[security] Introducing signing support to MySensors
-
Hello all!
Two fast question! Can I have nodes working with ATSHA204A chip and others with software?
And, can I have nodes with signing on and others off? Or if I add signing to my network, all nodes must have it?
Thank you all!
-
Hello all!
Two fast question! Can I have nodes working with ATSHA204A chip and others with software?
And, can I have nodes with signing on and others off? Or if I add signing to my network, all nodes must have it?
Thank you all!
@Soloam
You can mix nodes with soft signing and ATSHA signing as you like.
You can mix nodes with signing on and off as well. The GW will only sign messages to nodes that require it, and it will also only check signatures from nodes that require signatures. So you can have one node which support/require signing and another which don't. The GW will be able to exchange messages with both nodes. -
Great work indeed!
Thank you @Anticimex
-
Great work indeed!
Thank you @Anticimex
-
Slightly silly question, but did anyone manage to get signing working (MySigningAtsha204Soft signer;) on Arduino Uno on MS 1.5.4 on the Ethernet gateway please? I am going out of memory and really hate to upgrade it to Mega
@alexsh1 if you feel adventurous try 2.0.0-beta2, or if you are patient, go to 2.0.0 in a few months and redesigns will have made space available for you.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 if you feel adventurous try 2.0.0-beta2, or if you are patient, go to 2.0.0 in a few months and redesigns will have made space available for you.
@Anticimex Thanks - I am currently trying an Ethernet GW and a node (Sensebender Micro) with dev branch. I am stuck at personalisation. I cannot lock data. Any idea what I am doing wrong?
This is Sensebender (with ATSHA204):
Personalization sketch for MySensors usage. ------------------------------------------- Device revision: 00020009 Device serial: {0x01,0x23,0x53,0x3F,0x52,0x6A,0x1A,0x06,0xEE} 0123533F526A1A06EE Skipping configuration write and lock (configuration already locked). Chip configuration: EEPROM DATA: SOFT_HMAC_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF SOFT_SERIAL | FFFFFFFFFFFFFFFFFF AES_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF ATSHA204A DATA: SN[0:1] | SN[2:3] | 01 23 | 53 3F Revnum | 00 09 04 00 SN[4:7] | 52 6A 1A 06 SN[8] | Reserved13 | I2CEnable | Reserved15 | EE | 13 | 00 | 00 I2CAddress | TempOffset | OTPmode | SelectorMode | C8 | 00 | 55 | 00 SlotConfig00 | SlotConfig01 | 8F 80 | 80 A1 SlotConfig02 | SlotConfig03 | 82 E0 | A3 60 SlotConfig04 | SlotConfig05 | 94 40 | A0 85 SlotConfig06 | SlotConfig07 | 86 40 | 87 07 SlotConfig08 | SlotConfig09 | 0F 00 | 89 F2 SlotConfig0A | SlotConfig0B | 8A 7A | 0B 8B SlotConfig0C | SlotConfig0D | 0C 4C | DD 4D SlotConfig0E | SlotConfig0F | C2 42 | AF 8F UseFlag00 | UpdateCount00 | UseFlag01 | UpdateCount01 | FF | 00 | FF | 00 UseFlag02 | UpdateCount02 | UseFlag03 | UpdateCount03 | FF | 00 | FF | 00 UseFlag04 | UpdateCount04 | UseFlag05 | UpdateCount05 | FF | 00 | FF | 00 UseFlag06 | UpdateCount06 | UseFlag07 | UpdateCount07 | FF | 00 | FF | 00 LastKeyUse[0:3] | FF FF FF FF LastKeyUse[4:7] | FF FF FF FF LastKeyUse[8:B] | FF FF FF FF LastKeyUse[C:F] | FF FF FF FF UserExtra | Selector | LockValue | LockConfig | 00 | 00 | 55 | 00 Take note of this key, it will never be the shown again: #define MY_HMAC_KEY [deleted] Writing key to slot 0... Send SPACE character to lock data... Data lock failed. Response: D3 Halting! -
@Anticimex Thanks - I am currently trying an Ethernet GW and a node (Sensebender Micro) with dev branch. I am stuck at personalisation. I cannot lock data. Any idea what I am doing wrong?
This is Sensebender (with ATSHA204):
Personalization sketch for MySensors usage. ------------------------------------------- Device revision: 00020009 Device serial: {0x01,0x23,0x53,0x3F,0x52,0x6A,0x1A,0x06,0xEE} 0123533F526A1A06EE Skipping configuration write and lock (configuration already locked). Chip configuration: EEPROM DATA: SOFT_HMAC_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF SOFT_SERIAL | FFFFFFFFFFFFFFFFFF AES_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF ATSHA204A DATA: SN[0:1] | SN[2:3] | 01 23 | 53 3F Revnum | 00 09 04 00 SN[4:7] | 52 6A 1A 06 SN[8] | Reserved13 | I2CEnable | Reserved15 | EE | 13 | 00 | 00 I2CAddress | TempOffset | OTPmode | SelectorMode | C8 | 00 | 55 | 00 SlotConfig00 | SlotConfig01 | 8F 80 | 80 A1 SlotConfig02 | SlotConfig03 | 82 E0 | A3 60 SlotConfig04 | SlotConfig05 | 94 40 | A0 85 SlotConfig06 | SlotConfig07 | 86 40 | 87 07 SlotConfig08 | SlotConfig09 | 0F 00 | 89 F2 SlotConfig0A | SlotConfig0B | 8A 7A | 0B 8B SlotConfig0C | SlotConfig0D | 0C 4C | DD 4D SlotConfig0E | SlotConfig0F | C2 42 | AF 8F UseFlag00 | UpdateCount00 | UseFlag01 | UpdateCount01 | FF | 00 | FF | 00 UseFlag02 | UpdateCount02 | UseFlag03 | UpdateCount03 | FF | 00 | FF | 00 UseFlag04 | UpdateCount04 | UseFlag05 | UpdateCount05 | FF | 00 | FF | 00 UseFlag06 | UpdateCount06 | UseFlag07 | UpdateCount07 | FF | 00 | FF | 00 LastKeyUse[0:3] | FF FF FF FF LastKeyUse[4:7] | FF FF FF FF LastKeyUse[8:B] | FF FF FF FF LastKeyUse[C:F] | FF FF FF FF UserExtra | Selector | LockValue | LockConfig | 00 | 00 | 55 | 00 Take note of this key, it will never be the shown again: #define MY_HMAC_KEY [deleted] Writing key to slot 0... Send SPACE character to lock data... Data lock failed. Response: D3 Halting!@alexsh1 actually, I have never actually locked data. Could be a bug there. But I also highly recommend that you don't. If you do, you will never be able to change hmac key in that device.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 actually, I have never actually locked data. Could be a bug there. But I also highly recommend that you don't. If you do, you will never be able to change hmac key in that device.
