ESPHome 2026.2.2
Loading...
Searching...
No Matches
api_frame_helper_noise.cpp
Go to the documentation of this file.
1#include "api_frame_helper_noise.h"
2#ifdef USE_API
3#ifdef USE_API_NOISE
4#include "api_connection.h" // For ClientInfo struct
5#include "esphome/core/application.h"
6#include "esphome/core/entity_base.h"
7#include "esphome/core/hal.h"
8#include "esphome/core/helpers.h"
9#include "esphome/core/log.h"
10#include "proto.h"
11#include <cstring>
12#include <cinttypes>
13
14#ifdef USE_ESP8266
15#include <pgmspace.h>
16#endif
17
18namespace esphome::api {
19
20static const char *const TAG = "api.noise";
21#ifdef USE_ESP8266
22static const char PROLOGUE_INIT[] PROGMEM = "NoiseAPIInit";
23#else
24static const char *const PROLOGUE_INIT = "NoiseAPIInit";
25#endif
26static constexpr size_t PROLOGUE_INIT_LEN = 12; // strlen("NoiseAPIInit")
27
28// Maximum bytes to log in hex format (168 * 3 = 504, under TX buffer size of 512)
29static constexpr size_t API_MAX_LOG_BYTES = 168;
30
31#if ESPHOME_LOG_LEVEL >= ESPHOME_LOG_LEVEL_VERY_VERBOSE
32#define HELPER_LOG(msg, ...) \
33 do { \
34 char peername_buf[socket::SOCKADDR_STR_LEN]; \
35 this->get_peername_to(peername_buf); \
36 ESP_LOGVV(TAG, "%s (%s): " msg, this->client_name_, peername_buf, ##__VA_ARGS__); \
37 } while (0)
38#else
39#define HELPER_LOG(msg, ...) ((void) 0)
40#endif
41
42#ifdef HELPER_LOG_PACKETS
43#define LOG_PACKET_RECEIVED(buffer) \
44 do { \
45 char hex_buf_[format_hex_pretty_size(API_MAX_LOG_BYTES)]; \
46 ESP_LOGVV(TAG, "Received frame: %s", \
47 format_hex_pretty_to(hex_buf_, (buffer).data(), \
48 (buffer).size() < API_MAX_LOG_BYTES ? (buffer).size() : API_MAX_LOG_BYTES)); \
49 } while (0)
50#define LOG_PACKET_SENDING(data, len) \
51 do { \
52 char hex_buf_[format_hex_pretty_size(API_MAX_LOG_BYTES)]; \
53 ESP_LOGVV(TAG, "Sending raw: %s", \
54 format_hex_pretty_to(hex_buf_, data, (len) < API_MAX_LOG_BYTES ? (len) : API_MAX_LOG_BYTES)); \
55 } while (0)
56#else
57#define LOG_PACKET_RECEIVED(buffer) ((void) 0)
58#define LOG_PACKET_SENDING(data, len) ((void) 0)
59#endif
60
62const LogString *noise_err_to_logstr(int err) {
63 if (err == NOISE_ERROR_NO_MEMORY)
64 return LOG_STR("NO_MEMORY");
65 if (err == NOISE_ERROR_UNKNOWN_ID)
66 return LOG_STR("UNKNOWN_ID");
67 if (err == NOISE_ERROR_UNKNOWN_NAME)
68 return LOG_STR("UNKNOWN_NAME");
69 if (err == NOISE_ERROR_MAC_FAILURE)
70 return LOG_STR("MAC_FAILURE");
71 if (err == NOISE_ERROR_NOT_APPLICABLE)
72 return LOG_STR("NOT_APPLICABLE");
73 if (err == NOISE_ERROR_SYSTEM)
74 return LOG_STR("SYSTEM");
