💬 Security & Signing
-
Just to be sure: SOFT_HMAC_KEY, SOFT_SERIAL is used for signing, AES_KEY is used for encryption. SOFT_HMAC_KEY, AES_KEY should be the same across all network nodes, SOFT_SERIAL should be different for every node?
@bilbolodz this is quite clearly stated in the documentation, but in short yes. But AES and HMAC key should not be the same, as the encryption is not using initialization vectors so the key can be derived from analyzing the encrypted messages by someone with the adequate knowledge.
-
I'm trying to start play with ATSHA204A signing. I've ATSHA204A-SSHCZ-T chip (8-lead SOIC single wire). I've connected chip pins: 4 - GND, 8 - VCC (5v), 5 - A3, I've added 100nF between 4 and 8 and 4K7 resistor between 5 and 8. I've loaded "near clear" SecurityPersonalizer sketch (only added #define MY_SIGNING_ATSHA204_PIN A3 #define MY_SIGNING_ATSHA204) but I've got:
Personalization sketch for MySensors usage.
Failed to wake device. Response: E7
Halting!any ideas?
-
I'm trying to start play with ATSHA204A signing. I've ATSHA204A-SSHCZ-T chip (8-lead SOIC single wire). I've connected chip pins: 4 - GND, 8 - VCC (5v), 5 - A3, I've added 100nF between 4 and 8 and 4K7 resistor between 5 and 8. I've loaded "near clear" SecurityPersonalizer sketch (only added #define MY_SIGNING_ATSHA204_PIN A3 #define MY_SIGNING_ATSHA204) but I've got:
Personalization sketch for MySensors usage.
Failed to wake device. Response: E7
Halting!any ideas?
@bilbolodz hm, no. I have not tested on a 8-lead device. Should not be a difference but I can neither deny nor confirm. My best suggestion would be to have a look with an oscilloscope on the wire to confirm that the signal quality is good.
-
Is SIGNING a RFM69_ENABLE_ENCRYPTION replacement? If so is it a better or worse solution? Maybe RFM69_ENABLE_ENCRYPTION is enough?
@melwinek encryption and signing have very different purpose.
Signing prevents other people from sending messages to control your nodes. Without signing, anyone with the right skill or software can take control of your nodes.
Encryption tries to hide the contents of the messages between your nodes. That does not prevent people from taking control of your nodes.
-
Is SIGNING a RFM69_ENABLE_ENCRYPTION replacement? If so is it a better or worse solution? Maybe RFM69_ENABLE_ENCRYPTION is enough?
-
@Anticimex, @mfalkvidd But with the use of encryption so easily no one will take control, must break the code.
So it is best to simultaneously encrypt (eg RFID tag serial number when opening the gate) and sign (eg gate open message)? -
@Anticimex, @mfalkvidd But with the use of encryption so easily no one will take control, must break the code.
So it is best to simultaneously encrypt (eg RFID tag serial number when opening the gate) and sign (eg gate open message)?@melwinek what prevents anyone from copying your encrypted message and record it. And then later send the same thing?
Encryption provides obscurity. You need signing for authentication. Signed messages cannot be repeated because they are always unique. Encryption does not necessarily guarantee that. -
I'm trying to start play with ATSHA204A signing. I've ATSHA204A-SSHCZ-T chip (8-lead SOIC single wire). I've connected chip pins: 4 - GND, 8 - VCC (5v), 5 - A3, I've added 100nF between 4 and 8 and 4K7 resistor between 5 and 8. I've loaded "near clear" SecurityPersonalizer sketch (only added #define MY_SIGNING_ATSHA204_PIN A3 #define MY_SIGNING_ATSHA204) but I've got:
Personalization sketch for MySensors usage.
Failed to wake device. Response: E7
Halting!any ideas?
-
@bilbolodz I am getting the same message with a Sensebender Micro. I configured it for soft-signing with LOCK_CONFIGURATION enabled. Now I wanted to switch to hardware based signing.
Any way to unlock a locked configuration?
@t3chie there is no configuration to lock for soft signing. Configuration locking only applies to atsha204a. And if locked it cannot be unlocked. And normally you shouldn't need to either as the default settings set are the one to use, and unless you have been very creative in hacking the personalizer that configured should work just fine.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@t3chie there is no configuration to lock for soft signing. Configuration locking only applies to atsha204a. And if locked it cannot be unlocked. And normally you shouldn't need to either as the default settings set are the one to use, and unless you have been very creative in hacking the personalizer that configured should work just fine.
