π¬ Ikea Molgan Hack
-
I did not use a atsha204. I used the (new) personalizer to set the HMAC key (like I did with many other nodes) and activated signing:
Log from gateway:
0;255;3;0;9;422688514 TSF:MSG:READ,16-16-255,s=255,c=3,t=7,pt=0,l=0,sg=0: 0;255;3;0;9;422688520 TSF:MSG:BC 0;255;3;0;9;422688523 TSF:MSG:FPAR REQ,ID=16 0;255;3;0;9;422688527 TSF:PNG:SEND,TO=0 0;255;3;0;9;422688531 TSF:CKU:OK 0;255;3;0;9;422688534 TSF:MSG:GWL OK 0;255;3;0;9;422689331 Skipping security for command 3 type 8 0;255;3;0;9;422689366 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=8,pt=1,l=1,sg=1,ft=0,st=OK:0 0;255;3;0;9;422690740 TSF:MSG:READ,16-16-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1 0;255;3;0;9;422690746 Skipping security for command 3 type 24 0;255;3;0;9;422690752 TSF:MSG:PINGED,ID=16,HP=1 0;255;3;0;9;422690756 Skipping security for command 3 type 25 0;255;3;0;9;422690774 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=25,pt=1,l=1,sg=1,ft=0,st=OK:1 0;255;3;0;9;422690965 TSF:MSG:READ,16-16-0,s=255,c=3,t=15,pt=6,l=2,sg=0:0101 0;255;3;0;9;422690972 Skipping security for command 3 type 15 0;255;3;0;9;422690977 Mark node 16 as one that require signed messages 0;255;3;0;9;422690984 Mark node 16 as one that do not require whitelisting 0;255;3;0;9;422690991 Informing node 16 that we require signatures 0;255;3;0;9;422690997 Informing node 16 that we do not require whitelisting 0;255;3;0;9;422691004 Skipping security for command 3 type 15 0;255;3;0;9;422691013 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101 0;255;3;0;9;422691115 TSF:MSG:READ,16-16-0,s=255,c=3,t=16,pt=0,l=0,sg=0: 0;255;3;0;9;422691121 Skipping security for command 3 type 16 0;255;3;0;9;422691127 Signing backend: ATSHA204Soft 0;255;3;0;9;422691145 Skipping security for command 3 type 17 0;255;3;0;9;422691168 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=17,pt=6,l=25,sg=0,ft=0,st=OK:882ED3D3B94E6236CCB4FF241128DB984C93F39707EEAC6B7E 0;255;3;0;9;422691180 Transmitted nonce 0;255;3;0;9;422691464 TSF:MSG:READ,16-16-0,s=255,c=0,t=17,pt=0,l=10,sg=1:2.2.0-beta 0;255;3;0;9;422691471 Current nonce: 882ED3D3B94E6236CCB4FF241128DB984C93F39707EEAC6B7EAAAAAAAAAAAAAA 0;255;3;0;9;422691556 HMAC: AC275AA68FF2B3B3689F68DD285F1BFEF8D3F329CCF6E714EEF9E100967B1677 0;255;3;0;9;422691564 Signature bad 0;255;3;0;9;422691567 Signature verification failed! 0;255;3;0;9;422691572 !TSF:MSG:SIGN VERIFY FAIL 0;255;3;0;9;422691577 TSF:MSG:READ,16-16-0,s=255,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;422691584 Skipping security for command 3 type 16 0;255;3;0;9;422691589 Signing backend: ATSHA204Soft 0;255;3;0;9;422691608 Skipping security for command 3 type 17 0;255;3;0;9;422691616 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:404FD7260F4410E17E0AD6C07A9A1D04306079F24F9F96CDA1 0;255;3;0;9;422691629 Transmitted nonce 0;255;3;0;9;422691902 TSF:MSG:READ,16-16-0,s=255,c=3,t=6,pt=1,l=1,sg=1:0 0;255;3;0;9;422691909 Current nonce: 404FD7260F4410E17E0AD6C07A9A1D04306079F24F9F96CDA1AAAAAAAAAAAAAA 0;255;3;0;9;422691994 HMAC: 0A7E2867AD7650B15268AC1EF73D37394AC3499733CDD43838D762BA69295B5D 0;255;3;0;9;422692002 Signature bad 0;255;3;0;9;422692005 Signature verification failed! 