[security] Introducing signing support to MySensors

  • Contest Winner

    @gus what is it that you think is not working? Just because your node require signatures does not prevent the node from sending data to your gateway which does not require signatures.
    And as you can see in the log you get errors about missing signatures (and hence failed verifications) so it looks as expected to me.
    You could try to paste your log into the log parser to get a easier to read output.

  • @Anticimex Ok, just thought when signing failed, the node was halted 😕
    So that control mechanism need to be implemented in my sketch then?
    Great, I will use the log parser!

  • Contest Winner

    @gus no, when signing verification fail, the message is just discarded

  • @Anticimex Ahh, now I get it!! Thanks for helping me out here!


  • Contest Winner

    @gus always 🙂 nice to hear that you have a fully functional signing rig. Happy signing!

  • Hello @Anticimex

    Sometimes it happens that the Serial printing is not correct and it is okay when the baud rate is lower to 57600. I guess the default is 115200 when this error happens.

    ⸮ M⸮Se⸮so⸮s security p⸮r⸮o⸮alizer ⸮

    ⸮ C⸮n⸮igur⸮t⸮on set⸮i⸮g⸮ ⸮
    | * G⸮i⸮e⸮ ⸮e⸮s⸮nali⸮ation/⸮t⸮ra⸮e of key⸮ ⸮n AT⸮H⸮204A |
    | * ⸮T⸮HA204A based ⸮e⸮s⸮n⸮l⸮z⸮t⸮o⸮ ⸮
    ⸮ * Will l⸮ck ATSH⸮204⸮ c⸮n⸮i⸮u⸮atio⸮ |
    ⸮ * W⸮ll no⸮ req⸮i⸮e any UA⸮T co⸮fi⸮m⸮ti⸮ns ⸮
    | * ⸮i⸮l ⸮to⸮e ⸮MA⸮ key to A⸮SH⸮204A |
    | * Will store ⸮ES ke⸮ to ⸮E⸮R⸮M ⸮

  • Contest Winner

    @ahmedadelhosni yes, this can happen on some targets. It depend on the quality and precision of the oscillator. If output looks garbled, reducing the baud rate is a good place to start.

  • @Anticimex so this has nothing to do with the quality of my overall node ? I mean as a reference that this node will be stable or not during operation.

    I ordered my atmega smd from mouser and all passive componets too. Only pcbs are from dirtypcbs. I thought getting high quality from mouser would be better.


  • Contest Winner

    That is hard to say. There are many reports of atmega not being really good at handling 115200 at certain oscillator frequencies. So no, I don't think it directly hints at something being wrong with your hardware. But I cannot be sure of course 🙂

  • @ahmedadelhosni I had the same problem with serial speed on a few PCBs that I designed myself, design was based on existing mysensors PCBs. I could only run on 38k baud.
    In my case it turned out to be a problem with the with of signal lines and power lines on the PCB. They where to small, and probably caused noise and bad through put, because when I widened the lines on the PCB, reordered them from fab house, then 115k baud worked again.

  • @Magnus-Pernemark I have also a modified version of Mysensebender node and the issue happened with some of the pcbs, not all of them. In your case I understood that it was a problem in all your pcbs. So maybe pcb quality from dirtypcbs was not that good with some of mine due to small width of lines.

  • Hello @Anticimex

    I was testing HW signing using latest dev and I got the following 👍

    My setup > GW : 8 Mhz internal clock
    My node > : 8 Mhz internal clock ( with MySysBootloader OTA)

    From Gateway debug:

    0;255;3;0;9;53 MCO:BGN:INIT GW,CP=RNNGAA--,VER=2.2.0-beta
    0;255;3;0;9;129 !SGN:PER:TAMPERED
    0;255;3;0;9;161 SGN:INI:BND OK
    0;255;3;0;9;169 TSM:INIT
    0;255;3;0;9;178 TSF:WUR:MS=0
    0;255;3;0;9;190 TSM:INIT:TSP OK
    0;255;3;0;9;198 TSM:INIT:GW MODE
    0;255;3;0;9;208 TSM:READY:ID=0,PAR=0,DIS=0
    0;255;3;0;9;221 MCO:REG:NOT NEEDED
    0;255;3;0;14;Gateway startup complete.
    0;255;3;0;9;231 MCO:BGN:STP
    0;255;3;0;9;253 MCO:BGN:INIT OK,TSP=1

