feat(cc): implement inclusion using Security S2 #3170
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements inclusion of new nodes using
Security S2
. To realize this, new inclusion strategies have been added, marking the old S0-by-default strategy as deprecated:The method signatures for
beginInclusion
andreplaceFailedNode
have been changed as followsto accomodate for S2 inclusion (the old variants will keep working until v9.x).
The shape of these options depend on the inclusion strategy:
Default, and Security_S2 will accept user callbacks that allow interactively validating the DSK and choosing security classes. Although it is not guaranteed that they will be called, the application MUST provide them:
For the Default strategy, the application can also decide to prefer S0 over no encryption (
forceSecurity: true
), even if it is not necessary.SmartStart is just a stub at this point and likely to change. Insecure and Security_S0 won't need any arguments.
replaceFailedNode
only supports a subset of the inclusion strategies. Because that command does not provide the node info of the new node, reacting to the supported CCs or device classes is not possible. For that reason, the application MUST tellzwave-js
before the inclusion whether S2, S0 or no encryption should be used:Last but not least this PR adds a second parameter to the
"node added"
event to indicate whether a node was included with lower than intended security: