[security] Introducing signing support to MySensors
-
Hello! I'm new to this and I've been using MySensors to communicate a few nodes in my house with a gateway ... Everything I've done without problems until now that I want to sign the data ...
I have done the following:
- Ah my sketch (node) simply added the following statement:
#define MY_SIGNING_SOFT
#define MY_SIGNING_REQUEST_SIGNATURES
#define MY_SIGNING_SOFT_RANDOMSEED_PIN A3
(It's a mini pro 3.3 v)- My GW added this:
#define MY_SIGNING_SOFT
#define MY_SIGNING_REQUEST_SIGNATURES
#define MY_SIGNING_SOFT_RANDOMSEED_PIN A7
(Nano 5v)
and already ... everything else I left it still, as I was working.
Now ... This is what the log of my node shows me:
0 MCO:BGN:INIT NODE,CP=RNNNAS-,VER=2.1.1 4 TSM:INIT 4 TSF:WUR:MS=0 12 TSM:INIT:TSP OK 14 TSM:INIT:STATID=110 16 TSF:SID:OK,ID=110 18 TSM:FPAR 55 TSF:MSG:SEND,110-110-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 698 TSF:MSG:READ,0-0-110,s=255,c=3,t=8,pt=1,l=1,sg=0:0 704 TSF:MSG:FPAR OK,ID=0,D=1 2064 TSM:FPAR:OK 2064 TSM:ID 2066 TSM:ID:OK 2068 TSM:UPL 2074 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=24,pt=1,l=1,sg=0,ft=0,st=OK:1 2084 TSF:MSG:READ,0-0-110,s=255,c=3,t=25,pt=1,l=1,sg=0:1 2091 TSF:MSG:PONG RECV,HP=1 2093 TSM:UPL:OK 2095 TSM:READY:ID=110,PAR=0,DIS=1 2119 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101 2129 TSF:MSG:READ,0-0-110,s=255,c=3,t=15,pt=6,l=2,sg=0:0101 2154 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=0,ft=0,st=OK: 2177 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=0:543E0871819CBE4290536346F5231CBEF4C8F70A344B289CEA 2394 !TSF:MSG:SEND,110-110-0-0,s=255,c=0,t=17,pt=0,l=5,sg=1,ft=0,st=NACK:2.1.1 2451 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK: 2459 !TSF:MSG:SIGN FAIL 4509 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK: 4517 !TSF:MSG:SIGN FAIL 4569 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=5,st=NACK: 4577 !TSF:MSG:SIGN FAIL 4612 TSF:MSG:SEND,110-110-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=7,st=OK: 4632 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=1:5D4997715396BEFB979106A93EF22C9E1DBAE516012E040FAE 4851 !TSF:MSG:SEND,110-110-0-0,s=2,c=0,t=3,pt=0,l=11,sg=1,ft=0,st=NACK:Water Valve 4909 !TSF:MSG:SEND,110-110-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK: 4915 !TSF:MSG:SIGN FAIL 4966 !TSF:MSG:SEND,110-110-0-0,s=3,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK: 4974 !TSF:MSG:SIGN FAIL 5025 !TSF:MSG:SEND,110-110-0-0,s=4,c=3,t=16,pt=0,l=0,sg=1,ft=5,st=NACK: 5033 !TSF:MSG:SIGN FAIL 5083 !TSF:MSG:SEND,110-110-0-0,s=5,c=3,t=16,pt=0,l=0,sg=1,ft=7,st=NACK: 5091 !TSF:MSG:SIGN FAIL 5142 !TSF:MSG:SEND,110-110-0-0,s=6,c=3,t=16,pt=0,l=0,sg=1,ft=9,st=NACK: 5150 !TSF:MSG:SIGN FAIL 5199 !TSF:MSG:SEND,110-110-0-0,s=7,c=3,t=16,pt=0,l=0,sg=1,ft=11,st=NACK: 5208 !TSF:MSG:SIGN FAIL 5212 MCO:REG:REQ 5261 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=13,st=NACK:2 5269 !TSM:READY:UPL FAIL,SNP 5273 TSM:FPAR 5308 TSF:MSG:SEND,110-110-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=14,st=OK: 7270 !TSF:SND:TNR 7319 !TSM:FPAR:NO REPLY 7321 TSM:FPAR 7358 TSF:MSG:SEND,110-110-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 8204 TSF:MSG:READ,0-0-110,s=255,c=3,t=8,pt=1,l=1,sg=0:0 8210 TSF:MSG:FPAR OK,ID=0,D=1 9271 !TSF:SND:TNR 9367 TSM:FPAR:OK 9367 TSM:ID 9369 TSM:ID:OK 9371 TSM:UPL 9375 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=24,pt=1,l=1,sg=0,ft=0,st=OK:1 9385 TSF:MSG:READ,0-0-110,s=255,c=3,t=25,pt=1,l=1,sg=0:1 9392 TSF:MSG:PONG RECV,HP=1 9394 TSM:UPL:OK 9396 TSM:READY:ID=110,PAR=0,DIS=1 9412 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101 9420 TSF:MSG:READ,0-0-110,s=255,c=3,t=15,pt=6,l=2,sg=0:0101 9457 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 9480 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=1:20169962FD569DAE7F6D69702C2AD69B8492264A3FC2450E50 9697 !TSF:MSG:SEND,110-110-0-0,s=255,c=0,t=17,pt=0,l=5,sg=1,ft=0,st=NACK:2.1.1 9754 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK: 9762 !TSF:MSG:SIGN FAIL 11812 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK: 11821 !TSF:MSG:SIGN FAIL 11872 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=5,st=NACK: 11880 !TSF:MSG:SIGN FAIL 11931 !TSF:MSG:SEND,110-110-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=7,st=NACK: 11939 !TSF:MSG:SIGN FAIL 11988 !TSF:MSG:SEND,110-110-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=9,st=NACK: 11997 !TSF:MSG:SIGN FAIL 12048 !TSF:MSG:SEND,110-110-0-0,s=3,c=3,t=16,pt=0,l=0,sg=1,ft=11,st=NACK: 12056 !TSF:MSG:SIGN FAIL 12107 !TSF:MSG:SEND,110-110-0-0,s=4,c=3,t=16,pt=0,l=0,sg=1,ft=13,st=NACK: 12115 !TSF:MSG:SIGN FAIL 12167 !TSF:MSG:SEND,110-110-0-0,s=5,c=3,t=16,pt=0,l=0,sg=1,ft=15,st=NACK: 12175 !TSF:MSG:SIGN FAIL 12224 !TSF:MSG:SEND,110-110-0-0,s=6,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK: 12232 !TSF:MSG:SIGN FAIL 12283 !TSF:MSG:SEND,110-110-0-0,s=7,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK: 12292 !TSF:MSG:SIGN FAIL 12294 MCO:REG:REQ 12343 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=5,st=OK:2 12351 TSF:MSG:READ,0-0-110,s=255,c=3,t=16,pt=0,l=0,sg=0: 12435 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=17,pt=6,l=25,sg=0,ft=0,st=NACK:EC4D4496E138DD8C83E9837D130B8AD51D0B5BE66E9CC103EB14399 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=1,st=NACK:2 16427 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=2,st=OK:2 16437 TSF:MSG:READ,0-0-110,s=255,c=3,t=16,pt=0,l=0,sg=0: 16519 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=17,pt=6,l=25,sg=0,ft=0,st=OK:CE22C6ECF337A5713AD0677785547E59FB49FB964B79EFAB88 16609 TSF:MSG:READ,0-0-110,s=255,c=3,t=27,pt=1,l=1,sg=1:1 16773 !TSF:MSG:SIGN VERIFY FAIL 16777 TSF:MSG:READ,0-0-110,s=255,c=3,t=27,pt=1,l=1,sg=1:1 16783 !TSF:MSG:SIGN VERIFY FAIL 16787 MCO:BGN:STP 16836 !TSF:MSG:SEND,110-110-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=NACK: 16844 !TSF:MSG:SIGN FAIL 16896 !TSF:MSG:SEND,110-110-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=2,st=NACK: 16904 !TSF:MSG:SIGN FAIL 16906 MCO:BGN:INIT OK,TSP=1 Valve Change Detected , Reporting battery Main Battery reported: 1076 16959 !TSF:MSG:SEND,110-110-0-0,s=6,c=3,t=16,pt=0,l=0,sg=1,ft=4,st=NACK: 16967 !TSF:MSG:SIGN FAIL Bridge Battery reported: 0 17018 !TSF:MSG:SEND,110-110-0-0,s=7,c=3,t=16,pt=0,l=0,sg=1,ft=6,st=NACK: 17027 !TSF:MSG:SIGN FAIL next BATT report TIME selected 17037 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=8,st=OK: 17059 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=1:A49B044E02033467D7D7220BA28FBFEA6C9ED2EFA7C4DE16CD 17276 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=0,pt=1,l=1,sg=1,ft=0,st=NACK:100 Both to Low in Bridge .....And this is what the log of the GW shows me:
