Announcement

Collapse
No announcement yet.

Z-Wave Plugin with Security S2 Support (Beta)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    The device HAS to support S2 otherwise it will be added without security. However, the older S0 security is still supported so the device might get added using that.

    Originally posted by Fellhahn View Post
    So if a device (actuator/switch) that does NOT support S2, connects to an interface (HomeSeer SmartStick+) that DOES support S2 and is running the S2 plugin, the device is still able to be used by operating in 'unauthenticated' mode?
    💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

    Comment


      #17
      What is the Access Control method of encryption?

      Will it be possible to only allow one type of authentication on the controller, or at least not allow one, in order to prevent unauthenticated devices from joining the network?

      Is this the official thread for information related to this update?

      Comment


        #18
        Are you asking what is the cipher suite used? Or for an overview of S2 security types? All that is set by Sigma (or was, before the sale of Z-Wave to Silicon Labs)

        AFAIK, it's 128 AES with nonce scrambling. ECDH is used during the inclusion process to produce a link key. The link key is used to securely distribute the S2 network key which is what is used for ongoing operations, also to set the nonce scrbling pattern.
        An S0 network key is also distributed to S2 nodes so that they can communicate with legacy S0 nodes.

        S2 nodes are placed into one of three network segments, Access Control, Authenticated and Unauthenticated. Each segment uses its own network key. Which I believe means that an Authenticated node cannot interpret or transmit commands for an Access control node.

        All this is just what I've garnered from reading this:

        https://z-wave.sigmadesigns.com/wp-c...hite-Paper.pdf

        Comment


          #19
          I think what you are asking is that you only want to allow one type of inclusion, like S2 only and disable S0. We do not have a setting for this in the plugin, but it would be easy to add. Note that if you disable S0, you would not be able to add any existing door lock other than an S2 compatible lock, which only a very few exist. Older devices (non locks) that only support S0 would be added without any security. S0 is probably better than nothing if you want the most security. So I am not sure this is a useful option.

          The plugin log tells you how the device was added, so if you know the device supports S2 but gets added as S0, then something went wrong and you can remove and try to add it again.

          Note that S2 locks only support S2 Access mode, which is the same as s2 Authenticated mode. With this mode you need to enter a PIN (5 digits) when you add the device. This makes it impossible for someone to sniff the packets and determine the encryption key.

          Originally posted by hellerbrewing View Post
          What is the Access Control method of encryption?

          Will it be possible to only allow one type of authentication on the controller, or at least not allow one, in order to prevent unauthenticated devices from joining the network?

          Is this the official thread for information related to this update?
          💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

          Comment


            #20
            Aside from the logs post inclusion, is there anywhere else in the UI that can tell us the inclusion method used for a particular node?

            Comment


              #21
              Would be good to know, especially for support purposes, I will add it to the node info page.

              Originally posted by Fellhahn View Post
              Aside from the logs post inclusion, is there anywhere else in the UI that can tell us the inclusion method used for a particular node?
              💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

              Comment


                #22
                Encountering a problem adding S2 devices with the beta plugin on a Linux controller. The plugin installed without incident, but thus far I've been unable to add any devices with S2 enabled (including a HS-WD200+). I get the expected prompt when including the device, but it fails when I attempt to do an authenticated include.

                From the logs:

                Code:
                Jul-22 11:51:50	 	Z-Wave Error	Error adding node using S2 security: s2crypto64
                Jul-22 11:51:50	 	Z-Wave	Waiting for device to generate key...
                Jul-22 11:51:44	 	Z-Wave	Node supports S2 UnAuthenticated mode
                Jul-22 11:51:44	 	Z-Wave	Node supports S2 Authenticated mode
                Jul-22 11:51:44	 	Z-Wave	Negotiating Security S2 for node 8
                Jul-22 11:51:44	 	Z-Wave	Synchronize nodes finished. Number of device nodes to be created/added = 1
                Jul-22 11:51:44	 	Z-Wave	HomeSeer SmartStick+: Z-Wave services for the SECURITY COMMAND CLASS were successfully started.
                Jul-22 11:51:41	 	Z-Wave	Done. Node 8 Added.
                If I scan a S2 device (HD-WD200+ in this case) I get an unhelpful error:

                Code:
                Jul-22 16:48:09	 	Z-Wave	Node 8 is a Z-Wave Plus node. Retrieving ZWPlus Info...
                Jul-22 16:48:09	 	Z-Wave	Node 8 is Z-Wave version: Lib: 4.61 App: 5.11
                Jul-22 16:48:08	 	Z-Wave	Node: 8 Controls Class(es): CENTRAL_SCENE_V3
                Jul-22 16:48:08	 	Z-Wave	Node: 8 Supports Class(es): ZWAVEPLUS_INFO_V2, VERSION, ASSOCIATION, ASSOCIATION_GRP_INFO_V2, TRANSPORT_SERVICE, MANUFACTURER_SPECIFIC, DEVICE_RESET_LOCALLY, POWERLEVEL, SWITCH_MULTILEVEL_V2, SWITCH_ALL, CONFIGURATION_V3, CENTRAL_SCENE_V3, SCENE_ACTUATOR_CONF, SCENE_ACTIVATION, SECURITY_2, SUPERVISION, FIRMWARE_UPDATE_MD
                Jul-22 16:48:08	 	Z-Wave	Attempting to Add Unsecure...
                [COLOR="Red"]Jul-22 16:48:08	 	Z-Wave	S2 Security key negotiation failed, node cannot be added using S2, will try S0 or unsecure...[/COLOR]
                Jul-22 16:48:03	 	Z-Wave	Negotiating Security S2 for node 8
                Digging into the logs a bit further, when I startup the plugin I get the following:

                Code:
                Jul-22 16:45:04	 	Z-Wave	*******************************************************************************
                Jul-22 16:45:04	 	Z-Wave	STARTUP COMPLETE: All configured interfaces were successfully initialized.
                Jul-22 16:45:04	 	Z-Wave	*******************************************************************************
                Jul-22 16:45:03	 	Z-Wave	Security S2 Support Is Enabled
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+: ......................................................................
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+: .............................. FINISHED ..............................
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+: ......................................................................
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+ is the SIS for the network.
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+ There is a SUC/SIS in the network.
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+ Controller is static lib.
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+ Controller chip type is ZW050x.
                Jul-22 16:45:03	 	Z-Wave	The interface's security support has been set.
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+: Found 7 Z-Wave nodes in interface node ID 1 (HomeSeer SmartStick+)
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+: Z-Wave interface node ID: 1, Home ID: XXXXXXXX
                Jul-22 16:45:03	 	Z-Wave	HomeSeer SmartStick+: Z-Wave Serial API version: 5
                [COLOR="Red"]Jul-22 16:45:03	 	Z-Wave Error	Exception initializing Security interface for Z-Wave: s2crypto64[/COLOR]
                Jul-22 16:45:02	 	Z-Wave	HomeSeer SmartStick+: Controller firmware version: 4.32
                Jul-22 16:45:00	 	Z-Wave	HomeSeer SmartStick+: Getting node information from controller...
                Jul-22 16:45:00	 	Z-Wave	HomeSeer SmartStick+: The Z-Wave API Execution Thread was Started or Restarted.
                Jul-22 16:45:00	 	Z-Wave	HomeSeer SmartStick+: The Z-Wave Command Execution Thread was Started or Restarted.
                Jul-22 16:45:00	 	Z-Wave	HomeSeer SmartStick+: ----------------------------------------------------------------------
                Jul-22 16:45:00	 	Z-Wave	Initializing Z-Wave interface HomeSeer SmartStick+ (HomeSeer SmartStick +) on /dev/ttyACM0
                Jul-22 16:45:00	 	Z-Wave	HomeSeer SmartStick+: ----------------------------------------------------------------------
                Jul-22 16:45:00	 	Z-Wave	HomeSeer SmartStick+: ======================================================================
                Jul-22 16:45:00	 	Z-Wave	465 Simple AV Control Command Class Control Commands have been loaded successfully.
                Jul-22 16:45:00	 	Z-Wave	0 event triggers were loaded from HomeSeer.
                Jul-22 16:45:00	 	Z-Wave	2 event actions were loaded from HomeSeer.
                Jul-22 16:45:00	 	Starting Plug-In	Plugin Z-Wave started successfully in 1179 milliseconds
                Jul-22 16:44:59	 	Z-Wave	10 total Z-Wave Data Objects loaded.
                Jul-22 16:44:59	 	Z-Wave	Network XXXXXXXX has 10 device data elements.
                Jul-22 16:44:59	 	Z-Wave	1 Networks were restored from the data in the database... Building data connections.
                Jul-22 16:44:59	 	Z-Wave	Loading Z-Wave Data Objects...
                Jul-22 16:44:59	 	Z-Wave	1 total Z-Wave Network Objects loaded.
                Jul-22 16:44:59	 	Z-Wave	Loading Z-Wave Network Objects...
                Jul-22 16:44:59	 	Z-Wave	Database: Opening (Mode=Read Only) up HomeSeer database /opt/HomeSeer/Data/Z-Wave/Z-Wave2.db
                Jul-22 16:44:58	 	Z-Wave	InitIO called, plug-in version 3.0.2.229 is being initialized...
                Jul-22 16:44:58	 	Starting Plug-In	Initializing plugin Z-Wave ...
                Jul-22 16:44:58	 	Info	Plugin Z-Wave has connected. IP:127.0.0.1:50590
                Jul-22 16:44:58	 	Plug-In	Finished initializing plug-in Z-Wave
                For reference, here are the controller details:

                Code:
                HomeSeer Version: HS3 Standard Edition 3.0.0.435
                Linux version: Linux homeseer 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux System Uptime: 21 Days 18 Hours 31 Minutes 16 Seconds
                IP Address: 10.0.110.120
                Number of Devices: 27
                Number of Events: 7
                Available Threads: 399
                HSTouch Enabled: False
                Event Threads: 0
                Event Trigger Eval Queue: 0
                Event Trigger Priority Eval Queue: 0
                Device Exec Queue: 0
                HSTouch Event Queue: 0
                Email Send Queue: 0
                Any suggestions?

                Comment


                  #23
                  Today I included two Qubino Flush 2 Relay modules into my network. Both devices exhibit the same problem of only creating a single controllable binary switch, when it should create two.

                  Click image for larger version

Name:	child_devices.jpg
Views:	2
Size:	33.3 KB
ID:	1198473

                  Further details in this comment:

                  https://forums.homeseer.com/showthre...70#post1376570

                  Comment


                    #24
                    rjh Any update on this plugin? I’ve had to revert to the mainline beta in the interim but would really like to get S2 up and running.

                    Comment


                      #25
                      It is updated to match the non S2 version. I will keep them both updated together.

                      Originally posted by LostGuy View Post
                      rjh Any update on this plugin? I’ve had to revert to the mainline beta in the interim but would really like to get S2 up and running.
                      💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

                      Comment


                        #26
                        Originally posted by rjh View Post
                        It is updated to match the non S2 version. I will keep them both updated together.
                        rjh Still seeing the same error on plugin startup running 3.0.2.234 and secure inclusions still fail. Sure seems like the plugin startup is trying to load a non-existent libs2crypto64.so.

                        Comment


                          #27
                          What hardware are you on, an SEL, Zee S2, or Windows?

                          Originally posted by LostGuy View Post

                          rjh Still seeing the same error on plugin startup running 3.0.2.234 and secure inclusions still fail. Sure seems like the plugin startup is trying to load a non-existent libs2crypto64.so.
                          💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

                          Comment


                            #28
                            Originally posted by rjh View Post
                            What hardware are you on, an SEL, Zee S2, or Windows?


                            rjh running HS3 3.0.0.435 on Debian 9.5; whitebox hardware.

                            uname -a : Linux homeseer 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux

                            More details and logs in Post #22 of this thread.
                            Last edited by LostGuy; September 5, 2018, 08:52 PM.

                            Comment


                              #29
                              I see that its not working on non Arm processors, so I will look into it but cannot give a time frame on it right now.

                              Originally posted by LostGuy View Post

                              rjh running HS3 3.0.0.435 on Debian 9.5; whitebox hardware.

                              uname -a : Linux homeseer 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux

                              More details and logs in Post #22 of this thread.
                              💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

                              Comment


                                #30
                                Ok, it was a library issue and appears to be working now, although I only tried it on 32 bit X86 Linux. Right now we don't have a way for the plugins page to detect different system types so there are 2 Z-Wave Linux plugins in the Beta section, one labeled "Arm" and one "X86". So install the X86 one and see if devices add ok.

                                Originally posted by LostGuy View Post

                                rjh running HS3 3.0.0.435 on Debian 9.5; whitebox hardware.

                                uname -a : Linux homeseer 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux

                                More details and logs in Post #22 of this thread.
                                💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

                                Comment

                                Working...
                                X