• State Verified Answer
  • Replies 10 replies
  • Subscribers 62 subscribers
  • Views 6723 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 128502
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Bluetooth Mesh key generetion and handling?

SørenHN

The Bluetooth Mesh Light Switch example shows how to work with keys for a Mesh Network. But I have some questions about who generate the keys and what they are used for.

The example provisioner uses these keys:

dsm_handle_t m_netkey_handle;
dsm_handle_t m_appkey_handle;
dsm_handle_t m_devkey_handles[...];
dsm_handle_t m_server_handles[...];
dsm_handle_t m_group_handle;

Network Key: I think I understand the network key, but i am a bit confused about the function it is used in, dsm_subnet_add(). The name of the function indicates that it is used for adding subnetwork, but is it also used for adding the overall Mesh network to the Device State Manager?

And just to be sure, the network key is generated by the provisioner and distributed to all the nodes, right?

Application Key: I am not sure what the application key is used for and who initially knows it. Is it distributed by the provisioner to the nodes of the network or does every node participating in the application on the network know this before being provisioned?

Device Keys: It seems like the device key is distributed to the node from the provisioner, is this correct?

Server Handles: These keys is for each of the elements holding a Light Switch server on the nodes in the network right?

Group Handle: To my understanding, this key functions like the Server Handle, it is just possible to address more than one node with this address. But in the example it is used in dsm_address_publish_add() together with NETWORK_GROUP_ADDRESS. Does this mean that every node in the network should also be added to a group for the whole network?

Edit 1: ...

Edit 2: I have moved my additional question from Edit 1 to its own question here on the forum.

I am still interested in clearing my confusion on the different keys if anybody can provide an explanation.

  • 0

    Hi SørenHN,

    Network Key Question: the dsm_subnet_add() function is used for "adding a subnetwork & associated network key indexes to device state storage" (see link). So I don't think it adds the overall mesh network to the device state manager, but instead adds the subnetwork to device state manager.

    And yes, the network key is generated by the provisioner & distributed to the provisionee that is being provisioned to the mesh network (see link & this link, section: Adding A New Device To The Network).

    Application Key Question: The application key is used to generate & store application security material used for the mesh Rx & Tx. It secures communication at the access layer & is shared with every node in the mesh application network. It is up to the provisioner to generate & distribute the application keys (see link).

    Device Keys Question: The device itself generates a device key, which is then shared only with the provisioner (see link, search for device key).

    Edit: I previously said that the provisioner generates the device key, but this is incorrect.

    Server Handle Question: Each element is a handle ID of the address of the server in the dsm address database. The server handles are added using dsm_address_publish_add() inside the provisioner_prov_complete_cb() function.

    Group Handle Question: The group handle is the handle id of the group address (OXCAFE) , which is the address which states that you send a packet when you press button 4 to turn on all of the light switch servers. You said correctly that it is acquired using dsm_address_publish_add() inside the access_setup() function.

  • 0 in reply to Bjørn Kvaale

    Hi Bjørn. If dsm_subnet_add() does not add the overall network to the DSM, then how is it done?

  • 0 in reply to Bjørn Kvaale

    I believe you can use the dsm_subnet_add() function to add the overall network to the DSM bit by bit (or subnet by subnet). I guess you could use this function to add a subnetwork to a very small mesh network for example. Thereby, the whole network will be added to the dsm. Does that make sense?

  • 0 in reply to Bjørn Kvaale

    Yes, that makes sense. But how is subnet related to the network then? Or is it more about a node being part of more than one network, one of them being the overall network and one being a subnetwork?

  • 0 in reply to Bjørn Kvaale

    The definition of subnet is: "Networks may contain one or more subnets. Subnets are intended to allow secure isolation of different areas such as, for example, individual rooms in a hotel. A Node is a member of a subnet by virtue of it possessing the subnet's Network Key. A Node may belong to one or more subnets by possessing one or more subnet NetKeys." (see this link here).

    From my understanding a network is made up of multiple subnetworks. I believe a node can be a part of one or multiple subnetworks. For example, take the hotel room example (i.e. the node). The whole network is the entire hotel, while a subnetwork could be the second floor of the hotel. Another subnetwork could be the first two floors of the hotel. Therefore, a hotel room on the second floor is a part of two different subnetworks. Does that make sense?

Related

core_v2_widget.Hide()