0;255;3;0;9;TSF:MSG:READ,110-110-255,s=255,c=3,t=7,pt=0,l=0,sg=0: 0;255;3;0;9;TSF:MSG:BC 0;255;3;0;9;TSF:MSG:FPAR REQ,ID=110 0;255;3;0;9;TSF:PNG:SEND,TO=0 0;255;3;0;9;TSF:CKU:OK 0;255;3;0;9;TSF:MSG:GWL OK 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1 0;255;3;0;9;TSF:MSG:PINGED,ID=110,HP=1 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101 0;255;3;0;9;!TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=NACK:0101 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=0: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=0,ft=0,st=OK:E36F33C7F0FAB62159035EE11FBC031CE96304C15907FCA866 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:9CB25AA3C9DDAA7EB1D4EC4FEE49B3ADDA743FB87AC1844809 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=6,pt=1,l=1,sg=1:0 0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:A2FFF069812565DE86C4BE5517F7F497141208817C51412562 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:F2503A2DF3D42714F93FF7386FC7E4087E6FFC31B86D0449BF 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=12,pt=0,l=3,sg=1:2.3 0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=2,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:3DB72D0ECA0E7C5546CB68782E93D66A0BA86F7DBD05714798 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=2,c=0,t=3,pt=0,l=11,sg=1:Water Valve 0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=1,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:272DE6ED5FDDDB14B704CF36D32DA37D3A3C32D4F7F30E4D86 0;255;3;0;9;TSF:MSG:READ,110-110-255,s=255,c=3,t=7,pt=0,l=0,sg=0: 0;255;3;0;9;TSF:MSG:BC 0;255;3;0;9;TSF:MSG:FPAR REQ,ID=110 0;255;3;0;9;TSF:PNG:SEND,TO=0 0;255;3;0;9;TSF:CKU:OK 0;255;3;0;9;TSF:MSG:GWL OK 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1 0;255;3;0;9;TSF:MSG:PINGED,ID=110,HP=1 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:05E7E841D621BB9E5F323082CBF40509B1B9D100C6EF955156 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=255,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:89A2A933A3310EE14AF048E3A786FD1432608BBD361B366DC0 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=2,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:554A491A49FA49B278B8269CEF0748346A9980A395161F3356 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=1,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:6220CC178F89ADD1F7AC819695C344770835A96CBAFB2D6848 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=6,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;TSF:MSG:SEND,0-0-110-110,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:DA701B4D253E0FC19BB7FA0D2699D1C9CE7F7E7B89586ED8A2 0;255;3;0;9;TSF:MSG:READ,110-110-0,s=6,c=0,t=30,pt=0,l=15,sg=1:Main Batt Volts 0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAILCan you help me please!?
