CC2652P: Interoperability with Silicon Labs coordinator for PANID update request

Part Number: CC2652P
Other Parts Discussed in Thread: Z-STACK, CC2530

My customer is testing a zigbee network with CC2652P as end devices to comminucate with a Silabs coordinator. They found that the coordinator does not increment the nwkUpdateId field when sending the UPDATE PANID REQ, therefore the request will be dumped by CC2652 and the new PANID is not accepted.

Is there a workaround to make CC2652P accpet the UPDATE PANID REQ without increment of nwkUpdateId?

Best regards,

Shuyang

  • 1. Since it's SL coordinator doesn't increment the nwkUpdateId field, I would suggest you to check SL to fix the issue.

    2. You can try to trace and device into ZDNwkMgr_ProcessMgmtNwkUpdateReq to see if you can workaround this.

  • Hi Shuyang,

    Following YK's assessment:

    1. From Annex E of the 2017/R22 Zigbee Specification: "The network manager is respon-sible for incrementing the nwkUpdateId parameter from the NIB and including it in the Mgmt_NWK_Update_req...Each node shall also increment the nwkUpdateId parameter and also reset the total transmit count and the transmit failure counters."  This is why Z-Stack expects the nwkUpdateId to increment.

    2. You can modify the following if statement from ZDNwkMgr_ProcessMgmtNwkUpdateReq as a workaround:

    if ( Req.nwkUpdateId > _NIB.nwkUpdateId || ( Req.nwkUpdateId == 0 && _NIB.nwkUpdateId == 0xFF ) )

    Note that for devices where RxOnWhenIdle equals FALSE, any network channel change will not be received.

    Regards,
    Ryan

  • Hi Ryan and Yikai,

    Thanks for clarifying.

    The API ZDNwkMgr_ProcessMgmtNwkUpdateReq seems to be for CC2530, I did not find it in CC2652's documents, does CC2652 has a similar API?

    BR,

    Shuyang

  • You can find ZDNwkMgr_ProcessMgmtNwkUpdateReq in zd_nwk_mgr.c.

  • Found it, thanks!

    BR,

    Shuyang

  • Hi Ryan,

    The customer tried to modify ZDNwkMgr_ProcessMgmtNwkUpdateReq, but the network update request sent by the coordinator is an NWK layer message, not a ZDP layer message, therefore the message is ignored by the stack and the ZDNwkMgr_ProcessMgmtNwkUpdateReq is never triggered.

    Is there a way to handle NWK layer or MAC layer message directly in CC2652? In CC2530's stack, there was an API called rxStartIsr to handle mac layer, does CC2652's stack has a similar API?

    Thanks.

    BR,

    Shuyang

  • Hi Shuyang,

    nwk_event_loop is not accessible to developers but they can try to intercept the message in MAC_CbackEvent.  Are they willing to share a sniffer log of this NWK layer message?  

    Regards,
    Ryan

  • Hi Ryan,

    Please find a sniffer log between Silabs devices for PAN ID update. In this log, the  PAN ID is successfully updated to 0x4444. But with CC2652, the NWK update packet will be ignored and PAN ID will not be updated.

    test11_2channel_ok.cubx

    BR,

    Shuyang

  • NLME_NEtworkUpdateCB should call pZDNwkMgr_NetworkUpdateCB if NWK_MANAGER is defined, which you can modify in zd_nwk_mgr.c to use the Zstackapi_DevForceNetworkUpdateReq API to force the network update manually.

    Regards,
    Ryan

  • Hi Ryan,

    The customer tried with NWK_MANAGER defined, but pZDNwkMgr_NetworkUpdateCB is still not called.

    They are now trying to intercept the MAC layer message directly, to do that an API to decrypt the MAC layer message is needed. They found an API in SSP.h as below, but can't find any document for it.

    /*
     * Secure/Unsecure a network PDU
     */
    extern ZStatus_t SSP_NwkSecurity(uint8_t ed_flag, uint8_t *msg, uint8_t hdrLen, uint8_t nsduLen);

    Can you confirm if this is the right API to decrypt the MAC layer message, and kindly provide some explanation and example for how to use this API? For example, what does the parameters ed_flag and *msg stand for?

    Thanks.

    BR,

    Shuyang

  • pZDNwkMgr_NetworkUpdateCB is declared NULL in zd_nwk_mgr.c which they would have to change (populate with their required actions) if they wanted the function to take effect.

    SSP_NwkSecurity is the API used to secure (ed_flag=0) or unsecure (ed_flag=1) the NWK layer packet.  msg is the pointer to the macMcpsDataInt_t -> sData_t -> *p and hdrLen/nsduLen correspond to the NLDE_FrameFormat_t parameters.  No resources are shared since packet encryption/decryption is handled by the pre-built Z-Stack libraries and is not intended to be used directly by developers.

