Using same IV in AES-GCM across multiple invocation of
encryption/decryption operations can pose a security risk. It can help
to reveal co-relation between different plaintexts.
This commit introduces a change to use part of IV as a monotonic
counter, which must be incremented after every AES-GCM invocation
on both the client and the device side.
Concept of patch version for a security scheme has been introduced here
which can help to differentiate a protocol behavior for the provisioning
entity. The security patch version will be available in the JSON
response for `proto-ver` endpoint request with the field
`sec_patch_ver`.
Please refer to documentation for more details on the changes required
on the provisioning entity side (e.g., PhoneApps).
1) Rename srp component to esp_srp
2) Remove dependency on hkdf sha
3) Restructure protocomm component APIs to make them more flexible for allowing multiple security versions
4) esp_srp: convert API return type from int to esp_err_t
5) esp_srp: Formatting changes
6) Added mbedtls_gcm instead of aes_ctr
Co-authored-by: Laukik hase <laukik.hase@espressif.com>
