2 \author Travis Goodspeed
3 \brief Chipcon SPI Register Interface
5 Unfortunately, there is very little similarity between the CC2420
6 and the CC2500, to name just two of the myriad of Chipcon SPI
7 radios. Auto-detection will be a bit difficult, but more to the
8 point, all high level functionality must be moved into the client.
11 //Higher level left to client application.
15 #include <stdlib.h> //added for itoa
20 //! Handles a Chipcon SPI command.
21 void ccspi_handle_fn( uint8_t const app,
25 // define the ccspi app's app_t
26 app_t const ccspi_app = {
38 "\tThe CCSPI app adds support for the Chipcon SPI register\n"
39 "\tinterface. Unfortunately, there is very little similarity\n"
40 "\tbetween the CC2420 and the CC2500, to name just two of the\n"
41 "\tmyriad of Chipcon SPI radios. Auto-detection will be a bit\n"
42 "\tdifficult, but more to the point, all high level functionality\n"
43 "\tmust be moved into the client.\n"
46 //! Set up the pins for CCSPI mode.
53 //P4OUT|=BIT5; //activate CC2420 voltage regulator
57 /*P4OUT&=~BIT6; FIXME Does the new code work on Z1 and Telosb?
62 //Begin a new transaction.
67 //! Read and write an CCSPI byte.
68 u8 ccspitrans8(u8 byte){
69 register unsigned int bit;
70 //This function came from the CCSPI Wikipedia article.
73 for (bit = 0; bit < 8; bit++) {
74 /* write MOSI on trailing edge of previous clock */
83 /* read MISO on trailing edge */
92 //! Reflexively jam on the present channel.
93 void ccspireflexjam(u16 delay){
95 #if defined(FIFOP) && defined(SFD) && defined(FIFO) && defined(PLED2DIR) && defined(PLED2PIN) && defined(PLED2OUT)
98 debugstr("Reflex jamming until reset.");
100 txdata(CCSPI,CCSPI_REFLEX,1); //Let the client continue its business.
102 //Wait until a packet is received
104 //Has there been an overflow in the RX buffer?
106 //debugstr("Clearing RX overflow");
108 ccspitrans8(0x08); //SFLUSHRX
112 //Turn on LED 2 (green) as signal
113 PLED2DIR |= PLED2PIN;
114 PLED2OUT &= ~PLED2PIN;
118 //Wait a few us to send it.
121 //Transmit the packet.
127 //Load the next jamming packet.
128 //Note: attempts to preload this actually slowed the jam time down from 7 to 9 bytes.
130 ccspitrans8(CCSPI_TXFIFO);
131 char pkt[5] = {0x05, 0, 0, 0, 0};
132 //char pkt[15] = {0x0f, 0x01, 0x08, 0x82, 0xff, 0xff, 0xff, 0xff, 0xde, 0xad, 0xbe, 0xef, 0xba, 0xbe, 0xc0};
133 //char pkt[12] = {0x0c, 0x01, 0x08, 0x82, 0xff, 0xff, 0xff, 0xff, 0xde, 0xad, 0xbe, 0xef};
134 for(i=0;i<pkt[0];i++)
138 //* I think this might be unnecessary.
139 //msdelay(100+delay); //Instead of waiting for pulse on SFD
143 ccspitrans8(0x09); //SFLUSHTX
147 //Turn off LED 2 (green) as signal
148 PLED2DIR |= PLED2PIN;
149 PLED2OUT |= PLED2PIN;
152 debugstr("Can't reflexively jam without SFD, FIFO, FIFOP, and P2LEDx definitions - try using telosb platform.");
157 //! Writes bytes into the CC2420's RAM. Untested.
158 void ccspi_pokeram(u8 addr, char *data, int len){
160 //Begin with the start address.
161 ccspitrans8(0x80 | (addr & 0x7F));
162 ccspitrans8(((addr>>1)&0xC0) // MSBits are high bits of 9-bit address.
163 // Read/!Write bit should be clear to write.
168 ccspitrans8(*data++);
173 //! Read bytes from the CC2420's RAM. Untested.
174 void ccspi_peekram(u16 addr, u8 *data, u16 len){
177 //Begin with the start address.
178 ccspitrans8(0x80 | (addr & 0x7F));
179 ccspitrans8(((addr>>1)&0xC0) // MSBits are high bits of 9-bit address.
180 | BIT5 // Read/!Write bit should be set to read.
185 *data++=ccspitrans8(0);
190 //! Updates the Nonce's sequence number.
191 void ccspi_updaterxnonce(u32 seq){
195 //! Writes a register
196 u8 ccspi_regwrite(u8 reg, const u8 *buf, int len){
199 reg=ccspitrans8(reg);
207 u8 ccspi_regread(u8 reg, u8 *buf, int len){
210 reg=ccspitrans8(reg);
212 *buf++=ccspitrans8(0);
218 //! Handles a Chipcon SPI command.
219 void ccspi_handle_fn( uint8_t const app,
225 //debugstr("Chipcon SPI handler.");
229 cmddata[0]|=0x40; //Set the read bit.
234 CLRSS; //Drop !SS to begin transaction.
235 j=cmddata[0];//Backup address.
237 cmddata[i]=ccspitrans8(cmddata[i]);
238 SETSS; //Raise !SS to end transaction.
239 cmddata[0]=j&~0x40;//Restore address.
240 txdata(app,verb,len);
247 i=cmddataword[1]; // Backup length.
248 ccspi_peekram(cmddataword[0], // First word is the address.
249 cmddata, // Return in the same buffer.
250 cmddataword[1] // Second word is the length.
255 ccspi_pokeram(cmddataword[0], //First word is address
256 cmddata+2, //Remainder of buffer is dat.
257 len-2 //Length implied by packet length.
263 //Has there been an overflow?
265 debugstr("Clearing overflow");
267 ccspitrans8(0x08); //SFLUSHRX
269 txdata(app,verb,0); //no packet
275 //Wait for completion.
280 ccspitrans8(CCSPI_RXFIFO | 0x40);
281 //ccspitrans8(0x3F|0x40);
282 cmddata[0]=0x20; //to be replaced with length
285 /* This reads too far on some CC2420 revisions, but on others it
286 works fine. It probably has to do with whether FIFO drops
287 before or after the SPI clocking.
289 A software fix is to reset the CC2420 between packets. This
290 works, but a better solution is desired.
292 for(i=0;i<cmddata[0]+1;i++)
293 //for(i=0;FIFO && i<0x80;i++)
294 cmddata[i]=ccspitrans8(0x00);
297 /* We used to flush the RX buffer after receive. No longer.
299 ccspitrans8(0x08); //SFLUSHRX
303 //Only transmit a packet if the length is legal.
304 if(cmddata[0]&0x80) i=0;
311 debugstr("Can't RX a packet with SFD and FIFOP definitions.");
317 //Has there been an overflow?
319 debugstr("Clearing overflow");
321 ccspitrans8(0x08); //SFLUSHRX
323 txdata(app,verb,0); //no packet
329 //Wait for completion.
333 ccspitrans8(CCSPI_RXFIFO | 0x40);
335 cmddata[0]=ccspitrans8(0x00);
337 //Read the header first.
338 for(i=1;i<cmddata[0]+1 && i<0x11;i++)
339 cmddata[i]=ccspitrans8(0x00);
342 //Is the frame encrypted?
344 //Copy the sequence number to the Nonce.
347 //Decrypt the rest of the packet.
348 CLRSS; ccspitrans8(CCSPI_SRXDEC); SETSS;
350 //Wait for decryption to complete.
356 //Get the packet, which is now decrypted in position.
358 ccspitrans8(CCSPI_RXFIFO | 0x40);
359 //ccspitrans8(0x3F|0x40);
362 /* This reads too far on some CC2420 revisions, but on others it
363 works fine. It probably has to do with whether FIFO drops
364 before or after the SPI clocking.
366 A software fix is to reset the CC2420 between packets. This
367 works, but a better solution is desired.
369 for(;i<cmddata[0]+1;i++)
370 cmddata[i]=ccspitrans8(0x00);
373 //Only forward a packet if the length is legal.
