[security] Introducing signing support to MySensors

magpern

@ahmedadelhosni I had the same problem with serial speed on a few PCBs that I designed myself, design was based on existing mysensors PCBs. I could only run on 38k baud.
In my case it turned out to be a problem with the with of signal lines and power lines on the PCB. They where to small, and probably caused noise and bad through put, because when I widened the lines on the PCB, reordered them from fab house, then 115k baud worked again.

ahmedadelhosni

@Magnus-Pernemark I have also a modified version of Mysensebender node and the issue happened with some of the pcbs, not all of them. In your case I understood that it was a problem in all your pcbs. So maybe pcb quality from dirtypcbs was not that good with some of mine due to small width of lines.
Thanks.

ahmedadelhosni

Hello @Anticimex

I was testing HW signing using latest dev and I got the following :+1:

My setup > GW : 8 Mhz internal clock
My node > : 8 Mhz internal clock ( with MySysBootloader OTA)

From Gateway debug:

0;255;3;0;9;53 MCO:BGN:INIT GW,CP=RNNGAA--,VER=2.2.0-beta
0;255;3;0;9;129 !SGN:PER:TAMPERED
0;255;3;0;9;161 SGN:INI:BND OK
0;255;3;0;9;169 TSM:INIT
0;255;3;0;9;178 TSF:WUR:MS=0
0;255;3;0;9;190 TSM:INIT:TSP OK
0;255;3;0;9;198 TSM:INIT:GW MODE
0;255;3;0;9;208 TSM:READY:ID=0,PAR=0,DIS=0
0;255;3;0;9;221 MCO:REG:NOT NEEDED
0;255;3;0;14;Gateway startup complete.
0;255;0;0;18;2.2.0-beta
0;255;3;0;9;231 MCO:BGN:STP
0;255;3;0;9;253 MCO:BGN:INIT OK,TSP=1

