feat: Add Protocol 3.4 Session Key Negotiation #284
Description
feat: Add Protocol 3.4 Session Key Negotiation
Summary
Protocol 3.4 devices require a 3-way session key negotiation before encrypted
communication can begin. This is required for some newer Eufy vacuum models.
Technical Details
Based on tinytuya protocol notes:
Session Key Negotiation Flow
- Client → Device: Send 16-byte nonce
- Device → Client: Respond with 16-byte device nonce + 32-byte HMAC-SHA256
of client nonce - Client → Device: Send 32-byte HMAC-SHA256 of device nonce
Session Key Calculation
tmp_key = bytes([a^b for (a,b) in zip(device_nonce, client_nonce)])
cipher = AESCipher(real_key)
session_key = cipher.encrypt(tmp_key, use_base64=False, pad=False, iv=client_nonce[:12])[12:28]Known quirk: If the first byte of the resulting session key is 0x00, the
device considers it invalid and negotiation must restart.
Current State
- ✅ Protocol 3.4 HMAC-SHA256 checksum support added
- ❌ Session key negotiation not implemented
Affected Models (Suspected)
Models that may require session key negotiation:
- T2266 (X8 Pro) - Issue [T2266] Add support for RoboVac X8 Pro #101
- T2265 (L50) - Issue [MODEL] Add support for RoboVac model L50 #245
- T2070 (E20 3-in-1) - Issues [T2070] Add support for RoboVac model 3-in-1 E20 #156, [MODEL] Add support for RoboVac model T2070G10 (E20 3-in-1) #274
- Other newer models released after 2023
Implementation Notes
- Session keys are per-connection and must be renegotiated on reconnect
- The existing
TuyaCipherclass will need modification to support session keys - Connection flow in
TuyaDeviceneeds to include negotiation step