MySensors Verschlüsselung und Signierung

[meddie]

ich finde den Sensebender schon gut, aber der ist im Vergleich zum Nano (aus China) sehr teuer. Daher werde ich mir auch keinen mehr kaufen. (Evtl. selber bauen)

[meddie]

Hallo,

meine Failstory geht leider weiter. Ich habe soweit das GW und die Node mit den Keys versehen und anschließend mit den richtigen Sketchen gefuttert.
Aber leider verbindet sich die Node nicht.

Hier mein Sketch vom GW:

Code Auswählen Erweitern

/**
* The MySensors Arduino library handles the wireless radio link and protocol
* between your home built sensors/actuators and HA controller of choice.
* The sensors forms a self healing radio network with optional repeaters. Each
* repeater and gateway builds a routing tables in EEPROM which keeps track of the
* network topology allowing messages to be routed to nodes.
*
* Created by Henrik Ekblad <henrik.ekblad@mysensors.org>
* Copyright (C) 2013-2015 Sensnology AB
* Full contributor list: https://github.com/mysensors/Arduino/graphs/contributors
*
* Documentation: http://www.mysensors.org
* Support Forum: http://forum.mysensors.org
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* version 2 as published by the Free Software Foundation.
*
*******************************
*
* REVISION HISTORY
* Version 1.0 - Henrik EKblad
* Contribution by a-lurker and Anticimex,
* Contribution by Norbert Truchsess <norbert.truchsess@t-online.de>
* Contribution by Tomas Hozza <thozza@gmail.com>
*
*
* DESCRIPTION
* The EthernetGateway sends data received from sensors to the ethernet link.
* The gateway also accepts input on ethernet interface, which is then sent out to the radio network.
*
* This GW code is designed for Sensebender GateWay / (Arduino Zero variant)
*
* Wire connections (OPTIONAL):
* - Inclusion button should be connected to SW2
*
* LEDs on board (default assignments):
* - Orange: USB RX/TX - Blink when receiving / transmitting on USB CDC device
* - Yellow: RX  - Blink fast on radio message recieved. In inclusion mode will blink fast only on presentation recieved
* - Green : TX  - Blink fast on radio message transmitted. In inclusion mode will blink slowly
* - Red   : ERR - Fast blink on error during transmission error or recieve crc error
* - Blue  : free - (use with LED_BLUE macro)
*
*/

#include <stdint.h>
#include <pins_arduino.h>
#define SKETCH_VERSION "0.2"
// Enable debug prints to serial monitor
#define MY_DEBUG
#define MY_DEBUG_VERBOSE_SIGNING

// Enable and select radio type attached
#define MY_RADIO_NRF24
//#define MY_RADIO_RFM69

// Set LOW transmit power level as default, if you have an amplified NRF-module and
// power your radio separately with a good regulator you can turn up PA level.
//#define MY_RF24_PA_LEVEL RF24_PA_HIGH

#define MY_SIGNING_ATSHA204
//#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}}
//#define MY_SIGNING_REQUEST_SIGNATURES
#ifndef MY_SIGNING_SOFT_RANDOMSEED_PIN
#define MY_SIGNING_SOFT_RANDOMSEED_PIN 7
#endif                             
#ifndef MY_SIGNING_ATSHA204_PIN
#define MY_SIGNING_ATSHA204_PIN 17
#endif       
#define MY_RF24_ENABLE_ENCRYPTION
   
// Enable gateway ethernet module type
#define MY_GATEWAY_W5100

// W5100 Ethernet module SPI enable (optional if using a shield/module that manages SPI_EN signal)
//#define MY_W5100_SPI_EN 4

// Enable Soft SPI for NRF radio (note different radio wiring is required)
// The W5100 ethernet module seems to have a hard time co-operate with
// radio on the same spi bus.
#if !defined(MY_W5100_SPI_EN) && !defined(ARDUINO_ARCH_SAMD)
#define MY_SOFTSPI
#define MY_SOFT_SPI_SCK_PIN 14
#define MY_SOFT_SPI_MISO_PIN 16
#define MY_SOFT_SPI_MOSI_PIN 15
#endif