75 if (err == NOISE_ERROR_REMOTE_KEY_REQUIRED)
76 return LOG_STR("REMOTE_KEY_REQUIRED");
77 if (err == NOISE_ERROR_LOCAL_KEY_REQUIRED)
78 return LOG_STR("LOCAL_KEY_REQUIRED");
79 if (err == NOISE_ERROR_PSK_REQUIRED)
80 return LOG_STR("PSK_REQUIRED");
81 if (err == NOISE_ERROR_INVALID_LENGTH)
82 return LOG_STR("INVALID_LENGTH");
83 if (err == NOISE_ERROR_INVALID_PARAM)
84 return LOG_STR("INVALID_PARAM");
85 if (err == NOISE_ERROR_INVALID_STATE)
86 return LOG_STR("INVALID_STATE");
87 if (err == NOISE_ERROR_INVALID_NONCE)
88 return LOG_STR("INVALID_NONCE");
89 if (err == NOISE_ERROR_INVALID_PRIVATE_KEY)
90 return LOG_STR("INVALID_PRIVATE_KEY");
91 if (err == NOISE_ERROR_INVALID_PUBLIC_KEY)
92 return LOG_STR("INVALID_PUBLIC_KEY");
93 if (err == NOISE_ERROR_INVALID_FORMAT)
94 return LOG_STR("INVALID_FORMAT");
95 if (err == NOISE_ERROR_INVALID_SIGNATURE)
96 return LOG_STR("INVALID_SIGNATURE");
97 return LOG_STR("UNKNOWN");
98}
99
101APIError APINoiseFrameHelper::init() {
102 APIError err = init_common_();
103 if (err != APIError::OK) {
104 return err;
105 }
106
107 // init prologue
108 size_t old_size = prologue_.size();
109 prologue_.resize(old_size + PROLOGUE_INIT_LEN);
110#ifdef USE_ESP8266
111 memcpy_P(prologue_.data() + old_size, PROLOGUE_INIT, PROLOGUE_INIT_LEN);
112#else
113 std::memcpy(prologue_.data() + old_size, PROLOGUE_INIT, PROLOGUE_INIT_LEN);
114#endif
115
116 state_ = State::CLIENT_HELLO;
117 return APIError::OK;
118}
119// Helper for handling handshake frame errors
120APIError APINoiseFrameHelper::handle_handshake_frame_error_(APIError aerr) {
121 if (aerr == APIError::BAD_INDICATOR) {
122 send_explicit_handshake_reject_(LOG_STR("Bad indicator byte"));
123 } else if (aerr == APIError::BAD_HANDSHAKE_PACKET_LEN) {
124 send_explicit_handshake_reject_(LOG_STR("Bad handshake packet len"));
125 }
126 return aerr;
127}
128
129// Helper for handling noise library errors
130APIError APINoiseFrameHelper::handle_noise_error_(int err, const LogString *func_name, APIError api_err) {
131 if (err != 0) {
132 state_ = State::FAILED;
133 HELPER_LOG("%s failed: %s", LOG_STR_ARG(func_name), LOG_STR_ARG(noise_err_to_logstr(err)));
134 return api_err;
135 }
136 return APIError::OK;
137}
138
140APIError APINoiseFrameHelper::loop() {
141 // Cache ready() outside the loop. On ESP8266 LWIP raw TCP, ready() returns false once
142 // the rx buffer is consumed. Re-checking each iteration would block handshake writes
143 // that must follow reads, deadlocking the handshake. state_action() will return
144 // WOULD_BLOCK when no more data is available to read.
