• State Verified Answer
  • Replies 35 replies
  • Subscribers 64 subscribers
  • Views 6645 views
  • Users 0 members are here
Attachments (10) Download All
Nordic Case Info
  • Case ID: 265682
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

[ZIGBEE] Doesn't receive "Transport Key" in rejoining.

_maibi

SDK: 4.1.0

CHIP: nRF52840

ROLE: sleepy zed

GATEWAY: third party ember stack

old question

old story: 

- Issue: Doesn't update network key - 4.6.3.4 Network Key Update in zigbee spec.

- The current procedure of updating network key:

1) The gateway periodically changes the network key.

2) After changing the network key, The gateway doesn't receive the message encrypted with old key from the zed.

3) The zed doesn't receive APS ACK to the period request.

4) Since zed does not receive a response, it assumes that the network key has changed.

5) The zed request the rejoin message without encryption.

6) The gateway accepts unsecured rejoin .

7) The gateway send "Transport Key" encrypted with ZB_STANDARD_TC_KEY which is the same as when joining.

8) The zed processes this message and updates the network key.

It is the procedure of updating the network key has the gateway.

I has succeed until "5) requesting unsecured rejoining".

so, I received "Transport Key" encrypted with ZB_STANDARD_TC_KEY.

However, the zed does nothing. It doesn't even seem to be decryption of "Transport Key" message.

I watched the functions "nrf_802154_received_timestamp_raw" it was called and "hw_aes128" it wasn't called.

7140.pairing.pcapng

this is pairing procedure.

5722.0303-4.pcapng

this is rejoining procedure.

there are keys for pcap.

ZB_STANDARD_TC_KEY 

5A:69:67:42:65:65:41:6C:6C:69:61:6E:63:65:30:39

Current Gateway key - not necessary

7F:94:FE:28:95:41:48:83:F9:16:F2:2D:8D:4B:78:97

How can I reach the goal?

1) If I terminate the old key, Does the zed receive "Transport Key" message?

2) How can I get or delete the network keys? I can't find the related api.

I already use "zb_bdb_reset_via_local_action" function to erase all parameter. I wants to terminate only network key to rejoining the network.

3) I uses IAS zone cluster. Is it related on this issue? I found the post.

"The reason the Elko PIR sensor does not retrieve the key is because it uses a cluster called IAS Zone, which gives extra security for the device, and has an extra step in the commissioning process." what is meaning? Why is IAS ZONE CLUSTER related to zigbee network security?

4) I found zigbee spec "4.7.3.10.2 Sleepy Devices" of rejoining procedure in sleepy device. 
It is correct that i understood the procedure of rejoining. Is this legacy role? or not?
if yes, should I call "zb_set_network_ed_role_legacy" instead of "zb_set_network_ed_role"?
currently, I started rejoining procedure below the code inside the function "zigbee_default_signal_handler".
.
case ZB_ZDO_SIGNAL_SKIP_STARTUP: {
    /* At this point Zigbee stack:
     *  - Initialized the scheduler.
     *  - Initialized and read NVRAM configuration.
     *  - Initialized all stack-related global variables.
     *
     * Next step: perform BDB initialization procedure (see BDB specification section 7.1).
     */
    m_stack_initialised = ZB_TRUE;
    zb_disable_nwk_security();
    DEBUG_PRINTF("Zigbee stack initialized\n");
    DEBUG_PRINTF("bdb_start_top_level_commissioning\n");
    zb_secur_set_tc_rejoin_enabled(ZB_TRUE);
    comm_status = bdb_start_top_level_commissioning(
        // ZB_BDB_INITIALIZATION | ZB_BDB_TOUCHLINK_TARGET | ZB_BDB_REJOIN
        ZB_BDB_INITIALIZATION
        );
    DEBUG_PRINTF("initialized zb_bdb_is_factory_new(): %d\r\n", zb_bdb_is_factory_new());
    /* WORKAROUND for the ZOI-297: unlock the device's address on ZEDs to fix assertion upon leave request. */
    zb_address_ieee_ref_t addr_ref;
    /* Unlock our address: it will be locked at rejoin confirm */
    if (zb_address_by_short(ZB_PIBCACHE_NETWORK_ADDRESS(), ZB_FALSE, ZB_FALSE, &addr_ref) == RET_OK) {
        zb_address_unlock(addr_ref);
    }
} break;
without calling "zb_disable_nwk_security" function, the zed doesn't success rejoining the network.
  • 0

    Any update on this issue? The project is being delayed a lot, so it is an urgent situation.

