cagnulein · cagnulein · Feb 5, 2024 · Feb 5, 2024 · Feb 5, 2024 · Feb 5, 2024
diff --git a/.gitmodules b/.gitmodules
@@ -20,3 +20,6 @@
 	path = zwiftplay
 	url = https://github.com/cagnulein/zwiftplay.git
 	branch = lib
+[submodule "src/ios/CryptoSwift"]
+	path = src/ios/CryptoSwift
+	url = https://github.com/krzyzanowskim/CryptoSwift.git
diff --git a/build-qdomyos-zwift-Qt_5_15_2_for_iOS-Debug/qdomyoszwift.xcodeproj/project.pbxproj b/build-qdomyos-zwift-Qt_5_15_2_for_iOS-Debug/qdomyoszwift.xcodeproj/project.pbxproj
diff --git a/src/ios/CryptoSwift b/src/ios/CryptoSwift
diff --git a/src/ios/lockscreen.h b/src/ios/lockscreen.h
@@ -74,6 +74,10 @@ class lockscreen {
     int zwift_api_getdistance();
     float zwift_api_getlatitude();
     float zwift_api_getlongitude();
+
+    // Zwift ZAP Device
+    const char* zapDevice_buildHandshakeStart();
+    int zapDevice_processCharacteristic(const char* data, int len);
 };
 
 #endif // LOCKSCREEN_H
diff --git a/src/ios/lockscreen.mm b/src/ios/lockscreen.mm
@@ -31,6 +31,8 @@
 
 static zwift_protobuf_layer* zwiftProtobufLayer = nil;
 
+static ZwiftPlayDevice *zapDevice = nil;
+
 void lockscreen::setTimerDisabled() {
      [[UIApplication sharedApplication] setIdleTimerDisabled: YES];
 }
@@ -47,6 +49,11 @@
     if (@available(iOS 17, *)) {
         _adb = [[AdbClient alloc] initWithVerbose:YES];
     }
+
+    if (@available(iOS 14, *)) {
+        zapDevice = [[ZwiftPlayDevice alloc] init];
+    }
+
 }
 
 long lockscreen::heartRate()
@@ -322,4 +329,19 @@
 float lockscreen::zwift_api_getlongitude() {
     return [zwiftProtobufLayer getLongitude];
 }
+
+const char* lockscreen::zapDevice_buildHandshakeStart() {
+    if(zapDevice) {
+        return (const char*)[[zapDevice buildHandshakeStart] bytes];
+    }
+    return nil;
+}
+
+int lockscreen::zapDevice_processCharacteristic(const char* data, int len) {
+    if(zapDevice) {
+        NSData *d = [NSData dataWithBytes:data length:len];
+        return [zapDevice processEncryptedDataWithBytes:d];
+    }
+    return 0;
+}
 #endif
diff --git a/src/ios/zwift_play/abstractZapDevice.swift b/src/ios/zwift_play/abstractZapDevice.swift
@@ -0,0 +1,63 @@
+import Foundation
+import os.log
+
+// Assuming Logger and extensions for Data to convert to hex string and to check prefix are defined elsewhere in your Swift project.
+extension Data {
+    func toHexString() -> String {
+        self.map { String(format: "%02x", $0) }.joined()
+    }
+
+    func starts(with prefix: Data) -> Bool {
+        self.prefix(prefix.count) == prefix
+    }
+}
+
+@available(iOS 14.0, *)
+@objc class AbstractZapDevice: NSObject {
+    private static let logRaw = true
+
+    private var devicePublicKeyBytes: Data?
+    private let localKeyProvider = LocalKeyProvider()
+    open var zapEncryption: ZapCrypto
+
+    override init() {
+        self.zapEncryption = ZapCrypto(localKeyProvider: localKeyProvider)
+    }
+
+    @objc func processCharacteristic(characteristicName: String, bytes: Data?) -> Int {
+        guard let bytes = bytes else { return 0 }
+
+        if Self.logRaw {
+            os_log("%{public}@ %{public}@", log: OSLog.default, type: .debug, characteristicName, bytes.toHexString())
+        }
+
+        if bytes.starts(with: ZapConstants.rideOn + ZapConstants.responseStart) {
+            processDevicePublicKeyResponse(bytes: bytes)
+        } else if bytes.count > MemoryLayout<Int>.size + EncryptionUtils.macLength {
+            return processEncryptedData(bytes: bytes)
+        } else {
+            // Logger equivalent in Swift
+            os_log("Unprocessed - Data Type: %{public}@", log: OSLog.default, type: .error, bytes.toHexString())
+        }
+        return 0
+    }
+
+    @objc func buildHandshakeStart() -> Data {
+        return ZapConstants.rideOn + ZapConstants.requestStart + localKeyProvider.getPublicKeyBytes()
+    }
+
+    private func processDevicePublicKeyResponse(bytes: Data) {
+        let startIndex = ZapConstants.rideOn.count + ZapConstants.responseStart.count
+        devicePublicKeyBytes = bytes.subdata(in: startIndex..<bytes.count)
+        zapEncryption.initialise(devicePublicKeyBytes: devicePublicKeyBytes!)
+        if Self.logRaw {
+            // Logger equivalent in Swift
+            os_log("Device Public Key - %{public}@", log: OSLog.default, type: .debug, devicePublicKeyBytes!.toHexString())
+        }
+    }
+
+    // Abstract method placeholder - Swift doesn't support abstract classes/methods directly, so this method should be overridden in subclass.
+    func processEncryptedData(bytes: Data) -> Int {
+        fatalError("This method should be overridden by subclasses")
+    }
+}
diff --git a/src/ios/zwift_play/encryptionUtils.swift b/src/ios/zwift_play/encryptionUtils.swift
@@ -0,0 +1,42 @@
+import Foundation
+import CryptoSwift
+import CryptoKit
+
+@available(iOS 14.0, *)
+struct EncryptionUtils {
+    static let keyLength = 32
+    static let hkdfLength = 36
+    static let macLength = 4
+
+    // Converti una chiave pubblica EC in array di byte
+    static func publicKeyToByteArray(publicKey: P256.KeyAgreement.PublicKey) -> Data {
+        // Assumendo che `publicKey` sia una rappresentazione simile di CryptoKit's P256,
+        // la conversione diretta alla rappresentazione di byte è già disponibile
+        return publicKey.rawRepresentation
+    }
+
+    // Genera una chiave pubblica EC dai byte ricevuti
+    static func generatePublicKey(publicKeyBytes: Data) throws -> P256.KeyAgreement.PublicKey {
+        // Assumendo l'uso di CryptoKit per la generazione della chiave pubblica
+        return try P256.KeyAgreement.PublicKey(x963Representation: publicKeyBytes)
+    }
+
+    // Genera byte di segreto condiviso
+    static func generateSharedSecretBytes(privateKey: P256.KeyAgreement.PrivateKey, publicKey: P256.KeyAgreement.PublicKey) -> Data {
+        let sharedSecret = try! privateKey.sharedSecretFromKeyAgreement(with: publicKey)
+        // Direttamente in formato Data
+        return sharedSecret.withUnsafeBytes { Data($0) }
+    }
+
+    // Genera byte usando HKDF
+    static func generateHKDFBytes(secretKey: Data, salt: Data, info: Data = Data(), outputByteCount: Int) -> Data? {
+        do {
+            let hkdf = try HKDF(password: secretKey.bytes, salt: salt.bytes, info: info.bytes, keyLength: outputByteCount, variant: .sha256)
+            let derivedKey = try hkdf.calculate()
+            return Data(derivedKey)
+        } catch {
+            print("Errore durante la derivazione HKDF: \(error)")
+            return nil
+        }
+    }
+}
diff --git a/src/ios/zwift_play/localKeyProvider.swift b/src/ios/zwift_play/localKeyProvider.swift
@@ -0,0 +1,36 @@
+import Foundation
+import CryptoKit
+
+@available(iOS 14.0, *)
+class LocalKeyProvider {
+    private var keyPair: P256.KeyAgreement.PrivateKey?
+
+    init() {
+        generateKeyPair()
+    }
+
+    func getPublicKeyBytes() -> Data {
+        guard let publicKey = keyPair?.publicKey else {
+            fatalError("Key pair not initialized correctly.")
+        }
+        return publicKey.rawRepresentation
+    }
+
+    func getPublicKey() -> P256.KeyAgreement.PublicKey {
+        guard let publicKey = keyPair?.publicKey else {
+            fatalError("Key pair not initialized correctly.")
+        }
+        return publicKey
+    }
+
+    func getPrivateKey() -> P256.KeyAgreement.PrivateKey {
+        guard let keyPair = keyPair else {
+            fatalError("Key pair not initialized correctly.")
+        }
+        return keyPair
+    }
+
+    private func generateKeyPair() {
+        keyPair = P256.KeyAgreement.PrivateKey()
+    }
+}
diff --git a/src/ios/zwift_play/zapBleUuids.swift b/src/ios/zwift_play/zapBleUuids.swift
@@ -0,0 +1,14 @@
+import Foundation
+import CoreBluetooth
+
+enum ZapBleUuids {
+    // ZAP Service - Zwift Accessory Protocol
+    static let zwiftCustomServiceUUID = CBUUID(string: "00000001-19CA-4651-86E5-FA29DCDD09D1")
+    static let zwiftAsyncCharacteristicUUID = CBUUID(string: "00000002-19CA-4651-86E5-FA29DCDD09D1")
+    static let zwiftSyncRxCharacteristicUUID = CBUUID(string: "00000003-19CA-4651-86E5-FA29DCDD09D1")
+    static let zwiftSyncTxCharacteristicUUID = CBUUID(string: "00000004-19CA-4651-86E5-FA29DCDD09D1")
+    // This doesn't appear in the real hardware but is found in the companion app code.
+    // static let zwiftDebugCharacteristicUUID = CBUUID(string: "00000005-19CA-4651-86E5-FA29DCDD09D1")
+    // I have not seen this characteristic used. Guess it could be for Device Firmware Update (DFU)? it is a chip from Nordic.
+    static let zwiftUnknown6CharacteristicUUID = CBUUID(string: "00000006-19CA-4651-86E5-FA29DCDD09D1")
+}
diff --git a/src/ios/zwift_play/zapConstants.swift b/src/ios/zwift_play/zapConstants.swift
@@ -0,0 +1,20 @@
+import Foundation
+
+enum ZapConstants {
+    static let zwiftManufacturerId = 2378 // Zwift, Inc
+    static let rc1LeftSide: UInt8 = 3
+    static let rc1RightSide: UInt8 = 2
+    static let zwiftClick: UInt8 = 9
+
+    static let rideOn = Data([82, 105, 100, 101, 79, 110])
+
+    // these don't actually seem to matter, its just the header has to be 7 bytes RIDEON + 2
+    static let requestStart = Data([0, 9]) //Data([1, 2])
+    static let responseStart = Data([1, 3]) // from device
+
+    // Message types received from device
+    static let controllerNotificationMessageType: UInt8 = 7
+    static let emptyMessageType: UInt8 = 21
+    static let batteryLevelType: UInt8 = 25
+    static let clickType: UInt8 = 55
+}
diff --git a/src/ios/zwift_play/zapCrypto.swift b/src/ios/zwift_play/zapCrypto.swift
@@ -0,0 +1,91 @@
+import Foundation
+import CryptoKit
+
+@available(iOS 14.0, *)
+class ZapCrypto {
+    private let localKeyProvider: LocalKeyProvider
+    private var encryptionKeyBytes: Data?