0;255;3;0;9;422692011 !TSF:MSG:SIGN VERIFY FAIL 0;255;3;0;9;422694036 TSF:MSG:READ,16-16-0,s=255,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;422694042 Skipping security for command 3 type 16 0;255;3;0;9;422694048 Signing backend: ATSHA204Soft 0;255;3;0;9;422694067 Skipping security for command 3 type 17 0;255;3;0;9;422694075 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:6AEE2250F8701E4E2B0ABF997B5A8EC57C57793EBC9B09F689 0;255;3;0;9;422694087 Transmitted nonce 0;255;3;0;9;422694386 TSF:MSG:READ,16-16-0,s=255,c=3,t=11,pt=0,l=11,sg=1:Molgan Flur 0;255;3;0;9;422694393 Current nonce: 6AEE2250F8701E4E2B0ABF997B5A8EC57C57793EBC9B09F689AAAAAAAAAAAAAA 0;255;3;0;9;422694478 HMAC: C9B71FFDB9E225BFB122680DADF0B4C4CF23765378A927279C05A751E4C62D45 0;255;3;0;9;422694487 Signature bad 0;255;3;0;9;422694490 Signature verification failed! 0;255;3;0;9;422694495 !TSF:MSG:SIGN VERIFY FAIL 0;255;3;0;9;422694499 TSF:MSG:READ,16-16-0,s=255,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;422694506 Skipping security for command 3 type 16 0;255;3;0;9;422694511 Signing backend: ATSHA204Soft 0;255;3;0;9;422694530 Skipping security for command 3 type 17 0;255;3;0;9;422694538 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:F652D897B520B026844F8B8B09417A5C0144B6A1F2ABF01623 0;255;3;0;9;422694550 Transmitted nonce 0;255;3;0;9;422694829 TSF:MSG:READ,16-16-0,s=255,c=3,t=12,pt=0,l=8,sg=1:08042017 0;255;3;0;9;422694836 Current nonce: F652D897B520B026844F8B8B09417A5C0144B6A1F2ABF01623AAAAAAAAAAAAAA 0;255;3;0;9;422694921 HMAC: CCBF0048F9783EBC55219D7F1CFDE6ED46452B4E8897A0393A80EC9F4F20E7F8 0;255;3;0;9;422694929 Signature bad 0;255;3;0;9;422694932 Signature verification failed! 0;255;3;0;9;422694937 !TSF:MSG:SIGN VERIFY FAIL 0;255;3;0;9;422694941 TSF:MSG:READ,16-16-0,s=1,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;422694948 Skipping security for command 3 type 16 0;255;3;0;9;422694953 Signing backend: ATSHA204Soft 0;255;3;0;9;422694972 Skipping security for command 3 type 17 0;255;3;0;9;422694983 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:25D2B687E9850102C83439698CA1261AC775BD8E1D6D78D662 0;255;3;0;9;422694995 Transmitted nonce 0;255;3;0;9;422695262 TSF:MSG:READ,16-16-0,s=1,c=0,t=1,pt=0,l=0,sg=1: 0;255;3;0;9;422695268 Current nonce: 25D2B687E9850102C83439698CA1261AC775BD8E1D6D78D662AAAAAAAAAAAAAA 0;255;3;0;9;422695353 HMAC: 189EC417FAF4A2C51F2C03916FF1ABB14C8DD29D78B88681E250FC0F07F7CB4B 0;255;3;0;9;422695361 Signature bad 0;255;3;0;9;422695364 Signature verification failed! 0;255;3;0;9;422695369 !TSF:MSG:SIGN VERIFY FAIL 0;255;3;0;9;422695374 TSF:MSG:READ,16-16-0,s=2,c=3,t=16,pt=0,l=0,sg=1: 0;255;3;0;9;422695380 Skipping security for command 3 type 16 0;255;3;0;9;422695386 Signing backend: ATSHA204Soft 0;255;3;0;9;422695404 Skipping security for command 3 type 17 0;255;3;0;9;422695413 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:4E135F3710AC0AD6A13A985A81BA4A4EF209A3E57E42717E49 0;255;3;0;9;422695425 Transmitted nonce 0;255;3;0;9;422695687 TSF:MSG:READ,16-16-0,s=2,c=0,t=30,pt=0,l=0,sg=1: 0;255;3;0;9;422695693 Current nonce: 4E135F3710AC0AD6A13A985A81BA4A4EF209A3E57E42717E49AAAAAAAAAAAAAA 0;255;3;0;9;422695778 HMAC: B566AB83CDF3342FE31F3CDC068B7E40AB51E6796F602710D26994D19B39D2AF 0;255;3;0;9;422695786 Signature bad 0;255;3;0;9;422695789 Signature verification failed! 