mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
205 lines
9.1 KiB
C
205 lines
9.1 KiB
C
/*
|
|
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
|
|
*
|
|
* SPDX-License-Identifier: Unlicense OR CC0-1.0
|
|
*/
|
|
#include <wifi_provisioning/manager.h>
|
|
#include "esp_log.h"
|
|
#include "esp_mac.h"
|
|
#include "esp_event.h"
|
|
#include "freertos/FreeRTOS.h"
|
|
#include "freertos/event_groups.h"
|
|
#include "dns_server.h"
|
|
|
|
static const char *TAG = "NCM_provisioning";
|
|
|
|
#if CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2
|
|
#if CONFIG_EXAMPLE_PROV_SEC2_DEV_MODE
|
|
#define EXAMPLE_PROV_SEC2_USERNAME "wifiprov"
|
|
#define EXAMPLE_PROV_SEC2_PWD "abcd1234"
|
|
|
|
/* This salt,verifier has been generated for username = "wifiprov" and password = "abcd1234"
|
|
* IMPORTANT NOTE: For production cases, this must be unique to every device
|
|
* and should come from device manufacturing partition.*/
|
|
static const char sec2_salt[] = {
|
|
0x03, 0x6e, 0xe0, 0xc7, 0xbc, 0xb9, 0xed, 0xa8, 0x4c, 0x9e, 0xac, 0x97, 0xd9, 0x3d, 0xec, 0xf4
|
|
};
|
|
|
|
static const char sec2_verifier[] = {
|
|
0x7c, 0x7c, 0x85, 0x47, 0x65, 0x08, 0x94, 0x6d, 0xd6, 0x36, 0xaf, 0x37, 0xd7, 0xe8, 0x91, 0x43,
|
|
0x78, 0xcf, 0xfd, 0x61, 0x6c, 0x59, 0xd2, 0xf8, 0x39, 0x08, 0x12, 0x72, 0x38, 0xde, 0x9e, 0x24,
|
|
0xa4, 0x70, 0x26, 0x1c, 0xdf, 0xa9, 0x03, 0xc2, 0xb2, 0x70, 0xe7, 0xb1, 0x32, 0x24, 0xda, 0x11,
|
|
0x1d, 0x97, 0x18, 0xdc, 0x60, 0x72, 0x08, 0xcc, 0x9a, 0xc9, 0x0c, 0x48, 0x27, 0xe2, 0xae, 0x89,
|
|
0xaa, 0x16, 0x25, 0xb8, 0x04, 0xd2, 0x1a, 0x9b, 0x3a, 0x8f, 0x37, 0xf6, 0xe4, 0x3a, 0x71, 0x2e,
|
|
0xe1, 0x27, 0x86, 0x6e, 0xad, 0xce, 0x28, 0xff, 0x54, 0x46, 0x60, 0x1f, 0xb9, 0x96, 0x87, 0xdc,
|
|
0x57, 0x40, 0xa7, 0xd4, 0x6c, 0xc9, 0x77, 0x54, 0xdc, 0x16, 0x82, 0xf0, 0xed, 0x35, 0x6a, 0xc4,
|
|
0x70, 0xad, 0x3d, 0x90, 0xb5, 0x81, 0x94, 0x70, 0xd7, 0xbc, 0x65, 0xb2, 0xd5, 0x18, 0xe0, 0x2e,
|
|
0xc3, 0xa5, 0xf9, 0x68, 0xdd, 0x64, 0x7b, 0xb8, 0xb7, 0x3c, 0x9c, 0xfc, 0x00, 0xd8, 0x71, 0x7e,
|
|
0xb7, 0x9a, 0x7c, 0xb1, 0xb7, 0xc2, 0xc3, 0x18, 0x34, 0x29, 0x32, 0x43, 0x3e, 0x00, 0x99, 0xe9,
|
|
0x82, 0x94, 0xe3, 0xd8, 0x2a, 0xb0, 0x96, 0x29, 0xb7, 0xdf, 0x0e, 0x5f, 0x08, 0x33, 0x40, 0x76,
|
|
0x52, 0x91, 0x32, 0x00, 0x9f, 0x97, 0x2c, 0x89, 0x6c, 0x39, 0x1e, 0xc8, 0x28, 0x05, 0x44, 0x17,
|
|
0x3f, 0x68, 0x02, 0x8a, 0x9f, 0x44, 0x61, 0xd1, 0xf5, 0xa1, 0x7e, 0x5a, 0x70, 0xd2, 0xc7, 0x23,
|
|
0x81, 0xcb, 0x38, 0x68, 0xe4, 0x2c, 0x20, 0xbc, 0x40, 0x57, 0x76, 0x17, 0xbd, 0x08, 0xb8, 0x96,
|
|
0xbc, 0x26, 0xeb, 0x32, 0x46, 0x69, 0x35, 0x05, 0x8c, 0x15, 0x70, 0xd9, 0x1b, 0xe9, 0xbe, 0xcc,
|
|
0xa9, 0x38, 0xa6, 0x67, 0xf0, 0xad, 0x50, 0x13, 0x19, 0x72, 0x64, 0xbf, 0x52, 0xc2, 0x34, 0xe2,
|
|
