55import asyncio
66from http import HTTPStatus
77import logging
8- from typing import TYPE_CHECKING , Dict , Optional
8+ from typing import TYPE_CHECKING , Dict , Optional , Any
99from urllib .parse import ParseResult , parse_qs , urlparse
1010import uuid
1111
@@ -88,6 +88,7 @@ class HAP_TLV_TAGS:
8888 ERROR_CODE = b"\x07 "
8989 PROOF = b"\x0A "
9090 PERMISSIONS = b"\x0B "
91+ SEPARATOR = b"\xFF "
9192
9293
9394class UnprivilegedRequestException (Exception ):
@@ -148,7 +149,7 @@ def __init__(self, accessory_handler, client_address):
148149 """
149150 self .accessory_handler : AccessoryDriver = accessory_handler
150151 self .state : State = self .accessory_handler .state
151- self .enc_context = None
152+ self .enc_context : Optional [ Dict [ str , Any ]] = None
152153 self .client_address = client_address
153154 self .is_encrypted = False
154155 self .client_uuid : Optional [uuid .UUID ] = None
@@ -567,33 +568,33 @@ def _pair_verify_two(self, tlv_objects: Dict[bytes, bytes]) -> None:
567568
568569 dec_tlv_objects = tlv .decode (bytes (decrypted_data ))
569570 client_username = dec_tlv_objects [HAP_TLV_TAGS .USERNAME ]
570- material = (
571- self .enc_context ["client_public" ]
572- + client_username
573- + self .enc_context ["public_key" ].public_bytes (
574- encoding = serialization .Encoding .Raw ,
575- format = serialization .PublicFormat .Raw ,
576- )
571+ public_key : x25519 .X25519PublicKey = self .enc_context ["public_key" ]
572+ raw_public_key = public_key .public_bytes (
573+ encoding = serialization .Encoding .Raw ,
574+ format = serialization .PublicFormat .Raw ,
577575 )
576+ material = self .enc_context ["client_public" ] + client_username + raw_public_key
578577
579578 client_uuid = uuid .UUID (str (client_username , "utf-8" ))
580579 perm_client_public = self .state .paired_clients .get (client_uuid )
581580 if perm_client_public is None :
582581 logger .error (
583- "%s: Client %s with uuid %s attempted pair verify without being paired first (paired clients=%s)." ,
582+ "%s: Client %s with uuid %s attempted pair verify "
583+ "without being paired first (public_key=%s, paired clients=%s)." ,
584+ self .accessory_handler .accessory .display_name ,
584585 self .client_address ,
585586 client_uuid ,
586- self . state . paired_clients ,
587- self .accessory_handler . accessory . display_name ,
587+ raw_public_key . hex () ,
588+ { uuid : key . hex () for uuid , key in self .state . paired_clients . items ()} ,
588589 )
589590 self ._send_authentication_error_tlv_response (HAP_TLV_STATES .M4 )
590591 return
591592
592593 verifying_key = ed25519 .Ed25519PublicKey .from_public_bytes (perm_client_public )
593594 try :
594595 verifying_key .verify (dec_tlv_objects [HAP_TLV_TAGS .PROOF ], material )
595- except InvalidSignature :
596- logger .error ("%s: Bad signature , abort." , self .client_address )
596+ except ( InvalidSignature , KeyError ) as ex :
597+ logger .error ("%s: %s , abort." , self .client_address , ex )
597598 self ._send_authentication_error_tlv_response (HAP_TLV_STATES .M4 )
598599 return
599600
@@ -781,9 +782,16 @@ def _handle_list_pairings(self) -> None:
781782 client_public ,
782783 HAP_TLV_TAGS .PERMISSIONS ,
783784 HAP_PERMISSIONS .ADMIN if admin else HAP_PERMISSIONS .USER ,
785+ HAP_TLV_TAGS .SEPARATOR ,
786+ b"" ,
784787 ]
785788 )
786789
790+ if response [- 2 ] == HAP_TLV_TAGS .SEPARATOR :
791+ # The last pairing should not have a separator
792+ response .pop ()
793+ response .pop ()
794+
787795 data = tlv .encode (* response )
788796 self ._send_tlv_pairing_response (data )
789797
<
6D40
path d="m8.177 14.323 2.896-2.896a.25.25 0 0 0-.177-.427H8.75V7.764a.75.75 0 1 0-1.5 0V11H5.104a.25.25 0 0 0-.177.427l2.896 2.896a.25.25 0 0 0 .354 0ZM2.25 5a.75.75 0 0 0 0-1.5h-.5a.75.75 0 0 0 0 1.5h.5ZM6 4.25a.75.75 0 0 1-.75.75h-.5a.75.75 0 0 1 0-1.5h.5a.75.75 0 0 1 .75.75ZM8.25 5a.75.75 0 0 0 0-1.5h-.5a.75.75 0 0 0 0 1.5h.5ZM12 4.25a.75.75 0 0 1-.75.75h-.5a.75.75 0 0 1 0-1.5h.5a.75.75 0 0 1 .75.75Zm2.25.75a.75.75 0 0 0 0-1.5h-.5a.75.75 0 0 0 0 1.5h.5Z">
0 commit comments