diff --git a/components/protocomm/Kconfig b/components/protocomm/Kconfig index d85a7336fe..312d10d679 100644 --- a/components/protocomm/Kconfig +++ b/components/protocomm/Kconfig @@ -20,7 +20,7 @@ menu "Protocomm" config ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2 bool "Support protocomm security version 2 (SRP6a-based key exchange + AES-GCM encryption/decryption)" - default n + default y help Enable support of security version 2. Disabling this option saves some code size. diff --git a/components/wifi_provisioning/include/wifi_provisioning/manager.h b/components/wifi_provisioning/include/wifi_provisioning/manager.h index c65ed3dfde..7d1f12f352 100644 --- a/components/wifi_provisioning/include/wifi_provisioning/manager.h +++ b/components/wifi_provisioning/include/wifi_provisioning/manager.h @@ -188,11 +188,13 @@ typedef struct { * These are same as the security modes provided by protocomm */ typedef enum wifi_prov_security { +#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0 /** * No security (plain-text communication) */ WIFI_PROV_SECURITY_0 = 0, - +#endif +#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1 /** * This secure communication mode consists of * X25519 key exchange @@ -200,16 +202,27 @@ typedef enum wifi_prov_security { * + AES-CTR encryption */ WIFI_PROV_SECURITY_1, - +#endif +#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2 /** * This secure communication mode consists of * SRP6a based authentication and key exchange * + AES-GCM encryption/decryption */ WIFI_PROV_SECURITY_2 +#endif } wifi_prov_security_t; -typedef protocomm_security1_params_t wifi_prov_security1_params_t; +/** + * @brief Security 1 params structure + * This needs to be passed when using WIFI_PROV_SECURITY_1 + */ +typedef const char wifi_prov_security1_params_t; + +/** + * @brief Security 2 params structure + * This needs to be passed when using WIFI_PROV_SECURITY_2 + */ typedef protocomm_security2_params_t wifi_prov_security2_params_t; /** diff --git a/components/wifi_provisioning/src/manager.c b/components/wifi_provisioning/src/manager.c index 64f445a475..343c9865df 100644 --- a/components/wifi_provisioning/src/manager.c +++ b/components/wifi_provisioning/src/manager.c @@ -246,6 +246,7 @@ static cJSON* wifi_prov_get_info_json(void) /* Version field */ cJSON_AddStringToObject(prov_info_json, "ver", prov_ctx->mgr_info.version); + cJSON_AddNumberToObject(prov_info_json, "sec_ver", prov_ctx->security); /* Capabilities field */ cJSON_AddItemToObject(prov_info_json, "cap", prov_capabilities); @@ -600,6 +601,12 @@ static bool wifi_prov_mgr_stop_service(bool blocking) /* Free proof of possession */ if (prov_ctx->protocomm_sec_params) { + if (prov_ctx->security == 1) { + // In case of security 1 we keep an internal copy of "pop". + // Hence free it at this point + uint8_t *pop = (uint8_t *)((protocomm_security1_params_t *) prov_ctx->protocomm_sec_params)->data; + free(pop); + } prov_ctx->protocomm_sec_params = NULL; } @@ -1474,20 +1481,38 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const goto err; } +#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0 /* Initialize app data */ if (security == WIFI_PROV_SECURITY_0) { prov_ctx->mgr_info.capabilities.no_sec = true; - } else if (security == WIFI_PROV_SECURITY_1) { + } else +#endif +#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1 + if (security == WIFI_PROV_SECURITY_1) { if (wifi_prov_sec_params) { - prov_ctx->protocomm_sec_params = wifi_prov_sec_params; + static protocomm_security1_params_t sec1_params; + // Generate internal copy of "pop", that shall be freed at the end + char *pop = strdup(wifi_prov_sec_params); + if (pop == NULL) { + ESP_LOGE(TAG, "Failed to allocate memory for pop"); + ret = ESP_ERR_NO_MEM; + goto err; + } + sec1_params.data = (const uint8_t *)pop; + sec1_params.len = strlen(pop); + prov_ctx->protocomm_sec_params = (const void *) &sec1_params; } else { prov_ctx->mgr_info.capabilities.no_pop = true; } - } else if (security == WIFI_PROV_SECURITY_2) { + } else +#endif +#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2 + if (security == WIFI_PROV_SECURITY_2) { if (wifi_prov_sec_params) { prov_ctx->protocomm_sec_params = wifi_prov_sec_params; } } +#endif prov_ctx->security = security; diff --git a/docs/en/api-guides/performance/size.rst b/docs/en/api-guides/performance/size.rst index 8c131fcbd1..19b36e9de9 100644 --- a/docs/en/api-guides/performance/size.rst +++ b/docs/en/api-guides/performance/size.rst @@ -304,7 +304,7 @@ The following configuration options will reduce the final binary size of almost - Disabling :ref:`CONFIG_ESP_ERR_TO_NAME_LOOKUP` will remove the lookup table to translate user-friendly names for error values (see :doc:`/api-guides/error-handling`) in error logs, etc. This saves some binary size, but error values will be printed as integers only. - Setting :ref:`CONFIG_ESP_SYSTEM_PANIC` to "Silent reboot" will save a small amount of binary size, however this is *only* recommended if no one will use UART output to debug the device. :CONFIG_IDF_TARGET_ARCH_RISCV: - Set :ref:`CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS` to reduce binary size by replacing inlined prologues/epilogues with library calls. - + - If the application binary uses only one of the security versions of the protocomm component, then the support for others can be disabled to save some code size. The support can be disabled through :ref:`CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0`, :ref:`CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1` or :ref:`CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2` respectively. .. note:: In addition to the many configuration items shown here, there are a number of configuration options where changing the option from the default will increase binary size. These are not noted here. Where the increase is significant, this