📄 zdsecmgr.c
字号:
* @brief Add entry.
*
* @param device - [in] ZDSecMgrDevice_t, device info
* @param ami - [in] Address Manager index
*
* @return ZStatus_t
*/
void ZDSecMgrAddrMgrUpdate( uint16 ami, uint16 nwkAddr )
{
AddrMgrEntry_t entry;
// get the ami data
entry.user = ADDRMGR_USER_SECURITY;
entry.index = ami;
AddrMgrEntryGet( &entry );
// check if NWK address is same
if ( entry.nwkAddr != nwkAddr )
{
// update NWK address
entry.nwkAddr = nwkAddr;
AddrMgrEntryUpdate( &entry );
}
}
ZStatus_t ZDSecMgrDeviceEntryAdd( ZDSecMgrDevice_t* device, uint16 ami )
{
ZStatus_t status;
ZDSecMgrEntry_t* entry;
// initialize as unknown until completion
status = ZNwkUnknownDevice;
device->ctrl = NULL;
// make sure not already registered
if ( ZDSecMgrEntryLookup( device->nwkAddr, &entry ) == ZSuccess )
{
// verify that address index is same
if ( entry->ami != ami )
{
// remove conflicting entry
ZDSecMgrDeviceEntryRemove( entry );
if ( ZDSecMgrEntryLookupAMI( ami, &entry ) == ZSuccess )
{
// update NWK address
ZDSecMgrAddrMgrUpdate( ami, device->nwkAddr );
}
}
}
else if ( ZDSecMgrEntryLookupAMI( ami, &entry ) == ZSuccess )
{
// update NWK address
ZDSecMgrAddrMgrUpdate( ami, device->nwkAddr );
}
// check if a new entry needs to be created
if ( entry == NULL )
{
// get new entry
if ( ZDSecMgrEntryNew( &entry ) == ZSuccess )
{
// reset entry lkd
// finish setting up entry
entry->ami = ami;
// update NWK address
ZDSecMgrAddrMgrUpdate( ami, device->nwkAddr );
// enter new device into device control
status = ZDSecMgrCtrlAdd( device, entry );
}
}
else
{
// reset entry lkd
// reset entry in entry control
status = ZDSecMgrCtrlReset( device, entry );
}
return status;
}
#endif // defined ( ZDSECMGR_COMMERCIAL )
#if defined ( ZDSECMGR_COMMERCIAL )
#if defined ( ZDO_COORDINATOR )
/******************************************************************************
* @fn ZDSecMgrDeviceCtrlHandler
*
* @brief Device control handler.
*
* @param device - [in] ZDSecMgrDevice_t, device info
*
* @return none
*/
void ZDSecMgrDeviceCtrlHandler( ZDSecMgrDevice_t* device )
{
uint8 state;
uint8 cntr;
state = device->ctrl->state;
cntr = ZDSECMGR_CTRL_BASE_CNTR;
switch ( state )
{
case ZDSECMGR_CTRL_TK_MASTER:
if ( ZDSecMgrSendMasterKey( device ) == ZSuccess )
{
state = ZDSECMGR_CTRL_SKKE_INIT;
cntr = ZDSECMGR_CTRL_SKKE_INIT_CNTR;
}
break;
case ZDSECMGR_CTRL_SKKE_INIT:
if ( ZDSecMgrEstablishKey( device ) == ZSuccess )
{
state = ZDSECMGR_CTRL_SKKE_WAIT;
cntr = ZDSECMGR_CTRL_SKKE_WAIT_CNTR;
}
break;
case ZDSECMGR_CTRL_SKKE_WAIT:
state = ZDSECMGR_CTRL_NONE;
// timeout error - cleanup SKKE slot and entry
break;
case ZDSECMGR_CTRL_TK_NWK:
if ( ZDSecMgrSendNwkKey( device ) == ZSuccess )
{
state = ZDSECMGR_CTRL_NONE;
}
break;
default:
state = ZDSECMGR_CTRL_NONE;
break;
}
if ( state != ZDSECMGR_CTRL_NONE )
{
device->ctrl->state = state;
device->ctrl->cntr = cntr;
osal_start_timer( ZDO_SECMGR_EVENT, 100 );
}
else
{
ZDSecMgrCtrlRelease( device->ctrl );
}
}
#endif // defined ( ZDO_COORDINATOR )
#endif // defined ( ZDSECMGR_COMMERCIAL )
#if defined ( ZDO_COORDINATOR )
#if defined ( ZDSECMGR_COMMERCIAL )
/******************************************************************************
* @fn ZDSecMgrDeviceCtrlSetup
*
* @brief Setup device control.
*
* @param device - [in] ZDSecMgrDevice_t, device info
*
* @return ZStatus_t
*/
void ZDSecMgrDeviceCtrlSetup( ZDSecMgrDevice_t* device )
{
if ( device->ctrl != NULL )
{
if ( device->secure == FALSE )
{
// send the master key data to the joining device
device->ctrl->state = ZDSECMGR_CTRL_TK_MASTER;
}
else
{
// start SKKE
device->ctrl->state = ZDSECMGR_CTRL_SKKE_INIT;
}
ZDSecMgrDeviceCtrlHandler( device );
}
}
#endif // defined ( ZDO_COORDINATOR )
#endif // defined ( ZDSECMGR_COMMERCIAL )
#if defined ( ZDSECMGR_COMMERCIAL )
/******************************************************************************
* @fn ZDSecMgrDeviceCtrlUpdate
*
* @brief Update control data.
*
* @param extAddr - [in] EXT address
* @param state - [in] new control state
*
* @return none
*/
void ZDSecMgrDeviceCtrlUpdate( uint8* extAddr, uint8 state )
{
//---------------------------------------------------------------------------
#if defined ( ZDO_COORDINATOR )
//---------------------------------------------------------------------------
ZDSecMgrEntry_t* entry;
ZDSecMgrCtrl_t* ctrl;
// lookup device entry data
ZDSecMgrEntryLookupExt( extAddr, &entry );
if ( entry != NULL )
{
// lookup device control data
ZDSecMgrCtrlLookup( entry, &ctrl );
// make sure control data is valid
if ( ctrl != NULL )
{
// possible state transitions
if ( ( state == ZDSECMGR_CTRL_SKKE_DONE ) &&
( ctrl->state == ZDSECMGR_CTRL_SKKE_WAIT ) )
{
ctrl->state = ZDSECMGR_CTRL_TK_NWK;
ctrl->cntr = ZDSECMGR_CTRL_TK_NWK_CNTR;
}
// timer should be active
}
}
//---------------------------------------------------------------------------
#endif // defined ( ZDO_COORDINATOR )
//---------------------------------------------------------------------------
}
#endif // defined ( ZDSECMGR_COMMERCIAL )
#if defined ( RTR_NWK )
/******************************************************************************
* @fn ZDSecMgrDeviceRemove
*
* @brief Remove device from network.
*
* @param device - [in] ZDSecMgrDevice_t, device info
*
* @return none
*/
void ZDSecMgrDeviceRemove( ZDSecMgrDevice_t* device )
{
APSME_RemoveDeviceReq_t remDevReq;
NLME_LeaveReq_t leaveReq;
associated_devices_t* assoc;
// check if parent, remove the device
if ( device->parentAddr == NLME_GetShortAddr() )
{
// this is the parent of the device
leaveReq.extAddr = device->extAddr;
leaveReq.removeChildren = FALSE;
leaveReq.rejoin = FALSE;
// find child association
assoc = AssocGetWithExt( device->extAddr );
if ( ( assoc != NULL ) &&
( assoc->nodeRelation >= CHILD_RFD ) &&
( assoc->nodeRelation <= CHILD_FFD_RX_IDLE ) )
{
// check if associated device is authenticated
if ( assoc->devStatus & DEV_SEC_AUTH_STATUS )
{
leaveReq.silent = FALSE;
}
else
{
leaveReq.silent = TRUE;
}
NLME_LeaveReq( &leaveReq );
}
}
else
{
// this is not the parent of the device
remDevReq.parentAddr = device->parentAddr;
remDevReq.childExtAddr = device->extAddr;
APSME_RemoveDeviceReq( &remDevReq );
}
}
#endif // defined( RTR_NWK )
#if defined ( ZDSECMGR_COMMERCIAL )
#if !defined ( ZDO_COORDINATOR ) || defined( SOFT_START )
/******************************************************************************
* @fn ZDSecMgrDeviceValidateSKKE
*
* @brief Decide whether device is allowed for SKKE.
*
* @param device - [in] ZDSecMgrDevice_t, device info
*
* @return ZStatus_t
*/
ZStatus_t ZDSecMgrDeviceValidateSKKE( ZDSecMgrDevice_t* device )
{
ZStatus_t status;
uint16 ami;
uint8* key;
// get EXT address
status = ZDSecMgrExtAddrLookup( device->extAddr, &ami );
if ( status == ZSuccess )
{
// get MASTER key
status = ZDSecMgrMasterKeyLookup( ami, &key );
if ( status == ZSuccess )
{
// // check if initiator is Trust Center
// if ( device->nwkAddr == APSME_TRUSTCENTER_NWKADDR )
// {
// // verify NWK key not sent
// // devtag.todo
// // temporary - add device to internal data
// status = ZDSecMgrDeviceEntryAdd( device, ami );
// }
// else
// {
// // initiator not Trust Center - End to End SKKE - set policy
// // for accepting an SKKE initiation
// // temporary - add device to internal data
// status = ZDSecMgrDeviceEntryAdd( device, ami );
// }
status = ZDSecMgrDeviceEntryAdd( device, ami );
}
}
return status;
}
#endif // !defined ( ZDO_COORDINATOR ) || defined ( SOFT_START )
#endif // defined ( ZDSECMGR_COMMERCIAL )
#if defined ( ZDSECMGR_RESIDENTIAL )
#if defined ( ZDO_COORDINATOR )
/******************************************************************************
* @fn ZDSecMgrDeviceValidateRM (RESIDENTIAL MODE)
*
* @brief Decide whether device is allowed.
*
* @param device - [in] ZDSecMgrDevice_t, device info
*
* @return ZStatus_t
*/
ZStatus_t ZDSecMgrDeviceValidateRM( ZDSecMgrDevice_t* device )
{
ZStatus_t status;
uint8 index;
uint8* restricted;
status = ZSuccess;
// Look through the restricted device list
for ( index = 0; index < ZDSECMGR_RESTRICTED_DEVICES; index++ )
{
restricted = ZDSecMgrRestrictedDevices[index];
if ( AddrMgrExtAddrEqual( restricted, device->extAddr ) == TRUE )
{
// return as unknown device in regards to validation
status = ZNwkUnknownDevice;
// break from loop
index = ZDSECMGR_RESTRICTED_DEVICES;
}
}
return status;
}
#endif // defined ( ZDO_COORDINATOR )
#endif // defined ( ZDSECMGR_RESIDENTIAL )
#if defined ( ZDSECMGR_COMMERCIAL )
#if defined ( ZDO_COORDINATOR )
/******************************************************************************
* @fn ZDSecMgrDeviceValidateCM (COMMERCIAL MODE)
*
* @brief Decide whether device is allowed.
*
* @param device - [in] ZDSecMgrDevice_t, device info
*
* @return ZStatus_t
*/
ZStatus_t ZDSecMgrDeviceValidateCM( ZDSecMgrDevice_t* device )
{
ZStatus_t status;
uint16 ami;
uint8* key;
// check for pre configured setting
if ( device->secure == TRUE )
{
// get EXT address and MASTER key
status = ZDSecMgrExtAddrLookup( device->extAddr, &ami );
if ( status == ZSuccess )
{
status = ZDSecMgrMasterKeyLookup( ami, &key );
}
}
else
{
// implement EXT address and MASTER key policy here -- the total number of
// Security Manager entries should never exceed the number of EXT addresses
// and MASTER keys available
// set status based on policy
status = ZSuccess; // ZNwkUnknownDevice;
// get the address index
if ( ZDSecMgrExtAddrLookup( device->extAddr, &ami ) != ZSuccess )
{
// if policy, store new EXT address
status = ZDSecMgrExtAddrStore( device->extAddr, &ami );
}
// get the address index
if ( ZDSecMgrMasterKeyLookup( ami, &key ) != ZSuccess )
{
// if policy, store new key -- NULL will zero key
status = ZDSecMgrMasterKeyStore( ami, NULL );
}
}
// if EXT address and MASTER key available -- add device
if ( status == ZSuccess )
{
// add device to internal data - with control
status = ZDSecMgrDeviceEntryAdd( device, ami );
}
return status;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -