def write_http(request, expected): body = TLV.encode_list(request) logging.debug("write message: %s", TLV.to_string(TLV.decode_bytes(body))) connection.putrequest("POST", "/pair-setup", skip_accept_encoding=True) connection.putheader("Content-Type", "application/pairing+tlv8") connection.putheader("Content-Length", len(body)) connection.endheaders(body) resp = connection.getresponse() response_tlv = TLV.decode_bytes(resp.read(), expected) logging.debug("response: %s", TLV.to_string(response_tlv)) return response_tlv
def test_filter(self): example = bytes(bytearray.fromhex("060103" + "010203")) expected = [ [6, bytearray(b"\x03")], ] data = TLV.decode_bytes(example, expected=[6]) self.assertListEqual(data, expected)
async def post_tlv(self, target, body, expected=None): try: response = await self.post( target, TLV.encode_list(body), content_type=HttpContentTypes.TLV, ) except HttpErrorResponse as e: self.transport.close() response = e.response body = TLV.decode_bytes(response.body, expected=expected) return body
def test_long_values_decode_bytes_to_list(self): example = bytes( bytearray.fromhex("060103" + ("09FF" + 255 * "61" + "092D" + 45 * "61") + "010568656c6c6f")) expected = [ [6, bytearray(b"\x03")], [9, bytearray(300 * b"a")], [1, bytearray(b"hello")], ] data = TLV.decode_bytes(example) self.assertListEqual(data, expected)
def validate_mfi(session_key, response_tlv): # If pairing method is PairSetupWithAuth there should be an EncryptedData TLV in M4 # It should have a signature and a certificate from an Apple secure co-processor. decrypted = ChaCha20Poly1305Decryptor(session_key).decrypt( bytes(), b"PS-Msg04", bytes([0, 0, 0, 0]), response_tlv[TLV.kTLVType_EncryptedData], ) if not decrypted: logger.debug( "Device returned kTLVType_EncryptedData during M4 but could not decrypt" ) return sub_tlv = TLV.decode_bytes(decrypted) if TLV.kTLVType_Signature not in sub_tlv: logger.debug( "QUIRK: M4: Device returned kTLVType_EncryptedData, but did not contain kTLVType_Signature" ) return if TLV.kTLVType_Certificate not in sub_tlv: logger.debug( "QUIRK: M4: Device returned kTLVType_Signature but not kTLVType_Certificate" ) return # Certificate appears to be X509 in DER format but with some sort of PKCS7 pre-amble. # cryptography doesn't seem to support that yet. logger.debug( "Found seemingly valid MFI kTLVType_Signature; we don't validate this yet" )
def get_session_keys( pairing_data: Dict[str, Union[str, int, List[Any]]] ) -> Generator[Union[Tuple[List[Union[Tuple[int, bytearray], Tuple[ int, bytes]]], List[int]], Tuple[List[Tuple[ int, bytearray]], List[int]], ], None, Tuple[bytes, bytes], ]: """ HomeKit Controller state machine to perform a pair verify operation as described in chapter 4.8 page 47 ff. :param pairing_data: the paring data as returned by perform_pair_setup :return: tuple of the session keys (controller_to_accessory_key and accessory_to_controller_key) :raises InvalidAuthTagError: if the auth tag could not be verified, :raises IncorrectPairingIdError: if the accessory's LTPK could not be found :raises InvalidSignatureError: if the accessory's signature could not be verified :raises AuthenticationError: if the secured session could not be established """ # # Step #1 ios --> accessory (send verify start Request) (page 47) # ios_key = x25519.X25519PrivateKey.generate() ios_key_pub = ios_key.public_key().public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw) request_tlv = [(TLV.kTLVType_State, TLV.M1), (TLV.kTLVType_PublicKey, ios_key_pub)] step2_expectations = [ TLV.kTLVType_State, TLV.kTLVType_PublicKey, TLV.kTLVType_EncryptedData, ] response_tlv = yield (request_tlv, step2_expectations) # # Step #3 ios --> accessory (send SRP verify request) (page 49) # response_tlv = TLV.reorder(response_tlv, step2_expectations) assert (response_tlv[0][0] == TLV.kTLVType_State and response_tlv[0][1] == TLV.M2), "get_session_keys: not M2" assert (response_tlv[1][0] == TLV.kTLVType_PublicKey ), "get_session_keys: no public key" assert (response_tlv[2][0] == TLV.kTLVType_EncryptedData ), "get_session_keys: no encrypted data" # 1) generate shared secret accessorys_session_pub_key_bytes = bytes(response_tlv[1][1]) accessorys_session_pub_key = x25519.X25519PublicKey.from_public_bytes( accessorys_session_pub_key_bytes) shared_secret = ios_key.exchange(accessorys_session_pub_key) # 2) derive session key session_key = hkdf_derive(shared_secret, "Pair-Verify-Encrypt-Salt", "Pair-Verify-Encrypt-Info") # 3) verify auth tag on encrypted data and 4) decrypt encrypted = response_tlv[2][1] decrypted = chacha20_aead_decrypt(bytes(), session_key, "PV-Msg02".encode(), bytes([0, 0, 0, 0]), encrypted) if type(decrypted) == bool and not decrypted: raise InvalidAuthTagError("step 3") d1 = TLV.decode_bytes(decrypted) d1 = TLV.reorder(d1, [TLV.kTLVType_Identifier, TLV.kTLVType_Signature]) assert d1[0][ 0] == TLV.kTLVType_Identifier, "get_session_keys: no identifier" assert d1[1][0] == TLV.kTLVType_Signature, "get_session_keys: no signature" # 5) look up pairing by accessory name accessory_name = d1[0][1].decode() if pairing_data["AccessoryPairingID"] != accessory_name: raise IncorrectPairingIdError("step 3") accessory_ltpk = ed25519.Ed25519PublicKey.from_public_bytes( bytes.fromhex(pairing_data["AccessoryLTPK"])) # 6) verify accessory's signature accessory_sig = d1[1][1] accessory_session_pub_key_bytes = response_tlv[1][1] accessory_info = (accessory_session_pub_key_bytes + accessory_name.encode() + ios_key_pub) try: accessory_ltpk.verify(bytes(accessory_sig), bytes(accessory_info)) except cryptography_exceptions.InvalidSignature: raise InvalidSignatureError("step 3") # 7) create iOSDeviceInfo ios_device_info = (ios_key_pub + pairing_data["iOSPairingId"].encode() + accessorys_session_pub_key_bytes) # 8) sign iOSDeviceInfo with long term secret key ios_device_ltsk_h = pairing_data["iOSDeviceLTSK"] # ios_device_ltpk_h = pairing_data["iOSDeviceLTPK"] ios_device_ltsk = ed25519.Ed25519PrivateKey.from_private_bytes( bytes.fromhex(ios_device_ltsk_h)) # ios_device_ltsk = ed25519.SigningKey( # bytes.fromhex(ios_device_ltsk_h) + bytes.fromhex(ios_device_ltpk_h) # ) ios_device_signature = ios_device_ltsk.sign(ios_device_info) # 9) construct sub tlv sub_tlv = TLV.encode_list([ (TLV.kTLVType_Identifier, pairing_data["iOSPairingId"].encode()), (TLV.kTLVType_Signature, ios_device_signature), ]) # 10) encrypt and sign encrypted_data_with_auth_tag = chacha20_aead_encrypt( bytes(), session_key, "PV-Msg03".encode(), bytes([0, 0, 0, 0]), sub_tlv) # 11) create tlv request_tlv = [ (TLV.kTLVType_State, TLV.M3), (TLV.kTLVType_EncryptedData, encrypted_data_with_auth_tag), ] step3_expectations = [TLV.kTLVType_State, TLV.kTLVType_Error] response_tlv = yield (request_tlv, step3_expectations) # # Post Step #4 verification (page 51) # response_tlv = TLV.reorder(response_tlv, step3_expectations) assert (response_tlv[0][0] == TLV.kTLVType_State and response_tlv[0][1] == TLV.M4), "get_session_keys: not M4" if len(response_tlv) == 2 and response_tlv[1][0] == TLV.kTLVType_Error: error_handler(response_tlv[1][1], "verification") # calculate session keys controller_to_accessory_key = hkdf_derive(shared_secret, "Control-Salt", "Control-Write-Encryption-Key") accessory_to_controller_key = hkdf_derive(shared_secret, "Control-Salt", "Control-Read-Encryption-Key") return controller_to_accessory_key, accessory_to_controller_key
def get_session_keys( pairing_data: dict[str, str | int | list[Any]] ) -> Generator[ ( tuple[list[tuple[int, bytearray] | tuple[int, bytes]], list[int]] | tuple[list[tuple[int, bytearray]], list[int]] ), None, Callable[[str, str], bytes], ]: """ HomeKit Controller state machine to perform a pair verify operation as described in chapter 4.8 page 47 ff. :param pairing_data: the paring data as returned by perform_pair_setup :return: tuple of the session keys (controller_to_accessory_key and accessory_to_controller_key) :raises InvalidAuthTagError: if the auth tag could not be verified, :raises IncorrectPairingIdError: if the accessory's LTPK could not be found :raises InvalidSignatureError: if the accessory's signature could not be verified :raises AuthenticationError: if the secured session could not be established """ # # Step #1 ios --> accessory (send verify start Request) (page 47) # ios_key = x25519.X25519PrivateKey.generate() ios_key_pub = ios_key.public_key().public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw ) request_tlv = [(TLV.kTLVType_State, TLV.M1), (TLV.kTLVType_PublicKey, ios_key_pub)] step2_expectations = [ TLV.kTLVType_State, TLV.kTLVType_PublicKey, TLV.kTLVType_EncryptedData, ] response_tlv = yield (request_tlv, step2_expectations) # # Step #3 ios --> accessory (send SRP verify request) (page 49) # response_tlv = dict(response_tlv) handle_state_step(response_tlv, TLV.M2) if TLV.kTLVType_PublicKey not in response_tlv: raise InvalidError("M2: Missing public key") if TLV.kTLVType_EncryptedData not in response_tlv: raise InvalidError("M2: Missing encrypted data") # 1) generate shared secret accessorys_session_pub_key_bytes = bytes(response_tlv[TLV.kTLVType_PublicKey]) accessorys_session_pub_key = x25519.X25519PublicKey.from_public_bytes( accessorys_session_pub_key_bytes ) shared_secret = ios_key.exchange(accessorys_session_pub_key) # 2) derive session key session_key = hkdf_derive( shared_secret, "Pair-Verify-Encrypt-Salt", "Pair-Verify-Encrypt-Info" ) # 3) verify auth tag on encrypted data and 4) decrypt encrypted = response_tlv[TLV.kTLVType_EncryptedData] decrypted = ChaCha20Poly1305Decryptor(session_key).decrypt( bytes(), b"PV-Msg02", bytes([0, 0, 0, 0]), encrypted ) if type(decrypted) == bool and not decrypted: raise InvalidAuthTagError("step 3") d1 = dict(TLV.decode_bytes(decrypted)) if TLV.kTLVType_Identifier not in d1: raise InvalidError("M2: Encrypted data did not contain identifier") if TLV.kTLVType_Signature not in d1: raise InvalidError("M2: Encrypted data did not contain signature") # 5) look up pairing by accessory name accessory_name = d1[TLV.kTLVType_Identifier].decode() if pairing_data["AccessoryPairingID"] != accessory_name: raise IncorrectPairingIdError("step 3") accessory_ltpk = ed25519.Ed25519PublicKey.from_public_bytes( bytes.fromhex(pairing_data["AccessoryLTPK"]) ) # 6) verify accessory's signature accessory_sig = d1[TLV.kTLVType_Signature] accessory_session_pub_key_bytes = response_tlv[TLV.kTLVType_PublicKey] accessory_info = ( accessory_session_pub_key_bytes + accessory_name.encode() + ios_key_pub ) try: accessory_ltpk.verify(bytes(accessory_sig), bytes(accessory_info)) except cryptography_exceptions.InvalidSignature: raise InvalidSignatureError("step 3") # 7) create iOSDeviceInfo ios_device_info = ( ios_key_pub + pairing_data["iOSPairingId"].encode() + accessorys_session_pub_key_bytes ) # 8) sign iOSDeviceInfo with long term secret key ios_device_ltsk_h = pairing_data["iOSDeviceLTSK"] # ios_device_ltpk_h = pairing_data["iOSDeviceLTPK"] ios_device_ltsk = ed25519.Ed25519PrivateKey.from_private_bytes( bytes.fromhex(ios_device_ltsk_h) ) # ios_device_ltsk = ed25519.SigningKey( # bytes.fromhex(ios_device_ltsk_h) + bytes.fromhex(ios_device_ltpk_h) # ) ios_device_signature = ios_device_ltsk.sign(ios_device_info) # 9) construct sub tlv sub_tlv = TLV.encode_list( [ (TLV.kTLVType_Identifier, pairing_data["iOSPairingId"].encode()), (TLV.kTLVType_Signature, ios_device_signature), ] ) # 10) encrypt and sign encrypted_data_with_auth_tag = ChaCha20Poly1305Encryptor(session_key).encrypt( bytes(), b"PV-Msg03", bytes([0, 0, 0, 0]), sub_tlv ) # 11) create tlv request_tlv = [ (TLV.kTLVType_State, TLV.M3), (TLV.kTLVType_EncryptedData, encrypted_data_with_auth_tag), ] step3_expectations = [TLV.kTLVType_State, TLV.kTLVType_Error] response_tlv = yield (request_tlv, step3_expectations) # # Post Step #4 verification (page 51) # response_tlv = dict(response_tlv) handle_state_step(response_tlv, TLV.M4) # return function to calculate session keys def derive(salt, info): return hkdf_derive(shared_secret, salt, info) return derive
def check_convert_value(val: str, char: Characteristic) -> Any: """ Checks if the given value is of the given type or is convertible into the type. If the value is not convertible, a HomeKitTypeException is thrown. :param val: the original value :param char: the characteristic :return: the converted value :raises FormatError: if the input value could not be converted to the target type """ if char.format == CharacteristicFormats.bool: try: val = strtobool(str(val)) except ValueError: raise FormatError('"{v}" is no valid "{t}"!'.format(v=val, t=char.format)) # We have seen iPhone's sending 1 and 0 for True and False # This is in spec # It is also *required* for Ecobee Switch+ devices (as at Mar 2020) return 1 if val else 0 if char.format in NUMBER_TYPES: try: val = Decimal(val) except ValueError: raise FormatError('"{v}" is no valid "{t}"!'.format(v=val, t=char.format)) if char.minValue is not None: val = max(Decimal(char.minValue), val) if char.maxValue is not None: val = min(Decimal(char.maxValue), val) # Honeywell T6 Pro cannot handle arbritary precision, the values we send # *must* respect minStep # See https://github.com/home-assistant/core/issues/37083 if char.minStep is not None: with localcontext() as ctx: ctx.prec = 6 # Python3 uses bankers rounding by default, so 28.5 rounds to 28, not 29. # This is surprising for most people ctx.rounding = ROUND_HALF_UP val = Decimal(val) offset = Decimal( char.minValue if char.minValue is not None else 0) min_step = Decimal(char.minStep) # We use to_integral_value() here rather than round as it respsects # ctx.rounding val = offset + (( (val - offset) / min_step).to_integral_value() * min_step) if char.format in INTEGER_TYPES: val = int(val.to_integral_value()) else: val = float(val) if char.format == CharacteristicFormats.data: try: base64.decodebytes(val.encode()) except binascii.Error: raise FormatError('"{v}" is no valid "{t}"!'.format(v=val, t=char.format)) if char.format == CharacteristicFormats.tlv8: try: tmp_bytes = base64.decodebytes(val.encode()) TLV.decode_bytes(tmp_bytes) except (binascii.Error, TlvParseException): raise FormatError('"{v}" is no valid "{t}"!'.format(v=val, t=char.format)) return val