cremalink.local_server_app.protocol module

This module implements the low-level cryptographic protocol for communicating with the De’Longhi device over the local network. It handles session key derivation, payload encryption/decryption, and message signing.

cremalink.local_server_app.protocol.build_empty_payload(seq: int) → str[source]: Creates a JSON string for an empty command payload, used as a heartbeat.

cremalink.local_server_app.protocol.decrypt_payload(enc: str, crypto_key: bytes, iv_seed: bytes) → Tuple[bytes, bytes][source]

Decrypts a base64-encoded ciphertext and returns the new IV.

The IV for the next decryption is derived from the ciphertext of the current one.

Returns:: A tuple containing the decrypted plaintext (bytes) and the next IV.

cremalink.local_server_app.protocol.derive_keys(lan_key: str, random_1: str, random_2: str, time_1: str, time_2: str) → Tuple[bytes, bytes, bytes, bytes, bytes][source]

Derives all necessary session keys from the initial key exchange parameters.

The key derivation process is a specific, non-standard protocol that uses a series of HMAC-SHA256 operations on concatenated inputs (random values, timestamps, and a final byte that varies for each key type). This creates unique keys for signing, client-side encryption, and server-side encryption.

Parameters:

lan_key – The main secret key for the device on the LAN.
random_1 – The random value from the device (client).
random_2 – The random value from this server (host).
time_1 – The timestamp from the device (client).
time_2 – The timestamp from this server (host).

Returns:

(app_sign_key, app_crypto_key, app_iv_seed, dev_crypto_key, dev_iv_seed)

Return type:

A tuple containing the five derived keys

cremalink.local_server_app.protocol.encrypt_payload(payload: str, crypto_key: bytes, iv_seed: bytes) → Tuple[str, bytes][source]

Encrypts a payload string using AES-CBC and returns the new IV.

The IV for the next encryption is derived from the ciphertext of the current one.

Returns:: A tuple containing the base64-encoded ciphertext and the next IV.

cremalink.local_server_app.protocol.pad_seq(seq: int) → str[source]: Pads the sequence number as a string (currently a no-op).

cremalink.local_server_app.protocol.sign_payload(payload: str, sign_key: bytes) → str[source]: Signs a payload string using HMAC-SHA256 and returns the base64-encoded signature.