[security] Introducing signing support to MySensors
-
@executivul The bit is readonly. You cannot change it. It is used to determine the variant of chip, not to select mode of operation.
From the documentation:
But you are welcome to submit a pull request for adding support for I2C variants of ATSHA204a. I have none myself so I have not bothered looking into that and currently I am out of time to spend on it I am afraid.@Anticimex said:
But you are welcome to submit a pull request for adding support for I2C variants of ATSHA204a. I have none myself so I have not bothered looking into that and currently I am out of time to spend on it I am afraid.Please excuse my noobish ignorance: How and where do I submit one?
-
@Anticimex said:
But you are welcome to submit a pull request for adding support for I2C variants of ATSHA204a. I have none myself so I have not bothered looking into that and currently I am out of time to spend on it I am afraid.Please excuse my noobish ignorance: How and where do I submit one?
@executivul By forking the MySensors core repository and create a local git branch, do your code, push it back to your fork on GitHub and then create a pull request from that. There are good guides on GitHub for how do do it.
-
ok, thank you, but do you know why the sketch didnt generate the keys, and instead of random i get only keys ffffffffffff ?
thank you -
@Anticimex
Hi i have posted my sketch few posts ago, but no problem here is it:#include "sha204_library.h" #include "sha204_lib_return_codes.h" #define MY_CORE_ONLY #include <MySensors.h> #if DOXYGEN #define LOCK_CONFIGURATION #define LOCK_DATA #define SKIP_KEY_STORAGE #define USER_KEY #define SKIP_UART_CONFIRMATION #define USE_SOFT_SIGNING #define STORE_SOFT_KEY #define USER_SOFT_KEY #define STORE_SOFT_SERIAL #define USER_SOFT_SERIAL #define STORE_AES_KEY #define USER_AES_KEY #endif //#define LOCK_CONFIGURATION //#define LOCK_DATA #define SKIP_KEY_STORAGE //#define USER_KEY //#define SKIP_UART_CONFIRMATION //#define USE_SOFT_SIGNING //#define STORE_SOFT_KEY //#define USER_SOFT_KEY //#define STORE_SOFT_SERIAL //#define USER_SOFT_SERIAL //#define STORE_AES_KEY //#define USER_AES_KEY #if defined(SKIP_UART_CONFIRMATION) && !defined(USER_KEY) #error You have to define USER_KEY for boards that does not have UART #endif #ifdef USER_KEY /** @brief The user-defined HMAC key to use for personalization */ #define MY_HMAC_KEY 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 /** @brief The data to store in key slot 0 */ const uint8_t user_key_data[32] = {MY_HMAC_KEY}; #endif #ifdef USER_SOFT_KEY /** @brief The user-defined soft HMAC key to use for EEPROM personalization */ #define MY_SOFT_HMAC_KEY 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 /** @brief The data to store as soft HMAC key in EEPROM */ const uint8_t user_soft_key_data[32] = {MY_SOFT_HMAC_KEY}; #endif #ifdef USER_SOFT_SERIAL /** @brief The user-defined soft serial to use for EEPROM personalization */ #define MY_SOFT_SERIAL 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 /** @brief The data to store as soft serial in EEPROM */ const uint8_t user_soft_serial[9] = {MY_SOFT_SERIAL}; #endif #ifdef USER_AES_KEY /** @brief The user-defined AES key to use for EEPROM personalization */ #define MY_AES_KEY 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 /** @brief The data to store as AES key in EEPROM */ const uint8_t user_aes_key[16] = {MY_AES_KEY}; #endif #ifndef USE_SOFT_SIGNING const int sha204Pin = MY_SIGNING_ATSHA204_PIN; //!< The IO pin to use for ATSHA204A atsha204Class sha204(sha204Pin); #endif /** @brief Print a error notice and halt the execution */ void halt() { Serial.println(F("Halting!")); while(1); } #ifndef USE_SOFT_SIGNING uint16_t write_config_and_get_crc() { uint16_t crc = 0; uint8_t config_word[4]; uint8_t tx_buffer[SHA204_CMD_SIZE_MAX]; uint8_t rx_buffer[SHA204_RSP_SIZE_MAX]; uint8_t ret_code; bool do_write; for (int i=0; i < 88; i += 4) { do_write = true; if (i == 20) { config_word[0] = 0x8F; config_word[1] = 0x80; config_word[2] = 0x80; config_word[3] = 0xA1; } else if (i == 24) { config_word[0] = 0x82; config_word[1] = 0xE0; config_word[2] = 0xA3; config_word[3] = 0x60; } else if (i == 28) { config_word[0] = 0x94; config_word[1] = 0x40; config_word[2] = 0xA0; config_word[3] = 0x85; } else if (i == 32) { config_word[0] = 0x86; config_word[1] = 0x40; config_word[2] = 0x87; config_word[3] = 0x07; } else if (i == 36) { config_word[0] = 0x0F; config_word[1] = 0x00; config_word[2] = 0x89; config_word[3] = 0xF2; } else if (i == 40) { config_word[0] = 0x8A; config_word[1] = 0x7A; config_word[2] = 0x0B; config_word[3] = 0x8B; } else if (i == 44) { config_word[0] = 0x0C; config_word[1] = 0x4C; config_word[2] = 0xDD; config_word[3] = 0x4D; } else if (i == 48) { config_word[0] = 0xC2; config_word[1] = 0x42; config_word[2] = 0xAF; config_word[3] = 0x8F; } else if (i == 52 || i == 56 || i == 60 || i == 64) { config_word[0] = 0xFF; config_word[1] = 0x00; config_word[2] = 0xFF; config_word[3] = 0x00; } else if (i == 68 || i == 72 || i == 76 || i == 80) { config_word[0] = 0xFF; config_word[1] = 0xFF; config_word[2] = 0xFF; config_word[3] = 0xFF; } else { // All other configs are untouched ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, i); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to read config. Response: ")); Serial.println(ret_code, HEX); halt(); } // Set config_word to the read data config_word[0] = rx_buffer[SHA204_BUFFER_POS_DATA+0]; config_word[1] = rx_buffer[SHA204_BUFFER_POS_DATA+1]; config_word[2] = rx_buffer[SHA204_BUFFER_POS_DATA+2]; config_word[3] = rx_buffer[SHA204_BUFFER_POS_DATA+3]; do_write = false; } // Update crc with CRC for the current word crc = sha204.calculateAndUpdateCrc(4, config_word, crc); // Write config word if (do_write) { ret_code = sha204.sha204m_execute(SHA204_WRITE, SHA204_ZONE_CONFIG, i >> 2, 4, config_word, 0, NULL, 0, NULL, WRITE_COUNT_SHORT, tx_buffer, WRITE_RSP_SIZE, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to write config word at address ")); Serial.print(i); Serial.print(F(". Response: ")); Serial.println(ret_code, HEX); halt(); } } } return crc; } /** * @brief Write provided key to slot 0 * @param key The key data to write */ void write_key(uint8_t* key) { uint8_t tx_buffer[SHA204_CMD_SIZE_MAX]; uint8_t rx_buffer[SHA204_RSP_SIZE_MAX]; uint8_t ret_code; // Write key to slot 0 ret_code = sha204.sha204m_execute(SHA204_WRITE, SHA204_ZONE_DATA | SHA204_ZONE_COUNT_FLAG, 0, SHA204_ZONE_ACCESS_32, key, 0, NULL, 0, NULL, WRITE_COUNT_LONG, tx_buffer, WRITE_RSP_SIZE, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to write key to slot 0. Response: ")); Serial.println(ret_code, HEX); halt(); } } #endif // not USE_SOFT_SIGNING /** @brief Dump current configuration to UART */ void dump_configuration() { uint8_t buffer[32]; #ifndef USE_SOFT_SIGNING Serial.println(F("EEPROM DATA:")); #endif hwReadConfigBlock((void*)buffer, (void*)EEPROM_SIGNING_SOFT_HMAC_KEY_ADDRESS, 32); Serial.print(F("SOFT_HMAC_KEY | ")); for (int j=0; j<32; j++) { if (buffer[j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(buffer[j], HEX); } Serial.println(); hwReadConfigBlock((void*)buffer, (void*)EEPROM_SIGNING_SOFT_SERIAL_ADDRESS, 9); Serial.print(F("SOFT_SERIAL | ")); for (int j=0; j<9; j++) { if (buffer[j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(buffer[j], HEX); } Serial.println(); hwReadConfigBlock((void*)buffer, (void*)EEPROM_RF_ENCRYPTION_AES_KEY_ADDRESS, 16); Serial.print(F("AES_KEY | ")); for (int j=0; j<16; j++) { if (buffer[j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(buffer[j], HEX); } Serial.println(); #ifndef USE_SOFT_SIGNING uint8_t tx_buffer[SHA204_CMD_SIZE_MAX]; uint8_t rx_buffer[SHA204_RSP_SIZE_MAX]; uint8_t ret_code; Serial.println(F("ATSHA204A DATA:")); for (int i=0; i < 88; i += 4) { ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, i); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to read config. Response: ")); Serial.println(ret_code, HEX); halt(); } if (i == 0x00) { Serial.print(F(" SN[0:1] | SN[2:3] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x04) { Serial.print(F(" Revnum | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x08) { Serial.print(F(" SN[4:7] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x0C) { Serial.print(F(" SN[8] | Reserved13 | I2CEnable | Reserved15 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x10) { Serial.print(F(" I2CAddress | TempOffset | OTPmode | SelectorMode | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x14) { Serial.print(F(" SlotConfig00 | SlotConfig01 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x18) { Serial.print(F(" SlotConfig02 | SlotConfig03 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x1C) { Serial.print(F(" SlotConfig04 | SlotConfig05 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x20) { Serial.print(F(" SlotConfig06 | SlotConfig07 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x24) { Serial.print(F(" SlotConfig08 | SlotConfig09 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x28) { Serial.print(F(" SlotConfig0A | SlotConfig0B | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x2C) { Serial.print(F(" SlotConfig0C | SlotConfig0D | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x30) { Serial.print(F(" SlotConfig0E | SlotConfig0F | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x34) { Serial.print(F(" UseFlag00 | UpdateCount00 | UseFlag01 | UpdateCount01 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x38) { Serial.print(F(" UseFlag02 | UpdateCount02 | UseFlag03 | UpdateCount03 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x3C) { Serial.print(F(" UseFlag04 | UpdateCount04 | UseFlag05 | UpdateCount05 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x40) { Serial.print(F(" UseFlag06 | UpdateCount06 | UseFlag07 | UpdateCount07 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x44) { Serial.print(F(" LastKeyUse[0:3] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x48) { Serial.print(F(" LastKeyUse[4:7] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x4C) { Serial.print(F(" LastKeyUse[8:B] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x50) { Serial.print(F(" LastKeyUse[C:F] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x54) { Serial.print(F(" UserExtra | Selector | LockValue | LockConfig | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } } #endif // not USE_SOFT_SIGNING } /** @brief Sketch setup code */ void setup() { // Delay startup a bit for serial consoles to catch up unsigned long enter = hwMillis(); while (hwMillis() - enter < (unsigned long)500); #ifndef USE_SOFT_SIGNING uint8_t tx_buffer[SHA204_CMD_SIZE_MAX]; uint8_t rx_buffer[SHA204_RSP_SIZE_MAX]; uint8_t ret_code; uint8_t lockConfig = 0; uint8_t lockValue = 0; uint16_t crc; (void)crc; #else // initialize pseudo-RNG randomSeed(analogRead(MY_SIGNING_SOFT_RANDOMSEED_PIN)); #endif uint8_t key[32]; (void)key; Serial.begin(115200); hwInit(); Serial.println(F("Personalization sketch for MySensors usage.")); Serial.println(F("-------------------------------------------")); #ifndef USE_SOFT_SIGNING // Wake device before starting operations ret_code = sha204.sha204c_wakeup(rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to wake device. Response: ")); Serial.println(ret_code, HEX); halt(); } // Read out lock config bits to determine if locking is possible ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, 0x15<<2); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to determine device lock status. Response: ")); Serial.println(ret_code, HEX); halt(); } else { lockConfig = rx_buffer[SHA204_BUFFER_POS_DATA+3]; lockValue = rx_buffer[SHA204_BUFFER_POS_DATA+2]; } #endif #ifdef STORE_SOFT_KEY #ifdef USER_SOFT_KEY memcpy(key, user_soft_key_data, 32); Serial.println(F("Using this user supplied soft HMAC key:")); #else // Retrieve random value to use as soft HMAC key #ifdef USE_SOFT_SIGNING for (int i = 0; i < 32; i++) { key[i] = random(256) ^ micros(); unsigned long enter = hwMillis(); while (hwMillis() - enter < (unsigned long)2); } Serial.println(F("This value will be stored in EEPROM as soft HMAC key:")); #else ret_code = sha204.sha204m_random(tx_buffer, rx_buffer, RANDOM_SEED_UPDATE); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Random key generation failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { memcpy(key, rx_buffer+SHA204_BUFFER_POS_DATA, 32); } if (lockConfig == 0x00) { Serial.println(F("This value will be stored in EEPROM as soft HMAC key:")); } else { Serial.println(F("Key is not randomized (configuration not locked):")); } #endif // not USE_SOFT_SIGNING #endif // not USER_SOFT_KEY Serial.print("#define MY_SOFT_HMAC_KEY "); for (int i=0; i<32; i++) { Serial.print("0x"); if (key[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(key[i], HEX); if (i < 31) { Serial.print(','); } } Serial.println(); hwWriteConfigBlock((void*)key, (void*)EEPROM_SIGNING_SOFT_HMAC_KEY_ADDRESS, 32); #endif // STORE_SOFT_KEY #ifdef STORE_SOFT_SERIAL #ifdef USER_SOFT_SERIAL memcpy(key, user_soft_serial, 9); Serial.println(F("Using this user supplied soft serial:")); #else // Retrieve random value to use as serial #ifdef USE_SOFT_SIGNING for (int i = 0; i < 9; i++) { key[i] = random(256) ^ micros(); unsigned long enter = hwMillis(); while (hwMillis() - enter < (unsigned long)2); } Serial.println(F("This value will be stored in EEPROM as soft serial:")); #else ret_code = sha204.sha204m_random(tx_buffer, rx_buffer, RANDOM_SEED_UPDATE); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Random serial generation failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { memcpy(key, rx_buffer+SHA204_BUFFER_POS_DATA, 9); } if (lockConfig == 0x00) { Serial.println(F("This value will be stored in EEPROM as soft serial:")); } else { Serial.println(F("Serial is not randomized (configuration not locked):")); } #endif // not USE_SOFT_SIGNING #endif // not USER_SOFT_SERIAL Serial.print("#define MY_SOFT_SERIAL "); for (int i=0; i<9; i++) { Serial.print("0x"); if (key[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(key[i], HEX); if (i < 8) { Serial.print(','); } } Serial.println(); hwWriteConfigBlock((void*)key, (void*)EEPROM_SIGNING_SOFT_SERIAL_ADDRESS, 9); #endif // STORE_SOFT_SERIAL #ifdef STORE_AES_KEY #ifdef USER_AES_KEY memcpy(key, user_aes_key, 16); Serial.println(F("Using this user supplied AES key:")); #else // Retrieve random value to use as key #ifdef USE_SOFT_SIGNING for (int i = 0; i < 16; i++) { key[i] = random(256) ^ micros(); unsigned long enter = hwMillis(); while (hwMillis() - enter < (unsigned long)2); } Serial.println(F("This key will be stored in EEPROM as AES key:")); #else ret_code = sha204.sha204m_random(tx_buffer, rx_buffer, RANDOM_SEED_UPDATE); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Random key generation failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { memcpy(key, rx_buffer+SHA204_BUFFER_POS_DATA, 32); } if (lockConfig == 0x00) { Serial.println(F("This key will be stored in EEPROM as AES key:")); } else { Serial.println(F("Key is not randomized (configuration not locked):")); } #endif // not USE_SOFT_SIGNING #endif // not USER_AES_KEY Serial.print("#define MY_AES_KEY "); for (int i=0; i<16; i++) { Serial.print("0x"); if (key[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(key[i], HEX); if (i < 15) { Serial.print(','); } } Serial.println(); hwWriteConfigBlock((void*)key, (void*)EEPROM_RF_ENCRYPTION_AES_KEY_ADDRESS, 16); #endif // STORE_AES_KEY #ifdef USE_SOFT_SIGNING Serial.println(F("EEPROM configuration:")); dump_configuration(); #else // Output device revision on console ret_code = sha204.sha204m_dev_rev(tx_buffer, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to determine device revision. Response: ")); Serial.println(ret_code, HEX); halt(); } else { Serial.print(F("Device revision: ")); for (int i=0; i<4; i++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+i], HEX); } Serial.println(); } // Output serial number on console ret_code = sha204.getSerialNumber(rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to obtain device serial number. Response: ")); Serial.println(ret_code, HEX); halt(); } else { Serial.print(F("Device serial: ")); Serial.print('{'); for (int i=0; i<9; i++) { Serial.print(F("0x")); if (rx_buffer[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[i], HEX); if (i < 8) { Serial.print(','); } } Serial.print('}'); Serial.println(); for (int i=0; i<9; i++) { if (rx_buffer[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[i], HEX); } Serial.println(); } if (lockConfig != 0x00) { // Write config and get CRC for the updated config crc = write_config_and_get_crc(); // List current configuration before attempting to lock Serial.println(F("Chip configuration:")); dump_configuration(); #ifdef LOCK_CONFIGURATION // Purge serial input buffer #ifndef SKIP_UART_CONFIRMATION while (Serial.available()) { Serial.read(); } Serial.println(F("Send SPACE character now to lock the configuration...")); while (Serial.available() == 0); if (Serial.read() == ' ') #endif //not SKIP_UART_CONFIRMATION { Serial.println(F("Locking configuration...")); // Correct sequence, resync chip ret_code = sha204.sha204c_resync(SHA204_RSP_SIZE_MAX, rx_buffer); if (ret_code != SHA204_SUCCESS && ret_code != SHA204_RESYNC_WITH_WAKEUP) { Serial.print(F("Resync failed. Response: ")); Serial.println(ret_code, HEX); halt(); } // Lock configuration zone ret_code = sha204.sha204m_execute(SHA204_LOCK, SHA204_ZONE_CONFIG, crc, 0, NULL, 0, NULL, 0, NULL, LOCK_COUNT, tx_buffer, LOCK_RSP_SIZE, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Configuration lock failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { Serial.println(F("Configuration locked.")); // Update lock flags after locking ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, 0x15<<2); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to determine device lock status. Response: ")); Serial.println(ret_code, HEX); halt(); } else { lockConfig = rx_buffer[SHA204_BUFFER_POS_DATA+3]; lockValue = rx_buffer[SHA204_BUFFER_POS_DATA+2]; } } } #ifndef SKIP_UART_CONFIRMATION else { Serial.println(F("Unexpected answer. Skipping lock.")); } #endif //not SKIP_UART_CONFIRMATION #else //LOCK_CONFIGURATION Serial.println(F("Configuration not locked. Define LOCK_CONFIGURATION to lock for real.")); #endif } else { Serial.println(F("Skipping configuration write and lock (configuration already locked).")); Serial.println(F("Chip configuration:")); dump_configuration(); } #ifdef SKIP_KEY_STORAGE Serial.println(F("Disable SKIP_KEY_STORAGE to store key.")); #else #ifdef USER_KEY memcpy(key, user_key_data, 32); Serial.println(F("Using this user supplied HMAC key:")); #else // Retrieve random value to use as key ret_code = sha204.sha204m_random(tx_buffer, rx_buffer, RANDOM_SEED_UPDATE); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Random key generation failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { memcpy(key, rx_buffer+SHA204_BUFFER_POS_DATA, 32); } if (lockConfig == 0x00) { Serial.println(F("Take note of this key, it will never be the shown again:")); } else { Serial.println(F("Key is not randomized (configuration not locked):")); } #endif Serial.print("#define MY_HMAC_KEY "); for (int i=0; i<32; i++) { Serial.print("0x"); if (key[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(key[i], HEX); if (i < 31) { Serial.print(','); } if (i+1 == 16) { Serial.print("\\\n "); } } Serial.println(); // It will not be possible to write the key if the configuration zone is unlocked if (lockConfig == 0x00) { // Write the key to the appropriate slot in the data zone Serial.println(F("Writing key to slot 0...")); write_key(key); } else { Serial.println(F("Skipping key storage (configuration not locked).")); Serial.println(F("The configuration must be locked to be able to write a key.")); } #endif if (lockValue != 0x00) { #ifdef LOCK_DATA #ifndef SKIP_UART_CONFIRMATION while (Serial.available()) { Serial.read(); } Serial.println(F("Send SPACE character to lock data...")); while (Serial.available() == 0); if (Serial.read() == ' ') #endif //not SKIP_UART_CONFIRMATION { // Correct sequence, resync chip ret_code = sha204.sha204c_resync(SHA204_RSP_SIZE_MAX, rx_buffer); if (ret_code != SHA204_SUCCESS && ret_code != SHA204_RESYNC_WITH_WAKEUP) { Serial.print(F("Resync failed. Response: ")); Serial.println(ret_code, HEX); halt(); } // If configuration is unlocked, key is not updated. Locking data in this case will cause // slot 0 to contain an unknown (or factory default) key, and this is in practically any // usecase not the desired behaviour, so ask for additional confirmation in this case. if (lockConfig != 0x00) { while (Serial.available()) { Serial.read(); } Serial.println(F("*** ATTENTION ***")); Serial.println(F("Configuration is not locked. Are you ABSULOUTELY SURE you want to lock data?")); Serial.println(F("Locking data at this stage will cause slot 0 to contain a factory default key")); Serial.println( F("which cannot be change after locking is done. This is in practically any usecase")); Serial.println(F("NOT the desired behavour. Send SPACE character now to lock data anyway...")); while (Serial.available() == 0); if (Serial.read() != ' ') { Serial.println(F("Unexpected answer. Skipping lock.")); halt(); } } // Lock data zone ret_code = sha204.sha204m_execute(SHA204_LOCK, SHA204_ZONE_DATA | LOCK_ZONE_NO_CRC, 0x0000, 0, NULL, 0, NULL, 0, NULL, LOCK_COUNT, tx_buffer, LOCK_RSP_SIZE, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Data lock failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { Serial.println(F("Data locked.")); // Update lock flags after locking ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, 0x15<<2); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to determine device lock status. Response: ")); Serial.println(ret_code, HEX); halt(); } else { lockConfig = rx_buffer[SHA204_BUFFER_POS_DATA+3]; lockValue = rx_buffer[SHA204_BUFFER_POS_DATA+2]; } } } #ifndef SKIP_UART_CONFIRMATION else { Serial.println(F("Unexpected answer. Skipping lock.")); } #endif //not SKIP_UART_CONFIRMATION #else //LOCK_DATA Serial.println(F("Data not locked. Define LOCK_DATA to lock for real.")); #endif } else { Serial.println(F("Skipping OTP/data zone lock (zone already locked).")); } #endif // not USE_SOFT_SIGNING Serial.println(F("--------------------------------")); Serial.println(F("Personalization is now complete.")); #ifndef USE_SOFT_SIGNING Serial.print(F("Configuration is ")); if (lockConfig == 0x00) { Serial.println("LOCKED"); } else { Serial.println("UNLOCKED"); } Serial.print(F("Data is ")); if (lockValue == 0x00) { Serial.println("LOCKED"); } else { Serial.println("UNLOCKED"); } #endif } /** @brief Sketch execution code */ void loop() { }``` -
@Anticimex
Hi i have posted my sketch few posts ago, but no problem here is it:#include "sha204_library.h" #include "sha204_lib_return_codes.h" #define MY_CORE_ONLY #include <MySensors.h> #if DOXYGEN #define LOCK_CONFIGURATION #define LOCK_DATA #define SKIP_KEY_STORAGE #define USER_KEY #define SKIP_UART_CONFIRMATION #define USE_SOFT_SIGNING #define STORE_SOFT_KEY #define USER_SOFT_KEY #define STORE_SOFT_SERIAL #define USER_SOFT_SERIAL #define STORE_AES_KEY #define USER_AES_KEY #endif //#define LOCK_CONFIGURATION //#define LOCK_DATA #define SKIP_KEY_STORAGE //#define USER_KEY //#define SKIP_UART_CONFIRMATION //#define USE_SOFT_SIGNING //#define STORE_SOFT_KEY //#define USER_SOFT_KEY //#define STORE_SOFT_SERIAL //#define USER_SOFT_SERIAL //#define STORE_AES_KEY //#define USER_AES_KEY #if defined(SKIP_UART_CONFIRMATION) && !defined(USER_KEY) #error You have to define USER_KEY for boards that does not have UART #endif #ifdef USER_KEY /** @brief The user-defined HMAC key to use for personalization */ #define MY_HMAC_KEY 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 /** @brief The data to store in key slot 0 */ const uint8_t user_key_data[32] = {MY_HMAC_KEY}; #endif #ifdef USER_SOFT_KEY /** @brief The user-defined soft HMAC key to use for EEPROM personalization */ #define MY_SOFT_HMAC_KEY 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 /** @brief The data to store as soft HMAC key in EEPROM */ const uint8_t user_soft_key_data[32] = {MY_SOFT_HMAC_KEY}; #endif #ifdef USER_SOFT_SERIAL /** @brief The user-defined soft serial to use for EEPROM personalization */ #define MY_SOFT_SERIAL 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 /** @brief The data to store as soft serial in EEPROM */ const uint8_t user_soft_serial[9] = {MY_SOFT_SERIAL}; #endif #ifdef USER_AES_KEY /** @brief The user-defined AES key to use for EEPROM personalization */ #define MY_AES_KEY 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 /** @brief The data to store as AES key in EEPROM */ const uint8_t user_aes_key[16] = {MY_AES_KEY}; #endif #ifndef USE_SOFT_SIGNING const int sha204Pin = MY_SIGNING_ATSHA204_PIN; //!< The IO pin to use for ATSHA204A atsha204Class sha204(sha204Pin); #endif /** @brief Print a error notice and halt the execution */ void halt() { Serial.println(F("Halting!")); while(1); } #ifndef USE_SOFT_SIGNING uint16_t write_config_and_get_crc() { uint16_t crc = 0; uint8_t config_word[4]; uint8_t tx_buffer[SHA204_CMD_SIZE_MAX]; uint8_t rx_buffer[SHA204_RSP_SIZE_MAX]; uint8_t ret_code; bool do_write; for (int i=0; i < 88; i += 4) { do_write = true; if (i == 20) { config_word[0] = 0x8F; config_word[1] = 0x80; config_word[2] = 0x80; config_word[3] = 0xA1; } else if (i == 24) { config_word[0] = 0x82; config_word[1] = 0xE0; config_word[2] = 0xA3; config_word[3] = 0x60; } else if (i == 28) { config_word[0] = 0x94; config_word[1] = 0x40; config_word[2] = 0xA0; config_word[3] = 0x85; } else if (i == 32) { config_word[0] = 0x86; config_word[1] = 0x40; config_word[2] = 0x87; config_word[3] = 0x07; } else if (i == 36) { config_word[0] = 0x0F; config_word[1] = 0x00; config_word[2] = 0x89; config_word[3] = 0xF2; } else if (i == 40) { config_word[0] = 0x8A; config_word[1] = 0x7A; config_word[2] = 0x0B; config_word[3] = 0x8B; } else if (i == 44) { config_word[0] = 0x0C; config_word[1] = 0x4C; config_word[2] = 0xDD; config_word[3] = 0x4D; } else if (i == 48) { config_word[0] = 0xC2; config_word[1] = 0x42; config_word[2] = 0xAF; config_word[3] = 0x8F; } else if (i == 52 || i == 56 || i == 60 || i == 64) { config_word[0] = 0xFF; config_word[1] = 0x00; config_word[2] = 0xFF; config_word[3] = 0x00; } else if (i == 68 || i == 72 || i == 76 || i == 80) { config_word[0] = 0xFF; config_word[1] = 0xFF; config_word[2] = 0xFF; config_word[3] = 0xFF; } else { // All other configs are untouched ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, i); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to read config. Response: ")); Serial.println(ret_code, HEX); halt(); } // Set config_word to the read data config_word[0] = rx_buffer[SHA204_BUFFER_POS_DATA+0]; config_word[1] = rx_buffer[SHA204_BUFFER_POS_DATA+1]; config_word[2] = rx_buffer[SHA204_BUFFER_POS_DATA+2]; config_word[3] = rx_buffer[SHA204_BUFFER_POS_DATA+3]; do_write = false; } // Update crc with CRC for the current word crc = sha204.calculateAndUpdateCrc(4, config_word, crc); // Write config word if (do_write) { ret_code = sha204.sha204m_execute(SHA204_WRITE, SHA204_ZONE_CONFIG, i >> 2, 4, config_word, 0, NULL, 0, NULL, WRITE_COUNT_SHORT, tx_buffer, WRITE_RSP_SIZE, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to write config word at address ")); Serial.print(i); Serial.print(F(". Response: ")); Serial.println(ret_code, HEX); halt(); } } } return crc; } /** * @brief Write provided key to slot 0 * @param key The key data to write */ void write_key(uint8_t* key) { uint8_t tx_buffer[SHA204_CMD_SIZE_MAX]; uint8_t rx_buffer[SHA204_RSP_SIZE_MAX]; uint8_t ret_code; // Write key to slot 0 ret_code = sha204.sha204m_execute(SHA204_WRITE, SHA204_ZONE_DATA | SHA204_ZONE_COUNT_FLAG, 0, SHA204_ZONE_ACCESS_32, key, 0, NULL, 0, NULL, WRITE_COUNT_LONG, tx_buffer, WRITE_RSP_SIZE, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to write key to slot 0. Response: ")); Serial.println(ret_code, HEX); halt(); } } #endif // not USE_SOFT_SIGNING /** @brief Dump current configuration to UART */ void dump_configuration() { uint8_t buffer[32]; #ifndef USE_SOFT_SIGNING Serial.println(F("EEPROM DATA:")); #endif hwReadConfigBlock((void*)buffer, (void*)EEPROM_SIGNING_SOFT_HMAC_KEY_ADDRESS, 32); Serial.print(F("SOFT_HMAC_KEY | ")); for (int j=0; j<32; j++) { if (buffer[j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(buffer[j], HEX); } Serial.println(); hwReadConfigBlock((void*)buffer, (void*)EEPROM_SIGNING_SOFT_SERIAL_ADDRESS, 9); Serial.print(F("SOFT_SERIAL | ")); for (int j=0; j<9; j++) { if (buffer[j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(buffer[j], HEX); } Serial.println(); hwReadConfigBlock((void*)buffer, (void*)EEPROM_RF_ENCRYPTION_AES_KEY_ADDRESS, 16); Serial.print(F("AES_KEY | ")); for (int j=0; j<16; j++) { if (buffer[j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(buffer[j], HEX); } Serial.println(); #ifndef USE_SOFT_SIGNING uint8_t tx_buffer[SHA204_CMD_SIZE_MAX]; uint8_t rx_buffer[SHA204_RSP_SIZE_MAX]; uint8_t ret_code; Serial.println(F("ATSHA204A DATA:")); for (int i=0; i < 88; i += 4) { ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, i); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to read config. Response: ")); Serial.println(ret_code, HEX); halt(); } if (i == 0x00) { Serial.print(F(" SN[0:1] | SN[2:3] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x04) { Serial.print(F(" Revnum | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x08) { Serial.print(F(" SN[4:7] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x0C) { Serial.print(F(" SN[8] | Reserved13 | I2CEnable | Reserved15 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x10) { Serial.print(F(" I2CAddress | TempOffset | OTPmode | SelectorMode | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x14) { Serial.print(F(" SlotConfig00 | SlotConfig01 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x18) { Serial.print(F(" SlotConfig02 | SlotConfig03 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x1C) { Serial.print(F(" SlotConfig04 | SlotConfig05 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x20) { Serial.print(F(" SlotConfig06 | SlotConfig07 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x24) { Serial.print(F(" SlotConfig08 | SlotConfig09 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x28) { Serial.print(F(" SlotConfig0A | SlotConfig0B | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x2C) { Serial.print(F(" SlotConfig0C | SlotConfig0D | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x30) { Serial.print(F(" SlotConfig0E | SlotConfig0F | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j == 1) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x34) { Serial.print(F(" UseFlag00 | UpdateCount00 | UseFlag01 | UpdateCount01 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x38) { Serial.print(F(" UseFlag02 | UpdateCount02 | UseFlag03 | UpdateCount03 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x3C) { Serial.print(F(" UseFlag04 | UpdateCount04 | UseFlag05 | UpdateCount05 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x40) { Serial.print(F(" UseFlag06 | UpdateCount06 | UseFlag07 | UpdateCount07 | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } else if (i == 0x44) { Serial.print(F(" LastKeyUse[0:3] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x48) { Serial.print(F(" LastKeyUse[4:7] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x4C) { Serial.print(F(" LastKeyUse[8:B] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x50) { Serial.print(F(" LastKeyUse[C:F] | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); Serial.print(F(" ")); } Serial.println(); } else if (i == 0x54) { Serial.print(F(" UserExtra | Selector | LockValue | LockConfig | ")); for (int j=0; j<4; j++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+j] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+j], HEX); if (j < 3) { Serial.print(F(" | ")); } else { Serial.print(F(" ")); } } Serial.println(); } } #endif // not USE_SOFT_SIGNING } /** @brief Sketch setup code */ void setup() { // Delay startup a bit for serial consoles to catch up unsigned long enter = hwMillis(); while (hwMillis() - enter < (unsigned long)500); #ifndef USE_SOFT_SIGNING uint8_t tx_buffer[SHA204_CMD_SIZE_MAX]; uint8_t rx_buffer[SHA204_RSP_SIZE_MAX]; uint8_t ret_code; uint8_t lockConfig = 0; uint8_t lockValue = 0; uint16_t crc; (void)crc; #else // initialize pseudo-RNG randomSeed(analogRead(MY_SIGNING_SOFT_RANDOMSEED_PIN)); #endif uint8_t key[32]; (void)key; Serial.begin(115200); hwInit(); Serial.println(F("Personalization sketch for MySensors usage.")); Serial.println(F("-------------------------------------------")); #ifndef USE_SOFT_SIGNING // Wake device before starting operations ret_code = sha204.sha204c_wakeup(rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to wake device. Response: ")); Serial.println(ret_code, HEX); halt(); } // Read out lock config bits to determine if locking is possible ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, 0x15<<2); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to determine device lock status. Response: ")); Serial.println(ret_code, HEX); halt(); } else { lockConfig = rx_buffer[SHA204_BUFFER_POS_DATA+3]; lockValue = rx_buffer[SHA204_BUFFER_POS_DATA+2]; } #endif #ifdef STORE_SOFT_KEY #ifdef USER_SOFT_KEY memcpy(key, user_soft_key_data, 32); Serial.println(F("Using this user supplied soft HMAC key:")); #else // Retrieve random value to use as soft HMAC key #ifdef USE_SOFT_SIGNING for (int i = 0; i < 32; i++) { key[i] = random(256) ^ micros(); unsigned long enter = hwMillis(); while (hwMillis() - enter < (unsigned long)2); } Serial.println(F("This value will be stored in EEPROM as soft HMAC key:")); #else ret_code = sha204.sha204m_random(tx_buffer, rx_buffer, RANDOM_SEED_UPDATE); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Random key generation failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { memcpy(key, rx_buffer+SHA204_BUFFER_POS_DATA, 32); } if (lockConfig == 0x00) { Serial.println(F("This value will be stored in EEPROM as soft HMAC key:")); } else { Serial.println(F("Key is not randomized (configuration not locked):")); } #endif // not USE_SOFT_SIGNING #endif // not USER_SOFT_KEY Serial.print("#define MY_SOFT_HMAC_KEY "); for (int i=0; i<32; i++) { Serial.print("0x"); if (key[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(key[i], HEX); if (i < 31) { Serial.print(','); } } Serial.println(); hwWriteConfigBlock((void*)key, (void*)EEPROM_SIGNING_SOFT_HMAC_KEY_ADDRESS, 32); #endif // STORE_SOFT_KEY #ifdef STORE_SOFT_SERIAL #ifdef USER_SOFT_SERIAL memcpy(key, user_soft_serial, 9); Serial.println(F("Using this user supplied soft serial:")); #else // Retrieve random value to use as serial #ifdef USE_SOFT_SIGNING for (int i = 0; i < 9; i++) { key[i] = random(256) ^ micros(); unsigned long enter = hwMillis(); while (hwMillis() - enter < (unsigned long)2); } Serial.println(F("This value will be stored in EEPROM as soft serial:")); #else ret_code = sha204.sha204m_random(tx_buffer, rx_buffer, RANDOM_SEED_UPDATE); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Random serial generation failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { memcpy(key, rx_buffer+SHA204_BUFFER_POS_DATA, 9); } if (lockConfig == 0x00) { Serial.println(F("This value will be stored in EEPROM as soft serial:")); } else { Serial.println(F("Serial is not randomized (configuration not locked):")); } #endif // not USE_SOFT_SIGNING #endif // not USER_SOFT_SERIAL Serial.print("#define MY_SOFT_SERIAL "); for (int i=0; i<9; i++) { Serial.print("0x"); if (key[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(key[i], HEX); if (i < 8) { Serial.print(','); } } Serial.println(); hwWriteConfigBlock((void*)key, (void*)EEPROM_SIGNING_SOFT_SERIAL_ADDRESS, 9); #endif // STORE_SOFT_SERIAL #ifdef STORE_AES_KEY #ifdef USER_AES_KEY memcpy(key, user_aes_key, 16); Serial.println(F("Using this user supplied AES key:")); #else // Retrieve random value to use as key #ifdef USE_SOFT_SIGNING for (int i = 0; i < 16; i++) { key[i] = random(256) ^ micros(); unsigned long enter = hwMillis(); while (hwMillis() - enter < (unsigned long)2); } Serial.println(F("This key will be stored in EEPROM as AES key:")); #else ret_code = sha204.sha204m_random(tx_buffer, rx_buffer, RANDOM_SEED_UPDATE); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Random key generation failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { memcpy(key, rx_buffer+SHA204_BUFFER_POS_DATA, 32); } if (lockConfig == 0x00) { Serial.println(F("This key will be stored in EEPROM as AES key:")); } else { Serial.println(F("Key is not randomized (configuration not locked):")); } #endif // not USE_SOFT_SIGNING #endif // not USER_AES_KEY Serial.print("#define MY_AES_KEY "); for (int i=0; i<16; i++) { Serial.print("0x"); if (key[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(key[i], HEX); if (i < 15) { Serial.print(','); } } Serial.println(); hwWriteConfigBlock((void*)key, (void*)EEPROM_RF_ENCRYPTION_AES_KEY_ADDRESS, 16); #endif // STORE_AES_KEY #ifdef USE_SOFT_SIGNING Serial.println(F("EEPROM configuration:")); dump_configuration(); #else // Output device revision on console ret_code = sha204.sha204m_dev_rev(tx_buffer, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to determine device revision. Response: ")); Serial.println(ret_code, HEX); halt(); } else { Serial.print(F("Device revision: ")); for (int i=0; i<4; i++) { if (rx_buffer[SHA204_BUFFER_POS_DATA+i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[SHA204_BUFFER_POS_DATA+i], HEX); } Serial.println(); } // Output serial number on console ret_code = sha204.getSerialNumber(rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to obtain device serial number. Response: ")); Serial.println(ret_code, HEX); halt(); } else { Serial.print(F("Device serial: ")); Serial.print('{'); for (int i=0; i<9; i++) { Serial.print(F("0x")); if (rx_buffer[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[i], HEX); if (i < 8) { Serial.print(','); } } Serial.print('}'); Serial.println(); for (int i=0; i<9; i++) { if (rx_buffer[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[i], HEX); } Serial.println(); } if (lockConfig != 0x00) { // Write config and get CRC for the updated config crc = write_config_and_get_crc(); // List current configuration before attempting to lock Serial.println(F("Chip configuration:")); dump_configuration(); #ifdef LOCK_CONFIGURATION // Purge serial input buffer #ifndef SKIP_UART_CONFIRMATION while (Serial.available()) { Serial.read(); } Serial.println(F("Send SPACE character now to lock the configuration...")); while (Serial.available() == 0); if (Serial.read() == ' ') #endif //not SKIP_UART_CONFIRMATION { Serial.println(F("Locking configuration...")); // Correct sequence, resync chip ret_code = sha204.sha204c_resync(SHA204_RSP_SIZE_MAX, rx_buffer); if (ret_code != SHA204_SUCCESS && ret_code != SHA204_RESYNC_WITH_WAKEUP) { Serial.print(F("Resync failed. Response: ")); Serial.println(ret_code, HEX); halt(); } // Lock configuration zone ret_code = sha204.sha204m_execute(SHA204_LOCK, SHA204_ZONE_CONFIG, crc, 0, NULL, 0, NULL, 0, NULL, LOCK_COUNT, tx_buffer, LOCK_RSP_SIZE, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Configuration lock failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { Serial.println(F("Configuration locked.")); // Update lock flags after locking ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, 0x15<<2); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to determine device lock status. Response: ")); Serial.println(ret_code, HEX); halt(); } else { lockConfig = rx_buffer[SHA204_BUFFER_POS_DATA+3]; lockValue = rx_buffer[SHA204_BUFFER_POS_DATA+2]; } } } #ifndef SKIP_UART_CONFIRMATION else { Serial.println(F("Unexpected answer. Skipping lock.")); } #endif //not SKIP_UART_CONFIRMATION #else //LOCK_CONFIGURATION Serial.println(F("Configuration not locked. Define LOCK_CONFIGURATION to lock for real.")); #endif } else { Serial.println(F("Skipping configuration write and lock (configuration already locked).")); Serial.println(F("Chip configuration:")); dump_configuration(); } #ifdef SKIP_KEY_STORAGE Serial.println(F("Disable SKIP_KEY_STORAGE to store key.")); #else #ifdef USER_KEY memcpy(key, user_key_data, 32); Serial.println(F("Using this user supplied HMAC key:")); #else // Retrieve random value to use as key ret_code = sha204.sha204m_random(tx_buffer, rx_buffer, RANDOM_SEED_UPDATE); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Random key generation failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { memcpy(key, rx_buffer+SHA204_BUFFER_POS_DATA, 32); } if (lockConfig == 0x00) { Serial.println(F("Take note of this key, it will never be the shown again:")); } else { Serial.println(F("Key is not randomized (configuration not locked):")); } #endif Serial.print("#define MY_HMAC_KEY "); for (int i=0; i<32; i++) { Serial.print("0x"); if (key[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(key[i], HEX); if (i < 31) { Serial.print(','); } if (i+1 == 16) { Serial.print("\\\n "); } } Serial.println(); // It will not be possible to write the key if the configuration zone is unlocked if (lockConfig == 0x00) { // Write the key to the appropriate slot in the data zone Serial.println(F("Writing key to slot 0...")); write_key(key); } else { Serial.println(F("Skipping key storage (configuration not locked).")); Serial.println(F("The configuration must be locked to be able to write a key.")); } #endif if (lockValue != 0x00) { #ifdef LOCK_DATA #ifndef SKIP_UART_CONFIRMATION while (Serial.available()) { Serial.read(); } Serial.println(F("Send SPACE character to lock data...")); while (Serial.available() == 0); if (Serial.read() == ' ') #endif //not SKIP_UART_CONFIRMATION { // Correct sequence, resync chip ret_code = sha204.sha204c_resync(SHA204_RSP_SIZE_MAX, rx_buffer); if (ret_code != SHA204_SUCCESS && ret_code != SHA204_RESYNC_WITH_WAKEUP) { Serial.print(F("Resync failed. Response: ")); Serial.println(ret_code, HEX); halt(); } // If configuration is unlocked, key is not updated. Locking data in this case will cause // slot 0 to contain an unknown (or factory default) key, and this is in practically any // usecase not the desired behaviour, so ask for additional confirmation in this case. if (lockConfig != 0x00) { while (Serial.available()) { Serial.read(); } Serial.println(F("*** ATTENTION ***")); Serial.println(F("Configuration is not locked. Are you ABSULOUTELY SURE you want to lock data?")); Serial.println(F("Locking data at this stage will cause slot 0 to contain a factory default key")); Serial.println( F("which cannot be change after locking is done. This is in practically any usecase")); Serial.println(F("NOT the desired behavour. Send SPACE character now to lock data anyway...")); while (Serial.available() == 0); if (Serial.read() != ' ') { Serial.println(F("Unexpected answer. Skipping lock.")); halt(); } } // Lock data zone ret_code = sha204.sha204m_execute(SHA204_LOCK, SHA204_ZONE_DATA | LOCK_ZONE_NO_CRC, 0x0000, 0, NULL, 0, NULL, 0, NULL, LOCK_COUNT, tx_buffer, LOCK_RSP_SIZE, rx_buffer); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Data lock failed. Response: ")); Serial.println(ret_code, HEX); halt(); } else { Serial.println(F("Data locked.")); // Update lock flags after locking ret_code = sha204.sha204m_read(tx_buffer, rx_buffer, SHA204_ZONE_CONFIG, 0x15<<2); if (ret_code != SHA204_SUCCESS) { Serial.print(F("Failed to determine device lock status. Response: ")); Serial.println(ret_code, HEX); halt(); } else { lockConfig = rx_buffer[SHA204_BUFFER_POS_DATA+3]; lockValue = rx_buffer[SHA204_BUFFER_POS_DATA+2]; } } } #ifndef SKIP_UART_CONFIRMATION else { Serial.println(F("Unexpected answer. Skipping lock.")); } #endif //not SKIP_UART_CONFIRMATION #else //LOCK_DATA Serial.println(F("Data not locked. Define LOCK_DATA to lock for real.")); #endif } else { Serial.println(F("Skipping OTP/data zone lock (zone already locked).")); } #endif // not USE_SOFT_SIGNING Serial.println(F("--------------------------------")); Serial.println(F("Personalization is now complete.")); #ifndef USE_SOFT_SIGNING Serial.print(F("Configuration is ")); if (lockConfig == 0x00) { Serial.println("LOCKED"); } else { Serial.println("UNLOCKED"); } Serial.print(F("Data is ")); if (lockValue == 0x00) { Serial.println("LOCKED"); } else { Serial.println("UNLOCKED"); } #endif } /** @brief Sketch execution code */ void loop() { }```@meddie Sorry, missed that post.
You have SKIP_KEY_STORAGE defined so no keys will be stored. This is the default and intentional, to avoid people just executing the sketch and accidentally overwrite existing keys.
Furthermore, you have selected to personalize a ATSHA device, and have it generate the keys. That means that you have to define LOCK_CONFIGURATION or the ATSHA random number generator will not work. -
Ah, thank you very much, yes now i get generated a key. But one more question the AES key will not be generated? I got only the HMAC Key, do i have to put the AES Key at myself?
Thank you very much! -
@Anticimex
sorry sorry for so many questions, i have read the how to use already some times, but maybe its my bad english or the fear to do something wrong or to destroy the chip. I get a little bit unsure.Now i get both keys. If i understood correctly, the keys are now stored, i have now to put the shown keys to the sketch as HMAC and AES Key, and run this sketch on the sensor nodes.
On the gateway on which i generated the keys i dont need to do anything more as to upload the gateway sketch ?
Thank you very much for your support! -
@Anticimex
sorry sorry for so many questions, i have read the how to use already some times, but maybe its my bad english or the fear to do something wrong or to destroy the chip. I get a little bit unsure.Now i get both keys. If i understood correctly, the keys are now stored, i have now to put the shown keys to the sketch as HMAC and AES Key, and run this sketch on the sensor nodes.
On the gateway on which i generated the keys i dont need to do anything more as to upload the gateway sketch ?
Thank you very much for your support! -
@meddie Sorry, missed that post.
You have SKIP_KEY_STORAGE defined so no keys will be stored. This is the default and intentional, to avoid people just executing the sketch and accidentally overwrite existing keys.
Furthermore, you have selected to personalize a ATSHA device, and have it generate the keys. That means that you have to define LOCK_CONFIGURATION or the ATSHA random number generator will not work.@Anticimex said in 💬 Sensebender Gateway:
@meddie Sorry, missed that post.
You have SKIP_KEY_STORAGE defined so no keys will be stored. This is the default and intentional, to avoid people just executing the sketch and accidentally overwrite existing keys.
Furthermore, you have selected to personalize a ATSHA device, and have it generate the keys. That means that you have to define LOCK_CONFIGURATION or the ATSHA random number generator will not work.@Anticimex
sorry i have one more question, because i didnt fully understand this. In the gettings started how to you wrote:Pick a “master” device with serial debug port. Set the following sketch configuration of the personalizer: ... Enable SKIP_KEY_STORAGE ... Execute the sketch on the “master” device to obtain a randomized key. Save this key to a secure location and keep it confidential so that you can retrieve it if you need to personalize more devices later on. Now reconfigure the sketch with these settings: ... Disable SKIP_KEY_STORAGE ... Put the saved key in the user_key_data variable. Now execute the sketch on all devices you want to personalize with this secret key.on the first run i have to enable SKIP_KEY_STORAGE so i removed the comments.
But here in forum you write i have to disable this. After i has disabled it wroked fine for me.But now i have to run the sketch on my node, and i think i have to disable the SKIP function too, because i need that the keys will be stored in the node.
So if i am right, the on both runs the SKIP function has to be commented out? Or i am wrong?
Thank you. -
@Anticimex said in 💬 Sensebender Gateway:
@meddie Sorry, missed that post.
You have SKIP_KEY_STORAGE defined so no keys will be stored. This is the default and intentional, to avoid people just executing the sketch and accidentally overwrite existing keys.
Furthermore, you have selected to personalize a ATSHA device, and have it generate the keys. That means that you have to define LOCK_CONFIGURATION or the ATSHA random number generator will not work.@Anticimex
sorry i have one more question, because i didnt fully understand this. In the gettings started how to you wrote:Pick a “master” device with serial debug port. Set the following sketch configuration of the personalizer: ... Enable SKIP_KEY_STORAGE ... Execute the sketch on the “master” device to obtain a randomized key. Save this key to a secure location and keep it confidential so that you can retrieve it if you need to personalize more devices later on. Now reconfigure the sketch with these settings: ... Disable SKIP_KEY_STORAGE ... Put the saved key in the user_key_data variable. Now execute the sketch on all devices you want to personalize with this secret key.on the first run i have to enable SKIP_KEY_STORAGE so i removed the comments.
But here in forum you write i have to disable this. After i has disabled it wroked fine for me.But now i have to run the sketch on my node, and i think i have to disable the SKIP function too, because i need that the keys will be stored in the node.
So if i am right, the on both runs the SKIP function has to be commented out? Or i am wrong?
Thank you.@meddie If your read the text carefully it says:
Set the following sketch configuration of the personalizer:
...
Execute the sketch on the “master” device to obtain a randomized key. Save this key to a secure location and keep it confidential so that you can retrieve it if you need to personalize more devices later on.
Now reconfigure the sketch with these settings:
...
Now execute the sketch on all devices you want to personalize with this secret key.So in other words; you first use the settings described in the first setting, execute that once. Follow the instructions carefully. Write down the key you got. Then you reconfigure the sketch and execute it on all devices you want to personalize. That is, you execute it twice on the first device.
I wrote that you need to undefine SKIP_KEY_STORAGE if you want to store a key. But the first set of instructions in the documentation is not saying that you are supposed to store a key. It says "Execute the sketch on the “master” device to obtain a randomized key."So the documentation is correct, and describe a flow where you personalize nodes and gateways with the minimum amount of changes needed. First you generate a key, and this step can actually be skipped altogether if you just make your own random key or password to use for HMAC/AES.
Then you reconfigure the personalizer to use your generated (or selected) key and write it to all your devices. -
@Anticimex
but as i runned the sketch with SKIP_KEY_STORAGE defined, so no keys were generated.i did not like to say that the documentation is incorrect, i like your documentation and your work very well! i just didnt understand it!
Thank you very much!
Greets Eddie -
@Anticimex
but as i runned the sketch with SKIP_KEY_STORAGE defined, so no keys were generated.i did not like to say that the documentation is incorrect, i like your documentation and your work very well! i just didnt understand it!
Thank you very much!
Greets Eddie@meddie are you sure you ran with the exact settings described for generating the keys? The SKIP_KEY_STORAGE flag does not prevent the keys from being generated. They are still printed in the serial log. It prevents the keys from being stored to the atsha204a device.
-
i fear to write again, but my fail story goes on :-(
i have uploaded on the gateway this sketch:/** * The MySensors Arduino library handles the wireless radio link and protocol * between your home built sensors/actuators and HA controller of choice. * The sensors forms a self healing radio network with optional repeaters. Each * repeater and gateway builds a routing tables in EEPROM which keeps track of the * network topology allowing messages to be routed to nodes. * * Created by Henrik Ekblad <henrik.ekblad@mysensors.org> * Copyright (C) 2013-2015 Sensnology AB * Full contributor list: https://github.com/mysensors/Arduino/graphs/contributors * * Documentation: http://www.mysensors.org * Support Forum: http://forum.mysensors.org * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * ******************************* * * REVISION HISTORY * Version 1.0 - Henrik EKblad * Contribution by a-lurker and Anticimex, * Contribution by Norbert Truchsess <norbert.truchsess@t-online.de> * Contribution by Tomas Hozza <thozza@gmail.com> * * * DESCRIPTION * The EthernetGateway sends data received from sensors to the ethernet link. * The gateway also accepts input on ethernet interface, which is then sent out to the radio network. * * This GW code is designed for Sensebender GateWay / (Arduino Zero variant) * * Wire connections (OPTIONAL): * - Inclusion button should be connected to SW2 * * LEDs on board (default assignments): * - Orange: USB RX/TX - Blink when receiving / transmitting on USB CDC device * - Yellow: RX - Blink fast on radio message recieved. In inclusion mode will blink fast only on presentation recieved * - Green : TX - Blink fast on radio message transmitted. In inclusion mode will blink slowly * - Red : ERR - Fast blink on error during transmission error or recieve crc error * - Blue : free - (use with LED_BLUE macro) * */ #include <stdint.h> #include <pins_arduino.h> #define SKETCH_VERSION "0.2" // Enable debug prints to serial monitor #define MY_DEBUG #define MY_DEBUG_VERBOSE_SIGNING // Enable and select radio type attached #define MY_RADIO_NRF24 //#define MY_RADIO_RFM69 // Set LOW transmit power level as default, if you have an amplified NRF-module and // power your radio separately with a good regulator you can turn up PA level. //#define MY_RF24_PA_LEVEL RF24_PA_HIGH #define MY_SIGNING_ATSHA204 //#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}} //#define MY_SIGNING_REQUEST_SIGNATURES #ifndef MY_SIGNING_SOFT_RANDOMSEED_PIN #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 #endif #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 #endif #define MY_RF24_ENABLE_ENCRYPTION // Enable gateway ethernet module type #define MY_GATEWAY_W5100 // W5100 Ethernet module SPI enable (optional if using a shield/module that manages SPI_EN signal) //#define MY_W5100_SPI_EN 4 // Enable Soft SPI for NRF radio (note different radio wiring is required) // The W5100 ethernet module seems to have a hard time co-operate with // radio on the same spi bus. #if !defined(MY_W5100_SPI_EN) && !defined(ARDUINO_ARCH_SAMD) #define MY_SOFTSPI #define MY_SOFT_SPI_SCK_PIN 14 #define MY_SOFT_SPI_MISO_PIN 16 #define MY_SOFT_SPI_MOSI_PIN 15 #endif // When W5100 is connected we have to move CE/CSN pins for NRF radio #ifndef MY_RF24_CE_PIN #define MY_RF24_CE_PIN 5 #endif #ifndef MY_RF24_CS_PIN #define MY_RF24_CS_PIN 6 #endif // Enable to UDP //#define MY_USE_UDP #define MY_IP_ADDRESS 10,0,0,253 // If this is disabled, DHCP is used to retrieve address // Renewal period if using DHCP //#define MY_IP_RENEWAL_INTERVAL 60000 // The port to keep open on node server mode / or port to contact in client mode #define MY_PORT 5003 // Controller ip address. Enables client mode (default is "server" mode). // Also enable this if MY_USE_UDP is used and you want sensor data sent somewhere. //#define MY_CONTROLLER_IP_ADDRESS 192, 168, 178, 254 // The MAC address can be anything you want but should be unique on your network. // Newer boards have a MAC address printed on the underside of the PCB, which you can (optionally) use. // Note that most of the Ardunio examples use "DEAD BEEF FEED" for the MAC address. #define MY_MAC_ADDRESS 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED // Enable inclusion mode #define MY_INCLUSION_MODE_FEATURE // Enable Inclusion mode button on gateway #define MY_INCLUSION_BUTTON_FEATURE // Inverses behavior of inclusion button (if using external pullup) //#define MY_INCLUSION_BUTTON_EXTERNAL_PULLUP // Set inclusion mode duration (in seconds) #define MY_INCLUSION_MODE_DURATION 60 // Digital pin used for inclusion mode button //#define MY_INCLUSION_MODE_BUTTON_PIN 3 // Set blinking period #define MY_DEFAULT_LED_BLINK_PERIOD 300 // Inverses the behavior of leds //#define MY_WITH_LEDS_BLINKING_INVERSE // Flash leds on rx/tx/err // Uncomment to override default HW configurations //#define MY_DEFAULT_ERR_LED_PIN 4 // Error led pin //#define MY_DEFAULT_RX_LED_PIN 6 // Receive led pin //#define MY_DEFAULT_TX_LED_PIN 5 // the PCB, on board LED #if defined(MY_USE_UDP) #include <EthernetUdp.h> #endif #include <Ethernet.h> #include <MySensors.h> #include <SD.h> //#include <drivers/ATSHA204/ATSHA204.cpp> Sd2Card card; #define EEPROM_VERIFICATION_ADDRESS 0x01 static uint8_t num_of_leds = 5; static uint8_t leds[] = {LED_BLUE, LED_RED, LED_GREEN, LED_YELLOW, LED_ORANGE}; void setup() { // Setup locally attached sensors } void presentation() { // Present locally attached sensors } void loop() { // Send locally attached sensor data here } void preHwInit() { pinMode(MY_SWC1, INPUT_PULLUP); pinMode(MY_SWC2, INPUT_PULLUP); if (digitalRead(MY_SWC1) && digitalRead(MY_SWC2)) { return; } uint8_t tests = 0; for (int i=0; i< num_of_leds; i++) { pinMode(leds[i], OUTPUT); } uint8_t led_state = 0; if (digitalRead(MY_SWC1)) { while (!Serial) { digitalWrite(LED_BLUE, led_state); led_state ^= 0x01; delay(500); } // Wait for USB to be connected, before spewing out data. } digitalWrite(LED_BLUE, LOW); if (Serial) { Serial.println("Sensebender GateWay test routine"); Serial.print("Mysensors core version : "); Serial.println(MYSENSORS_LIBRARY_VERSION); Serial.print("GateWay sketch version : "); Serial.println(SKETCH_VERSION); Serial.println("----------------------------------"); Serial.println(); } if (testSha204()) { digitalWrite(LED_GREEN, HIGH); tests++; } if (testSDCard()) { digitalWrite(LED_YELLOW, HIGH); tests++; } if (testEEProm()) { digitalWrite(LED_ORANGE, HIGH); tests++; } if (testAnalog()) { digitalWrite(LED_BLUE, HIGH); tests++; } if (tests == 4) { while(1) { for (int i=0; i<num_of_leds; i++) { digitalWrite(leds[i], HIGH); delay(200); digitalWrite(leds[i], LOW); } } } else { while (1) { digitalWrite(LED_RED, HIGH); delay(200); digitalWrite(LED_RED, LOW); delay(200); } } } bool testSha204() { uint8_t rx_buffer[SHA204_RSP_SIZE_MAX]; uint8_t ret_code; if (Serial) { Serial.print("- > SHA204 "); } atsha204_init(MY_SIGNING_ATSHA204_PIN); ret_code = atsha204_wakeup(rx_buffer); if (ret_code == SHA204_SUCCESS) { ret_code = atsha204_getSerialNumber(rx_buffer); if (ret_code != SHA204_SUCCESS) { if (Serial) { Serial.println(F("Failed to obtain device serial number. Response: ")); } Serial.println(ret_code, HEX); } else { if (Serial) { Serial.print(F("Ok (serial : ")); for (int i=0; i<9; i++) { if (rx_buffer[i] < 0x10) { Serial.print('0'); // Because Serial.print does not 0-pad HEX } Serial.print(rx_buffer[i], HEX); } Serial.println(")"); } return true; } } else { if (Serial) { Serial.println(F("Failed to wakeup SHA204")); } } return false; } bool testSDCard() { if (Serial) { Serial.print("- > SD CARD "); } if (!card.init(SPI_HALF_SPEED, MY_SDCARD_CS)) { if (Serial) { Serial.println("SD CARD did not initialize!"); } } else { if (Serial) { Serial.print("SD Card initialized correct! - "); Serial.print("type detected : "); switch(card.type()) { case SD_CARD_TYPE_SD1: Serial.println("SD1"); break; case SD_CARD_TYPE_SD2: Serial.println("SD2"); break; case SD_CARD_TYPE_SDHC: Serial.println("SDHC"); break; default: Serial.println("Unknown"); } } return true; } return false; } bool testEEProm() { uint8_t eeprom_d1, eeprom_d2; SerialUSB.print(" -> EEPROM "); Wire.begin(); eeprom_d1 = i2c_eeprom_read_byte(EEPROM_VERIFICATION_ADDRESS); delay(500); eeprom_d1 = ~eeprom_d1; // invert the bits i2c_eeprom_write_byte(EEPROM_VERIFICATION_ADDRESS, eeprom_d1); delay(500); eeprom_d2 = i2c_eeprom_read_byte(EEPROM_VERIFICATION_ADDRESS); if (eeprom_d1 == eeprom_d2) { SerialUSB.println("PASSED"); i2c_eeprom_write_byte(EEPROM_VERIFICATION_ADDRESS, ~eeprom_d1); return true; } SerialUSB.println("FAILED!"); return false; } bool testAnalog() { int bat_detect = analogRead(MY_BAT_DETECT); Serial.print("-> analog : "); Serial.print(bat_detect); if (bat_detect < 400 || bat_detect > 650) { Serial.println(" Failed"); return false; } Serial.println(" Passed"); return true; } -
and on the node this sketch:
/* * The MySensors Arduino library handles the wireless radio link and protocol * between your home built sensors/actuators and HA controller of choice. * The sensors forms a self healing radio network with optional repeaters. Each * repeater and gateway builds a routing tables in EEPROM which keeps track of the * network topology allowing messages to be routed to nodes. * * Created by Henrik Ekblad <henrik.ekblad@mysensors.org> * Copyright (C) 2013-2015 Sensnology AB * Full contributor list: https://github.com/mysensors/Arduino/graphs/contributors * * Documentation: http://www.mysensors.org * Support Forum: http://forum.mysensors.org * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * ******************************* */ #include <stdint.h> #include <pins_arduino.h> #define MY_DEBUG #define MY_DEBUG_VERBOSE_SIGNING #define MY_RADIO_NRF24 //#define MY_SIGNING_SOFT #define MY_SIGNING_ATSHA204 //#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}} #define MY_SIGNING_REQUEST_SIGNATURES #ifndef MY_SIGNING_SOFT_RANDOMSEED_PIN #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 #endif #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 #endif #define MY_RF24_ENABLE_ENCRYPTION #include <MySensors.h>But the node does not connect and i get this on the serial monitor:
0 MCO:BGN:INIT NODE,CP=RNNNAA-,VER=2.1.1 4 TSM:INIT 4 TSF:WUR:MS=0 12 TSM:INIT:TSP OK 14 TSF:SID:OK,ID=100 16 TSM:FPAR 18 Will not sign message for destination 255 as it does not require it 67 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 2076 !TSM:FPAR:NO REPLY 2078 TSM:FPAR 2080 Will not sign message for destination 255 as it does not require it 2127 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 4139 !TSM:FPAR:NO REPLY 4141 TSM:FPAR 4143 Will not sign message for destination 255 as it does not require it 4190 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 6199 !TSM:FPAR:NO REPLY 6201 TSM:FPAR 6203 Will not sign message for destination 255 as it does not require it 6250 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 8259 !TSM:FPAR:FAIL 8261 TSM:FAIL:CNT=1 8263 TSM:FAIL:PDT 18266 TSM:FAIL:RE-INIT 18268 TSM:INIT 18276 TSM:INIT:TSP OK 18278 TSF:SID:OK,ID=100 18280 TSM:FPAR 18282 Will not sign message for destination 255 as it does not require it 18331 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 20340 !TSM:FPAR:NO REPLY 20342 TSM:FPAR 20344 Will not sign message for destination 255 as it does not require it 20393 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 22403 !TSM:FPAR:NO REPLY 22405 TSM:FPAR 22407 Will not sign message for destination 255 as it does not require it 22456 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 24465 !TSM:FPAR:NO REPLY 24467 TSM:FPAR 24469 Will not sign message for destination 255 as it does not require it 24518 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 26527 !TSM:FPAR:FAIL 26529 TSM:FAIL:CNT=2 26531 TSM:FAIL:PDT 36534 TSM:FAIL:RE-INIT 36536 TSM:INIT 36544 TSM:INIT:TSP OK 36546 TSF:SID:OK,ID=100 36548 TSM:FPAR 36550 Will not sign message for destination 255 as it does not require it 36599 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 38610 !TSM:FPAR:NO REPLY 38612 TSM:FPAR 38615 Will not sign message for destination 255 as it does not require it 38664 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 40673 !TSM:FPAR:NO REPLY 40675 TSM:FPAR 40677 Will not sign message for destination 255 as it does not require it 40726 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 42735 !TSM:FPAR:NO REPLY 42737 TSM:FPAR 42739 Will not sign message for destination 255 as it does not require it 42788 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 44800 !TSM:FPAR:FAIL 44802 TSM:FAIL:CNT=3 44804 TSM:FAIL:PDT 54808 TSM:FAIL:RE-INIT 54810 TSM:INIT 54818 TSM:INIT:TSP OK 54820 TSF:SID:OK,ID=100 54822 TSM:FPAR 54824 Will not sign message for destination 255 as it does not require it 54874 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 56883 !TSM:FPAR:NO REPLY 56885 TSM:FPAR 56887 Will not sign message for destination 255 as it does not require it 56936 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:please help me once again
Thank you -
and on the node this sketch:
/* * The MySensors Arduino library handles the wireless radio link and protocol * between your home built sensors/actuators and HA controller of choice. * The sensors forms a self healing radio network with optional repeaters. Each * repeater and gateway builds a routing tables in EEPROM which keeps track of the * network topology allowing messages to be routed to nodes. * * Created by Henrik Ekblad <henrik.ekblad@mysensors.org> * Copyright (C) 2013-2015 Sensnology AB * Full contributor list: https://github.com/mysensors/Arduino/graphs/contributors * * Documentation: http://www.mysensors.org * Support Forum: http://forum.mysensors.org * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * ******************************* */ #include <stdint.h> #include <pins_arduino.h> #define MY_DEBUG #define MY_DEBUG_VERBOSE_SIGNING #define MY_RADIO_NRF24 //#define MY_SIGNING_SOFT #define MY_SIGNING_ATSHA204 //#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}} #define MY_SIGNING_REQUEST_SIGNATURES #ifndef MY_SIGNING_SOFT_RANDOMSEED_PIN #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 #endif #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 #endif #define MY_RF24_ENABLE_ENCRYPTION #include <MySensors.h>But the node does not connect and i get this on the serial monitor:
0 MCO:BGN:INIT NODE,CP=RNNNAA-,VER=2.1.1 4 TSM:INIT 4 TSF:WUR:MS=0 12 TSM:INIT:TSP OK 14 TSF:SID:OK,ID=100 16 TSM:FPAR 18 Will not sign message for destination 255 as it does not require it 67 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 2076 !TSM:FPAR:NO REPLY 2078 TSM:FPAR 2080 Will not sign message for destination 255 as it does not require it 2127 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 4139 !TSM:FPAR:NO REPLY 4141 TSM:FPAR 4143 Will not sign message for destination 255 as it does not require it 4190 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 6199 !TSM:FPAR:NO REPLY 6201 TSM:FPAR 6203 Will not sign message for destination 255 as it does not require it 6250 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 8259 !TSM:FPAR:FAIL 8261 TSM:FAIL:CNT=1 8263 TSM:FAIL:PDT 18266 TSM:FAIL:RE-INIT 18268 TSM:INIT 18276 TSM:INIT:TSP OK 18278 TSF:SID:OK,ID=100 18280 TSM:FPAR 18282 Will not sign message for destination 255 as it does not require it 18331 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 20340 !TSM:FPAR:NO REPLY 20342 TSM:FPAR 20344 Will not sign message for destination 255 as it does not require it 20393 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 22403 !TSM:FPAR:NO REPLY 22405 TSM:FPAR 22407 Will not sign message for destination 255 as it does not require it 22456 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 24465 !TSM:FPAR:NO REPLY 24467 TSM:FPAR 24469 Will not sign message for destination 255 as it does not require it 24518 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 26527 !TSM:FPAR:FAIL 26529 TSM:FAIL:CNT=2 26531 TSM:FAIL:PDT 36534 TSM:FAIL:RE-INIT 36536 TSM:INIT 36544 TSM:INIT:TSP OK 36546 TSF:SID:OK,ID=100 36548 TSM:FPAR 36550 Will not sign message for destination 255 as it does not require it 36599 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 38610 !TSM:FPAR:NO REPLY 38612 TSM:FPAR 38615 Will not sign message for destination 255 as it does not require it 38664 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 40673 !TSM:FPAR:NO REPLY 40675 TSM:FPAR 40677 Will not sign message for destination 255 as it does not require it 40726 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 42735 !TSM:FPAR:NO REPLY 42737 TSM:FPAR 42739 Will not sign message for destination 255 as it does not require it 42788 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 44800 !TSM:FPAR:FAIL 44802 TSM:FAIL:CNT=3 44804 TSM:FAIL:PDT 54808 TSM:FAIL:RE-INIT 54810 TSM:INIT 54818 TSM:INIT:TSP OK 54820 TSF:SID:OK,ID=100 54822 TSM:FPAR 54824 Will not sign message for destination 255 as it does not require it 54874 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 56883 !TSM:FPAR:NO REPLY 56885 TSM:FPAR 56887 Will not sign message for destination 255 as it does not require it 56936 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:please help me once again
Thank you@meddie if you want your node to sign messages to the gateway you have to tell the gateway to require it. The log says that it does not require it and it is clear from your gateway sketch that you have disabled the requirement.
