Sensebender Micro

ximinez

What is the easiest and fastest way to sign and verify? I don't have a gateway set up quite yet.
(And, is any part of setting this up dependent on serial integrity? If so I might have to adjust baud quite a bit)

Anticimex

@ximinez Well, without a gw the only option is to use node peer to peer transmissons to test signing. How to do it is described in the signing documentation, assuming you use development branch, you can see here. For master, look here.

ximinez

I have an Uno with an ethernet shield and nrf24 hooked up, so I will have to get around to write a sketch for that purpose.
But to get signing to work, I'll have to personalize the atsha? That sketch doesn't compile for me.

Anticimex

Yes, you have to personalize it. What is failing? I don't have an Uno myself, but according to Jenkins the personalizer compiles ok for Uno on both master and development. You don't have any local changes?

ximinez

The personalization fails to compile for my sensebender micro. There's a few undeclared:

Personalizer:225: error: 'EEPROM_SIGNING_SOFT_HMAC_KEY_ADDRESS' was not declared in this scope
Personalizer:225: error: 'hwReadConfigBlock' was not declared in this scope
Personalizer:236: error: 'EEPROM_SIGNING_SOFT_SERIAL_ADDRESS' was not declared in this scope
Personalizer:247: error: 'EEPROM_RF_ENCRYPTION_AES_KEY_ADDRESS' was not declared in this scope
Personalizer:697: error: 'hwMillis' was not declared in this scope

I'm trying to compile this against master however. Do I have to have dev branch to compile that sketch?

ximinez

Fails with the same errors on Uno for me.

Anticimex

@ximinez and you are certain you have no local changes to the code? Jenkins builds both master and development branches every night for both the SenseBender and the uno and it builds all examples, including the personalizer without issues.

ximinez

Pretty sure.
I'll wipe my library dir and redownload master.

Anticimex

If memory serves me, some of the errors you get seem to originate from code on development branch. The eeprom addresses are to my knowledge not yet available on master.

ximinez

Ok, moved from master to dev. Sketch compiled. Not quite the output I expected however.

EEPROM configuration:
SOFT_HMAC_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
SOFT_SERIAL | FFFFFFFFFFFFFFFFFF
AES_KEY | FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Anticimex

@ximinez it is the output I expected. You have gone for soft signing, and you see the reset values of the eeprom. You need to pick atsha settings. The link I gave you gives the exact settings to personalize both for software and atsha backends.

ximinez

Got it now :)
I had two different sketches and had edited the wrong one. Now I have actual values.
Is there an example GW sketch that I can load quickly to my Uno/W5100 shield/NRF24?

Anticimex

:thumbsup:
I'm rusty on the gateways. But on development branch, configuring signing is easier than on master branch. My link gives the details on signing configuration for both nodes and gateways with examples.

ximinez

Yeah, I'm struggling a bit with those instructions. I've set up my gateway with soft signing, and got sane values written to EEPROM.
Now, do I need any of the three values to personalize the sensebender?
SOFT_HMAC_KEY?

Anticimex

@ximinez the SenseBender you have patched/cut needs atsha personalization, so no SOFT anything. But you need to have the same hmac key stored on the atsha on the SenseBender as you have picked as soft hmac key in eeprom of your gateway (the node you have personalized for soft signing).

ximinez

@Anticimex Yeah, that's what I asked ;)

I get:
Writing key to slot 0...
Data lock failed. Response: D3

Anticimex

@ximinez locking data is a very bad idea. It will prevent you from changing the hmac key. You only need to (and should) lock configuration. Only lock data if you really know what you are doing.

ximinez

Writing key to slot 0...
Data not locked. Define LOCK_DATA to lock for real.

Personalization is now complete.
Configuration is LOCKED
Data is UNLOCKED

Anticimex

@ximinez looks good. You should be done with personalization. Remember to require signatures from the SenseBender in addition to "enabling" it. You can also require signature on the GW, thus forcing all communications between them to be signed. The serial console will reveal how it goes. You can enable verbose debug (MY_DEBUG_VERBOSE_SIGNING) for the signing if you want more details on the signing parts.

ximinez

I have the sensor sketch mostly done, but I'll have to do some soldering again tomorrow. It looks like D7 got burnt when I plugged in my ESP8266, giving ~0,5v out on that pin. Will have to work around that:

Sôártinç óensor (RÎONA-, 2.0.0-beta)
Raäio init æáiìåd. Ãèeck wiring.

When that is OK, I'll look at the GW sketch.