Name and passphrase to AppEUI and NetworkKey

[Toby Jaffey]

In the Conduit web interface there is the option to give network credentials either as Name and Passphrase or EUI and Key.

I have two devices, one expects Name and Passphrase, the other EUI and Key.
I have setup the conduit up for Name and Passphrase but now want the other device to also connect.

Is it possible to generate a valid EUI and Key from Name and Passphrase?

The AT command guide says that:

AT+NK: Configured network key/passphrase (App Key in LoraMac) ## AT+NK=0,hex AT+NK=1,passphrase
(Net key = cmac(passphrase)) (16 bytes)

However, to calculate CMAC a key is needed, should this be the Name?

Is the correct calculation, CMAC(Name, Passphrase), where Name is 0x00 padded ASCII?

Thanks.

[Jason Reiss]

You can use AT+NK and AT+NI to retrieve the values in hex.

at+ni=1,hellothere
Set Network Name: hellothere

OK
at+ni
4d-b0-93-6c-d0-64-24-ec
Passphrase: ‘hellothere’

OK
at+nk=1,hellotoyou
Set Network Passphrase: hellotoyou

OK

at+nk
13.c7.2d.61.78.01.9e.db.dc.7e.a4.29.ad.82.a5.88
Passphrase: ‘hellotoyou’

OK

[Toby Jaffey]

That’s really useful.

If I want to derive the hex values programatically, is there any sample code or explanation of how I can do that?

Thanks.

[Jason Reiss]

AT command Source is available for using libmDot to derive the values problematically.
https://developer.mbed.org/teams/MultiTech/code/Dot-AT-Firmware/

See the definitions for the AT+NI and AT+NK commands.

What is the use case to want to do this outside of mDot/Conduit?
In most cases the EUI and Key can be used.

[Toby Jaffey]

I have a an mDot device which is configured to use name/pass. I have a third-party device which will only accept EUI and Key.

I want to set my Conduit up for name/pass then work out what values to put into the third party device. I’d like to build this into some management tools, so want to derive the values.

[Jason Reiss]

The default session key is used with the passphrase as input to the CMAC.

2b.7e.15.16.28.ae.d2.a6.ab.f7.15.88.09.cf.4f.3c

[hariharnath919@gmail.com]

I am also trying to connect the MDOT to the Chirpstack applications with 3rd party Gateway, as there is no concept of Network name and network passphrase in Chirpstack, I found that we can derive network id and network key using crc64(networkname) and cmac(passphrase).

I tried to look the source code of many repositories but couldn’t find or understand the implementation of those functions(cmac and CRC)

Could you please point me to the implementation source files to understand and derive the NI and NK

Also found from API docs that the NI and NK are automatically generated if we enter n/w name and passphrase. If so kindly let me know how can I get those generated NI and NK

[Jason Reiss]

Why would the generated values be better than using the appeui and appkey generated by chirpstack?

[hariharnath919@gmail.com]

Because we have a use case where there are hundreds of MDOTs already configured and the customer doesn’t want to re-configure all the MDots manually.
So we want to use the existing passphrase and name to get the Net ID and Net key

[Jason Reiss]

https://github.com/srned/baselib/blob/master/crc64.c

const std::string name = "NETWORKID";
uint64_t crc = 0;
crc = crc64(crc, (const uint8_t*) name.c_str(), name.size());

https://github.com/nullptr0807/aes128_cmac

const std::string passphrase = "NETWORKPASSPHRASE";
uint8_t key[KEY_LENGTH];
AES_CMAC_CTX ctx;

AES_CMAC_Init(&ctx);

// default session key is 2b.7e.15.16.28.ae.d2.a6.ab.f7.15.88.09.cf.4f.3c
AES_CMAC_SetKey(&ctx, LoRaConfig::defaultNetworkSessionKey);
AES_CMAC_Update(&ctx, (uint8_t*) passphrase.c_str(), passphrase.size() & 0xFF);
AES_CMAC_Final(key, &ctx);

[Author]

Posts