@Anticimex I tested first with softsigning but shortly after this realized that with soft signing the Sensebender has not enough space for debug messages.
I rerun the personalizer to switch to hardware based signing and hit the "Failed to wake device. Response: E7" message.
Played around and found that#define MY_SIGNING_ATSHA204_PIN 17
instead of
#define MY_SIGNING_ATSHA204_PIN 4made the personalizer happy again. I am still fighting with getting signing to work. Setting #define MY_SIGNING_REQUEST_SIGNATURES and MY_SIGNING_GW_REQUEST_SIGNATURES_FROM_ALL did not get me going.
-
@Anticimex I tested first with softsigning but shortly after this realized that with soft signing the Sensebender has not enough space for debug messages.
I rerun the personalizer to switch to hardware based signing and hit the "Failed to wake device. Response: E7" message.
Played around and found that#define MY_SIGNING_ATSHA204_PIN 17
instead of
#define MY_SIGNING_ATSHA204_PIN 4made the personalizer happy again. I am still fighting with getting signing to work. Setting #define MY_SIGNING_REQUEST_SIGNATURES and MY_SIGNING_GW_REQUEST_SIGNATURES_FROM_ALL did not get me going.
-
@Anticimex I tested first with softsigning but shortly after this realized that with soft signing the Sensebender has not enough space for debug messages.
I rerun the personalizer to switch to hardware based signing and hit the "Failed to wake device. Response: E7" message.
Played around and found that#define MY_SIGNING_ATSHA204_PIN 17
instead of
#define MY_SIGNING_ATSHA204_PIN 4made the personalizer happy again. I am still fighting with getting signing to work. Setting #define MY_SIGNING_REQUEST_SIGNATURES and MY_SIGNING_GW_REQUEST_SIGNATURES_FROM_ALL did not get me going.
-
Is it possible to use the ATSHA204A along with the Rpi directly attached NRF24L01+ gateway? I can see how to attach the ATSHA to the nodes, but how to attach it to the pi?
Thank you. -
Is it possible to use the ATSHA204A along with the Rpi directly attached NRF24L01+ gateway? I can see how to attach the ATSHA to the nodes, but how to attach it to the pi?
Thank you. -
Thank you for the quick response. Maybe i mis-understand this?
I have got 10 ATSHA chips that I would like to attach to arsuino nodes to use with a raspberry pi based gateway/controller combo. Do I therefore need to attach the ATSHA to the rpi, or could I still use the ATSHA hardware on the arduinos without an ATSHA attached to the rpi?
I had assumed that the atsha chip would be needed at both ends for signing to work. Maybe that's not how it works? -
Thank you for the quick response. Maybe i mis-understand this?
I have got 10 ATSHA chips that I would like to attach to arsuino nodes to use with a raspberry pi based gateway/controller combo. Do I therefore need to attach the ATSHA to the rpi, or could I still use the ATSHA hardware on the arduinos without an ATSHA attached to the rpi?
I had assumed that the atsha chip would be needed at both ends for signing to work. Maybe that's not how it works?@skywatch no, the software port is fully compatible with the atsha204a. So you can use Arduino nodes with atsha204a and they will work just fine with your rPi with software signing. Just as long as they all use the same hmac key.
-
I'm hoping that I did done all ok.
I've personalized the Arduino that acts as Gateway (connected via USB to a Raspberry PI) and I've personalized first node (a DHT22).
