From 9b343071030fbe4e4d8927aca8f14e56b5b52339 Mon Sep 17 00:00:00 2001
From: restitux <restitux@ohea.xyz>
Date: Sun, 29 Jun 2025 20:34:13 -0600
Subject: [PATCH] Server now returns paired == 1

---
 gamestream-webtransport-proxy/src/pair.rs | 24 +++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/gamestream-webtransport-proxy/src/pair.rs b/gamestream-webtransport-proxy/src/pair.rs
index 93ed17d..0809bcf 100644
--- a/gamestream-webtransport-proxy/src/pair.rs
+++ b/gamestream-webtransport-proxy/src/pair.rs
@@ -3,6 +3,7 @@ use axum::http::StatusCode;
 use axum::response::{IntoResponse, Response};
 use openssl::hash::MessageDigest;
 use openssl::sha::Sha256;
+use rand::Rng;
 use serde::{Deserialize, Serialize};
 
 use openssl::pkey::{PKey, Private};
@@ -79,7 +80,7 @@ async fn get_url(base_url: &mut url_constructor::UrlConstructor) -> Result<Strin
     let uuidv2_hex = hex::encode(uuidv2);
 
     let url = base_url.param("uuid", uuidv2_hex).build();
-    println!("Getting url: {url}");
+    //println!("Getting url: {url}");
 
     let mut http_builder = reqwest::Client::builder();
     http_builder = http_builder.user_agent("Mozilla/5.0");
@@ -168,6 +169,9 @@ fn generate_challenge_response(
     )?;
     cipher_ctx.cipher_final(&mut client_challenge_response_data)?;
 
+    let client_challenge_response_data_hex = hex::encode(&client_challenge_response_data);
+    //println!("client_challenge_response_data_hex: {client_challenge_response_data_hex}");
+
     // Extract ASN.1 signature from certificate
     let asn_signature = cert.signature();
     let signature_data = asn_signature.as_slice();
@@ -176,9 +180,13 @@ fn generate_challenge_response(
     let mut challenge_response =
         Vec::with_capacity(16 + signature_data.len() + client_secret_data.len());
     challenge_response.extend_from_slice(&client_challenge_response_data[32..32 + 16]);
+    //challenge_response.extend_from_slice(&client_challenge_response_data[0..16]);
     challenge_response.extend_from_slice(signature_data);
     challenge_response.extend_from_slice(client_secret_data);
 
+    let challenge_response_hex = hex::encode(&challenge_response);
+    //println!("challenge_response_hex: {challenge_response_hex}");
+
     let mut hasher = Sha256::new();
     hasher.update(&challenge_response);
     let challenge_response_hash = hasher.finish().to_vec();
@@ -228,9 +236,11 @@ async fn do_challenge(
     cert: &X509,
 ) -> Result<ServerPairingSecret> {
     let aes_key = generate_aes_key(salt, pin).await;
+    let aes_hex = hex::encode(&aes_key);
+    //println!("aes_hex: {aes_hex}");
 
     let client_challenge_response = get_server_challenge(base_url.clone(), &aes_key).await?;
-    println!("{client_challenge_response:?}");
+    //println!("{client_challenge_response:?}");
 
     let challenge_response = generate_challenge_response(
         client_challenge_response.challengeresponse,
@@ -274,10 +284,8 @@ pub async fn generate_pin() -> [u8; 4] {
         // TODO: reenable real RNG
         let mut rng = rand::rng();
         for i in 0..pin.len() {
-            pin[i] = 5;
-            //TODO: reenable random pin
-            // pin[i] = rng.random_range(0..10);
-            print!("{}", pin[i]);
+            pin[i] = rng.random_range(48..58); // Generate ascii number 0-9
+            print!("{}", pin[i] as char);
         }
         // Print as a four-digit, zero-padded integer
         println!("");
@@ -388,7 +396,7 @@ pub async fn get_pair(Path((host, port)): Path<(String, u16)>) -> Response {
             return StatusCode::INTERNAL_SERVER_ERROR.into_response();
         }
     };
-    println!("{server_cert:?}");
+    //println!("{server_cert:?}");
 
     // Do the challenge response process
     // This returns the pairing secret
@@ -400,7 +408,7 @@ pub async fn get_pair(Path((host, port)): Path<(String, u16)>) -> Response {
                 return StatusCode::INTERNAL_SERVER_ERROR.into_response();
             }
         };
-    println!("{server_pairing_secret:?}");
+    //println!("{server_pairing_secret:?}");
 
     // Verify the pairing_secret signature
     if let Err(e) = verify_signature(