RE: 💬 Building a Raspberry Pi Gateway

@gohan edit configure file and add this code:

--my-mqtt-user=*)
    CPPFLAGS="-DMY_MQTT_USER=\\\"${optarg}\\\" $CPPFLAGS"
    ;;
--my-mqtt-password=*)
    CPPFLAGS="-DMY_MQTT_PASSWORD=\\\"${optarg}\\\" $CPPFLAGS"
    ;;

after this code:

--my-signing-request-gw-signatures-from-all*)
        signing_request_signatures=true
        CPPFLAGS="-DMY_SIGNING_GW_REQUEST_SIGNATURES_FROM_ALL $CPPFLAGS"
        ;;

this is about 408 number line and use flag --my-mqtt-password and --my-mqtt-client-id when you run configure, thats all.

@marceloaqno Thanks for help This was my problem

@Teknor I use RPI III as GW and all node connect with gw used nRF24L01. My CPU now usage 5-10%, but I installed "Home Assistance" + homebridge + some plugins.

@Teknor I use RPI III as GW and all node connect with gw used nRF24L01. My CPU now usage 5-10%, but I installed "Home Assistance" + homebridge + some plugins.

@gohan edit configure file and add this code:

--my-mqtt-user=*)
    CPPFLAGS="-DMY_MQTT_USER=\\\"${optarg}\\\" $CPPFLAGS"
    ;;
--my-mqtt-password=*)
    CPPFLAGS="-DMY_MQTT_PASSWORD=\\\"${optarg}\\\" $CPPFLAGS"
    ;;

after this code:

--my-signing-request-gw-signatures-from-all*)
        signing_request_signatures=true
        CPPFLAGS="-DMY_SIGNING_GW_REQUEST_SIGNATURES_FROM_ALL $CPPFLAGS"
        ;;

this is about 408 number line and use flag --my-mqtt-password and --my-mqtt-client-id when you run configure, thats all.

@marceloaqno Thanks for help This was my problem

@marceloaqno Thank's for you help. I have other question.. general I try configure my gateway to work with security & signing, but they doesn't work. Where is problem? On the bottom i send point what it do it:

Gateway:

1. ./configure --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-mqtt-password=PASS --my-mqtt-user=USER --my-rf24-encryption-enabled --my-signing=software --my-signing-request-signatures --my-signing-request-gw-signatures-from-all
2. make
3. sudo make install
4. sudo systemctl enable mysgw.service
5. sudo systemctl start mysgw.service
6. sudo mysgw --gen-soft-hmac-key
7. sudo mysgw --set-soft-hmac-key=02417628BC1573CC380...
8. sudo mysgw --gen-soft-serial-key
9. sudo mysgw --set-soft-serial-key=00762CD152B868F7EB
10. sudo mysgw --gen-aes-key
11. sudo mysgw --set-aes-key= A790AD78B2D8B4DBBB5B2C4B9DD6DAF3

Node:

1. Load script SecurityPersonalizer.ino
2. Uncomment and send sketch to arduino

#define USE_SOFT_SIGNING
#define STORE_SOFT_KEY
#define USER_SOFT_KEY
#define STORE_SOFT_SERIAL
#define STORE_AES_KEY
#define USER_AES_KEY

#define MY_SOFT_HMAC_KEY 0X2,0X41,0X76,0X28,0XBC,0X15,0X73,0XCC,0X38...
#define MY_AES_KEY 0XA7,0X90,0XAD,0X78,0XB2,0XD8...

1. Read all value from EPROM (test save):

Personalization sketch for MySensors usage.
-------------------------------------------
EEPROM configuration:
SOFT_HMAC_KEY | 02417628BC1573CC380DE0FADF7C87D7D3C77272A783E6E438786A07C3A8C6CF
SOFT_SERIAL   | 39BB1370C289643251
AES_KEY       | A790AD78B2D8B4DBBB5B2C4B9DD6DAF3
--------------------------------
Personalization is now complete.

