[security] Introducing signing support to MySensors
-
@Magnus-Pernemark which version are you using?
The development version from github supports#define MY_BAUD_RATE 9600at the start of the sketch.
The 2.1.1 version has
Serial.begin(115200);in the sketch. Just change that.
@Anticimex I am so not familiar with the arduino/mysensors development yet, but I guess I use 2.1.1, since i used "Sketch / Include Library / Manage Library" and it had 2.1.1
@mfalkvidd Since I have the line Serial.begin(115200) I assume it is 2.1.1, but changing it to 9600 and uploading the sketch does nothing. I still need to open serial window with 115200, else I just see garbage as output from the mini pro.
I will try the development version and see if that helps.
-
@Anticimex I am so not familiar with the arduino/mysensors development yet, but I guess I use 2.1.1, since i used "Sketch / Include Library / Manage Library" and it had 2.1.1
@mfalkvidd Since I have the line Serial.begin(115200) I assume it is 2.1.1, but changing it to 9600 and uploading the sketch does nothing. I still need to open serial window with 115200, else I just see garbage as output from the mini pro.
I will try the development version and see if that helps.
-
@Magnus-Pernemark or you can just disable the confirmation altogether. Just define SKIP_UART_CONFIRMATION
@Anticimex hehe, true... but I am a developer by trade, and bypassing something just because it would be easier, feels so wrong. I might end up doing so, but I'll give it some more tries first. Problems are a very good way to learn, and in arduino development I am a total noobie, more used to C# and the .NET world.
-
@Anticimex hehe, true... but I am a developer by trade, and bypassing something just because it would be easier, feels so wrong. I might end up doing so, but I'll give it some more tries first. Problems are a very good way to learn, and in arduino development I am a total noobie, more used to C# and the .NET world.
-
@Magnus-Pernemark as a developer by trade, you should be bold enough to use the beta releases and live on the bleeding edge then ;)
@Anticimex I'll start living on the edge immediately. It's the way to go!
I switched to develop and could change the band rate, however develop version skips UART confirmation by default so I never had the problem there. Never needed to send any keys. Got the chip configured atleast.
I kind of started in the wrong end - designed my own pcbs, then start to know the development environment.
But I'll figure it out... just takes time.. thanks for the help!! -
@Anticimex I'll start living on the edge immediately. It's the way to go!
I switched to develop and could change the band rate, however develop version skips UART confirmation by default so I never had the problem there. Never needed to send any keys. Got the chip configured atleast.
I kind of started in the wrong end - designed my own pcbs, then start to know the development environment.
But I'll figure it out... just takes time.. thanks for the help!!@Magnus-Pernemark that's correct. Or, it is correct if you follow the "guided mode". If you wanna be hardcore, you drop the guided defines and set the individual flags according to your specific needs, and then you get to enable (or more precisely, not disable) UART confirmation (in case you want to test it).
-
Hi!
Starting to learn signing. I use a parallell system (with another channel) where I could test signing before I went on my live system. For now I just use soft signing, it works perfect!Now, I just want to test a node (motionsensor) that include:
#define MY_SIGNING_REQUEST_SIGNATURESThe gateway has no signing feature (it has not gone thru personalition process) In my head, the node shall reject to connect to this gateway, but after the signing fails, it start to send data to the gateway. Did I miss something here?
Debug text on node:
0 MCO:BGN:INIT NODE,CP=RNNNAS--,VER=2.2.0-beta 49 SGN:PER:OK 83 SGN:INI:BND OK 83 TSM:INIT 86 TSF:WUR:MS=0 94 TSM:INIT:TSP OK 96 TSM:INIT:STATID=101 98 TSF:SID:OK,ID=101 100 TSM:FPAR 102 SGN:SGN:NREQ=255 139 TSF:MSG:SEND,101-101-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 684 TSF:MSG:READ,0-0-101,s=255,c=3,t=8,pt=1,l=1,sg=0:0 690 SGN:SKP:MSG CMD=3,TYPE=8 692 TSF:MSG:FPAR OK,ID=0,D=1 2148 TSM:FPAR:OK 2148 TSM:ID 2150 TSM:ID:OK 2152 TSM:UPL 2154 SGN:SGN:NREQ=0 2158 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=24,pt=1,l=1,sg=0,ft=0,st=OK:1 2168 TSF:MSG:READ,0-0-101,s=255,c=3,t=25,pt=1,l=1,sg=0:1 2174 SGN:SKP:MSG CMD=3,TYPE=25 2177 TSF:MSG:PONG RECV,HP=1 2181 TSM:UPL:OK 2183 TSM:READY:ID=101,PAR=0,DIS=1 2187 SGN:PRE:SGN REQ 2189 SGN:PRE:WHI NREQ 2191 SGN:SGN:NREQ=0 2195 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101 2203 SGN:PRE:XMT,TO=0 2205 SGN:PRE:WAIT GW 2207 TSF:MSG:READ,0-0-101,s=255,c=3,t=15,pt=6,l=2,sg=0:0100 2213 SGN:SKP:MSG CMD=3,TYPE=15 2217 SGN:SGN:NREQ=0 2222 TSF:MSG:SEND,101-101-0-0,s=255,c=0,t=17,pt=0,l=10,sg=0,ft=0,st=OK:2.2.0-beta 2232 SGN:SGN:NREQ=0 2234 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=6,pt=1,l=1,sg=0,ft=0,st=OK:0 2248 TSF:MSG:READ,0-0-101,s=255,c=3,t=6,pt=0,l=1,sg=0:M 2254 !SGN:VER:NSG 2256 !TSF:MSG:SIGN VERIFY FAIL 2258 SGN:SGN:NREQ=0 2263 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=11,pt=0,l=13,sg=0,ft=0,st=OK:Motion Sensor 2273 SGN:SGN:NREQ=0 2277 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=12,pt=0,l=3,sg=0,ft=0,st=OK:1.0 2285 SGN:SGN:NREQ=0 2289 TSF:MSG:SEND,101-101-0-0,s=1,c=0,t=1,pt=0,l=0,sg=0,ft=0,st=OK: 2295 MCO:REG:REQ 2297 SGN:SGN:NREQ=0 2301 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=26,pt=1,l=1,sg=0,ft=0,st=OK:2 2310 TSF:MSG:READ,0-0-101,s=255,c=3,t=27,pt=1,l=1,sg=0:1 2316 !SGN:VER:NSG 2318 !TSF:MSG:SIGN VERIFY FAIL 2322 MCO:BGN:STP 2324 MCO:BGN:INIT OK,TSP=1 1 2326 SGN:SGN:NREQ=0 2330 TSF:MSG:SEND,101-101-0-0,s=1,c=1,t=16,pt=0,l=1,sg=0,ft=0,st=OK:1 2338 MCO:SLP:MS=120000,SMS=0,I1=1,M1=1,I2=255,M2=255 2344 TSF:TDI:TSL 2347 MCO:SLP:WUP=1 2349 TSF:TRI:TSB 0 2351 SGN:SGN:NREQ=0 2355 TSF:MSG:SEND,101-101-0-0,s=1,c=1,t=16,pt=0,l=1,sg=0,ft=0,st=OK:0 2363 MCO:SLP:MS=120000,SMS=0,I1=1,M1=1,I2=255,M2=255 2367 TSF:TDI:TSL -
Hi!
Starting to learn signing. I use a parallell system (with another channel) where I could test signing before I went on my live system. For now I just use soft signing, it works perfect!Now, I just want to test a node (motionsensor) that include:
#define MY_SIGNING_REQUEST_SIGNATURESThe gateway has no signing feature (it has not gone thru personalition process) In my head, the node shall reject to connect to this gateway, but after the signing fails, it start to send data to the gateway. Did I miss something here?
