I'm using the MESH SDK 4.2.0 on a nrf52832 in combination with the Serialization interface (ACI) example We'd like to implement the key-Refresh cycle and are planning on the following sequence: Phase 0 => 1: dsm_subnet_update() (SERIAL_OPCODE_CMD_MESH_SUBNET_UPDATE).[optional] dsm_appkey_update() (SERIAL_OPCODE_CMD_MESH_APPKEY_UPDATE) Phase 1 => 2: dsm_subnet_update_swap_keys() (???) Phase 2(3)=> 0: dsm_subnet_update_commit() (???) There's an APIs for the first step, but I do not see a way to execute step 2 and 3 without adding an API: are these missing? Thanks, Dirk

Hi, There aren't any APIs for that. Those extra commands from 2) and 3) are not needed. You are able to acheive the same effect by letting the PyACI send a config client message KEy Refresh Phase Set to the config server on the connected serial device.

This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

MESH key refresh support in the Serialization interface (ACI)

dbuijsma over 5 years ago

I'm using the MESH SDK 4.2.0 on a nrf52832 in combination with the Serialization interface (ACI) example

We'd like to implement the key-Refresh cycle and are planning on the following sequence:

Phase 0 => 1: dsm_subnet_update() (SERIAL_OPCODE_CMD_MESH_SUBNET_UPDATE).[optional] dsm_appkey_update() (SERIAL_OPCODE_CMD_MESH_APPKEY_UPDATE)
Phase 1 => 2: dsm_subnet_update_swap_keys() (???)
Phase 2(3)=> 0: dsm_subnet_update_commit() (???)

There's an APIs for the first step, but I do not see a way to execute step 2 and 3 without adding an API: are these missing?

Thanks,

Dirk

Top Replies

0 dbuijsma over 5 years ago in reply to Mttrinh

Let me clarify, because we're now talking about different things. SERIAL_OPCODE_... target the device itself, and as you mention above, the config client messages (CONFIG_OPCODE_...) target any node which has been successfully provisioned, including the device itself.

You mention in your first reply that there's no SERIAL API for starting a key refresh phase because you can achieve the same by using the config client's CONFIG_OPCODE_KEY_REFRESH_PHASE_SET. That makes sense to me.

However, by that logic, there's no reason for the existence of SERIAL_OPCODE_CMD_MESH_APPKEY_ADD or SERIAL_OPCODE_CMD_MESH_SUBNET_UPDATE either: you can simply use the config client after the serial-example provisions itself.

My question is: why do those serial APIs exist? The way the SERIAL API is currently implemented seems inconsistent:

- SERIAL_OPCODE_CMD_MESH_APPKEY_UPDATE exists, even though we could use CONFIG_OPCODE_APPKEY_UPDATE to update our own appkey. The same is true for APPKEY_ADD: there's does appear to be a need for a separate SERIAL API

- For setting the Key Refresh Phase, there's no SERIAL API and we have to use the config client's CONFIG_OPCODE_KEY_REFRESH_PHASE_SET. Again, this makes sense to me after you pointed that out in your first reply.

Thanks!

Dirk
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mttrinh over 5 years ago in reply to dbuijsma

Hi,

We provided serial APIs only for those function which are essential for the Gateway type devices. For functions where a serial API don't exist, you can add this on your own, or use the config client(on the PyACI) and server models(on the serial device) to configure specific functionality of the gateway node itself.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 dbuijsma over 5 years ago in reply to Mttrinh

Ok, gotcha. I wanted to make sure I'm not missing something. Thanks for your patience!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel