================================================================================================================================================

Wednesday, January 26, 2022

String and File Encryption with AES - Code Testing on Raspberry Pi Pico

    


On this page:

Introduction

    Data Encryption has become an absolute necessity in today's world of internet. In embedded systems also, it has become an integrated part due to the wide spread of IoT and other online systems. Sometimes we also need files to be encrypted on local storage like built-in flash or memory cards, etc. to protect certain information. There are various algorithms to encrypt files. Here, we are going to compare some library implementation examples of the most used standard today, AES. 

    The Advance Encryption Standard (AES) is a block cipher, which uses 128 or 192 or 256 bit key to encrypt or decrypt 128 bit (16 byte) block of input data. So, the input file (or data string) is processed in blocks of 16 bytes each, as per the Block Cipher mode of operation (see the wiki here). In addition, based on the mode of operation, Initialization Vector (IV) is also required for AES, which is unique (usually generated run time) for each encryption operation.

    I was checking out some libraries to use for file encryption in a project. So, I decided to test them mainly for the speed of encryption/ decryption, which is the subject of this post. The resultant test codes with terminal outputs are given here. These may serve purpose of example/ demo code for newcomers interested in checking out AES functionality in their programs. For testing these code examples, only hardware required is a Raspberry Pi Pico board and the USB programming cable, and you are ready to go with a laptop/PC loaded with IDE (PlatformIO or Arduino).

    Here, I'm comparing four AES libraries, tested on Raspberry Pi Pico, to check out mainly the speed and code size for the implementation. These four libraries are:


    1. Mbed AES Lib, by Neil Thiessen
    2. Arduino AES Lib, by Matej Sychra
    3. MbedTLS Lib, by ARMmbed
    4. tiny-AES-c Lib, by kokke

    All these libraries are tested here using almost same main code, with same input character string (plain text), same key and same IV. 128-bit and 256-bit AES (CBC mode) testing is done for all libraries. The key in the code is kept 256 bit long, so that the 128/192/256 AES can be selected just by changing a macro in the file. The encryption and decryption times are measured and displayed on terminal.
    Please note that these key and IV are only for the testing only, not for practical usage. In reality, usually the key is secret and IV is different for each string/file.
    The codes are tested in PlatformIO IDE, Raspberry Pi Pico-Arduino platform, which is the Arduino-Mbed package. These codes can be run in Arduino IDE as well, selecting the "Arduino Mbed OS RP2040 Board" in the board manager. The codes can be easily adopted to any other 32bit controller/IDE as well with minimum modifications.

Note: For PlatformIO, create new project and copy the downloaded files (from .zip) into the project folder. In Arduino, use main.cpp as a sketch (after renaming with .ino extension) and put the library files into the library folder of your arduino sketchbook and ignore the platformio.ini file.


Case 1: Mbed AES Lib (by Neil Thiessen)

    This library is posted in the Mbed repository, as a light-weight AES implementation with Cipher Block Chaining and Ciphertext Stealing (url: https://os.mbed.com/users/neilt6/code/AES/). 
(I had done minor modifications, mainly defining char as uint8_t, in the variable/function declarations to remove some compiler errors/warnings, during earlier testing on Mbed-Studio IDE. The same files have been used here). 
    (AES-128/192/256 option is selected here by setting AES::KEY_XXX, where XXX is the 128/192/256, in the arguments of the function aes.setup(), before encrypt and decrypt functions)

Code (aesTest1):
/*
Program for Testing AES (CBC) Encryption using Mbed AES library (by Neil Thiessen)
Library url: https://os.mbed.com/users/neilt6/code/AES/
by CC Dharmani, Jan 2021
Tested on: Raspberry Pi Pico (PlatformIO, Arduino-Mbed)
*/
#include <Arduino.h>
#include "AES_lib.h"
//AES Encryption Key (given here only as an example)
uint8_t aes_key[32] = {0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30};
//General initialization vector (given here only as an example)
uint8_t aes_iv[16] = {0x01, 0x01, 0x01, 0x01,
0x02, 0x02, 0x02, 0x02,
0x03, 0x03, 0x03, 0x03,
0x04, 0x04, 0x04, 0x04};
void setup() {
//Open serial communications and wait for port to open:
Serial.begin(115200);
while (!Serial);
delay(1000);
Serial.println("\nTesting AES lib on Raspberry Pi Pico (mbed-arduino)");
}
char plainText[] = "AES_Test_1 - Hello! Testing AES Encryption here";
AES aes; //Encryption object declaration
void loop() {
uint32_t t1, t2;
//Print the original message
Serial.println("\nINPUT: " + (String)plainText);
int dataLength = sizeof(plainText);
if((dataLength % 16) != 0) dataLength += 16 - (dataLength % 16); //keep the length multiple of 16 for encryption/ decryption
char* processText = new char[dataLength];
for(uint i=0; i<sizeof(plainText); i++) processText[i] = plainText[i];
//Encrypt the message in-place
aes.setup(aes_key, AES::KEY_128, AES::MODE_CBC, aes_iv);
t1 = micros();
aes.encrypt(processText, dataLength);
t2 = micros();
aes.clear();
//Print the encrypted message
Serial.print("Cipher Text: ");
for (int i=0; i<dataLength;i++) {
Serial.print((char)processText[i], HEX);
}
Serial.print("\nEncryption Time (us): "); Serial.println(t2-t1);
//Decrypt the message in-place
aes.setup(aes_key, AES::KEY_128, AES::MODE_CBC, aes_iv);
t1 = micros();
aes.decrypt(processText, dataLength);
t2 = micros();
aes.clear();
//Print the decrypted message
Serial.print("Plain Text: "); Serial.println(processText);
Serial.print("Decryption Time (us): "); Serial.println(t2-t1);
if (String(processText).equals(plainText)) Serial.println("SUCCESS");
else Serial.println("FAILURE");
delete [] processText;
while(!Serial.available()); //wait till a serial receive
Serial.read(); //flush the received character
}
view raw main.cpp hosted with ❤ by GitHub


Results

Compiler Output:
RAM: [== ] 15.2% (used 41076 bytes from 270336 bytes) Flash: [ ] 0.2% (used 4134 bytes from 2097152 bytes)

Terminal Output (AES-128):
INPUT: AES_Test_1 - Hello! Testing AES Encryption here Cipher Text: D56B041BF7AEEA37818A98F224F38376ECB83D9F56A3354A64DFFA05D87704F7E4B86DF2E64197B66843BE995B Encryption Time (us): 1305 Plain Text: AES_Test_1 - Hello! Testing AES Encryption here Decryption Time (us): 2337 SUCCESS

Terminal Output (AES-256):
INPUT: AES_Test_1 - Hello! Testing AES Encryption here Cipher Text: ACAC7D235752782F65C4C9ABB5AA5BD60D2B5DECDD0E94035CA2B49785C295132885FD282A96C32C7A95184931ED4E Encryption Time (us): 1842 Plain Text: AES_Test_1 - Hello! Testing AES Encryption here Decryption Time (us): 3338 SUCCESS

Download Code files:
  • aesTest1.zip (main.cpp, AES_lib.cpp, AES_lib.h and platformio.ini)    

Case 2: Arduino AESLib Library (by Matej Sychra)

     This library is part of Arduino libraries (AESLib - Arduino Reference), as an ESP32/ESP8266 library for Arduino IDE to wrap AES encryption with Base64 support. This works on Pi Pico as well. Repository url is: https://github.com/suculent/thinx-aes-lib. The library files are used as downloaded without any changes.
     (AES-128/192/256 option is selected here by setting AES_XXX, where XXX is the 128/192/256, in the arguments of the function calls aesLib.encrypt64() and aesLib.decrypt64(). Appropriate macros are already defined at the top part of the code).

