Data Service Message Sequence Chart

4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 APSME shall act as the responder of this protocol and the APSME indicated by the InitiatorAddress

parameter shall act as the initiator of this protocol.

If the Accept parameter is FALSE, the local APSME shall halt and erase all intermediate data pertaining to the pending key-establishment protocol.

3.5.2.5 Data Service Message Sequence Chart

Figure 68 illustrates the sequence of primitives necessary for a successful key establishment between two devices.

Figure 68 Sequence chart for successful APSME-ESTABLISH-KEY primitives 3.5.2.6 The SKKE Protocol

The APSME on the initiator and responder execute the symmetric-key key-agreement scheme instantiated in B.2.1 and specified in B.7. The shared key, as specified in B.7 prerequisite step 2, shall be the master key shared between the initiator and responder devices as obtained from the appropriate master key element in the DeviceKeyPairSet attribute in the AIB. The messages sent during the scheme specified in B.7 shall be assigned to the frame names given in Table 148. The formats for these SKKE frames are given in sub-clause 3.5.9.1. The initiator device is responsible for sending the SKKE-1 and SKKE-3 frames and the responder device is responsible for sending the SKKE-2 and SKKE-4 frames. Additionally, if the UseParent parameter to the APSME-ESTABLISH-KEY.request primitive is TRUE, the responder device’s parent (as indicated by the ResponderParentAddress parameter to the APSME-ESTABLISH-KEY.request primitive) shall act as a liaison and forward messages between the initiator and responder devices.

During the key-establishment scheme, if the responder or initiator device detects any error condition listed in Table 149, the scheme shall be aborted and the local APSME shall issue the APSME-ESTABLISH-KEY.confirm primitive with the Status parameter set as indicated in Table 149. If no error conditions occur (i.e., the key-agreement scheme outputs 'valid'), then the initiator and responder shall consider the derived key (i.e., KeyData) as their newly shared link key. Both the initiator and responder shall update or add this link key to their AIB, set the corresponding incoming and outgoing frame counts to zero, and issue the APSME-ESTABLISH-KEY.confirm primitive with the Status parameter set to SUCCESS.

Table 148 Mapping of frame names to symmetric-key key agreement scheme messages Frame

Name Description Reference

SKKE-1 Sent by initiator during action step 1. (B.7.1) 3.5.2.6.2 5. APSME-ESTABLISH-KEY.confirm 2. APSME-ESTABLISH-KEY.indication 3. APSME-ESTABLISH-KEY.response

Initiator Device

Responder Device

ZDO APSME APSME

1. APSME-ESTABLISH-KEY.request

4. APSME-ESTABLISH-KEY.confirm

ZDO

SKKE Protocol

ZigBee Specification

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

3.5.2.6.1 Generating and sending the initial SKKE-1 frame

The SKKE protocol begins with the initiator device sending an SKKE-1 frame. The SKKE-1 command frame shall be constructed as specified in sub-clause 3.5.9.1.

If the UseParent parameter to the APSME-ESTABLISH-KEY.request primitive is FALSE, the initiator device shall begin the protocol by sending this SKKE-1 frame directly to the responder device (as indicated by the ResponderAddress parameter to the APSME-ESTABLISH-KEY.request primitive). Otherwise, the initiator device shall begin the protocol by sending this SKKE-1 frame to the responder device’s parent (as indicated by the ResponderParentAddress parameter to the APSME-ESTABLISH-KEY.request primitive).

The SKKE-1 frame shall be sent using the NLDE-DATA.request primitive with NWK layer security set to the default NWK layer security level.

3.5.2.6.2 On receipt of the SKKE-1 frame

If the responder address field of the SKKE-1 frame does not equal the local device address, the APSME shall perform the following steps:

SKKE-2 Sent by responder during action step 2. (B.7.2) 3.5.2.6.3 SKKE-3 Sent by initiator during action step 11. (B.7.1) 3.5.2.6.4 SKKE-4 Sent by responder during action step 8. (B.7.2) 3.5.2.6.5

Table 149 Mapping of symmetric-key key agreement error conditions to status codes

Status Description Status Code Value

No errors occur SUCCESS 0x00

An invalid parameter was input to one of the key

establish-ment primitives. INVALID_PARAMETER 0x01

No master key is available NO_MASTER_KEY 0x02

Challenge is invalid:

