LMIC should init secure element; add missing APIs

Author: terrillmoore

src/lmic/lmic.c

@@ -2728,8 +2728,24 @@ void LMIC_reset (void) {
     LMIC.netDeviceTime = 0;     // the "invalid" time.
     LMIC.netDeviceTimeFrac = 0;
 #endif // LMIC_ENABLE_DeviceTimeReq
-}
 
+    // finally, initialize the secure element.
+    // As a temporary measure for testing, we grab the keys from the client using `os_getDevKey()`
+    // and so forth.  This needs rework for ABP and really isn't right for the long run,
+    // but OTAA will work.
+    if (LMIC_SecureElement_initialize() == LMIC_SecureElement_Error_OK) {
+        // send down the keys:
+        LMIC_SecureElement_Aes128Key_t appKey;
+        os_getDevKey(appKey.bytes);
+        LMIC_SecureElement_setAppKey(&appKey);
+
+        LMIC_SecureElement_EUI_t devEui, appEui;
+        os_getDevEui(devEui.bytes);
+        os_getArtEui(appEui.bytes);
+        LMIC_SecureElement_setDevEUI(&devEui);
+        LMIC_SecureElement_setAppEUI(&appEui);
+    }
+}
 
 void LMIC_init (void) {
     LMIC.opmode = OP_SHUTDOWN;

src/se/drivers/default/lmic_se_default.c

@@ -37,9 +37,31 @@
 
 #include "../../../lmic/lmic.h"
 
+static LMIC_SecureElement_EUI_t       s_devEUI;
+static LMIC_SecureElement_EUI_t       s_appEUI;
+static LMIC_SecureElement_Aes128Key_t s_appKey;
+
 static LMIC_SecureElement_Aes128Key_t s_nwkSKey;
 static LMIC_SecureElement_Aes128Key_t s_appSKey;
 
+static inline
+uint8_t *
+LMIC_SecureElement_DefaultI_GetAppEUIRef(void) {
+    return s_appEUI.bytes;
+}
+
+static inline
+uint8_t *
+LMIC_SecureElement_DefaultI_GetDevEUIRef(void) {
+    return s_devEUI.bytes;
+}
+
+static inline
+uint8_t *
+LMIC_SecureElement_DefaultI_GetAppKeyRef(void) {
+    return s_appKey.bytes;
+}
+
 static inline
 uint8_t *
 LMIC_SecureElement_DefaultI_GetNwkSKeyRef(void) {
@@ -52,6 +74,12 @@ LMIC_SecureElement_DefaultI_GetAppSKeyRef(void) {
     return s_appSKey.bytes;
 }
 
+
+static void appKeyToAESkey(void) {
+    memcpy(AESkey, s_appKey.bytes, sizeof(s_appKey.bytes));
+}
+
+
 /*!
 
 \copydoc LMIC_SecureElement_initialize_t
@@ -69,6 +97,51 @@ LMIC_SecureElement_Default_initialize(void) {
     return LMIC_SecureElement_Error_OK;
 }
 
+/*!
+
+\copydoc LMIC_SecureElement_setDevEUI_t
+
+\par "Implementation Notes"
+In the default secure element, the device EUI is stored in a static variable without obfuscation.
+
+*/
+
+LMIC_SecureElement_Error_t
+LMIC_SecureElement_Default_setDevEUI(const LMIC_SecureElement_EUI_t *pDevEUI) {
+    s_devEUI = *pDevEUI;
+    return LMIC_SecureElement_Error_OK;
+}
+
+/*!
+
+\copydoc LMIC_SecureElement_setAppEUI_t
+
+\par "Implementation Notes"
+In the default secure element, the app EUI is stored in a static variable without obfuscation.
+
+*/
+
+LMIC_SecureElement_Error_t
+LMIC_SecureElement_Default_setAppEUI(const LMIC_SecureElement_EUI_t *pAppEUI) {
+    s_appEUI = *pAppEUI;
+    return LMIC_SecureElement_Error_OK;
+}
+
+/*!
+
+\copydoc LMIC_SecureElement_setAppKey_t
+
+\par "Implementation Notes"
+In the default secure element, the appkey is stored in a static variable without obfuscation.
+
+*/
+
+LMIC_SecureElement_Error_t
+LMIC_SecureElement_Default_setAppKey(const LMIC_SecureElement_Aes128Key_t *pAppKey) {
+    s_appKey = *pAppKey;
+    return LMIC_SecureElement_Error_OK;
+}
+
 // ================================================================================
 // BEG AES
 
