Skip to content

Skip GCM auth on ESP8266 when no auth key is set (align with ESP32)#1214

Open
gskjold wants to merge 1 commit into
mainfrom
fix/gcm-esp8266-optional-auth
Open

Skip GCM auth on ESP8266 when no auth key is set (align with ESP32)#1214
gskjold wants to merge 1 commit into
mainfrom
fix/gcm-esp8266-optional-auth

Conversation

@gskjold

@gskjold gskjold commented Jun 18, 2026

Copy link
Copy Markdown
Member

Summary

Aligns the ESP8266 GCM path with ESP32/native: when no authentication key is configured, decrypt without verifying the GCM tag instead of failing.

Background

The ESP8266 (BearSSL) path enforced the GCM tag whenever the frame's security byte requested authentication, regardless of whether an AK was configured — it gated the tag check on authkeylen > 0. The ESP32 and native (mbedTLS) paths instead gate on authenticate, which is true only when the AK has a non-zero byte. So a blank AK already meant "decrypt without auth" on ESP32, but failed with -51 on ESP8266.

Change

One-line alignment in GcmParser.cpp (ESP8266 branch):

-        if(authkeylen > 0 && br_gcm_check_tag_trunc(&gcmCtx, authentication_tag, authkeylen) != 1) {
+        if(authenticate && br_gcm_check_tag_trunc(&gcmCtx, authentication_tag, authkeylen) != 1) {
             return GCM_AUTH_FAILED;
         }
  • Meters configured with an auth key: unchanged — the tag is still verified.
  • Meters configured without an auth key: the frame is decrypted with the encryption key alone and the tag is not checked (no integrity guarantee — opt-in by leaving the AK blank), matching ESP32.

Why

Some meters use a non-standard authentication scheme that doesn't verify against the DLMS SC ‖ AK AAD, so they can only be read with the encryption key. The Polish Stoen / Elgama GAMA 350 (#1198) is one such case — the reference ESPHome component decrypts with the EK only and skips authentication. This change lets such meters be read on ESP8266 the same way they already can be on ESP32 (by leaving the auth key blank). Note the ~580 B GAMA 350 telegram still realistically needs an ESP32 for buffer reasons.

Testing

  • Native decoder suite: 16/16 pass, including a new test_encrypted_decode_without_authkey that decodes an authenticated fixture (issued with an AK) using the EK only / AK omitted, locking the cross-platform "blank AK skips auth" contract.
  • esp8266 builds clean.

The native test exercises the mbedTLS path; the ESP8266 br_gcm line is platform-gated and can't be unit-tested on host, but it now mirrors the covered ESP32/native logic.

Refs #1198.

@gskjold @claude
Skip GCM authentication on ESP8266 when no auth key is set
90335a3 
The ESP8266 BearSSL path enforced the GCM tag whenever the frame's security
byte requested authentication (authkeylen > 0), even with a blank authentication
key — diverging from the ESP32/native mbedTLS paths, which gate tag verification
on `authenticate` (true only when the AK has a non-zero byte). Align ESP8266 to
the same rule: with a blank AK, decrypt without verifying the tag.

This lets meters that use a non-standard authentication scheme (e.g. the Polish
Stoen/Elgama GAMA 350, issue #1198) be read with the encryption key alone, on
both platforms.

Adds a native test that decodes an authenticated fixture with the AK omitted to
lock the cross-platform "blank AK skips auth" contract.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@gskjold gskjold mentioned this pull request Jun 18, 2026
Open
@github-actions

github-actions Bot commented Jun 18, 2026

Copy link
Copy Markdown

🔧 PR Build Artifacts

Version: 90335a3

All environments built successfully. Download the zip files:

Artifacts expire after 7 days. View workflow run

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gskjold