Code (aesTest2):
/*
Program for Testing AES (CBC) Encryption using Arduino AES library (by Matej Sychra)
(Library url = https://github.com/suculent/thinx-aes-lib)
by CC Dharmani, Jan 2021
Tested on: Raspberry Pi Pico (PlatformIO, Arduino-Mbed)
*/
#include <Arduino.h>
#include "AESLib.h"
#define AES_128 16
#define AES_192 24
#define AES_256 32
AESLib aesLib;
//AES Encryption Key (given here only as an example)
uint8_t aes_key[32] = {0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30};
//General initialization vector (given here only as an example)
uint8_t aes_iv[16] = {0x01, 0x01, 0x01, 0x01,
0x02, 0x02, 0x02, 0x02,
0x03, 0x03, 0x03, 0x03,
0x04, 0x04, 0x04, 0x04};
uint8_t iv_copy[16]; //iv gets overwritten, so maintain local copy
void setup() {
Serial.begin(115200);
while (!Serial); // wait for serial port
delay(1000);
aesLib.gen_iv(aes_iv); //generate iv (once)
aesLib.set_paddingmode(paddingMode::CMS);
for(int i=0; i<16; i++) iv_copy[i] = aes_iv[i];
Serial.println("\nTesting Arduino AESLib on Raspberry Pi Pico (mbed-arduino)");
}
char plainText[] = "AES_Test_2 - Hello! Testing AES Encryption here";
void loop() {
uint32_t t1, t2;
Serial.println("\nINPUT: " + (String)plainText);
uint16_t cipherLength = aesLib.get_cipher64_length(sizeof(plainText));
char* encrypted = new char[cipherLength];
t1 = micros();
aesLib.encrypt64(plainText, sizeof(plainText), encrypted, aes_key, AES_128, aes_iv); //Encryption
t2 = micros();
Serial.print("Cipher Text: ");
for (int i=0; i<cipherLength;i++) {
Serial.print((char)encrypted[i], HEX);
}
Serial.print("\nEncryption Time (us): "); Serial.println(t2-t1);
for(int i=0; i<16; i++) aes_iv[i] = iv_copy[i]; //restore iv
char* decrypted = new char[sizeof(plainText)];
t1 = micros();
aesLib.decrypt64(encrypted, cipherLength, decrypted, aes_key, AES_128, aes_iv); //Decryption
t2 = micros();
Serial.print("Plain Text: "); Serial.println(decrypted);
Serial.print("Decryption Time (us): "); Serial.println(t2-t1);
if (String(decrypted).equals(plainText)) Serial.println("SUCCESS");
else Serial.println("FAILURE");
delete[] encrypted;
delete[] decrypted;
for(int i=0; i<16; i++) aes_iv[i] = iv_copy[i]; //restore iv
while(!Serial.available()); //wait till a serial receive
Serial.read(); //flush the received character
}
view raw main.cpp hosted with ❤ by GitHub


Results

Compiler Output:
RAM: [== ] 17.4% (used 47100 bytes from 270336 bytes) Flash: [ ] 0.2% (used 4546 bytes from 2097152 bytes)

Terminal Output (AES-128):
INPUT: AES_Test_2 - Hello! Testing AES Encryption here Cipher Text: 6368354D2F51637A744E694D7A344D4B4F67382B6230467A58752F53624636516979577A6371756C7A545430344E422B41747A5861364D6E5370774962452F766A356663575369335576645A794B765562795372337366455A78484856754F59674D5167736E4674372B6B3D Encryption Time (us): 456 Plain Text: AES_Test_2 - Hello! Testing AES Encryption here Decryption Time (us): 820 SUCCESS

Terminal Output (AES-256):
INPUT: AES_Test_2 - Hello! Testing AES Encryption here Cipher Text: 43304A6C774347356D7745484D3534666D4537792B6F4132494342354858734C724C5663705645666D36772B6F677058736C4A474374767973694A6C714E5961546F375532476737516752376936364861683557783173364C746243726E41757130334546622F38725A303D Encryption Time (us): 604 Plain Text: AES_Test_2 - Hello! Testing AES Encryption here Decryption Time (us): 1093 SUCCESS

Download Code files:
  • aesTest2.zip (main.cpp, AESLib library folder and platformio.ini) 

Case 3: MbedTLS Library (by ARMmbed)

     Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. (Ref: https://github.com/ARMmbed/mbedtls). We are using here only the AES functions of this library. As this library is part of the Mbed-OS, no need to separately download/add, we just need to include the relevant file in the code and call the functions.
     (AES-128/192/256 option is selected here by setting AES_XXX, where XXX is the 128/192/256, in the arguments of the function calls mbedtls_aes_setkey_enc() and mbedtls_aes_setkey_dec(). Appropriate macros are already defined at the top part of the code). 

Code (aesTest3):
/*
Program for Testing AES (CBC) Encryption using MbedTLS library (by ARMmbed)
(Library url: https://github.com/ARMmbed/mbedtls)
by CC Dharmani, Jan 2021
Tested on: Raspberry Pi Pico (PlatformIO, Arduino-Mbed)
*/
#include <Arduino.h>
#include "mbed.h"
#include "md.h"
#include "aes.h"
#define AES_128 128
#define AES_192 192
#define AES_256 256
//AES Encryption Key (given here only as an example)
uint8_t aes_key[32] = {0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30};
//General initialization vector (given here only as an example)
uint8_t aes_iv[16] = {0x01, 0x01, 0x01, 0x01,
0x02, 0x02, 0x02, 0x02,
0x03, 0x03, 0x03, 0x03,
0x04, 0x04, 0x04, 0x04};
uint8_t iv_copy[16]; //iv gets overwritten, so maintain local copy
void setup() {
Serial.begin(115200);
while(!Serial);
delay(1000);
for(int i=0; i<16; i++) iv_copy[i] = aes_iv[i];
Serial.println("\nTesting MbedTLS lib on Raspberry Pi Pico (mbed-arduino)");
}
const char plainText[] = "AES_Test_3 - Hello! Testing AES Encryption here";
byte enc_iv[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
mbedtls_aes_context aes_encrypt, aes_decrypt; //encryption objects declaration
void loop() {
uint32_t t1, t2;
Serial.println("\nINPUT: " + (String)plainText);
// prepare data, generate according to AES algorithm
int dataLength = sizeof(plainText);
if((dataLength % 16) != 0) dataLength += 16 - (dataLength % 16); //keep the length multiple of 16 for encryption/ decryption
mbedtls_aes_setkey_enc( &aes_encrypt, aes_key, AES_128); // size of key must be given as 128, 192 or 256 bit
unsigned char* encrypted = new unsigned char[dataLength];
t1 = micros();
mbedtls_aes_crypt_cbc(&aes_encrypt, MBEDTLS_AES_ENCRYPT, dataLength, aes_iv, (const unsigned char*)plainText, encrypted); //Encryption
t2 = micros();
Serial.print("Cipher Text: ");
for (int i=0; i<dataLength;i++) {
Serial.print((char)encrypted[i], HEX);
}
Serial.print("\nEncryption Time (us): "); Serial.println(t2-t1);
for(int i=0; i<16; i++) aes_iv[i] = iv_copy[i]; //restore iv
mbedtls_aes_setkey_dec(&aes_decrypt, aes_key, AES_128);
unsigned char* decrypted = new unsigned char[sizeof(plainText)];
t1 = micros();
mbedtls_aes_crypt_cbc(&aes_decrypt, MBEDTLS_AES_DECRYPT, dataLength, aes_iv, encrypted, decrypted); //Decryption
t2 = micros();
Serial.print("Plain Text: "); Serial.println((char*)decrypted);
Serial.print("Decryption Time (us): "); Serial.println(t2-t1);
if (String((char*)decrypted).equals(plainText)) Serial.println("SUCCESS");
else Serial.println("FAILURE");
delete [] encrypted;
delete [] decrypted;
for(int i=0; i<16; i++) aes_iv[i] = iv_copy[i]; //restore aes_iv
while(!Serial.available()); //wait till a serial receive
Serial.read(); //flush the received character
}
view raw main.cpp hosted with ❤ by GitHub


Results

Compiler Output:
RAM: [== ] 15.3% (used 41320 bytes from 270336 bytes) Flash: [ ] 0.2% (used 4082 bytes from 2097152 bytes)

Terminal Output (AES-128):
INPUT: AES_Test_3 - Hello! Testing AES Encryption here Cipher Text: FB934B82E7CA12EAD35C017948AB881A3CEAB6A58C1BED4B2C1CF6D9B79F2EF691488A1E98D6F36CB51EE15F0FFAE42 Encryption Time (us): 170 Plain Text: AES_Test_3 - Hello! Testing AES Encryption here Decryption Time (us): 161 SUCCESS

Terminal Output (AES-256):
INPUT: AES_Test_3 - Hello! Testing AES Encryption here Cipher Text: 22BFF69B724C3F5CCDCA0D930823F2662ED857E0F1617808AAEA51F7592E6B3F72B262D801AF52FE4911B3B2B Encryption Time (us): 215 Plain Text: AES_Test_3 - Hello! Testing AES Encryption here Decryption Time (us): 207 SUCCESS


Download Code files:
(Note: While testing in Arduino IDE, if you are not using"Arduino Mbed OS RP2040 Board" in the board manager, you will need to download the mbedtls library as well and put it in the library folder for this code to work).

Case 4: tiny-AES Library (by kokke)

    This is a small and portable implementation of the AES ECBCTR and CBC encryption algorithms written in C (Ref: https://github.com/kokke/tiny-AES-c). 
      (AES-128/192/256 option is selected here by defining the symbols AES128 or AES192 or AES256 inaes.h. Default setting AES128 is already defined there.

Code (aesTest4):
/*
Program for Testing AES (CBC) Encryption using tiny-AES library (by kokke)
(Library url: https://github.com/kokke/tiny-AES-c)
by CC Dharmani, Jan 2021
Tested on: Raspberry Pi Pico (PlatformIO, Arduino-Mbed)
*/
#include <Arduino.h>
#include "aes.hpp"
//AES Encryption Key (given here only as an example)
const uint8_t aes_key[32] = {0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30};
//General initialization vector (given here only as an example)
const uint8_t aes_iv[16] = {0x01, 0x01, 0x01, 0x01,
0x02, 0x02, 0x02, 0x02,
0x03, 0x03, 0x03, 0x03,
0x04, 0x04, 0x04, 0x04};
void setup() {
Serial.begin(115200);
while (!Serial); // wait for serial port
delay(1000);
Serial.println("\nTesting tiny-AES lib on Raspberry Pi Pico (mbed-arduino)");
}
char plainText[] = "AES_Test_4 - Hello! Testing AES Encryption here";
struct AES_ctx ctx; //encryption objects declaration
void loop() {
uint32_t t1, t2;
Serial.println("\nINPUT: " + (String)plainText);
uint dataLength = sizeof(plainText);
if((dataLength % 16) != 0) dataLength += 16 - (dataLength % 16); //keep the length multiple of 16 for encryption/ decryption
char* processText = new char[dataLength];
for(uint i=0; i<sizeof(plainText); i++) processText[i] = plainText[i];
//initialize AES
AES_init_ctx_iv(&ctx, aes_key, aes_iv);
t1 = micros();
AES_CBC_encrypt_buffer(&ctx, (uint8_t*)processText, dataLength); //Encryption
t2 = micros();
Serial.print("Cipher Text: ");
for (int i=0; i<dataLength;i++) {
Serial.print((char)processText[i], HEX);
}
Serial.print("\nEncryption Time (us): "); Serial.println(t2-t1);
AES_ctx_set_iv(&ctx, aes_iv); //restore iv
t1 = micros();
AES_CBC_decrypt_buffer(&ctx, (uint8_t*)processText, dataLength); //Decryption
t2 = micros();
Serial.print("Plain Text: "); Serial.println(processText);
Serial.print("Decryption Time (us): "); Serial.println(t2-t1);
if (String(processText).equals(plainText)) Serial.println("SUCCESS");
else Serial.println("FAILURE");
delete [] processText;
while(!Serial.available()); //wait till a serial receive
Serial.read(); //flush the received character
}
view raw main.cpp hosted with ❤ by GitHub


Results

Compiler Output:
RAM: [== ] 15.1% (used 41000 bytes from 270336 bytes) Flash: [ ] 0.2% (used 4082 bytes from 2097152 bytes)

Terminal Output (AES-128):
INPUT: AES_Test_4 - Hello! Testing AES Encryption here Cipher Text: 997E26867A8D10145EDA12F1FBBE45B2794929C45E2086F6172801AB0ABE711AEE0EBF548A958B928E851BF96E5A4 Encryption Time (us): 246 Plain Text: AES_Test_4 - Hello! Testing AES Encryption here Decryption Time (us): 463 SUCCESS

Terminal Output (AES-256):
INPUT: AES_Test_4 - Hello! Testing AES Encryption here Cipher Text: 2461EC62971158335F198DE6A3478E9B459A1AED7BFF647BAAF031B132EF094BE4C9B3EEA2177D52858FF329ED7662 Encryption Time (us): 345 Plain Text: AES_Test_4 - Hello! Testing AES Encryption here Decryption Time (us): 622 SUCCESS


Download Code files:
  • aesTest4.zip (main.cpp, tiny-AES library folder and platformio.ini) 


Sr.

