@bharper/atv-js 0.2.3

package/dist/pairing/srp.js

@@ -0,0 +1,221 @@
+"use strict";
+/**
+ * SRP authentication handler for HAP pair-setup and pair-verify.
+ * Port of pyatv/auth/hap_srp.py SRPAuthHandler.
+ *
+ * Uses fast-srp-hap for SRP 3072-bit with SHA-512,
+ * and Node.js crypto for Ed25519 and X25519.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SRPAuthHandler = void 0;
+const crypto = __importStar(require("crypto"));
+const fast_srp_hap_1 = require("fast-srp-hap");
+const chacha20_1 = require("../crypto/chacha20");
+const hkdf_1 = require("../crypto/hkdf");
+const tlv_1 = require("./tlv");
+const opack_1 = require("../opack");
+// Ed25519 DER prefixes for raw key import/export
+const ED25519_SPKI_PREFIX = Buffer.from('302a300506032b6570032100', 'hex');
+const ED25519_PKCS8_PREFIX = Buffer.from('302e020100300506032b657004220420', 'hex');
+const X25519_SPKI_PREFIX = Buffer.from('302a300506032b656e032100', 'hex');
+const X25519_PKCS8_PREFIX = Buffer.from('302e020100300506032b656e04220420', 'hex');
+class SRPAuthHandler {
+    pairingId;
+    signingKey = null;
+    authPrivate = null;
+    authPublic = null;
+    verifyPrivate = null;
+    verifyPublic = null;
+    srpClient = null;
+    shared = null;
+    sessionKey = null;
+    pin = '';
+    clientSecret = null;
+    constructor() {
+        this.pairingId = Buffer.from(crypto.randomUUID(), 'utf-8');
+    }
+    /**
+     * Initialize by generating new Ed25519 signing keys and X25519 verify keys.
+     * Returns [authPublic, verifyPublic].
+     */
+    initialize() {
+        // Generate raw 32-byte seeds first, like pyatv does
+        // pyatv: self._signing_key = Ed25519PrivateKey.from_private_bytes(os.urandom(32))
+        const authSeed = crypto.randomBytes(32);
+        const verifySeed = crypto.randomBytes(32);
+        // Create Ed25519 signing key from seed
+        // pyatv exports with Encoding.Raw, Format.Raw which gives the 32-byte seed
+        this.signingKey = crypto.createPrivateKey({
+            key: Buffer.concat([ED25519_PKCS8_PREFIX, authSeed]),
+            format: 'der',
+            type: 'pkcs8',
+        });
+        this.authPrivate = authSeed;
+        this.authPublic = crypto.createPublicKey(this.signingKey)
+            .export({ type: 'spki', format: 'der' }).subarray(-32);
+        // X25519 verify key
+        this.verifyPrivate = crypto.createPrivateKey({
+            key: Buffer.concat([X25519_PKCS8_PREFIX, verifySeed]),
+            format: 'der',
+            type: 'pkcs8',
+        });
+        this.verifyPublic = crypto.createPublicKey(this.verifyPrivate)
+            .export({ type: 'spki', format: 'der' }).subarray(-32);
+        // Use the raw seed as SRP client secret (matches pyatv behavior)
+        // pyatv uses binascii.hexlify(self._auth_private) as the SRP exponent 'a'
+        this.clientSecret = this.authPrivate;
+        return [this.authPublic, this.verifyPublic];
+    }
+    // ---- Pair-Verify ----
+    /**
+     * Pair-Verify step 1: X25519 shared secret + decrypt server identity + sign our identity.
+     */
+    verify1(credentials, sessionPubKey, encrypted) {
+        const serverKey = crypto.createPublicKey({
+            key: Buffer.concat([X25519_SPKI_PREFIX, sessionPubKey]),
+            format: 'der',
+            type: 'spki',
+        });
+        this.shared = crypto.diffieHellman({
+            privateKey: this.verifyPrivate,
+            publicKey: serverKey,
+        });
+        const verifyKey = (0, hkdf_1.hkdfExpand)('Pair-Verify-Encrypt-Salt', 'Pair-Verify-Encrypt-Info', this.shared);
+        const chacha = new chacha20_1.Chacha20Cipher8byteNonce(verifyKey, verifyKey);
+        const decryptedBytes = chacha.decrypt(encrypted, Buffer.from('PV-Msg02', 'utf-8'));
+        const decryptedTlv = (0, tlv_1.readTlv)(decryptedBytes);
+        const identifier = decryptedTlv.get(tlv_1.TlvValue.Identifier);
+        const signature = decryptedTlv.get(tlv_1.TlvValue.Signature);
+        if (!identifier.equals(credentials.atvId)) {
+            throw new Error('Incorrect device response: identifier mismatch');
+        }
+        // Verify server Ed25519 signature
+        const info = Buffer.concat([sessionPubKey, identifier, this.verifyPublic]);
+        const ltpk = crypto.createPublicKey({
+            key: Buffer.concat([ED25519_SPKI_PREFIX, credentials.ltpk]),
+            format: 'der',
+            type: 'spki',
+        });
+        if (!crypto.verify(null, info, ltpk, signature)) {
+            throw new Error('Signature verification failed');
+        }
+        // Sign our identity
+        const deviceInfo = Buffer.concat([this.verifyPublic, credentials.clientId, sessionPubKey]);
+        const ltsk = crypto.createPrivateKey({
+            key: Buffer.concat([ED25519_PKCS8_PREFIX, credentials.ltsk]),
+            format: 'der',
+            type: 'pkcs8',
+        });
+        const deviceSignature = crypto.sign(null, deviceInfo, ltsk);
+        const tlv = (0, tlv_1.writeTlv)(new Map([
+            [tlv_1.TlvValue.Identifier, credentials.clientId],
+            [tlv_1.TlvValue.Signature, deviceSignature],
+        ]));
+        return chacha.encrypt(tlv, Buffer.from('PV-Msg03', 'utf-8'));
+    }
+    /**
+     * Pair-Verify step 2: derive final encryption keys.
+     */
+    verify2(salt, outputInfo, inputInfo) {
+        if (!this.shared)
+            throw new Error('Must call verify1 first');
+        const outputKey = (0, hkdf_1.hkdfExpand)(salt, outputInfo, this.shared);
+        const inputKey = (0, hkdf_1.hkdfExpand)(salt, inputInfo, this.shared);
+        return [outputKey, inputKey];
+    }
+    // ---- Pair-Setup ----
+    /**
+     * Pair-Setup step 1: store PIN for later use with salt.
+     */
+    step1(pin) {
+        this.pin = pin;
+    }
+    /**
+     * Pair-Setup step 2: process server's public key and salt, compute SRP proof.
+     * Returns [clientPublicKey, clientProof].
+     */
+    step2(atvPubKey, atvSalt) {
+        // HAP uses 3072-bit SRP with SHA-512 - use the 'hap' preset
+        const params = fast_srp_hap_1.SRP.params.hap;
+        this.srpClient = new fast_srp_hap_1.SrpClient(params, atvSalt, Buffer.from('Pair-Setup', 'utf-8'), Buffer.from(this.pin, 'utf-8'), this.clientSecret);
+        this.srpClient.setB(atvPubKey);
+        const pubKey = this.srpClient.computeA();
+        const proof = this.srpClient.computeM1();
+        return [pubKey, proof];
+    }
+    /**
+     * Pair-Setup step 3: sign identity and encrypt with session key.
+     * Returns encrypted data to send as SeqNo 0x05.
+     */
+    step3(name) {
+        const srpKey = this.srpClient.computeK();
+        const iosDeviceX = (0, hkdf_1.hkdfExpand)('Pair-Setup-Controller-Sign-Salt', 'Pair-Setup-Controller-Sign-Info', srpKey);
+        this.sessionKey = (0, hkdf_1.hkdfExpand)('Pair-Setup-Encrypt-Salt', 'Pair-Setup-Encrypt-Info', srpKey);
+        const deviceInfo = Buffer.concat([iosDeviceX, this.pairingId, this.authPublic]);
+        const deviceSignature = crypto.sign(null, deviceInfo, this.signingKey);
+        const tlvData = new Map([
+            [tlv_1.TlvValue.Identifier, this.pairingId],
+            [tlv_1.TlvValue.PublicKey, this.authPublic],
+            [tlv_1.TlvValue.Signature, deviceSignature],
+        ]);
+        if (name) {
+            tlvData.set(tlv_1.TlvValue.Name, (0, opack_1.pack)({ name }));
+        }
+        const chacha = new chacha20_1.Chacha20Cipher8byteNonce(this.sessionKey, this.sessionKey);
+        return chacha.encrypt((0, tlv_1.writeTlv)(tlvData), Buffer.from('PS-Msg05', 'utf-8'));
+    }
+    /**
+     * Pair-Setup step 4: decrypt device response and extract credentials.