+    private var ivBytes: Data?
+    private var counter: Int = 0
+
+    init(localKeyProvider: LocalKeyProvider) {
+        self.localKeyProvider = localKeyProvider
+    }
+
+    func initialise(devicePublicKeyBytes: Data) {
+        let hkdfBytes: Data = generateHmacKeyDerivationFunctionBytes(devicePublicKeyBytes: devicePublicKeyBytes)
+        self.encryptionKeyBytes = hkdfBytes.subdata(in: 0..<EncryptionUtils.keyLength)
+        self.ivBytes = hkdfBytes.subdata(in: 32..<EncryptionUtils.hkdfLength)
+    }
+
+    func encrypt(data: Data) -> Data? {
+        guard let encryptionKeyBytes = encryptionKeyBytes, let ivBytes = ivBytes else {
+            assertionFailure("Not initialised")
+            return nil
+        }
+
+        let counterValue = counter
+        self.counter += 1
+
+        let nonceBytes: Data = createNonce(iv: ivBytes, messageCounter: counterValue)
+        return encryptDecrypt(encrypt: true, nonceBytes: nonceBytes, data: data)?.prependCounter(counterValue)
+    }
+
+    func decrypt(counterArray: Data, payload: Data) -> Data? {
+        guard let ivBytes = ivBytes else {
+            assertionFailure("Not initialised")
+            return nil
+        }
+
+        let nonceBytes: Data = ivBytes + counterArray
+        return encryptDecrypt(encrypt: false, nonceBytes: nonceBytes, data: payload)
+    }
+
+    private func encryptDecrypt(encrypt: Bool, nonceBytes: Data, data: Data) -> Data? {
+        let encryptionKey = SymmetricKey(data: encryptionKeyBytes!)
+
+        let sealedBox: AES.GCM.SealedBox
+        do {
+            if encrypt {
+                sealedBox = try AES.GCM.seal(data, using: encryptionKey, nonce: AES.GCM.Nonce(data: nonceBytes))
+            } else {
+                sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: nonceBytes), ciphertext: data, tag: Data())
+                return try AES.GCM.open(sealedBox, using: encryptionKey)
+            }
+            return sealedBox.ciphertext + sealedBox.tag
+        } catch {
+            print(error)
+            return nil
+        }
+    }
+
+    private func generateHmacKeyDerivationFunctionBytes(devicePublicKeyBytes: Data) -> Data {
+        do {
+            let serverPublicKey = try EncryptionUtils.generatePublicKey(publicKeyBytes: devicePublicKeyBytes)
+            let sharedSecretBytes = EncryptionUtils.generateSharedSecretBytes(privateKey: localKeyProvider.getPrivateKey(), publicKey: serverPublicKey)
+            let salt = EncryptionUtils.publicKeyToByteArray(publicKey: serverPublicKey) + localKeyProvider.getPublicKeyBytes()
+            return EncryptionUtils.generateHKDFBytes(secretKey: sharedSecretBytes, salt: salt, outputByteCount: EncryptionUtils.hkdfLength) ?? Data()
+        } catch {
+            print(error)
+            return Data()
+        }
+    }
+
+    private func createNonce(iv: Data, messageCounter: Int) -> Data {
+        return iv + createCounterBytes(messageCounter: messageCounter)
+    }
+
+    private func createCounterBytes(messageCounter: Int) -> Data {
+        var counterValue = messageCounter.bigEndian
+        return Data(bytes: &counterValue, count: MemoryLayout.size(ofValue: counterValue))
+    }
+}
+
+extension Data {
+    func prependCounter(_ counter: Int) -> Data {
+        var counterValue = counter.bigEndian
+        var data = Data(bytes: &counterValue, count: MemoryLayout.size(ofValue: counterValue))
+        data.append(contentsOf: self)
+        return data
+    }
+}