- Use the new Crypto, TypeConversion and random() functionality added to the Arduino core, instead of the versions local to the mesh library.

- Rearrange class variables to minimize storage padding.

- Add protected getters for EspnowMeshBackend and MeshBackendBase components.

- Partially update README.md

Author: aerlon

libraries/ESP8266WiFiMesh/README.md

@@ -138,9 +138,9 @@ void networkFilter(int numberOfNetworks, MeshBackendBase &meshInstance) {
 
       if (targetNodeID < TypeCast::stringToUint64(meshInstance.getNodeID())) {
         if (EspnowMeshBackend *espnowInstance = TypeCast::meshBackendCast<EspnowMeshBackend *>(&meshInstance)) {
-          espnowInstance->connectionQueue().push_back(networkIndex);
+          espnowInstance->connectionQueue().emplace_back(networkIndex);
         } else if (TcpIpMeshBackend *tcpIpInstance = TypeCast::meshBackendCast<TcpIpMeshBackend *>(&meshInstance)) {
-          tcpIpInstance->connectionQueue().push_back(networkIndex);
+          tcpIpInstance->connectionQueue().emplace_back(networkIndex);
         } else {
           Serial.println(F("Invalid mesh backend!"));
         }

libraries/ESP8266WiFiMesh/examples/HelloEspnow/HelloEspnow.ino

@@ -117,9 +117,9 @@ void networkFilter(int numberOfNetworks, MeshBackendBase &meshInstance) {
 
       if (targetNodeID < TypeCast::stringToUint64(meshInstance.getNodeID())) {
         if (EspnowMeshBackend *espnowInstance = TypeCast::meshBackendCast<EspnowMeshBackend *>(&meshInstance)) {
-          espnowInstance->connectionQueue().push_back(networkIndex);
+          espnowInstance->connectionQueue().emplace_back(networkIndex);
         } else if (TcpIpMeshBackend *tcpIpInstance = TypeCast::meshBackendCast<TcpIpMeshBackend *>(&meshInstance)) {
-          tcpIpInstance->connectionQueue().push_back(networkIndex);
+          tcpIpInstance->connectionQueue().emplace_back(networkIndex);
         } else {
           Serial.println(F("Invalid mesh backend!"));
         }

libraries/ESP8266WiFiMesh/examples/HelloTcpIp/HelloTcpIp.ino

@@ -50,8 +50,9 @@ EncryptedConnectionData::EncryptedConnectionData(const uint8_t peerStaMac[6], co
 }
 
 EncryptedConnectionData::EncryptedConnectionData(const EncryptedConnectionData &other)
-  : _peerSessionKey(other.getPeerSessionKey()), _ownSessionKey(other.getOwnSessionKey()), _desync(other.desync()),
-    _timeTracker(other.temporary() ? new ExpiringTimeTracker(*other.temporary()) : nullptr)
+  : _peerSessionKey(other.getPeerSessionKey()), _ownSessionKey(other.getOwnSessionKey()),
+    _timeTracker(other.temporary() ? new ExpiringTimeTracker(*other.temporary()) : nullptr),
+    _desync(other.desync())
 {
   other.getPeerStaMac(_peerStaMac);
   other.getPeerApMac(_peerApMac);
@@ -132,16 +133,16 @@ uint64_t EncryptedConnectionData::getOwnSessionKey() const { return _ownSessionK
 uint64_t EncryptedConnectionData::incrementSessionKey(const uint64_t sessionKey, const uint8_t *hashKey, const uint8_t hashKeyLength)
 {
   uint8_t inputArray[8] {0};
-  uint8_t hmacArray[CryptoInterface::SHA256_NATURAL_LENGTH] {0};
-  CryptoInterface::sha256Hmac(TypeCast::uint64ToUint8Array(sessionKey, inputArray), 8, hashKey, hashKeyLength, hmacArray, CryptoInterface::SHA256_NATURAL_LENGTH);
+  uint8_t hmacArray[experimental::crypto::SHA256::NATURAL_LENGTH] {0};
+  experimental::crypto::SHA256::hmac(TypeCast::uint64ToUint8Array(sessionKey, inputArray), 8, hashKey, hashKeyLength, hmacArray, experimental::crypto::SHA256::NATURAL_LENGTH);
 
   /* HMAC truncation should be OK since hmac sha256 is a PRF and we are truncating to the leftmost (MSB) bits.
   PRF: https://crypto.stackexchange.com/questions/26410/whats-the-gcm-sha-256-of-a-tls-protocol/26434#26434
   Truncate to leftmost bits: https://tools.ietf.org/html/rfc2104#section-5 */
   uint64_t newLeftmostBits = TypeCast::uint8ArrayToUint64(hmacArray) & EspnowProtocolInterpreter::uint64LeftmostBits;
 
   if(newLeftmostBits == 0)
-    newLeftmostBits = ((uint64_t)RANDOM_REG32 | (1 << 31)) << 32; // We never want newLeftmostBits == 0 since that would indicate an unencrypted transmission.
+    newLeftmostBits = ((uint64_t)ESP.random() | (1 << 31)) << 32; // We never want newLeftmostBits == 0 since that would indicate an unencrypted transmission.
 
   uint64_t newRightmostBits = (uint32_t)(sessionKey + 1);
 

libraries/ESP8266WiFiMesh/src/CryptoInterface.cpp

@@ -90,9 +90,9 @@ class EncryptedConnectionData {
   uint8_t _peerApMac[6] {0};
   uint64_t _peerSessionKey;
   uint64_t _ownSessionKey;
+  std::unique_ptr<ExpiringTimeTracker> _timeTracker = nullptr;
   uint8_t _hashKey[EspnowProtocolInterpreter::hashKeyLength] {0};
   bool _desync = false;
-  std::unique_ptr<ExpiringTimeTracker> _timeTracker = nullptr;
 };
 
 #endif

libraries/ESP8266WiFiMesh/src/CryptoInterface.h

@@ -140,13 +140,13 @@ class EspnowConnectionManager
 
   ConditionalPrinter & _conditionalPrinter;
   EspnowDatabase & _database;
-
-  uint8_t _encryptedConnectionsSoftLimit = 6;
+  
+  static ConnectionType getConnectionInfoHelper(const EncryptedConnectionLog *encryptedConnection, uint32_t *remainingDuration, uint8_t *peerMac = nullptr);
 
   uint8_t _espnowEncryptedConnectionKey[EspnowProtocolInterpreter::encryptedConnectionKeyLength] {0};
   uint8_t _espnowHashKey[EspnowProtocolInterpreter::hashKeyLength] {0};
-
-  static ConnectionType getConnectionInfoHelper(const EncryptedConnectionLog *encryptedConnection, uint32_t *remainingDuration, uint8_t *peerMac = nullptr);
+  
+  uint8_t _encryptedConnectionsSoftLimit = 6;
 };
 
 #endif

libraries/ESP8266WiFiMesh/src/EncryptedConnectionData.cpp

@@ -202,11 +202,6 @@ class EspnowDatabase
   ConditionalPrinter & _conditionalPrinter;
 
   uint32_t _autoEncryptionDuration = 50;
-
-  uint8_t _senderMac[6] = {0};
-  uint8_t _senderAPMac[6] = {0};
-
-  uint8 _espnowWiFiChannel;
 
   template <typename T, typename U>
   static void deleteExpiredLogEntries(std::map<std::pair<U, uint64_t>, T> &logEntries, const uint32_t maxEntryLifetimeMs);
@@ -218,6 +213,11 @@ class EspnowDatabase
 
   template <typename T>
   static void deleteExpiredLogEntries(std::list<T> &logEntries, const uint32_t maxEntryLifetimeMs);
+
+  uint8_t _senderMac[6] = {0};
+  uint8_t _senderAPMac[6] = {0};
+  
+  uint8 _espnowWiFiChannel;
 };
 
 #endif

libraries/ESP8266WiFiMesh/src/EncryptedConnectionData.h

@@ -37,10 +37,10 @@ namespace
   namespace TypeCast = MeshTypeConversionFunctions;
 
   String _ongoingPeerRequestNonce;
-  uint8_t _ongoingPeerRequestMac[6] = {0};
   EspnowMeshBackend *_ongoingPeerRequester = nullptr;
   EncryptedConnectionStatus _ongoingPeerRequestResult = EncryptedConnectionStatus::MAX_CONNECTIONS_REACHED_SELF;
   ExpiringTimeTracker _ongoingPeerRequestEncryptionTimeout([](){ return EspnowDatabase::getEncryptionRequestTimeout(); });
+  uint8_t _ongoingPeerRequestMac[6] = {0};
   bool _reciprocalPeerRequestConfirmation = false;
 }
 
@@ -465,7 +465,7 @@ bool EspnowEncryptionBroker::verifyEncryptionRequestHmac(const String &encryptio
     if(hmacStartIndex < 0)
       return false;
 
-    if(hmac.length() == 2*CryptoInterface::SHA256_NATURAL_LENGTH // We know that each HMAC byte should become 2 String characters due to uint8ArrayToHexString.
+    if(hmac.length() == 2*experimental::crypto::SHA256::NATURAL_LENGTH // We know that each HMAC byte should become 2 String characters due to uint8ArrayToHexString.
        && verifyMeshHmac(TypeCast::macToString(requesterStaMac) + TypeCast::macToString(requesterApMac) + encryptionRequestHmacMessage.substring(0, hmacStartIndex), hmac, hashKey, hashKeyLength))
     {
       return true;