374 if(cmddata[0]&0x80) i=0;
381 debugstr("Can't RX a packet with SFD and FIFOP definitions.");
388 ccspitrans8(CCSPI_SFLUSHRX);
395 ccspireflexjam(len?cmddataword[0]:0);
398 case CCSPI_REFLEX_AUTOACK:
399 #if defined(FIFOP) && defined(SFD) && defined(FIFO) && defined(PLED2DIR) && defined(PLED2PIN) && defined(PLED2OUT)
400 //txdata(app, verb, 1);
404 //Has there been an overflow in the RX buffer?
406 //debugstr("Clearing overflow");
408 ccspitrans8(0x08); //SFLUSHRX
412 //Wait until a packet is received
414 //Turn on LED 2 (green) as signal
415 PLED2DIR |= PLED2PIN;
416 PLED2OUT &= ~PLED2PIN;
418 //Put radio in TX mode
419 //Note: Not doing this slows down jamming, so can't jam short packets.
420 // However, if we do this, it seems to mess up our RXFIFO ability.
424 //Load the jamming packet
426 ccspitrans8(CCSPI_TXFIFO);
427 char pkt[7] = {0x07, 0x01, 0x08, 0xff, 0xff, 0xff, 0xff};
428 for(i=0;i<pkt[0];i++)
431 //Transmit the jamming packet
433 ccspitrans8(0x04); //STXON
435 msdelay(200); //Instead of examining SFD line status
438 ccspitrans8(0x09); //SFLUSHTX
441 //Get the orignally received packet, up to the seqnum field.
443 ccspitrans8(CCSPI_RXFIFO | 0x40);
445 cmddata[i]=ccspitrans8(0xde);
449 ccspitrans8(0x08); //SFLUSHRX
451 //Send the sequence number of the jammed packet back to the client
452 //itoa(cmddata[3], byte, 16);
454 //txdata(app,verb,cmddata[3]);
456 //TODO turn on AUTOCRC for it to apply to the TX???
457 // this may overcome issues of bad crc / length issues?
458 //mdmctrl0 (0x11) register set bit 5 to true.
460 //Create the forged ACK packet
461 cmddata[0] = 6; //length of ack frame plus length
462 cmddata[1] = 0x02; //first byte of FCF
463 cmddata[2] = 0x00; //second byte of FCF
464 //[3] is already filled with the sequence number
468 int q = (crc ^ c) & 15; //Do low-order 4 bits
469 crc = (crc / 16) ^ (q * 4225);
470 q = (crc ^ (c / 16)) & 15; //And high 4 bits
471 crc = (crc / 16) ^ (q * 4225);
473 cmddata[4] = crc & 0xFF;
474 cmddata[5] = (crc >> 8) & 0xFF;
476 for(i=0;i<cmddata[0];i++) {
477 itoa(cmddata[i], byte, 16);
480 //Load the forged ACK packet
482 ccspitrans8(CCSPI_TXFIFO);
483 for(i=0;i<cmddata[0];i++)
484 ccspitrans8(cmddata[i]);
486 //Transmit the forged ACK packet
489 ccspitrans8(0x04); //STXON
491 msdelay(200); //TODO try doing this based on SFD line status instead
494 ccspitrans8(0x09); //SFLUSHTX
497 //TODO disable AUTOCRC here again to go back to promiscous mode
499 //Turn off LED 2 (green) as signal
500 PLED2DIR |= PLED2PIN;
501 PLED2OUT |= PLED2PIN;
503 //TODO the firmware stops staying in this mode after a while, and stops jamming... need to find a fix.
505 debugstr("Can't reflexively jam without SFD, FIFO, FIFOP, and P2LEDx definitions - try using telosb platform.");
513 ccspitrans8(CCSPI_SFLUSHTX);
521 //Wait for last packet to TX.
522 //while(ccspi_status()&BIT3);
526 ccspitrans8(0x09); //SFLUSHTX
532 ccspitrans8(CCSPI_TXFIFO);
533 for(i=0;i<cmddata[0];i++)
534 ccspitrans8(cmddata[i]);
537 //Transmit the packet.
539 ccspitrans8(0x04); //STXON
542 //Wait for the pulse on SFD, after which the packet has been sent.
548 debugstr("Can't TX a packet with SFD and FIFOP definitions.");
553 debugstr("Not yet supported in CCSPI");
projects / goodfet / blob