Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Mihini/Security"

(Usefull commands)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
Don't hesitate to make a test by running Mihini on your local computer.
 +
 
== How to activate security with M3DA protocol? ==
 
== How to activate security with M3DA protocol? ==
  
Line 6: Line 8:
 
</source>
 
</source>
  
Note: Here the following list you can define for encryption and authentication:
+
''Note'': Here the following list you can define for encryption and authentication:
* AUTHENTICATION_TYPE = hmac-md5    or  hmac-sha1  or none  (if you select none for authentication, you must select none for encryption)
+
* AUTHENTICATION_TYPE = hmac-md5    or  hmac-sha1  or none  (if you select none for authentication, you must select none for encryption)
* ENCRYPTION_TYPE    = aes-cbc-128  or    aes-cbc-256  or  aes-ctr-128  or  aes-ctr-256  or  none
+
* ENCRYPTION_TYPE    = aes-cbc-128  or    aes-cbc-256  or  aes-ctr-128  or  aes-ctr-256  or  none
 +
 
  
 
1. Choose the authentication algorithm :
 
1. Choose the authentication algorithm :
Line 20: Line 23:
 
</source>
 
</source>
  
3. Generate the keys by using Registration password (shareKey) (=> Compute and store the keys)
+
3. Do not forget to set deviceId (first):
 
<source lang="lua">
 
<source lang="lua">
require 'agent.provisioning'.registration_password 'xxxx'      (needs "make all agent_provisioning" to be executed before)
+
agent.config.agent.deviceId = "tototo"
 
</source>
 
</source>
  
== Usefull commands ==
+
4. Generate the keys by using a Password (shareKey) (=> Compute and store the keys)
 +
<source lang="lua">
 +
require 'agent.provisioning'.password 'xxxx'      (needs "make all agent_provisioning" to be executed before)
 +
</source>
 +
 
 +
== Useful commands ==
 
If you want to remove the authentication:
 
If you want to remove the authentication:
 
<source lang="lua">
 
<source lang="lua">
Line 38: Line 46:
 
To change the password :
 
To change the password :
 
<source lang="lua">
 
<source lang="lua">
require 'agent.provisioning'.password ='xxxx'                  (needs "make all agent_provisioning" to be executed before)
+
require 'agent.provisioning'.password 'xxxx'                  (needs "make all agent_provisioning" to be executed before)
 
</source>
 
</source>
  
 
To remove the password :
 
To remove the password :
Keys are stored in :   /readyagent/build.default/runtime/crypto
+
* Keys are stored in: /readyagent/build.default/runtime/crypto
Remove the file : crypto.key
+
* Remove the file: crypto.key
 +
 
 +
''Note'': If you do a reset factory on your device, the keys are not deleted.
  
 
Create a connection:
 
Create a connection:
Line 50: Line 60:
 
airvantage.connecttoserver()
 
airvantage.connecttoserver()
 
