• State Resolved
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 57 subscribers
  • Views 723 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2652P: Interoperability with Silicon Labs coordinator for PANID update request

Shuyang Zhong
Expert 3895 points
Part Number: CC2652P
Other Parts Discussed in Thread: Z-STACK, CC2530

My customer is testing a zigbee network with CC2652P as end devices to comminucate with a Silabs coordinator. They found that the coordinator does not increment the nwkUpdateId field when sending the UPDATE PANID REQ, therefore the request will be dumped by CC2652 and the new PANID is not accepted.

Is there a workaround to make CC2652P accpet the UPDATE PANID REQ without increment of nwkUpdateId?

Best regards,

Shuyang

  • 0
    Guru 735455 points

    1. Since it's SL coordinator doesn't increment the nwkUpdateId field, I would suggest you to check SL to fix the issue.

    2. You can try to trace and device into ZDNwkMgr_ProcessMgmtNwkUpdateReq to see if you can workaround this.

  • +1 in reply to YiKai Chen
    TI__Guru**** 202106 points

    Hi Shuyang,

    Following YK's assessment:

    1. From Annex E of the 2017/R22 Zigbee Specification: "The network manager is respon-sible for incrementing the nwkUpdateId parameter from the NIB and including it in the Mgmt_NWK_Update_req...Each node shall also increment the nwkUpdateId parameter and also reset the total transmit count and the transmit failure counters."  This is why Z-Stack expects the nwkUpdateId to increment.

    2. You can modify the following if statement from ZDNwkMgr_ProcessMgmtNwkUpdateReq as a workaround:

    if ( Req.nwkUpdateId > _NIB.nwkUpdateId || ( Req.nwkUpdateId == 0 && _NIB.nwkUpdateId == 0xFF ) )

    Note that for devices where RxOnWhenIdle equals FALSE, any network channel change will not be received.

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    TI__Expert 3895 points

    Hi Ryan and Yikai,

    Thanks for clarifying.

    The API ZDNwkMgr_ProcessMgmtNwkUpdateReq seems to be for CC2530, I did not find it in CC2652's documents, does CC2652 has a similar API?

    BR,

    Shuyang

  • +1 in reply to Shuyang Zhong
    Guru 735455 points

    You can find ZDNwkMgr_ProcessMgmtNwkUpdateReq in zd_nwk_mgr.c.

  • 0 in reply to YiKai Chen
    TI__Expert 3895 points

    Found it, thanks!

    BR,

    Shuyang

  • 0 in reply to Ryan Brown1
    TI__Expert 3895 points

    Hi Ryan,

    The customer tried to modify ZDNwkMgr_ProcessMgmtNwkUpdateReq, but the network update request sent by the coordinator is an NWK layer message, not a ZDP layer message, therefore the message is ignored by the stack and the ZDNwkMgr_ProcessMgmtNwkUpdateReq is never triggered.

    Is there a way to handle NWK layer or MAC layer message directly in CC2652? In CC2530's stack, there was an API called rxStartIsr to handle mac layer, does CC2652's stack has a similar API?

    Thanks.

    BR,

    Shuyang

  • 0 in reply to Shuyang Zhong
    TI__Guru**** 202106 points

    Hi Shuyang,

    nwk_event_loop is not accessible to developers but they can try to intercept the message in MAC_CbackEvent.  Are they willing to share a sniffer log of this NWK layer message?  

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    TI__Expert 3895 points

    Hi Ryan,

    Please find a sniffer log between Silabs devices for PAN ID update. In this log, the  PAN ID is successfully updated to 0x4444. But with CC2652, the NWK update packet will be ignored and PAN ID will not be updated.

    test11_2channel_ok.cubx

    BR,

    Shuyang

  • 0 in reply to Shuyang Zhong
    TI__Guru**** 202106 points

    NLME_NEtworkUpdateCB should call pZDNwkMgr_NetworkUpdateCB if NWK_MANAGER is defined, which you can modify in zd_nwk_mgr.c to use the Zstackapi_DevForceNetworkUpdateReq API to force the network update manually.

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    TI__Expert 3895 points

    Hi Ryan,

    The customer tried with NWK_MANAGER defined, but pZDNwkMgr_NetworkUpdateCB is still not called.

    They are now trying to intercept the MAC layer message directly, to do that an API to decrypt the MAC layer message is needed. They found an API in SSP.h as below, but can't find any document for it.

    /*
 * Secure/Unsecure a network PDU
 */
extern ZStatus_t SSP_NwkSecurity(uint8_t ed_flag, uint8_t *msg, uint8_t hdrLen, uint8_t nsduLen);

    Can you confirm if this is the right API to decrypt the MAC layer message, and kindly provide some explanation and example for how to use this API? For example, what does the parameters ed_flag and *msg stand for?

    Thanks.

    BR,

    Shuyang

  • 0 in reply to Shuyang Zhong
    TI__Guru**** 202106 points

    pZDNwkMgr_NetworkUpdateCB is declared NULL in zd_nwk_mgr.c which they would have to change (populate with their required actions) if they wanted the function to take effect.

    SSP_NwkSecurity is the API used to secure (ed_flag=0) or unsecure (ed_flag=1) the NWK layer packet.  msg is the pointer to the macMcpsDataInt_t -> sData_t -> *p and hdrLen/nsduLen correspond to the NLDE_FrameFormat_t parameters.  No resources are shared since packet encryption/decryption is handled by the pre-built Z-Stack libraries and is not intended to be used directly by developers.

