espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-31 19:24:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix/fix_protocomm_security2_backward_compatibility_v5.0' into 'release/v5.0'

Browse Source 
wifi_prov: Update behaviour for wifi_prov_mgr_start_provisioning to avoid... (v5.0)

See merge request espressif/esp-idf!20489
This commit is contained in:
Mahavir Jain
2022-10-10 15:44:12 +08:00
parent 3eb3f9f744 ccb8b9d42c
commit ee12de9450
15 changed files with 153 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/protocomm/Kconfig
View File

@@ -20,7 +20,7 @@ menu "Protocomm"
config ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
bool "Support protocomm security version 2 (SRP6a-based key exchange + AES-GCM encryption/decryption)"
default n
default y
help
Enable support of security version 2.
Disabling this option saves some code size.

3
components/protocomm/src/crypto/srp6a/esp_srp.c
View File

@@ -388,7 +388,7 @@ error:
return ESP_FAIL;
}
esp_err_t esp_srp_get_session_key(esp_srp_handle_t *hd, char *bytes_A, int len_A, char **bytes_key, int *len_key)
esp_err_t esp_srp_get_session_key(esp_srp_handle_t *hd, char *bytes_A, int len_A, char **bytes_key, uint16_t *len_key)
{
esp_mpi_t *u = NULL;
esp_mpi_t *vu = NULL;
@@ -524,6 +524,7 @@ esp_err_t esp_srp_exchange_proofs(esp_srp_handle_t *hd, char *username, uint16_t
ESP_LOG_BUFFER_HEX_LEVEL(TAG, (char *)digest, sizeof(digest), ESP_LOG_DEBUG);
if (memcmp(bytes_user_proof, digest, SHA512_HASH_SZ) != 0) {
free(s);
return ESP_FAIL;
}

3
components/protocomm/src/crypto/srp6a/esp_srp_mpi.c
View File

@@ -26,6 +26,7 @@ esp_mpi_t *esp_mpi_new_from_hex(const char *hex)
int ret = mbedtls_mpi_read_string(a, 16, hex);
if (ret != 0) {
printf("mbedtls_mpi_read_string() failed, returned %x\n", ret);
esp_mpi_free(a);
return NULL;
}
return a;
@@ -41,6 +42,7 @@ esp_mpi_t *esp_mpi_new_from_bin(const char *str, int str_len)
int ret = mbedtls_mpi_read_binary(a, (unsigned char *)str, str_len);
if (ret != 0) {
printf("mbedtls_mpi_read_binary() failed, returned %x\n", ret);
esp_mpi_free(a);
return NULL;
}
return a;
@@ -81,6 +83,7 @@ char *esp_mpi_to_bin(esp_mpi_t *bn, int *len)
int ret = mbedtls_mpi_write_binary(bn, (unsigned char *)p, *len);
if (ret != 0) {
printf("mbedtls_mpi_read_string() failed, returned %x\n", ret);
free(p);
return NULL;
}
return p;

2
components/protocomm/src/crypto/srp6a/include/esp_srp.h
View File

@@ -88,7 +88,7 @@ esp_err_t esp_srp_srv_pubkey_from_salt_verifier(esp_srp_handle_t *hd, char **byt
/* Returns bytes_key
* *bytes_key MUST NOT BE FREED BY THE CALLER
*/
esp_err_t esp_srp_get_session_key(esp_srp_handle_t *hd, char *bytes_A, int len_A, char **bytes_key, int *len_key);
esp_err_t esp_srp_get_session_key(esp_srp_handle_t *hd, char *bytes_A, int len_A, char **bytes_key, uint16_t *len_key);
/* Exchange proofs
* Returns 1 if user's proof is ok. Also 1 when is returned, bytes_host_proof contains our proof.

