Data Structures
struct	zb_zdo_secur_get_auth_level_req_s
	Parameters for get authentication level request. More...

struct	zb_zdo_secur_get_auth_level_rsp_s

Macros
#define	ZB_TLV_KEY_ECDHE_METHOD_ENABLE(var, method) ((var) \|= (1u << (method)))

#define	ZB_TLV_PSK_SECRET_ENABLE(var, secret) ZB_TLV_KEY_ECDHE_METHOD_ENABLE((var), (secret))

#define	zb_set_supported_key_neg_method zb_set_supported_key_neg_mthd

#define	zb_set_supported_key_neg_method_direct zb_set_supported_key_neg_mthd_direct

#define	zb_get_supported_key_neg_method zb_get_supported_key_neg_mtd

#define	zb_get_supported_key_neg_method_direct zb_get_supported_key_neg_mtd_direct

#define	ZB_POST_JOIN_KEY_UPD_METH_NOT_UPDATED 0x00U

#define	ZB_POST_JOIN_KEY_UPD_METH_KEY_REQ 0x01U

#define	ZB_POST_JOIN_KEY_UPD_METH_UNAUTH_KEY_NEGOTIATION 0x02U

#define	ZB_POST_JOIN_KEY_UPD_METH_AUTH_KEY_NEGOTIATION 0x03U

#define	ZB_POST_JOIN_KEY_UPD_METH_APP_DEFINED_CERT_BASED_MUTUAL 0x04U /* CBKE indeed */

#define	ZB_POST_JOIN_KEY_UPD_METH_RESERVED1 0x05U

#define	ZB_POST_JOIN_KEY_UPD_METH_RESERVED2 0x06U

#define	ZB_POST_JOIN_KEY_UPD_METH_HASHED_TCLK 0x07U /* Hashed TCLK is restored from backup at TC after TC swap */

Typedefs
typedef zb_uint8_t	zb_post_join_key_upd_method_t

typedef struct zb_zdo_secur_get_auth_level_req_s	zb_zdo_secur_get_auth_level_req_t
	Parameters for get authentication level request.

typedef struct zb_zdo_secur_get_auth_level_rsp_s	zb_zdo_secur_get_auth_level_rsp_t

Functions
void	zb_set_supported_key_neg_mthd (zb_uint8_t methods_mask)

void	zb_enable_key_neg_method (zb_uint8_t method)

void	zb_disable_key_neg_method (zb_uint8_t method)

void	zb_set_supported_psk_secrets (zb_uint8_t secret_mask)

void	zb_set_supported_key_neg_mthd_direct (zb_uint16_t methods_mask)

void	zb_set_supported_psk_secrets_direct (zb_uint8_t secret_mask)

void	zb_enable_psk_secret (zb_uint8_t secret)

void	zb_disable_psk_secret (zb_uint8_t secret)

zb_uint8_t	zb_get_supported_key_neg_mtd (void)

zb_uint8_t	zb_get_supported_psk_secrets (void)

zb_uint16_t	zb_get_supported_key_neg_mtd_direct (void)

zb_uint8_t	zb_get_supported_psk_secrets_direct (void)

void	zb_set_aps_enc_for_zdo_conf_cmd (zb_bool_t val)

void	zb_set_aps_enc_for_zdo_in_distrib_nwk (zb_bool_t val)

zb_uint8_t	zb_zdo_get_auth_level_req (zb_uint8_t param, zb_callback_t cb)
	Get authentication level for target device. More...

zb_ret_t	zb_zdo_secur_update_device_tclk (zb_uint8_t param, zb_ieee_addr_t dev_ieee_addr)
	Send Security_Key_Update_req for update EXISTING verified tclk. More...

