DATA Encryption

Hi,

I would like encrypt data in my LUA program. Someone in Sierra give me the following code :
local sched = require “sched”
local md5 = require ‘crypto.md5’
local cipher = require ‘crypto.cipher’

local aes

–[[
local function main()

   print("run:", os.date())

   local aeskey=md5():update("987654"):digest(true)
   print("aeskey: ", aeskey)
   aes=cipher.new({name="aes", mode="enc", key=aeskey},{name="ecb"})
   
   --encrypt message
   local message_to_encode=string.pack("Ab9","9876543", 0,0,0,0,0,0,0,0,0)
   local encrypted_message=aes:process(message_to_encode)
   print("encrypted_message:",encrypted_message)

end

sched.run(main)
sched.loop()

]]–

Can you just explain me how this function works ?

I would like to encryt a file like this :
DATE TRAME
02/09/2015 00:00 681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01 681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:03 681B44AE0C9503201001077A5C0001002F2F0F7F0202010201A101017216
02/09/2015 00:10 681B44AE0C1200201001077A960000002F2F0F7F0202010001C001014D16
02/09/2015 00:23 681B44AE0C1200201001077A960001002F2F0F7F0202010001C001017216
02/09/2015 00:45 682044AE0C4312801001077AA60000002F2F0F7F040401000000001400000033019716
02/09/2015 00:57 681B44AE0C9800201001077A070000002F2F0F7F02020103014002014416
02/09/2015 00:58 682044AE0C1209801001077AAD0000002F2F0F7F040401070000000B00000033015116

Can I encrypt a whole file or just line by line ?

Thank you in advance for your answer.

Sebastien

Hi Sebastien,

You may find here a sample based on your requirements.

require 'sched'
require 'print'
local cipher=require 'crypto.cipher'

local message = [[
02/09/2015 00:00    681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01    681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:03    681B44AE0C9503201001077A5C0001002F2F0F7F0202010201A101017216
02/09/2015 00:10    681B44AE0C1200201001077A960000002F2F0F7F0202010001C001014D16
02/09/2015 00:23    681B44AE0C1200201001077A960001002F2F0F7F0202010001C001017216
02/09/2015 00:45    682044AE0C4312801001077AA60000002F2F0F7F040401000000001400000033019716
02/09/2015 00:57    681B44AE0C9800201001077A070000002F2F0F7F02020103014002014416
02/09/2015 00:58    682044AE0C1209801001077AAD0000002F2F0F7F040401070000000B00000033015116
]]

local function main()
    --initialize cipher aes-128 with chaining ctr to encrypt
    --key must be 16 characters (128 bits)
    --initial vector (iv) is must be 16 characters (128 bits)
    local aesctr_enc, err = cipher.new({name="aes", mode="enc", key="0123456789ABCDEF"},{name="ctr",iv="0123456789ABCDEF"})
    if not aesctr_enc then
        print(err)
        return
    end
    print("cipher OK")
    print(message)
    --encrypt
    local encrypted_message = aesctr_enc:process(message)
    print(encrypted_message)
    
    --initialize cipher aes-128 with chaining ctr to decrypt
    --key must be 16 characters (128 bits)
    --initial vector (iv) is must be 16 characters (128 bits)
    local aesctr_dec, err = cipher.new({name="aes", mode="dec", key="0123456789ABCDEF"},{name="ctr",iv="0123456789ABCDEF"})
    if not aesctr_enc then
        print(err)
        return
    end
    print("decipher OK")
    local decrypted_message = aesctr_dec:process(encrypted_message)
    print(decrypted_message)
    
    --compare message with decrypted_message (display true if equal)
    print(assert(decrypted_message == message))
end

sched.run(main)
sched.loop()

You have also the possibilities to do stream encryption/decryption but the sample is much more complex.
Let me know if the sample is enough details.

Best regards,

Hi,

Thank you for your answer.I execute the program and he works good. I can to encrypt my file.

But after, I can’t decrypt the file when I use OPENSSL in local on my computer.

I use the following command in OPENSSL to try to decrypt the file :

" Openssl> enc -d -aes -128 -ctr -K 0123456789ABCDEF -iv 0123456789ABCDEF -in C:\Desktop\Fichiers MINDEF Crypté\LUA_Test.csv -out C:\Desktop\Fichiers MINDEF Crypté\OK.csv "

Sebastien

Hi Sebastien,

You have to make sure the file you create is in binary format.
Your openssl command iv and K must be in hex format.

