Create support for knx-ip secure

thelsing / knx

knx stack (TP, IP and RF) for arduino and linux, Can be configured with ETS

GNU General Public License v3.0

270 stars 95 forks source link

Create support for knx-ip secure #10

Open thelsing opened 5 years ago

nanosonde commented 4 years ago

Crypto stuff required:

~~AES CBC MAC~~ (already there due to data secure)
PBKDF2-HMAC-SHA256: candidate: https://github.com/monolifed/pbkdf2-hmac-sha256/
Elliptic curve 25519

nanosonde commented 2 years ago

Two existing implementations:

JS: https://github.com/Supergiovane/node-red-contrib-knx-ultimate/blob/master/KNXEngine/protocol/KNXSecureSessionRequest.js

JAVA: https://github.com/calimero-project/calimero-core/blob/master/src/tuwien/auto/calimero/knxnetip/SecureSessionUdp.java

nanosonde commented 2 years ago

Another implementation in Python: https://github.com/XKNX/xknx/pull/875/files

farmio commented 1 year ago

Hi 👋! Since there is no support for Tunnelling at all currently, you may be more interested in Secure Routing. You can find a Python implementation here: https://github.com/XKNX/xknx/blob/5fa7f8b8712ef3c9631fc2617fa0a0996bf9656c/xknx/io/ip_secure.py#L388 This doesn't need Elliptic curve or PBKDF2-HMAC-SHA256 iirc 😃

Note: In xknx we don't expect to have a way to permanently store data, so we refrained from storing the latest timer value and just synchronise to other devices on startup.

nanosonde commented 1 year ago

xknx now has data secure support: https://github.com/XKNX/xknx/blob/main/xknx/secure/data_secure.py