Debug text on node:
0 MCO:BGN:INIT NODE,CP=RNNNAS--,VER=2.2.0-beta 49 SGN:PER:OK 83 SGN:INI:BND OK 83 TSM:INIT 86 TSF:WUR:MS=0 94 TSM:INIT:TSP OK 96 TSM:INIT:STATID=101 98 TSF:SID:OK,ID=101 100 TSM:FPAR 102 SGN:SGN:NREQ=255 139 TSF:MSG:SEND,101-101-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 684 TSF:MSG:READ,0-0-101,s=255,c=3,t=8,pt=1,l=1,sg=0:0 690 SGN:SKP:MSG CMD=3,TYPE=8 692 TSF:MSG:FPAR OK,ID=0,D=1 2148 TSM:FPAR:OK 2148 TSM:ID 2150 TSM:ID:OK 2152 TSM:UPL 2154 SGN:SGN:NREQ=0 2158 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=24,pt=1,l=1,sg=0,ft=0,st=OK:1 2168 TSF:MSG:READ,0-0-101,s=255,c=3,t=25,pt=1,l=1,sg=0:1 2174 SGN:SKP:MSG CMD=3,TYPE=25 2177 TSF:MSG:PONG RECV,HP=1 2181 TSM:UPL:OK 2183 TSM:READY:ID=101,PAR=0,DIS=1 2187 SGN:PRE:SGN REQ 2189 SGN:PRE:WHI NREQ 2191 SGN:SGN:NREQ=0 2195 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101 2203 SGN:PRE:XMT,TO=0 2205 SGN:PRE:WAIT GW 2207 TSF:MSG:READ,0-0-101,s=255,c=3,t=15,pt=6,l=2,sg=0:0100 2213 SGN:SKP:MSG CMD=3,TYPE=15 2217 SGN:SGN:NREQ=0 2222 TSF:MSG:SEND,101-101-0-0,s=255,c=0,t=17,pt=0,l=10,sg=0,ft=0,st=OK:2.2.0-beta 2232 SGN:SGN:NREQ=0 2234 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=6,pt=1,l=1,sg=0,ft=0,st=OK:0 2248 TSF:MSG:READ,0-0-101,s=255,c=3,t=6,pt=0,l=1,sg=0:M 2254 !SGN:VER:NSG 2256 !TSF:MSG:SIGN VERIFY FAIL 2258 SGN:SGN:NREQ=0 2263 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=11,pt=0,l=13,sg=0,ft=0,st=OK:Motion Sensor 2273 SGN:SGN:NREQ=0 2277 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=12,pt=0,l=3,sg=0,ft=0,st=OK:1.0 2285 SGN:SGN:NREQ=0 2289 TSF:MSG:SEND,101-101-0-0,s=1,c=0,t=1,pt=0,l=0,sg=0,ft=0,st=OK: 2295 MCO:REG:REQ 2297 SGN:SGN:NREQ=0 2301 TSF:MSG:SEND,101-101-0-0,s=255,c=3,t=26,pt=1,l=1,sg=0,ft=0,st=OK:2 2310 TSF:MSG:READ,0-0-101,s=255,c=3,t=27,pt=1,l=1,sg=0:1 2316 !SGN:VER:NSG 2318 !TSF:MSG:SIGN VERIFY FAIL 2322 MCO:BGN:STP 2324 MCO:BGN:INIT OK,TSP=1 1 2326 SGN:SGN:NREQ=0 2330 TSF:MSG:SEND,101-101-0-0,s=1,c=1,t=16,pt=0,l=1,sg=0,ft=0,st=OK:1 2338 MCO:SLP:MS=120000,SMS=0,I1=1,M1=1,I2=255,M2=255 2344 TSF:TDI:TSL 2347 MCO:SLP:WUP=1 2349 TSF:TRI:TSB 0 2351 SGN:SGN:NREQ=0 2355 TSF:MSG:SEND,101-101-0-0,s=1,c=1,t=16,pt=0,l=1,sg=0,ft=0,st=OK:0 2363 MCO:SLP:MS=120000,SMS=0,I1=1,M1=1,I2=255,M2=255 2367 TSF:TDI:TSL@gus what is it that you think is not working? Just because your node require signatures does not prevent the node from sending data to your gateway which does not require signatures.
And as you can see in the log you get errors about missing signatures (and hence failed verifications) so it looks as expected to me.
You could try to paste your log into the log parser to get a easier to read output.Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@gus what is it that you think is not working? Just because your node require signatures does not prevent the node from sending data to your gateway which does not require signatures.
And as you can see in the log you get errors about missing signatures (and hence failed verifications) so it looks as expected to me.
You could try to paste your log into the log parser to get a easier to read output. -
@Anticimex Ok, just thought when signing failed, the node was halted :confused:
So that control mechanism need to be implemented in my sketch then?
Great, I will use the log parser! -
@Anticimex Ahh, now I get it!! Thanks for helping me out here!
Cheers
-
Hello @Anticimex
Sometimes it happens that the Serial printing is not correct and it is okay when the baud rate is lower to 57600. I guess the default is 115200 when this error happens.
