adelyte / crescendo-cloud-driver Goto Github PK

There is a LOW call affecting all analog values to the cloud. Route to ID scaling can be added to the Crescendo Cloud framework wrapper, and removed from the driver.

SendKeyValue(Analog_Key[index], ITOA(LOW(Analog_Value_Is[index]))); // FIXME: hack route to ID

https://github.com/adelyte/crescendo-cloud-driver/blob/master/Crescendo%20Cloud.usp#L1052

Implement the WebSocket Protocol to provide a standards-based messaging protocol on top of the TCP stream.

Checklist

• HTTP header parsing
• Base64 encode/decode
• SHA-1 digest
• WebSocket opening handshake
• WebSocket encoding/decoding
• WebSocket error handling
• WebSocket closing handshake

2-Series processors do not have serial numbers accessible from the Crestron operating system. This will be resolved by using a mandatory Serial Number parameter drivers compiled for 2-Series.

This is an open discussion of security considerations between a Crestron processor and Crescendo Cloud.

Communication

All servers, production and development, accept IPSec connections. A demonstration of IPSec will be available for download in a few weeks (posted 2016-03-16) whenever our standalone virtual machine router is finished. Our IPSec tunnels have been live for months (posted 2016-09-02).

Authentication

Authentication is the process of a processor proving that it is the processor it purports to be. Presently, Crescendo Cloud uses open registration and authentication of any processor (or service spoofing a processor) based on model, serial number, and MAC address.

Password Authentication

There is no sense having a password and its consequent inconveniences (loss, change, retrieval) only to transmit the password in plaintext. Therefore, a zero-knowledge password proof should be used.

SRP

The obvious solution is to use Secure Remote Password protocol, which would allow processors to manage passwords themselves. However, implementing public-key encryption in SIMPL+ will be onerous, perhaps impossible (definitely not impossible with arbitrary-precision arithmetic).

SRP would provide an optional secure channel using the session key. Processor-side encryption is probably not a good idea, especially since SIMPL+ does not use compiler optimization.

Nonce

If Crescendo Cloud manages passwords instead of processors, a less technically challenging solution is to use a cryptographic nonce. Writing a cryptographic hash function in SIMPL+ will be easier than implementing SRP. MD5 is used for Digest Access Authentication, but Mawka might be the best password hash function for this purpose since most of the computation could be delegated to the server.

Implement Digest Access Authentication to provide secure password verification.

Checklist

• Base64 encode/decode
• MD5 digest
• Nonce generator
• Basic Access Authentication scheme

Note that MD5 is not FIPS compliant, but neither are Crestron processors.

Add a driver version using semantic versioning and Git version tags.

Background

The current Crescendo Cloud protocol uses an ad hoc key:value data serialization format. It has three known deficiencies:

1. It will truncate messages containing the message delimiter \x1F\x1E within the value (this is known as delimiter collision).
2. Scanning for the message delimiter is inefficient as the length of the value increases.
3. It is an opaque format—not a standard.

The first and second deficiencies will be resolved with the implementation of WebSockets in v3.0 for messages consisting of a single key:value pair. Nevertheless, WebSockets do not correct the inherent deficiencies: multiple key:value pairs sent as one message or data serialized to files might still be truncated or take a long time to scan.

Data Serialization Standards

There are dozens of data serialization formats.

Requirements

The format requirements for Crescendo Cloud are:

1. Schema-less,
2. Native JSON basic data types,
3. Native binary serialization, and
4. Existing C and JavaScript implementations.

CBOR

Given the criteria, CBOR seems to be a better fit than any other data serialization format. See RFC 7049 Appendix E for a thorough discussion.

Initially, only a single-level map with String, Number, and Boolean values will be implemented.

Some keys are not saving to Cloud, for example AC Line Status, Battery Is Charging, and MTX-3 Activity.