Add checks to validate client_verify_data pointer and length before
processing in handle_session_command1. Prevents NULL pointer dereference
when client omits verifier data in Session_Command1, which could cause
device crash during provisioning (remote DoS attack).
We would like to thank Pavel Kohout from Aisle Research for reporting
this vulnerability along with a mitigation strategy.
Using same IV in AES-GCM across multiple invocation of
encryption/decryption operations can pose a security risk. It can help
to reveal co-relation between different plaintexts.
This commit introduces a change to use part of IV as a monotonic
counter, which must be incremented after every AES-GCM invocation
on both the client and the device side.
Concept of patch version for a security scheme has been introduced here
which can help to differentiate a protocol behavior for the provisioning
entity. The security patch version will be available in the JSON
response for `proto-ver` endpoint request with the field
`sec_patch_ver`.
Please refer to documentation for more details on the changes required
on the provisioning entity side (e.g., PhoneApps).
fix(nt/bluedroid): Split the device name set functions
feat(bt/bluedroid): added APIs to get/set device name on BT GAP side
change(bt/common): Marked some APIs in device module as deprecated
1. esp_bt_dev_set_device_name
2. esp_bt_dev_get_device_name
change(bt/bluedroid): use BT GAP APIs to set/get device name in bluetooth classic examples
change(bt/bluedroid): use BT/BLE GAP APIs to set/get device name in coexist examples
This commit adds a new feature to generate a salt and verifier pair for a given username and
password during the provisioning process. This is useful in scenarios where the pairing pin is
randomly generated and shown via some interface such as a display or console.
- Uses the provided username and password to generate a salt and verifier pair
- Adds support for dev mode where the pin/password can still be read from flash
- `protocomm` depends on a config option `CONFIG_WIFI_PROV_BLE_FORCE_ENCRYPTION`
from `wifi_provisioning`; however, a lower layer component (`protocomm`) should
not have any `#ifdef` guard dependent on an upper layer component (`wifi_provisioning`).
- Added a new `ble_link_encryption` flag in `protocomm_ble_config_t` to manage the same
Closes https://github.com/espressif/esp-idf/issues/9443
1) Rename srp component to esp_srp
2) Remove dependency on hkdf sha
3) Restructure protocomm component APIs to make them more flexible for allowing multiple security versions
4) esp_srp: convert API return type from int to esp_err_t
5) esp_srp: Formatting changes
6) Added mbedtls_gcm instead of aes_ctr
Co-authored-by: Laukik hase <laukik.hase@espressif.com>
This commit updates the visibility of various header files and cleans up
some unnecessary inclusions. Also, this commit removes certain header
include paths which were maintained for backward compatibility.
