• State
  • Locked Locked
  • Replies 2 replies
  • Subscribers 56 subscribers
  • Views 1758 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

How to setup preconfigured link keys?

Voon Wong
Intellectual 295 points

Other Parts Discussed in Thread: Z-STACK

Hi,

I have a working implementation of an ESP and an IPD with the Ember stack using Smart Energy Security.  I now want to re-implement the IPD using ZStack-EXP5438-2.3.0-1.4.0 (on different hardware clearly), but am hitting a roadblock.  The ESP is still running the Ember stack.

I have followed the instructions in "Smart Energy Sample Application User's Guide" (SWRU215) to set up the IEEE, Device Implicit Cer, Device Private Key and CA Pub Key.  But I have been unable to find documentation on how to configure the install code, or equivalently the preconfigured key in ZStack.

For reference, the over-the-air interaction I got when using Ember stack on both ESP and IPD follows (the IPD's preconfigured link key is set out-of-bands):
   IPD => MAC: Association Request
   ESP => MAC: Association Response
   ESP => APS Command: Key-transport key: Transport Key
   IPD => ZDP: Device_annce
   ESP => ZDP: Device_annce (broadcast)
   IPD => ZDP: Match_Desc_req
   ESP => ZDP: Match_Desc_rep
   ESP => APS Acknowledgement
   IPD => APS Acknowledgement
   IPD => SE: Key Establishment
   etc...

Indeed this is largely the same as the Daintree SNA example in SWRU215.

With the same Ember ESP, but with the [still broken?] ZStack IPD:
   IPD => MAC: Association Request
   ESP => MAC: Association Response
   ESP => APS Command: Key-transport key: Transport Key
and then nothing.

Stepping through the code, whenever the ESP sends the current network key, encrypted with the IPD's pre-configured link key, the stack trace is [at least]
   APSME_FrameSecRemoveCM()
   APSME_FrameSecurityRemove()
   NLDE_DataIndication()
   nwk_data_ind_processing()
   nwk_sys_event_processing()
   nwk_event_loop()
   osal_start_system()
   main()

This suggests that the IPD is at least trying to decipher the encrypted payload.  Of course, since the install code or equivalently the preconfigured link key is not properly written, the network key cannot be propagated to the IPD, and thus CBKE cannot start.

For more information on Smart Energy Key Establishment, see http://portal.ember.com/faq/se-key-establishment

See also http://www.ember.com/pdf/120-5058-000_SettingManufacturingCertificates.pdf, for the steps involved to configure the IEEE, Device Implicit Cer, Device Private Key, CA Pub Key *AND* the install code.

In case the question is lost in this post, I repeat: How do I write a preconfigured link key into ZStack?  (Preferably into non-volatile memory).


Thanks.
Voon