mirrors/fcast
1
0
Fork 0
mirror of https://gitlab.com/futo-org/fcast.git synced 2025-06-24 21:25:23 +00:00
Code Activity

Added encryption.

Browse source
This commit is contained in:
Koen 2023-12-30 10:55:30 +01:00
parent b8bd78d90d
commit 9599c1931e
29 changed files with 1016 additions and 1069 deletions
Download patch file Download diff file Expand all files Collapse all files

17
receivers/android/app/build.gradle
View file

@ -20,12 +20,12 @@ if (keystorePropertiesFile.exists()) {
android {
namespace 'com.futo.fcast.receiver'
compileSdk 33
compileSdk 34
defaultConfig {
applicationId "com.futo.fcast.receiver"
minSdk 24
targetSdk 33
targetSdk 34
versionCode currentVersionCode
versionName currentVersionName
@ -75,17 +75,22 @@ android {
kotlinOptions {
jvmTarget = '1.8'
}
buildFeatures {
buildConfig true
}
}
dependencies {
implementation 'androidx.core:core-ktx:1.7.0'
implementation 'androidx.core:core-ktx:1.12.0'
implementation 'androidx.appcompat:appcompat:1.6.1'
implementation 'com.google.android.material:material:1.8.0'
implementation "org.jetbrains.kotlinx:kotlinx-serialization-json:1.5.0"
implementation 'com.google.android.exoplayer:exoplayer:2.18.6'
implementation 'com.google.android.material:material:1.11.0'
implementation "org.jetbrains.kotlinx:kotlinx-serialization-json:1.6.2"
implementation 'com.google.android.exoplayer:exoplayer:2.19.1'
implementation "com.squareup.okhttp3:okhttp:4.11.0"
implementation 'com.journeyapps:zxing-android-embedded:4.3.0'
implementation 'org.java-websocket:Java-WebSocket:1.5.4'
implementation 'org.bouncycastle:bcpkix-jdk18on:1.77'
implementation 'org.bouncycastle:bcprov-jdk18on:1.77'
testImplementation 'junit:junit:4.13.2'
androidTestImplementation 'androidx.test.ext:junit:1.1.5'
androidTestImplementation 'androidx.test.espresso:espresso-core:3.5.1'

113
receivers/android/app/src/androidTest/java/com/futo/fcast/receiver/EncryptionTest.kt
View file

@ -1,113 +0,0 @@
package com.futo.fcast.receiver
import android.util.Base64
import android.util.Log
import androidx.test.platform.app.InstrumentationRegistry
import androidx.test.ext.junit.runners.AndroidJUnit4
import kotlinx.serialization.decodeFromString
import kotlinx.serialization.encodeToString
import kotlinx.serialization.json.Json
import org.junit.Test
import org.junit.runner.RunWith
import org.junit.Assert.*
import java.security.KeyFactory
import java.security.KeyPair
import java.security.KeyPairGenerator
import java.security.spec.PKCS8EncodedKeySpec
import java.security.spec.X509EncodedKeySpec
import javax.crypto.interfaces.DHPrivateKey
import javax.crypto.spec.SecretKeySpec
@RunWith(AndroidJUnit4::class)
class EncryptionTest {
@Test
fun testDHEncryptionSelf() {
val keyPair1 = FCastSession.generateKeyPair()
val keyPair2 = FCastSession.generateKeyPair()
Log.i("testDHEncryptionSelf", "privates (1: ${Base64.encodeToString(keyPair1.private.encoded, Base64.NO_WRAP)}, 2: ${Base64.encodeToString(keyPair2.private.encoded, Base64.NO_WRAP)})")
val keyExchangeMessage1 = FCastSession.getKeyExchangeMessage(keyPair1)
val keyExchangeMessage2 = FCastSession.getKeyExchangeMessage(keyPair2)
Log.i("testDHEncryptionSelf", "publics (1: ${keyExchangeMessage1.publicKey}, 2: ${keyExchangeMessage2.publicKey})")
val aesKey1 = FCastSession.computeSharedSecret(keyPair1.private, keyExchangeMessage2)
val aesKey2 = FCastSession.computeSharedSecret(keyPair2.private, keyExchangeMessage1)
assertEquals(Base64.encodeToString(aesKey1.encoded, Base64.NO_WRAP), Base64.encodeToString(aesKey2.encoded, Base64.NO_WRAP))
Log.i("testDHEncryptionSelf", "aesKey ${Base64.encodeToString(aesKey1.encoded, Base64.NO_WRAP)}")
val message = PlayMessage("text/html")
val serializedBody = Json.encodeToString(message)
val encryptedMessage = FCastSession.encryptMessage(aesKey1, DecryptedMessage(Opcode.Play.value.toLong(), serializedBody))
Log.i("testDHEncryptionSelf", Json.encodeToString(encryptedMessage))
val decryptedMessage = FCastSession.decryptMessage(aesKey1, encryptedMessage)
assertEquals(Opcode.Play.value.toLong(), decryptedMessage.opcode)
assertEquals(serializedBody, decryptedMessage.message)
}
@Test
fun testAESKeyGeneration() {
val cases = listOf(
listOf(
//Public other
"MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECA4GEAAKBgEnOS0oHteVA+3kND3u4yXe7GGRohy1LkR9Q5tL4c4ylC5n4iSwWSoIhcSIvUMWth6KAhPhu05sMcPY74rFMSS2AGTNCdT/5KilediipuUMdFVvjGqfNMNH1edzW5mquIw3iXKdfQmfY/qxLTI2wccyDj4hHFhLCZL3Y+shsm3KF",
//Private self
"MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECBIGDAoGAeo/ceIeH8Jt1ZRNKX5aTHkMi23GCV1LtcS2O6Tktn9k8DCv7gIoekysQUhMyWtR+MsZlq2mXjr1JFpAyxl89rqoEPU6QDsGe9q8R4O8eBZ2u+48mkUkGSh7xPGRQUBvmhH2yk4hIEA8aK4BcYi1OTsCZtmk7pQq+uaFkKovD/8M=",
//AES
"7dpl1/6KQTTooOrFf2VlUOSqgrFHi6IYxapX0IxFfwk="
),
listOf(
//Public other
"MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECA4GEAAKBgGvIlCP/S+xpAuNEHSn4cEDOL1esUf+uMuY2Kp5J10a7HGbwzNd+7eYsgEc4+adddgB7hJgTvjsGg7lXUhHQ7WbfbCGgt7dbkx8qkic6Rgq4f5eRYd1Cgidw4MhZt7mEIOKrHweqnV6B9rypbXjbqauc6nGgtwx+Gvl6iLpVATRK",
//Private self
"MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECBIGDAoGAMXmiIgWyutbaO+f4UiMAb09iVVSCI6Lb6xzNyD2MpUZyk4/JOT04Daj4JeCKFkF1Fq79yKhrnFlXCrF4WFX00xUOXb8BpUUUH35XG5ApvolQQLL6N0om8/MYP4FK/3PUxuZAJz45TUsI/v3u6UqJelVTNL83ltcFbZDIfEVftRA=",
//AES
"a2tUSxnXifKohfNocAQHkAlPffDv6ReihJ7OojBGt0Q="
)
)
for (case in cases) {
val decodedPrivateKey1 = Base64.decode(case[1], Base64.NO_WRAP)
val keyExchangeMessage2 = KeyExchangeMessage(1, case[0])
val keyFactory = KeyFactory.getInstance("DH")
val privateKeySpec = PKCS8EncodedKeySpec(decodedPrivateKey1)
val privateKey = keyFactory.generatePrivate(privateKeySpec)
val aesKey1 = FCastSession.computeSharedSecret(privateKey, keyExchangeMessage2)
assertEquals(case[2], Base64.encodeToString(aesKey1.encoded, Base64.NO_WRAP))
}
}
@Test
fun testDHEncryptionKnown() {
val decodedPrivateKey1 = Base64.decode("MIIDJwIBADCCAhgGCSqGSIb3DQEDATCCAgkCggEBAJVHXPXZPllsP80dkCrdAvQn9fPHIQMTu0X7TVuy5f4cvWeM1LvdhMmDa+HzHAd3clrrbC/Di4X0gHb6drzYFGzImm+y9wbdcZiYwgg9yNiW+EBi4snJTRN7BUqNgJatuNUZUjmO7KhSoK8S34Pkdapl1OwMOKlWDVZhGG/5i5/J62Du6LAwN2sja8c746zb10/WHB0kdfowd7jwgEZ4gf9+HKVv7gZteVBq3lHtu1RDpWOSfbxLpSAIZ0YXXIiFkl68ZMYUeQZ3NJaZDLcU7GZzBOJh+u4zs8vfAI4MP6kGUNl9OQnJJ1v0rIb/yz0D5t/IraWTQkLdbTvMoqQGywsCggEAQt67naWz2IzJVuCHh+w/Ogm7pfSLiJp0qvUxdKoPvn48W4/NelO+9WOw6YVgMolgqVF/QBTTMl/Hlivx4Ek3DXbRMUp2E355Lz8NuFnQleSluTICTweezy7wnHl0UrB3DhNQeC7Vfd95SXnc7yPLlvGDBhllxOvJPJxxxWuSWVWnX5TMzxRJrEPVhtC+7kMlGwsihzSdaN4NFEQD8T6AL0FG2ILgV68ZtvYnXGZ2yPoOPKJxOjJX/Rsn0GOfaV40fY0c+ayBmibKmwTLDrm3sDWYjRW7rGUhKlUjnPx+WPrjjXJQq5mR/7yXE0Al/ozgTEOZrZZWm+kaVG9JeGk8egSCAQQCggEAECNvEczf0y6IoX/IwhrPeWZ5IxrHcpwjcdVAuyZQLLlOq0iqnYMFcSD8QjMF8NKObfZZCDQUJlzGzRsG0oXsWiWtmoRvUZ9tQK0j28hDylpbyP00Bt9NlMgeHXkAy54P7Z2v/BPCd3o23kzjgXzYaSRuCFY7zQo1g1IQG8mfjYjdE4jjRVdVrlh8FS8x4OLPeglc+cp2/kuyxaVEfXAG84z/M8019mRSfdczi4z1iidPX6HgDEEWsN42Ud60mNKy5jsQpQYkRdOLmxR3+iQEtGFjdzbVhVCUr7S5EORU9B1MOl5gyPJpjfU3baOqrg6WXVyTvMDaA05YEnAHQNOOfA==", Base64.NO_WRAP)
val keyExchangeMessage2 = KeyExchangeMessage(1, "MIIDJTCCAhgGCSqGSIb3DQEDATCCAgkCggEBAJVHXPXZPllsP80dkCrdAvQn9fPHIQMTu0X7TVuy5f4cvWeM1LvdhMmDa+HzHAd3clrrbC/Di4X0gHb6drzYFGzImm+y9wbdcZiYwgg9yNiW+EBi4snJTRN7BUqNgJatuNUZUjmO7KhSoK8S34Pkdapl1OwMOKlWDVZhGG/5i5/J62Du6LAwN2sja8c746zb10/WHB0kdfowd7jwgEZ4gf9+HKVv7gZteVBq3lHtu1RDpWOSfbxLpSAIZ0YXXIiFkl68ZMYUeQZ3NJaZDLcU7GZzBOJh+u4zs8vfAI4MP6kGUNl9OQnJJ1v0rIb/yz0D5t/IraWTQkLdbTvMoqQGywsCggEAQt67naWz2IzJVuCHh+w/Ogm7pfSLiJp0qvUxdKoPvn48W4/NelO+9WOw6YVgMolgqVF/QBTTMl/Hlivx4Ek3DXbRMUp2E355Lz8NuFnQleSluTICTweezy7wnHl0UrB3DhNQeC7Vfd95SXnc7yPLlvGDBhllxOvJPJxxxWuSWVWnX5TMzxRJrEPVhtC+7kMlGwsihzSdaN4NFEQD8T6AL0FG2ILgV68ZtvYnXGZ2yPoOPKJxOjJX/Rsn0GOfaV40fY0c+ayBmibKmwTLDrm3sDWYjRW7rGUhKlUjnPx+WPrjjXJQq5mR/7yXE0Al/ozgTEOZrZZWm+kaVG9JeGk8egOCAQUAAoIBAGlL9EYsrFz3I83NdlwhM241M+M7PA9P5WXgtdvS+pcalIaqN2IYdfzzCUfye7lchVkT9A2Y9eWQYX0OUhmjf8PPKkRkATLXrqO5HTsxV96aYNxMjz5ipQ6CaErTQaPLr3OPoauIMPVVI9zM+WT0KOGp49YMyx+B5rafT066vOVbF/0z1crq0ZXxyYBUv135rwFkIHxBMj5bhRLXKsZ2G5aLAZg0DsVam104mgN/v75f7Spg/n5hO7qxbNgbvSrvQ7Ag/rMk5T3sk7KoM23Qsjl08IZKs2jjx21MiOtyLqGuCW6GOTNK4yEEDF5gA0K13eXGwL5lPS0ilRw+Lrw7cJU=")
val keyFactory = KeyFactory.getInstance("DH")
val privateKeySpec = PKCS8EncodedKeySpec(decodedPrivateKey1)
val privateKey = keyFactory.generatePrivate(privateKeySpec)
val aesKey1 = FCastSession.computeSharedSecret(privateKey, keyExchangeMessage2)
assertEquals("vI5LGE625zGEG350ggkyBsIAXm2y4sNohiPcED1oAEE=", Base64.encodeToString(aesKey1.encoded, Base64.NO_WRAP))
val message = PlayMessage("text/html")
val serializedBody = Json.encodeToString(message)
val encryptedMessage = FCastSession.encryptMessage(aesKey1, DecryptedMessage(Opcode.Play.value.toLong(), serializedBody))
val decryptedMessage = FCastSession.decryptMessage(aesKey1, encryptedMessage)
assertEquals(Opcode.Play.value.toLong(), decryptedMessage.opcode)
assertEquals(serializedBody, decryptedMessage.message)
}
@Test
fun testDecryptMessageKnown() {
val encryptedMessage = Json.decodeFromString<EncryptedMessage>("{\"version\":1,\"iv\":\"C4H70VC5FWrNtkty9/cLIA==\",\"blob\":\"K6/N7JMyi1PFwKhU0mFj7ZJmd/tPp3NCOMldmQUtDaQ7hSmPoIMI5QNMOj+NFEiP4qTgtYp5QmBPoQum6O88pA==\"}")
val aesKey = SecretKeySpec(Base64.decode("+hr9Jg8yre7S9WGUohv2AUSzHNQN514JPh6MoFAcFNU=", Base64.NO_WRAP), "AES")
val decryptedMessage = FCastSession.decryptMessage(aesKey, encryptedMessage)
assertEquals(Opcode.Play.value.toLong(), decryptedMessage.opcode)
assertEquals("{\"container\":\"text/html\"}", decryptedMessage.message)
}
}