</source>
 
</source>
 +
 +
== FAQ/Good Practices ==
 +
 +
<em>Q</em>: '''I get timeout when I try to contact the server.<br/>'''
 +
<em>A</em>:
 +
Check that port 44900 is opened.
 +
 +
<em>Q</em>: '''I get the message error "Server won't re-provision the cipher+auth key"'''<br/>
 +
<em>A</em>: The message error "Server won't re-provision the cipher+auth key" tell us that your server cannot provision the cipher+auth key twice, it's is a part of security feature. So you mush change the password on your server side and also your device so that they have the same, and retry your steps again.
 +
 +
<em>Q</em>: '''When I test the upgrade function, I get the error: Failed with status NOREPORT'''<br/>
 +
<em>A</em>: when I test the upgrade function. I tested it through asset and appcon. Both gave me the following error:
 +
<pre>
 +
2013-05-06 17:45:36 M3DA-SESSION-INFO: Sending data through authenticated and encrypted session
 +
 +
2013-05-06 17:45:37 M3DA-SESSION-ERROR: Failed with status NOREPORT: "./lua/m3da/session/security.lua:61: closed"
 +
 +
2013-05-06 17:45:37 SRVCON-ERROR: Error while sending data to server: ./lua/m3da/session/security.lua:61: closed
 +
</pre>
 +
 +
You just remove your crypto directory and redo a "registration_password' again in order to have a new crypto key. I have this problem as i try to send upgrade function from a server  while my device have already communicated with another server before.
 +
 +
In your device :
 +
<pre>
 +
/build.default/runtime$ rm -rf crypto/
 +
./start.sh
 +
2013-05-07 10:10:26 GENERAL-INFO: ************************************************************
 +
2013-05-07 10:10:26 GENERAL-INFO: Starting ReadyAgent ...
 +
2013-05-07 10:10:26 GENERAL-INFO:      ReadyAgent: 8.0 - Build: 64aa399
 +
2013-05-07 10:10:26 GENERAL-INFO:      Lua VM: Lua 5.1.4 (+meta pairs/ipairs) (+patch-lua-5.1.4-3)
 +
2013-05-07 10:10:26 GENERAL-INFO:      System: Linux frtls-el-mgiang 3.2.0-41-generic-pae #66-Ubuntu SMP Thu Apr 25 03:50:20 UTC 2013 i686
 +
2013-05-07 10:10:26 GENERAL-INFO: ************************************************************
 +
2013-05-07 10:10:26 GENERAL-INFO: Device ID = "123456789098765"
 +
2013-05-07 10:10:26 GENERAL-INFO: Module [AssetConnector] initialized
 +
2013-05-07 10:10:26 SHELL-INFO: Binding a shell server at address ?localhost, port 2000
 +
2013-05-07 10:10:26 GENERAL-INFO: Module [Lua Shell] initialized
 +
2013-05-07 10:10:26 GENERAL-INFO: Module [DummyNetman] initialized
 +
2013-05-07 10:10:26 GENERAL-INFO: Module [Lua RPC] initialized
 +
2013-05-07 10:10:26 GENERAL-ERROR: Failed to initialize module [ServerConnector], err=Neither provisioning nor authenticating crypto keys
 +
2013-05-07 10:10:26 GENERAL-INFO: Module [DataManagement] initialized
 +
2013-05-07 10:10:26 ASSCON-INFO: Connection received from asset [table: 0x899f748] at '<local ipc=table: 0x897ca60>:0'
 +
2013-05-07 10:10:26 ASSCON-INFO: Asset registered, name="@sys", id=table: 0x899f748.
 +
2013-05-07 10:10:26 GENERAL-INFO: Module [DeviceManagement] initialized
 +
2013-05-07 10:10:26 GENERAL-INFO: Module [ApplicationContainer] initialized
 +
2013-05-07 10:10:26 GENERAL-INFO: Module [Update] initialized
 +
2013-05-07 10:10:26 GENERAL-ERROR: ReadyAgent initialization finished with some errors:
 +
2013-05-07 10:10:26 GENERAL-ERROR: [ServerConnector] failed with Neither provisioning nor authenticating crypto keys              <- not found the crypto key yet on device
 +
</pre>
 +
 +
Go to telnet terminal :
 +
<source lang="lua">require 'agent.provisioning'.registration_password 'your_password_on_server'    <- generate a crypto key
 +
</source>
 +
 +
And now, you can continue your upgrade function on server.

Latest revision as of 07:02, 18 March 2014

Don't hesitate to make a test by running Mihini on your local computer.

How to activate security with M3DA protocol?

Firstly, you need to compile a module which is not compiled by default. After you build.sh, you must do this command:

$ make all agent_provisioning

Note: Here the following list you can define for encryption and authentication:

  • AUTHENTICATION_TYPE = hmac-md5 or hmac-sha1 or none (if you select none for authentication, you must select none for encryption)
  • ENCRYPTION_TYPE = aes-cbc-128 or aes-cbc-256 or aes-ctr-128 or aes-ctr-256 or none


1. Choose the authentication algorithm :

agent.config.server.authentication ='hmac-sha1'

2. Choose the encryption algorithm :

agent.config.server.encryption ='aes-cbc-128'

3. Do not forget to set deviceId (first):

agent.config.agent.deviceId = "tototo"

4. Generate the keys by using a Password (shareKey) (=> Compute and store the keys)

require 'agent.provisioning'.password 'xxxx'       (needs "make all agent_provisioning" to be executed before)

Useful commands

If you want to remove the authentication:

agent.config.server.authentication = nil

To remove the encryption:

agent.config.server.encryption = nil

To change the password :

require 'agent.provisioning'.password 'xxxx'                   (needs "make all agent_provisioning" to be executed before)

To remove the password :

* Keys are stored in: /readyagent/build.default/runtime/crypto
* Remove the file: crypto.key

Note: If you do a reset factory on your device, the keys are not deleted.

