From 57763702ffe89e53f05ea8d6bb483d5c803e1893 Mon Sep 17 00:00:00 2001 From: Mikayla Fischler Date: Sun, 25 Jun 2023 14:00:18 -0400 Subject: [PATCH] #51 init mac component from config key --- coordinator/config.lua | 5 +++++ coordinator/coordinator.lua | 4 +++- coordinator/startup.lua | 7 +++++++ pocket/config.lua | 5 +++++ pocket/startup.lua | 5 +++++ reactor-plc/config.lua | 5 +++++ reactor-plc/startup.lua | 5 +++++ rtu/config.lua | 5 +++++ rtu/startup.lua | 5 +++++ supervisor/config.lua | 5 +++++ supervisor/startup.lua | 6 ++++++ 11 files changed, 56 insertions(+), 1 deletion(-) diff --git a/coordinator/config.lua b/coordinator/config.lua index ecb7599..860d297 100644 --- a/coordinator/config.lua +++ b/coordinator/config.lua @@ -11,6 +11,11 @@ config.TRUSTED_RANGE = 0 -- time in seconds (>= 2) before assuming a remote device is no longer active config.SV_TIMEOUT = 5 config.API_TIMEOUT = 5 +-- facility authentication key (do NOT use one of your passwords) +-- this enables verifying that messages are authentic +-- all devices on the same network must use the same key +-- message authentication codes require computing a hash on each message, so this can slow things down +-- config.AUTH_KEY = "SCADAfacility123" -- expected number of reactor units, used only to require that number of unit monitors config.NUM_UNITS = 4 diff --git a/coordinator/coordinator.lua b/coordinator/coordinator.lua index 53fda6f..ff81e5d 100644 --- a/coordinator/coordinator.lua +++ b/coordinator/coordinator.lua @@ -183,7 +183,8 @@ local function log_dmesg(message, dmesg_tag, working) GRAPHICS = colors.green, SYSTEM = colors.cyan, BOOT = colors.blue, - COMMS = colors.purple + COMMS = colors.purple, + CRYPTO = colors.yellow } if working then @@ -197,6 +198,7 @@ function coordinator.log_graphics(message) log_dmesg(message, "GRAPHICS") end function coordinator.log_sys(message) log_dmesg(message, "SYSTEM") end function coordinator.log_boot(message) log_dmesg(message, "BOOT") end function coordinator.log_comms(message) log_dmesg(message, "COMMS") end +function coordinator.log_crypto(message) log_dmesg(message, "CRYPTO") end -- log a message for communications connecting, providing access to progress indication control functions ---@nodiscard diff --git a/coordinator/startup.lua b/coordinator/startup.lua index d21ec63..8bbc550 100644 --- a/coordinator/startup.lua +++ b/coordinator/startup.lua @@ -31,6 +31,7 @@ local log_sys = coordinator.log_sys local log_boot = coordinator.log_boot local log_comms = coordinator.log_comms local log_comms_connecting = coordinator.log_comms_connecting +local log_crypto = coordinator.log_crypto ---------------------------------------- -- config validation @@ -132,6 +133,12 @@ local function main() -- setup communications ---------------------------------------- + -- message authentication init + if type(config.AUTH_KEY) == "string" then + local init_time = network.init_mac(config.AUTH_KEY) + log_crypto("HMAC init took " .. init_time .. "ms") + end + -- get the communications modem local modem = ppm.get_wireless_modem() if modem == nil then diff --git a/pocket/config.lua b/pocket/config.lua index 0c35b59..d7ff5f2 100644 --- a/pocket/config.lua +++ b/pocket/config.lua @@ -10,6 +10,11 @@ config.PKT_CHANNEL = 16244 config.TRUSTED_RANGE = 0 -- time in seconds (>= 2) before assuming a remote device is no longer active config.COMMS_TIMEOUT = 5 +-- facility authentication key (do NOT use one of your passwords) +-- this enables verifying that messages are authentic +-- all devices on the same network must use the same key +-- message authentication codes require computing a hash on each message, so this can slow things down +-- config.AUTH_KEY = "SCADAfacility123" -- log path config.LOG_PATH = "/log.txt" diff --git a/pocket/startup.lua b/pocket/startup.lua index 29fdcb7..843686e 100644 --- a/pocket/startup.lua +++ b/pocket/startup.lua @@ -68,6 +68,11 @@ local function main() -- setup communications & clocks ---------------------------------------- + -- message authentication init + if type(config.AUTH_KEY) == "string" then + network.init_mac(config.AUTH_KEY) + end + coreio.report_link_state(coreio.LINK_STATE.UNLINKED) -- get the communications modem diff --git a/reactor-plc/config.lua b/reactor-plc/config.lua index 3462b2c..64eacc4 100644 --- a/reactor-plc/config.lua +++ b/reactor-plc/config.lua @@ -17,6 +17,11 @@ config.PLC_CHANNEL = 16241 config.TRUSTED_RANGE = 0 -- time in seconds (>= 2) before assuming a remote device is no longer active config.COMMS_TIMEOUT = 5 +-- facility authentication key (do NOT use one of your passwords) +-- this enables verifying that messages are authentic +-- all devices on the same network must use the same key +-- message authentication codes require computing a hash on each message, so this can slow things down +-- config.AUTH_KEY = "SCADAfacility123" -- log path config.LOG_PATH = "/log.txt" diff --git a/reactor-plc/startup.lua b/reactor-plc/startup.lua index 31dc600..132c7aa 100644 --- a/reactor-plc/startup.lua +++ b/reactor-plc/startup.lua @@ -80,6 +80,11 @@ local function main() -- mount connected devices ppm.mount_all() + -- message authentication init + if type(config.AUTH_KEY) == "string" then + network.init_mac(config.AUTH_KEY) + end + -- shared memory across threads ---@class plc_shared_memory local __shared_memory = { diff --git a/rtu/config.lua b/rtu/config.lua index 2279759..6f5796e 100644 --- a/rtu/config.lua +++ b/rtu/config.lua @@ -10,6 +10,11 @@ config.RTU_CHANNEL = 16242 config.TRUSTED_RANGE = 0 -- time in seconds (>= 2) before assuming a remote device is no longer active config.COMMS_TIMEOUT = 5 +-- facility authentication key (do NOT use one of your passwords) +-- this enables verifying that messages are authentic +-- all devices on the same network must use the same key +-- message authentication codes require computing a hash on each message, so this can slow things down +-- config.AUTH_KEY = "SCADAfacility123" -- log path config.LOG_PATH = "/log.txt" diff --git a/rtu/startup.lua b/rtu/startup.lua index 085a7b4..9eecace 100644 --- a/rtu/startup.lua +++ b/rtu/startup.lua @@ -82,6 +82,11 @@ local function main() -- mount connected devices ppm.mount_all() + -- message authentication init + if type(config.AUTH_KEY) == "string" then + network.init_mac(config.AUTH_KEY) + end + -- get modem local modem = ppm.get_wireless_modem() if modem == nil then diff --git a/supervisor/config.lua b/supervisor/config.lua index a4a595b..8d247e1 100644 --- a/supervisor/config.lua +++ b/supervisor/config.lua @@ -17,6 +17,11 @@ config.PLC_TIMEOUT = 5 config.RTU_TIMEOUT = 5 config.CRD_TIMEOUT = 5 config.PKT_TIMEOUT = 5 +-- facility authentication key (do NOT use one of your passwords) +-- this enables verifying that messages are authentic +-- all devices on the same network must use the same key +-- message authentication codes require computing a hash on each message, so this can slow things down +-- config.AUTH_KEY = "SCADAfacility123" -- expected number of reactors config.NUM_REACTORS = 4 diff --git a/supervisor/startup.lua b/supervisor/startup.lua index 8fb1897..3dc850e 100644 --- a/supervisor/startup.lua +++ b/supervisor/startup.lua @@ -95,6 +95,12 @@ local function main() -- mount connected devices ppm.mount_all() + -- message authentication init + if type(config.AUTH_KEY) == "string" then + network.init_mac(config.AUTH_KEY) + end + + -- get modem local modem = ppm.get_wireless_modem() if modem == nil then println("startup> wireless modem not found")