136
receivers/android/app/src/main/java/com/futo/fcast/receiver/FCastSession.kt
View file

@ -42,13 +42,10 @@ enum class Opcode(val value: Byte) {
VolumeUpdate(7),
SetVolume(8),
PlaybackError(9),
SetSpeed(10),
SetSpeed(10),
Version(11),
KeyExchange(12),
Encrypted(13),
Ping(14),
Pong(15),
StartEncryption(16);
Ping(12),
Pong(13);
companion object {
private val _map = values().associateBy { it.value }
@ -65,39 +62,9 @@ class FCastSession(outputStream: OutputStream, private val _remoteSocketAddress:
private var _packetLength = 0
private var _state = SessionState.WaitingForLength
private var _outputStream: DataOutputStream? = DataOutputStream(outputStream)
private val _keyPair: KeyPair = generateKeyPair()
private var _aesKey: SecretKeySpec? = null
private val _queuedEncryptedMessages = arrayListOf<EncryptedMessage>()
private var _encryptionStarted = false
val id = UUID.randomUUID()
init {
send(Opcode.KeyExchange, getKeyExchangeMessage(_keyPair))
}
fun sendVersion(value: VersionMessage) {
send(Opcode.Version, value)
}
fun sendPlaybackError(value: PlaybackErrorMessage) {
send(Opcode.PlaybackError, value)
}
fun sendPlaybackUpdate(value: PlaybackUpdateMessage) {
send(Opcode.PlaybackUpdate, value)
}
fun sendVolumeUpdate(value: VolumeUpdateMessage) {
send(Opcode.VolumeUpdate, value)
}
private fun send(opcode: Opcode, message: String? = null) {
val aesKey = _aesKey
if (_encryptionStarted && aesKey != null && opcode != Opcode.Encrypted && opcode != Opcode.KeyExchange && opcode != Opcode.StartEncryption) {
send(Opcode.Encrypted, encryptMessage(aesKey, DecryptedMessage(opcode.value.toLong(), message)))
return
}
fun send(opcode: Opcode, message: String? = null) {
try {
val data: ByteArray = message?.encodeToByteArray() ?: ByteArray(0)
val size = 1 + data.size
@ -129,7 +96,7 @@ class FCastSession(outputStream: OutputStream, private val _remoteSocketAddress:
}
}
private inline fun <reified T> send(opcode: Opcode, message: T) {
inline fun <reified T> send(opcode: Opcode, message: T) {
try {
send(opcode, message?.let { Json.encodeToString(it) })
} catch (e: Throwable) {
@ -246,42 +213,7 @@ class FCastSession(outputStream: OutputStream, private val _remoteSocketAddress:
Opcode.Seek -> _service.onCastSeek(json.decodeFromString(body!!))
Opcode.SetVolume -> _service.onSetVolume(json.decodeFromString(body!!))
Opcode.SetSpeed -> _service.onSetSpeed(json.decodeFromString(body!!))
Opcode.KeyExchange -> {
val keyExchangeMessage: KeyExchangeMessage = json.decodeFromString(body!!)
_aesKey = computeSharedSecret(_keyPair.private, keyExchangeMessage)
send(Opcode.StartEncryption)
synchronized(_queuedEncryptedMessages) {
for (queuedEncryptedMessages in _queuedEncryptedMessages) {
val decryptedMessage = decryptMessage(_aesKey!!, queuedEncryptedMessages)
val o = Opcode.find(decryptedMessage.opcode.toByte())
handlePacket(o, decryptedMessage.message)
}
_queuedEncryptedMessages.clear()
}
}
Opcode.Ping -> send(Opcode.Pong)
Opcode.Encrypted -> {
val encryptedMessage: EncryptedMessage = json.decodeFromString(body!!)
if (_aesKey != null) {
val decryptedMessage = decryptMessage(_aesKey!!, encryptedMessage)
val o = Opcode.find(decryptedMessage.opcode.toByte())
handlePacket(o, decryptedMessage.message)
} else {
synchronized(_queuedEncryptedMessages) {
if (_queuedEncryptedMessages.size == 15) {
_queuedEncryptedMessages.removeAt(0)
}
_queuedEncryptedMessages.add(encryptedMessage)
}
}
}
Opcode.StartEncryption -> {
_encryptionStarted = true
//TODO: Send decrypted messages waiting for encryption to be established
}
else -> { }
}
} catch (e: Throwable) {
@ -292,63 +224,5 @@ class FCastSession(outputStream: OutputStream, private val _remoteSocketAddress:
companion object {
const val TAG = "FCastSession"
private val json = Json { ignoreUnknownKeys = true }
fun getKeyExchangeMessage(keyPair: KeyPair): KeyExchangeMessage {
return KeyExchangeMessage(1, Base64.encodeToString(keyPair.public.encoded, Base64.NO_WRAP))
}
fun generateKeyPair(): KeyPair {
//modp14
val p = BigInteger("ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff", 16)
val g = BigInteger("2", 16)
val dhSpec = DHParameterSpec(p, g)
val keyGen = KeyPairGenerator.getInstance("DH")
keyGen.initialize(dhSpec)
return keyGen.generateKeyPair()
}
fun computeSharedSecret(privateKey: PrivateKey, keyExchangeMessage: KeyExchangeMessage): SecretKeySpec {
val keyFactory = KeyFactory.getInstance("DH")
val receivedPublicKeyBytes = Base64.decode(keyExchangeMessage.publicKey, Base64.NO_WRAP)
val receivedPublicKeySpec = X509EncodedKeySpec(receivedPublicKeyBytes)
val receivedPublicKey = keyFactory.generatePublic(receivedPublicKeySpec)
val keyAgreement = KeyAgreement.getInstance("DH")
keyAgreement.init(privateKey)
keyAgreement.doPhase(receivedPublicKey, true)
val sharedSecret = keyAgreement.generateSecret()
Log.i(TAG, "sharedSecret ${Base64.encodeToString(sharedSecret, Base64.NO_WRAP)}")
val sha256 = MessageDigest.getInstance("SHA-256")
val hashedSecret = sha256.digest(sharedSecret)
Log.i(TAG, "hashedSecret ${Base64.encodeToString(hashedSecret, Base64.NO_WRAP)}")
return SecretKeySpec(hashedSecret, "AES")
}
fun encryptMessage(aesKey: SecretKeySpec, decryptedMessage: DecryptedMessage): EncryptedMessage {
val cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
cipher.init(Cipher.ENCRYPT_MODE, aesKey)
val iv = cipher.iv
val json = Json.encodeToString(decryptedMessage)
val encrypted = cipher.doFinal(json.toByteArray(Charsets.UTF_8))
return EncryptedMessage(
version = 1,
iv = Base64.encodeToString(iv, Base64.NO_WRAP),
blob = Base64.encodeToString(encrypted, Base64.NO_WRAP)
)
}
fun decryptMessage(aesKey: SecretKeySpec, encryptedMessage: EncryptedMessage): DecryptedMessage {
val iv = Base64.decode(encryptedMessage.iv, Base64.NO_WRAP)
val encrypted = Base64.decode(encryptedMessage.blob, Base64.NO_WRAP)
val cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
cipher.init(Cipher.DECRYPT_MODE, aesKey, IvParameterSpec(iv))
val decryptedJson = cipher.doFinal(encrypted)
return Json.decodeFromString(String(decryptedJson, Charsets.UTF_8))
}
}
}

90
receivers/android/app/src/main/java/com/futo/fcast/receiver/NetworkService.kt
View file

@ -1,5 +1,6 @@
package com.futo.fcast.receiver
import SslKeyManager
import WebSocketListenerService
import android.app.*
import android.content.Context
@ -11,13 +12,16 @@ import android.util.Log
import android.widget.Toast
import androidx.core.app.NotificationCompat
import kotlinx.coroutines.*
import org.bouncycastle.jce.provider.BouncyCastleProvider
import java.security.Security
class NetworkService : Service() {
private var _discoveryService: DiscoveryService? = null
private var _stopped = false
private var _tcpListenerService: TcpListenerService? = null
private var _tlsListenerService: TlsListenerService? = null
private var _webSocketListenerService: WebSocketListenerService? = null
private var _scope: CoroutineScope? = null
private var _stopped = false
override fun onBind(intent: Intent?): IBinder? {
return null
@ -63,7 +67,7 @@ class NetworkService : Service() {
withContext(Dispatchers.IO) {
try {
Log.i(TAG, "Sending version ${session.id}")
session.sendVersion(VersionMessage(2))
session.send(Opcode.Version, VersionMessage(2))
} catch (e: Throwable) {
Log.e(TAG, "Failed to send version ${session.id}")
}
@ -75,7 +79,7 @@ class NetworkService : Service() {
val updateMessage = generateUpdateMessage()
withContext(Dispatchers.IO) {
try {
session.sendPlaybackUpdate(updateMessage)
session.send(Opcode.PlaybackUpdate, updateMessage)
Log.i(TAG, "Update sent ${session.id}")
} catch (eSend: Throwable) {
Log.e(TAG, "Unhandled error sending update ${session.id}", eSend)
@ -106,12 +110,18 @@ class NetworkService : Service() {
start()
}
val sslKeyManager = SslKeyManager("fcast_receiver")
_tlsListenerService = TlsListenerService(this) { onNewSession(it) }.apply {
start(sslKeyManager)
}
Log.i(TAG, "Started NetworkService")
Toast.makeText(this, "Started FCast service", Toast.LENGTH_LONG).show()
return START_STICKY
}
@Suppress("DEPRECATION")
private fun createNotificationBuilder(): NotificationCompat.Builder {
return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
NotificationCompat.Builder(this, CHANNEL_ID)
@ -134,6 +144,9 @@ class NetworkService : Service() {
_tcpListenerService?.stop()
_tcpListenerService = null
_tlsListenerService?.stop()
_tlsListenerService = null
try {
_webSocketListenerService?.stop()
} catch (e: Throwable) {
@ -170,12 +183,11 @@ class NetworkService : Service() {
}
}
fun sendPlaybackError(error: String) {
val message = PlaybackErrorMessage(error)
_tcpListenerService?.forEachSession { session ->
private inline fun <reified T> send(opcode: Opcode, message: T) {
val sender: (FCastSession) -> Unit = { session: FCastSession ->
_scope?.launch(Dispatchers.IO) {
try {
session.sendPlaybackError(message)
session.send(opcode, message)
Log.i(TAG, "Playback error sent ${session.id}")
} catch (e: Throwable) {
Log.w(TAG, "Failed to send playback error", e)
@ -183,64 +195,22 @@ class NetworkService : Service() {
}
}
_webSocketListenerService?.forEachSession { session ->
_scope?.launch(Dispatchers.IO) {
try {
session.sendPlaybackError(message)
Log.i(TAG, "Playback error sent ${session.id}")
} catch (e: Throwable) {
Log.w(TAG, "Failed to send playback error", e)
}
}
}
_tcpListenerService?.forEachSession(sender)
_webSocketListenerService?.forEachSession(sender)
_tlsListenerService?.forEachSession(sender)
}
fun sendPlaybackError(error: String) {
val message = PlaybackErrorMessage(error)
send(Opcode.PlaybackError, message)
}
fun sendPlaybackUpdate(message: PlaybackUpdateMessage) {
_tcpListenerService?.forEachSession { session ->
_scope?.launch(Dispatchers.IO) {
try {
session.sendPlaybackUpdate(message)
Log.i(TAG, "Playback update sent ${session.id}")
} catch (e: Throwable) {
Log.w(TAG, "Failed to send playback update", e)
}
}
}
_webSocketListenerService?.forEachSession { session ->
_scope?.launch(Dispatchers.IO) {
try {
session.sendPlaybackUpdate(message)
Log.i(TAG, "Playback update sent ${session.id}")
} catch (e: Throwable) {
Log.w(TAG, "Failed to send playback update", e)
}
}
}
send(Opcode.PlaybackUpdate, message)
}
fun sendCastVolumeUpdate(value: VolumeUpdateMessage) {
_tcpListenerService?.forEachSession { session ->
_scope?.launch(Dispatchers.IO) {
try {
session.sendVolumeUpdate(value)
Log.i(TAG, "Volume update sent ${session.id}")
} catch (e: Throwable) {
Log.w(TAG, "Failed to send volume update", e)
}
}
}
_webSocketListenerService?.forEachSession { session ->
_scope?.launch(Dispatchers.IO) {
try {
session.sendVolumeUpdate(value)
Log.i(TAG, "Volume update sent ${session.id}")
} catch (e: Throwable) {
Log.w(TAG, "Failed to send volume update", e)
}
}
}
send(Opcode.VolumeUpdate, value)
}
fun onCastPlay(playMessage: PlayMessage) {
@ -361,7 +331,7 @@ class NetworkService : Service() {
private const val CHANNEL_ID = "NetworkListenerServiceChannel"
private const val NOTIFICATION_ID = 1
private const val PLAY_NOTIFICATION_ID = 2
private const val TAG = "NetworkService"
const val TAG = "NetworkService"
var activityCount = 0
var instance: NetworkService? = null
}

19
receivers/android/app/src/main/java/com/futo/fcast/receiver/Packets.kt
View file

@ -49,23 +49,4 @@ data class SetVolumeMessage(
@Serializable
data class VersionMessage(
val version: Long
)
@Serializable
data class KeyExchangeMessage(
val version: Long,
val publicKey: String
)
@Serializable
data class DecryptedMessage(
val opcode: Long,
val message: String?
)
@Serializable
data class EncryptedMessage(
val version: Long,
val iv: String?,
val blob: String
)

80
receivers/android/app/src/main/java/com/futo/fcast/receiver/SslKeyManager.kt Normal file
View file

@ -0,0 +1,80 @@
import android.security.keystore.KeyGenParameterSpec
import android.security.keystore.KeyProperties
import org.bouncycastle.asn1.x500.X500Name
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo
import org.bouncycastle.cert.X509v3CertificateBuilder
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
import java.io.FileInputStream
import java.math.BigInteger
import java.security.KeyPairGenerator
import java.security.KeyStore
import java.security.PrivateKey
import java.security.PublicKey
import java.util.Calendar
import javax.net.ssl.KeyManagerFactory
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLServerSocketFactory
import java.security.cert.X509Certificate
import javax.net.ssl.TrustManagerFactory
class SslKeyManager(private val alias: String) {
fun getSslServerSocketFactory(): SSLServerSocketFactory {
val keyStore = KeyStore.getInstance("AndroidKeyStore").apply { load(null) }
//if (!keyStore.containsAlias(alias)) {
generateKeyPairAndCertificate(keyStore)
//}
val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).apply {
init(keyStore)
}
val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).apply {
init(keyStore, null)
}
val sslContext = SSLContext.getInstance("TLS").apply {
init(keyManagerFactory.keyManagers, trustManagerFactory.trustManagers, null)
}
return sslContext.serverSocketFactory
}
private fun generateKeyPairAndCertificate(keyStore: KeyStore) {
val keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore")
val parameterSpec = KeyGenParameterSpec
.Builder(alias, KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT or KeyProperties.PURPOSE_SIGN or KeyProperties.PURPOSE_VERIFY)
//.setBlockModes(KeyProperties.BLOCK_MODE_ECB)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.build()
keyPairGenerator.initialize(parameterSpec)
val keyPair = keyPairGenerator.generateKeyPair()
val privateKey = keyPair.private
val publicKey = keyPair.public
val cert = generateSelfSignedCertificate(privateKey, publicKey)
keyStore.setKeyEntry(alias, privateKey, null, arrayOf(cert))
}
private fun generateSelfSignedCertificate(privateKey: PrivateKey, publicKey: PublicKey): X509Certificate {
val start = Calendar.getInstance().time
val end = Calendar.getInstance().apply { add(Calendar.YEAR, 1000) }.time
val certInfo = X509v3CertificateBuilder(
X500Name("CN=FCastReceiver"),
BigInteger.ONE,
start,
end,
X500Name("CN=FCastReceiver"),
SubjectPublicKeyInfo.getInstance(publicKey.encoded)
)
val signer = JcaContentSignerBuilder("SHA256withRSA").build(privateKey)
return JcaX509CertificateConverter().getCertificate(certInfo.build(signer))
}
}

134
receivers/android/app/src/main/java/com/futo/fcast/receiver/TlsListenerService.kt Normal file
View file

@ -0,0 +1,134 @@
package com.futo.fcast.receiver
import SslKeyManager
import android.util.Log
import java.io.BufferedInputStream
import java.net.Socket
import java.security.KeyStore
import java.security.cert.Certificate
import javax.net.ssl.KeyManagerFactory
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLServerSocket
import javax.net.ssl.TrustManagerFactory
class TlsListenerService(private val _networkService: NetworkService, private val _onNewSession: (session: FCastSession) -> Unit) {
private var _serverSocket: SSLServerSocket? = null
private var _stopped: Boolean = false
private var _listenThread: Thread? = null
private var _clientThreads: ArrayList<Thread> = arrayListOf()
private var _sessions: ArrayList<FCastSession> = arrayListOf()
fun start(sslKeyManager: SslKeyManager) {
Log.i(TAG, "Starting TlsListenerService")
val serverSocketFactory = sslKeyManager.getSslServerSocketFactory()
_serverSocket = (serverSocketFactory.createServerSocket(PORT) as SSLServerSocket)
_listenThread = Thread {
Log.i(TAG, "Starting TLS listener")
try {
listenForIncomingConnections()
} catch (e: Throwable) {
Log.e(TAG, "Stopped TLS listening for connections due to an unexpected error", e)
}
}
_listenThread?.start()
Log.i(TAG, "Started TlsListenerService")
}
fun stop() {
Log.i(TAG, "Stopping TlsListenerService")
_stopped = true
_serverSocket?.close()
_serverSocket = null
_listenThread?.join()
_listenThread = null
synchronized(_clientThreads) {
_clientThreads.clear()
}
Log.i(TAG, "Stopped TlsListenerService")
}
fun forEachSession(handler: (FCastSession) -> Unit) {
synchronized(_sessions) {
for (session in _sessions) {
handler(session)
}
}
}
private fun listenForIncomingConnections() {
Log.i(TAG, "Started TLS listening for incoming connections")
while (!_stopped) {
val clientSocket = _serverSocket?.accept() ?: break
val clientThread = Thread {
try {
handleClientConnection(clientSocket)
} catch (e: Throwable) {
Log.e(TAG, "Failed handle TLS client connection due to an error", e)
}
}
synchronized(_clientThreads) {
_clientThreads.add(clientThread)
}
clientThread.start()
}
Log.i(TAG, "Stopped TLS listening for incoming connections")
}
private fun handleClientConnection(socket: Socket) {
Log.i(TAG, "New TLS connection received from ${socket.remoteSocketAddress}")
val session = FCastSession(socket.getOutputStream(), socket.remoteSocketAddress, _networkService)
synchronized(_sessions) {
_sessions.add(session)
}
_onNewSession(session)
Log.i(TAG, "Waiting for data from ${socket.remoteSocketAddress}")
val bufferSize = 4096
val buffer = ByteArray(bufferSize)
val inputStream = BufferedInputStream(socket.getInputStream())
var bytesRead: Int
while (!_stopped) {
bytesRead = inputStream.read(buffer, 0, bufferSize)
if (bytesRead == -1) {
break
}
session.processBytes(buffer, bytesRead)
}
socket.close()
synchronized(_sessions) {
_sessions.remove(session)
}
synchronized(_clientThreads) {
_clientThreads.remove(Thread.currentThread())
}
Log.i(TAG, "Disconnected ${socket.remoteSocketAddress}")
}
companion object {
const val TAG = "TlsListenerService"
const val PORT = 46897
}
}

4
receivers/android/build.gradle
View file

@ -1,6 +1,6 @@
// Top-level build file where you can add configuration options common to all sub-projects/modules.
plugins {
id 'com.android.application' version '7.4.2' apply false
id 'com.android.library' version '7.4.2' apply false
id 'com.android.application' version '8.2.0' apply false
id 'com.android.library' version '8.2.0' apply false
id 'org.jetbrains.kotlin.android' version '1.8.0' apply false
}

3
receivers/android/gradle.properties
View file

@ -20,4 +20,5 @@ kotlin.code.style=official
# Enables namespacing of each library's R class so that its R class includes only the
# resources declared in the library itself and none from the library's dependencies,
# thereby reducing the size of the R class for that library
android.nonTransitiveRClass=true
android.nonTransitiveRClass=true
android.nonFinalResIds=false

2
receivers/android/gradle/wrapper/gradle-wrapper.properties vendored
View file

@ -1,6 +1,6 @@
#Mon May 01 06:24:43 CDT 2023
distributionBase=GRADLE_USER_HOME
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip
distributionPath=wrapper/dists
zipStorePath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME

70
receivers/electron/package-lock.json generated
View file

@ -10,15 +10,16 @@
"license": "MIT",
"dependencies": {
"bufferutil": "^4.0.8",
"crypto": "^1.0.1",
"libsodium-wrappers": "^0.7.13",
"https": "^1.0.0",
"node-forge": "^1.3.1",
"qrcode": "^1.5.3",
"utf-8-validate": "^6.0.3",
"tls": "^0.0.1",
"ws": "^8.14.2"
},
"devDependencies": {
"@types/jest": "^29.5.11",
"@types/libsodium-wrappers": "^0.7.13",
"@types/mdns": "^0.0.38",
"@types/node-forge": "^1.3.10",
"@types/workerpool": "^6.1.1",
"@types/ws": "^8.5.10",
"electron": "^22.2.0",
@ -1311,11 +1312,14 @@
"@types/node": "*"
}
},
"node_modules/@types/libsodium-wrappers": {
"version": "0.7.13",
"resolved": "https://registry.npmjs.org/@types/libsodium-wrappers/-/libsodium-wrappers-0.7.13.tgz",
"integrity": "sha512-KeAKtlObirLJk/na6jHBFEdTDjDfFS6Vcr0eG2FjiHKn3Nw8axJFfIu0Y9TpwaauRldQBj/pZm/MHtK76r6OWg==",
"dev": true
"node_modules/@types/mdns": {
"version": "0.0.38",
"resolved": "https://registry.npmjs.org/@types/mdns/-/mdns-0.0.38.tgz",
"integrity": "sha512-uiDl+FWeO2JYStfiPsyPpU7bHK3VYETquPo3A8bj6h2+iqDIEfXpaZaLvyGDGL9ilcrGc1vp+ek3Ab+QtDBXPA==",
"dev": true,
"dependencies": {
"@types/node": "*"
}
},
"node_modules/@types/node": {
"version": "18.13.0",
@ -1323,6 +1327,15 @@
"integrity": "sha512-gC3TazRzGoOnoKAhUx+Q0t8S9Tzs74z7m0ipwGpSqQrleP14hKxP4/JUeEQcD3W1/aIpnWl8pHowI7WokuZpXg==",
"dev": true
},
"node_modules/@types/node-forge": {
"version": "1.3.10",
"resolved": "https://registry.npmjs.org/@types/node-forge/-/node-forge-1.3.10.tgz",
"integrity": "sha512-y6PJDYN4xYBxwd22l+OVH35N+1fCYWiuC3aiP2SlXVE6Lo7SS+rSx9r89hLxrP4pn6n1lBGhHJ12pj3F3Mpttw==",
"dev": true,
"dependencies": {
"@types/node": "*"
}
},
"node_modules/@types/responselike": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.0.tgz",
@ -2174,12 +2187,6 @@
"node": ">= 8"
}
},
"node_modules/crypto": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/crypto/-/crypto-1.0.1.tgz",
"integrity": "sha512-VxBKmeNcqQdiUQUW2Tzq0t377b54N2bMtXO/qiLa+6eRRmmC4qT3D4OnTGoT/U6O9aklQ/jTwbOtRMTTY8G0Ig==",
"deprecated": "This package is no longer supported. It's now a built-in Node module. If you've depended on crypto, you should switch to the one that's built-in."
},
"node_modules/debug": {
"version": "4.3.4",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
@ -2970,6 +2977,11 @@
"node": ">=10.19.0"
}
},
"node_modules/https": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/https/-/https-1.0.0.tgz",
"integrity": "sha512-4EC57ddXrkaF0x83Oj8sM6SLQHAWXw90Skqu2M4AEWENZ3F02dFJE/GARA8igO79tcgYqGrD7ae4f5L3um2lgg=="
},
"node_modules/human-signals": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz",
@ -4060,19 +4072,6 @@
"node": ">=6"
}
},
"node_modules/libsodium": {
"version": "0.7.13",
"resolved": "https://registry.npmjs.org/libsodium/-/libsodium-0.7.13.tgz",
"integrity": "sha512-mK8ju0fnrKXXfleL53vtp9xiPq5hKM0zbDQtcxQIsSmxNgSxqCj6R7Hl9PkrNe2j29T4yoDaF7DJLK9/i5iWUw=="
},
"node_modules/libsodium-wrappers": {
"version": "0.7.13",
"resolved": "https://registry.npmjs.org/libsodium-wrappers/-/libsodium-wrappers-0.7.13.tgz",
"integrity": "sha512-kasvDsEi/r1fMzKouIDv7B8I6vNmknXwGiYodErGuESoFTohGSKZplFtVxZqHaoQ217AynyIFgnOVRitpHs0Qw==",
"dependencies": {
"libsodium": "^0.7.13"
}
},
"node_modules/lines-and-columns": {
"version": "1.2.4",
"resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz",
@ -4310,6 +4309,14 @@
"integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==",
"dev": true
},
"node_modules/node-forge": {
"version": "1.3.1",
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz",
"integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==",
"engines": {
"node": ">= 6.13.0"
}
},
"node_modules/node-gyp-build": {
"version": "4.7.1",
"resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.7.1.tgz",
@ -5151,6 +5158,11 @@
"node": ">=8"
}
},
"node_modules/tls": {
"version": "0.0.1",
"resolved": "https://registry.npmjs.org/tls/-/tls-0.0.1.tgz",
"integrity": "sha512-GzHpG+hwupY8VMR6rYsnAhTHqT/97zT45PG8WD5eTT1lq+dFE0nN+1PYpsoBcHJgSmTz5ceK2Cv88IkPmIPOtQ=="
},
"node_modules/tmpl": {
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz",
@ -5367,6 +5379,8 @@
"resolved": "https://registry.npmjs.org/utf-8-validate/-/utf-8-validate-6.0.3.tgz",
"integrity": "sha512-uIuGf9TWQ/y+0Lp+KGZCMuJWc3N9BHA+l/UmHd/oUHwJJDeysyTRxNQVkbzsIWfGFbRe3OcgML/i0mvVRPOyDA==",
"hasInstallScript": true,
"optional": true,
"peer": true,
"dependencies": {
"node-gyp-build": "^4.3.0"
},

