Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[knx] support for KNX secure #8872

Open
5 of 7 tasks
holgerfriedrich opened this issue Oct 26, 2020 · 21 comments
Open
5 of 7 tasks

[knx] support for KNX secure #8872

holgerfriedrich opened this issue Oct 26, 2020 · 21 comments
Assignees
Labels
enhancement An enhancement or new feature for an existing add-on help wanted

Comments

@holgerfriedrich
Copy link
Member

holgerfriedrich commented Oct 26, 2020

  1. [open] Support for KNX data secure packets shall be added to OpenHAB.
    Reading and writing authenticated KNX packets should be possible.
  2. [done] Support for KNX IP secure shall be added to OpenHAB.
    Using an encrypted connection to a IP secure interface or an IP secure router shall be possible.

Calimero library seems to have all the necessary prerequisites at hand in latest version (2.5M1).
The process includes exporting an encrypted keyring from ETS software, decrypt it using the Calimero library functions in the OH knx binding, and use the corresponding group address keys from the keyring file.

Prerequesites

  • Calimero -> Java 11
  • Calimero -> Calimero version >=2.5M1

Suggested Approach

@holgerfriedrich holgerfriedrich added the enhancement An enhancement or new feature for an existing add-on label Oct 26, 2020
@holgerfriedrich
Copy link
Member Author

I have already been playing around with this and willing to implement. If anyone is already working on this topic or wants to give some advice, it would be appreciated.

holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Oct 26, 2020
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install)
  (to be replaced once a release is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Oct 31, 2020
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install)
  (to be replaced once a release is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder, SAL required modification
  of Calimero lib

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
@J-N-K
Copy link
Member

J-N-K commented Nov 12, 2020

If there is no immediate need (i.e. bugs or security issues), we usually don't use snapshots of dependencies. Do you happen to know when Calimero 2.5 will be released? And thanks for the offer to implement that.

@holgerfriedrich
Copy link
Member Author

@J-N-K thanks for letting me know. My PR is still WIP and far from finished. Decrypting secure PDUs using the exported keyring from ETS works fine with the Calimero snapshot.
The more complicated thing is to setup a secure device needed for transmitting secure messages from openhab to other devices on the bus. I was not able to get this implemented properly yet.
Once it is running, I will contact the author.

@J-N-K
Copy link
Member

J-N-K commented Nov 12, 2020

If you need help regarding the openHAB side, please ping me.

holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Dec 8, 2020
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install)
  (to be replaced once a release is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder, SAL required modification
  of Calimero lib

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Dec 8, 2020
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install)
  (to be replaced once a release is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder, SAL required modification
  of Calimero lib

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Dec 8, 2020
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install)
  (to be replaced once a release is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder, SAL required modification
  of Calimero lib

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 21, 2021
* use Calimero library in latest version 2.5-M1  (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
@holgerfriedrich holgerfriedrich self-assigned this Mar 21, 2021
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 21, 2021
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 21, 2021
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 21, 2021
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 21, 2021
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 21, 2021
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 21, 2021
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 21, 2021
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
@scholzi100
Copy link

scholzi100 commented Mar 30, 2021

Looks like Calimero got a milestone release ready. Following a release candidate some what soon. (Ref)

@openhab-bot
Copy link
Collaborator

This issue has been mentioned on openHAB Community. There might be relevant details there:

https://community.openhab.org/t/enable-knx-binding-to-use-knx-ip-secure/13785/4

holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Apr 30, 2021
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder
* build for OH 302 and 31x

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue May 1, 2021
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder
* build for OH 302 and 31x

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Dec 12, 2021
* add config options for keyring file(s) and password(s)
* add initial support for reading secure traffic
* add tests for security functions

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Dec 12, 2021
* add config options for keyring file(s) and password(s)
* add initial support for reading secure traffic
* add tests for security functions