When I try to add node 4 : This happens

0;255;3;0;9;180430 TSF:MSG:READ,4-4-255,s=255,c=3,t=7,pt=1,l=0,sg=0:0
0;255;3;0;9;180449 TSF:MSG:BC
0;255;3;0;9;180457 TSF:MSG:FPAR REQ,ID=4
0;255;3;0;9;180469 TSF:PNG:SEND,TO=0
0;255;3;0;9;180480 TSF:CKU:OK
0;255;3;0;9;180488 TSF:MSG:GWL OK
0;255;3;0;9;180768 SGN:SKP:MSG CMD=3,TYPE=8
0;255;3;0;9;180783 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
0;255;3;0;9;187224 TSF:MSG:READ,4-4-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0100
0;255;3;0;9;187244 !SGN:PRE:SGN NREQ,FROM=4 REJ
0;255;3;0;9;187256 SGN:PRE:SGN NREQ,TO=4
0;255;3;0;9;187269 SGN:PRE:WHI NREQ,TO=4
0;255;3;0;9;187279 SGN:SKP:MSG CMD=3,TYPE=15
0;255;3;0;9;187293 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100
0;255;3;0;9;187316 SGN:PRE:XMT,TO=4
0;255;3;0;9;187576 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102
4;255;4;0;0;1E000100B0031E310102
0;255;3;0;9;194334 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102
4;255;4;0;0;1E000100B0031E310102
0;255;3;0;9;201091 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102
4;255;4;0;0;1E000100B0031E310102
0;255;3;0;9;208238 TSF:MSG:READ,4-4-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
0;255;3;0;9;208257 TSF:MSG:BC
0;255;3;0;9;208265 TSF:MSG:FPAR REQ,ID=4
0;255;3;0;9;208275 TSF:PNG:SEND,TO=0
0;255;3;0;9;208285 TSF:CKU:OK
0;255;3;0;9;208293 TSF:MSG:GWL OK
0;255;3;0;9;208736 SGN:SKP:MSG CMD=3,TYPE=8
0;255;3;0;9;208750 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
0;255;3;0;9;210298 TSF:MSG:READ,4-4-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
0;255;3;0;9;210317 TSF:MSG:PINGED,ID=4,HP=1
0;255;3;0;9;210329 SGN:SKP:MSG CMD=3,TYPE=25
0;255;3;0;9;210343 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1
0;255;3;0;9;210364 TSF:MSG:READ,4-4-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
0;255;3;0;9;210384 SGN:PRE:SGN REQ,FROM=4
0;255;3;0;9;210397 SGN:PRE:SGN NREQ,TO=4
0;255;3;0;9;210407 SGN:PRE:WHI NREQ,TO=4
0;255;3;0;9;210417 SGN:SKP:MSG CMD=3,TYPE=15
0;255;3;0;9;210432 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100
0;255;3;0;9;210454 SGN:PRE:XMT,TO=4
0;255;3;0;9;210464 TSF:MSG:READ,4-4-0,s=255,c=0,t=18,pt=0,l=10,sg=0:2.2.0-beta
4;255;0;0;18;2.2.0-beta
0;255;3;0;9;210487 TSF:MSG:READ,4-4-0,s=255,c=3,t=6,pt=1,l=1,sg=0:0
4;255;3;0;6;0
0;255;3;0;9;212459 TSF:MSG:READ,4-4-0,s=255,c=3,t=11,pt=0,l=13,sg=0:Relay Signing
4;255;3;0;11;Relay Signing
0;255;3;0;9;212484 TSF:MSG:READ,4-4-0,s=255,c=3,t=12,pt=0,l=5,sg=0:1.2.1
4;255;3;0;12;1.2.1
0;255;3;0;9;212510 TSF:MSG:READ,4-4-0,s=3,c=0,t=3,pt=0,l=0,sg=0:
4;3;0;0;3;
0;255;3;0;9;212531 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
0;255;3;0;9;212551 !SGN:SGN:STATE
0;255;3;0;9;212561 !TSF:MSG:SIGN FAIL
0;255;3;0;9;214489 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
0;255;3;0;9;214507 !SGN:SGN:STATE
0;255;3;0;9;214517 !TSF:MSG:SIGN FAIL
0;255;3;0;9;216510 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
0;255;3;0;9;216528 !SGN:SGN:STATE
0;255;3;0;9;216539 !TSF:MSG:SIGN FAIL
0;255;3;0;9;218533 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
0;255;3;0;9;218552 !SGN:SGN:STATE
0;255;3;0;9;218560 !TSF:MSG:SIGN FAIL

My gateway sketch ::


// Enable debug prints to serial monitor
#define MY_DEBUG
#define MY_DEBUG_VERBOSE_SIGNING


#define MY_RADIO_NRF24
#define MY_RF24_PA_LEVEL RF24_PA_LOW

// Enable serial gateway
#define MY_GATEWAY_SERIAL

// Define a lower baud rate for Arduino's running on 8 MHz (Arduino Pro Mini 3.3V & SenseBender)
#if F_CPU == 8000000L
#define MY_BAUD_RATE 38400
#endif

#define MY_SIGNING_ATSHA204

// SETTINGS FOR MY_SIGNING_ATSHA204
#ifndef MY_SIGNING_ATSHA204_PIN
#define MY_SIGNING_ATSHA204_PIN 17 //!< A3 - pin where ATSHA204 is attached
#endif

#include <MySensors.h>

void setup()
{
	// Setup locally attached sensors
}

void presentation()
{
	// Present locally attached sensors
}

void loop()
{
	// Send locally attached sensor data here
}

Node code :

// Enable debug prints to serial monitor
//#define MY_DEBUG

// Enable and select radio type attached
#define MY_RADIO_NRF24
//#define MY_RADIO_NRF5_ESB
//#define MY_RADIO_RFM69
//#define MY_RADIO_RFM95

// Enable repeater functionality for this node
#define MY_REPEATER_FEATURE


#define MY_SIGNING_ATSHA204
#define MY_SIGNING_REQUEST_SIGNATURES

// SETTINGS FOR MY_SIGNING_ATSHA204
#ifndef MY_SIGNING_ATSHA204_PIN
#define MY_SIGNING_ATSHA204_PIN 17 //!< A3 - pin where ATSHA204 is attached
#endif

#include <MySensors.h>

// normal function call is here

I do personalized my nodes with the same HMAC as described in the docs.
I got this and I run the same sketch on all node including the gateway :

| This device has now been personalized. Run this sketch with its current settings   |
| on all the devices in your network that have security enabled.

First question :
I have searched for similar issues for 0;255;3;0;9;129 !SGN:PER:TAMPERED but I couldn't find.

Second one : Was signing tested recently with the latest dev branch ? because I guess I read in one of the posts that it has not been tested since a while.

THanks for the help.

Anticimex

@ahmedadelhosni
First answer: TAMPERED suggest that either you have had your personalized data altered between the time of personalization and usage. Or, you personalized your device using the personalizer from the official release or a early development version. The integrity check is a relatively new addition on the development branch.
Second answer: to my knowledge, signing works fine on the development branch.

ahmedadelhosni

@Anticimex Okay I managed to get it working .. I guess :dancer:

After I posted here I decided to go through the code to see when this TAMPERED is printed, so I thought from debugging that this is related to hwReadConfigBlock so I decided to clear the EEPROM, re personilize the gateway and reflash the GW sketch ... Now I get SGN:PER:OK

I then reflashed my sensor node again and I guess it is working now .. I tried sending 1;1;1;1;2;1 through serial and this is the result

0;255;3;0;9;429250 SGN:SKP:MSG CMD=3,TYPE=16
0;255;3;0;9;429266 TSF:MSG:SEND,0-0-1-1,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK:
0;255;3;0;9;429287 SGN:SGN:NCE REQ,TO=1
0;255;3;0;9;429391 TSF:MSG:READ,1-1-0,s=255,c=3,t=17,pt=6,l=25,sg=0:<NONCE>
0;255;3;0;9;429412 SGN:NCE:FROM=1
0;255;3;0;9;429422 SGN:BND:NONCE=882805C056A850AF00469170FEB702EB5B09EC1FEE51D2F22DAAAAAAAAAAAAAA
0;255;3;0;9;429557 SGN:BND:HMAC=6DB4F3CF2F17E42A5508B4A411CA1478582D052A249A278689D26A7A0B96FBA2
0;255;3;0;9;429584 SGN:SGN:SGN
0;255;3;0;9;429594 TSF:MSG:SEND,0-0-1-1,s=1,c=1,t=2,pt=0,l=1,sg=1,ft=0,st=OK:1
0;255;3;0;9;429740 TSF:MSG:READ,1-1-0,s=1,c=1,t=2,pt=0,l=1,sg=0:1
0;255;3;0;9;429758 TSF:MSG:ACK
1;1;1;1;2;1

I guess this means that signing is working .. I did try also to add another gateway with no signing and it only discovered my node (1) but I got NACK when trying to send to it.

Am I correct in my analysis ?

Thanks for the help.

Anticimex

@ahmedadelhosni that looks good to me. You can use the log parser on the homepage to get a more readable interpretation of the debug log.

ahmedadelhosni

@Anticimex thanks a lot.

I have another question please. I use atsha hw, do this setup save anything in the eeprom ?

ahmedadelhosni

@Anticimex sorry for lots of questions but can u explain in more details what you meant by " that either you have had your personalized data altered between the time of personalization and usage" ?

Anticimex

@ahmedadelhosni if you use atsha204a then only AES key for encryption is stored in eeprom by the personalizer. It is not used unless you activate encryption.

Anticimex

@ahmedadelhosni the integrity check that could emit a TAMPERED message is intended to ensure that signing backend does not use corrupted data.
This is done by having the personalizer calculate a checksum of the data it wrote. Then the signing backend validates the data read against the checksum and of there is a mismatch then it reports that personalization has been tampered.
This is to ensure that users don't get confused by signing not working if they have accidentally erased or manipulated the personalization data.

Proyectos Integrasoft

Hello! I'm new to this and I've been using MySensors to communicate a few nodes in my house with a gateway ... Everything I've done without problems until now that I want to sign the data ...

