💬 Security & Signing
-
@damian Hm, I don't find your debug prints you used earlier.
But in general, I would say that the message object might be overwritten by the library, so if you need to use parts of it, make a copy of the parts you use first and then reference the copy to make sure a new incoming message does not overwrite it.
Eg, in receive():void receive(const MyMessage &message) { if (message.type==V_STATUS) { bool value = message.getBool(); uint8_t sensor = message.sensor; if (firstRun) { relayState[sensor] = value; } else { controllerState[sensor] = value; Serial.print("\nRelay State: "); Serial.println(relayState[sensor]); Serial.print("Switching to: "); Serial.println(controllerState[sensor]); if (controllerState[sensor] != relayState[sensor]) { relayState[sensor] = controllerState[sensor]; wait(waitDelay); send(msg[sensor].set(relayState[sensor]), false); } Serial.print("Relay state after if: "); Serial.println(relayState[sensor]); digitalWrite(RELAY_PIN+sensor, relayState[sensor] ? RELAY_ON : RELAY_OFF); } } }And I believe the cause for your problem is that you do
send(msg[message.sensor].set(relayState[message.sensor]), false);after
Serial.print("Switching to: "); Serial.println(controllerState[message.sensor]);but before
Serial.print("Relay state after if: "); Serial.println(relayState[message.sensor]);so message might be changed between since the send() will request a nonce from the GW which then overwrites the buffer referenced by
message.@anticimex Thank you, I'll test it and let you know if it helped. PS. debug prints sent before was created in cito, this is my original script. But you find it well, it was instead of:
Serial.print("\nRelay State: "); Serial.println(relayState[sensor]);and
Serial.print("Relay state after if: "); Serial.println(relayState[message.sensor]);So basically the sections that you've mentioned as a possibly buggy.
-
@damian Hm, I don't find your debug prints you used earlier.
But in general, I would say that the message object might be overwritten by the library, so if you need to use parts of it, make a copy of the parts you use first and then reference the copy to make sure a new incoming message does not overwrite it.
Eg, in receive():void receive(const MyMessage &message) { if (message.type==V_STATUS) { bool value = message.getBool(); uint8_t sensor = message.sensor; if (firstRun) { relayState[sensor] = value; } else { controllerState[sensor] = value; Serial.print("\nRelay State: "); Serial.println(relayState[sensor]); Serial.print("Switching to: "); Serial.println(controllerState[sensor]); if (controllerState[sensor] != relayState[sensor]) { relayState[sensor] = controllerState[sensor]; wait(waitDelay); send(msg[sensor].set(relayState[sensor]), false); } Serial.print("Relay state after if: "); Serial.println(relayState[sensor]); digitalWrite(RELAY_PIN+sensor, relayState[sensor] ? RELAY_ON : RELAY_OFF); } } }And I believe the cause for your problem is that you do
send(msg[message.sensor].set(relayState[message.sensor]), false);after
Serial.print("Switching to: "); Serial.println(controllerState[message.sensor]);but before
Serial.print("Relay state after if: "); Serial.println(relayState[message.sensor]);so message might be changed between since the send() will request a nonce from the GW which then overwrites the buffer referenced by
message.@anticimex Yep, remodelling receive() function by adding variables and assigning values respectively message.sensor and message.getBool at the beginning got the job done. Now it works like a charm. Moreover, the whitelisting feature also works now - I had to do something wrong previously. Thank you once again for your help.
-
@anticimex Yep, remodelling receive() function by adding variables and assigning values respectively message.sensor and message.getBool at the beginning got the job done. Now it works like a charm. Moreover, the whitelisting feature also works now - I had to do something wrong previously. Thank you once again for your help.
-
This page is not up to date, and this is causing some confusion:
https://github.com/tsathishkumar/MySController-rs/issues/15 -
This page is not up to date, and this is causing some confusion:
https://github.com/tsathishkumar/MySController-rs/issues/15 -
"This thread contains comments for the article "Security & Signing" posted on MySensors.org."
@Anticimex This thread is the thread attached to a page on MySensors.org about security.
I pointed to that (awesome) tool on Github as an example that the page has caused some confusion about whether or not MySensors supports encryption.
-
"This thread contains comments for the article "Security & Signing" posted on MySensors.org."
@Anticimex This thread is the thread attached to a page on MySensors.org about security.
I pointed to that (awesome) tool on Github as an example that the page has caused some confusion about whether or not MySensors supports encryption.
-
"This thread contains comments for the article "Security & Signing" posted on MySensors.org."
@Anticimex This thread is the thread attached to a page on MySensors.org about security.
I pointed to that (awesome) tool on Github as an example that the page has caused some confusion about whether or not MySensors supports encryption.
@alowhum as for the link back to mysensors documentation, that documentation is about message signing which is not to be confused with encryption. And on the top of the article is links to the latest documentation which should reflect the latest status on both signing and encryption.
-
"This thread contains comments for the article "Security & Signing" posted on MySensors.org."
@Anticimex This thread is the thread attached to a page on MySensors.org about security.
I pointed to that (awesome) tool on Github as an example that the page has caused some confusion about whether or not MySensors supports encryption.
-
Yes, maybe we could add a more prominent link in the article to the auto generated documentation. Right now the link easily missed in the ingress.... and it does not link directly to the overview documentation here:
https://www.mysensors.org/apidocs/group__MySigninggrpPub.htmlI don't think we should scrap the page entirely as it contains the none API technical parts as a good overview.
-
@hek said in 💬 Security & Signing:
https://www.mysensors.org/apidocs/group__MySigninggrpPub.html
That link still only refers to details about signing, and not encryption. So a user wanting to learn about security might still come away with the idea that only signing is supported.
-
@hek said in 💬 Security & Signing:
https://www.mysensors.org/apidocs/group__MySigninggrpPub.html
That link still only refers to details about signing, and not encryption. So a user wanting to learn about security might still come away with the idea that only signing is supported.
@alowhum yes, it should link here: https://www.mysensors.org/apidocs/group__SecuritySettingGrpPub.html
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alowhum yes, it should link here: https://www.mysensors.org/apidocs/group__SecuritySettingGrpPub.html
@anticimex Great!
-
Hi All not sure if this should be under gateway or security sections but just wondering If it is possible to run 2 seperate gateways for mysensors netwok
- a fully secured network with signing required both node and gateway for all nodes required to send and or receive signed data.
-A second unsecured network for gerneral sensor data and equipment not requiring any security
- a fully secured network with signing required both node and gateway for all nodes required to send and or receive signed data.
-
Hi All not sure if this should be under gateway or security sections but just wondering If it is possible to run 2 seperate gateways for mysensors netwok
- a fully secured network with signing required both node and gateway for all nodes required to send and or receive signed data.
-A second unsecured network for gerneral sensor data and equipment not requiring any security
@Yoshu it is possible. When you have two gateways, the networks will be completely isolated so you can run one of them secured while the other is not.
You might need to distinguish the nodes on in your controller by giving them static unique ID:s unless your controller ties the identifiers to each gateway or it might be difficult to determine which mysensors network a node belong to. - a fully secured network with signing required both node and gateway for all nodes required to send and or receive signed data.
-
@Yoshu it is possible. When you have two gateways, the networks will be completely isolated so you can run one of them secured while the other is not.
You might need to distinguish the nodes on in your controller by giving them static unique ID:s unless your controller ties the identifiers to each gateway or it might be difficult to determine which mysensors network a node belong to. -
@Anticimex more important is to set different network id or you'll have lot of collisions and lost packets
