FHEM/fhem-mirror
2
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-04-20 13:26:02 +00:00
Code Issues Releases Wiki Activity

10_ZWave.pm: security Changes by Andreas (Forum #38587)

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk@10509 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
rudolfkoenig 2016-01-15 08:55:51 +00:00
parent da01961819
commit 47c5c50d46
1 changed files with 23 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
fhem/FHEM/10_ZWave.pm
View File

@ -419,14 +419,13 @@ my %zwave_class = (
AV_RENDERER_STATUS => { id => '96' }, AV_RENDERER_STATUS => { id => '96' },
AV_CONTENT_SEARCH_MD => { id => '97' }, AV_CONTENT_SEARCH_MD => { id => '97' },
SECURITY => { id => '98', SECURITY => { id => '98',
set => { "secScheme" => 'ZWave_sec($hash, "0400")', set => { "secScheme" => 'ZWave_sec($hash, "0400")',
"sendNonce" => 'ZWave_secCreateNonce($hash)', "secNonce" => 'ZWave_secCreateNonce($hash)',
"secEnd" => 'ZWave_secEnd($hash)', "secNonceReport" => 'ZWave_sec($hash, "40")',
"secEncap" => 'ZWave_sec($hash, "%s")' }, "secSupportedReport" => 'ZWave_sec($hash, "02")',
get => { "secSupported" => 'ZWave_sec($hash, "02")' , "secEncap" => 'ZWave_sec($hash, "%s")' },
"secNonce" => 'ZWave_sec($hash, "40")'}, parse => { "..9803(.*)" => 'ZWave_secSupported($hash, $1)',
parse => { "..9803(.*)" => 'ZWave_secSupported($hash, $1)', "..9805(.*)" => 'ZWave_secInit($hash, $1)',
"..9805(.*)" => 'ZWave_secInit($hash, $1)', # secScheme
"..9807" => 'ZWave_secNetWorkKeyVerify($hash)', "..9807" => 'ZWave_secNetWorkKeyVerify($hash)',
"..9840" => 'ZWave_secNonceRequestReceived($hash)', "..9840" => 'ZWave_secNonceRequestReceived($hash)',
"..9880(.*)" => 'ZWave_secNonceReceived($hash, $1)', "..9880(.*)" => 'ZWave_secNonceReceived($hash, $1)',
@ -448,10 +447,10 @@ my %zwave_class = (
my %zwave_quietCmds = ( my %zwave_quietCmds = (
secScheme=>1, secScheme=>1,
sendNonce=>1, secNonce=>1,
secEncap=>1, secEncap=>1,
secNonce=>1 secNonceReport=>1
); );
my %zwave_cmdArgs = ( my %zwave_cmdArgs = (
@ -802,10 +801,10 @@ ZWave_Cmd($$@)
#check message here for needed encryption (SECURITY) #check message here for needed encryption (SECURITY)
if(ZWave_secIsSecureClass($hash, $cc_cmd)) { if(ZWave_secIsSecureClass($hash, $cc_cmd)) {
ZWave_secStart($hash); ZWave_secStart($hash);
# message stored in reading, will be processed when nonce arrives # message stored in hash, will be processed when nonce arrives
my $cmd2 = "$type $name $cmd ".join(" ", @a); my $cmd2 = "$type $name $cmd ".join(" ", @a);
ZWave_secPutMsg($hash, $cc_cmd . $payload, $cmd2); ZWave_secPutMsg($hash, $cc_cmd . $payload, $cmd2);
return ZWave_Cmd("get", $hash, $name, "secNonce"); return ZWave_Cmd("set", $hash, $name, "secNonceReport");
} }
} }
@ -2315,7 +2314,7 @@ ZWave_secInit(@)
ZWave_Cmd("set", $hash, $name, "secScheme"); ZWave_Cmd("set", $hash, $name, "secScheme");
return ""; # not evaluated return ""; # not evaluated
} elsif($status == 2) { } elsif($status == 2) {
ZWave_Cmd("get", $hash, $name, "secNonce"); ZWave_Cmd("set", $hash, $name, "secNonceReport");
return undef; return undef;
} else { } else {
Log3 $name, 5, "$name: secureInit called with invalid status"; Log3 $name, 5, "$name: secureInit called with invalid status";
@ -2573,7 +2572,7 @@ ZWave_secNonceRequestReceived ($)
return; return;
} }
ZWave_secStart($hash); ZWave_secStart($hash);
return ZWave_Cmd("set", $hash, $hash->{NAME}, "sendNonce"); return ZWave_Cmd("set", $hash, $hash->{NAME}, "secNonce");
} }
sub sub
@ -2633,7 +2632,7 @@ ZWave_secNetWorkKeyVerify ($)
delete $hash->{networkkeyTimer}; delete $hash->{networkkeyTimer};
readingsSingleUpdate($hash, "SECURITY", 'ENABLED', 0); readingsSingleUpdate($hash, "SECURITY", 'ENABLED', 0);
Log3 $name, 3, "$name: SECURITY enabled, networkkey was verified"; Log3 $name, 3, "$name: SECURITY enabled, networkkey was verified";
ZWave_Cmd("get", $hash, $name, ("secSupported")); ZWave_Cmd("set", $hash, $name, ("secSupportedReport"));
} }
sub sub
@ -2791,7 +2790,7 @@ ZWave_secDecrypt($$$)
} }
if ($newnonce == 1) { if ($newnonce == 1) {
ZWave_Cmd("set", $hash, $hash->{NAME}, "sendNonce"); ZWave_Cmd("set", $hash, $hash->{NAME}, "secNonce");
} }
return ""; return "";
@ -3773,9 +3772,12 @@ s2Hex($)
<li>secScheme<br> <li>secScheme<br>
(internaly used to) set the security scheme '00' (internaly used to) set the security scheme '00'
</li> </li>
<li>sendNonce<br> <li>secNonce<br>
(internaly used to) send a security NONCE to the device (internaly used to) send a security NONCE to the device
</li> </li>
<li>secNonceReport<br>
(internaly used to) request a security NONCE from the device
</li>
<li>secEncap<br> <li>secEncap<br>
(internaly used to) send an encrypted message to the device (internaly used to) send an encrypted message to the device
</li> </li>
@ -4070,13 +4072,10 @@ s2Hex($)
</li> </li>
<br><br><b>Class SECURITY</b> <br><br><b>Class SECURITY</b>
<li>secSupported<br> <li>secSupportedReport<br>
(internaly used to) request the command classes that are supported (internaly used to) request the command classes that are supported
with SECURITY with SECURITY
</li> </li>
<li>secNonce<br>
(internaly used to) request a security NONCE from the device
</li>
<li>secEncap<br> <li>secEncap<br>
(internaly used to) send an encrypted message to the device (internaly used to) send an encrypted message to the device
</li> </li>
@ -4203,9 +4202,9 @@ s2Hex($)
class names (capital letters). class names (capital letters).
</li> </li>
<li><a href="#secure_classes">secure_classes</a> <li><a href="#secure_classes">secure_classes</a>
This attribute is the result of the "get DEVICE secSupported" command. It This attribute is the result of the "set DEVICE secSupportedReport"
contains a space seperated list of the the command classes that are command. It contains a space seperated list of the the command classes
supported with SECURITY. that are supported with SECURITY.
</li> </li>
<li><a href="#vclasses">vclasses</a> <li><a href="#vclasses">vclasses</a>
This is the result of the "set DEVICE versionClassRequest" command, and This is the result of the "set DEVICE versionClassRequest" command, and