KVStore with security

phlegx · June 22, 2021, 11:32am

Hi!

I have implemented an example of KVstore with security with ah simple key set and key get (SD card). After that I have removed the key set part of my code and recompiled to see if the key get code can read the value. But it don’t work. The value is empty. Any idea why?

Another problem is, that I’m not able to find a documentation about how the secure KVstore encrypts and decrypts the keys and values.

Any help is very appreciated!

void kv_store_global_api_example()
{
    char kv_value_in[EXAMPLE_KV_VALUE_LENGTH] = {"kvstore_dummy_value_hello_world"};
    char kv_key_in[EXAMPLE_KV_KEY_LENGTH] = {"/kv/dummy_key_enc"};
    char kv_key_out[EXAMPLE_KV_KEY_LENGTH] = {0};
    size_t actual_size = 0;

    /* key information container */
    kv_info_t info;

    int res = MBED_ERROR_NOT_READY;

    /* Start By Resetting the KV Storage */
    /*
    printf("kv_reset\n");
    res = kv_reset("/kv/");
    printf("kv_reset -> %d\n", err_code(res));
    */

    /* Set an authenticated-encrypted 'Dummy' key with Replay protection */
    /*
    printf("kv_set third key with Confidentiality and Replay Protection flags\n");
    res = kv_set(kv_key_in, kv_value_in, strlen(kv_value_in),
                 KV_REQUIRE_CONFIDENTIALITY_FLAG | KV_REQUIRE_REPLAY_PROTECTION_FLAG);
    printf("kv_set -> %d\n", err_code(res));
    */

    printf("kv_get_info of first key\n");
    res = kv_get_info(kv_key_in, &info);
    printf("kv_get_info -> %d\n", err_code(res));
    printf("kv_get_info key: %s\n", kv_key_in);
    printf("kv_get_info info - size: %u, flags: %u\n", info.size, info.flags);

    printf("kv_get first key\n");
    char *kv_first_value_out = new char[info.size + 1];
    memset(kv_first_value_out, 0, info.size + 1);
    res = kv_get(kv_key_in, kv_first_value_out, info.size, &actual_size);
    printf("kv_get -> %d\n", err_code(res));
    printf("kv_get key: %s\n", kv_key_in);
    printf("kv_get value: %s\n", kv_first_value_out);
    delete[] kv_first_value_out;

    return;
}

MBed OS: 5.15.7

JohnnyK · June 22, 2021, 11:47am

Hello,

I am not sure If I understand your description.
You wrote

The value what you set will remain only during power down but not during re-flash the memory.

BR, Jan

phlegx · June 22, 2021, 12:00pm

Hi @JohnnyK,

I have written a small code example, that sets a key like described above. After that, I have powered off the target, removed the SD card and attached the card to my OS to see, what KVstore has created on it.

SD Card:

Folder kvstore with file dummy_key_enc.

After that I have attached the SD card back to my target, recompiled my code example but without the reset part and the set key part (see code above), to see if I am able to only read the key value of KVstore stored on the SD card. But it does not work!

So, what I want to do:

have a config file on SD card and
the possibility to update the firmware without touch the config file stored on SD card as KVstore.

Is this the right way for what I want to do?

JohnnyK · June 22, 2021, 12:39pm

Ah, now it is clear to me, you have storage_type = FILESYSTEM.

Did you check the SD card again? KVStore :: reset () seems to delete all existing keys.

github.com

ARMmbed/mbed-os/blob/cecc47b4a53951527dd3f670465c8566396ad101/storage/kvstore/filesystemstore/source/FileSystemStore.cpp#L147


      
                  status = MBED_ERROR_NOT_READY;
                  goto exit_point;
              }
          
          
    kv_dir.open(_fs, _cfg_fs_path);
          
          
    while (kv_dir.read(&dir_ent) != 0) {
                  if (dir_ent.d_type != DT_REG) {
                      continue;
                  }
                  // Build File's full path name and delete it (even if write-onced)
                  _build_full_path_key(dir_ent.d_name);
                  _fs->remove(_full_path_key);
              }
          
          
    kv_dir.close();
          
          
exit_point:
              _mutex.unlock();
              return status;
          }

BR, Jan

phlegx · June 22, 2021, 12:43pm

I have recompiled my code example but without the reset part and the set key part (see code above, the reset part etc. is commented). I don’t understand why a simple read of a existing KVstore (SD card) don’t work!?

