Merge pull request #449 from ikalchev/v4.7.1

V4.7.1

Author: ikalchev

CHANGELOG.md

@@ -16,6 +16,11 @@ Sections
 ### Developers
 -->
 
+## [4.7.1] - 2023-07-31
+
+- Improve encryption performance. [#448](https://github.com/ikalchev/HAP-python/pull/448)
+- Switch timeouts to use `async_timeout`. [#447](https://github.com/ikalchev/HAP-python/pull/447)
+
 ## [4.7.0] - 2023-06-18
 
 - Allow passing multiple ip to advertise on to AccessoryDriver. [#442](https://github.com/ikalchev/HAP-python/pull/442)

pyhap/accessory.py

@@ -1,15 +1,15 @@
 """Module for the Accessory classes."""
 import itertools
 import logging
-
 from uuid import UUID
+
 from pyhap import SUPPORT_QR_CODE, util
 from pyhap.const import (
     CATEGORY_BRIDGE,
     CATEGORY_OTHER,
+    HAP_PROTOCOL_VERSION,
     HAP_REPR_AID,
     HAP_REPR_IID,
-    HAP_PROTOCOL_VERSION,
     HAP_REPR_SERVICES,
     HAP_REPR_VALUE,
     STANDALONE_AID,

pyhap/camera.py

@@ -18,18 +18,18 @@
 
 import asyncio
 import functools
-import os
 import ipaddress
 import logging
+import os
 import struct
 from uuid import UUID
 
-from pyhap import RESOURCE_DIR
+import async_timeout
+
+from pyhap import RESOURCE_DIR, tlv
 from pyhap.accessory import Accessory
 from pyhap.const import CATEGORY_CAMERA
-from pyhap.util import to_base64_str, byte_bool
-from pyhap import tlv
-
+from pyhap.util import byte_bool, to_base64_str
 
 SETUP_TYPES = {
     'SESSION_ID': b'\x01',
@@ -859,8 +859,8 @@ async def stop_stream(self, session_info):
             logger.info('[%s] Stopping stream.', session_id)
             try:
                 ffmpeg_process.terminate()
-                _, stderr = await asyncio.wait_for(
-                    ffmpeg_process.communicate(), timeout=2.0)
+                async with async_timeout.timeout(2.0):
+                    _, stderr = await ffmpeg_process.communicate()
                 logger.debug('Stream command stderr: %s', stderr)
             except asyncio.TimeoutError:
                 logger.error(

pyhap/const.py

@@ -1,7 +1,7 @@
 """This module contains constants used by other modules."""
 MAJOR_VERSION = 4
 MINOR_VERSION = 7
-PATCH_VERSION = 0
+PATCH_VERSION = 1
 __short_version__ = f"{MAJOR_VERSION}.{MINOR_VERSION}"
 __version__ = f"{__short_version__}.{PATCH_VERSION}"
 REQUIRED_PYTHON_VER = (3, 7)

pyhap/hap_crypto.py

@@ -1,7 +1,9 @@
 """This module partially implements crypto for HAP."""
 import logging
 import struct
-
+from functools import partial
+from typing import List
+from struct import Struct
 from chacha20poly1305_reuseable import ChaCha20Poly1305Reusable as ChaCha20Poly1305
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes
@@ -11,6 +13,9 @@
 
 CRYPTO_BACKEND = default_backend()
 
+PACK_NONCE = partial(Struct("<LQ").pack, 0)
+PACK_LENGTH = Struct("H").pack
+
 
 class HAP_CRYPTO:
     HKDF_KEYLEN = 32  # bytes, length of expanded HKDF keys
@@ -74,51 +79,54 @@ def decrypt(self) -> bytes:
         blocks are buffered locally.
         """
         result = b""
+        crypt_in_buffer = self._crypt_in_buffer
+        length_length = self.LENGTH_LENGTH
+        tag_length = HAP_CRYPTO.TAG_LENGTH
 
-        while len(self._crypt_in_buffer) > self.MIN_BLOCK_LENGTH:
-            block_length_bytes = self._crypt_in_buffer[: self.LENGTH_LENGTH]
+        while len(crypt_in_buffer) > self.MIN_BLOCK_LENGTH:
+            block_length_bytes = crypt_in_buffer[:length_length]
             block_size = struct.unpack("H", block_length_bytes)[0]
-            block_size_with_length = (
-                self.LENGTH_LENGTH + block_size + HAP_CRYPTO.TAG_LENGTH
-            )
+            block_size_with_length = length_length + block_size + tag_length
 
