Raspberry Gateway 2.1.1 + signing
-
The Gateway code on Raspberry seems to work only when signing is not used.
Is that something known?In addition, I had to explicitly name the architecture and comment out one line in core/MySigningAtsha204Soft.cpp to get the debug signing output working:
#ifdef linux
#define __FlashStringHelper char
// #define MY_SERIALDEVICE.print debug
#endifMy configure options were:
./configure --my-gateway=ethernet
--soc=BCM2836
--my-transport=nrf24
--my-rf24-ce-pin=22
--my-rf24-cs-pin=24
--my-rf24-irq-pin=15
--my-rf24-pa-level=RF24_PA_LOW
--my-leds-err-pin=12
--my-leds-rx-pin=16
--my-leds-tx-pin=18
--my-signing=software
--my-signing-request-signatures
--my-signing-request-gw-signatures-from-all
--my-rf24-encryption-enabled
--my-rf24-channel=70
--my-debug=enable
--my-signing-debugTested with a Raspberry 1 and 2.
-
The Gateway code on Raspberry seems to work only when signing is not used.
Is that something known?In addition, I had to explicitly name the architecture and comment out one line in core/MySigningAtsha204Soft.cpp to get the debug signing output working:
#ifdef linux
#define __FlashStringHelper char
// #define MY_SERIALDEVICE.print debug
#endifMy configure options were:
./configure --my-gateway=ethernet
--soc=BCM2836
--my-transport=nrf24
--my-rf24-ce-pin=22
--my-rf24-cs-pin=24
--my-rf24-irq-pin=15
--my-rf24-pa-level=RF24_PA_LOW
--my-leds-err-pin=12
--my-leds-rx-pin=16
--my-leds-tx-pin=18
--my-signing=software
--my-signing-request-signatures
--my-signing-request-gw-signatures-from-all
--my-rf24-encryption-enabled
--my-rf24-channel=70
--my-debug=enable
--my-signing-debugTested with a Raspberry 1 and 2.
@t3chie hi, this is not known (at least to me). I don't have a rPi setup so I have not been able to verify. @marceloaqno do you know what the current status is? If I remember correctly, you tested the latest signing improvements package successfully on rPi, right?
-
The Gateway code on Raspberry seems to work only when signing is not used.
Is that something known?In addition, I had to explicitly name the architecture and comment out one line in core/MySigningAtsha204Soft.cpp to get the debug signing output working:
#ifdef linux
#define __FlashStringHelper char
// #define MY_SERIALDEVICE.print debug
#endifMy configure options were:
./configure --my-gateway=ethernet
--soc=BCM2836
--my-transport=nrf24
--my-rf24-ce-pin=22
--my-rf24-cs-pin=24
--my-rf24-irq-pin=15
--my-rf24-pa-level=RF24_PA_LOW
--my-leds-err-pin=12
--my-leds-rx-pin=16
--my-leds-tx-pin=18
--my-signing=software
--my-signing-request-signatures
--my-signing-request-gw-signatures-from-all
--my-rf24-encryption-enabled
--my-rf24-channel=70
--my-debug=enable
--my-signing-debugTested with a Raspberry 1 and 2.
-
@t3chie hi, this is not known (at least to me). I don't have a rPi setup so I have not been able to verify. @marceloaqno do you know what the current status is? If I remember correctly, you tested the latest signing improvements package successfully on rPi, right?
@Anticimex I am happy to test whatever you want me to do. I "think" my wiring is correct as it works when signing is not used. I can post debug output from the Gateway for both (signed and unsigned) if that helps.
Should I give the dev branch a try? -
@Anticimex I am happy to test whatever you want me to do. I "think" my wiring is correct as it works when signing is not used. I can post debug output from the Gateway for both (signed and unsigned) if that helps.
Should I give the dev branch a try?@t3chie ah you are on master? That's interesting because that should work. Yes, please give the devel branch a try. Could be that full signing support for rPi never made it in the latest release.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@t3chie ah you are on master? That's interesting because that should work. Yes, please give the devel branch a try. Could be that full signing support for rPi never made it in the latest release.