    Regards,
    Ryan

  • Q1: When CC2652 receives the nwkUpdateId field accumulation in the nwk update message, ZStack can trigger pZDNwkMgr_NetworkUpdateCB. Otherwise, pZDNwkMgr_NetworkUpdateCB is not triggered.

    It seems that the ZStack discarded the illegal nwk update message.

    Q2:

    I tried to use SSP_NwkSecurity() to encrypt the decrypted plaintext data in the sniffer to verify how to use this API.

    The test code is as follows:

    #if 1
    //The Nwk Key is 2C:AC:D1:99:CE:A5:6E:00:94:0E:10:59:E6:AF:1B:1A
    uint8_t tmpSta = 0xFC;
    uint8_t tmpHdrLen = 36;
    uint8_t tmpNsduLen = 6;
    uint8_t tmpPlainTextData[36] = {0x09, 0x12, 0xFC, 0xFF, 0x00, 0x00, 0x01, 0x64, 0x46, 0x12, 0x6E, 0xFE, 0xFF, 0xE2, 0x0A, 0x68,
    0x28, 0xE1, 0x3B, 0x07, 0x00, 0x46, 0x12, 0x6E, 0xFE, 0xFF, 0xE2, 0x0A, 0x68,0x00,
    0x08, 0x60, 0xAB, 0xAF, 0xEA, 0x13};

    uint8_t tmpCipherTextData[36] = {0x09, 0x12, 0xFC, 0xFF, 0x00, 0x00, 0x01, 0x64, 0x46, 0x12, 0x6E, 0xFE, 0xFF, 0xE2, 0x0A, 0x68,
    0x28, 0xE1, 0x3B, 0x07, 0x00, 0x46, 0x12, 0x6E, 0xFE, 0xFF, 0xE2, 0x0A, 0x68, 0x00,
    0xF7, 0xCE, 0xC2, 0xB7, 0xCA, 0xB5};

    uint8_t isEncrypt = 0;//0 - encrypt; 1 - decrypt

    // SSP_NwkSecurity(uint8_t ed_flag, uint8_t *msg, uint8_t hdrLen, uint8_t nsduLen);
    tmpSta = SSP_NwkSecurity(isEncrypt, tmpPlainTextData, tmpHdrLen, tmpNsduLen);


    __DEBUG_PRINTF_SUB("encrypt: sta = 0x%x, 0X%02x%02x%02x%02x %02x%02x%02x%02x %02x%02x%02x%02x %02x%02x%02x%02x 0x%02X%02X %02X%02X%02X%02X",
    tmpSta,
    tmpPlainTextData[0],tmpPlainTextData[1],tmpPlainTextData[2],tmpPlainTextData[3],
    tmpPlainTextData[4],tmpPlainTextData[5],tmpPlainTextData[6],tmpPlainTextData[7],
    tmpPlainTextData[8],tmpPlainTextData[9],tmpPlainTextData[10],tmpPlainTextData[11],
    tmpPlainTextData[26],tmpPlainTextData[27],tmpPlainTextData[28],tmpPlainTextData[29],
    tmpPlainTextData[30],tmpPlainTextData[31],tmpPlainTextData[32],tmpPlainTextData[33],tmpPlainTextData[34],tmpPlainTextData[35]);

    #endif


    The print result is as follows:
    >>>>zclSampleLight_processKey[2991]:encrypt: sta = 0x0, 0X0912fcff 00000164 46126efe e20a6800 0x0860 ABAFEA13
    >>>>zclSampleLight_processKey[2991]:encrypt: sta = 0x0, 0X0912fcff 00000164 46126efe e20a6800 0x0860 ABAFEA13

    The printed result shows that SSP_NwkSecurity() is executed successfully. Where can I get the encrypted result data?

    If you can provide a decrypted example to help us understand, that would be great.

  • Sorry, there is a mistake in the test code: uint8_t tmpHdrLen = 36 is error;

    I changed the value of tmpHdrLen to 30, and the print result after running is as follows:
    >>>>zclSampleLight_processKey[2991]:encrypt: sta = 0x0, 0X0912fcff 00000164 46126efe. e20a6800 0x280E 00000011

    The nwk payload looks new, but it doesn't look right.

    My testing process is as follows:
    step1: I get the link status data broadcast by the coordinator through sniffer;
    step2: Add these data to the test code, generate firmware and burn it to CC2652;
    step3: CC2652 joins the network where the coordinator is located;
    step4: I trigger the CC2652 to execute the test code to decrypt the operation by pressing the key;
    Is there a problem with this process?

  • Hello Howjie,

    pZDNwkMgr_NetworkUpdateCB will only be triggered if nwkUpdateId is incremented.  This complies with the Zigbee Specification section previously referenced.  You can contact Silicon Labs to determine why their device does not act accordingly.

    Z-Stack uses nwkApplyNwkSec to apply network level security (encrypt for outgoing).  NLDE_ParseMsg is used to parse the incoming NWK message before verifying security with SSP_NwkSecurity (decryption).

    Regards,
    Ryan

  • Thank you.

    It can be decrypted successfully.