-            if len(self._crypt_in_buffer) < block_size_with_length:
+            if len(crypt_in_buffer) < block_size_with_length:
                 logger.debug("Incoming buffer does not have the full block")
                 return result
 
             # Trim off the length
-            del self._crypt_in_buffer[: self.LENGTH_LENGTH]
+            del crypt_in_buffer[:length_length]
 
-            data_size = block_size + HAP_CRYPTO.TAG_LENGTH
-            nonce = pad_tls_nonce(struct.pack("Q", self._in_count))
+            data_size = block_size + tag_length
+            nonce = PACK_NONCE(self._in_count)
 
             result += self._in_cipher.decrypt(
                 nonce,
-                bytes(self._crypt_in_buffer[:data_size]),
+                bytes(crypt_in_buffer[:data_size]),
                 bytes(block_length_bytes),
             )
 
             self._in_count += 1
 
             # Now trim out the decrypted data
-            del self._crypt_in_buffer[:data_size]
+            del crypt_in_buffer[:data_size]
 
         return result
 
     def encrypt(self, data: bytes) -> bytes:
         """Encrypt and send the return bytes."""
-        result = b""
+        result: List[bytes] = []
         offset = 0
         total = len(data)
         while offset < total:
             length = min(total - offset, self.MAX_BLOCK_LENGTH)
-            length_bytes = struct.pack("H", length)
+            length_bytes = PACK_LENGTH(length)
             block = bytes(data[offset : offset + length])
-            nonce = pad_tls_nonce(struct.pack("Q", self._out_count))
-            ciphertext = length_bytes + self._out_cipher.encrypt(
-                nonce, block, length_bytes
-            )
+            nonce = PACK_NONCE(self._out_count)
+            result.append(length_bytes)
+            result.append(self._out_cipher.encrypt(nonce, block, length_bytes))
             offset += length
             self._out_count += 1
-            result += ciphertext
-        return result
+
+        # Join the result once instead of concatenating each time
+        # as this is much faster than generating an new immutable
+        # byte string each time.
+        return b"".join(result)

pyhap/hap_handler.py

@@ -9,6 +9,7 @@
 from urllib.parse import ParseResult, parse_qs, urlparse
 import uuid
 
+import async_timeout
 from chacha20poly1305_reuseable import ChaCha20Poly1305Reusable as ChaCha20Poly1305
 from cryptography.exceptions import InvalidSignature, InvalidTag
 from cryptography.hazmat.primitives import serialization
@@ -93,6 +94,12 @@ class UnprivilegedRequestException(Exception):
     pass
 
 
+async def _run_with_timeout(coro, timeout: float) -> bytes:
+    """Run a coroutine with a timeout."""
+    async with async_timeout.timeout(timeout):
+        return await coro
+
+
 class HAPServerHandler:
     """Manages HAP connection state and handles incoming HTTP requests."""
 
@@ -820,7 +827,7 @@ def handle_resource(self) -> None:
                 'does not define a "get_snapshot" or "async_get_snapshot" method'
             )
 
-        task = asyncio.ensure_future(asyncio.wait_for(coro, RESPONSE_TIMEOUT))
+        task = asyncio.ensure_future(_run_with_timeout(coro, RESPONSE_TIMEOUT))
         self.send_response(HTTPStatus.OK)
         self.send_header("Content-Type", "image/jpeg")
         assert self.response is not None  # nosec

pyhap/hsrp.py

@@ -1,6 +1,7 @@
 # Server Side SRP implementation
 
 import os
+
 from .util import long_to_bytes
 
 

pyhap/util.py

@@ -5,6 +5,7 @@
 import socket
 from uuid import UUID
 
+import async_timeout
 import orjson
 
 from .const import BASE_UUID
@@ -135,7 +136,8 @@ async def event_wait(event, timeout):
     :rtype: bool
     """
     try:
-        await asyncio.wait_for(event.wait(), timeout)
+        async with async_timeout.timeout(timeout):
+            await event.wait()
     except asyncio.TimeoutError:
         pass
     return event.is_set()

setup.py

@@ -22,7 +22,14 @@
     README = f.read()
 
 
-REQUIRES = ["cryptography", "chacha20poly1305-reuseable", "orjson>=3.7.2", "zeroconf>=0.36.2", "h11"]
+REQUIRES = [
+    "async_timeout",
+    "cryptography",
+    "chacha20poly1305-reuseable",
+    "orjson>=3.7.2",
+    "zeroconf>=0.36.2",
+    "h11",
+]
 
 
 setup(