    When I try to add node 4 : This happens

    0;255;3;0;9;180430 TSF:MSG:READ,4-4-255,s=255,c=3,t=7,pt=1,l=0,sg=0:0
    0;255;3;0;9;180449 TSF:MSG:BC
    0;255;3;0;9;180457 TSF:MSG:FPAR REQ,ID=4
    0;255;3;0;9;180469 TSF:PNG:SEND,TO=0
    0;255;3;0;9;180480 TSF:CKU:OK
    0;255;3;0;9;180488 TSF:MSG:GWL OK
    0;255;3;0;9;180768 SGN:SKP:MSG CMD=3,TYPE=8
    0;255;3;0;9;180783 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
    0;255;3;0;9;187224 TSF:MSG:READ,4-4-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0100
    0;255;3;0;9;187244 !SGN:PRE:SGN NREQ,FROM=4 REJ
    0;255;3;0;9;187256 SGN:PRE:SGN NREQ,TO=4
    0;255;3;0;9;187269 SGN:PRE:WHI NREQ,TO=4
    0;255;3;0;9;187279 SGN:SKP:MSG CMD=3,TYPE=15
    0;255;3;0;9;187293 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100
    0;255;3;0;9;187316 SGN:PRE:XMT,TO=4
    0;255;3;0;9;187576 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102
    0;255;3;0;9;194334 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102
    0;255;3;0;9;201091 TSF:MSG:READ,4-4-0,s=255,c=4,t=0,pt=6,l=10,sg=0:1E000100B0031E310102
    0;255;3;0;9;208238 TSF:MSG:READ,4-4-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
    0;255;3;0;9;208257 TSF:MSG:BC
    0;255;3;0;9;208265 TSF:MSG:FPAR REQ,ID=4
    0;255;3;0;9;208275 TSF:PNG:SEND,TO=0
    0;255;3;0;9;208285 TSF:CKU:OK
    0;255;3;0;9;208293 TSF:MSG:GWL OK
    0;255;3;0;9;208736 SGN:SKP:MSG CMD=3,TYPE=8
    0;255;3;0;9;208750 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
    0;255;3;0;9;210298 TSF:MSG:READ,4-4-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
    0;255;3;0;9;210317 TSF:MSG:PINGED,ID=4,HP=1
    0;255;3;0;9;210329 SGN:SKP:MSG CMD=3,TYPE=25
    0;255;3;0;9;210343 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1
    0;255;3;0;9;210364 TSF:MSG:READ,4-4-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
    0;255;3;0;9;210384 SGN:PRE:SGN REQ,FROM=4
    0;255;3;0;9;210397 SGN:PRE:SGN NREQ,TO=4
    0;255;3;0;9;210407 SGN:PRE:WHI NREQ,TO=4
    0;255;3;0;9;210417 SGN:SKP:MSG CMD=3,TYPE=15
    0;255;3;0;9;210432 TSF:MSG:SEND,0-0-4-4,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0100
    0;255;3;0;9;210454 SGN:PRE:XMT,TO=4
    0;255;3;0;9;210464 TSF:MSG:READ,4-4-0,s=255,c=0,t=18,pt=0,l=10,sg=0:2.2.0-beta
    0;255;3;0;9;210487 TSF:MSG:READ,4-4-0,s=255,c=3,t=6,pt=1,l=1,sg=0:0
    0;255;3;0;9;212459 TSF:MSG:READ,4-4-0,s=255,c=3,t=11,pt=0,l=13,sg=0:Relay Signing
    4;255;3;0;11;Relay Signing
    0;255;3;0;9;212484 TSF:MSG:READ,4-4-0,s=255,c=3,t=12,pt=0,l=5,sg=0:1.2.1
    0;255;3;0;9;212510 TSF:MSG:READ,4-4-0,s=3,c=0,t=3,pt=0,l=0,sg=0:
    0;255;3;0;9;212531 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
    0;255;3;0;9;212551 !SGN:SGN:STATE
    0;255;3;0;9;212561 !TSF:MSG:SIGN FAIL
    0;255;3;0;9;214489 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
    0;255;3;0;9;214507 !SGN:SGN:STATE
    0;255;3;0;9;214517 !TSF:MSG:SIGN FAIL
    0;255;3;0;9;216510 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
    0;255;3;0;9;216528 !SGN:SGN:STATE
    0;255;3;0;9;216539 !TSF:MSG:SIGN FAIL
    0;255;3;0;9;218533 TSF:MSG:READ,4-4-0,s=255,c=3,t=26,pt=1,l=1,sg=0:2
    0;255;3;0;9;218552 !SGN:SGN:STATE
    0;255;3;0;9;218560 !TSF:MSG:SIGN FAIL

    My gateway sketch ::

    // Enable debug prints to serial monitor
    #define MY_DEBUG
    #define MY_RADIO_NRF24
    #define MY_RF24_PA_LEVEL RF24_PA_LOW
    // Enable serial gateway
    // Define a lower baud rate for Arduino's running on 8 MHz (Arduino Pro Mini 3.3V & SenseBender)
    #if F_CPU == 8000000L
    #define MY_BAUD_RATE 38400
    #define MY_SIGNING_ATSHA204
    #ifndef MY_SIGNING_ATSHA204_PIN
    #define MY_SIGNING_ATSHA204_PIN 17 //!< A3 - pin where ATSHA204 is attached
    #include <MySensors.h>
    void setup()
    	// Setup locally attached sensors
    void presentation()
    	// Present locally attached sensors
    void loop()
    	// Send locally attached sensor data here

    Node code :

    // Enable debug prints to serial monitor
    //#define MY_DEBUG
    // Enable and select radio type attached
    #define MY_RADIO_NRF24
    //#define MY_RADIO_NRF5_ESB
    //#define MY_RADIO_RFM69
    //#define MY_RADIO_RFM95
    // Enable repeater functionality for this node
    #define MY_SIGNING_ATSHA204
    #ifndef MY_SIGNING_ATSHA204_PIN
    #define MY_SIGNING_ATSHA204_PIN 17 //!< A3 - pin where ATSHA204 is attached
    #include <MySensors.h>
    // normal function call is here

    I do personalized my nodes with the same HMAC as described in the docs.
    I got this and I run the same sketch on all node including the gateway :

    | This device has now been personalized. Run this sketch with its current settings   |
    | on all the devices in your network that have security enabled.

