什么是TC(Trust Center) 以及ZDSECMGR_TC_DEVICE_MAX
Enhanced security for Centralized Networks (Networks with a Coordinator/Trust Center)
Trust Center Link Key (TC Link Key) update
- R21 devices joining a Zigbee 3.0 centralized network must initiate a TC Link Key update procedure upon joining the network.
- Node Descriptor packet sent during network association procedure indicates the joining device's Zigbee version (0x00 for legacy devices, 0x15 for new devices), and the R21 coordinator/trust center can be configured to accept or reject legacy devices that do not initiate the TC Link Key update procedure.
- This unique TC Link Key will be used for all encrypted APS-layer communication instead of the well-known TC Link Key
- Note: mandatory unique TC Link Keys for each capable device leads to an increased flash requirement on the coordinator
- By default, the initial network key is transported to joining devices using the well-known TC Link Key. However, you now have the option of using pre-configured keys and install codes to enhance security even further.
Defines the maximum number of Unique TC Link Key entries that the ZC can handle. The Zigbee 3.0 specification mandates that every Zigbee 3.0 certified device must perform TC Link Key update during network association and use a unique TC Link Key with the network Trust Center (ZC). This is to say, ZDSECMGR_TC_DEVICE_MAX defines the maximum number of Zigbee 3.0 devices that are allowed in the network. Legacy devices (HA 1.2 profile, R20) will not affect this value.
实验:
我定义ZDSECMGR_TC_DEVICE_MAX=2,然后使用3个节点入网看一下实验现象。
0x2714入网:
0xba01 leave:
可以发现0x2714以及0x33bd都可以入网并且request key会有transport key,以及最后的confirm key。
但是发现0xba01发出了request key,但是一直没有transport key以及Verify key,直到time out 以及最后的leave。
可以得出结论上面的:
The Zigbee 3.0 specification mandates that every Zigbee 3.0 certified device must perform TC Link Key update during network association and use a unique TC Link Key with the network Trust Center (ZC).