I have done the following:

Ah my sketch (node) simply added the following statement:

#define MY_SIGNING_SOFT
#define MY_SIGNING_REQUEST_SIGNATURES
#define MY_SIGNING_SOFT_RANDOMSEED_PIN A3
(It's a mini pro 3.3 v)

My GW added this:
#define MY_SIGNING_SOFT
#define MY_SIGNING_REQUEST_SIGNATURES
#define MY_SIGNING_SOFT_RANDOMSEED_PIN A7
(Nano 5v)

and already ... everything else I left it still, as I was working.

Now ... This is what the log of my node shows me:

0 MCO:BGN:INIT NODE,CP=RNNNAS-,VER=2.1.1
4 TSM:INIT
4 TSF:WUR:MS=0
12 TSM:INIT:TSP OK
14 TSM:INIT:STATID=110
16 TSF:SID:OK,ID=110
18 TSM:FPAR
55 TSF:MSG:SEND,110-110-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
698 TSF:MSG:READ,0-0-110,s=255,c=3,t=8,pt=1,l=1,sg=0:0
704 TSF:MSG:FPAR OK,ID=0,D=1
2064 TSM:FPAR:OK
2064 TSM:ID
2066 TSM:ID:OK
2068 TSM:UPL
2074 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=24,pt=1,l=1,sg=0,ft=0,st=OK:1
2084 TSF:MSG:READ,0-0-110,s=255,c=3,t=25,pt=1,l=1,sg=0:1
2091 TSF:MSG:PONG RECV,HP=1
2093 TSM:UPL:OK
2095 TSM:READY:ID=110,PAR=0,DIS=1
2119 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101
2129 TSF:MSG:READ,0-0-110,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
2154 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=0,ft=0,st=OK:
2177 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=0:543E0871819CBE4290536346F5231CBEF4C8F70A344B289CEA
2394 !TSF:MSG:SEND,110-110-0-0,s=255,c=0,t=17,pt=0,l=5,sg=1,ft=0,st=NACK:2.1.1
2451 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK:
2459 !TSF:MSG:SIGN FAIL
4509 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK:
4517 !TSF:MSG:SIGN FAIL
4569 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=5,st=NACK:
4577 !TSF:MSG:SIGN FAIL
4612 TSF:MSG:SEND,110-110-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=7,st=OK:
4632 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=1:5D4997715396BEFB979106A93EF22C9E1DBAE516012E040FAE
4851 !TSF:MSG:SEND,110-110-0-0,s=2,c=0,t=3,pt=0,l=11,sg=1,ft=0,st=NACK:Water Valve
4909 !TSF:MSG:SEND,110-110-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK:
4915 !TSF:MSG:SIGN FAIL
4966 !TSF:MSG:SEND,110-110-0-0,s=3,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK:
4974 !TSF:MSG:SIGN FAIL
5025 !TSF:MSG:SEND,110-110-0-0,s=4,c=3,t=16,pt=0,l=0,sg=1,ft=5,st=NACK:
5033 !TSF:MSG:SIGN FAIL
5083 !TSF:MSG:SEND,110-110-0-0,s=5,c=3,t=16,pt=0,l=0,sg=1,ft=7,st=NACK:
5091 !TSF:MSG:SIGN FAIL
5142 !TSF:MSG:SEND,110-110-0-0,s=6,c=3,t=16,pt=0,l=0,sg=1,ft=9,st=NACK:
5150 !TSF:MSG:SIGN FAIL
5199 !TSF:MSG:SEND,110-110-0-0,s=7,c=3,t=16,pt=0,l=0,sg=1,ft=11,st=NACK:
5208 !TSF:MSG:SIGN FAIL
5212 MCO:REG:REQ
5261 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=13,st=NACK:2
5269 !TSM:READY:UPL FAIL,SNP
5273 TSM:FPAR
5308 TSF:MSG:SEND,110-110-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=14,st=OK:
7270 !TSF:SND:TNR
7319 !TSM:FPAR:NO REPLY
7321 TSM:FPAR
7358 TSF:MSG:SEND,110-110-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
8204 TSF:MSG:READ,0-0-110,s=255,c=3,t=8,pt=1,l=1,sg=0:0
8210 TSF:MSG:FPAR OK,ID=0,D=1
9271 !TSF:SND:TNR
9367 TSM:FPAR:OK
9367 TSM:ID
9369 TSM:ID:OK
9371 TSM:UPL
9375 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=24,pt=1,l=1,sg=0,ft=0,st=OK:1
