Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Mihini/Security"

(Usefull commands)
 
(One intermediate revision by one other user not shown)
Line 28: Line 28:
 
</source>
 
</source>
  
4. Generate the keys by using Registration password (shareKey) (=> Compute and store the keys)
+
4. Generate the keys by using a Password (shareKey) (=> Compute and store the keys)
 
<source lang="lua">
 
<source lang="lua">
require 'agent.provisioning'.registration_password 'xxxx'      (needs "make all agent_provisioning" to be executed before)
+
require 'agent.provisioning'.password 'xxxx'      (needs "make all agent_provisioning" to be executed before)
 
</source>
 
</source>
  
Line 46: Line 46:
 
To change the password :
 
To change the password :
 
<source lang="lua">
 
<source lang="lua">
require 'agent.provisioning'.password ='xxxx'                  (needs "make all agent_provisioning" to be executed before)
+
require 'agent.provisioning'.password 'xxxx'                  (needs "make all agent_provisioning" to be executed before)
 
</source>
 
</source>
  
Line 80: Line 80:
 
</pre>
 
</pre>
  
You just remove your crypto directory and redo a "registration_password' again in order to have a new crypto key. I have this problem as i try to send upgrade function from the server "edge" while my device have already communicated with the server "dev-airlink" before
+
You just remove your crypto directory and redo a "registration_password' again in order to have a new crypto key. I have this problem as i try to send upgrade function from a server while my device have already communicated with another server before.
  
 
In your device :
 
In your device :

Latest revision as of 07:02, 18 March 2014

Don't hesitate to make a test by running Mihini on your local computer.

How to activate security with M3DA protocol?

Firstly, you need to compile a module which is not compiled by default. After you build.sh, you must do this command:

$ make all agent_provisioning

Note: Here the following list you can define for encryption and authentication:

  • AUTHENTICATION_TYPE = hmac-md5 or hmac-sha1 or none (if you select none for authentication, you must select none for encryption)
  • ENCRYPTION_TYPE = aes-cbc-128 or aes-cbc-256 or aes-ctr-128 or aes-ctr-256 or none


1. Choose the authentication algorithm :

agent.config.server.authentication ='hmac-sha1'

2. Choose the encryption algorithm :

agent.config.server.encryption ='aes-cbc-128'

3. Do not forget to set deviceId (first):

agent.config.agent.deviceId = "tototo"

4. Generate the keys by using a Password (shareKey) (=> Compute and store the keys)

require 'agent.provisioning'.password 'xxxx'       (needs "make all agent_provisioning" to be executed before)

Useful commands

If you want to remove the authentication:

agent.config.server.authentication = nil

To remove the encryption:

agent.config.server.encryption = nil

To change the password :

require 'agent.provisioning'.password 'xxxx'                   (needs "make all agent_provisioning" to be executed before)

To remove the password :

* Keys are stored in: /readyagent/build.default/runtime/crypto
* Remove the file: crypto.key

Note: If you do a reset factory on your device, the keys are not deleted.

Create a connection:

airvantage=require "airvantage"
airvantage.connecttoserver()

FAQ/Good Practices

Q: I get timeout when I try to contact the server.
A: Check that port 44900 is opened.

Q: I get the message error "Server won't re-provision the cipher+auth key"
A: The message error "Server won't re-provision the cipher+auth key" tell us that your server cannot provision the cipher+auth key twice, it's is a part of security feature. So you mush change the password on your server side and also your device so that they have the same, and retry your steps again.

Q: When I test the upgrade function, I get the error: Failed with status NOREPORT
A: when I test the upgrade function. I tested it through asset and appcon. Both gave me the following error:

2013-05-06 17:45:36 M3DA-SESSION-INFO: Sending data through authenticated and encrypted session

2013-05-06 17:45:37 M3DA-SESSION-ERROR: Failed with status NOREPORT: "./lua/m3da/session/security.lua:61: closed"

2013-05-06 17:45:37 SRVCON-ERROR: Error while sending data to server: ./lua/m3da/session/security.lua:61: closed

You just remove your crypto directory and redo a "registration_password' again in order to have a new crypto key. I have this problem as i try to send upgrade function from a server while my device have already communicated with another server before.

In your device :

/build.default/runtime$ rm -rf crypto/
./start.sh
2013-05-07 10:10:26 GENERAL-INFO: ************************************************************
2013-05-07 10:10:26 GENERAL-INFO: Starting ReadyAgent ...
2013-05-07 10:10:26 GENERAL-INFO:      ReadyAgent: 8.0 - Build: 64aa399
2013-05-07 10:10:26 GENERAL-INFO:      Lua VM: Lua 5.1.4 (+meta pairs/ipairs) (+patch-lua-5.1.4-3)
2013-05-07 10:10:26 GENERAL-INFO:      System: Linux frtls-el-mgiang 3.2.0-41-generic-pae #66-Ubuntu SMP Thu Apr 25 03:50:20 UTC 2013 i686
2013-05-07 10:10:26 GENERAL-INFO: ************************************************************
2013-05-07 10:10:26 GENERAL-INFO: Device ID = "123456789098765"
2013-05-07 10:10:26 GENERAL-INFO: Module [AssetConnector] initialized
2013-05-07 10:10:26 SHELL-INFO: Binding a shell server at address ?localhost, port 2000
2013-05-07 10:10:26 GENERAL-INFO: Module [Lua Shell] initialized
2013-05-07 10:10:26 GENERAL-INFO: Module [DummyNetman] initialized
2013-05-07 10:10:26 GENERAL-INFO: Module [Lua RPC] initialized
2013-05-07 10:10:26 GENERAL-ERROR: Failed to initialize module [ServerConnector], err=Neither provisioning nor authenticating crypto keys
2013-05-07 10:10:26 GENERAL-INFO: Module [DataManagement] initialized
2013-05-07 10:10:26 ASSCON-INFO: Connection received from asset [table: 0x899f748] at '<local ipc=table: 0x897ca60>:0'
2013-05-07 10:10:26 ASSCON-INFO: Asset registered, name="@sys", id=table: 0x899f748.
2013-05-07 10:10:26 GENERAL-INFO: Module [DeviceManagement] initialized
2013-05-07 10:10:26 GENERAL-INFO: Module [ApplicationContainer] initialized
2013-05-07 10:10:26 GENERAL-INFO: Module [Update] initialized
2013-05-07 10:10:26 GENERAL-ERROR: ReadyAgent initialization finished with some errors:
2013-05-07 10:10:26 GENERAL-ERROR: 	 [ServerConnector] failed with Neither provisioning nor authenticating crypto keys              <- not found the crypto key yet on device

Go to telnet terminal :

require 'agent.provisioning'.registration_password 'your_password_on_server'    <- generate a crypto key

And now, you can continue your upgrade function on server.

Back to the top