+     */
+    step4(encryptedData) {
+        const chacha = new chacha20_1.Chacha20Cipher8byteNonce(this.sessionKey, this.sessionKey);
+        const decrypted = chacha.decrypt(encryptedData, Buffer.from('PS-Msg06', 'utf-8'));
+        if (!decrypted || decrypted.length === 0) {
+            throw new Error('Failed to decrypt pairing response');
+        }
+        const tlv = (0, tlv_1.readTlv)(decrypted);
+        const atvIdentifier = tlv.get(tlv_1.TlvValue.Identifier);
+        const atvPubKey = tlv.get(tlv_1.TlvValue.PublicKey);
+        return {
+            ltpk: atvPubKey,
+            ltsk: this.authPrivate,
+            atvId: atvIdentifier,
+            clientId: this.pairingId,
+        };
+    }
+}
+exports.SRPAuthHandler = SRPAuthHandler;
+//# sourceMappingURL=srp.js.map

package/dist/pairing/srp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"srp.js","sourceRoot":"","sources":["../../src/pairing/srp.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,+CAAiC;AACjC,+CAA8C;AAC9C,iDAA8D;AAC9D,yCAA4C;AAE5C,+BAAoD;AACpD,oCAA6C;AAE7C,iDAAiD;AACjD,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAC3E,MAAM,oBAAoB,GAAG,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;AACpF,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAC1E,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;AAEnF,MAAa,cAAc;IACzB,SAAS,CAAS;IACV,UAAU,GAA4B,IAAI,CAAC;IAC3C,WAAW,GAAkB,IAAI,CAAC;IAClC,UAAU,GAAkB,IAAI,CAAC;IACjC,aAAa,GAA4B,IAAI,CAAC;IAC9C,YAAY,GAAkB,IAAI,CAAC;IACnC,SAAS,GAAqB,IAAI,CAAC;IACnC,MAAM,GAAkB,IAAI,CAAC;IAC7B,UAAU,GAAkB,IAAI,CAAC;IACjC,GAAG,GAAW,EAAE,CAAC;IACjB,YAAY,GAAkB,IAAI,CAAC;IAE3C;QACE,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED;;;OAGG;IACH,UAAU;QACR,oDAAoD;QACpD,kFAAkF;QAClF,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACxC,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAE1C,uCAAuC;QACvC,2EAA2E;QAC3E,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,gBAAgB,CAAC;YACxC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,QAAQ,CAAC,CAAC;YACpD,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QACH,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC;QAC5B,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC;aACtD,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;QAEzD,oBAAoB;QACpB,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,gBAAgB,CAAC;YAC3C,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,mBAAmB,EAAE,UAAU,CAAC,CAAC;YACrD,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC;aAC3D,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;QAEzD,iEAAiE;QACjE,0EAA0E;QAC1E,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC;QAErC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAC9C,CAAC;IAED,wBAAwB;IAExB;;OAEG;IACH,OAAO,CAAC,WAA2B,EAAE,aAAqB,EAAE,SAAiB;QAC3E,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC;YACvC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YACvD,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC;YACjC,UAAU,EAAE,IAAI,CAAC,aAAc;YAC/B,SAAS,EAAE,SAAS;SACrB,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAA,iBAAU,EAAC,0BAA0B,EAAE,0BAA0B,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAElG,MAAM,MAAM,GAAG,IAAI,mCAAwB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAClE,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;QACnF,MAAM,YAAY,GAAG,IAAA,aAAO,EAAC,cAAc,CAAC,CAAC;QAE7C,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,cAAQ,CAAC,UAAU,CAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,cAAQ,CAAC,SAAS,CAAE,CAAC;QAExD,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QAED,kCAAkC;QAClC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,UAAU,EAAE,IAAI,CAAC,YAAa,CAAC,CAAC,CAAC;QAC5E,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC;YAClC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,mBAAmB,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;YAC3D,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,oBAAoB;QACpB,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,YAAa,EAAE,WAAW,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC;QAC5F,MAAM,IAAI,GAAG,MAAM,CAAC,gBAAgB,CAAC;YACnC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;YAC5D,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;QAE5D,MAAM,GAAG,GAAG,IAAA,cAAQ,EAAC,IAAI,GAAG,CAAC;YAC3B,CAAC,cAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,QAAQ,CAAC;YAC3C,CAAC,cAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;SACtC,CAAC,CAAC,CAAC;QAEJ,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAY,EAAE,UAAkB,EAAE,SAAiB;QACzD,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,IAAA,iBAAU,EAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAA,iBAAU,EAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1D,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,uBAAuB;IAEvB;;OAEG;IACH,KAAK,CAAC,GAAW;QACf,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAiB,EAAE,OAAe;QACtC,4DAA4D;QAC5D,MAAM,MAAM,GAAG,kBAAG,CAAC,MAAM,CAAC,GAAG,CAAC;QAE9B,IAAI,CAAC,SAAS,GAAG,IAAI,wBAAS,CAC5B,MAAM,EACN,OAAO,EACP,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,EAClC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,EAC9B,IAAI,CAAC,YAAa,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE/B,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QAEzC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACzB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAa;QACjB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAU,CAAC,QAAQ,EAAE,CAAC;QAE1C,MAAM,UAAU,GAAG,IAAA,iBAAU,EAC3B,iCAAiC,EACjC,iCAAiC,EACjC,MAAM,CACP,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,IAAA,iBAAU,EAC1B,yBAAyB,EACzB,yBAAyB,EACzB,MAAM,CACP,CAAC;QAEF,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,UAAW,CAAC,CAAC,CAAC;QACjF,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,UAAW,CAAC,CAAC;QAExE,MAAM,OAAO,GAAG,IAAI,GAAG,CAAiB;YACtC,CAAC,cAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC;YACrC,CAAC,cAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,UAAW,CAAC;YACtC,CAAC,cAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;SACtC,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,GAAG,CAAC,cAAQ,CAAC,IAAI,EAAE,IAAA,YAAS,EAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,mCAAwB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAC9E,OAAO,MAAM,CAAC,OAAO,CAAC,IAAA,cAAQ,EAAC,OAAO,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAqB;QACzB,MAAM,MAAM,GAAG,IAAI,mCAAwB,CAAC,IAAI,CAAC,UAAW,EAAE,IAAI,CAAC,UAAW,CAAC,CAAC;QAChF,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;QAElF,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,GAAG,GAAG,IAAA,aAAO,EAAC,SAAS,CAAC,CAAC;QAC/B,MAAM,aAAa,GAAG,GAAG,CAAC,GAAG,CAAC,cAAQ,CAAC,UAAU,CAAE,CAAC;QACpD,MAAM,SAAS,GAAG,GAAG,CAAC,GAAG,CAAC,cAAQ,CAAC,SAAS,CAAE,CAAC;QAE/C,OAAO;YACL,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,IAAI,CAAC,WAAY;YACvB,KAAK,EAAE,aAAa;YACpB,QAAQ,EAAE,IAAI,CAAC,SAAS;SACzB,CAAC;IACJ,CAAC;CACF;AAnND,wCAmNC"}

package/dist/pairing/tlv.d.ts

@@ -0,0 +1,26 @@
+/**
+ * TLV8 encoding/decoding for HAP (HomeKit Accessory Protocol).
+ * Direct port of pyatv/auth/hap_tlv8.py.
