esp_rmaker_local_ctrl: Added support for sec1

Also created a service which has POP as a param. The clients such as phone app can use this POP to connect to the device if the security type is sec1.
For sec0, this service is not created.

Author: chiragatal

CHANGES.md

@@ -1,5 +1,14 @@
 # Changes
 
+## 12-Jan-2022 (esp_rmaker_local_ctrl: Added support for sec1)
+
+This commit adds support for security1 for local control. This can be enabled by setting
+`CONFIG_ESP_RMAKER_LOCAL_CTRL_SECURITY_1` when using local control feature (this is the
+default security level when enabling local control). This would also require the latest
+phone apps which have the support for security1.
+
+You can check the docs [here](https://rainmaker.espressif.com/docs/local-control.html) for more details.
+
 ## 24-Aug-2021 (esp_rmaker_user_mapping: Add checks for user id for better security)
 
 This commit adds some logic to detect a reset to factory or a user change during the

components/esp_rainmaker/Kconfig.projbuild

@@ -77,6 +77,24 @@ menu "ESP RainMaker Config"
         help
             The port number to be used for http for local control.
 
+    choice ESP_RMAKER_LOCAL_CTRL_SECURITY
+        prompt "Local Control Security Type"
+        depends on ESP_RMAKER_LOCAL_CTRL_ENABLE
+        default ESP_RMAKER_LOCAL_CTRL_SECURITY_1
+        help
+            Security type to be selected for local control.
+
+        config ESP_RMAKER_LOCAL_CTRL_SECURITY_0
+            bool "sec0"
+        config ESP_RMAKER_LOCAL_CTRL_SECURITY_1
+            bool "sec1"
+    endchoice
+
+    config ESP_RMAKER_LOCAL_CTRL_SECURITY
+        int
+        default 0 if ESP_RMAKER_LOCAL_CTRL_SECURITY_0
+        default 1 if ESP_RMAKER_LOCAL_CTRL_SECURITY_1
+
     choice ESP_RMAKER_CONSOLE_UART_NUM
         prompt "UART for console input"
         default ESP_RMAKER_CONSOLE_UART_NUM_0

components/esp_rainmaker/include/esp_rmaker_standard_params.h

@@ -48,6 +48,8 @@ extern "C"
 #define ESP_RMAKER_DEF_REBOOT_NAME          "Reboot"
 #define ESP_RMAKER_DEF_FACTORY_RESET_NAME   "Factory-Reset"
 #define ESP_RMAKER_DEF_WIFI_RESET_NAME      "Wi-Fi-Reset"
+#define ESP_RMAKER_DEF_LOCAL_CONTROL_POP    "POP"
+#define ESP_RMAKER_DEF_LOCAL_CONTROL_TYPE   "Type"
 
 /**
  * Create standard name param
@@ -302,6 +304,32 @@ esp_rmaker_param_t *esp_rmaker_factory_reset_param_create(const char *param_name
  */
 esp_rmaker_param_t *esp_rmaker_wifi_reset_param_create(const char *param_name);
 
+/**
+ * Create standard Local Control POP param
+ *
+ * This will create the standard Local Control POP parameter.
+ *
+ * @param[in] param_name Name of the parameter
+ * @param[in] val Default Value of the parameter (Eg. "abcd1234"). Can be kept NULL.
+ *
+ * @return Parameter handle on success.
+ * @return NULL in case of failures.
+ */
+esp_rmaker_param_t *esp_rmaker_local_control_pop_param_create(const char *param_name, const char *val);
+
+/**
+ * Create standard Local Control Type param
+ *
+ * This will create the standard Local Control security type parameter.
+ *
+ * @param[in] param_name Name of the parameter
+ * @param[in] val Default Value of the parameter
+ *
+ * @return Parameter handle on success.
+ * @return NULL in case of failures.
+ */
+esp_rmaker_param_t *esp_rmaker_local_control_type_param_create(const char *param_name, int val);
+
 #ifdef __cplusplus
 }
 #endif

components/esp_rainmaker/include/esp_rmaker_standard_services.h

@@ -85,6 +85,22 @@ esp_rmaker_device_t *esp_rmaker_create_schedule_service(const char *serv_name, e
 
 esp_rmaker_device_t *esp_rmaker_create_system_service(const char *serv_name, void *priv_data);
 