No.

Library

AES-128 Time (µs)

AES-256 Time (µs)

Pi-Pico Usage (KB)

Encrypt

Decrypt

Encrypt

Decrypt

RAM

FLASH

1.

Mbed AES lib,

by Neil T.

1305

2337

1842

3338

41.076

4.134

2.

Arduino AESLib,

by Matej S.

456

820

604

1093

47.100

4.546

3.

MbedTLS,

by ARMmbed

170

161

215

207

41.320

4.082

4.

tiny-AES,

by kokke

246

463

345

622

41.000

4.082


    From the above comparison, it is clearly seen that the No.3, MbedTLS AES, is fastest among all the four. Flash and RAM consumption is also low. (Note: In these examples, major chunk of RAM, >40KB, is occupied by the background processes of Mbed OS itself).
    MbedTLS is also feature-rich, when you go further into encryption, for applications like IoT. It's a good library to practice with, for future expansion of the hobby projects. Considering that, I'm also adding here an example of encrypting/ decrypting a file using MbedTLS functions.


    Here, we're going to encrypt and decrypt a small file from the on-board Flash memory of Pi Pico. LittleFileSystem and BlockDevice (FlashIAPBlockDevice) libraries built into the Mbed-OS are used here for creating and accessing the files. As onboard memory is used, no extra component is required apart from Pi Pico + Programming cable setup used in the above AES examples. 
    The file encryption/ decryption function (fileAES()) is adopted from the main() function of crypt_and_hash.c file of mbedtls library. 

    While encrypting, this function reads the input file (plain text) and AES key, generates Initialization Vector (IV), then hashes the IV and AES key together to setup AES context and generate HMAC (Hash Message Authentication Code). Then it carries out encryption (cipher update) block-by-block (block size: 128 bits/16 bytes). The output file (named here as cipherFile.aes) is created in the format: 
    Output File: IV (16 bytes) + encrypted file blocks + HMAC/Hash (64 bytes)

    While decrypting, the cipher file is input along with the AES key, the IV is read from cipher file, the hashing is done similar to as done during encryption, then decryption is carried out block-by-block, and finally the Hash is compared with what is stored in the cipher file to confirm the validity of decrypted output file. 
    The AES key is declared in the main.cpp file for the demo purpose, not for use in actual project. A fixed text string is used repeatedly for creating the input file. These can be modified in the main.cpp.

Code (littleFsAes):

    Following is the main file where filesystem is mounted and input (with data to be ecrypted), cipher (empty) and output(empty) files are created. After creating these files, the fileAES function is called with arguments for encryption and then decryption. The time is measured in miliseconds to display on terminal. The file system used here is LittleFileSystem from Mbed-OS. The input and output files can be printed on terminal by enabling the relevant commented out section of the code.

main.cpp
/*
* Program to Encrypt a file in Pi Pico Flash with AES using MbedTLS Library (by ARMmbed).
* Mbedtls Library url: Library url: https://github.com/ARMmbed/mbedtls
* Flash File operations are done with FlashIAPBlockDevice and LittleFileSystem libraries.
* All the above libraries are part of Mbed OS, which is included in the Arduino-mbed platform,
no need to download any files seperately.
* by CC Dharmani, Jan 2021
* Tested on: Raspberry Pi Pico (PlatformIO, Arduino-Mbed)
*/
#include <Arduino.h>
#include <stdio.h>
#include "FlashIAPBlockDevice.h"
#include "LittleFileSystem.h"
#include "fileAES.h"
#define FS_SIZE_KB 64
#define PICO_FLASH_SIZE 2*1024*1024
#define FORCE_REFORMAT false
//BlockDevice declaration for Mounting the file-system
static FlashIAPBlockDevice bd(XIP_BASE + PICO_FLASH_SIZE - (FS_SIZE_KB * 1024), (FS_SIZE_KB * 1024));
//File-system decalration
static mbed::LittleFileSystem fs("fs");
//AES Encryption Key (given here only as an example)
char aes_key[] = {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30};
//Other format for key (string of hex numbers):
// char* aes_key = "hex:E76B2413958B00E193"
//key can also be stored in raw format in a file and filename can be passed as argument instead in the fileAES() function call
//Input, output files names declaration
char inFileName[] = "inFile.txt" ;
char cipherFileName[] = "ciphFile.aes";
char outFileName[] = "outFile.txt" ;
//AES Parameters
char cipherType[] = "AES-128-CBC" ;
char mdType[] = "SHA512" ;
#define MAX_FILE_NAME_LEN 30
#define TOTAL_LINES 100
void setup() {
//Open serial communications and wait for port to open:
Serial1.begin(115200); //Opening debug port (UART0), Tx=GP1 (use if debug is required)
Serial.begin(115200);
while (!Serial);
delay(1000);
Serial.println("\nAES File Encryption (using Mbedtls) on Raspberry Pi Pico (mbed-arduino)");
//Initialize the Flash Block-Device
int err = bd.init();
if(err) {Serial.println("Flash BD Initialization Failed"); while(1);}
else Serial.println("Flash BD Initialized!");
//Mount the file system
err = fs.mount(&bd);
if(err) {Serial.println("FileSystem Mount Failed"); while(1); }
else Serial.println("FileSystem mounted!");
}
void loop() {
FILE *f1;
int size, result;
uint32_t t1, t2;
//char readMsg[100];
char inFile[MAX_FILE_NAME_LEN], cipherFile[MAX_FILE_NAME_LEN], outFile[MAX_FILE_NAME_LEN];
strcpy(inFile, "fs/"); strcat(inFile, inFileName);
strcpy(cipherFile, "fs/"); strcat(cipherFile, cipherFileName);
strcpy(outFile, "fs/"); strcat(outFile, outFileName);
char message[] = "Hello from Pico Flash File - MbedLTS File Encryption Demo Run..";
//creating input file for encryption
f1 = fopen(inFile, "w");
if(!f1){Serial.println("\ninFile creating Failed.."); goto exitLoop;}
for(int i=0; i<TOTAL_LINES; i++){ //creating file with 10 rows of message
size = fwrite((uint8_t*)message, 1, sizeof(message)-1, f1);
if(size != (sizeof(message)-1)) {Serial.println("\nWrite File Failed"); goto exitLoop;}
}
size = ftell(f1);
Serial.print("\nFile Size (W): "); Serial.println(size); Serial.println(" ");
fclose(f1);
/*
f1 = fopen(inFile, "r");
if(!f1){Serial.println("\ninFile opening Failed.."); goto exitLoop;}
while(!feof(f1)){
size = fread((uint8_t*)readMsg, 1, sizeof(message)-1, f1);
Serial.print(readMsg);
}
fclose(f1);
Serial.println(" ");
*/
//File Encryption
t1 = millis();
result = fileAES(MODE_ENCRYPT, inFile, cipherFile, cipherType, mdType, aes_key);
t2 = millis();
if(result == MBEDTLS_EXIT_SUCCESS){
Serial.print("Encryption Done, Time taken: "); Serial.print(t2-t1); Serial.println(" ms");
}
else{
Serial.println("\nEncryption Failed..");
goto exitLoop;
}
//File Decryption
t1 = millis();
result = fileAES(MODE_DECRYPT, cipherFile, outFile, cipherType, mdType, aes_key);
t2 = millis();
if(result == MBEDTLS_EXIT_SUCCESS){
Serial.print("Decryption Done, Time taken: "); Serial.print(t2-t1); Serial.println(" ms\n");
/*
f1 = fopen(outFile, "r");
if(!f1){Serial.println("\ninFile opening Failed.."); goto exitLoop;}
while(!feof(f1)){
size = fread((uint8_t*)readMsg, 1, sizeof(message)-1, f1);
Serial.print(readMsg);
}
fclose(f1);
Serial.println(" ");
*/
}
else{
Serial.println("\nDecryption Failed..");
goto exitLoop;
}
exitLoop:
if(f1) fclose(f1);
Serial.println("Example Done!");
while(1);
}
view raw main.cpp hosted with ❤ by GitHub


Following is the header file for using with fileAES.cpp.

fileAES.h
#ifndef _FILE_AES_H_
#define _FILE_AES_H_
#define MODE_ENCRYPT 0
#define MODE_DECRYPT 1
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS 0
#define MBEDTLS_EXIT_FAILURE 1
#define MBEDTLS_CIPHER_C
#define MBEDTLS_MD_C
#define MBEDTLS_FS_IO
int fileAES (int modeIn, char* inFilename, char* outFilename, char* cipher, char* mbedtls_md, char* keyIn);
#endif
view raw fileAES.h hosted with ❤ by GitHub


    Following is the fileAES.cpp file where fileAES() function is implemented. This file is originally taken from MbedTLS library, crypt_and_hash.c. Minor modifications are done to convert existing main() function in it into fileAES() function, which is called from main() function given above. As file access functions of the original file are same in LittleFS as well, modifications are minimum. 

fileAES.cpp
/*
* \brief Generic file encryption program using generic wrappers for configured
* security.
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* This file (originally crypt_and_hash.c) is modified by CC Dharmani (Jan 2022) to suit
R-Pi Pico, Arduino-mbed, renamed here as fileAES.cpp.
* The main(argc,arg[v]) function declaration is replaced with fileAES(arguments) function.
* Tested on Raspberry Pi Pico board (Arduino-mbed, on PlatformIO).
*/
#include "fileAES.h"
#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/cipher.h"
#include "mbedtls/md.h"
#include "mbedtls/aes.h"
#include "mbedtls/platform_util.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
int fileAES (int modeIn, char* inFilename, char* outFilename, char* cipher, char* mbedtls_md, char* keyIn)
{
int ret = 1, i;
unsigned n;
int exit_code = MBEDTLS_EXIT_FAILURE;
int mode;
size_t keylen, ilen, olen;
FILE *fkey, *fin = NULL, *fout = NULL;
char *p;
unsigned char IV[16];
unsigned char key[512];
unsigned char digest[MBEDTLS_MD_MAX_SIZE];
unsigned char buffer[512];
unsigned char output[512];
unsigned char diff;
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
mbedtls_cipher_context_t cipher_ctx;
mbedtls_md_context_t md_ctx;
#if defined(_WIN32_WCE)
long filesize, offset;
#elif defined(_WIN32)
LARGE_INTEGER li_size;
__int64 filesize, offset;
#else
off_t filesize, offset;
#endif
mbedtls_cipher_init( &cipher_ctx );
mbedtls_md_init( &md_ctx );
mode = modeIn;
if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
{
mbedtls_fprintf( stderr, "invalid operation mode\n" );
goto exit;
}
if( strcmp( inFilename, outFilename) == 0 )
{
mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
goto exit;
}
if( ( fin = fopen( inFilename, "rb" ) ) == NULL )
{
mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", inFilename );
goto exit;
}
if( ( fout = fopen( outFilename, "wb+" ) ) == NULL )
{
mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", outFilename );
goto exit;
}
/*
* Read the Cipher and MD from the command line
*/
cipher_info = mbedtls_cipher_info_from_string( cipher );
if( cipher_info == NULL )
{
mbedtls_fprintf( stderr, "Cipher '%s' not found\n", cipher );
goto exit;
}
if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info) ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setup failed\n" );
goto exit;
}
md_info = mbedtls_md_info_from_string( mbedtls_md );
if( md_info == NULL )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", mbedtls_md );
goto exit;
}
if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_setup failed\n" );
goto exit;
}
/*
* Read the secret key from file or command line
*/
if( ( fkey = fopen( keyIn, "rb" ) ) != NULL )
{
keylen = fread( key, 1, sizeof( key ), fkey );
fclose( fkey );
}
else
{
if( memcmp( keyIn, "hex:", 4 ) == 0 )
{
p = &keyIn[4];
keylen = 0;
while( sscanf( p, "%02X", (unsigned int*) &n ) > 0 &&
keylen < (int) sizeof( key ) )
{
key[keylen++] = (unsigned char) n;
p += 2;
}
}
else
{
keylen = strlen( keyIn );
if( keylen > (int) sizeof( key ) )
keylen = (int) sizeof( key );
memcpy( key, keyIn, keylen );
}
}
#if defined(_WIN32_WCE)
filesize = fseek( fin, 0L, SEEK_END );
#else
#if defined(_WIN32)
/*
* Support large files (> 2Gb) on Win32
*/
li_size.QuadPart = 0;
li_size.LowPart =
SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
li_size.LowPart, &li_size.HighPart, FILE_END );
if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
{
mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
goto exit;
}
filesize = li_size.QuadPart;
#else
if(fseek(fin, 0L, SEEK_END) < 0)
{
perror( "fseek" );
goto exit;
}
filesize = ftell(fin);
//mbedtls_fprintf( stdout, "\nInput File size: %ld bytes\n", (long)filesize );
/*
if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
{
perror( "lseek" );
goto exit;
}
*/
#endif
#endif
if( fseek( fin, 0, SEEK_SET ) < 0 )
{
mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
goto exit;
}
if( mode == MODE_ENCRYPT )
{
/*
* Generate the initialization vector as:
* IV = MD( filesize || filename )[0..15]
*/
for( i = 0; i < 8; i++ )
buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
p = inFilename;
if( mbedtls_md_starts( &md_ctx ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
goto exit;
}
if( mbedtls_md_update( &md_ctx, buffer, 8 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
goto exit;
}
if( mbedtls_md_update( &md_ctx, ( unsigned char * ) p, strlen( p ) )
!= 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
goto exit;
}
if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
goto exit;
}
memcpy( IV, digest, 16 );
/*
mbedtls_fprintf( stdout, "\nEncode IV: " );
for(int i=0; i<16; i++) mbedtls_fprintf( stdout, "0x%02x ", IV[i]);
mbedtls_fprintf( stdout, "\n");
*/
/*
* Append the IV at the beginning of the output.
*/
if( fwrite( IV, 1, 16, fout ) != 16 )
{
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset( digest, 0, 32 );
memcpy( digest, IV, 16 );
for( i = 0; i < 8192; i++ )
{
if( mbedtls_md_starts( &md_ctx ) != 0 )
{
mbedtls_fprintf( stderr,
"mbedtls_md_starts() returned error\n" );
goto exit;
}
if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
{
mbedtls_fprintf( stderr,
"mbedtls_md_update() returned error\n" );
goto exit;
}
if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
{
mbedtls_fprintf( stderr,
"mbedtls_md_update() returned error\n" );
goto exit;
}
if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr,
"mbedtls_md_finish() returned error\n" );
goto exit;
}
}
if( mbedtls_cipher_setkey( &cipher_ctx,
digest,
//(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
mbedtls_cipher_get_key_bitlen ( &cipher_ctx),
MBEDTLS_ENCRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