145 bool socket_ready = this->socket_->ready();
146 while (state_ != State::DATA && socket_ready) {
147 APIError err = state_action_();
148 if (err == APIError::WOULD_BLOCK) {
149 break;
150 }
151 if (err != APIError::OK) {
152 return err;
153 }
154 }
155
156 // Use base class implementation for buffer sending
157 return APIFrameHelper::loop();
158}
159
169APIError APINoiseFrameHelper::try_read_frame_() {
170 // read header
171 if (rx_header_buf_len_ < 3) {
172 // no header information yet
173 uint8_t to_read = 3 - rx_header_buf_len_;
174 ssize_t received = this->socket_->read(&rx_header_buf_[rx_header_buf_len_], to_read);
175 APIError err = handle_socket_read_result_(received);
176 if (err != APIError::OK) {
177 return err;
178 }
179 rx_header_buf_len_ += static_cast<uint8_t>(received);
180 if (static_cast<uint8_t>(received) != to_read) {
181 // not a full read
182 return APIError::WOULD_BLOCK;
183 }
184
185 if (rx_header_buf_[0] != 0x01) {
186 state_ = State::FAILED;
187 HELPER_LOG("Bad indicator byte %u", rx_header_buf_[0]);
188 return APIError::BAD_INDICATOR;
189 }
190 // header reading done
191 }
192
193 // read body
194 uint16_t msg_size = (((uint16_t) rx_header_buf_[1]) << 8) | rx_header_buf_[2];
195
196 // Check against size limits to prevent OOM: MAX_HANDSHAKE_SIZE for handshake, MAX_MESSAGE_SIZE for data
197 uint16_t limit = (state_ == State::DATA) ? MAX_MESSAGE_SIZE : MAX_HANDSHAKE_SIZE;
198 if (msg_size > limit) {
199 state_ = State::FAILED;
200 HELPER_LOG("Bad packet: message size %u exceeds maximum %u", msg_size, limit);
201 return (state_ == State::DATA) ? APIError::BAD_DATA_PACKET : APIError::BAD_HANDSHAKE_PACKET_LEN;
202 }
203
204 // Reserve space for body
205 if (this->rx_buf_.size() != msg_size) {
206 this->rx_buf_.resize(msg_size);
207 }
208
209 if (rx_buf_len_ < msg_size) {
210 // more data to read
211 uint16_t to_read = msg_size - rx_buf_len_;
212 ssize_t received = this->socket_->read(&rx_buf_[rx_buf_len_], to_read);
213 APIError err = handle_socket_read_result_(received);
214 if (err != APIError::OK) {
215 return err;
216 }
217 rx_buf_len_ += static_cast<uint16_t>(received);
218 if (static_cast<uint16_t>(received) != to_read) {
219 // not all read
220 return APIError::WOULD_BLOCK;
221 }
222 }
223
224 LOG_PACKET_RECEIVED(this->rx_buf_);
225
226 // Clear state for next frame (rx_buf_ still contains data for caller)
227 this->rx_buf_len_ = 0;
228 this->rx_header_buf_len_ = 0;
229
230 return APIError::OK;
231}
232
242APIError APINoiseFrameHelper::state_action_() {
243 int err;
244 APIError aerr;
245 if (state_ == State::INITIALIZE) {
246 HELPER_LOG("Bad state for method: %d", (int) state_);
247 return APIError::BAD_STATE;
248 }
249 if (state_ == State::CLIENT_HELLO) {
250 // waiting for client hello
251 aerr = this->try_read_frame_();
252 if (aerr != APIError::OK) {
253 return handle_handshake_frame_error_(aerr);
254 }
255 // ignore contents, may be used in future for flags
256 // Resize for: existing prologue + 2 size bytes + frame data
257 size_t old_size = this->prologue_.size();
258 this->prologue_.resize(old_size + 2 + this->rx_buf_.size());
259 this->prologue_[old_size] = (uint8_t) (this->rx_buf_.size() >> 8);
260 this->prologue_[old_size + 1] = (uint8_t) this->rx_buf_.size();
261 std::memcpy(this->prologue_.data() + old_size + 2, this->rx_buf_.data(), this->rx_buf_.size());
262
263 state_ = State::SERVER_HELLO;
264 }
265 if (state_ == State::SERVER_HELLO) {
266 // send server hello
267 const std::string &name = App.get_name();
268 char mac[MAC_ADDRESS_BUFFER_SIZE];
269 get_mac_address_into_buffer(mac);
270
271 // Calculate positions and sizes
272 size_t name_len = name.size() + 1; // including null terminator
273 size_t name_offset = 1;
274 size_t mac_offset = name_offset + name_len;
275 size_t total_size = 1 + name_len + MAC_ADDRESS_BUFFER_SIZE;
276
277 // 1 (proto) + name (max ESPHOME_DEVICE_NAME_MAX_LEN) + 1 (name null)
278 // + mac (MAC_ADDRESS_BUFFER_SIZE - 1) + 1 (mac null)
279 constexpr size_t max_msg_size = 1 + ESPHOME_DEVICE_NAME_MAX_LEN + 1 + MAC_ADDRESS_BUFFER_SIZE;
280 uint8_t msg[max_msg_size];
281
282 // chosen proto
283 msg[0] = 0x01;
284
285 // node name, terminated by null byte
286 std::memcpy(msg + name_offset, name.c_str(), name_len);
287 // node mac, terminated by null byte
288 std::memcpy(msg + mac_offset, mac, MAC_ADDRESS_BUFFER_SIZE);
289
290 aerr = write_frame_(msg, total_size);
291 if (aerr != APIError::OK)
292 return aerr;
293
294 // start handshake
295 aerr = init_handshake_();
296 if (aerr != APIError::OK)
297 return aerr;
298
299 state_ = State::HANDSHAKE;
300 }
301 if (state_ == State::HANDSHAKE) {
302 int action = noise_handshakestate_get_action(handshake_);
303 if (action == NOISE_ACTION_READ_MESSAGE) {
304 // waiting for handshake msg
305 aerr = this->try_read_frame_();
306 if (aerr != APIError::OK) {
307 return handle_handshake_frame_error_(aerr);
308 }
309
310 if (this->rx_buf_.empty()) {
311 send_explicit_handshake_reject_(LOG_STR("Empty handshake message"));
312 return APIError::BAD_HANDSHAKE_ERROR_BYTE;
313 } else if (this->rx_buf_[0] != 0x00) {
314 HELPER_LOG("Bad handshake error byte: %u", this->rx_buf_[0]);
315 send_explicit_handshake_reject_(LOG_STR("Bad handshake error byte"));
316 return APIError::BAD_HANDSHAKE_ERROR_BYTE;
317 }
318
319 NoiseBuffer mbuf;
320 noise_buffer_init(mbuf);
321 noise_buffer_set_input(mbuf, this->rx_buf_.data() + 1, this->rx_buf_.size() - 1);
322 err = noise_handshakestate_read_message(handshake_, &mbuf, nullptr);
323 if (err != 0) {
324 // Special handling for MAC failure
325 send_explicit_handshake_reject_(err == NOISE_ERROR_MAC_FAILURE ? LOG_STR("Handshake MAC failure")
326 : LOG_STR("Handshake error"));
327 return handle_noise_error_(err, LOG_STR("noise_handshakestate_read_message"),
328 APIError::HANDSHAKESTATE_READ_FAILED);
329 }
330
331 aerr = check_handshake_finished_();
332 if (aerr != APIError::OK)
333 return aerr;
334 } else if (action == NOISE_ACTION_WRITE_MESSAGE) {
335 uint8_t buffer[65];
336 NoiseBuffer mbuf;
337 noise_buffer_init(mbuf);
338 noise_buffer_set_output(mbuf, buffer + 1, sizeof(buffer) - 1);
339
340 err = noise_handshakestate_write_message(handshake_, &mbuf, nullptr);
341 APIError aerr_write = handle_noise_error_(err, LOG_STR("noise_handshakestate_write_message"),
342 APIError::HANDSHAKESTATE_WRITE_FAILED);
343 if (aerr_write != APIError::OK)
344 return aerr_write;
345 buffer[0] = 0x00; // success
346
347 aerr = write_frame_(buffer, mbuf.size + 1);
348 if (aerr != APIError::OK)
349 return aerr;
350 aerr = check_handshake_finished_();
351 if (aerr != APIError::OK)
352 return aerr;
353 } else {
354 // bad state for action
355 state_ = State::FAILED;
356 HELPER_LOG("Bad action for handshake: %d", action);
357 return APIError::HANDSHAKESTATE_BAD_STATE;
358 }
359 }
360 if (state_ == State::CLOSED || state_ == State::FAILED) {
361 return APIError::BAD_STATE;
362 }
363 return APIError::OK;
364}
365void APINoiseFrameHelper::send_explicit_handshake_reject_(const LogString *reason) {
366 // Max reject message: "Bad handshake packet len" (24) + 1 (failure byte) = 25 bytes
367 uint8_t data[32];
368 data[0] = 0x01; // failure
369
370#ifdef USE_STORE_LOG_STR_IN_FLASH
371 // On ESP8266 with flash strings, we need to use PROGMEM-aware functions
372 size_t reason_len = strlen_P(reinterpret_cast<PGM_P>(reason));
373 if (reason_len > 0) {
374 memcpy_P(data + 1, reinterpret_cast<PGM_P>(reason), reason_len);
375 }
376#else
377 // Normal memory access
378 const char *reason_str = LOG_STR_ARG(reason);
379 size_t reason_len = strlen(reason_str);
380 if (reason_len > 0) {
381 // NOLINTNEXTLINE(bugprone-not-null-terminated-result) - binary protocol, not a C string
382 std::memcpy(data + 1, reason_str, reason_len);
383 }
384#endif
385
386 size_t data_size = reason_len + 1;
387
388 // temporarily remove failed state
389 auto orig_state = state_;
390 state_ = State::EXPLICIT_REJECT;
391 write_frame_(data, data_size);
392 state_ = orig_state;
393}
394APIError APINoiseFrameHelper::read_packet(ReadPacketBuffer *buffer) {
395 APIError aerr = this->state_action_();
396 if (aerr != APIError::OK) {
397 return aerr;
398 }
399
400 if (this->state_ != State::DATA) {
401 return APIError::WOULD_BLOCK;
402 }
403
404 aerr = this->try_read_frame_();
405 if (aerr != APIError::OK)
406 return aerr;
407
408 NoiseBuffer mbuf;
409 noise_buffer_init(mbuf);
410 noise_buffer_set_inout(mbuf, this->rx_buf_.data(), this->rx_buf_.size(), this->rx_buf_.size());
411 int err = noise_cipherstate_decrypt(this->recv_cipher_, &mbuf);
412 APIError decrypt_err =
413 handle_noise_error_(err, LOG_STR("noise_cipherstate_decrypt"), APIError::CIPHERSTATE_DECRYPT_FAILED);
414 if (decrypt_err != APIError::OK) {
415 return decrypt_err;
416 }
417
418 uint16_t msg_size = mbuf.size;
419 uint8_t *msg_data = this->rx_buf_.data();
420 if (msg_size < 4) {
421 this->state_ = State::FAILED;
422 HELPER_LOG("Bad data packet: size %d too short", msg_size);
423 return APIError::BAD_DATA_PACKET;
424 }
425
426 uint16_t type = (((uint16_t) msg_data[0]) << 8) | msg_data[1];
427 uint16_t data_len = (((uint16_t) msg_data[2]) << 8) | msg_data[3];
428 if (data_len > msg_size - 4) {
429 this->state_ = State::FAILED;
430 HELPER_LOG("Bad data packet: data_len %u greater than msg_size %u", data_len, msg_size);
431 return APIError::BAD_DATA_PACKET;
432 }
433
434 buffer->data = msg_data + 4; // Skip 4-byte header (type + length)
435 buffer->data_len = data_len;
436 buffer->type = type;
437 return APIError::OK;
438}
439APIError APINoiseFrameHelper::write_protobuf_packet(uint8_t type, ProtoWriteBuffer buffer) {
440 // Resize to include MAC space (required for Noise encryption)
441 buffer.get_buffer()->resize(buffer.get_buffer()->size() + frame_footer_size_);
442 MessageInfo msg{type, 0,
443 static_cast<uint16_t>(buffer.get_buffer()->size() - frame_header_padding_ - frame_footer_size_)};
444 return write_protobuf_messages(buffer, std::span<const MessageInfo>(&msg, 1));
445}
446
447APIError APINoiseFrameHelper::write_protobuf_messages(ProtoWriteBuffer buffer, std::span<const MessageInfo> messages) {
448 APIError aerr = state_action_();