@Anticimex That is different but still not working. The architecture autodetection works. The signing debug does compile, too. But when I am starting up a node the gateway reports:
mysgw: Starting gateway...
mysgw: Protocol version - 2.2.0-beta
mysgw: MCO:BGN:INIT GW,CP=RNNG-SQX,VER=2.2.0-beta
mysgw: !SGN:PER:TAMPERED
mysgw: !SGN:INI:BND FAIL
mysgw: TSF:LRT:OK
mysgw: TSM:INIT
mysgw: TSF:WUR:MS=0
mysgw: TSM:INIT:TSP OK
mysgw: TSM:INIT:GW MODE
mysgw: TSM:READY:ID=0,PAR=0,DIS=0
mysgw: MCO:REG:NOT NEEDED
mysgw: Listening for connections on 0.0.0.0:5003
mysgw: MCO:BGN:STP
mysgw: MCO:BGN:INIT OK,TSP=1
mysgw: TSF:MSG:READ,118-205-14,s=1,c=2,t=118,pt=6,l=0,sg=1:
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:14 UNKNOWN
mysgw: SGN:SGN:118!=0 NUS
mysgw: !TSF:MSG:SEND,118-0-14-14,s=1,c=2,t=118,pt=6,l=0,sg=1,ft=0,st=NACK:
mysgw: TSF:MSG:READ,138-29-188,s=181,c=6,t=66,pt=5,l=16,sg=0:3636023473
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:188 UNKNOWN
mysgw: SGN:SGN:138!=0 NUS
mysgw: !TSF:MSG:SEND,138-0-188-188,s=181,c=6,t=66,pt=5,l=16,sg=0,ft=0,st=NACK:3636023473
mysgw: TSF:MSG:READ,184-237-134,s=214,c=0,t=229,pt=6,l=13,sg=1:5A403EDF050D2265DF00000000
mysgw: !TSF:MSG:PVER,3=2
mysgw: TSF:MSG:READ,233-187-65,s=93,c=1,t=52,pt=1,l=1,sg=1:222
mysgw: !TSF:MSG:PVER,1=2
mysgw: TSF:MSG:READ,177-160-211,s=159,c=6,t=135,pt=4,l=11,sg=1:-2047481336
mysgw: !TSF:MSG:PVER,0=2
mysgw: TSF:MSG:READ,166-111-53,s=187,c=3,t=196,pt=5,l=9,sg=0:204581490
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:53 UNKNOWN
mysgw: SGN:SGN:166!=0 NUS
mysgw: !TSF:MSG:SEND,166-0-53-53,s=187,c=3,t=196,pt=5,l=9,sg=0,ft=0,st=NACK:204581490The only node on that radio channel is ID 100 and if I disable signing, the same setup is reporting:
mysgw: Starting gateway...
mysgw: Protocol version - 2.2.0-beta
mysgw: MCO:BGN:INIT GW,CP=RNNG--Q-,VER=2.2.0-beta
mysgw: TSF:LRT:OK
mysgw: TSM:INIT
mysgw: TSF:WUR:MS=0
mysgw: TSM:INIT:TSP OK
mysgw: TSM:INIT:GW MODE
mysgw: TSM:READY:ID=0,PAR=0,DIS=0
mysgw: MCO:REG:NOT NEEDED
mysgw: Listening for connections on 0.0.0.0:5003
mysgw: MCO:BGN:STP
mysgw: MCO:BGN:INIT OK,TSP=1
mysgw: TSF:MSG:READ,100-100-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
mysgw: TSF:MSG:BC
mysgw: TSF:MSG:FPAR REQ,ID=100
mysgw: TSF:CKU:OK,FCTRL
mysgw: TSF:MSG:GWL OK
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
mysgw: TSF:MSG:PINGED,ID=100,HP=1
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100
mysgw: TSF:MSG:READ,100-100-0,s=255,c=0,t=17,pt=0,l=5,sg=0:2.1.1
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=6,pt=1,l=1,sg=0:0
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=11,pt=0,l=13,sg=0:Motion Sensor
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=12,pt=0,l=3,sg=0:1.0
mysgw: TSF:MSG:READ,100-100-0,s=1,c=0,t=1,pt=0,l=0,sg=0:
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=27,pt=1,l=1,sg=0,ft=0,st=OK:1 -
@Anticimex That is different but still not working. The architecture autodetection works. The signing debug does compile, too. But when I am starting up a node the gateway reports:
mysgw: Starting gateway...
