esp-idf-svc icon indicating copy to clipboard operation
esp-idf-svc copied to clipboard

Published 20 hours ago verified publisher icon esp-rs

added initial support for SmartConfig

Open UnTraDe opened this issue 3 years ago • 4 comments
trafficstars

This adds initial support for SmartConfig. (https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/network/esp_smartconfig.html)

SmartConfig is a protocol that allows sending SSID info (password, bssid, etc) to an unconnected ESP32 via another device connected to the same network.

Currently only SmartConfig V1 is supported, I plan to add support for V2 soon.

This pull request depends on adding #include "esp_smartconfig.h" to the bindings.h file in the esp-idf-sys crate.

UnTraDe avatar Dec 12 '21 07:12 UnTraDe

I hope you do understand how insecure SmartConfig is. The fact that Texas Instruments invented it (if that's even true; there seems to exist prior art) does not make it secure. For the gory details, read this. The fact that they hard-coded an AES key in the esptouch v2 app does not make it much more secure, as anyone can decompile and get the key.

I think protocols like wifi Easy Connect hold a much better promise, in that they'll likely be standardized by the CHIP specs and will soon land as a standard builtin feature on every smartphone.

Sure, they need a secondary communication channel like a BT connection or at least a QR code, but are secure by design. And the QR code trick is pretty neat and easy.

ivmarkov avatar Dec 26 '21 20:12 ivmarkov

On a second thought, the protocol can be made secure if the esptouch app requires you to enter an aes key which is specific for the concrete iot device. The usability concerns can be mitigated by having the aes key of the device being printed and sticked on the device itself in the form of a qr code. Esptouch can then use the smartphone camera to read the qr code of the aes key before transmission.

Hmm, that might very well be what wifi easy connect does when using a qr code Need to read about it...

ivmarkov avatar Dec 26 '21 20:12 ivmarkov

Ok so easy connect seems to use public action frames instead of udp packet length to send the (encrypted) ssid and pass to the iot device, but otherwise the approach is similar. They key to security is to use an aes key (or better yet - a public pki key) dictated by the iot device itself, which changes the security profile of the whole thing.

ivmarkov avatar Dec 26 '21 20:12 ivmarkov

Wifi easy connect seems to be part of Android 10 already, strange that I cannot find it on my Samsung ui... https://source.android.com/devices/tech/connect/wifi-easy-connect

ivmarkov avatar Dec 26 '21 20:12 ivmarkov