// When W5100 is connected we have to move CE/CSN pins for NRF radio
#ifndef MY_RF24_CE_PIN
#define MY_RF24_CE_PIN 5
#endif
#ifndef MY_RF24_CS_PIN
#define MY_RF24_CS_PIN 6
#endif

// Enable to UDP
//#define MY_USE_UDP

#define MY_IP_ADDRESS 10,0,0,253   // If this is disabled, DHCP is used to retrieve address
// Renewal period if using DHCP
//#define MY_IP_RENEWAL_INTERVAL 60000
// The port to keep open on node server mode / or port to contact in client mode
#define MY_PORT 5003

// Controller ip address. Enables client mode (default is "server" mode).
// Also enable this if MY_USE_UDP is used and you want sensor data sent somewhere.
//#define MY_CONTROLLER_IP_ADDRESS 192, 168, 178, 254

// The MAC address can be anything you want but should be unique on your network.
// Newer boards have a MAC address printed on the underside of the PCB, which you can (optionally) use.
// Note that most of the Ardunio examples use  "DEAD BEEF FEED" for the MAC address.
#define MY_MAC_ADDRESS 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED

// Enable inclusion mode
#define MY_INCLUSION_MODE_FEATURE
// Enable Inclusion mode button on gateway
#define MY_INCLUSION_BUTTON_FEATURE

// Inverses behavior of inclusion button (if using external pullup)
//#define MY_INCLUSION_BUTTON_EXTERNAL_PULLUP

// Set inclusion mode duration (in seconds)
#define MY_INCLUSION_MODE_DURATION 60
// Digital pin used for inclusion mode button
//#define MY_INCLUSION_MODE_BUTTON_PIN  3

// Set blinking period
#define MY_DEFAULT_LED_BLINK_PERIOD 300

// Inverses the behavior of leds
//#define MY_WITH_LEDS_BLINKING_INVERSE

// Flash leds on rx/tx/err
// Uncomment to override default HW configurations
//#define MY_DEFAULT_ERR_LED_PIN 4  // Error led pin
//#define MY_DEFAULT_RX_LED_PIN  6  // Receive led pin
//#define MY_DEFAULT_TX_LED_PIN  5  // the PCB, on board LED


#if defined(MY_USE_UDP)
#include <EthernetUdp.h>
#endif
#include <Ethernet.h>
#include <MySensors.h>
#include <SD.h>
//#include <drivers/ATSHA204/ATSHA204.cpp>

Sd2Card card;

#define EEPROM_VERIFICATION_ADDRESS 0x01

static uint8_t num_of_leds = 5;
static uint8_t leds[] = {LED_BLUE, LED_RED, LED_GREEN, LED_YELLOW, LED_ORANGE};

void setup()
{
  // Setup locally attached sensors
}

void presentation()
{
  // Present locally attached sensors
}

void loop()
{
  // Send locally attached sensor data here
}


void preHwInit()
{

  pinMode(MY_SWC1, INPUT_PULLUP);
  pinMode(MY_SWC2, INPUT_PULLUP);
  if (digitalRead(MY_SWC1) && digitalRead(MY_SWC2)) {
    return;
  }

  uint8_t tests = 0;

  for (int i=0; i< num_of_leds; i++) {
    pinMode(leds[i], OUTPUT);
  }
  uint8_t led_state = 0;
  if (digitalRead(MY_SWC1)) {
    while (!Serial) {
      digitalWrite(LED_BLUE, led_state);
      led_state ^= 0x01;
      delay(500);
    } // Wait for USB to be connected, before spewing out data.
  }
  digitalWrite(LED_BLUE, LOW);
  if (Serial) {
    Serial.println("Sensebender GateWay test routine");
    Serial.print("Mysensors core version : ");
    Serial.println(MYSENSORS_LIBRARY_VERSION);
    Serial.print("GateWay sketch version : ");
    Serial.println(SKETCH_VERSION);
    Serial.println("----------------------------------");
    Serial.println();
  }
  if (testSha204()) {
    digitalWrite(LED_GREEN, HIGH);
    tests++;
  }
  if (testSDCard()) {
    digitalWrite(LED_YELLOW, HIGH);
    tests++;
  }

  if (testEEProm()) {
    digitalWrite(LED_ORANGE, HIGH);
    tests++;
  }
  if (testAnalog()) {
    digitalWrite(LED_BLUE, HIGH);
    tests++;
  }
  if (tests == 4) {
    while(1) {
      for (int i=0; i<num_of_leds; i++) {
        digitalWrite(leds[i], HIGH);
        delay(200);
        digitalWrite(leds[i], LOW);
      }
    }
  } else {
    while (1) {
      digitalWrite(LED_RED, HIGH);
      delay(200);
      digitalWrite(LED_RED, LOW);
      delay(200);
    }
  }

