Signing (Hardware) not working, don't know it anymore



  • Hello,
    First of all i want say MySensors is very great and fun to do.
    And with signing implemented it's a realy mature product (if it only would work...).
    I have read the complete signing post but i can't figure out why it is not working.
    Precious i build an RGB controller and without implementing signing it works.
    Now i want to implement signing and it won't work.
    Here is the log from the gateway :

    0;0;3;0;9;read: 3-3-0 s=5,c=1,t=8,pt=2,l=2,sg=0:0
    3;5;1;0;8;0
    0;0;3;0;9;send: 0-0-0-0 s=0,c=1,t=2,pt=0,l=1,sg=0,st=fail:1
    0;0;3;0;9;read: 3-3-0 s=3,c=1,t=4,pt=7,l=5,sg=0:1008
    3;3;1;0;4;1008
    0;0;3;0;9;read: 3-3-0 s=6,c=1,t=16,pt=2,l=2,sg=0:1
    3;6;1;0;16;1
    0;0;3;0;9;read: 3-3-0 s=7,c=1,t=6,pt=2,l=2,sg=0:-1023
    3;7;1;0;6;-1023
    0;0;3;0;9;send: 0-0-2-2 s=0,c=3,t=16,pt=0,l=0,sg=0,st=ok:
    0;0;3;0;9;read: 3-3-0 s=5,c=1,t=8,pt=2,l=2,sg=0:0
    3;5;1;0;8;0
    0;0;3;0;9;sign fail
    0;0;3;0;9;read: 3-3-0 s=3,c=1,t=4,pt=7,l=5,sg=0:1008
    3;3;1;0;4;1008
    0;0;3;0;9;read: 3-3-0 s=6,c=1,t=16,pt=2,l=2,sg=0:1
    3;6;1;0;16;1
    0;0;3;0;9;read: 3-3-0 s=7,c=1,t=6,pt=2,l=2,sg=0:-1023
    3;7;1;0;6;-1023
    0;0;3;0;9;send: 0-0-2-2 s=0,c=3,t=16,pt=0,l=0,sg=0,st=ok:
    0;0;3;0;9;read: 2-2-0 s=255,c=3,t=17,pt=6,l=25,sg=0:019613760F72635FB
    0;0;3;0;9;send: 0-0-2-2 s=0,c=1,t=2,pt=0,l=1,sg=1,st=ok:1
    0;0;3;0;9;read: 3-3-0 s=5,c=1,t=8,pt=2,l=2,sg=0:0
    3;5;1;0;8;0
    0;0;3;0;9;send: 0-0-2-2 s=0,c=3,t=16,pt=0,l=0,sg=0,st=ok:
    0;0;3;0;9;read: 2-2-0 s=255,c=3,t=17,pt=6,l=25,sg=0:019613760F72635FB
    0;0;3;0;9;send: 0-0-2-2 s=0,c=1,t=40,pt=0,l=6,sg=1,st=ok:FF006B
    0;0;3;0;9;send: 0-0-2-2 s=0,c=3,t=16,pt=0,l=0,sg=0,st=ok:
    0;0;3;0;9;read: 3-3-0 s=3,c=1,t=4,pt=7,l=5,sg=0:1008
    3;3;1;0;4;1008
    0;0;3;0;9;read: 3-3-0 s=6,c=1,t=16,pt=2,l=2,sg=0:1
    3;6;1;0;16;1
    0;0;3;0;9;read: 3-3-0 s=7,c=1,t=6,pt=2,l=2,sg=0:-1023
    3;7;1;0;6;-1023
    0;0;3;0;9;read: 2-2-0 s=255,c=3,t=17,pt=6,l=25,sg=0:019613760F72635FB
    0;0;3;0;9;send: 0-0-2-2 s=0,c=1,t=3,pt=0,l=3,sg=1,st=ok:100
    0;0;3;0;9;read: 3-3-0 s=5,c=1,t=8,pt=2,l=2,sg=0:0
    3;5;1;0;8;0
    0;0;3;0;9;read: 3-3-0 s=3,c=1,t=4,pt=7,l=5,sg=0:1008
    3;3;1;0;4;1008
    0;0;3;0;9;read: 3-3-0 s=6,c=1,t=16,pt=2,l=2,sg=0:1
    3;6;1;0;16;1
    0;0;3;0;9;read: 3-3-0 s=7,c=1,t=6,pt=2,l=2,sg=0:-1023
    3;7;1;0;6;-1023
    0;0;3;0;9;read: 3-3-0 s=5,c=1,t=8,pt=2,l=2,sg=0:0
    3;5;1;0;8;0
    

    The gateway seems to send signed commands (sg=1)
    Here is the log from my RGB controller :

    send: 2-2-0-0 s=255,c=3,t=15,pt=2,l=2,sg=0,st=ok:1
    read: 0-0-2 s=255,c=3,t=15,pt=2,l=2,sg=0:0
    send: 2-2-0-0 s=255,c=0,t=17,pt=0,l=5,sg=0,st=ok:1.5.4
    send: 2-2-0-0 s=255,c=3,t=6,pt=1,l=1,sg=0,st=ok:0
    sensor started, id=2, parent=0, distance=1
    send: 2-2-0-0 s=255,c=3,t=11,pt=0,l=9,sg=0,st=ok:RGB_STRIP
    send: 2-2-0-0 s=255,c=3,t=12,pt=0,l=3,sg=0,st=ok:1.0
    send: 2-2-0-0 s=0,c=0,t=26,pt=0,l=9,sg=0,st=ok:RGB Strip
    send: 2-2-0-0 s=0,c=2,t=40,pt=0,l=0,sg=0,st=ok:
    read: 0-0-2 s=0,c=3,t=16,pt=0,l=0,sg=0:
    send: 2-2-0-0 s=255,c=3,t=17,pt=6,l=25,sg=0,st=ok:019613760F72635FBDB44A5A0A63C39F12AF30F950A6EE5C97
    read: 0-0-2 s=0,c=3,t=16,pt=0,l=0,sg=0:
    send: 2-2-0-0 s=255,c=3,t=17,pt=6,l=25,sg=0,st=ok:019613760F72635FBDB44A5A0A63C39F12AF30F950A6EE5C97
    verify fail
    read: 0-0-2 s=0,c=3,t=16,pt=0,l=0,sg=0:
    send: 2-2-0-0 s=255,c=3,t=17,pt=6,l=25,sg=0,st=ok:019613760F72635FBDB44A5A0A63C39F12AF30F950A6EE5C97
    verify fail
    read: 0-0-2 s=0,c=3,t=16,pt=0,l=0,sg=0:
    send: 2-2-0-0 s=255,c=3,t=17,pt=6,l=25,sg=0,st=ok:019613760F72635FBDB44A5A0A63C39F12AF30F950A6EE5C97
    verify fail
    read: 0-0-2 s=0,c=3,t=16,pt=0,l=0,sg=0:
    send: 2-2-0-0 s=255,c=3,t=17,pt=6,l=25,sg=0,st=ok:019613760F72635FBDB44A5A0A63C39F12AF30F950A6EE5C97
    verify fail
    read: 0-0-2 s=0,c=3,t=16,pt=0,l=0,sg=0:
    send: 2-2-0-0 s=255,c=3,t=17,pt=6,l=25,sg=0,st=ok:019613760F72635FBDB44A5A0A63C39F12AF30F950A6EE5C97
    verify fail
    

    It looks like it is not receiving signed command's (sg=0) and giving Verify Fail, and the led's ar not burning up...
    Here is the sketch from the controller :

    #include <MySensor.h>
    #include <SPI.h>
    #include <MySigningAtsha204.h>
    
    #define BLUE_PIN 3
    #define GREEN_PIN 5
    #define RED_PIN 6
    
    #define NODE_ID 2
    #define CHILD_ID 0
    #define SKETCH_NAME "RGB_STRIP"
    #define SKETCH_VERSION "1.0"
    #define NODE_REPEAT false
    
    MyTransportNRF24 radio;  // NRFRF24L01 radio driver
    MyHwATMega328 hw; // Select AtMega328 hardware profile
    MySigningAtsha204 signer(true); // Select HW ATSHA signing backend
    
    MySensor gw(radio, hw, signer);
    
    long RGB_values[3] = {0, 0, 0};
    float dimmer;
    
    void setup() {
    
    
      pinMode(RED_PIN, OUTPUT);
      pinMode(GREEN_PIN, OUTPUT);
      pinMode(BLUE_PIN, OUTPUT);
    
      gw.begin(incomingMessage, NODE_ID, NODE_REPEAT);
      gw.sendSketchInfo(SKETCH_NAME, SKETCH_VERSION);
      gw.present(CHILD_ID, S_RGB_LIGHT, "RGB Strip", false);
      gw.request(CHILD_ID, V_RGB);
    }
    
    void loop() {
      gw.process();
    }
    
    void incomingMessage(const MyMessage &message) {
    
      if (message.type == V_RGB) {
    
        String hexstring = message.getString();
        long number = (long) strtol( &hexstring[0], NULL, 16);
        RGB_values[0] = number >> 16;
        RGB_values[1] = number >> 8 & 0xFF;
        RGB_values[2] = number & 0xFF;
      }
      if (message.type == V_DIMMER) {
        dimmer = message.getInt();
        analogWrite(RED_PIN, int(RGB_values[0] * (dimmer / 100)));
        analogWrite(GREEN_PIN, int(RGB_values[1] * (dimmer / 100)));
        analogWrite(BLUE_PIN, int(RGB_values[2] * (dimmer / 100)));
      }
    
      if (message.type == V_LIGHT) {
        if (message.getInt() == 0) {
          digitalWrite(RED_PIN, 0);
          digitalWrite(GREEN_PIN, 0);
          digitalWrite(BLUE_PIN, 0);
    