51
components/protocomm/src/security/security2.c
View File

@@ -48,8 +48,6 @@ typedef struct session {
uint16_t salt_len;
char *verifier;
uint16_t verifier_len;
char *client_pubkey;
uint16_t client_pubkey_len;
char *session_key;
uint16_t session_key_len;
uint8_t iv[AES_GCM_IV_SIZE];
@@ -90,23 +88,16 @@ static esp_err_t handle_session_command0(session_t *cur_session,
return ESP_ERR_INVALID_ARG;
}
cur_session->username_len = in->sc0->client_username.len;
cur_session->username = calloc(cur_session->username_len, sizeof(char));
if (!cur_session->username) {
ESP_LOGE(TAG, "Failed to allocate memory!");
return ESP_ERR_NO_MEM;
if (sv == NULL) {
ESP_LOGE(TAG, "Invalid security params");
return ESP_ERR_INVALID_ARG;
}
memcpy(cur_session->username, in->sc0->client_username.data, in->sc0->client_username.len);
ESP_LOGD(TAG, "Username: %.*s", cur_session->username_len, cur_session->username);
cur_session->client_pubkey = calloc(PUBLIC_KEY_LEN, sizeof(char));
if (!cur_session->client_pubkey ) {
ESP_LOGE(TAG, "Failed to allocate memory!");
return ESP_ERR_NO_MEM;
}
memcpy(cur_session->client_pubkey, in->sc0->client_pubkey.data, PUBLIC_KEY_LEN);
cur_session->client_pubkey_len = PUBLIC_KEY_LEN;
hexdump("Client Public Key", cur_session->client_pubkey, PUBLIC_KEY_LEN);
ESP_LOGD(TAG, "Username: %.*s", in->sc0->client_username.len, in->sc0->client_username.data);
hexdump("Client Public Key", (char *) in->sc0->client_pubkey.data, PUBLIC_KEY_LEN);
/* Initialize mu srp context */
cur_session->srp_hd = calloc(1, sizeof(esp_srp_handle_t));
@@ -117,6 +108,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
if (esp_srp_init(cur_session->srp_hd, ESP_NG_3072) != ESP_OK) {
ESP_LOGE(TAG, "Failed to initialise security context!");
free(cur_session->srp_hd);
return ESP_FAIL;
}
@@ -129,31 +121,33 @@ static esp_err_t handle_session_command0(session_t *cur_session,
cur_session->verifier_len = sv->verifier_len;
ESP_LOGI(TAG, "Using salt and verifier to generate public key...");
if (sv != NULL && sv->salt != NULL && sv->salt_len != 0 && sv->verifier != NULL && sv->verifier_len != 0) {
if (sv->salt != NULL && sv->salt_len != 0 && sv->verifier != NULL && sv->verifier_len != 0) {
if (esp_srp_set_salt_verifier(cur_session->srp_hd, cur_session->salt, cur_session->salt_len, cur_session->verifier, cur_session->verifier_len) != ESP_OK) {
ESP_LOGE(TAG, "Failed to set salt and verifier!");
free(cur_session->srp_hd);
return ESP_FAIL;
}
if (esp_srp_srv_pubkey_from_salt_verifier(cur_session->srp_hd, &device_pubkey, &device_pubkey_len) != ESP_OK) {
ESP_LOGE(TAG, "Failed to device public key!");
free(cur_session->srp_hd);
return ESP_FAIL;
}
}
hexdump("Device Public Key", device_pubkey, device_pubkey_len);
if (esp_srp_get_session_key(cur_session->srp_hd, cur_session->client_pubkey, cur_session->client_pubkey_len,
&cur_session->session_key, (int *)&cur_session->session_key_len) != ESP_OK) {
if (esp_srp_get_session_key(cur_session->srp_hd, (char *) in->sc0->client_pubkey.data, PUBLIC_KEY_LEN,
&cur_session->session_key, &cur_session->session_key_len) != ESP_OK) {
ESP_LOGE(TAG, "Failed to generate device session key!");
free(cur_session->srp_hd);
return ESP_FAIL;
}
hexdump("Session Key", cur_session->session_key, cur_session->session_key_len);
Sec2Payload *out = (Sec2Payload *) malloc(sizeof(Sec2Payload));
S2SessionResp0 *out_resp = (S2SessionResp0 *) malloc(sizeof(S2SessionResp0));
if (!out || !out_resp) {
ESP_LOGE(TAG, "Error allocating memory for response0");
free(cur_session->srp_hd);
free(out);
free(out_resp);
return ESP_ERR_NO_MEM;
@@ -178,6 +172,15 @@ static esp_err_t handle_session_command0(session_t *cur_session,
resp->proto_case = SESSION_DATA__PROTO_SEC2;
resp->sec2 = out;
cur_session->username_len = in->sc0->client_username.len;
cur_session->username = malloc(cur_session->username_len);
if (!cur_session->username) {
ESP_LOGE(TAG, "Failed to allocate memory!");
free(cur_session->srp_hd);
return ESP_ERR_NO_MEM;
}
memcpy(cur_session->username, in->sc0->client_username.data, in->sc0->client_username.len);
cur_session->state = SESSION_STATE_CMD1;
ESP_LOGD(TAG, "Session setup phase1 done");
@@ -209,6 +212,7 @@ static esp_err_t handle_session_command1(session_t *cur_session,
if (esp_srp_exchange_proofs(cur_session->srp_hd, cur_session->username, cur_session->username_len, (char * ) in->sc1->client_proof.data, device_proof) != ESP_OK) {
ESP_LOGE(TAG, "Failed to authenticate client proof!");
free(device_proof);
return ESP_FAIL;
}
hexdump("Device proof", device_proof, CLIENT_PROOF_LEN);
@@ -225,6 +229,7 @@ static esp_err_t handle_session_command1(session_t *cur_session,
mbed_err = mbedtls_gcm_setkey(&cur_session->ctx_gcm, MBEDTLS_CIPHER_ID_AES, (unsigned char *)cur_session->session_key, AES_GCM_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failure at mbedtls_gcm_setkey_enc with error code : -0x%x", -mbed_err);
free(device_proof);
mbedtls_gcm_free(&cur_session->ctx_gcm);
return ESP_FAIL;
}
@@ -233,6 +238,7 @@ static esp_err_t handle_session_command1(session_t *cur_session,
S2SessionResp1 *out_resp = (S2SessionResp1 *) malloc(sizeof(S2SessionResp1));
if (!out || !out_resp) {
ESP_LOGE(TAG, "Error allocating memory for response1");
free(device_proof);
free(out);
free(out_resp);
mbedtls_gcm_free(&cur_session->ctx_gcm);
@@ -341,7 +347,6 @@ static esp_err_t sec2_close_session(protocomm_security_handle_t handle, uint32_t
}
free(cur_session->username);
free(cur_session->client_pubkey);
if (cur_session->srp_hd) {
esp_srp_free(cur_session->srp_hd);