}

bool testSha204()
{
  uint8_t rx_buffer[SHA204_RSP_SIZE_MAX];
  uint8_t ret_code;
  if (Serial) {
    Serial.print("- > SHA204 ");
  }
  atsha204_init(MY_SIGNING_ATSHA204_PIN);
  ret_code = atsha204_wakeup(rx_buffer);

  if (ret_code == SHA204_SUCCESS) {
    ret_code = atsha204_getSerialNumber(rx_buffer);
    if (ret_code != SHA204_SUCCESS) {
      if (Serial) {
        Serial.println(F("Failed to obtain device serial number. Response: "));
      }
      Serial.println(ret_code, HEX);
    } else {
      if (Serial) {
        Serial.print(F("Ok (serial : "));
        for (int i=0; i<9; i++) {
          if (rx_buffer[i] < 0x10) {
            Serial.print('0'); // Because Serial.print does not 0-pad HEX
          }
          Serial.print(rx_buffer[i], HEX);
        }
        Serial.println(")");
      }
      return true;
    }
  } else {
    if (Serial) {
      Serial.println(F("Failed to wakeup SHA204"));
    }
  }
  return false;
}

bool testSDCard()
{
  if (Serial) {
    Serial.print("- > SD CARD ");
  }
  if (!card.init(SPI_HALF_SPEED, MY_SDCARD_CS)) {
    if (Serial) {
      Serial.println("SD CARD did not initialize!");
    }
  } else {
    if (Serial) {
      Serial.print("SD Card initialized correct! - ");
      Serial.print("type detected : ");
      switch(card.type()) {
      case SD_CARD_TYPE_SD1:
        Serial.println("SD1");
        break;
      case SD_CARD_TYPE_SD2:
        Serial.println("SD2");
        break;
      case SD_CARD_TYPE_SDHC:
        Serial.println("SDHC");
        break;
      default:
        Serial.println("Unknown");
      }
    }
    return true;
  }
  return false;
}

bool testEEProm()
{
  uint8_t eeprom_d1, eeprom_d2;
  SerialUSB.print(" -> EEPROM ");
  Wire.begin();
  eeprom_d1 = i2c_eeprom_read_byte(EEPROM_VERIFICATION_ADDRESS);
  delay(500);
  eeprom_d1 = ~eeprom_d1; // invert the bits
  i2c_eeprom_write_byte(EEPROM_VERIFICATION_ADDRESS, eeprom_d1);
  delay(500);
  eeprom_d2 = i2c_eeprom_read_byte(EEPROM_VERIFICATION_ADDRESS);
  if (eeprom_d1 == eeprom_d2) {
    SerialUSB.println("PASSED");
    i2c_eeprom_write_byte(EEPROM_VERIFICATION_ADDRESS, ~eeprom_d1);
    return true;
  }
  SerialUSB.println("FAILED!");
  return false;
}

bool testAnalog()
{
  int bat_detect = analogRead(MY_BAT_DETECT);
  Serial.print("-> analog : ");
  Serial.print(bat_detect);
  if (bat_detect < 400 || bat_detect > 650) {
    Serial.println(" Failed");
    return false;
  }
  Serial.println(" Passed");
  return true;
}