I read everything about the signed but the truth I am somewhat confused ... If you could provide me a sketch of a node and a gateway that work for me to guide me I would appreciate it.Thank you very much in advance!
@Proyectos-Integrasoft another thing you did not mention is if you have personalized your nodes? Signing require personalization to store certain data. Please read the documentation (linked on the top of this thread).
-
@Proyectos-Integrasoft another thing you did not mention is if you have personalized your nodes? Signing require personalization to store certain data. Please read the documentation (linked on the top of this thread).
@Anticimex Thnks!
As you can see in the sketch, I'm using a Nrf24L01 module for the node and for the gateway. They are connected to their designed boards (Node and Gateway) respectively. The power, for now, I am doing through the Ftdi232 that I use to connect it to the PC to do debugging. Before adding the signature to the sketch, they were working perfect. What do you suggest doing then?
Also, I have read about the customization of the nodes, but I feel honest I have not managed to understand how to do it ... Could you explain me easily how to personalize it? Truthfully, I have not been able to use the guide.
Thanks for answering me! : D
-
@Proyectos-Integrasoft then please let me know what parts are unclear. I try to make it as easy to follow as possible. You can also read the beta documentation but be aware that personalization has been rewritten on the beta track. I have provided a step by step instruction for personalization in the signing module in the documentation. It should give you all information needed.
Regarding powering, have you followed the guides available here in the forum for powering the radio? NACKs is not a signing problem. It is a radio problem. -
@Proyectos-Integrasoft then please let me know what parts are unclear. I try to make it as easy to follow as possible. You can also read the beta documentation but be aware that personalization has been rewritten on the beta track. I have provided a step by step instruction for personalization in the signing module in the documentation. It should give you all information needed.
Regarding powering, have you followed the guides available here in the forum for powering the radio? NACKs is not a signing problem. It is a radio problem.@Anticimex What I understand is the following:
- I must choose the backend that I am going to use. (In my case, I'll use the software firm)
- Then I must choose a free pin to establish a random seed for the pseudorandom generator. (In my case I chose pin A3 that is completely free on the plate).
- Then I request that all the messages that enter the node will be signed. (I do this using MY_SIGNING_REQUEST_SIGNATURES on the gateway and on the node)
- finally says that if I am not going to use MY_SIGNING_SIMPLE_PASSWD, I need to customize the node. This is where I get confused ...
First of all, ask me to enable GENERATE_KEYS_SOFT, saying that this will provide random keys for HMAC and AES, and that I should copy and replace them in the corresponding definitions in "User-defined key data". What do you mean by "user-defined key data"? When I enable this, in the LOG of my node nothing strange comes out, the same thing I posted previously.
Second, you tell me to disable the key generator by software and enable the PERSONALIZE_SOFT ... And that this will keep the keys in the EEPROM ... When you talk about enabling and disabling you mean that I must burn the sketch first with Generate_Keys_Soft and then burn again but now with the hmac and aes keys that were generated, while enabling the Personalize_Soft?
This is what I do not understand. I do not get the keys with the GENERATE_KEYS_SOFT ... And I do not clearly understand what I should do next.
You apologize for my lack of knowledge or understanding. And I thank you for your help.
-
@Proyectos-Integrasoft then please let me know what parts are unclear. I try to make it as easy to follow as possible. You can also read the beta documentation but be aware that personalization has been rewritten on the beta track. I have provided a step by step instruction for personalization in the signing module in the documentation. It should give you all information needed.
Regarding powering, have you followed the guides available here in the forum for powering the radio? NACKs is not a signing problem. It is a radio problem.@Anticimex And as for the radio. I followed the connection guide that comes out at https://www.mysensors.org/build/serial_gateway, even watching the video. I do not know if you mean another guide? If so, could you give me the link? Thank you for your collaboration.
