@basmilius/apple-common 0.0.80 → 0.0.81

package/dist/index.js

@@ -1,2 +1,813 @@
-var k=Object.defineProperty;var R=(e,r)=>{for(var o in r)k(e,o,{get:r[o],enumerable:!0,configurable:!0,set:(t)=>r[o]=()=>t})};import{v4 as ur}from"uuid";var l={};R(l,{padNonce:()=>w,encrypt:()=>z,decrypt:()=>W,CHACHA20_NONCE_LENGTH:()=>S,CHACHA20_AUTH_TAG_LENGTH:()=>G});import{createCipher as H,createDecipher as Y}from"chacha";var G=16,S=12;function W(e,r,o,t,n){r=w(r);let i=Y(e,r);o&&i.setAAD(o),i.setAuthTag(n);let a=i._update(t);return i._final(),a}function z(e,r,o,t){r=w(r);let n=H(e,r);o&&n.setAAD(o);let i=n._update(t);n._final();let a=n.getAuthTag();return{ciphertext:i,authTag:a}}function w(e){if(e.length>=S)return e;return Buffer.concat([Buffer.alloc(S-e.length,0),e])}var m={};R(m,{generateSharedSecKey:()=>Q,generateKeyPair:()=>J});import D from"tweetnacl";function J(){let e=D.box.keyPair();return{publicKey:e.publicKey,secretKey:e.secretKey}}function Q(e,r){return D.scalarMult(e,r)}import{hkdfSync as Z}from"node:crypto";function f(e){return Buffer.from(Z(e.hash,e.key,e.salt,e.info,e.length))}import oe from"node-dns-sd";import{createInterface as j}from"node:readline";var _=j({input:process.stdin,output:process.stdout});async function ee(e){return await new Promise((r)=>_.question(`${e}: `,r))}async function I(e){return new Promise((r)=>setTimeout(r,e))}class C{#e=[];all(){this.#e=["debug","error","info","net","raw","warn"]}disable(e){if(this.#e.includes(e))this.#e.splice(this.#e.indexOf(e),1)}enable(e){if(!this.#e.includes(e))this.#e.push(e)}isEnabled(e){return this.#e.includes(e)}debug(...e){this.isEnabled("debug")&&console.debug("\x1B[36m[debug]\x1B[39m",...e)}error(...e){this.isEnabled("error")&&console.error("\x1B[31m[error]\x1B[39m",...e)}info(...e){this.isEnabled("info")&&console.info("\x1B[32m[info]\x1B[39m",...e)}net(...e){this.isEnabled("net")&&console.info("\x1B[33m[net]\x1B[39m",...e)}raw(...e){this.isEnabled("raw")&&console.log("\x1B[34m[raw]\x1B[39m",...e)}warn(...e){this.isEnabled("warn")&&console.warn("\x1B[33m[warn]\x1B[39m",...e)}}var c=new C;var K="3939",re=6000,L=1e4,v="_airplay._tcp.local",V="_companion-link._tcp.local",M="_raop._tcp.local";class d{#e;constructor(e){this.#e=e}async find(){return await oe.discover({name:this.#e})}async findUntil(e,r=10,o=1000){while(r>0){let t=await this.find(),n=t.find((i)=>i.fqdn===e);if(n)return n;if(console.log(),console.log(`Device not found, retrying in ${o}ms...`),console.log(t.map((i)=>` ● ${i.fqdn}`).join(`
-`)),r--,r===0)throw Error("Device not found after serveral tries, aborting.");await I(o)}}static airplay(){return new d(v)}static companionLink(){return new d(V)}static raop(){return new d(M)}}import{networkInterfaces as te}from"node:os";function x(){let e=te();for(let r of Object.keys(e)){let o=e[r];if(!o)continue;for(let t of o){if(t.internal||t.family!=="IPv4")continue;if(t.address&&t.address!=="127.0.0.1")return t.address}}return null}import{networkInterfaces as se}from"node:os";function F(){let e=se();for(let r of Object.keys(e)){let o=e[r];if(!o)continue;for(let t of o){if(t.internal||t.family!=="IPv4")continue;if(t.mac&&t.mac!=="00:00:00:00:00:00")return t.mac.toUpperCase()}}return"00:00:00:00:00:00"}import{createSocket as ne}from"node:dgram";import{NTP as B}from"@basmilius/apple-encoding";class N{get port(){return this.#t}#e;#t=0;constructor(){this.#e=ne("udp4"),this.#e.on("error",(e)=>this.#s(e)),this.#e.on("message",(e,r)=>this.#n(e,r))}async close(){this.#e.close(),this.#t=0}async listen(){return new Promise((e)=>{this.#e.once("listening",()=>this.#a()),this.#e.bind(0,e)})}async#s(e){c.error("Timing server error",e)}async#a(){let{port:e}=this.#e.address();this.#t=e}async#n(e,r){let o=B.decode(e),t=B.now(),[n,i]=B.parts(t);c.info(`Timing server ntp=${t} receivedSeconds=${n} receivedFraction=${i}`);let a=B.encode({proto:o.proto,type:211,seqno:o.seqno,padding:0,reftime_sec:o.sendtime_sec,reftime_frac:o.sendtime_frac,recvtime_sec:n,recvtime_frac:i,sendtime_sec:n,sendtime_frac:i});this.#e.send(a,r.port,r.address)}}import{EventEmitter as ie}from"node:events";import{Socket as ae}from"node:net";var h=Symbol();class A extends ie{get address(){return this.#e}get port(){return this.#t}get isConnected(){return this.#o==="connected"}get state(){return this.#o}#e;#t;#s;#a=!1;#n=0;#i=3;#u=!0;#l=3000;#f;#r;#o;#c;constructor(e,r){super();this.#e=e,this.#t=r,this.#s={onClose:this.#p.bind(this),onConnect:this.#h.bind(this),onData:this.#g.bind(this),onEnd:this.#P.bind(this),onError:this.#B.bind(this),onTimeout:this.#b.bind(this)},this.#o="disconnected"}async connect(){if(this.#o==="connected")return;if(this.#o==="connecting")throw Error("A connection is already being established.");return this.#u=!0,this.#n=0,this.#d()}async disconnect(){if(this.#f)clearTimeout(this.