Node inclusion¶
To include a node start inclusion mode in the controller with
Adapter.addNode()
.
Status about the inclusion are sent as
NetworkManagementInclusion.NodeAddStatus
messages
zipgateway send back secure inclusion callback using messages
NetworkManagementInclusion.NodeAddKeysReport
and
NetworkManagementInclusion.NodeAddDSKReport
Non secure inclusion¶
To force the node to be included non secure respond to
NodeAddKeysReport
with
a NodeAddKeysSet
message with
the attributes set to:
grantCSA = False
accept = False
grantedKeys = 0
await adapter.addNodeKeysSet(False, False, 0)
S0 inclusion¶
To force S0 inclusion respond to NodeAddKeysReport
with the key set to
SECURITY_0_NETWORK_KEY
:
await adapter.addNodeKeysSet(False, True, NetworkManagementInclusion.Keys.SECURITY_0_NETWORK_KEY)
S2 inclusion¶
To continue with S2 bootstrapping respond the requested keys from the node to the controller:
async def messageReceived(self, _sender, message: Message):
if isinstance(message, NodeAddKeysReport):
await adapter.addNodeKeysSet(False, True, message.requestedKeys)
Depending on the security class requested the user may or may not complete the input
of the DSK (device specific key). The controller uses the
NetworkManagementInclusion.NodeAddDSKReport
message for this. Example:
async def messageReceived(self, _sender, message: Message):
if isinstance(message, NodeAddDSKReport):
if message.inputDSKLength == 0:
# Unauthenticated S2. No input from the user needed.
# User may confirm the dsk in message.dsk is the same
# as the label in the including node
if await confirmDSK(message.dsk):
await adapter.addNodeDSKSet(True, 0, b'')
else:
await adapter.addNodeDSKSet(False, 0, b'')
else:
# Let the user enter the missing section from the dsk
# to finish S2 bootstrapping
userInput = await requestUserInput(message)
await adapter.addNodeDSKSet(True, message.inputDSKLength, userInput)