-
@Anticimex What I understand is the following:
- I must choose the backend that I am going to use. (In my case, I'll use the software firm)
- Then I must choose a free pin to establish a random seed for the pseudorandom generator. (In my case I chose pin A3 that is completely free on the plate).
- Then I request that all the messages that enter the node will be signed. (I do this using MY_SIGNING_REQUEST_SIGNATURES on the gateway and on the node)
- finally says that if I am not going to use MY_SIGNING_SIMPLE_PASSWD, I need to customize the node. This is where I get confused ...
First of all, ask me to enable GENERATE_KEYS_SOFT, saying that this will provide random keys for HMAC and AES, and that I should copy and replace them in the corresponding definitions in "User-defined key data". What do you mean by "user-defined key data"? When I enable this, in the LOG of my node nothing strange comes out, the same thing I posted previously.
Second, you tell me to disable the key generator by software and enable the PERSONALIZE_SOFT ... And that this will keep the keys in the EEPROM ... When you talk about enabling and disabling you mean that I must burn the sketch first with Generate_Keys_Soft and then burn again but now with the hmac and aes keys that were generated, while enabling the Personalize_Soft?
This is what I do not understand. I do not get the keys with the GENERATE_KEYS_SOFT ... And I do not clearly understand what I should do next.
You apologize for my lack of knowledge or understanding. And I thank you for your help.
@Proyectos-Integrasoft I assume you use an official release first of all. That personalization is more complicated than the one used on beta/development branch.
Then you are first expected to generate the keys (like you say). These keys are printed on the serial console. You then copy those into the personalizer sketch and reconfigure the personalizer to store the keys you have set. And then you run the personalizer to use those keys.
You can of course skip the generation step and set the hmac key manually using the personalizer. The only requirement is the size of the key (32 bytes) and that it is identical on all nodes. -
@Proyectos-Integrasoft I assume you use an official release first of all. That personalization is more complicated than the one used on beta/development branch.
Then you are first expected to generate the keys (like you say). These keys are printed on the serial console. You then copy those into the personalizer sketch and reconfigure the personalizer to store the keys you have set. And then you run the personalizer to use those keys.
You can of course skip the generation step and set the hmac key manually using the personalizer. The only requirement is the size of the key (32 bytes) and that it is identical on all nodes.@Anticimex
Could you please give me the link of the last official release? to verify that is the one that I have. When you say "copy" the keys in the sketch personalizer, are you referring to PERSONALIZE_SOFT? And what do you mean by configuring the sketch personalizer? Could you additionally tell me how it would be done manually? (example of sketch) -
@Anticimex
Could you please give me the link of the last official release? to verify that is the one that I have. When you say "copy" the keys in the sketch personalizer, are you referring to PERSONALIZE_SOFT? And what do you mean by configuring the sketch personalizer? Could you additionally tell me how it would be done manually? (example of sketch)@Proyectos-Integrasoft I am not sure where to start. I assume you are familiar with c code? The signing solution available in the latest official release (which you find on github, I believe is 2.1.1) require at least fundamental understanding of how to adjust sketch code.
The documentation gives the exact lines to change.
There is, like I said, a step by step guide, and if you follow it you should end up with a properly personalized device. In this case, that is of less importance since you currently do not have a stable enough radio link to use security since you get NACKs for full size payloads (so neither signing nor encryption will work).
So you will have to make that work and get rid of the NACKs, before we should start worrying about personalization.
And like I said before, that is not a signing related issue. You will get the same problem if you try to send full size payloads of any kind. Just try to disable signing and send full size payloads. -
@Proyectos-Integrasoft I am not sure where to start. I assume you are familiar with c code? The signing solution available in the latest official release (which you find on github, I believe is 2.1.1) require at least fundamental understanding of how to adjust sketch code.
The documentation gives the exact lines to change.
There is, like I said, a step by step guide, and if you follow it you should end up with a properly personalized device. In this case, that is of less importance since you currently do not have a stable enough radio link to use security since you get NACKs for full size payloads (so neither signing nor encryption will work).
