esp-idf

alex/esp-idf

Fork 0

mirror of https://github.com/espressif/esp-idf.git synced 2025-08-29 13:45:45 +00:00

Commit Graph

Author	SHA1	Message	Date
Mahavir Jain	3bd5a22f5a	fix(provisioning): fix incorrect AES-GCM IV usage in security2 scheme Using same IV in AES-GCM across multiple invocation of encryption/decryption operations can pose a security risk. It can help to reveal co-relation between different plaintexts. This commit introduces a change to use part of IV as a monotonic counter, which must be incremented after every AES-GCM invocation on both the client and the device side. Concept of patch version for a security scheme has been introduced here which can help to differentiate a protocol behavior for the provisioning entity. The security patch version will be available in the JSON response for `proto-ver` endpoint request with the field `sec_patch_ver`. Please refer to documentation for more details on the changes required on the provisioning entity side (e.g., PhoneApps).	2025-03-07 13:49:10 +05:30
Laukik Hase	9aefcb12f5	esp_prov: Compatibility changes and refactoring - Removed python 2 compatibility - Removed dependencies on redundant external modules - Interactive provisioning input for security scheme 2 - Style changes: Updated print statements to format strings Colored verbose logging Raised exceptions on errors instead of clean exits	2022-06-23 10:52:54 +05:30
Laukik Hase	3235206624	esp_prov: Added provision for SRP6a-based security scheme	2022-06-17 13:16:20 +00:00

Author

SHA1

Message

Date

Mahavir Jain

3bd5a22f5a

fix(provisioning): fix incorrect AES-GCM IV usage in security2 scheme

Using same IV in AES-GCM across multiple invocation of
encryption/decryption operations can pose a security risk. It can help
to reveal co-relation between different plaintexts.

This commit introduces a change to use part of IV as a monotonic
counter, which must be incremented after every AES-GCM invocation
on both the client and the device side.

Concept of patch version for a security scheme has been introduced here
which can help to differentiate a protocol behavior for the provisioning
entity. The security patch version will be available in the JSON
response for `proto-ver` endpoint request with the field
`sec_patch_ver`.

Please refer to documentation for more details on the changes required
on the provisioning entity side (e.g., PhoneApps).

2025-03-07 13:49:10 +05:30

Laukik Hase

9aefcb12f5

esp_prov: Compatibility changes and refactoring

- Removed python 2 compatibility
- Removed dependencies on redundant external modules
- Interactive provisioning input for security scheme 2
- Style changes:
  Updated print statements to format strings
  Colored verbose logging
  Raised exceptions on errors instead of clean exits

2022-06-23 10:52:54 +05:30

Laukik Hase

3235206624

esp_prov: Added provision for SRP6a-based security scheme

2022-06-17 13:16:20 +00:00

3 Commits