7
receivers/electron/package.json
View file

@ -12,6 +12,8 @@
},
"devDependencies": {
"@types/jest": "^29.5.11",
"@types/mdns": "^0.0.38",
"@types/node-forge": "^1.3.10",
"@types/workerpool": "^6.1.1",
"@types/ws": "^8.5.10",
"electron": "^22.2.0",
@ -25,9 +27,10 @@
},
"dependencies": {
"bufferutil": "^4.0.8",
"crypto": "^1.0.1",
"https": "^1.0.0",
"node-forge": "^1.3.1",
"qrcode": "^1.5.3",
"utf-8-validate": "^6.0.3",
"tls": "^0.0.1",
"ws": "^8.14.2"
}
}

38
receivers/electron/src/DiscoveryService.ts
View file

@ -3,7 +3,10 @@ const cp = require('child_process');
const os = require('os');
export class DiscoveryService {
private service: any;
private serviceTcp: any;
private serviceTls: any;
private serviceWs: any;
private serviceWss: any;
private static getComputerName() {
switch (process.platform) {
@ -20,23 +23,42 @@ export class DiscoveryService {
}
start() {
if (this.service) {
if (this.serviceTcp || this.serviceTls || this.serviceWs || this.serviceWss) {
return;
}
const name = `FCast-${DiscoveryService.getComputerName()}`;
console.log("Discovery service started.", name);
this.service = mdns.createAdvertisement(mdns.tcp('_fcast'), 46899, { name: name });
this.service.start();
this.serviceTcp = mdns.createAdvertisement(mdns.tcp('_fcast'), 46899, { name: name });
this.serviceTcp.start();
this.serviceTls = mdns.createAdvertisement(mdns.tcp('_fcast-tls'), 46897, { name: name });
this.serviceTls.start();
this.serviceWs = mdns.createAdvertisement(mdns.tcp('_fcast-ws'), 46898, { name: name });
this.serviceWs.start();
this.serviceWss = mdns.createAdvertisement(mdns.tcp('_fcast-wss'), 46896, { name: name });
this.serviceWss.start();
}
stop() {
if (!this.service) {
return;
if (this.serviceTcp) {
this.serviceTcp.stop();
this.serviceTcp = null;
}
this.service.stop();
this.service = null;
if (this.serviceTls) {
this.serviceTls.stop();
this.serviceTls = null;
}
if (this.serviceWs) {
this.serviceWs.stop();
this.serviceWs = null;
}
if (this.serviceWss) {
this.serviceWss.stop();
this.serviceWss = null;
}
}
}

133
receivers/electron/src/FCastSession.ts
View file

@ -1,7 +1,6 @@
import net = require('net');
import * as crypto from 'crypto';
import { EventEmitter } from 'node:events';
import { DecryptedMessage, EncryptedMessage, KeyExchangeMessage, PlaybackErrorMessage, PlaybackUpdateMessage, PlayMessage, SeekMessage, SetSpeedMessage, SetVolumeMessage, VersionMessage, VolumeUpdateMessage } from './Packets';
import { PlaybackErrorMessage, PlaybackUpdateMessage, PlayMessage, SeekMessage, SetSpeedMessage, SetVolumeMessage, VersionMessage, VolumeUpdateMessage } from './Packets';
import { WebSocket } from 'ws';
enum SessionState {
@ -24,11 +23,8 @@ export enum Opcode {
PlaybackError = 9,
SetSpeed = 10,
Version = 11,
KeyExchange = 12,
Encrypted = 13,
Ping = 14,
Pong = 15,
StartEncryption = 16
Ping = 12,
Pong = 13
};
const LENGTH_BYTES = 4;
@ -42,52 +38,17 @@ export class FCastSession {
writer: (data: Buffer) => void;
state: SessionState;
emitter = new EventEmitter();
encryptionStarted = false;
private aesKey: Buffer;
private dh: crypto.DiffieHellman;
private queuedEncryptedMessages: EncryptedMessage[] = [];
constructor(socket: net.Socket | WebSocket, writer: (data: Buffer) => void) {
this.socket = socket;
this.writer = writer;
this.state = SessionState.WaitingForLength;
this.dh = generateKeyPair();
const keyExchangeMessage = getKeyExchangeMessage(this.dh);
console.log(`Sending KeyExchangeMessage: ${keyExchangeMessage}`);
this.send(Opcode.KeyExchange, keyExchangeMessage);
}
sendVersion(value: VersionMessage) {
this.send(Opcode.Version, value);
}
sendPlaybackError(value: PlaybackErrorMessage) {
this.send(Opcode.PlaybackError, value);
}
sendPlaybackUpdate(value: PlaybackUpdateMessage) {
this.send(Opcode.PlaybackUpdate, value);
}
sendVolumeUpdate(value: VolumeUpdateMessage) {
this.send(Opcode.VolumeUpdate, value);
}
private send(opcode: number, message = null) {
if (this.encryptionStarted && opcode != Opcode.Encrypted && opcode != Opcode.KeyExchange && opcode != Opcode.StartEncryption) {
const decryptedMessage: DecryptedMessage = {
opcode,
message
};
this.send(Opcode.Encrypted, encryptMessage(this.aesKey, decryptedMessage));
return;
}
send(opcode: number, message = null) {
const json = message ? JSON.stringify(message) : null;
console.log(`send (opcode: ${opcode}, body: ${json})`);
let data: Uint8Array;
if (json) {
const utf8Encode = new TextEncoder();
@ -215,35 +176,9 @@ export class FCastSession {
case Opcode.SetSpeed:
this.emitter.emit("setspeed", JSON.parse(body) as SetSpeedMessage);
break;
case Opcode.KeyExchange:
const keyExchangeMessage = JSON.parse(body) as KeyExchangeMessage;
this.aesKey = computeSharedSecret(this.dh, keyExchangeMessage);
this.send(Opcode.StartEncryption);
for (const encryptedMessage of this.queuedEncryptedMessages) {
const decryptedMessage = decryptMessage(this.aesKey, encryptedMessage);
this.handlePacket(decryptedMessage.opcode, decryptedMessage.message);
}
this.queuedEncryptedMessages = [];
break;
case Opcode.Ping:
this.send(Opcode.Pong);
break;
case Opcode.Encrypted:
const encryptedMessage = JSON.parse(body) as EncryptedMessage;
if (this.aesKey) {
const decryptedMessage = decryptMessage(this.aesKey, encryptedMessage);
this.handlePacket(decryptedMessage.opcode, decryptedMessage.message);
} else {
if (this.queuedEncryptedMessages.length === 15) {
this.queuedEncryptedMessages.shift();
}
this.queuedEncryptedMessages.push(encryptedMessage);
}
break;
}
} catch (e) {
console.warn(`Error handling packet from.`, e);
@ -258,52 +193,14 @@ export class FCastSession {
console.log('body', body);
this.handlePacket(opcode, body);
}
}
export function getKeyExchangeMessage(dh: crypto.DiffieHellman): KeyExchangeMessage {
return { version: 1, publicKey: dh.getPublicKey().toString('base64') };
}
export function computeSharedSecret(dh: crypto.DiffieHellman, keyExchangeMessage: KeyExchangeMessage): Buffer {
console.log("private", dh.getPrivateKey().toString('base64'));
const theirPublicKey = Buffer.from(keyExchangeMessage.publicKey, 'base64');
console.log("theirPublicKey", theirPublicKey.toString('base64'));
const secret = dh.computeSecret(theirPublicKey);
console.log("secret", secret.toString('base64'));
const digest = crypto.createHash('sha256').update(secret).digest();
console.log("digest", digest.toString('base64'));
return digest;
}
export function encryptMessage(aesKey: Buffer, decryptedMessage: DecryptedMessage): EncryptedMessage {
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-cbc', aesKey, iv);
let encrypted = cipher.update(JSON.stringify(decryptedMessage), 'utf8', 'base64');
encrypted += cipher.final('base64');
return {
version: 1,
iv: iv.toString('base64'),
blob: encrypted
};
}
export function decryptMessage(aesKey: Buffer, encryptedMessage: EncryptedMessage): DecryptedMessage {
const iv = Buffer.from(encryptedMessage.iv, 'base64');
const decipher = crypto.createDecipheriv('aes-256-cbc', aesKey, iv);
let decrypted = decipher.update(encryptedMessage.blob, 'base64', 'utf8');
decrypted += decipher.final('utf8');
return JSON.parse(decrypted) as DecryptedMessage;
}
export function generateKeyPair() {
const dh = createDiffieHellman();
dh.generateKeys();
return dh;
}
export function createDiffieHellman(): crypto.DiffieHellman {
const p = Buffer.from('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff', 'hex');
const g = Buffer.from('02', 'hex');
return crypto.createDiffieHellman(p, g);
bindEvents(emitter: EventEmitter) {
this.emitter.on("play", (body: PlayMessage) => { emitter.emit("play", body) });
this.emitter.on("pause", () => { emitter.emit("pause") });
this.emitter.on("resume", () => { emitter.emit("resume") });
this.emitter.on("stop", () => { emitter.emit("stop") });
this.emitter.on("seek", (body: SeekMessage) => { emitter.emit("seek", body) });
this.emitter.on("setvolume", (body: SetVolumeMessage) => { emitter.emit("setvolume", body) });
this.emitter.on("setspeed", (body: SetSpeedMessage) => { emitter.emit("setspeed", body) });
}
}