Is that your problem?
EDIT: I see that the messages are broadcasts, those will never be signed. So the "will not sign messages" are perfectly normal no matter how you configure your gateway in this case.
The problem, at least based on the node log is that your node cannot find a parent to communicate with for some reason. -
and on the node this sketch:
/* * The MySensors Arduino library handles the wireless radio link and protocol * between your home built sensors/actuators and HA controller of choice. * The sensors forms a self healing radio network with optional repeaters. Each * repeater and gateway builds a routing tables in EEPROM which keeps track of the * network topology allowing messages to be routed to nodes. * * Created by Henrik Ekblad <henrik.ekblad@mysensors.org> * Copyright (C) 2013-2015 Sensnology AB * Full contributor list: https://github.com/mysensors/Arduino/graphs/contributors * * Documentation: http://www.mysensors.org * Support Forum: http://forum.mysensors.org * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * ******************************* */ #include <stdint.h> #include <pins_arduino.h> #define MY_DEBUG #define MY_DEBUG_VERBOSE_SIGNING #define MY_RADIO_NRF24 //#define MY_SIGNING_SOFT #define MY_SIGNING_ATSHA204 //#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}} #define MY_SIGNING_REQUEST_SIGNATURES #ifndef MY_SIGNING_SOFT_RANDOMSEED_PIN #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 #endif #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 #endif #define MY_RF24_ENABLE_ENCRYPTION #include <MySensors.h>But the node does not connect and i get this on the serial monitor:
0 MCO:BGN:INIT NODE,CP=RNNNAA-,VER=2.1.1 4 TSM:INIT 4 TSF:WUR:MS=0 12 TSM:INIT:TSP OK 14 TSF:SID:OK,ID=100 16 TSM:FPAR 18 Will not sign message for destination 255 as it does not require it 67 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 2076 !TSM:FPAR:NO REPLY 2078 TSM:FPAR 2080 Will not sign message for destination 255 as it does not require it 2127 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 4139 !TSM:FPAR:NO REPLY 4141 TSM:FPAR 4143 Will not sign message for destination 255 as it does not require it 4190 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 6199 !TSM:FPAR:NO REPLY 6201 TSM:FPAR 6203 Will not sign message for destination 255 as it does not require it 6250 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 8259 !TSM:FPAR:FAIL 8261 TSM:FAIL:CNT=1 8263 TSM:FAIL:PDT 18266 TSM:FAIL:RE-INIT 18268 TSM:INIT 18276 TSM:INIT:TSP OK 18278 TSF:SID:OK,ID=100 18280 TSM:FPAR 18282 Will not sign message for destination 255 as it does not require it 18331 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 20340 !TSM:FPAR:NO REPLY 20342 TSM:FPAR 20344 Will not sign message for destination 255 as it does not require it 20393 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 22403 !TSM:FPAR:NO REPLY 22405 TSM:FPAR 22407 Will not sign message for destination 255 as it does not require it 22456 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 24465 !TSM:FPAR:NO REPLY 24467 TSM:FPAR 24469 Will not sign message for destination 255 as it does not require it 24518 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 26527 !TSM:FPAR:FAIL 26529 TSM:FAIL:CNT=2 26531 TSM:FAIL:PDT 36534 TSM:FAIL:RE-INIT 36536 TSM:INIT 36544 TSM:INIT:TSP OK 36546 TSF:SID:OK,ID=100 36548 TSM:FPAR 36550 Will not sign message for destination 255 as it does not require it 36599 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 38610 !TSM:FPAR:NO REPLY 38612 TSM:FPAR 38615 Will not sign message for destination 255 as it does not require it 38664 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 40673 !TSM:FPAR:NO REPLY 40675 TSM:FPAR 40677 Will not sign message for destination 255 as it does not require it 40726 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 42735 !TSM:FPAR:NO REPLY 42737 TSM:FPAR 42739 Will not sign message for destination 255 as it does not require it 42788 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 44800 !TSM:FPAR:FAIL 44802 TSM:FAIL:CNT=3 44804 TSM:FAIL:PDT 54808 TSM:FAIL:RE-INIT 54810 TSM:INIT 54818 TSM:INIT:TSP OK 54820 TSF:SID:OK,ID=100 54822 TSM:FPAR 54824 Will not sign message for destination 255 as it does not require it 54874 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 56883 !TSM:FPAR:NO REPLY 56885 TSM:FPAR 56887 Will not sign message for destination 255 as it does not require it 56936 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:please help me once again
Thank you -
and on the node this sketch:
/* * The MySensors Arduino library handles the wireless radio link and protocol * between your home built sensors/actuators and HA controller of choice. * The sensors forms a self healing radio network with optional repeaters. Each * repeater and gateway builds a routing tables in EEPROM which keeps track of the * network topology allowing messages to be routed to nodes. * * Created by Henrik Ekblad <henrik.ekblad@mysensors.org> * Copyright (C) 2013-2015 Sensnology AB * Full contributor list: https://github.com/mysensors/Arduino/graphs/contributors * * Documentation: http://www.mysensors.org * Support Forum: http://forum.mysensors.org * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * ******************************* */ #include <stdint.h> #include <pins_arduino.h> #define MY_DEBUG #define MY_DEBUG_VERBOSE_SIGNING #define MY_RADIO_NRF24 //#define MY_SIGNING_SOFT #define MY_SIGNING_ATSHA204 //#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}} #define MY_SIGNING_REQUEST_SIGNATURES #ifndef MY_SIGNING_SOFT_RANDOMSEED_PIN #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 #endif #ifndef MY_SIGNING_ATSHA204_PIN #define MY_SIGNING_ATSHA204_PIN 17 #endif #define MY_RF24_ENABLE_ENCRYPTION #include <MySensors.h>But the node does not connect and i get this on the serial monitor:
0 MCO:BGN:INIT NODE,CP=RNNNAA-,VER=2.1.1 4 TSM:INIT 4 TSF:WUR:MS=0 12 TSM:INIT:TSP OK 14 TSF:SID:OK,ID=100 16 TSM:FPAR 18 Will not sign message for destination 255 as it does not require it 67 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 2076 !TSM:FPAR:NO REPLY 2078 TSM:FPAR 2080 Will not sign message for destination 255 as it does not require it 2127 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 4139 !TSM:FPAR:NO REPLY 4141 TSM:FPAR 4143 Will not sign message for destination 255 as it does not require it 4190 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 6199 !TSM:FPAR:NO REPLY 6201 TSM:FPAR 6203 Will not sign message for destination 255 as it does not require it 6250 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 8259 !TSM:FPAR:FAIL 8261 TSM:FAIL:CNT=1 8263 TSM:FAIL:PDT 18266 TSM:FAIL:RE-INIT 18268 TSM:INIT 18276 TSM:INIT:TSP OK 18278 TSF:SID:OK,ID=100 18280 TSM:FPAR 18282 Will not sign message for destination 255 as it does not require it 18331 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 20340 !TSM:FPAR:NO REPLY 20342 TSM:FPAR 20344 Will not sign message for destination 255 as it does not require it 20393 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 22403 !TSM:FPAR:NO REPLY 22405 TSM:FPAR 22407 Will not sign message for destination 255 as it does not require it 22456 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 24465 !TSM:FPAR:NO REPLY 24467 TSM:FPAR 24469 Will not sign message for destination 255 as it does not require it 24518 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 26527 !TSM:FPAR:FAIL 26529 TSM:FAIL:CNT=2 26531 TSM:FAIL:PDT 36534 TSM:FAIL:RE-INIT 36536 TSM:INIT 36544 TSM:INIT:TSP OK 36546 TSF:SID:OK,ID=100 36548 TSM:FPAR 36550 Will not sign message for destination 255 as it does not require it 36599 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 38610 !TSM:FPAR:NO REPLY 38612 TSM:FPAR 38615 Will not sign message for destination 255 as it does not require it 38664 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 40673 !TSM:FPAR:NO REPLY 40675 TSM:FPAR 40677 Will not sign message for destination 255 as it does not require it 40726 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 42735 !TSM:FPAR:NO REPLY 42737 TSM:FPAR 42739 Will not sign message for destination 255 as it does not require it 42788 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 44800 !TSM:FPAR:FAIL 44802 TSM:FAIL:CNT=3 44804 TSM:FAIL:PDT 54808 TSM:FAIL:RE-INIT 54810 TSM:INIT 54818 TSM:INIT:TSP OK 54820 TSF:SID:OK,ID=100 54822 TSM:FPAR 54824 Will not sign message for destination 255 as it does not require it 54874 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 56883 !TSM:FPAR:NO REPLY 56885 TSM:FPAR 56887 Will not sign message for destination 255 as it does not require it 56936 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:please help me once again
Thank you
