From f2cce5fa0dfa4edf5ae2bf50cd66deb7f32c664c Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 26 May 2022 17:30:10 +0530 Subject: [PATCH] wifi_provisioning: Update the APIs with reference to the new APIs from protocomm esp_local_ctrl: Update the code with reference to new changes in protocomm component --- .../esp_local_ctrl/include/esp_local_ctrl.h | 42 +++++++++------ .../esp_local_ctrl/src/esp_local_ctrl.c | 24 ++++----- .../include/wifi_provisioning/manager.h | 22 ++++++-- components/wifi_provisioning/src/manager.c | 54 +++++-------------- .../main/esp_local_ctrl_service.c | 2 +- .../wifi_prov_mgr/main/app_main.c | 24 +++++++-- tools/ci/check_copyright_ignore.txt | 2 - 7 files changed, 86 insertions(+), 84 deletions(-) diff --git a/components/esp_local_ctrl/include/esp_local_ctrl.h b/components/esp_local_ctrl/include/esp_local_ctrl.h index 8322412eb3..6e9b90a81b 100644 --- a/components/esp_local_ctrl/include/esp_local_ctrl.h +++ b/components/esp_local_ctrl/include/esp_local_ctrl.h @@ -1,16 +1,8 @@ -// Copyright 2019 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once @@ -234,9 +226,13 @@ typedef union { typedef enum esp_local_ctrl_proto_sec { PROTOCOM_SEC0 = 0, PROTOCOM_SEC1, + PROTOCOM_SEC2, PROTOCOM_SEC_CUSTOM, } esp_local_ctrl_proto_sec_t; +typedef protocomm_security1_params_t esp_local_ctrl_security1_params_t; +typedef protocomm_security2_params_t esp_local_ctrl_security2_params_t; + /** * Protocom security configs */ @@ -253,10 +249,22 @@ typedef struct esp_local_ctrl_proto_sec_cfg { */ void *custom_handle; - /** - * Proof of possession to be used for local control. Could be NULL. - */ - void *pop; + /* Anonymous union */ + union { + /** + * Proof of possession to be used for local control. Could be NULL. + */ + const void *pop __attribute__((deprecated("use sec_params field instead"))); + + /** + * Pointer to security params (NULL if not needed). + * This is not needed for protocomm security 0 + * This pointer should hold the struct of type + * esp_local_ctrl_security1_params_t for protocomm security 1 + * and esp_local_ctrl_security2_params_t for protocomm security 2 respectively. Could be NULL. + */ + const void *sec_params; + }; } esp_local_ctrl_proto_sec_cfg_t; /** diff --git a/components/esp_local_ctrl/src/esp_local_ctrl.c b/components/esp_local_ctrl/src/esp_local_ctrl.c index 3a8b9f74b0..5202576339 100644 --- a/components/esp_local_ctrl/src/esp_local_ctrl.c +++ b/components/esp_local_ctrl/src/esp_local_ctrl.c @@ -1,16 +1,8 @@ -// Copyright 2019 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include @@ -20,6 +12,7 @@ #include #include #include +#include #include #include "esp_local_ctrl_priv.h" @@ -158,13 +151,16 @@ esp_err_t esp_local_ctrl_start(const esp_local_ctrl_config_t *config) case PROTOCOM_SEC1: proto_sec_handle = (protocomm_security_t *) &protocomm_security1; break; + case PROTOCOM_SEC2: + proto_sec_handle = (protocomm_security_t *) &protocomm_security2; + break; case PROTOCOM_SEC0: default: proto_sec_handle = (protocomm_security_t *) &protocomm_security0; break; } ret = protocomm_set_security(local_ctrl_inst_ctx->pc, "esp_local_ctrl/session", - proto_sec_handle, local_ctrl_inst_ctx->config.proto_sec.pop, NULL); + proto_sec_handle, local_ctrl_inst_ctx->config.proto_sec.sec_params); if (ret != ESP_OK) { ESP_LOGE(TAG, "Failed to set session endpoint"); esp_local_ctrl_stop(); diff --git a/components/wifi_provisioning/include/wifi_provisioning/manager.h b/components/wifi_provisioning/include/wifi_provisioning/manager.h index 16330de85d..e65ef3ea70 100644 --- a/components/wifi_provisioning/include/wifi_provisioning/manager.h +++ b/components/wifi_provisioning/include/wifi_provisioning/manager.h @@ -201,9 +201,17 @@ typedef enum wifi_prov_security { */ WIFI_PROV_SECURITY_1, + /** + * This secure communication mode consists of + * SRP6a based authentication and key exchange + * + AES-GCM encryption/decryption + */ WIFI_PROV_SECURITY_2 } wifi_prov_security_t; +typedef protocomm_security1_params_t wifi_prov_security1_params_t; +typedef protocomm_security2_params_t wifi_prov_security2_params_t; + /** * @brief Initialize provisioning manager instance * @@ -285,9 +293,14 @@ esp_err_t wifi_prov_mgr_is_provisioned(bool *provisioned); * - WIFI_PROV_SECURITY_0 : For no security * - WIFI_PROV_SECURITY_1 : x25519 secure handshake for session * establishment followed by AES-CTR encryption of provisioning messages - * @param[in] pop Pointer to proof of possession string (NULL if not needed). This - * is relevant only for protocomm security 1, in which case it is used - * for authenticating secure session + * - WIFI_PROV_SECURITY_2: SRP6a based authentication and key exchange + * followed by AES-GCM encryption/decryption of provisioning messages + * @param[in] wifi_prov_sec_params + * Pointer to security params (NULL if not needed). + * This is not needed for protocomm security 0 + * This pointer should hold the struct of type + * wifi_prov_security1_params_t for protocomm security 1 + * and wifi_prov_security2_params_t for protocomm security 2 respectively. * @param[in] service_name Unique name of the service. This translates to: * - Wi-Fi SSID when provisioning mode is softAP * - Device name when provisioning mode is BLE @@ -301,8 +314,7 @@ esp_err_t wifi_prov_mgr_is_provisioned(bool *provisioned); * - ESP_FAIL : Failed to start provisioning service * - ESP_ERR_INVALID_STATE : Provisioning manager not initialized or already started */ -esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const char *pop, const char *salt, - const char *verifier, const char *service_name, const char *service_key); +esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const void *wifi_prov_sec_params, const char *service_name, const char *service_key); /** * @brief Stop provisioning service diff --git a/components/wifi_provisioning/src/manager.c b/components/wifi_provisioning/src/manager.c index acc16f882a..f2ff62ed67 100644 --- a/components/wifi_provisioning/src/manager.c +++ b/components/wifi_provisioning/src/manager.c @@ -91,11 +91,8 @@ struct wifi_prov_mgr_ctx { /* Type of security to use with protocomm */ int security; - /* Pointer to proof of possession */ - protocomm_security_pop_t pop; - - /* Pointer to salt and verifier */ - protocomm_security_sv_t sv; + /* Pointer to security params */ + const void* protocomm_sec_params; /* Handle for Provisioning Auto Stop timer */ esp_timer_handle_t autostop_timer; @@ -311,13 +308,13 @@ static esp_err_t wifi_prov_mgr_start_service(const char *service_name, const cha /* Set protocomm security type for endpoint */ if (prov_ctx->security == 0) { ret = protocomm_set_security(prov_ctx->pc, "prov-session", - &protocomm_security0, NULL, NULL); + &protocomm_security0, NULL); } else if (prov_ctx->security == 1) { ret = protocomm_set_security(prov_ctx->pc, "prov-session", - &protocomm_security1, &prov_ctx->pop, NULL); + &protocomm_security1, prov_ctx->protocomm_sec_params); } else if (prov_ctx->security == 2) { ret = protocomm_set_security(prov_ctx->pc, "prov-session", - &protocomm_security2, NULL, &prov_ctx->sv); + &protocomm_security2, prov_ctx->protocomm_sec_params); } else { ESP_LOGE(TAG, "Unsupported