9385 TSF:MSG:READ,0-0-110,s=255,c=3,t=25,pt=1,l=1,sg=0:1
9392 TSF:MSG:PONG RECV,HP=1
9394 TSM:UPL:OK
9396 TSM:READY:ID=110,PAR=0,DIS=1
9412 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101
9420 TSF:MSG:READ,0-0-110,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
9457 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK:
9480 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=1:20169962FD569DAE7F6D69702C2AD69B8492264A3FC2450E50
9697 !TSF:MSG:SEND,110-110-0-0,s=255,c=0,t=17,pt=0,l=5,sg=1,ft=0,st=NACK:2.1.1
9754 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK:
9762 !TSF:MSG:SIGN FAIL
11812 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK:
11821 !TSF:MSG:SIGN FAIL
11872 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=5,st=NACK:
11880 !TSF:MSG:SIGN FAIL
11931 !TSF:MSG:SEND,110-110-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=7,st=NACK:
11939 !TSF:MSG:SIGN FAIL
11988 !TSF:MSG:SEND,110-110-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=9,st=NACK:
11997 !TSF:MSG:SIGN FAIL
12048 !TSF:MSG:SEND,110-110-0-0,s=3,c=3,t=16,pt=0,l=0,sg=1,ft=11,st=NACK:
12056 !TSF:MSG:SIGN FAIL
12107 !TSF:MSG:SEND,110-110-0-0,s=4,c=3,t=16,pt=0,l=0,sg=1,ft=13,st=NACK:
12115 !TSF:MSG:SIGN FAIL
12167 !TSF:MSG:SEND,110-110-0-0,s=5,c=3,t=16,pt=0,l=0,sg=1,ft=15,st=NACK:
12175 !TSF:MSG:SIGN FAIL
12224 !TSF:MSG:SEND,110-110-0-0,s=6,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK:
12232 !TSF:MSG:SIGN FAIL
12283 !TSF:MSG:SEND,110-110-0-0,s=7,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK:
12292 !TSF:MSG:SIGN FAIL
12294 MCO:REG:REQ
12343 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=5,st=OK:2
12351 TSF:MSG:READ,0-0-110,s=255,c=3,t=16,pt=0,l=0,sg=0:
12435 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=17,pt=6,l=25,sg=0,ft=0,st=NACK:EC4D4496E138DD8C83E9837D130B8AD51D0B5BE66E9CC103EB14399 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=1,st=NACK:2
16427 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=2,st=OK:2
16437 TSF:MSG:READ,0-0-110,s=255,c=3,t=16,pt=0,l=0,sg=0:
16519 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=17,pt=6,l=25,sg=0,ft=0,st=OK:CE22C6ECF337A5713AD0677785547E59FB49FB964B79EFAB88
16609 TSF:MSG:READ,0-0-110,s=255,c=3,t=27,pt=1,l=1,sg=1:1
16773 !TSF:MSG:SIGN VERIFY FAIL
16777 TSF:MSG:READ,0-0-110,s=255,c=3,t=27,pt=1,l=1,sg=1:1
16783 !TSF:MSG:SIGN VERIFY FAIL
16787 MCO:BGN:STP
16836 !TSF:MSG:SEND,110-110-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=NACK:
16844 !TSF:MSG:SIGN FAIL
16896 !TSF:MSG:SEND,110-110-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=2,st=NACK:
16904 !TSF:MSG:SIGN FAIL
16906 MCO:BGN:INIT OK,TSP=1
Valve Change Detected ,
Reporting battery
Main Battery reported: 1076
16959 !TSF:MSG:SEND,110-110-0-0,s=6,c=3,t=16,pt=0,l=0,sg=1,ft=4,st=NACK:
16967 !TSF:MSG:SIGN FAIL
Bridge Battery reported: 0
17018 !TSF:MSG:SEND,110-110-0-0,s=7,c=3,t=16,pt=0,l=0,sg=1,ft=6,st=NACK:
17027 !TSF:MSG:SIGN FAIL
next BATT report TIME selected
17037 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=8,st=OK:
17059 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=1:A49B044E02033467D7D7220BA28FBFEA6C9ED2EFA7C4DE16CD
17276 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=0,pt=1,l=1,sg=1,ft=0,st=NACK:100
Both to Low in Bridge .....