InitialJoinAuthentication enum (see Table 4-33)
Note: These values were members of `enum zb_initial_join_auth_e` type but were converted to a set of macros due to MISRA violations.
typedef zb_uint8_t	zb_initial_join_auth_t

#define	ZB_JOIN_NO_AUTHENTICATION 0x00U

#define	ZB_JOIN_INSTALLCODE_KEY 0x01U

#define	ZB_JOIN_ANON_KEY_NEG 0x02U

#define	ZB_JOIN_AUTH_KEY_NEG 0x03U

Detailed Description

Macro Definition Documentation

◆ ZB_JOIN_ANON_KEY_NEG

#define ZB_JOIN_ANON_KEY_NEG 0x02U

Key Negotiation with Well-known key

◆ ZB_JOIN_AUTH_KEY_NEG

#define ZB_JOIN_AUTH_KEY_NEG 0x03U

Key Negotiation with auth method

◆ ZB_JOIN_INSTALLCODE_KEY

#define ZB_JOIN_INSTALLCODE_KEY 0x01U

Installcode used

◆ ZB_JOIN_NO_AUTHENTICATION

#define ZB_JOIN_NO_AUTHENTICATION 0x00U

No auth token used

◆ ZB_TLV_KEY_ECDHE_METHOD_ENABLE

#define ZB_TLV_KEY_ECDHE_METHOD_ENABLE	(	var,
		method
	)	((var) \|= (1u << (method)))

Add supported key negotiation method into a bitmask

Parameters

method	- key negotiation method zb_tlv_key_negotiation_methods_t
var	- destination bitmask to be passed to zb_set_supported_key_neg_mthd()

◆ ZB_TLV_PSK_SECRET_ENABLE

#define ZB_TLV_PSK_SECRET_ENABLE	(	var,
		secret
	)	ZB_TLV_KEY_ECDHE_METHOD_ENABLE((var), (secret))

Add supported PSK secret into a bitmask

Parameters

secret	- PSK secret zb_tlv_psk_secrets_t
var	- destination bitmask to be passed to zb_set_supported_psk_secrets

 
  /* Rewrite supported PSK secrets bit mask. Just to demonstrate the API */
  {
    zb_uint8_t supported_secrets_mask = 0;
    ZB_TLV_PSK_SECRET_ENABLE(supported_secrets_mask, ZB_TLV_PSK_SECRET_AUTH_TOKEN);
    ZB_TLV_PSK_SECRET_ENABLE(supported_secrets_mask, ZB_TLV_PSK_SECRET_INSTALL_CODE);
    ZB_TLV_PSK_SECRET_ENABLE(supported_secrets_mask, ZB_TLV_PSK_SECRET_PAKE_PASSCODE);
    zb_set_supported_psk_secrets(supported_secrets_mask);
  }
 

Typedef Documentation

◆ zb_post_join_key_upd_method_t

typedef zb_uint8_t zb_post_join_key_upd_method_t

PostJoinKeyUpdateMethod enum (see Table 4-33) Note: These values were members of enum zb_post_join_key_upd_method_e type but were converted to a set of macros due to MISRA violations.

Function Documentation

◆ zb_disable_key_neg_method()

void zb_disable_key_neg_method ( zb_uint8_t method )

Disable the supported by this device Key Negotiation Protocols Method

Parameters

method - zb_tlv_key_negotiation_methods_t

 
  /* The application can also change key negotiation methods and PSK secrets.
   * For example, we disable ZB_TLV_KEY_ECDHE_KEY_REQUEST_ZB_30.
   * It means that ZC will not accept r23+ devices without DLK support */
  zb_disable_key_neg_method(ZB_TLV_KEY_ECDHE_KEY_REQUEST_ZB_30);
  /* That call is just for a demo here. That method is already enabled by
   * zboss_use_r23_behavior() call.  */
  zb_enable_key_neg_method(ZB_TLV_KEY_ECDHE_CURVE_25519_HASH_SHA256);
 

◆ zb_disable_psk_secret()

void zb_disable_psk_secret ( zb_uint8_t secret )

Disable the supported by this device Pre-shared secret

Parameters

secret - zb_tlv_psk_secrets_t

◆ zb_enable_key_neg_method()

void zb_enable_key_neg_method ( zb_uint8_t method )

Enable the supported by this device Key Negotiation Protocols Method

Parameters

method - zb_tlv_key_negotiation_methods_t

 
  /* The application can also change key negotiation methods and PSK secrets.
   * For example, we disable ZB_TLV_KEY_ECDHE_KEY_REQUEST_ZB_30.
   * It means that ZC will not accept r23+ devices without DLK support */
  zb_disable_key_neg_method(ZB_TLV_KEY_ECDHE_KEY_REQUEST_ZB_30);
  /* That call is just for a demo here. That method is already enabled by
   * zboss_use_r23_behavior() call.  */
  zb_enable_key_neg_method(ZB_TLV_KEY_ECDHE_CURVE_25519_HASH_SHA256);
 