#f),this.#f=void 0;if(this.#u=!1,!this.#r||this.#o==="disconnected")return;return new Promise((e)=>{this.#o="closing",this.#r.once("close",()=>{this.#m(),e()}),this.#r.end()})}debug(e){return this.#a=e,this}retry(e,r=3000){return this.#i=e,this.#l=r,this}async write(e){if(!this.#r||this.#o!=="connected")throw Error("Cannot write to a disconnected connection.");return new Promise((r,o)=>{this.#r.write(e,(t)=>t?o(t):r())})}async#d(){return new Promise((e,r)=>{this.#o="connecting",this.#c={resolve:e,reject:r},this.#r=new ae,this.#r.setTimeout(L),this.#r.on("close",this.#s.onClose),this.#r.on("connect",this.#s.onConnect),this.#r.on("data",this.#s.onData),this.#r.on("end",this.#s.onEnd),this.#r.on("error",this.#s.onError),this.#r.on("timeout",this.#s.onTimeout),c.net(`Connecting to ${this.#e}:${this.#t}...`),this.#r.connect({host:this.#e,port:this.#t,keepAlive:!0})})}#m(){if(this.#r)this.#r.removeAllListeners(),this.#r.destroy(),this.#r=void 0;this.#o="disconnected",this.#c=void 0}#y(e){if(!this.#u||this.#n>=this.#i){this.#o="failed",this.#c?.reject(e),this.#c=void 0;return}this.#n++,c.net(`Retry attempt ${this.#n} / ${this.#i} in ${this.#l}ms...`);let{resolve:r,reject:o}=this.#c;this.#m(),this.#f=setTimeout(async()=>{this.#f=void 0;try{this.#c={resolve:r,reject:o},await this.#d(),r()}catch(t){}},this.#l)}#p(e){let r=this.#o==="connected";if(this.#o!=="closing")this.#o="disconnected";if(this.emit("close",e),r&&this.#u&&e)this.#y(Error("Connection closed unexpectedly."))}#h(){this.#o="connected",this.#n=0,this.#r.setKeepAlive(!0,1e4),this.#r.setTimeout(0),this.emit("connect"),this.#c?.resolve(),this.#c=void 0}#g(e){if(this.#a){let r=Math.min(e.byteLength,64);c.debug(`Received ${e.byteLength} bytes of data.`),c.debug(`hex=${e.subarray(0,r).toString("hex")}`),c.debug(`ascii=${e.toString("ascii").replace(/[^\x20-\x7E]/g,".").substring(0,r)}`)}this.emit("data",e)}#P(){this.emit("end")}#B(e){if(c.error(`Connection error: ${e.message}`),this.emit("error",e),this.#o==="connecting")this.#y(e);else this.#o="failed"}#b(){c.error("Connection timed out.");let e=Error("Connection timed out.");if(this.emit("timeout"),this.emit("error",e),this.#o==="connecting")this.#y(e);else this.#o="failed",this.#r?.destroy()}}class U extends A{get isEncrypted(){return!!this[h]}[h];async enableEncryption(e,r){this[h]=new E(e,r)}}class E{readKey;readCount;writeKey;writeCount;constructor(e,r){this.readCount=0,this.readKey=e,this.writeCount=0,this.writeKey=r}}import{OPack as ce,TLV8 as s}from"@basmilius/apple-encoding";import{SRP as q,SrpClient as fe}from"fast-srp-hap";import{v4 as ue}from"uuid";import g from"tweetnacl";class O{#e;#t;#s;#a;#n;#i;constructor(e){this.#e="basmilius/apple-protocols",this.#t=Buffer.from(ue().toUpperCase()),this.#s=e}async start(){let e=g.sign.keyPair();this.#a=Buffer.from(e.publicKey),this.#n=Buffer.from(e.secretKey)}async pin(e){let r=await this.m1(),o=await this.m2(r,await e()),t=await this.m3(o),n=await this.m4(t),i=await this.m5(n),a=await this.m6(n,i);if(!a)throw Error("Pairing failed, could not get accessory keys.");return a}async transient(){let e=await this.m1([[s.Value.Flags,s.Flags.TransientPairing]]),r=await this.m2(e),o=await this.m3(r),t=await this.m4(o),n=f({hash:"sha512",key:t.sharedSecret,length:32,salt:Buffer.from("Control-Salt"),info:Buffer.from("Control-Read-Encryption-Key")}),i=f({hash:"sha512",key:t.sharedSecret,length:32,salt:Buffer.from("Control-Salt"),info:Buffer.from("Control-Write-Encryption-Key")});return{pairingId:this.#t,sharedSecret:t.sharedSecret,accessoryToControllerKey:n,controllerToAccessoryKey:i}}async m1(e=[]){let r=await this.#s("m1",s.encode([[s.Value.Method,s.Method.PairSetup],[s.Value.State,s.State.M1],...e])),o=b(r),t=o.get(s.Value.PublicKey),n=o.get(s.Value.Salt);return{publicKey:t,salt:n}}async m2(e,r=K){let o=await q.genKey(32);this.#i=new fe(q.params.hap,e.salt,Buffer.from("Pair-Setup"),Buffer.from(r),o,!0),this.#i.setB(e.publicKey);let t=this.#i.computeA(),n=this.#i.computeM1();return{publicKey:t,proof:n}}async m3(e){let r=await this.#s("m3",s.encode([[s.Value.State,s.State.M3],[s.Value.PublicKey,e.publicKey],[s.Value.Proof,e.proof]]));return{serverProof:b(r).get(s.Value.Proof)}}async m4(e){return this.#i.checkM2(e.serverProof),{sharedSecret:this.#i.computeK()}}async m5(e){let r=f({hash:"sha512",key:e.sharedSecret,length:32,salt:Buffer.from("Pair-Setup-Controller-Sign-Salt","utf8"),info:Buffer.from("Pair-Setup-Controller-Sign-Info","utf8")}),o=f({hash:"sha512",key:e.sharedSecret,length:32,salt:Buffer.from("Pair-Setup-Encrypt-Salt","utf8"),info:Buffer.from("Pair-Setup-Encrypt-Info","utf8")}),t=Buffer.concat([r,this.#t,this.#a]),n=g.sign.detached(t,this.#n),i=s.encode([[s.Value.Identifier,this.#t],[s.Value.PublicKey,this.#a],[s.Value.Signature,Buffer.from(n)],[s.Value.Name,Buffer.from(ce.encode({name:this.#e}))]]),{authTag:a,ciphertext:y}=l.encrypt(o,Buffer.from("PS-Msg05"),null,i),u=Buffer.concat([y,a]),p=await this.#s("m5",s.encode([[s.Value.State,s.State.M5],[s.Value.EncryptedData,u]])),P=b(p).get(s.Value.EncryptedData),X=P.subarray(0,-16);return{authTag:P.subarray(-16),data:X,sessionKey:o}}async m6(e,r){let o=l.decrypt(r.sessionKey,Buffer.from("PS-Msg06"),null,r.data,r.authTag),t=s.decode(o),n=t.get(s.Value.Identifier),i=t.get(s.Value.PublicKey),a=t.get(s.Value.Signature),y=f({hash:"sha512",key:e.sharedSecret,length:32,salt:Buffer.from("Pair-Setup-Accessory-Sign-Salt"),info:Buffer.from("Pair-Setup-Accessory-Sign-Info")}),u=Buffer.concat([y,n,i]);if(!g.sign.detached.verify(u,a,i))throw Error("Invalid accessory signature.");return{accessoryIdentifier:n.toString(),accessoryLongTermPublicKey:i,pairingId:this.#t,publicKey:this.#a,secretKey:this.#n}}}class ${#e;#t;constructor(e){this.#e=m.generateKeyPair(),this.#t=e}async start(e){let r=await this.#s(),o=await this.#a(e.accessoryIdentifier,e.accessoryLongTermPublicKey,r);return await this.#n(e.pairingId,e.secretKey,o),await this.#i(o,e.pairingId)}async#s(){let e=await this.#t("m1",s.encode([[s.Value.State,s.State.M1],[s.Value.PublicKey,Buffer.from(this.#e.publicKey)]])),r=b(e),o=r.get(s.Value.PublicKey);return{encryptedData:r.get(s.Value.EncryptedData),serverPublicKey:o}}async#a(e,r,o){let t=Buffer.from(m.generateSharedSecKey(this.#e.secretKey,o.serverPublicKey)),n=f({hash:"sha512",key:t,length:32,salt:Buffer.from("Pair-Verify-Encrypt-Salt"),info:Buffer.from("Pair-Verify-Encrypt-Info")}),i=o.encryptedData.subarray(0,-16),a=o.encryptedData.subarray(-16),y=l.decrypt(n,Buffer.from("PV-Msg02"),null,i,a),u=s.decode(y),p=u.get(s.Value.Identifier),T=u.get(s.Value.Signature);if(p.toString()!==e)throw Error(`Invalid accessory identifier. Expected ${p.toString()} to be ${e}.`);let P=Buffer.concat([o.serverPublicKey,p,this.#e.publicKey]);if(!g.sign.detached.verify(P,T,r))throw Error("Invalid accessory signature.");return{serverEphemeralPublicKey:o.serverPublicKey,sessionKey:n,sharedSecret:t}}async#n(e,r,o){let t=Buffer.concat([this.#e.publicKey,e,o.serverEphemeralPublicKey]),n=Buffer.from(g.sign.detached(t,r)),i=s.encode([[s.Value.Identifier,e],[s.Value.Signature,n]]),{authTag:a,ciphertext:y}=l.encrypt(o.sessionKey,Buffer.from("PV-Msg03"),null,i),u=Buffer.concat([y,a]);return await this.#t("m3",s.encode([[s.Value.State,s.State.M3],[s.Value.EncryptedData,u]])),{}}async#i(e,r){return{accessoryToControllerKey:Buffer.alloc(0),controllerToAccessoryKey:Buffer.alloc(0),pairingId:r,sharedSecret:e.sharedSecret}}}function b(e){let r=s.decode(e);if(r.has(s.Value.Error))s.bail(r);return c.raw("Decoded TLV",r),r}function le(e){let r=Buffer.alloc(2);return r.writeUInt16BE(e,0),r}function ye(e){let[r,o]=de(e),t=Buffer.alloc(8);return t.writeUInt32LE(o,0),t.writeUInt32LE(r,4),t}function de(e){if(e<=-1||e>9007199254740991)throw Error("Number out of range.");if(Math.floor(e)!==e)throw Error("Number is not an integer.");let t=0,n=e&4294967295,i=n<0?(e&2147483647)+2147483648:n;if(e>4294967295)t=(e-i)/4294967296;return[t,i]}export{I as waitFor,ur as uuid,ye as uint53ToLE,le as uint16ToBE,c as reporter,ee as prompt,f as hkdf,F as getMacAddress,x as getLocalIP,_ as cli,N as TimingServer,M as RAOP_SERVICE,re as HTTP_TIMEOUT,E as EncryptionState,U as EncryptionAwareConnection,h as ENCRYPTION,d as Discovery,m as Curve25519,A as Connection,l as Chacha20,V as COMPANION_LINK_SERVICE,$ as AccessoryVerify,O as AccessoryPair,K as AIRPLAY_TRANSIENT_PIN,v as AIRPLAY_SERVICE};
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
+
+// src/index.ts
+import {
+  v4
+} from "uuid";
+
+// src/crypto/chacha20.ts
+var exports_chacha20 = {};
+__export(exports_chacha20, {
+  padNonce: () => padNonce,
+  encrypt: () => encrypt,
+  decrypt: () => decrypt,
+  CHACHA20_NONCE_LENGTH: () => CHACHA20_NONCE_LENGTH,
+  CHACHA20_AUTH_TAG_LENGTH: () => CHACHA20_AUTH_TAG_LENGTH
+});
+import { createCipher, createDecipher } from "chacha";
+var CHACHA20_AUTH_TAG_LENGTH = 16;
+var CHACHA20_NONCE_LENGTH = 12;
+function decrypt(key, nonce, add, ciphertext, authTag) {
+  nonce = padNonce(nonce);
+  const decipher = createDecipher(key, nonce);
+  add && decipher.setAAD(add);
+  decipher.setAuthTag(authTag);
+  const plaintext = decipher._update(ciphertext);
+  decipher._final();
+  return plaintext;
+}
+function encrypt(key, nonce, aad, plaintext) {
+  nonce = padNonce(nonce);
+  const cipher = createCipher(key, nonce);
+  aad && cipher.setAAD(aad);
+  const ciphertext = cipher._update(plaintext);
+  cipher._final();
+  const authTag = cipher.getAuthTag();
+  return {
+    ciphertext,
+    authTag
+  };
+}
+function padNonce(nonce) {
+  if (nonce.length >= CHACHA20_NONCE_LENGTH) {