protocomm security version %d", prov_ctx->security); ret = ESP_ERR_INVALID_ARG; @@ -587,9 +584,8 @@ static bool wifi_prov_mgr_stop_service(bool blocking) prov_ctx->prov_state = WIFI_PROV_STATE_STOPPING; /* Free proof of possession */ - if (prov_ctx->pop.data) { - free((void *)prov_ctx->pop.data); - prov_ctx->pop.data = NULL; + if (prov_ctx->protocomm_sec_params) { + prov_ctx->protocomm_sec_params = NULL; } /* Delete all scan results */ @@ -1392,8 +1388,8 @@ void wifi_prov_mgr_deinit(void) vSemaphoreDelete(prov_ctx_lock); } -esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const char *pop, const char *salt, - const char *verifier, const char *service_name, const char *service_key) +esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const void *wifi_prov_sec_params, + const char *service_name, const char *service_key) { uint8_t restore_wifi_flag = 0; @@ -1470,35 +1466,14 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const if (security == WIFI_PROV_SECURITY_0) { prov_ctx->mgr_info.capabilities.no_sec = true; } else if (security == WIFI_PROV_SECURITY_1) { - if (pop) { - prov_ctx->pop.len = strlen(pop); - prov_ctx->pop.data = malloc(prov_ctx->pop.len); - if (!prov_ctx->pop.data) { - ESP_LOGE(TAG, "Unable to allocate PoP data"); - ret = ESP_ERR_NO_MEM; - goto err; - } - memcpy((void *)prov_ctx->pop.data, pop, prov_ctx->pop.len); + if (wifi_prov_sec_params) { + prov_ctx->protocomm_sec_params = wifi_prov_sec_params; } else { prov_ctx->mgr_info.capabilities.no_pop = true; } } else if (security == WIFI_PROV_SECURITY_2) { - if (salt != NULL && verifier != NULL) { - prov_ctx->sv.salt_len = 4; - prov_ctx->sv.verifier_len = 384; - prov_ctx->sv.salt = malloc(prov_ctx->sv.salt_len); - prov_ctx->sv.verifier = malloc(prov_ctx->sv.verifier_len); - if (!prov_ctx->sv.salt || !prov_ctx->sv.salt) { - ESP_LOGE(TAG, "Unable to allocate salt-verifier data"); - ret = ESP_ERR_NO_MEM; - goto err; - } - memcpy((void *)prov_ctx->sv.salt, salt, prov_ctx->sv.salt_len); - memcpy((void *)prov_ctx->sv.verifier, verifier, prov_ctx->sv.verifier_len); - } else { - ESP_LOGE(TAG, "Salt and verifier cannot be NULL!"); - ret = ESP_ERR_INVALID_ARG; - goto err; + if (wifi_prov_sec_params) { + prov_ctx->protocomm_sec_params = wifi_prov_sec_params; } } prov_ctx->security = security; @@ -1513,7 +1488,6 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const ret = esp_timer_create(&wifi_connect_timer_conf, &prov_ctx->wifi_connect_timer); if (ret != ESP_OK) { ESP_LOGE(TAG, "Failed to create Wi-Fi connect timer"); - free((void *)prov_ctx->pop.data); goto err; } @@ -1530,7 +1504,6 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const if (ret != ESP_OK) { ESP_LOGE(TAG, "Failed to create auto-stop timer"); esp_timer_delete(prov_ctx->wifi_connect_timer); - free((void *)prov_ctx->pop.data); goto err; } } @@ -1546,7 +1519,6 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const if (ret != ESP_OK) { esp_timer_delete(prov_ctx->autostop_timer); esp_timer_delete(prov_ctx->wifi_connect_timer); - free((void *)prov_ctx->pop.data); } ACQUIRE_LOCK(prov_ctx_lock); if (ret == ESP_OK) { diff --git a/examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c b/examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c index 13c1bd5d22..c722397628 100644 --- a/examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c +++ b/examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c @@ -181,7 +181,7 @@ void start_esp_local_ctrl_service(void) .proto_sec = { .version = 0, .custom_handle = NULL, - .pop = NULL, + .sec_params = NULL, }, .handlers = { /* User defined handler functions */ diff --git a/examples/provisioning/wifi_prov_mgr/main/app_main.c b/examples/provisioning/wifi_prov_mgr/main/app_main.c index 4e3900a431..cc0cdde1a7 100644 --- a/examples/provisioning/wifi_prov_mgr/main/app_main.c +++ b/examples/provisioning/wifi_prov_mgr/main/app_main.c @@ -32,9 +32,9 @@ static const char *TAG = "app"; -const char sec2_salt[4] = {0xc1, 0x85, 0x74, 0xfe}; +static const char sec2_salt[4] = {0xc1, 0x85, 0x74, 0xfe}; -const char sec2_verifier[384] = {0x88, 0x98, 0x2a, 0xd3, 0xb1, 0x8a, 0xf6, 0xe3, 0x00, 0x5d, 0x34, 0x63, 0x56, 0x73, 0x2a, 0x03, +static const char sec2_verifier[384] = {0x88, 0x98, 0x2a, 0xd3, 0xb1, 0x8a, 0xf6, 0xe3, 0x00, 0x5d, 0x34, 0x63, 0x56, 0x73, 0x2a, 0x03, 0x7b, 0x1c, 0xae, 0xe8, 0x2e, 0x59, 0x03, 0x48, 0x68, 0x00, 0xba, 0xa1, 0xb0, 0xff, 0x12, 0xca, 0xa7, 0xc9, 0xff, 0x69, 0xaf, 0x7a, 0x1e, 0x53, 0x98, 0x15, 0x79, 0xd1, 0x11, 0x83, 0x68, 0xf2, 0x8c, 0x7a, 0xcf, 0x8b, 0x1b, 0x25, 0x2e, 0x0c, 0xcb, 0xdc, 0x6a, 0x7c, 0xda, 0x2e, 0x6d, 0x5b, @@ -280,6 +280,8 @@ void app_main(void) * - WIFI_PROV_SECURITY_1 is secure communication which consists of secure handshake * using X25519 key exchange and proof of possession (pop) and AES-CTR * for encryption/decryption of messages. + * - WIFI_PROV_SECURITY_2 SRP6a based authentication and key exchange + * + AES-CTR encryption/decryption of messages */ // wifi_prov_security_t security = WIFI_PROV_SECURITY_1; wifi_prov_security_t security = WIFI_PROV_SECURITY_2; @@ -289,7 +291,20 @@ void app_main(void) * - NULL if not used */ const char *pop = "abcd1234"; + /* This is the structure for passing security parameters + * for the protocomm security 1 + */ + //const wifi_prov_security1_params_t sec1_params = { + // .data = (const unsigned char *)pop, + // .len = strlen(pop), + //}; + static const wifi_prov_security2_params_t sec2_params = { + .salt = sec2_salt, + .salt_len = sizeof(sec2_salt), + .verifier = sec2_verifier, + .verifier_len = sizeof(sec2_verifier), + }; /* What is the service key (could be NULL) * This translates to : * - Wi-Fi password when scheme is wifi_prov_scheme_softap @@ -328,8 +343,9 @@ void app_main(void) */ wifi_prov_mgr_endpoint_create("custom-data"); /* Start provisioning service */ - // ESP_ERROR_CHECK(wifi_prov_mgr_start_provisioning(security, pop, NULL, NULL, service_name, service_key)); - ESP_ERROR_CHECK(wifi_prov_mgr_start_provisioning(security, NULL, sec2_salt, sec2_verifier, service_name, service_key)); + // ESP_ERROR_CHECK(wifi_prov_mgr_start_provisioning(security, pop, service_name, service_key)); + + ESP_ERROR_CHECK(wifi_prov_mgr_start_provisioning(security, (void *) &sec2_params, service_name, service_key)); /* The handler for the optional endpoint created above. * This call must be made after starting the provisioning, and only if the endpoint diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 6357443c7d..cde4ee31eb 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -462,11 +462,9 @@ components/esp_hid/test/test_esp_hid.c components/esp_hw_support/include/esp_clk.h components/esp_hw_support/include/soc/esp_himem.h components/esp_hw_support/include/soc/esp_spiram.h -components/esp_local_ctrl/include/esp_local_ctrl.h components/esp_local_ctrl/proto-c/esp_local_ctrl.pb-c.c components/esp_local_ctrl/proto-c/esp_local_ctrl.pb-c.h components/esp_local_ctrl/python/esp_local_ctrl_pb2.py -components/esp_local_ctrl/src/esp_local_ctrl.c components/esp_local_ctrl/src/esp_local_ctrl_handler.c components/esp_local_ctrl/src/esp_local_ctrl_priv.h components/esp_local_ctrl/src/esp_local_ctrl_transport_ble.c