Charmed Quark Systems, Ltd. - Support Forums and Community

Full Version: Official 5.3 Beta Discussion Thread
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Something is going on with the security stuff. He asks for a nonce, I sent it. He sends me a msg supposedly encrypted with that nonce, but I get a decryption failure when I try to decrypt it. I need to dump the raw encrypted msg bytes if the decrypt fails. Currently I'm only logging the raw encrypted msg bytes when the msg is decrypted and stored in the input queue. So I can't see what he's sending if the decryption fails. I'll make that change

He clearly is trying to enroll us, since he sends the first msg of the secure enrollment process. At that point, since we haven't been able to share keys, we use a zeroed out key. He asks me what enrollment scheme I support and I tell him zeroed out key type (which is the only one currently.) He clearly accepts that since he then asks for a nonce, and then sends me the first encrypted msg.

Maybe part of the issue may be that he is starting the enrollment stuff a lot earlier in the process than Vizia does. I'm still trying to get basic controller info from the Z-Stick when the security enrollment scheme query arrives. Maybe instead of just responding immediately to the start of that process, I should just set a flag remembering that I need to do it, then do my basic initialization, then check that flag and see if I need to the enrollment stuff.

I'll have to look at how to best go about that.
OK, I've made the change to delay responding to the start of the secure inclusion until I've gotten my housekeeping stuff out of the way. That seems a likely problem, because key info was not in place yet. I just set a flag to remember I've seen it. If I to get the point where I can do it, if I've not see that msg yet, I wait for it. Then I can proceed in the normal way.

The inclusion process is sort of loosely defined in terms the timing of things. But delaying the response seems to work fine with Vizia. We'll see how it goes with STs. I'll test it out some more tomorrow and get another drop up.
OK, let's give 5.2.902 a try and see if that does better. Once again, if it fails, get me the same type of trace.
Still no joy on 5.2.902.

I deleted the config and ZWaveUSB3S folder before re-adding the driver. Inclusion shows in ST but CQC looks like nothing happened. InZWNetwork shows false after the attempt.

Turning on the trace still throws an error too, but still builds the trace file.
The driver never even tried the secure inclusion. Oh, did you exclude the driver first? The driver definitely seemed to think he was already in the network (probably based on the info it read from the stick when it came up.) So it never tried to join. Exclude the stick from STs, then try it again.
Ok, So I tried excluding multiple different times. Verified the zwave device was completely gone from ST. Removed Driver and the folder from CQC as if it were a new version.

Added the driver to CQC. Turned on tracing. Performed inclusion process. Received "Replication succeeded" on the Z-Wave Inclusion/Replication box. Verified that the device was added to ST with a new/different device network id.

CQC still shows its not in the network, and no devices show up.
Oh, and I also performed a factory reset on the zstick after doing the excludes, before attempting to include.
It was still going on, the trace stops mid-process. Let it run a bit longer and get me another one, flushing it first to be sure. I need to see what goes on after that. The trace is only about 15 seconds. It can take a good bit longer than that for the process to complete.

But anyway, at least in what is there, it never got to the point of thinking it needed to do a network join, so something is very awry.
I'm going to do one more with some more logging around this area where it seems to be going awry. If that doesn't make it clear what is going on I may need to get you to run the remote port server and let me debug it from here and see what is going on. We can use the chat feature so that I can get you to start inclusions/exclusions as needed on the STs side.

But it sure looks like the Z-Stick is never showing up out of network. The Z-Stick knows nothing about security or anything. All it knows about is are we a node on the network. The secure inclusion can fail and the Z-Stick will think it is in the network. If the driver thinks it is already in the network, it won't try to do the secure inclusion steps, and that definitely appears to be what is happening.

I put in extra logging to show what the Z-Stick is reporting before we start the inclusion loop and after it, where we get basic controller info (along which is are we in the network and what is our unit id.) So we can see what the stick is reporting.
That works for me. I will look for the drop and see if more info to debug helps.

I went ahead and ran thorough the full process from square 1 to test. After CQC said successful, it was a good 15+ seconds before ST registered that a device had been added (may be a normal delay but I feel like adding a switch is much quicker). After the success message, I just walked away and had dinner, when I came back the logs didnt show anything more than the 20-30 second inclusion process that has been in all of the other Trace files I have posted.