0x1b, 0x11, 0x79, 0x74, 0x72, 0xbd, 0x34, 0x5b, 0xb1, 0xe2, 0xfd, 0x66, 0x73, 0xfe, 0x71, 0x64,
|
|
0x74, 0xd0, 0x4e, 0xbc, 0x51, 0x24, 0x19, 0x40, 0x87, 0x0e, 0x92, 0x40, 0xe6, 0x21, 0xe7, 0x2d,
|
|
0x4e, 0x37, 0x76, 0x2f, 0x2e, 0xe2, 0x68, 0xc7, 0x89, 0xe8, 0x32, 0x13, 0x42, 0x06, 0x84, 0x84,
|
|
0x53, 0x4a, 0xb3, 0x0c, 0x1b, 0x4c, 0x8d, 0x1c, 0x51, 0x97, 0x19, 0xab, 0xae, 0x77, 0xff, 0xdb,
|
|
0xec, 0xf0, 0x10, 0x95, 0x34, 0x33, 0x6b, 0xcb, 0x3e, 0x84, 0x0f, 0xb9, 0xd8, 0x5f, 0xb8, 0xa0,
|
|
0xb8, 0x55, 0x53, 0x3e, 0x70, 0xf7, 0x18, 0xf5, 0xce, 0x7b, 0x4e, 0xbf, 0x27, 0xce, 0xce, 0xa8,
|
|
0xb3, 0xbe, 0x40, 0xc5, 0xc5, 0x32, 0x29, 0x3e, 0x71, 0x64, 0x9e, 0xde, 0x8c, 0xf6, 0x75, 0xa1,
|
|
0xe6, 0xf6, 0x53, 0xc8, 0x31, 0xa8, 0x78, 0xde, 0x50, 0x40, 0xf7, 0x62, 0xde, 0x36, 0xb2, 0xba
|
|
};
|
|
#endif
|
|
|
|
static esp_err_t example_get_sec2_salt(const char **salt, uint16_t *salt_len)
|
|
{
|
|
#if CONFIG_EXAMPLE_PROV_SEC2_DEV_MODE
|
|
ESP_LOGI(TAG, "Development mode: using hard coded salt");
|
|
*salt = sec2_salt;
|
|
*salt_len = sizeof(sec2_salt);
|
|
return ESP_OK;
|
|
#elif CONFIG_EXAMPLE_PROV_SEC2_PROD_MODE
|
|
ESP_LOGE(TAG, "Not implemented!");
|
|
return ESP_FAIL;
|
|
#endif
|
|
}
|
|
|
|
static esp_err_t example_get_sec2_verifier(const char **verifier, uint16_t *verifier_len)
|
|
{
|
|
#if CONFIG_EXAMPLE_PROV_SEC2_DEV_MODE
|
|
ESP_LOGI(TAG, "Development mode: using hard coded verifier");
|
|
*verifier = sec2_verifier;
|
|
*verifier_len = sizeof(sec2_verifier);
|
|
return ESP_OK;
|
|
#elif CONFIG_EXAMPLE_PROV_SEC2_PROD_MODE
|
|
/* This code needs to be updated with appropriate implementation to provide verifier */
|
|
ESP_LOGE(TAG, "Not implemented!");
|
|
return ESP_FAIL;
|
|
#endif
|
|
}
|
|
#endif // CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2
|
|
|
|
struct events {
|
|
EventGroupHandle_t *flags;
|
|
int success_bit;
|
|
int fail_bit;
|
|
bool success;
|
|
};
|
|
|
|
static void event_handler(void *arg, esp_event_base_t event_base,
|
|
int32_t event_id, void *event_data)
|
|
{
|
|
struct events *handler_args = arg;
|
|
switch (event_id) {
|
|
case WIFI_PROV_START:
|
|
ESP_LOGI(TAG, "Provisioning started");
|
|
break;
|
|
case WIFI_PROV_CRED_RECV: {
|
|
wifi_sta_config_t *wifi_sta_cfg = (wifi_sta_config_t *) event_data;
|
|
ESP_LOGI(TAG, "Received Wi-Fi credentials"
|
|
"\n\tSSID : %s\n\tPassword : %s",
|
|
(const char *) wifi_sta_cfg->ssid,
|
|
(const char *) wifi_sta_cfg->password);
|
|
break;
|
|
}
|
|
case WIFI_PROV_CRED_FAIL: {
|
|
wifi_prov_sta_fail_reason_t *reason = (wifi_prov_sta_fail_reason_t *) event_data;
|
|
ESP_LOGE(TAG, "Provisioning failed!\n\tReason : %s"
|
|
"\n\tPlease reset to factory and retry provisioning",
|
|
(*reason == WIFI_PROV_STA_AUTH_ERROR) ?