1. Send sample sketch to arduino:

//!< Enable debug prints to serial monitor
#define MY_DEBUG
//!< Enable signing related debug prints to serial monitor
#define MY_DEBUG_VERBOSE_SIGNING
// Enable NRF24L01 radio type
#define MY_RADIO_NRF24

// Select soft signing
#define MY_SIGNING_SOFT

// Enable lockdown of node if suspicious activity is detected
//-->> #define MY_NODE_LOCK_FEATURE

// Enable node whitelisting
//#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}}

// Enable this if you want destination node to sign all messages sent to this node.
#define MY_SIGNING_REQUEST_SIGNATURES

// SETTINGS FOR MY_SIGNING_SOFT
#define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 //!< Unconnected analog pin for random seed

// Add repeater function to this sensor
#define MY_REPEATER_FEATURE


#include <SPI.h>
#include <MySensors.h>
#include <Bounce2.h>

#define RELAY_PIN  4    // Arduino Digital I/O pin number for relay 
#define BUTTON_PIN  3   // Arduino Digital I/O pin number for button 
#define CHILD_ID 1      // Id of the sensor child
#define RELAY_ON 1
#define RELAY_OFF 0

Bounce debouncer = Bounce();
int oldValue = 0;
bool state;

MyMessage msg(CHILD_ID, V_LIGHT);

void setup()
{
  // Setup the button
  pinMode(BUTTON_PIN, INPUT);
  // Activate internal pull-up
  digitalWrite(BUTTON_PIN, HIGH);

  // After setting up the button, setup debouncer
  debouncer.attach(BUTTON_PIN);
  debouncer.interval(5);

  // Make sure relays are off when starting up
  digitalWrite(RELAY_PIN, RELAY_OFF);
  // Then set relay pins in output mode
  pinMode(RELAY_PIN, OUTPUT);

  // Set relay to last known state (using eeprom storage)
  state = loadState(CHILD_ID);
  digitalWrite(RELAY_PIN, state ? RELAY_ON : RELAY_OFF);
}

void presentation()  {
  // Send the sketch version information to the gateway and Controller
  sendSketchInfo("Relay & Button", "1.0");
  
  // Register all sensors to gw (they will be created as child devices)
  present(CHILD_ID, S_LIGHT, "Switch Secure Sensor", false);
}

/*
   Example on how to asynchronously check for new messages from gw
*/
void loop()
{
  debouncer.update();
  // Get the update value
  int value = debouncer.read();
//  if (value != oldValue && value == 0) {
    send(msg.set(state ? false : true), true); // Send new state and request ack back
//  }
//  oldValue = value;
  delay(5000);
}

void receive(const MyMessage &message) {
  // We only expect one type of message from controller. But we better check anyway.
  if (message.isAck()) {
    Serial.println("This is an ack from gateway");
  }

  if (message.type == V_LIGHT) {
    // Change relay state
    state = message.getBool();
    digitalWrite(RELAY_PIN, state ? RELAY_ON : RELAY_OFF);
    // Store state in eeprom
    // saveState(CHILD_ID, state);

    // Write some debug info
    Serial.print("Incoming change for sensor:");
    Serial.print(message.sensor);
    Serial.print(", New status: ");
    Serial.println(message.getBool());
  }
}

And finally in Arduino Serial Monitor I see:

0 MCO:BGN:INIT REPEATER,CP=RNNRAS-,VER=2.1.1
4 TSM:INIT
5 TSF:WUR:MS=0
11 TSM:INIT:TSP OK
13 TSF:SID:OK,ID=105
15 TSM:FPAR
16 Will not sign message for destination 255 as it does not require it
58 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
2065 !TSM:FPAR:NO REPLY
2067 TSM:FPAR
2068 Will not sign message for destination 255 as it does not require it
2110 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
4117 !TSM:FPAR:NO REPLY
4119 TSM:FPAR
4120 Will not sign message for destination 255 as it does not require it
4162 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
6169 !TSM:FPAR:NO REPLY
6171 TSM:FPAR
6172 Will not sign message for destination 255 as it does not require it
6214 TSF:MSG:SEND,105-105-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
8221 !TSM:FPAR:FAIL
8222 TSM:FAIL:CNT=1
8224 TSM:FAIL:PDT

and in gateway i see:

sudo mysgw -d
mysgw: Starting gateway...
mysgw: Protocol version - 2.1.1
mysgw: MCO:BGN:INIT GW,CP=RNNG-S-,VER=2.1.1
mysgw: TSF:LRT:OK
mysgw: TSM:INIT
mysgw: TSF:WUR:MS=0
mysgw: TSM:INIT:TSP OK
mysgw: TSM:INIT:GW MODE
mysgw: TSM:READY:ID=0,PAR=0,DIS=0
mysgw: MCO:REG:NOT NEEDED
mysgw: MCO:BGN:STP
mysgw: MCO:BGN:INIT OK,TSP=1
mysgw: Attempting MQTT connection...
mysgw: connected to 127.0.0.1
mysgw: MQTT connected
mysgw: Sending message on topic: mysensors-out/0/255/0/0/18
mysgw: TSF:MSG:READ,171-107-54,s=221,c=2,t=131,pt=4,l=25,sg=0:-1418183441
mysgw: !TSF:MSG:PVER,3=2
mysgw: TSF:MSG:READ,135-23-172,s=20,c=3,t=200,pt=7,l=25,sg=0:-0.00000178
mysgw: !TSF:MSG:PVER,1=2
mysgw: TSF:MSG:READ,34-66-89,s=168,c=1,t=9,pt=1,l=25,sg=0:56
mysgw: !TSF:MSG:PVER,1=2
mysgw: TSF:MSG:READ,223-46-240,s=112,c=5,t=192,pt=5,l=11,sg=1:1407647670
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:240 UNKNOWN
mysgw: !TSF:MSG:SEND,223-0-240-240,s=112,c=5,t=192,pt=5,l=11,sg=1,ft=0,st=NACK:1407647670
mysgw: TSF:MSG:READ,183-139-129,s=37,c=6,t=155,pt=1,l=21,sg=0:48
mysgw: !TSF:MSG:PVER,0=2
mysgw: TSF:MSG:READ,139-214-233,s=61,c=3,t=193,pt=7,l=0,sg=1:0.00000000
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:233 UNKNOWN
mysgw: !TSF:MSG:SEND,139-0-233-233,s=61,c=3,t=193,pt=7,l=0,sg=1,ft=0,st=NACK:0.00000000
mysgw: TSF:MSG:READ,83-33-7,s=179,c=2,t=27,pt=4,l=25,sg=1:-2057270722
mysgw: !TSF:MSG:PVER,3=2
mysgw: TSF:MSG:READ,110-148-67,s=113,c=0,t=158,pt=1,l=9,sg=1:251
mysgw: !TSF:MSG:PVER,1=2
mysgw: TSF:MSG:READ,75-209-102,s=204,c=7,t=25,pt=1,l=11,sg=1:52
mysgw: !TSF:MSG:PVER,0=2
mysgw: TSF:MSG:READ,184-209-235,s=58,c=1,t=140,pt=6,l=23,sg=1:1DC404A5401119FACF0000000000000000000000000000
mysgw: !TSF:MSG:PVER,3=2
mysgw: TSF:MSG:READ,172-203-51,s=140,c=2,t=173,pt=0,l=1,sg=1:?
mysgw: TSF:MSG:REL MSG
mysgw: !TSF:RTE:51 UNKNOWN
mysgw: !TSF:MSG:SEND,172-0-51-51,s=140,c=2,t=173,pt=0,l=1,sg=1,ft=0,st=NACK:?

Where is problem?

Hi Does anybody know how to use MY_SIGNING_NODE_WHITELISTING in gateway raspbery pi? Where I must create/edit white list with my nodes?

@Anticimex Ok. I read again this text. I have next question..

1. I generated SOFT_HMAC_KEY, SOFT_SERIAL, AES_KEY in my gateway, so when I run SecurityPersonalizer.ino i must save this value from gw in MY_SOFT_HMAC_KEY, MY_SOFT_SERIAL, MY_AES_KEY or generate other value and save? Probably AES must by the same.. MY_SOFT_SERIAL is 'serial' in WHITELISTING so i think this must by different in node and gateway, and what with HMAC? I think that the HMAC must be the same..
2. I looked for information where save whitelist in gw but i didn't found.. can you help my find solution?
3. If I use for example 2 nodes-relays, 2 nodes-temperature and gateway. All relays communicate only with gateway but all are repeater. All node-temperature sensor connect with relay, so in nodes-relay in white list i must add temperature serial and gw serial. In temperature I does't add white list, in gateway I add relay and temperature nodes serial. That is all?

PS. Thank you for you help

@Anticimex I read all text and I understand that I have add forth line to all my sensors.:
#define MY_SIGNING_SOFT
#define MY_SIGNING_SOFT_RANDOMSEED_PIN 7
#define MY_SIGNING_REQUEST_SIGNATURES
#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = MOTION_SENSOR_ID,.serial = {0x12,0x34,0x56,0x78,0x90,0x12,0x34,0x56,0x78}}}

In my gateway i must use this comand:
./configure --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-signing=software --my-signing-debug --my-signing-request-gw-signatures-from-all --my-mqtt-password=PASSWORD --my-mqtt-user=USER

1. but I do not understand wher I create white list in gateway?
2. how create serial for my mensors (eg. {0x12,0x34,0x56,0x78,0x90,0x12,0x34,0x56,0x78})?
3. how to check if everything is working?
4. how to use HMAC (how to create in my sensor, where save)?

Hi everybody
Where I find information step by step how to run signing/security with one sensor and raspbery pi gateway and use mqtt (software signing without chip ATSHA)? I try understand this post, but I have problem.. I test example code but always my gw get normal information..