DolphinV4 API  1.6.1.0
Security

The ERP2 includes several security mechanisms. Telegram data can be encrypted and authenticated. These mechanisms avoid telegram eavesdropping and replay attacks. Sender and receiver agree on the details of the security communication within a special teach-in mode. The secure protocol is described in detail under http://www.enocean.com/en/knowledge-base/. The module sec implements data structures and the algorithms necessary to manage encryption/decryption, telegram authentication and rolling code management.

Two radio structures that transport secure-related information.

Security message
This telegram is sent in operation mode, once the secure protocol has been established by a teach-in message.

RORG-S DATA RLC CMAC SOURCE ID STATUS
  • RORG-S [8 bits] Secure (S) message R-ORG identification. Its code is RADIO_CHOICE_SEC or RADIO_CHOICE_SEC_ENCAPS.
  • DATA Encrypted telegram DATA + telegram OPTIONAL DATA
  • RLC [0/16/24 bits] Current rolling code in the sender.
  • CMAC [0/24/32 bits] Cipher message authentication code.

The functions in the misc module functions misc_radio2ToMessage and misc_messageToRadio2 implement the transformation from messages to telegrams and vice versa. You can see how this is done an example in Security example

Note:
The length of DATA + RLC + CMAC cannot exceed the 36 bytes. If DESTINATION ID is sent then the maximum length is limited to 32 bytes

Teach-in message
Establishes the rules for the secure protocol between sender and receiver.

RORG-TS TEACH_IN_INFO SLF RLC KEY
  • RORG-TS [8 bits] Secure (S) teach-in message R-ORG identification. Its code is RADIO_CHOICE_SEC_TI.
  • TEACH_IN_INFO [8 bits] Information about teach-in telelegram itself.
  • SLF [8 bits] Security Layer Format. Specifies the secure protocol communication that will be established in operation mode: rolling code field length, CMAC length, encryption algorithm
  • RLC [0/16/24 bits] Current Rolling Code in the sender to synchronise the receiver.

  • KEY [=128 bits] Sender private key.

    More detailed information about the security protocol can be read under http://www.enocean.com/en/knowledge-base/