💬 Building a Raspberry Pi Gateway
-
@alowhum if you put it in myconfig.h also on the arduino library you can just recompile the nodes and you are good.
-
I can assure you I am using 2.2 from development as I am also running new driver. So unless you changed something in the last 3 weeks on the development branch it still works, unless the nodes are keeping the key saved.
-
I can assure you I am using 2.2 from development as I am also running new driver. So unless you changed something in the last 3 weeks on the development branch it still works, unless the nodes are keeping the key saved.
@gohan If you see here, you will find that unless you use the simple password option, AES key is fetched from EEPROM: https://github.com/mysensors/MySensors/blob/28c4f3f19e7026f56fd9bbc61d566f770fd7a9d2/hal/transport/MyTransportRF24.cpp#L68
So either you are using the simple flag, nothing at all, or not using the key you think you use. -
Well, if I have communication working it means the node should be encrypting data. I'll have to try with clear eeprom and try flashing sketch again
-
@anticimex I guess you were right... the gw and node aren't using the AES key. So where am I supposed to add it in the gateway?
@gohan you set that with the configure arguments I suspect, but I can't see it in the documentation. @marceloaqno perhaps knows how the rPi port handles this. I'm on a phone so I can't check the code easily. But you should be able to find it in the transport driver for rPi. On the rPi it can probably be defined in the code as it does not have a personalizer.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@gohan you set that with the configure arguments I suspect, but I can't see it in the documentation. @marceloaqno perhaps knows how the rPi port handles this. I'm on a phone so I can't check the code easily. But you should be able to find it in the transport driver for rPi. On the rPi it can probably be defined in the code as it does not have a personalizer.
-
@anticimex It doesn't read it from the mysonfig.h for sure as it is where I always put it
@gohan MyConfig.h does to my knowledge not have a define value for that. You cannot add new definitions to it and expect them to have an effect. If there is one already defined in there, as a comment or not, and it does not have an effect, please report a bug on it.
-
@marceloaqno Thank's for you help. I have other question.. general I try configure my gateway to work with security & signing, but they doesn't work. Where is problem? On the bottom i send point what it do it:
Gateway:
./configure --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-mqtt-password=PASS --my-mqtt-user=USER --my-rf24-encryption-enabled --my-signing=software --my-signing-request-signatures --my-signing-request-gw-signatures-from-allmakesudo make installsudo systemctl enable mysgw.servicesudo systemctl start mysgw.servicesudo mysgw --gen-soft-hmac-keysudo mysgw --set-soft-hmac-key=02417628BC1573CC380...sudo mysgw --gen-soft-serial-keysudo mysgw --set-soft-serial-key=00762CD152B868F7EBsudo mysgw --gen-aes-keysudo mysgw --set-aes-key= A790AD78B2D8B4DBBB5B2C4B9DD6DAF3
Node:
- Load script
SecurityPersonalizer.ino - Uncomment and send sketch to arduino
#define USE_SOFT_SIGNING #define STORE_SOFT_KEY #define USER_SOFT_KEY #define STORE_SOFT_SERIAL #define STORE_AES_KEY #define USER_AES_KEY #define MY_SOFT_HMAC_KEY 0X2,0X41,0X76,0X28,0XBC,0X15,0X73,0XCC,0X38... #define MY_AES_KEY 0XA7,0X90,0XAD,0X78,0XB2,0XD8...- Read all value from EPROM (test save):
Personalization sketch for MySensors usage. ------------------------------------------- EEPROM configuration: SOFT_HMAC_KEY | 02417628BC1573CC380DE0FADF7C87D7D3C77272A783E6E438786A07C3A8C6CF SOFT_SERIAL | 39BB1370C289643251 AES_KEY | A790AD78B2D8B4DBBB5B2C4B9DD6DAF3 -------------------------------- Personalization is now complete.- Send sample sketch to arduino:
//!< Enable debug prints to serial monitor #define MY_DEBUG //!< Enable signing related debug prints to serial monitor #define MY_DEBUG_VERBOSE_SIGNING // Enable NRF24L01 radio type #define MY_RADIO_NRF24 // Select soft signing #define MY_SIGNING_SOFT // Enable lockdown of node if suspicious activity is detected //-->> #define MY_NODE_LOCK_FEATURE // Enable node whitelisting //#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}} // Enable this if you want destination node to sign all messages sent to this node. #define MY_SIGNING_REQUEST_SIGNATURES // SETTINGS FOR MY_SIGNING_SOFT #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 //!< Unconnected analog pin for random seed // Add repeater function to this sensor #define MY_REPEATER_FEATURE #include <SPI.h> #include <MySensors.h> #include <Bounce2.h> #define RELAY_PIN 4 // Arduino Digital I/O pin number for relay #define BUTTON_PIN 3 // Arduino Digital I/O pin number for button #define CHILD_ID 1 // Id of the sensor child #define RELAY_ON 1 #define RELAY_OFF 0 Bounce debouncer = Bounce(); int oldValue = 0; bool state; MyMessage msg(CHILD_ID, V_LIGHT); void setup() { // Setup the button pinMode(BUTTON_PIN, INPUT); // Activate internal pull-up digitalWrite(BUTTON_PIN, HIGH); // After setting up the button, setup debouncer debouncer.attach(BUTTON_PIN); debouncer.interval(5); // Make sure relays are off when starting up digitalWrite(RELAY_PIN, RELAY_OFF); // Then set relay pins in output mode pinMode(RELAY_PIN, OUTPUT); // Set relay to last known state (using eeprom storage) state = loadState(CHILD_ID); digitalWrite(RELAY_PIN, state ? RELAY_ON : RELAY_OFF); } void presentation() { // Send the sketch version information to the gateway and Controller sendSketchInfo("Relay & Button", "1.0"); // Register all sensors to gw (they will be created as child devices) present(CHILD_ID, S_LIGHT, "Switch Secure Sensor", false); } /* Example on how to asynchronously check for new messages from gw */ void loop() { debouncer.update(); // Get the update value int value = debouncer.read(); // if (value != oldValue && value == 0) { send(msg.set(state ? false : true), true); // Send new state and request ack back // } // oldValue = value; delay(5000); } void receive(const MyMessage &message) { // We only expect one type of message from controller. But we better check anyway. if (message.isAck()) { Serial.println("This is an ack from gateway"); } if (message.type == V_LIGHT) { // Change relay state state = message.getBool(); digitalWrite(RELAY_PIN, state ? RELAY_ON : RELAY_OFF); // Store state in eeprom // saveState(CHILD_ID, state); // Write some debug info Serial.print("Incoming change for sensor:"); Serial.print(message.sensor); Serial.print(", New status: "); Serial.println(message.getBool()); } }And finally in Arduino Serial Monitor I see:
0 MCO:BGN:INIT REPEATER,CP=RNNRAS-,VER=2.1.1 4 TSM:INIT 5 TSF:WUR:MS=0 11 TSM:INIT:TSP OK 13 TSF:SID:OK,ID=105 15 TSM:FPAR 16 Will not sign message for destination 255 as it does not require it 58 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 2065 !TSM:FPAR:NO REPLY 2067 TSM:FPAR 2068 Will not sign message for destination 255 as it does not require it 2110 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 4117 !TSM:FPAR:NO REPLY 4119 TSM:FPAR 4120 Will not sign message for destination 255 as it does not require it 4162 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 6169 !TSM:FPAR:NO REPLY 6171 TSM:FPAR 6172 Will not sign message for destination 255 as it does not require it 6214 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 8221 !TSM:FPAR:FAIL 8222 TSM:FAIL:CNT=1 8224 TSM:FAIL:PDTand in gateway i see:
sudo mysgw -d mysgw: Starting gateway... mysgw: Protocol version - 2.1.1 mysgw: MCO:BGN:INIT GW,CP=RNNG-S-,VER=2.1.1 mysgw: TSF:LRT:OK mysgw: TSM:INIT mysgw: TSF:WUR:MS=0 mysgw: TSM:INIT:TSP OK mysgw: TSM:INIT:GW MODE mysgw: TSM:READY:ID=0,PAR=0,DIS=0 mysgw: MCO:REG:NOT NEEDED mysgw: MCO:BGN:STP mysgw: MCO:BGN:INIT OK,TSP=1 mysgw: Attempting MQTT connection... mysgw: connected to 127.0.0.1 mysgw: MQTT connected mysgw: Sending message on topic: mysensors-out/0/255/0/0/18 mysgw: TSF:MSG:READ,171-107-54,s=221,c=2,t=131,pt=4,l=25,sg=0:-1418183441 mysgw: !TSF:MSG:PVER,3=2 mysgw: TSF:MSG:READ,135-23-172,s=20,c=3,t=200,pt=7,l=25,sg=0:-0.00000178 mysgw: !TSF:MSG:PVER,1=2 mysgw: TSF:MSG:READ,34-66-89,s=168,c=1,t=9,pt=1,l=25,sg=0:56 mysgw: !TSF:MSG:PVER,1=2 mysgw: TSF:MSG:READ,223-46-240,s=112,c=5,t=192,pt=5,l=11,sg=1:1407647670 mysgw: TSF:MSG:REL MSG mysgw: !TSF:RTE:240 UNKNOWN mysgw: !TSF:MSG:SEND,223-0-240-240,s=112,c=5,t=192,pt=5,l=11,sg=1,ft=0,st=NACK:1407647670 mysgw: TSF:MSG:READ,183-139-129,s=37,c=6,t=155,pt=1,l=21,sg=0:48 mysgw: !TSF:MSG:PVER,0=2 mysgw: TSF:MSG:READ,139-214-233,s=61,c=3,t=193,pt=7,l=0,sg=1:0.00000000 mysgw: TSF:MSG:REL MSG mysgw: !TSF:RTE:233 UNKNOWN mysgw: !TSF:MSG:SEND,139-0-233-233,s=61,c=3,t=193,pt=7,l=0,sg=1,ft=0,st=NACK:0.00000000 mysgw: TSF:MSG:READ,83-33-7,s=179,c=2,t=27,pt=4,l=25,sg=1:-2057270722 mysgw: !TSF:MSG:PVER,3=2 mysgw: TSF:MSG:READ,110-148-67,s=113,c=0,t=158,pt=1,l=9,sg=1:251 mysgw: !TSF:MSG:PVER,1=2 mysgw: TSF:MSG:READ,75-209-102,s=204,c=7,t=25,pt=1,l=11,sg=1:52 mysgw: !TSF:MSG:PVER,0=2 mysgw: TSF:MSG:READ,184-209-235,s=58,c=1,t=140,pt=6,l=23,sg=1:1DC404A5401119FACF0000000000000000000000000000 mysgw: !TSF:MSG:PVER,3=2 mysgw: TSF:MSG:READ,172-203-51,s=140,c=2,t=173,pt=0,l=1,sg=1:? mysgw: TSF:MSG:REL MSG mysgw: !TSF:RTE:51 UNKNOWN mysgw: !TSF:MSG:SEND,172-0-51-51,s=140,c=2,t=173,pt=0,l=1,sg=1,ft=0,st=NACK:?Where is problem?
@macvictor
I followed all the step that you mentioned in your post to establish the serial gateway. However I am still not able to receive the message from arduino. Could you please what to do?import RPi.GPIO as GPIO
from lib_nrf24 import NRF24
import time
import spidevGPIO.setmode(GPIO.BCM)
pipes = [[0xE8, 0xE8, 0xF0, 0xF0, 0xE1], [0xF0, 0xF0, 0xF0, 0xF0, 0xE1]]
radio = NRF24(GPIO, spidev.SpiDev())radio.begin(0,8)
radio.setPayloadSize(32)
radio.setChannel(0x76)
radio.setDataRate(NRF24.BR_1MBPS)
radio.setPALevel (NRF24.PA_MAX)
radio.setAutoAck(True)
radio.enableDynamicPayloads()
radio.enableAckPayload()
radio.openReadingPipe(1 ,pipes[1])
radio.printDetails()
radio.startListening()
radio.GPIO.cleanup()Please find below my raspberry code..can you please suggest , if there is any issue with code or am I missing anything ?
-
@macvictor
I followed all the step that you mentioned in your post to establish the serial gateway. However I am still not able to receive the message from arduino. Could you please what to do?import RPi.GPIO as GPIO
from lib_nrf24 import NRF24
import time
import spidevGPIO.setmode(GPIO.BCM)
pipes = [[0xE8, 0xE8, 0xF0, 0xF0, 0xE1], [0xF0, 0xF0, 0xF0, 0xF0, 0xE1]]
radio = NRF24(GPIO, spidev.SpiDev())radio.begin(0,8)
radio.setPayloadSize(32)
radio.setChannel(0x76)
radio.setDataRate(NRF24.BR_1MBPS)
radio.setPALevel (NRF24.PA_MAX)
radio.setAutoAck(True)
radio.enableDynamicPayloads()
radio.enableAckPayload()
radio.openReadingPipe(1 ,pipes[1])
radio.printDetails()
radio.startListening()
radio.GPIO.cleanup()Please find below my raspberry code..can you please suggest , if there is any issue with code or am I missing anything ?
-
To upgrade to the latest release, can I use git pull, or is it better to delete the directory and start again?
Blog: https://www.wes.id.au/
Nodes: Arduino Pro Mini ATMega328P 3.3V 8MHz, RFM69 433MHz, Canton Power CE024 0.8-3.3V regulator & single AA battery
Gateway & Controller: Raspberry Pi 3 + Home Assistant -
To upgrade to the latest release, can I use git pull, or is it better to delete the directory and start again?
-
@marceloaqno Thank's for you help. I have other question.. general I try configure my gateway to work with security & signing, but they doesn't work. Where is problem? On the bottom i send point what it do it:
Gateway:
./configure --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-mqtt-password=PASS --my-mqtt-user=USER --my-rf24-encryption-enabled --my-signing=software --my-signing-request-signatures --my-signing-request-gw-signatures-from-allmakesudo make installsudo systemctl enable mysgw.servicesudo systemctl start mysgw.servicesudo mysgw --gen-soft-hmac-keysudo mysgw --set-soft-hmac-key=02417628BC1573CC380...sudo mysgw --gen-soft-serial-keysudo mysgw --set-soft-serial-key=00762CD152B868F7EBsudo mysgw --gen-aes-keysudo mysgw --set-aes-key= A790AD78B2D8B4DBBB5B2C4B9DD6DAF3
Node:
- Load script
SecurityPersonalizer.ino - Uncomment and send sketch to arduino
#define USE_SOFT_SIGNING #define STORE_SOFT_KEY #define USER_SOFT_KEY #define STORE_SOFT_SERIAL #define STORE_AES_KEY #define USER_AES_KEY #define MY_SOFT_HMAC_KEY 0X2,0X41,0X76,0X28,0XBC,0X15,0X73,0XCC,0X38... #define MY_AES_KEY 0XA7,0X90,0XAD,0X78,0XB2,0XD8...- Read all value from EPROM (test save):
Personalization sketch for MySensors usage. ------------------------------------------- EEPROM configuration: SOFT_HMAC_KEY | 02417628BC1573CC380DE0FADF7C87D7D3C77272A783E6E438786A07C3A8C6CF SOFT_SERIAL | 39BB1370C289643251 AES_KEY | A790AD78B2D8B4DBBB5B2C4B9DD6DAF3 -------------------------------- Personalization is now complete.- Send sample sketch to arduino:
//!< Enable debug prints to serial monitor #define MY_DEBUG //!< Enable signing related debug prints to serial monitor #define MY_DEBUG_VERBOSE_SIGNING // Enable NRF24L01 radio type #define MY_RADIO_NRF24 // Select soft signing #define MY_SIGNING_SOFT // Enable lockdown of node if suspicious activity is detected //-->> #define MY_NODE_LOCK_FEATURE // Enable node whitelisting //#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}} // Enable this if you want destination node to sign all messages sent to this node. #define MY_SIGNING_REQUEST_SIGNATURES // SETTINGS FOR MY_SIGNING_SOFT #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 //!< Unconnected analog pin for random seed // Add repeater function to this sensor #define MY_REPEATER_FEATURE #include <SPI.h> #include <MySensors.h> #include <Bounce2.h> #define RELAY_PIN 4 // Arduino Digital I/O pin number for relay #define BUTTON_PIN 3 // Arduino Digital I/O pin number for button #define CHILD_ID 1 // Id of the sensor child #define RELAY_ON 1 #define RELAY_OFF 0 Bounce debouncer = Bounce(); int oldValue = 0; bool state; MyMessage msg(CHILD_ID, V_LIGHT); void setup() { // Setup the button pinMode(BUTTON_PIN, INPUT); // Activate internal pull-up digitalWrite(BUTTON_PIN, HIGH); // After setting up the button, setup debouncer debouncer.attach(BUTTON_PIN); debouncer.interval(5); // Make sure relays are off when starting up digitalWrite(RELAY_PIN, RELAY_OFF); // Then set relay pins in output mode pinMode(RELAY_PIN, OUTPUT); // Set relay to last known state (using eeprom storage) state = loadState(CHILD_ID); digitalWrite(RELAY_PIN, state ? RELAY_ON : RELAY_OFF); } void presentation() { // Send the sketch version information to the gateway and Controller sendSketchInfo("Relay & Button", "1.0"); // Register all sensors to gw (they will be created as child devices) present(CHILD_ID, S_LIGHT, "Switch Secure Sensor", false); } /* Example on how to asynchronously check for new messages from gw */ void loop() { debouncer.update(); // Get the update value int value = debouncer.read(); // if (value != oldValue && value == 0) { send(msg.set(state ? false : true), true); // Send new state and request ack back // } // oldValue = value; delay(5000); } void receive(const MyMessage &message) { // We only expect one type of message from controller. But we better check anyway. if (message.isAck()) { Serial.println("This is an ack from gateway"); } if (message.type == V_LIGHT) { // Change relay state state = message.getBool(); digitalWrite(RELAY_PIN, state ? RELAY_ON : RELAY_OFF); // Store state in eeprom // saveState(CHILD_ID, state); // Write some debug info Serial.print("Incoming change for sensor:"); Serial.print(message.sensor); Serial.print(", New status: "); Serial.println(message.getBool()); } }And finally in Arduino Serial Monitor I see:
0 MCO:BGN:INIT REPEATER,CP=RNNRAS-,VER=2.1.1 4 TSM:INIT 5 TSF:WUR:MS=0 11 TSM:INIT:TSP OK 13 TSF:SID:OK,ID=105 15 TSM:FPAR 16 Will not sign message for destination 255 as it does not require it 58 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 2065 !TSM:FPAR:NO REPLY 2067 TSM:FPAR 2068 Will not sign message for destination 255 as it does not require it 2110 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 4117 !TSM:FPAR:NO REPLY 4119 TSM:FPAR 4120 Will not sign message for destination 255 as it does not require it 4162 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 6169 !TSM:FPAR:NO REPLY 6171 TSM:FPAR 6172 Will not sign message for destination 255 as it does not require it 6214 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 8221 !TSM:FPAR:FAIL 8222 TSM:FAIL:CNT=1 8224 TSM:FAIL:PDTand in gateway i see:
sudo mysgw -d mysgw: Starting gateway... mysgw: Protocol version - 2.1.1 mysgw: MCO:BGN:INIT GW,CP=RNNG-S-,VER=2.1.1 mysgw: TSF:LRT:OK mysgw: TSM:INIT mysgw: TSF:WUR:MS=0 mysgw: TSM:INIT:TSP OK mysgw: TSM:INIT:GW MODE mysgw: TSM:READY:ID=0,PAR=0,DIS=0 mysgw: MCO:REG:NOT NEEDED mysgw: MCO:BGN:STP mysgw: MCO:BGN:INIT OK,TSP=1 mysgw: Attempting MQTT connection... mysgw: connected to 127.0.0.1 mysgw: MQTT connected mysgw: Sending message on topic: mysensors-out/0/255/0/0/18 mysgw: TSF:MSG:READ,171-107-54,s=221,c=2,t=131,pt=4,l=25,sg=0:-1418183441 mysgw: !TSF:MSG:PVER,3=2 mysgw: TSF:MSG:READ,135-23-172,s=20,c=3,t=200,pt=7,l=25,sg=0:-0.00000178 mysgw: !TSF:MSG:PVER,1=2 mysgw: TSF:MSG:READ,34-66-89,s=168,c=1,t=9,pt=1,l=25,sg=0:56 mysgw: !TSF:MSG:PVER,1=2 mysgw: TSF:MSG:READ,223-46-240,s=112,c=5,t=192,pt=5,l=11,sg=1:1407647670 mysgw: TSF:MSG:REL MSG mysgw: !TSF:RTE:240 UNKNOWN mysgw: !TSF:MSG:SEND,223-0-240-240,s=112,c=5,t=192,pt=5,l=11,sg=1,ft=0,st=NACK:1407647670 mysgw: TSF:MSG:READ,183-139-129,s=37,c=6,t=155,pt=1,l=21,sg=0:48 mysgw: !TSF:MSG:PVER,0=2 mysgw: TSF:MSG:READ,139-214-233,s=61,c=3,t=193,pt=7,l=0,sg=1:0.00000000 mysgw: TSF:MSG:REL MSG mysgw: !TSF:RTE:233 UNKNOWN mysgw: !TSF:MSG:SEND,139-0-233-233,s=61,c=3,t=193,pt=7,l=0,sg=1,ft=0,st=NACK:0.00000000 mysgw: TSF:MSG:READ,83-33-7,s=179,c=2,t=27,pt=4,l=25,sg=1:-2057270722 mysgw: !TSF:MSG:PVER,3=2 mysgw: TSF:MSG:READ,110-148-67,s=113,c=0,t=158,pt=1,l=9,sg=1:251 mysgw: !TSF:MSG:PVER,1=2 mysgw: TSF:MSG:READ,75-209-102,s=204,c=7,t=25,pt=1,l=11,sg=1:52 mysgw: !TSF:MSG:PVER,0=2 mysgw: TSF:MSG:READ,184-209-235,s=58,c=1,t=140,pt=6,l=23,sg=1:1DC404A5401119FACF0000000000000000000000000000 mysgw: !TSF:MSG:PVER,3=2 mysgw: TSF:MSG:READ,172-203-51,s=140,c=2,t=173,pt=0,l=1,sg=1:? mysgw: TSF:MSG:REL MSG mysgw: !TSF:RTE:51 UNKNOWN mysgw: !TSF:MSG:SEND,172-0-51-51,s=140,c=2,t=173,pt=0,l=1,sg=1,ft=0,st=NACK:?Where is problem?
-
@macvictor
Hi
Is any chance to add security & signing for radio RFM69HW ? Please help me how ?
