
-        shared_secret = secret_key.multiply(client_public_key).to_bytes
+        client_public_key = RbNaCl::PublicKey.new(unpack_request[:public_key])
+        shared_secret = RbNaCl::GroupElement.new(client_public_key).mult(secret_key).to_bytes
         cache[:shared_secret] = shared_secret
 
         accessoryinfo = [
@@ -36,46 +34,46 @@ module RubyHome
         signing_key = accessory_info.signing_key
         accessorysignature = signing_key.sign([accessoryinfo].pack('H*'))
 
-        subtlv = HAP::TLV.encode({
-          'kTLVType_Identifier' => accessory_info.device_id,
-          'kTLVType_Signature' => accessorysignature
-        })
+        subtlv = tlv(identifier: accessory_info.device_id, signature: accessorysignature)
 
         hkdf = HAP::Crypto::HKDF.new(info: 'Pair-Verify-Encrypt-Info', salt: 'Pair-Verify-Encrypt-Salt')
         session_key = hkdf.encrypt(shared_secret)
         cache[:session_key] = session_key
 
         chacha20poly1305ietf = HAP::Crypto::ChaCha20Poly1305.new(session_key)
-        nonce = HAP::HexPad.pad('PV-Msg02')
+        nonce = HexHelper.pad('PV-Msg02')
         encrypted_data = chacha20poly1305ietf.encrypt(nonce, subtlv)
 
-        HAP::TLV.encode({
-          'kTLVType_State' => 2,
-          'kTLVType_PublicKey' => public_key,
-          'kTLVType_EncryptedData' => encrypted_data
-        })
+        tlv state: 2, public_key: public_key, encrypted_data: encrypted_data
       end
 
       def verify_finish_response
-        encrypted_data = unpack_request['kTLVType_EncryptedData']
+        encrypted_data = unpack_request[:encrypted_data]
 
         chacha20poly1305ietf = HAP::Crypto::ChaCha20Poly1305.new(cache[:session_key])
-        nonce = HAP::HexPad.pad('PV-Msg03')
+        nonce = HexHelper.pad('PV-Msg03')
         decrypted_data = chacha20poly1305ietf.decrypt(nonce, encrypted_data)
         unpacked_decrypted_data = HAP::TLV.read(decrypted_data)
 
-        if accessory_info.paired_clients.any? {|h| h[:identifier] == unpacked_decrypted_data['kTLVType_Identifier']}
+        if accessory_info.paired_clients.any? {|h| h[:identifier] == unpacked_decrypted_data[:identifier]}
           hkdf = HAP::Crypto::HKDF.new(info: 'Control-Write-Encryption-Key', salt: 'Control-Salt')
           cache[:controller_to_accessory_key] = hkdf.encrypt(cache[:shared_secret])
 
           hkdf = HAP::Crypto::HKDF.new(info: 'Control-Read-Encryption-Key', salt: 'Control-Salt')
           cache[:accessory_to_controller_key] = hkdf.encrypt(cache[:shared_secret])
 
-          HAP::TLV.encode({'kTLVType_State' => 4})
+          cache.delete(:session_key)
+          cache.delete(:shared_secret)
+
+          tlv state: 4
         else
-          HAP::TLV.encode({'kTLVType_State' => 4, 'kTLVType_Error' => 2})
+          tlv state: 4, error: 2
         end
       end
+
+      def verify_accessory_paired
+        halt 403 unless accessory_info.paired?
+      end
     end
   end
 end

data/lib/ruby_home/http/controllers/pairings_controller.rb

@@ -3,10 +3,10 @@ require_relative 'application_controller'
 module RubyHome
   module HTTP
     class PairingsController < ApplicationController
-      post '/pairings' do
+      post '/' do
         content_type 'application/pairing+tlv8'
 
-        case unpack_request['kTLVType_Method']
+        case unpack_request[:method]
         when 3
           add_pairing
         when 4
@@ -18,20 +18,20 @@ module RubyHome
 
       def add_pairing
         pairing_params = {
-          admin: !!unpack_request['kTLVType_Permissions'],
-          identifier: unpack_request['kTLVType_Identifier'],
-          public_key: unpack_request['kTLVType_PublicKey'].unpack1('H*')
+          admin: !!unpack_request[:permissions],
+          identifier: unpack_request[:identifier],
+          public_key: unpack_request[:public_key].unpack1('H*')
         }
         accessory_info.add_paired_client pairing_params
 
-        HAP::TLV.encode({'kTLVType_State' => 2})
+        tlv state: 2
       end
 
       def remove_pairing
-        accessory_info.remove_paired_client(unpack_request['kTLVType_Identifier'])
+        accessory_info.remove_paired_client(unpack_request[:identifier])
 
         response['connection'] = 'close'
-        HAP::TLV.encode({'kTLVType_State' => 2})
+        tlv state: 2
       end
     end
   end

data/lib/ruby_home/http/hap_request.rb

@@ -1,11 +1,7 @@
-require 'webrick/httprequest'
-require_relative '../hap/http_decryption'
-
 module RubyHome
   module HTTP
     class HAPRequest < WEBrick::HTTPRequest
-      def initialize(*args, request_id: )
-        @_request_id = request_id
+      def initialize(*args)
         cache[:controller_to_accessory_count] ||= 0
 
         super(*args)
@@ -49,7 +45,7 @@ module RubyHome
       end
 
       def cache
-        GlobalCache.instance[@_request_id] ||= Cache.new
+        RequestStore.store
       end
     end
   end

data/lib/ruby_home/http/hap_response.rb

@@ -1,11 +1,7 @@
-require 'webrick/httpresponse'
-require_relative '../hap/http_encryption'
-
 module RubyHome
   module HTTP
     class HAPResponse < WEBrick::HTTPResponse
-      def initialize(*args, request_id: )
-        @_request_id = request_id
+      def initialize(*args)
         cache[:accessory_to_controller_count] ||= 0
 
         super(*args)
@@ -48,10 +44,8 @@ module RubyHome
       end
 
       def cache
-        GlobalCache.instance[@_request_id] ||= Cache.new
+        RequestStore.store
       end
     end
   end
 end
-
-

data/lib/ruby_home/http/hap_server.rb

@@ -1,26 +1,21 @@
-require 'webrick/httpserver'
-require 'webrick/httpstatus'
-require_relative 'hap_request'
-require_relative 'hap_response'
-
 module RubyHome
   module HTTP
     class HAPServer < WEBrick::HTTPServer
-      def run(sock)
+      def run(socket)
         while true
-          res = RubyHome::HTTP::HAPResponse.new(@config, request_id: sock.object_id)
-          req = RubyHome::HTTP::HAPRequest.new(@config, request_id: sock.object_id)
+          res = RubyHome::HTTP::HAPResponse.new(@config)
+          req = RubyHome::HTTP::HAPRequest.new(@config)
           server = self
           begin
             timeout = @config[:RequestTimeout]
             while timeout > 0
-              break if sock.to_io.wait_readable(0.5)
+              break if socket.to_io.wait_readable(0.5)
               break if @status != :Running
               timeout -= 0.5
             end
             raise WEBrick::HTTPStatus::EOFError if timeout <= 0 || @status != :Running
-            raise WEBrick::HTTPStatus::EOFError if sock.eof?
-            req.parse(sock)
+            raise WEBrick::HTTPStatus::EOFError if socket.eof?
+            req.parse(socket)
             res.received_encrypted_request = req.received_encrypted_request?
             res.request_method = req.request_method
             res.request_uri = req.request_uri
@@ -50,7 +45,7 @@ module RubyHome
               if req.keep_alive? && res.keep_alive?
                 req.fixup()
               end
-              res.send_response(sock)
+              res.send_response(socket)
               server.access_log(@config, req, res)
             end
           end

data/lib/ruby_home/http/serializers/object_serializer.rb

@@ -1,5 +1,3 @@
-require 'oj'
-
 module RubyHome
   module HTTP
     module ObjectSerializer

data/lib/ruby_home/http/services/start_srp_service.rb

@@ -0,0 +1,46 @@
+class StartSRPService
+  def initialize(username: , password:)
+    @username = username
+    @password = password
+  end
+
+  def salt_bytes
+    [salt].pack('H*')
+  end
+
+  def public_key_bytes
+    [public_key].pack('H*')
+  end
+
+  def proof
+    challenge_and_proof[:proof]
+  end
+
+  private
+
+  def salt
+    user_auth[:salt]
+  end
+
+  def public_key
+    challenge[:B]
+  end
+
+  def challenge
+    challenge_and_proof[:challenge]
+  end
+
+  def challenge_and_proof
+    srp_verifier.get_challenge_and_proof(username, user_auth[:verifier], user_auth[:salt])
+  end
+
+  def user_auth
+    @_user_auth ||= srp_verifier.generate_userauth(username, password)
+  end
+
+  def srp_verifier
+    @_verifier ||= RubyHome::SRP::Verifier.new
+  end
+
+  attr_reader :username, :password
+end

data/lib/ruby_home/http/services/verify_srp_service.rb

@@ -0,0 +1,55 @@
+class VerifySRPService
+  def initialize(public_key: , device_proof: , srp_session: )
+    @device_proof = device_proof
+    @srp_session = srp_session
+    @public_key = public_key
+  end
+
+  def valid?
+    return false unless public_key
+    return false unless device_proof
+    return false unless srp_session
+    return false unless valid_session?
+
+    true
+  end
+
+  def session_key
+    srp_verifier.K
+  end
+
+  def server_proof
+    verify_session_bytes
+  end
+
+  private
+
+  def valid_session?
+    !!verify_session
+  end
+
+  def verify_session_bytes
+    [verify_session].pack('H*')
+  end
+
+  def verify_session
+    @_verify_session ||= srp_verifier.verify_session(
+      srp_session.merge({A: public_key_bytes}),
+      device_proof_bytes
+    )
+  end
+
+  def public_key_bytes
+    public_key.unpack1('H*')
+  end
+
+  def device_proof_bytes
+    device_proof.unpack1('H*')
+  end
+
+  def srp_verifier
+    @_verifier ||= RubyHome::SRP::Verifier.new
+  end
+
+  attr_reader :public_key, :device_proof, :srp_session
+end

data/lib/ruby_home/rack/handler/hap_server.rb

@@ -1,6 +1,3 @@
-require 'webrick'
-require_relative '../../http/hap_server'
-
 module RubyHome
   module Rack
     module Handler
@@ -11,10 +8,8 @@ module RubyHome
 
           options[:BindAddress] = options.delete(:Host) || default_host
           options[:Port] ||= 8080
-          unless ENV['DEBUG']
-            options[:Logger] = WEBrick::Log.new("/dev/null")
-            options[:AccessLog] = []
-          end
+          options[:Logger] = WEBrick::Log.new("/dev/null")
+          options[:AccessLog] = []
           @server = HTTP::HAPServer.new(options)
           @server.mount '/', Handler::HAPServer, app
           yield @server  if block_given?

data/lib/ruby_home/version.rb

@@ -1,3 +1,3 @@
 module RubyHome
-  VERSION = '0.1.2'
+  VERSION = '0.1.3'
 end