    First question :
    I have searched for similar issues for 0;255;3;0;9;129 !SGN:PER:TAMPERED but I couldn't find.

    Second one : Was signing tested recently with the latest dev branch ? because I guess I read in one of the posts that it has not been tested since a while.

    THanks for the help.

  • Contest Winner

    First answer: TAMPERED suggest that either you have had your personalized data altered between the time of personalization and usage. Or, you personalized your device using the personalizer from the official release or a early development version. The integrity check is a relatively new addition on the development branch.
    Second answer: to my knowledge, signing works fine on the development branch.

  • @Anticimex Okay I managed to get it working .. I guess 💃

    After I posted here I decided to go through the code to see when this TAMPERED is printed, so I thought from debugging that this is related to hwReadConfigBlock so I decided to clear the EEPROM, re personilize the gateway and reflash the GW sketch ... Now I get SGN:PER:OK

    I then reflashed my sensor node again and I guess it is working now .. I tried sending 1;1;1;1;2;1 through serial and this is the result

    0;255;3;0;9;429250 SGN:SKP:MSG CMD=3,TYPE=16
    0;255;3;0;9;429266 TSF:MSG:SEND,0-0-1-1,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK:
    0;255;3;0;9;429287 SGN:SGN:NCE REQ,TO=1
    0;255;3;0;9;429391 TSF:MSG:READ,1-1-0,s=255,c=3,t=17,pt=6,l=25,sg=0:<NONCE>
    0;255;3;0;9;429412 SGN:NCE:FROM=1
    0;255;3;0;9;429422 SGN:BND:NONCE=882805C056A850AF00469170FEB702EB5B09EC1FEE51D2F22DAAAAAAAAAAAAAA
    0;255;3;0;9;429557 SGN:BND:HMAC=6DB4F3CF2F17E42A5508B4A411CA1478582D052A249A278689D26A7A0B96FBA2
    0;255;3;0;9;429584 SGN:SGN:SGN
    0;255;3;0;9;429594 TSF:MSG:SEND,0-0-1-1,s=1,c=1,t=2,pt=0,l=1,sg=1,ft=0,st=OK:1
    0;255;3;0;9;429740 TSF:MSG:READ,1-1-0,s=1,c=1,t=2,pt=0,l=1,sg=0:1
    0;255;3;0;9;429758 TSF:MSG:ACK

    I guess this means that signing is working .. I did try also to add another gateway with no signing and it only discovered my node (1) but I got NACK when trying to send to it.

    Am I correct in my analysis ?

    Thanks for the help.

  • Contest Winner

    @ahmedadelhosni that looks good to me. You can use the log parser on the homepage to get a more readable interpretation of the debug log.

  • @Anticimex thanks a lot.

    I have another question please. I use atsha hw, do this setup save anything in the eeprom ?

  • @Anticimex sorry for lots of questions but can u explain in more details what you meant by " that either you have had your personalized data altered between the time of personalization and usage" ?

  • Contest Winner

    @ahmedadelhosni if you use atsha204a then only AES key for encryption is stored in eeprom by the personalizer. It is not used unless you activate encryption.

  • Contest Winner

    @ahmedadelhosni the integrity check that could emit a TAMPERED message is intended to ensure that signing backend does not use corrupted data.
    This is done by having the personalizer calculate a checksum of the data it wrote. Then the signing backend validates the data read against the checksum and of there is a mismatch then it reports that personalization has been tampered.
    This is to ensure that users don't get confused by signing not working if they have accidentally erased or manipulated the personalization data.

  • Hello! I'm new to this and I've been using MySensors to communicate a few nodes in my house with a gateway ... Everything I've done without problems until now that I want to sign the data ...

    I have done the following:

    1. Ah my sketch (node) simply added the following statement:

    #define MY_SIGNING_SOFT
    (It's a mini pro 3.3 v)

    1. My GW added this:
      #define MY_SIGNING_SOFT
      (Nano 5v)

    and already ... everything else I left it still, as I was working.

    Now ... This is what the log of my node shows me:

    4 TSM:INIT
    4 TSF:WUR:MS=0
    14 TSM:INIT:STATID=110
    16 TSF:SID:OK,ID=110
    18 TSM:FPAR
    55 TSF:MSG:SEND,110-110-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
    698 TSF:MSG:READ,0-0-110,s=255,c=3,t=8,pt=1,l=1,sg=0:0
    704 TSF:MSG:FPAR OK,ID=0,D=1
    2064 TSM:FPAR:OK
    2064 TSM:ID
    2066 TSM:ID:OK
    2068 TSM:UPL
    2074 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=24,pt=1,l=1,sg=0,ft=0,st=OK:1
    2084 TSF:MSG:READ,0-0-110,s=255,c=3,t=25,pt=1,l=1,sg=0:1
    2093 TSM:UPL:OK
    2095 TSM:READY:ID=110,PAR=0,DIS=1
    2119 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101
    2129 TSF:MSG:READ,0-0-110,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
    2154 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=0,ft=0,st=OK:
    2177 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=0:543E0871819CBE4290536346F5231CBEF4C8F70A344B289CEA
    2394 !TSF:MSG:SEND,110-110-0-0,s=255,c=0,t=17,pt=0,l=5,sg=1,ft=0,st=NACK:2.1.1
    2451 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK:
    4509 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK:
    4569 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=5,st=NACK:
    4612 TSF:MSG:SEND,110-110-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=7,st=OK:
    4632 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=1:5D4997715396BEFB979106A93EF22C9E1DBAE516012E040FAE
    4851 !TSF:MSG:SEND,110-110-0-0,s=2,c=0,t=3,pt=0,l=11,sg=1,ft=0,st=NACK:Water Valve
    4909 !TSF:MSG:SEND,110-110-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK:
    4966 !TSF:MSG:SEND,110-110-0-0,s=3,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK:
    5025 !TSF:MSG:SEND,110-110-0-0,s=4,c=3,t=16,pt=0,l=0,sg=1,ft=5,st=NACK:
    5083 !TSF:MSG:SEND,110-110-0-0,s=5,c=3,t=16,pt=0,l=0,sg=1,ft=7,st=NACK:
    5142 !TSF:MSG:SEND,110-110-0-0,s=6,c=3,t=16,pt=0,l=0,sg=1,ft=9,st=NACK:
    5199 !TSF:MSG:SEND,110-110-0-0,s=7,c=3,t=16,pt=0,l=0,sg=1,ft=11,st=NACK:
    5212 MCO:REG:REQ
    5261 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=13,st=NACK:2
    5273 TSM:FPAR
    5308 TSF:MSG:SEND,110-110-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=14,st=OK:
    7270 !TSF:SND:TNR
    7321 TSM:FPAR
    7358 TSF:MSG:SEND,110-110-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
    8204 TSF:MSG:READ,0-0-110,s=255,c=3,t=8,pt=1,l=1,sg=0:0
    8210 TSF:MSG:FPAR OK,ID=0,D=1
    9271 !TSF:SND:TNR
    9367 TSM:FPAR:OK
    9367 TSM:ID
    9369 TSM:ID:OK
    9371 TSM:UPL
    9375 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=24,pt=1,l=1,sg=0,ft=0,st=OK:1
    9385 TSF:MSG:READ,0-0-110,s=255,c=3,t=25,pt=1,l=1,sg=0:1
    9394 TSM:UPL:OK
    9396 TSM:READY:ID=110,PAR=0,DIS=1
    9412 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101
    9420 TSF:MSG:READ,0-0-110,s=255,c=3,t=15,pt=6,l=2,sg=0:0101
    9457 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK:
    9480 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=1:20169962FD569DAE7F6D69702C2AD69B8492264A3FC2450E50
    9697 !TSF:MSG:SEND,110-110-0-0,s=255,c=0,t=17,pt=0,l=5,sg=1,ft=0,st=NACK:2.1.1
    9754 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK:
    11812 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK:
    11821 !TSF:MSG:SIGN FAIL
    11872 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=5,st=NACK:
    11880 !TSF:MSG:SIGN FAIL
    11931 !TSF:MSG:SEND,110-110-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=7,st=NACK:
    11939 !TSF:MSG:SIGN FAIL
    11988 !TSF:MSG:SEND,110-110-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=9,st=NACK:
    11997 !TSF:MSG:SIGN FAIL
    12048 !TSF:MSG:SEND,110-110-0-0,s=3,c=3,t=16,pt=0,l=0,sg=1,ft=11,st=NACK:
    12056 !TSF:MSG:SIGN FAIL
    12107 !TSF:MSG:SEND,110-110-0-0,s=4,c=3,t=16,pt=0,l=0,sg=1,ft=13,st=NACK:
    12115 !TSF:MSG:SIGN FAIL
    12167 !TSF:MSG:SEND,110-110-0-0,s=5,c=3,t=16,pt=0,l=0,sg=1,ft=15,st=NACK:
    12175 !TSF:MSG:SIGN FAIL
    12224 !TSF:MSG:SEND,110-110-0-0,s=6,c=3,t=16,pt=0,l=0,sg=1,ft=1,st=NACK:
    12232 !TSF:MSG:SIGN FAIL
    12283 !TSF:MSG:SEND,110-110-0-0,s=7,c=3,t=16,pt=0,l=0,sg=1,ft=3,st=NACK:
    12292 !TSF:MSG:SIGN FAIL
    12294 MCO:REG:REQ
    12343 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=5,st=OK:2
    12351 TSF:MSG:READ,0-0-110,s=255,c=3,t=16,pt=0,l=0,sg=0:
    12435 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=17,pt=6,l=25,sg=0,ft=0,st=NACK:EC4D4496E138DD8C83E9837D130B8AD51D0B5BE66E9CC103EB14399 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=1,st=NACK:2
    16427 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=2,st=OK:2
    16437 TSF:MSG:READ,0-0-110,s=255,c=3,t=16,pt=0,l=0,sg=0:
    16519 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=17,pt=6,l=25,sg=0,ft=0,st=OK:CE22C6ECF337A5713AD0677785547E59FB49FB964B79EFAB88
    16609 TSF:MSG:READ,0-0-110,s=255,c=3,t=27,pt=1,l=1,sg=1:1
    16777 TSF:MSG:READ,0-0-110,s=255,c=3,t=27,pt=1,l=1,sg=1:1
    16787 MCO:BGN:STP
    16836 !TSF:MSG:SEND,110-110-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=NACK:
    16844 !TSF:MSG:SIGN FAIL
    16896 !TSF:MSG:SEND,110-110-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=2,st=NACK:
    16904 !TSF:MSG:SIGN FAIL
    16906 MCO:BGN:INIT OK,TSP=1
    Valve Change Detected ,
    Reporting battery
    Main Battery reported: 1076
    16959 !TSF:MSG:SEND,110-110-0-0,s=6,c=3,t=16,pt=0,l=0,sg=1,ft=4,st=NACK:
    16967 !TSF:MSG:SIGN FAIL
    Bridge Battery reported: 0
    17018 !TSF:MSG:SEND,110-110-0-0,s=7,c=3,t=16,pt=0,l=0,sg=1,ft=6,st=NACK:
    17027 !TSF:MSG:SIGN FAIL
    next BATT report TIME selected
    17037 TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=8,st=OK:
    17059 TSF:MSG:READ,0-0-110,s=255,c=3,t=17,pt=6,l=25,sg=1:A49B044E02033467D7D7220BA28FBFEA6C9ED2EFA7C4DE16CD
    17276 !TSF:MSG:SEND,110-110-0-0,s=255,c=3,t=0,pt=1,l=1,sg=1,ft=0,st=NACK:100
    Both to Low in Bridge .....

    And this is what the log of the GW shows me:

    0;255;3;0;9;TSF:MSG:FPAR REQ,ID=110
    0;255;3;0;9;TSF:MSG:GWL OK
    0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL
    0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL
    0;255;3;0;9;TSF:MSG:READ,110-110-0,s=2,c=0,t=3,pt=0,l=11,sg=1:Water Valve
    0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL
    0;255;3;0;9;TSF:MSG:FPAR REQ,ID=110
    0;255;3;0;9;TSF:MSG:GWL OK
    0;255;3;0;9;TSF:MSG:READ,110-110-0,s=6,c=0,t=30,pt=0,l=15,sg=1:Main Batt Volts
    0;255;3;0;9;!TSF:MSG:SIGN VERIFY FAIL

    Can you help me please!?
    I read everything about the signed but the truth I am somewhat confused ... If you could provide me a sketch of a node and a gateway that work for me to guide me I would appreciate it.

    Thank you very much in advance!

  • Contest Winner

    @Proyectos-Integrasoft Hi, as mentioned several places, signing makes messages be a lot bigger and that puts strain on the radio link. You can see many NACKs in the log which means messages don't get through. That's way signing fail. You need to make sure you have properly decoupled radio modules and a solid power supply.

  • Contest Winner

    @Proyectos-Integrasoft another thing you did not mention is if you have personalized your nodes? Signing require personalization to store certain data. Please read the documentation (linked on the top of this thread).

  • @Anticimex Thnks!

    As you can see in the sketch, I'm using a Nrf24L01 module for the node and for the gateway. They are connected to their designed boards (Node and Gateway) respectively. The power, for now, I am doing through the Ftdi232 that I use to connect it to the PC to do debugging. Before adding the signature to the sketch, they were working perfect. What do you suggest doing then?

    Also, I have read about the customization of the nodes, but I feel honest I have not managed to understand how to do it ... Could you explain me easily how to personalize it? Truthfully, I have not been able to use the guide.

    Thanks for answering me! : D

  • Contest Winner

    @Proyectos-Integrasoft then please let me know what parts are unclear. I try to make it as easy to follow as possible. You can also read the beta documentation but be aware that personalization has been rewritten on the beta track. I have provided a step by step instruction for personalization in the signing module in the documentation. It should give you all information needed.
    Regarding powering, have you followed the guides available here in the forum for powering the radio? NACKs is not a signing problem. It is a radio problem.

  • @Anticimex What I understand is the following:

    1. I must choose the backend that I am going to use. (In my case, I'll use the software firm)
    2. Then I must choose a free pin to establish a random seed for the pseudorandom generator. (In my case I chose pin A3 that is completely free on the plate).
    3. Then I request that all the messages that enter the node will be signed. (I do this using MY_SIGNING_REQUEST_SIGNATURES on the gateway and on the node)
    4. finally says that if I am not going to use MY_SIGNING_SIMPLE_PASSWD, I need to customize the node. This is where I get confused ...

    First of all, ask me to enable GENERATE_KEYS_SOFT, saying that this will provide random keys for HMAC and AES, and that I should copy and replace them in the corresponding definitions in "User-defined key data". What do you mean by "user-defined key data"? When I enable this, in the LOG of my node nothing strange comes out, the same thing I posted previously.

    Second, you tell me to disable the key generator by software and enable the PERSONALIZE_SOFT ... And that this will keep the keys in the EEPROM ... When you talk about enabling and disabling you mean that I must burn the sketch first with Generate_Keys_Soft and then burn again but now with the hmac and aes keys that were generated, while enabling the Personalize_Soft?