+/** Create a standard Local Control service
+ *
+ * This creates a Local Control service with the mandatory parameters. The default parameter names will be used.
+ * Refer \ref esp_rmaker_standard_params.h for default names.
+ *
+ * @param[in] serv_name The unique service name
+ * @param[in] pop Proof of possession
+ * @param[in] sec_type Security type
+ * @param[in] priv_data (Optional) Private data associated with the service. This should stay
+ * allocated throughout the lifetime of the service.
+ *
+ * @return service_handle on success.
+ * @return NULL in case of any error.
+ */
+esp_rmaker_device_t *esp_rmaker_create_local_control_service(const char *serv_name, const char *pop, int sec_type, void *priv_data);
+
 #ifdef __cplusplus
 }
 #endif

components/esp_rainmaker/include/esp_rmaker_standard_types.h

@@ -47,6 +47,8 @@ extern "C"
 #define ESP_RMAKER_PARAM_REBOOT         "esp.param.reboot"
 #define ESP_RMAKER_PARAM_FACTORY_RESET  "esp.param.factory-reset"
 #define ESP_RMAKER_PARAM_WIFI_RESET     "esp.param.wifi-reset"
+#define ESP_RMAKER_PARAM_LOCAL_CONTROL_POP      "esp.param.local_control_pop"
+#define ESP_RMAKER_PARAM_LOCAL_CONTROL_TYPE     "esp.param.local_control_type"
 
 
 /********** STANDARD DEVICE TYPES **********/
@@ -62,6 +64,7 @@ extern "C"
 #define ESP_RMAKER_SERVICE_TIME         "esp.service.time"
 #define ESP_RMAKER_SERVICE_SCHEDULE     "esp.service.schedule"
 #define ESP_RMAKER_SERVICE_SYSTEM       "esp.service.system"
+#define ESP_RMAKER_SERVICE_LOCAL_CONTROL    "esp.service.local_control"
 
 #ifdef __cplusplus
 }

components/esp_rainmaker/src/core/esp_rmaker_local_ctrl.c

@@ -14,19 +14,40 @@
 
 #include <stdlib.h>
 #include <esp_log.h>
+#include <nvs.h>
 #include <esp_event.h>
 #include <esp_local_ctrl.h>
 #include <wifi_provisioning/manager.h>
 #include <esp_rmaker_internal.h>
+#include <esp_rmaker_standard_services.h>
 #include <esp_https_server.h>
 #include <mdns.h>
 
+#include <esp_idf_version.h>
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(4, 2, 0)
+// Features supported in 4.2
+
+#define ESP_RMAKER_LOCAL_CTRL_SECURITY_TYPE CONFIG_ESP_RMAKER_LOCAL_CTRL_SECURITY
+
+#else
+
+#if CONFIG_ESP_RMAKER_LOCAL_CTRL_SECURITY != 0
+#warning "Local control security type is not supported in idf versions below 4.2. Using sec0 by default."
+#endif
+#define ESP_RMAKER_LOCAL_CTRL_SECURITY_TYPE 0
+
+#endif /* !IDF4.2 */
+
 static const char * TAG = "esp_rmaker_local";
 
 /* Random Port number that will be used by the local control http instance
  * for internal control communication.
  */
 #define ESP_RMAKER_LOCAL_CTRL_HTTP_CTRL_PORT    12312
+#define ESP_RMAKER_NVS_PART_NAME                "nvs"
+#define ESP_RMAKER_NVS_LOCAL_CTRL_NAMESPACE     "local_ctrl"
+#define ESP_RMAKER_NVS_LOCAL_CTRL_POP           "pop"
+#define ESP_RMAKER_POP_LEN    9
 
 /* Custom allowed property types */
 enum property_types {
@@ -123,19 +144,106 @@ static esp_err_t set_property_values(size_t props_count,
     return ret;
 }
 
