-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
drivers/xbee: add optional AES encryption support #2842
drivers/xbee: add optional AES encryption support #2842
Conversation
@@ -75,6 +75,11 @@ | |||
#define XBEE_DEFAULT_CHANNEL (17U) | |||
|
|||
/** | |||
* @brief Set this flag to 1 allows the use of AES encryption in the Xbee Driver | |||
*/ | |||
#define OPT_AES_ENCRYPTION (0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please surround with #ifndef OPT_AES_ENCRYPTION
I would honestly add this as a submodule |
DEBUG("xbee: Initialization successful\n"); | ||
return 0; | ||
} | ||
|
||
int xbee_encrypt_config(xbee_t * dev, uint8_t * key_buf, unsigned int encryption_toggle) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rather than adding a function for this you can use ng_netdev->driver->set()
for that by adding NETCONF_OPT_ENCRYPTION
and NETCONF_OPT_ENCRYPTION_KEY
to ng_netconf.h
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(regardless of that: it seems weird to me to have one function to set two options)
@authmillenon I agree with your thoughts, let me know if I have understand:
is this right? |
To the first 1. and 2. yes. At the second 1. no, you would copy the value from |
|
||
static int _set_aes_encryption_key(xbee_t *dev, size_t size) { | ||
|
||
uint8_t cmd[18]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Inconsistent indentation in this function
Ok, so second 1( I wanted to write 3...) should be:
with XBEE_DEFAULT_ENCRYPT_ENABLE a macro equal to 1. As far as I understand the _set() function is called by ng_nomac_init thread in I can't figure out on how to use ng_netconf_enable_t to puts encryption on/off... |
Actually res = dev->driver->set(dev, opt->opt, opt->data, opt->data_len); can be called by everyone. Since the network stack itself is using netapi however ng_netconf_enable_t tmp = NETCONF_ENABLE;
uint8_t key_buf[XBEE_ENCRYPTION_KEY_LEN]={
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
};
_set_encryption(dev, &tmp, sizeof(ng_netconf_enable));
_set_encryption_key(dev, key_buf, sizeof(key_buf) but actually I would ditch these function calls in the initialization function: dev->encrypt = 1;
memcpy(dev->encrypt_key, key_buf, sizeof(key_buf)). and leave the use of |
Sorry for the late reply, Following your instruction (Thanks for that) I got it working. uint8_t encrypt = (uint8_t) NETCONF_ENABLE;
static uint8_t key_buf[16]={0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,};
dev.driver->set((ng_netdev_t *)&dev,NETCONF_OPT_ENCRYPTION, &encrypt,1);
dev.driver->set((ng_netdev_t*)&dev,NETCONF_OPT_ENCRYPTION_KEY,key_buf,sizeof(key_buf)); With this method the two value in the device descriptor uint8_t * encrypt_key;
unsigned int encrypt;
} xbee_t; are useless and can be removed. dev->encrypt = 1;
memcpy(dev->encrypt_key, key_buf, sizeof(key_buf)). Let me know your thought, thanks Francesco |
I interpret this code as part of your main.c... If not say so.
Then were do you store the encryption status and key for the device?!? IMHO |
Well, to set encryption in the xbee you only need to write two commands EE1 and KY+(value of the key). uint8_t encrypt = (uint8_t) NETCONF_ENABLE; // that is the 1 for the EE command
static uint8_t key_buf[16]={0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,}; //that is the value for the KY command than, when I launch set() I pass those value: dev.driver->set((ng_netdev_t *)&dev,NETCONF_OPT_ENCRYPTION, &encrypt,1);
dev.driver->set((ng_netdev_t*)&dev,NETCONF_OPT_ENCRYPTION_KEY,key_buf,sizeof(key_buf)); In this way, you don't need to store the encryption status and the key address inside the driver, once those value are set, they are stored inside the Xbee. Then, If you need to have dev->encrypt_status and dev->encrypt_key to communicate those value at the network layer, we can set those value...of course... but What I wanted to say it's that with this approach It's not necessary. |
Ah, now I get it. For the
I don't understand why you cast here... [edit: make |
I'll remove the casting. static int _set_encryption(xbee_t *dev, uint8_t *val, size_t len){
dev->encrypt = *val; // store the current status of encryption in the device descriptor
... Please, take note that dev.driver->set((ng_netdev_t *)&dev,NETCONF_OPT_ENCRYPTION, &encrypt,1); it's also used by the user (in main.c) to turn off the encryption, i.e write EE 0. for that, It's sufficient that the user changes the value: I know that this implementation doesn't sound good, because the function that set encryption are outside the driver, but it's the user that optionally decide to either turn on/off the encryption or to change the value of the key, and, I guess, the user 'behavior' are defined in main.c, not inside the driver. Anyway, I appreciate the help you're giving me. |
0b67857
to
0e12d75
Compare
@authmillenon Today I found the time to fix some merge conflicts and minor issues and now Travis is ok; if are you still interested about Xbee encryption option, then take a look at changes. Thanks, F. |
This PR neems another rebase. |
0d8ddf4
to
0d134b7
Compare
@OlegHahm rebased. Sorry for the late reply, I thought that this PR was useless at this moment since the encryption is an optional. If you wish to merge this PR, maybe, some changes are required in order to follow the philosophy of the driver that uses shell commands to set optional value i.e NETCONF_OPT_CHANNEL. Should I modify some shell commands functions ? |
0d134b7
to
6034fdb
Compare
@Yonezawa-T2 Thanks for the explanation. I can proceed apply the patches |
Updated my branch https://github.com/Yonezawa-T2/RIOT/commits/drivers_xbee_encryption_3 |
Thanks @Yonezawa-T2, will you close this PR and open a new PR from your branch? |
I will not open a new PR. If @FrancescoErmini cannot proceed, I will open a new PR but it will be late. |
Sorry @Yonezawa-T2 I misunderstood...I saw that in your branch you already did all patches that you told me to do and I thought that I wouldn't proceed anymore. The code in your branch looks fine....you add both the hex patch and the 95 MTU patch....does it miss something? |
cec455d
to
f068544
Compare
It should work fine but I'm not sure there are no another pitfalls.
Surely, please. |
return 1; | ||
} | ||
|
||
key[i] = (uint8_t)((i1 << 4) + i2); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, this should be key[i / 2]
.
Tested with RIOT and XCTU without any problems :). Other than the style fix, ACK. Please squash.
|
310167c
to
b48305f
Compare
cmd[1] = 'Y'; | ||
|
||
for (int i=0; i < 16; i++) { /* Append the key to the KY API AT command */ | ||
cmd[i + 2]=val[i]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add spaces around = sign in above two lines and squash immediately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed, thanks!
d1de7b9
to
0c12db0
Compare
We have to update |
c3d3743
to
ff4473e
Compare
|
add encryption to drivers fix new line at the end of file add shell command for enable encryption and set encryption key on a given device modify _net_if_set_encrypt_key to support any key length modify _net_if_set_encrypt_key to support any key length of the key modify blank line fix ace before tab in indent fix ace before tab indent fix ace before tab indent an error fix trailing white space drivers/xbee: encryption support add encryption to drivers fix new line at the end of file add shell command for enable encryption and set encryption key on a given device modify _net_if_set_encrypt_key to support any key length modify _net_if_set_encrypt_key to support any key length of the key modify blank line fix ace before tab in indent fix ace before tab indent fix ace before tab indent an error fix trailing white space modify drivers/xbee/xbee.c fix white spaces on xbee.c Update xbee encryption driver white line at end xbee.h fix error fix sc_netif.c fix rebase master interactive drivers/xbee: encryption support add encryption to drivers fix new line at the end of file add shell command for enable encryption and set encryption key on a given device modify _net_if_set_encrypt_key to support any key length modify _net_if_set_encrypt_key to support any key length of the key modify blank line fix ace before tab in indent fix ace before tab indent fix ace before tab indent an error fix trailing white space drivers/xbee: encryption support add encryption to drivers fix new line at the end of file add shell command for enable encryption and set encryption key on a given device modify _net_if_set_encrypt_key to support any key length modify _net_if_set_encrypt_key to support any key length of the key modify blank line fix ace before tab in indent fix ace before tab indent fix ace before tab indent an error fix trailing white space modify drivers/xbee/xbee.c fix white spaces on xbee.c Update xbee encryption driver white line at end xbee.h fix error fix rebase conflict 4 fix same missing in patches changes fix ascii to hex index parser fix syntax rules fix syntax issue 2 add _netopt_strmap NETOPT_ENCRYPTION e NETOPT_ENCRYPTION_KEY fix trailng white spaces
bdf4037
to
9fa4684
Compare
Murdock is happy. ACK and go. |
Cool, a small step closer to a secure IoT. 👍 Thanks for the nice contribution, @FrancescoErmini and thanks for the shepherding, @Yonezawa-T2! |
OK. Thanks to @Yonezawa-T2 and @authmillenon ! I hope that this PR would be a first step to start experimenting security on IEEE 802.15.4 WSN! The style fixes on |
To use AES encryption with Xbee module, change the value in the macro
define OPT_AES_ENCRYPTION (1)
and use the function:
xbee_encrypt_config(&dev,key_buf,1);
WARNING: if want to disable encryption, before set OPT_AES_ENCRYPTION (0) run xbee_encrypt_config(&dev,key_buf,0) to change the EE value in the Xbee to 1.