  • 0

    0304pair.pcapng

    I have compared the procedures of pairing and rejoining.

    There are some differences of these.

    Pairing: 

    The zed broadcasts The Device Announcement twice which one is plain text without encryption of network layer.

    The another after The Transport Key broadcast with encryption of network layer.

    Rejoining:

    The zed broadcasts The Device Announcement only one time which one is plain text without encryption of network layer.

    I thinks it is possible related on turning on and off security with "zb_disable_nwk_security" and  "zb_enable_nwk_security". I currently have used these function to rejoin the network without security.

    I however have no option other than insecure rejoining.  --> EDIT: I thinks again it is not related cause the procedure of pairing has same turning on and off. 

    I hope additional information is helpful.

  • 0

    I wants to debug zboss trace with win_com_dump.exe. Where is this program? I find a repository. It however doesn't work for me. I used this command ```win_com_dump \\.\COM3 trace.log traf.dump``` which didn't write log file at all.

    <info> app_timer: RTC: initialized.
<info> zboss:  DE AD 0A 02 01 00 00 00|........
<info> zboss:  77 00 6A 01 DE AD 26 02|w.j...&.
<info> zboss:  01 00 01 00 77 00 72 01|....w.r.
<info> zboss:  88 0B 00 00 C4 00 00 00|........
<info> zboss:  10 00 00 00 08 02 00 00|........
<info> zboss:  E8 01 00 00 98 01 00 00|........
<info> zboss:  28 02 00 00 DE AD 0E 02|(.......
<info> zboss:  01 00 02 00 77 00 73 01|....w.s.
<info> zboss:  01 00 00 00 DE AD 0E 02|........
<info> zboss:  01 00 03 00 77 00 75 01|....w.u.
<info> zboss:  9C 02 00 00 DE AD 0E 02|........
<info> zboss:  01 00 04 00 77 00 7B 01|....w.{.
<info> zboss:  4C 00 00 00 DE AD 0E 02|L.......
<info> zboss:  01 00 05 00 77 00 88 01|....w...
<info> zboss:  30 00 00 00 DE AD 12 02|0.......
<info> zboss:  01 00 06 00 77 00 8B 01|....w...
<info> zboss:  38 02 00 00 34 01 00 00|8...4...
<info> zboss:  DE AD 0E 02 01 00 07 00|........
<info> zboss:  77 00 8F 01 00 00 00 00|w.......
<info> zboss:  DE AD 22 02 01 00 08 00|..".....
<info> zboss:  77 00 9A 01 30 00 00 00|w...0...
<info> zboss:  18 00 00 00 00 00 00 00|........
<info> zboss:  20 00 00 00 0C 00 00 00| .......
<info> zboss:  12 00 00 00 DE AD 1E 02|........
<info> zboss:  01 00 09 00 77 00 AE 01|....w...
<info> zboss:  04 00 00 00 C8 00 00 00|........
<info> zboss:  20 00 00 00 00 00 00 00| .......
<info> zboss:  20 00 00 00 DE AD 0E 02| .......
<info> zboss:  01 00 0A 00 90 0C 47 01|......G.
<info> zboss:  01 00 00 00 DE AD 0A 02|........
<info> zboss:  01 00 0B 00 20 08 38 01|.... .8.
<info> zboss:  DE AD 0A 02 01 00 0C 00|........
<info> zboss:  20 08 38 01 DE AD 12 02| .8.....
<info> zboss:  01 00 0D 00 1A 08 60 01|......`.
<info> zboss:  01 01 00 00 01 00 00 00|........
<info> zboss:  DE AD 12 02 01 00 0E 00|........
<info> zboss:  1A 08 75 01 01 01 00 00|..u.....
<info> zboss:  01 00 00 00 DE AD 12 02|........
<info> zboss:  01 00 0F 00 1A 08 60 01|......`.
<info> zboss:  01 01 00 00 01 00 00 00|........
<info> zboss:  DE AD 12 02 01 00 10 00|........
<info> zboss:  1A 08 75 01 01 01 00 00|..u.....
<info> zboss:  01 00 00 00 DE AD 0A 02|........
<info> zboss:  01 00 11 00 2B 08 18 01|....+...
<info> zboss:  DE AD 0A 02 01 00 12 00|........
<info> zboss:  2B 08 6E 02 DE AD 1E 02|+.n.....
<info> zboss:  01 00 13 00 A7 F8 13 01|........
<info> zboss:  02 00 00 00 01 00 00 00|........
<info> zboss:  01 00 00 00 01 00 00 00|........
<info> zboss:  00 00 00 00 DE AD 0E 02|........
<info> zboss:  09 00 14 00 2B 08 07 08|....+...
<info> zboss:  01 00 00 00 DE AD 1E 02|........
<info> zboss:  09 00 15 00 A7 F8 13 01|........
<info> zboss:  02 00 00 00 01 00 00 00|........
<info> zboss:  01 00 00 00 01 00 00 00|........
<info> zboss:  00 00 00 00 DE AD 16 02|........
<info> zboss:  0F 00 16 00 26 01 D6 08|....&...
<info> zboss:  00 00 00 00 19 00 00 00|........
<info> zboss:  14 00 00 00 DE AD 16 81|........
<info> zboss:  0F 00 03 0A 00 19 17 00|........
<info> zboss:  00 00 03 08 54 FF FF FF|....T...
<info> zboss:  FF 07 00 80 DE AD 28 01|......(.
<info> zboss:  14 00 03 1C 00 19 17 00|........
<info> zboss:  00 00 00 80 5D 46 F7 00|....]F..
<info> zboss:  00 FF 4F 00 00 00 22 84|..O...".
<info> zboss:  F7 36 09 8C B9 BA E2 87|.6......
<info> zboss:  FF FF FF 06 B6 A6 DE AD|........
<info> zboss:  16 02 30 00 17 00 26 01|..0...&.
<info> zboss:  D6 08 00 00 00 00 19 00|........
<info> zboss:  00 00 14 00 00 00 DE AD|........
<info> zboss:  16 02 30 00 18 00 26 01|..0...&.
<info> zboss:  D6 08 00 00 00 00 19 00|........
<info> zboss:  00 00 14 00 00 00 DE AD|........
<info> zboss:  31 81 30 00 03 25 00 19|1.0..%..
<info> zboss:  19 00 00 00 61 88 55 46|....a.UF
<info> zboss:  F7 00 00 FC 1C 09 18 00|........
<info> zboss:  00 FC 1C 01 00 16 76 2D|......v-
<info> zboss:  04 00 6F 0D 00 17 F5 CA|..o.....
<info> zboss:  FE AD 36 CE F4 06 80 00|..6.....
<info> zboss:  80 DE AD 11 01 30 00 03|.....0..
<info> zboss:  05 00 19 19 00 00 00 02|........
<info> zboss:  00 55 00 80 DE AD 18 81|.U......
<info> zboss:  50 00 03 0C 00 19 19 00|P.......
<info> zboss:  00 00 63 88 56 46 F7 00|..c.VF..
<info> zboss:  00 FC 1C 04 00 80 DE AD|........
<info> zboss:  11 01 50 00 03 05 00 19|..P.....
<info> zboss:  19 00 00 00 12 00 56 00|......V.
<info> zboss:  80 DE AD 33 01 50 00 03|...3.P..
<info> zboss:  27 00 19 19 00 00 00 71|'......q
<info> zboss:  88 6E 46 F7 FC 1C 00 00|.nF.....
<info> zboss:  09 18 FC 1C 00 00 01 EE|........
<info> zboss:  17 F5 CA FE AD 36 CE F4|.....6..
<info> zboss:  16 76 2D 04 00 6F 0D 00|.v-..o..
<info> zboss:  07 FC 1C 00 B5 A6 DE AD|........
<info> zboss:  11 81 50 00 03 05 00 19|..P.....
<info> zboss:  19 00 00 00 02 00 6E 00|......n.
<info> zboss:  80 DE AD 1A 02 51 00 19|.....Q..
<info> zboss:  00 2B 08 79 06 00 00 00|.+.y....
<info> zboss:  00 FC 1C 00 00 19 00 00|........
<info> zboss:  00 01 00 00 00 DE AD 12|........
<info> zboss:  02 51 00 1A 00 2B 08 7A|.Q...+.z
<info> zboss:  06 F7 36 09 8C B9 BA E2|..6.....
<info> zboss:  87 DE AD 3B 81 51 00 03|...;.Q..
<info> zboss:  2F 00 19 1B 00 00 00 61|/......a
<info> zboss:  88 57 46 F7 00 00 FC 1C|.WF.....
<info> zboss:  08 10 FD FF FC 1C 1E 01|........
<info> zboss:  17 F5 CA FE AD 36 CE F4|.....6..
<info> zboss:  08 00 13 00 00 00 00 24|.......$
<info> zboss:  01 FC 1C 17 F5 CA FE AD|........
<info> zboss:  36 CE F4 80 00 80 DE AD|6.......
<info> zboss:  11 01 51 00 03 05 00 19|..Q.....
<info> zboss:  1B 00 00 00 12 00 57 00|......W.
<info> zboss:  80 DE AD 12 02 51 00 1B|.....Q..
<info> zboss:  00 A7 F8 CA 01 06 00 00|........
<info> zboss:  00 00 00 00 00 DE AD 16|........
<info> zboss:  02 51 00 1C 00 2B 08 43|.Q...+.C
<info> zboss:  04 05 00 00 00 00 00 00|........
<info> zboss:  00 06 00 00 00 DE AD 44|.......D
<info> zboss:  81 57 00 03 38 00 19 1D|.W..8...
<info> zboss:  00 00 00 61 88 58 46 F7|...a.XF.
<info> zboss:  00 00 FC 1C 09 1A 00 00|........
<info> zboss:  FC 1C 01 02 16 76 2D 04|.....v-.
<info> zboss:  00 6F 0D 00 17 F5 CA FE|.o......
<info> zboss:  AD 36 CE F4 28 00 34 00|.6..(.4.
<info> zboss:  00 17 F5 CA FE AD 36 CE|......6.
<info> zboss:  F4 00 AF 65 A9 89 0A 60|...e...`
<info> zboss:  5C 00 80 DE AD 11 01 57|\......W
<info> zboss:  00 03 05 00 19 1D 00 00|........