@Anticimex So this is no problem if the key is not locked? I was just following the manual
On a separate note, I cannot get soft_serial written into the EEPROM:
#define LOCK_CONFIGURATION //#define LOCK_DATA //#define SKIP_KEY_STORAGE //#define USER_KEY //#define SKIP_UART_CONFIRMATION #define USE_SOFT_SIGNING #define STORE_SOFT_KEY #define USER_SOFT_KEY #define STORE_SOFT_SERIAL #define USER_SOFT_SERIAL #define STORE_AES_KEY #define USER_AES_KEY```I have defined the key under #define MY_SOFT_SERIAL [key]
Personalization sketch for MySensors usage. ------------------------------------------- This value will be stored in EEPROM as soft HMAC key: #define MY_SOFT_HMAC_KEY [deleted] Using this user supplied AES key: #define MY_AES_KEY [deleted] EEPROM configuration: SOFT_HMAC_KEY | [deleted] SOFT_SERIAL | FFFFFFFFFFFFFFFFFF AES_KEY | [deleted] -------------------------------- Personalization is now complete. -
@Anticimex So this is no problem if the key is not locked? I was just following the manual
On a separate note, I cannot get soft_serial written into the EEPROM:
#define LOCK_CONFIGURATION //#define LOCK_DATA //#define SKIP_KEY_STORAGE //#define USER_KEY //#define SKIP_UART_CONFIRMATION #define USE_SOFT_SIGNING #define STORE_SOFT_KEY #define USER_SOFT_KEY #define STORE_SOFT_SERIAL #define USER_SOFT_SERIAL #define STORE_AES_KEY #define USER_AES_KEY```I have defined the key under #define MY_SOFT_SERIAL [key]
Personalization sketch for MySensors usage. ------------------------------------------- This value will be stored in EEPROM as soft HMAC key: #define MY_SOFT_HMAC_KEY [deleted] Using this user supplied AES key: #define MY_AES_KEY [deleted] EEPROM configuration: SOFT_HMAC_KEY | [deleted] SOFT_SERIAL | FFFFFFFFFFFFFFFFFF AES_KEY | [deleted] -------------------------------- Personalization is now complete.@alexsh1 Hopefully the manual informs about the risks with locking data (that you cannot change the key afterwards). Atmel is somewhat vague on the security implications; they say that you can not read the key anyway but it is "more secure" to lock data. But personally, I have not found a way to read it, and I prefer to be able to change my HMAC key in my devices if it should be compromised.
Strange that you don't get the soft serial. I see nothing obviously wrong with your config. But I do see that you probably sensored your uart log a bit too hard because there are other lines missing there.
You should have seen thisUsing this user supplied soft HMAC key: #define MY_SOFT_HMAC_KEY [deleted]if you have enabled this:
#define STORE_SOFT_KEY #define USER_SOFT_KEYYou are sure you have no #undef or some accidental comment or similar. As you see in the personalizer code, it is not that complicated. If the flags are enabled, you should at least get some printouts. But since (if your UART dump is correct) you get nothing, I suspect the flags are not really "on".
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 Hopefully the manual informs about the risks with locking data (that you cannot change the key afterwards). Atmel is somewhat vague on the security implications; they say that you can not read the key anyway but it is "more secure" to lock data. But personally, I have not found a way to read it, and I prefer to be able to change my HMAC key in my devices if it should be compromised.
Strange that you don't get the soft serial. I see nothing obviously wrong with your config. But I do see that you probably sensored your uart log a bit too hard because there are other lines missing there.
You should have seen thisUsing this user supplied soft HMAC key: #define MY_SOFT_HMAC_KEY [deleted]if you have enabled this:
#define STORE_SOFT_KEY #define USER_SOFT_KEYYou are sure you have no #undef or some accidental comment or similar. As you see in the personalizer code, it is not that complicated. If the flags are enabled, you should at least get some printouts. But since (if your UART dump is correct) you get nothing, I suspect the flags are not really "on".
@Anticimex said:
Strange that you don't get the soft serial. I see nothing obviously wrong with your config. But I do see that you probably sensored your uart log a bit too hard because there are other lines missing there.
You should have seen thisUsing this user supplied soft HMAC key: #define MY_SOFT_HMAC_KEY [deleted]if you have enabled this:
#define STORE_SOFT_KEY #define USER_SOFT_KEYYou are sure you have no #undef or some accidental comment or similar. As you see in the personalizer code, it is not that complicated. If the flags are enabled, you should at least get some printouts. But since (if your UART dump is correct) you get nothing, I suspect the flags are not really "on".
OK, it was Arduino glitch - any changes in the sketch were not reflected on the compilation. Rebooted my PC and restarted Arduino and all works as expected.
A few questions: Mixing ATSHA204 and soft signing - Does HMAC key (one stored in ATSHA204 of say a node and another one in GW's EEPROM) have to be the same? Also I understand one can store HMAC key on both ATSHA204 and EEPROM of one device (say, Sensebender)? I understand that SOFT_KEY has to be unique for every device?
-
@Anticimex said:
Strange that you don't get the soft serial. I see nothing obviously wrong with your config. But I do see that you probably sensored your uart log a bit too hard because there are other lines missing there.
