alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

wifi_prov: Update behaviour for wifi_prov_mgr_start_provisioning to avoid breaking the usage for sec1

Browse Source
This commit is contained in:
Aditya Patwardhan 2022-09-06 16:30:12 +05:30
parent d39da71671
commit 6f69097815
5 changed files with 46 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
components/wifi_provisioning/include/wifi_provisioning/manager.h
View File

@ -188,11 +188,13 @@ typedef struct {
* These are same as the security modes provided by protocomm * These are same as the security modes provided by protocomm
*/ */
typedef enum wifi_prov_security { typedef enum wifi_prov_security {
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
/** /**
* No security (plain-text communication) * No security (plain-text communication)
*/ */
WIFI_PROV_SECURITY_0 = 0, WIFI_PROV_SECURITY_0 = 0,
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
/** /**
* This secure communication mode consists of * This secure communication mode consists of
* X25519 key exchange * X25519 key exchange
@ -200,16 +202,27 @@ typedef enum wifi_prov_security {
* + AES-CTR encryption * + AES-CTR encryption
*/ */
WIFI_PROV_SECURITY_1, WIFI_PROV_SECURITY_1,
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
/** /**
* This secure communication mode consists of * This secure communication mode consists of
* SRP6a based authentication and key exchange * SRP6a based authentication and key exchange
* + AES-GCM encryption/decryption * + AES-GCM encryption/decryption
*/ */
WIFI_PROV_SECURITY_2 WIFI_PROV_SECURITY_2
#endif
} wifi_prov_security_t; } wifi_prov_security_t;
typedef protocomm_security1_params_t wifi_prov_security1_params_t; /**
* @brief Security 1 params structure
* This needs to be passed when using WIFI_PROV_SECURITY_1
*/
typedef const char wifi_prov_security1_params_t;
/**
* @brief Security 2 params structure
* This needs to be passed when using WIFI_PROV_SECURITY_2
*/
typedef protocomm_security2_params_t wifi_prov_security2_params_t; typedef protocomm_security2_params_t wifi_prov_security2_params_t;
/** /**

30
components/wifi_provisioning/src/manager.c
View File

@ -600,6 +600,12 @@ static bool wifi_prov_mgr_stop_service(bool blocking)
/* Free proof of possession */ /* Free proof of possession */
if (prov_ctx->protocomm_sec_params) { if (prov_ctx->protocomm_sec_params) {
if (prov_ctx->security == 1) {
// In case of security 1 we keep an internal copy of "pop".
// Hence free it at this point
uint8_t *pop = (uint8_t *)((protocomm_security1_params_t *) prov_ctx->protocomm_sec_params)->data;
free(pop);
}
prov_ctx->protocomm_sec_params = NULL; prov_ctx->protocomm_sec_params = NULL;
} }
@ -1474,20 +1480,38 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const
goto err; goto err;
} }
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
/* Initialize app data */ /* Initialize app data */
if (security == WIFI_PROV_SECURITY_0) { if (security == WIFI_PROV_SECURITY_0) {
prov_ctx->mgr_info.capabilities.no_sec = true; prov_ctx->mgr_info.capabilities.no_sec = true;
} else if (security == WIFI_PROV_SECURITY_1) { } else
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
if (security == WIFI_PROV_SECURITY_1) {
if (wifi_prov_sec_params) { if (wifi_prov_sec_params) {
prov_ctx->protocomm_sec_params = wifi_prov_sec_params; static protocomm_security1_params_t sec1_params;
// Generate internal copy of "pop", that shall be freed at the end
char *pop = strdup(wifi_prov_sec_params);
if (pop == NULL) {
ESP_LOGE(TAG, "Failed to allocate memory for pop");
ret = ESP_ERR_NO_MEM;
goto err;
}
sec1_params.data = (const uint8_t *)pop;
sec1_params.len = strlen(pop);
prov_ctx->protocomm_sec_params = (const void *) &sec1_params;
} else { } else {
prov_ctx->mgr_info.capabilities.no_pop = true; prov_ctx->mgr_info.capabilities.no_pop = true;
} }
} else if (security == WIFI_PROV_SECURITY_2) { } else
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
if (security == WIFI_PROV_SECURITY_2) {
if (wifi_prov_sec_params) { if (wifi_prov_sec_params) {
prov_ctx->protocomm_sec_params = wifi_prov_sec_params; prov_ctx->protocomm_sec_params = wifi_prov_sec_params;
} }
} }
#endif
prov_ctx->security = security; prov_ctx->security = security;

1
docs/en/api-reference/provisioning/provisioning.rst
View File

@ -146,7 +146,6 @@ Security1 scheme details are shown in the below sequence diagram -
CLIENT -> CLIENT [label = "Verify Device", rightnote = "check (cli_pubkey == aes_ctr_dec(dev_verify...)"]; CLIENT -> CLIENT [label = "Verify Device", rightnote = "check (cli_pubkey == aes_ctr_dec(dev_verify...)"];
} }
.. note:: We shall soon migrate to ``Security2 scheme`` as the default scheme in our examples as it provides enhanced security. This change shall be done once we have our phone apps (Android/iOS) upgraded to handle ``Security2 scheme``.
Security2 Scheme Security2 Scheme
>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>

3
docs/en/migration-guides/release-5.x/provisioning.rst
View File

@ -14,8 +14,7 @@ Wi-Fi Provisioning
------------------ ------------------
.. list:: .. list::
* The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. Please use the ``wifi_prov_sec_params`` field instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`. * The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. For backward compatibility, ``pop`` can be still passed as a string for security1. However for Security2 the ``wifi_prov_sec_params`` argument needs to be passed instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`. For security 1 the behaviour and the usage of the API remains same.
* The API :cpp:func:`wifi_prov_mgr_is_provisioned` does not return :c:macro:`ESP_ERR_INVALID_STATE` error any more. This API now works without any dependency on provisioning manager initialization state. * The API :cpp:func:`wifi_prov_mgr_is_provisioned` does not return :c:macro:`ESP_ERR_INVALID_STATE` error any more. This API now works without any dependency on provisioning manager initialization state.
ESP Local Control ESP Local Control

7
examples/provisioning/wifi_prov_mgr/main/app_main.c
View File

@ -343,11 +343,8 @@ void app_main(void)
* for the protocomm security 1. * for the protocomm security 1.
* This does not need not be static i.e. could be dynamically allocated * This does not need not be static i.e. could be dynamically allocated
*/ */
wifi_prov_security1_params_t sec1_params = { wifi_prov_security1_params_t *sec_params = pop;
.data = (const uint8_t *)pop,
.len = strlen(pop),
};
wifi_prov_security1_params_t *sec_params = &sec1_params;
const char *username = NULL; const char *username = NULL;
#elif CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2 #elif CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2