0;255;3;0;9;422695794 !TSF:MSG:SIGN VERIFY FAIL 0;255;3;0;9;422695798 TSF:MSG:READ,16-16-0,s=255,c=3,t=26,pt=1,l=1,sg=1:2 0;255;3;0;9;422695805 Skipping security for command 3 type 26 0;255;3;0;9;422695811 Skipping security for command 3 type 16 0;255;3;0;9;422695819 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 0;255;3;0;9;422695827 Nonce requested from 16. Waiting... 0;255;3;0;9;422695953 TSF:MSG:READ,16-16-0,s=255,c=3,t=17,pt=6,l=25,sg=1:B7E56807628A0BB459E81226A682E7C3C3B40087E4B7BE05EA 0;255;3;0;9;422695963 Skipping security for command 3 type 17 0;255;3;0;9;422695969 Nonce received from 16. 0;255;3;0;9;422695973 Proceeding with signing... 0;255;3;0;9;422695977 Signing backend: ATSHA204Soft 0;255;3;0;9;422695983 Current nonce: B7E56807628A0BB459E81226A682E7C3C3B40087E4B7BE05EAAAAAAAAAAAAAAA 0;255;3;0;9;422696067 HMAC: 9EF18CC260F8C4CDEB29C1E277F989482B1C08AB37C6FE9AA39146D8BEBC50AA 0;255;3;0;9;422696075 Message signed 0;255;3;0;9;422696079 Message to send has been signed 0;255;3;0;9;422696110 TSF:MSG:SEND,0-0-16-16,s=255,c=3,t=27,pt=1,l=1,sg=1,ft=0,st=OK:1Log from the node:
129 TSM:INIT:TSP OK 149 TSM:INIT:STATID=16 174 TSF:SID:OK,ID=16 196 TSM:FPAR 243 TSF:MSΓΏ1040 TSF:MSG:READ,0-0-16,s=255,c=3,t=8,pt=1,l=1,sg=1:0 1097Γ°β*Γ΄=ΓΈ2318 TSM:FPAR:OK 2334 TSM:ID 2349 TSM:ID:OK 2363 TSM:UPL 2383 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=24,pt=1,l=1,sg=0,ft=0,st=OK:1 2457 TSF:MSG:READ,0-0-16,s=255,c=3,t=25,pt=1,l=1,sg=1:1 2516 TSF:MSG:PONG RECV,HP=1 2545 TSM:UPL:OK 2564 TSM:READY:ID=16,PAR=0,DIS=1 2605 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=15,pt=6,l=2,sg=0,ft=0,st=OK:0101 2680 TSF:MSG:READ,0-0-16,s=255,c=3,t=15,pt=6,l=2,sg=0:0101 2746 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=16,pt=0,l=0,sg=0,ft=0,st=OK: 2820 TSF:MSG:READ,0-0-16,s=255,c=3,t=17,pt=6,l=25,sg=0:882ED3D3B94E6236CCB4FF241128DB984C93F39707EEAC6B7E 3088 TSF:MSG:SEND,16-16-0-0,s=255,c=0,t=17,pt=0,l=10,sg=1,ft=0,st=OK:2.2.0-beta 3174 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 3248 TSF:MSG:READ,0-0-16,s=255,c=3,t=17,pt=6,l=25,sg=1:404FD7260F4410E17E0AD6C07A9A1D04306079F24F9F96CDA1 3514 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=6,pt=1,l=1,sg=1,ft=0,st=OK:0 5593 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 5666 TSF:MSG:READ,0-0-16,s=255,c=3,t=17,pt=6,l=25,sg=1:6AEE2250F8701E4E2B0ABF997B5A8EC57C57793EBC9B09F689 5935 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=11,pt=0,l=11,sg=1,ft=0,st=OK:Molgan Flur 6025 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 6098 TSF:MSG:READ,0-0-16,s=255,c=3,t=17,pt=6,l=25,sg=1:F652D897B520B026844F8B8B09417A5C0144B6A1F2ABF01623 6365 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=12,pt=0,l=8,sg=1,ft=0,st=OK:08042017 6449 TSF:MSG:SEND,16-16-0-0,s=1,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 6520 TSF:MSG:READ,0-0-16,s=255,c=3,t=17,pt=6,l=25,sg=1:25D2B687E9850102C83439698CA1261AC775BD8E1D6D78D662 6789 TSF:MSG:SEND,16-16-0-0,s=1,c=0,t=1,pt=0,l=0,sg=1,ft=0,st=OK: 6862 TSF:MSG:SEND,16-16-0-0,s=2,c=3,t=16,pt=0,l=0,sg=1,ft=0,st=OK: 6934 