+ */
+export declare enum TlvValue {
+    Method = 0,
+    Identifier = 1,
+    Salt = 2,
+    PublicKey = 3,
+    Proof = 4,
+    EncryptedData = 5,
+    SeqNo = 6,
+    Error = 7,
+    BackOff = 8,
+    Certificate = 9,
+    Signature = 10,
+    Permissions = 11,
+    FragmentData = 12,
+    FragmentLast = 13,
+    Name = 17,
+    Flags = 19
+}
+export type TlvData = Map<number, Buffer>;
+export declare function readTlv(data: Buffer): TlvData;
+export declare function writeTlv(data: Map<number, Buffer> | Record<number, Buffer>): Buffer;
+//# sourceMappingURL=tlv.d.ts.map

package/dist/pairing/tlv.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tlv.d.ts","sourceRoot":"","sources":["../../src/pairing/tlv.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,oBAAY,QAAQ;IAClB,MAAM,IAAO;IACb,UAAU,IAAO;IACjB,IAAI,IAAO;IACX,SAAS,IAAO;IAChB,KAAK,IAAO;IACZ,aAAa,IAAO;IACpB,KAAK,IAAO;IACZ,KAAK,IAAO;IACZ,OAAO,IAAO;IACd,WAAW,IAAO;IAClB,SAAS,KAAO;IAChB,WAAW,KAAO;IAClB,YAAY,KAAO;IACnB,YAAY,KAAO;IACnB,IAAI,KAAO;IACX,KAAK,KAAO;CACb;AAED,MAAM,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1C,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAe7C;AAED,wBAAgB,QAAQ,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAoBnF"}

package/dist/pairing/tlv.js

@@ -0,0 +1,68 @@
+"use strict";
+/**
+ * TLV8 encoding/decoding for HAP (HomeKit Accessory Protocol).
+ * Direct port of pyatv/auth/hap_tlv8.py.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TlvValue = void 0;
+exports.readTlv = readTlv;
+exports.writeTlv = writeTlv;
+var TlvValue;
+(function (TlvValue) {
+    TlvValue[TlvValue["Method"] = 0] = "Method";
+    TlvValue[TlvValue["Identifier"] = 1] = "Identifier";
+    TlvValue[TlvValue["Salt"] = 2] = "Salt";
+    TlvValue[TlvValue["PublicKey"] = 3] = "PublicKey";
+    TlvValue[TlvValue["Proof"] = 4] = "Proof";
+    TlvValue[TlvValue["EncryptedData"] = 5] = "EncryptedData";
+    TlvValue[TlvValue["SeqNo"] = 6] = "SeqNo";
+    TlvValue[TlvValue["Error"] = 7] = "Error";
+    TlvValue[TlvValue["BackOff"] = 8] = "BackOff";
+    TlvValue[TlvValue["Certificate"] = 9] = "Certificate";
+    TlvValue[TlvValue["Signature"] = 10] = "Signature";
+    TlvValue[TlvValue["Permissions"] = 11] = "Permissions";
+    TlvValue[TlvValue["FragmentData"] = 12] = "FragmentData";
+    TlvValue[TlvValue["FragmentLast"] = 13] = "FragmentLast";
+    TlvValue[TlvValue["Name"] = 17] = "Name";
+    TlvValue[TlvValue["Flags"] = 19] = "Flags";
+})(TlvValue || (exports.TlvValue = TlvValue = {}));
+function readTlv(data) {
+    const result = new Map();
+    let pos = 0;
+    while (pos < data.length) {
+        const tag = data[pos];
+        const length = data[pos + 1];
+        const value = data.subarray(pos + 2, pos + 2 + length);
+        if (result.has(tag)) {
+            result.set(tag, Buffer.concat([result.get(tag), value]));
+        }
+        else {
+            result.set(tag, Buffer.from(value));
+        }
+        pos += 2 + length;
+    }
+    return result;
+}
+function writeTlv(data) {
+    const entries = data instanceof Map ? Array.from(data.entries()) : Object.entries(data).map(([k, v]) => [Number(k), v]);
+    const parts = [];
+    for (const [key, value] of entries) {
+        const tag = Buffer.from([key]);
+        let pos = 0;
+        let remaining = value.length;
+        while (pos < value.length || remaining === 0) {
+            const size = Math.min(remaining, 255);
+            parts.push(tag);
+            parts.push(Buffer.from([size]));
+            if (size > 0) {
+                parts.push(value.subarray(pos, pos + size));
+            }
+            pos += size;
+            remaining -= size;
+            if (remaining === 0 && pos >= value.length)
+                break;
+        }
+    }
+    return Buffer.concat(parts);
+}
+//# sourceMappingURL=tlv.js.map

package/dist/pairing/tlv.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tlv.js","sourceRoot":"","sources":["../../src/pairing/tlv.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAuBH,0BAeC;AAED,4BAoBC;AA1DD,IAAY,QAiBX;AAjBD,WAAY,QAAQ;IAClB,2CAAa,CAAA;IACb,mDAAiB,CAAA;IACjB,uCAAW,CAAA;IACX,iDAAgB,CAAA;IAChB,yCAAY,CAAA;IACZ,yDAAoB,CAAA;IACpB,yCAAY,CAAA;IACZ,yCAAY,CAAA;IACZ,6CAAc,CAAA;IACd,qDAAkB,CAAA;IAClB,kDAAgB,CAAA;IAChB,sDAAkB,CAAA;IAClB,wDAAmB,CAAA;IACnB,wDAAmB,CAAA;IACnB,wCAAW,CAAA;IACX,0CAAY,CAAA;AACd,CAAC,EAjBW,QAAQ,wBAAR,QAAQ,QAiBnB;AAID,SAAgB,OAAO,CAAC,IAAY;IAClC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACzC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;QACvD,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAE,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACtC,CAAC;QACD,GAAG,IAAI,CAAC,GAAG,MAAM,CAAC;IACpB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,QAAQ,CAAC,IAAkD;IACzE,MAAM,OAAO,GAAG,IAAI,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAqB,CAAC,CAAC;IAC5I,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/B,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,IAAI,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC;QAC7B,OAAO,GAAG,GAAG,KAAK,CAAC,MAAM,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAChB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC;YAC9C,CAAC;YACD,GAAG,IAAI,IAAI,CAAC;YACZ,SAAS,IAAI,IAAI,CAAC;YAClB,IAAI,SAAS,KAAK,CAAC,IAAI,GAAG,IAAI,KAAK,CAAC,MAAM;gBAAE,MAAM;QACpD,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC"}

package/examples/pair.ts

@@ -0,0 +1,103 @@
+#!/usr/bin/env npx ts-node
+/**
+ * Scan for Apple TVs, select one, pair AirPlay + Companion, save credentials.
+ *
+ * Usage: npx ts-node examples/pair.ts
+ */
+
+import * as fs from 'fs';
+import * as path from 'path';
+import * as readline from 'readline';
+import {
+  scan,
+  startAirPlayPairing,
+  finishAirPlayPairing,
+  startCompanionPairing,
+  finishCompanionPairing,
+  serializeCredentials,
+  AppleTVDevice,
+} from '../src/index';
+
+const CREDS_PATH = path.join(__dirname, 'device.json');
+
+function ask(rl: readline.Interface, question: string): Promise<string> {
+  return new Promise((resolve) => rl.question(question, resolve));
+}
+
+async function main() {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+
+  try {
+    // --- Scan ---
+    console.log('Scanning for Apple TVs (5 seconds)...');
+    const devices = await scan(5000);
+
+    if (devices.length === 0) {
+      console.log('No devices found.');
+      process.exit(1);
+    }
+
+    console.log('\nFound devices:');
+    devices.forEach((d, i) => {
+      console.log(`  [${i}] ${d.name} (${d.address}) — model: ${d.model || 'unknown'}`);
+    });
+
+    // --- Select ---
+    let device: AppleTVDevice;
+    if (devices.length === 1) {
+      device = devices[0];
+      console.log(`\nAuto-selecting: ${device.name}`);
+    } else {
+      const idx = await ask(rl, `\nSelect device [0-${devices.length - 1}]: `);
+      device = devices[parseInt(idx, 10)];
+      if (!device) {
+        console.log('Invalid selection.');
+        process.exit(1);
+      }
+    }
+
+    // --- AirPlay pairing (phase 1) ---
+    console.log(`\nStarting AirPlay pairing with ${device.name}...`);
+    console.log('A PIN should appear on your Apple TV screen.');
+    const airplaySession = await startAirPlayPairing(device);
+
+    const pin1 = await ask(rl, 'Enter the PIN shown on screen: ');
+    console.log('Completing AirPlay pairing...');
+    const airplayCreds = await finishAirPlayPairing(airplaySession, pin1.trim(), 'atv-js');
