wifi_provisioning: Update the APIs with reference to the new APIs from protocomm

esp_local_ctrl: Update the code with reference to new changes in protocomm component

components/esp_local_ctrl/include/esp_local_ctrl.h

@@ -1,16 +1,8 @@
-// Copyright 2019 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #pragma once
 
@@ -234,9 +226,13 @@ typedef union {
 typedef enum esp_local_ctrl_proto_sec {
     PROTOCOM_SEC0 = 0,
     PROTOCOM_SEC1,
+    PROTOCOM_SEC2,
     PROTOCOM_SEC_CUSTOM,
 } esp_local_ctrl_proto_sec_t;
 
+typedef protocomm_security1_params_t esp_local_ctrl_security1_params_t;
+typedef protocomm_security2_params_t esp_local_ctrl_security2_params_t;
+
 /**
  * Protocom security configs
  */
@@ -253,10 +249,22 @@ typedef struct esp_local_ctrl_proto_sec_cfg {
      */
     void *custom_handle;
 
-    /**
-     * Proof of possession to be used for local control. Could be NULL.
-     */
-    void *pop;
+    /* Anonymous union */
+    union {
+        /**
+         * Proof of possession to be used for local control. Could be NULL.
+         */
+        const void *pop __attribute__((deprecated("use sec_params field instead")));
+
+        /**
+         * Pointer to security params (NULL if not needed).
+         * This is not needed for protocomm security 0
+         * This pointer should hold the struct of type
+         * esp_local_ctrl_security1_params_t for protocomm security 1
+         * and esp_local_ctrl_security2_params_t for protocomm security 2 respectively. Could be NULL.
+         */
+        const void *sec_params;
+    };
 } esp_local_ctrl_proto_sec_cfg_t;
 
 /**

components/esp_local_ctrl/src/esp_local_ctrl.c

@@ -1,16 +1,8 @@
-// Copyright 2019 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #include <stdio.h>
 #include <string.h>
@@ -20,6 +12,7 @@
 #include <protocomm.h>
 #include <protocomm_security0.h>
 #include <protocomm_security1.h>
+#include <protocomm_security2.h>
 
 #include <esp_local_ctrl.h>
 #include "esp_local_ctrl_priv.h"
@@ -158,13 +151,16 @@ esp_err_t esp_local_ctrl_start(const esp_local_ctrl_config_t *config)
         case PROTOCOM_SEC1:
             proto_sec_handle = (protocomm_security_t *) &protocomm_security1;
             break;
+        case PROTOCOM_SEC2:
+            proto_sec_handle = (protocomm_security_t *) &protocomm_security2;
+            break;
         case PROTOCOM_SEC0:
         default:
             proto_sec_handle = (protocomm_security_t *) &protocomm_security0;
             break;
     }
     ret = protocomm_set_security(local_ctrl_inst_ctx->pc, "esp_local_ctrl/session",
-                                 proto_sec_handle, local_ctrl_inst_ctx->config.proto_sec.pop, NULL);
+                                 proto_sec_handle, local_ctrl_inst_ctx->config.proto_sec.sec_params);
     if (ret != ESP_OK) {
         ESP_LOGE(TAG, "Failed to set session endpoint");
         esp_local_ctrl_stop();

components/wifi_provisioning/include/wifi_provisioning/manager.h

@@ -201,9 +201,17 @@ typedef enum wifi_prov_security {
      */
     WIFI_PROV_SECURITY_1,
 
+    /**
+     * This secure communication mode consists of
+     *  SRP6a based authentication and key exchange
+     *  + AES-GCM encryption/decryption
+     */
     WIFI_PROV_SECURITY_2
 } wifi_prov_security_t;
 
+typedef protocomm_security1_params_t wifi_prov_security1_params_t;
+typedef protocomm_security2_params_t wifi_prov_security2_params_t;
+
 /**
  * @brief   Initialize provisioning manager instance
  *
@@ -285,9 +293,14 @@ esp_err_t wifi_prov_mgr_is_provisioned(bool *provisioned);
  *                              - WIFI_PROV_SECURITY_0 : For no security
  *                              - WIFI_PROV_SECURITY_1 : x25519 secure handshake for session
  *                                establishment followed by AES-CTR encryption of provisioning messages
- * @param[in] pop           Pointer to proof of possession string (NULL if not needed). This
- *                          is relevant only for protocomm security 1, in which case it is used
- *                          for authenticating secure session
+ *                              - WIFI_PROV_SECURITY_2:  SRP6a based authentication and key exchange
+ *                                followed by AES-GCM encryption/decryption of provisioning messages
+ * @param[in] wifi_prov_sec_params
+ *                          Pointer to security params (NULL if not needed).
+ *                          This is not needed for protocomm security 0
+ *                          This pointer should hold the struct of type
+ *                          wifi_prov_security1_params_t for protocomm security 1
+ *                          and wifi_prov_security2_params_t for protocomm security 2 respectively.
  * @param[in] service_name  Unique name of the service. This translates to:
  *                              - Wi-Fi SSID when provisioning mode is softAP
  *                              - Device name when provisioning mode is BLE
@@ -301,8 +314,7 @@ esp_err_t wifi_prov_mgr_is_provisioned(bool *provisioned);
  *  - ESP_FAIL    : Failed to start provisioning service
  *  - ESP_ERR_INVALID_STATE : Provisioning manager not initialized or already started
  */
-esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const char *pop, const char *salt,
-                                           const char *verifier, const char *service_name, const char *service_key);
+esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const void *wifi_prov_sec_params, const char *service_name, const char *service_key);
 
 /**
  * @brief   Stop provisioning service

components/wifi_provisioning/src/manager.c

@@ -91,11 +91,8 @@ struct wifi_prov_mgr_ctx {
     /* Type of security to use with protocomm */
     int security;
 
-    /* Pointer to proof of possession */
-    protocomm_security_pop_t pop;
-
-    /* Pointer to salt and verifier */
-    protocomm_security_sv_t sv;
+    /* Pointer to security params */
+    const void* protocomm_sec_params;
 
     /* Handle for Provisioning Auto Stop timer */
     esp_timer_handle_t autostop_timer;
@@ -311,13 +308,13 @@ static esp_err_t wifi_prov_mgr_start_service(const char *service_name, const cha
     /* Set protocomm security type for endpoint */
     if (prov_ctx->security == 0) {
         ret = protocomm_set_security(prov_ctx->pc, "prov-session",
-                                     &protocomm_security0, NULL, NULL);
+                                     &protocomm_security0, NULL);
     } else if (prov_ctx->security == 1) {
         ret = protocomm_set_security(prov_ctx->pc, "prov-session",
-                                     &protocomm_security1, &prov_ctx->pop, NULL);
+                                     &protocomm_security1, prov_ctx->protocomm_sec_params);
     } else if (prov_ctx->security == 2) {
         ret = protocomm_set_security(prov_ctx->pc, "prov-session",
-                                     &protocomm_security2, NULL, &prov_ctx->sv);
+                                     &protocomm_security2, prov_ctx->protocomm_sec_params);
     } else {
         ESP_LOGE(TAG, "Unsupported protocomm security version %d", prov_ctx->security);
         ret = ESP_ERR_INVALID_ARG;
@@ -587,9 +584,8 @@ static bool wifi_prov_mgr_stop_service(bool blocking)
     prov_ctx->prov_state = WIFI_PROV_STATE_STOPPING;
 
     /* Free proof of possession */
-    if (prov_ctx->pop.data) {
-        free((void *)prov_ctx->pop.data);
-        prov_ctx->pop.data = NULL;
+    if (prov_ctx->protocomm_sec_params) {
+        prov_ctx->protocomm_sec_params = NULL;
     }
 
     /* Delete all scan results */
@@ -1392,8 +1388,8 @@ void wifi_prov_mgr_deinit(void)
     vSemaphoreDelete(prov_ctx_lock);
 }
 
-esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const char *pop, const char *salt,
-                                           const char *verifier, const char *service_name, const char *service_key)
+esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const void *wifi_prov_sec_params,
+                                           const char *service_name, const char *service_key)
 {
     uint8_t restore_wifi_flag = 0;
 