So you will have to make that work and get rid of the NACKs, before we should start worrying about personalization.
And like I said before, that is not a signing related issue. You will get the same problem if you try to send full size payloads of any kind. Just try to disable signing and send full size payloads.@Anticimex
Okay, so I'll start by tackling things step by step ... How can I avoid getting NACKs in my log? -
@Anticimex
Okay, so I'll start by tackling things step by step ... How can I avoid getting NACKs in my log?@Proyectos-Integrasoft as I said; ensuring good decoupling, a stable power supply (measure that to confirm). Also, counterfeit RF24 chips are all over the place that perform under par. There are quite a few threads here on this topic. So please post such questions in those, it is somewhat off topic here :)
Also, setting proper power levels can have a huge impact on the performance. -
Hi @Anticimex Actually there is something that I can not understand regarding cryptograhpy. I want to know how other products like Fibaro, Smartthings, etc handles the security ?
Here in our library the SW is not a good idea, why ? I thought beacuse someone can dump the memory .. but is it that easy ? Can't we lock the code and memory ? Also in the hardware ATSHA solution, someone can easily take the chip and intercept our network and sniff it or even send commands as it is explained in the documentation and that's why we don't use security for public nodes as it usualy reports states. But can't we lock the chip ? and by some way only the atmega can communicate with it to get the key by some way ?
I read online that some people are using private and public keys .. if this is the case, then the private key is offcourse saved in the memory. How do they handle this problem ?
Do they use AES , SHA ? which encyption way ?
Also the nRF52, I tried to read a lot and they use private and public keys i guess.
lots of questions and I am confused but I want to know how do they handle protection for public nodes.
Can you please explain this to me ?
Thanks.
-
Hi @Anticimex Actually there is something that I can not understand regarding cryptograhpy. I want to know how other products like Fibaro, Smartthings, etc handles the security ?
Here in our library the SW is not a good idea, why ? I thought beacuse someone can dump the memory .. but is it that easy ? Can't we lock the code and memory ? Also in the hardware ATSHA solution, someone can easily take the chip and intercept our network and sniff it or even send commands as it is explained in the documentation and that's why we don't use security for public nodes as it usualy reports states. But can't we lock the chip ? and by some way only the atmega can communicate with it to get the key by some way ?
I read online that some people are using private and public keys .. if this is the case, then the private key is offcourse saved in the memory. How do they handle this problem ?
Do they use AES , SHA ? which encyption way ?
Also the nRF52, I tried to read a lot and they use private and public keys i guess.
lots of questions and I am confused but I want to know how do they handle protection for public nodes.
Can you please explain this to me ?
Thanks.
@ahmedadelhosni some devices, like the atmega, doss not support locking the memory, so the software based signing is inherently insecure in terms of hw theft.
Atsha204a based signing protection specifically against this because the personalizer locks the chip from readout. It is not possible to extract the hmac key from the atsha204a memory and the key is never transmitted OTA (unless you deploy the personalizer OTA). -
Hi @Anticimex Actually there is something that I can not understand regarding cryptograhpy. I want to know how other products like Fibaro, Smartthings, etc handles the security ?
Here in our library the SW is not a good idea, why ? I thought beacuse someone can dump the memory .. but is it that easy ? Can't we lock the code and memory ? Also in the hardware ATSHA solution, someone can easily take the chip and intercept our network and sniff it or even send commands as it is explained in the documentation and that's why we don't use security for public nodes as it usualy reports states. But can't we lock the chip ? and by some way only the atmega can communicate with it to get the key by some way ?
I read online that some people are using private and public keys .. if this is the case, then the private key is offcourse saved in the memory. How do they handle this problem ?
Do they use AES , SHA ? which encyption way ?
Also the nRF52, I tried to read a lot and they use private and public keys i guess.
lots of questions and I am confused but I want to know how do they handle protection for public nodes.
Can you please explain this to me ?
Thanks.