    This is what I do not understand. I do not get the keys with the GENERATE_KEYS_SOFT ... And I do not clearly understand what I should do next.

    You apologize for my lack of knowledge or understanding. And I thank you for your help.

  • @Anticimex And as for the radio. I followed the connection guide that comes out at https://www.mysensors.org/build/serial_gateway, even watching the video. I do not know if you mean another guide? If so, could you give me the link? Thank you for your collaboration.

  • Contest Winner

    @Proyectos-Integrasoft I assume you use an official release first of all. That personalization is more complicated than the one used on beta/development branch.
    Then you are first expected to generate the keys (like you say). These keys are printed on the serial console. You then copy those into the personalizer sketch and reconfigure the personalizer to store the keys you have set. And then you run the personalizer to use those keys.
    You can of course skip the generation step and set the hmac key manually using the personalizer. The only requirement is the size of the key (32 bytes) and that it is identical on all nodes.

  • @Anticimex
    Could you please give me the link of the last official release? to verify that is the one that I have. When you say "copy" the keys in the sketch personalizer, are you referring to PERSONALIZE_SOFT? And what do you mean by configuring the sketch personalizer? Could you additionally tell me how it would be done manually? (example of sketch)

  • Contest Winner

    @Proyectos-Integrasoft I am not sure where to start. I assume you are familiar with c code? The signing solution available in the latest official release (which you find on github, I believe is 2.1.1) require at least fundamental understanding of how to adjust sketch code.
    The documentation gives the exact lines to change.
    There is, like I said, a step by step guide, and if you follow it you should end up with a properly personalized device. In this case, that is of less importance since you currently do not have a stable enough radio link to use security since you get NACKs for full size payloads (so neither signing nor encryption will work).
    So you will have to make that work and get rid of the NACKs, before we should start worrying about personalization.
    And like I said before, that is not a signing related issue. You will get the same problem if you try to send full size payloads of any kind. Just try to disable signing and send full size payloads.

  • @Anticimex
    Okay, so I'll start by tackling things step by step ... How can I avoid getting NACKs in my log?

  • Contest Winner

    @Proyectos-Integrasoft as I said; ensuring good decoupling, a stable power supply (measure that to confirm). Also, counterfeit RF24 chips are all over the place that perform under par. There are quite a few threads here on this topic. So please post such questions in those, it is somewhat off topic here 🙂
    Also, setting proper power levels can have a huge impact on the performance.

  • Hi @Anticimex Actually there is something that I can not understand regarding cryptograhpy. I want to know how other products like Fibaro, Smartthings, etc handles the security ?

    Here in our library the SW is not a good idea, why ? I thought beacuse someone can dump the memory .. but is it that easy ? Can't we lock the code and memory ? Also in the hardware ATSHA solution, someone can easily take the chip and intercept our network and sniff it or even send commands as it is explained in the documentation and that's why we don't use security for public nodes as it usualy reports states. But can't we lock the chip ? and by some way only the atmega can communicate with it to get the key by some way ?

    I read online that some people are using private and public keys .. if this is the case, then the private key is offcourse saved in the memory. How do they handle this problem ?

    Do they use AES , SHA ? which encyption way ?

    Also the nRF52, I tried to read a lot and they use private and public keys i guess.

    lots of questions and I am confused but I want to know how do they handle protection for public nodes.

    Can you please explain this to me ?


  • Contest Winner

    @ahmedadelhosni some devices, like the atmega, doss not support locking the memory, so the software based signing is inherently insecure in terms of hw theft.
    Atsha204a based signing protection specifically against this because the personalizer locks the chip from readout. It is not possible to extract the hmac key from the atsha204a memory and the key is never transmitted OTA (unless you deploy the personalizer OTA).

  • Contest Winner

    @ahmedadelhosni and regarding reusing a node/atsha204a for attack purpose, we have whitelisting to protect against that. The serials used for whitelisting are also never send OTA (again, unless you send the personalizer OTA).

  • @Anticimex

    1- So if we have a microcontroller that supports locking the memory then the problem is solved ? I know that SAM is being introduced now, Does it support this ?

    2- what is then the purpose of locking the ATSHA if we can't extract the HMAC which we depend on it ?


  • Contest Winner

    We lock the atsha to make sure it can't be readable.
    It does not matter that samd supports locking or not. The atmega328p does not. For now, we have a security scheme that supports any target, so we have to have a system that works for all.
    For MySensors v3, an entirely new security scheme is under consideration. But it will mean dropping support for the atmga328p as it is not powerful enough.
    As for what others do, I suggest you ask them 🙂
    Security can be implemented in many ways. Each with drawbacks and benefits. The one currently in use is a scheme that can work on basically any target with reasonable security and performance. It has drawbacks, yes, but at the time of implementation, these were considered acceptable.
    For the future, more sophisticated schemes can be used which are easier to use, arguably more secure but more complex in terms of computational power and protocol. The core team is investigating various solutions.

  • @Anticimex Sorry but I didn't understand the benefit of locking the ATSHA to be unreadable ? 😑
    I know we do not lock it so that we can read the HMAC and use it during verification, but what is the usage of a locked ATSHA ?

