ESPHome 2026.5.0-dev
Loading...
Searching...
No Matches
api_frame_helper_noise.cpp
Go to the documentation of this file.
1#include "api_frame_helper_noise.h"
2#ifdef USE_API
3#ifdef USE_API_NOISE
4#include "api_connection.h" // For ClientInfo struct
5#include "esphome/core/application.h"
6#include "esphome/core/entity_base.h"
7#include "esphome/core/hal.h"
8#include "esphome/core/helpers.h"
9#include "esphome/core/log.h"
10#include "proto.h"
11#include <cstring>
12#include <cinttypes>
13
14#ifdef USE_ESP8266
15#include <pgmspace.h>
16#endif
17
18namespace esphome::api {
19
20static const char *const TAG = "api.noise";
21#ifdef USE_ESP8266
22static constexpr char PROLOGUE_INIT[] PROGMEM = "NoiseAPIInit";
23#else
24static const char *const PROLOGUE_INIT = "NoiseAPIInit";
25#endif
26static constexpr size_t PROLOGUE_INIT_LEN = 12; // strlen("NoiseAPIInit")
27
28// Maximum bytes to log in hex format (168 * 3 = 504, under TX buffer size of 512)
29static constexpr size_t API_MAX_LOG_BYTES = 168;
30
31#if ESPHOME_LOG_LEVEL >= ESPHOME_LOG_LEVEL_VERY_VERBOSE
32#define HELPER_LOG(msg, ...) \
33 do { \
34 char peername_buf[socket::SOCKADDR_STR_LEN]; \
35 this->get_peername_to(peername_buf); \
36 ESP_LOGVV(TAG, "%s (%s): " msg, this->client_name_, peername_buf, ##__VA_ARGS__); \
37 } while (0)
38#else
39#define HELPER_LOG(msg, ...) ((void) 0)
40#endif
41
42#ifdef HELPER_LOG_PACKETS
43#define LOG_PACKET_RECEIVED(buffer) \
44 do { \
45 char hex_buf_[format_hex_pretty_size(API_MAX_LOG_BYTES)]; \
46 ESP_LOGVV(TAG, "Received frame: %s", \
47 format_hex_pretty_to(hex_buf_, (buffer).data(), \
48 (buffer).size() < API_MAX_LOG_BYTES ? (buffer).size() : API_MAX_LOG_BYTES)); \
49 } while (0)
50#else
51#define LOG_PACKET_RECEIVED(buffer) ((void) 0)
52#endif
53
55const LogString *noise_err_to_logstr(int err) {
56 if (err == NOISE_ERROR_NO_MEMORY)
57 return LOG_STR("NO_MEMORY");
58 if (err == NOISE_ERROR_UNKNOWN_ID)
59 return LOG_STR("UNKNOWN_ID");
60 if (err == NOISE_ERROR_UNKNOWN_NAME)
61 return LOG_STR("UNKNOWN_NAME");
62 if (err == NOISE_ERROR_MAC_FAILURE)
63 return LOG_STR("MAC_FAILURE");
64 if (err == NOISE_ERROR_NOT_APPLICABLE)
65 return LOG_STR("NOT_APPLICABLE");
66 if (err == NOISE_ERROR_SYSTEM)
67 return LOG_STR("SYSTEM");
68 if (err == NOISE_ERROR_REMOTE_KEY_REQUIRED)
69 return LOG_STR("REMOTE_KEY_REQUIRED");
70 if (err == NOISE_ERROR_LOCAL_KEY_REQUIRED)
71 return LOG_STR("LOCAL_KEY_REQUIRED");
72 if (err == NOISE_ERROR_PSK_REQUIRED)
73 return LOG_STR("PSK_REQUIRED");
74 if (err == NOISE_ERROR_INVALID_LENGTH)
75 return LOG_STR("INVALID_LENGTH");
76 if (err == NOISE_ERROR_INVALID_PARAM)
77 return LOG_STR("INVALID_PARAM");
78 if (err == NOISE_ERROR_INVALID_STATE)
79 return LOG_STR("INVALID_STATE");
80 if (err == NOISE_ERROR_INVALID_NONCE)
81 return LOG_STR("INVALID_NONCE");
82 if (err == NOISE_ERROR_INVALID_PRIVATE_KEY)
83 return LOG_STR("INVALID_PRIVATE_KEY");
84 if (err == NOISE_ERROR_INVALID_PUBLIC_KEY)
85 return LOG_STR("INVALID_PUBLIC_KEY");
86 if (err == NOISE_ERROR_INVALID_FORMAT)
87 return LOG_STR("INVALID_FORMAT");
88 if (err == NOISE_ERROR_INVALID_SIGNATURE)
89 return LOG_STR("INVALID_SIGNATURE");
90 return LOG_STR("UNKNOWN");
91}
92
94APIError APINoiseFrameHelper::init() {
95 APIError err = init_common_();
96 if (err != APIError::OK) {
97 return err;
98 }
99
100 // init prologue
101 size_t old_size = prologue_.size();
