Thread sec policy #4155

kseverinkangas-zg · 2017-04-11T13:45:40Z

Thread security policy can be now configured in .json. the default is set to 255.

Status

READY

Migrations

If this PR changes any APIs or behaviors, give a short description of what API users should do when this PR is merged.

NO

Steps to test or reproduce

Can be manually tested by observing Wireshark logs.

Config table updated

kseverinkangas-zg · 2017-04-11T13:45:49Z

@artokin

artokin

Few minor comments

artokin · 2017-04-12T09:57:45Z

features/nanostack/FEATURE_NANOSTACK/mbed-mesh-api/README.md

 | thread-config-channel-mask | number [0-0x07fff800] | Channel mask, 0x07fff800 scans all channels. |
 | thread-config-channel-page | number [0, 2]| Channel page, 0 for 2,4 GHz and 2 for sub-GHz radios. |
 | thread-config-channel      | number [0-27] | RF channel to use. |
 | thread-config-panid        | number [0-0xFFFF] | Network identifier. |
+| thread-config-network-name | string [1-16] | 
+| thread-config-commissioning-dataset-timestamp | [0-0xFFFFFFFFFFFFFFFF] | Timestamp where upper 48 bits are seconds |


Please check length of timestamp, is it 32 or 64bits?

it is 64-bit

artokin · 2017-04-12T10:02:29Z

features/nanostack/FEATURE_NANOSTACK/mbed-mesh-api/README.md

 | thread-master-key      | byte array [16]| Network master key. |
 | thread-config-ml-prefix | byte array [8] | Mesh local prefix. |
 | thread-config-pskc      | byte array [16] | Pre-Shared Key for the Commissioner. |
+| thread-security-policy | number [0-0xFF] | Security policy |


Security policy bits?

artokin · 2017-04-12T10:04:12Z

features/nanostack/FEATURE_NANOSTACK/mbed-mesh-api/mbed_lib.json

        "thread-config-extended-panid": "{0xf1, 0xb5, 0xa1, 0xb2,0xc4, 0xd5, 0xa1, 0xbd }",
        "thread-master-key": "{0x10, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}",
        "thread-config-ml-prefix": "{0xfd, 0x0, 0x0d, 0xb8, 0x0, 0x0, 0x0, 0x0}",
        "thread-config-pskc": "{0xc8, 0xa6, 0x2e, 0xae, 0xf3, 0x68, 0xf3, 0x46, 0xa9, 0x9e, 0x57, 0x85, 0x98, 0x9d, 0x1c, 0xd0}",
-        "thread-device-type": "MESH_DEVICE_TYPE_THREAD_ROUTER"
+        "thread-device-type": "MESH_DEVICE_TYPE_THREAD_ROUTER",
+        "thread-security-policy": 255


Format 0xff?

let's leave one byte values as decimals

Minor changes

kseverinkangas-zg · 2017-04-19T08:35:11Z

This is ready to me merged

0xc0170 · 2017-04-19T10:27:46Z

/morph test-nightly

mbed-bot · 2017-04-19T17:27:49Z

Result: SUCCESS

Your command has finished executing! Here's what you wrote!

/morph test-nightly

Output

mbed Build Number: 36

All builds and test passed!

adbridge · 2017-04-20T15:25:02Z

@karsev is this an API change? It looks like the security policy has been added and then given a default value. That sounds like something which would change behaviour of the system?

kseverinkangas-zg · 2017-04-25T06:46:41Z

The original setting was wrong causing an incorrect operation of the Thread network (router assignment).
Now the Thread network is formed in a correct way.

adbridge · 2017-05-05T09:55:56Z

This is reliant on #3987 which is tagged for mbed-os-5.5.0 thus this also needs to be bumped to that release.

kseverinkangas-zg · 2017-05-15T10:28:56Z

Why this is taking so much time? Now, for example, mbed-os-example-client can fail if there is more than one device in the Thread network.

0xc0170 · 2017-05-15T10:48:44Z

Why this is taking so much time? Now, for example, mbed-os-example-client can fail if there is more than one device in the Thread network.

What's the objection ? It was merged to master, will be part of 5.5 as stated above (dependencies).

kseverinkangas-zg · 2017-05-15T11:19:19Z

Ok, there was a documentation dependency included by mistake.

Kari Severinkangas added 3 commits April 11, 2017 15:45

Security policy defined in .json

e52d3db

irrelevant zeros removed from timestamp

e10f2ae

Update README.md

7d2b03b

Config table updated

0xc0170 added the needs: review label Apr 11, 2017

artokin reviewed Apr 12, 2017

View reviewed changes

Update README.md

f5d6e7d

Minor changes

0xc0170 approved these changes Apr 19, 2017

View reviewed changes

0xc0170 added needs: CI and removed needs: review labels Apr 19, 2017

0xc0170 added ready for merge and removed needs: CI labels Apr 20, 2017

adbridge added needs: clarification and removed ready for merge labels Apr 20, 2017

0xc0170 added ready for merge and removed needs: clarification labels Apr 25, 2017

theotherjimmy merged commit d123ee1 into ARMmbed:master May 2, 2017

theotherjimmy added release-version: 5.4.5 and removed ready for merge labels May 2, 2017

adbridge added release-version: 5.5.0-rc1 and removed release-version: 5.4.5 labels May 5, 2017

Thread sec policy #4155

Thread sec policy #4155

Uh oh!

Conversation

kseverinkangas-zg commented Apr 11, 2017

Status

Migrations

Steps to test or reproduce

Uh oh!

kseverinkangas-zg commented Apr 11, 2017

Uh oh!

artokin left a comment

Choose a reason for hiding this comment

Uh oh!

artokin Apr 12, 2017

Choose a reason for hiding this comment

Uh oh!

kseverinkangas-zg Apr 12, 2017

Choose a reason for hiding this comment

Uh oh!

artokin Apr 12, 2017

Choose a reason for hiding this comment

Uh oh!

kseverinkangas-zg Apr 12, 2017

Choose a reason for hiding this comment

Uh oh!

artokin Apr 12, 2017

Choose a reason for hiding this comment

Uh oh!

kseverinkangas-zg Apr 12, 2017

Choose a reason for hiding this comment

Uh oh!

kseverinkangas-zg commented Apr 19, 2017

Uh oh!

0xc0170 commented Apr 19, 2017

Uh oh!

mbed-bot commented Apr 19, 2017

Result: SUCCESS

Output

Uh oh!

adbridge commented Apr 20, 2017

Uh oh!

kseverinkangas-zg commented Apr 25, 2017

Uh oh!

adbridge commented May 5, 2017

Uh oh!

kseverinkangas-zg commented May 15, 2017

Uh oh!

0xc0170 commented May 15, 2017

Uh oh!

kseverinkangas-zg commented May 15, 2017

Uh oh!

Uh oh!