  • Contest Winner

    @ahmedadelhosni what do you mean? All cryptography is performed inside the chip. The hmac key never leaves the chip after it has been programmed and locked. Thats the whole point with the atsha204a.

  • @Anticimex aha okay I understand a bit now. So we put s special hmac that does all cryptography jobs then it gives us something that is used for transmision?

    Looks like i have to read the datasheet also 😄

  • Contest Winner

    @ahmedadelhosni I'd suggest you start by reading the documentation on signing linked at the very top of this post. It explains in detail how the signing security is implemented.

  • @Anticimex yeah I read it several times before but maybe didnt pay attention to tge technical stuff 😂

  • Contest Winner

    @ahmedadelhosni 🙂 not really needed to be able to use it, but it hopefully helps in understanding it 😉

  • @Anticimex yeah I know. I have already managed to use Siging in my network and it works.

    I just wanted to understand more about how the code works and the technical stuff.


  • Contest Winner

    @ahmedadelhosni You mean this? 🙂

  • @Anticimex Yeah actually I have read this post like 20 times before but I guess I begun to really understand the "technical" stuff today.

    So basically what I understood is that we have a HMAC Key, which is generated and is saved in all devices, this is when we do step 1 'generate key' and step 2 'personalize'. Thus when the gateway needs to send to node X, it send to node X asking for a nonce from the ATSHA on Node 2 board. Then node 2 sends the nonce over the air. THe gateway then uses this nonce to produce signed message by first applying SHA then use the HMAC key to produce the signed data. Then the signed data is transmitted over the air to the node X again which does the same operations again and verify that the nonce produces the same signed message in small period of time ( to avoid replay block attacks)

    Is my understanding correct 😄 ?

  • Contest Winner

  • @Anticimex finally I understood it. Actually I don't like using just the code without fully understanding the implementation. Thanks for support.

    I will come with more questions maybe 😉

  • Contest Winner

    @ahmedadelhosni Feel free to ask, but it is all documented. If what I say does not correspond to what the documentation says, please let me know so it can be improved.

  • @Anticimex The documentation is great regarding how to enable the signing and make the nodes work. My questions were related more to technical stuff.

    Actually I still have a problem that I shall only use the hardware in private places. I know we have whitelist but I don't like the idea of having to re program node to add or revoke other stolen nodes.

    If I need to put a motion sensor outside then I will have to make sure that all other nodes inside my house accept messages from only my gateway for example. Because if this node is stolen I don't want someone to send same commands to my private nodes.

    What do you suggest to solve this ?
    Do I have to set all private nodes to accept signed data from gateway only ?

  • Contest Winner

    @ahmedadelhosni The documentation DO cover the technical aspects as well. I just linked directly to that chapter. What is missing from it?
    What do you mean with "only use the hardware in private places"? If you only do that, then you don't need to revoke anything since the nodes most likely won't be stolen, right? Revoking is intended for "exposed" nodes.
    You typically only need to reprogram your gateway since normally that is the node all other nodes talk to, and hence is the node that would carry the whitelist.
    If you put a motion sensor outside, then enable signing and whitelisting on your nodes and then you can inform each and every node exactly what devices are permitted to communicate to it. If your other nodes only typically talk to your gateway, just have the gateway serial in their whitelist and they won't accept other nodes even if they would have the correct HMAC key to base their signatures on.
    Even so, if a node is stolen I would highly recommend you change HMAC key because an attacker could dig out the serial of your gateway if it is in a whitelist in the stolen node and use that to spoof a gateway.

  • Contest Winner

    @ahmedadelhosni in your specific case, I would suggest, in order for you to not risk exposing your gateway serial to a thief, that you don't use whitelisting at the node at risk (the one outside). Then it won't reveal anything about your security if stolen, assuming you use an atsha204a.
    Your gateway on the other hand, has a whitelist of every node in your system (if you so choose), so you can, as soon as you notice your node being stolen, remove its entry on the gateway, and it would be rejected. The attacker would then have to try to guess its way into figuring out a serial that match any other node the gateway accept in order to be able to "get in".
    That way, your hmac, at least in theory, will still be secure and usable (and you shouldn't need to redo personalization on your network).

  • @Anticimex This seems a good solution.

    I have to points to discuss here please.

    First : I know that we have an API to specify that node 4 shall send this message to node 7 for example. In our library, does this communication happens without passing by the gateway ?
    If for example in order to reach node 7, a repeater node 6 shall be used in between. Thus node 4, send to the gateway then to node 6 then to node 7 ?

    In our case when we revoke our stolen node from the Gateway which is now node 4. will the message pass first to the gateway or if the attacker knows node's 7 serial, then node 4 sends it directly to 7 ?

    Actually I guess it may pass by the gateway but I am not famailar how is the look up table implemented.

  • Contest Winner

    @ahmedadelhosni no, if you directly target another node, I do not believe it will pass through the gateway.
    I would say that if something like that is desired, you target your controller and have the controller relay the message to the other node. Everything to/from the controller pass through the gateway. That becomes controller specific behavior though.

  • @Anticimex Second : Don't you think that the whitelisting need to be more robust ?