+    return nonce;
+  }
+  return Buffer.concat([
+    Buffer.alloc(CHACHA20_NONCE_LENGTH - nonce.length, 0),
+    nonce
+  ]);
+}
+// src/crypto/curve25519.ts
+var exports_curve25519 = {};
+__export(exports_curve25519, {
+  generateSharedSecKey: () => generateSharedSecKey,
+  generateKeyPair: () => generateKeyPair
+});
+import tweetnacl from "tweetnacl";
+function generateKeyPair() {
+  const keyPair = tweetnacl.box.keyPair();
+  return {
+    publicKey: keyPair.publicKey,
+    secretKey: keyPair.secretKey
+  };
+}
+function generateSharedSecKey(priKey, pubKey) {
+  return tweetnacl.scalarMult(priKey, pubKey);
+}
+// src/crypto/hkdf.ts
+import { hkdfSync } from "node:crypto";
+function hkdf_default(options) {
+  return Buffer.from(hkdfSync(options.hash, options.key, options.salt, options.info, options.length));
+}
+// src/discovery/discovery.ts
+import mdns from "node-dns-sd";
+
+// src/cli.ts
+import { createInterface } from "node:readline";
+var cli = createInterface({
+  input: process.stdin,
+  output: process.stdout
+});
+async function prompt(message) {
+  return await new Promise((resolve) => cli.question(`${message}: `, resolve));
+}
+async function waitFor(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+class Reporter {
+  #enabled = [];
+  all() {
+    this.#enabled = ["debug", "error", "info", "net", "raw", "warn"];
+  }
+  disable(group) {
+    if (this.#enabled.includes(group)) {
+      this.#enabled.splice(this.#enabled.indexOf(group), 1);
+    }
+  }
+  enable(group) {
+    if (!this.#enabled.includes(group)) {
+      this.#enabled.push(group);
+    }
+  }
+  isEnabled(group) {
+    return this.#enabled.includes(group);
+  }
+  debug(...data) {
+    this.isEnabled("debug") && console.debug(`\x1B[36m[debug]\x1B[39m`, ...data);
+  }
+  error(...data) {
+    this.isEnabled("error") && console.error(`\x1B[31m[error]\x1B[39m`, ...data);
+  }
+  info(...data) {
+    this.isEnabled("info") && console.info(`\x1B[32m[info]\x1B[39m`, ...data);
+  }
+  net(...data) {
+    this.isEnabled("net") && console.info(`\x1B[33m[net]\x1B[39m`, ...data);
+  }
+  raw(...data) {
+    this.isEnabled("raw") && console.log(`\x1B[34m[raw]\x1B[39m`, ...data);
+  }
+  warn(...data) {
+    this.isEnabled("warn") && console.warn(`\x1B[33m[warn]\x1B[39m`, ...data);
+  }
+}
+var reporter = new Reporter;
+
+// src/const.ts
+var AIRPLAY_TRANSIENT_PIN = "3939";
+var HTTP_TIMEOUT = 6000;
+var SOCKET_TIMEOUT = 1e4;
+var AIRPLAY_SERVICE = "_airplay._tcp.local";
+var COMPANION_LINK_SERVICE = "_companion-link._tcp.local";
+var RAOP_SERVICE = "_raop._tcp.local";
+
+// src/discovery/discovery.ts
+class Discovery {
+  #service;
+  constructor(service) {
+    this.#service = service;
+  }
+  async find() {
+    return await mdns.discover({
+      name: this.#service
+    });
+  }
+  async findUntil(fqdn, tries = 10, timeout = 1000) {
+    while (tries > 0) {
+      const devices = await this.find();
+      const device = devices.find((device2) => device2.fqdn === fqdn);
+      if (device) {
+        return device;
+      }
+      console.log();
+      console.log(`Device not found, retrying in ${timeout}ms...`);
+      console.log(devices.map((d) => ` ● ${d.fqdn}`).join(`
+`));
+      tries--;
+      if (tries === 0) {
+        throw new Error("Device not found after serveral tries, aborting.");
+      }
+      await waitFor(timeout);
+    }
+  }
+  static airplay() {
+    return new Discovery(AIRPLAY_SERVICE);
+  }
+  static companionLink() {
+    return new Discovery(COMPANION_LINK_SERVICE);
+  }
+  static raop() {
+    return new Discovery(RAOP_SERVICE);
+  }
+}
+// src/net/getLocalIP.ts
+import { networkInterfaces } from "node:os";
+function getLocalIP_default() {
+  const interfaces = networkInterfaces();
+  for (const name of Object.keys(interfaces)) {
+    const iface = interfaces[name];
+    if (!iface) {
+      continue;
+    }
+    for (const net of iface) {
+      if (net.internal || net.family !== "IPv4") {
+        continue;
+      }
+      if (net.address && net.address !== "127.0.0.1") {
+        return net.address;
+      }
+    }
+  }
+  return null;
+}
+// src/net/getMacAddress.ts
+import { networkInterfaces as networkInterfaces2 } from "node:os";
+function getMacAddress_default() {
+  const interfaces = networkInterfaces2();
+  for (const name of Object.keys(interfaces)) {
+    const iface = interfaces[name];
+    if (!iface) {
+      continue;
+    }
+    for (const net of iface) {
+      if (net.internal || net.family !== "IPv4") {
+        continue;
+      }
+      if (net.mac && net.mac !== "00:00:00:00:00:00") {
+        return net.mac.toUpperCase();
+      }
+    }
+  }
+  return "00:00:00:00:00:00";
+}
+// src/net/timing.ts
+import { createSocket } from "node:dgram";
+import { NTP } from "@basmilius/apple-encoding";
+class timing_default {
+  get port() {
+    return this.#port;
+  }
+  #socket;
+  #port = 0;
+  constructor() {
+    this.#socket = createSocket("udp4");
+    this.#socket.on("error", (err) => this.#onError(err));
+    this.#socket.on("message", (data, info) => this.#onMessage(data, info));
+  }
+  async close() {
+    this.#socket.close();
+    this.#port = 0;
+  }
+  async listen() {
+    return new Promise((resolve) => {
+      this.#socket.once("listening", () => this.#onListening());
+      this.#socket.bind(0, resolve);
+    });
+  }
+  async#onError(err) {
+    reporter.error("Timing server error", err);
+  }
+  async#onListening() {
+    const { port } = this.#socket.address();
+    this.#port = port;
+  }
+  async#onMessage(data, info) {
+    const request = NTP.decode(data);
+    const ntp = NTP.now();
+    const [receivedSeconds, receivedFraction] = NTP.parts(ntp);
+    reporter.info(`Timing server ntp=${ntp} receivedSeconds=${receivedSeconds} receivedFraction=${receivedFraction}`);
+    const response = NTP.encode({
+      proto: request.proto,
+      type: 83 | 128,
+      seqno: request.seqno,
+      padding: 0,
+      reftime_sec: request.sendtime_sec,
+      reftime_frac: request.sendtime_frac,
+      recvtime_sec: receivedSeconds,
+      recvtime_frac: receivedFraction,
+      sendtime_sec: receivedSeconds,
+      sendtime_frac: receivedFraction
+    });
+    this.#socket.send(response, info.port, info.address);
+  }
+}
+// src/connection.ts
+import { EventEmitter } from "node:events";
+import { Socket as Socket2 } from "node:net";
+
+// src/symbols.ts
+var ENCRYPTION = Symbol();
+
+// src/connection.ts
+class Connection extends EventEmitter {
+  get address() {
+    return this.#address;
+  }
+  get port() {
+    return this.#port;
+  }
+  get isConnected() {
+    return this.#state === "connected";
+  }
+  get state() {
+    return this.#state;
+  }
+  #address;
+  #port;
+  #bindings;
+  #debug = false;
+  #retryAttempt = 0;
+  #retryAttempts = 3;
+  #retryEnabled = true;
+  #retryInterval = 3000;
+  #retryTimeout;
+  #socket;
+  #state;
+  #connectPromise;
+  constructor(address, port) {
+    super();
+    this.#address = address;
+    this.#port = port;
+    this.#bindings = {
+      onClose: this.#onClose.bind(this),
+      onConnect: this.#onConnect.bind(this),
+      onData: this.#onData.bind(this),
+      onEnd: this.#onEnd.bind(this),
+      onError: this.#onError.bind(this),
+      onTimeout: this.#onTimeout.bind(this)
+    };
+    this.#state = "disconnected";
+  }
+  async connect() {
+    if (this.#state === "connected") {
+      return;
+    }
+    if (this.#state === "connecting") {
+      throw new Error("A connection is already being established.");
+    }
+    this.#retryEnabled = true;
+    this.#retryAttempt = 0;
+    return this.#attemptConnect();
+  }
+  async disconnect() {
+    if (this.#retryTimeout) {
+      clearTimeout(this.#retryTimeout);
+      this.#retryTimeout = undefined;
+    }
+    this.#retryEnabled = false;
+    if (!this.#socket || this.#state === "disconnected") {
+      return;
+    }
+    return new Promise((resolve) => {
+      this.#state = "closing";
+      this.#socket.once("close", () => {
+        this.#cleanup();
+        resolve();
+      });
+      this.#socket.end();
+    });
+  }
+  debug(enabled) {
+    this.#debug = enabled;
+    return this;
+  }
+  retry(attempts, interval = 3000) {
+    this.#retryAttempts = attempts;
+    this.#retryInterval = interval;
+    return this;
+  }
+  async write(data) {
+    if (!this.#socket || this.#state !== "connected") {
+      throw new Error("Cannot write to a disconnected connection.");
+    }
+    return new Promise((resolve, reject) => {
+      this.#socket.write(data, (err) => err ? reject(err) : resolve());
+    });
+  }
+  async#attemptConnect() {
+    return new Promise((resolve, reject) => {
+      this.#state = "connecting";
+      this.#connectPromise = { resolve, reject };
+      this.#socket = new Socket2;
+      this.#socket.setTimeout(SOCKET_TIMEOUT);
+      this.#socket.on("close", this.#bindings.onClose);
+      this.#socket.on("connect", this.#bindings.onConnect);
+      this.#socket.on("data", this.#bindings.onData);
+      this.#socket.on("end", this.#bindings.onEnd);
+      this.#socket.on("error", this.#bindings.onError);
+      this.#socket.on("timeout", this.#bindings.onTimeout);
+      reporter.net(`Connecting to ${this.#address}:${this.#port}...`);
+      this.#socket.connect({
+        host: this.#address,
+        port: this.#port,
+        keepAlive: true
+      });
+    });
+  }
+  #cleanup() {
+    if (this.#socket) {
+      this.#socket.removeAllListeners();
+      this.#socket.destroy();
+      this.#socket = undefined;
+    }
+    this.#state = "disconnected";