19
components/wifi_provisioning/include/wifi_provisioning/manager.h
View File

@@ -188,11 +188,13 @@ typedef struct {
* These are same as the security modes provided by protocomm
*/
typedef enum wifi_prov_security {
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
/**
* No security (plain-text communication)
*/
WIFI_PROV_SECURITY_0 = 0,
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
/**
* This secure communication mode consists of
* X25519 key exchange
@@ -200,16 +202,27 @@ typedef enum wifi_prov_security {
* + AES-CTR encryption
*/
WIFI_PROV_SECURITY_1,
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
/**
* This secure communication mode consists of
* SRP6a based authentication and key exchange
* + AES-GCM encryption/decryption
*/
WIFI_PROV_SECURITY_2
#endif
} wifi_prov_security_t;
typedef protocomm_security1_params_t wifi_prov_security1_params_t;
/**
* @brief Security 1 params structure
* This needs to be passed when using WIFI_PROV_SECURITY_1
*/
typedef const char wifi_prov_security1_params_t;
/**
* @brief Security 2 params structure
* This needs to be passed when using WIFI_PROV_SECURITY_2
*/
typedef protocomm_security2_params_t wifi_prov_security2_params_t;
/**

31
components/wifi_provisioning/src/manager.c
View File

@@ -246,6 +246,7 @@ static cJSON* wifi_prov_get_info_json(void)
/* Version field */
cJSON_AddStringToObject(prov_info_json, "ver", prov_ctx->mgr_info.version);
cJSON_AddNumberToObject(prov_info_json, "sec_ver", prov_ctx->security);
/* Capabilities field */
cJSON_AddItemToObject(prov_info_json, "cap", prov_capabilities);
@@ -600,6 +601,12 @@ static bool wifi_prov_mgr_stop_service(bool blocking)
/* Free proof of possession */
if (prov_ctx->protocomm_sec_params) {
if (prov_ctx->security == 1) {
// In case of security 1 we keep an internal copy of "pop".
// Hence free it at this point
uint8_t *pop = (uint8_t *)((protocomm_security1_params_t *) prov_ctx->protocomm_sec_params)->data;
free(pop);
}
prov_ctx->protocomm_sec_params = NULL;
}
@@ -1474,20 +1481,38 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const
goto err;
}
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
/* Initialize app data */
if (security == WIFI_PROV_SECURITY_0) {
prov_ctx->mgr_info.capabilities.no_sec = true;
} else if (security == WIFI_PROV_SECURITY_1) {
}
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
if (security == WIFI_PROV_SECURITY_1) {
if (wifi_prov_sec_params) {
prov_ctx->protocomm_sec_params = wifi_prov_sec_params;
static protocomm_security1_params_t sec1_params;
// Generate internal copy of "pop", that shall be freed at the end
char *pop = strdup(wifi_prov_sec_params);
if (pop == NULL) {
ESP_LOGE(TAG, "Failed to allocate memory for pop");
ret = ESP_ERR_NO_MEM;
goto err;
}
sec1_params.data = (const uint8_t *)pop;
sec1_params.len = strlen(pop);
prov_ctx->protocomm_sec_params = (const void *) &sec1_params;
} else {
prov_ctx->mgr_info.capabilities.no_pop = true;
}
} else if (security == WIFI_PROV_SECURITY_2) {
}
#endif
#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
if (security == WIFI_PROV_SECURITY_2) {
if (wifi_prov_sec_params) {
prov_ctx->protocomm_sec_params = wifi_prov_sec_params;
}
}
#endif
prov_ctx->security = security;

