software AES encryption for NRF24
-
We have been through this a few times. Just a suggestion - shall we do an FAQ link explaining what you have just said (st=fail is a problem of radio and not singing). Ingerestingly enough I did not manage to resolve this issue with the Sensebender. I still get several fail to transmit nonce before it starts working fine. Only the Sensebender. All other nodes work flawlessly
@alexsh1 It is already documented where all signing is documented:
https://ci.mysensors.org/job/Verifiers/job/MySensorsArduino/branch/master/Doxygen_HTML/group__MySigninggrp.htmlCheck the troubleshooting section for details. Link to all documentation is on the github frontpage and on the "head" post of the signing topic on this forum.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 It is already documented where all signing is documented:
https://ci.mysensors.org/job/Verifiers/job/MySensorsArduino/branch/master/Doxygen_HTML/group__MySigninggrp.htmlCheck the troubleshooting section for details. Link to all documentation is on the github frontpage and on the "head" post of the signing topic on this forum.
-
@Anticimex OK, that's super. I think we all became victims of nrf24l01+ terrible fake copies. Some of these work OK until....
Then a woodoo dance has to be performed (highly recommended) in order to make them work again. -
I have tried a different setups now
- Arduino Mega2560, Arduino Uno
- different NRF modules from different vendors, with and withoud amplifier, with different capacitors
- different power supplies
I always end up getting st-fail, even with encryption only. But it is working even with these fails... :smile:
@Anticimex
You have a working setup with encrpytion and the actual libraries from github without st-fail?Next tests:
- change NRF and power supply on the gateway
- and if all that doesn't help: make a setup without encryption
-
I have tried a different setups now
- Arduino Mega2560, Arduino Uno
- different NRF modules from different vendors, with and withoud amplifier, with different capacitors
- different power supplies
I always end up getting st-fail, even with encryption only. But it is working even with these fails... :smile:
@Anticimex
You have a working setup with encrpytion and the actual libraries from github without st-fail?Next tests:
- change NRF and power supply on the gateway
- and if all that doesn't help: make a setup without encryption
@FotoFieber No, I have no set up at all for the moment. But I have been using both encryption and signing yes. And I can tell you again (and again and again) that st=fails has nothing to do with signing or encryption. Unless you don't use the same AES key for your nodes because if the message is encrypted, it is jibberish to the receiver and NRF does not natively support encryption so I don't thinnk it will be able to ack properly. I trust you are sure you have your keys properly configured per the instructions for version 2.0.0?
-
@Anticimex
I have a very reduced sketch now (sending millis() every second) and yes, I have configured the keys as it should be.As long, as nobody can prove with a concrete setup, that with the actual git-version (with encryption and NRF24L01) it is working without st-fail, the possibility exists, that it there is a bug. :smile:
-
@Anticimex
I have a very reduced sketch now (sending millis() every second) and yes, I have configured the keys as it should be.As long, as nobody can prove with a concrete setup, that with the actual git-version (with encryption and NRF24L01) it is working without st-fail, the possibility exists, that it there is a bug. :smile:
@FotoFieber No. At least not for signing. As st=fail is something set by the transport/radio layer and signing has nothing to do with that. Encryption I discourage from using (detailed in the documentation) since it provides little benefit in the form used here.
-
@Anticimex
As the bug is there even with encryption only, it can't be in the signing code.For privacy concerns, signing is no solution.
-
@Anticimex
As the bug is there even with encryption only, it can't be in the signing code.For privacy concerns, signing is no solution.
@FotoFieber Neither is encryption for NRF24 as it does not use IV:s. And the data you encrypt is predicable so the key can be derived quite easily, effectively eliminating the "protection" the encryption is supposed to give.
-
@Anticimex
No IV? Then the AES Transport implementation is not secure, more ore less an obfuscation...Is this a known bug, that will be fixed?
-
@Anticimex
No IV? Then the AES Transport implementation is not secure, more ore less an obfuscation...Is this a known bug, that will be fixed?
@FotoFieber it is a known limitation and is currently not in scope for improvement for nrf24 because it require reliable sync which nrf radios are notoriously bad at providing. If you have an idea on how to fix it, a pr is always welcome :)
-
Hm, I am not an encryption expert. What about a Diffie-Hellmann key exchange and then use the key as IV?
-
Me neither. I care about security, not obscurity. I see no reason to encrypt a '1' or a '0' and digital streams like audio and video is not supported anyway. But exchange of constant (but random) data is already used and supported since signing is based on nonce exchange. But I believe IV:s "evolve" with the messages encrypted which implies the messages need to be exchanged trustworthy and sender and receiver need to be om sync. But I know to little about that to be sure.
In any case, I welcome any development that adds to security, and will happily review such code, but I don't have the bandwidth nor motivation to "drive" the development of encryption in the core library as I don't feel it adds enough value to be worth the effort.