mysgw: Protocol version - 2.2.0-beta
mysgw: MCO:BGN:INIT GW,CP=RNNG-SQX,VER=2.2.0-beta
mysgw: !SGN:PER:TAMPERED
mysgw: !SGN:INI:BND FAIL
mysgw: TSF:LRT:OK
mysgw: TSM:INIT
mysgw: TSF:WUR:MS=0
mysgw: TSM:INIT:TSP OK
mysgw: TSM:INIT:GW MODE
mysgw: TSM:READY:ID=0,PAR=0,DIS=0
mysgw: MCO:REG:NOT NEEDED
mysgw: Listening for connections on 0.0.0.0:5003
mysgw: MCO:BGN:STP
mysgw: MCO:BGN:INIT OK,TSP=1
mysgw: TSF:MSG:READ,118-205-14,s=1,c=2,t=118,pt=6,l=0,sg=1:
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:14 UNKNOWN
mysgw: SGN:SGN:118!=0 NUS
mysgw: !TSF:MSG:SEND,118-0-14-14,s=1,c=2,t=118,pt=6,l=0,sg=1,ft=0,st=NACK:
mysgw: TSF:MSG:READ,138-29-188,s=181,c=6,t=66,pt=5,l=16,sg=0:3636023473
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:188 UNKNOWN
mysgw: SGN:SGN:138!=0 NUS
mysgw: !TSF:MSG:SEND,138-0-188-188,s=181,c=6,t=66,pt=5,l=16,sg=0,ft=0,st=NACK:3636023473
mysgw: TSF:MSG:READ,184-237-134,s=214,c=0,t=229,pt=6,l=13,sg=1:5A403EDF050D2265DF00000000
mysgw: !TSF:MSG:PVER,3=2
mysgw: TSF:MSG:READ,233-187-65,s=93,c=1,t=52,pt=1,l=1,sg=1:222
mysgw: !TSF:MSG:PVER,1=2
mysgw: TSF:MSG:READ,177-160-211,s=159,c=6,t=135,pt=4,l=11,sg=1:-2047481336
mysgw: !TSF:MSG:PVER,0=2
mysgw: TSF:MSG:READ,166-111-53,s=187,c=3,t=196,pt=5,l=9,sg=0:204581490
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:53 UNKNOWN
mysgw: SGN:SGN:166!=0 NUS
mysgw: !TSF:MSG:SEND,166-0-53-53,s=187,c=3,t=196,pt=5,l=9,sg=0,ft=0,st=NACK:204581490The only node on that radio channel is ID 100 and if I disable signing, the same setup is reporting:
mysgw: Starting gateway...
mysgw: Protocol version - 2.2.0-beta
mysgw: MCO:BGN:INIT GW,CP=RNNG--Q-,VER=2.2.0-beta
mysgw: TSF:LRT:OK
mysgw: TSM:INIT
mysgw: TSF:WUR:MS=0
mysgw: TSM:INIT:TSP OK
mysgw: TSM:INIT:GW MODE
mysgw: TSM:READY:ID=0,PAR=0,DIS=0
mysgw: MCO:REG:NOT NEEDED
mysgw: Listening for connections on 0.0.0.0:5003
mysgw: MCO:BGN:STP
mysgw: MCO:BGN:INIT OK,TSP=1
mysgw: TSF:MSG:READ,100-100-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
mysgw: TSF:MSG:BC
mysgw: TSF:MSG:FPAR REQ,ID=100
mysgw: TSF:CKU:OK,FCTRL
mysgw: TSF:MSG:GWL OK
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
mysgw: TSF:MSG:PINGED,ID=100,HP=1
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100
mysgw: TSF:MSG:READ,100-100-0,s=255,c=0,t=17,pt=0,l=5,sg=0:2.1.1
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=6,pt=1,l=1,sg=0:0
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=11,pt=0,l=13,sg=0:Motion Sensor
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=12,pt=0,l=3,sg=0:1.0
mysgw: TSF:MSG:READ,100-100-0,s=1,c=0,t=1,pt=0,l=0,sg=0:
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=27,pt=1,l=1,sg=0,ft=0,st=OK:1@t3chie looks like the personalization has not finished successfully. How do you store the hmac key to the rPi? If you don't use the personalizer sketch you either need to write the checksum yourself or disable the checksum validation. It could be that the method for personalizing on rPi does not calculate and store a checksum. So either that has to change, or the checksum check should be disabled on rPi/Linux.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@t3chie looks like the personalization has not finished successfully. How do you store the hmac key to the rPi? If you don't use the personalizer sketch you either need to write the checksum yourself or disable the checksum validation. It could be that the method for personalizing on rPi does not calculate and store a checksum. So either that has to change, or the checksum check should be disabled on rPi/Linux.
@Anticimex Sorry for that - when I changed Pi's I forgot to personalize the GW. But that didn't made it working:
mysgw: Starting gateway...
mysgw: Protocol version - 2.2.0-beta
mysgw: MCO:BGN:INIT GW,CP=RNNG-SQX,VER=2.2.0-beta
mysgw: !SGN:PER:TAMPERED
mysgw: !SGN:INI:BND FAIL
mysgw: TSF:LRT:OK
mysgw: TSM:INIT
mysgw: TSF:WUR:MS=0
mysgw: TSM:INIT:TSP OK
mysgw: TSM:INIT:GW MODE
mysgw: TSM:READY:ID=0,PAR=0,DIS=0
mysgw: MCO:REG:NOT NEEDED
mysgw: Listening for connections on 0.0.0.0:5003
mysgw: MCO:BGN:STP
mysgw: MCO:BGN:INIT OK,TSP=1
mysgw: TSF:MSG:READ,118-205-14,s=1,c=2,t=118,pt=6,l=0,sg=1:
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:14 UNKNOWN
mysgw: SGN:SGN:118!=0 NUS
mysgw: !TSF:MSG:SEND,118-0-14-14,s=1,c=2,t=118,pt=6,l=0,sg=1,ft=0,st=NACK:
mysgw: TSF:MSG:READ,138-29-188,s=181,c=6,t=66,pt=5,l=16,sg=0:3636023473
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:188 UNKNOWN
mysgw: SGN:SGN:138!=0 NUS
mysgw: !TSF:MSG:SEND,138-0-188-188,s=181,c=6,t=66,pt=5,l=16,sg=0,ft=0,st=NACK:3636023473
mysgw: TSF:MSG:READ,184-237-134,s=214,c=0,t=229,pt=6,l=13,sg=1:5A403EDF050D2265DF00000000
mysgw: !TSF:MSG:PVER,3=2
mysgw: TSF:MSG:READ,233-187-65,s=93,c=1,t=52,pt=1,l=1,sg=1:222
mysgw: !TSF:MSG:PVER,1=2
mysgw: TSF:MSG:READ,177-160-211,s=159,c=6,t=135,pt=4,l=11,sg=1:-2047481336
mysgw: !TSF:MSG:PVER,0=2
mysgw: TSF:MSG:READ,166-111-53,s=187,c=3,t=196,pt=5,l=9,sg=0:204581490
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:53 UNKNOWN
mysgw: SGN:SGN:166!=0 NUS
mysgw: !TSF:MSG:SEND,166-0-53-53,s=187,c=3,t=196,pt=5,l=9,sg=0,ft=0,st=NACK:204581490
mysgw: TSF:MSG:READ,223-72-13,s=199,c=4,t=110,pt=5,l=4,sg=0:3736138177
mysgw: !TSF:MSG:PVER,1=2
mysgw: TSF:MSG:READ,151-70-68,s=120,c=3,t=166,pt=0,l=15,sg=1:?rQ?0??
mysgw: !TSF:MSG:PVER,0=2Isn't the Node ID reported changing between random values although it should only see ID 100 ?
-
@Anticimex Sorry for that - when I changed Pi's I forgot to personalize the GW. But that didn't made it working:
mysgw: Starting gateway...