Und das von der Node

Code Auswählen Erweitern

/*
* The MySensors Arduino library handles the wireless radio link and protocol
* between your home built sensors/actuators and HA controller of choice.
* The sensors forms a self healing radio network with optional repeaters. Each
* repeater and gateway builds a routing tables in EEPROM which keeps track of the
* network topology allowing messages to be routed to nodes.
*
* Created by Henrik Ekblad <henrik.ekblad@mysensors.org>
* Copyright (C) 2013-2015 Sensnology AB
* Full contributor list: https://github.com/mysensors/Arduino/graphs/contributors
*
* Documentation: http://www.mysensors.org
* Support Forum: http://forum.mysensors.org
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* version 2 as published by the Free Software Foundation.
*
*******************************
*/
#include <stdint.h>
#include <pins_arduino.h>
#define MY_DEBUG
#define MY_DEBUG_VERBOSE_SIGNING
#define MY_RADIO_NRF24
//#define MY_SIGNING_SOFT
#define MY_SIGNING_ATSHA204
//#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01}}}
#define MY_SIGNING_REQUEST_SIGNATURES
#ifndef MY_SIGNING_SOFT_RANDOMSEED_PIN
#define MY_SIGNING_SOFT_RANDOMSEED_PIN 7
#endif
#ifndef MY_SIGNING_ATSHA204_PIN
#define MY_SIGNING_ATSHA204_PIN 17
#endif
#define MY_RF24_ENABLE_ENCRYPTION
#include <MySensors.h>

Und das bringt mir die Node auf dem Serial Monitor

Code Auswählen Erweitern

0 MCO:BGN:INIT NODE,CP=RNNNAA-,VER=2.1.1
4 TSM:INIT
4 TSF:WUR:MS=0
12 TSM:INIT:TSP OK
14 TSF:SID:OK,ID=100
16 TSM:FPAR
18 Will not sign message for destination 255 as it does not require it
67 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
2076 !TSM:FPAR:NO REPLY
2078 TSM:FPAR
2080 Will not sign message for destination 255 as it does not require it
2127 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
4139 !TSM:FPAR:NO REPLY
4141 TSM:FPAR
4143 Will not sign message for destination 255 as it does not require it
4190 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
6199 !TSM:FPAR:NO REPLY
6201 TSM:FPAR
6203 Will not sign message for destination 255 as it does not require it
6250 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
8259 !TSM:FPAR:FAIL
8261 TSM:FAIL:CNT=1
8263 TSM:FAIL:PDT
18266 TSM:FAIL:RE-INIT
18268 TSM:INIT
18276 TSM:INIT:TSP OK
18278 TSF:SID:OK,ID=100
18280 TSM:FPAR
18282 Will not sign message for destination 255 as it does not require it
18331 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
20340 !TSM:FPAR:NO REPLY
20342 TSM:FPAR
20344 Will not sign message for destination 255 as it does not require it
20393 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
22403 !TSM:FPAR:NO REPLY
22405 TSM:FPAR
22407 Will not sign message for destination 255 as it does not require it
22456 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
24465 !TSM:FPAR:NO REPLY
24467 TSM:FPAR
24469 Will not sign message for destination 255 as it does not require it
24518 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
26527 !TSM:FPAR:FAIL
26529 TSM:FAIL:CNT=2
26531 TSM:FAIL:PDT
36534 TSM:FAIL:RE-INIT
36536 TSM:INIT
36544 TSM:INIT:TSP OK
36546 TSF:SID:OK,ID=100
36548 TSM:FPAR
36550 Will not sign message for destination 255 as it does not require it
36599 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
38610 !TSM:FPAR:NO REPLY
38612 TSM:FPAR
38615 Will not sign message for destination 255 as it does not require it
38664 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
40673 !TSM:FPAR:NO REPLY
40675 TSM:FPAR
40677 Will not sign message for destination 255 as it does not require it
40726 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
42735 !TSM:FPAR:NO REPLY
42737 TSM:FPAR
42739 Will not sign message for destination 255 as it does not require it
42788 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
44800 !TSM:FPAR:FAIL
44802 TSM:FAIL:CNT=3
44804 TSM:FAIL:PDT
54808 TSM:FAIL:RE-INIT
54810 TSM:INIT
54818 TSM:INIT:TSP OK
54820 TSF:SID:OK,ID=100
54822 TSM:FPAR
54824 Will not sign message for destination 255 as it does not require it
54874 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:
56883 !TSM:FPAR:NO REPLY
56885 TSM:FPAR
56887 Will not sign message for destination 255 as it does not require it
56936 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK:


Jetzt habe ich gar kein Plan mehr!

[SensorMane]

Hi,

das schaut schon merkwürdig aus! Wieso meint der nicht signieren zu müssen?