And this is what the log of the GW shows me:

0;255;3;0;9;TSF:MSG:READ,110-110-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
0;255;3;0;9;TSF:MSG:BC
0;255;3;0;9;TSF:MSG:FPAR REQ,ID=110
0;255;3;0;9;TSF:PNG:SEND,TO=0
0;255;3;0;9;TSF:CKU:OK
0;255;3;0;9;TSF:MSG:GWL OK
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
0;255;3;0;9;TSF:MSG:PINGED,ID=110,HP=1
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
0;255;3;0;9;!TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=NACK:0101
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=0:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=0,ft=0,st=OK:E36F33C7F0FAB62159035EE11FBC031CE96304C15907FCA866
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:9CB25AA3C9DDAA7EB1D4EC4FEE49B3ADDA743FB87AC1844809
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=6,pt=1,l=1,sg=1:0
0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:A2FFF069812565DE86C4BE5517F7F497141208817C51412562
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:F2503A2DF3D42714F93FF7386FC7E4087E6FFC31B86D0449BF
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=12,pt=0,l=3,sg=1:2.3
0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=2,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:3DB72D0ECA0E7C5546CB68782E93D66A0BA86F7DBD05714798
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=2,c=0,t=3,pt=0,l=11,sg=1:Water Valve
0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=1,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:272DE6ED5FDDDB14B704CF36D32DA37D3A3C32D4F7F30E4D86
0;255;3;0;9;TSF:MSG:READ,110-110-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
0;255;3;0;9;TSF:MSG:BC
0;255;3;0;9;TSF:MSG:FPAR REQ,ID=110
0;255;3;0;9;TSF:PNG:SEND,TO=0
0;255;3;0;9;TSF:CKU:OK
0;255;3;0;9;TSF:MSG:GWL OK
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
0;255;3;0;9;TSF:MSG:PINGED,ID=110,HP=1
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:05E7E841D621BB9E5F323082CBF40509B1B9D100C6EF955156
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:89A2A933A3310EE14AF048E3A786FD1432608BBD361B366DC0
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=2,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:554A491A49FA49B278B8269CEF0748346A9980A395161F3356
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=1,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:6220CC178F89ADD1F7AC819695C344770835A96CBAFB2D6848
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=6,c=3,t=16,pt=0,l=0,sg=1:
0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:DA701B4D253E0FC19BB7FA0D2699D1C9CE7F7E7B89586ED8A2
0;255;3;0;9;TSF:MSG:READ,110-110-0,s=6,c=0,t=30,pt=0,l=15,sg=1:Main Batt Volts
0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL

Can you help me please!?
I read everything about the signed but the truth I am somewhat confused ... If you could provide me a sketch of a node and a gateway that work for me to guide me I would appreciate it.

Thank you very much in advance!

Anticimex

@Proyectos-Integrasoft Hi, as mentioned several places, signing makes messages be a lot bigger and that puts strain on the radio link. You can see many NACKs in the log which means messages don't get through. That's way signing fail. You need to make sure you have properly decoupled radio modules and a solid power supply.

Anticimex

@Proyectos-Integrasoft another thing you did not mention is if you have personalized your nodes? Signing require personalization to store certain data. Please read the documentation (linked on the top of this thread).

Proyectos Integrasoft

@Anticimex Thnks!

