mirror of
https://github.com/espressif/esp-idf.git
synced 2026-04-27 19:13:21 +00:00
Merge branch 'bugfix/esp_local_ctrl_arg_check_v6.0' into 'release/v6.0'
fix(esp_local_ctrl): validate payload_case matches msg_type in command dispatcher (v6.0) See merge request espressif/esp-idf!45924
This commit is contained in:
Mahavir Jain
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2019-2026 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@@ -25,6 +25,7 @@ static const char* TAG = "esp_local_ctrl_handler";
|
|||||||
|
|
||||||
typedef struct esp_local_ctrl_cmd {
|
typedef struct esp_local_ctrl_cmd {
|
||||||
int cmd_num;
|
int cmd_num;
|
||||||
|
int expected_payload_case;
|
||||||
esp_err_t (*command_handler)(LocalCtrlMessage *req,
|
esp_err_t (*command_handler)(LocalCtrlMessage *req,
|
||||||
LocalCtrlMessage *resp, void **ctx);
|
LocalCtrlMessage *resp, void **ctx);
|
||||||
} esp_local_ctrl_cmd_t;
|
} esp_local_ctrl_cmd_t;
|
||||||
@@ -41,14 +42,17 @@ static esp_err_t cmd_set_prop_vals_handler(LocalCtrlMessage *req,
|
|||||||
static esp_local_ctrl_cmd_t cmd_table[] = {
|
static esp_local_ctrl_cmd_t cmd_table[] = {
|
||||||
{
|
{
|
||||||
.cmd_num = LOCAL_CTRL_MSG_TYPE__TypeCmdGetPropertyCount,
|
.cmd_num = LOCAL_CTRL_MSG_TYPE__TypeCmdGetPropertyCount,
|
||||||
|
.expected_payload_case = LOCAL_CTRL_MESSAGE__PAYLOAD_CMD_GET_PROP_COUNT,
|
||||||
.command_handler = cmd_get_prop_count_handler
|
.command_handler = cmd_get_prop_count_handler
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.cmd_num = LOCAL_CTRL_MSG_TYPE__TypeCmdGetPropertyValues,
|
.cmd_num = LOCAL_CTRL_MSG_TYPE__TypeCmdGetPropertyValues,
|
||||||
|
.expected_payload_case = LOCAL_CTRL_MESSAGE__PAYLOAD_CMD_GET_PROP_VALS,
|
||||||
.command_handler = cmd_get_prop_vals_handler
|
.command_handler = cmd_get_prop_vals_handler
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.cmd_num = LOCAL_CTRL_MSG_TYPE__TypeCmdSetPropertyValues,
|
.cmd_num = LOCAL_CTRL_MSG_TYPE__TypeCmdSetPropertyValues,
|
||||||
|
.expected_payload_case = LOCAL_CTRL_MESSAGE__PAYLOAD_CMD_SET_PROP_VALS,
|
||||||
.command_handler = cmd_set_prop_vals_handler
|
.command_handler = cmd_set_prop_vals_handler
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
@@ -238,6 +242,12 @@ static esp_err_t esp_local_ctrl_command_dispatcher(LocalCtrlMessage *req,
|
|||||||
return ESP_ERR_INVALID_ARG;
|
return ESP_ERR_INVALID_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (req->payload_case != cmd_table[cmd_index].expected_payload_case) {
|
||||||
|
ESP_LOGE(TAG, "Payload type mismatch: msg_type %d expects payload %d, got %d",
|
||||||
|
req->msg, cmd_table[cmd_index].expected_payload_case, req->payload_case);
|
||||||
|
return ESP_ERR_INVALID_ARG;
|
||||||
|
}
|
||||||
|
|
||||||
esp_err_t ret = cmd_table[cmd_index].command_handler(req, resp, ctx);
|
esp_err_t ret = cmd_table[cmd_index].command_handler(req, resp, ctx);
|
||||||
if (ret != ESP_OK) {
|
if (ret != ESP_OK) {
|
||||||
ESP_LOGE(TAG, "Error executing command handler");
|
ESP_LOGE(TAG, "Error executing command handler");
|
||||||
|
|||||||
@@ -5,6 +5,8 @@ menu "Protocomm"
|
|||||||
default n
|
default n
|
||||||
help
|
help
|
||||||
Enable support of security version 0.
