- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- Product Forums
- :
- Wireless Connectivity
- :
- Elliptic curve cryptography (ECC) library for ZigBee Smart Energy
Elliptic curve cryptography (ECC) library for ZigBee Smart Energy
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Elliptic curve cryptography (ECC) library for ZigBee Smart Energy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello folks,
Thanks to Alexandru Andreescu who put together a very nice description about ECC for our ZigBee SE stack:
On the ECC library:
The Smart Energy 1.x solutions from BeeKit are exported with an empty stub ECC library for the Certificate Based Key Establishment procedure (CBKE). This library does not implement ECC functionality but otherwise still establishes a key through SEP1 ECC-based key exchange mechanisms. Using the stub, the generated key will however always be the same.
For certification and production, a full ECC library is needed. One can request the SDK from Certicom at this location free of charge (some terms and conditions apply):
To add the Certicom library to the project, copy both eccapi.h and libecc.a from Certicom to [Project]/BeeApps/SE/. Ensure gEccIncluded_d and gFullEcc_d are set to TRUE in SEProfile.h. One should only recompile the project to enable full ECC functionality.
On the Test Certificates:
The Freescale solutions come with 3 test certificates and corresponding public private key pairs (see SEProfile.c) that can be used in certification testing. The certificates are linked with a specific device MAC/EUI64 address (in our case 0x0000000000000001, 0x1111111111111111 and 0x0000000000000002). You can find the MAC address embedded in the certificate.
To generate certificates for other MAC addresses, you have to register for this service on Certicom's website (http://www.certicom.com/index.php/gencertregister). You will receive 4 values when you will generate new certificates:
- CA Public Key which will be copied in CertAuthPubKey.
- Device Implicit Cert which will be copied in DeviceImplicitCert.
- Device Private Key which will be copied in DevicePrivateKey.
- Device Public Key which will be copied in DevicePublicKey.
On Production Devices (after certification):
For production purposes, one has to replace the test certificates and keys with the production ones. These differ by Issuer ID field, so a device with a test certificate (which is submitted for SEP1 ZigBee certification) will not interoperate with a device with production certificates. To register for production certificates go tohttp://www.certicom.com/index.php/regzigbee.
Besides the steps for the test certificates, one will have to update CertAuthIssuerID to [0x00, 0x22, 0x08, 0x00, 0x00, 0x00, 0x00, 0x01].
More detailed information about the Certicom ZigBee Smart Energy SDk can be found in the following PDF file: http://www.certicom.com/images/pdfs/ZigBee/faq-zigbee-security.pdf
jc_pacheco
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to complete the info regarding the 3 certificates included in the demo.
Those were generated for the following MAC Addresses:
- 0x0000000000000001 --> Coordinator
- 0x1111111111111111 --> Router or ED
- 0x0000000000000002 --> Other Router or ED
By default if a Coordinator is programmed, it will automatically use the certificate for 0x0000000000000001
By default if a non-Coordinator device is programmed, it will select the certificate for 0x1111111111111111 … if you want to use the certificate for 0x0000000000000002 you’ll have to modify SeProfile.c to use it instead of the one for 0x1111111111111111
Here’s the section of the code:
-----------------------
#if ( gCoordinatorCapability_d )
IdentifyCert_t DeviceImplicitCert = {
0x02,0x04,0xac,0x2c,0x26,0x56,0xf1,0xee,0xa4,0xff,0x5d,0xac,0x4e,0xdd,0xa1,0x76,0xbf,0xe4,0xfa,0x70,0xd9,0x56
,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x54,0x45,0x53,0x54,0x53,0x45,0x43,0x41,0x01,0x09,0x00,0x01,0x00,0x00
,0x00,0x00,0x00,0x00};
uint8_t DevicePrivateKey[gZclCmdKeyEstab_PrivateKeySize_c] = {0x00,0x75,0xa9,0x4b,0x20,0x2e,0xbe,0xc8,0x89,0xa2,0xea,
0x70,0xdb,0x3f,0xbf,0x31,0xfa,0x7c,0xa1,0xe5,0x33};
uint8_t DevicePublicKey[gZclCmdKeyEstab_CompressedPubKeySize_c] = {0x03,0x03,0x19,0x89,0xf6,0xd4,0x94,0x74,0xe8,0xe8,0x50,
0x78,0xfc,0x77,0x40,0x97,0x78,0xf5,0x8d,0x94,0xd4,0x85};
#else
/*Cert 2*/
IdentifyCert_t DeviceImplicitCert = {
0x02 ,0x04 ,0xac ,0x2c ,0x26 ,0x56 ,0xf1 ,0xee ,0xa4 ,0xff ,0x5d ,0xac ,0x4e ,0xdd ,0xa1 ,0x76 ,0xbf ,0xe4 ,0xfa ,0x70 ,0xd9 ,0x56,
0x11 ,0x11 ,0x11 ,0x11 ,0x11 ,0x11 ,0x11 ,0x11 ,0x54 ,0x45 ,0x53 ,0x54 ,0x53 ,0x45 ,0x43 ,0x41 ,0x01 ,0x09 ,0x00 ,0x01 ,0x00 ,0x00,
0x00 ,0x00 ,0x00 ,0x00};
uint8_t DevicePrivateKey[gZclCmdKeyEstab_PrivateKeySize_c] = {
0x03 ,0xad ,0x06 ,0x1f ,0x0a ,0x0d ,0x4b ,0x8e ,0xdb ,0x94 ,0xf3 ,0x5e ,0x51 ,0x1d ,0xa8 ,0x7e ,0x12 ,0xa5 ,0x42 ,0x95 ,0xf0};
uint8_t DevicePublicKey[gZclCmdKeyEstab_CompressedPubKeySize_c] = {
0x03 ,0x05 ,0xae ,0x1a ,0x16 ,0x67 ,0x79 ,0x7a ,0xfe ,0x37 ,0x75 ,0x26 ,0xf4 ,0x53 ,0x3b ,0x0f ,0x8a ,0x03 ,0xd2 ,0x15 ,0xf9 ,0x8a};
#if 0
IdentifyCert_t DeviceImplicitCert = {
0x02,0x04,0xac,0x2c,0x26,0x56,0xf1,0xee,0xa4,0xff,0x5d,0xac,0x4e,0xdd,0xa1,0x76,0xbf,0xe4,0xfa,0x70,0xd9,0x56
,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x54,0x45,0x53,0x54,0x53,0x45,0x43,0x41,0x01,0x09,0x00,0x01,0x00,0x00
,0x00,0x00,0x00,0x00
};
uint8_t DevicePrivateKey[gZclCmdKeyEstab_PrivateKeySize_c] = {0x00,0x56,0x97,0x73,0x52,0x61,0x19,0xc5,0x5a,0x87,0x31,
0x44,0x6b,0x46,0x43,0x7c,0xe8,0xc2,0xe3,0xa2,0x82};
uint8_t DevicePublicKey[gZclCmdKeyEstab_CompressedPubKeySize_c] = {0x02,0x04,0x12,0xd9,0x24,0x2a,0x4f,0x46,0xe1,0x6c,0x2d,
0xf2,0x0f,0x2c,0x2e,0x6c,0xaf,0xc8,0x9f,0x86,0x91,0x3b};
#endif
#endif
--------------------------
So, the application is generated to use a coordinator with MAC 0x0000000000000001 and a non-Coordinator device (ZR or ZED) with MAC 0x1111111111111111 for the certificates to match the MAC address and avoid modifying the example code or generating another certificate. If a 3rd device is added, the MAC0x0000000000000002 is to be used and SeProfile.c has to be adapted for that.
