Basic File Encrypt

Demonstrates encrypting and decrypting files with ZentriOS-compatible encryption.

• SDK directory: apps/basic/file_encrypt

API Features Demonstrated

• Core/Debugging
  • zn_dump_buffer
• File System
  • zn_file_close
  • zn_file_create
  • zn_file_delete
  • zn_file_open
  • zn_file_write
• Settings/ZentriOS Settings
  • zn_settings_set_str
• Utilities/AES
  • aes_decrypt_cbc
  • aes_decrypt_ecb
  • aes_encrypt_cbc
  • aes_encrypt_ecb
  • aes_setkey_dec
  • aes_setkey_enc
• Utilities/Cryptography
  • zn_get_random_buffer
  • zn_get_random_uint32

Platforms

This app works on:

• AMW004 - Zentri Mackerel evaluation board
• AMW106 - Zentri Moray evaluation board
• AVN4343 - Avnet IoT Starter Kit
• NXP-SCCK - NXP Secure Cloud Connectivity Kit

Requirements and Prerequisites

This app requires a ZentriOS evaluation board. See the Platforms list above.

Description

This example demonstrates how to encrypt/decrypt a file for ZentriOS using a custom generated key. The file is encrypted and written to the extended flash file system.

ZentriOS can then read and decrypt the file.

Note that this code is for reference only. ZentriOS provides built-in encryption via the File System API.

This example is mainly intended to demonstrate how ZentriOS file encryption/decryption is done.

The algorithm should be ported to external systems that pre-encrypt files before downloading to the ZentriOS device.

For details of encryption and decryption procedures, see File System, Encrypting ZentriOS Files.

Usage Instructions

Open a ZentriOS serial terminal to the device. See Getting Started, Opening a ZentriOS Terminal.

When the ZAP runs, terminal output is similar to the following:

Starting File Encryption Example
User key Set
Generating buffer with 1500 bytes of dummy data
Encrypting file ...
Buffer: 0x10083658 (16): IV
E5 88 58 8C 77 35 8C A9 35 6C A9 31 6C EE CE E8
Buffer: 0x10083668 (16): HMAC
53 1C 13 83 80 07 BD 72 B8 9C 41 3B F9 52 EE 30
File not found
[Opened: 0]
> File created
[Closed: 0]
> Encrypted file created: encrypted_file_example.bin
Derypting file ...
[Opened: 0]
> Buffer: 0x100834b8 (16): IV
E5 88 58 8C 77 35 8C A9 35 6C A9 31 6C EE CE E8
Buffer: 0x10083668 (16): HMAC
53 1C 13 83 80 07 BD 72 B8 9C 41 3B F9 52 EE 30
[Closed: 0]
> File successfully decrypted into buffer
ZAP exited. Reboot to run again.

Implementation

main.c

zn_app_init

The script runs once then exits.

It sets the variable system.security_key to a key defined in the source.

It generates a buffer of dummy data, then calls encrypt_buffer_to_file() (encrypt.c) to encrypt the buffer to a file using the key.

It then calls decrypt_file_to_buffer() (decrypt.c) to decrypt the file to a buffer.

encrypt.c

encrypt_buffer_to_file

This demonstrates the details of ZentriOS file encryption.

Calls to zn_dump_buffer display IV and HMAC blocks on the ZentriOS terminal.

The encrypted file has a special format and has file system flags set to indicate the encryption state:

• The encrypted file is 32 bytes longer to store the IV and HMAC
• The FILE_FLAG_USER_ENCRYPTED flag indicates that the file is encrypted with the system.security_key specified by the user.
• The FILE_FLAG_ENCRYPTED flag indicates that the file is pre-encrypted. This tells ZentriOS NOT to encrypt the file as it is written.
• A CRC is required to verify that the encrypted file was properly written and able to be decrypted by ZentriOS.

decrypt.c

decrypt_buffer_from_file

This demonstrates the details of ZentriOS file decryption.

Calls to zn_dump_buffer display IV and HMAC blocks on the ZentriOS terminal.

Source

See:

• main.c
• encrypt.c
• decrypt.c
• crypto_utils.c
• crypto.h