TSF:MSG:READ,0-0-16,s=255,c=3,t=17,pt=6,l=25,sg=1:4E135F3710AC0AD6A13A985A81BA4A4EF209A3E57E42717E49 7204 TSF:MSG:SEND,16-16-0-0,s=2,c=0,t=30,pt=0,l=0,sg=1,ft=0,st=OK: 7274 MCO:REG:REQ 7294 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=26,pt=1,l=1,sg=1,ft=0,st=OK:2 7368 TSF:MSG:READ,0-0-16,s=255,c=3,t=16,pt=0,l=0,sg=1: 7460 TSF:MSG:SEND,16-16-0-0,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:B7E56807628A0BB459E81226A682E7C3C3B40087E4B7BE05EA 7610 TSF:MSG:READ,0-0-16,s=255,c=3,t=27,pt=1,l=1,sg=1:1 7821 !TSF:MSG:SIGN VERIFY FAIL 7854 MCO:BGN:STP 7872 MCO:BGN:INIT OK,TSP=1 7901 MCO:SLP:MS=86400000,SMS=0,I1=1,M1=1,I2=255,M2=255 7958 TSF:TDI:TSLThis is done while the node is powered by the usb-to-serial converter so power should be steady.
Any idea why this is not working? The HMAC that the gateway mentions in the log is wrong btw (is this what it gets from the node?)PS Other nodes are working well with singing (and the same HMAC obviously).
@LastSamurai I am not sure what you mean by hmac keys in the log? Hmac key is never shown in the log. Where is this hmac key you mention? I only see nonce data and that is (or should be) random.
Edit: the log from the GW shows the resulting hmac signature. Not the key. I guess your personalized keys differ between gw and node. -
@Anticimex What's a hmac signature? And personalized keys = serial number? So this is working as intended?
Any idea where the error could be? Software setup should be right and the power supply is big enough (its actually an old pc power supply), so why is the signing not working with this one node?Sketch settings:
#define MY_NODE_ID 8 #define MY_RADIO_NRF24 #define MY_DEBUG // Enables debug messages in the serial log #define MY_BAUD_RATE 9600 // Sets the serial baud rate for console and serial gateway #define MY_SIGNING_SOFT // Enables software signing #define MY_SIGNING_REQUEST_SIGNATURES // Always request signing from gateway #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 // floating pin for randomness -
@Anticimex What's a hmac signature? And personalized keys = serial number? So this is working as intended?
Any idea where the error could be? Software setup should be right and the power supply is big enough (its actually an old pc power supply), so why is the signing not working with this one node?Sketch settings:
#define MY_NODE_ID 8 #define MY_RADIO_NRF24 #define MY_DEBUG // Enables debug messages in the serial log #define MY_BAUD_RATE 9600 // Sets the serial baud rate for console and serial gateway #define MY_SIGNING_SOFT // Enables software signing #define MY_SIGNING_REQUEST_SIGNATURES // Always request signing from gateway #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 // floating pin for randomness@LastSamurai hmac signature is just that, the signature. The concepts are described in the documentation for signing.
And I don't understand what you mean with key = serial. Key and serial are two different things. One needs to be identical on all nodes and the other should be unique and is only used for whitelisting. This is also described in detail in the documentation. -
Yes the HMAC key has to be the same on all nodes. I did use the same HMAC key on all nodes.