Both with software signature.This is the cat from Raspberry / Gateway Arduino:
0;255;3;0;9;TSF:MSG:READ,3-3-0,s=0,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;Skipping security for command 3 type 16 0;255;3;0;9;SHA256: 37FA7FD8F19D55E99C952F467E45D9A7439AAAAAAAAAA AAAA 0;255;3;0;9;Skipping security for command 3 type 17 0;255;3;0;9;TSF:MSG:SEND,0-0-3-3,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:37FA7F D8F19D5CE9A07E95992C45D9A7439 0;255;3;0;9;Transmitted nonce 0;255;3;0;9;TSF:MSG:READ,3-3-0,s=0,c=1,t=1,pt=7,l=5,sg=1:59.3 0;255;3;0;9;Signature in message: 010F55F31D04DBFCA0AFC7E139475 0;255;3;0;9;Message to process: 03033336D4201 0;255;3;0;9;Current nonce: 37FA7FD8F19D55E99C955992C45D9A7439AAA AAAAAAAAAAA 0;255;3;0;9;HMAC: B50F55F31D04DBFFC7E139475D91093F0A1EABB174B86E9 E9 3;0;1;0;1;59.3 0;255;3;0;9;TSF:MSG:READ,3-3-0,s=2,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;Skipping security for command 3 type 16 0;255;3;0;9;SHA256: 803B7127EB3B049768C59D328C89862FF731AAAAAAAAAA AAAA 0;255;3;0;9;Skipping security for command 3 type 17 0;255;3;0;9;TSF:MSG:SEND,0-0-3-3,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:803B71 27EB3D0DED839579D328C89862FF731 0;255;3;0;9;Transmitted nonce 0;255;3;0;9;TSF:MSG:READ,3-3-0,s=2,c=1,t=38,pt=7,l=5,sg=1:3.42 0;255;3;0;9;Signature in message: 010E8B790708A39930F73D511F48DAECA 0;255;3;0;9;Message to process: 03002E23BAE5A4002 0;255;3;0;9;Current nonce: 803B7127EB3D0DED83957BB5C59D328C89862FF731AAA AAAAAAAAAAA 0;255;3;0;9;HMAC: D10E8B79D511F48DAECAFB4A3D89F553A2DDB26F1614 3;2;1;0;38;3.42and so on...
This is the Pro MIni serial console:
T: 28.00 1023 Battery Voltage: 3.44 V Battery percent: 102 % 40413 Skipping security for command 3 type 16 40421 TSF:MSG:SEND,3-3-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 40429 Nonce requested from 0. Waiting... 40546 TSF:MSG:READ,0-0-3,s=255,c=3,t=17,pt=6,l=25,sg=1:9CC096EF18295BEFAC43638CA2673A1D759B0CEC6E49C3E060 40558 Skipping security for command 3 type 17 40562 Nonce received from 0. 40564 Proceeding with signing... Message to process: 03002EF24002 Current nonce: 9CC096EF18295BEFA59B0CEC3E060AAAAAAAAAAAAAA HMAC: 5D8E8A59EF1420406004E1318A650686E19E3A8 Signature in message: 018E8A5BD166D106004E 40740 Message signed 40749 Message to send has been signed 40755 TSF:MSG:SEND,3-3-0-0,s=2,c=1,t=38,pt=7,l=5,sg=1,ft=0,st=OK:3.44 40763 Skipping security for command 3 type 16 40769 TSF:MSG:SEND,3-3-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 40777 Nonce requested from 0. Waiting... 40900 TSF:MSG:READ,0-0-3,s=255,c=3,t=17,pt=6,l=25,sg=1:1C17F1A31D500CB0E840B7214BE961E 40910 Skipping security for command 3 type 17 40916 Nonce received from 0. 40919 Proceeding with signing... Message to process: 03000E66 Current nonce: 1C17FE25D7B26441A31D961EAAAAAAAAAAAAAA HMAC: D5992FF4CFB6238CD4062397EEE986F47E0BD65020F39C18662 Signature in message: 01992FF4CFB6238C0FDA62397EEE986F47E0 41095 Message signed 41101 Message to send has been signed 41109 TSF:MSG:SEND,3-3-0-0,s=255,c=3,t=0,pt=1,l=1,sg=1,ft=0,st=OK:102 41115 MCO:SLP:MS=5000,SMS=0,I1=255,M1=255,I2=255,M2=255 41121 MCO:SLP:TPDAre they secure communicating? :)
PS I did delete some chars from the HMAC, nonces, etc etc :D
-
I'm hoping that I did done all ok.
I've personalized the Arduino that acts as Gateway (connected via USB to a Raspberry PI) and I've personalized first node (a DHT22).
Both with software signature.This is the cat from Raspberry / Gateway Arduino:
0;255;3;0;9;TSF:MSG:READ,3-3-0,s=0,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;Skipping security for command 3 type 16 0;255;3;0;9;SHA256: 37FA7FD8F19D55E99C952F467E45D9A7439AAAAAAAAAA AAAA 0;255;3;0;9;Skipping security for command 3 type 17 0;255;3;0;9;TSF:MSG:SEND,0-0-3-3,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:37FA7F D8F19D5CE9A07E95992C45D9A7439 0;255;3;0;9;Transmitted nonce 0;255;3;0;9;TSF:MSG:READ,3-3-0,s=0,c=1,t=1,pt=7,l=5,sg=1:59.3 0;255;3;0;9;Signature in message: 010F55F31D04DBFCA0AFC7E139475 0;255;3;0;9;Message to process: 03033336D4201 0;255;3;0;9;Current nonce: 37FA7FD8F19D55E99C955992C45D9A7439AAA AAAAAAAAAAA 0;255;3;0;9;HMAC: B50F55F31D04DBFFC7E139475D91093F0A1EABB174B86E9 E9 3;0;1;0;1;59.3 0;255;3;0;9;TSF:MSG:READ,3-3-0,s=2,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;Skipping security for command 3 type 16 0;255;3;0;9;SHA256: 803B7127EB3B049768C59D328C89862FF731AAAAAAAAAA AAAA 0;255;3;0;9;Skipping security for command 3 type 17 0;255;3;0;9;TSF:MSG:SEND,0-0-3-3,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:803B71 27EB3D0DED839579D328C89862FF731 0;255;3;0;9;Transmitted nonce 0;255;3;0;9;TSF:MSG:READ,3-3-0,s=2,c=1,t=38,pt=7,l=5,sg=1:3.42 0;255;3;0;9;Signature in message: 010E8B790708A39930F73D511F48DAECA 0;255;3;0;9;Message to process: 03002E23BAE5A4002 0;255;3;0;9;Current nonce: 803B7127EB3D0DED83957BB5C59D328C89862FF731AAA AAAAAAAAAAA 0;255;3;0;9;HMAC: D10E8B79D511F48DAECAFB4A3D89F553A2DDB26F1614 3;2;1;0;38;3.42and so on...
This is the Pro MIni serial console:
T: 28.00 1023 Battery Voltage: 3.44 V Battery percent: 102 % 40413 Skipping security for command 3 type 16 40421 TSF:MSG:SEND,3-3-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 40429 Nonce requested from 0. Waiting... 40546 TSF:MSG:READ,0-0-3,s=255,c=3,t=17,pt=6,l=25,sg=1:9CC096EF18295BEFAC43638CA2673A1D759B0CEC6E49C3E060 40558 Skipping security for command 3 type 17 40562 Nonce received from 0. 40564 Proceeding with signing... Message to process: 03002EF24002 Current nonce: 9CC096EF18295BEFA59B0CEC3E060AAAAAAAAAAAAAA HMAC: 5D8E8A59EF1420406004E1318A650686E19E3A8 Signature in message: 018E8A5BD166D106004E 40740 Message signed 40749 Message to send has been signed 40755 TSF:MSG:SEND,3-3-0-0,s=2,c=1,t=38,pt=7,l=5,sg=1,ft=0,st=OK:3.44 40763 Skipping security for command 3 type 16 40769 TSF:MSG:SEND,3-3-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 40777 Nonce requested from 0. Waiting... 40900 TSF:MSG:READ,0-0-3,s=255,c=3,t=17,pt=6,l=25,sg=1:1C17F1A31D500CB0E840B7214BE961E 40910 Skipping security for command 3 type 17 40916 Nonce received from 0. 40919 Proceeding with signing... Message to process: 03000E66 Current nonce: 1C17FE25D7B26441A31D961EAAAAAAAAAAAAAA HMAC: D5992FF4CFB6238CD4062397EEE986F47E0BD65020F39C18662 Signature in message: 01992FF4CFB6238C0FDA62397EEE986F47E0 41095 Message signed 41101 Message to send has been signed 41109 TSF:MSG:SEND,3-3-0-0,s=255,c=3,t=0,pt=1,l=1,sg=1,ft=0,st=OK:102 41115 MCO:SLP:MS=5000,SMS=0,I1=255,M1=255,I2=255,M2=255 41121 MCO:SLP:TPDAre they secure communicating? :)
PS I did delete some chars from the HMAC, nonces, etc etc :D
@sineverba the best way to determine that is to see if the messages you send arrive :) if you enable signing and require signatures, unsigned or incorrectly signed messages will be rejected.
I see no errors in the log so it seems it works. The logs however don't match up. The hmac:s in one log does not match the hmac:s in the other.