<info> zboss:  00 12 00 58 00 80 DE AD|...X....
<info> zboss:  18 81 7D 00 03 0C 00 19|..}.....
<info> zboss:  1D 00 00 00 63 88 59 46|....c.YF
<info> zboss:  F7 00 00 FC 1C 04 00 80|........
<info> zboss:  DE AD 11 01 7D 00 03 05|....}...
<info> zboss:  00 19 1D 00 00 00 12 00|........
<info> zboss:  59 00 80 DE AD 4D 01 7D|Y....M.}
<info> zboss:  00 03 41 00 19 1D 00 00|..A.....
<info> zboss:  00 61 88 6F 46 F7 FC 1C|.a.oF...
<info> zboss:  00 00 08 00 FC 1C 00 00|........
<info> zboss:  1E EF 21 CD 10 0E B0 02|..!.....
<info> zboss:  00 BA 3B D2 29 16 CF D1|..;.)...
<info> zboss:  10 95 5D 83 92 94 C9 27|..]....'
<info> zboss:  58 E2 56 02 21 05 A5 3D|X.V.!..=
<info> zboss:  55 42 BE CC 96 E5 97 1B|UB......
<info> zboss:  4B 09 DD 2F 54 4C 0B E7|K../TL..
<info> zboss:  B6 A6 DE AD 11 81 7D 00|......}.
<info> zboss:  03 05 00 19 1D 00 00 00|........
<info> zboss:  02 00 6F 00 80 DE AD 18|..o.....
<info> zboss:  81 83 00 03 0C 00 19 1D|........
<info> zboss:  00 00 00 63 88 5A 46 F7|...c.ZF.
<info> zboss:  00 00 FC 1C 04 00 80 DE|........
<info> zboss:  AD 11 01 83 00 03 05 00|........
<info> zboss:  19 1D 00 00 00 02 00 5A|.......Z
<info> zboss:  00 80 DE AD 18 81 89 00|........
<info> zboss:  03 0C 00 19 1D 00 00 00|........
<info> zboss:  63 88 5B 46 F7 00 00 FC|c.[F....
<info> zboss:  1C 04 00 80 DE AD 11 01|........
<info> zboss:  89 00 03 05 00 19 1D 00|........
<info> zboss:  00 00 02 00 5B 00 80 DE|....[...
<info> zboss:  AD 18 81 92 00 03 0C 00|........
<info> zboss:  19 1D 00 00 00 63 88 5C|.....c.\
<info> zboss:  46 F7 00 00 FC 1C 04 00|F.......
<info> zboss:  80 DE AD 11 01 92 00 03|........
<info> zboss:  05 00 19 1D 00 00 00 02|........
<info> zboss:  00 5C 00 80 DE AD 18 81|.\......
<info> zboss:  9F 00 03 0C 00 19 1D 00|........
<info> zboss:  00 00 63 88 5D 46 F7 00|..c.]F..
<info> zboss:  00 FC 1C 04 00 80 DE AD|........
<info> zboss:  11 01 9F 00 03 05 00 19|........
<info> zboss:  1D 00 00 00 02 00 5D 00|......].
<info> zboss:  80 DE AD 18 81 B2 00 03|........
<info> zboss:  0C 00 19 1D 00 00 00 63|.......c
<info> zboss:  88 5E 46 F7 00 00 FC 1C|.^F.....
<info> zboss:  04 00 80 DE AD 11 01 B2|........
<info> zboss:  00 03 05 00 19 1D 00 00|........
<info> zboss:  00 02 00 5E 00 80 DE AD|...^....
<info> zboss:  18 81 CE 00 03 0C 00 19|........
<info> zboss:  1D 00 00 00 63 88 5F 46|....c._F
<info> zboss:  F7 00 00 FC 1C 04 00 80|........
<info> zboss:  DE AD 11 01 CE 00 03 05|........
<info> zboss:  00 19 1D 00 00 00 02 00|........
<info> zboss:  5F 00 80 DE AD 18 81 F8|_.......
<info> zboss:  00 03 0C 00 19 1D 00 00|........
<info> zboss:  00 63 88 60 46 F7 00 00|.c.`F...
<info> zboss:  FC 1C 04 00 80 DE AD 11|........
<info> zboss:  01 F8 00 03 05 00 19 1D|........
<info> zboss:  00 00 00 02 00 60 00 80|.....`..
<info> zboss:  DE AD 18 81 37 01 03 0C|....7...
<info> zboss:  00 19 1D 00 00 00 63 88|......c.
<info> zboss:  61 46 F7 00 00 FC 1C 04|aF......
<info> zboss:  00 80 DE AD 11 01 37 01|......7.
<info> zboss:  03 05 00 19 1D 00 00 00|........
<info> zboss:  02 00 61 00 80 DE AD 18|..a.....
<info> zboss:  81 95 01 03 0C 00 19 1D|........
<info> zboss:  00 00 00 63 88 62 46 F7|...c.bF.
<info> zboss:  00 00 FC 1C 04 00 80 DE|........
<info> zboss:  AD 11 01 95 01 03 05 00|........
<info> zboss:  19 1D 00 00 00 02 00 62|.......b
<info> zboss:  00 80 DE AD 0A 02 9C 01|........
<info> zboss:  1D 00 64 11 DC 00 DE AD|..d.....
<info> zboss:  18 81 22 02 03 0C 00 19|..".....
<info> zboss:  1E 00 00 00 63 88 63 46|....c.cF
<info> zboss:  F7 00 00 FC 1C 04 00 80|........
<info> zboss:  DE AD 11 01 22 02 03 05|...."...
<info> zboss:  00 19 1E 00 00 00 02 00|........

    This is a log of the situation when the transport key is not received.

    I find the condition of sending device announcement in this repo at the line.

    This explains the phenomenon that the device announcement does not occur when the key is not received.

    I would like to solve this problem as soon as possible and I would appreciate nordic's support.

  • 0 in reply to _maibi

    Hello,

    I see that you have quite a few tickets that looks like they have the same topic. Did you solve this issue in one of your other tickets? 

    The zboss trace logs are encrypted, so we would need to send them to an external company to decrypt them. (the Zboss library is written by an external company, you see). 

    Can you clarify one thing for me. Is the issue that you don't receive the new network key, or that you are not able to delete the old network data on your ZED?

    Best Regards,

    Edvin

  • 0 in reply to Edvin

    Hi, Thanks for the reply.

    Edvin said:
    Did you solve this issue in one of your other tickets? 

    Not yet

    Edvin said:
    The zboss trace logs are encrypted, so we would need to send them to an external company to decrypt them. (the Zboss library is written by an external company, you see). 

    Could you send it to them? I wants to know why the network key isn't updated.

    Edvin said:
    Is the issue that you don't receive the new network key, or that you are not able to delete the old network data on your ZED?

    To delete the old network key is derived from failing to receive the new network key.

    In rejoining procedure, zigbee stack expects the transport key encrypted with the old network key.

    The gateway however, encrypts it with the ZB_STANDARD_TC_KEY.

    Although nordic's stack also uses ZB_STANDARD_TC_KEY in joining procedure.

    This rejoining procedure is called tc rejoin. -> I want to be sure this is correct.

    Does "zb_secur_set_tc_rejoin_enabled" function work for the coordinator?

Related

core_v2_widget.Hide()