@@ -1470,35 +1466,14 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const
     if (security == WIFI_PROV_SECURITY_0) {
         prov_ctx->mgr_info.capabilities.no_sec = true;
     } else if (security == WIFI_PROV_SECURITY_1) {
-        if (pop) {
-            prov_ctx->pop.len = strlen(pop);
-            prov_ctx->pop.data = malloc(prov_ctx->pop.len);
-            if (!prov_ctx->pop.data) {
-                ESP_LOGE(TAG, "Unable to allocate PoP data");
-                ret = ESP_ERR_NO_MEM;
-                goto err;
-            }
-            memcpy((void *)prov_ctx->pop.data, pop, prov_ctx->pop.len);
+        if (wifi_prov_sec_params) {
+            prov_ctx->protocomm_sec_params = wifi_prov_sec_params;
         } else {
             prov_ctx->mgr_info.capabilities.no_pop = true;
         }
     } else if (security == WIFI_PROV_SECURITY_2) {
-        if (salt != NULL && verifier != NULL) {
-            prov_ctx->sv.salt_len = 4;
-            prov_ctx->sv.verifier_len = 384;
-            prov_ctx->sv.salt = malloc(prov_ctx->sv.salt_len);
-            prov_ctx->sv.verifier = malloc(prov_ctx->sv.verifier_len);
-            if (!prov_ctx->sv.salt || !prov_ctx->sv.salt) {
-                ESP_LOGE(TAG, "Unable to allocate salt-verifier data");
-                ret = ESP_ERR_NO_MEM;
-                goto err;
-            }
-            memcpy((void *)prov_ctx->sv.salt, salt, prov_ctx->sv.salt_len);
-            memcpy((void *)prov_ctx->sv.verifier, verifier, prov_ctx->sv.verifier_len);
-        } else {
-            ESP_LOGE(TAG, "Salt and verifier cannot be NULL!");
-            ret = ESP_ERR_INVALID_ARG;
-            goto err;
+        if (wifi_prov_sec_params) {
+            prov_ctx->protocomm_sec_params = wifi_prov_sec_params;
         }
     }
     prov_ctx->security = security;
@@ -1513,7 +1488,6 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const
     ret = esp_timer_create(&wifi_connect_timer_conf, &prov_ctx->wifi_connect_timer);
     if (ret != ESP_OK) {
         ESP_LOGE(TAG, "Failed to create Wi-Fi connect timer");
-        free((void *)prov_ctx->pop.data);
         goto err;
     }
 
@@ -1530,7 +1504,6 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const
         if (ret != ESP_OK) {
             ESP_LOGE(TAG, "Failed to create auto-stop timer");
             esp_timer_delete(prov_ctx->wifi_connect_timer);
-            free((void *)prov_ctx->pop.data);
             goto err;
         }
     }
@@ -1546,7 +1519,6 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const
     if (ret != ESP_OK) {
         esp_timer_delete(prov_ctx->autostop_timer);
         esp_timer_delete(prov_ctx->wifi_connect_timer);
-        free((void *)prov_ctx->pop.data);
     }
     ACQUIRE_LOCK(prov_ctx_lock);
     if (ret == ESP_OK) {

examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c

@@ -181,7 +181,7 @@ void start_esp_local_ctrl_service(void)
         .proto_sec = {
             .version = 0,
             .custom_handle = NULL,
-            .pop = NULL,
+            .sec_params = NULL,
         },
         .handlers = {
             /* User defined handler functions */

examples/provisioning/wifi_prov_mgr/main/app_main.c

@@ -32,9 +32,9 @@
 
 static const char *TAG = "app";
 
-const char sec2_salt[4] = {0xc1, 0x85, 0x74, 0xfe};
+static const char sec2_salt[4] = {0xc1, 0x85, 0x74, 0xfe};
 
-const char sec2_verifier[384] = {0x88, 0x98, 0x2a, 0xd3, 0xb1, 0x8a, 0xf6, 0xe3, 0x00, 0x5d, 0x34, 0x63, 0x56, 0x73, 0x2a, 0x03,
+static const char sec2_verifier[384] = {0x88, 0x98, 0x2a, 0xd3, 0xb1, 0x8a, 0xf6, 0xe3, 0x00, 0x5d, 0x34, 0x63, 0x56, 0x73, 0x2a, 0x03,
                                  0x7b, 0x1c, 0xae, 0xe8, 0x2e, 0x59, 0x03, 0x48, 0x68, 0x00, 0xba, 0xa1, 0xb0, 0xff, 0x12, 0xca,
                                  0xa7, 0xc9, 0xff, 0x69, 0xaf, 0x7a, 0x1e, 0x53, 0x98, 0x15, 0x79, 0xd1, 0x11, 0x83, 0x68, 0xf2,
                                  0x8c, 0x7a, 0xcf, 0x8b, 0x1b, 0x25, 0x2e, 0x0c, 0xcb, 0xdc, 0x6a, 0x7c, 0xda, 0x2e, 0x6d, 0x5b,
@@ -280,6 +280,8 @@ void app_main(void)
          *      - WIFI_PROV_SECURITY_1 is secure communication which consists of secure handshake
          *          using X25519 key exchange and proof of possession (pop) and AES-CTR
          *          for encryption/decryption of messages.
+         *      - WIFI_PROV_SECURITY_2 SRP6a based authentication and key exchange
+         *        + AES-CTR encryption/decryption of messages
          */
         // wifi_prov_security_t security = WIFI_PROV_SECURITY_1;
         wifi_prov_security_t security = WIFI_PROV_SECURITY_2;
@@ -289,7 +291,20 @@ void app_main(void)
          *      - NULL if not used
          */
         const char *pop = "abcd1234";
-
+        /* This is the structure for passing security parameters
+         * for the protocomm security 1
+         */
+        //const wifi_prov_security1_params_t sec1_params = {
+        //    .data = (const unsigned char *)pop,
+        //    .len = strlen(pop),
+        //};
+
+        static const wifi_prov_security2_params_t sec2_params = {
+            .salt = sec2_salt,
+            .salt_len = sizeof(sec2_salt),
+            .verifier = sec2_verifier,
+            .verifier_len = sizeof(sec2_verifier),
+        };
         /* What is the service key (could be NULL)
          * This translates to :
          *     - Wi-Fi password when scheme is wifi_prov_scheme_softap
@@ -328,8 +343,9 @@ void app_main(void)
          */
         wifi_prov_mgr_endpoint_create("custom-data");
         /* Start provisioning service */
-        // ESP_ERROR_CHECK(wifi_prov_mgr_start_provisioning(security, pop, NULL, NULL, service_name, service_key));
-        ESP_ERROR_CHECK(wifi_prov_mgr_start_provisioning(security, NULL, sec2_salt, sec2_verifier, service_name, service_key));
+        // ESP_ERROR_CHECK(wifi_prov_mgr_start_provisioning(security, pop, service_name, service_key));
+
+        ESP_ERROR_CHECK(wifi_prov_mgr_start_provisioning(security, (void *) &sec2_params, service_name, service_key));
 
         /* The handler for the optional endpoint created above.
          * This call must be made after starting the provisioning, and only if the endpoint

tools/ci/check_copyright_ignore.txt

@@ -462,11 +462,9 @@ components/esp_hid/test/test_esp_hid.c
 components/esp_hw_support/include/esp_clk.h
 components/esp_hw_support/include/soc/esp_himem.h
 components/esp_hw_support/include/soc/esp_spiram.h
-components/esp_local_ctrl/include/esp_local_ctrl.h
 components/esp_local_ctrl/proto-c/esp_local_ctrl.pb-c.c
 components/esp_local_ctrl/proto-c/esp_local_ctrl.pb-c.h
 components/esp_local_ctrl/python/esp_local_ctrl_pb2.py
-components/esp_local_ctrl/src/esp_local_ctrl.c
 components/esp_local_ctrl/src/esp_local_ctrl_handler.c
 components/esp_local_ctrl/src/esp_local_ctrl_priv.h
 components/esp_local_ctrl/src/esp_local_ctrl_transport_ble.c