2 \author Travis Goodspeed
3 \brief Chipcon SPI Register Interface
5 Unfortunately, there is very little similarity between the CC2420
6 and the CC2500, to name just two of the myriad of Chipcon SPI
7 radios. Auto-detection will be a bit difficult, but more to the
8 point, all high level functionality must be moved into the client.
11 //Higher level left to client application.
15 #include <stdlib.h> //added for itoa
20 //! Handles a Chipcon SPI command.
21 void ccspi_handle_fn( uint8_t const app,
25 // define the ccspi app's app_t
26 app_t const ccspi_app = {
38 "\tThe CCSPI app adds support for the Chipcon SPI register\n"
39 "\tinterface. Unfortunately, there is very little similarity\n"
40 "\tbetween the CC2420 and the CC2500, to name just two of the\n"
41 "\tmyriad of Chipcon SPI radios. Auto-detection will be a bit\n"
42 "\tdifficult, but more to the point, all high level functionality\n"
43 "\tmust be moved into the client.\n"
46 //! Set up the pins for CCSPI mode.
53 //P4OUT|=BIT5; //activate CC2420 voltage regulator
57 /*P4OUT&=~BIT6; FIXME Does the new code work on Z1 and Telosb?
62 //Begin a new transaction.
67 //! Read and write an CCSPI byte.
68 u8 ccspitrans8(u8 byte){
69 register unsigned int bit;
70 //This function came from the CCSPI Wikipedia article.
73 for (bit = 0; bit < 8; bit++) {
74 /* write MOSI on trailing edge of previous clock */
83 /* read MISO on trailing edge */
92 //! Reflexively jam on the present channel.
93 void ccspireflexjam(u16 delay){
95 #if defined(FIFOP) && defined(SFD) && defined(FIFO) && defined(PLED2DIR) && defined(PLED2PIN) && defined(PLED2OUT)
98 debugstr("Reflex jamming until reset.");
100 txdata(CCSPI,CCSPI_REFLEX,1); //Let the client continue its business.
102 //Wait until a packet is received
104 //Has there been an overflow in the RX buffer?
106 //debugstr("Clearing RX overflow");
108 ccspitrans8(0x08); //SFLUSHRX
112 //Turn on LED 2 (green) as signal
113 PLED2DIR |= PLED2PIN;
114 PLED2OUT &= ~PLED2PIN;
118 //Wait a few us to send it.
121 //Transmit the packet.
127 //Load the next jamming packet.
128 //Note: attempts to preload this actually slowed the jam time down from 7 to 9 bytes.
130 ccspitrans8(CCSPI_TXFIFO);
131 char pkt[5] = {0x05, 0, 0, 0, 0};
132 //char pkt[15] = {0x0f, 0x01, 0x08, 0x82, 0xff, 0xff, 0xff, 0xff, 0xde, 0xad, 0xbe, 0xef, 0xba, 0xbe, 0xc0};
133 //char pkt[12] = {0x0c, 0x01, 0x08, 0x82, 0xff, 0xff, 0xff, 0xff, 0xde, 0xad, 0xbe, 0xef};
134 for(i=0;i<pkt[0];i++)
138 //* I think this might be unnecessary.
139 //msdelay(100+delay); //Instead of waiting for pulse on SFD
143 ccspitrans8(0x09); //SFLUSHTX
147 //Turn off LED 2 (green) as signal
148 PLED2DIR |= PLED2PIN;
149 PLED2OUT |= PLED2PIN;
152 debugstr("Can't reflexively jam without SFD, FIFO, FIFOP, and P2LEDx definitions - try using telosb platform.");
157 //! Writes bytes into the CC2420's RAM. Untested.
158 void ccspi_pokeram(u8 addr, char *data, int len){
160 //Begin with the start address.
161 ccspitrans8(0x80 | (addr & 0x7F));
162 ccspitrans8(((addr>>1)&0xC0) // MSBits are high bits of 9-bit address.
163 // Read/!Write bit should be clear to write.
168 ccspitrans8(*data++);
173 //! Read bytes from the CC2420's RAM. Untested.
174 void ccspi_peekram(u16 addr, u8 *data, u16 len){
177 //Begin with the start address.
178 ccspitrans8(0x80 | (addr & 0x7F));
179 ccspitrans8(((addr>>1)&0xC0) // MSBits are high bits of 9-bit address.