goto exit;
}
if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n");
goto exit;
}
if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n");
goto exit;
}
if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
goto exit;
}
/*
* Encrypt and write the ciphertext.
*/
for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
{
ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
if( fread( buffer, 1, ilen, fin ) != ilen )
{
mbedtls_fprintf( stderr, "fread(%ld bytes) failed\n", (long) ilen );
goto exit;
}
if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output, &olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n");
goto exit;
}
if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
goto exit;
}
if( fwrite( output, 1, olen, fout ) != olen )
{
mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
goto exit;
}
}
if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
goto exit;
}
if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
goto exit;
}
if( fwrite( output, 1, olen, fout ) != olen )
{
mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
goto exit;
}
/*
* Finally write the HMAC.
*/
if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
goto exit;
}
if( fwrite( digest, 1, mbedtls_md_get_size( md_info ), fout ) != mbedtls_md_get_size( md_info ) )
{
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
goto exit;
}
}
if( mode == MODE_DECRYPT )
{
/*
* The encrypted file must be structured as follows:
*
* 00 .. 15 Initialization Vector
* 16 .. 31 Encrypted Block #1
* ..
* N*16 .. (N+1)*16 - 1 Encrypted Block #N
* (N+1)*16 .. (N+1)*16 + n Hash(ciphertext)
*/
/*
if( fread( buffer, 1, 16, fin ) != 16 )
{
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
goto exit;
}
mbedtls_fprintf( stdout, "\nRead IV: " );
for(int i=0; i<16; i++) mbedtls_fprintf( stdout, "0x%02x ", buffer[i]);
mbedtls_fprintf( stdout, "\n");
fseek( fin, 0, SEEK_SET );
*/
if( filesize < 16 + mbedtls_md_get_size( md_info ) )
{
mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
goto exit;
}
if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 )
{
mbedtls_fprintf( stderr, "Invalid cipher block size: 0. \n" );
goto exit;
}
/*
* Check the file size.
*/
//if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
if( mbedtls_cipher_get_cipher_mode( &cipher_ctx ) != MBEDTLS_MODE_GCM &&
( ( filesize - mbedtls_md_get_size( md_info ) ) %
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
{
mbedtls_fprintf( stderr, "File content not a multiple of the block size (%u).\n",
mbedtls_cipher_get_block_size( &cipher_ctx ));
goto exit;
}
/*
* Subtract the IV + HMAC length.
*/
filesize -= ( 16 + mbedtls_md_get_size( md_info ) );
/*
* Read the IV and original filesize modulo 16.
*/
if( fread( buffer, 1, 16, fin ) != 16 )
{
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
goto exit;
}
memcpy( IV, buffer, 16 );
/*
mbedtls_fprintf( stdout, "Decode IV: " ); //------------------------------------
for(int i=0; i<16; i++) mbedtls_fprintf( stdout, "0x%02x ", IV[i]);
mbedtls_fprintf( stdout, "\n");
*/
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset( digest, 0, 32 );
memcpy( digest, IV, 16 );
for( i = 0; i < 8192; i++ )
{
if( mbedtls_md_starts( &md_ctx ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
goto exit;
}
if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
goto exit;
}
if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
goto exit;
}
if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
goto exit;
}
}
if( mbedtls_cipher_setkey( &cipher_ctx,
digest,
//(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
mbedtls_cipher_get_key_bitlen( &cipher_ctx ),
MBEDTLS_DECRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );
goto exit;
}
if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n" );
goto exit;
}
if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n" );
goto exit;
}
if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
goto exit;
}
/*
* Decrypt and write the plaintext.
*/
for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
{
ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
if( fread( buffer, 1, ilen, fin ) != ilen )
{
mbedtls_fprintf( stderr, "fread(%u bytes) failed\n",
mbedtls_cipher_get_block_size( &cipher_ctx ) );
goto exit;
}
if( mbedtls_md_hmac_update( &md_ctx, buffer, ilen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
goto exit;
}
if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output,
&olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n" );
goto exit;
}
if( fwrite( output, 1, olen, fout ) != olen )
{
mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
goto exit;
}
}
/*
* Verify the message authentication code.
*/
if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
goto exit;
}
if( fread( buffer, 1, mbedtls_md_get_size( md_info ), fin ) != mbedtls_md_get_size( md_info ) )
{
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
goto exit;
}
/* Use constant-time buffer comparison */
diff = 0;
for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
diff |= digest[i] ^ buffer[i];
if( diff != 0 )
{
mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n" );
goto exit;
}
/*
* Write the final block of data
*/
if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
goto exit;
}
if( fwrite( output, 1, olen, fout ) != olen )
{
mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
goto exit;
}
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( fin )
fclose( fin );
if( fout )
fclose( fout );
/* Zeroize all memory buffers used */
mbedtls_platform_zeroize( IV, sizeof( IV ) );
mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
mbedtls_platform_zeroize( output, sizeof( output ) );
mbedtls_platform_zeroize( digest, sizeof( digest ) );
mbedtls_cipher_free( &cipher_ctx );
mbedtls_md_free( &md_ctx );
return( exit_code );
}
#endif
view raw fileAES.cpp hosted with ❤ by GitHub

Results

Compiler Output:
RAM: [== ] 15.3% (used 41380 bytes from 270336 bytes) Flash: [ ] 0.2% (used 4534 bytes from 2097152 bytes)

Terminal Output (Input File with 10 lines, 630 Bytes):
AES File Encryption (using Mbedtls) on Raspberry Pi Pico (mbed-arduino) Flash BD Initialized! FileSystem mounted! File Size (W): 630 Encryption Done, Time taken: 2343 ms Decryption Done, Time taken: 2338 ms Example Done!

Terminal Output  (Input File with 100 lines, 6300 Bytes):
AES File Encryption (using Mbedtls) on Raspberry Pi Pico (mbed-arduino) Flash BD Initialized! FileSystem mounted! File Size (W): 6300 Encryption Done, Time taken: 2425 ms Decryption Done, Time taken: 2429 ms Example Done!

    File size here is in Bytes. The increased file size does not increase the time significantly for small file size, as the AES context setup part dominates the time taken  as compared to the time taken in encryption/ decryption. Also, the Flash memory is faster. When the file is stored in external memory devices like SD card, the serial interface speed as well as the device library being used affect the encryption/ decryption time w.r.t. change in the file size. 

Download Code files:

    If you have more jobs to be done which are time critical, the time consuming job of file encryption/ decryption can be given to the second core of Pi Pico, which will significantly free up the first core. In my future post, I'll add the code examples for file encryption on SD cards as well as the multicore implementation.

Happy coding!

Posted by CC Dharmani 26 comments
Labels: , , , , ,

Sunday, January 9, 2022

Raspberry Pi Pico - A Tiny Power-Packed Development Board

 




Raspberry Pi Pico is a relatively new, tiny but powerful development board designed by the Raspberry Pi (UK), which is based upon RP2040 microcontroller chip, developed in-house by Raspberry Pi. The microcontroller has dual-core Arm Cortex- M0+ Processor, running at clock up to 133MHz, with 264KB internal RAM and supports up to 16MB of external Flash. Multicore operation is supported by a pair of four entry FIFOs (one in each direction between the cores).

The Pi Pico board has 2MB of on-board QSPI Flash, which is programmable through USB Mass Storage Device mode or using Serial Wire Debug port. It also features wide range of flexible I/Os, like GPIO, UART, I2C, SPI, USB and also Programmable I/O (PIO), which is unique to this board. The board has small footprint with solderable headers. It is very cost-effective, available from large number of vendors, may be available in your nearest electronic shop, too. This opens doors for utilization towards a wide range of applications for novices as well as experts.

Detailed information on Raspberry Pi Pico is available here:

Following image with Pin-diagram of Pi Pico gives idea about various I/Os of the device: (courtesy- Raspberry Pi website):


The Pi Pico can be programmed in C/C++ (SDK support is provided by Raspberry Pi), Arduino or MicroPython. A lot of resources have already been made available in such a short time, for this board. That actually shows the rapid growth of interest in Pi Pico and usage by hobbyists/ professionals together. New libraries, packages and platform supports are getting added at quite a fast pace.

I've liked this board so much that I'm literally hooked to it 😊. The purpose of my this post is just to put up an introduction with resource pointers, which I wanted to do for quite some time, before I start posting experimental codes also, using it.


The Pico-SDK: This is official SDK from Raspberry Pi team, for writing C/C++ or assembly language code for Pi Pico, full with headers, libraries and build system, designed to provide an API and programming environment. Multicore support examples are also given.

Pico-SDK GitHub page provides detailed description and links for documentation for using the SDK projects. The SDK can be easily setup with VS Code for programming the Pi Pico. It also has the example projects to demonstrate the use of SDK for various peripherals/ interfaces of the device.

(You can also visit the wizio-pico project page on github, for faster way of getting started with installation and usage of pico-sdk on PlatformIO with VS Code)


The Pico-Arduino: The addition of the Arduino support has made Pi Pico even more easier to use for any newcomer who wants to get hands-on experience with it. 

There are two packages, shown in Arduino Boards Manager, "Arduino Mbed OS RP2040 Boards" and "Raspberry Pi Pico/RP2040" as shown here:



Both these board support Pico-SDK functions also. Raspberry Pi Pico/RP2040 GitHub page shows detailed information on installation and usage of the package with Arduino. Arduino Pico Document  provides detailed information on writing the code, with examples. This document by Earle F. Philhower, III, is getting updated, like, every other day! :)  This board also supports multicore programming using additional setup() and loop() functions (named setup1() and loop1()).

The  Arduino Mbed OS RP2040 Boards package supports Pico with Mbed RTOS for Arduino. This is really powerful. The Mbed OS is already being used widely in ARM Cortex devices, and support for the same in Pico Arduino makes things even more versatile and mighty by providing access to the various Mbed APIs inside Arduino.

With PlatformIO for VS Code: PlatformIO is a powerful IDE, which can be used for Pi Pico Arduino. The "Raspberry Pi Pico" board is shown in the Board Explorer of PlatformIO home menu. This is same as "Arduino Mbed OS RP2040 Boards" in Arduino IDE. The platfomIO provides professional features of code editing, auto code-completion suggestions / intelliSense, debug options, etc., which are not available currently in Arduino IDE.

Both the above Arduino packages have different default pin assignments for I2C, SPI, etc. Hence, interchangeability of the code has to be properly checked before changing the board setting. As lot of work is currently going on, I suppose there will be a single combined package in the future, which will do away with some of the initial confusion while programming.


Pi Pico with MicroPython: Pi Pico can also be used with MicroPython (or CircuitPython) interpreters, which make programming still easier for newbies who want to avid C/C++, or for programmers already experienced in Python.

Micropython.org page for Pi-Pico provides quick-start reference on installation and usage of micropython on Pi Pico. Also, Raspberry Pi official Datasheet of Python SDK is filled with detailed info on coding with micropython, with examples. This GitHub page also provides ready to use examples in micropython.

Thonny is easy to use, light-weight Python IDE for beginners. The Raspberry Pi page here provides getting started with micropython using Thonny IDE. The Adafruit page provides details on configuring Thonny with CircuitPython for Pi Pico.


Supporting Base Boards: Raspberry Pi Pico is easy to use on breadboard itself for initial prototyping or testing work, great for hobbyists. But if you need some proto board with ready connections for experiments, the Maker Pi Pico Base board looks great. It has got LEDs already mounted on each GPIO pin, providing visual feedback on the code functioning. It has also got other peripherals like microSD card, buzzer (speaker), audio jack, pushbuttons and also connector for ESP32 device for adding WiFi to the project. It's also available online, I think at most places. Here is my board:


You can also opt for a simple GPIO extension boards, like these:



These board are available on amazon, needs to just search for Pi Pico. You'll also get these or similar easily from your local suppliers, too. (In my recent experience during the chip shortage period, I've found getting Pi Pico boards far easier than many other development boards. That's one more incentive to use them!)

Summary:

I hope this gives you the idea of how easy it is to get started with Pi Pico board. The board is really cute, beautifully manufactured! Once you hold it in your hand, may be you'll fall in love with it, too!!😊 Small and yet, it is so powerful for such a size! Go ahead and grab one, you won't regret it.! 👍


Further Reading/ References:

  1. Raspberry Pi Pico Getting Started (Intro to setting up development environment, programming and loading the code into the board)
  2. RP2040 Microcontroller Datasheet (device datasheet of the chip itself)
  3. Pi Pico Board Datasheet (Pico board details with electrical, mechanical specs, powering, components, schematics and application briefs)
  4. Pi Pico Pinout (Pinout with alternative functions)
  5. Pi Pico Hardware Design Reference (Must read before you go ahead with making more hardware connections, other than blinking LEDs!)
  6. Pi Pico C/C++ SDK (C/C++ API function/interface details)
  7. Pi Pico Python SDK  (Python API function/interface details)
  8. Pico-SDK Documentation (doxygen)
  9. Arduino Pico documentation (details of Arduino API implementation)
  10. MicroPython Quick Reference for Pi Pico
  11. Beginner's Guide for R-Pi Pico (A nice starting guide with hardware setup and programming in MicroPython, from seeedstudio.com)

    You can also check out my next post on Raspberry Pi Pico with AES encryption example codes.

