Network Creator Security#

API and Callbacks for the Network Creator Security Component.

This component performs the necessary security initialization to form a Zigbee 3.0-compliant network. To enable "Allow Trust Center rejoin with well known key", the "emberAfPluginEzspSecurityTrustCenterJoinCallback()" function (on the NCP side) may need to be implemented. For more details about this callback function, see "https://www.silabs.com/community/wireless/zigbee-and-thread/knowledge-base.entry.html/2018/12/26/how_to_allow_unsecur-sa3C". If the link does not work, go to our community website and search "How to allow unsecure rejoins on the Ember ZNet stack".

API#

EmberStatus

Initialize the security needed for forming and then operating on a network.

EmberStatus

Open a network for joining.

EmberStatus
EmberStatus
emberAfPluginNetworkCreatorSecurityOpenNetworkWithKeyPair(EmberEUI64 eui64, EmberKeyData keyData)

Set the network to accept the install code only.

EmberStatus

Set the insecure rejoin policy for devices using the well-known key.

Variables#

Macros#

API Documentation#

emberAfPluginNetworkCreatorSecurityStart#

EmberStatus emberAfPluginNetworkCreatorSecurityStart (bool centralizedNetwork)

Initialize the security needed for forming and then operating on a network.

Parameters
N/AcentralizedNetwork

Whether or not the network that the caller plans to form will use centralized or distributed security.

The centralizedNetwork parameter allows the caller to specify whether or not the network that they plan to form will use centralized or distributed security.

Returns

  • Status of the commencement of the network creator process.


Definition at line 70 of file app/framework/plugin/network-creator-security/network-creator-security.h

emberAfPluginNetworkCreatorSecurityOpenNetwork#

EmberStatus emberAfPluginNetworkCreatorSecurityOpenNetwork (void )

Open a network for joining.

Parameters
N/A

This API broadcasts a permit join to the network and adds a transient link key of ZigBeeAlliance09 if this device is a trust center.

Returns

  • An ::EmberStatus value describing the success or failure of the network opening procedure. If this node is not currently on a network, this will return ::EMBER_ERR_FATAL.


Definition at line 82 of file app/framework/plugin/network-creator-security/network-creator-security.h

emberAfPluginNetworkCreatorSecurityCloseNetwork#

EmberStatus emberAfPluginNetworkCreatorSecurityCloseNetwork (void )

Close the network.

Parameters
N/A

This API closes the network for joining. It broadcasts a permit join to the network with time 0, as well as clears any transient link keys in the stack.

Returns

  • An ::EmberStatus value describing closing the network. If this node is not currently on a network, this will return ::EMBER_ERR_FATAL. This API will also return an error code based on the success or failure of the broadcast permit join.


Definition at line 95 of file app/framework/plugin/network-creator-security/network-creator-security.h

emberAfPluginNetworkCreatorSecurityOpenNetworkWithKeyPair#

EmberStatus emberAfPluginNetworkCreatorSecurityOpenNetworkWithKeyPair (EmberEUI64 eui64, EmberKeyData keyData)

Set the network to accept the install code only.

Parameters
N/Aeui64

EUI 64 of the joining node.

N/AkeyData

the link key to be used by the joining node.

This API opens a network for joining. It broadcasts a permit join to the network and adds a specified EUI64 and transient key pair if this device is a trust center. Only the node that matches the specified key pair is allowed to join the network.

Returns

  • An ::EmberStatus value describing the success or failure of the network opening procedure. If this node is not currently on a network, this will return ::EMBER_ERR_FATAL.


Definition at line 112 of file app/framework/plugin/network-creator-security/network-creator-security.h

emberAfPluginNetworkCreatorSecuritySetAllowRejoinsWithWellKnownKey#

EmberStatus emberAfPluginNetworkCreatorSecuritySetAllowRejoinsWithWellKnownKey (bool allow)

Set the insecure rejoin policy for devices using the well-known key.

Parameters
N/Aallow

This API sets the policy for Trust Center (insecure) rejoins for devices using the well-known key. Sending a network key to devices using the well- known key is a security risk and the default policy of the stack is to deny such rejoins. Calling this function to allow rejoins with the well-known key will allow the rejoins for a period of emAllowTcRejoinsUsingWellKnownKeyTimeoutSec seconds.

Returns

  • An ::EmberStatus value describing the success or failure of the policy change. If this node is not currently on a network, this will return ::EMBER_ERR_FATAL.


Definition at line 128 of file app/framework/plugin/network-creator-security/network-creator-security.h

Variable Documentation#

allowHaDevices#

bool allowHaDevices

Definition at line 48 of file app/framework/plugin/network-creator-security/network-creator-security.h

Macro Definition Documentation#

EMBER_AF_PLUGIN_NETWORK_CREATOR_SECURITY_PLUGIN_NAME#

#define EMBER_AF_PLUGIN_NETWORK_CREATOR_SECURITY_PLUGIN_NAME
Value:
"NWK Creator Security"

Definition at line 43 of file app/framework/plugin/network-creator-security/network-creator-security.h