| <?xml version="1.0"?> |
| <!--
|
| Copyright (C) Connectivity Standards Alliance (2021). All rights reserved.
|
| The information within this document is the property of the Connectivity
|
| Standards Alliance and its use and disclosure are restricted, except as
|
| expressly set forth herein.
|
|
|
| Connectivity Standards Alliance hereby grants you a fully-paid, non-exclusive,
|
| nontransferable, worldwide, limited and revocable license (without the right to
|
| sublicense), under Connectivity Standards Alliance's applicable copyright
|
| rights, to view, download, save, reproduce and use the document solely for your
|
| own internal purposes and in accordance with the terms of the license set forth
|
| herein. This license does not authorize you to, and you expressly warrant that
|
| you shall not: (a) permit others (outside your organization) to use this
|
| document; (b) post or publish this document; (c) modify, adapt, translate, or
|
| otherwise change this document in any manner or create any derivative work
|
| based on this document; (d) remove or modify any notice or label on this
|
| document, including this Copyright Notice, License and Disclaimer. The
|
| Connectivity Standards Alliance does not grant you any license hereunder other
|
| than as expressly stated herein.
|
|
|
| Elements of this document may be subject to third party intellectual property
|
| rights, including without limitation, patent, copyright or trademark rights,
|
| and any such third party may or may not be a member of the Connectivity
|
| Standards Alliance. Connectivity Standards Alliance members grant other
|
| Connectivity Standards Alliance members certain intellectual property rights as
|
| set forth in the Connectivity Standards Alliance IPR Policy. Connectivity
|
| Standards Alliance members do not grant you any rights under this license. The
|
| Connectivity Standards Alliance is not responsible for, and shall not be held
|
| responsible in any manner for, identifying or failing to identify any or all
|
| such third party intellectual property rights. Please visit www.csa-iot.org for
|
| more information on how to become a member of the Connectivity Standards
|
| Alliance.
|
|
|
| This document and the information contained herein are provided on an “AS IS”
|
| basis and the Connectivity Standards Alliance DISCLAIMS ALL WARRANTIES EXPRESS
|
| OR IMPLIED, INCLUDING BUT NOT LIMITED TO (A) ANY WARRANTY THAT THE USE OF THE
|
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OF THIRD PARTIES (INCLUDING
|
| WITHOUT LIMITATION ANY INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENT, COPYRIGHT
|
| OR TRADEMARK RIGHTS); OR (B) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
|
| FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT. IN NO EVENT WILL THE
|
| CONNECTIVITY STANDARDS ALLIANCE BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF
|
| BUSINESS, LOSS OF USE OF DATA, INTERRUPTION OF BUSINESS, OR FOR ANY OTHER
|
| DIRECT, INDIRECT, SPECIAL OR EXEMPLARY, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL
|
| DAMAGES OF ANY KIND, IN CONTRACT OR IN TORT, IN CONNECTION WITH THIS DOCUMENT
|
| OR THE INFORMATION CONTAINED HEREIN, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
|
| LOSS OR DAMAGE.
|
|
|
| All company, brand and product names in this document may be trademarks that
|
| are the sole property of their respective owners.
|
|
|
| This notice and disclaimer must be included on all copies of this document.
|
|
|
| Connectivity Standards Alliance
|
| 508 Second Street, Suite 206
|
| Davis, CA 95616, USA
|
| --> |
| <cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="types types.xsd cluster cluster.xsd" id="0x003F" name="GroupKeyManagement" revision="2"> |
| <revisionHistory> |
| <revision revision="1" summary="Initial Release"/> |
| <revision revision="2" summary="Clarify KeySetWrite validation and behavior on invalid epoch key lengths"/> |
| </revisionHistory> |
| <classification hierarchy="base" role="utility" picsCode="GRPKEY" scope="Node"/> |
| <features> |
| <feature bit="0" code="CS" name="CacheAndSync" summary="The ability to support CacheAndSync security policy and MCSP."> |
| <optionalConform/> |
| </feature> |
| </features> |
| <dataTypes> |
| <enum name="GroupKeyMulticastPolicyEnum"> |
| <item value="0" name="PerGroupID" summary="Indicates filtering of multicast messages for a specific Group ID"> |
| <mandatoryConform/> |
| </item> |
| <item value="1" name="AllNodes" summary="Indicates not filtering of multicast messages"> |
| <mandatoryConform/> |
| </item> |
| </enum> |
| <enum name="GroupKeySecurityPolicyEnum"> |
| <item value="0" name="TrustFirst" summary="Message counter synchronization using trust-first"> |
| <mandatoryConform/> |
| </item> |
| <item value="1" name="CacheAndSync" summary="Message counter synchronization using cache-and-sync"> |
| <mandatoryConform> |
| <feature name="CS"/> |
| </mandatoryConform> |
| </item> |
| </enum> |
| <struct name="GroupInfoMapStruct"> |
| <field id="1" name="GroupId" type="ref_DataTypeGroupId"> |
| <mandatoryConform/> |
| </field> |
| <field id="2" name="Endpoints" type="ref_DataTypeList[ref_DataTypeEndpointNumber]"> |
| <mandatoryConform/> |
| <constraint type="min" value="1"/> |
| </field> |
| <field id="3" name="GroupName" type="ref_DataTypeString"> |
| <optionalConform/> |
| <constraint type="max" value="16"/> |
| </field> |
| <access fabricScoped="true"/> |
| </struct> |
| <struct name="GroupKeyMapStruct"> |
| <field id="1" name="GroupId" type="ref_DataTypeGroupId"> |
| <mandatoryConform/> |
| </field> |
| <field id="2" name="GroupKeySetID" type="uint16"> |
| <mandatoryConform/> |
| <constraint type="between" from="1" to="65535"/> |
| </field> |
| <access fabricScoped="true"/> |
| </struct> |
| <struct name="GroupKeySetStruct"> |
| <field id="0" name="GroupKeySetID" type="uint16"> |
| <mandatoryConform/> |
| </field> |
| <field id="1" name="GroupKeySecurityPolicy" type="GroupKeySecurityPolicyEnum"> |
| <access fabricSensitive="true"/> |
| <mandatoryConform/> |
| </field> |
| <field id="2" name="EpochKey0" type="ref_DataTypeOctstr"> |
| <access fabricSensitive="true"/> |
| <quality nullable="true"/> |
| <mandatoryConform/> |
| <constraint type="allowed" value="16"/> |
| </field> |
| <field id="3" name="EpochStartTime0" type="ref_DataTypeEpochUs"> |
| <access fabricSensitive="true"/> |
| <quality nullable="true"/> |
| <mandatoryConform/> |
| </field> |
| <field id="4" name="EpochKey1" type="ref_DataTypeOctstr"> |
| <access fabricSensitive="true"/> |
| <quality nullable="true"/> |
| <mandatoryConform/> |
| <constraint type="allowed" value="16"/> |
| </field> |
| <field id="5" name="EpochStartTime1" type="ref_DataTypeEpochUs"> |
| <access fabricSensitive="true"/> |
| <quality nullable="true"/> |
| <mandatoryConform/> |
| </field> |
| <field id="6" name="EpochKey2" type="ref_DataTypeOctstr"> |
| <access fabricSensitive="true"/> |
| <quality nullable="true"/> |
| <mandatoryConform/> |
| <constraint type="allowed" value="16"/> |
| </field> |
| <field id="7" name="EpochStartTime2" type="ref_DataTypeEpochUs"> |
| <access fabricSensitive="true"/> |
| <quality nullable="true"/> |
| <mandatoryConform/> |
| </field> |
| <field id="8" name="GroupKeyMulticastPolicy" type="GroupKeyMulticastPolicyEnum"> |
| <access fabricSensitive="true"/> |
| <otherwiseConform> |
| <provisionalConform/> |
| <mandatoryConform/> |
| </otherwiseConform> |
| </field> |
| </struct> |
| </dataTypes> |
| <attributes> |
| <attribute id="0x0000" name="GroupKeyMap" type="ref_DataTypeList[GroupKeyMapStruct Type]" default="empty"> |
| <access read="true" write="true" readPrivilege="view" writePrivilege="manage" fabricScoped="true"/> |
| <quality changeOmitted="false" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/> |
| <mandatoryConform/> |
| <constraint type="desc"/> |
| </attribute> |
| <attribute id="0x0001" name="GroupTable" type="ref_DataTypeList[GroupInfoMapStruct Type]" default="empty"> |
| <access read="true" readPrivilege="view" fabricScoped="true"/> |
| <mandatoryConform/> |
| <constraint type="desc"/> |
| </attribute> |
| <attribute id="0x0002" name="MaxGroupsPerFabric" type="uint16" default="0"> |
| <access read="true" readPrivilege="view"/> |
| <quality changeOmitted="false" nullable="false" scene="false" persistence="fixed" reportable="false"/> |
| <mandatoryConform/> |
| </attribute> |
| <attribute id="0x0003" name="MaxGroupKeysPerFabric" type="uint16" default="1"> |
| <access read="true" readPrivilege="view"/> |
| <quality changeOmitted="false" nullable="false" scene="false" persistence="fixed" reportable="false"/> |
| <mandatoryConform/> |
| <constraint type="between" from="1" to="65535"/> |
| </attribute> |
| </attributes> |
| <commands> |
| <command id="0x00" name="KeySetWrite Command" response="Y"> |
| <access invokePrivilege="admin" fabricScoped="true"/> |
| <mandatoryConform/> |
| <field id="0" name="GroupKeySet" type="GroupKeySetStruct"> |
| <mandatoryConform/> |
| </field> |
| </command> |
| <command id="0x01" name="KeySetRead Command" response="KeySetReadResponse Command"> |
| <access invokePrivilege="admin" fabricScoped="true"/> |
| <mandatoryConform/> |
| <field id="0" name="GroupKeySetID" type="uint16"> |
| <mandatoryConform/> |
| </field> |
| </command> |
| <command id="0x02" name="KeySetReadResponse Command" direction="responseFromServer"> |
| <access invokePrivilege="operate"/> |
| <mandatoryConform/> |
| <field id="0" name="GroupKeySet" type="GroupKeySetStruct"> |
| <mandatoryConform/> |
| </field> |
| </command> |
| <command id="0x03" name="KeySetRemove Command" response="Y"> |
| <access invokePrivilege="admin" fabricScoped="true"/> |
| <mandatoryConform/> |
| <field id="0" name="GroupKeySetID" type="uint16"> |
| <mandatoryConform/> |
| </field> |
| </command> |
| <command id="0x04" name="KeySetReadAllIndices Command" response="KeySetReadAllIndicesResponse Command"> |
| <access invokePrivilege="admin" fabricScoped="true"/> |
| <mandatoryConform/> |
| <field id="0" name="reserved"> |
| <disallowConform/> |
| </field> |
| </command> |
| <command id="0x05" name="KeySetReadAllIndicesResponse Command" direction="responseFromServer"> |
| <access invokePrivilege="operate"/> |
| <mandatoryConform/> |
| <field id="0" name="GroupKeySetIDs" type="list"> |
| <entry type="uint16"/> |
| <mandatoryConform/> |
| </field> |
| </command> |
| </commands> |
| </cluster> |