Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Official 5.2 Beta Discussion Thread
I put in some time today reading the security stuff. This is the original security scheme, there's a new one now but I don't know of anything that has implemented it yet. So obviously the original one is the first thing to tackle. It's overly complicated like all things Z-Wave API but I'm sure I'll drag my way through it.
Dean Roddey
Software Geek Extraordinaire
I've been reading security stuff till my eyes bled today. I still don't completely understand it, but it's not a complete mystery to me anymore. There were some obvious changes I need to make to support so I got the worst of that done today, which was sort of painful, hence why it was a good idea to do this now. As usually, it forced some good improvements in general.

It's an awful lot of work and a lot of network mishigas for something ain't probably even THAT secure in the end. Hopefully the new V2 security is more straightforward, though that's out in the distance a bit.

I'll go back and try some more on the WebRIVA web cam stuff tomorrow probably, then come back to this once my brain is re-fried on web cam stuff, and I need to fry the other bits again to keep it balanced.
Dean Roddey
Software Geek Extraordinaire
More work on security today. I started just trudging through it, no other way to go about it really. I got to a point where I realized that they were implementing a block encryption mode that I don't support in my encryption library. So I went to work on that, and ended up doing some re-working of that because it had some known issues that I'd ignored so far just because they weren't manifest in any practical way.

But best to deal with it while I was in there just in case. In the end, it turned out that only one thing used the problematic mode, and it's not even something shipped, it's a tool for my own use. But it's right now for future purposes.

I'll get back now to trudging. I'm working on the basic stuff of turning a regular messages into an encrypted message and vice versa. It's a lot more complex than it normally would be because there's an overall network key, plus a couple other keys. And, because Z-Wave is slow they can't afford the cycle of of

1. Hey, I'd like to talk to you, send me a nonce
2. OK, here's a nonce
3. OK, here's the thing I wanted to ask you
4. Hey, I need to respond to the thing you asked, send me a nonce
5. OK, here's a nonce
6. OK, here's the thing you asked about

So that would be 6 messages to make one exchange, leaving aside acks for every one of those. So, it has to be turned into a thing where you do #1 and #2, but then when you respond you pre-send them the nonce for the next thing, in the response. So #4 and #5 go away and they just do #6 and pre-send a nonce for the next time you want to talk to them. If further exchanges happen (in a short time before the nonce's expire), it continues like that.

Plus theres validation stuff that has to be calculated for every secure message. And there's special stuff for any unit that asks to be included as a unit that can legally send secure messages, which has to be added to the replication phase as well, and that involves some encryption key bootstrapping stuff.
Dean Roddey
Software Geek Extraordinaire
Another day of banging away at security stuff. I refined my encryption support a bit more, and got some NIST AES test vectors for CBC and OFB block modes and added some of those to my unit tests just to insure I was doing those right, and they are looking fine.

Then I went back to just slogging through the details of encrypted message encoding and decoding. I've got most of the infrastructure in place now so hopefully it'll not take too much longer before I can at least do a baby step test. The first thing to do will be to advertise I support security so that the Vizia RF program will add me as a secure network member. That involves some basic secure messages. If that works I'll know I'm on the right track.

Of course anything that involves really nitpicky encryption steps is VERY difficult to debug. You can't look at a failed message and have any idea what went wrong. It'll just be complete gibberish. So hopefully it doesn't turn into a trip to hell or anything.
Dean Roddey
Software Geek Extraordinaire
And still grinding on security. I figured out some obvious conceptual problems I had before and had to move around some code I'd already written, but it makes a lot more sense now, well at least for now. I'll probably be re-confused again tomorrow.
Dean Roddey
Software Geek Extraordinaire
Well, I think I have the basic code in place to send/receive encrypted messages. Of course now I'll learn that none of it works, but at least I wrote it. It's the thought that counts. I need to retest to make sure the non-secure stuff all still works, then I'll advertise my security'ness and see if Vizia starts sending me secure messages and randomly try things until I get one to work.
Dean Roddey
Software Geek Extraordinaire
OK, banging through it one step at a time (sort of time consuming because I have to exclude it and then include it again each time), I'm making progress. Once I got to the point of decoding an incoming encrypted message, I almost fell over when it actually worked.

But my msg authentication calculations aren't right so I'll have to pick that up tomorrow. But that's way more progress than I figured I'd make. I may be actually doing the secure thing some time tomorrow, which is the only really scary bit left. The rest is grunt work. Quite a bit of it, but still just grunt work.
Dean Roddey
Software Geek Extraordinaire
It's been unbelievably tedious but I've made progress. I'm getting through the secure replication process, so I'm correctly encrypting and decrypting and validating messages. That's a big step. There's still some issues after that but I'm too brain fried for that tonight. I'll dive into that tomorrow.
Dean Roddey
Software Geek Extraordinaire
Well, I thought I had gotten to the point of making it through the secure replication process but I actually hadn't. I put in a good bit of time on it today and though I made a lot of improvements and learned things I still can't figure out what's going on. I'll bang on it tomorrow. My encryption and decryption is good. Or, at least my decryption is good. I can't prove yet that my encryption is. I think it is, but nothing that happens so far in the process really proves that he saw one of my encrypted messages and liked it.
Dean Roddey
Software Geek Extraordinaire
Well, the end times are upon us. I woke up at 8 this morning for some bizarre reason, despite not getting to sleep until 3:30. I needed to go to the store so I figured I'd just go ahead then, and the store wasn't open yet. That's just not an issue I ever have to deal with.

But it's so nice out there, for the first time in seemingly recorded history. It feels like a nice Silicon Valley day and I was overwhelmed with nostalgia. I actually have the windows open right now, also for the first time in recorded history it feels like.
Dean Roddey
Software Geek Extraordinaire


Possibly Related Threads...
Thread Author Replies Views Last Post
  Official 5.3 Beta Discussion Thread Dean Roddey 101 5,359 5 hours ago
Last Post: NightLight
  Official 5.3 Release Thread Dean Roddey 0 381 10-17-2017, 07:13 PM
Last Post: Dean Roddey
  Official 5.2 Beta Release Thread Dean Roddey 13 2,697 10-09-2017, 06:49 PM
Last Post: Dean Roddey
  Official 5.1 Beta Discussion Thread Dean Roddey 453 57,328 05-16-2017, 03:45 PM
Last Post: Dean Roddey
  Official 5.1 Beta Release Thread Dean Roddey 28 6,686 05-12-2017, 05:44 PM
Last Post: Dean Roddey
  Official 5.0 Beta Discussions Dean Roddey 2,019 155,381 11-09-2016, 04:34 PM
Last Post: Dean Roddey
  Official 5.0 Beta Release Thread Dean Roddey 15 7,517 11-01-2016, 10:32 AM
Last Post: Dean Roddey
  How to obtain Beta versions? willsauter 3 1,567 07-15-2016, 04:57 PM
Last Post: willsauter
  Official 4.7 Beta Release Thread Dean Roddey 21 7,623 04-23-2015, 04:20 PM
Last Post: Dean Roddey
  Official 4.7 Beta discussion thread Dean Roddey 295 35,594 04-23-2015, 04:19 PM
Last Post: Dean Roddey

Forum Jump:


Users browsing this thread: 1 Guest(s)