github-mirrors/librespot
1
0
Fork 0
mirror of https://github.com/librespot-org/librespot.git synced 2024-09-19 16:08:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Describe Zeroconf authentication.

Browse source
This commit is contained in:
Paul Lietar 2016-01-02 14:45:55 +01:00
parent 2c2ff16986
commit efef614731
1 changed files with 43 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
docs/authentication.md
View file

@ -2,10 +2,50 @@
Once the connection is setup, the client can authenticate with the AP. For this, it sends an
`ClientResponseEncrypted` message, using packet type `0xab`.
A few different authentication methods are available, athough only one has really been tried, the
traditional user / password based authentication.
A few different authentication methods are available. They are described below.
The AP will then reply with either a `APWelcome` message using packet type `0xac` if authentication
is successful, or an `APLoginFailed` with packet type `0xad` otherwise.
TODO: investigate other authentication methods (Zeroconf, facebook, stored credentials)
## Password based Authentication
Password authentication is trivial.
The `ClientResponseEncrypted` message's `LoginCredentials` is simply filled with the username
and setting the password as the `auth_data`, and type `AUTHENTICATION_USER_PASS`.
## Zeroconf based Authentication
Rather than relying on the user entering a username and password, devices can use zeroconf based
authentication. This is especially useful for headless Spotify Connect devices.
In this case, an already authenticated device, a phone or computer for example, discovers Spotify
Connect receivers on the local network using Zeroconf. The receiver exposes an HTTP server with
service type `_spotify-connect._tcp`,
Two actions on the HTTP server are exposed, `getInfo` and `addUser`.
The former returns information about the receiver, including its DH public key, in JSON format.
The latter is used to send the username, the controller's DH public key, as well as the encrypted
blob used to authenticate with Spotify's servers.
The blob is decrypted using the following algorithm.
```
IV = encrypted_blob[:0x10]
expected_mac = encrypted_blob[-0x14:]
encrypted = encrypted_blob[0x10:-0x14]
base_key = SHA1(shared_secret)
checksum_key = HMAC-SHA1(base_key, "checksum")
encryption_key = HMAC-SHA1(base_key, "encryption")[:0x10]
mac = HMAC-SHA1(checksum_key, encrypted)
assert mac == expected_mac
blob = AES128-CTR-DECRYPT(encryption_key, IV, encrypted)
```
The blob is then used as described in the next section.
## Blob based Authentication
TODO
## Facebook based Authentication
TODO