        }
        if (message.getInt() == 1) {
          analogWrite(RED_PIN, int(RGB_values[0] * (dimmer / 100)));
          analogWrite(GREEN_PIN, int(RGB_values[1] * (dimmer / 100)));
          analogWrite(BLUE_PIN, int(RGB_values[2] * (dimmer / 100)));
        }
      }
    }
    
    

    And the sketch from the serial gateway :

    #define NO_PORTB_PINCHANGES  
    
    #include <MySigningNone.h>
    #include <MyTransportRFM69.h>
    #include <MyTransportNRF24.h>
    #include <MyHwATMega328.h>
    #include <MySigningAtsha204Soft.h>
    #include <MySigningAtsha204.h>
    
    #include <SPI.h>  
    #include <MyParserSerial.h>  
    #include <MySensor.h>  
    #include <stdarg.h>
    #include <PinChangeInt.h>
    #include "GatewayUtil.h"
    
    #define INCLUSION_MODE_TIME 1 // Number of minutes inclusion mode is enabled
    #define INCLUSION_MODE_PIN  3 // Digital pin used for inclusion mode button
    #define RADIO_ERROR_LED_PIN 4  // Error led pin
    #define RADIO_RX_LED_PIN    6  // Receive led pin
    #define RADIO_TX_LED_PIN    5  // the PCB, on board LED
    
    // NRFRF24L01 radio driver (set low transmit power by default) 
    MyTransportNRF24 transport(RF24_CE_PIN, RF24_CS_PIN, RF24_PA_LEVEL_GW);
    //MyTransportRFM69 transport;
    
    // Message signing driver (signer needed if MY_SIGNING_FEATURE is turned on in MyConfig.h)
    //MySigningNone signer;
    //MySigningAtsha204Soft signer;
    //MySigningAtsha204 signer;
    
    MySigningAtsha204 signer(false, 0); // Select HW ATSHA signing backend
    
    // Hardware profile 
    MyHwATMega328 hw;
    
    // Construct MySensors library (signer needed if MY_SIGNING_FEATURE is turned on in MyConfig.h)
    // To use LEDs blinking, uncomment WITH_LEDS_BLINKING in MyConfig.h
    #ifdef WITH_LEDS_BLINKING
    MySensor gw(transport, hw /*, signer*/, RADIO_RX_LED_PIN, RADIO_TX_LED_PIN, RADIO_ERROR_LED_PIN);
    #else
    //MySensor gw(transport, hw /*, signer*/);
    MySensor gw(transport, hw , signer);
    #endif
    
    char inputString[MAX_RECEIVE_LENGTH] = "";    // A string to hold incoming commands from serial/ethernet interface
    int inputPos = 0;
    boolean commandComplete = false;  // whether the string is complete
    
    void parseAndSend(char *commandBuffer);
    
    void output(const char *fmt, ... ) {
       va_list args;
       va_start (args, fmt );
       vsnprintf_P(serialBuffer, MAX_SEND_LENGTH, fmt, args);
       va_end (args);
       Serial.print(serialBuffer);
    }
    
      
    void setup()  
    { 
      gw.begin(incomingMessage, 0, true, 0);
    
      setupGateway(INCLUSION_MODE_PIN, INCLUSION_MODE_TIME, output);
    
      // Add interrupt for inclusion button to pin
      PCintPort::attachInterrupt(pinInclusion, startInclusionInterrupt, RISING);
    
    
      // Send startup log message on serial
      serial(PSTR("0;0;%d;0;%d;Gateway startup complete.\n"),  C_INTERNAL, I_GATEWAY_READY);
    }
    
    void loop()  
    { 
      gw.process();
    
      checkButtonTriggeredInclusion();
      checkInclusionFinished();
      
      if (commandComplete) {
        // A command wass issued from serial interface
        // We will now try to send it to the actuator
        parseAndSend(gw, inputString);
        commandComplete = false;  
        inputPos = 0;
      }
    }
    
    
    /*
      SerialEvent occurs whenever a new data comes in the
     hardware serial RX.  This routine is run between each
     time loop() runs, so using delay inside loop can delay
     response.  Multiple bytes of data may be available.
     */
    void serialEvent() {
      while (Serial.available()) {
        // get the new byte:
        char inChar = (char)Serial.read(); 
        // if the incoming character is a newline, set a flag
        // so the main loop can do something about it:
        if (inputPos<MAX_RECEIVE_LENGTH-1 && !commandComplete) { 
          if (inChar == '\n') {
            inputString[inputPos] = 0;
            commandComplete = true;
          } else {
            // add it to the inputString:
            inputString[inputPos] = inChar;
            inputPos++;
          }
        } else {
           // Incoming message too long. Throw away 
            inputPos = 0;
        }
      }
    }
    
    

    I made the apropriate adjustment to the MyConfig.h :

    /**********************************
    *  Message Signing Settings
    ***********************************/
    // Disable to completly disable signing functionality in library
    #define MY_SIGNING_FEATURE
    
    // Define a suitable timeout for a signature verification session
    // Consider the turnaround from a nonce being generated to a signed message being received
    // which might vary, especially in networks with many hops. 5s ought to be enough for anyone.
    #define MY_VERIFICATION_TIMEOUT_MS 15000
    
    // Enable to turn on whitelisting
    // When enabled, a signing node will salt the signature with it's unique signature and nodeId.
    // The verifying node will look up the sender in a local table of trusted nodes and
    // do the corresponding salting in order to verify the signature.
    // For this reason, if whitelisting is enabled on one of the nodes in a sign-verify pair, both
    // nodes have to implement whitelisting for this to work.
    // Note that a node can still transmit a non-salted message (i.e. have whitelisting disabled)
    // to a node that has whitelisting enabled (assuming the receiver does not have a matching entry
    // for the sender in it's whitelist)
    //#define MY_SECURE_NODE_WHITELISTING
    
    // MySigningAtsha204 default setting
    #define MY_ATSHA204_PIN 17 // A3 - pin where ATSHA204 is attached
    
    // MySigningAtsha204Soft default settings
    #define MY_RANDOMSEED_PIN 7 // A7 - Pin used for random generation (do not connect anything to this)
    
    // Key to use for HMAC calculation in MySigningAtsha204Soft (32 bytes)
    #define MY_HMAC_KEY (Here is the key i generated with the personalizer)
    
    

    Both have the ATSHA204A soldered on A3 and are personalized with the key i generated with personalize sketch :

    #include <sha204_library.h>
    #include <sha204_lib_return_codes.h>
    
    // The pin the ATSHA204 is connected on
    #define ATSHA204_PIN 17 // A3
    
    // Uncomment this to enable locking the configuration zone.
    // *** BE AWARE THAT THIS PREVENTS ANY FUTURE CONFIGURATION CHANGE TO THE CHIP ***
    // It is still possible to change the key, and this also enable random key generation
    #define LOCK_CONFIGURATION
    
    // Uncomment this to enable locking the data zone.
    // *** BE AWARE THAT THIS PREVENTS THE KEY TO BE CHANGED ***
    // It is not required to lock data, key cannot be retrieved anyway, but by locking
    // data, it can be guaranteed that nobody even with physical access to the chip,
    // will be able to change the key.
    #define LOCK_DATA
    
    // Uncomment this to skip key storage (typically once key has been written once)
    //#define SKIP_KEY_STORAGE
    
    // Uncomment this to skip key data storage (once configuration is locked, key
    // will aways randomize)
    // Uncomment this to skip key generation and use 'user_key_data' as key instead.
    #define USER_KEY_DATA
    
    // Uncomment this for boards that lack UART
    // IMPORTANT: No confirmation will be required for locking any zones with this
    // configuration!
    // Also, key generation is not permitted in this mode as there is no way of
    // presenting the generated key.
    #define SKIP_UART_CONFIRMATION
    
    #if defined(SKIP_UART_CONFIRMATION) && !defined(USER_KEY_DATA)
    #error You have to define USER_KEY_DATA for boards that does not have UART
    #endif
    
    #ifdef USER_KEY_DATA
    #define MY_HMAC_KEY YOU WOULD LIKE TO,\
                        KNOW THIS WOULD YOU
    const uint8_t user_key_data[32] = {MY_HMAC_KEY};
    #endif
    
    

    I am a litle lost right now, any help would be appriciated.
    Why is my RGB controller nor responding to message's from the gateway.
    Why it keeps saying Verify Fail.
    With regard's
    Peer


Log in to reply
 

Suggested Topics

  • 3
  • 1
  • 3
  • 2
  • 24
  • 2

0
Online

11.2k
Users

11.1k
Topics

112.5k
Posts