From 0193464f92e90f765242b6ce0837f009ee611cdb Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" <nick@koston.org>
Date: Mon, 19 Jan 2026 17:34:49 -1000
Subject: [PATCH] [dsmr] Avoid std::string allocation for decryption key
 (#13375)

---
 esphome/components/dsmr/__init__.py | 22 +++-------------------
 esphome/components/dsmr/dsmr.cpp    | 19 +++++++------------
 esphome/components/dsmr/dsmr.h      |  2 +-
 esphome/config_validation.py        |  8 ++++----
 4 files changed, 15 insertions(+), 36 deletions(-)

diff --git a/esphome/components/dsmr/__init__.py b/esphome/components/dsmr/__init__.py
index 0ba68daf5d..386da3ce21 100644
--- a/esphome/components/dsmr/__init__.py
+++ b/esphome/components/dsmr/__init__.py
@@ -25,29 +25,13 @@ dsmr_ns = cg.esphome_ns.namespace("esphome::dsmr")
 Dsmr = dsmr_ns.class_("Dsmr", cg.Component, uart.UARTDevice)
 
 
-def _validate_key(value):
-    value = cv.string_strict(value)
-    parts = [value[i : i + 2] for i in range(0, len(value), 2)]
-    if len(parts) != 16:
-        raise cv.Invalid("Decryption key must consist of 16 hexadecimal numbers")
-    parts_int = []
-    if any(len(part) != 2 for part in parts):
-        raise cv.Invalid("Decryption key must be format XX")
-    for part in parts:
-        try:
-            parts_int.append(int(part, 16))
-        except ValueError:
-            # pylint: disable=raise-missing-from
-            raise cv.Invalid("Decryption key must be hex values from 00 to FF")
-
-    return "".join(f"{part:02X}" for part in parts_int)
-
-
 CONFIG_SCHEMA = cv.All(
     cv.Schema(
         {
             cv.GenerateID(): cv.declare_id(Dsmr),
-            cv.Optional(CONF_DECRYPTION_KEY): _validate_key,
+            cv.Optional(CONF_DECRYPTION_KEY): lambda value: cv.bind_key(
+                value, name="Decryption key"
+            ),
             cv.Optional(CONF_CRC_CHECK, default=True): cv.boolean,
             cv.Optional(CONF_GAS_MBUS_ID, default=1): cv.int_,
             cv.Optional(CONF_WATER_MBUS_ID, default=2): cv.int_,
diff --git a/esphome/components/dsmr/dsmr.cpp b/esphome/components/dsmr/dsmr.cpp
index 5c62aa93ab..c78d37bf5e 100644
--- a/esphome/components/dsmr/dsmr.cpp
+++ b/esphome/components/dsmr/dsmr.cpp
@@ -1,4 +1,5 @@
 #include "dsmr.h"
+#include "esphome/core/helpers.h"
 #include "esphome/core/log.h"
 
 #include <AES.h>
@@ -294,8 +295,8 @@ void Dsmr::dump_config() {
   DSMR_TEXT_SENSOR_LIST(DSMR_LOG_TEXT_SENSOR, )
 }
 
-void Dsmr::set_decryption_key(const std::string &decryption_key) {
-  if (decryption_key.empty()) {
+void Dsmr::set_decryption_key(const char *decryption_key) {
+  if (decryption_key == nullptr || decryption_key[0] == '\0') {
     ESP_LOGI(TAG, "Disabling decryption");
     this->decryption_key_.clear();
     if (this->crypt_telegram_ != nullptr) {
@@ -305,21 +306,15 @@ void Dsmr::set_decryption_key(const std::string &decryption_key) {
     return;
   }
 
-  if (decryption_key.length() != 32) {
-    ESP_LOGE(TAG, "Error, decryption key must be 32 character long");
+  if (!parse_hex(decryption_key, this->decryption_key_, 16)) {
+    ESP_LOGE(TAG, "Error, decryption key must be 32 hex characters");
+    this->decryption_key_.clear();
     return;
   }
-  this->decryption_key_.clear();
 
   ESP_LOGI(TAG, "Decryption key is set");
   // Verbose level prints decryption key
-  ESP_LOGV(TAG, "Using decryption key: %s", decryption_key.c_str());
-
-  char temp[3] = {0};
-  for (int i = 0; i < 16; i++) {
-    strncpy(temp, &(decryption_key.c_str()[i * 2]), 2);
-    this->decryption_key_.push_back(std::strtoul(temp, nullptr, 16));
-  }
+  ESP_LOGV(TAG, "Using decryption key: %s", decryption_key);
 
   if (this->crypt_telegram_ == nullptr) {
     this->crypt_telegram_ = new uint8_t[this->max_telegram_len_];  // NOLINT
diff --git a/esphome/components/dsmr/dsmr.h b/esphome/components/dsmr/dsmr.h
index 56ba75b5fa..b7e05a22b3 100644
--- a/esphome/components/dsmr/dsmr.h
+++ b/esphome/components/dsmr/dsmr.h
@@ -63,7 +63,7 @@ class Dsmr : public Component, public uart::UARTDevice {
 
   void dump_config() override;
 
-  void set_decryption_key(const std::string &decryption_key);
+  void set_decryption_key(const char *decryption_key);
   void set_max_telegram_length(size_t length) { this->max_telegram_len_ = length; }
   void set_request_pin(GPIOPin *request_pin) { this->request_pin_ = request_pin; }
   void set_request_interval(uint32_t interval) { this->request_interval_ = interval; }
diff --git a/esphome/config_validation.py b/esphome/config_validation.py
index 8e2fadbea8..b7ab02013d 100644
--- a/esphome/config_validation.py
+++ b/esphome/config_validation.py
@@ -1046,20 +1046,20 @@ def mac_address(value):
     return core.MACAddress(*parts_int)
 
 
-def bind_key(value):
+def bind_key(value, *, name="Bind key"):
     value = string_strict(value)
     parts = [value[i : i + 2] for i in range(0, len(value), 2)]
     if len(parts) != 16:
-        raise Invalid("Bind key must consist of 16 hexadecimal numbers")
+        raise Invalid(f"{name} must consist of 16 hexadecimal numbers")
     parts_int = []
     if any(len(part) != 2 for part in parts):
-        raise Invalid("Bind key must be format XX")
+        raise Invalid(f"{name} must be format XX")
     for part in parts:
         try:
             parts_int.append(int(part, 16))
         except ValueError:
             # pylint: disable=raise-missing-from
-            raise Invalid("Bind key must be hex values from 00 to FF")
+            raise Invalid(f"{name} must be hex values from 00 to FF")
 
     return "".join(f"{part:02X}" for part in parts_int)