CC2652P: If "security frame counter" overflow, what will happen?

Aries Lord

Part Number: CC2652P
Other Parts Discussed in Thread: Z-STACK

I have researched the processing of "security frame counter" on Z-stack 3.0.2

    // check frame counter
    linkInfo = nwkNeighborGetLinkInfo( dataInd->mac.srcAddr.addr.shortAddr, dataInd->mac.srcPanId );
    if ( linkInfo )
    {
      keySeqNum = *(dataInd->msdu.p + ff.hdrLen + NWK_AUX_HDR_LEN - 1);

      // check if the frame counter needs to be reset
      if ( linkInfo->inKeySeqNum != keySeqNum )
      {
        linkInfo->inKeySeqNum = keySeqNum;
        linkInfo->inFrmCntr   = 0;
      }

      rcvdFrmCntr = osal_build_uint32( dataInd->msdu.p + ff.hdrLen + 1, 4 );

      if ( rcvdFrmCntr < linkInfo->inFrmCntr )
      {
        return; // Bad frm count
      }
      else
      {
        linkInfo->inFrmCntr = rcvdFrmCntr + 1;
      }
    }

We can see that when current stored frame-counter is 0xFFFFFFFF but the received frame-counter is 0, the incoming message will be ignored. Has the SDK 7.10 fixed this issue?

5 months ago

0 Ryan Brown1 5 months ago

TI__Guru**** 195941 points

Hi Aries,

The outgoing NWK frame counter is persistent across device activity, including, including standard factory new and over-the-air resets, to help prevent replay attacks. Once the network frame counter overflows it will start over at zero, and since this is the less than the previous value the device's packets will be discarded by other Zigbee 3.0 devices. This is covered in Chapter 4.3.1 of the Zigbee R22 2017 Specification in which it is also recommended to occasionally update the network key in order to reset the frame counter and avoid the persistence issue. The NWK frame counter will be reset if its value is greater than 0x80000000 when a NWK key update is performed.

Regards,
Ryan

Zigbee & Thread

Zigbee & Thread forum

CC2652P: If "security frame counter" overflow, what will happen?