- Use the new Crypto, TypeConversion and random() functionality added to the Arduino core, instead of the versions local to the mesh library.

- Rearrange class variables to minimize storage padding.

- Add protected getters for EspnowMeshBackend and MeshBackendBase components.

- Partially update README.md

Author: aerlon

libraries/ESP8266WiFiMesh/README.md

@@ -138,9 +138,9 @@ void networkFilter(int numberOfNetworks, MeshBackendBase &meshInstance) {
 
       if (targetNodeID < TypeCast::stringToUint64(meshInstance.getNodeID())) {
         if (EspnowMeshBackend *espnowInstance = TypeCast::meshBackendCast<EspnowMeshBackend *>(&meshInstance)) {
-          espnowInstance->connectionQueue().push_back(networkIndex);
+          espnowInstance->connectionQueue().emplace_back(networkIndex);
         } else if (TcpIpMeshBackend *tcpIpInstance = TypeCast::meshBackendCast<TcpIpMeshBackend *>(&meshInstance)) {
-          tcpIpInstance->connectionQueue().push_back(networkIndex);
+          tcpIpInstance->connectionQueue().emplace_back(networkIndex);
         } else {
           Serial.println(F("Invalid mesh backend!"));
         }

libraries/ESP8266WiFiMesh/examples/HelloEspnow/HelloEspnow.ino

@@ -117,9 +117,9 @@ void networkFilter(int numberOfNetworks, MeshBackendBase &meshInstance) {
 
       if (targetNodeID < TypeCast::stringToUint64(meshInstance.getNodeID())) {
         if (EspnowMeshBackend *espnowInstance = TypeCast::meshBackendCast<EspnowMeshBackend *>(&meshInstance)) {
-          espnowInstance->connectionQueue().push_back(networkIndex);
+          espnowInstance->connectionQueue().emplace_back(networkIndex);
         } else if (TcpIpMeshBackend *tcpIpInstance = TypeCast::meshBackendCast<TcpIpMeshBackend *>(&meshInstance)) {
-          tcpIpInstance->connectionQueue().push_back(networkIndex);
+          tcpIpInstance->connectionQueue().emplace_back(networkIndex);
         } else {
           Serial.println(F("Invalid mesh backend!"));
         }

libraries/ESP8266WiFiMesh/examples/HelloTcpIp/HelloTcpIp.ino

@@ -50,8 +50,9 @@ EncryptedConnectionData::EncryptedConnectionData(const uint8_t peerStaMac[6], co
 }
 
 EncryptedConnectionData::EncryptedConnectionData(const EncryptedConnectionData &other)
-  : _peerSessionKey(other.getPeerSessionKey()), _ownSessionKey(other.getOwnSessionKey()), _desync(other.desync()),
-    _timeTracker(other.temporary() ? new ExpiringTimeTracker(*other.temporary()) : nullptr)
+  : _peerSessionKey(other.getPeerSessionKey()), _ownSessionKey(other.getOwnSessionKey()),
+    _timeTracker(other.temporary() ? new ExpiringTimeTracker(*other.temporary()) : nullptr),
+    _desync(other.desync())
 {
   other.getPeerStaMac(_peerStaMac);
   other.getPeerApMac(_peerApMac);
@@ -132,16 +133,16 @@ uint64_t EncryptedConnectionData::getOwnSessionKey() const { return _ownSessionK
 uint64_t EncryptedConnectionData::incrementSessionKey(const uint64_t sessionKey, const uint8_t *hashKey, const uint8_t hashKeyLength)
 {
   uint8_t inputArray[8] {0};
-  uint8_t hmacArray[CryptoInterface::SHA256_NATURAL_LENGTH] {0};
-  CryptoInterface::sha256Hmac(TypeCast::uint64ToUint8Array(sessionKey, inputArray), 8, hashKey, hashKeyLength, hmacArray, CryptoInterface::SHA256_NATURAL_LENGTH);
+  uint8_t hmacArray[experimental::crypto::SHA256::NATURAL_LENGTH] {0};
+  experimental::crypto::SHA256::hmac(TypeCast::uint64ToUint8Array(sessionKey, inputArray), 8, hashKey, hashKeyLength, hmacArray, experimental::crypto::SHA256::NATURAL_LENGTH);
 
   /* HMAC truncation should be OK since hmac sha256 is a PRF and we are truncating to the leftmost (MSB) bits.
   PRF: https://crypto.stackexchange.com/questions/26410/whats-the-gcm-sha-256-of-a-tls-protocol/26434#26434
   Truncate to leftmost bits: https://tools.ietf.org/html/rfc2104#section-5 */
   uint64_t newLeftmostBits = TypeCast::uint8ArrayToUint64(hmacArray) & EspnowProtocolInterpreter::uint64LeftmostBits;
 
   if(newLeftmostBits == 0)
-    newLeftmostBits = ((uint64_t)RANDOM_REG32 | (1 << 31)) << 32; // We never want newLeftmostBits == 0 since that would indicate an unencrypted transmission.
+    newLeftmostBits = ((uint64_t)ESP.random() | (1 << 31)) << 32; // We never want newLeftmostBits == 0 since that would indicate an unencrypted transmission.
 
   uint64_t newRightmostBits = (uint32_t)(sessionKey + 1);
 

libraries/ESP8266WiFiMesh/src/CryptoInterface.cpp

@@ -90,9 +90,9 @@ class EncryptedConnectionData {
   uint8_t _peerApMac[6] {0};
   uint64_t _peerSessionKey;
   uint64_t _ownSessionKey;
+  std::unique_ptr<ExpiringTimeTracker> _timeTracker = nullptr;
   uint8_t _hashKey[EspnowProtocolInterpreter::hashKeyLength] {0};
   bool _desync = false;
-  std::unique_ptr<ExpiringTimeTracker> _timeTracker = nullptr;
 };
 
 #endif

libraries/ESP8266WiFiMesh/src/CryptoInterface.h

@@ -140,13 +140,13 @@ class EspnowConnectionManager
 
   ConditionalPrinter & _conditionalPrinter;
   EspnowDatabase & _database;
-
-  uint8_t _encryptedConnectionsSoftLimit = 6;
+  
+  static ConnectionType getConnectionInfoHelper(const EncryptedConnectionLog *encryptedConnection, uint32_t *remainingDuration, uint8_t *peerMac = nullptr);
 
   uint8_t _espnowEncryptedConnectionKey[EspnowProtocolInterpreter::encryptedConnectionKeyLength] {0};
   uint8_t _espnowHashKey[EspnowProtocolInterpreter::hashKeyLength] {0};
-
-  static ConnectionType getConnectionInfoHelper(const EncryptedConnectionLog *encryptedConnection, uint32_t *remainingDuration, uint8_t *peerMac = nullptr);
+  
+  uint8_t _encryptedConnectionsSoftLimit = 6;
 };
 
 #endif

libraries/ESP8266WiFiMesh/src/EncryptedConnectionData.cpp

@@ -202,11 +202,6 @@ class EspnowDatabase
   ConditionalPrinter & _conditionalPrinter;
 
   uint32_t _autoEncryptionDuration = 50;
-
-  uint8_t _senderMac[6] = {0};
-  uint8_t _senderAPMac[6] = {0};
-
-  uint8 _espnowWiFiChannel;
 
   template <typename T, typename U>
   static void deleteExpiredLogEntries(std::map<std::pair<U, uint64_t>, T> &logEntries, const uint32_t maxEntryLifetimeMs);
@@ -218,6 +213,11 @@ class EspnowDatabase
 
   template <typename T>
   static void deleteExpiredLogEntries(std::list<T> &logEntries, const uint32_t maxEntryLifetimeMs);
+
+  uint8_t _senderMac[6] = {0};
+  uint8_t _senderAPMac[6] = {0};
+  
+  uint8 _espnowWiFiChannel;
 };
 
 #endif

libraries/ESP8266WiFiMesh/src/EncryptedConnectionData.h

@@ -37,10 +37,10 @@ namespace
   namespace TypeCast = MeshTypeConversionFunctions;
 