70
receivers/electron/src/Main.ts
View file

@ -6,7 +6,11 @@ import { DiscoveryService } from './DiscoveryService';
import { Updater } from './Updater';
import { WebSocketListenerService } from './WebSocketListenerService';
import * as os from 'os';
import * as sodium from 'libsodium-wrappers';
import { Opcode } from './FCastSession';
import fs = require('fs');
import forge = require('node-forge');
import { TlsListenerService } from './TlsTcpListenerService';
import { WebSocketSecureListenerService } from './WebSocketSecureListenerService';
export default class Main {
static shouldOpenMainWindow = true;
@ -15,8 +19,12 @@ export default class Main {
static application: Electron.App;
static tcpListenerService: TcpListenerService;
static webSocketListenerService: WebSocketListenerService;
static tlsListenerService: TlsListenerService;
static webSocketSecureListenerService: WebSocketSecureListenerService;
static discoveryService: DiscoveryService;
static tray: Tray;
static key: string = null;
static cert: string = null;
private static createTray() {
const icon = (process.platform === 'win32') ? path.join(__dirname, 'app.ico') : path.join(__dirname, 'app.png');
@ -100,8 +108,10 @@ export default class Main {
Main.tcpListenerService = new TcpListenerService();
Main.webSocketListenerService = new WebSocketListenerService();
const listeners = [Main.tcpListenerService, Main.webSocketListenerService];
Main.tlsListenerService = new TlsListenerService(Main.key, Main.cert);
Main.webSocketSecureListenerService = new WebSocketSecureListenerService(Main.key, Main.cert);
const listeners = [Main.tcpListenerService, Main.webSocketListenerService, Main.tlsListenerService, Main.webSocketSecureListenerService];
listeners.forEach(l => {
l.emitter.on("play", (message) => {
if (Main.playerWindow == null) {
@ -142,15 +152,15 @@ export default class Main {
l.start();
ipcMain.on('send-playback-error', (event: IpcMainEvent, value: PlaybackErrorMessage) => {
l.sendPlaybackError(value);
l.send(Opcode.PlaybackError, value);
});
ipcMain.on('send-playback-update', (event: IpcMainEvent, value: PlaybackUpdateMessage) => {
l.sendPlaybackUpdate(value);
l.send(Opcode.PlaybackUpdate, value);
});
ipcMain.on('send-volume-update', (event: IpcMainEvent, value: VolumeUpdateMessage) => {
l.sendVolumeUpdate(value);
l.send(Opcode.VolumeUpdate, value);
});
});
@ -196,12 +206,6 @@ export default class Main {
}
static openMainWindow() {
(async () => {
console.log("waiting for sodium...");
await sodium.ready;
console.log("sodium ready");
})();
if (Main.mainWindow) {
Main.mainWindow.focus();
return;
@ -230,6 +234,50 @@ export default class Main {
}
static main(app: Electron.App) {
if (!fs.existsSync('./cert.pem') || !fs.existsSync('./key.pem')) {
try {
const keys = forge.pki.rsa.generateKeyPair(2048);
const cert = forge.pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date(9999, 11, 31);
cert.sign(keys.privateKey);
const pemCert = forge.pki.certificateToPem(cert);
const pemKey = forge.pki.privateKeyToPem(keys.privateKey);
fs.writeFileSync('./cert.pem', pemCert);
fs.writeFileSync('./key.pem', pemKey);
} catch {
console.error("Failed to generate key pair.");
}
}
try {
Main.key = fs.readFileSync('./key.pem', 'utf8');
Main.cert = fs.readFileSync('./cert.pem', 'utf8');
} catch (e) {
console.error("Failed to load key pair.", e);
dialog.showMessageBox({
type: 'error',
title: 'Failed to initialize crypto',
message: `The application failed to start properly '${JSON.stringify(e)}'.`,
buttons: ['Restart', 'Close'],
defaultId: 0,
cancelId: 1
}).then((p) => {
if (p.response === 0) {
app.relaunch();
app.exit(0);
} else {
app.exit(0);
}
});
return;
}
Main.application = app;
const argv = process.argv;
if (argv.includes('--no-main-window')) {

22
receivers/electron/src/Packets.ts
View file

@ -53,26 +53,4 @@ export class VersionMessage {
constructor(
public version: number,
) {}
}
export class KeyExchangeMessage {
constructor(
public version: number,
public publicKey: string
) {}
}
export class DecryptedMessage {
constructor(
public opcode: number,
public message: string | undefined
) {}
}
export class EncryptedMessage {
constructor(
public version: number,
public iv: string | undefined,
public blob: string
) {}
}

51
receivers/electron/src/TcpListenerService.ts
View file

@ -1,11 +1,12 @@
import net = require('net');
import { FCastSession } from './FCastSession';
import { FCastSession, Opcode } from './FCastSession';
import { EventEmitter } from 'node:events';
import { PlaybackErrorMessage, PlaybackUpdateMessage, PlayMessage, SeekMessage, SetSpeedMessage, SetVolumeMessage, VolumeUpdateMessage } from './Packets';
import { dialog } from 'electron';
import Main from './Main';
export class TcpListenerService {
public static PORT = 46899;
emitter = new EventEmitter();
private server: net.Server;
@ -17,7 +18,7 @@ export class TcpListenerService {
}
this.server = net.createServer()
.listen(46899)
.listen(TcpListenerService.PORT)
.on("connection", this.handleConnection.bind(this))
.on("error", this.handleServerError.bind(this));
}
@ -33,14 +34,10 @@ export class TcpListenerService {
server.close();
}
sendPlaybackError(value: PlaybackErrorMessage) {
console.info("Sending playback error.", value);
send(opcode: number, message = null) {
this.sessions.forEach(session => {
try {
session.sendPlaybackError(value);
session.send(opcode, message);
} catch (e) {
console.warn("Failed to send error.", e);
session.close();
@ -48,32 +45,6 @@ export class TcpListenerService {
});
}
sendPlaybackUpdate(value: PlaybackUpdateMessage) {
console.info("Sending playback update.", value);
this.sessions.forEach(session => {
try {
session.sendPlaybackUpdate(value);
} catch (e) {
console.warn("Failed to send update.", e);
session.close();
}
});
}
sendVolumeUpdate(value: VolumeUpdateMessage) {
console.info("Sending volume update.", value);
this.sessions.forEach(session => {
try {
session.sendVolumeUpdate(value);
} catch (e) {
console.warn("Failed to send update.", e);
session.close();
}
});
}
private async handleServerError(err: NodeJS.ErrnoException) {
console.error("Server error:", err);
@ -98,13 +69,7 @@ export class TcpListenerService {
console.log(`new connection from ${socket.remoteAddress}:${socket.remotePort}`);
const session = new FCastSession(socket, (data) => socket.write(data));
session.emitter.on("play", (body: PlayMessage) => { this.emitter.emit("play", body) });
session.emitter.on("pause", () => { this.emitter.emit("pause") });
session.emitter.on("resume", () => { this.emitter.emit("resume") });
session.emitter.on("stop", () => { this.emitter.emit("stop") });
session.emitter.on("seek", (body: SeekMessage) => { this.emitter.emit("seek", body) });
session.emitter.on("setvolume", (body: SetVolumeMessage) => { this.emitter.emit("setvolume", body) });
session.emitter.on("setspeed", (body: SetSpeedMessage) => { this.emitter.emit("setspeed", body) });
session.bindEvents(this.emitter);
this.sessions.push(session);
socket.on("error", (err) => {
@ -130,7 +95,7 @@ export class TcpListenerService {
try {
console.log('Sending version');
session.sendVersion({version: 2});
session.send(Opcode.Version, {version: 2});
} catch (e) {
console.log('Failed to send version');
}