@@ -259,7 +332,7 @@ LMIC_SecureElement_Default_decodeMessage(
 
 
 static void aes_appendMic0 (xref2u1_t pdu, int len) {
-    os_getDevKey(AESkey);
+    appKeyToAESkey();
     os_wmsbf4(pdu+len, os_aes(AES_MIC|AES_MICNOAUX, pdu, len));  // MSB because of internal structure of AES
 }
 
@@ -286,8 +359,8 @@ LMIC_SecureElement_Default_createJoinRequest(
 
     xref2u1_t d = pJoinRequestBytes;
     d[OFF_JR_HDR] = ftype;
-    os_getArtEui(d + OFF_JR_ARTEUI);
-    os_getDevEui(d + OFF_JR_DEVEUI);
+    memcpy(d + OFF_JR_ARTEUI, s_appEUI.bytes, sizeof(s_appEUI.bytes));
+    memcpy(d + OFF_JR_DEVEUI, s_devEUI.bytes, sizeof(s_devEUI.bytes));
     os_wlsbf2(d + OFF_JR_DEVNONCE, LMIC.devNonce);
     aes_appendMic0(d, OFF_JR_MIC);
 
@@ -296,16 +369,15 @@ LMIC_SecureElement_Default_createJoinRequest(
     return LMIC_SecureElement_Error_OK;
 }
 
-
 static int aes_verifyMic0 (xref2u1_t pdu, int len) {
-    os_getDevKey(AESkey);
+    appKeyToAESkey();
     return os_aes(AES_MIC|AES_MICNOAUX, pdu, len) == os_rmsbf4(pdu+len);
 }
 
 
 
 static void aes_encrypt (xref2u1_t pdu, int len) {
-    os_getDevKey(AESkey);
+    appKeyToAESkey();
     os_aes(AES_ENC, pdu, len);
 }
 
@@ -319,9 +391,9 @@ static void aes_sessKeys (u2_t devnonce, xref2cu1_t artnonce, xref2u1_t nwkkey,
     os_copyMem(artkey, nwkkey, 16);
     artkey[0] = 0x02;
 
-    os_getDevKey(AESkey);
+    appKeyToAESkey();
     os_aes(AES_ENC, nwkkey, 16);
-    os_getDevKey(AESkey);
+    appKeyToAESkey();
     os_aes(AES_ENC, artkey, 16);
 }
 

src/se/i/lmic_secure_element_api.h

@@ -83,6 +83,10 @@ LMIC_SecureElement_getRandomU2_t LMIC_SecureElement_getRandomU2;
 LMIC_SecureElement_fillRandomBuffer_t LMIC_SecureElement_fillRandomBuffer;
 LMIC_SecureElement_setAppKey_t LMIC_SecureElement_setAppKey;
 LMIC_SecureElement_getAppKey_t LMIC_SecureElement_getAppKey;
+LMIC_SecureElement_setAppEUI_t LMIC_SecureElement_setAppEUI;
+LMIC_SecureElement_getAppEUI_t LMIC_SecureElement_getAppEUI;
+LMIC_SecureElement_setDevEUI_t LMIC_SecureElement_setDevEUI;
+LMIC_SecureElement_getDevEUI_t LMIC_SecureElement_getDevEUI;
 LMIC_SecureElement_setNwkSKey_t LMIC_SecureElement_setNwkSKey;
 LMIC_SecureElement_getNwkSKey_t LMIC_SecureElement_getNwkSKey;
 LMIC_SecureElement_setAppSKey_t LMIC_SecureElement_setAppSKey;
@@ -200,6 +204,34 @@ LMIC_SecureElement_getAppKey(LMIC_SecureElement_Aes128Key_t *pAppKey) {
     return LMIC_SecureElement_METHOD(LMIC_CFG_SecureElement_DRIVER, getAppKey)(pAppKey);
 }
 
+/// \copydoc LMIC_SecureElement_setAppEUI_t
+static inline
+LMIC_SecureElement_Error_t LMIC_ABI_STD
+LMIC_SecureElement_setAppEUI(const LMIC_SecureElement_EUI_t *pAppEUI) {
+    return LMIC_SecureElement_METHOD(LMIC_CFG_SecureElement_DRIVER, setAppEUI)(pAppEUI);
+}
+
+/// \copydoc LMIC_SecureElement_getAppEUI_t
+static inline
+LMIC_SecureElement_Error_t LMIC_ABI_STD
+LMIC_SecureElement_getAppEUI(LMIC_SecureElement_EUI_t *pAppEUI) {
+    return LMIC_SecureElement_METHOD(LMIC_CFG_SecureElement_DRIVER, getAppEUI)(pAppEUI);
+}
+
+/// \copydoc LMIC_SecureElement_setDevEUI_t
+static inline
+LMIC_SecureElement_Error_t LMIC_ABI_STD
+LMIC_SecureElement_setDevEUI(const LMIC_SecureElement_EUI_t *pDevEUI) {
+    return LMIC_SecureElement_METHOD(LMIC_CFG_SecureElement_DRIVER, setDevEUI)(pDevEUI);
+}
+
+/// \copydoc LMIC_SecureElement_getDevEUI_t
+static inline
+LMIC_SecureElement_Error_t LMIC_ABI_STD
+LMIC_SecureElement_getDevEUI(LMIC_SecureElement_EUI_t *pDevEUI) {
+    return LMIC_SecureElement_METHOD(LMIC_CFG_SecureElement_DRIVER, getDevEUI)(pDevEUI);
+}
+
 /// \copydoc LMIC_SecureElement_setNwkSKey_t
 static inline
 LMIC_SecureElement_Error_t LMIC_ABI_STD

src/se/i/lmic_secure_element_interface.h

@@ -280,6 +280,46 @@ LMIC_SecureElement_setAppSKey_t(const LMIC_SecureElement_Aes128Key_t *pAppSKey,
 typedef LMIC_SecureElement_Error_t LMIC_ABI_STD
 LMIC_SecureElement_getAppSKey_t(LMIC_SecureElement_Aes128Key_t *pAppSKey, LMIC_SecureElement_KeySelector_t iKey);
 
+/// \brief Get device EUI.
+///
+/// \param  pDevEUI [out]   device EUI.
+///
+/// \returns \ref LMIC_SecureElement_Error_OK for success, some other code for failure.
+///     Many secure elements will fail this request, because their purpose in life
+///     is guarding keys and preventing tampering.
+///
+typedef LMIC_SecureElement_Error_t LMIC_ABI_STD
+LMIC_SecureElement_getDevEUI_t(LMIC_SecureElement_EUI_t *pDevEUI);
+
+/// \brief Set device EUI.
+///
+/// \param  pDevEUI [in]    Device key for this secure element.
+///
+/// \returns \ref LMIC_SecureElement_Error_OK for success, some other code for failure.
+///
+typedef LMIC_SecureElement_Error_t LMIC_ABI_STD
+LMIC_SecureElement_setDevEUI_t(const LMIC_SecureElement_EUI_t *pDevEUI);
+
+/// \brief Get application EUI.
+///
+/// \param  pAppEUI [out]   application EUI for this secure element.
+///
+/// \returns \ref LMIC_SecureElement_Error_OK for success, some other code for failure.
+///     Many secure elements will fail this request, because their purpose in life
+///     is guarding keys and preventing tampering.
+///
+typedef LMIC_SecureElement_Error_t LMIC_ABI_STD
+LMIC_SecureElement_getAppEUI_t(LMIC_SecureElement_EUI_t *pAppEUI);
+
+/// \brief Set application EUI.
+///
+/// \param  pAppEUI [in]    application EUI for this secure element.
+///
+/// \returns \ref LMIC_SecureElement_Error_OK for success, some other code for failure.
+///
+typedef LMIC_SecureElement_Error_t LMIC_ABI_STD
+LMIC_SecureElement_setAppEUI_t(const LMIC_SecureElement_EUI_t *pAppEUI);
+
 /// \brief Create a join request.
 ///
 /// \param pJoinRequestBytes [out]  Buffer to be filled with the join request.
@@ -461,6 +501,10 @@ LMIC_SecureElement_aes128Encrypt_t(const uint8_t *pKey, const uint8_t *pInput, u
     LMIC_SecureElement_fillRandomBuffer_t LMIC_SecureElement_##a_driver##_fillRandomBuffer;     \
     LMIC_SecureElement_setAppKey_t LMIC_SecureElement_##a_driver##_setAppKey;                   \
     LMIC_SecureElement_getAppKey_t LMIC_SecureElement_##a_driver##_getAppKey;                   \
+    LMIC_SecureElement_setAppEUI_t LMIC_SecureElement_##a_driver##_setAppEUI;                   \
+    LMIC_SecureElement_getAppEUI_t LMIC_SecureElement_##a_driver##_getAppEUI;                   \
+    LMIC_SecureElement_setDevEUI_t LMIC_SecureElement_##a_driver##_setDevEUI;                   \
+    LMIC_SecureElement_getDevEUI_t LMIC_SecureElement_##a_driver##_getDevEUI;                   \
     LMIC_SecureElement_setNwkSKey_t LMIC_SecureElement_##a_driver##_setNwkSKey;                 \
     LMIC_SecureElement_getNwkSKey_t LMIC_SecureElement_##a_driver##_getNwkSKey;                 \
     LMIC_SecureElement_setAppSKey_t LMIC_SecureElement_##a_driver##_setAppSKey;                 \