wifi_prov: Update behaviour for wifi_prov_mgr_start_provisioning to avoid breaking the usage for sec1

This commit is contained in:
Aditya Patwardhan 2022-09-06 16:30:12 +05:30
parent d39da71671
commit 6f69097815
5 changed files with 46 additions and 14 deletions

View File

@ -188,11 +188,13 @@ typedef struct {
* These are same as the security modes provided by protocomm
*/
typedef enum wifi_prov_security {
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
/**
* No security (plain-text communication)
*/
WIFI_PROV_SECURITY_0 = 0,
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
/**
* This secure communication mode consists of
* X25519 key exchange
@ -200,16 +202,27 @@ typedef enum wifi_prov_security {
* + AES-CTR encryption
*/
WIFI_PROV_SECURITY_1,
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
/**
* This secure communication mode consists of
* SRP6a based authentication and key exchange
* + AES-GCM encryption/decryption
*/
WIFI_PROV_SECURITY_2
#endif
} wifi_prov_security_t;
typedef protocomm_security1_params_t wifi_prov_security1_params_t;
/**
* @brief Security 1 params structure
* This needs to be passed when using WIFI_PROV_SECURITY_1
*/
typedef const char wifi_prov_security1_params_t;
/**
* @brief Security 2 params structure
* This needs to be passed when using WIFI_PROV_SECURITY_2
*/
typedef protocomm_security2_params_t wifi_prov_security2_params_t;
/**

View File

@ -600,6 +600,12 @@ static bool wifi_prov_mgr_stop_service(bool blocking)
/* Free proof of possession */
if (prov_ctx->protocomm_sec_params) {
if (prov_ctx->security == 1) {
// In case of security 1 we keep an internal copy of "pop".
// Hence free it at this point
uint8_t *pop = (uint8_t *)((protocomm_security1_params_t *) prov_ctx->protocomm_sec_params)->data;
free(pop);
}
prov_ctx->protocomm_sec_params = NULL;
}
@ -1474,20 +1480,38 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const
goto err;
}
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
/* Initialize app data */
if (security == WIFI_PROV_SECURITY_0) {
prov_ctx->mgr_info.capabilities.no_sec = true;
} else if (security == WIFI_PROV_SECURITY_1) {
} else
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
if (security == WIFI_PROV_SECURITY_1) {
if (wifi_prov_sec_params) {
prov_ctx->protocomm_sec_params = wifi_prov_sec_params;
static protocomm_security1_params_t sec1_params;
// Generate internal copy of "pop", that shall be freed at the end
char *pop = strdup(wifi_prov_sec_params);
if (pop == NULL) {
ESP_LOGE(TAG, "Failed to allocate memory for pop");
ret = ESP_ERR_NO_MEM;
goto err;
}
sec1_params.data = (const uint8_t *)pop;
sec1_params.len = strlen(pop);
prov_ctx->protocomm_sec_params = (const void *) &sec1_params;
} else {
prov_ctx->mgr_info.capabilities.no_pop = true;
}
} else if (security == WIFI_PROV_SECURITY_2) {
} else
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
if (security == WIFI_PROV_SECURITY_2) {
if (wifi_prov_sec_params) {
prov_ctx->protocomm_sec_params = wifi_prov_sec_params;
}
}
#endif
prov_ctx->security = security;

View File

@ -146,7 +146,6 @@ Security1 scheme details are shown in the below sequence diagram -
CLIENT -> CLIENT [label = "Verify Device", rightnote = "check (cli_pubkey == aes_ctr_dec(dev_verify...)"];
}
.. note:: We shall soon migrate to ``Security2 scheme`` as the default scheme in our examples as it provides enhanced security. This change shall be done once we have our phone apps (Android/iOS) upgraded to handle ``Security2 scheme``.
Security2 Scheme
>>>>>>>>>>>>>>>>

View File

@ -14,8 +14,7 @@ Wi-Fi Provisioning
------------------
.. list::
* The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. Please use the ``wifi_prov_sec_params`` field instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`.
* The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. For backward compatibility, ``pop`` can be still passed as a string for security1. However for Security2 the ``wifi_prov_sec_params`` argument needs to be passed instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`. For security 1 the behaviour and the usage of the API remains same.
* The API :cpp:func:`wifi_prov_mgr_is_provisioned` does not return :c:macro:`ESP_ERR_INVALID_STATE` error any more. This API now works without any dependency on provisioning manager initialization state.
ESP Local Control

View File

@ -343,11 +343,8 @@ void app_main(void)
* for the protocomm security 1.
* This does not need not be static i.e. could be dynamically allocated
*/
wifi_prov_security1_params_t sec1_params = {
.data = (const uint8_t *)pop,
.len = strlen(pop),
};
wifi_prov_security1_params_t *sec_params = &sec1_params;
wifi_prov_security1_params_t *sec_params = pop;
const char *username = NULL;
#elif CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2