◆ zb_enable_psk_secret()

void zb_enable_psk_secret ( zb_uint8_t secret )

Enable the supported by this device Pre-shared secret

Parameters

secret - zb_tlv_psk_secrets_t

◆ zb_get_supported_key_neg_mtd()

zb_uint8_t zb_get_supported_key_neg_mtd ( void )

Get the supported by this device Key Negotiation Protocols Bitmask

Returns: bitmask of the supported methods - zb_tlv_key_negotiation_methods_t

◆ zb_get_supported_key_neg_mtd_direct()

zb_uint16_t zb_get_supported_key_neg_mtd_direct ( void )

Get the supported by this device Key Negotiation Protocols Bitmask (in scope of Zigbee Direct functionality)

Returns: bitmask of the supported methods - zb_tlv_key_negotiation_methods_t

◆ zb_get_supported_psk_secrets()

zb_uint8_t zb_get_supported_psk_secrets ( void )

Get the supported by this device Supported Pre-shared secrets Bitmask

Returns: bitmask of the supported secrets - zb_tlv_psk_secrets_t

◆ zb_get_supported_psk_secrets_direct()

zb_uint8_t zb_get_supported_psk_secrets_direct ( void )

Get the supported by this device Supported Pre-shared secrets Bitmask (in scope of Zigbee Direct functionality)

Returns: bitmask of the supported secrets - zb_tlv_psk_secrets_t

◆ zb_set_aps_enc_for_zdo_conf_cmd()

void zb_set_aps_enc_for_zdo_conf_cmd ( zb_bool_t val )

Set/unset aps security for zdo commands, which need configuration mode

◆ zb_set_aps_enc_for_zdo_in_distrib_nwk()

void zb_set_aps_enc_for_zdo_in_distrib_nwk ( zb_bool_t val )

Set/unset aps security for zdo set/get conf and decommission reqs

◆ zb_set_supported_key_neg_mthd()

void zb_set_supported_key_neg_mthd ( zb_uint8_t methods_mask )

Set the supported by this device Key Negotiation Protocols Bitmask

Parameters

methods_mask - bitmask of the supported methods - zb_tlv_key_negotiation_methods_t

◆ zb_set_supported_key_neg_mthd_direct()

void zb_set_supported_key_neg_mthd_direct ( zb_uint16_t methods_mask )

Set the supported by this device Key Negotiation Protocols Bitmask (in scope of Zigbee Direct functionality)

Parameters

methods_mask - bitmask of the supported methods - zb_tlv_key_negotiation_methods_t

◆ zb_set_supported_psk_secrets()

void zb_set_supported_psk_secrets ( zb_uint8_t secret_mask )

Set the supported by this device Pre-shared secrets Bitmask

Parameters

secret_mask - bitmask of the supported secrets - zb_tlv_psk_secrets_t

 
  /* Rewrite supported PSK secrets bit mask. Just to demonstrate the API */
  {
    zb_uint8_t supported_secrets_mask = 0;
    ZB_TLV_PSK_SECRET_ENABLE(supported_secrets_mask, ZB_TLV_PSK_SECRET_AUTH_TOKEN);
    ZB_TLV_PSK_SECRET_ENABLE(supported_secrets_mask, ZB_TLV_PSK_SECRET_INSTALL_CODE);
    ZB_TLV_PSK_SECRET_ENABLE(supported_secrets_mask, ZB_TLV_PSK_SECRET_PAKE_PASSCODE);
    zb_set_supported_psk_secrets(supported_secrets_mask);
  }
 

◆ zb_set_supported_psk_secrets_direct()

void zb_set_supported_psk_secrets_direct ( zb_uint8_t secret_mask )

Set the supported by this device Pre-shared secrets Bitmask (in scope of Zigbee Direct functionality)

Parameters

secret_mask - bitmask of the supported methods - zb_tlv_psk_secrets_t

◆ zb_zdo_get_auth_level_req()

zb_uint8_t zb_zdo_get_auth_level_req	(	zb_uint8_t	param,
		zb_callback_t	cb
	)

Get authentication level for target device.

