Merge branch 'support/5wrong_attempts_prov_stop' into 'master'

Add support for closing provisioning window after 5 retries

See merge request app-frameworks/esp-rainmaker!426

CHANGES.md

@@ -1,5 +1,8 @@
 # Changes
 
+## 27-Feb-2024: Add support for closing provisioning window after PoP mismatch
+ - For ESP IDF v5.1.3 and later, provisioning will be stopped if there are 5 attempts to establish secure session with wrong PoP. This count can be set to any value between 0 and 20. 0 means that provisioning will not be stopped (which will be same as the earlier behaviour before this change).
+
 ## 21-Nov-2022 (esp_rmaker_mqtt: Add MQTT budgeting to control the number of messages sent)
 
 - Due to some poor, non-optimised coding or bugs, it is possible that the node keeps bombarding the MQTT

components/esp_schedule/idf_component.yml

@@ -1,5 +1,5 @@
 ## IDF Component Manager Manifest File
-version: "1.1.0"
+version: "1.1.1"
 description: ESP Schedules, used in RainMaker
 url: https://github.com/espressif/esp-rainmaker/tree/master/components/esp_schedule
 repository: https://github.com/espressif/esp-rainmaker.git

examples/common/app_wifi/Kconfig.projbuild

@@ -6,6 +6,17 @@ menu "ESP RainMaker App Wi-Fi Provisioning"
         help
             Show the QR code for provisioning.
 
+    config APP_WIFI_PROV_MAX_POP_MISMATCH
+        int
+        default 5
+        range 0 20
+        prompt "Max wrong pop attempts allowed"
+        help
+            Set the maximum wrong pop attempts allowed before stopping provisioning.
+            Set 0 for the feature to be disabled.
+            This safeguards the device from brute-force attempt by limiting the wrong pop allowed.
+            Needs IDF version >= 5.1.3
+
     choice APP_WIFI_PROV_TRANSPORT
         bool "Provisioning Transport method"
         default APP_WIFI_PROV_TRANSPORT_BLE

examples/common/app_wifi/app_wifi.c

@@ -59,6 +59,13 @@ static esp_timer_handle_t prov_stop_timer;
 #define APP_WIFI_PROV_TIMEOUT_PERIOD   CONFIG_APP_WIFI_PROV_TIMEOUT_PERIOD
 /* Autofetch period in micro-seconds */
 static uint64_t prov_timeout_period = (APP_WIFI_PROV_TIMEOUT_PERIOD * 60 * 1000000LL);
+
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 1, 3)
+#define APP_PROV_STOP_ON_CREDS_MISMATCH
+#elif (CONFIG_APP_WIFI_PROV_MAX_RETRY_CNT > 0)
+#warning "Provisioning window stop on max credentials failures, needs IDF version >= 5.1.3"
+#endif
+
 #ifdef CONFIG_APP_WIFI_SHOW_DEMO_INTRO_TEXT
 
 #define ESP_RAINMAKER_GITHUB_EXAMPLES_PATH  "https://github.com/espressif/esp-rainmaker/blob/master/examples"
@@ -155,6 +162,11 @@ static void event_handler(void* arg, esp_event_base_t event_base,
 #ifdef CONFIG_APP_WIFI_RESET_PROV_ON_FAILURE
     static int retries = 0;
 #endif
+
+#ifdef APP_PROV_STOP_ON_CREDS_MISMATCH
+    static int failed_cnt = 0;
+#endif
+
     if (event_base == WIFI_PROV_EVENT) {
         switch (event_id) {
             case WIFI_PROV_START:
@@ -207,6 +219,28 @@ static void event_handler(void* arg, esp_event_base_t event_base,
             default:
                 break;
         }
+#ifdef APP_PROV_STOP_ON_CREDS_MISMATCH
+    } else if (event_base == PROTOCOMM_SECURITY_SESSION_EVENT) {
+        switch (event_id) {
+            case PROTOCOMM_SECURITY_SESSION_SETUP_OK:
+                ESP_LOGI(TAG, "Secured session established!");
+                break;
+            case PROTOCOMM_SECURITY_SESSION_INVALID_SECURITY_PARAMS:
+                /* fall-through */
+            case PROTOCOMM_SECURITY_SESSION_CREDENTIALS_MISMATCH:
+                ESP_LOGE(TAG, "Received incorrect PoP or invalid security params! event: %d", (int) event_id);
+                if (CONFIG_APP_WIFI_PROV_MAX_POP_MISMATCH &&
+                        (++failed_cnt >= CONFIG_APP_WIFI_PROV_MAX_POP_MISMATCH)) {
+                    /* stop provisioning for security reasons */
+                    wifi_prov_mgr_stop_provisioning();
+                    ESP_LOGW(TAG, "Max PoP attempts reached! Provisioning disabled for security reasons. Please reboot device to restart provisioning");
+                    esp_event_post(APP_WIFI_EVENT, APP_WIFI_EVENT_PROV_CRED_MISMATCH, NULL, 0, portMAX_DELAY);
+                }
+                break;
+            default:
+                break;
+        }
+#endif
     } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
         esp_wifi_connect();
     } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
@@ -367,6 +401,9 @@ void app_wifi_init(void)
 
