[security] Introducing signing support to MySensors
-
Hello,
I currently testing various bootloader to measure impact on CPU speed on the power consumption.
I got a lot ofnonce errorwhen using 1 MHz configuration.Is signing feature possible at 1 MHz ?
Thanks.
David.
@carlierd could you specify a bit clearer what you mean by "nonce error"? Signing should work, but the atsha driver is not tested @ 1MHz and might get bad timing. Also, for soft (and hard) signing, if 1MHz is used, performance could degrade to the point that the nonce timeout needs to be increased.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@carlierd could you specify a bit clearer what you mean by "nonce error"? Signing should work, but the atsha driver is not tested @ 1MHz and might get bad timing. Also, for soft (and hard) signing, if 1MHz is used, performance could degrade to the point that the nonce timeout needs to be increased.
Hello.
I am using soft signing.
find parent send: 255-255-255-255 s=255,c=3,t=7,pt=0,l=0,sg=0,st=bc: read: 255-255-255 s=255,c=3,t=7,pt=0,l=0,sg=0: sensor started, id=255, parent=255, distance=255 find parent send: 255-255-255-255 s=255,c=3,t=7,pt=0,l=0,sg=0,st=bc: read: 0-0-255 s=255,c=3,t=8,pt=1,l=1,sg=0:0 parent=0, d=1 read: 0-0-255 s=255,c=3,t=8,pt=1,l=1,sg=0:0 req id send: 255-255-0-0 s=255,c=3,t=3,pt=0,l=0,sg=0,st=ok: read: 0-0-255 s=255,c=3,t=4,pt=0,l=1,sg=0:9 send: 9-9-0-0 s=255,c=3,t=15,pt=2,l=2,sg=0,st=fail:1 read and drop: 9-9-0 s=255,c=3,t=15,pt=2,l=2,sg=0:1 read: 0-0-9 s=255,c=3,t=15,pt=2,l=2,sg=0:1 send: 9-9-0-0 s=255,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err send: 9-9-0-0 s=255,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err read and drop: 9-0-0 s=255,c=3,t=6,pt=1,l=1,sg=0:0 read: 0-0-9 s=255,c=3,t=17,pt=6,l=25,sg=0:0129D04B64916F5E805EFDF704C34F56B47E547FDDE93805BE id=9 send: 9-9-0-0 s=0,c=0,t=0,pt=0,l=0,sg=0,st=ok: send: 9-9-0-0 s=1,c=0,t=30,pt=0,l=0,sg=0,st=fail: [Setup duration: 9928 ms] send: 9-9-0-0 s=0,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err send: 9-9-0-0 s=1,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err send: 9-9-0-0 s=255,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err Value is 1 Cycle is 1 3.39 v [753 ms]Thanks,
David.
-
Hello.
I am using soft signing.
find parent send: 255-255-255-255 s=255,c=3,t=7,pt=0,l=0,sg=0,st=bc: read: 255-255-255 s=255,c=3,t=7,pt=0,l=0,sg=0: sensor started, id=255, parent=255, distance=255 find parent send: 255-255-255-255 s=255,c=3,t=7,pt=0,l=0,sg=0,st=bc: read: 0-0-255 s=255,c=3,t=8,pt=1,l=1,sg=0:0 parent=0, d=1 read: 0-0-255 s=255,c=3,t=8,pt=1,l=1,sg=0:0 req id send: 255-255-0-0 s=255,c=3,t=3,pt=0,l=0,sg=0,st=ok: read: 0-0-255 s=255,c=3,t=4,pt=0,l=1,sg=0:9 send: 9-9-0-0 s=255,c=3,t=15,pt=2,l=2,sg=0,st=fail:1 read and drop: 9-9-0 s=255,c=3,t=15,pt=2,l=2,sg=0:1 read: 0-0-9 s=255,c=3,t=15,pt=2,l=2,sg=0:1 send: 9-9-0-0 s=255,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err send: 9-9-0-0 s=255,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err read and drop: 9-0-0 s=255,c=3,t=6,pt=1,l=1,sg=0:0 read: 0-0-9 s=255,c=3,t=17,pt=6,l=25,sg=0:0129D04B64916F5E805EFDF704C34F56B47E547FDDE93805BE id=9 send: 9-9-0-0 s=0,c=0,t=0,pt=0,l=0,sg=0,st=ok: send: 9-9-0-0 s=1,c=0,t=30,pt=0,l=0,sg=0,st=fail: [Setup duration: 9928 ms] send: 9-9-0-0 s=0,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err send: 9-9-0-0 s=1,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err send: 9-9-0-0 s=255,c=3,t=16,pt=0,l=0,sg=0,st=fail: nonce tr err Value is 1 Cycle is 1 3.39 v [753 ms]Thanks,
David.
