esp-idf-provisioning-ios icon indicating copy to clipboard operation
esp-idf-provisioning-ios copied to clipboard

Published 20 hours ago verified publisher icon espressif

Security check always fails when initializing session

Open second-string opened this issue 5 years ago • 2 comments
trafficstars

When trying to initialize a session with my device, I'm receiving an ESPSessionStatus of failedToConnect with an internal parameter of securityMismatch. I've tracked that value to this if/else block in ESPDevice.swift when it is trying to initialize a session after correctly sending and receiving the proto-ver command (so I know it's connected to the board successfully).

https://github.com/espressif/esp-idf-provisioning-ios/blob/master/ESPProvision/ESPDevice.swift#L386 (including the lines here in case another commit changes this reference)

if let capability = self.capabilities, capability.contains(ESPConstants.noSecCapability) {
            if security != .unsecure {
                completionHandler(.failedToConnect(.securityMismatch))
                return
            } else if security != .secure {
                completionHandler(.failedToConnect(.securityMismatch))
                return
            }
}

From what I can understand, if the ESP responds with a capability of no_sec, no matter what security has been set in the device creation, either .unsecure or .secure, it's always going to fail. I'm assuming the no_sec capability comes from me initalizing my provisioning manager with a security value of WIFI_PROV_SECURITY_0 on the esp32, which seems to make sense. Therefore I don't understand the second half of this if/else statement. I feel like the check for else if security != .secure should be removed entirely.

Am I misunderstanding something, or is this a bug? If it's the latter, please let me know and I'll submit a pull request to remove it. Thanks

second-string avatar Oct 22 '20 20:10 second-string

Hi @dot4qu , You are right the else statement is unnecessary and will always fail in case of no_sec. Thanks for identifying this issue and reporting it to us. However by default communication will be secure so in case where no_sec is not present, we need to verify that security is .secure. For that else part need to be moved outside of the block. I have attached code snippet to help you better understand. You can submit a pull request by using it. We really appreciate your efforts.

if let capability = self.capabilities, capability.contains(ESPConstants.noSecCapability) {
         if security != .unsecure {
                completionHandler(.failedToConnect(.securityMismatch))
                return
         }
} else if security != .secure {
            completionHandler(.failedToConnect(.securityMismatch))
            return
}

vikas-chandra-mnnit avatar Oct 23 '20 16:10 vikas-chandra-mnnit

Ah that makes much more sense! I'll have a PR up by sometime early next week, thanks for the quick response!

second-string avatar Oct 23 '20 16:10 second-string