+------------------------------------------------------------------------------------+
⸮ M⸮Se⸮so⸮s security p⸮r⸮o⸮alizer ⸮
+------------------------------------------------------------------------------------++------------------------------------------------------------------------------------+
⸮ C⸮n⸮igur⸮t⸮on set⸮i⸮g⸮ ⸮
+------------------------------------------------------------------------------------+
| * G⸮i⸮e⸮ ⸮e⸮s⸮nali⸮ation/⸮t⸮ra⸮e of key⸮ ⸮n AT⸮H⸮204A |
| * ⸮T⸮HA204A based ⸮e⸮s⸮n⸮l⸮z⸮t⸮o⸮ ⸮
⸮ * Will l⸮ck ATSH⸮204⸮ c⸮n⸮i⸮u⸮atio⸮ |
⸮ * W⸮ll no⸮ req⸮i⸮e any UA⸮T co⸮fi⸮m⸮ti⸮ns ⸮
| * ⸮i⸮l ⸮to⸮e ⸮MA⸮ key to A⸮SH⸮204A |
| * Will store ⸮ES ke⸮ to ⸮E⸮R⸮M ⸮
+------------------------------------------------------------------------------------+ -
Hello @Anticimex
Sometimes it happens that the Serial printing is not correct and it is okay when the baud rate is lower to 57600. I guess the default is 115200 when this error happens.
+------------------------------------------------------------------------------------+
⸮ M⸮Se⸮so⸮s security p⸮r⸮o⸮alizer ⸮
+------------------------------------------------------------------------------------++------------------------------------------------------------------------------------+
⸮ C⸮n⸮igur⸮t⸮on set⸮i⸮g⸮ ⸮
+------------------------------------------------------------------------------------+
| * G⸮i⸮e⸮ ⸮e⸮s⸮nali⸮ation/⸮t⸮ra⸮e of key⸮ ⸮n AT⸮H⸮204A |
| * ⸮T⸮HA204A based ⸮e⸮s⸮n⸮l⸮z⸮t⸮o⸮ ⸮
⸮ * Will l⸮ck ATSH⸮204⸮ c⸮n⸮i⸮u⸮atio⸮ |
⸮ * W⸮ll no⸮ req⸮i⸮e any UA⸮T co⸮fi⸮m⸮ti⸮ns ⸮
| * ⸮i⸮l ⸮to⸮e ⸮MA⸮ key to A⸮SH⸮204A |
| * Will store ⸮ES ke⸮ to ⸮E⸮R⸮M ⸮
+------------------------------------------------------------------------------------+@ahmedadelhosni yes, this can happen on some targets. It depend on the quality and precision of the oscillator. If output looks garbled, reducing the baud rate is a good place to start.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@ahmedadelhosni yes, this can happen on some targets. It depend on the quality and precision of the oscillator. If output looks garbled, reducing the baud rate is a good place to start.
@Anticimex so this has nothing to do with the quality of my overall node ? I mean as a reference that this node will be stable or not during operation.
I ordered my atmega smd from mouser and all passive componets too. Only pcbs are from dirtypcbs. I thought getting high quality from mouser would be better.
Thanks.
-
@Anticimex so this has nothing to do with the quality of my overall node ? I mean as a reference that this node will be stable or not during operation.
I ordered my atmega smd from mouser and all passive componets too. Only pcbs are from dirtypcbs. I thought getting high quality from mouser would be better.
Thanks.
@ahmedadelhosni
That is hard to say. There are many reports of atmega not being really good at handling 115200 at certain oscillator frequencies. So no, I don't think it directly hints at something being wrong with your hardware. But I cannot be sure of course :) -
Hello @Anticimex
Sometimes it happens that the Serial printing is not correct and it is okay when the baud rate is lower to 57600. I guess the default is 115200 when this error happens.