+    console.log('AirPlay pairing successful!');
+
+    // --- Companion pairing (phase 2) ---
+    console.log(`\nStarting Companion pairing with ${device.name}...`);
+    console.log('A new PIN should appear on your Apple TV screen.');
+    const companionSession = await startCompanionPairing(device);
+
+    const pin2 = await ask(rl, 'Enter the PIN shown on screen: ');
+    console.log('Completing Companion pairing...');
+    const companionCreds = await finishCompanionPairing(companionSession, pin2.trim(), 'atv-js');
+    console.log('Companion pairing successful!');
+
+    // --- Save credentials ---
+    const savedData = {
+      name: device.name,
+      address: device.address,
+      port: device.port,
+      airplayPort: device.airplayPort,
+      identifier: device.identifier,
+      model: device.model,
+      credentials: {
+        airplay: serializeCredentials(airplayCreds),
+        companion: serializeCredentials(companionCreds),
+      },
+    };
+
+    fs.writeFileSync(CREDS_PATH, JSON.stringify(savedData, null, 2));
+    console.log(`\nCredentials saved to ${CREDS_PATH}`);
+  } catch (err: any) {
+    console.error('Error:', err.message || err);
+    process.exit(1);
+  } finally {
+    rl.close();
+  }
+}
+
+main();

package/examples/remote.ts

@@ -0,0 +1,212 @@
+#!/usr/bin/env npx ts-node
+/**
+ * Connect to a paired Apple TV, interactive remote control with keyboard input support.
+ *
+ * Usage: npx ts-node examples/remote.ts
+ *
+ * Reads credentials from examples/device.json (created by pair.ts).
+ * Uses raw terminal mode to capture individual keypresses.
+ */
+
+import * as fs from 'fs';
+import * as path from 'path';
+import * as readline from 'readline';
+import {
+  connect,
+  sendKey,
+  getText,
+  setText,
+  getKeyboardFocusState,
+  onConnectionLost,
+  disconnect,
+  isConnected,
+  RemoteKey,
+  AppleTVConnection,
+} from '../src/index';
+import { watchKeyboardFocus, KeyboardFocusState } from '../src/companion/keyboard';
+
+const CREDS_PATH = path.join(__dirname, 'device.json');
+
+// Keyboard mapping: terminal key → RemoteKey
+const KEYMAP: Record<string, string> = {
+  '\x1b[D': RemoteKey.Left,       // ArrowLeft
+  '\x1b[C': RemoteKey.Right,      // ArrowRight
+  '\x1b[A': RemoteKey.Up,         // ArrowUp
+  '\x1b[B': RemoteKey.Down,       // ArrowDown
+  '\r':     RemoteKey.Select,     // Enter
+  ' ':      RemoteKey.PlayPause,  // Space
+  '\x7f':   RemoteKey.Menu,       // Backspace
+  '\x1b':   RemoteKey.Menu,       // Escape (raw)
+  'n':      RemoteKey.Next,
+  'p':      RemoteKey.Previous,
+  ']':      RemoteKey.Next,
+  '[':      RemoteKey.Previous,
+  't':      RemoteKey.Home,
+  'l':      RemoteKey.HomeHold,
+  '-':      RemoteKey.VolumeDown,
+  '=':      RemoteKey.VolumeUp
+};
+
+// Module-level cleanup function for keyboard watcher
+let stopKeyboardWatcher: (() => void) | null = null;
+
+function ask(rl: readline.Interface, question: string): Promise<string> {
+  return new Promise((resolve) => rl.question(question, resolve));
+}
+
+async function main() {
+  // --- Load credentials ---
+  if (!fs.existsSync(CREDS_PATH)) {
+    console.error(`No credentials found at ${CREDS_PATH}`);
+    console.error('Run pair.ts first to pair with an Apple TV.');
+    process.exit(1);
+  }
+
+  const saved = JSON.parse(fs.readFileSync(CREDS_PATH, 'utf-8'));
+  const device = {
+    name: saved.name,
+    address: saved.address,
+    port: saved.port,
+    airplayPort: saved.airplayPort,
+    identifier: saved.identifier,
+    model: saved.model,
+    properties: {},
+  };
+
+  console.log(`Connecting to ${device.name} (${device.address})...`);
+
+  let conn: AppleTVConnection;
+  try {