|
Enable support of security version 0.
|
||||||
|
This version provides no encryption or authentication and should
|
||||||
|
not be used in production. Use only for development and testing.
|
||||||
Disabling this option saves some code size.
|
Disabling this option saves some code size.
|
||||||
Consult the Enabling protocomm security version section of the
|
Consult the Enabling protocomm security version section of the
|
||||||
Protocomm documentation in ESP-IDF Programming guide for more details.
|
Protocomm documentation in ESP-IDF Programming guide for more details.
|
||||||
@@ -14,6 +16,8 @@ menu "Protocomm"
|
|||||||
default n
|
default n
|
||||||
help
|
help
|
||||||
Enable support of security version 1.
|
Enable support of security version 1.
|
||||||
|
Security version 2 (SRP6a + AES-GCM) is recommended over this
|
||||||
|
version for new designs.
|
||||||
Disabling this option saves some code size.
|
Disabling this option saves some code size.
|
||||||
Consult the Enabling protocomm security version section of the
|
Consult the Enabling protocomm security version section of the
|
||||||
Protocomm documentation in ESP-IDF Programming guide for more details.
|
Protocomm documentation in ESP-IDF Programming guide for more details.
|
||||||
|
|||||||
@@ -97,6 +97,9 @@ You may set security for transport in ESP local control using following options:
|
|||||||
3. ``PROTOCOM_SEC0``: specifies that data will be exchanged as a plain text (no security).
|
3. ``PROTOCOM_SEC0``: specifies that data will be exchanged as a plain text (no security).
|
||||||
4. ``PROTOCOM_SEC_CUSTOM``: you can define your own security requirement. Please note that you will also have to provide ``custom_handle`` of type ``protocomm_security_t *`` in this context.
|
4. ``PROTOCOM_SEC_CUSTOM``: you can define your own security requirement. Please note that you will also have to provide ``custom_handle`` of type ``protocomm_security_t *`` in this context.
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
It is strongly recommended to use ``PROTOCOM_SEC2`` for production deployments. ``PROTOCOM_SEC0`` provides no encryption or authentication, leaving device properties exposed to any client on the local network. ``PROTOCOM_SEC1`` provides weaker security compared to ``PROTOCOM_SEC2`` and its use is discouraged for new designs.
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
The respective security schemes need to be enabled through the project configuration menu. Please refer to the Enabling protocom security version section in :doc:`Protocol Communication </api-reference/provisioning/protocomm>` for more details.
|
The respective security schemes need to be enabled through the project configuration menu. Please refer to the Enabling protocom security version section in :doc:`Protocol Communication </api-reference/provisioning/protocomm>` for more details.
|
||||||
|
|
||||||
|
|||||||
@@ -49,6 +49,9 @@ The protocomm component provides a project configuration menu to enable/disable
|
|||||||
|
|
||||||
Enabling multiple security versions at once offers the ability to control them dynamically but also increases the firmware size.
|
Enabling multiple security versions at once offers the ability to control them dynamically but also increases the firmware size.
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
``protocomm_security0`` provides no encryption or authentication and should not be used in production. ``protocomm_security2`` (SRP6a + AES-GCM) is the recommended security version for all production use cases.