2
docs/en/api-guides/performance/size.rst
View File

@@ -298,7 +298,7 @@ The following configuration options will reduce the final binary size of almost
- Disabling :ref:`CONFIG_ESP_ERR_TO_NAME_LOOKUP` will remove the lookup table to translate user-friendly names for error values (see :doc:`/api-guides/error-handling`) in error logs, etc. This saves some binary size, but error values will be printed as integers only.
- Setting :ref:`CONFIG_ESP_SYSTEM_PANIC` to "Silent reboot" will save a small amount of binary size, however this is *only* recommended if no one will use UART output to debug the device.
:CONFIG_IDF_TARGET_ARCH_RISCV: - Set :ref:`CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS` to reduce binary size by replacing inlined prologues/epilogues with library calls.
- If the application binary uses only one of the security versions of the protocomm component, then the support for others can be disabled to save some code size. The support can be disabled through :ref:`CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0`, :ref:`CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1` or :ref:`CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2` respectively.
.. note::
In addition to the many configuration items shown here, there are a number of configuration options where changing the option from the default will increase binary size. These are not noted here. Where the increase is significant, this is usually noted in the configuration item help text.

1
docs/en/api-reference/provisioning/provisioning.rst
View File

@@ -146,7 +146,6 @@ Security1 scheme details are shown in the below sequence diagram -
CLIENT -> CLIENT [label = "Verify Device", rightnote = "check (cli_pubkey == aes_ctr_dec(dev_verify...)"];
}
.. note:: We shall soon migrate to ``Security2 scheme`` as the default scheme in our examples as it provides enhanced security. This change shall be done once we have our phone apps (Android/iOS) upgraded to handle ``Security2 scheme``.
Security2 Scheme
>>>>>>>>>>>>>>>>

3
docs/en/migration-guides/release-5.x/provisioning.rst
View File

@@ -14,8 +14,7 @@ Wi-Fi Provisioning
------------------
.. list::
* The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. Please use the ``wifi_prov_sec_params`` field instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`.
* The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. For backward compatibility, ``pop`` can be still passed as a string for security1. However for Security2 the ``wifi_prov_sec_params`` argument needs to be passed instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`. For security 1 the behaviour and the usage of the API remains same.
* The API :cpp:func:`wifi_prov_mgr_is_provisioned` does not return :c:macro:`ESP_ERR_INVALID_STATE` error any more. This API now works without any dependency on provisioning manager initialization state.
ESP Local Control