+------------------------------------------------------------------------------------+
⸮ M⸮Se⸮so⸮s security p⸮r⸮o⸮alizer ⸮
+------------------------------------------------------------------------------------++------------------------------------------------------------------------------------+
⸮ C⸮n⸮igur⸮t⸮on set⸮i⸮g⸮ ⸮
+------------------------------------------------------------------------------------+
| * G⸮i⸮e⸮ ⸮e⸮s⸮nali⸮ation/⸮t⸮ra⸮e of key⸮ ⸮n AT⸮H⸮204A |
| * ⸮T⸮HA204A based ⸮e⸮s⸮n⸮l⸮z⸮t⸮o⸮ ⸮
⸮ * Will l⸮ck ATSH⸮204⸮ c⸮n⸮i⸮u⸮atio⸮ |
⸮ * W⸮ll no⸮ req⸮i⸮e any UA⸮T co⸮fi⸮m⸮ti⸮ns ⸮
| * ⸮i⸮l ⸮to⸮e ⸮MA⸮ key to A⸮SH⸮204A |
| * Will store ⸮ES ke⸮ to ⸮E⸮R⸮M ⸮
+------------------------------------------------------------------------------------+@ahmedadelhosni I had the same problem with serial speed on a few PCBs that I designed myself, design was based on existing mysensors PCBs. I could only run on 38k baud.
In my case it turned out to be a problem with the with of signal lines and power lines on the PCB. They where to small, and probably caused noise and bad through put, because when I widened the lines on the PCB, reordered them from fab house, then 115k baud worked again. -
@ahmedadelhosni I had the same problem with serial speed on a few PCBs that I designed myself, design was based on existing mysensors PCBs. I could only run on 38k baud.
In my case it turned out to be a problem with the with of signal lines and power lines on the PCB. They where to small, and probably caused noise and bad through put, because when I widened the lines on the PCB, reordered them from fab house, then 115k baud worked again.@Magnus-Pernemark I have also a modified version of Mysensebender node and the issue happened with some of the pcbs, not all of them. In your case I understood that it was a problem in all your pcbs. So maybe pcb quality from dirtypcbs was not that good with some of mine due to small width of lines.
Thanks. -
Hello @Anticimex
I was testing HW signing using latest dev and I got the following :+1:
My setup > GW : 8 Mhz internal clock
My node > : 8 Mhz internal clock ( with MySysBootloader OTA)From Gateway debug:
0;255;3;0;9;53 MCO:BGN:INIT GW,CP=RNNGAA--,VER=2.2.0-beta 0;255;3;0;9;129 !SGN:PER:TAMPERED 0;255;3;0;9;161 SGN:INI:BND OK 0;255;3;0;9;169 TSM:INIT 0;255;3;0;9;178 TSF:WUR:MS=0 0;255;3;0;9;190 TSM:INIT:TSP OK 0;255;3;0;9;198 TSM:INIT:GW MODE 0;255;3;0;9;208 TSM:READY:ID=0,PAR=0,DIS=0 0;255;3;0;9;221 MCO:REG:NOT NEEDED 0;255;3;0;14;Gateway startup complete. 0;255;0;0;18;2.2.0-beta 0;255;3;0;9;231 MCO:BGN:STP 0;255;3;0;9;253 MCO:BGN:INIT OK,TSP=1When I try to add node 4 : This happens
0;255;3;0;9;180430 TSF:MSG:READ,4-4-255,s=255,c=3,t=7,pt=1,l=0,sg=0:0 0;255;3;0;9;180449 TSF:MSG:BC 0;255;3;0;9;180457 TSF:MSG:FPAR REQ,ID=4 0;255;3;0;9;180469 TSF:PNG:SEND,TO=0 0;255;3;0;9;180480 TSF:CKU:OK 0;255;3;0;9;180488 TSF:MSG:GWL OK 0;255;3;0;9;180768 SGN:SKP:MSG CMD=3,TYPE=8 0;255;3;0;9;180783 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0 0;255;3;0;9;187224 TSF:MSG:READ,4-4-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0100 0;255;3;0;9;187244 !SGN:PRE:SGN NREQ,FROM=4 REJ 0;255;3;0;9;187256 SGN:PRE:SGN NREQ,TO=4 0;255;3;0;9;187269 SGN:PRE:WHI NREQ,TO=4 0;255;3;0;9;187279 SGN:SKP:MSG CMD=3,TYPE=15 0;255;3;0;9;187293 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100 0;255;3;0;9;187316 SGN:PRE:XMT,TO=4 0;255;3;0;9;187576 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102 4;255;4;0;0;1E000100B0031E310102 0;255;3;0;9;194334 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102 4;255;4;0;0;1E000100B0031E310102 0;255;3;0;9;201091 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102 4;255;4;0;0;1E000100B0031E310102 0;255;3;0;9;208238 TSF:MSG:READ,4-4-255,s=255,c=3,t=7,pt=0,l=0,sg=0: 0;255;3;0;9;208257 TSF:MSG:BC 0;255;3;0;9;208265 TSF:MSG:FPAR REQ,ID=4 0;255;3;0;9;208275 TSF:PNG:SEND,TO=0 0;255;3;0;9;208285 TSF:CKU:OK 0;255;3;0;9;208293 TSF:MSG:GWL OK 0;255;3;0;9;208736 SGN:SKP:MSG CMD=3,TYPE=8 0;255;3;0;9;208750 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0 0;255;3;0;9;210298 TSF:MSG:READ,4-4-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1 0;255;3;0;9;210317 TSF:MSG:PINGED,ID=4,HP=1 0;255;3;0;9;210329 SGN:SKP:MSG CMD=3,TYPE=25 0;255;3;0;9;210343 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1 0;255;3;0;9;210364 TSF:MSG:READ,4-4-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101 0;255;3;0;9;210384 SGN:PRE:SGN REQ,FROM=4 0;255;3;0;9;210397 SGN:PRE:SGN NREQ,TO=4 0;255;3;0;9;210407 SGN:PRE:WHI NREQ,TO=4 0;255;3;0;9;210417 SGN:SKP:MSG CMD=3,TYPE=15 0;255;3;0;9;210432 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100 0;255;3;0;9;210454 SGN:PRE:XMT,TO=4 0;255;3;0;9;210464 TSF:MSG:READ,4-4-0,s=255,c=0,t=18,pt=0,l=10,sg=0:2.2.0-beta 4;255;0;0;18;2.2.0-beta 0;255;3;0;9;210487 TSF:MSG:READ,4-4-0,s=255,c=3,t=6,pt=1,l=1,sg=0:0 4;255;3;0;6;0 0;255;3;0;9;212459 TSF:MSG:READ,4-4-0,s=255,c=3,t=11,pt=0,l=13,sg=0:Relay Signing 4;255;3;0;11;Relay Signing 0;255;3;0;9;212484 TSF:MSG:READ,4-4-0,s=255,c=3,t=12,pt=0,l=5,sg=0:1.2.1 4;255;3;0;12;1.2.1 0;255;3;0;9;212510 TSF:MSG:READ,4-4-0,s=3,c=0,t=3,pt=0,l=0,sg=0: 4;3;0;0;3; 0;255;3;0;9;212531 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2 0;255;3;0;9;212551 !SGN:SGN:STATE 0;255;3;0;9;212561 !TSF:MSG:SIGN FAIL 0;255;3;0;9;214489 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2 0;255;3;0;9;214507 !SGN:SGN:STATE 0;255;3;0;9;214517 !TSF:MSG:SIGN FAIL 0;255;3;0;9;216510 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2 0;255;3;0;9;216528 !SGN:SGN:STATE 0;255;3;0;9;216539 !TSF:MSG:SIGN FAIL 0;255;3;0;9;218533 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2 0;255;3;0;9;218552 !SGN:SGN:STATE 0;255;3;0;9;218560 !TSF:MSG:SIGN FAILMy gateway sketch ::
// Enable debug prints to serial monitor #define MY_DEBUG #define MY_DEBUG_VERBOSE_SIGNING #define MY_RADIO_NRF24 #define MY_RF24_PA_LEVEL RF24_PA_LOW // Enable serial gateway #define MY_GATEWAY_SERIAL // Define a lower baud rate for Arduino's running on 8 MHz (Arduino Pro Mini 3.3V & SenseBender) #if F_CPU == 8000000L #define MY_BAUD_RATE 38400 #endif #define MY_SIGNING_ATSHA204 // SETTINGS FOR MY_SIGNING_ATSHA204 #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 //!< A3 - pin where ATSHA204 is attached #endif #include <MySensors.h> void setup() { // Setup locally attached sensors } void presentation() { // Present locally attached sensors } void loop() { // Send locally attached sensor data here }Node code :
// Enable debug prints to serial monitor //#define MY_DEBUG // Enable and select radio type attached #define MY_RADIO_NRF24 //#define MY_RADIO_NRF5_ESB //#define MY_RADIO_RFM69 //#define MY_RADIO_RFM95 // Enable repeater functionality for this node #define MY_REPEATER_FEATURE #define MY_SIGNING_ATSHA204 #define MY_SIGNING_REQUEST_SIGNATURES // SETTINGS FOR MY_SIGNING_ATSHA204 #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 //!< A3 - pin where ATSHA204 is attached #endif #include <MySensors.h> // normal function call is hereI do personalized my nodes with the same HMAC as described in the docs.