|
||||||
|
|
||||||
.. only:: SOC_WIFI_SUPPORTED
|
.. only:: SOC_WIFI_SUPPORTED
|
||||||
|
|
||||||
SoftAP + HTTP Transport Example with Security 2
|
SoftAP + HTTP Transport Example with Security 2
|
||||||
|
|||||||
@@ -97,6 +97,9 @@ ESP 本地控制
|
|||||||
3. ``PROTOCOM_SEC0``: 指定以明文(无安全性)方式交换数据。
|
3. ``PROTOCOM_SEC0``: 指定以明文(无安全性)方式交换数据。
|
||||||
4. ``PROTOCOM_SEC_CUSTOM``: 自定义安全需求。注意,使用这一选项时,必须提供 ``protocomm_security_t *`` 类型的 ``custom_handle``。
|
4. ``PROTOCOM_SEC_CUSTOM``: 自定义安全需求。注意,使用这一选项时,必须提供 ``protocomm_security_t *`` 类型的 ``custom_handle``。
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
强烈建议在生产部署中使用 ``PROTOCOM_SEC2``。``PROTOCOM_SEC0`` 不提供加密或身份验证,本地网络上的任何客户端都可以访问设备属性。``PROTOCOM_SEC1`` 的安全性弱于 ``PROTOCOM_SEC2``,不建议在新设计中使用。
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
相应的安全方案需通过项目配置菜单启用。要了解详情,请参考 :doc:`Protocol Communication </api-reference/provisioning/protocomm>` 中关于启用 protocomm 安全版本的章节。
|
相应的安全方案需通过项目配置菜单启用。要了解详情,请参考 :doc:`Protocol Communication </api-reference/provisioning/protocomm>` 中关于启用 protocomm 安全版本的章节。
|
||||||
|
|
||||||
|
|||||||
@@ -49,6 +49,9 @@ Protocomm 为以下各种传输提供框架:
|
|||||||
|
|
||||||
启用多个安全版本后可以动态控制安全版本,但也会增加固件大小。
|
启用多个安全版本后可以动态控制安全版本,但也会增加固件大小。
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
``protocomm_security0`` 不提供加密或身份验证,不应在生产环境中使用。建议在所有生产场景中使用 ``protocomm_security2`` (SRP6a + AES-GCM)。
|
||||||
|
|
||||||
.. only:: SOC_WIFI_SUPPORTED
|
.. only:: SOC_WIFI_SUPPORTED
|
||||||
|
|
||||||
使用 Security 2 的 SoftAP + HTTP 传输方案示例
|
使用 Security 2 的 SoftAP + HTTP 传输方案示例
|
||||||
|
|||||||
@@ -27,14 +27,23 @@ menu "Example Configuration"
|
|||||||
config EXAMPLE_PROTOCOMM_SECURITY_VERSION_0
|
config EXAMPLE_PROTOCOMM_SECURITY_VERSION_0
|
||||||
bool "Security Version 0"
|
bool "Security Version 0"
|
||||||
select ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
|
select ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
|
||||||
|
help
|
||||||
|
No security. Data is exchanged as plain text.
|
||||||
|
This mode is not recommended for production use.
|
||||||
|
|
||||||
config EXAMPLE_PROTOCOMM_SECURITY_VERSION_1
|
config EXAMPLE_PROTOCOMM_SECURITY_VERSION_1
|
||||||
bool "Security version 1"
|
bool "Security version 1"
|
||||||
select ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
|
select ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
|
||||||
|
help
|
||||||
|
Curve25519 key exchange + AES-CTR encryption.
|
||||||
|
Security version 2 is recommended over this for new designs.
|
||||||
|
|
||||||
config EXAMPLE_PROTOCOMM_SECURITY_VERSION_2
|
config EXAMPLE_PROTOCOMM_SECURITY_VERSION_2
|
||||||
bool "Security version 2"
|
bool "Security version 2"
|
||||||
select ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
|
select ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
|
||||||
|
help
|
||||||
|
SRP6a-based key exchange + AES-GCM encryption. Preferred security
|
||||||
|
version for new designs.
|
||||||
endchoice
|
endchoice
|
||||||
|
|
||||||
choice EXAMPLE_PROTOCOMM_SEC2_MODE
|
choice EXAMPLE_PROTOCOMM_SEC2_MODE
|
||||||
|
|||||||
Reference in New Issue
Block a user