esp-idf/tools/esp_prov
2022-06-21 04:24:19 +00:00
..
proto esp_prov: Added provision for SRP6a-based security scheme 2022-06-17 13:16:20 +00:00
prov wifi_prov: Added support for WPA3_PSK and WPA2_WPA3_PSK APs 2022-06-21 04:24:19 +00:00
security esp_prov: Added provision for SRP6a-based security scheme 2022-06-17 13:16:20 +00:00
transport ble-wifi-example-tests: Add fixes and cleanups to ble and wifi tests 2021-05-28 19:50:28 +05:30
utils esp_prov: Added provision for SRP6a-based security scheme 2022-06-17 13:16:20 +00:00
__init__.py ci: all jobs use python3 by default 2020-11-19 03:27:58 +00:00
esp_prov.py esp_prov: Added provision for SRP6a-based security scheme 2022-06-17 13:16:20 +00:00
README.md esp_prov: Added provision for SRP6a-based security scheme 2022-06-17 13:16:20 +00:00
requirements_linux_extra.txt Examples : Added provisioning examples, tests and client tool. 2018-10-02 19:07:28 +05:30
requirements.txt protobuf: Fix v4.21.0 (python) compatibility issue 2022-05-30 09:54:31 +05:30

****# ESP Provisioning Tool

NAME

esp_prov - A python based utility for testing the provisioning examples over a host

SYNOPSIS

python esp_prov.py --transport < mode of provisioning : softap \ ble \ console > [ Optional parameters... ]

DESCRIPTION

Usage of esp-prov assumes that the provisioning app has specific protocomm endpoints active. These endpoints are active in the provisioning examples and accept specific protobuf data structures:

Endpoint Name URI (HTTP server on ip:port) Description
prov-session http://ip:port/prov-session Security endpoint used for session establishment
prov-config http://ip:port/prov-config Endpoint used for configuring Wi-Fi credentials on device
proto-ver http://ip:port/proto-ver Version endpoint for checking protocol compatibility
prov-scan http://ip:port/prov-scan Endpoint used for scanning Wi-Fi APs
custom-data http://ip:port/custom-data Optional endpoint for sending custom data (refer wifi_prov_mgr example)

PARAMETERS

  • --help Print the list of options along with brief descriptions

  • --verbose, -v Sets the verbosity level of output log

  • --transport <mode>

    • Three options are available:
      • softap - for SoftAP + HTTPD based provisioning
        • Requires the device to be running in Wi-Fi SoftAP mode and hosting an HTTP server supporting specific endpoint URIs
        • The client needs to be connected to the device softAP network before running the esp_prov tool.
      • ble - for BLE based provisioning
        • Supports Linux only; on Windows/macOS, it is redirected to console
        • Assumes that the provisioning endpoints are active on the device with specific BLE service UUIDs
      • console - for debugging via console-based provisioning
        • The client->device commands are printed to STDOUT and device->client messages are accepted via STDIN.
        • This is to be used when the device is accepting provisioning commands on UART console.
  • --service_name <name> (Optional)

    • When transport mode is ble, this specifies the BLE device name to which connection is to be established for provisioned.
    • When transport mode is softap, this specifies the HTTP server hostname / IP which is running the provisioning service, on the SoftAP network of the device which is to be provisioned. This defaults to 192.168.4.1:80 if not specified
  • --ssid <AP SSID> (Optional)

    • For specifying the SSID of the Wi-Fi AP to which the device is to connect after provisioning.
    • If not provided, scanning is initiated and scan results, as seen by the device, are displayed, of which an SSID can be picked and the corresponding password specified.
  • --passphrase <AP Password> (Optional)

    • For specifying the password of the Wi-Fi AP to which the device is to connect after provisioning.
    • Only used when corresponding SSID is provided using the --ssid option
  • --sec_ver <Security version number>

    • For specifying the version of protocomm endpoint security to use. Following 3 versions are supported:
      • 0 for protocomm_security0 - No security
      • 1 for protocomm_security1 - X25519 key exchange + Authentication using Proof of Possession (PoP) + AES-CTR encryption
      • 2 for protocomm_security2 - Secure Remote Password protocol (SRP6a) + AES-GCM encryption
  • --pop <Proof of possession string> (Optional)

    • For specifying optional Proof of Possession string to use for protocomm endpoint security version 1
    • Ignored when other security versions are used
  • --sec2_username <SRP6a Username> (Optional)

    • For specifying optional username to use for protocomm endpoint security version 2
    • Ignored when other security versions are used
  • --sec2_pwd <SRP6a Password> (Optional)

    • For specifying optional password to use for protocomm endpoint security version 2
    • Ignored when other security versions are used
  • --sec2_gen_cred (Optional)

    • For generating the SRP6a credentials (salt and verifier) from the provided username and password for protocomm endpoint security version 2
    • Ignored when other security versions are used
  • --sec2_salt_len <SRP6a Salt Length> (Optional)

    • For specifying the optional SRP6a salt length to be used for generating protocomm endpoint security version 2 credentials
    • Ignored when other security versions are used and the ``--sec2_gen_cred` option is not set
  • --custom_data <some string> (Optional) An information string can be sent to the custom-data endpoint during provisioning using this argument. (Assumes the provisioning app has an endpoint called custom-data - see provisioning/wifi_prov_mgr example for implementation details).

AVAILABILITY

esp_prov is intended as a cross-platform tool, but currently BLE communication functionality is only available on Linux (via BlueZ and DBus)

For Android, a provisioning tool along with source code is available here

On macOS and Windows, running with --transport ble option falls back to console mode, ie. write data and target UUID are printed to STDOUT and read data is input through STDIN. Users are free to use their app of choice to connect to the BLE device, send the write data to the target characteristic and read from it.

Dependencies

This requires the following python libraries to run (included in requirements.txt):

  • future
  • protobuf
  • cryptography

Run pip install -r $IDF_PATH/tools/esp_prov/requirements.txt

Note :

  • The packages listed in requirements.txt are limited only to the ones needed AFTER fully satisfying the requirements of ESP-IDF
  • BLE communication is only supported on Linux (via Bluez and DBus), therefore, the dependencies for this have been made optional

Optional Dependencies (Linux Only)

These dependencies are for enabling communication with BLE devices using Bluez and DBus on Linux:

  • dbus-python

Run pip install -r $IDF_PATH/tools/esp_prov/requirements_linux_extra.txt

EXAMPLE USAGE

Please refer to the README.md file with the wifi_prov_mgr example present under $IDF_PATH/examples/provisioning/.

This example uses specific options of the esp_prov tool and gives an overview of simple as well as advanced usage scenarios.