Improve error handling

Author: jdomnitz

HomeKitDotNet/Controller.cs

@@ -15,6 +15,7 @@
 using HomeKitDotNet.Models;
 using HomeKitDotNet.TLV;
 using HomeKitDotNet.TLV.Enums;
+using System.Globalization;
 using System.Net;
 using System.Numerics;
 using System.Security.Cryptography;
@@ -39,7 +40,7 @@ public Controller(out byte[] publicKey, out byte[] privateKey)
         {
             byte[] seed = RandomNumberGenerator.GetBytes(32);
             Ed25519.KeyPairFromSeed(out LTPK, out LTSK, seed);
-            deviceID = RandomNumberGenerator.GetBytes(16);
+            deviceID = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString("D", CultureInfo.InvariantCulture));
             publicKey = LTPK;
             privateKey = LTSK;
         }
@@ -52,6 +53,12 @@ public Controller(out byte[] publicKey, out byte[] privateKey)
         /// <param name="deviceID"></param>
         public Controller(byte[] privateKey, byte[] publicKey, byte[] deviceID)
         {
+            if (privateKey.Length != 64)
+                throw new ArgumentException("Invalid Private Key Length: " + privateKey.Length);
+            if (publicKey.Length != 32)
+                throw new ArgumentException("Invalid Public Key Length: " + publicKey.Length);
+            if (deviceID.Length != 36)
+                throw new ArgumentException("Invalid Device ID Length: " + deviceID.Length);
             LTPK = publicKey;
             LTSK = privateKey;
             this.deviceID = deviceID;
@@ -168,44 +175,48 @@ public async Task<bool> UnPair(HomeKitEndPoint endpoint)
         /// <param name="destination"></param>
         /// <returns></returns>
         /// <exception cref="IOException"></exception>
+        /// <exception cref="UnauthorizedAccessException"></exception>
         public async Task<AccessoryInfo> Pair(long setupPin, IPEndPoint destination)
         {
             string I = "Pair-Setup";
             string P = setupPin.ToString("000-00-000");
 
             Connection con = new Connection(destination);
 
-            Console.WriteLine("LTPK: " + BitConverter.ToString(LTPK));
-            Console.WriteLine("LTSK: " + BitConverter.ToString(LTSK));
-
             //Step 1
             HttpResponseMessage msg = await con.Post("/pair-setup", new TLVInt(TLVType.kTLVType_State, (byte)PairingState.M1), new TLVInt(TLVType.kTLVType_Method, (byte)Method.PairSetupWithAuth));
             if (!msg.IsSuccessStatusCode)
-                throw new IOException($"Pair Step 1 Failed with {msg.StatusCode}: {msg.ReasonPhrase}");
+                throw new IOException($"Pair Step 2 Failed with {msg.StatusCode}: {msg.ReasonPhrase}");
             List<TLVValue> responseTLVs = TLVValue.CollectionFromStream(msg.Content.ReadAsStream());
 
             //Step 3
-            byte[] bytes = TLVValue.Concat(TLVType.kTLVType_PublicKey, responseTLVs);
-            BigInteger B = new BigInteger(bytes, true, true);
+            byte[] accessoryPK = TLVValue.Concat(TLVType.kTLVType_PublicKey, responseTLVs);
+            if (accessoryPK.Length == 0)
+                throw new IOException($"Pair Step 3 Failed - Public key is missing");
+            if (responseTLVs.Any(t => t.Type == TLVType.kTLVType_Error))
+                throw new IOException("Received M2 Error");
+            BigInteger B = new BigInteger(accessoryPK, true, true);
             byte[] s = (responseTLVs.Find(t => t.Type == TLVType.kTLVType_Salt) as TLVBytes)!.Value;
             SRP srp = new SRP();
             BigInteger A = srp.GenerateAValues();
             BigInteger K = srp.ComputeSessionKey(I, P, s, B);
             BigInteger M1 = srp.GenerateClientProof(I, s, A, B, K);
-            msg = await con.Post("/pair-setup", [
+            msg = await con.Post("/pair-setup",
                 new TLVInt(TLVType.kTLVType_State, (byte)PairingState.M3),
                 new TLVBytes(TLVType.kTLVType_PublicKey, A.ToByteArray(true, true)),
                 new TLVBytes(TLVType.kTLVType_Proof, M1.ToByteArray(true, true))
-                ]);
+                );
 
             if (!msg.IsSuccessStatusCode)
             {
                 string content = new StreamReader(msg.Content.ReadAsStream()).ReadToEnd();
-                throw new IOException($"Pair Step 3 Failed with {msg.StatusCode}: {msg.ReasonPhrase}: {content}");
+                throw new IOException($"Pair Step 4 Failed with {msg.StatusCode}: {msg.ReasonPhrase}: {content}");
             }
 
             //Step 5
             responseTLVs = TLVValue.CollectionFromStream(msg.Content.ReadAsStream());
+            if (responseTLVs.Any(t => t.Type == TLVType.kTLVType_Error))
+                throw new UnauthorizedAccessException("Invalid PIN Code");
             BigInteger M2 = new BigInteger((responseTLVs.Find(t => t.Type == TLVType.kTLVType_Proof) as TLVBytes)!.Value, true, true);
             bool valid = srp.ValidateServerProof(M2, M1, K);
 
@@ -229,10 +240,10 @@ public async Task<AccessoryInfo> Pair(long setupPin, IPEndPoint destination)
                 encrypter.Encrypt(Encoding.ASCII.GetBytes("\0\0\0\0PS-Msg05"), encryptionPayload.ToArray(), encryptedPayload.AsSpan().Slice(0, (int)encryptionPayload.Length), encryptedPayload.AsSpan().Slice((int)encryptionPayload.Length, 16));
             }
 
-            msg = await con.Post("/pair-setup", [
+            msg = await con.Post("/pair-setup",
                 new TLVInt(TLVType.kTLVType_State, (byte)PairingState.M5),
                 new TLVBytes(TLVType.kTLVType_EncryptedData, encryptedPayload)
-                ]);
+                );
 
             if (!msg.IsSuccessStatusCode)
             {

HomeKitDotNet/TLV/Enums/Method.cs

@@ -19,6 +19,7 @@ public enum Method : byte
         PairVerify = 0x2,
         AddPairing = 0x3,
         RemovePairing = 0x4,
-        ListPairings = 0x5
+        ListPairings = 0x5,
+        PairResume = 0x6,
     }
 }