Create a connection:

airvantage=require "airvantage"
airvantage.connecttoserver()

FAQ/Good Practices

Q: I get timeout when I try to contact the server.
A: Check that port 44900 is opened.

Q: I get the message error "Server won't re-provision the cipher+auth key"
A: The message error "Server won't re-provision the cipher+auth key" tell us that your server cannot provision the cipher+auth key twice, it's is a part of security feature. So you mush change the password on your server side and also your device so that they have the same, and retry your steps again.

Q: When I test the upgrade function, I get the error: Failed with status NOREPORT
A: when I test the upgrade function. I tested it through asset and appcon. Both gave me the following error:

2013-05-06 17:45:36 M3DA-SESSION-INFO: Sending data through authenticated and encrypted session

2013-05-06 17:45:37 M3DA-SESSION-ERROR: Failed with status NOREPORT: "./lua/m3da/session/security.lua:61: closed"

2013-05-06 17:45:37 SRVCON-ERROR: Error while sending data to server: ./lua/m3da/session/security.lua:61: closed

You just remove your crypto directory and redo a "registration_password' again in order to have a new crypto key. I have this problem as i try to send upgrade function from a server while my device have already communicated with another server before.

In your device :

/build.default/runtime$ rm -rf crypto/
./start.sh
2013-05-07 10:10:26 GENERAL-INFO: ************************************************************
2013-05-07 10:10:26 GENERAL-INFO: Starting ReadyAgent ...
2013-05-07 10:10:26 GENERAL-INFO:      ReadyAgent: 8.0 - Build: 64aa399
2013-05-07 10:10:26 GENERAL-INFO:      Lua VM: Lua 5.1.4 (+meta pairs/ipairs) (+patch-lua-5.1.4-3)
2013-05-07 10:10:26 GENERAL-INFO:      System: Linux frtls-el-mgiang 3.2.0-41-generic-pae #66-Ubuntu SMP Thu Apr 25 03:50:20 UTC 2013 i686
2013-05-07 10:10:26 GENERAL-INFO: ************************************************************
2013-05-07 10:10:26 GENERAL-INFO: Device ID = "123456789098765"
2013-05-07 10:10:26 GENERAL-INFO: Module [AssetConnector] initialized
2013-05-07 10:10:26 SHELL-INFO: Binding a shell server at address ?localhost, port 2000
2013-05-07 10:10:26 GENERAL-INFO: Module [Lua Shell] initialized
2013-05-07 10:10:26 GENERAL-INFO: Module [DummyNetman] initialized
2013-05-07 10:10:26 GENERAL-INFO: Module [Lua RPC] initialized
2013-05-07 10:10:26 GENERAL-ERROR: Failed to initialize module [ServerConnector], err=Neither provisioning nor authenticating crypto keys
2013-05-07 10:10:26 GENERAL-INFO: Module [DataManagement] initialized
2013-05-07 10:10:26 ASSCON-INFO: Connection received from asset [table: 0x899f748] at '<local ipc=table: 0x897ca60>:0'
2013-05-07 10:10:26 ASSCON-INFO: Asset registered, name="@sys", id=table: 0x899f748.
2013-05-07 10:10:26 GENERAL-INFO: Module [DeviceManagement] initialized
2013-05-07 10:10:26 GENERAL-INFO: Module [ApplicationContainer] initialized
2013-05-07 10:10:26 GENERAL-INFO: Module [Update] initialized
2013-05-07 10:10:26 GENERAL-ERROR: ReadyAgent initialization finished with some errors:
2013-05-07 10:10:26 GENERAL-ERROR: 	 [ServerConnector] failed with Neither provisioning nor authenticating crypto keys              <- not found the crypto key yet on device

Go to telnet terminal :

require 'agent.provisioning'.registration_password 'your_password_on_server'    <- generate a crypto key

And now, you can continue your upgrade function on server.

Back to the top