Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Mihini/Security"
(→FAQ/Good Practices) |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 28: | Line 28: | ||
</source> | </source> | ||
− | 4. Generate the keys by using | + | 4. Generate the keys by using a Password (shareKey) (=> Compute and store the keys) |
<source lang="lua"> | <source lang="lua"> | ||
− | require 'agent.provisioning'. | + | require 'agent.provisioning'.password 'xxxx' (needs "make all agent_provisioning" to be executed before) |
</source> | </source> | ||
− | == | + | == Useful commands == |
If you want to remove the authentication: | If you want to remove the authentication: | ||
<source lang="lua"> | <source lang="lua"> | ||
Line 46: | Line 46: | ||
To change the password : | To change the password : | ||
<source lang="lua"> | <source lang="lua"> | ||
− | require 'agent.provisioning'.password | + | require 'agent.provisioning'.password 'xxxx' (needs "make all agent_provisioning" to be executed before) |
</source> | </source> | ||
Line 63: | Line 63: | ||
== FAQ/Good Practices == | == FAQ/Good Practices == | ||
− | <em>Q</em>: I get timeout when I try to contact the server.<br/> | + | <em>Q</em>: '''I get timeout when I try to contact the server.<br/>''' |
<em>A</em>: | <em>A</em>: | ||
− | Check | + | Check that port 44900 is opened. |
+ | |||
+ | <em>Q</em>: '''I get the message error "Server won't re-provision the cipher+auth key"'''<br/> | ||
+ | <em>A</em>: The message error "Server won't re-provision the cipher+auth key" tell us that your server cannot provision the cipher+auth key twice, it's is a part of security feature. So you mush change the password on your server side and also your device so that they have the same, and retry your steps again. | ||
+ | |||
+ | <em>Q</em>: '''When I test the upgrade function, I get the error: Failed with status NOREPORT'''<br/> | ||
+ | <em>A</em>: when I test the upgrade function. I tested it through asset and appcon. Both gave me the following error: | ||
+ | <pre> | ||
+ | 2013-05-06 17:45:36 M3DA-SESSION-INFO: Sending data through authenticated and encrypted session | ||
+ | |||
+ | 2013-05-06 17:45:37 M3DA-SESSION-ERROR: Failed with status NOREPORT: "./lua/m3da/session/security.lua:61: closed" | ||
+ | |||
+ | 2013-05-06 17:45:37 SRVCON-ERROR: Error while sending data to server: ./lua/m3da/session/security.lua:61: closed | ||
+ | </pre> | ||
+ | |||
+ | You just remove your crypto directory and redo a "registration_password' again in order to have a new crypto key. I have this problem as i try to send upgrade function from a server while my device have already communicated with another server before. | ||
+ | |||
+ | In your device : | ||
+ | <pre> | ||
+ | /build.default/runtime$ rm -rf crypto/ | ||
+ | ./start.sh | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: ************************************************************ | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Starting ReadyAgent ... | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: ReadyAgent: 8.0 - Build: 64aa399 | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Lua VM: Lua 5.1.4 (+meta pairs/ipairs) (+patch-lua-5.1.4-3) | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: System: Linux frtls-el-mgiang 3.2.0-41-generic-pae #66-Ubuntu SMP Thu Apr 25 03:50:20 UTC 2013 i686 | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: ************************************************************ | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Device ID = "123456789098765" | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Module [AssetConnector] initialized | ||
+ | 2013-05-07 10:10:26 SHELL-INFO: Binding a shell server at address ?localhost, port 2000 | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Module [Lua Shell] initialized | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Module [DummyNetman] initialized | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Module [Lua RPC] initialized | ||
+ | 2013-05-07 10:10:26 GENERAL-ERROR: Failed to initialize module [ServerConnector], err=Neither provisioning nor authenticating crypto keys | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Module [DataManagement] initialized | ||
+ | 2013-05-07 10:10:26 ASSCON-INFO: Connection received from asset [table: 0x899f748] at '<local ipc=table: 0x897ca60>:0' | ||
+ | 2013-05-07 10:10:26 ASSCON-INFO: Asset registered, name="@sys", id=table: 0x899f748. | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Module [DeviceManagement] initialized | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Module [ApplicationContainer] initialized | ||
+ | 2013-05-07 10:10:26 GENERAL-INFO: Module [Update] initialized | ||
+ | 2013-05-07 10:10:26 GENERAL-ERROR: ReadyAgent initialization finished with some errors: | ||
+ | 2013-05-07 10:10:26 GENERAL-ERROR: [ServerConnector] failed with Neither provisioning nor authenticating crypto keys <- not found the crypto key yet on device | ||
+ | </pre> | ||
+ | |||
+ | Go to telnet terminal : | ||
+ | <source lang="lua">require 'agent.provisioning'.registration_password 'your_password_on_server' <- generate a crypto key | ||
+ | </source> | ||
+ | |||
+ | And now, you can continue your upgrade function on server. |
Latest revision as of 07:02, 18 March 2014
Don't hesitate to make a test by running Mihini on your local computer.
How to activate security with M3DA protocol?