+static char *__esp_rmaker_local_ctrl_get_nvs(const char *key)
+{
+    char *val = NULL;
+    nvs_handle handle;
+    esp_err_t err = nvs_open_from_partition(ESP_RMAKER_NVS_PART_NAME, ESP_RMAKER_NVS_LOCAL_CTRL_NAMESPACE, NVS_READONLY, &handle);
+    if (err != ESP_OK) {
+        return NULL;
+    }
+    size_t len = 0;
+    if ((err = nvs_get_blob(handle, key, NULL, &len)) == ESP_OK) {
+        val = calloc(1, len + 1); /* +1 for NULL termination */
+        if (val) {
+            nvs_get_blob(handle, key, val, &len);
+        }
+    }
+    nvs_close(handle);
+    return val;
+
+}
+
+static esp_err_t __esp_rmaker_local_ctrl_set_nvs(const char *key, const char *val)
+{
+    nvs_handle handle;
+    esp_err_t err = nvs_open_from_partition(ESP_RMAKER_NVS_PART_NAME, ESP_RMAKER_NVS_LOCAL_CTRL_NAMESPACE, NVS_READWRITE, &handle);
+    if (err != ESP_OK) {
+        return err;
+    }
+    err = nvs_set_blob(handle, key, val, strlen(val));
+    nvs_commit(handle);
+    nvs_close(handle);
+    return err;
+}
+
+static char *esp_rmaker_local_ctrl_get_pop()
+{
+    char *pop = __esp_rmaker_local_ctrl_get_nvs(ESP_RMAKER_NVS_LOCAL_CTRL_POP);
+    if (pop) {
+        return pop;
+    }
+
+    ESP_LOGI(TAG, "Couldn't find POP in NVS. Generating a new one.");
+    pop = (char *)calloc(1, ESP_RMAKER_POP_LEN);
+    if (!pop) {
+        ESP_LOGE(TAG, "Couldn't allocate POP");
+        return NULL;
+    }
+    uint8_t random_bytes[ESP_RMAKER_POP_LEN] = {0};
+    esp_fill_random(&random_bytes, sizeof(random_bytes));
+    snprintf(pop, ESP_RMAKER_POP_LEN, "%02x%02x%02x%02x", random_bytes[0], random_bytes[1], random_bytes[2], random_bytes[3]);
+
+    __esp_rmaker_local_ctrl_set_nvs(ESP_RMAKER_NVS_LOCAL_CTRL_POP, pop);
+    return pop;
+}
+
+static int esp_rmaker_local_ctrl_get_security_type()
+{
+    return ESP_RMAKER_LOCAL_CTRL_SECURITY_TYPE;
+}
+
+static esp_err_t esp_rmaker_local_ctrl_service_enable(void)
+{
+    char *pop_str = esp_rmaker_local_ctrl_get_pop();
+    if (!pop_str) {
+        ESP_LOGE(TAG, "Get POP failed");
+        return ESP_FAIL;
+    }
+    int sec_ver = esp_rmaker_local_ctrl_get_security_type();
+
+    esp_rmaker_device_t *local_ctrl_service = esp_rmaker_create_local_control_service("Local Control", pop_str, sec_ver, NULL);
+    if (!local_ctrl_service) {
+        ESP_LOGE(TAG, "Failed to create Schedule Service");
+        free(pop_str);
+        return ESP_FAIL;
+    }
+    free(pop_str);
+
+    esp_err_t err = esp_rmaker_node_add_device(esp_rmaker_get_node(), local_ctrl_service);
+    if (err != ESP_OK) {
+        ESP_LOGE(TAG, "Failed to add service Service");
+        return err;
+    }
+
+    ESP_LOGD(TAG, "Local Control Service Enabled");
+    return err;
+}
+
 static esp_err_t __esp_rmaker_start_local_ctrl_service(const char *serv_name)
 {
     if (!serv_name) {
         ESP_LOGE(TAG, "Service name cannot be empty.");
         return ESP_ERR_INVALID_ARG;
     }
-    ESP_LOGI(TAG, "Starting ESP Local control with HTTP Transport.");
+
+    ESP_LOGI(TAG, "Starting ESP Local control with HTTP Transport and security version: %d", esp_rmaker_local_ctrl_get_security_type());
     /* Set the configuration */
     static httpd_ssl_config_t https_conf = HTTPD_SSL_CONFIG_DEFAULT();
     https_conf.transport_mode = HTTPD_SSL_TRANSPORT_INSECURE;
     https_conf.port_insecure = CONFIG_ESP_RMAKER_LOCAL_CTRL_HTTP_PORT;
     https_conf.httpd.ctrl_port = ESP_RMAKER_LOCAL_CTRL_HTTP_CTRL_PORT;
-    
+
     mdns_init();
     mdns_hostname_set(serv_name);
 
@@ -155,8 +263,40 @@ static esp_err_t __esp_rmaker_start_local_ctrl_service(const char *serv_name)
         .max_properties = 10
     };
 