105
receivers/electron/src/TlsTcpListenerService.ts Normal file
View file

@ -0,0 +1,105 @@
import tls = require('tls');
import { FCastSession, Opcode } from './FCastSession';
import { EventEmitter } from 'node:events';
import { dialog } from 'electron';
import Main from './Main';
export class TlsListenerService {
public static PORT = 46897;
emitter = new EventEmitter();
private server: tls.Server;
private sessions: FCastSession[] = [];
constructor(private key: string, private cert: string) {}
start() {
if (this.server != null) {
return;
}
const options: tls.TlsOptions = {key: this.key, cert: this.cert};
this.server = tls.createServer(options).listen(TlsListenerService.PORT)
.on("secureConnection", this.handleConnection.bind(this))
.on("error", this.handleServerError.bind(this));
}
stop() {
if (this.server == null) {
return;
}
const server = this.server;
this.server = null;
server.close();
}
send(opcode: number, message = null) {
this.sessions.forEach(session => {
try {
session.send(opcode, message);
} catch (e) {
console.warn("Failed to send error.", e);
session.close();
}
});
}
private async handleServerError(err: NodeJS.ErrnoException) {
console.error("Server error:", err);
const restartPrompt = await dialog.showMessageBox({
type: 'error',
title: 'Failed to start',
message: 'The application failed to start properly.',
buttons: ['Restart', 'Close'],
defaultId: 0,
cancelId: 1
});
if (restartPrompt.response === 0) {
Main.application.relaunch();
Main.application.exit(0);
} else {
Main.application.exit(0);
}
}
private handleConnection(socket: tls.TLSSocket) {
console.log(`new secure connection from ${socket.remoteAddress}:${socket.remotePort}`);
const session = new FCastSession(socket, (data) => socket.write(data));
session.bindEvents(this.emitter);
this.sessions.push(session);
socket.on("error", (err) => {
console.warn(`Error from ${socket.remoteAddress}:${socket.remotePort}.`, err);
socket.destroy();
});
socket.on("data", buffer => {
try {
session.processBytes(buffer);
} catch (e) {
console.warn(`Error while handling packet from ${socket.remoteAddress}:${socket.remotePort}.`, e);
socket.end();
}
});
socket.on("close", () => {
const index = this.sessions.indexOf(session);
if (index != -1) {
this.sessions.splice(index, 1);
}
});
try {
console.log('Sending version');
session.send(Opcode.Version, {version: 2});
} catch (e) {
console.log('Failed to send version');
}
}
}

49
receivers/electron/src/WebSocketListenerService.ts
View file

@ -1,11 +1,12 @@
import { FCastSession } from './FCastSession';
import { FCastSession, Opcode } from './FCastSession';
import { EventEmitter } from 'node:events';
import { PlaybackErrorMessage, PlaybackUpdateMessage, PlayMessage, SeekMessage, SetSpeedMessage, SetVolumeMessage, VolumeUpdateMessage } from './Packets';
import { dialog } from 'electron';
import Main from './Main';
import { WebSocket, WebSocketServer } from 'ws';
export class WebSocketListenerService {
public static PORT = 46898;
emitter = new EventEmitter();
private server: WebSocketServer;
@ -16,7 +17,7 @@ export class WebSocketListenerService {
return;
}
this.server = new WebSocketServer({ port: 46898 })
this.server = new WebSocketServer({ port: WebSocketListenerService.PORT })
.on("connection", this.handleConnection.bind(this))
.on("error", this.handleServerError.bind(this));
}
@ -32,12 +33,10 @@ export class WebSocketListenerService {
server.close();
}
sendPlaybackError(value: PlaybackErrorMessage) {
console.info("Sending playback error.", value);
send(opcode: number, message = null) {
this.sessions.forEach(session => {
try {
session.sendPlaybackError(value);
session.send(opcode, message);
} catch (e) {
console.warn("Failed to send error.", e);
session.close();
@ -45,32 +44,6 @@ export class WebSocketListenerService {
});
}
sendPlaybackUpdate(value: PlaybackUpdateMessage) {
console.info("Sending playback update.", value);
this.sessions.forEach(session => {
try {
session.sendPlaybackUpdate(value);
} catch (e) {
console.warn("Failed to send update.", e);
session.close();
}
});
}
sendVolumeUpdate(value: VolumeUpdateMessage) {
console.info("Sending volume update.", value);
this.sessions.forEach(session => {
try {
session.sendVolumeUpdate(value);
} catch (e) {
console.warn("Failed to send update.", e);
session.close();
}
});
}
private async handleServerError(err: NodeJS.ErrnoException) {
console.error("Server error:", err);
@ -95,13 +68,7 @@ export class WebSocketListenerService {
console.log('New WebSocket connection');
const session = new FCastSession(socket, (data) => socket.send(data));
session.emitter.on("play", (body: PlayMessage) => { this.emitter.emit("play", body) });
session.emitter.on("pause", () => { this.emitter.emit("pause") });
session.emitter.on("resume", () => { this.emitter.emit("resume") });
session.emitter.on("stop", () => { this.emitter.emit("stop") });
session.emitter.on("seek", (body: SeekMessage) => { this.emitter.emit("seek", body) });
session.emitter.on("setvolume", (body: SetVolumeMessage) => { this.emitter.emit("setvolume", body) });
session.emitter.on("setspeed", (body: SetSpeedMessage) => { this.emitter.emit("setspeed", body) });
session.bindEvents(this.emitter);
this.sessions.push(session);
socket.on("error", (err) => {
@ -133,7 +100,7 @@ export class WebSocketListenerService {
try {
console.log('Sending version');
session.sendVersion({version: 2});
session.send(Opcode.Version, {version: 2});
} catch (e) {
console.log('Failed to send version');
}

118
receivers/electron/src/WebSocketSecureListenerService.ts Normal file
View file

@ -0,0 +1,118 @@
import { FCastSession, Opcode } from './FCastSession';
import { EventEmitter } from 'node:events';
import { dialog } from 'electron';
import Main from './Main';
import { WebSocket, WebSocketServer } from 'ws';
import * as https from 'https';
export class WebSocketSecureListenerService {
public static PORT = 46896;
emitter = new EventEmitter();
private server: WebSocketServer;
private sessions: FCastSession[] = [];
private httpsServer: https.Server;
constructor(private key: string, private cert: string) {}
start() {
if (this.server != null || this.httpsServer != null) {
return;
}
this.httpsServer = https.createServer({key: this.key, cert: this.cert});
this.httpsServer.listen(WebSocketSecureListenerService.PORT);
this.server = new WebSocketServer({server: this.httpsServer})
.on("connection", this.handleConnection.bind(this))
.on("error", this.handleServerError.bind(this));
}
stop() {
if (this.server != null) {
const server = this.server;
this.server = null;
server.close();
}
if (this.httpsServer != null) {
const httpsServer = this.httpsServer;
this.httpsServer = null;
httpsServer.close();
}
}
send(opcode: number, message = null) {
this.sessions.forEach(session => {
try {
session.send(opcode, message);
} catch (e) {
console.warn("Failed to send error.", e);
session.close();
}
});
}
private async handleServerError(err: NodeJS.ErrnoException) {
console.error("Server error:", err);
const restartPrompt = await dialog.showMessageBox({
type: 'error',
title: 'Failed to start',
message: 'The application failed to start properly.',
buttons: ['Restart', 'Close'],
defaultId: 0,
cancelId: 1
});
if (restartPrompt.response === 0) {
Main.application.relaunch();
Main.application.exit(0);
} else {
Main.application.exit(0);
}
}
private handleConnection(socket: WebSocket) {
console.log('New WebSocketSecure connection');
const session = new FCastSession(socket, (data) => socket.send(data));
session.bindEvents(this.emitter);
this.sessions.push(session);
socket.on("error", (err) => {
console.warn(`Error.`, err);
session.close();
});
socket.on('message', data => {
try {
if (data instanceof Buffer) {
session.processBytes(data);
} else {
console.warn("Received unhandled string message", data);
}
} catch (e) {
console.warn(`Error while handling packet.`, e);
session.close();
}
});
socket.on("close", () => {
console.log('WebSocketSecure connection closed');
const index = this.sessions.indexOf(session);
if (index != -1) {
this.sessions.splice(index, 1);
}
});
try {
console.log('Sending version');
session.send(Opcode.Version, {version: 2});
} catch (e) {
console.log('Failed to send version');
}
}
}

4
receivers/electron/src/main/index.html
View file

@ -22,8 +22,8 @@
<div id="manual-connection-info">Manual connection information</div>
<div>
<div id="ips">IPs</div><br />
<div>Port<br>46899 (TCP), 46898 (WS)</div>
</div>
<div>Port<br>46899 (TCP), 46898 (WS), 46897 (TLS), 46896 (WSS)</div>
</div>
<div id="automatic-discovery">Automatic discovery is available via mDNS</div>
<div id="qr-code"></div>
<div id="scan-to-connect" style="font-weight: bold;">Scan to connect</div>

6
receivers/electron/src/main/renderer.js
View file

@ -22,8 +22,10 @@ window.electronAPI.onDeviceInfo((_event, value) => {
name: value.name,
addresses: value.addresses,
services: [
{ port: 46899, type: 0 },
{ port: 46898, type: 1 }
{ port: 46899, type: 0 }, //TCP
{ port: 46898, type: 1 }, //WS
{ port: 46897, type: 2 }, //TCP-TLS
{ port: 46896, type: 3 } //WSS
]
};