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Jan 26, 2022
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available)
* add config options for keyring file(s) and password(s)
* add tests for security functions
* TODO replace ProcessCommunicationResponder
* build for OH 302 and 31x

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Feb 16, 2022
* add support for KNX IP Secure, new options SECURETUNNEL and SECUREROUTER
* add config options for keyring file and password, and credentials for
  secure connections
* add passive (listening only) access for KNX data secure frames
* add tests for security functions
* add useCEMI option for newer serial devices like KNX RF sticks,
  kBerry, etc.
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
@holgerfriedrich holgerfriedrich changed the title [knx] support KNX data secure for OH3 [knx] support for KNX secure Feb 16, 2022
@holgerfriedrich
Copy link
Member Author

I have put together a version which actually supports IP secure, i.e. secure tunneling (tested) and secure routing (untested).
Data secure is working only passive (i.e. it can decrypt any received message, but not send successfully).
Documentation can be found here:
https://github.com/holgerfriedrich/openhab-addons/tree/pr-knx-data-secure/bundles/org.openhab.binding.knx#knx-secure
Precompiled plugin for 3.2 and 3.3.x can be downloaded here:
https://github.com/holgerfriedrich/openhab-addons/actions?query=event%3Apush+branch%3Apr-knx-data-secure

I could need help testing this, especially the secure routing feature as I do not have a secure router at hand.
Event though the data secure write access seems to be still a way to go, I would try to get this merged, as the IP secure topic is a real benefit.

WDYT?

holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Jan 28, 2023
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
psmedley pushed a commit to psmedley/openhab-addons that referenced this issue Feb 23, 2023
* [knx] Add support for KNX IP Secure

* add support for KNX IP Secure, new options SECURETUNNEL and
  SECUREROUTER, refers to openhab#8872
* add config options for credentials for secure connections
* update user documentation
* add test cases

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
nemerdaud pushed a commit to nemerdaud/openhab-addons that referenced this issue Feb 28, 2023
* [knx] Add support for KNX IP Secure

* add support for KNX IP Secure, new options SECURETUNNEL and
  SECUREROUTER, refers to openhab#8872
* add config options for credentials for secure connections
* update user documentation
* add test cases

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 17, 2023
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue May 4, 2023
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
@openhab-bot
Copy link
Collaborator

This issue has been mentioned on openHAB Community. There might be relevant details there:

https://community.openhab.org/t/ipsecure-router-knx-binding-online-until-i-enable-another-thing/146894/5

holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Jun 27, 2023
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Jul 27, 2023
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Oct 22, 2023
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Dec 16, 2023
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Dec 20, 2023
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Dec 22, 2023
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Jan 2, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Jan 26, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Feb 14, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Feb 25, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 17, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Mar 31, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Apr 1, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Apr 26, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue May 20, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue May 25, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Jun 30, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Jul 7, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Aug 20, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Sep 15, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
holgerfriedrich added a commit to holgerfriedrich/openhab-addons that referenced this issue Sep 15, 2024
* add passive (listening only) access for KNX Data Secure frames, openhab#8872
* add config options for KNX keyring file and password
* ease setup if IP Secure, as required parameters can be read from keyring
* add tests for security functions
* update user documentation

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
@florian-h05
Copy link
Contributor

@holgerfriedrich Do you think you can implement data secure write and triggered read for openHAB 5?

@holgerfriedrich
Copy link
Member Author

Hopefully. I do not know what is going on. I had the feeling that it once worked at least partially - a long time ago. Could not make it work on my current setup.

I will need more time to dig into this. Specs are still not publicly available. Maybe I need to create a minimal example just with Calimero.

Could need some help :-)

@florian-h05
Copy link
Contributor

Thanks for the update — does Calimero itself support data secure write and triggered read?

Wrt to help: Unfortunately I have no data secure setup available for testing, but I could help with reviewing code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement An enhancement or new feature for an existing add-on help wanted
Projects
None yet
Development

No branches or pull requests

7 participants