449 if (aerr != APIError::OK) {
450 return aerr;
451 }
452
453 if (state_ != State::DATA) {
454 return APIError::WOULD_BLOCK;
455 }
456
457 if (messages.empty()) {
458 return APIError::OK;
459 }
460
461 uint8_t *buffer_data = buffer.get_buffer()->data();
462
463 // Stack-allocated iovec array - no heap allocation
464 StaticVector<struct iovec, MAX_MESSAGES_PER_BATCH> iovs;
465 uint16_t total_write_len = 0;
466
467 // We need to encrypt each message in place
468 for (const auto &msg : messages) {
469 // The buffer already has padding at offset
470 uint8_t *buf_start = buffer_data + msg.offset;
471
472 // Write noise header
473 buf_start[0] = 0x01; // indicator
474 // buf_start[1], buf_start[2] to be set after encryption
475
476 // Write message header (to be encrypted)
477 const uint8_t msg_offset = 3;
478 buf_start[msg_offset] = static_cast<uint8_t>(msg.message_type >> 8); // type high byte
479 buf_start[msg_offset + 1] = static_cast<uint8_t>(msg.message_type); // type low byte
480 buf_start[msg_offset + 2] = static_cast<uint8_t>(msg.payload_size >> 8); // data_len high byte
481 buf_start[msg_offset + 3] = static_cast<uint8_t>(msg.payload_size); // data_len low byte
482 // payload data is already in the buffer starting at offset + 7
483
484 // Make sure we have space for MAC
485 // The buffer should already have been sized appropriately
486
487 // Encrypt the message in place
488 NoiseBuffer mbuf;
489 noise_buffer_init(mbuf);
490 noise_buffer_set_inout(mbuf, buf_start + msg_offset, 4 + msg.payload_size,
491 4 + msg.payload_size + frame_footer_size_);
492
493 int err = noise_cipherstate_encrypt(send_cipher_, &mbuf);
494 APIError aerr =
495 handle_noise_error_(err, LOG_STR("noise_cipherstate_encrypt"), APIError::CIPHERSTATE_ENCRYPT_FAILED);
496 if (aerr != APIError::OK)
497 return aerr;
498
499 // Fill in the encrypted size
500 buf_start[1] = static_cast<uint8_t>(mbuf.size >> 8);
501 buf_start[2] = static_cast<uint8_t>(mbuf.size);
502
503 // Add iovec for this encrypted message
504 size_t msg_len = static_cast<size_t>(3 + mbuf.size); // indicator + size + encrypted data
505 iovs.push_back({buf_start, msg_len});
506 total_write_len += msg_len;
507 }
508
509 // Send all encrypted messages in one writev call
510 return this->write_raw_(iovs.data(), iovs.size(), total_write_len);
511}
512
513APIError APINoiseFrameHelper::write_frame_(const uint8_t *data, uint16_t len) {
514 uint8_t header[3];
515 header[0] = 0x01; // indicator
516 header[1] = (uint8_t) (len >> 8);
517 header[2] = (uint8_t) len;
518
519 struct iovec iov[2];
520 iov[0].iov_base = header;
521 iov[0].iov_len = 3;
522 if (len == 0) {
523 return this->write_raw_(iov, 1, 3); // Just header
524 }
525 iov[1].iov_base = const_cast<uint8_t *>(data);
526 iov[1].iov_len = len;
527
528 return this->write_raw_(iov, 2, 3 + len); // Header + data
529}
530
535APIError APINoiseFrameHelper::init_handshake_() {
536 int err;
537 memset(&nid_, 0, sizeof(nid_));
538 // const char *proto = "Noise_NNpsk0_25519_ChaChaPoly_SHA256";
539 // err = noise_protocol_name_to_id(&nid_, proto, strlen(proto));
540 nid_.pattern_id = NOISE_PATTERN_NN;
541 nid_.cipher_id = NOISE_CIPHER_CHACHAPOLY;
542 nid_.dh_id = NOISE_DH_CURVE25519;
543 nid_.prefix_id = NOISE_PREFIX_STANDARD;
544 nid_.hybrid_id = NOISE_DH_NONE;
545 nid_.hash_id = NOISE_HASH_SHA256;
546 nid_.modifier_ids[0] = NOISE_MODIFIER_PSK0;