16
examples/provisioning/wifi_prov_mgr/README.md
View File

@@ -86,7 +86,7 @@ python esp_prov.py --transport ble --service_name PROV_261FCC --sec_ver 1 --pop
For security version 2, the following command can be used:
```
python esp_prov.py --transport ble --service_name PROV_261FCC --sec_ver 2 --sec2_username testuser --sec2_pwd testpassword --ssid myssid --passphrase mypassword
python esp_prov.py --transport ble --service_name PROV_261FCC --sec_ver 2 --sec2_username wifiprov --sec2_pwd abcd1234 --ssid myssid --passphrase mypassword
```
Above command will perform the provisioning steps, and the monitor log should display something like this :
@@ -123,17 +123,19 @@ I (55355) app: Hello World!
The config option `CONFIG_EXAMPLE_PROV_SEC2_DEV_MODE` should be enabled for the example and in `main/app_main.c`, the macro `EXAMPLE_PROV_SEC2_USERNAME` should be set to the same username used in the salt-verifier generation.
```log
$ python esp_prov.py --transport softap --sec_ver 2 --sec2_gen_cred --sec2_username testuser --sec2_pwd testpassword
$ python esp_prov.py --transport softap --sec_ver 2 --sec2_gen_cred --sec2_username wifiprov --sec2_pwd abcd1234
==== Salt-verifier for security scheme 2 (SRP6a) ====
static const char sec2_salt[] = {
0x14, 0xdf, 0x42, 0x50, 0x3d, 0xec, 0x54, 0xc3, 0xe5, 0x0e, 0x0c, 0x9d, 0xb4, 0x84, 0xd7, 0xe4
0x03, 0x6e, 0xe0, 0xc7, 0xbc, 0xb9, 0xed, 0xa8, 0x4c, 0x9e, 0xac, 0x97, 0xd9, 0x3d, 0xec, 0xf4
};
static const char sec2_verifier[] = {
0xd7, 0xc2, 0xdb, 0x68, 0x3b, 0x98, 0xf0, 0xbf, 0x4f, 0x02, 0x21, 0xf6, 0x07, 0xe6, 0xfc, 0x0d,
...
...
0x86, 0xf2, 0x78, 0xba, 0x1e, 0x12, 0xa9, 0x62, 0x9a, 0x47, 0x1b, 0x69, 0x42, 0xba, 0x37, 0xe2
0x7c, 0x7c, 0x85, 0x47, 0x65, 0x08, 0x94, 0x6d, 0xd6, 0x36, 0xaf, 0x37, 0xd7, 0xe8, 0x91, 0x43,
0x78, 0xcf, 0xfd, 0x61, 0x6c, 0x59, 0xd2, 0xf8, 0x39, 0x08, 0x12, 0x72, 0x38, 0xde, 0x9e, 0x24,
.
.
.
0xe6, 0xf6, 0x53, 0xc8, 0x31, 0xa8, 0x78, 0xde, 0x50, 0x40, 0xf7, 0x62, 0xde, 0x36, 0xb2, 0xba
};
```

2
examples/provisioning/wifi_prov_mgr/main/Kconfig.projbuild
View File

@@ -17,7 +17,7 @@ menu "Example Configuration"
choice EXAMPLE_PROV_SECURITY_VERSION
bool "Protocomm security version"
default EXAMPLE_PROV_SECURITY_VERSION_1
default EXAMPLE_PROV_SECURITY_VERSION_2
help
Wi-Fi provisioning component offers 3 security versions.
The example offers a choice between security version 1 and 2.