is usually noted in the configuration item help text. diff --git a/docs/en/api-reference/provisioning/provisioning.rst b/docs/en/api-reference/provisioning/provisioning.rst index 29d136992a..d4f373f943 100644 --- a/docs/en/api-reference/provisioning/provisioning.rst +++ b/docs/en/api-reference/provisioning/provisioning.rst @@ -146,7 +146,6 @@ Security1 scheme details are shown in the below sequence diagram - CLIENT -> CLIENT [label = "Verify Device", rightnote = "check (cli_pubkey == aes_ctr_dec(dev_verify...)"]; } -.. note:: We shall soon migrate to ``Security2 scheme`` as the default scheme in our examples as it provides enhanced security. This change shall be done once we have our phone apps (Android/iOS) upgraded to handle ``Security2 scheme``. Security2 Scheme >>>>>>>>>>>>>>>> diff --git a/docs/en/migration-guides/release-5.x/provisioning.rst b/docs/en/migration-guides/release-5.x/provisioning.rst index 84f51af72d..f9950203ce 100644 --- a/docs/en/migration-guides/release-5.x/provisioning.rst +++ b/docs/en/migration-guides/release-5.x/provisioning.rst @@ -14,8 +14,7 @@ Wi-Fi Provisioning ------------------ .. list:: - * The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. Please use the ``wifi_prov_sec_params`` field instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`. - + * The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. For backward compatibility, ``pop`` can be still passed as a string for security1. However for Security2 the ``wifi_prov_sec_params`` argument needs to be passed instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`. For security 1 the behaviour and the usage of the API remains same. * The API :cpp:func:`wifi_prov_mgr_is_provisioned` does not return :c:macro:`ESP_ERR_INVALID_STATE` error any more. This API now works without any dependency on provisioning manager initialization state. ESP Local Control diff --git a/examples/provisioning/wifi_prov_mgr/README.md b/examples/provisioning/wifi_prov_mgr/README.md index b0410bf7b1..3f7d33ef15 100644 --- a/examples/provisioning/wifi_prov_mgr/README.md +++ b/examples/provisioning/wifi_prov_mgr/README.md @@ -86,7 +86,7 @@ python esp_prov.py --transport ble --service_name PROV_261FCC --sec_ver 1 --pop For security version 2, the following command can be used: ``` -python esp_prov.py --transport ble --service_name PROV_261FCC --sec_ver 2 --sec2_username testuser --sec2_pwd testpassword --ssid myssid --passphrase mypassword +python esp_prov.py --transport ble --service_name PROV_261FCC --sec_ver 2 --sec2_username wifiprov --sec2_pwd abcd1234 --ssid myssid --passphrase mypassword ``` Above command will perform the provisioning steps, and the monitor log should display something like this : @@ -123,17 +123,19 @@ I (55355) app: Hello World! The config option `CONFIG_EXAMPLE_PROV_SEC2_DEV_MODE` should be enabled for the example and in `main/app_main.c`, the macro `EXAMPLE_PROV_SEC2_USERNAME` should be