So you mean that the logs indicate that the HMAC keys on gw and node aren't the same? -
Yes the HMAC key has to be the same on all nodes. I did use the same HMAC key on all nodes.
So you mean that the logs indicate that the HMAC keys on gw and node aren't the same?@LastSamurai no, I am saying that the hmac key is never shown in the log. The hmac signature is. Hmac key and hmac signature are two different things.
The log say that verification fails which means the hmac signature is calculated differently at sender vs receiver. That means one of these options:- Hmac key is different at sender and receiver
- Message has been tampered during transit
- Sender and/or receiver are using whitelisting but it is incorrectly configured. I recommend you only enable whitelisting if you are sure you know what you are doing, and I see no such indication from the snippets that you have provided.
You can enable verbose signing debug on the node to see what hmac signature is calculated at that end. Most likely it will be different compared to the hmac signature printed on the GW (for the same message).
-
There is also a fourth option, one I have only seen on gateways, only when memory is near full and with verbose prints active and only on a feature branch based on the development where I have seen the hmac key getting corrupted (this case is only for soft signing). I believe it is due to the stack growing into the heap. So you could try to disable verbose logging, or logging altogether on the GW and see if that affects things. It is a long short but worth a try if you are 110% sure you use identical hmac keys on node and gw.
-
I just tested everything again. Enabled/disabled any debugging on the gw side and reuploaded HMAC and serial keys to both the molgan and the gw (using the same sketch with unchanged HMAC and changed serial). Whitelisting isn't used here (although I am using it with some of my RGBW controller nodes and its working just fine there).
Sadly it did not work .The molgan node is using slightly different fuse settings only running at 8 Mhz and with 1.8V BOD (fuses: L 0xE2, H 0xDA, E0x06). Could this impact the software signing process? Also are different baudrates for the personalizer sketch supported? When I ran it I only got rubbish on the 115200 baud console (though the rough outline of the normal output). So I searched around in the code and finally added this at the beginning:
... #define MY_BAUD_RATE 9600 #define MY_CORE_ONLY #include <MySensors.h> ...redefining the baud rate. Afterwards the 9600 baud console printed out the expected values. This has only be done on the molgan, not the gateway. Could this somehow have interfered with signing?
@Yveaux , @AWI and others did you (successfully) use signing with the molgan?
-
I just tested everything again. Enabled/disabled any debugging on the gw side and reuploaded HMAC and serial keys to both the molgan and the gw (using the same sketch with unchanged HMAC and changed serial). Whitelisting isn't used here (although I am using it with some of my RGBW controller nodes and its working just fine there).
Sadly it did not work .The molgan node is using slightly different fuse settings only running at 8 Mhz and with 1.8V BOD (fuses: L 0xE2, H 0xDA, E0x06). Could this impact the software signing process? Also are different baudrates for the personalizer sketch supported? When I ran it I only got rubbish on the 115200 baud console (though the rough outline of the normal output). So I searched around in the code and finally added this at the beginning:
... #define MY_BAUD_RATE 9600 #define MY_CORE_ONLY #include <MySensors.h> ...redefining the baud rate. Afterwards the 9600 baud console printed out the expected values. This has only be done on the molgan, not the gateway. Could this somehow have interfered with signing?
@Yveaux , @AWI and others did you (successfully) use signing with the molgan?
@LastSamurai baud rate has no impact on the signing, it's only for serial log.
Clock frequency should not have impact on soft signing, it can have on atsha204a as it uses bit banging. But I have run successfully both soft and atsha signing on 8 and 16 MHz. What arch is used? AVR? That is what I use for my development, although it should work on all supported archs. -
Its an Atmega328P, so an AVR processor if thats what you mean.
-
Its an Atmega328P, so an AVR processor if thats what you mean.
@LastSamurai ok, and what about memory? Do you have a percentage of how much ram there is left after programming?
-
Its an Atmega328P, so an AVR processor if thats what you mean.
@LastSamurai I find it slightly disturbing that you say 115200 baudrate does not work. That would suggest the clock is not running as it should. I can run 115200 just fine on my Nano (16MHz) and Pro mini (8Mhz).
The personalizer on the development branch uses the baudrate set by the MyConfig.h setting (MY_BAUD_RATE) so you define it using that flag (as you found out).Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@LastSamurai I find it slightly disturbing that you say 115200 baudrate does not work. That would suggest the clock is not running as it should. I can run 115200 just fine on my Nano (16MHz) and Pro mini (8Mhz).
The personalizer on the development branch uses the baudrate set by the MyConfig.h setting (MY_BAUD_RATE) so you define it using that flag (as you found out). -
@Anticimex the Molgan Hack uses the internal oscillator, not an external crystal like the nano and pro mini.
The internal oscillator is less accurate, hence the lower baud rate.@Yveaux ah, ok. That explains that then. But to my knowledge there is no timing dependency for software signing, except the signing timeout. But I think there is a debug message if that fires. If not, perhaps @LastSamurai could try to increase the timeout (currently at 5000 ms).
-
Ok for the molgan sketch the arduino IDE spits this out:
- list item22.602 Bytes (73%) of memory
- list itemglobal variables 56% of dynamic memory
How do you change the timeout? Quick googling only turned up requests to make it configurable...
-
Ok for the molgan sketch the arduino IDE spits this out:
- list item22.602 Bytes (73%) of memory
- list itemglobal variables 56% of dynamic memory
How do you change the timeout? Quick googling only turned up requests to make it configurable...
@LastSamurai it is configurable, and clearly visible where all signing configuration parameters are located in MyConfig.h. Look for MY_VERIFICATION_TIMEOUT_MS.
-
Thanks, haven't really looked in that file since the upgrade to mysensors 2. Doing it all in the sketches now. I'll test it and get back to you.
-
Thanks, haven't really looked in that file since the upgrade to mysensors 2. Doing it all in the sketches now. I'll test it and get back to you.
@LastSamurai I do not think the timeout is the issue here, but worth a try anyway. The memory usage is in the red zone if over 70% I'd say so I suspect the hmac key gets corrupted by a stack that grows into the heap. You can test that by adding a debug print in the soft signing backend that dumps your hmac key before it is set. Assuming you run the latest stable release you'd want to place the print just before this line. You can copy this line and replace _signing_hmac with _signing_hmac_key. Also change the HMAC text to HMAC KEY to tell them apart (and don't post your printed key here ;))
This to verify that the key used is the key you personalized and that it has not been corrupted. -
@LastSamurai I do not think the timeout is the issue here, but worth a try anyway. The memory usage is in the red zone if over 70% I'd say so I suspect the hmac key gets corrupted by a stack that grows into the heap. You can test that by adding a debug print in the soft signing backend that dumps your hmac key before it is set. Assuming you run the latest stable release you'd want to place the print just before this line. You can copy this line and replace _signing_hmac with _signing_hmac_key. Also change the HMAC text to HMAC KEY to tell them apart (and don't post your printed key here ;))
This to verify that the key used is the key you personalized and that it has not been corrupted.@Anticimex So adding this around the line 325 should do the trick, right?
// Feed "message" to HMAC calculator DEBUG_SIGNING_PRINTBUF(F("HMAC key debug: "), _signing_hmac_key, 32); _signing_sha256.initHmac(_signing_hmac_key,32); // Set the key to useThe output of that is
HMAC key debug: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFwhich is definitly not my HMAC key!
PS Changing the timeout did not change this.
-
@Anticimex So adding this around the line 325 should do the trick, right?
// Feed "message" to HMAC calculator DEBUG_SIGNING_PRINTBUF(F("HMAC key debug: "), _signing_hmac_key, 32); _signing_sha256.initHmac(_signing_hmac_key,32); // Set the key to useThe output of that is
HMAC key debug: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFwhich is definitly not my HMAC key!
PS Changing the timeout did not change this.
@LastSamurai alright, so there are now three options:
- Your device is not properly personalized
- Your key has been overwritten in eeprom by some other part of your sketch during runtime
- Your key has been erased by stack growth (unlikely since it very much look like eeprom reset value)
You can test the various scenarios by moving your newly added print to various places in the backend. For instance, adding it just after the value is fetched from eeprom in the init function of the backend would tell you if the value is bad in eeprom or is erased in ram at a later stage.
-
The HMAC key seems to already have been FFFFF.... when read from EPROM. While testing some more I somehow seem to have bricked the atmega328 though :( I just soldered a new board and will to some more testing tomorrow.