Firstly, you need to compile a module which is not compiled by default. After you build.sh, you must do this command:
$ make all agent_provisioning
Note: Here the following list you can define for encryption and authentication:
- AUTHENTICATION_TYPE = hmac-md5 or hmac-sha1 or none (if you select none for authentication, you must select none for encryption)
- ENCRYPTION_TYPE = aes-cbc-128 or aes-cbc-256 or aes-ctr-128 or aes-ctr-256 or none
1. Choose the authentication algorithm :
agent.config.server.authentication ='hmac-sha1'
2. Choose the encryption algorithm :
agent.config.server.encryption ='aes-cbc-128'
3. Do not forget to set deviceId (first):
agent.config.agent.deviceId = "tototo"
4. Generate the keys by using a Password (shareKey) (=> Compute and store the keys)
require 'agent.provisioning'.password 'xxxx' (needs "make all agent_provisioning" to be executed before)
Useful commands
If you want to remove the authentication:
agent.config.server.authentication = nil
To remove the encryption:
agent.config.server.encryption = nil
To change the password :
require 'agent.provisioning'.password 'xxxx' (needs "make all agent_provisioning" to be executed before)
To remove the password :
* Keys are stored in: /readyagent/build.default/runtime/crypto * Remove the file: crypto.key
Note: If you do a reset factory on your device, the keys are not deleted.
Create a connection:
airvantage=require "airvantage" airvantage.connecttoserver()
FAQ/Good Practices
Q: I get timeout when I try to contact the server.
A:
Check that port 44900 is opened.
Q: I get the message error "Server won't re-provision the cipher+auth key"
A: The message error "Server won't re-provision the cipher+auth key" tell us that your server cannot provision the cipher+auth key twice, it's is a part of security feature. So you mush change the password on your server side and also your device so that they have the same, and retry your steps again.
Q: When I test the upgrade function, I get the error: Failed with status NOREPORT
A: when I test the upgrade function. I tested it through asset and appcon. Both gave me the following error:
2013-05-06 17:45:36 M3DA-SESSION-INFO: Sending data through authenticated and encrypted session 2013-05-06 17:45:37 M3DA-SESSION-ERROR: Failed with status NOREPORT: "./lua/m3da/session/security.lua:61: closed" 2013-05-06 17:45:37 SRVCON-ERROR: Error while sending data to server: ./lua/m3da/session/security.lua:61: closed
You just remove your crypto directory and redo a "registration_password' again in order to have a new crypto key. I have this problem as i try to send upgrade function from a server while my device have already communicated with another server before.
In your device :
/build.default/runtime$ rm -rf crypto/ ./start.sh 2013-05-07 10:10:26 GENERAL-INFO: ************************************************************ 2013-05-07 10:10:26 GENERAL-INFO: Starting ReadyAgent ... 2013-05-07 10:10:26 GENERAL-INFO: ReadyAgent: 8.0 - Build: 64aa399 2013-05-07 10:10:26 GENERAL-INFO: Lua VM: Lua 5.1.4 (+meta pairs/ipairs) (+patch-lua-5.1.4-3) 2013-05-07 10:10:26 GENERAL-INFO: System: Linux frtls-el-mgiang 3.2.0-41-generic-pae #66-Ubuntu SMP Thu Apr 25 03:50:20 UTC 2013 i686 2013-05-07 10:10:26 GENERAL-INFO: ************************************************************ 2013-05-07 10:10:26 GENERAL-INFO: Device ID = "123456789098765" 2013-05-07 10:10:26 GENERAL-INFO: Module [AssetConnector] initialized 2013-05-07 10:10:26 SHELL-INFO: Binding a shell server at address ?localhost, port 2000 2013-05-07 10:10:26 GENERAL-INFO: Module [Lua Shell] initialized 2013-05-07 10:10:26 GENERAL-INFO: Module [DummyNetman] initialized 2013-05-07 10:10:26 GENERAL-INFO: Module [Lua RPC] initialized 2013-05-07 10:10:26 GENERAL-ERROR: Failed to initialize module [ServerConnector], err=Neither provisioning nor authenticating crypto keys 2013-05-07 10:10:26 GENERAL-INFO: Module [DataManagement] initialized 2013-05-07 10:10:26 ASSCON-INFO: Connection received from asset [table: 0x899f748] at '<local ipc=table: 0x897ca60>:0' 2013-05-07 10:10:26 ASSCON-INFO: Asset registered, name="@sys", id=table: 0x899f748. 2013-05-07 10:10:26 GENERAL-INFO: Module [DeviceManagement] initialized 2013-05-07 10:10:26 GENERAL-INFO: Module [ApplicationContainer] initialized 2013-05-07 10:10:26 GENERAL-INFO: Module [Update] initialized 2013-05-07 10:10:26 GENERAL-ERROR: ReadyAgent initialization finished with some errors: 2013-05-07 10:10:26 GENERAL-ERROR: [ServerConnector] failed with Neither provisioning nor authenticating crypto keys <- not found the crypto key yet on device
Go to telnet terminal :
require 'agent.provisioning'.registration_password 'your_password_on_server' <- generate a crypto key
And now, you can continue your upgrade function on server.