+    /* If sec1, add security type details to the config */
+    protocomm_security_pop_t *pop = NULL;
+#if ESP_RMAKER_LOCAL_CTRL_SECURITY_TYPE == 1
+        char *pop_str = esp_rmaker_local_ctrl_get_pop();
+        /* Note: pop_str shouldn't be freed. If it gets freed, the pointer which is internally copied in esp_local_ctrl_start() will become invalid which would cause corruption. */
+
+        int sec_ver = esp_rmaker_local_ctrl_get_security_type();
+
+        if (sec_ver != 0 && pop_str) {
+            pop = (protocomm_security_pop_t *)calloc(1, sizeof(protocomm_security_pop_t));
+            if (!pop) {
+                ESP_LOGE(TAG, "Failed to allocate pop");
+                free(pop_str);
+                return ESP_ERR_NO_MEM;
+            }
+            pop->data = (uint8_t *)pop_str;
+            pop->len = strlen(pop_str);
+        }
+
+        config.proto_sec.version = sec_ver;
+        config.proto_sec.custom_handle = NULL;
+        config.proto_sec.pop = pop;
+#endif
+
     /* Start esp_local_ctrl service */
     ESP_ERROR_CHECK(esp_local_ctrl_start(&config));
+
+    /* Add node_id in mdns */
+    mdns_service_txt_item_set("_esp_local_ctrl", "_tcp", "node_id", esp_rmaker_get_node_id());
+
+    if (pop) {
+        free(pop);
+    }
+
     ESP_LOGI(TAG, "esp_local_ctrl service started with name : %s", serv_name);
 
     /* Create the Node Config property */
@@ -230,6 +370,10 @@ esp_err_t esp_rmaker_init_local_ctrl_service(void)
 
 esp_err_t esp_rmaker_start_local_ctrl_service(const char *serv_name)
 {
+    if (ESP_RMAKER_LOCAL_CTRL_SECURITY_TYPE == 1) {
+        esp_rmaker_local_ctrl_service_enable();
+    }
+
     if (!wait_for_wifi_prov) {
         return __esp_rmaker_start_local_ctrl_service(serv_name);
     }

components/esp_rainmaker/src/standard_types/esp_rmaker_standard_params.c

@@ -181,3 +181,17 @@ esp_rmaker_param_t *esp_rmaker_wifi_reset_param_create(const char *param_name)
             esp_rmaker_bool(false), PROP_FLAG_READ | PROP_FLAG_WRITE);
     return param;
 }
+
+esp_rmaker_param_t *esp_rmaker_local_control_pop_param_create(const char *param_name, const char *val)
+{
+    esp_rmaker_param_t *param = esp_rmaker_param_create(param_name, ESP_RMAKER_PARAM_LOCAL_CONTROL_POP,
+            esp_rmaker_str(val), PROP_FLAG_READ);
+    return param;
+}
+
+esp_rmaker_param_t *esp_rmaker_local_control_type_param_create(const char *param_name, int val)
+{
+    esp_rmaker_param_t *param = esp_rmaker_param_create(param_name, ESP_RMAKER_PARAM_LOCAL_CONTROL_TYPE,
+            esp_rmaker_int(val), PROP_FLAG_READ);
+    return param;
+}

components/esp_rainmaker/src/standard_types/esp_rmaker_standard_services.c

@@ -55,3 +55,13 @@ esp_rmaker_device_t *esp_rmaker_create_system_service(const char *serv_name, voi
 {
     return esp_rmaker_service_create(serv_name, ESP_RMAKER_SERVICE_SYSTEM, priv_data);
 }
+
+esp_rmaker_device_t *esp_rmaker_create_local_control_service(const char *serv_name, const char *pop, int sec_type, void *priv_data)
+{
+    esp_rmaker_device_t *service = esp_rmaker_service_create(serv_name, ESP_RMAKER_SERVICE_LOCAL_CONTROL, priv_data);
+    if (service) {
+        esp_rmaker_device_add_param(service, esp_rmaker_local_control_pop_param_create(ESP_RMAKER_DEF_LOCAL_CONTROL_POP, pop));
+        esp_rmaker_device_add_param(service, esp_rmaker_local_control_type_param_create(ESP_RMAKER_DEF_LOCAL_CONTROL_TYPE, sec_type));
+    }
+    return service;
+}