180180 * signatures. The setting is defined using @ref MY_SIGNING_SOFT_RANDOMSEED_PIN and the default is to use pin A7. The same configuration
181181 * possibilities exist as with the other configuration options.
182182 *
183- * <b>Thirdly</b>, if you use the software backend, you need to personalize the node (see @ref perzonalization ).
183+ * <b>Thirdly</b>, if you use the software backend, you need to personalize the node (see @ref personalization ).
184184 * @code{.cpp}
185185 * #define MY_SIGNING_SOFT
186186 * #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7
191191 *
192192 * An example of a node that require signatures is available in @ref SecureActuator.ino.
193193 *
194- * @anchor perzonalization If you use the “real” ATSHA204A, before any signing operations can be done, the device needs to be <i>personalized</i>.
194+ * @anchor personalization If you use the “real” ATSHA204A, before any signing operations can be done, the device needs to be <i>personalized</i>.
195195 * This can be a daunting process as it involves irreversibly writing configurations to the device, which cannot be undone. I have however tried
196196 * to simplify the process as much as possibly by creating a helper-sketch specifically for this purpose in @ref SecurityPersonalizer.ino
197197 * Note that you also need to do personalization for software signing, but then the values are stored in EEPROM (described below).
@@ -637,4 +637,79 @@ uint8_t* signerSha256Final(void);
637637int signerMemcmp (const void * a , const void * b , size_t sz );
638638
639639#endif
640- /** @}*/
640+ /** @}*/
641+ /**
642+ * @defgroup MySigningTroubleshootinggrp Troubleshooting
643+ * @ingroup MySigninggrp
644+ * @{
645+ *
646+ * @section MySigningTroubleshootingSymptoms Symptoms and solutions
647+ *
648+ * The first thing to do if you suspect signing is causing problems, is to enable the verbose debug
649+ * flag for the signing backend. @see MY_DEBUG_VERBOSE_SIGNING
650+ *
651+ * If you are having trouble getting signing to work, please see the following troubleshooting tips.
652+ *
653+ * @subsection MySigningTroubleshootingSymptomStFail Signing fails and logs show st=fail on transmissions
654+ *
655+ * This is actually not a signing problem, although ofthen st=fail becomes st=ok when signing is disabled.
656+ * This is by far the most commonly reported problem with signing, but the problems is not with signing,
657+ * it is with radio performence.<br>
658+ * This is a typical log which might look like a signing related issue but isn't:
659+ * @code{.unparsed}
660+ * 0;255;3;0;9;Skipping security for command 3 type 16
661+ * 0;255;3;0;9;read: 3-3-0 s=255,c=3,t=16,pt=0,l=0,sg=0:
662+ * 0;255;3;0;9;Signing backend: ATSHA204Soft
663+ * 0;255;3;0;9;SHA256: 86DEAE1DAF50D577A4E2262B33ABF9DEE05DD8FAF84F94F50900000000000000
664+ * 0;255;3;0;9;Skipping security for command 3 type 17
665+ * 0;255;3;0;9;send: 0-0-3-3 s=255,c=3,t=17,pt=6,l=25,sg=0,st=fail:86DEAE1DAF50D577A4E2262B33ABF9DEE05DD8FAF84F94F509
666+ * 0;255;3;0;9;Failed to transmit nonce!
667+ * 0;255;3;0;9;Message is not signed, but it should have been!
668+ * 0;255;3;0;9;verify fail
669+ * @endcode
670+ *
671+ * The reason for this is that when signing is used, the messages transmitted become relatively large.<br>
672+ * Because of this, the message is more sensitive to noise, and the chance for a message to get scrambled
673+ * increase with the message size. Please refer to the troubleshooting section at the MySensors forum for
674+ * information on how to improve radio performence.<br>
675+ * This is a good place to start: https://forum.mysensors.org/topic/666/debug-faq-and-how-ask-for-help
676+ *
677+ * @subsection MySigningTroubleshootingSymptomNonce Failed to generate nonce
678+ *
679+ * The signing backend failed to generate the nonce needed to sign a message. This indicate a hardware
680+ * problem. Please post the debug info on the forum together with a description of your hardware setup.
681+ *
682+ * @subsection MySigningTroubleshootingSymptomSign Failed to sign message
683+ *
684+ * The signing backend failed to sign the message. Typically this happens if your message is so large,
685+ * that there is no room left in the buffer to store a signature.
686+ *
687+ * @subsection MySigningTroubleshootingSymptomWrongSource Nonce did not come from the destination (XX) of the message to be signed! It came from YY
688+ *
689+ * This should not really happen. The reason for this message is that the signing backend is only capable
690+ * of handling one signed message session at any time. If for some reason multiple nodes send a nonce message to
691+ * the same node, only the nonce from a node that is the destination of the current message signing session will be
692+ * accepted. Any other nonces will be dropped. This should not happen as no node should send a nonce unless asked to,
693+ * and a node will only ask for a nonce to one destination for every signing session.<br>
694+ * If you see this message, please post the debugging details on the MySensors forum so it can be investigated further
695+ * together with a description of your setup.
696+ *
697+ * @subsection MySigningTroubleshootingSymptomNotSigned Message is not signed, but it should have been
698+ *
699+ * A node has failed to comply with the signing preferences of this node. Check that the node has received a
700+ * signing presentation message from this node. This is automatically transmitted to gateways. For other nodes,
701+ * you need to transmit the presentation from the sketch. @see signerPresentation
702+ *
703+ * @subsection MySigningTroubleshootingSymptomNotSignedGeneral "Messages do not appear to be signed but I think they should be..."
704+ *
705+ * Make sure you have enabled the flag to require signatures to require signatures and have enabled one of the signing
706+ * backends. @see MY_SIGNING_REQUEST_SIGNATURES @see MY_SIGNING_ATSHA204 @see MY_SIGNING_SOFT
707+ *
708+ * @subsection MySigningTroubleshootingSymptomNotWorkingWhitelisting Signature verification failed!
709+ *
710+ * Make sure both source and destination of the signed message has undergone @ref personalization with the same HMAC key.<br>
711+ * Also, if whitelisting is used, make sure the proper serial is paired with the proper node ID at the destination.
712+ * Whitelisting preferences are communicated with the signing presentation (done automatically from nodes to gateway but
713+ * has to be explicitly done by sketch for node to node communication). @see signerPresentation
714+ */
715+ /** @}*/
0 commit comments