102 prologue_.resize(old_size + PROLOGUE_INIT_LEN);
103#ifdef USE_ESP8266
104 memcpy_P(prologue_.data() + old_size, PROLOGUE_INIT, PROLOGUE_INIT_LEN);
105#else
106 std::memcpy(prologue_.data() + old_size, PROLOGUE_INIT, PROLOGUE_INIT_LEN);
107#endif
108
109 state_ = State::CLIENT_HELLO;
110 return APIError::OK;
111}
112// Helper for handling handshake frame errors
113APIError APINoiseFrameHelper::handle_handshake_frame_error_(APIError aerr) {
114 if (aerr == APIError::BAD_INDICATOR) {
115 send_explicit_handshake_reject_(LOG_STR("Bad indicator byte"));
116 } else if (aerr == APIError::BAD_HANDSHAKE_PACKET_LEN) {
117 send_explicit_handshake_reject_(LOG_STR("Bad handshake packet len"));
118 }
119 return aerr;
120}
121
122// Helper for handling noise library errors
123APIError APINoiseFrameHelper::handle_noise_error_(int err, const LogString *func_name, APIError api_err) {
124 if (err != 0) {
125 state_ = State::FAILED;
126 HELPER_LOG("%s failed: %s", LOG_STR_ARG(func_name), LOG_STR_ARG(noise_err_to_logstr(err)));
127 return api_err;
128 }
129 return APIError::OK;
130}
131
133APIError APINoiseFrameHelper::loop() {
134 // Cache ready() outside the loop. On ESP8266 LWIP raw TCP, ready() returns false once
135 // the rx buffer is consumed. Re-checking each iteration would block handshake writes
136 // that must follow reads, deadlocking the handshake. state_action() will return
137 // WOULD_BLOCK when no more data is available to read.
138 bool socket_ready = this->socket_->ready();
139 while (state_ != State::DATA && socket_ready) {
140 APIError err = state_action_();
141 if (err == APIError::WOULD_BLOCK) {
142 break;
143 }
144 if (err != APIError::OK) {
145 return err;
146 }
147 }
148
149 if (!this->overflow_buf_.empty()) [[unlikely]] {
150 return this->drain_overflow_and_handle_errors_();
151 }
152 return APIError::OK;
153}
154
164APIError APINoiseFrameHelper::try_read_frame_() {
165 // read header
166 if (rx_header_buf_len_ < 3) {
167 // no header information yet
168 uint8_t to_read = 3 - rx_header_buf_len_;
169 ssize_t received = this->socket_->read(&rx_header_buf_[rx_header_buf_len_], to_read);
170 APIError err = handle_socket_read_result_(received);
171 if (err != APIError::OK) {
172 return err;
173 }
174 rx_header_buf_len_ += static_cast<uint8_t>(received);
175 if (static_cast<uint8_t>(received) != to_read) {
176 // not a full read
177 return APIError::WOULD_BLOCK;
178 }
179
180 if (rx_header_buf_[0] != 0x01) {
181 state_ = State::FAILED;
182 HELPER_LOG("Bad indicator byte %u", rx_header_buf_[0]);
183 return APIError::BAD_INDICATOR;
184 }
185 // header reading done
186 }
187
188 // read body
189 uint16_t msg_size = (((uint16_t) rx_header_buf_[1]) << 8) | rx_header_buf_[2];
190
191 // Check against size limits to prevent OOM: MAX_HANDSHAKE_SIZE for handshake, MAX_MESSAGE_SIZE for data
192 bool is_data = (state_ == State::DATA);
193 uint16_t limit = is_data ? MAX_MESSAGE_SIZE : MAX_HANDSHAKE_SIZE;
194 if (msg_size > limit) {
195 state_ = State::FAILED;
196 HELPER_LOG("Bad packet: message size %u exceeds maximum %u", msg_size, limit);
197 return is_data ? APIError::BAD_DATA_PACKET : APIError::BAD_HANDSHAKE_PACKET_LEN;
198 }
199
200 // Reserve space for body (+ null terminator in DATA state so protobuf
201 // StringRef fields can be safely null-terminated in-place after decode.
