mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
wifi_prov: Exposed events for secure session establishment
This commit is contained in:
parent
d3c99ed3b8
commit
fcb98e5851
@ -7,11 +7,25 @@
|
||||
#pragma once
|
||||
|
||||
#include <esp_err.h>
|
||||
#include "esp_event.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
ESP_EVENT_DECLARE_BASE(PROTOCOMM_SECURITY_SESSION_EVENT);
|
||||
|
||||
/**
|
||||
* @brief Events generated by the protocomm security layer
|
||||
*
|
||||
* These events are generated while establishing secured session.
|
||||
*/
|
||||
typedef enum {
|
||||
PROTOCOMM_SECURITY_SESSION_SETUP_OK, /**< Secured session established successfully */
|
||||
PROTOCOMM_SECURITY_SESSION_INVALID_SECURITY_PARAMS, /**< Received invalid (NULL) security parameters (username / client public-key) */
|
||||
PROTOCOMM_SECURITY_SESSION_CREDENTIALS_MISMATCH, /**< Received incorrect credentials (username / PoP) */
|
||||
} protocomm_security_session_event_t;
|
||||
|
||||
/**
|
||||
* @brief Protocomm Security 1 parameters: Proof Of Possession
|
||||
*/
|
||||
|
@ -42,6 +42,13 @@
|
||||
|
||||
static const char* TAG = "security1";
|
||||
|
||||
/*NOTE: As both the security schemes share the events,
|
||||
* we need to define the event base only once.
|
||||
*/
|
||||
#ifndef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
|
||||
ESP_EVENT_DEFINE_BASE(PROTOCOMM_SECURITY_SESSION_EVENT);
|
||||
#endif
|
||||
|
||||
#define PUBLIC_KEY_LEN 32
|
||||
#define SZ_RANDOM 16
|
||||
|
||||
@ -127,6 +134,9 @@ static esp_err_t handle_session_command1(session_t *cur_session,
|
||||
sizeof(cur_session->device_pubkey)) != 0) {
|
||||
ESP_LOGE(TAG, "Key mismatch. Close connection");
|
||||
mbedtls_aes_free(&cur_session->ctx_aes);
|
||||
if (esp_event_post(PROTOCOMM_SECURITY_SESSION_EVENT, PROTOCOMM_SECURITY_SESSION_CREDENTIALS_MISMATCH, NULL, 0, portMAX_DELAY) != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to post credential mismatch event");
|
||||
}
|
||||
return ESP_FAIL;
|
||||
}
|
||||
|
||||
@ -178,6 +188,10 @@ static esp_err_t handle_session_command1(session_t *cur_session,
|
||||
resp->sec1 = out;
|
||||
|
||||
cur_session->state = SESSION_STATE_DONE;
|
||||
if (esp_event_post(PROTOCOMM_SECURITY_SESSION_EVENT, PROTOCOMM_SECURITY_SESSION_SETUP_OK, NULL, 0, portMAX_DELAY) != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to post secure session setup success event");
|
||||
}
|
||||
|
||||
ESP_LOGD(TAG, "Secure session established successfully");
|
||||
return ESP_OK;
|
||||
}
|
||||
@ -202,6 +216,9 @@ static esp_err_t handle_session_command0(session_t *cur_session,
|
||||
|
||||
if (in->sc0->client_pubkey.len != PUBLIC_KEY_LEN) {
|
||||
ESP_LOGE(TAG, "Invalid public key length");
|
||||
if (esp_event_post(PROTOCOMM_SECURITY_SESSION_EVENT, PROTOCOMM_SECURITY_SESSION_INVALID_SECURITY_PARAMS, NULL, 0, portMAX_DELAY) != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to post secure session invalid security params event");
|
||||
}
|
||||
return ESP_ERR_INVALID_ARG;
|
||||
}
|
||||
|
||||
|
@ -27,6 +27,8 @@
|
||||
|
||||
static const char *TAG = "security2";
|
||||
|
||||
ESP_EVENT_DEFINE_BASE(PROTOCOMM_SECURITY_SESSION_EVENT);
|
||||
|
||||
#define SALT_LEN (16)
|
||||
#define PUBLIC_KEY_LEN (384)
|
||||
#define CLIENT_PROOF_LEN (64)
|
||||
