|
1 Connect IDE to Runtime |
|
2 ====================== |
|
3 |
|
4 |
|
5 Connection is described by the *URI_location* in project's configuration. |
|
6 ``Open project tree root -> Config tab -> URI_location`` |
|
7 |
|
8 eRPC |
|
9 ---- |
|
10 |
|
11 `eRPC <https://github.com/embeddedrpc/erpc>`_ (Embedded RPC) is an open source |
|
12 Remote Procedure Call (RPC) developed by NXP. |
|
13 |
|
14 In case of Beremiz, Runtime is the eRPC server and IDE is a client. Transport |
|
15 can be either TCP/IP or Serial. |
|
16 |
|
17 ``URI_location`` for eRPC: |
|
18 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
19 * ``ERPC://host[:port]`` unencrypted connection. Default port is 3000. |
|
20 This connection is highly unsecure, and should never be used on |
|
21 untrusted network. It is intended to be used on peer to peer connection |
|
22 such as ethernet over USB, for initial pairing with IDE. |
|
23 * ``ERPCS://host[:port]`` SSL-PSK encrypted connection. |
|
24 Default port is 4000. |
|
25 * ``LOCAL://`` starts local runtime and connect with it through TCP/IP |
|
26 bound to Localhost using random port. |
|
27 |
|
28 SSL-PSK setup: |
|
29 ^^^^^^^^^^^^^^ |
|
30 |
|
31 In order to provide practical secure communication in between runtime and IDE |
|
32 TLS-PSK connection according to rfc4279. |
|
33 |
|
34 Server (runtime) |
|
35 """""""""""""""" |
|
36 .. highlight:: ini |
|
37 |
|
38 PSK ciphersuite avoids the need for public key operations and certificate |
|
39 management. It is perfect for a performance-constrained environments with |
|
40 limited CPU power as a PLC. |
|
41 |
|
42 `Stunnel <https://www.stunnel.org/>`_ is used to wrap unencrypted eRPC server |
|
43 into an TLS-PSK SSL socket. Hereafter is ``stunnel.conf``:: |
|
44 |
|
45 [ERPCPSK] |
|
46 accept = 4000 |
|
47 connect = 127.0.0.1:3000 |
|
48 ciphers = PSK |
|
49 sslVersion = TLSv1.2 |
|
50 PSKsecrets = psk.txt |
|
51 |
|
52 .. highlight:: text |
|
53 |
|
54 List PSK ciphers available in server's openssl:: |
|
55 |
|
56 openssl ciphers -s -psk -tls1_2 |
|
57 |
|
58 Launch ``stunnel``:: |
|
59 |
|
60 stunnel ./stunnel.conf |
|
61 |
|
62 Client (IDE) |
|
63 """""""""""" |
|
64 |
|
65 Compare client's available openssl PSK ciphers with Server's ciphers. At least |
|
66 a few of them should match:: |
|
67 |
|
68 openssl ciphers -s -psk -tls1_2 |
|
69 |
|
70 Use unencrypted peer-to-peer connection such as network over USB |
|
71 or simple Ethernet cable, connect an obtain PSK:: |
|
72 |
|
73 ERPC://hostname[:port] |
|
74 |
|
75 Then use Identity Management dialog in IDE to select matching ID and generate |
|
76 ``ERPCS`` URI:: |
|
77 |
|
78 ERPCS://hostname[:port]#ID |
|
79 |
|
80 |
|
81 WAMP |
|
82 ---- |
|
83 |
|
84 `WAMP <https://wamp-proto.org/>`_ is an open standard WebSocket subprotocol that provides two application messaging |
|
85 patterns in one unified protocol: Remote Procedure Calls + Publish & Subscribe. |
|
86 |
|
87 Beremiz WAMP connector implementation uses python ``autobahn`` module, from the `crossbar.io <https://github.com/crossbario>`_ project. |
|
88 |
|
89 Both IDE and runtime are WAMP clients that connect to ``crossbar`` server through HTTP. |
|
90 |
|
91 ``URI_location`` for WAMP: |
|
92 * ``WAMP://host[:port]#realm#ID`` Websocket over unencrypted HTTP transport. |
|
93 * ``WAMPS://host[:port]#realm#ID`` Websocket over secure HTTPS transport. |
|
94 |
|
95 |
|
96 .. |
|
97 TODO : |
|
98 crossbar server setup with example config and minimal backend. |