Add checks to validate client_verify_data pointer and length before
processing in handle_session_command1. Prevents NULL pointer dereference
when client omits verifier data in Session_Command1, which could cause
device crash during provisioning (remote DoS attack).
We would like to thank Pavel Kohout from Aisle Research for reporting
this vulnerability along with a mitigation strategy.
Using same IV in AES-GCM across multiple invocation of
encryption/decryption operations can pose a security risk. It can help
to reveal co-relation between different plaintexts.
This commit introduces a change to use part of IV as a monotonic
counter, which must be incremented after every AES-GCM invocation
on both the client and the device side.
Concept of patch version for a security scheme has been introduced here
which can help to differentiate a protocol behavior for the provisioning
entity. The security patch version will be available in the JSON
response for `proto-ver` endpoint request with the field
`sec_patch_ver`.
Please refer to documentation for more details on the changes required
on the provisioning entity side (e.g., PhoneApps).
Only pull in direct dependencies for the test apps, reducing build time
as well making it possible for CI to determine if the test should run or not
when dependencies are changed.
Using @brief for file description wrongly associates the documentation to an API.
Correct way to add file description is to use `@file` and then `@brief`. Corrected the same.
- Also added missing doc for esp_srp_handle_t
This commit adds a new feature to generate a salt and verifier pair for a given username and
password during the provisioning process. This is useful in scenarios where the pairing pin is
randomly generated and shown via some interface such as a display or console.
- Uses the provided username and password to generate a salt and verifier pair
- Adds support for dev mode where the pin/password can still be read from flash
* All components which won't build (yet) on Linux are excluded.
This enables switching to Linux in an application without
explicitly setting COMPONENTS to main in the main
CMakeLists.txt.
* ESP Timer provides headers for Linux now
* automatically disabling LWIP in Kconfig if it is not available
doc(linux): brought section
"Component Linux/Mock Support Overview" up to date
- `protocomm` depends on a config option `CONFIG_WIFI_PROV_BLE_FORCE_ENCRYPTION`
from `wifi_provisioning`; however, a lower layer component (`protocomm`) should
not have any `#ifdef` guard dependent on an upper layer component (`wifi_provisioning`).
- Added a new `ble_link_encryption` flag in `protocomm_ble_config_t` to manage the same
Closes https://github.com/espressif/esp-idf/issues/9443
Rahul Tank
Mahavir Jain
zhiweijian
Laukik Hase
Marius Vikhammer
Vikram Dattu
Jiang Jiang Jian
darshan
Jin Cheng
Zim Kalinowski
Jakob Hasse
Niklas Kaaf
WanqQixiang
liqigan
Armando
KonstantinKondrashov
isha.pardikar@espressif.com
Alexey Lapshin
Omar Chebib
Cao Sen Miao
Song Ruo Jing
Aditya Patwardhan