You should have seen thisUsing this user supplied soft HMAC key: #define MY_SOFT_HMAC_KEY [deleted]if you have enabled this:
#define STORE_SOFT_KEY #define USER_SOFT_KEYYou are sure you have no #undef or some accidental comment or similar. As you see in the personalizer code, it is not that complicated. If the flags are enabled, you should at least get some printouts. But since (if your UART dump is correct) you get nothing, I suspect the flags are not really "on".
OK, it was Arduino glitch - any changes in the sketch were not reflected on the compilation. Rebooted my PC and restarted Arduino and all works as expected.
A few questions: Mixing ATSHA204 and soft signing - Does HMAC key (one stored in ATSHA204 of say a node and another one in GW's EEPROM) have to be the same? Also I understand one can store HMAC key on both ATSHA204 and EEPROM of one device (say, Sensebender)? I understand that SOFT_KEY has to be unique for every device?
@alexsh1 Ok, well Arduino IDE sucks totally.
You can mix ATSHA204A and soft signing as much as you like. But for any two nodes to exchange signed data the HMAC keys have to be identical.
Yes, you can store a HMAC key in both ATSHA204A and EEPROM. These can be different if you like (and I recommend they are as the EEPROM can be dumped if the node falls into the wrong hands).
However, if you want that node to communicate signed data to another node, that node must use a matching HMAC key.
SOFT_KEY is the HMAC key stored in EEPROM, it must not be unique for every device. If it is, no device will be able to sign data to any other node and expect that node to accept that data.
SOFT_SERIAL on the other hand, must be unique to serve any useful purpose for whitelisting. If you use the ATSHA204A, the serial fused in the device will be used and that cannot be changed, and is according to Atmel, unique.Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 Ok, well Arduino IDE sucks totally.
You can mix ATSHA204A and soft signing as much as you like. But for any two nodes to exchange signed data the HMAC keys have to be identical.
Yes, you can store a HMAC key in both ATSHA204A and EEPROM. These can be different if you like (and I recommend they are as the EEPROM can be dumped if the node falls into the wrong hands).
However, if you want that node to communicate signed data to another node, that node must use a matching HMAC key.
SOFT_KEY is the HMAC key stored in EEPROM, it must not be unique for every device. If it is, no device will be able to sign data to any other node and expect that node to accept that data.
SOFT_SERIAL on the other hand, must be unique to serve any useful purpose for whitelisting. If you use the ATSHA204A, the serial fused in the device will be used and that cannot be changed, and is according to Atmel, unique. -
@Anticimex Ok, but is there a reason why one would have HMAC key in both ATSHA204a and EEPROM?
@alexsh1 no, not really. If you have a atsha204a the only reason to not use it would be performance. Software signing executes slightly faster due to the single write protocol of the atsha.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 no, not really. If you have a atsha204a the only reason to not use it would be performance. Software signing executes slightly faster due to the single write protocol of the atsha.
-
@Anticimex Thanks very much for your help - I must admit it was a bit of a challenge to jump straight away from a stable 1.5.4 to 2.0 beta
@alexsh1 yes there have been a lot of changes but hopefully they are perceived as improvements. Feedback on signing usability is always welcome :)
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 yes there have been a lot of changes but hopefully they are perceived as improvements. Feedback on signing usability is always welcome :)
-
@Anticimex BTW, is signing compatible between 1.5.4 and 2.0b?
-
@Anticimex Right, this is why I am not able to sign 1.5.4 nodes with 2.0b GW.
In fact when I inserted #define MY_SIGNING_REQUEST_SIGNATURES into the GW code, some nodes stopped working and I think it has to be with signing as GW is throwing a lot of messages that signing failed.Bottom line is that I need to upgrade pretty much all sensors :-(
-
@Anticimex Right, this is why I am not able to sign 1.5.4 nodes with 2.0b GW.
In fact when I inserted #define MY_SIGNING_REQUEST_SIGNATURES into the GW code, some nodes stopped working and I think it has to be with signing as GW is throwing a lot of messages that signing failed.Bottom line is that I need to upgrade pretty much all sensors :-(
