[security] Introducing signing support to MySensors
-
@Anticimex If I do so, this is the output of the Gateway:
0;0;3;0;9;gateway started, id=0, parent=0, distance=0 0;0;3;0;14;Gateway startup complete. 0;0;3;0;9;no sign 0;0;3;0;9;no sign 0;0;3;0;9;no sign 0;0;3;0;9;no sign 0;0;3;0;9;read: 2-2-0 s=0,c=0,t=6,pt=0,l=0,sg=0: 2;0;0;0;6; 0;0;3;0;9;read: 2-2-0 s=1,c=0,t=30,pt=0,l=0,sg=0: 2;1;0;0;30; 0;0;3;0;9;no sign 0;0;3;0;9;no sign 0;0;3;0;9;no signI tried to compile the node with deactivated signing feature and also with
MySigningNone.
The messages get rejected because in MySensor.cpp line 570 (developement branch) it is not checked if the sender requires signing:if (signer.requestSignatures() && msg.destination == nc.nodeId && mGetLength(msg) && !mGetAck(msg) && (mGetCommand(msg) != C_INTERNAL || (msg.type != I_GET_NONCE_RESPONSE && msg.type != I_GET_NONCE && msg.type != I_REQUEST_SIGNING && msg.type != I_ID_REQUEST && msg.type != I_ID_RESPONSE && msg.type != I_FIND_PARENT && msg.type != I_FIND_PARENT_RESPONSE)))My thought is that if I have a mixed network (signing and non-signing nodes) for some sensors I do not need signing (i.e. temperature-sensors). But if I have a button sensor that can actually switch something on or off (via the controller), it would be a security benefit if the messages from the sensor to the gateway are signed.
@fleinze If you have upgraded the library version, the signing table might have shifted in EEPROM. You then need to run the clear EEPROM sketch to reset the stored state in order for the gw/nodes to re-learn the existing signing preferences of the network.
-
@Anticimex If I do so, this is the output of the Gateway:
0;0;3;0;9;gateway started, id=0, parent=0, distance=0 0;0;3;0;14;Gateway startup complete. 0;0;3;0;9;no sign 0;0;3;0;9;no sign 0;0;3;0;9;no sign 0;0;3;0;9;no sign 0;0;3;0;9;read: 2-2-0 s=0,c=0,t=6,pt=0,l=0,sg=0: 2;0;0;0;6; 0;0;3;0;9;read: 2-2-0 s=1,c=0,t=30,pt=0,l=0,sg=0: 2;1;0;0;30; 0;0;3;0;9;no sign 0;0;3;0;9;no sign 0;0;3;0;9;no signI tried to compile the node with deactivated signing feature and also with
MySigningNone.
The messages get rejected because in MySensor.cpp line 570 (developement branch) it is not checked if the sender requires signing:if (signer.requestSignatures() && msg.destination == nc.nodeId && mGetLength(msg) && !mGetAck(msg) && (mGetCommand(msg) != C_INTERNAL || (msg.type != I_GET_NONCE_RESPONSE && msg.type != I_GET_NONCE && msg.type != I_REQUEST_SIGNING && msg.type != I_ID_REQUEST && msg.type != I_ID_RESPONSE && msg.type != I_FIND_PARENT && msg.type != I_FIND_PARENT_RESPONSE)))My thought is that if I have a mixed network (signing and non-signing nodes) for some sensors I do not need signing (i.e. temperature-sensors). But if I have a button sensor that can actually switch something on or off (via the controller), it would be a security benefit if the messages from the sensor to the gateway are signed.
@fleinze said:
My thought is that if I have a mixed network (signing and non-signing nodes) for some sensors I do not need signing (i.e. temperature-sensors). But if I have a button sensor that can actually switch something on or off (via the controller), it would be a security benefit if the messages from the sensor to the gateway are signed.
This is the exact usecase for the gw default behavior to only require signing from nodes that require signing in return. But I also got "no sign" errors after I flashed development branch yesterday on node/gw and only after I wiped the GW EEPROM I got it back online. So please try that. If it still does not work, I have to look closer, and see why this has broken because it has been working like that when I submitted the signing behavior.
-
@Anticimex I tried to make it work:
- took a fresh copy of the development branch
- activated signing in MyConfig.h
- flashed the ClearEepromConfig sketch to both the test-gateway and the test-node.
- built the gateway with
MySigningAtsha204Soft signer;(requires signing by default) - built the node with
MySigningNone signer;
Still got the
no signmessage from the gateway...
Please have a look at this. -
@Anticimex I tried to make it work:
- took a fresh copy of the development branch
- activated signing in MyConfig.h
- flashed the ClearEepromConfig sketch to both the test-gateway and the test-node.
- built the gateway with
MySigningAtsha204Soft signer;(requires signing by default) - built the node with
MySigningNone signer;
Still got the
no signmessage from the gateway...
Please have a look at this. -
@Anticimex I tried to make it work:
- took a fresh copy of the development branch
- activated signing in MyConfig.h
- flashed the ClearEepromConfig sketch to both the test-gateway and the test-node.
- built the gateway with
MySigningAtsha204Soft signer;(requires signing by default) - built the node with
MySigningNone signer;
Still got the
no signmessage from the gateway...
Please have a look at this.@fleinze also, you can mix hard and soft atsha signing in a network, but you can't mix with "none". If you mark a node that it can do signing or require signing and use the "none" backend, nodes that use atsha (hard or soft) will not accept the signatures.
-
@Anticimex
Ok, I built the node withMySigningAtsha204Soft signer(false);so it does not require signing and the gateway withMySigningAtsha204Soft signer;
-> no sign error.
How do I correctly build a node that does not sign in a mixed network (signing and non-signing nodes mixed)? -
@Anticimex
Ok, I built the node withMySigningAtsha204Soft signer(false);so it does not require signing and the gateway withMySigningAtsha204Soft signer;
-> no sign error.
How do I correctly build a node that does not sign in a mixed network (signing and non-signing nodes mixed)?@fleinze
In a network where you have "mixed" nodes, I would suggest something like this:
The gateway has signing enabled and is set to require signatures and uses either hard or soft ATSHA (since you earlier wrote that you wanted the GW to sign messages to nodes that signed messages in return).
For all nodes that need to be secure, enable signing and pick either hard or soft ATSHA (depending on the node hardware) and set them to require signatures.
For all nodes that do not need to be secure, just disable signing alltogether, or pick any signing backend and set it to NOT require signatures.
The result should be like this:
A "insecure" node sends and receives unsigned messages to/from GW.
A "secure" node sends and receives signed messages to/from GW.
The GW will send signed messages to all nodes that has reported to the GW that they require signatures.
The GW will send unsigned messages to all nodes that has reported to the GW that they do NOT require signatures. -
@Anticimex In your original post you said:
However, the difference is that the gateway will only require signed messages from nodes it knows in turn require signed messages.
I made pull request 208 to match this behavior in the code:
https://github.com/mysensors/Arduino/pull/208- If node is not a gateway, everything is as always. (1 || x)
- if node is gateway and the sender requires signed messages, check signature (0 || 1)
- if node is gateway and the sender does not requires signed messages, do not check signature (0 || 0)
please consider adding this.
-
@Anticimex In your original post you said:
However, the difference is that the gateway will only require signed messages from nodes it knows in turn require signed messages.
I made pull request 208 to match this behavior in the code:
https://github.com/mysensors/Arduino/pull/208- If node is not a gateway, everything is as always. (1 || x)
- if node is gateway and the sender requires signed messages, check signature (0 || 1)
- if node is gateway and the sender does not requires signed messages, do not check signature (0 || 0)
please consider adding this.
-
Ok, the problem is identified and @fleinze has provided a fix that resolves the issue which is now merged to the development branch.
Thanks for finding the issue and fixing it!
There is no change in the signing behavior as it is documented. Now gateway does as it is supposed to. -
Compiling with the latest dev branch SecureActuator example
#define MY_SIGNING_REQUEST_SIGNATURES
I get following error:
In file included from /Users/mm/Documents/Arduino165/libraries/MySensors/MySensor.h:157:0, from SecureActuator.ino:58: /Users/mm/Documents/Arduino165/libraries/MySensors/core/MyTransport.cpp: In function 'void transportProcess()': /Users/mm/Documents/Arduino165/libraries/MySensors/core/MyTransport.cpp:92:10: error: 'MY_IS_GATEWAY' was not declared in this scope if ((!MY_IS_GATEWAY || DO_SIGN(sender)) && ^ /Users/mm/Documents/Arduino165/libraries/MySensors/core/MyTransport.cpp:93:20: error: 'nc' was not declared in this scope destination == nc.nodeId && ^ Fehler beim Kompilieren.``` Is this a problem of the code or of my setup? -
Compiling with the latest dev branch SecureActuator example
#define MY_SIGNING_REQUEST_SIGNATURES
I get following error:
In file included from /Users/mm/Documents/Arduino165/libraries/MySensors/MySensor.h:157:0, from SecureActuator.ino:58: /Users/mm/Documents/Arduino165/libraries/MySensors/core/MyTransport.cpp: In function 'void transportProcess()': /Users/mm/Documents/Arduino165/libraries/MySensors/core/MyTransport.cpp:92:10: error: 'MY_IS_GATEWAY' was not declared in this scope if ((!MY_IS_GATEWAY || DO_SIGN(sender)) && ^ /Users/mm/Documents/Arduino165/libraries/MySensors/core/MyTransport.cpp:93:20: error: 'nc' was not declared in this scope destination == nc.nodeId && ^ Fehler beim Kompilieren.``` Is this a problem of the code or of my setup?@FotoFieber @hek something related to the recent refactoring? I have not had the opportunity to evaluate the effects on signing myself.
-
@FotoFieber said:
MY_SIGNING_REQUEST_SIGNATURES
Let's see how Jenkins feels about this
https://github.com/mysensors/Arduino/pull/231 -
@Anticimex Hello, I found this thread now. I'll ask a few more questions, sorry. This all seems really-really great.
-
If someone wishes to use TMRh20's RF24Mesh instead of MySensors how would one sign the messages sent with that library? Is is even possible? What should be done to use that functionality?
-
Also, as I understand it is possible to emulate the ATSHA204A, on what hardware is is possible (on Uno's ATMega too?)?
-
Is it also possible to use whitelisting with RF24Mesh somehow?
Again, sorry for any dumb questions and my poor English.
-
-
@Anticimex Hello, I found this thread now. I'll ask a few more questions, sorry. This all seems really-really great.
-
If someone wishes to use TMRh20's RF24Mesh instead of MySensors how would one sign the messages sent with that library? Is is even possible? What should be done to use that functionality?
-
Also, as I understand it is possible to emulate the ATSHA204A, on what hardware is is possible (on Uno's ATMega too?)?
-
Is it also possible to use whitelisting with RF24Mesh somehow?
Again, sorry for any dumb questions and my poor English.
- Signing as described in this post is specific to users of the MySensors library. I suppose you could use any rf backend you like but you will need to use the MySensors library to get the nonce exchange and such. Or manually port the signing specifics out from the MySensors library and integrate them into another library. It's all open source.
- The software emulated atsha signing backend (for MySensors) is compatible with any Arduino product.
- See 1.
Lastly, there are no dumb questions, only dumb answers :)
-
-
Hello,
firstly, I must say that you're doing a great job and this section about security is very interesting.
Sorry, but I want to ask a question: as regards the whitelisting system, how can I add more nodes to the list of the trusted nodes of the gateway?
The part of code is this:[...] #ifdef MY_SECURE_NODE_WHITELISTING whitelist_entry_t node_whitelist[] = { { //I want to add nodes HERE: .nodeId = 55, // Just some value, this need to be changed to the NodeId of the trusted node .serial = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09} } // This need to change to the serial of the trusted node }; MySigningAtsha204 signer(true, 1, node_whitelist); // Select ATSHA204A software signing backend with one entry in the whitelist [...]but the gateway continue to fail the verification of the trusted nodes that I inserted.
To sum up, how can I add more nodeIDs and serials in addition to the number "55" presented in the example of the code?Thank you very much in advance,
Silver978 -
Hello,
firstly, I must say that you're doing a great job and this section about security is very interesting.
Sorry, but I want to ask a question: as regards the whitelisting system, how can I add more nodes to the list of the trusted nodes of the gateway?
The part of code is this:[...] #ifdef MY_SECURE_NODE_WHITELISTING whitelist_entry_t node_whitelist[] = { { //I want to add nodes HERE: .nodeId = 55, // Just some value, this need to be changed to the NodeId of the trusted node .serial = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09} } // This need to change to the serial of the trusted node }; MySigningAtsha204 signer(true, 1, node_whitelist); // Select ATSHA204A software signing backend with one entry in the whitelist [...]but the gateway continue to fail the verification of the trusted nodes that I inserted.
To sum up, how can I add more nodeIDs and serials in addition to the number "55" presented in the example of the code?Thank you very much in advance,
Silver978@Silver978 Thanks!
Try something like this:whitelist_entry_t node_whitelist[] = { { .nodeId = 55, // Just some value, this need to be changed to the NodeId of the trusted node .serial = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09} // This need to change to the serial of the trusted node }, { .nodeId = 56, // Just some value, this need to be changed to the NodeId of the trusted node .serial = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09} // This need to change to the serial of the trusted node }, { .nodeId = 57, // Just some value, this need to be changed to the NodeId of the trusted node .serial = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09} // This need to change to the serial of the trusted node } }; MySigningAtsha204 signer(true, 3, node_whitelist); // Select ATSHA204A software signing backend with three entries in the whitelistNote the changed argument in the constructor (3 and not 1)
-
@Anticimex I tried also this syntax but I haven't changed the argument of the signer, so that number indicates how many nodes the gateway must trust?
Thank you!@Silver978 The number gives the number of entries in the whitelist the backend is expected to iterate over. Having a number for this allows the use of a potenitally very large whitelist but where "uninteresting" entries to this particular node can be ignored by having them last in the list and make sure the number does not cover those entries when searching the list.