69
examples/provisioning/wifi_prov_mgr/main/app_main.c
View File

@@ -34,41 +34,41 @@ static const char *TAG = "app";
#if CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2
#if CONFIG_EXAMPLE_PROV_SEC2_DEV_MODE
#define EXAMPLE_PROV_SEC2_USERNAME "testuser"
#define EXAMPLE_PROV_SEC2_PWD "testpassword"
#define EXAMPLE_PROV_SEC2_USERNAME "wifiprov"
#define EXAMPLE_PROV_SEC2_PWD "abcd1234"
/* This salt,verifier has been generated for username = "testuser" and password = "testpassword"
/* This salt,verifier has been generated for username = "wifiprov" and password = "abcd1234"
* IMPORTANT NOTE: For production cases, this must be unique to every device
* and should come from device manufacturing partition.*/
static const char sec2_salt[] = {
0x2f, 0x3d, 0x3c, 0xf8, 0x0d, 0xbd, 0x0c, 0xa9, 0x6f, 0x30, 0xb4, 0x4d, 0x89, 0xd5, 0x2f, 0x0e
0x03, 0x6e, 0xe0, 0xc7, 0xbc, 0xb9, 0xed, 0xa8, 0x4c, 0x9e, 0xac, 0x97, 0xd9, 0x3d, 0xec, 0xf4
};
static const char sec2_verifier[] = {
0xf2, 0x9f, 0xc1, 0xf5, 0x28, 0x4a, 0x11, 0x74, 0xb4, 0x24, 0x09, 0x23, 0xd8, 0x27, 0xb7, 0x5a,
0x95, 0x3a, 0x99, 0xed, 0xf4, 0x6e, 0xe9, 0x8c, 0x4f, 0x07, 0xf2, 0xf5, 0x43, 0x3d, 0x7f, 0x9a,
0x11, 0x60, 0x66, 0xaf, 0xcd, 0xa5, 0xf6, 0xfa, 0xcb, 0x06, 0xe9, 0xc5, 0x3f, 0x4d, 0x77, 0x16,
0x4c, 0x68, 0x6d, 0x7f, 0x7c, 0xd7, 0xc7, 0x5a, 0x83, 0xc0, 0xfb, 0x94, 0x2d, 0xa9, 0x60, 0xf0,
0x09, 0x11, 0xa0, 0xe1, 0x95, 0x33, 0xd1, 0x30, 0x7f, 0x82, 0x1b, 0x1b, 0x0f, 0x6d, 0xf1, 0xdc,
0x93, 0x1c, 0x20, 0xa7, 0xc0, 0x8d, 0x48, 0x38, 0xff, 0x46, 0xb9, 0xaf, 0xf7, 0x93, 0x78, 0xae,
0xff, 0xb8, 0x3b, 0xdf, 0x99, 0x7b, 0x64, 0x47, 0x02, 0xba, 0x01, 0x39, 0x0f, 0x5c, 0xd8, 0x4e,
0x6f, 0xc8, 0xd0, 0x82, 0x7f, 0x2d, 0x33, 0x1a, 0x09, 0x65, 0x77, 0x85, 0xbc, 0x8a, 0x84, 0xe0,
0x46, 0x7e, 0x3b, 0x0e, 0x6e, 0x3b, 0xdf, 0x70, 0x17, 0x70, 0x0a, 0xbc, 0x84, 0x67, 0xfa, 0xf9,
0x84, 0x53, 0xda, 0xb4, 0xca, 0x38, 0x71, 0xe4, 0x06, 0xf6, 0x7d, 0xc8, 0x32, 0xbb, 0x91, 0x0c,
0xe7, 0xd3, 0x59, 0xb6, 0x03, 0xed, 0x8e, 0x0d, 0x91, 0x9c, 0x09, 0xd7, 0x6f, 0xd5, 0xca, 0x55,
0xc5, 0x58, 0x0f, 0x95, 0xb5, 0x83, 0x65, 0x6f, 0x2d, 0xbc, 0x94, 0x0f, 0xbb, 0x0f, 0xd3, 0x42,
0xa5, 0xfe, 0x15, 0x7f, 0xf9, 0xa8, 0x16, 0xe6, 0x58, 0x9b, 0x4c, 0x0f, 0xd3, 0x83, 0x2c, 0xac,
0xe4, 0xbf, 0xa3, 0x96, 0x1e, 0xb6, 0x6f, 0x59, 0xe6, 0xd1, 0x0e, 0xd4, 0x27, 0xb6, 0x05, 0x34,
0xec, 0x8c, 0xf8, 0x72, 0xbb, 0x04, 0x7b, 0xa4, 0x49, 0x3d, 0x6d, 0xa9, 0x99, 0xfc, 0x0a, 0x2b,
0xd8, 0x46, 0xa8, 0xd1, 0x46, 0x61, 0x5c, 0x96, 0xd2, 0x43, 0xcd, 0xea, 0x7f, 0x6a, 0x50, 0x59,
0x0d, 0x0e, 0xa1, 0xb3, 0x94, 0x5a, 0x34, 0xe0, 0x1e, 0x95, 0x56, 0x68, 0xb4, 0xbc, 0xf1, 0x08,
0x54, 0xcb, 0x42, 0x41, 0xc6, 0x78, 0xad, 0x71, 0x84, 0x1c, 0x29, 0xb8, 0x33, 0x79, 0x1c, 0x10,
0xdd, 0x07, 0xc8, 0x91, 0x21, 0x85, 0x89, 0x76, 0xd7, 0x37, 0xdf, 0x5b, 0x19, 0x33, 0x4e, 0x17,
0x67, 0x02, 0x0f, 0x1b, 0xb9, 0x2f, 0xa4, 0xdc, 0xdd, 0x75, 0x32, 0x96, 0x87, 0xdd, 0x66, 0xc3,
0x33, 0xc1, 0xfc, 0x4c, 0x27, 0x63, 0xb9, 0x14, 0x72, 0x76, 0x65, 0xb8, 0x90, 0x2b, 0xeb, 0x7a,
0xde, 0x71, 0x97, 0xf3, 0x6b, 0xc9, 0x8e, 0xdf, 0xfc, 0x6e, 0x13, 0xcc, 0x1b, 0x2b, 0x54, 0x1a,
0x6e, 0x3d, 0xe6, 0x1c, 0xec, 0x5d, 0xa1, 0xf1, 0xd4, 0x86, 0x9d, 0xcd, 0xb9, 0xe8, 0x98, 0xf1,
0xe5, 0x16, 0xa5, 0x48, 0xe5, 0xec, 0x12, 0xe8, 0x17, 0xe2, 0x55, 0xb5, 0xb3, 0x7c, 0xce, 0xfd
0x7c, 0x7c, 0x85, 0x47, 0x65, 0x08, 0x94, 0x6d, 0xd6, 0x36, 0xaf, 0x37, 0xd7, 0xe8, 0x91, 0x43,