set to the same username used in the salt-verifier generation. ```log -$ python esp_prov.py --transport softap --sec_ver 2 --sec2_gen_cred --sec2_username testuser --sec2_pwd testpassword +$ python esp_prov.py --transport softap --sec_ver 2 --sec2_gen_cred --sec2_username wifiprov --sec2_pwd abcd1234 ==== Salt-verifier for security scheme 2 (SRP6a) ==== static const char sec2_salt[] = { - 0x14, 0xdf, 0x42, 0x50, 0x3d, 0xec, 0x54, 0xc3, 0xe5, 0x0e, 0x0c, 0x9d, 0xb4, 0x84, 0xd7, 0xe4 + 0x03, 0x6e, 0xe0, 0xc7, 0xbc, 0xb9, 0xed, 0xa8, 0x4c, 0x9e, 0xac, 0x97, 0xd9, 0x3d, 0xec, 0xf4 }; static const char sec2_verifier[] = { - 0xd7, 0xc2, 0xdb, 0x68, 0x3b, 0x98, 0xf0, 0xbf, 0x4f, 0x02, 0x21, 0xf6, 0x07, 0xe6, 0xfc, 0x0d, - ... - ... - 0x86, 0xf2, 0x78, 0xba, 0x1e, 0x12, 0xa9, 0x62, 0x9a, 0x47, 0x1b, 0x69, 0x42, 0xba, 0x37, 0xe2 + 0x7c, 0x7c, 0x85, 0x47, 0x65, 0x08, 0x94, 0x6d, 0xd6, 0x36, 0xaf, 0x37, 0xd7, 0xe8, 0x91, 0x43, + 0x78, 0xcf, 0xfd, 0x61, 0x6c, 0x59, 0xd2, 0xf8, 0x39, 0x08, 0x12, 0x72, 0x38, 0xde, 0x9e, 0x24, + . + . + . + 0xe6, 0xf6, 0x53, 0xc8, 0x31, 0xa8, 0x78, 0xde, 0x50, 0x40, 0xf7, 0x62, 0xde, 0x36, 0xb2, 0xba }; ``` diff --git a/examples/provisioning/wifi_prov_mgr/main/Kconfig.projbuild b/examples/provisioning/wifi_prov_mgr/main/Kconfig.projbuild index edfee3d98a..d103d6f774 100644 --- a/examples/provisioning/wifi_prov_mgr/main/Kconfig.projbuild +++ b/examples/provisioning/wifi_prov_mgr/main/Kconfig.projbuild @@ -17,7 +17,7 @@ menu "Example Configuration" choice EXAMPLE_PROV_SECURITY_VERSION bool "Protocomm security version" - default EXAMPLE_PROV_SECURITY_VERSION_1 + default EXAMPLE_PROV_SECURITY_VERSION_2 help Wi-Fi provisioning component offers 3 security versions. The example offers a choice between security version 1 and 2. diff --git a/examples/provisioning/wifi_prov_mgr/main/app_main.c b/examples/provisioning/wifi_prov_mgr/main/app_main.c index 4a5816e0f1..8e1055efd8 100644 --- a/examples/provisioning/wifi_prov_mgr/main/app_main.c +++ b/examples/provisioning/wifi_prov_mgr/main/app_main.c @@ -34,41 +34,41 @@ static const char *TAG = "app"; #if CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2 #if CONFIG_EXAMPLE_PROV_SEC2_DEV_MODE -#define EXAMPLE_PROV_SEC2_USERNAME "testuser" -#define EXAMPLE_PROV_SEC2_PWD "testpassword" +#define EXAMPLE_PROV_SEC2_USERNAME "wifiprov" +#define EXAMPLE_PROV_SEC2_PWD "abcd1234" -/* This salt,verifier has been generated for username = "testuser" and password = "testpassword" +/* This salt,verifier has been generated for username = "wifiprov" and password = "abcd1234" * IMPORTANT NOTE: For production cases, this must be unique to every device * and should come from device manufacturing partition.