180 | BIT5 // Read/!Write bit should be set to read.
185 *data++=ccspitrans8(0);
190 //! Updates the Nonce's sequence number.
191 void ccspi_updaterxnonce(u32 seq){
195 //! Writes a register
196 u8 ccspi_regwrite(u8 reg, const u8 *buf, int len){
199 reg=ccspitrans8(reg);
207 u8 ccspi_regread(u8 reg, u8 *buf, int len){
210 reg=ccspitrans8(reg);
212 *buf++=ccspitrans8(0);
218 //! Handles a Chipcon SPI command.
219 void ccspi_handle_fn( uint8_t const app,
225 //debugstr("Chipcon SPI handler.");
229 cmddata[0]|=0x40; //Set the read bit.
234 CLRSS; //Drop !SS to begin transaction.
235 j=cmddata[0];//Backup address.
237 cmddata[i]=ccspitrans8(cmddata[i]);
238 SETSS; //Raise !SS to end transaction.
239 cmddata[0]=j&~0x40;//Restore address.
240 txdata(app,verb,len);
247 i=cmddataword[1]; // Backup length.
248 ccspi_peekram(cmddataword[0], // First word is the address.
249 cmddata, // Return in the same buffer.
250 cmddataword[1] // Second word is the length.
255 ccspi_pokeram(cmddataword[0], //First word is address
256 cmddata+2, //Remainder of buffer is dat.
257 len-2 //Length implied by packet length.
263 //Has there been an overflow?
265 debugstr("Clearing overflow");
267 ccspitrans8(0x08); //SFLUSHRX
268 ccspitrans8(0x08); //SFLUSHRX
270 txdata(app,verb,0); //no packet
274 /* Uncomment this to wait around a bit for the packet.
275 Might reduce dropped packet count.
276 i=1000; //Number of tries.
277 while(!(FIFOP&&FIFO) && i--);
282 //Wait for completion.
287 ccspitrans8(CCSPI_RXFIFO | 0x40);
288 //ccspitrans8(0x3F|0x40);
289 cmddata[0]=0x20; //to be replaced with length
292 /* This reads too far on some CC2420 revisions, but on others it
293 works fine. It probably has to do with whether FIFO drops
294 before or after the SPI clocking.
296 A software fix is to reset the CC2420 between packets. This
297 works, but a better solution is desired.
299 //for(i=0;i<cmddata[0]+1;i++)
300 for(i=0;FIFO && i<0x80;i++)
301 cmddata[i]=ccspitrans8(0x00);
304 /* We used to flush the RX buffer after receive. No longer.
306 ccspitrans8(0x08); //SFLUSHRX
310 //Only transmit a packet if the length is legal.
311 if(cmddata[0]&0x80 || cmddata[0]==0) i=0;
319 debugstr("Can't RX a packet with SFD and FIFOP definitions.");
325 //Has there been an overflow?
327 debugstr("Clearing overflow");
329 ccspitrans8(0x08); //SFLUSHRX
331 txdata(app,verb,0); //no packet
337 //Wait for completion.
341 ccspitrans8(CCSPI_RXFIFO | 0x40);
343 cmddata[0]=ccspitrans8(0x00);
345 //Read the header first.
346 for(i=1;i<cmddata[0]+1 && i<0x11;i++)
347 cmddata[i]=ccspitrans8(0x00);
350 //Is the frame encrypted?
352 //Copy the sequence number to the Nonce.
355 //Decrypt the rest of the packet.
356 CLRSS; ccspitrans8(CCSPI_SRXDEC); SETSS;
358 //Wait for decryption to complete.
364 //Get the packet, which is now decrypted in position.
366 ccspitrans8(CCSPI_RXFIFO | 0x40);
367 //ccspitrans8(0x3F|0x40);
370 /* This reads too far on some CC2420 revisions, but on others it
371 works fine. It probably has to do with whether FIFO drops
372 before or after the SPI clocking.
374 A software fix is to reset the CC2420 between packets. This
375 works, but a better solution is desired.
377 for(;i<cmddata[0]+1;i++)
378 cmddata[i]=ccspitrans8(0x00);
381 //Only forward a packet if the length is legal.
382 if(cmddata[0]&0x80) i=0;
389 debugstr("Can't RX a packet with SFD and FIFOP definitions.");
396 ccspitrans8(CCSPI_SFLUSHRX);
403 ccspireflexjam(len?cmddataword[0]:0);
406 case CCSPI_REFLEX_AUTOACK:
407 #if defined(FIFOP) && defined(SFD) && defined(FIFO) && defined(PLED2DIR) && defined(PLED2PIN) && defined(PLED2OUT)
408 //txdata(app, verb, 1);
412 //Has there been an overflow in the RX buffer?
414 //debugstr("Clearing overflow");
416 ccspitrans8(0x08); //SFLUSHRX
420 //Wait until a packet is received
422 //Turn on LED 2 (green) as signal
423 PLED2DIR |= PLED2PIN;
424 PLED2OUT &= ~PLED2PIN;
426 //Put radio in TX mode
427 //Note: Not doing this slows down jamming, so can't jam short packets.
428 // However, if we do this, it seems to mess up our RXFIFO ability.
432 //Load the jamming packet
434 ccspitrans8(CCSPI_TXFIFO);
435 char pkt[7] = {0x07, 0x01, 0x08, 0xff, 0xff, 0xff, 0xff};
436 for(i=0;i<pkt[0];i++)
439 //Transmit the jamming packet
441 ccspitrans8(0x04); //STXON
443 msdelay(200); //Instead of examining SFD line status
446 ccspitrans8(0x09); //SFLUSHTX
449 //Get the orignally received packet, up to the seqnum field.
451 ccspitrans8(CCSPI_RXFIFO | 0x40);
453 cmddata[i]=ccspitrans8(0xde);
457 ccspitrans8(0x08); //SFLUSHRX
459 //Send the sequence number of the jammed packet back to the client
460 //itoa(cmddata[3], byte, 16);
462 //txdata(app,verb,cmddata[3]);
464 //TODO turn on AUTOCRC for it to apply to the TX???
465 // this may overcome issues of bad crc / length issues?
466 //mdmctrl0 (0x11) register set bit 5 to true.
468 //Create the forged ACK packet
469 cmddata[0] = 6; //length of ack frame plus length
470 cmddata[1] = 0x02; //first byte of FCF
471 cmddata[2] = 0x00; //second byte of FCF
472 //[3] is already filled with the sequence number
476 int q = (crc ^ c) & 15; //Do low-order 4 bits
477 crc = (crc / 16) ^ (q * 4225);
478 q = (crc ^ (c / 16)) & 15; //And high 4 bits
479 crc = (crc / 16) ^ (q * 4225);
481 cmddata[4] = crc & 0xFF;
482 cmddata[5] = (crc >> 8) & 0xFF;
484 for(i=0;i<cmddata[0];i++) {
485 itoa(cmddata[i], byte, 16);
488 //Load the forged ACK packet
490 ccspitrans8(CCSPI_TXFIFO);
491 for(i=0;i<cmddata[0];i++)
492 ccspitrans8(cmddata[i]);
494 //Transmit the forged ACK packet
497 ccspitrans8(0x04); //STXON
499 msdelay(200); //TODO try doing this based on SFD line status instead
502 ccspitrans8(0x09); //SFLUSHTX
505 //TODO disable AUTOCRC here again to go back to promiscous mode
507 //Turn off LED 2 (green) as signal
508 PLED2DIR |= PLED2PIN;
509 PLED2OUT |= PLED2PIN;
511 //TODO the firmware stops staying in this mode after a while, and stops jamming... need to find a fix.
513 debugstr("Can't reflexively jam without SFD, FIFO, FIFOP, and P2LEDx definitions - try using telosb platform.");
521 ccspitrans8(CCSPI_SFLUSHTX);
529 //Wait for last packet to TX.
530 //while(ccspi_status()&BIT3);
534 ccspitrans8(0x09); //SFLUSHTX
540 ccspitrans8(CCSPI_TXFIFO);
541 for(i=0;i<cmddata[0];i++)
542 ccspitrans8(cmddata[i]);
545 //Transmit the packet.
547 ccspitrans8(0x04); //STXON
550 //Wait for the pulse on SFD, after which the packet has been sent.
556 debugstr("Can't TX a packet with SFD and FIFOP definitions.");
561 debugstr("Not yet supported in CCSPI");
projects / goodfet / blob