diff -r ffc8da83fdc2 -r 5c662d2e3f72 doc/programming/connect.rst --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/programming/connect.rst Fri Apr 05 13:11:30 2024 +0200 @@ -0,0 +1,98 @@ +Connect IDE to Runtime +====================== + + +Connection is described by the *URI_location* in project's configuration. + ``Open project tree root -> Config tab -> URI_location`` + +eRPC +---- + +`eRPC `_ (Embedded RPC) is an open source +Remote Procedure Call (RPC) developed by NXP. + +In case of Beremiz, Runtime is the eRPC server and IDE is a client. Transport +can be either TCP/IP or Serial. + +``URI_location`` for eRPC: +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + * ``ERPC://host[:port]`` unencrypted connection. Default port is 3000. + This connection is highly unsecure, and should never be used on + untrusted network. It is intended to be used on peer to peer connection + such as ethernet over USB, for initial pairing with IDE. + * ``ERPCS://host[:port]`` SSL-PSK encrypted connection. + Default port is 4000. + * ``LOCAL://`` starts local runtime and connect with it through TCP/IP + bound to Localhost using random port. + +SSL-PSK setup: +^^^^^^^^^^^^^^ + +In order to provide practical secure communication in between runtime and IDE +TLS-PSK connection according to rfc4279. + +Server (runtime) +"""""""""""""""" +.. highlight:: ini + +PSK ciphersuite avoids the need for public key operations and certificate +management. It is perfect for a performance-constrained environments with +limited CPU power as a PLC. + +`Stunnel `_ is used to wrap unencrypted eRPC server +into an TLS-PSK SSL socket. Hereafter is ``stunnel.conf``:: + + [ERPCPSK] + accept = 4000 + connect = 127.0.0.1:3000 + ciphers = PSK + sslVersion = TLSv1.2 + PSKsecrets = psk.txt + +.. highlight:: text + +List PSK ciphers available in server's openssl:: + + openssl ciphers -s -psk -tls1_2 + +Launch ``stunnel``:: + + stunnel ./stunnel.conf + +Client (IDE) +"""""""""""" + +Compare client's available openssl PSK ciphers with Server's ciphers. At least +a few of them should match:: + + openssl ciphers -s -psk -tls1_2 + +Use unencrypted peer-to-peer connection such as network over USB +or simple Ethernet cable, connect an obtain PSK:: + + ERPC://hostname[:port] + +Then use Identity Management dialog in IDE to select matching ID and generate +``ERPCS`` URI:: + + ERPCS://hostname[:port]#ID + + +WAMP +---- + +`WAMP `_ is an open standard WebSocket subprotocol that provides two application messaging +patterns in one unified protocol: Remote Procedure Calls + Publish & Subscribe. + +Beremiz WAMP connector implementation uses python ``autobahn`` module, from the `crossbar.io `_ project. + +Both IDE and runtime are WAMP clients that connect to ``crossbar`` server through HTTP. + +``URI_location`` for WAMP: + * ``WAMP://host[:port]#realm#ID`` Websocket over unencrypted HTTP transport. + * ``WAMPS://host[:port]#realm#ID`` Websocket over secure HTTPS transport. + + +.. + TODO : + crossbar server setup with example config and minimal backend.