Re-check content of the SD card: Folder kvstore and file dummy_key_enc is present. I have also tested to set key without security. Same problem.

JohnnyK · June 22, 2021, 12:44pm

Ah, sorry. It is badly visible what is commented out.

phlegx · June 22, 2021, 1:35pm

Here a full example. To try it out:

Please remove comment on kv reset part and kv set part.
Compile and run.
Comment kv reset part and kv set part.
Compile and run.

You can see, that the program is not able to read an existing KVstore on the SD card.

#include "mbed.h"
#include "KVStore.h"
#include "kvstore_global_api.h"

#define EXAMPLE_KV_VALUE_LENGTH 64
#define EXAMPLE_KV_KEY_LENGTH 32
#define err_code(res) MBED_GET_ERROR_CODE(res)

int main()
{
    char kv_value_in[EXAMPLE_KV_VALUE_LENGTH] = {"abcd"};
    char kv_key_in[EXAMPLE_KV_KEY_LENGTH] = {"/kv/test"};
    char kv_key_out[EXAMPLE_KV_KEY_LENGTH] = {0};
    int res = MBED_ERROR_NOT_READY;
    size_t actual_size = 0;

    kv_info_t info;

    /* Start by resetting the KV storage */
    /*printf("kv_reset\n");
    res = kv_reset("/kv/");
    printf("kv_reset -> %d\n", err_code(res));*/

    /* Set key value storage. */
    /*printf("kv_set /kv/test\n");
    res = kv_set(kv_key_in, kv_value_in, strlen(kv_value_in), 0);
    printf("kv_set -> %d\n", err_code(res));*/

    /* Start by getting key's information */
    printf("kv_get_info of first key\n");
    res = kv_get_info(kv_key_in, &info);
    printf("kv_get_info -> %d\n", err_code(res));
    printf("kv_get_info key: %s\n", kv_key_in);
    printf("kv_get_info info - size: %u, flags: %u\n", info.size, info.flags);

    /* Now that you know the data value size of this key,
     * allocate a buffer with matching size and get the value data */
    printf("kv_get first key\n");
    char *kv_first_value_out = new char[info.size + 1];
    memset(kv_first_value_out, 0, info.size + 1);
    res = kv_get(kv_key_in, kv_first_value_out, info.size, &actual_size);
    printf("kv_get -> %d\n", err_code(res));
    printf("kv_get key: %s\n", kv_key_in);
    printf("kv_get value: %s\n", kv_first_value_out);
    delete[] kv_first_value_out;
}

JohnnyK · June 22, 2021, 3:12pm

What is a content of your mbed_app.json ? I probably missing something.
This moment I have created only kvstore folder on my SD card but no file and also the get_kv at the end of program is empty.

BR, Jan

phlegx · June 22, 2021, 3:35pm

Here my config in mbed_app.json with the related parameters:

{
    "target_overrides": {
        "*": {
            "platform.stdio-convert-newlines": true,
            "platform.stdio-baud-rate": 115200,
            "platform.default-serial-baud-rate": 115200,
            "mbed-trace.enable": true
        },
        "MYTARGET": {
            "target.features_add": ["STORAGE"],
            "target.components_add": ["SD"],
            "storage.storage_type": "FILESYSTEM",
            "sd.SPI_MOSI": "SPI_MOSI",
            "sd.SPI_MISO": "SPI_MISO",
            "sd.SPI_CLK": "SPI_CLK",
            "sd.SPI_CS": "SPI_NSS"
        }
    }
}

JohnnyK · June 23, 2021, 8:30pm

Hello,

sorry for delay.
In my case all methods of your code return errors and I do not know why.

However I found a way please see this example (Mbed-os 6.10 Nucleo-F429ZI).

Edit:
I forgot you use MbedOs 5.15.7 but also with this version seems to be working for me.

BR, Jan

Topic		Replies	Views
NVStore API is deprecated, please use KVStore Mbed OS	1	639	March 13, 2020
NUCLEO L496ZG - Needing to retain a few variables on reset Mbed OS	7	520	December 17, 2020
Proper way to keep values after reset Best practice	4	853	March 29, 2021
MAX32620 KVStore Best practice	0	209	February 18, 2022
KV Store fault exception Mbed OS	4	366	April 8, 2021

KVStore with security

Related Topics