547
548 err = noise_handshakestate_new_by_id(&handshake_, &nid_, NOISE_ROLE_RESPONDER);
549 APIError aerr =
550 handle_noise_error_(err, LOG_STR("noise_handshakestate_new_by_id"), APIError::HANDSHAKESTATE_SETUP_FAILED);
551 if (aerr != APIError::OK)
552 return aerr;
553
554 const auto &psk = this->ctx_.get_psk();
555 err = noise_handshakestate_set_pre_shared_key(handshake_, psk.data(), psk.size());
556 aerr = handle_noise_error_(err, LOG_STR("noise_handshakestate_set_pre_shared_key"),
557 APIError::HANDSHAKESTATE_SETUP_FAILED);
558 if (aerr != APIError::OK)
559 return aerr;
560
561 err = noise_handshakestate_set_prologue(handshake_, prologue_.data(), prologue_.size());
562 aerr = handle_noise_error_(err, LOG_STR("noise_handshakestate_set_prologue"), APIError::HANDSHAKESTATE_SETUP_FAILED);
563 if (aerr != APIError::OK)
564 return aerr;
565 // set_prologue copies it into handshakestate, so we can get rid of it now
566 // Use swap idiom to actually release memory (= {} only clears size, not capacity)
567 std::vector<uint8_t>().swap(prologue_);
568
569 err = noise_handshakestate_start(handshake_);
570 aerr = handle_noise_error_(err, LOG_STR("noise_handshakestate_start"), APIError::HANDSHAKESTATE_SETUP_FAILED);
571 if (aerr != APIError::OK)
572 return aerr;
573 return APIError::OK;
574}
575
576APIError APINoiseFrameHelper::check_handshake_finished_() {
577 assert(state_ == State::HANDSHAKE);
578
579 int action = noise_handshakestate_get_action(handshake_);
580 if (action == NOISE_ACTION_READ_MESSAGE || action == NOISE_ACTION_WRITE_MESSAGE)
581 return APIError::OK;
582 if (action != NOISE_ACTION_SPLIT) {
583 state_ = State::FAILED;
584 HELPER_LOG("Bad action for handshake: %d", action);
585 return APIError::HANDSHAKESTATE_BAD_STATE;
586 }
587 int err = noise_handshakestate_split(handshake_, &send_cipher_, &recv_cipher_);
588 APIError aerr =
589 handle_noise_error_(err, LOG_STR("noise_handshakestate_split"), APIError::HANDSHAKESTATE_SPLIT_FAILED);
590 if (aerr != APIError::OK)
591 return aerr;
592
593 frame_footer_size_ = noise_cipherstate_get_mac_length(send_cipher_);
594
595 HELPER_LOG("Handshake complete!");
596 noise_handshakestate_free(handshake_);
597 handshake_ = nullptr;
598 state_ = State::DATA;
599 return APIError::OK;
600}
601
602APINoiseFrameHelper::~APINoiseFrameHelper() {
603 if (handshake_ != nullptr) {
604 noise_handshakestate_free(handshake_);
605 handshake_ = nullptr;
606 }
607 if (send_cipher_ != nullptr) {
608 noise_cipherstate_free(send_cipher_);
609 send_cipher_ = nullptr;
610 }
611 if (recv_cipher_ != nullptr) {
612 noise_cipherstate_free(recv_cipher_);
613 recv_cipher_ = nullptr;
614 }
615}
616
617extern "C" {
618// declare how noise generates random bytes (here with a good HWRNG based on the RF system)
619void noise_rand_bytes(void *output, size_t len) {
620 if (!esphome::random_bytes(reinterpret_cast<uint8_t *>(output), len)) {
621 ESP_LOGE(TAG, "Acquiring random bytes failed; rebooting");
622 arch_restart();
623 }
624}
625}
626
627} // namespace esphome::api
628#endif // USE_API_NOISE
629#endif // USE_API
api_connection.h
api_frame_helper_noise.h
esphome::Application::get_name
const std::string & get_name() const
Get the name of this Application set by pre_setup().
Definition application.h:261
esphome::StaticVector
Minimal static vector - saves memory by avoiding std::vector overhead.