   String _ongoingPeerRequestNonce;
-  uint8_t _ongoingPeerRequestMac[6] = {0};
   EspnowMeshBackend *_ongoingPeerRequester = nullptr;
   EncryptedConnectionStatus _ongoingPeerRequestResult = EncryptedConnectionStatus::MAX_CONNECTIONS_REACHED_SELF;
   ExpiringTimeTracker _ongoingPeerRequestEncryptionTimeout([](){ return EspnowDatabase::getEncryptionRequestTimeout(); });
+  uint8_t _ongoingPeerRequestMac[6] = {0};
   bool _reciprocalPeerRequestConfirmation = false;
 }
 
@@ -465,7 +465,7 @@ bool EspnowEncryptionBroker::verifyEncryptionRequestHmac(const String &encryptio
     if(hmacStartIndex < 0)
       return false;
 
-    if(hmac.length() == 2*CryptoInterface::SHA256_NATURAL_LENGTH // We know that each HMAC byte should become 2 String characters due to uint8ArrayToHexString.
+    if(hmac.length() == 2*experimental::crypto::SHA256::NATURAL_LENGTH // We know that each HMAC byte should become 2 String characters due to uint8ArrayToHexString.
        && verifyMeshHmac(TypeCast::macToString(requesterStaMac) + TypeCast::macToString(requesterApMac) + encryptionRequestHmacMessage.substring(0, hmacStartIndex), hmac, hashKey, hashKeyLength))
     {
       return true;

libraries/ESP8266WiFiMesh/src/EspnowConnectionManager.h

@@ -81,8 +81,6 @@ class EspnowEncryptionBroker
   EspnowConnectionManager & _connectionManager;
   EspnowTransmitter & _transmitter;
 
-  bool _receivedEncryptedTransmission = false;
-
   using encryptionRequestBuilderType = std::function<String(const String &, const ExpiringTimeTracker &)>;
   static String defaultEncryptionRequestBuilder(const String &requestHeader, const uint32_t durationMs, const uint8_t *hashKey, const String &requestNonce, const ExpiringTimeTracker &existingTimeTracker);
   static String flexibleEncryptionRequestBuilder(const uint32_t minDurationMs, const uint8_t *hashKey, const String &requestNonce, const ExpiringTimeTracker &existingTimeTracker);
@@ -100,6 +98,8 @@ class EspnowEncryptionBroker
   EncryptedConnectionStatus requestEncryptedConnectionKernel(const uint8_t *peerMac, const encryptionRequestBuilderType &encryptionRequestBuilder, EspnowMeshBackend &espnowInstance);
 
   static bool verifyEncryptionRequestHmac(const String &encryptionRequestHmacMessage, const uint8_t *requesterStaMac, const uint8_t *requesterApMac, const uint8_t *hashKey, const uint8_t hashKeyLength);
+
+  bool _receivedEncryptedTransmission = false;
 };
 
 #endif

libraries/ESP8266WiFiMesh/src/EspnowDatabase.h

@@ -57,9 +57,9 @@ EspnowMeshBackend::EspnowMeshBackend(const requestHandlerType requestHandler, co
                                      const broadcastFilterType broadcastFilter, const String &meshPassword, const String &ssidPrefix, const String &ssidSuffix, const bool verboseMode,
                                      const uint8 meshWiFiChannel) 
                                      : MeshBackendBase(requestHandler, responseHandler, networkFilter, MeshBackendType::ESP_NOW), 
-                                       _database(_conditionalPrinter, meshWiFiChannel), _connectionManager(_conditionalPrinter, _database),
-                                       _transmitter(_conditionalPrinter, _database, _connectionManager), 
-                                       _encryptionBroker(_conditionalPrinter, _database, _connectionManager, _transmitter)
+                                       _database(*getConditionalPrinter(), meshWiFiChannel), _connectionManager(*getConditionalPrinter(), *getDatabase()),
+                                       _transmitter(*getConditionalPrinter(), *getDatabase(), *getConnectionManager()), 
+                                       _encryptionBroker(*getConditionalPrinter(), *getDatabase(), *getConnectionManager(), *getTransmitter())
 {
   setBroadcastFilter(broadcastFilter);
   setSSID(ssidPrefix, emptyString, ssidSuffix);
@@ -241,7 +241,7 @@ void EspnowMeshBackend::espnowReceiveCallbackWrapper(uint8_t *macaddr, uint8_t *
     {
       // chacha20Poly1305Decrypt decrypts dataArray in place.
       // We are using the protocol bytes as a key salt.
-      if(!CryptoInterface::chacha20Poly1305Decrypt(dataArray + metadataSize(), len - metadataSize(), getEspnowMessageEncryptionKey(), dataArray, 
+      if(!experimental::crypto::ChaCha20Poly1305::decrypt(dataArray + metadataSize(), len - metadataSize(), getEspnowMessageEncryptionKey(), dataArray, 
                                                    protocolBytesSize, dataArray + protocolBytesSize, dataArray + protocolBytesSize + 12))
       {
         return; // Decryption of message failed.
@@ -470,7 +470,7 @@ void EspnowMeshBackend::espnowReceiveCallback(const uint8_t *macaddr, uint8_t *d
 