76
receivers/electron/test/EncryptionTests.test.ts
View file

@ -1,76 +0,0 @@
import { EncryptedMessage, DecryptedMessage, KeyExchangeMessage } from '../src/Packets';
import { generateKeyPair, computeSharedSecret, encryptMessage, decryptMessage, createDiffieHellman, Opcode } from '../src/FCastSession';
/*test("testDHEncryptionSelf", () => {
const keyPair1 = generateKeyPair();
const keyPair2 = generateKeyPair();
const aesKey1 = computeSharedSecret(keyPair1, { version:1, publicKey: keyPair2.getPublicKey().toString('base64') });
const aesKey2 = computeSharedSecret(keyPair2, { version:1, publicKey: keyPair1.getPublicKey().toString('base64') });
expect(aesKey1.toString('base64')).toBe(aesKey2.toString('base64'));
const message: DecryptedMessage = { opcode: 1, message: 'text/html' };
const encryptedMessage: EncryptedMessage = encryptMessage(aesKey1, message);
const decryptedMessage: DecryptedMessage = decryptMessage(aesKey1, encryptedMessage);
expect(decryptedMessage.opcode).toBe(message.opcode);
expect(decryptedMessage.message).toBe(message.message);
});*/
test("testDHEncryptionKnown", () => {
const encodedPrivateKey1 = "MIIDJwIBADCCAhgGCSqGSIb3DQEDATCCAgkCggEBAJVHXPXZPllsP80dkCrdAvQn9fPHIQMTu0X7TVuy5f4cvWeM1LvdhMmDa+HzHAd3clrrbC/Di4X0gHb6drzYFGzImm+y9wbdcZiYwgg9yNiW+EBi4snJTRN7BUqNgJatuNUZUjmO7KhSoK8S34Pkdapl1OwMOKlWDVZhGG/5i5/J62Du6LAwN2sja8c746zb10/WHB0kdfowd7jwgEZ4gf9+HKVv7gZteVBq3lHtu1RDpWOSfbxLpSAIZ0YXXIiFkl68ZMYUeQZ3NJaZDLcU7GZzBOJh+u4zs8vfAI4MP6kGUNl9OQnJJ1v0rIb/yz0D5t/IraWTQkLdbTvMoqQGywsCggEAQt67naWz2IzJVuCHh+w/Ogm7pfSLiJp0qvUxdKoPvn48W4/NelO+9WOw6YVgMolgqVF/QBTTMl/Hlivx4Ek3DXbRMUp2E355Lz8NuFnQleSluTICTweezy7wnHl0UrB3DhNQeC7Vfd95SXnc7yPLlvGDBhllxOvJPJxxxWuSWVWnX5TMzxRJrEPVhtC+7kMlGwsihzSdaN4NFEQD8T6AL0FG2ILgV68ZtvYnXGZ2yPoOPKJxOjJX/Rsn0GOfaV40fY0c+ayBmibKmwTLDrm3sDWYjRW7rGUhKlUjnPx+WPrjjXJQq5mR/7yXE0Al/ozgTEOZrZZWm+kaVG9JeGk8egSCAQQCggEAECNvEczf0y6IoX/IwhrPeWZ5IxrHcpwjcdVAuyZQLLlOq0iqnYMFcSD8QjMF8NKObfZZCDQUJlzGzRsG0oXsWiWtmoRvUZ9tQK0j28hDylpbyP00Bt9NlMgeHXkAy54P7Z2v/BPCd3o23kzjgXzYaSRuCFY7zQo1g1IQG8mfjYjdE4jjRVdVrlh8FS8x4OLPeglc+cp2/kuyxaVEfXAG84z/M8019mRSfdczi4z1iidPX6HgDEEWsN42Ud60mNKy5jsQpQYkRdOLmxR3+iQEtGFjdzbVhVCUr7S5EORU9B1MOl5gyPJpjfU3baOqrg6WXVyTvMDaA05YEnAHQNOOfA==";
const keyExchangeMessage2: KeyExchangeMessage = { version: 1, publicKey: "MIIDJTCCAhgGCSqGSIb3DQEDATCCAgkCggEBAJVHXPXZPllsP80dkCrdAvQn9fPHIQMTu0X7TVuy5f4cvWeM1LvdhMmDa+HzHAd3clrrbC/Di4X0gHb6drzYFGzImm+y9wbdcZiYwgg9yNiW+EBi4snJTRN7BUqNgJatuNUZUjmO7KhSoK8S34Pkdapl1OwMOKlWDVZhGG/5i5/J62Du6LAwN2sja8c746zb10/WHB0kdfowd7jwgEZ4gf9+HKVv7gZteVBq3lHtu1RDpWOSfbxLpSAIZ0YXXIiFkl68ZMYUeQZ3NJaZDLcU7GZzBOJh+u4zs8vfAI4MP6kGUNl9OQnJJ1v0rIb/yz0D5t/IraWTQkLdbTvMoqQGywsCggEAQt67naWz2IzJVuCHh+w/Ogm7pfSLiJp0qvUxdKoPvn48W4/NelO+9WOw6YVgMolgqVF/QBTTMl/Hlivx4Ek3DXbRMUp2E355Lz8NuFnQleSluTICTweezy7wnHl0UrB3DhNQeC7Vfd95SXnc7yPLlvGDBhllxOvJPJxxxWuSWVWnX5TMzxRJrEPVhtC+7kMlGwsihzSdaN4NFEQD8T6AL0FG2ILgV68ZtvYnXGZ2yPoOPKJxOjJX/Rsn0GOfaV40fY0c+ayBmibKmwTLDrm3sDWYjRW7rGUhKlUjnPx+WPrjjXJQq5mR/7yXE0Al/ozgTEOZrZZWm+kaVG9JeGk8egOCAQUAAoIBAGlL9EYsrFz3I83NdlwhM241M+M7PA9P5WXgtdvS+pcalIaqN2IYdfzzCUfye7lchVkT9A2Y9eWQYX0OUhmjf8PPKkRkATLXrqO5HTsxV96aYNxMjz5ipQ6CaErTQaPLr3OPoauIMPVVI9zM+WT0KOGp49YMyx+B5rafT066vOVbF/0z1crq0ZXxyYBUv135rwFkIHxBMj5bhRLXKsZ2G5aLAZg0DsVam104mgN/v75f7Spg/n5hO7qxbNgbvSrvQ7Ag/rMk5T3sk7KoM23Qsjl08IZKs2jjx21MiOtyLqGuCW6GOTNK4yEEDF5gA0K13eXGwL5lPS0ilRw+Lrw7cJU=" };
const dh = createDiffieHellman();
dh.setPrivateKey(Buffer.from(encodedPrivateKey1, 'base64'));
const aesKey1 = computeSharedSecret(dh, keyExchangeMessage2);
expect(aesKey1.toString('base64')).toBe("vI5LGE625zGEG350ggkyBsIAXm2y4sNohiPcED1oAEE=");
const message = { opcode: 1, message: 'text/html' };
const serializedBody = JSON.stringify(message);
const encryptedMessage = encryptMessage(aesKey1, message as DecryptedMessage);
const decryptedMessage = decryptMessage(aesKey1, encryptedMessage as EncryptedMessage);
expect(decryptedMessage.opcode).toBe(1);
expect(decryptedMessage.message).toBe(serializedBody);
});
/*test("testAESKeyGeneration", () => {
const testCases = [
{
publicKey: "MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECA4GEAAKBgEnOS0oHteVA+3kND3u4yXe7GGRohy1LkR9Q5tL4c4ylC5n4iSwWSoIhcSIvUMWth6KAhPhu05sMcPY74rFMSS2AGTNCdT/5KilediipuUMdFVvjGqfNMNH1edzW5mquIw3iXKdfQmfY/qxLTI2wccyDj4hHFhLCZL3Y+shsm3KF",
privateKey: "MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECBIGDAoGAeo/ceIeH8Jt1ZRNKX5aTHkMi23GCV1LtcS2O6Tktn9k8DCv7gIoekysQUhMyWtR+MsZlq2mXjr1JFpAyxl89rqoEPU6QDsGe9q8R4O8eBZ2u+48mkUkGSh7xPGRQUBvmhH2yk4hIEA8aK4BcYi1OTsCZtmk7pQq+uaFkKovD/8M=",
expectedAES: "7dpl1/6KQTTooOrFf2VlUOSqgrFHi6IYxapX0IxFfwk="
},
{
publicKey: "MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECA4GEAAKBgGvIlCP/S+xpAuNEHSn4cEDOL1esUf+uMuY2Kp5J10a7HGbwzNd+7eYsgEc4+adddgB7hJgTvjsGg7lXUhHQ7WbfbCGgt7dbkx8qkic6Rgq4f5eRYd1Cgidw4MhZt7mEIOKrHweqnV6B9rypbXjbqauc6nGgtwx+Gvl6iLpVATRK",
privateKey: "MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECBIGDAoGAMXmiIgWyutbaO+f4UiMAb09iVVSCI6Lb6xzNyD2MpUZyk4/JOT04Daj4JeCKFkF1Fq79yKhrnFlXCrF4WFX00xUOXb8BpUUUH35XG5ApvolQQLL6N0om8/MYP4FK/3PUxuZAJz45TUsI/v3u6UqJelVTNL83ltcFbZDIfEVftRA=",
expectedAES: "a2tUSxnXifKohfNocAQHkAlPffDv6ReihJ7OojBGt0Q="
}
];
testCases.forEach(({ publicKey, privateKey, expectedAES }) => {
const theirPublicKey = Buffer.from(publicKey, 'base64');
const dh = createDiffieHellman();
dh.setPrivateKey(Buffer.from(privateKey, 'base64'));
const aesKey = computeSharedSecret(dh, { version: 1, publicKey: theirPublicKey.toString('base64') });
expect(aesKey.toString('base64')).toBe(expectedAES);
});
});*/
/*test("testDecryptMessageKnown", () => {
const encryptedMessage: EncryptedMessage = {
version: 1,
iv: "C4H70VC5FWrNtkty9/cLIA==",
blob: "K6/N7JMyi1PFwKhU0mFj7ZJmd/tPp3NCOMldmQUtDaQ7hSmPoIMI5QNMOj+NFEiP4qTgtYp5QmBPoQum6O88pA=="
};
const aesKeyBase64 = "+hr9Jg8yre7S9WGUohv2AUSzHNQN514JPh6MoFAcFNU=";
const aesKey = Buffer.from(aesKeyBase64, 'base64');
const decryptedMessage = decryptMessage(aesKey, encryptedMessage);
expect(decryptedMessage.opcode).toBe(Opcode.Play);
expect(decryptedMessage.message).toBe("{\"container\":\"text/html\"}");
});*/