/
Lab 28. Joining with EDHOC

Lab 28. Joining with EDHOC

Owned by Mališa Vučinić
Last updated: Mar 26, 2025
3 min read

Prerequisites

Before attempting this lab, please complete the following labs

Background

In this lab, you will use the LTC5800 chip, part of the Dusty module, in “Slave” mode, meaning that the communication over the network will be instructed by the other microcontroller on board, the nRF52833. You will be programming code for the nRF and using the serial link between the two microcontrollers to send data over the network.

Goal

This lab is a little coding challenge. The goal is to send data originating on your AIOT Play board, and more specifically on the nRF52833 microcontroller, over the network to an MQTT broker. The trick is that the backend is configured to accept the data from the mote only if the mote has previously authenticated with the gateway using the EDHOC protocol. That means that you will need to use an actual implementation of the EDHOC protocol on the microcontroller and complete the handshake with the backend. Your instructor will run the backend.

You can use an MQTT client on your phone or in your browser to check if the message sent by your mote found its way outside of the network.

Here is the MQTT configuration that the backend uses:

MQTT broker: broker.mqttdashboard.com

Port: 1883

Topic: aiotacademy

If you succeed in completing the handshake, the data from your mote will be broadcasted and available on e.g. your mobile device!

Starting Point

You will start from the 03app_edhoc project which demonstrates how to integrate the pre-compiled lakers library with Segger and how to prepare EDHOC message_1. The code does not contain the whole handshake. It is our goal in this lab to complement the existing code in order to complete the handshake.

The code is available here: https://github.com/aiotsystems/aiot_play_fw/tree/edhoc

Flash the 03app_edhoc project on the nrf52833 microcontroller and check with your instructor whether your mote has started to send data.

What message can your instructor see in the logs related to your mote?

Use the EDHOC API

Your goal is to understand the C API of the lakers implementation of EDHOC and to use it to complete the handshake with the backend. In this lab, we will use the following credentials in order to establish the handshake with the backend:

// Initiator's credential static const uint8_t CRED_I[] = {0xA2, 0x02, 0x77, 0x34, 0x32, 0x2D, 0x35, 0x30, 0x2D, 0x33, 0x31, 0x2D, 0x46, 0x46, 0x2D, 0x45, 0x46, 0x2D, 0x33, 0x37, 0x2D, 0x33, 0x32, 0x2D, 0x33, 0x39, 0x08, 0xA1, 0x01, 0xA5, 0x01, 0x02, 0x02, 0x41, 0x2B, 0x20, 0x01, 0x21, 0x58, 0x20, 0xAC, 0x75, 0xE9, 0xEC, 0xE3, 0xE5, 0x0B, 0xFC, 0x8E, 0xD6, 0x03, 0x99, 0x88, 0x95, 0x22, 0x40, 0x5C, 0x47, 0xBF, 0x16, 0xDF, 0x96, 0x66, 0x0A, 0x41, 0x29, 0x8C, 0xB4, 0x30, 0x7F, 0x7E, 0xB6, 0x22, 0x58, 0x20, 0x6E, 0x5D, 0xE6, 0x11, 0x38, 0x8A, 0x4B, 0x8A, 0x82, 0x11, 0x33, 0x4A, 0xC7, 0xD3, 0x7E, 0xCB, 0x52, 0xA3, 0x87, 0xD2, 0x57, 0xE6, 0xDB, 0x3C, 0x2A, 0x93, 0xDF, 0x21, 0xFF, 0x3A, 0xFF, 0xC8}; // Responder's credential static const uint8_t CRED_R[] = {0xA2, 0x02, 0x60, 0x08, 0xA1, 0x01, 0xA5, 0x01, 0x02, 0x02, 0x41, 0x0A, 0x20, 0x01, 0x21, 0x58, 0x20, 0xBB, 0xC3, 0x49, 0x60, 0x52, 0x6E, 0xA4, 0xD3, 0x2E, 0x94, 0x0C, 0xAD, 0x2A, 0x23, 0x41, 0x48, 0xDD, 0xC2, 0x17, 0x91, 0xA1, 0x2A, 0xFB, 0xCB, 0xAC, 0x93, 0x62, 0x20, 0x46, 0xDD, 0x44, 0xF0, 0x22, 0x58, 0x20, 0x45, 0x19, 0xE2, 0x57, 0x23, 0x6B, 0x2A, 0x0C, 0xE2, 0x02, 0x3F, 0x09, 0x31, 0xF1, 0xF3, 0x86, 0xCA, 0x7A, 0xFD, 0xA6, 0x4F, 0xCD, 0xE0, 0x10, 0x8C, 0x22, 0x4C, 0x51, 0xEA, 0xBF, 0x60, 0x72}; // Initiator's private key static const BytesP256ElemLen I = {0xfb, 0x13, 0xad, 0xeb, 0x65, 0x18, 0xce, 0xe5, 0xf8, 0x84, 0x17, 0x66, 0x08, 0x41, 0x14, 0x2e, 0x83, 0x0a, 0x81, 0xfe, 0x33, 0x43, 0x80, 0xa9, 0x53, 0x40, 0x6a, 0x13, 0x05, 0xe8, 0x70, 0x6b};

Make sure to explore the examples and the documentation of the lakers implementation of EDHOC.

For EDHOC message_1 to be accepted by the backend, you must prepend CBOR value true, which is a single byte0xf5, to EDHOC message_1 returned by the library.

For EDHOC message_3 to be accepted by the backend, you must prepend the connection identifier selected by the Responder (backend) and returned in EDHOC message_2 to EDHOC message_3 prepared by the library.

Describe what you did to make it work