Kannst du mal GW und node parallel am Rechner anstecken und auch bei beiden den seriellen Monitor mitlaufen lassen? Ich nehm dafür immer putty, da geht das recht einfach. So siehst du was die da parallel machen und was an Kommunikation läuft.

Zusätzlich würde ich erstmal nur ein Sicherheitsfeature aktivieren um zu sehen obs dann läuft.

[Beta-User]

Hallo zusammen,

m.E. ist das ein Funk-Problem.

Code Auswählen Erweitern

6250 TSF:MSG:SEND,100-100-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: bedeutet wohl, dass die Node erst mal nachfragt, wo es seine Nachricht absetzen kann, -255-255 ist eine Art Broadcast. Und da kommt schon keine Antwort.

Versuch doch erst mal, die Parent-Node-ID im Sketch festzulegen (auf 0) und sieh' im seriellen Monitor des GW nach, ob da überhaupt eine Anfrage ankommt.

Gruß, Beta-User

[meddie]

Gestern standen wir noch vor dem Abgrund, heute sind wir einen Schritt weiter :-D

Hallo zusammen, ich bin heute einen Schritt weiter, die Signierung funktioniert und ich weiß warum es gestern nicht gegangen ist.

Das Problem lag an der Verschlüsselung, darum bekam das Node auch keine Antwort.

Der Sketch der den AES Key schreiben sollte ist für AVR basierte Gerätte abgestimmt, mein Gateway ist aber SAMD basiert und sein EEPROM ist via I2C Bus angebunden, was zur folge hat dass er beim Beschreiben anders adressiert werden muss. Daher hat mein Personalisierungssketch, den HMAC Key in den ATSHA204 Chip schreiben können den AES Key in das EEPROM aber nicht.

Daher konnte die Verbindung gar nicht aufgebaut werden.
Heute habe ich es ohne Verschlüsselung aber mit Signierung getestet uns siehe da es geht!

Ich melde mich wenn ich die letzte Hürde genommen habe.

@Markus
eine Schwachstelle des Sensebender Micro habe ich auch schon - es ist seine Kapazität, wenn ich Signierung, OTA und AES aktiviere bin ich über seine Speichergrenze hinaus. Musste gestern OTA ausklammern. Das wird aich noch eine Herausforderung werden

Vielen Dank Euch für Eure Hilfe!!!
Gruß Eddie

[Grave]

Hi,

wo habt ihr den ATSHA204A bestellt?

Gruß Grave

[SensorMane]

Ich hab die bei Mouser bestellt bzw. mit bestellt.

Weitere Möglichkeit ist hier: https://hbe-shop.de/Art-2674884-MICROCHIP-ATSHA204A-SSHDA-B-CRYPTOAUTHENTICATION-I2C-SOIC-8.

[Grave]

Bei hbe leider ausverkauft und bei Mouser ist das Porto mit 20€ schon ziemlich heftig. Also weitersuchen

[PeMue]

Wieviel brauchst Du? Ich meine, ich hätte 10 Stück in China bestellt.
Da sollten noch ein paar übrig sein.

Gruß PeMue

[SensorMane]

Ich habe hier mitbestellt: https://www.mikrocontroller.net/topic/415670#new

[meddie]

Hi, ich habe meine auch in China bestellt. AliExpress. Dauert allerdings ca. 4 Wochen bis sie kommen.

Gruß Eddie

[Grave]

Hi,

Hab bei ebay noch einen Anbieter in England gefunden. Je nachdem bekomme ich aber die 50€ bei mouser voll.
Anderes Thema: Den Atmega in TQFP32 selber löten. Machbar? SMD löten ist eigentlich kein Problem. Aber den letzten TQFP32 habe ich vor ewigen Zeiten gelötet. Was sagt denn eure Erfahrung?

[meddie]

Hallo,
das dürfte machbar sein, zur Hilfe nimmst Du Löthonig. Dazu gibt es bei Youtube ein paar gute howtos.
Gruß Eddie

[Grave]

@ PeMue: Wieviele hast du denn noch?

[PeMue]

@ PeMue: Wieviele hast du denn noch?

2 ... 3 könnte ich entbehren, den Rest per PM?

Gruß PeMue