Definition helpers.h:137
esphome::StaticVector::size
size_t size() const
Definition helpers.h:197
esphome::StaticVector::push_back
void push_back(const T &value)
Definition helpers.h:170
esphome::api::APIFrameHelper::handle_socket_read_result_
APIError handle_socket_read_result_(ssize_t received)
Definition api_frame_helper.cpp:279
esphome::api::APIFrameHelper::rx_buf_
std::vector< uint8_t > rx_buf_
Definition api_frame_helper.h:233
esphome::api::APIFrameHelper::socket_
std::unique_ptr< socket::Socket > socket_
Definition api_frame_helper.h:210
esphome::api::APIFrameHelper::write_raw_
APIError write_raw_(const struct iovec *iov, int iovcnt, uint16_t total_write_len)
Definition api_frame_helper.cpp:165
esphome::api::APINoiseContext::get_psk
const psk_t & get_psk() const
Definition api_noise_context.h:21
esphome::api::APINoiseFrameHelper::write_protobuf_packet
APIError write_protobuf_packet(uint8_t type, ProtoWriteBuffer buffer) override
Definition api_frame_helper_noise.cpp:439
esphome::api::APINoiseFrameHelper::read_packet
APIError read_packet(ReadPacketBuffer *buffer) override
Definition api_frame_helper_noise.cpp:394
esphome::api::APINoiseFrameHelper::handle_noise_error_
APIError handle_noise_error_(int err, const LogString *func_name, APIError api_err)
Definition api_frame_helper_noise.cpp:130
esphome::api::APINoiseFrameHelper::write_protobuf_messages
APIError write_protobuf_messages(ProtoWriteBuffer buffer, std::span< const MessageInfo > messages) override
Definition api_frame_helper_noise.cpp:447
esphome::api::APINoiseFrameHelper::state_action_
APIError state_action_()
To be called from read/write methods.
Definition api_frame_helper_noise.cpp:242
esphome::api::APINoiseFrameHelper::try_read_frame_
APIError try_read_frame_()
Read a packet into the rx_buf_.
Definition api_frame_helper_noise.cpp:169
esphome::api::APINoiseFrameHelper::loop
APIError loop() override
Run through handshake messages (if in that phase)
Definition api_frame_helper_noise.cpp:140
esphome::api::APINoiseFrameHelper::handle_handshake_frame_error_
APIError handle_handshake_frame_error_(APIError aerr)
Definition api_frame_helper_noise.cpp:120
esphome::api::APINoiseFrameHelper::send_explicit_handshake_reject_
void send_explicit_handshake_reject_(const LogString *reason)
Definition api_frame_helper_noise.cpp:365
esphome::api::APINoiseFrameHelper::write_frame_
APIError write_frame_(const uint8_t *data, uint16_t len)
Definition api_frame_helper_noise.cpp:513
esphome::api::APINoiseFrameHelper::init
APIError init() override
Initialize the frame helper, returns OK if successful.
Definition api_frame_helper_noise.cpp:101
esphome::api::APINoiseFrameHelper::init_handshake_
APIError init_handshake_()
Initiate the data structures for the handshake.
Definition api_frame_helper_noise.cpp:535
esphome::api::ProtoWriteBuffer::get_buffer
std::vector< uint8_t > * get_buffer() const
Definition proto.h:338
type
uint16_t type
Definition dns_server_esp32_idf.cpp:0
entity_base.h
ssize_t
__int64 ssize_t
Definition httplib.h:178
esphome::api::noise_rand_bytes
void noise_rand_bytes(void *output, size_t len)
Definition api_frame_helper_noise.cpp:619
esphome::api::noise_err_to_logstr
const LogString * noise_err_to_logstr(int err)
Convert a noise error code to a readable error.
Definition api_frame_helper_noise.cpp:62
esphome::random_bytes
bool random_bytes(uint8_t *data, size_t len)
Generate len number of random bytes.
Definition helpers.cpp:18
esphome::len
std::string size_t len
Definition helpers.h:692
esphome::size
size_t size
Definition helpers.h:729
esphome::get_mac_address_into_buffer
void get_mac_address_into_buffer(std::span< char, MAC_ADDRESS_BUFFER_SIZE > buf)
Get the device MAC address into the given buffer, in lowercase hex notation.
Definition helpers.cpp:813
esphome::arch_restart
void arch_restart()
Definition core.cpp:29
esphome::App
Application App
Global storage of Application pointer - only one Application can exist.
Definition application.cpp:672
iovec::iov_base
void * iov_base
Definition headers.h:101
iovec::iov_len
size_t iov_len
Definition headers.h:102
Generated by doxygen 1.12.0