Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added initial support for SmartConfig #33

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

added initial support for SmartConfig #33

wants to merge 3 commits into from

Conversation

UnTraDe
Copy link
Contributor

@UnTraDe UnTraDe commented Dec 12, 2021
edited
Loading

This adds initial support for SmartConfig. (https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/network/esp_smartconfig.html)

SmartConfig is a protocol that allows sending SSID info (password, bssid, etc) to an unconnected ESP32 via another device connected to the same network.

Currently only SmartConfig V1 is supported, I plan to add support for V2 soon.

This pull request depends on adding #include "esp_smartconfig.h" to the bindings.h file in the esp-idf-sys crate.

@ivmarkov
Copy link
Collaborator

I hope you do understand how insecure SmartConfig is. The fact that Texas Instruments invented it (if that's even true; there seems to exist prior art) does not make it secure. For the gory details, read this. The fact that they hard-coded an AES key in the esptouch v2 app does not make it much more secure, as anyone can decompile and get the key.

I think protocols like wifi Easy Connect hold a much better promise, in that they'll likely be standardized by the CHIP specs and will soon land as a standard builtin feature on every smartphone.

Sure, they need a secondary communication channel like a BT connection or at least a QR code, but are secure by design. And the QR code trick is pretty neat and easy.

@ivmarkov
Copy link
Collaborator

ivmarkov commented Dec 26, 2021
edited
Loading

On a second thought, the protocol can be made secure if the esptouch app requires you to enter an aes key which is specific for the concrete iot device. The usability concerns can be mitigated by having the aes key of the device being printed and sticked on the device itself in the form of a qr code. Esptouch can then use the smartphone camera to read the qr code of the aes key before transmission.

Hmm, that might very well be what wifi easy connect does when using a qr code
Need to read about it...

@ivmarkov
Copy link
Collaborator

Ok so easy connect seems to use public action frames instead of udp packet length to send the (encrypted) ssid and pass to the iot device, but otherwise the approach is similar. They key to security is to use an aes key (or better yet - a public pki key) dictated by the iot device itself, which changes the security profile of the whole thing.

@ivmarkov
Copy link
Collaborator

Wifi easy connect seems to be part of Android 10 already, strange that I cannot find it on my Samsung ui... https://source.android.com/devices/tech/connect/wifi-easy-connect

@ivmarkov ivmarkov force-pushed the master branch 3 times, most recently from 8a8adba to 5ccb542 Compare July 5, 2023 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@UnTraDe @ivmarkov