0x78, 0xcf, 0xfd, 0x61, 0x6c, 0x59, 0xd2, 0xf8, 0x39, 0x08, 0x12, 0x72, 0x38, 0xde, 0x9e, 0x24,
0xa4, 0x70, 0x26, 0x1c, 0xdf, 0xa9, 0x03, 0xc2, 0xb2, 0x70, 0xe7, 0xb1, 0x32, 0x24, 0xda, 0x11,
0x1d, 0x97, 0x18, 0xdc, 0x60, 0x72, 0x08, 0xcc, 0x9a, 0xc9, 0x0c, 0x48, 0x27, 0xe2, 0xae, 0x89,
0xaa, 0x16, 0x25, 0xb8, 0x04, 0xd2, 0x1a, 0x9b, 0x3a, 0x8f, 0x37, 0xf6, 0xe4, 0x3a, 0x71, 0x2e,
0xe1, 0x27, 0x86, 0x6e, 0xad, 0xce, 0x28, 0xff, 0x54, 0x46, 0x60, 0x1f, 0xb9, 0x96, 0x87, 0xdc,
0x57, 0x40, 0xa7, 0xd4, 0x6c, 0xc9, 0x77, 0x54, 0xdc, 0x16, 0x82, 0xf0, 0xed, 0x35, 0x6a, 0xc4,
0x70, 0xad, 0x3d, 0x90, 0xb5, 0x81, 0x94, 0x70, 0xd7, 0xbc, 0x65, 0xb2, 0xd5, 0x18, 0xe0, 0x2e,
0xc3, 0xa5, 0xf9, 0x68, 0xdd, 0x64, 0x7b, 0xb8, 0xb7, 0x3c, 0x9c, 0xfc, 0x00, 0xd8, 0x71, 0x7e,
0xb7, 0x9a, 0x7c, 0xb1, 0xb7, 0xc2, 0xc3, 0x18, 0x34, 0x29, 0x32, 0x43, 0x3e, 0x00, 0x99, 0xe9,
0x82, 0x94, 0xe3, 0xd8, 0x2a, 0xb0, 0x96, 0x29, 0xb7, 0xdf, 0x0e, 0x5f, 0x08, 0x33, 0x40, 0x76,
0x52, 0x91, 0x32, 0x00, 0x9f, 0x97, 0x2c, 0x89, 0x6c, 0x39, 0x1e, 0xc8, 0x28, 0x05, 0x44, 0x17,
0x3f, 0x68, 0x02, 0x8a, 0x9f, 0x44, 0x61, 0xd1, 0xf5, 0xa1, 0x7e, 0x5a, 0x70, 0xd2, 0xc7, 0x23,
0x81, 0xcb, 0x38, 0x68, 0xe4, 0x2c, 0x20, 0xbc, 0x40, 0x57, 0x76, 0x17, 0xbd, 0x08, 0xb8, 0x96,
0xbc, 0x26, 0xeb, 0x32, 0x46, 0x69, 0x35, 0x05, 0x8c, 0x15, 0x70, 0xd9, 0x1b, 0xe9, 0xbe, 0xcc,
0xa9, 0x38, 0xa6, 0x67, 0xf0, 0xad, 0x50, 0x13, 0x19, 0x72, 0x64, 0xbf, 0x52, 0xc2, 0x34, 0xe2,
0x1b, 0x11, 0x79, 0x74, 0x72, 0xbd, 0x34, 0x5b, 0xb1, 0xe2, 0xfd, 0x66, 0x73, 0xfe, 0x71, 0x64,
0x74, 0xd0, 0x4e, 0xbc, 0x51, 0x24, 0x19, 0x40, 0x87, 0x0e, 0x92, 0x40, 0xe6, 0x21, 0xe7, 0x2d,
0x4e, 0x37, 0x76, 0x2f, 0x2e, 0xe2, 0x68, 0xc7, 0x89, 0xe8, 0x32, 0x13, 0x42, 0x06, 0x84, 0x84,
0x53, 0x4a, 0xb3, 0x0c, 0x1b, 0x4c, 0x8d, 0x1c, 0x51, 0x97, 0x19, 0xab, 0xae, 0x77, 0xff, 0xdb,
0xec, 0xf0, 0x10, 0x95, 0x34, 0x33, 0x6b, 0xcb, 0x3e, 0x84, 0x0f, 0xb9, 0xd8, 0x5f, 0xb8, 0xa0,
0xb8, 0x55, 0x53, 0x3e, 0x70, 0xf7, 0x18, 0xf5, 0xce, 0x7b, 0x4e, 0xbf, 0x27, 0xce, 0xce, 0xa8,
0xb3, 0xbe, 0x40, 0xc5, 0xc5, 0x32, 0x29, 0x3e, 0x71, 0x64, 0x9e, 0xde, 0x8c, 0xf6, 0x75, 0xa1,
0xe6, 0xf6, 0x53, 0xc8, 0x31, 0xa8, 0x78, 0xde, 0x50, 0x40, 0xf7, 0x62, 0xde, 0x36, 0xb2, 0xba
};
#endif
@@ -336,18 +336,12 @@ void app_main(void)
* - NULL if not used
*/
const char *pop = "abcd1234";
/* If the pop is allocated dynamically, then it should be valid till the provisioning process is running.
* it can be only freed when the WIFI_PROV_END event is triggered */
/* This is the structure for passing security parameters
* for the protocomm security 1.
* This does not need not be static i.e. could be dynamically allocated
*/
wifi_prov_security1_params_t sec1_params = {
.data = (const uint8_t *)pop,
.len = strlen(pop),
};
wifi_prov_security1_params_t *sec_params = &sec1_params;
wifi_prov_security1_params_t *sec_params = pop;
const char *username = NULL;
#elif CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2
@@ -369,7 +363,8 @@ void app_main(void)
#endif
/* This is the structure for passing security parameters
* for the protocomm security 2.
* This does not need not be static i.e. could be dynamically allocated
* If dynamically allocated, sec2_params pointer and its content
* must be valid till WIFI_PROV_END event is triggered.
*/
wifi_prov_security2_params_t sec2_params = {};

