espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,677 Commits 24 Branches 183 Tags
04f9e94dea3fb4e56a3dcde51ec107ed7414390a
Commit Graph

113 Commits

Author SHA1 Message Date
Vikram Dattu f5a5db5057 feat(provisioning): Generate Salt and verifier pair for given username and password 
This commit adds a new feature to generate a salt and verifier pair for a given username and
password during the provisioning process. This is useful in scenarios where the pairing pin is
randomly generated and shown via some interface such as a display or console.

- Uses the provided username and password to generate a salt and verifier pair
- Adds support for dev mode where the pin/password can still be read from flash
 2025-04-01 10:56:21 +05:30
Vikram Dattu 6eb74a9f41 refactor(esp_srp): Expose esp_srp.h and add API docs 
- Also added missing `protocomm_security2` reference in `protocomm.rst`
 2025-04-01 10:56:17 +05:30
Aditya Patwardhan 7ff465074f Merge branch 'bugfix/provisioning_sec2_aes_iv_usage_v5.0' into 'release/v5.0' 
fix(provisioning): fix incorrect AES-GCM IV usage in security2 scheme (v5.0)

See merge request espressif/esp-idf!37666
 2025-03-25 13:57:29 +08:00
Laukik Hase 2c0fcb7a1f refactor(protocomm): Make the protocomm proto-c headers public 2025-03-19 16:29:21 +05:30
Mahavir Jain 4909d72f9e feat(protocomm): add (hidden) config option to indicate security patch feature 2025-03-17 13:37:22 +05:30
Mahavir Jain 14bc1b4b07 fix(provisioning): fix incorrect AES-GCM IV usage in security2 scheme 
Using same IV in AES-GCM across multiple invocation of
encryption/decryption operations can pose a security risk. It can help
to reveal co-relation between different plaintexts.

This commit introduces a change to use part of IV as a monotonic
counter, which must be incremented after every AES-GCM invocation
on both the client and the device side.

Concept of patch version for a security scheme has been introduced here
which can help to differentiate a protocol behavior for the provisioning
entity. The security patch version will be available in the JSON
response for `proto-ver` endpoint request with the field
`sec_patch_ver`.

Please refer to documentation for more details on the changes required
on the provisioning entity side (e.g., PhoneApps).
 2025-03-11 10:11:02 +05:30
Mahavir Jain d887709d45 fix(protocomm): memory leak issue for session command0 failure case 2025-03-11 10:09:52 +05:30
Rahul Tank caa4defb73 fix(wifi_prov): Use calloc instead of malloc to zero initialize variable 2024-10-04 11:50:45 +05:30
Rahul Tank 1cd4d3041a fix(wifi_prov): Add support for ESP IP controller chips in bluedroid 2024-08-29 15:07:16 +05:30
Rahul Tank a644f49cf7 fix(wifi_prov): Added API to set random address 2024-07-24 21:00:54 +05:30
isha.pardikar@espressif.com 8aff96d382 wifi_prov_mgr: Fixed memory leak after bluetooth stack was stopping. 2023-04-25 15:48:18 +05:30
isha.pardikar@espressif.com ff004d9ab9 wifi_prov_mgr : Fixed return value of characteristic read operation 2023-03-14 06:50:20 +00:00
Rahul Tank 2b5f1140dd Nimble: Added return value (success / failure ) to nimble_port_init 2023-03-02 09:47:03 +05:30
Mahavir Jain ca7045d904 protocomm: Fix test-app build for esp32c2 & esp32c6 
- AES context has a breaking change, rather than storing
  round keys directly, it stores the offset at which the keys
  are present in the context buffer
 2023-02-19 03:53:02 +00:00
Laukik Hase e60d82463b protocomm: Fix Kconfig dependency on wifi_provisioning component config 
- `protocomm` depends on a config option `CONFIG_WIFI_PROV_BLE_FORCE_ENCRYPTION`
  from `wifi_provisioning`; however, a lower layer component (`protocomm`) should
  not have any `#ifdef` guard dependent on an upper layer component (`wifi_provisioning`).
- Added a new `ble_link_encryption` flag in `protocomm_ble_config_t` to manage the same