     if(response.length() > 0)
     {
-      EspnowDatabase::responsesToSend().push_back(ResponseData(response, macaddr, messageID));
+      EspnowDatabase::responsesToSend().emplace_back(response, macaddr, messageID);
 
       //Serial.println("methodStart Q done " + String(millis() - methodStart));
     }
@@ -626,7 +626,7 @@ void EspnowMeshBackend::setUseEncryptedMessages(const bool useEncryptedMessages)
 }
 bool EspnowMeshBackend::useEncryptedMessages() { return EspnowTransmitter::useEncryptedMessages(); }
 
-void EspnowMeshBackend::setEspnowMessageEncryptionKey(const uint8_t espnowMessageEncryptionKey[CryptoInterface::ENCRYPTION_KEY_LENGTH])
+void EspnowMeshBackend::setEspnowMessageEncryptionKey(const uint8_t espnowMessageEncryptionKey[experimental::crypto::ENCRYPTION_KEY_LENGTH])
 {
   EspnowTransmitter::setEspnowMessageEncryptionKey(espnowMessageEncryptionKey);
 }
@@ -762,10 +762,10 @@ TransmissionStatusType EspnowMeshBackend::initiateTransmission(const String &mes
   assert(recipientInfo.BSSID() != nullptr); // We need at least the BSSID to connect
   recipientInfo.getBSSID(targetBSSID);
 
-  if(_conditionalPrinter.verboseMode()) // Avoid string generation if not required
+  if(verboseMode()) // Avoid string generation if not required
   {
     printAPInfo(recipientInfo);
-    _conditionalPrinter.verboseModePrint(emptyString);
+    verboseModePrint(emptyString);
   }
 
   return initiateTransmissionKernel(message, targetBSSID);
@@ -778,7 +778,7 @@ TransmissionStatusType EspnowMeshBackend::initiateTransmissionKernel(const Strin
 
   uint32_t transmissionDuration = millis() - transmissionStartTime;
 
-  if(_conditionalPrinter.verboseMode() && transmissionResult == TransmissionStatusType::TRANSMISSION_COMPLETE) // Avoid calculations if not required
+  if(verboseMode() && transmissionResult == TransmissionStatusType::TRANSMISSION_COMPLETE) // Avoid calculations if not required
   {
     totalDurationWhenSuccessful_AT += transmissionDuration;
     ++successfulTransmissions_AT;
@@ -793,14 +793,14 @@ TransmissionStatusType EspnowMeshBackend::initiateTransmissionKernel(const Strin
 
 void EspnowMeshBackend::printTransmissionStatistics() const
 {
-  if(_conditionalPrinter.verboseMode() && successfulTransmissions_AT > 0) // Avoid calculations if not required
+  if(verboseMode() && successfulTransmissions_AT > 0) // Avoid calculations if not required
   {
-    _conditionalPrinter.verboseModePrint(String(F("Average duration of successful transmissions: ")) + String(totalDurationWhenSuccessful_AT/successfulTransmissions_AT) + String(F(" ms.")));
-    _conditionalPrinter.verboseModePrint(String(F("Maximum duration of successful transmissions: ")) + String(maxTransmissionDuration_AT) + String(F(" ms.")));
+    verboseModePrint(String(F("Average duration of successful transmissions: ")) + String(totalDurationWhenSuccessful_AT/successfulTransmissions_AT) + String(F(" ms.")));
+    verboseModePrint(String(F("Maximum duration of successful transmissions: ")) + String(maxTransmissionDuration_AT) + String(F(" ms.")));
   }
   else
   {
-    _conditionalPrinter.verboseModePrint(String(F("No successful transmission.")));
+    verboseModePrint(String(F("No successful transmission.")));
   }
 }
 