+    this.#connectPromise = undefined;
+  }
+  #scheduleRetry(err) {
+    if (!this.#retryEnabled || this.#retryAttempt >= this.#retryAttempts) {
+      this.#state = "failed";
+      this.#connectPromise?.reject(err);
+      this.#connectPromise = undefined;
+      return;
+    }
+    this.#retryAttempt++;
+    reporter.net(`Retry attempt ${this.#retryAttempt} / ${this.#retryAttempts} in ${this.#retryInterval}ms...`);
+    const { resolve, reject } = this.#connectPromise;
+    this.#cleanup();
+    this.#retryTimeout = setTimeout(async () => {
+      this.#retryTimeout = undefined;
+      try {
+        this.#connectPromise = { resolve, reject };
+        await this.#attemptConnect();
+        resolve();
+      } catch (retryErr) {}
+    }, this.#retryInterval);
+  }
+  #onClose(hadError) {
+    const wasConnected = this.#state === "connected";
+    if (this.#state !== "closing") {
+      this.#state = "disconnected";
+    }
+    this.emit("close", hadError);
+    if (wasConnected && this.#retryEnabled && hadError) {
+      this.#scheduleRetry(new Error("Connection closed unexpectedly."));
+    }
+  }
+  #onConnect() {
+    this.#state = "connected";
+    this.#retryAttempt = 0;
+    this.#socket.setKeepAlive(true, 1e4);
+    this.#socket.setTimeout(0);
+    this.emit("connect");
+    this.#connectPromise?.resolve();
+    this.#connectPromise = undefined;
+  }
+  #onData(data) {
+    if (this.#debug) {
+      const cutoff = Math.min(data.byteLength, 64);
+      reporter.debug(`Received ${data.byteLength} bytes of data.`);
+      reporter.debug(`hex=${data.subarray(0, cutoff).toString("hex")}`);
+      reporter.debug(`ascii=${data.toString("ascii").replace(/[^\x20-\x7E]/g, ".").substring(0, cutoff)}`);
+    }
+    this.emit("data", data);
+  }
+  #onEnd() {
+    this.emit("end");
+  }
+  #onError(err) {
+    reporter.error(`Connection error: ${err.message}`);
+    this.emit("error", err);
+    if (this.#state === "connecting") {
+      this.#scheduleRetry(err);
+    } else {
+      this.#state = "failed";
+    }
+  }
+  #onTimeout() {
+    reporter.error("Connection timed out.");
+    const err = new Error("Connection timed out.");
+    this.emit("timeout");
+    this.emit("error", err);
+    if (this.#state === "connecting") {
+      this.#scheduleRetry(err);
+    } else {
+      this.#state = "failed";
+      this.#socket?.destroy();
+    }
+  }
+}
+
+class EncryptionAwareConnection extends Connection {
+  get isEncrypted() {
+    return !!this[ENCRYPTION];
+  }
+  [ENCRYPTION];
+  async enableEncryption(readKey, writeKey) {
+    this[ENCRYPTION] = new EncryptionState(readKey, writeKey);
+  }
+}
+
+class EncryptionState {
+  readKey;
+  readCount;
+  writeKey;
+  writeCount;
+  constructor(readKey, writeKey) {
+    this.readCount = 0;
+    this.readKey = readKey;
+    this.writeCount = 0;
+    this.writeKey = writeKey;
+  }
+}
+// src/pairing.ts
+import { OPack, TLV8 } from "@basmilius/apple-encoding";
+import { SRP, SrpClient } from "fast-srp-hap";
+import { v4 as uuid } from "uuid";
+import tweetnacl2 from "tweetnacl";
+
+class AccessoryPair {
+  #name;
+  #pairingId;
+  #requestHandler;
+  #publicKey;
+  #secretKey;
+  #srp;
+  constructor(requestHandler) {
+    this.#name = "basmilius/apple-protocols";
+    this.#pairingId = Buffer.from(uuid().toUpperCase());
+    this.#requestHandler = requestHandler;
+  }
+  async start() {
+    const keyPair = tweetnacl2.sign.keyPair();
+    this.#publicKey = Buffer.from(keyPair.publicKey);
+    this.#secretKey = Buffer.from(keyPair.secretKey);
+  }
+  async pin(askPin) {
+    const m1 = await this.m1();
+    const m2 = await this.m2(m1, await askPin());
+    const m3 = await this.m3(m2);
+    const m4 = await this.m4(m3);
+    const m5 = await this.m5(m4);
+    const m6 = await this.m6(m4, m5);
+    if (!m6) {
+      throw new Error("Pairing failed, could not get accessory keys.");
+    }
+    return m6;
+  }
+  async transient() {
+    const m1 = await this.m1([[TLV8.Value.Flags, TLV8.Flags.TransientPairing]]);
+    const m2 = await this.m2(m1);
+    const m3 = await this.m3(m2);
+    const m4 = await this.m4(m3);
+    const accessoryToControllerKey = hkdf_default({
+      hash: "sha512",
+      key: m4.sharedSecret,
+      length: 32,
+      salt: Buffer.from("Control-Salt"),
+      info: Buffer.from("Control-Read-Encryption-Key")
+    });
+    const controllerToAccessoryKey = hkdf_default({
+      hash: "sha512",
+      key: m4.sharedSecret,
+      length: 32,
+      salt: Buffer.from("Control-Salt"),
+      info: Buffer.from("Control-Write-Encryption-Key")
+    });
+    return {
+      pairingId: this.#pairingId,
+      sharedSecret: m4.sharedSecret,
+      accessoryToControllerKey,
+      controllerToAccessoryKey
+    };
+  }
+  async m1(additionalTlv = []) {
+    const response = await this.#requestHandler("m1", TLV8.encode([
+      [TLV8.Value.Method, TLV8.Method.PairSetup],
+      [TLV8.Value.State, TLV8.State.M1],
+      ...additionalTlv
+    ]));
+    const data = tlv(response);
+    const publicKey = data.get(TLV8.Value.PublicKey);
+    const salt = data.get(TLV8.Value.Salt);
+    return { publicKey, salt };
+  }
+  async m2(m1, pin = AIRPLAY_TRANSIENT_PIN) {
+    const srpKey = await SRP.genKey(32);
+    this.#srp = new SrpClient(SRP.params.hap, m1.salt, Buffer.from("Pair-Setup"), Buffer.from(pin), srpKey, true);
+    this.#srp.setB(m1.publicKey);
+    const publicKey = this.#srp.computeA();
+    const proof = this.#srp.computeM1();
+    return { publicKey, proof };
+  }
+  async m3(m2) {
+    const response = await this.#requestHandler("m3", TLV8.encode([
+      [TLV8.Value.State, TLV8.State.M3],
+      [TLV8.Value.PublicKey, m2.publicKey],
+      [TLV8.Value.Proof, m2.proof]
+    ]));
+    const data = tlv(response);
+    const serverProof = data.get(TLV8.Value.Proof);
+    return { serverProof };
+  }
+  async m4(m3) {
+    this.#srp.checkM2(m3.serverProof);
+    const sharedSecret = this.#srp.computeK();
+    return { sharedSecret };
+  }
+  async m5(m4) {
+    const iosDeviceX = hkdf_default({
+      hash: "sha512",
+      key: m4.sharedSecret,
+      length: 32,
+      salt: Buffer.from("Pair-Setup-Controller-Sign-Salt", "utf8"),
+      info: Buffer.from("Pair-Setup-Controller-Sign-Info", "utf8")
+    });
+    const sessionKey = hkdf_default({
+      hash: "sha512",
+      key: m4.sharedSecret,
+      length: 32,
+      salt: Buffer.from("Pair-Setup-Encrypt-Salt", "utf8"),
+      info: Buffer.from("Pair-Setup-Encrypt-Info", "utf8")
+    });
+    const deviceInfo = Buffer.concat([
+      iosDeviceX,
+      this.#pairingId,
+      this.#publicKey
+    ]);
+    const signature = tweetnacl2.sign.detached(deviceInfo, this.#secretKey);
+    const innerTlv = TLV8.encode([
+      [TLV8.Value.Identifier, this.#pairingId],
+      [TLV8.Value.PublicKey, this.#publicKey],
+      [TLV8.Value.Signature, Buffer.from(signature)],
+      [TLV8.Value.Name, Buffer.from(OPack.encode({
+        name: this.#name
+      }))]
+    ]);
+    const { authTag, ciphertext } = exports_chacha20.encrypt(sessionKey, Buffer.from("PS-Msg05"), null, innerTlv);
+    const encrypted = Buffer.concat([ciphertext, authTag]);
+    const response = await this.#requestHandler("m5", TLV8.encode([
+      [TLV8.Value.State, TLV8.State.M5],
+      [TLV8.Value.EncryptedData, encrypted]
+    ]));
+    const data = tlv(response);
+    const encryptedDataRaw = data.get(TLV8.Value.EncryptedData);
+    const encryptedData = encryptedDataRaw.subarray(0, -16);
+    const encryptedTag = encryptedDataRaw.subarray(-16);
+    return {
+      authTag: encryptedTag,
+      data: encryptedData,
+      sessionKey
+    };
+  }
+  async m6(m4, m5) {
+    const data = exports_chacha20.decrypt(m5.sessionKey, Buffer.from("PS-Msg06"), null, m5.data, m5.authTag);
+    const tlv = TLV8.decode(data);
+    const accessoryIdentifier = tlv.get(TLV8.Value.Identifier);
+    const accessoryLongTermPublicKey = tlv.get(TLV8.Value.PublicKey);
+    const accessorySignature = tlv.get(TLV8.Value.Signature);
+    const accessoryX = hkdf_default({
+      hash: "sha512",
+      key: m4.sharedSecret,
+      length: 32,
+      salt: Buffer.from("Pair-Setup-Accessory-Sign-Salt"),
+      info: Buffer.from("Pair-Setup-Accessory-Sign-Info")
+    });
+    const accessoryInfo = Buffer.concat([
+      accessoryX,
+      accessoryIdentifier,
+      accessoryLongTermPublicKey
+    ]);
+    if (!tweetnacl2.sign.detached.verify(accessoryInfo, accessorySignature, accessoryLongTermPublicKey)) {
+      throw new Error("Invalid accessory signature.");
+    }
+    return {
+      accessoryIdentifier: accessoryIdentifier.toString(),
+      accessoryLongTermPublicKey,
+      pairingId: this.#pairingId,
+      publicKey: this.#publicKey,
+      secretKey: this.#secretKey
+    };
+  }
+}
+
+class AccessoryVerify {
+  #ephemeralKeyPair;
+  #requestHandler;
+  constructor(requestHandler) {
+    this.#ephemeralKeyPair = exports_curve25519.generateKeyPair();
+    this.#requestHandler = requestHandler;
+  }
+  async start(credentials) {
+    const m1 = await this.#m1();
+    const m2 = await this.#m2(credentials.accessoryIdentifier, credentials.accessoryLongTermPublicKey, m1);
+    await this.#m3(credentials.pairingId, credentials.secretKey, m2);
+    return await this.#m4(m2, credentials.pairingId);
+  }
+  async#m1() {
+    const response = await this.#requestHandler("m1", TLV8.encode([
+      [TLV8.Value.State, TLV8.State.M1],
+      [TLV8.Value.PublicKey, Buffer.from(this.#ephemeralKeyPair.publicKey)]
+    ]));
+    const data = tlv(response);