mysgw: Protocol version - 2.2.0-beta
mysgw: MCO:BGN:INIT GW,CP=RNNG-SQX,VER=2.2.0-beta
mysgw: !SGN:PER:TAMPERED
mysgw: !SGN:INI:BND FAIL
mysgw: TSF:LRT:OK
mysgw: TSM:INIT
mysgw: TSF:WUR:MS=0
mysgw: TSM:INIT:TSP OK
mysgw: TSM:INIT:GW MODE
mysgw: TSM:READY:ID=0,PAR=0,DIS=0
mysgw: MCO:REG:NOT NEEDED
mysgw: Listening for connections on 0.0.0.0:5003
mysgw: MCO:BGN:STP
mysgw: MCO:BGN:INIT OK,TSP=1
mysgw: TSF:MSG:READ,118-205-14,s=1,c=2,t=118,pt=6,l=0,sg=1:
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:14 UNKNOWN
mysgw: SGN:SGN:118!=0 NUS
mysgw: !TSF:MSG:SEND,118-0-14-14,s=1,c=2,t=118,pt=6,l=0,sg=1,ft=0,st=NACK:
mysgw: TSF:MSG:READ,138-29-188,s=181,c=6,t=66,pt=5,l=16,sg=0:3636023473
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:188 UNKNOWN
mysgw: SGN:SGN:138!=0 NUS
mysgw: !TSF:MSG:SEND,138-0-188-188,s=181,c=6,t=66,pt=5,l=16,sg=0,ft=0,st=NACK:3636023473
mysgw: TSF:MSG:READ,184-237-134,s=214,c=0,t=229,pt=6,l=13,sg=1:5A403EDF050D2265DF00000000
mysgw: !TSF:MSG:PVER,3=2
mysgw: TSF:MSG:READ,233-187-65,s=93,c=1,t=52,pt=1,l=1,sg=1:222
mysgw: !TSF:MSG:PVER,1=2
mysgw: TSF:MSG:READ,177-160-211,s=159,c=6,t=135,pt=4,l=11,sg=1:-2047481336
mysgw: !TSF:MSG:PVER,0=2
mysgw: TSF:MSG:READ,166-111-53,s=187,c=3,t=196,pt=5,l=9,sg=0:204581490
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:53 UNKNOWN
mysgw: SGN:SGN:166!=0 NUS
mysgw: !TSF:MSG:SEND,166-0-53-53,s=187,c=3,t=196,pt=5,l=9,sg=0,ft=0,st=NACK:204581490
mysgw: TSF:MSG:READ,223-72-13,s=199,c=4,t=110,pt=5,l=4,sg=0:3736138177
mysgw: !TSF:MSG:PVER,1=2
mysgw: TSF:MSG:READ,151-70-68,s=120,c=3,t=166,pt=0,l=15,sg=1:?rQ?0??
mysgw: !TSF:MSG:PVER,0=2Isn't the Node ID reported changing between random values although it should only see ID 100 ?
-
@t3chie it still reports !SGN:PER:TAMPERED so my original question(s) are still valid :)
-
@Anticimex I use:
./bin/mysgw --set-soft-hmac-key D94AB9BF54D266CA517C23C870FF7A6...
./bin/mysgw --set-soft-serial-key 2200002200...How can I calculate the checksum or disable it?
@t3chie just comment https://github.com/mysensors/MySensors/blob/development/core/MySigningAtsha204Soft.cpp#L127
I'm pretty sure the problem is that on Linux, a checksum is never calculated, so I will patch the init function of the software signing backend to ignore that calculation on Linux.
I do also note that you seem to get NACKs. I can already now say that those have to go away for signing to work. See here.Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@t3chie just comment https://github.com/mysensors/MySensors/blob/development/core/MySigningAtsha204Soft.cpp#L127
I'm pretty sure the problem is that on Linux, a checksum is never calculated, so I will patch the init function of the software signing backend to ignore that calculation on Linux.
I do also note that you seem to get NACKs. I can already now say that those have to go away for signing to work. See here.@Anticimex Have tried to comment out line 127, but as you said no joy. I know that the radio I am using is not the best but I am still not sure if the HW is the culprit here.
I have put that RF24 module onto a Nano with itead RF Shield and loaded a 2.1.1 Gateway Sketch including signing - that works against the same node I am testing the Pi.
I am using the interrupt variant of the Pi cabling - could that be the problem? -
@Anticimex Have tried to comment out line 127, but as you said no joy. I know that the radio I am using is not the best but I am still not sure if the HW is the culprit here.
I have put that RF24 module onto a Nano with itead RF Shield and loaded a 2.1.1 Gateway Sketch including signing - that works against the same node I am testing the Pi.
I am using the interrupt variant of the Pi cabling - could that be the problem?@t3chie if you read the troubleshooting guide which I linked to, the topmost and most common issue is radio problems and these are not signing related. They are because you have a flaky radio connection (reasons could be many, and there are a ton of threads on the forum that discuss these). You see these when you enable signing because then full size messages are transmitted and not the relatively small messages you typically transmit.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@t3chie if you read the troubleshooting guide which I linked to, the topmost and most common issue is radio problems and these are not signing related. They are because you have a flaky radio connection (reasons could be many, and there are a ton of threads on the forum that discuss these). You see these when you enable signing because then full size messages are transmitted and not the relatively small messages you typically transmit.
@Anticimex Well, I have read all troubleshooting material many times and agree that mostly it is HW. This time however it was stupidity on my side!
I mixed up signing with encryption on the Pi compile time flags.
To summarize:
On 2.1.1, the architecture needs to be set and signing works (have not tested encryption yet).
On dev, architecture needs to be left alone (not set) and checksum calculation needs to be commented out (line 127 of MySigningAtsha204Soft.cpp). -
@Anticimex Well, I have read all troubleshooting material many times and agree that mostly it is HW. This time however it was stupidity on my side!
I mixed up signing with encryption on the Pi compile time flags.
To summarize:
On 2.1.1, the architecture needs to be set and signing works (have not tested encryption yet).
On dev, architecture needs to be left alone (not set) and checksum calculation needs to be commented out (line 127 of MySigningAtsha204Soft.cpp). -
@Anticimex Well, I have read all troubleshooting material many times and agree that mostly it is HW. This time however it was stupidity on my side!
I mixed up signing with encryption on the Pi compile time flags.
To summarize:
On 2.1.1, the architecture needs to be set and signing works (have not tested encryption yet).
On dev, architecture needs to be left alone (not set) and checksum calculation needs to be commented out (line 127 of MySigningAtsha204Soft.cpp).@t3chie Could I ask you a big favour to test my PR on your linux gw and node?
https://github.com/mysensors/MySensors/pull/885Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@t3chie Could I ask you a big favour to test my PR on your linux gw and node?
https://github.com/mysensors/MySensors/pull/885 -
@Anticimex Sure, can do.
Would you refresh my memory - how can I check out the tree with that pullrequest?@t3chie thanks!
git checkout -b fallberg-signing development
git pull https://github.com/fallberg/MySensors.git signingDo you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@t3chie thanks!
git checkout -b fallberg-signing development
git pull https://github.com/fallberg/MySensors.git signing@Anticimex I did:
git clone https://github.com/mysensors/MySensors.git --branch development
cd MySensors
git pull https://github.com/fallberg/MySensors.git signingThen compile with:
./configure --my-gateway=ethernet
--my-transport=nrf24
--my-rf24-ce-pin=22
--my-rf24-cs-pin=24
--my-rf24-irq-pin=15
--my-rf24-pa-level=RF24_PA_LOW
--my-leds-err-pin=12
--my-leds-rx-pin=16
--my-leds-tx-pin=18
--my-rf24-channel=76
--my-debug=enable
--my-signing=software
--my-signing-request-signatures
--my-signing-request-gw-signatures-from-all
--my-signing-debugResult with one node restarting while others are already running:
mysgw: TSF:MSG:READ,100-100-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
mysgw: TSF:MSG:BC
mysgw: TSF:MSG:FPAR REQ,ID=100
mysgw: TSF:PNG:SEND,TO=0
mysgw: TSF:CKU:OK
mysgw: TSF:MSG:GWL OK
mysgw: SGN:SKP:MSG CMD=3,TYPE=8
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=8,pt=1,l=1,sg=1,ft=0,st=OK:0
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
mysgw: SGN:SKP:MSG CMD=3,TYPE=24
mysgw: TSF:MSG:PINGED,ID=100,HP=1
mysgw: SGN:SKP:MSG CMD=3,TYPE=25
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=25,pt=1,l=1,sg=1,ft=0,st=OK:1
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
mysgw: SGN:SKP:MSG CMD=3,TYPE=15
mysgw: SGN:PRE:SGN REQ,FROM=100
mysgw: !SGN:PRE:WHI NREQ,FROM=100 REJ
mysgw: SGN:PRE:SGN REQ,TO=100
mysgw: SGN:PRE:WHI NREQ,TO=100
mysgw: SGN:SKP:MSG CMD=3,TYPE=15
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101
mysgw: SGN:PRE:XMT,TO=100
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=1,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
mysgw: SGN:SKP:MSG CMD=3,TYPE=26
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK:
mysgw: SGN:SGN:NCE REQ,TO=100
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=17,pt=6,l=25,sg=1:<NONCE>
mysgw: SGN:SKP:MSG CMD=3,TYPE=17
mysgw: SGN:NCE:FROM=100
mysgw: SGN:BND:NONCE=4BD28D2B47813291B354D4A856B07E7A6B496CF86FA2FF969D7C2D115FAC09DF
mysgw: SGN:BND:HMAC=07FF305FFEB4D1489C3C9BA63A281890DDD850573B406FB691C09C23DC12DD00
mysgw: SGN:BND:SIG WHI,ID=0
mysgw: SGN:BND:SIG WHI,SERIAL=000000000000000000
mysgw: SGN:SGN:SGN
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=27,pt=1,l=1,sg=1,ft=0,st=OK:1Looks OK for me, right?
-
@Anticimex I did:
git clone https://github.com/mysensors/MySensors.git --branch development
cd MySensors
git pull https://github.com/fallberg/MySensors.git signingThen compile with:
./configure --my-gateway=ethernet
--my-transport=nrf24
--my-rf24-ce-pin=22
--my-rf24-cs-pin=24
--my-rf24-irq-pin=15
--my-rf24-pa-level=RF24_PA_LOW
--my-leds-err-pin=12
--my-leds-rx-pin=16
--my-leds-tx-pin=18
--my-rf24-channel=76
--my-debug=enable
--my-signing=software
--my-signing-request-signatures
--my-signing-request-gw-signatures-from-all
--my-signing-debugResult with one node restarting while others are already running:
mysgw: TSF:MSG:READ,100-100-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
mysgw: TSF:MSG:BC
mysgw: TSF:MSG:FPAR REQ,ID=100
mysgw: TSF:PNG:SEND,TO=0
mysgw: TSF:CKU:OK
mysgw: TSF:MSG:GWL OK
mysgw: SGN:SKP:MSG CMD=3,TYPE=8
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=8,pt=1,l=1,sg=1,ft=0,st=OK:0
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
mysgw: SGN:SKP:MSG CMD=3,TYPE=24
mysgw: TSF:MSG:PINGED,ID=100,HP=1
mysgw: SGN:SKP:MSG CMD=3,TYPE=25
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=25,pt=1,l=1,sg=1,ft=0,st=OK:1
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
mysgw: SGN:SKP:MSG CMD=3,TYPE=15
mysgw: SGN:PRE:SGN REQ,FROM=100
mysgw: !SGN:PRE:WHI NREQ,FROM=100 REJ
mysgw: SGN:PRE:SGN REQ,TO=100
mysgw: SGN:PRE:WHI NREQ,TO=100
mysgw: SGN:SKP:MSG CMD=3,TYPE=15
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101
mysgw: SGN:PRE:XMT,TO=100
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=1,c=3,t=16,pt=0,l=0,sg=0:
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: !SGN:NCE:GEN
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
mysgw: SGN:SKP:MSG CMD=3,TYPE=26
mysgw: SGN:SKP:MSG CMD=3,TYPE=16
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK:
mysgw: SGN:SGN:NCE REQ,TO=100
mysgw: TSF:MSG:READ,100-100-0,s=255,c=3,t=17,pt=6,l=25,sg=1:<NONCE>
mysgw: SGN:SKP:MSG CMD=3,TYPE=17
mysgw: SGN:NCE:FROM=100
mysgw: SGN:BND:NONCE=4BD28D2B47813291B354D4A856B07E7A6B496CF86FA2FF969D7C2D115FAC09DF
mysgw: SGN:BND:HMAC=07FF305FFEB4D1489C3C9BA63A281890DDD850573B406FB691C09C23DC12DD00
mysgw: SGN:BND:SIG WHI,ID=0
mysgw: SGN:BND:SIG WHI,SERIAL=000000000000000000
mysgw: SGN:SGN:SGN
mysgw: TSF:MSG:SEND,0-0-100-100,s=255,c=3,t=27,pt=1,l=1,sg=1,ft=0,st=OK:1Looks OK for me, right?