@@ -947,6 +947,15 @@ uint8_t EspnowMeshBackend::getBroadcastTransmissionRedundancy() const { return _
 void EspnowMeshBackend::setResponseTransmittedHook(const EspnowTransmitter::responseTransmittedHookType responseTransmittedHook) { _transmitter.setResponseTransmittedHook(responseTransmittedHook); }
 EspnowTransmitter::responseTransmittedHookType EspnowMeshBackend::getResponseTransmittedHook() const { return _transmitter.getResponseTransmittedHook(); }
 
+EspnowDatabase *EspnowMeshBackend::getDatabase() { return &_database; }
+const EspnowDatabase *EspnowMeshBackend::getDatabaseConst() const { return &_database; }
+EspnowConnectionManager *EspnowMeshBackend::getConnectionManager() { return &_connectionManager; }
+const EspnowConnectionManager *EspnowMeshBackend::getConnectionManagerConst() const { return &_connectionManager; }
+EspnowTransmitter *EspnowMeshBackend::getTransmitter() { return &_transmitter; }
+const EspnowTransmitter *EspnowMeshBackend::getTransmitterConst() const { return &_transmitter; }
+EspnowEncryptionBroker *EspnowMeshBackend::getEncryptionBroker() { return &_encryptionBroker; }
+const EspnowEncryptionBroker *EspnowMeshBackend::getEncryptionBrokerConst() const { return &_encryptionBroker; }
+
 void EspnowMeshBackend::sendStoredEspnowMessages(const ExpiringTimeTracker *estimatedMaxDurationTracker)
 {
   EspnowEncryptionBroker::sendPeerRequestConfirmations(estimatedMaxDurationTracker);
@@ -974,12 +983,12 @@ uint32_t EspnowMeshBackend::getMaxMessageLength()
   return EspnowTransmitter::getMaxMessageLength();
 }
 
-void EspnowMeshBackend::setVerboseModeState(const bool enabled) {_conditionalPrinter.setVerboseModeState(enabled); ConditionalPrinter::setStaticVerboseModeState(enabled);}
+void EspnowMeshBackend::setVerboseModeState(const bool enabled) {(*getConditionalPrinter()).setVerboseModeState(enabled); ConditionalPrinter::setStaticVerboseModeState(enabled);}
 bool EspnowMeshBackend::verboseMode() const {return ConditionalPrinter::staticVerboseMode();}
 
 void EspnowMeshBackend::verboseModePrint(const String &stringToPrint, const bool newline) const
 {
-  _conditionalPrinter.verboseModePrint(stringToPrint, newline);
+  (*getConditionalPrinterConst()).verboseModePrint(stringToPrint, newline);
 }
 
 bool EspnowMeshBackend::staticVerboseMode() {return ConditionalPrinter::staticVerboseMode();}

libraries/ESP8266WiFiMesh/src/EspnowEncryptionBroker.cpp

@@ -92,7 +92,6 @@
 #include <map>
 #include <list>
 #include "EspnowNetworkInfo.h"
-#include "CryptoInterface.h"
 
 /**
  * An alternative to standard delay(). Will continuously call performEspnowMaintenance() during the waiting time, so that the ESP-NOW node remains responsive.
@@ -483,9 +482,9 @@ class EspnowMeshBackend : public MeshBackendBase {
    * 
    * This changes the message encryption key for all EspnowMeshBackend instances on this ESP8266.
    * 
-   * @param espnowMessageEncryptionKey An array containing the CryptoInterface::ENCRYPTION_KEY_LENGTH bytes that will be used as the message encryption key.
+   * @param espnowMessageEncryptionKey An array containing the experimental::crypto::ENCRYPTION_KEY_LENGTH bytes that will be used as the message encryption key.
    */
-  static void setEspnowMessageEncryptionKey(const uint8_t espnowMessageEncryptionKey[CryptoInterface::ENCRYPTION_KEY_LENGTH]);
+  static void setEspnowMessageEncryptionKey(const uint8_t espnowMessageEncryptionKey[experimental::crypto::ENCRYPTION_KEY_LENGTH]);
 
   /** 
    * Change the key used to encrypt/decrypt messages when using AEAD encryption.
@@ -501,7 +500,7 @@ class EspnowMeshBackend : public MeshBackendBase {
   /**
    * Get the key used to encrypt/decrypt messages when using AEAD encryption.
    * 
-   * @return An uint8_t array with size CryptoInterface::ENCRYPTION_KEY_LENGTH containing the currently used message encryption key.
+   * @return An uint8_t array with size experimental::crypto::ENCRYPTION_KEY_LENGTH containing the currently used message encryption key.
    */
   static const uint8_t *getEspnowMessageEncryptionKey();
 
@@ -935,6 +934,15 @@ class EspnowMeshBackend : public MeshBackendBase {
 
 protected:
 
+  EspnowDatabase *getDatabase();
+  const EspnowDatabase *getDatabaseConst() const;
+  EspnowConnectionManager *getConnectionManager();
+  const EspnowConnectionManager *getConnectionManagerConst() const;
+  EspnowTransmitter *getTransmitter();
+  const EspnowTransmitter *getTransmitterConst() const;
+  EspnowEncryptionBroker *getEncryptionBroker();
+  const EspnowEncryptionBroker *getEncryptionBrokerConst() const;
+
   bool activateEspnow();
 
   /*

libraries/ESP8266WiFiMesh/src/EspnowEncryptionBroker.h

@@ -114,7 +114,7 @@ namespace EspnowProtocolInterpreter
   uint64_t createSessionKey()
   {
     uint64_t newSessionKey = MeshUtilityFunctions::randomUint64();
-    return usesEncryption(newSessionKey) ? newSessionKey : (newSessionKey | ((uint64_t)RANDOM_REG32) << 32 | uint64MSB); // TODO: Replace RANDOM_REG32 use with ESP.random().
+    return usesEncryption(newSessionKey) ? newSessionKey : (newSessionKey | ((uint64_t)ESP.random()) << 32 | uint64MSB);
   }
 
   macAndType_td createMacAndTypeValue(const uint64_t uint64Mac, const char messageType)

libraries/ESP8266WiFiMesh/src/EspnowMeshBackend.cpp

@@ -53,17 +53,17 @@ namespace EspnowProtocolInterpreter
   constexpr uint8_t transmissionsRemainingIndex = 1;
   constexpr uint8_t transmissionMacIndex = 2;
   constexpr uint8_t messageIDIndex = 8;
+  
+  constexpr uint8_t maxEncryptedConnections = 6; // This is limited by the ESP-NOW API. Max 6 in AP or AP+STA mode. Max 10 in STA mode. See "ESP-NOW User Guide" for more info. 
 
   constexpr uint8_t protocolBytesSize = 16;
   constexpr uint8_t aeadMetadataSize = 28;
   uint8_t metadataSize();
   uint32_t getMaxBytesPerTransmission();
   uint32_t getMaxMessageBytesPerTransmission();
-  
-  constexpr uint8_t broadcastMac[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+
   constexpr uint64_t uint64BroadcastMac = 0xFFFFFFFFFFFF;
-    
-  constexpr uint8_t maxEncryptedConnections = 6; // This is limited by the ESP-NOW API. Max 6 in AP or AP+STA mode. Max 10 in STA mode. See "ESP-NOW User Guide" for more info. 
+  constexpr uint8_t broadcastMac[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
 
   constexpr uint8_t encryptedConnectionKeyLength = 16;  // This is restricted to exactly 16 bytes by the ESP-NOW API. It should not be changed unless the ESP-NOW API is changed.
   constexpr uint8_t hashKeyLength = 16; // This can be changed to any value up to 255. Common values are 16 and 32.
@@ -85,7 +85,7 @@ namespace EspnowProtocolInterpreter
   bool usesConstantSessionKey(const char messageType);
 
   /**
-   * Create a new session key for an encrypted connection using the built in RANDOM_REG32 of the ESP8266. 
+   * Create a new session key for an encrypted connection using the built in RANDOM_REG32/ESP.random() of the ESP8266. 
    * Should only be used when initializing a new connection. 
    * Use generateMessageID instead when the encrypted connection is already initialized to keep the connection synchronized.
    *