knx icon indicating copy to clipboard operation
knx copied to clipboard

Published 20 hours ago verified publisher icon thelsing

Create support for knx-ip secure

Open thelsing opened this issue 5 years ago • 5 comments

thelsing avatar Dec 25 '18 20:12 thelsing

Crypto stuff required:

  • ~~AES CBC MAC~~ (already there due to data secure)
  • PBKDF2-HMAC-SHA256: candidate: https://github.com/monolifed/pbkdf2-hmac-sha256/
  • Elliptic curve 25519

nanosonde avatar Jul 05 '20 09:07 nanosonde

Two existing implementations:

JS: https://github.com/Supergiovane/node-red-contrib-knx-ultimate/blob/master/KNXEngine/protocol/KNXSecureSessionRequest.js

JAVA: https://github.com/calimero-project/calimero-core/blob/master/src/tuwien/auto/calimero/knxnetip/SecureSessionUdp.java

nanosonde avatar Feb 02 '22 08:02 nanosonde

Another implementation in Python: https://github.com/XKNX/xknx/pull/875/files

nanosonde avatar Feb 25 '22 21:02 nanosonde

Hi 👋! Since there is no support for Tunnelling at all currently, you may be more interested in Secure Routing. You can find a Python implementation here: https://github.com/XKNX/xknx/blob/5fa7f8b8712ef3c9631fc2617fa0a0996bf9656c/xknx/io/ip_secure.py#L388 This doesn't need Elliptic curve or PBKDF2-HMAC-SHA256 iirc 😃

Note: In xknx we don't expect to have a way to permanently store data, so we refrained from storing the latest timer value and just synchronise to other devices on startup.

farmio avatar Dec 20 '22 22:12 farmio

xknx now has data secure support: https://github.com/XKNX/xknx/blob/main/xknx/secure/data_secure.py

nanosonde avatar Mar 03 '23 13:03 nanosonde