Closed seime closed 6 months ago
Helpful links:
Device side: https://github.com/esphome/esphome/blob/dev/esphome/components/api/api_frame_helper.h#L78
@smolbo or @amandel - anyone of you that can assist? :)
Do you need review or do you need actual code help? I'm pretty deep with light handler currently (for past month+), as it is current thing I need to be kinda working. :)
Actual code help, I've gotten blind on what the problem might be ;)
If you could try flash an ESP with an encryption key, add encryptionKey
as a thing parameter and try to connect.
For me it always fails at private void handleHandshake(byte[] packetData) throws ProtocolException {
in EncryptedFrameHelper
. If you're able to make it past the initial if check, I can take over again and complete it.
Been stuck at it for way too long ;)
I do not want to promise anything but I try to have a look during this or next week.
@smolbo
Do you need review or do you need actual code help? I'm pretty deep with light handler currently (for past month+), as it is current thing I need to be kinda working. :)
I added some initial light support a couple of weeks ago - did you test it? I only have a simple W2812B LED ring to test with, so the current support might not be very comprehensive.
I'm on it a bit. For me it looks like the NNpsk0 pattern is not supported via the used noise-java library.
Some links I've collected_
In noise/functions/patterns.py:49 there is handling for psk0 modifier, in https://github.com/rweather/noise-java/blob/master/src/main/java/com/southernstorm/noise/protocol/HandshakeState.java#L161 there is no such handling. Which could be reason that we get Handshake MAC failure
errors.
I don't know much details - so I try to reach out to the author of the noise-java library. I did not find other alternatives for now.
By examining the Noise java source code, I do think the variant used in the OH code NoisePSK_NN_25519_ChaChaPoly_SHA256
is identical toNoise_NNpsk0_25519_ChaChaPoly_SHA256
, but just to be sure I've tried to make explicit support for Noise_NNpsk0_25519_ChaChaPoly_SHA256
in the java library. But it still doesn't work.
Thanks for looking into this @amandel !
I did not try to analyze the handshake fully, but the difference in the noise spec in 9.4. Pattern modifiers triggered me:
NN:
-> e
<- e, ee
vs.
NNpsk0:
-> psk, e
<- e, ee
do you have the branch with psk0 support somewhere? In your tests - do you think it fails even before this stage?
Take a look at https://github.com/seime/noise-java/tree/nn_psk0
I think it fails in the first exchange. Maybe the code to init the library is insufficient, but I cannot see the difference from the other language implementations
Sorry, I can't take a look at this now, recovering from minor surgery.
On Tue, 26 Mar 2024, 18:21 Arne Seime, @.***> wrote:
Take a look at https://github.com/seime/noise-java/tree/nn_psk0
I think it fails in the first exchange. Maybe the code to init the library is insufficient, but I cannot see the difference from the other language implementations
— Reply to this email directly, view it on GitHub https://github.com/seime/openhab-esphome/pull/15#issuecomment-2020887456, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADRSCJZKHVM57ZDDYWXTPMDY2GHATAVCNFSM6AAAAABEO4QBPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRQHA4DONBVGY . You are receiving this because you were mentioned.Message ID: @.***>
recovering from minor surgery.
Hope you're doing ok!
I've reached // TODO untested branch
, after that the communication stops. I had to do a lot of additional changes in your fork of noise-java
which I'll check and commit as next step. Unfortunately the changes also break the tests 🤔 . Now I need a rest ;)
Awesome @amandel !
I've pushed the changes to https://github.com/amandel/noise-java - this now supports Noise_NNpsk0_25519_ChaChaPoly_SHA256
- at least the test cases work.
In EncrptedFrameHelper I changed
private final static String NOISE_PROTOCOL = "NoisePSK_NN_25519_ChaChaPoly_SHA256";
to
private final static String NOISE_PROTOCOL = "Noise_NNpsk0_25519_ChaChaPoly_SHA256";
I'm still unsure, after receiving the handshake response, we try to send client_info
but do not get a response back....
Edit: My commit to nn_psk0 missed some parts - fixed.
Great work @amandel - I'm travelling ATM but I'll test this over the weekend!
@amandel With your updated noise-java
I managed to get the encrypted connection working using a Wokwi emulator.
Core remaining step: Getting the updated noise-java
library published - or library source code inlined in this project. WDYT?
Great! This sounds cool.
I'm not sure - I did not get response from the original author to my inquiry. But I can create a PR and ask if there is interest.
For the encryption part this definitely needs some additional review - I followed the spec but with little understanding of the details.
I don't know how openHAB policies are. Might be you can include it to be not blocked until the PR gets merged. BTW: If it helps, I can create a GitHub action based build pipeline so that the binaries are at least available on GitHub. (not maven central)
BTW: If it helps, I can create a GitHub action based build pipeline so that the binaries are at least available on GitHub. (not maven central)
Yes this would be sufficient if it is publicly available and in a stable repo.
On "https://maven.pkg.github.com/amandel/noise-java" there is now:
<dependency>
<groupId>com.southerstorm</groupId>
<artifactId>noise-java</artifactId>
<version>1.0-ESPHOME-SNAPSHOT</version>
</dependency>
for now this is just meant as a temporary solution.
I need some help on this one.
ESPHome device reports "invalid key".