Z-Wave S2 Security Work

(dbadia) #1

Starting a new discussion for this work. Been reading through the documentation to get familiar with the S2 spec and getting acclimated with the OH2 Zwave codebase.

@chris I see this note in the class javadoc of CommandClassSecurityV1:
Note that this code is autogenerated. Manual changes may be overwritten.

Do you have a tool that generates code/template from the C headers in the
Device and Command Class Types and Defines Specification ?

Or is that just wishful thinking? :grinning:


Z-Wave "Z-Shave" Vulnerability
Z-Wave S2?
(dbadia) #2

Update: my work on the S2 + Smart Start is going well, I almost to the point where I am ready to do some basic testing. But, I need to put this work on hold temporarily to give attention to the Lowes Iris shutdown work. Once I make some headway there I will resume this work.

1 Like

(dbadia) #3

Update and future plans for the S2 security work


  1. Implement base S2 spec in code - DONE
  2. Alpha testing of S2 logic with ZLink ZL-PA-100 Plug Switch - In Progress
  3. Alpha regression testing of S0 logic
  4. Publish build for public beta testing

Help Wanted
Not ready for beta testing yet, but here is a list of areas that need attention

  1. GUI work - S2 includes device authentication during the inclusion process. This requires that, in the middle of the pairing process, the zwave binging needs to trigger the UI (basicUI, habmin, etc) to prompt the user to input (or scan a QR code) the number printed on the device. I’m not familiar with the OH GUIs at all so could use some help exploring if this is currently possible or what it would take to implement this
  2. A Java 8 compatible implementation of AES CTR_DBRG. Background: Java 8 does not natively support AES CTR_DBRG, but Java 9+ does. Currently this means that, when testing the S2 branch the code must be run under Java 9+. OH supports Java 8, so we need to find a compatible AES CTR_DBRG implementation before publishing/merging