|
|
"Wi-Fi station authentication failed" : "Wi-Fi access-point not found");
|
|
handler_args->success = false;
|
|
|
|
break;
|
|
}
|
|
case WIFI_PROV_CRED_SUCCESS:
|
|
ESP_LOGI(TAG, "Provisioning successful");
|
|
handler_args->success = true;
|
|
break;
|
|
case WIFI_PROV_END:
|
|
/* De-initialize manager once provisioning is finished */
|
|
wifi_prov_mgr_deinit();
|
|
xEventGroupSetBits(*handler_args->flags, handler_args->success ? handler_args->success_bit : handler_args->fail_bit);
|
|
free(handler_args);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
extern const wifi_prov_scheme_t wifi_prov_scheme_httpd;
|
|
|
|
esp_err_t start_provisioning(EventGroupHandle_t *flags, int success_bit, int fail_bit)
|
|
{
|
|
// Start the DNS server that will reply to "wifi.settings" with "usb" network interface address
|
|
dns_server_config_t dns_config = DNS_SERVER_CONFIG_SINGLE("wifi.settings" /* name */, "wired" /* wired netif ID */);
|
|
start_dns_server(&dns_config);
|
|
struct events *handler_args = malloc(sizeof(struct events));
|
|
handler_args->flags = flags;
|
|
handler_args->success_bit = success_bit;
|
|
handler_args->fail_bit = fail_bit;
|
|
ESP_ERROR_CHECK(esp_event_handler_register(WIFI_PROV_EVENT, ESP_EVENT_ANY_ID, event_handler, handler_args));
|
|
/* Configuration for the provisioning manager */
|
|
wifi_prov_mgr_config_t config = {
|
|
.scheme = wifi_prov_scheme_httpd,
|
|
};
|
|
|
|
/* Initialize provisioning manager with the
|
|
* configuration parameters set above */
|
|
ESP_ERROR_CHECK(wifi_prov_mgr_init(config));
|
|
|
|
/* What is the security level that we want (0, 1, 2):
|
|
* - WIFI_PROV_SECURITY_0 is simply plain text communication.
|
|
* - WIFI_PROV_SECURITY_1 is secure communication which consists of secure handshake
|
|
* - WIFI_PROV_SECURITY_2 SRP6a based authentication and key exchange
|
|
* Please check unified provisioning documentation for more details
|
|
*/
|
|
|
|
#ifdef CONFIG_EXAMPLE_PROV_SECURITY_VERSION_0
|
|
wifi_prov_security_t security = WIFI_PROV_SECURITY_0;
|
|
#elif CONFIG_EXAMPLE_PROV_SECURITY_VERSION_1
|
|
wifi_prov_security_t security = WIFI_PROV_SECURITY_1;
|
|
const char *pop = "abcd1234"; /* Proof of possession */
|
|
wifi_prov_security1_params_t *sec_params = pop;
|
|
|
|
#elif CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2
|
|
wifi_prov_security_t security = WIFI_PROV_SECURITY_2;
|
|
/* The username must be the same one, which has been used in the generation of salt and verifier */
|
|
|
|
#if CONFIG_EXAMPLE_PROV_SEC2_DEV_MODE
|
|
/* This pop field represents the password that will be used to generate salt and verifier.
|
|
* The field is present here in order to generate the QR code containing password.
|
|
* In production this password field shall not be stored on the device */
|
|
const char *username = EXAMPLE_PROV_SEC2_USERNAME;
|
|
const char *pop = EXAMPLE_PROV_SEC2_PWD;
|
|
#elif CONFIG_EXAMPLE_PROV_SEC2_PROD_MODE
|
|
/* The username and password shall not be embedded in the firmware */
|
|
const char *username = NULL;
|
|
const char *pop = NULL;
|
|
#endif
|
|
/* This is the structure for passing security parameters
|
|
* for the protocomm security 2.
|
|
* If dynamically allocated, sec2_params pointer and its content
|
|
* must be valid till WIFI_PROV_END event is triggered.
|
|
*/
|
|
wifi_prov_security2_params_t sec2_params = {};
|
|
|
|
ESP_ERROR_CHECK(example_get_sec2_salt(&sec2_params.salt, &sec2_params.salt_len));
|
|
ESP_ERROR_CHECK(example_get_sec2_verifier(&sec2_params.verifier, &sec2_params.verifier_len));
|
|
|
|
wifi_prov_security2_params_t *sec_params = &sec2_params;
|
|
#endif // CONFIG_EXAMPLE_PROV_SECURITY_VERSION_0 (VERSION_1, VERSION_2)
|
|
|
|
ESP_ERROR_CHECK(wifi_prov_mgr_start_provisioning(security, (const void *) sec_params, NULL, NULL)); // service name and key could be NULL
|
|
return ESP_OK;
|
|
}
|
|
|
|
bool is_provisioned(void)
|
|
{
|
|
bool provisioned = false;
|
|
ESP_ERROR_CHECK(wifi_prov_mgr_is_provisioned(&provisioned));
|
|
return provisioned;
|
|
}
|