Earlier, a "socket connection" was being considered as a protocomm "session".
However, for HTTP, we cannot expect clients to necessarily use the same
socket for all requests of a given transaction. This was indeed causing
some failures for Wi-Fi provisioning from Android phones.
So, we have introduced http cookies to track a session even if the socket
connection does not stay intact throughout the transaction.
This change is backward compatible. If the client does not use cookies, the
socket connection will be considered as the session.
Closes: https://github.com/espressif/esp-idf/issues/6316
Reference: https://github.com/espressif/esp-idf/pull/6330
This commit fixes a bug as well as changes a behaviour.
Bugfix: During softap/httpd based provisioning, if a session was closed
midway and a new one started, it would never proceed if the http server
assigns same socket number to the new session (which happens almost always).
Now, if a session is closed, using the http callbacks, the older session
data is cleared so that a new one can be created.
Behavioural change: If a client (mobile app particularly) does not use
persistent http session i.e. all provisioning communication on the same
socket, the provisioning may fail. Earlier, since the session context was
not getting cleared, even if the client closed a session and continued
on a new one, it would go through if the socket number assigned was same
(which happens almost always).
Ideally, from a security perspective, all communication related
to secure provisioning must happen on the same socket, and so, this
change is required.
Activated AES, RSA and SHA hardware acceleration for esp32s2 and enabled related unit tests.
Updated with changes made for ESP32 from 0a04034, 961f59f and caea288.
Added performance targets for esp32s2beta
Closes IDF-757
List of changes:
* New component esp_local_ctrl added
* Example added under examples/protocols/esp_local_ctrl
* Documentation added under protocols/esp_local_ctrl
* Demo client side app esp_local_ctrl.py added under examples/protocols/esp_local_ctrl/scripts
* protocomm_ble : protocomm_ble_config_t given struct name for allowing forward declaration
* esp_prov/transport_softap renamed to transport_http
* transport_http module supports verification of server certificate
* transport_http module performs name resolution before connection
- Adds NimBLE stack support to existing BLE variant of unified provisioning.
- Uses scan response to send device name, 128 bit custom UUIDs based on service
UUID.
- Minimal changes to `app_prov.c`, component.mk, CMakeLists.txt and
`protocomm_ble.h` to accomodate NimBLE stack for provisioning.
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY
variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
!4452 and !4897 made some ill-advised corrections to dependency info;
revert those in this MR. Handling pre-built binaries as imported
libraries is retained, however.
List of changes:
* Use 128 bit characteristic UUIDs when creating GATT table entries
* Change primary service attribute value to 128 bit custom service UUID
* Use raw advertisement data to convey flags and 128 bit primary service UUID
* Use raw scan response to send device name as complete local name
* Increase maximum device name length in relation to maximum scan response length
* Set Characteristic User Description attributes for each characteristic to convey protocomm endpoint names
New APIs:
* protocomm_open_session()
* protocomm_close_session()
This allows external applications using protocomm to manually create and close sessions.
These internally call the new_transport_session() and close_transport_session() APIs implemented by the security scheme in use.
Updated unit tests with usage of new APIs
List of changes:
* Security APIs accept handle to instance created during initialization
* Protocomm internally stores the security instance handle and calls security APIs with this handle as first parameter
1. Pass the correct conn_id to protocomm_req_handle
In transport_simple_ble_write(), passing param->exec_write.conn_id would
be invalid. Instead param->write.conn_id should be passed
Similar change in transport_simple_ble_exec_write() to use
param->exec_write.conn_id
2. simple_ble_start() assumes that the mode is BLE only and enables
Bluetooth controller accordingly. For, cases having BT + BLE like Alexa
(Provisioning over BLE + Audio over classic BT), this assumption should
be removed.
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
List of changes:
* Corner case exceptions are properly handled to ensure release of memory occupied by security infrastructure
* fixed erroneous cleanup of security instance by protocomm_console
List of changes:
* Version endpoint now sends the set version string instead of verifying the incoming version string. This simplifies fetching version info from the provisioning application.
* esp_prov script updated to expect version string as response.
This will be useful if a webserver is already running and the application
does not want protocomm to start a new instance.
Signed-off-by: Piyush Shah <piyush@espressif.com>
* BLE and softAP provisioning examples added along with tests.
* An application specific example added for demonstrating custom provisioning scheme.
* tools/esp_prov/esp_prov.py can be used as a provisioning client for SoftAP, BLE and CLI based transports.
Co-Authored-By: Amey Inamdar <amey@espressif.com>
Co-Authored-By: Anurag Kar <anurag.kar@espressif.com>
* This manages secure sessions and provides framework for multiple transports.
* The application can use protocomm layer directly to have application specific extensions for provisioning (or non-provisioning) use cases.
* Following features are available for provisioning :
* Security - Security0 (no security), Security1 (curve25519 key exchange + AES-CTR encryption)
* Proof-of-possession support for Security1
* Protocomm requires specific protocol buffer modules for compilation which can be generated from the `.proto` files in the `proto` directory using make.
Co-Authored-By: Amey Inamdar <amey@espressif.com>
Co-Authored-By: Anurag Kar <anurag.kar@espressif.com>