    I mean that I don't like the idea of reflashing. Why don't you implement an API that can be used to securely add or revoke serials during run time ?

    Also another idea which I would like to discuss. Maybe when a node is started, it sends it's serial number securely to the gateway and it is added to the whitelist for example.

    The whole idea is that I don't really know how do other commerial products handle security for private and public nodes. All I know is usually you scan a QR code which is on the box. Do you have any idea ?

  • @Anticimex Actually something now came to my mind. Can't the attacker flash a gateway sketch easier and control all nodes now ? 😄 He has a trusted ATSHA with HMAC.
    Am I missing something ?

  • Contest Winner

    @ahmedadelhosni signing has no (and will not have) a dependency to encryption so serial will never be sent OTA.
    For MySensors v3 a complete new security scheme will obsolete the current one, so I won't make significant changes to the existing framework. Of course pull requests are always welcome for review.

  • Contest Winner

    @ahmedadelhosni nodes still need to be included and your existing gateway needs to be blocked out since they will have conflicting addresses.
    But as I already said, if you get your devices stolen, the recommendation is to distrust your network and replace the keys.
    These are the limitations when implementing security for systems as limited in resources as the atmga328p.

  • Contest Winner

    @ahmedadelhosni also, if your public node is stolen and your gateway had a whitelist (and your other nodes has whitelists) the attacker would not know the serials of your other nodes, and therefore not be able to sign messages to them (assuming your other nodes require signed and whitelist enabled messages).

  • @Anticimex aha so you mean that since our message frame contains the payload (not encrypted ) + signature so it is not applicable to send it OTA ?

    So do you have any documentation for tracking 3.0 progress ?

  • Contest Winner

    @ahmedadelhosni no, I mean that I don't want features relating to signing to depend on encryption. Things like serials and hmac keys must never be sent OTA even with encryption enabled since the current encryption available (at least in SW) is very weak due to protocol limitations.

    Progress on v3 is currently not moving because the core team is busy with other things.
    We want to make a security solution that is robust, easy to use and properly secure so we do not want to rush anything. We are well under way with deciding the core principles but I will not publish the working documents because we quite frankly do not have time to handle questions from the public. Especially when we have not finalized the design.

    Rest assured fully qualified people are investigating and discussing the matter. In due course the results will become public as we are working with an open source project so anything concrete will show on github.

  • @Anticimex Great. Thanks for your time.

  • Contest Winner

    @ahmedadelhosni don't mention it. I strive to be as transparent as possible when it comes to security. And please, please let me know if there is anything missing from the documentation or things that can be improved in it.

    We keep the next level security somewhat under wraps for now since we are not completely sure ourselves on how it is supposed to work just yet. Once we decide on that, we may publish something to get general feedback from anyone who might have input on the design (if so it will be a highly technical document) but most likely this will be a development process where anyone can test and evaluate it on a branch (like the development branch today) long before anything becomes an official release.
    We will try to document it continuously as it evolves once we get to start doing actual code.

  • @Anticimex said in [security] Introducing signing support to MySensors:


    For MySensors v3, an entirely new security scheme is under consideration. But it will mean dropping support for the atmga328p as it is not powerful enough.

    Eeekk... Does that mean any nodes based on the pro-mini etc will no longer work with v3.0 signing? Or will there be backwards compatibility to still use these with ATSHA204 as we do today?

  • Contest Winner

    @skywatch The security solution known as "signing" and "encryption" today will still be available in v3, but will then be referred as "legacy" signing. It will be considered obsolete and only bugfixing will take place, but it will still be supported. Also for the current newer devices, but it might not be ported to upcoming platforms with higher performence.

  • That was a fast reply! 🙂 - Thank you, at least I can carry on building now 🙂

    Where are the latest docs for signing and encryption for ver 2.2.0-rc.1? A few links on the site no longer work and I am having trouble finding what to do (eg HW signing, attach ATSHA204 like this, then do this, then do the other thing and in your sketch do this etc.....) You get the idea! 😉

  • Contest Winner

    @skywatch you have the links at the very top of this thread 🙂

  • Wouldn't you believe it? - I just found this....


  • Contest Winner

  • 🙂

    Lots to read today!

  • Just had a quick look and that is a good explaination and example code too - This should be on the main site as it is much clearer and more user friendly than the current content.... Just my 0.02€

  • Contest Winner

    @skywatch it is intended to replace the main site documentation. But as master and development branches differ significantly currently, we are awaiting v2.2.0 release first.

  • No problems. I have enough to learn a lot from now! 🙂

    Just curious though as to what would be replacing the AT328p for v3.0 and signing and encryption - thinking to maybe order some now and get used to them..... Raspberry pi zeros everywhere or ...?

  • Contest Winner

    @skywatch nRF5 is a versatile, powerful option to an atmga328p plus nrf24 radio.

  • I just looked - built in aes and lots of memory..... looks interesing.
    Downsied is the higher price, but will have some good uses I am sure.

  • Is there any news on Security 3.0?

  • Contest Winner

    @alowhum progress on that is best viewed here: https://github.com/mysensors/MySensors/issues/1118

    Progress is quite slow at the moment because I am busy with other things of personal nature, like buying a house and moving into it, so don't expect much to happen this year (unless anyone would like to help out :))