*/ static const char sec2_salt[] = { - 0x2f, 0x3d, 0x3c, 0xf8, 0x0d, 0xbd, 0x0c, 0xa9, 0x6f, 0x30, 0xb4, 0x4d, 0x89, 0xd5, 0x2f, 0x0e + 0x03, 0x6e, 0xe0, 0xc7, 0xbc, 0xb9, 0xed, 0xa8, 0x4c, 0x9e, 0xac, 0x97, 0xd9, 0x3d, 0xec, 0xf4 }; static const char sec2_verifier[] = { - 0xf2, 0x9f, 0xc1, 0xf5, 0x28, 0x4a, 0x11, 0x74, 0xb4, 0x24, 0x09, 0x23, 0xd8, 0x27, 0xb7, 0x5a, - 0x95, 0x3a, 0x99, 0xed, 0xf4, 0x6e, 0xe9, 0x8c, 0x4f, 0x07, 0xf2, 0xf5, 0x43, 0x3d, 0x7f, 0x9a, - 0x11, 0x60, 0x66, 0xaf, 0xcd, 0xa5, 0xf6, 0xfa, 0xcb, 0x06, 0xe9, 0xc5, 0x3f, 0x4d, 0x77, 0x16, - 0x4c, 0x68, 0x6d, 0x7f, 0x7c, 0xd7, 0xc7, 0x5a, 0x83, 0xc0, 0xfb, 0x94, 0x2d, 0xa9, 0x60, 0xf0, - 0x09, 0x11, 0xa0, 0xe1, 0x95, 0x33, 0xd1, 0x30, 0x7f, 0x82, 0x1b, 0x1b, 0x0f, 0x6d, 0xf1, 0xdc, - 0x93, 0x1c, 0x20, 0xa7, 0xc0, 0x8d, 0x48, 0x38, 0xff, 0x46, 0xb9, 0xaf, 0xf7, 0x93, 0x78, 0xae, - 0xff, 0xb8, 0x3b, 0xdf, 0x99, 0x7b, 0x64, 0x47, 0x02, 0xba, 0x01, 0x39, 0x0f, 0x5c, 0xd8, 0x4e, - 0x6f, 0xc8, 0xd0, 0x82, 0x7f, 0x2d, 0x33, 0x1a, 0x09, 0x65, 0x77, 0x85, 0xbc, 0x8a, 0x84, 0xe0, - 0x46, 0x7e, 0x3b, 0x0e, 0x6e, 0x3b, 0xdf, 0x70, 0x17, 0x70, 0x0a, 0xbc, 0x84, 0x67, 0xfa, 0xf9, - 0x84, 0x53, 0xda, 0xb4, 0xca, 0x38, 0x71, 0xe4, 0x06, 0xf6, 0x7d, 0xc8, 0x32, 0xbb, 0x91, 0x0c, - 0xe7, 0xd3, 0x59, 0xb6, 0x03, 0xed, 0x8e, 0x0d, 0x91, 0x9c, 0x09, 0xd7, 0x6f, 0xd5, 0xca, 0x55, - 0xc5, 0x58, 0x0f, 0x95, 0xb5, 0x83, 0x65, 0x6f, 0x2d, 0xbc, 0x94, 0x0f, 0xbb, 0x0f, 0xd3, 0x42, - 0xa5, 0xfe, 0x15, 0x7f, 0xf9, 0xa8, 0x16, 0xe6, 0x58, 0x9b, 0x4c, 0x0f, 0xd3, 0x83, 0x2c, 0xac, - 0xe4, 0xbf, 0xa3, 0x96, 0x1e, 0xb6, 0x6f, 0x59, 0xe6, 0xd1, 0x0e, 0xd4, 0x27, 0xb6, 0x05, 0x34, - 0xec, 0x8c, 0xf8, 0x72, 0xbb, 0x04, 0x7b, 0xa4, 0x49, 0x3d, 0x6d, 0xa9, 0x99, 0xfc, 0x0a, 0x2b, - 0xd8, 0x46, 0xa8, 0xd1, 0x46, 0x61, 0x5c, 0x96, 0xd2, 0x43, 0xcd, 0xea, 0x7f, 0x6a, 0x50, 0x59, - 0x0d, 0x0e, 0xa1, 0xb3, 0x94, 0x5a, 0x34, 0xe0, 0x1e, 0x95, 0x56, 0x68, 0xb4, 0xbc, 0xf1, 0x08, - 0x54, 0xcb, 0x42, 0x41, 0xc6, 0x78, 0xad, 0x71, 0x84, 0x1c, 0x29, 0xb8, 0x33, 0x79, 0x1c, 0x10, - 0xdd, 0x07, 0xc8, 0x91, 0x21, 0x85, 0x89, 0x76, 0xd7, 0x37, 0xdf, 0x5b, 0x19, 0x33, 0x4e, 0x17, - 0x67, 0x02, 0x0f, 0x1b, 0xb9, 0x2f, 0xa4, 0xdc, 0xdd, 0x75, 0x32, 0x96, 0x87, 0xdd, 0x66, 0xc3, - 0x33, 0xc1, 0xfc, 0x4c, 0x27, 0x63, 0xb9, 0x14, 0x72, 0x76, 0x65, 0xb8, 0x90, 0x2b, 0xeb, 0x7a, - 0xde, 0x71, 0x97, 0xf3, 0x6b, 0xc9, 0x8e, 0xdf, 0xfc, 0x6e, 0x13, 0xcc, 0x1b, 0x2b, 0x54, 0x1a, - 0x6e, 0x3d, 0xe6, 0x1c, 0xec, 0x5d, 0xa1, 0xf1, 0xd4, 0x86, 0x9d, 0xcd, 0xb9, 0xe8, 0x98, 0xf1, - 0xe5, 0x16, 0xa5, 0x48, 0xe5, 0xec, 0x12, 0xe8, 0x17, 0xe2, 0x55, 0xb5, 0xb3, 0x7c, 0xce, 0xfd + 0x7c, 0x7c, 0x85, 0x47, 0x65, 0x08, 0x94, 0x6d, 0xd6, 0x36, 0xaf, 0x37, 0xd7, 0xe8, 0x91, 0x43, + 0x78, 0xcf, 0xfd, 0x61, 0x6c, 0x59, 0xd2, 0xf8, 0x39, 0x08, 0x12, 0x72, 0x38, 0xde, 0x9e, 0x24, + 0xa4, 0x70, 0x26, 0x1c, 0xdf, 0xa9, 0x03, 0xc2, 0xb2, 0x70, 0xe7, 0xb1, 0x32, 0x24, 0xda, 0x11, + 0x1d, 0x97, 0x18, 0xdc, 0x60, 0x72, 0x08, 0xcc, 0x9a, 0xc9, 0x0c, 0x48, 0x27, 0xe2, 0xae, 0x89, + 0xaa, 0x16, 0x25, 0xb8, 0x04, 0xd2, 0x1a, 0x9b, 0x3a, 0x8f, 0x37, 0xf6, 0xe4, 0x3a, 0x71, 0x2e, + 0xe1, 0x27, 0x86, 0x6e, 0xad, 0xce, 0x28, 0xff, 0x54, 0x46, 0x60, 0x1f, 0xb9, 0x96, 0x87, 0xdc, + 0x57, 0x40, 0xa7, 0xd4, 0x6c, 0xc9, 0x77, 0x54, 0xdc, 0x16, 0x82, 0xf0, 0xed, 0x35, 0x6a, 0xc4, + 0x70, 0xad, 0x3d, 0x90, 0xb5, 0x81, 0x94, 0x70, 0xd7, 0xbc, 0x65, 0xb2, 0xd5, 0x18, 0xe0, 0x2e, + 0xc3, 0xa5, 0xf9, 0x68, 0xdd, 0x64, 0x7b, 0xb8, 0xb7, 0x3c, 0x9c, 0xfc, 0x00, 0xd8, 0x71, 0x7e, + 0xb7, 0x9a, 0x7c, 0xb1, 0xb7, 0xc2, 0xc3, 0x18, 0x34, 0x29, 0x32, 0x43, 0x3e, 0x00, 0x99, 0xe9, + 0x82, 0x94, 0xe3, 0xd8, 0x2a, 0xb0, 0x96, 0x29, 0xb7, 0xdf, 0x0e, 0x5f, 0x08, 0x33, 0x40, 0x76, + 0x52, 0x91, 0x32, 0x00, 0x9f, 0x97, 0x2c, 0x89, 0x6c, 0x39, 0x1e, 0xc8, 0x28, 0x05, 0x44, 0x17, + 0x3f, 0x68, 0x02, 0x8a, 0x9f, 0x44, 0x61, 0xd1, 0xf5, 0xa1, 0x7e, 0x5a, 0x70, 0xd2, 0xc7, 0x23, + 0x81, 0xcb, 0x38, 0x68, 0xe4, 0x2c, 0x20, 0xbc, 0x40, 0x57, 0x76, 0x17, 0xbd, 0x08, 0xb8, 0x96, + 0xbc, 0x26, 0xeb, 0x32, 0x46, 0x69, 0x35, 0x05, 0x8c, 0x15, 0x70, 0xd9, 0x1b, 0xe9, 0xbe, 0xcc, + 0xa9, 0x38, 0xa6, 0x67, 0xf0, 0xad, 0x50, 0x13, 0x19, 0x72, 0x64, 0xbf, 0x52, 0xc2, 0x34, 0xe2, + 0x1b, 0x11, 0x79, 0x74, 0x72, 0xbd, 0x34, 0x5b, 0xb1, 0xe2, 0xfd, 0x66, 0x73, 0xfe, 0x71, 0x64, + 0x74, 0xd0, 0x4e, 0xbc, 0x51, 0x24, 0x19, 0x40, 0x87, 0x0e, 0x92, 0x40, 0xe6, 0x21, 0xe7, 0x2d, + 0x4e, 0x37, 0x76, 0x2f, 0x2e, 0xe2, 0x68, 0xc7, 0x89, 0xe8, 0x32, 0x13, 0x42, 0x06, 0x84, 0x84, + 0x53, 0x4a, 0xb3, 0x0c, 0x1b, 0x4c, 0x8d, 0x1c, 0x51, 0x97, 0x19, 0xab, 0xae, 0x77, 0xff, 0xdb, + 0xec, 0xf0, 0x10, 0x95, 0x34, 0x33, 0x6b, 0xcb, 0x3e, 0x84, 0x0f, 0xb9, 0xd8, 0x5f, 0xb8, 0xa0, + 0xb8, 0x55, 0x53, 0x3e, 0x70, 0xf7, 0x18, 0xf5, 0xce, 0x7b, 0x4e, 0xbf, 0x27, 0xce, 0xce, 0xa8, + 0xb3, 0xbe, 0x40, 0xc5, 0xc5, 0x32, 0x29, 0x3e, 0x71, 0x64, 0x9e, 0xde, 0x8c, 0xf6, 0x75, 0xa1, + 0xe6, 0xf6, 0x53, 0xc8, 0x31, 0xa8, 0x78, 0xde, 0x50, 0x40, 0xf7, 0x62, 0xde, 0x36, 0xb2, 0xba }; #endif @@ -336,18 +336,12 @@ void app_main(void) * - NULL if not used */ const char *pop = "abcd1234"; - /* If the pop is allocated dynamically, then it should be valid till the provisioning process is running. - * it can be only freed when the WIFI_PROV_END event is triggered */ /* This is the structure for passing security parameters * for the protocomm security 1. - * This does not need not be static i.e. could be dynamically allocated */ - wifi_prov_security1_params_t sec1_params = { - .data = (const uint8_t *)pop, - .len = strlen(pop), - }; - wifi_prov_security1_params_t *sec_params = &sec1_params; + wifi_prov_security1_params_t *sec_params = pop; + const char *username = NULL; #elif CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2 @@ -369,7 +363,8 @@ void app_main(void) #endif /* This is the structure for passing security parameters * for the protocomm security 2. - * This does not need not be static i.e. could be dynamically allocated + * If dynamically allocated, sec2_params pointer and its content + * must be valid till WIFI_PROV_END event is triggered. */ wifi_prov_security2_params_t sec2_params = {};