I got this and I run the same sketch on all node including the gateway :| This device has now been personalized. Run this sketch with its current settings | | on all the devices in your network that have security enabled.First question :
I have searched for similar issues for 0;255;3;0;9;129 !SGN:PER:TAMPERED but I couldn't find.Second one : Was signing tested recently with the latest dev branch ? because I guess I read in one of the posts that it has not been tested since a while.
THanks for the help.
-
Hello @Anticimex
I was testing HW signing using latest dev and I got the following :+1:
My setup > GW : 8 Mhz internal clock
My node > : 8 Mhz internal clock ( with MySysBootloader OTA)From Gateway debug:
0;255;3;0;9;53 MCO:BGN:INIT GW,CP=RNNGAA--,VER=2.2.0-beta 0;255;3;0;9;129 !SGN:PER:TAMPERED 0;255;3;0;9;161 SGN:INI:BND OK 0;255;3;0;9;169 TSM:INIT 0;255;3;0;9;178 TSF:WUR:MS=0 0;255;3;0;9;190 TSM:INIT:TSP OK 0;255;3;0;9;198 TSM:INIT:GW MODE 0;255;3;0;9;208 TSM:READY:ID=0,PAR=0,DIS=0 0;255;3;0;9;221 MCO:REG:NOT NEEDED 0;255;3;0;14;Gateway startup complete. 0;255;0;0;18;2.2.0-beta 0;255;3;0;9;231 MCO:BGN:STP 0;255;3;0;9;253 MCO:BGN:INIT OK,TSP=1When I try to add node 4 : This happens
0;255;3;0;9;180430 TSF:MSG:READ,4-4-255,s=255,c=3,t=7,pt=1,l=0,sg=0:0 0;255;3;0;9;180449 TSF:MSG:BC 0;255;3;0;9;180457 TSF:MSG:FPAR REQ,ID=4 0;255;3;0;9;180469 TSF:PNG:SEND,TO=0 0;255;3;0;9;180480 TSF:CKU:OK 0;255;3;0;9;180488 TSF:MSG:GWL OK 0;255;3;0;9;180768 SGN:SKP:MSG CMD=3,TYPE=8 0;255;3;0;9;180783 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0 0;255;3;0;9;187224 TSF:MSG:READ,4-4-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0100 0;255;3;0;9;187244 !SGN:PRE:SGN NREQ,FROM=4 REJ 0;255;3;0;9;187256 SGN:PRE:SGN NREQ,TO=4 0;255;3;0;9;187269 SGN:PRE:WHI NREQ,TO=4 0;255;3;0;9;187279 SGN:SKP:MSG CMD=3,TYPE=15 0;255;3;0;9;187293 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100 0;255;3;0;9;187316 SGN:PRE:XMT,TO=4 0;255;3;0;9;187576 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102 4;255;4;0;0;1E000100B0031E310102 0;255;3;0;9;194334 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102 4;255;4;0;0;1E000100B0031E310102 0;255;3;0;9;201091 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102 4;255;4;0;0;1E000100B0031E310102 0;255;3;0;9;208238 TSF:MSG:READ,4-4-255,s=255,c=3,t=7,pt=0,l=0,sg=0: 0;255;3;0;9;208257 TSF:MSG:BC 0;255;3;0;9;208265 TSF:MSG:FPAR REQ,ID=4 0;255;3;0;9;208275 TSF:PNG:SEND,TO=0 0;255;3;0;9;208285 TSF:CKU:OK 0;255;3;0;9;208293 TSF:MSG:GWL OK 0;255;3;0;9;208736 SGN:SKP:MSG CMD=3,TYPE=8 0;255;3;0;9;208750 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0 0;255;3;0;9;210298 TSF:MSG:READ,4-4-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1 0;255;3;0;9;210317 TSF:MSG:PINGED,ID=4,HP=1 0;255;3;0;9;210329 SGN:SKP:MSG CMD=3,TYPE=25 0;255;3;0;9;210343 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1 0;255;3;0;9;210364 TSF:MSG:READ,4-4-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101 0;255;3;0;9;210384 SGN:PRE:SGN REQ,FROM=4 0;255;3;0;9;210397 SGN:PRE:SGN NREQ,TO=4 0;255;3;0;9;210407 SGN:PRE:WHI NREQ,TO=4 0;255;3;0;9;210417 SGN:SKP:MSG CMD=3,TYPE=15 0;255;3;0;9;210432 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100 0;255;3;0;9;210454 SGN:PRE:XMT,TO=4 0;255;3;0;9;210464 TSF:MSG:READ,4-4-0,s=255,c=0,t=18,pt=0,l=10,sg=0:2.2.0-beta 4;255;0;0;18;2.2.0-beta 0;255;3;0;9;210487 TSF:MSG:READ,4-4-0,s=255,c=3,t=6,pt=1,l=1,sg=0:0 4;255;3;0;6;0 0;255;3;0;9;212459 TSF:MSG:READ,4-4-0,s=255,c=3,t=11,pt=0,l=13,sg=0:Relay Signing 4;255;3;0;11;Relay Signing 0;255;3;0;9;212484 TSF:MSG:READ,4-4-0,s=255,c=3,t=12,pt=0,l=5,sg=0:1.2.1 4;255;3;0;12;1.2.1 0;255;3;0;9;212510 TSF:MSG:READ,4-4-0,s=3,c=0,t=3,pt=0,l=0,sg=0: 4;3;0;0;3; 0;255;3;0;9;212531 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2 0;255;3;0;9;212551 !SGN:SGN:STATE 0;255;3;0;9;212561 !TSF:MSG:SIGN FAIL 0;255;3;0;9;214489 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2 0;255;3;0;9;214507 !SGN:SGN:STATE 0;255;3;0;9;214517 !TSF:MSG:SIGN FAIL 0;255;3;0;9;216510 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2 0;255;3;0;9;216528 !SGN:SGN:STATE 0;255;3;0;9;216539 !TSF:MSG:SIGN FAIL 0;255;3;0;9;218533 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2 0;255;3;0;9;218552 !SGN:SGN:STATE 0;255;3;0;9;218560 !TSF:MSG:SIGN FAILMy gateway sketch ::
// Enable debug prints to serial monitor #define MY_DEBUG #define MY_DEBUG_VERBOSE_SIGNING #define MY_RADIO_NRF24 #define MY_RF24_PA_LEVEL RF24_PA_LOW // Enable serial gateway #define MY_GATEWAY_SERIAL // Define a lower baud rate for Arduino's running on 8 MHz (Arduino Pro Mini 3.3V & SenseBender) #if F_CPU == 8000000L #define MY_BAUD_RATE 38400 #endif #define MY_SIGNING_ATSHA204 // SETTINGS FOR MY_SIGNING_ATSHA204 #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 //!< A3 - pin where ATSHA204 is attached #endif #include <MySensors.h> void setup() { // Setup locally attached sensors } void presentation() { // Present locally attached sensors } void loop() { // Send locally attached sensor data here }Node code :
// Enable debug prints to serial monitor //#define MY_DEBUG // Enable and select radio type attached #define MY_RADIO_NRF24 //#define MY_RADIO_NRF5_ESB //#define MY_RADIO_RFM69 //#define MY_RADIO_RFM95 // Enable repeater functionality for this node #define MY_REPEATER_FEATURE #define MY_SIGNING_ATSHA204 #define MY_SIGNING_REQUEST_SIGNATURES // SETTINGS FOR MY_SIGNING_ATSHA204 #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 //!< A3 - pin where ATSHA204 is attached #endif #include <MySensors.h> // normal function call is hereI do personalized my nodes with the same HMAC as described in the docs.
I got this and I run the same sketch on all node including the gateway :| This device has now been personalized. Run this sketch with its current settings | | on all the devices in your network that have security enabled.First question :
I have searched for similar issues for 0;255;3;0;9;129 !SGN:PER:TAMPERED but I couldn't find.Second one : Was signing tested recently with the latest dev branch ? because I guess I read in one of the posts that it has not been tested since a while.
THanks for the help.
@ahmedadelhosni
First answer: TAMPERED suggest that either you have had your personalized data altered between the time of personalization and usage. Or, you personalized your device using the personalizer from the official release or a early development version. The integrity check is a relatively new addition on the development branch.
Second answer: to my knowledge, signing works fine on the development branch.Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