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    Intellectual 475 points

    Q1: When CC2652 receives the nwkUpdateId field accumulation in the nwk update message, ZStack can trigger pZDNwkMgr_NetworkUpdateCB. Otherwise, pZDNwkMgr_NetworkUpdateCB is not triggered.

    It seems that the ZStack discarded the illegal nwk update message.

    Q2:

    I tried to use SSP_NwkSecurity() to encrypt the decrypted plaintext data in the sniffer to verify how to use this API.

    The test code is as follows:

    #if 1
    //The Nwk Key is 2C:AC:D1:99:CE:A5:6E:00:94:0E:10:59:E6:AF:1B:1A
    uint8_t tmpSta = 0xFC;
    uint8_t tmpHdrLen = 36;
    uint8_t tmpNsduLen = 6;
    uint8_t tmpPlainTextData[36] = {0x09, 0x12, 0xFC, 0xFF, 0x00, 0x00, 0x01, 0x64, 0x46, 0x12, 0x6E, 0xFE, 0xFF, 0xE2, 0x0A, 0x68,
    0x28, 0xE1, 0x3B, 0x07, 0x00, 0x46, 0x12, 0x6E, 0xFE, 0xFF, 0xE2, 0x0A, 0x68,0x00,
    0x08, 0x60, 0xAB, 0xAF, 0xEA, 0x13};

    uint8_t tmpCipherTextData[36] = {0x09, 0x12, 0xFC, 0xFF, 0x00, 0x00, 0x01, 0x64, 0x46, 0x12, 0x6E, 0xFE, 0xFF, 0xE2, 0x0A, 0x68,
    0x28, 0xE1, 0x3B, 0x07, 0x00, 0x46, 0x12, 0x6E, 0xFE, 0xFF, 0xE2, 0x0A, 0x68, 0x00,
    0xF7, 0xCE, 0xC2, 0xB7, 0xCA, 0xB5};

    uint8_t isEncrypt = 0;//0 - encrypt; 1 - decrypt

    // SSP_NwkSecurity(uint8_t ed_flag, uint8_t *msg, uint8_t hdrLen, uint8_t nsduLen);
    tmpSta = SSP_NwkSecurity(isEncrypt, tmpPlainTextData, tmpHdrLen, tmpNsduLen);


    __DEBUG_PRINTF_SUB("encrypt: sta = 0x%x, 0X%02x%02x%02x%02x %02x%02x%02x%02x %02x%02x%02x%02x %02x%02x%02x%02x 0x%02X%02X %02X%02X%02X%02X",
    tmpSta,
    tmpPlainTextData[0],tmpPlainTextData[1],tmpPlainTextData[2],tmpPlainTextData[3],
    tmpPlainTextData[4],tmpPlainTextData[5],tmpPlainTextData[6],tmpPlainTextData[7],
    tmpPlainTextData[8],tmpPlainTextData[9],tmpPlainTextData[10],tmpPlainTextData[11],
    tmpPlainTextData[26],tmpPlainTextData[27],tmpPlainTextData[28],tmpPlainTextData[29],
    tmpPlainTextData[30],tmpPlainTextData[31],tmpPlainTextData[32],tmpPlainTextData[33],tmpPlainTextData[34],tmpPlainTextData[35]);

    #endif


    The print result is as follows:
    >>>>zclSampleLight_processKey[2991]:encrypt: sta = 0x0, 0X0912fcff 00000164 46126efe e20a6800 0x0860 ABAFEA13
    >>>>zclSampleLight_processKey[2991]:encrypt: sta = 0x0, 0X0912fcff 00000164 46126efe e20a6800 0x0860 ABAFEA13

    The printed result shows that SSP_NwkSecurity() is executed successfully. Where can I get the encrypted result data?

    If you can provide a decrypted example to help us understand, that would be great.

  • 0 in reply to Howjie zhou
    Intellectual 475 points

    Sorry, there is a mistake in the test code: uint8_t tmpHdrLen = 36 is error;

    I changed the value of tmpHdrLen to 30, and the print result after running is as follows:
    >>>>zclSampleLight_processKey[2991]:encrypt: sta = 0x0, 0X0912fcff 00000164 46126efe. e20a6800 0x280E 00000011

    The nwk payload looks new, but it doesn't look right.

    My testing process is as follows:
    step1: I get the link status data broadcast by the coordinator through sniffer;
    step2: Add these data to the test code, generate firmware and burn it to CC2652;
    step3: CC2652 joins the network where the coordinator is located;
    step4: I trigger the CC2652 to execute the test code to decrypt the operation by pressing the key;
    Is there a problem with this process?

  • 0 in reply to Howjie zhou
    TI__Guru**** 202106 points

    Hello Howjie,

    pZDNwkMgr_NetworkUpdateCB will only be triggered if nwkUpdateId is incremented.  This complies with the Zigbee Specification section previously referenced.  You can contact Silicon Labs to determine why their device does not act accordingly.

    Z-Stack uses nwkApplyNwkSec to apply network level security (encrypt for outgoing).  NLDE_ParseMsg is used to parse the incoming NWK message before verifying security with SSP_NwkSecurity (decryption).

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    Intellectual 475 points

    Thank you.

    It can be decrypted successfully.