@ -81,11 +83,17 @@ static esp_err_t handle_session_command0(session_t *cur_session,
|
||||
|
||||
if (in->sc0->client_pubkey.len != PUBLIC_KEY_LEN) {
|
||||
ESP_LOGE(TAG, "Invalid public key length");
|
||||
if (esp_event_post(PROTOCOMM_SECURITY_SESSION_EVENT, PROTOCOMM_SECURITY_SESSION_INVALID_SECURITY_PARAMS, NULL, 0, portMAX_DELAY) != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to post secure session invalid security params event");
|
||||
}
|
||||
return ESP_ERR_INVALID_ARG;
|
||||
}
|
||||
|
||||
if (in->sc0->client_username.len <= 0) {
|
||||
ESP_LOGE(TAG, "Invalid username");
|
||||
if (esp_event_post(PROTOCOMM_SECURITY_SESSION_EVENT, PROTOCOMM_SECURITY_SESSION_INVALID_SECURITY_PARAMS, NULL, 0, portMAX_DELAY) != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to post secure session invalid security params event");
|
||||
}
|
||||
return ESP_ERR_INVALID_ARG;
|
||||
}
|
||||
|
||||
@ -214,6 +222,9 @@ static esp_err_t handle_session_command1(session_t *cur_session,
|
||||
if (esp_srp_exchange_proofs(cur_session->srp_hd, cur_session->username, cur_session->username_len, (char * ) in->sc1->client_proof.data, device_proof) != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to authenticate client proof!");
|
||||
free(device_proof);
|
||||
if (esp_event_post(PROTOCOMM_SECURITY_SESSION_EVENT, PROTOCOMM_SECURITY_SESSION_CREDENTIALS_MISMATCH, NULL, 0, portMAX_DELAY) != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to post credential mismatch event");
|
||||
}
|
||||
return ESP_FAIL;
|
||||
}
|
||||
hexdump("Device proof", device_proof, CLIENT_PROOF_LEN);
|
||||
@ -265,6 +276,9 @@ static esp_err_t handle_session_command1(session_t *cur_session,
|
||||
resp->sec2 = out;
|
||||
|
||||
cur_session->state = SESSION_STATE_DONE;
|
||||
if (esp_event_post(PROTOCOMM_SECURITY_SESSION_EVENT, PROTOCOMM_SECURITY_SESSION_SETUP_OK, NULL, 0, portMAX_DELAY) != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to post secure session setup success event");
|
||||
}
|
||||
ESP_LOGD(TAG, "Secure session established successfully");
|
||||
return ESP_OK;
|
||||
}
|
||||
|
@ -194,6 +194,20 @@ static void event_handler(void* arg, esp_event_base_t event_base,
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
} else if (event_base == PROTOCOMM_SECURITY_SESSION_EVENT) {
|
||||
switch (event_id) {
|
||||
case PROTOCOMM_SECURITY_SESSION_SETUP_OK:
|
||||
ESP_LOGI(TAG, "Secured session established!");
|
||||
break;
|
||||
case PROTOCOMM_SECURITY_SESSION_INVALID_SECURITY_PARAMS:
|
||||
ESP_LOGE(TAG, "Received invalid security parameters for establishing secure session!");
|
||||
break;
|
||||
case PROTOCOMM_SECURITY_SESSION_CREDENTIALS_MISMATCH:
|
||||
ESP_LOGE(TAG, "Received incorrect username and/or PoP for establishing secure session!");
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -289,6 +303,7 @@ void app_main(void)
|
||||
#ifdef CONFIG_EXAMPLE_PROV_TRANSPORT_BLE
|
||||
ESP_ERROR_CHECK(esp_event_handler_register(PROTOCOMM_TRANSPORT_BLE_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
|
||||
#endif
|
||||
ESP_ERROR_CHECK(esp_event_handler_register(PROTOCOMM_SECURITY_SESSION_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
|
||||
ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
|
||||
ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user