Chapter 3 - Cryptographic Primitives
In this chapter, we are going to introduce the types of encryption primitives, algorithms and protocol building blocks used in the Matter communication standard and provide a brief yet practical explanation for each of these.
Given a version of the message format, cryptographic primitives are mapped to specific instances. There is no cryptographic negotiation in this protocol: a copy of the message format has a cipher suite defined in this chapter.
In each section, the cryptographic primitives are generally defined, along with specific mappings to specific instances of these cryptographic primitives, for version 1.0. This chapter can also be used as a guide on which cryptographic primitives should be supported by a device. It is necessary to pay attention to the fact that not all devices are required to support all of them. For example, a device may not require the initial (Crypto_PBKDF); Because the values based on this operation in some cases can be calculated and stored in advance during the device manufacturing process. In this chapter, the proposed functional mapping is normative according to the values calculated by the functions, but it is considered informative according to the way the functions are connected in the implementations. For example, a function that returns both a Boolean to indicate success and a value if the operation succeeds can be implemented using exception mechanisms instead of returning a Boolean.
The cryptographic primitives discussed in this article operate on data local to the host. Where more complex data types exist and their external representation is applicable, this chapter addresses coding details. Simple multi-byte data types with no additional context are assumed to be in host byte order when used internally for a procedure, unless otherwise specified.
Cryptographic methods
- Deterministic Random Bit Generator (DRBG)
This protocol relies on random numbers for many security purposes. For example, random numbers are used in generating secret keys, counters, cryptographic signature generation random secrets, etc.
- True Random Number Generator (TRNG)
A TRNG (aka. Entropy Source) is required to provide an entropy seed as an input to the DRBG algorithm.
- Hash function (Hash)
Crypto Hash () computes the cryptographic hash of a message.
- Keyed-Hash Message Authentication Code (HMAC)
Crypto_HMAC () computes the cryptographic keyed-hash message authentication code of a message.
- Public Key Cryptography
Matter specifies the following scheme and parameters for public key cryptography:
- Group
- Key generation
- Signature and verification (Include Signature and Signature verification)
- ECDH
- Certificate validation
- Time and date considerations for certificate path validation
- Data Confidentiality and Integrity
Symmetric block ciphers are used to provide message security.
All unicast and multicast messages between Nodes requiring protection for confidentiality and
integrity with data origin authentication SHALL use Authenticated Encryption with Associated Data (AEAD) as primitive to protect those messages:
- Generate and encrypt
- Generate and encrypt
- Message privacy
Message privacy is implemented using a block cipher in CTR mode:
- Privacy encryption
- Privacy decryption
- Key Derivation Function (KDF)
Matter specifies the following key derivation function to generate encryption keys
- Password-Based Key Derivation Function (PBKDF)
Matter specifies the following password-based key derivation function to compute a derived key
from a cryptographically weak password
- Password-Authenticated Key Exchange (PAKE)
This protocol uses password-authenticated key exchange (PAKE) for the PASE protocol:
- Computation of pA
- Computation of pA
- Computation of transcript TT
- Computation of cA, cB and Ke