Posted by CC Dharmani 42 comments
Labels: , ,

Wednesday, July 4, 2018

UART or SD Card based 8-Channel Data-logger with temperature log




Hi Friends,
        here is one more data-logger circuit, which will be useful for some who have not much ventured into the ADC for datalogging or RTC or i2c communication, etc. This one is based on ATmega32. It has 8-channel 10-bit ADC. Hence, providing us with 8-channels with 0 to 5V voltage level measurement. The circuit also has on-board RTC (based on DS1307) to log the data with time-stamp. Data is logged via UART or using microSD card. The circuit has 3-pin UART connector, which can be used to connect to PC/laptop using UART(TTL) to USB serial converter, commonly available in electronic markets (UART setting: 38400-1-N-1).
      Also, there is a thermometer IC, DS1621, which is connected via i2c (along with the RTC IC) and provides temperature measurement from -55 to +125 Deg. C. The temperature is also sent along with the voltages to the UART for logging.
     (The logging with microSD card is added later in this post).
    The circuit schematic is given in the following figure (pdf file can be downloaded from here):


     At power on, the current date and time are displayed on the first raw of LCD. The temperature and the logging ON/OF status is displayed on the second raw. A green LED is also turned ON as an additional status of the proper power-up of the microcontroller .
     The data measurement can be started anytime by pressing the 'SET' button (keep pressed till the red LED turns ON). The recording ON status is displayed on LCD as well as by the glowing red LED. During this recording, at a regular interval (as defined in the code), the microcontroller gets the temperature from DS1621, measures the 8 voltages connected to 8 of its screw-terminals, w.r.t GND on the 9th terminal (as shown in the schematic), and forms a string which includes line number, time (hh:mm:ss format), temperature and the 8 voltage values, in a comma separated format. This string is then sent to UART, which can be logged into a file or seen on a terminal program in the PC/laptop using the serial-to-usb converter.
     The operation is shown in the following screen-shot of the Proteus simulation (in the simulation, the temperature set in the IC and displayed by the LCD has difference of 1.5C, as the code applies the correction factors read from the IC to the temperature reading and then displays it, which represents the actual temperature):


     (Note: The Proteus simulation files are included in the source code folder download at the end of the post).
   
     The circuit in operation, with logging ON and OFF, is shown the following pics:




        The actual UART output captured on a terminal of the Atmel Studio during the logging ON,  is shown in the left side image, where temperature shown is 30.3 C, channel-2 was connected with +5V (VCC) and channel-7 was connected with the Li battery cell of the RTC. Rest of the channels were kept open at the screw-terminals.

      The RTC date and time can be changed using the three push-buttons, similar to the procedure shown in my previous post of the RTC based relay-control. The procedure is given here:








 

For setting RTC Date/Time:

  1. Press 'SET' button and Power ON the circuit, keeping the button pressed while the circuit is starting.
  2. "RTC Setting.." message will be displayed on the first row of the LCD.
  3.  Release the 'SET' button "Date: XX" will be displayed on the second row of the LCD, where XX is the existing current date as per the RTC.
  4.  Press 'UP' or 'DOWN' button to increase or decrease the Date. When desired date is displayed, press 'SET' button to store it
  5. "Month: XX" message will be displayed, where XX is the current month as per the RTC
  6. Press 'UP' or 'DOWN' button to increase or decrease the Month. When desired month is displayed, press 'SET' button to store it
  7. "Year: XXXX" will be displayed, use 'UP'/ 'DOWN' buttons to change the year and then press 'SET' button to store the year value
  8. Then "Hour: XX" will be displayed, set it as per the previous steps and also set next "Minutes: XX" similarly, and store using 'SET' button.
  9. When the Minutes is set, "RTC Setting" mode is over and normal operation resumes, where the LCD will display Date and time in the first row and temperature and log:OFF status in the second row.

 

  • Data-logging with SD card 

         (Updated: Sep 2021)



Above image shows the logging with microSD card. A commonly available microSD card module (mostly used with Arduino) is used here. Please note that this module interferes with programming of the board on AVRISP port (which is not a problem with Arduino as it uses the USB bootloader programming and not AVRISP), so it's necessary to remove the card while loading the code. You can find solutions/modules online to overcome this issue.

Following images show the generated .csv file in the SD card and also opened file in MS-Excel. The logging was done without any voltages connected to the ADC channels, so the voltages are 0, but the  temperature log can be seen along with the time stamp. You can view another log file here, where I've connected the 8 channels to 3V RTC battery and VCC (~5V) line one by one (cross-coupling of signal to nearby free channel is also logged there).


The file name format is: DDMMYYNN.CSV, where DDMMYY is the date of logging and NN is the file number. After power on, the file number is set to 00. Every time logging is started and then stopped, the file number increments, hence, new file is created. As file number is a 2 digit value, max 100 (00 to 99) log files can be created after power on in a day, after that it will send error message. I guess you may not need to do the logging ON and OFF more than 100 times a day (after single power ON), but if you do, the file name string can be tweaks as necessary.

After Power off and on, when datalogging is started, the code looks if the filename is already existing or not, if it is, it will change the log-file number (and hence, name) to next available number, and so on. So, always a new file is created whenever logging is started.

  • SD card datalogging using FatFS library

I'm  also uploading here the data-logging project code with a more generic FatFs library, which has been highly standardized and is officially supported/included by many IDEs/ Development boards/ Platforms (like Arduino, mbed, STM32, Keil, etc..). I've just replaced my FAT32 (and SD routines) libraries with FatFs modules. This also has been tested and the project folder is included in the downloads (Sr.No.2).

The datalogging and RTC setting procedures are same for all the above options, as explained in the earlier paragraphs. Functionality or user operations are same, only internal library change is there. Data-logging option with only UART or only SD card or both can be selected by proper macro selection in the main.h file. 

Note: You can connect UART while operating if you need to see the status/error messages for any troubleshooting. Otherwise, UART is not necessary if logging is done in SD card.

The circuit hardware is not much complicated, can be assembled on a general purpose PCB also. I'm including here the Gerber files also, along with the other downloads, if it's required.


Downloads:
  1. Source Code for SD/UART Logging (with FAT32 Lib) (Atmel Studio-7 project)
  2. Source Code for SD/UART Logging (with FatFs Lib) (Atmel Studio-7 project)
  3. Proteus Simulation for UART datalogging
  4. EAGLE Schematic and Board files
  5. Gerber Files
Datasheets: ATmega32,   DS1307,   DS1621
 
You may also check out my post here, where I started on SD cards, for more info/ further reading/ references.

Enjoy!!

Regards,

CC Dharmani
ccd@dharmanitech.com

Posted by CC Dharmani 165 comments
Labels: , , , ,
Subscribe to: Posts (Atom)