See example below to write file in binary format.
In my example the entire file is read and stored in a variable but you may have to do the encryption in stream mode if your file is too big.

require 'sched'
require 'print'
local cipher=require 'crypto.cipher'

local message = [[
02/09/2015 00:00    681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01    681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:03    681B44AE0C9503201001077A5C0001002F2F0F7F0202010201A101017216
02/09/2015 00:10    681B44AE0C1200201001077A960000002F2F0F7F0202010001C001014D16
02/09/2015 00:23    681B44AE0C1200201001077A960001002F2F0F7F0202010001C001017216
02/09/2015 00:45    682044AE0C4312801001077AA60000002F2F0F7F040401000000001400000033019716
02/09/2015 00:57    681B44AE0C9800201001077A070000002F2F0F7F02020103014002014416
02/09/2015 00:58    682044AE0C1209801001077AAD0000002F2F0F7F040401070000000B00000033015116
]]

local function test_file()
    --prepare test file in text mode (use wb to write binary)
    local originalfile, err = io.open("message", "w")
    if not originalfile then
        print(err)
        return
    end
    originalfile:write(message)
    originalfile:close()
    print("file original OK")
    --initialize cipher aes-128 with chaining ctr to encrypt
    --key must be 16 characters (128 bits)
    --initial vector (iv) is must be 16 characters (128 bits)
    local aesctr_enc, err = cipher.new({name="aes", mode="enc", key="0123456789ABCDEF"},{name="ctr",iv="0123456789ABCDEF"})
    if not aesctr_enc then
        print(err)
        return
    end
    print("cipher OK")
    --open file to encryp
    local toencryptfile, err = io.open("message", "r")
    if not toencryptfile then
        print(err)
        return
    end
    local toencryptmessage = toencryptfile:read("*a")
    toencryptfile:close()
    print("file original read OK")
    print(toencryptmessage)
    --encrypt
    local encrypted_message = aesctr_enc:process(toencryptmessage)
    print(encrypted_message)
    --save in file (use wb to save binary data)
    local encryptedfile, err = io.open("message_encrypted", "wb")
    if not encryptedfile then
        print(err)
        return
    end
    encryptedfile:write(encrypted_message)
    encryptedfile:close()
    print("file encrypted OK")
end

sched.run(test_file)
sched.loop()

See example to decode from openssl

OpenSSL> enc -d -aes-128-ctr -K 30313233343536373839414243444546 -iv 30313233343536373839414243444546 -in /home/xxx/airlink/tests/message_encrypted -out /home/xxx/airlink/tests/message_decrypted

xxx@juillet:~/airlink/tests$ cat message_decrypted 
02/09/2015 00:00    681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01    681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:03    681B44AE0C9503201001077A5C0001002F2F0F7F0202010201A101017216
02/09/2015 00:10    681B44AE0C1200201001077A960000002F2F0F7F0202010001C001014D16
02/09/2015 00:23    681B44AE0C1200201001077A960001002F2F0F7F0202010001C001017216
02/09/2015 00:45    682044AE0C4312801001077AA60000002F2F0F7F040401000000001400000033019716
02/09/2015 00:57    681B44AE0C9800201001077A070000002F2F0F7F02020103014002014416
02/09/2015 00:58    682044AE0C1209801001077AAD0000002F2F0F7F040401070000000B00000033015116
xxx@juillet:~/airlink/tests$

Best regards,

Hi,

Thank you for your answer.

But in m flashy program I don’t want to use the memory. I use a Airlink LS300 and I create 1 file by hour that I encrypt and send by FTP.
When I use in my program “io.open”, “file:read”, “file:write”… I use the flash memory no ?

Thank you in advance for your answer.

Sébastien

Hi Sebastien,

You are indeed using flash memory to store your data. What I mean to say is that when you are using ‘toto = file:read("*a")’ the entire content of the file (in flash) will be in ram, available in the toto variable.
Generally speaking if the file is too large file:read(*a) could fail. It may not be an issue for you. It depends of the file size; a few kb is propably fine.

Best regards,

Hi,

I will definitely not get out of this encryption problem.

Here my last request.

With this following code, I can encrypt a local file and send it via FTP.

require 'sched'
require 'print'


local pack 			= require 'pack'		-- library used for the print hex function 
local devicetree 	= require 'devicetree' 	-- access to system variables like eg serial number, UART reservations
local system     	= require 'system' 		-- system lib
local sched      	= require "sched"   	-- Lua scheduling and synchronization lib
local serial     	= require "serial"  	-- access to serial APIs
local os         	= require "os"      	-- Operating System lib
local airvantage  	= require "airvantage" 	-- AirVantage lib
local string 		= require "string"		-- String parsing lib
local ftp 			= require'socket.ftp'	-- FTP lib
local timer 		= require'timer'		-- timer lib
local lock          = require'sched.lock'   -- lock lib
local cipher        = require 'crypto.cipher'

local message = [[
DATE;TRAME
02/09/2015 00:00:00;681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01:00;681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:00:00;681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01:00;681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:00:00;681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01:00;681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:00:00;681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01:00;681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:00:00;681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01:00;681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:00:00;681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01:00;681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
02/09/2015 00:00:00;681944AE0C1402301001077AE00001002F2F0F7F010101E600017216
02/09/2015 00:01:00;681B44AE0C9503201001077A5C0000002F2F0F7F0202010201A101013C16
]]

local encrypted_message

-- variable for radio link state 
local state

-- variable for signal strength
local signalstrength


function FTP(string)

	local content
	local file_to_send
	local Heure_FTP = os.date("%H")
	local FTP_Success = 0
	
	print("inside FTP, UART file selection: ", string)

