• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 54 subscribers
  • Views 539 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

RTOS/CC1312R: Secuirty setting up problem. How to set keyIdMode = ApiMac_keyIdMode_implicit

MarcusCWLiang
Prodigy 160 points
Part Number: CC1312R

Tool/software: TI-RTOS

Hi

I'm working on the latest SDK "simplelink_cc13x2_sdk_2_20_00_71".

(1) Does TI provides any document for describing the implementation of security in 15.4 stack? I got some problems on setting up the security, it's hard to understand these variables...

/******************************************************************************
 Local security variables
 *****************************************************************************/

static CONST ApiMac_keyIdLookupDescriptor_t keyIdLookupList[] =
    {
      {
        /* Key identity data */
        { 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x03 },
        0x01 /* 9 octets */
      }
    };

/* Key device list can be modified at run time */
static CONST ApiMac_keyDeviceDescriptor_t keyDeviceList[] =
    {
      { 0x00, false, false },
      { 0x00, false, false },
      { 0x00, false, false },
      { 0x00, false, false },
      { 0x00, false, false },
      { 0x00, false, false },
      { 0x00, false, false },
      { 0x00, false, false }
    };

static CONST ApiMac_keyUsageDescriptor_t keyUsageList[] =
    {
      { MAC_FRAME_TYPE_DATA, MAC_DATA_REQ_FRAME }
    };

#ifdef SUPPORT_MOXA_BOARD
STATIC ApiMac_keyDescriptor_t keyTable[] =
#else
STATIC CONST ApiMac_keyDescriptor_t keyTable[] =
#endif
    {
      {
        (ApiMac_keyIdLookupDescriptor_t *)keyIdLookupList,
        KEY_ID_LOOKUP_ENTRIES,
        (ApiMac_keyDeviceDescriptor_t *)keyDeviceList,
        KEY_DEVICE_TABLE_ENTRIES,
        (ApiMac_keyUsageDescriptor_t *)keyUsageList,
        KEY_USAGE_TABLE_ENTRIES,
        KEY_TABLE_DEFAULT_KEY,
        0 /* frame counter */
      }
    };

STATIC CONST ApiMac_securityPibSecurityLevelEntry_t securityLevelEntry =
    {
      0,
      { MAC_FRAME_TYPE_DATA, MAC_DATA_REQ_FRAME, 0, false }
    };

STATIC CONST ApiMac_secLevel_t secLevel = ApiMac_secLevel_encMic32;

STATIC CONST ApiMac_keyIdMode_t secKeyIdMode = ApiMac_keyIdMode_8;
/* cant be zero for implicit key identifier */
STATIC CONST uint8_t secKeyIndex = 3;

STATIC bool macSecurity = CONFIG_SECURE;
#endif /* FEATURE_MAC_SECURITY */

(2) By using the default setting in the SDK, I can see the packets are encrypted.

I want to reduce the transmitted packet length by modifying the "secKeyIdMode" from "ApiMac_keyIdMode_8" to "ApiMac_keyIdMode_implicit", packets are unable to be transmitted and the dataCnfCb returns with the status "ApiMac_status_unavailableKey". Did I miss any configuration?

(3) Base on the "IEEE std 802.15.4", if I set the key identified mode to 0x00(ApiMac_keyIdMode_implicit), then the key is determined implicitly from the originator and recipient(s) of the frame, as indicated in the frame header. So the key that set by "keyTable[0].key" would not be used?

Thanks!

  • 0
    TI__Genius 12415 points

    Hi,

    the out of the box examples are not configured to use ApiMac_keyIdMode_implicit therefore if you want to use this key id mode you will have to add some extra code based on how the IEEE 802.15.4 specification defines the key look up when using ApiMac_keyIdMode_implicit.

    Unfortunately we don't have any examples on how to do this but I can give you a few pointers on how you would go about using ApiMac_keyIdMode_implicit

    first set the Macro "MAX_KEY_ID_LOOKUP_ENTRIES" to MAX_DEVICE_TABLE_ENTRIES

    and also set "MAX_KEY_DEVICE_TABLE_ENTRIES" to 1   see code snipped below

     /* MAC key table related constants */
 #ifndef MAX_KEY_ID_LOOKUP_ENTRIES
   #define MAX_KEY_ID_LOOKUP_ENTRIES         MAX_DEVICE_TABLE_ENTRIES //1
 #endif

 #ifndef MAX_KEY_DEVICE_TABLE_ENTRIES
     #define MAX_KEY_DEVICE_TABLE_ENTRIES        1 //MAX_DEVICE_TABLE_ENTRIES
 #endif

    You will also need to change the function  Cllc_addSecDevice as shown in the code below