     /* Register our event handler for Wi-Fi, IP and Provisioning related events */
     ESP_ERROR_CHECK(esp_event_handler_register(WIFI_PROV_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+#ifdef APP_PROV_STOP_ON_CREDS_MISMATCH
+    ESP_ERROR_CHECK(esp_event_handler_register(PROTOCOMM_SECURITY_SESSION_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+#endif
     ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
     ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
 

examples/common/app_wifi/app_wifi.h

@@ -37,6 +37,8 @@ typedef enum {
     APP_WIFI_EVENT_PROV_TIMEOUT,
     /** Provisioning has restarted due to failures (Invalid SSID/Passphrase) */
     APP_WIFI_EVENT_PROV_RESTART,
+    /** Provisioning closed due to invalid credentials */
+    APP_WIFI_EVENT_PROV_CRED_MISMATCH,
 } app_wifi_event_t;
 
 /** Types of Proof of Possession */

examples/homekit_switch/components/app_wifi/Kconfig.projbuild

@@ -6,6 +6,17 @@ menu "App Wi-Fi Provisioning"
         help
             Show the QR code for provisioning.
 
+    config APP_WIFI_PROV_MAX_POP_MISMATCH
+        int
+        default 5
+        range 0 20
+        prompt "Max wrong pop attempts allowed"
+        help
+            Set the maximum wrong pop attempts allowed before stopping provisioning.
+            Set 0 for the feature to be disabled.
+            This safeguards the device from brute-force attempt by limiting the wrong pop allowed.
+            Needs IDF version >= 5.1.3
+
     choice APP_WIFI_PROV_TRANSPORT
         bool "Provisioning Transport method"
         default APP_WIFI_PROV_TRANSPORT_BLE

examples/homekit_switch/components/app_wifi/app_wifi_with_homekit.c

@@ -63,6 +63,12 @@ static esp_timer_handle_t prov_stop_timer;
 /* Autofetch period in micro-seconds */
 static uint64_t prov_timeout_period = (APP_WIFI_PROV_TIMEOUT_PERIOD * 60 * 1000000LL);
 
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 1, 3)
+#define APP_PROV_STOP_ON_CREDS_MISMATCH
+#elif (CONFIG_APP_WIFI_PROV_MAX_RETRY_CNT > 0)
+#warning "Provisioning window stop on max credentials failures, needs IDF version >= 5.1.3"
+#endif
+
 static void app_wifi_print_qr(const char *name, const char *pop, const char *transport)
 {
     if (!name || !transport) {
@@ -115,6 +121,9 @@ static void event_handler(void* arg, esp_event_base_t event_base,
 {
 #ifdef CONFIG_APP_WIFI_RESET_PROV_ON_FAILURE
     static int retries = 0;
+#endif
+#ifdef APP_PROV_STOP_ON_CREDS_MISMATCH
+    static int failed_cnt = 0;
 #endif
     if (event_base == WIFI_PROV_EVENT) {
         switch (event_id) {
@@ -171,6 +180,28 @@ static void event_handler(void* arg, esp_event_base_t event_base,
             default:
                 break;
         }
+#ifdef APP_PROV_STOP_ON_CREDS_MISMATCH
+    } else if (event_base == PROTOCOMM_SECURITY_SESSION_EVENT) {
+        switch (event_id) {
+            case PROTOCOMM_SECURITY_SESSION_SETUP_OK:
+                ESP_LOGI(TAG, "Secured session established!");
+                break;
+            case PROTOCOMM_SECURITY_SESSION_INVALID_SECURITY_PARAMS:
+                /* fall-through */
+            case PROTOCOMM_SECURITY_SESSION_CREDENTIALS_MISMATCH:
+                ESP_LOGE(TAG, "Received incorrect PoP or invalid security params! event: %d", (int) event_id);
+                if (CONFIG_APP_WIFI_PROV_MAX_POP_MISMATCH &&
+                        (++failed_cnt >= CONFIG_APP_WIFI_PROV_MAX_POP_MISMATCH)) {
+                    /* stop provisioning for security reasons */
+                    wifi_prov_mgr_stop_provisioning();
+                    ESP_LOGW(TAG, "Max PoP attempts reached! Provisioning disabled for security reasons. Please reboot device to restart provisioning");
+                    esp_event_post(APP_WIFI_EVENT, APP_WIFI_EVENT_PROV_CRED_MISMATCH, NULL, 0, portMAX_DELAY);
+                }
+                break;
+            default:
+                break;
+        }
+#endif
     } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
         esp_wifi_connect();
     } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_CONNECTED) {
@@ -332,6 +363,9 @@ void app_wifi_with_homekit_init(void)
     ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
 #endif
     ESP_ERROR_CHECK(esp_event_handler_register(WIFI_PROV_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+#ifdef APP_PROV_STOP_ON_CREDS_MISMATCH
+    ESP_ERROR_CHECK(esp_event_handler_register(PROTOCOMM_SECURITY_SESSION_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+#endif
     ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
     ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_GOT_IP6, &event_handler, NULL));
 

examples/homekit_switch/components/app_wifi/app_wifi_with_homekit.h

@@ -20,6 +20,8 @@ typedef enum {
     APP_WIFI_EVENT_PROV_TIMEOUT,
     /** Provisioning has restarted due to failures (Invalid SSID/Passphrase) */
     APP_WIFI_EVENT_PROV_RESTART,
+    /** Provisioning closed due to invalid credentials */
+    APP_WIFI_EVENT_PROV_CRED_MISMATCH,
 } app_wifi_event_t;
 
 /** Types of Proof of Possession */