Closed grodansparadis closed 1 year ago
lhespress
commented
1 year ago @grodansparadis Setting the wifi channel for responder in OTA example just to better show the communication between the initiator and responder. As you mentioned, it is enough for responder to set the Wi-Fi channel if it's clear.
wujiangang
commented
1 year ago I understand the ssid/pw for the responder is to make sure that the responder and initiator can be in the same channel, since they will connect to the same router, so if you can guarantee the channel of the responder same as the initiator, it's also OK.
grodansparadis
commented
1 year ago OK that makes sense.
The PoP and the channel is the two parameters that are troublesome here. To set a common channel can easily be done by letting the responder node send some message on all channels and let the initiator detect the new responder node and send a message back and tell it which channel that is used by the system.
But handling PoP is harder. One way would be to have it hard set for all devices you sell which sounds like a bad idea. Anyone knowing it (and they will if you have an open source device for example) will be able to add a node to the network. One could set it using BLE (An example would have been great) but then setting up a large system will be dead slow and complicated.
Or is there some other way to handle this?
grodansparadis
commented
1 year ago Or is the PoP just the public key for ECDH?
lhespress
commented
1 year ago @grodansparadis I'm not sure what your means about PoP, security? What does the security example match your scene?
grodansparadis
commented
1 year ago Isn't PoP used to secure the APP_KEY when security information is exchanged? Or have I misunderstood that?
What I want is to connect two nodes A and B (and later C/D/E/F...) and have encrypted traffic between them. The security sample looks nice and would do what I want but I can't get it to work (#60 ) here.
lhespress
commented
1 year ago @grodansparadis Yes, we used PoP. Please see the pop_data param which is Proof of Possession (PoP) string as follow links:
https://github.com/espressif/esp-now/blob/master/src/security/include/espnow_security_handshake.h#L129
https://github.com/espressif/esp-now/blob/master/src/security/include/espnow_security_handshake.h#L160
grodansparadis
commented
1 year ago OK I can probably live with that as the this sequence is short and a one off. More serious is that the IV looks like it is static. Is't is supposed to be generated again for every frame sent and be sent along in the frame like here https://github.com/grodansparadis/vscp/blob/master/src/vscp/common/vscphelper.cpp#L6993
Really like your work with this by the way! Keep it up.
lhespress
commented
1 year ago @grodansparadis The APP_KEY is generate random firstly which have 32 bytes. see here
https://github.com/espressif/esp-now/blob/master/examples/security/main/app_main.c#L139
We use the first 16 bytes as key and the last 16 bytes as IV after handshake success.
grodansparadis
commented
1 year ago OK I understand that. But should the IV really be static like that? Is it not supposed to be changed for each frame sent?
lhespress
commented
1 year ago @grodansparadis It's changed for each handshake, but be the same for each frame sent after handshake. It need add IV interaction if changed for each frame sent. I don't think it's necessary.
grodansparadis
commented
1 year ago OK
I am a bit confused by the OTA example. It is perfectly clear for me that the initiator needs wifi ssid/pw but why does the response need that information (as of the readme). Is't the OTA being done using ESP-NOW? And would't it be enough by setting the wifi channel for the responder? What do I miss?