    ApiMac_status_t Cllc_addSecDevice(uint16_t panID, uint16_t shortAddr,
                         ApiMac_sAddrExt_t *pExtAddr, uint32_t frameCounter)
{
    if(macSecurity == true)
    {
        ApiMac_securityPibKeyIdLookupEntry_t lookUpEntry;
        lookUpEntry.keyIndex = 0;
        lookUpEntry.keyIdLookupIndex = Csf_getNumDeviceListEntries();// Index where the new lookup entry will be added
        lookUpEntry.lookupEntry.lookupDataSize = 0x00; // size will be 5 octets since we are setting this for short address mode
        lookUpEntry.lookupEntry.lookupData[0] = Util_loUint16(panID);
        lookUpEntry.lookupEntry.lookupData[1] = Util_hiUint16(panID);
        lookUpEntry.lookupEntry.lookupData[2] = Util_loUint16(shortAddr);
        lookUpEntry.lookupEntry.lookupData[3] = Util_hiUint16(shortAddr);
        lookUpEntry.lookupEntry.lookupData[4] = 0;       
        
        return ApiMac_mlmeSetSecurityReqStruct(ApiMac_securityAttribute_keyIdLookupEntry, &lookUpEntry);
    }
    else
    {
        return(ApiMac_status_success);
    }
}

    Please note that I have not tested this, this is just based on how the IEEE 802.15.4 spec describes the usage of implicit key id mode and it is meant to point you in the right direction 

  • 0 in reply to Hector_r
    Prodigy 160 points
    Hi Hector,

    Thanks for your reply, I tried to add your code to my collector, but it still doesn't work.

    First, when association, the setting of keyIdLookupEntry returns "ApiMac_status_success".
    However, the dataCnfCb still returns "ApiMac_status_unavailableKey".

    Any advice?

    Thanks!
  • 0 in reply to MarcusCWLiang
    TI__Genius 12415 points

    Hi,

    Actually I think I made some mistakes in the code I proposed, see my corrections below

    /* MAC key table related constants */
#ifndef MAX_KEY_ID_LOOKUP_ENTRIES
  #define MAX_KEY_ID_LOOKUP_ENTRIES         MAX_DEVICE_TABLE_ENTRIES //1
#endif

 
#ifndef MAX_KEY_DEVICE_TABLE_ENTRIES
    #define MAX_KEY_DEVICE_TABLE_ENTRIES        MAX_DEVICE_TABLE_ENTRIES
#endif

    see correction for addSecDevice bellow

    ApiMac_status_t Cllc_addSecDevice(uint16_t panID, uint16_t shortAddr,
                         ApiMac_sAddrExt_t *pExtAddr, uint32_t frameCounter)
{
    if(macSecurity == true)
    {
        ApiMac_secAddDevice_t device;
        uint8_t keyIndex = 0;
        ApiMac_securityPibKeyIdLookupEntry_t lookUpEntry;
        lookUpEntry.keyIndex = keyIndex;
        lookUpEntry.keyIdLookupIndex = Csf_getNumDeviceListEntries();// Index where the new lookup entry will be added
        lookUpEntry.lookupEntry.lookupDataSize = 0x00; // size will be 5 octets since we are setting this for short address mode
        lookUpEntry.lookupEntry.lookupData[0] = Util_loUint16(panID);
        lookUpEntry.lookupEntry.lookupData[1] = Util_hiUint16(panID);
        lookUpEntry.lookupEntry.lookupData[2] = Util_loUint16(shortAddr);
        lookUpEntry.lookupEntry.lookupData[3] = Util_hiUint16(shortAddr);
        lookUpEntry.lookupEntry.lookupData[4] = 0;  
        ApiMac_mlmeSetSecurityReqStruct(ApiMac_securityAttribute_keyIdLookupEntry, &lookUpEntry);
        

        device.panID = panID;
        device.shortAddr = shortAddr;
        memcpy(device.extAddr, pExtAddr, sizeof(ApiMac_sAddrExt_t));
        device.frameCounter = frameCounter;
        device.exempt = false;

        /* get the key lookup information from the initial loaded key */
        device.keyIdLookupDataSize = lookUpEntry.lookupEntry.lookupDataSize;
        memcpy(device.keyIdLookupData, lookUpEntry.lookupEntry.lookupData, 5);

        device.uniqueDevice = false;
        device.duplicateDevFlag = false;

        return(ApiMac_secAddDevice(&device));
    }
    else
    {
        return(ApiMac_status_success);
    }
}

    Also make sure to make the same changes to the sensor side.

    Note that this will require more RAM since you need to keep a lookup entry per device, I recommend you instead try using secKeyIdMode = ApiMac_keyIdMode_1 since this will not increase the usage in ram and will only send a key index over the air intead of key index + key source. Also if you use ApiMac_keyIdMode_1 I think you shouldnt need to do any changes in the default project other than setting secKeyId to ApiMac_keyIdMode_1

    Let me know if this works for you