Closes https://github.com/espressif/esp-idf/issues/9443
 2023-01-26 12:57:19 +05:30
Laukik Hase 8becd5a856 protocomm: Increase Bluedroid-BLE maximum buffer size 
- For the security2 scheme, the payload size is quite larger
  than that for security1.
 2022-10-27 09:56:10 +05:30
Aditya Patwardhan c740192123 protocomm/esp_srp: Allocate memory for username only when the 
verification is successful
 2022-10-08 10:49:44 +05:30
Aditya Patwardhan b7ec10d461 protocommm/esp_srp: Fix small issues reported by coverity. 2022-10-08 10:49:26 +05:30
Aditya Patwardhan 78b49a4ab6 protocomm: Enable security version 2 by default 2022-10-07 14:14:44 +05:30
Isha Pardikar ba8fc01327 wifi_provisioning : Increased 1 byte of BLE advertising device name to store '\0', at the end, to ensure we adhere to the max name length as per spec. 2022-09-27 16:09:00 +05:30
Aditya Patwardhan 2f99d2e37f wifi_provisioning: Update API documentation to highlight argument validity while providing sec_params argument. 2022-09-05 12:00:55 +05:30
Ivan Grokhotkov 401c10ecfb build system: re-add -Wno-format as private flag for some components 2022-08-03 16:42:47 +04:00
Isha Pardikar 2cfcae8d41 Merge branch 'feature/rainmaker_BT_configurable' into 'master' 
Doc: Made bluetooth configurable after wifi provisioning is completed

See merge request espressif/esp-idf!18014
 2022-07-26 15:21:27 +05:30
Jiang Jiang Jian 92b4e134bb Merge branch 'bugfix/remove_inappropriate_bluetooth_init_api' into 'master' 
Remove unused bluetooth init api

See merge request espressif/esp-idf!18923
 2022-07-21 14:53:44 +08:00
GengYuchao fd055d3ba6 Fix example after removing API esp_nimble_hci_and_controller_init 2022-07-20 11:44:00 +08:00
Mahavir Jain a94c74c26b mbedtls: remove dependency on driver component 
- keep `esp_pm` dependency conditional in mbedtls
- refactor `bt` cmakelist to keep dependencies as private

Related: IDF-1265
 2022-07-18 21:10:51 +05:30
Rahul Tank 0dc0f8ad51 WifiProv: Extended support for configuring if link encryption is needed 
when attempting to read / write characteristic to bluedroid stack
 2022-06-22 10:17:28 +05:30
Aditya Patwardhan 6222d43984 protocomm: Added option to enable/disable supported security versions. 2022-06-17 13:16:20 +00:00
Aditya Patwardhan eb7ff34c89 protocomm: Added SRP6a implementation as the security version 2. 
1) Rename srp component to esp_srp
2) Remove dependency on hkdf sha
3) Restructure protocomm component APIs to make them more flexible for allowing multiple security versions
4) esp_srp: convert API return type from int to esp_err_t
5) esp_srp: Formatting changes
6) Added mbedtls_gcm instead of aes_ctr

Co-authored-by: Laukik hase <laukik.hase@espressif.com>
 2022-06-17 13:16:20 +00:00
Laukik Hase 5169e22277 protocomm: Generated proto-c and python files for SRP6a scheme 
- Added protobuf auto-generated files to pre-commit check
  ignore lists
 2022-06-17 13:16:20 +00:00
Laukik Hase 872f8513fb ci: Re-enable protocomm UTs for ESP32-C2 2022-06-09 09:55:09 +05:30
Michael (XIAO Xufeng) 6a8aed12ee ci: partially enable ut tests for esp32c2 
Disabled test cases are tracked in:

 IDF-4465, IDF-5045, IDF-5057, IDF-5058, IDF-5059, IDF-5060, IDF-5061, IDF-5131

- test_fatfs: IDF-5136

- test_pm: IDF-5053

- test_cache_mmu: IDF-5138

- test_partitions: IDF-5137

- test_vfs: IDF-5139

- test_freertos: IDF-5140

- test_wpa_supplicant: IDF-5046

- test_mbedtls: IDF-5141

- test_pthread: IDF-5142

- test_protocomm: IDF-5143

- test_lightsleep: IDF-5053

- test_taskwdt: IDF-5055

- test_tcp_transport: IDF-5144

- test_app_update: IDF-5145

- test_timer: IDF-5052

- test_spi: IDF-5146

- test_rtc_clk: IDF-5060

- test_heap: IDF-5167

ci: fixed issues for tests of libgcc, ets_timer, newlib

test_pm: support on C2
 2022-06-02 14:23:35 +08:00
Djordje Nedic facab8c5a7 tools: Increase the minimal supported CMake version to 3.16 
This updates the minimal supported version of CMake to 3.16, which in turn enables us to use more CMake features and have a cleaner build system.
This is the version that provides most new features and also the one we use in our latest docker image for CI.
 2022-06-01 06:35:02 +00:00
Laukik Hase a3f5087336 protocomm: Regenerated proto-c and python with protobuf compiler v3.21.0 2022-05-30 09:54:32 +05:30
Marius Vikhammer c8617fe965 docs: fix all doxygen warnings 
Doxygen warnings would previously not result in a failed pipeline.
Fixed this as well as all current warnings.
 2022-05-12 14:50:03 +08:00
Harshit Malpani 2c56c6cad8 Updated coding style and added error logs 2022-05-11 08:58:01 +00:00
Nathan Phillips e8e63a06e8 Don't ignore return value of httpd_stop 2022-05-11 08:58:01 +00:00
lorenzo.consolaro 87cc13f369 Fix iOS advertisement response and simplify 2022-05-05 14:57:25 +05:30
Isha Pardikar e751cbe6c0 Merge branch 'bugfix/wifi_prov_mgr_conn_issue' into 'master' 
NimBLE: Fixed device disconnection issue of wifi prov mgr

Closes IDF-4655

See merge request espressif/esp-idf!17236
 2022-03-24 15:35:49 +05:30
Mahavir Jain 3b0cb10b9d protocomm: fix copyright header 2022-03-11 09:17:20 +05:30
lorenzo.consolaro c000673540 protocomm: Fix debug print on encrypting failure 
Closes https://github.com/espressif/esp-idf/pull/8526
 2022-03-11 09:15:53 +05:30
Sudeep Mohanty a9fda54d39 esp_hw_support/esp_system: Re-evaluate header inclusions and include directories 
This commit updates the visibility of various header files and cleans up
some unnecessary inclusions. Also, this commit removes certain header
include paths which were maintained for backward compatibility.
 2022-03-07 11:18:08 +05:30
Aditya Patwardhan 4582af75b8 mbedtls: Update licenses of files updated in mbedtls-3.1 update 2022-03-04 05:18:58 +00:00
Laukik Hase 0868513ddd ci: Fix unit test failures 
- protocomm: Fix leakage due to ECDH context not being
             initialised and freed properly
- mbedtls (RSA): Added mandatory RNG parameter wherever required
                 Disabled `test performance RSA key operations` UT
- mbedtls (AES_GCM): Added mbedtls_gcm_update_ad() wherever required
                     for updating associated data
- unit_test_app: Fix build issue when heap tracing is enabled
 2022-03-03 01:37:10 +05:30
Aditya Patwardhan 8111286668 Add entropy_poll.h in port directory 2022-03-03 01:37:10 +05:30
Aditya Patwardhan 66a9243d3b mbedtls 3.X update: 
*MBEDTLS_ECDH_LEGACY_CONTEXT is now disabled by default.
*Fixed MBEDTLS_ECDH_LEGACY_CONTEXT issue for protocomm component.
*Removed all code under MBEDTLS_DEPRECATED_REMOVED
 2022-03-03 01:37:10 +05:30
Aditya Patwardhan 60b167f2d6 mbedtls-3.1 update: Removed the MBEDTLS_PRIVATE from multiple files 
after they have been again made public in mbedtls-3.1

*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
 2022-03-03 01:37:10 +05:30
Aditya Patwardhan 3b71bd7326 mbedtls-3.0: Fixed ESP32 build issues 
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
 2022-03-03 01:37:10 +05:30
Aditya Patwardhan 45122533e0 mbedtls-3 update: 
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
 2022-03-03 01:37:10 +05:30
Aditya Patwardhan 0483bfbbfe Initial Changes for updating mbedtls to v3.0 2022-03-03 01:37:09 +05:30