Initiator during action step 4. (B.7.1) Responder during action step 1. (B.7.2)

INVALID_CHALLENGE 0x03

SKG outputs invalid:

Initiator during action step 5. (B.7.1) Responder during action step 3. (B.7.2)

INVALID_SKG 0x04

MAC transformation outputs invalid:

Initiator during action step 11. (B.7.1) Responder during action step 7. (B.7.2)

INVALID_MAC 0x05

Tag checking transformation outputs invalid:

Initiator during action step 9. (B.7.1) Responder during action step 10. (B.7.2)

INVALID_KEY 0x06

Either the initiator or responder waits for an expected incom-ing message for time greater than the apsSecurityTimeOut-Period attribute of the AIB.

TIMEOUT 0x07

Either the initiator or responder receives an SKKE frame out

of order. BAD_FRAME 0x08

Table 148 Mapping of frame names to symmetric-key key agreement scheme messages

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 1. If the device given by the responder address field is not a child of the local device, the SKKE-1 frame

shall be discarded.

2. Otherwise, the APSME of the local device shall send the SKKE-1 frame to the responder device using the NLDE-DATA.request primitive, with the DestAddr parameter set to the 16-bit address corresponding to the 64-bit address in the responder address field of the SKKE-1 frame, the DiscoverRoute parameter set to 0x01¹⁸⁰, and the SecurityEnable parameter set to FALSE.

3. Otherwise, the APSME shall perform the following steps:

4. If the device does not have a master key corresponding to the initiator address field, the SKKE-1 frame shall be discarded and the APSME-ESTABLISH-KEY.confirm primitive shall be issued with the

Status parameter set to NO_MASTER_KEY (see Table 149). The APSME should halt processing for this SKKE protocol.

5. Otherwise, the APSME shall issue an APSME-ESTABLISH-KEY.indication primitive with the InitiatorAddress parameter set to the initiator address field of the SKKE-1 frame and the KeyEstablishmentMethod parameter set to 0 (i.e., the SKKE protocol).

6. After issuing the APSME-ESTABLISH-KEY.indication primitive, and upon receipt of the corresponding APSME-ESTABLISH-KEY.response primitive, the APSME shall evaluate the InitiatorAddress and Accept parameters of the received APSME-ESTABLISH-KEY.response primitive. If the InitiatorAddress parameter is set to the initiator address of the SKKE-1 frame and the Accept parameter set to FALSE, the APSME shall halt the SKKE protocol and discard the SKKE-1 frame.

7. Otherwise, it shall construct an SKKE-2 frame as specified in sub-clause 3.5.9.1. If the source of the SKKE-1 frame indicates the same device as the initiator address field of the SKKE-1 frame, the device shall send this SKKE-2 frame directly to the initiator device using the NLDE-DATA.request primitive, with the DestAddr parameter set to the source of the SKKE-1 frame, the DiscoverRoute parameter set to 0x01¹⁸¹, and the SecurityEnable parameter set to TRUE. Otherwise, the device shall send the SKKE-2 frame to its parent using the NLDE-DATA.request primitive, with the DiscoverRoute parameter set to

182, and the SecurityEnable parameter set to FALSE.

3.5.2.6.3 On receipt of the SKKE-2 frame

If the initiator address field of the SKKE-2 frame does not equal the local device address, the APSME shall perform the following steps:

1. If the device given by the responder address field is not a child of the local device, the SKKE-2 frame shall be discarded.

2. Otherwise, the device shall send the SKKE-2 to the initiator device using the NLDE-DATA.request primitive with NWK layer set to the default level.

Otherwise, the device shall construct an SKKE-3 frame as specified in sub-clause 3.5.9.1. If the source of the SKKE-2 frame is the same as the responder address field of the SKKE-2 frame, the device shall send this SKKE-3 frame directly to the responder device. Otherwise, the device shall send the SKKE-3 frame to the responder’s parent. The SKKE-3 frame shall be sent using the NLDE-DATA.request primitive with NWK layer security set to the default NWK layer security level.

180CCB Comment #256 181Ibid

182Ibid

ZigBee Specification

1 2