[riot-users] CC2538DK board and encryption in the "default" example

Stuart Longland stuartl at vrt.com.au
Thu May 18 06:22:04 CEST 2017


Hi all,

We've got a project where we're considering using the RIOT-OS
microkernel in a 6LoWPAN product and have a desire to use Link-Layer
encryption.  Thus, I'm experimenting with a couple of boards to see if I
can get this working.

I noticed discussion of various CFLAGS needed.  The changes I've made:

diff --git a/examples/default/Makefile b/examples/default/Makefile
index 2d2a457..4fefd8c 100644
--- a/examples/default/Makefile
+++ b/examples/default/Makefile
@@ -23,6 +23,7 @@ RIOTBASE ?= $(CURDIR)/../..
 # which is not needed in a production environment but helps in the
 # development process:
 CFLAGS += -DDEVELHELP
+CFLAGS += -DCRYPTO_AES

 # Change this to 0 show compiler invocation lines by default:
 QUIET ?= 1

So that by rights, should turn on AES.

I managed to get the code compiled easy enough and am able to flash it
via the JTAG interface (have to use TI's Uniflash tool for that, openocd
doesn't seem to support it).  The boards start just fine and I'm able to
send clear-text data from one to the other.

Great.  Now to turn on link-layer encryption.  I see there are some
options there:

>> ifconfig help
> ifconfig help
> 
> usage: ifconfig [<if_id>]
> usage: ifconfig <if_id> set <key> <value>
>       Sets an hardware specific specific value
>       <key> may be one of the following
>        * "addr" - sets (short) address
>        * "addr_long" - sets long address
>        * "addr_short" - alias for "addr"
>        * "channel" - sets the frequency channel
>        * "chan" - alias for "channel"
>        * "csma_retries" - set max. number of channel access attempts
>        * "cca_threshold" - set ED threshold during CCA in dBm
>        * "nid" - sets the network identifier (or the PAN ID)
>        * "page" - set the channel page (IEEE 802.15.4)
>        * "pan" - alias for "nid"
>        * "pan_id" - alias for "nid"
>        * "power" - TX power in dBm
>        * "retrans" - max. number of retransmissions
>        * "src_len" - sets the source address length in byte
>        * "state" - set the device state
>        * "encrypt" - set the encryption on-off
>        * "key" - set the encryption key in hexadecimal format
> 
> usage: ifconfig <if_id> mtu <n>
> usage: ifconfig <if_id> [-]{promisc|autoack|ack_req|csma|autocca|cca_threshold|preload|iphc|rtr_adv}
> usage: ifconfig <if_id> add [anycast|multicast|unicast] <ipv6_addr>[/prefix_len]
> usage: ifconfig <if_id> del <ipv6_addr>

Right, lets try turn it on:
>> ifconfig 4 set key 0123456789abcdef0123456789abcdef
> ifconfig 4 set key 0123456789abcdef0123456789abcdef
> 
> 
> Notice: setting 128 bit key.error: unable to set encryption key
>> ifconfig 4 set encrypt on
> ifconfig 4 set encrypt on
> 
> error: unable to set encryption

Now I'm aware that the CC2538 is alleged to have "basic" support, am I
getting this message because link-layer encryption is one of the missing
pieces, or is there something I have missed?
-- 
     _ ___             Stuart Longland - Systems Engineer
\  /|_) |                           T: +61 7 3535 9619
 \/ | \ |     38b Douglas Street    F: +61 7 3535 9699
   SYSTEMS    Milton QLD 4064       http://www.vrt.com.au


More information about the users mailing list