As you can see in the sketch, I'm using a Nrf24L01 module for the node and for the gateway. They are connected to their designed boards (Node and Gateway) respectively. The power, for now, I am doing through the Ftdi232 that I use to connect it to the PC to do debugging. Before adding the signature to the sketch, they were working perfect. What do you suggest doing then?

Also, I have read about the customization of the nodes, but I feel honest I have not managed to understand how to do it ... Could you explain me easily how to personalize it? Truthfully, I have not been able to use the guide.

Thanks for answering me! : D

Anticimex

@Proyectos-Integrasoft then please let me know what parts are unclear. I try to make it as easy to follow as possible. You can also read the beta documentation but be aware that personalization has been rewritten on the beta track. I have provided a step by step instruction for personalization in the signing module in the documentation. It should give you all information needed.
Regarding powering, have you followed the guides available here in the forum for powering the radio? NACKs is not a signing problem. It is a radio problem.

Proyectos Integrasoft

@Anticimex What I understand is the following:

I must choose the backend that I am going to use. (In my case, I'll use the software firm)
Then I must choose a free pin to establish a random seed for the pseudorandom generator. (In my case I chose pin A3 that is completely free on the plate).
Then I request that all the messages that enter the node will be signed. (I do this using MY_SIGNING_REQUEST_SIGNATURES on the gateway and on the node)
finally says that if I am not going to use MY_SIGNING_SIMPLE_PASSWD, I need to customize the node. This is where I get confused ...

First of all, ask me to enable GENERATE_KEYS_SOFT, saying that this will provide random keys for HMAC and AES, and that I should copy and replace them in the corresponding definitions in "User-defined key data". What do you mean by "user-defined key data"? When I enable this, in the LOG of my node nothing strange comes out, the same thing I posted previously.

Second, you tell me to disable the key generator by software and enable the PERSONALIZE_SOFT ... And that this will keep the keys in the EEPROM ... When you talk about enabling and disabling you mean that I must burn the sketch first with Generate_Keys_Soft and then burn again but now with the hmac and aes keys that were generated, while enabling the Personalize_Soft?

This is what I do not understand. I do not get the keys with the GENERATE_KEYS_SOFT ... And I do not clearly understand what I should do next.

You apologize for my lack of knowledge or understanding. And I thank you for your help.

Proyectos Integrasoft

@Anticimex And as for the radio. I followed the connection guide that comes out at https://www.mysensors.org/build/serial_gateway, even watching the video. I do not know if you mean another guide? If so, could you give me the link? Thank you for your collaboration.

Anticimex

@Proyectos-Integrasoft I assume you use an official release first of all. That personalization is more complicated than the one used on beta/development branch.
Then you are first expected to generate the keys (like you say). These keys are printed on the serial console. You then copy those into the personalizer sketch and reconfigure the personalizer to store the keys you have set. And then you run the personalizer to use those keys.
You can of course skip the generation step and set the hmac key manually using the personalizer. The only requirement is the size of the key (32 bytes) and that it is identical on all nodes.

Proyectos Integrasoft

@Anticimex
Could you please give me the link of the last official release? to verify that is the one that I have. When you say "copy" the keys in the sketch personalizer, are you referring to PERSONALIZE_SOFT? And what do you mean by configuring the sketch personalizer? Could you additionally tell me how it would be done manually? (example of sketch)

Anticimex

@Proyectos-Integrasoft I am not sure where to start. I assume you are familiar with c code? The signing solution available in the latest official release (which you find on github, I believe is 2.1.1) require at least fundamental understanding of how to adjust sketch code.
The documentation gives the exact lines to change.
There is, like I said, a step by step guide, and if you follow it you should end up with a properly personalized device. In this case, that is of less importance since you currently do not have a stable enough radio link to use security since you get NACKs for full size payloads (so neither signing nor encryption will work).
So you will have to make that work and get rid of the NACKs, before we should start worrying about personalization.
And like I said before, that is not a signing related issue. You will get the same problem if you try to send full size payloads of any kind. Just try to disable signing and send full size payloads.

[security] Introducing signing support to MySensors

8

11.7k

11.2k

113.0k