Github Repo | C Header | C source | JS source |
---|---|---|---|
mongoose-os-libs/vfs-dev-encr | mgos_vfs_dev_encr.h |
AES-128/192/256 are supported (algo: AES-nnn
parameter, default is AES-128
).
Reads and writes are encrypted, erases are passed through as is.
Encryption is performed in ECB mode, key is XORed with offset.
Reads and writes must be aligned to 16-byte boundaries.
Writes will be padded to 16 byte block size, so partial writes will only work for last plain-text block.
Hint: If you want an encrypted filesystem, LFS will work just fine with this method while SPIFFS will not.
Key can be supplied directly (as the key
option) but a better approach is to use a key device to obtain the key when required.
Key device can be any other VFS device that supports reads. It can be an existing device (key_dev: name
) or created in-situ (key_dev_type
+ key_dev_opts
).
Hint: To read key from RAM, use the vfs-dev-ram
.
Hint 2: Want to generate your own key? Create your own VFS device. Don't worry about methods other than read
.
Options for encrypting extf0
with AES-256 with key from STM32 OTP area (536836096 = 0x1fff7800).
{"dev": "extf0", "algo": "AES-256", "key_dev_type": "RAM", "key_dev_opts": {"addr": 536836096, "size": 32}}
Don't forget to add vfs-dev-ram
to libs.