Randomness
-
I have modified the way how random numbers handled for signing. With the original version of MySensors, Nonce data for signing generated from the internal pseudo random generator and the millis() time.
My change replaces the way random numbers are generated with MySensors.
The AVR platform uses a 32 Bit random seed build from a floating analog pin. The way of the generation of this seed is FIPS 140-2 compliant.
For support MCU with a fast way to generate random data, the hwGetentropy() command is now available to allow rapid generation of random data.
The ESP8266 platform uses the internal random source for randomness for hwGetentropy() and Arduino's random() function.
The NRF5 platform initializes the pseudo random number generator from internal hardware number generator. The internal AES-ECB unit generates random data after filling with HWRNG data.
On Linux getrandom() is implemented via syscall().
signerAtsha204SoftGetNonce speed:
AVR = ~14000us (sha204Soft)
NRF51 = ~152us (AES), 1739us (sha204Soft)
NRF52 = ~31us (AES), 183us (sha204Soft)
ESP8266 = ~20us (RANDOM_REG32), 380us (sha204Soft)
Linux = untested!All Nonce results tested for FIPS 140-2 compliance successfully.
I have no Raspberry Pi to check my change. It would by helpful if someone can install my version on a Raspberry Pi.
The code can be found at https://github.com/d00616/MySensors/tree/add_random_abstraction
-
I have modified the way how random numbers handled for signing. With the original version of MySensors, Nonce data for signing generated from the internal pseudo random generator and the millis() time.
My change replaces the way random numbers are generated with MySensors.
The AVR platform uses a 32 Bit random seed build from a floating analog pin. The way of the generation of this seed is FIPS 140-2 compliant.
For support MCU with a fast way to generate random data, the hwGetentropy() command is now available to allow rapid generation of random data.
The ESP8266 platform uses the internal random source for randomness for hwGetentropy() and Arduino's random() function.
The NRF5 platform initializes the pseudo random number generator from internal hardware number generator. The internal AES-ECB unit generates random data after filling with HWRNG data.
On Linux getrandom() is implemented via syscall().
signerAtsha204SoftGetNonce speed:
AVR = ~14000us (sha204Soft)
NRF51 = ~152us (AES), 1739us (sha204Soft)
NRF52 = ~31us (AES), 183us (sha204Soft)
ESP8266 = ~20us (RANDOM_REG32), 380us (sha204Soft)
Linux = untested!All Nonce results tested for FIPS 140-2 compliance successfully.
I have no Raspberry Pi to check my change. It would by helpful if someone can install my version on a Raspberry Pi.
The code can be found at https://github.com/d00616/MySensors/tree/add_random_abstraction
-
@d00616 very nice! I can try on a rpi. What do I need to do to test, besides checking out your branch?
@mfalkvidd said in Randomness:
@d00616 very nice! I can try on a rpi. What do I need to do to test, besides checking out your branch?
@mfalkvidd Thank you. Checkout and build should be enough.
I have measured the performance with this sketch, but this doesn't work on the Raspberry. By removing the "#define MY_HW_HAS_GETRANDOM", you can switch between old an new mode.
/* * The MySensors Arduino library handles the wireless radio link and protocol * between your home built sensors/actuators and HA controller of choice. * The sensors forms a self healing radio network with optional repeaters. Each * repeater and gateway builds a routing tables in EEPROM which keeps track of the * network topology allowing messages to be routed to nodes. * * Created by Henrik Ekblad <henrik.ekblad@mysensors.org> * Copyright (C) 2013-2015 Sensnology AB * Full contributor list: https://github.com/mysensors/Arduino/graphs/contributors * * Documentation: http://www.mysensors.org * Support Forum: http://forum.mysensors.org * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * ******************************* */ #include <stdint.h> #include <pins_arduino.h> //#define MY_DEBUG //#define MY_DEBUG_VERBOSE_SIGNING //#define MY_RADIO_NRF24 //#define MY_RADIO_NRF5_ESB #define MY_SIGNING_SOFT //#define MY_SIGNING_ATSHA204 //#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}} #define MY_SIGNING_REQUEST_SIGNATURES #ifndef MY_SIGNING_SOFT_RANDOMSEED_PIN #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 #endif #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 #endif // Enable serial gateway #define MY_GATEWAY_SERIAL #include <MySensors.h> void loop() { MyMessage data; Serial.print("signerAtsha204SoftGetNonce="); unsigned long start = micros(); signerAtsha204SoftGetNonce(data); char *c = (char *)data.getCustom(); Serial.println(micros()-start); delay(1000); } -
@mfalkvidd said in Randomness:
@d00616 very nice! I can try on a rpi. What do I need to do to test, besides checking out your branch?
@mfalkvidd Thank you. Checkout and build should be enough.
I have measured the performance with this sketch, but this doesn't work on the Raspberry. By removing the "#define MY_HW_HAS_GETRANDOM", you can switch between old an new mode.
/* * The MySensors Arduino library handles the wireless radio link and protocol * between your home built sensors/actuators and HA controller of choice. * The sensors forms a self healing radio network with optional repeaters. Each * repeater and gateway builds a routing tables in EEPROM which keeps track of the * network topology allowing messages to be routed to nodes. * * Created by Henrik Ekblad <henrik.ekblad@mysensors.org> * Copyright (C) 2013-2015 Sensnology AB * Full contributor list: https://github.com/mysensors/Arduino/graphs/contributors * * Documentation: http://www.mysensors.org * Support Forum: http://forum.mysensors.org * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * ******************************* */ #include <stdint.h> #include <pins_arduino.h> //#define MY_DEBUG //#define MY_DEBUG_VERBOSE_SIGNING //#define MY_RADIO_NRF24 //#define MY_RADIO_NRF5_ESB #define MY_SIGNING_SOFT //#define MY_SIGNING_ATSHA204 //#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}} #define MY_SIGNING_REQUEST_SIGNATURES #ifndef MY_SIGNING_SOFT_RANDOMSEED_PIN #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 #endif #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 #endif // Enable serial gateway #define MY_GATEWAY_SERIAL #include <MySensors.h> void loop() { MyMessage data; Serial.print("signerAtsha204SoftGetNonce="); unsigned long start = micros(); signerAtsha204SoftGetNonce(data); char *c = (char *)data.getCustom(); Serial.println(micros()-start); delay(1000); }@d00616 Sorry, seems like I am in over my head here.
Do I need to run configure? If so, with which parameters? Then, do I run make? I tried this:
pi@raspberrypi ~/d00616/MySensors $ ./configure --my-gateway=ethernet --my-transport=nrf24 --my-rf24-irq-pin=15 --my-rf24-channel=119 [SECTION] Detecting target machine. [OK] machine detected: SoC=BCM2836, Type=rpi2, CPU=armv7l. [SECTION] Detecting SPI driver. [OK] SPI driver detected:BCM. [SECTION] Detecting init system. [OK] init system detected: sysvinit. [SECTION] Saving configuration. [SECTION] Cleaning previous builds. [OK] Finished. pi@raspberrypi ~/d00616/MySensors $ make gcc -MT build/drivers/Linux/log.o -MMD -MP -march=armv7-a -mtune=cortex-a7 -mfpu=neon-vfpv4 -mfloat-abi=hard -DMY_RADIO_NRF24 -DMY_GATEWAY_LINUX -DMY_DEBUG -DLINUX_SPI_BCM -DLINUX_ARCH_RASPBERRYPI -DRPI_TYPE=\"rpi2\" -DMY_RF24_CHANNEL=119 -DMY_RX_MESSAGE_BUFFER_FEATURE -DMY_RF24_IRQ_PIN=15 -Ofast -g -Wall -Wextra -I. -I./core -I./drivers/Linux -I./drivers/BCM -c drivers/Linux/log.c -o build/drivers/Linux/log.o g++ -MT build/drivers/Linux/IPAddress.o -MMD -MP -march=armv7-a -mtune=cortex-a7 -mfpu=neon-vfpv4 -mfloat-abi=hard -DMY_RADIO_NRF24 -DMY_GATEWAY_LINUX -DMY_DEBUG -DLINUX_SPI_BCM -DLINUX_ARCH_RASPBERRYPI -DRPI_TYPE=\"rpi2\" -DMY_RF24_CHANNEL=119 -DMY_RX_MESSAGE_BUFFER_FEATURE -DMY_RF24_IRQ_PIN=15 -Ofast -g -Wall -Wextra -I. -I./core -I./drivers/Linux -I./drivers/BCM -c drivers/Linux/IPAddress.cpp -o build/drivers/Linux/IPAddress.o cc1plus: error: bad value (cortex-a7) for -mtune switch Makefile:98: recipe for target 'build/drivers/Linux/IPAddress.o' failed make: *** [build/drivers/Linux/IPAddress.o] Error 1Or do I just compile the sketch? If so, how do I do that?
-
@d00616 Sorry, seems like I am in over my head here.
Do I need to run configure? If so, with which parameters? Then, do I run make? I tried this:
pi@raspberrypi ~/d00616/MySensors $ ./configure --my-gateway=ethernet --my-transport=nrf24 --my-rf24-irq-pin=15 --my-rf24-channel=119 [SECTION] Detecting target machine. [OK] machine detected: SoC=BCM2836, Type=rpi2, CPU=armv7l. [SECTION] Detecting SPI driver. [OK] SPI driver detected:BCM. [SECTION] Detecting init system. [OK] init system detected: sysvinit. [SECTION] Saving configuration. [SECTION] Cleaning previous builds. [OK] Finished. pi@raspberrypi ~/d00616/MySensors $ make gcc -MT build/drivers/Linux/log.o -MMD -MP -march=armv7-a -mtune=cortex-a7 -mfpu=neon-vfpv4 -mfloat-abi=hard -DMY_RADIO_NRF24 -DMY_GATEWAY_LINUX -DMY_DEBUG -DLINUX_SPI_BCM -DLINUX_ARCH_RASPBERRYPI -DRPI_TYPE=\"rpi2\" -DMY_RF24_CHANNEL=119 -DMY_RX_MESSAGE_BUFFER_FEATURE -DMY_RF24_IRQ_PIN=15 -Ofast -g -Wall -Wextra -I. -I./core -I./drivers/Linux -I./drivers/BCM -c drivers/Linux/log.c -o build/drivers/Linux/log.o g++ -MT build/drivers/Linux/IPAddress.o -MMD -MP -march=armv7-a -mtune=cortex-a7 -mfpu=neon-vfpv4 -mfloat-abi=hard -DMY_RADIO_NRF24 -DMY_GATEWAY_LINUX -DMY_DEBUG -DLINUX_SPI_BCM -DLINUX_ARCH_RASPBERRYPI -DRPI_TYPE=\"rpi2\" -DMY_RF24_CHANNEL=119 -DMY_RX_MESSAGE_BUFFER_FEATURE -DMY_RF24_IRQ_PIN=15 -Ofast -g -Wall -Wextra -I. -I./core -I./drivers/Linux -I./drivers/BCM -c drivers/Linux/IPAddress.cpp -o build/drivers/Linux/IPAddress.o cc1plus: error: bad value (cortex-a7) for -mtune switch Makefile:98: recipe for target 'build/drivers/Linux/IPAddress.o' failed make: *** [build/drivers/Linux/IPAddress.o] Error 1Or do I just compile the sketch? If so, how do I do that?
@mfalkvidd It requires the option "--my-signing=software --my-signing-request-signatures". But i don't know if it is all.
-
@mfalkvidd It requires the option "--my-signing=software --my-signing-request-signatures". But i don't know if it is all.
-
Sorry @d00616, seems like compiling is too hard for me. I am not able to get past the IPAddress.o error. I get the same problem when compiling against vanilla MySensors master so it's not your fault ;-)
@mfalkvidd said in Randomness:
Sorry @d00616, seems like compiling is too hard for me. I am not able to get past the IPAddress.o error. I get the same problem when compiling against vanilla MySensors master so it's not your fault ;-)
Thank you.
-
@mfalkvidd said in Randomness:
Sorry @d00616, seems like compiling is too hard for me. I am not able to get past the IPAddress.o error. I get the same problem when compiling against vanilla MySensors master so it's not your fault ;-)
Thank you.
@d00616 I got a bit further by upgrading from gcc 4.6 to gcc 4.7 (and same for g++). Instructions here: http://helloraspberrypi.blogspot.se/2014/06/install-gcc-47-on-raspberry-pi-and-set.html
Now I can compile MySensors master, but not MySensors development. I'll create a separate thread for this.
-
@d00616 your branch compiles with the following settings on Raspberry Pi, if I revert 4c31e2 (see the other thread)
./configure --my-transport=nrf24 --my-gateway=serial --my-serial-is-pty --my-serial-pty=/dev/ttyMySensors2Gateway --spi-driver=BCM --my-signing=software --my-signing-request-signaturesI don't have any signing nodes and I don't know how to run the test sketch though.
-
@d00616 your branch compiles with the following settings on Raspberry Pi, if I revert 4c31e2 (see the other thread)
./configure --my-transport=nrf24 --my-gateway=serial --my-serial-is-pty --my-serial-pty=/dev/ttyMySensors2Gateway --spi-driver=BCM --my-signing=software --my-signing-request-signaturesI don't have any signing nodes and I don't know how to run the test sketch though.
@mfalkvidd said in Randomness:
./configure --my-transport=nrf24 --my-gateway=serial --my-serial-is-pty --my-serial-pty=/dev/ttyMySensors2Gateway --spi-driver=BCM --my-signing=software --my-signing-request-signatures
Thank you.
-
@d00616 your branch compiles with the following settings on Raspberry Pi, if I revert 4c31e2 (see the other thread)
./configure --my-transport=nrf24 --my-gateway=serial --my-serial-is-pty --my-serial-pty=/dev/ttyMySensors2Gateway --spi-driver=BCM --my-signing=software --my-signing-request-signaturesI don't have any signing nodes and I don't know how to run the test sketch though.
@mfalkvidd With "./configure --my-transport=nrf24 --my-gateway=serial --my-serial-is-pty --my-serial-pty=/dev/ttyMySensors2Gateway --spi-driver=SPIDEV --my-signing=software --my-signing-request-signatures" I can compile on my x86 machine.
Now, I can write some code to check the generated random data.
-
I have checked the hwGetentropy() on my x86 Linux. When https://github.com/mysensors/MySensors/pull/830 is merged, I create a new Pull Request.
