Lab 28. Joining with EDHOC

Owned by Mališa Vučinić
Last updated: Mar 19, 2024
3 min read

Prerequisites

Before attempting this lab, please complete the following labs

Background

In this lab, you will use the LTC5800 chip, part of the Dusty module, in “Slave” mode, meaning that the communication over the network will be instructed by the other microcontroller on board, the nRF52833. You will be programming code for the nRF and using the serial link between the two microcontrollers to send data over the network.

Goal

This lab is a little coding challenge. The goal is to send data originating on your AIOT Play board, and more specifically on the nRF52833 microcontroller, over the network to an MQTT broker. The trick is that the backend is configured to accept the data from the mote only if the mote has previously authenticated with the gateway using the EDHOC protocol. That means that you will need to use an actual implementation of the EDHOC protocol on the microcontroller and complete the handshake with the backend. Your instructor will run the backend.

Starting Point

You will start from the 02drv_ntw project which is configured to send data over the network every 10 seconds. Flash this project on the nrf52833 microcontroller and check with your instructor whether your mote has started to send data.

What message can your instructor see in the logs related to your mote?

Integrating EDHOC

Navigate to https://github.com/openwsn-berkeley/lakers. This is a Rust implementation of EDHOC with available C bindings. We will use this implementation on our AIOT Play boards.

  • From the latest release of lakers, download the pre-compiled library with C headers, built for the PSA cryptographic backend

    • lakers-c-crypto-psa-baremetal-thumbv7em-none-eabihf

  • In Segger, add the library to the build of your 02drv_ntw project by right-clicking on the project and selecting Options

    • Navigate to Linker

    • Set Additional Input Files to the pre-compiled binary (liblakers_c.a)

  • Add the C headers to the build of the 02drv_ntw project

    • Copy-paste the C headers from the archive into the 02drv_ntw folder

    • In Segger, right-click on the project name and select Add Existing File...

    • Select all the header files from the library. The header files should now appear under Source Files in Segger.

    • Test by adding a following line to 02drv_ntw.c file:

      #include "lakers.h"

    • Build the project to test

Use the EDHOC API

Your goal is to understand the C API of the lakers implementation of EDHOC and to use it to complete the handshake with the backend. In this lab, we will use the following credentials in order to establish the handshake with the backend:

// Initiator's credential static const uint8_t CRED_I[] = {0xA2, 0x02, 0x77, 0x34, 0x32, 0x2D, 0x35, 0x30, 0x2D, 0x33, 0x31, 0x2D, 0x46, 0x46, 0x2D, 0x45, 0x46, 0x2D, 0x33, 0x37, 0x2D, 0x33, 0x32, 0x2D, 0x33, 0x39, 0x08, 0xA1, 0x01, 0xA5, 0x01, 0x02, 0x02, 0x41, 0x2B, 0x20, 0x01, 0x21, 0x58, 0x20, 0xAC, 0x75, 0xE9, 0xEC, 0xE3, 0xE5, 0x0B, 0xFC, 0x8E, 0xD6, 0x03, 0x99, 0x88, 0x95, 0x22, 0x40, 0x5C, 0x47, 0xBF, 0x16, 0xDF, 0x96, 0x66, 0x0A, 0x41, 0x29, 0x8C, 0xB4, 0x30, 0x7F, 0x7E, 0xB6, 0x22, 0x58, 0x20, 0x6E, 0x5D, 0xE6, 0x11, 0x38, 0x8A, 0x4B, 0x8A, 0x82, 0x11, 0x33, 0x4A, 0xC7, 0xD3, 0x7E, 0xCB, 0x52, 0xA3, 0x87, 0xD2, 0x57, 0xE6, 0xDB, 0x3C, 0x2A, 0x93, 0xDF, 0x21, 0xFF, 0x3A, 0xFF, 0xC8}; // Responder's credential static const uint8_t CRED_R[] = {0xA2, 0x02, 0x60, 0x08, 0xA1, 0x01, 0xA5, 0x01, 0x02, 0x02, 0x41, 0x0A, 0x20, 0x01, 0x21, 0x58, 0x20, 0xBB, 0xC3, 0x49, 0x60, 0x52, 0x6E, 0xA4, 0xD3, 0x2E, 0x94, 0x0C, 0xAD, 0x2A, 0x23, 0x41, 0x48, 0xDD, 0xC2, 0x17, 0x91, 0xA1, 0x2A, 0xFB, 0xCB, 0xAC, 0x93, 0x62, 0x20, 0x46, 0xDD, 0x44, 0xF0, 0x22, 0x58, 0x20, 0x45, 0x19, 0xE2, 0x57, 0x23, 0x6B, 0x2A, 0x0C, 0xE2, 0x02, 0x3F, 0x09, 0x31, 0xF1, 0xF3, 0x86, 0xCA, 0x7A, 0xFD, 0xA6, 0x4F, 0xCD, 0xE0, 0x10, 0x8C, 0x22, 0x4C, 0x51, 0xEA, 0xBF, 0x60, 0x72}; // Initiator's private key static const BytesP256ElemLen I = {0xfb, 0x13, 0xad, 0xeb, 0x65, 0x18, 0xce, 0xe5, 0xf8, 0x84, 0x17, 0x66, 0x08, 0x41, 0x14, 0x2e, 0x83, 0x0a, 0x81, 0xfe, 0x33, 0x43, 0x80, 0xa9, 0x53, 0x40, 0x6a, 0x13, 0x05, 0xe8, 0x70, 0x6b};

You will also need to initialize the PSA cryptographic backend. You can do this by using the following lines of code:

// memory buffer for mbedtls, required by crypto-psa-baremetal backend uint8_t buffer[4096 * 2] = {0}; // initialize memory buffer for PSA crypto backend mbedtls_memory_buffer_alloc_init(buffer, 4096 * 2);

Make sure to explore the examples and the documentation of the lakers implementation of EDHOC.

For EDHOC message_1 to be accepted by the backend, you must prepend CBOR value true, which is a single byte0xf5, to EDHOC message_1 returned by the library.

For EDHOC message_3 to be accepted by the backend, you must prepend the connection identifier selected by the Responder (backend) and returned in EDHOC message_2 to EDHOC message_3 prepared by the library.