202 // During handshake, rx_buf_.size() is used in prologue construction, so
203 // the buffer must be exactly msg_size to avoid prologue mismatch.)
204 uint16_t alloc_size = msg_size + (is_data ? RX_BUF_NULL_TERMINATOR : 0);
205 this->rx_buf_.resize(alloc_size);
206
207 if (rx_buf_len_ < msg_size) {
208 // more data to read
209 uint16_t to_read = msg_size - rx_buf_len_;
210 ssize_t received = this->socket_->read(&rx_buf_[rx_buf_len_], to_read);
211 APIError err = handle_socket_read_result_(received);
212 if (err != APIError::OK) {
213 return err;
214 }
215 rx_buf_len_ += static_cast<uint16_t>(received);
216 if (static_cast<uint16_t>(received) != to_read) {
217 // not all read
218 return APIError::WOULD_BLOCK;
219 }
220 }
221
222 LOG_PACKET_RECEIVED(this->rx_buf_);
223
224 // Clear state for next frame (rx_buf_ still contains data for caller)
225 this->rx_buf_len_ = 0;
226 this->rx_header_buf_len_ = 0;
227
228 return APIError::OK;
229}
230
240// Split into per-state methods so the compiler doesn't allocate stack space
241// for all branches simultaneously. On RP2040 the core0 stack lives in a 4KB
242// scratch RAM bank; the Noise crypto path (curve25519) needs ~2KB+ of stack,
243// so every byte saved in the caller matters.
244APIError APINoiseFrameHelper::state_action_() {
245 switch (this->state_) {
246 case State::INITIALIZE:
247 HELPER_LOG("Bad state for method: %d", (int) this->state_);
248 return APIError::BAD_STATE;
249 case State::CLIENT_HELLO:
250 return this->state_action_client_hello_();
251 case State::SERVER_HELLO:
252 return this->state_action_server_hello_();
253 case State::HANDSHAKE:
254 return this->state_action_handshake_();
255 case State::CLOSED:
256 case State::FAILED:
257 return APIError::BAD_STATE;
258 default:
259 return APIError::OK;
260 }
261}
262APIError APINoiseFrameHelper::state_action_client_hello_() {
263 // waiting for client hello
264 APIError aerr = this->try_read_frame_();
265 if (aerr != APIError::OK) {
266 return handle_handshake_frame_error_(aerr);
267 }
268 // ignore contents, may be used in future for flags
269 // Resize for: existing prologue + 2 size bytes + frame data
270 size_t old_size = this->prologue_.size();
271 size_t rx_size = this->rx_buf_.size();
272 this->prologue_.resize(old_size + 2 + rx_size);
273 this->prologue_[old_size] = (uint8_t) (rx_size >> 8);
274 this->prologue_[old_size + 1] = (uint8_t) rx_size;
275 if (rx_size > 0) {
276 std::memcpy(this->prologue_.data() + old_size + 2, this->rx_buf_.data(), rx_size);
277 }
278
279 state_ = State::SERVER_HELLO;
280 return APIError::OK;
281}
282APIError APINoiseFrameHelper::state_action_server_hello_() {
283 // send server hello
284 const auto &name = App.get_name();
285 char mac[MAC_ADDRESS_BUFFER_SIZE];
286 get_mac_address_into_buffer(mac);
287
288 // Calculate positions and sizes
289 size_t name_len = name.size() + 1; // including null terminator
290 size_t name_offset = 1;
291 size_t mac_offset = name_offset + name_len;
292 size_t total_size = 1 + name_len + MAC_ADDRESS_BUFFER_SIZE;
293
294 // 1 (proto) + name (max ESPHOME_DEVICE_NAME_MAX_LEN) + 1 (name null)
295 // + mac (MAC_ADDRESS_BUFFER_SIZE - 1) + 1 (mac null)
296 constexpr size_t max_msg_size = 1 + ESPHOME_DEVICE_NAME_MAX_LEN + 1 + MAC_ADDRESS_BUFFER_SIZE;
297 uint8_t msg[max_msg_size];
298
299 // chosen proto
300 msg[0] = 0x01;
301
302 // node name, terminated by null byte
303 std::memcpy(msg + name_offset, name.c_str(), name_len);
304 // node mac, terminated by null byte
305 std::memcpy(msg + mac_offset, mac, MAC_ADDRESS_BUFFER_SIZE);
306
307 APIError aerr = write_frame_(msg, total_size);
308 if (aerr != APIError::OK)
309 return aerr;
310
311 // start handshake
312 aerr = init_handshake_();
313 if (aerr != APIError::OK)
314 return aerr;
315
316 state_ = State::HANDSHAKE;
317 return APIError::OK;
318}
319APIError APINoiseFrameHelper::state_action_handshake_() {
320 int action = noise_handshakestate_get_action(this->handshake_);
321 if (action == NOISE_ACTION_READ_MESSAGE) {
322 return this->state_action_handshake_read_();
323 } else if (action == NOISE_ACTION_WRITE_MESSAGE) {
324 return this->state_action_handshake_write_();
325 }
326 // bad state for action
327 this->state_ = State::FAILED;
328 HELPER_LOG("Bad action for handshake: %d", action);
329 return APIError::HANDSHAKESTATE_BAD_STATE;
330}
331APIError APINoiseFrameHelper::state_action_handshake_read_() {
332 APIError aerr = this->try_read_frame_();
333 if (aerr != APIError::OK) {
334 return this->handle_handshake_frame_error_(aerr);
335 }
336
337 if (this->rx_buf_.empty()) {
338 this->send_explicit_handshake_reject_(LOG_STR("Empty handshake message"));
339 return APIError::BAD_HANDSHAKE_ERROR_BYTE;
340 } else if (this->rx_buf_[0] != 0x00) {
341 HELPER_LOG("Bad handshake error byte: %u", this->rx_buf_[0]);
342 this->send_explicit_handshake_reject_(LOG_STR("Bad handshake error byte"));
343 return APIError::BAD_HANDSHAKE_ERROR_BYTE;
344 }
345
346 NoiseBuffer mbuf;
347 noise_buffer_init(mbuf);
348 noise_buffer_set_input(mbuf, this->rx_buf_.data() + 1, this->rx_buf_.size() - 1);
349 int err = noise_handshakestate_read_message(this->handshake_, &mbuf, nullptr);
350 if (err != 0) {
351 // Special handling for MAC failure
352 this->send_explicit_handshake_reject_(err == NOISE_ERROR_MAC_FAILURE ? LOG_STR("Handshake MAC failure")
353 : LOG_STR("Handshake error"));
354 return this->handle_noise_error_(err, LOG_STR("noise_handshakestate_read_message"),
355 APIError::HANDSHAKESTATE_READ_FAILED);
356 }
357
358 return this->check_handshake_finished_();
359}
360APIError APINoiseFrameHelper::state_action_handshake_write_() {
361 uint8_t buffer[65];
362 NoiseBuffer mbuf;
363 noise_buffer_init(mbuf);
364 noise_buffer_set_output(mbuf, buffer + 1, sizeof(buffer) - 1);
365
366 int err = noise_handshakestate_write_message(this->handshake_, &mbuf, nullptr);
367 APIError aerr = this->handle_noise_error_(err, LOG_STR("noise_handshakestate_write_message"),
368 APIError::HANDSHAKESTATE_WRITE_FAILED);
369 if (aerr != APIError::OK)
370 return aerr;
371 buffer[0] = 0x00; // success
372
373 aerr = this->write_frame_(buffer, mbuf.size + 1);
374 if (aerr != APIError::OK)
375 return aerr;
376 return this->check_handshake_finished_();
377}
378void APINoiseFrameHelper::send_explicit_handshake_reject_(const LogString *reason) {
379 // Max reject message: "Bad handshake packet len" (24) + 1 (failure byte) = 25 bytes
380 uint8_t data[32];
381 data[0] = 0x01; // failure
382
383#ifdef USE_STORE_LOG_STR_IN_FLASH
384 // On ESP8266 with flash strings, we need to use PROGMEM-aware functions
385 size_t reason_len = strlen_P(reinterpret_cast<PGM_P>(reason));
386 reason_len = std::min(reason_len, sizeof(data) - 1);
387 if (reason_len > 0) {
388 memcpy_P(data + 1, reinterpret_cast<PGM_P>(reason), reason_len);
389 }
390#else
391 // Normal memory access
392 const char *reason_str = LOG_STR_ARG(reason);
393 size_t reason_len = strlen(reason_str);
394 reason_len = std::min(reason_len, sizeof(data) - 1);
395 if (reason_len > 0) {
396 // NOLINTNEXTLINE(bugprone-not-null-terminated-result) - binary protocol, not a C string
397 std::memcpy(data + 1, reason_str, reason_len);
398 }
399#endif
400
401 size_t data_size = reason_len + 1;
402
403 // temporarily remove failed state
404 auto orig_state = state_;
405 state_ = State::EXPLICIT_REJECT;
406 write_frame_(data, data_size);
407 state_ = orig_state;
408}
409APIError APINoiseFrameHelper::read_packet(ReadPacketBuffer *buffer) {
410 APIError aerr = this->check_data_state_();
411 if (aerr != APIError::OK)
412 return aerr;
413
414 aerr = this->try_read_frame_();
415 if (aerr != APIError::OK)
416 return aerr;
417
418 NoiseBuffer mbuf;
419 noise_buffer_init(mbuf);
420 // read_packet() must only be called in DATA state; the extra
421 // RX_BUF_NULL_TERMINATOR byte is only allocated in DATA state
422 // (see try_read_frame_), so calling this during handshake would
423 // underflow the size calculation below.
424#ifdef ESPHOME_DEBUG_API
425 assert(this->state_ == State::DATA);
426#endif
427 // rx_buf_ has RX_BUF_NULL_TERMINATOR extra byte for null termination
428 // (only added in DATA state — see try_read_frame_), so subtract it
429 // to get the actual encrypted data size for decryption.
430 size_t encrypted_size = this->rx_buf_.size() - RX_BUF_NULL_TERMINATOR;
431 noise_buffer_set_inout(mbuf, this->rx_buf_.data(), encrypted_size, encrypted_size);
432 int err = noise_cipherstate_decrypt(this->recv_cipher_, &mbuf);
433 APIError decrypt_err =
434 handle_noise_error_(err, LOG_STR("noise_cipherstate_decrypt"), APIError::CIPHERSTATE_DECRYPT_FAILED);
435 if (decrypt_err != APIError::OK) {
436 return decrypt_err;
437 }
438
439 uint16_t msg_size = mbuf.size;
440 uint8_t *msg_data = this->rx_buf_.data();
441 if (msg_size < 4) {
442 this->state_ = State::FAILED;
443 HELPER_LOG("Bad data packet: size %d too short", msg_size);
444 return APIError::BAD_DATA_PACKET;
445 }
446
447 uint16_t type = (((uint16_t) msg_data[0]) << 8) | msg_data[1];
448 uint16_t data_len = (((uint16_t) msg_data[2]) << 8) | msg_data[3];
449 if (data_len > msg_size - 4) {
450 this->state_ = State::FAILED;
451 HELPER_LOG("Bad data packet: data_len %u greater than msg_size %u", data_len, msg_size);
452 return APIError::BAD_DATA_PACKET;
453 }
454
455 buffer->data = msg_data + 4; // Skip 4-byte header (type + length)
456 buffer->data_len = data_len;
457 buffer->type = type;
458 return APIError::OK;
459}
460// Encrypt a single noise message in place and return the encrypted frame length.
461// Returns APIError::OK on success.
462APIError APINoiseFrameHelper::encrypt_noise_message_(uint8_t *buf_start, uint16_t payload_size, uint8_t message_type,
463 uint16_t &encrypted_len_out) {
464 // Write noise header
465 buf_start[0] = 0x01; // indicator
466 // buf_start[1], buf_start[2] to be set after encryption
467
468 // Write message header (to be encrypted)
469 constexpr uint8_t msg_offset = 3;
470 buf_start[msg_offset] = static_cast<uint8_t>(message_type >> 8); // type high byte
471 buf_start[msg_offset + 1] = static_cast<uint8_t>(message_type); // type low byte
472 buf_start[msg_offset + 2] = static_cast<uint8_t>(payload_size >> 8); // data_len high byte
473 buf_start[msg_offset + 3] = static_cast<uint8_t>(payload_size); // data_len low byte
474 // payload data is already in the buffer starting at offset + 7
475
476 // Encrypt the message in place
477 NoiseBuffer mbuf;
478 noise_buffer_init(mbuf);
479 noise_buffer_set_inout(mbuf, buf_start + msg_offset, 4 + payload_size, 4 + payload_size + this->frame_footer_size_);
480
481 int err = noise_cipherstate_encrypt(this->send_cipher_, &mbuf);
482 APIError aerr =
483 this->handle_noise_error_(err, LOG_STR("noise_cipherstate_encrypt"), APIError::CIPHERSTATE_ENCRYPT_FAILED);
484 if (aerr != APIError::OK)
485 return aerr;
486
487 // Fill in the encrypted size
488 buf_start[1] = static_cast<uint8_t>(mbuf.size >> 8);
489 buf_start[2] = static_cast<uint8_t>(mbuf.size);
490
491 encrypted_len_out = static_cast<uint16_t>(3 + mbuf.size); // indicator + size + encrypted data
492 return APIError::OK;
493}
494
495APIError APINoiseFrameHelper::write_protobuf_packet(uint8_t type, ProtoWriteBuffer buffer) {
496#ifdef ESPHOME_DEBUG_API
497 assert(this->state_ == State::DATA);
498#endif
499
500 // Resize buffer to include footer space for Noise MAC
501 if (this->frame_footer_size_)
502 buffer.get_buffer()->resize(buffer.get_buffer()->size() + this->frame_footer_size_);
503
504 uint16_t payload_size =
505 static_cast<uint16_t>(buffer.get_buffer()->size() - HEADER_PADDING - this->frame_footer_size_);
506 uint8_t *buf_start = buffer.get_buffer()->data();
507 uint16_t encrypted_len;
508 APIError aerr = this->encrypt_noise_message_(buf_start, payload_size, type, encrypted_len);
509 if (aerr != APIError::OK)
510 return aerr;
511 return this->write_raw_fast_buf_(buf_start, encrypted_len);
512}
513
514APIError APINoiseFrameHelper::write_protobuf_messages(ProtoWriteBuffer buffer, std::span<const MessageInfo> messages) {
515#ifdef ESPHOME_DEBUG_API
516 assert(this->state_ == State::DATA);
517 assert(!messages.empty());
518#endif
519
520 // Noise messages are already contiguous in the buffer:
521 // HEADER_PADDING (7) exactly matches the fixed header size, and
522 // footer space (16) is consumed by the encryption MAC.
523 uint8_t *buffer_data = buffer.get_buffer()->data();
524 uint8_t *write_start = buffer_data + messages[0].offset;
525 uint16_t total_write_len = 0;
526
527 for (const auto &msg : messages) {
528 uint8_t *buf_start = buffer_data + msg.offset;
529 uint16_t encrypted_len;
530 APIError aerr = this->encrypt_noise_message_(buf_start, msg.payload_size, msg.message_type, encrypted_len);
531 if (aerr != APIError::OK)
532 return aerr;
533 total_write_len += encrypted_len;
534 }
535
536 return this->write_raw_fast_buf_(write_start, total_write_len);
537}
538
539APIError APINoiseFrameHelper::write_frame_(const uint8_t *data, uint16_t len) {
540 uint8_t header[3];
541 header[0] = 0x01; // indicator
542 header[1] = (uint8_t) (len >> 8);
543 header[2] = (uint8_t) len;
544
545 if (len == 0) {
546 return this->write_raw_buf_(header, 3);
547 }
548 struct iovec iov[2];
549 iov[0].iov_base = header;
550 iov[0].iov_len = 3;
551 iov[1].iov_base = const_cast<uint8_t *>(data);
552 iov[1].iov_len = len;
553
554 return this->write_raw_iov_(iov, 2, 3 + len);
555}
556
561APIError APINoiseFrameHelper::init_handshake_() {
562 int err;
563 memset(&nid_, 0, sizeof(nid_));
564 // const char *proto = "Noise_NNpsk0_25519_ChaChaPoly_SHA256";
565 // err = noise_protocol_name_to_id(&nid_, proto, strlen(proto));
566 nid_.pattern_id = NOISE_PATTERN_NN;
567 nid_.cipher_id = NOISE_CIPHER_CHACHAPOLY;
568 nid_.dh_id = NOISE_DH_CURVE25519;
569 nid_.prefix_id = NOISE_PREFIX_STANDARD;
570 nid_.hybrid_id = NOISE_DH_NONE;
571 nid_.hash_id = NOISE_HASH_SHA256;
572 nid_.modifier_ids[0] = NOISE_MODIFIER_PSK0;
573
574 err = noise_handshakestate_new_by_id(&handshake_, &nid_, NOISE_ROLE_RESPONDER);
575 APIError aerr =
576 handle_noise_error_(err, LOG_STR("noise_handshakestate_new_by_id"), APIError::HANDSHAKESTATE_SETUP_FAILED);
577 if (aerr != APIError::OK)
578 return aerr;
579
580 const auto &psk = this->ctx_.get_psk();
581 err = noise_handshakestate_set_pre_shared_key(handshake_, psk.data(), psk.size());
582 aerr = handle_noise_error_(err, LOG_STR("noise_handshakestate_set_pre_shared_key"),
583 APIError::HANDSHAKESTATE_SETUP_FAILED);
584 if (aerr != APIError::OK)
585 return aerr;
586
587 err = noise_handshakestate_set_prologue(handshake_, prologue_.data(), prologue_.size());
588 aerr = handle_noise_error_(err, LOG_STR("noise_handshakestate_set_prologue"), APIError::HANDSHAKESTATE_SETUP_FAILED);
589 if (aerr != APIError::OK)
590 return aerr;
591 // set_prologue copies it into handshakestate, so we can get rid of it now
592 prologue_.release();
593
594 err = noise_handshakestate_start(handshake_);
595 aerr = handle_noise_error_(err, LOG_STR("noise_handshakestate_start"), APIError::HANDSHAKESTATE_SETUP_FAILED);
596 if (aerr != APIError::OK)
597 return aerr;
598 return APIError::OK;
599}
600
601APIError APINoiseFrameHelper::check_handshake_finished_() {
602#ifdef ESPHOME_DEBUG_API
603 assert(state_ == State::HANDSHAKE);
604#endif
605
606 int action = noise_handshakestate_get_action(handshake_);
607 if (action == NOISE_ACTION_READ_MESSAGE || action == NOISE_ACTION_WRITE_MESSAGE)
608 return APIError::OK;
609 if (action != NOISE_ACTION_SPLIT) {
610 state_ = State::FAILED;
611 HELPER_LOG("Bad action for handshake: %d", action);
612 return APIError::HANDSHAKESTATE_BAD_STATE;
613 }
614 int err = noise_handshakestate_split(handshake_, &send_cipher_, &recv_cipher_);
615 APIError aerr =
616 handle_noise_error_(err, LOG_STR("noise_handshakestate_split"), APIError::HANDSHAKESTATE_SPLIT_FAILED);
617 if (aerr != APIError::OK)
618 return aerr;
619
620 this->frame_footer_size_ = noise_cipherstate_get_mac_length(send_cipher_);
621
622 HELPER_LOG("Handshake complete!");
623 noise_handshakestate_free(handshake_);
624 handshake_ = nullptr;
625 state_ = State::DATA;
626 return APIError::OK;
627}
628
629APINoiseFrameHelper::~APINoiseFrameHelper() {
630 if (handshake_ != nullptr) {
631 noise_handshakestate_free(handshake_);
632 handshake_ = nullptr;
633 }
634 if (send_cipher_ != nullptr) {
635 noise_cipherstate_free(send_cipher_);
636 send_cipher_ = nullptr;
637 }
638 if (recv_cipher_ != nullptr) {
639 noise_cipherstate_free(recv_cipher_);
640 recv_cipher_ = nullptr;
641 }
642}
643
644extern "C" {
645// declare how noise generates random bytes (here with a good HWRNG based on the RF system)
646void noise_rand_bytes(void *output, size_t len) {
647 if (!esphome::random_bytes(reinterpret_cast<uint8_t *>(output), len)) {
648 ESP_LOGE(TAG, "Acquiring random bytes failed; rebooting");
649 arch_restart();
650 }
651}
652}
653
654} // namespace esphome::api
655#endif // USE_API_NOISE
656#endif // USE_API
api_connection.h
api_frame_helper_noise.h
esphome::Application::get_name
const StringRef & get_name() const
Get the name of this Application set by pre_setup().
Definition application.h:149
esphome::api::APIBuffer::release
void release()
Release all memory (equivalent to std::vector swap trick).
Definition api_buffer.h:60
esphome::api::APIBuffer::size
size_t size() const
Definition api_buffer.h:55
esphome::api::APIBuffer::resize
void resize(size_t n) ESPHOME_ALWAYS_INLINE
Definition api_buffer.h:43
esphome::api::APIFrameHelper::handle_socket_read_result_
APIError handle_socket_read_result_(ssize_t received)
Definition api_frame_helper.cpp:211
esphome::api::APIFrameHelper::write_raw_fast_buf_
APIError ESPHOME_ALWAYS_INLINE write_raw_fast_buf_(const void *data, uint16_t len)
Definition api_frame_helper.h:232
esphome::api::APIFrameHelper::write_raw_buf_
APIError write_raw_buf_(const void *data, uint16_t len, ssize_t sent=WRITE_NOT_ATTEMPTED)
Definition api_frame_helper.cpp:122
esphome::api::APIFrameHelper::write_raw_iov_
APIError write_raw_iov_(const struct iovec *iov, int iovcnt, uint16_t total_write_len, ssize_t sent=WRITE_NOT_ATTEMPTED)
Definition api_frame_helper.cpp:136
esphome::api::APIFrameHelper::socket_
std::unique_ptr< socket::Socket > socket_
Definition api_frame_helper.h:256
esphome::api::APIFrameHelper::check_data_state_
APIError ESPHOME_ALWAYS_INLINE check_data_state_() const
Definition api_frame_helper.h:280
esphome::api::APINoiseContext::get_psk
const psk_t & get_psk() const
Definition api_noise_context.h:21
esphome::api::APINoiseFrameHelper::write_protobuf_packet
APIError write_protobuf_packet(uint8_t type, ProtoWriteBuffer buffer) override
Definition api_frame_helper_noise.cpp:495
esphome::api::APINoiseFrameHelper::read_packet
APIError read_packet(ReadPacketBuffer *buffer) override
Definition api_frame_helper_noise.cpp:409
esphome::api::APINoiseFrameHelper::handle_noise_error_
APIError handle_noise_error_(int err, const LogString *func_name, APIError api_err)
Definition api_frame_helper_noise.cpp:123
esphome::api::APINoiseFrameHelper::write_protobuf_messages
APIError write_protobuf_messages(ProtoWriteBuffer buffer, std::span< const MessageInfo > messages) override
Definition api_frame_helper_noise.cpp:514
esphome::api::APINoiseFrameHelper::state_action_
APIError state_action_()
To be called from read/write methods.