@ahmedadelhosni and regarding reusing a node/atsha204a for attack purpose, we have whitelisting to protect against that. The serials used for whitelisting are also never send OTA (again, unless you send the personalizer OTA).
-
@ahmedadelhosni some devices, like the atmega, doss not support locking the memory, so the software based signing is inherently insecure in terms of hw theft.
Atsha204a based signing protection specifically against this because the personalizer locks the chip from readout. It is not possible to extract the hmac key from the atsha204a memory and the key is never transmitted OTA (unless you deploy the personalizer OTA).1- So if we have a microcontroller that supports locking the memory then the problem is solved ? I know that SAM is being introduced now, Does it support this ?
2- what is then the purpose of locking the ATSHA if we can't extract the HMAC which we depend on it ?
Thanks.
-
1- So if we have a microcontroller that supports locking the memory then the problem is solved ? I know that SAM is being introduced now, Does it support this ?
2- what is then the purpose of locking the ATSHA if we can't extract the HMAC which we depend on it ?
Thanks.
@ahmedadelhosni
We lock the atsha to make sure it can't be readable.
It does not matter that samd supports locking or not. The atmega328p does not. For now, we have a security scheme that supports any target, so we have to have a system that works for all.
For MySensors v3, an entirely new security scheme is under consideration. But it will mean dropping support for the atmga328p as it is not powerful enough.
As for what others do, I suggest you ask them :)
Security can be implemented in many ways. Each with drawbacks and benefits. The one currently in use is a scheme that can work on basically any target with reasonable security and performance. It has drawbacks, yes, but at the time of implementation, these were considered acceptable.
For the future, more sophisticated schemes can be used which are easier to use, arguably more secure but more complex in terms of computational power and protocol. The core team is investigating various solutions.Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@ahmedadelhosni
We lock the atsha to make sure it can't be readable.
It does not matter that samd supports locking or not. The atmega328p does not. For now, we have a security scheme that supports any target, so we have to have a system that works for all.
For MySensors v3, an entirely new security scheme is under consideration. But it will mean dropping support for the atmga328p as it is not powerful enough.
As for what others do, I suggest you ask them :)
Security can be implemented in many ways. Each with drawbacks and benefits. The one currently in use is a scheme that can work on basically any target with reasonable security and performance. It has drawbacks, yes, but at the time of implementation, these were considered acceptable.
For the future, more sophisticated schemes can be used which are easier to use, arguably more secure but more complex in terms of computational power and protocol. The core team is investigating various solutions.@Anticimex Sorry but I didn't understand the benefit of locking the ATSHA to be unreadable ? :expressionless:
I know we do not lock it so that we can read the HMAC and use it during verification, but what is the usage of a locked ATSHA ? -
@Anticimex Sorry but I didn't understand the benefit of locking the ATSHA to be unreadable ? :expressionless:
I know we do not lock it so that we can read the HMAC and use it during verification, but what is the usage of a locked ATSHA ?@ahmedadelhosni what do you mean? All cryptography is performed inside the chip. The hmac key never leaves the chip after it has been programmed and locked. Thats the whole point with the atsha204a.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@ahmedadelhosni what do you mean? All cryptography is performed inside the chip. The hmac key never leaves the chip after it has been programmed and locked. Thats the whole point with the atsha204a.
@Anticimex aha okay I understand a bit now. So we put s special hmac that does all cryptography jobs then it gives us something that is used for transmision?
Looks like i have to read the datasheet also :D
-
@Anticimex aha okay I understand a bit now. So we put s special hmac that does all cryptography jobs then it gives us something that is used for transmision?
Looks like i have to read the datasheet also :D
@ahmedadelhosni I'd suggest you start by reading the documentation on signing linked at the very top of this post. It explains in detail how the signing security is implemented.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@ahmedadelhosni I'd suggest you start by reading the documentation on signing linked at the very top of this post. It explains in detail how the signing security is implemented.
@Anticimex yeah I read it several times before but maybe didnt pay attention to tge technical stuff 😂
