When a device directly rejoin into trust-center with Unsecured-Rejoin mode, the Trust Center will not recognize the device as "DEV_SEC_AUTH_TC_REJOIN_STATUS" mode.
This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
When a device directly rejoin into trust-center with Unsecured-Rejoin mode, the Trust Center will not recognize the device as "DEV_SEC_AUTH_TC_REJOIN_STATUS" mode.
Hi Aries,
Can you provide a sniffer log of the failed rejoin process? Is this behavior different than v6.30, or what is the latest SDK for which the behavior is as expected? Have you further debugged ZDSecMgrDeviceJoin to determine the root cause of the device failing to join? If you have this functionality working on a previous SDK then I'd be curious to know the differences inside zd_sec_mgr.c which concern DEV_SEC_AUTH_TC_REJOIN_STATUS.
Regards,
Ryan
I have make a mistake, this issue is appearing in SDK 6.30. The coordinator has processed "zstackmsg_CmdIDs_BDB_TC_LINK_KEY_EXCHANGE_NOTIFICATION_IND" message when it receives a unsecured-rejoin command. I have fixed this issue On SDK 6.30, and my software has not updated to SDK 6.40.
Fix this issue like this
uint8_t ZDSecMgrNewDeviceEvent( uint16_t ShortAddr ) { uint8_t found; ZDSecMgrDevice_t device; AddrMgrEntry_t addrEntry; associated_devices_t* assoc; ZStatus_t status; // initialize return results found = FALSE; assoc = AssocGetWithShort( ShortAddr ); if ( assoc != NULL ) { // device found found = TRUE; // check for preconfigured security if ( zgPreConfigKeys == TRUE ) { // set association status to authenticated ZDSecMgrAssocDeviceAuth( assoc ); } // set up device info addrEntry.user = ADDRMGR_USER_DEFAULT; addrEntry.index = assoc->addrIdx; AddrMgrEntryGet( &addrEntry ); device.nwkAddr = assoc->shortAddr; device.extAddr = addrEntry.extAddr; device.parentAddr = NLME_GetShortAddr(); // the new device performed Secured Rejoin if ( ( assoc->devStatus & DEV_SECURED_JOIN ) && ( assoc->devStatus & DEV_REJOIN_STATUS ) ) { device.secure = TRUE; } else { device.secure = FALSE; if( assoc->devStatus & DEV_REJOIN_STATUS ) { assoc->devStatus |= DEV_SEC_AUTH_TC_REJOIN_STATUS; } } device.devStatus = assoc->devStatus; // process new device status = ZDSecMgrDeviceNew( &device ); if ( status == ZSuccess ) { assoc->devStatus &= ~DEV_SEC_INIT_STATUS; } else { // Clear SECURITY bit from Address Manager ZDSecMgrAddrClear( addrEntry.extAddr ); // Remove the Association completely AssocRemove( addrEntry.extAddr ); } } return found; }
Thanks for providing your solution. Just to be clear, without this change the TC rejoin functionality still works but has the incorrect device status bits set during commissioning?
Thanks for clarifying,
Ryan