@carlierd you have a lot of st=fail, so your problem is radio related, not signing related. I also see non nonce related messages fail so you need to stabilize your rf connection before signing can work. And since signing uses the maximum payload size, it has the least probability to succeed to be sent, so you could find that unsigned messages work while nonces and signed messages fail, but this is normal of the rf link is not fully working. If you get st=fail, it is a radio problem. See this discussion for details: http://forum.mysensors.org/topic/3386/mqttclientgateway-broken-after-upgrade-signature-failure
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@carlierd you have a lot of st=fail, so your problem is radio related, not signing related. I also see non nonce related messages fail so you need to stabilize your rf connection before signing can work. And since signing uses the maximum payload size, it has the least probability to succeed to be sent, so you could find that unsigned messages work while nonces and signed messages fail, but this is normal of the rf link is not fully working. If you get st=fail, it is a radio problem. See this discussion for details: http://forum.mysensors.org/topic/3386/mqttclientgateway-broken-after-upgrade-signature-failure
@Anticimex Hello. Everything is working at 16 or 8MHz so I am pretty sure it's not an issue with the material.
I will burn the bootloader again and create a new post if it's still not correct. I will also disable signing feature to be sure there is no impact.David.
-
@Anticimex Hello. Everything is working at 16 or 8MHz so I am pretty sure it's not an issue with the material.
I will burn the bootloader again and create a new post if it's still not correct. I will also disable signing feature to be sure there is no impact.David.
@carlierd well, st=fail indicate transmission failure so it is pretty clear that you have a issue with rf, at least on that frequency. st=fail is not signing related. But, like previously discussed, enabling signing can trigger more st=fail because the payload gets bigger and is more sensitive to noise.
-
@carlierd well, st=fail indicate transmission failure so it is pretty clear that you have a issue with rf, at least on that frequency. st=fail is not signing related. But, like previously discussed, enabling signing can trigger more st=fail because the payload gets bigger and is more sensitive to noise.
-
@Anticimex Thank you for the effort you have put into signing, this is great!
Would it make sense to explore the I2C version of ATSHA204A ? The reason I'm asking is speed.
-
-
Thanks @duovis,
Yes, I welcome anyone who has the HW to provide a IO routine for I2C-variants of ATSHA204A. I don't have the hw myself though. -
@Anticimex Ok, I'll try to play with it and see if I can come up with something that works on I2C.
-
Hello all!
Two fast question! Can I have nodes working with ATSHA204A chip and others with software?
And, can I have nodes with signing on and others off? Or if I add signing to my network, all nodes must have it?
Thank you all!
-
Hello all!
Two fast question! Can I have nodes working with ATSHA204A chip and others with software?
And, can I have nodes with signing on and others off? Or if I add signing to my network, all nodes must have it?
Thank you all!
@Soloam
You can mix nodes with soft signing and ATSHA signing as you like.
You can mix nodes with signing on and off as well. The GW will only sign messages to nodes that require it, and it will also only check signatures from nodes that require signatures. So you can have one node which support/require signing and another which don't. The GW will be able to exchange messages with both nodes. -
Great work indeed!
Thank you @Anticimex
-
Great work indeed!
Thank you @Anticimex
-
Slightly silly question, but did anyone manage to get signing working (MySigningAtsha204Soft signer;) on Arduino Uno on MS 1.5.4 on the Ethernet gateway please? I am going out of memory and really hate to upgrade it to Mega
@alexsh1 if you feel adventurous try 2.0.0-beta2, or if you are patient, go to 2.0.0 in a few months and redesigns will have made space available for you.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 if you feel adventurous try 2.0.0-beta2, or if you are patient, go to 2.0.0 in a few months and redesigns will have made space available for you.
@Anticimex Thanks - I am currently trying an Ethernet GW and a node (Sensebender Micro) with dev branch. I am stuck at personalisation. I cannot lock data. Any idea what I am doing wrong?
This is Sensebender (with ATSHA204):
Personalization sketch for MySensors usage. ------------------------------------------- Device revision: 00020009 Device serial: {0x01,0x23,0x53,0x3F,0x52,0x6A,0x1A,0x06,0xEE} 0123533F526A1A06EE Skipping configuration write and lock (configuration already locked). Chip configuration: EEPROM DATA: SOFT_HMAC_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF SOFT_SERIAL | FFFFFFFFFFFFFFFFFF AES_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF ATSHA204A DATA: SN[0:1] | SN[2:3] | 01 23 | 53 3F Revnum | 00 09 04 00 SN[4:7] | 52 6A 1A 06 SN[8] | Reserved13 | I2CEnable | Reserved15 | EE | 13 | 00 | 00 I2CAddress | TempOffset | OTPmode | SelectorMode | C8 | 00 | 55 | 00 SlotConfig00 | SlotConfig01 | 8F 80 | 80 A1 SlotConfig02 | SlotConfig03 | 82 E0 | A3 60 SlotConfig04 | SlotConfig05 | 94 40 | A0 85 SlotConfig06 | SlotConfig07 | 86 40 | 87 07 SlotConfig08 | SlotConfig09 | 0F 00 | 89 F2 SlotConfig0A | SlotConfig0B | 8A 7A | 0B 8B SlotConfig0C | SlotConfig0D | 0C 4C | DD 4D SlotConfig0E | SlotConfig0F | C2 42 | AF 8F UseFlag00 | UpdateCount00 | UseFlag01 | UpdateCount01 | FF | 00 | FF | 00 UseFlag02 | UpdateCount02 | UseFlag03 | UpdateCount03 | FF | 00 | FF | 00 UseFlag04 | UpdateCount04 | UseFlag05 | UpdateCount05 | FF | 00 | FF | 00 UseFlag06 | UpdateCount06 | UseFlag07 | UpdateCount07 | FF | 00 | FF | 00 LastKeyUse[0:3] | FF FF FF FF LastKeyUse[4:7] | FF FF FF FF LastKeyUse[8:B] | FF FF FF FF LastKeyUse[C:F] | FF FF FF FF UserExtra | Selector | LockValue | LockConfig | 00 | 00 | 55 | 00 Take note of this key, it will never be the shown again: #define MY_HMAC_KEY [deleted] Writing key to slot 0... Send SPACE character to lock data... Data lock failed. Response: D3 Halting! -
@Anticimex Thanks - I am currently trying an Ethernet GW and a node (Sensebender Micro) with dev branch. I am stuck at personalisation. I cannot lock data. Any idea what I am doing wrong?
This is Sensebender (with ATSHA204):
Personalization sketch for MySensors usage. ------------------------------------------- Device revision: 00020009 Device serial: {0x01,0x23,0x53,0x3F,0x52,0x6A,0x1A,0x06,0xEE} 0123533F526A1A06EE Skipping configuration write and lock (configuration already locked). Chip configuration: EEPROM DATA: SOFT_HMAC_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF SOFT_SERIAL | FFFFFFFFFFFFFFFFFF AES_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF ATSHA204A DATA: SN[0:1] | SN[2:3] | 01 23 | 53 3F Revnum | 00 09 04 00 SN[4:7] | 52 6A 1A 06 SN[8] | Reserved13 | I2CEnable | Reserved15 | EE | 13 | 00 | 00 I2CAddress | TempOffset | OTPmode | SelectorMode | C8 | 00 | 55 | 00 SlotConfig00 | SlotConfig01 | 8F 80 | 80 A1 SlotConfig02 | SlotConfig03 | 82 E0 | A3 60 SlotConfig04 | SlotConfig05 | 94 40 | A0 85 SlotConfig06 | SlotConfig07 | 86 40 | 87 07 SlotConfig08 | SlotConfig09 | 0F 00 | 89 F2 SlotConfig0A | SlotConfig0B | 8A 7A | 0B 8B SlotConfig0C | SlotConfig0D | 0C 4C | DD 4D SlotConfig0E | SlotConfig0F | C2 42 | AF 8F UseFlag00 | UpdateCount00 | UseFlag01 | UpdateCount01 | FF | 00 | FF | 00 UseFlag02 | UpdateCount02 | UseFlag03 | UpdateCount03 | FF | 00 | FF | 00 UseFlag04 | UpdateCount04 | UseFlag05 | UpdateCount05 | FF | 00 | FF | 00 UseFlag06 | UpdateCount06 | UseFlag07 | UpdateCount07 | FF | 00 | FF | 00 LastKeyUse[0:3] | FF FF FF FF LastKeyUse[4:7] | FF FF FF FF LastKeyUse[8:B] | FF FF FF FF LastKeyUse[C:F] | FF FF FF FF UserExtra | Selector | LockValue | LockConfig | 00 | 00 | 55 | 00 Take note of this key, it will never be the shown again: #define MY_HMAC_KEY [deleted] Writing key to slot 0... Send SPACE character to lock data... Data lock failed. Response: D3 Halting!@alexsh1 actually, I have never actually locked data. Could be a bug there. But I also highly recommend that you don't. If you do, you will never be able to change hmac key in that device.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
