Skip to content

Guide: Contiki ↔ Linux, with llsec

Zopieux edited this page Mar 16, 2016 · 1 revision

This article is a quick guide on configuring both a Contiki mote and a Linux device with a wpan interface. We'll focus on having LLSEC (link-layer security) enabled both sides for encrypted communications.

These instructions were tested successfully on February 2016 with OpenMote devices running Contiki 3.x and a Rapsberry Pi running Raspbian Linux (rpi-4.4.y) with an MRF24J40 [1] radio.

Contiki configuration

Contiki LLSEC implementation is currently called noncoresec. Adapt your project-conf.h to use the noncoresec netstack framer and noncoresec netstack llsec. We'll use the 802.15.4 security level encryption + 32-bit MIC (decimal value 5 in the spec) but any other value is fine. Please note security level 1 is considered not secure [2].

In this example we use an implicit key. Contiki also supports explicit keys but the author has not tested them yet.

#define NETSTACK_CONF_LLSEC noncoresec_driver
#define NETSTACK_CONF_FRAMER noncoresec_framer
#define LLSEC802154_CONF_SECURITY_LEVEL FRAME802154_SECURITY_LEVEL_ENC_MIC_32
// Sample key
#define NONCORESEC_CONF_KEY {   \
	0x00, 0x01, 0x02, 0x03, \
	0x04, 0x05, 0x06, 0x07, \
	0x08, 0x09, 0x0A, 0x0B, \
	0x0C, 0x0D, 0x0E, 0x0F, \
}

Linux/iwpan configuration

You have to configure the Linux LLSEC stack, for example through iwpan, to communicate with the Contiki device.

First, retrieve the Contiki device 802.15.4 extended address. In this example, this is 00:22:4e:00:06:00:84:8a. Then we can proceed. Adapt the variables as needed. The short address is set to the generic (invalid) 0xffff because Contiki doesn't seem to use short addressing.

WPAN=wpan0
PANID=0xabcd
SHORTADDR=0xffff
EXTADDR=0x00224e000600848a
KEY=00:01:02:03:04:05:06:07:08:09:0a:0b:0c0:0d:0e:0f
iwpan dev $WPAN set security 1
iwpan dev $WPAN key add 2 $KEY 0 $PANID 3 $EXTADDR
iwpan dev $WPAN seclevel add 0xff 2 0
iwpan dev $WPAN device add 0 $PANID $SHORTADDR $EXTADDR 0 0

Don't forget to use the same radio channel as the one used by the Contiki device. You can set the channel on Linux using iwpan phy phy0 set channel 0 <channel>, assuming the physical device is called phy0.

You should now be able, on Linux, to receive & decrypt 802.15.4 frames sent by Contiki. If you want to emit from Linux, you have to configure out_level and out_key_id. Note that currently, noncoresec requires the same security level and key for both inbound and outbound frames, meaning you have to set out_level to the same value as the one in Contiki project-conf.h, and the out_key_id must be an implicit extended key (iwpan syntax: 0 <panid> 3 <addr>).

[1] As of February 2016, the MRF24j40 driver contains a bug that prevents receiving secured frames; a patch set was sent to the kernel to fix the issue.
[2] https://www.cs.berkeley.edu/~daw/papers/15.4-wise04.pdf
You can’t perform that action at this time.