	-- append time in file name
	local file_name = string .. '\95' .. ".csv"
	print("Nom de fichier:", file_name)

	-- create string argument for the FTP call
	local put_argument = "ftp://isiobox:c2MjBu@ftp.techosb.com/_TEST/MODEM/" .. file_name
		
	-- get rssi and radio state just before triggering FTP, and log them
	-- state equals 0 means: radio link is down
	-- state equals 1 means: radio link is up
	-- state equals 2 means: radio link is inactive
	state = devicetree.get('system.cellular.link.state')
	signalstrength = devicetree.get('system.cellular.link.rssi')
	print("radio link state just before triggering FTP: ", state)
	print("rssi just before triggering FTP: ", signalstrength)
	
	
	-- FTP the file

	
	local e, f = ftp.put(put_argument, encrypted_message) 
		

	sched.wait(15)
	
	-- e is the number of bytes of the FTP file
	print("FTP return e: ", e)
	-- f is nil in case of FTP success
	print("FTP return f: ", f)

	-- !!! foresee actions in case of error to the FTP call, eg retries, and prevent erasing file in below loop
	-- take care to memory limit of 8MB space if files are continuously appended with new data and not regularly flushed
end


local function main()

	devicetree.init()
	system.init()
    --initialize cipher aes-128 with chaining ctr to encrypt
    --key must be 16 characters (128 bits)
    --initial vector (iv) is must be 16 characters (128 bits)
    local aesctr_enc, err = cipher.new({name="aes", mode="enc", key="0123456789ABCDEF"},{name="ctr",iv="0123456789ABCDEF"})
    if not aesctr_enc then
        print(err)
        return
    end
    print("cipher OK")
    print(message)
    --encrypt
    encrypted_message = aesctr_enc:process(message)
    print(encrypted_message)
    
end

sched.run(main)
timer.new("03 * * * *", FTP, "LUA_Crypt")
sched.loop()

Then I can get back the file on the FTP on my computer (in local) and I can decrypt normaly the file with the following request :

openssl enc -d -aes-128-ctr -K 30313233343536373839414243444546 -iv 30313233343536373840414243444546 -in C:\Users\sebastien.vitrai\Desktop\Encryption\IN\LUA_Test_V1_150924_09.csv -out C:\Users\sebastien.vitrai\Desktop\Encryption\OUT\LUA_Encypt_OK.csv

This method works good.
But when I use my LUA program, I can’t decrypt a file.
My program consist to read data on the serial port and store it.
I write the data on two file in RAM. I d’ont want to use Flash Memory. See the following code :

local Fichier_1 = "DATE;TRAME"..'\10'
local Fichier_2 = "DATE;TRAME"..'\10'

function checkintegrity(buffer)

	
	
	....
		--From UART
			if string.byte(buffer,g+length+2) == 22 and string.byte(buffer,g+3) == 174 and string.byte(buffer,g+4) == 12 then
				then
				print("Product Enless and 16 found, Trame complete")
	 			local trame = tohex(string.sub(buffer, g, g+length+2))
	 			print("la trame est :", trame)
	 				if Heure%2 ~= 0 then 
	 					Fichier_1 = Fichier_1 .. os.date("%Y/%m/%d")..'\32'.. os.date("%H:%M:%S") ..';'.. tohex(string.sub(buffer, g, g+length+2)) ..'\10' 
						print ("Fichier 1:")
						print (Fichier_1)
	 					g = string.find (buffer, '\104', Fin_Trame)
	 					print ("Position dans le buffer :",g)
	 				else
	 					Fichier_2 = Fichier_2 .. os.date("%Y/%m/%d")..'\32'.. os.date("%H:%M:%S") ..';'.. tohex(string.sub(buffer, g, g+length+2)) ..'\10'
						print ("Fichier 2:")
						print (Fichier_2)
	 					g = string.find (buffer, '\104', Fin_Trame)
	 					print ("Position dans le buffer :",g)
	 				end

          ......
              end
end

I write in hexadecimal in the two file and when I use the same request to decrypt :

openssl enc -d -aes-128-ctr -K 30313233343536373839414243444546 -iv 30313233343536373840414243444546 -in C:\Users\sebastien.vitrai\Desktop\Encryption\IN\LUA_Test_V1_150924_09.csv -out C:\Users\sebastien.vitrai\Desktop\Encryption\OUT\LUA_Encypt_OK.csv

It doesn’t work. It decrypt only the header : “DATE;TRAME”.

I think it doesn’t work because I write in hexadecimale in my files, but what is the solution without use flash memory ?

If you have an other solution to encrypt, I’m more than interrested.

Thank you in advance,

Sebastien