37
examples/provisioning/wifi_prov_mgr/pytest_wifi_prov_mgr.py
View File

@@ -25,11 +25,7 @@ logging.basicConfig(level=logging.INFO)
esp_prov.config_throw_except = True
@pytest.mark.esp32
@pytest.mark.generic
@pytest.mark.xfail(reason='Runner unable to connect to target over Bluetooth', run=False)
def test_examples_wifi_prov_mgr(dut: Dut) -> None:
def test_wifi_prov_mgr(dut: Dut, sec_ver: int) -> None:
# Check if BT memory is released before provisioning starts
dut.expect('wifi_prov_scheme_ble: BT memory released', timeout=60)
@@ -40,14 +36,22 @@ def test_examples_wifi_prov_mgr(dut: Dut) -> None:
logging.info('Starting Provisioning')
verbose = False
protover = 'v1.1'
secver = 1
pop = 'abcd1234'
provmode = 'ble'
ap_ssid = 'myssid'
ap_password = 'mypassword'
logging.info('Getting security')
security = esp_prov.get_security(secver, pop, verbose)
if (sec_ver == 1):
pop = 'abcd1234'
sec2_username = None
sec2_password = None
security = esp_prov.get_security(sec_ver, sec2_username, sec2_password, pop, verbose)
elif (sec_ver == 2):
pop = None
sec2_username = 'wifiprov'
sec2_password = 'abcd1234'
security = esp_prov.get_security(sec_ver, sec2_username, sec2_password, pop, verbose)
if security is None:
raise RuntimeError('Failed to get security')
@@ -85,3 +89,20 @@ def test_examples_wifi_prov_mgr(dut: Dut) -> None:
# Check if BTDM memory is released after provisioning finishes
dut.expect('wifi_prov_scheme_ble: BTDM memory released', timeout=30)
@pytest.mark.esp32
@pytest.mark.generic
@pytest.mark.parametrize('config', ['security1',], indirect=True)
@pytest.mark.xfail(reason='Runner unable to connect to target over Bluetooth', run=False)
def test_examples_wifi_prov_mgr_sec1(dut: Dut) -> None:
test_wifi_prov_mgr(dut, 1)
@pytest.mark.esp32
@pytest.mark.generic
@pytest.mark.xfail(reason='Runner unable to connect to target over Bluetooth', run=False)
def test_examples_wifi_prov_mgr_sec2(dut: Dut) -> None:
test_wifi_prov_mgr(dut, 2)

1
examples/provisioning/wifi_prov_mgr/sdkconfig.ci.security1 Normal file
View File

@@ -0,0 +1 @@
CONFIG_EXAMPLE_PROV_SECURITY_VERSION_1=y