+    const serverPublicKey = data.get(TLV8.Value.PublicKey);
+    const encryptedData = data.get(TLV8.Value.EncryptedData);
+    return {
+      encryptedData,
+      serverPublicKey
+    };
+  }
+  async#m2(localAccessoryIdentifier, longTermPublicKey, m1) {
+    const sharedSecret = Buffer.from(exports_curve25519.generateSharedSecKey(this.#ephemeralKeyPair.secretKey, m1.serverPublicKey));
+    const sessionKey = hkdf_default({
+      hash: "sha512",
+      key: sharedSecret,
+      length: 32,
+      salt: Buffer.from("Pair-Verify-Encrypt-Salt"),
+      info: Buffer.from("Pair-Verify-Encrypt-Info")
+    });
+    const encryptedData = m1.encryptedData.subarray(0, -16);
+    const encryptedTag = m1.encryptedData.subarray(-16);
+    const data = exports_chacha20.decrypt(sessionKey, Buffer.from("PV-Msg02"), null, encryptedData, encryptedTag);
+    const tlv = TLV8.decode(data);
+    const accessoryIdentifier = tlv.get(TLV8.Value.Identifier);
+    const accessorySignature = tlv.get(TLV8.Value.Signature);
+    if (accessoryIdentifier.toString() !== localAccessoryIdentifier) {
+      throw new Error(`Invalid accessory identifier. Expected ${accessoryIdentifier.toString()} to be ${localAccessoryIdentifier}.`);
+    }
+    const accessoryInfo = Buffer.concat([
+      m1.serverPublicKey,
+      accessoryIdentifier,
+      this.#ephemeralKeyPair.publicKey
+    ]);
+    if (!tweetnacl2.sign.detached.verify(accessoryInfo, accessorySignature, longTermPublicKey)) {
+      throw new Error("Invalid accessory signature.");
+    }
+    return {
+      serverEphemeralPublicKey: m1.serverPublicKey,
+      sessionKey,
+      sharedSecret
+    };
+  }
+  async#m3(pairingId, secretKey, m2) {
+    const iosDeviceInfo = Buffer.concat([
+      this.#ephemeralKeyPair.publicKey,
+      pairingId,
+      m2.serverEphemeralPublicKey
+    ]);
+    const iosDeviceSignature = Buffer.from(tweetnacl2.sign.detached(iosDeviceInfo, secretKey));
+    const innerTlv = TLV8.encode([
+      [TLV8.Value.Identifier, pairingId],
+      [TLV8.Value.Signature, iosDeviceSignature]
+    ]);
+    const { authTag, ciphertext } = exports_chacha20.encrypt(m2.sessionKey, Buffer.from("PV-Msg03"), null, innerTlv);
+    const encrypted = Buffer.concat([ciphertext, authTag]);
+    await this.#requestHandler("m3", TLV8.encode([
+      [TLV8.Value.State, TLV8.State.M3],
+      [TLV8.Value.EncryptedData, encrypted]
+    ]));
+    return {};
+  }
+  async#m4(m2, pairingId) {
+    return {
+      accessoryToControllerKey: Buffer.alloc(0),
+      controllerToAccessoryKey: Buffer.alloc(0),
+      pairingId,
+      sharedSecret: m2.sharedSecret
+    };
+  }
+}
+function tlv(buffer) {
+  const data = TLV8.decode(buffer);
+  if (data.has(TLV8.Value.Error)) {
+    TLV8.bail(data);
+  }
+  reporter.raw("Decoded TLV", data);
+  return data;
+}
+// src/utils.ts
+function uint16ToBE(value) {
+  const buffer = Buffer.alloc(2);
+  buffer.writeUInt16BE(value, 0);
+  return buffer;
+}
+function uint53ToLE(value) {
+  const [upper, lower] = splitUInt53(value);
+  const buffer = Buffer.alloc(8);
+  buffer.writeUInt32LE(lower, 0);
+  buffer.writeUInt32LE(upper, 4);
+  return buffer;
+}
+function splitUInt53(number) {
+  const MAX_UINT32 = 4294967295;
+  const MAX_INT53 = 9007199254740991;
+  if (number <= -1 || number > MAX_INT53) {
+    throw new Error("Number out of range.");
+  }
+  if (Math.floor(number) !== number) {
+    throw new Error("Number is not an integer.");
+  }
+  let upper = 0;
+  const signbit = number & 4294967295;
+  const lower = signbit < 0 ? (number & 2147483647) + 2147483648 : signbit;
+  if (number > MAX_UINT32) {
+    upper = (number - lower) / (MAX_UINT32 + 1);
+  }
+  return [upper, lower];
+}
+export {
+  waitFor,
+  v4 as uuid,
+  uint53ToLE,
+  uint16ToBE,
+  reporter,
+  prompt,
+  hkdf_default as hkdf,
+  getMacAddress_default as getMacAddress,
+  getLocalIP_default as getLocalIP,
+  cli,
+  timing_default as TimingServer,
+  RAOP_SERVICE,
+  HTTP_TIMEOUT,
+  EncryptionState,
+  EncryptionAwareConnection,
+  ENCRYPTION,
+  Discovery,
+  exports_curve25519 as Curve25519,
+  Connection,
+  exports_chacha20 as Chacha20,
+  COMPANION_LINK_SERVICE,
+  AccessoryVerify,
+  AccessoryPair,
+  AIRPLAY_TRANSIENT_PIN,
+  AIRPLAY_SERVICE
+};

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@basmilius/apple-common",
     "description": "Common features shared across various apple protocol packages.",
-    "version": "0.0.80",
+    "version": "0.0.81",
     "type": "module",
     "license": "MIT",
     "author": {
@@ -38,7 +38,7 @@
         }
     },
     "dependencies": {
-        "@basmilius/apple-encoding": "0.0.80",
+        "@basmilius/apple-encoding": "0.0.81",
         "chacha": "^2.1.0",
         "fast-srp-hap": "^2.0.4",
         "node-dns-sd": "^1.0.1",