Parameters

param	- index of buffer zb_zdo_secur_get_auth_level_req_s
cb	- user's function to call when response is ready zb_zdo_secur_get_auth_level_rsp_s

Returns: ZDP transaction sequence number if call was made by ZR/ZED; 0x00 if call was made by ZC and transaction was successful; 0xFF if operation cannot be performed now (nor enough memory, resources, etc.)

/*
 * Functions for demonstrate how to get authentication level
 */
static void app_sec_get_auth_lvl_cb (zb_uint8_t param)
{
  zb_zdo_secur_get_auth_level_rsp_t *ptr;
  ptr = (zb_zdo_secur_get_auth_level_rsp_t *) zb_buf_begin(param);
  TRACE_MSG(TRACE_APP1, "app_send_get_auth_lvl_cb, param %hd:", (FMT__H, param));
  TRACE_MSG(TRACE_APP1, "# tsn = %hd, status 0x%x", (FMT__H_H, ptr->tsn, ptr->status));
  TRACE_MSG(TRACE_APP1, "# ieee_addr = "TRACE_FORMAT_64, (FMT__A, TRACE_ARG_64(ptr->target_ieee)));
  TRACE_MSG(TRACE_APP1, "# initial_join_auth = %hd, key_upd_method = %hd", (FMT__H_H, ptr->initial_join_auth, ptr->key_upd_method));
 
  ZB_SCHEDULE_APP_ALARM(app_do_next_test_step, param, ZB_TIME_ONE_SECOND);
}
 
 
static void app_sec_get_auth_lvl(zb_uint8_t param, zb_ieee_addr_t target_ieee_addr)
{
  zb_zdo_secur_get_auth_level_req_t *buf_params = ZB_BUF_GET_PARAM(param, zb_zdo_secur_get_auth_level_req_t);
  ZB_IEEE_ADDR_COPY(buf_params->target_ieee, target_ieee_addr);
  zb_zdo_get_auth_level_req(param, app_sec_get_auth_lvl_cb);
}

◆ zb_zdo_secur_update_device_tclk()

zb_ret_t zb_zdo_secur_update_device_tclk	(	zb_uint8_t	param,
		zb_ieee_addr_t	dev_ieee_addr
	)

Send Security_Key_Update_req for update EXISTING verified tclk.

Parameters

param	- index of buffer with request
dev_ieee_addr	- extended address of device, which tclk should be updated.

Returns: RET_OK if the request was sent

Data Structures

Macros

Typedefs

Functions

InitialJoinAuthentication enum (see Table 4-33)

Detailed Description

Macro Definition Documentation

◆ ZB_JOIN_ANON_KEY_NEG

◆ ZB_JOIN_AUTH_KEY_NEG

◆ ZB_JOIN_INSTALLCODE_KEY

◆ ZB_JOIN_NO_AUTHENTICATION

◆ ZB_TLV_KEY_ECDHE_METHOD_ENABLE

◆ ZB_TLV_PSK_SECRET_ENABLE

Typedef Documentation

◆ zb_post_join_key_upd_method_t

Function Documentation

◆ zb_disable_key_neg_method()

◆ zb_disable_psk_secret()

◆ zb_enable_key_neg_method()

◆ zb_enable_psk_secret()

◆ zb_get_supported_key_neg_mtd()

◆ zb_get_supported_key_neg_mtd_direct()

◆ zb_get_supported_psk_secrets()

◆ zb_get_supported_psk_secrets_direct()

◆ zb_set_aps_enc_for_zdo_conf_cmd()

◆ zb_set_aps_enc_for_zdo_in_distrib_nwk()

◆ zb_set_supported_key_neg_mthd()

◆ zb_set_supported_key_neg_mthd_direct()

◆ zb_set_supported_psk_secrets()

◆ zb_set_supported_psk_secrets_direct()

◆ zb_zdo_get_auth_level_req()

◆ zb_zdo_secur_update_device_tclk()