+    conn = await connect(device, saved.credentials);
+  } catch (err: any) {
+    console.error('Connection failed:', err.message || err);
+    process.exit(1);
+  }
+
+  console.log('Connected!\n');
+
+  onConnectionLost(conn, (err) => {
+    console.log(`\nConnection lost${err ? ': ' + err.message : ''}`);
+    process.exit(1);
+  });
+
+  // --- Watch keyboard focus (polls every 1 second) ---
+  let keyboardFocused = false;
+
+  stopKeyboardWatcher = watchKeyboardFocus(conn.protocol, (state) => {
+    const wasFocused = keyboardFocused;
+    keyboardFocused = state === KeyboardFocusState.Focused;
+
+    if (keyboardFocused && !wasFocused) {
+      console.log('\n[Keyboard focused — entering text input mode]');
+      console.log('Type text and press Enter to send, or press Escape to go back.\n');
+      enterTextMode(conn);
+    } else if (!keyboardFocused && wasFocused) {
+      console.log('\n[Keyboard unfocused — back to remote mode]');
+      enterRemoteMode(conn);
+    }
+  });
+
+  // --- Start in remote mode ---
+  printRemoteHelp();
+  enterRemoteMode(conn);
+}
+
+function printRemoteHelp() {
+  console.log('--- Apple TV Remote ---');
+  console.log('Arrow keys : Navigate');
+  console.log('Enter      : Select');
+  console.log('Space      : Play/Pause');
+  console.log('Backspace  : Menu/Back');
+  console.log('t          : Home (TV button)');
+  console.log('l          : Long-press Home');
+  console.log('n / ]      : Next track');
+  console.log('p / [      : Previous track');
+  console.log('- / =      : Volume down/up');
+  console.log('Ctrl+C     : Quit');
+  console.log('');
+}
+
+function enterRemoteMode(conn: AppleTVConnection) {
+  if (!process.stdin.isTTY) {
+    console.error('stdin is not a TTY — raw mode not available');
+    return;
+  }
+
+  process.stdin.setRawMode(true);
+  process.stdin.resume();
+  process.stdin.removeAllListeners('data');
+  process.stdin.removeAllListeners('line');
+
+  process.stdin.on('data', async (data: Buffer) => {
+    const key = data.toString();
+
+    // Ctrl+C
+    if (key === '\x03') {
+      console.log('\nDisconnecting...');
+      if (stopKeyboardWatcher) stopKeyboardWatcher();
+      disconnect(conn);
+      process.exit(0);
+    }
+
+    const mapped = KEYMAP[key];
+    if (mapped) {
+      try {
+        await sendKey(conn, mapped);
+      } catch (err: any) {
+        console.error(`Key error: ${err.message}`);
+      }
+    }
+  });
+}
+
+function enterTextMode(conn: AppleTVConnection) {
+  if (!process.stdin.isTTY) return;
+
+  // Switch out of raw mode so readline works normally
+  process.stdin.setRawMode(false);
+  process.stdin.removeAllListeners('data');
+
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+
+  const promptForText = async () => {
+    // Show current text
+    try {
+      const current = await getText(conn);
+      if (current !== null) {
+        console.log(`Current text: "${current}"`);
+      }
+    } catch {}
+
+    rl.question('> ', async (input) => {
+      if (input === '\x1b' || input === '\\escape') {
+        // User wants to exit text mode — send Menu to dismiss keyboard
+        try {
+          await sendKey(conn, RemoteKey.Menu);
+        } catch {}
+        rl.close();
+        return;
+      }
+
+      // Set the text on the Apple TV
+      try {
+        await setText(conn, input);
+        console.log(`Text set to: "${input}"`);
+      } catch (err: any) {
+        console.error(`setText error: ${err.message}`);
+      }
+
+      // Prompt again
+      promptForText();
+    });
+  };
+
+  rl.on('close', () => {
+    // Re-enter remote mode when readline closes
+    enterRemoteMode(conn);
+  });
+
+  promptForText();
+}
+
+main();