Definition api_frame_helper_noise.cpp:244
esphome::api::APINoiseFrameHelper::try_read_frame_
APIError try_read_frame_()
Read a packet into the rx_buf_.
Definition api_frame_helper_noise.cpp:164
esphome::api::APINoiseFrameHelper::loop
APIError loop() override
Run through handshake messages (if in that phase)
Definition api_frame_helper_noise.cpp:133
esphome::api::APINoiseFrameHelper::encrypt_noise_message_
APIError encrypt_noise_message_(uint8_t *buf_start, uint16_t payload_size, uint8_t message_type, uint16_t &encrypted_len_out)
Definition api_frame_helper_noise.cpp:462
esphome::api::APINoiseFrameHelper::handle_handshake_frame_error_
APIError handle_handshake_frame_error_(APIError aerr)
Definition api_frame_helper_noise.cpp:113
esphome::api::APINoiseFrameHelper::send_explicit_handshake_reject_
void send_explicit_handshake_reject_(const LogString *reason)
Definition api_frame_helper_noise.cpp:378
esphome::api::APINoiseFrameHelper::write_frame_
APIError write_frame_(const uint8_t *data, uint16_t len)
Definition api_frame_helper_noise.cpp:539
esphome::api::APINoiseFrameHelper::init
APIError init() override
Initialize the frame helper, returns OK if successful.
Definition api_frame_helper_noise.cpp:94
esphome::api::APINoiseFrameHelper::init_handshake_
APIError init_handshake_()
Initiate the data structures for the handshake.
Definition api_frame_helper_noise.cpp:561
esphome::api::APIOverflowBuffer::empty
bool empty() const
True when no backlogged data is waiting.
Definition api_overflow_buffer.h:47
esphome::api::ProtoWriteBuffer::get_buffer
APIBuffer * get_buffer() const
Definition proto.h:271
type
uint16_t type
Definition dns_server_esp32_idf.cpp:0
entity_base.h
ssize_t
__int64 ssize_t
Definition httplib.h:178
esphome::api::noise_rand_bytes
void noise_rand_bytes(void *output, size_t len)
Definition api_frame_helper_noise.cpp:646
esphome::api::noise_err_to_logstr
const LogString * noise_err_to_logstr(int err)
Convert a noise error code to a readable error.
Definition api_frame_helper_noise.cpp:55
esphome::random_bytes
bool random_bytes(uint8_t *data, size_t len)
Generate len random bytes using the platform's secure RNG (hardware RNG or OS CSPRNG).
Definition helpers.cpp:20
esphome::len
std::string size_t len
Definition helpers.h:1045
esphome::size
uint16_t size
Definition helpers.cpp:25
esphome::get_mac_address_into_buffer
void get_mac_address_into_buffer(std::span< char, MAC_ADDRESS_BUFFER_SIZE > buf)
Get the device MAC address into the given buffer, in lowercase hex notation.
Definition helpers.cpp:867
esphome::arch_restart
void arch_restart()
Definition core.cpp:31
esphome::App
Application App
Global storage of Application pointer - only one Application can exist.
iovec::iov_base
void * iov_base
Definition headers.h:103
iovec::iov_len
size_t iov_len
Definition headers.h:104
payload_size
uint32_t payload_size()
Definition tormatic_protocol.h:30
Generated by doxygen 1.12.0