FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Perform AES-GCM encryption and decryption of plaintext using the CAAM hardware on the LS1028A board

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Perform AES-GCM encryption and decryption of plaintext using the CAAM hardware on the LS1028A board

Jump to solution
‎07-21-2025 07:06 AM
629 Views
Sweet
Contributor I
I am developing a Security Engine (CAAM) driver for a Layerscape board. I’m currently looking for guidance or source code references for the following operation:
 
I want to create a black key and use it for AES-GCM encryption/decryption of plaintext.
I am already able to generate a black key successfully using AES-CCM. However, I need to encrypt and decrypt the plaintext using the AES-GCM algorithm, and I'm unable to find any example code or clear steps to build the required job descriptor.
 
While the Linux kernel source includes code to construct shared descriptors, I need to create a non-shared (simple) descriptor for this operation.
 
Additionally, could someone please explain how the black key is properly used to encrypt and decrypt data using AES-GCM? Specifically:
 
- How to load the black key and key modifier in the descriptor.
- How the CAAM uses this key internally for GCM encryption/decryption.
 
Any reference links or working examples would be greatly appreciated.

 

0 Kudos
Reply
1 Solution
2 Replies

Jump to solution
‎07-22-2025 07:21 AM
592 Views
Oswalag
NXP TechSupport
NXP TechSupport

Hello,

You can find a reference of how to generate a black key.

GitHub - nxp-imx/keyctl_caam: Keyctl CAAM Security

DPDK default supports AES_GCM in dpaa sec driver. You can refer to DPDK source code on descriptor building in DPAA_SEC_AEAD case.
DPDK/drivers/crypto/dpaa_sec/dpaa_sec.c

You can also find more information in the LS1028ASECRM

0 Kudos
Reply

Jump to solution
‎07-30-2025 10:12 PM
455 Views
Sweet
Contributor I

Thanks, @Oswalag 

I found a good reference for the black key at https://gitlab.navisincontrol.com/varigit/linux-imx/-/blob/lf-5.15.y_var01/drivers/crypto/caam/caamk... , and for AES-GCM at https://github.com/nxp-mcuxpresso/mcux-sdk/blob/main/drivers/caam/fsl_caam.c 

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2137506%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EPerform%20AES-GCM%20encryption%20and%20decryption%20of%20plaintext%20using%20the%20CAAM%20hardware%20on%20the%20LS1028A%20board%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2137506%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CDIV%3EI%20am%20developing%20a%20Security%20Engine%20(CAAM)%20driver%20for%20a%20Layerscape%20board.%20I%E2%80%99m%20currently%20looking%20for%20guidance%20or%20source%20code%20references%20for%20the%20following%20operation%3A%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EI%20want%20to%20create%20a%20black%20key%20and%20use%20it%20for%20AES-GCM%20encryption%2Fdecryption%20of%20plaintext.%3C%2FDIV%3E%3CDIV%3EI%20am%20already%20able%20to%20generate%20a%20black%20key%20successfully%20using%20AES-CCM.%20However%2C%20I%20need%20to%20encrypt%20and%20decrypt%20the%20plaintext%20using%20the%20AES-GCM%20algorithm%2C%20and%20I'm%20unable%20to%20find%20any%20example%20code%20or%20clear%20steps%20to%20build%20the%20required%20job%20descriptor.%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EWhile%20the%20Linux%20kernel%20source%20includes%20code%20to%20construct%20shared%20descriptors%2C%20I%20need%20to%20create%20a%20non-shared%20(simple)%20descriptor%20for%20this%20operation.%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EAdditionally%2C%20could%20someone%20please%20explain%20how%20the%20black%20key%20is%20properly%20used%20to%20encrypt%20and%20decrypt%20data%20using%20AES-GCM%3F%20Specifically%3A%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E-%20How%20to%20load%20the%20black%20key%20and%20key%20modifier%20in%20the%20descriptor.%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E-%20How%20the%20CAAM%20uses%20this%20key%20internally%20for%20GCM%20encryption%2Fdecryption.%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EAny%20reference%20links%20or%20working%20examples%20would%20be%20greatly%20appreciated.%3C%2FDIV%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2144152%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Perform%20AES-GCM%20encryption%20and%20decryption%20of%20plaintext%20using%20the%20CAAM%20hardware%20on%20the%20LS1028A%20bo%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2144152%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EThanks%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F199933%22%20target%3D%22_blank%22%3E%40Oswalag%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20found%20a%20good%20reference%20for%20the%20%3CSTRONG%3Eblack%20key%3C%2FSTRONG%3E%20at%20%3CA%20href%3D%22https%3A%2F%2Fgitlab.navisincontrol.com%2Fvarigit%2Flinux-imx%2F-%2Fblob%2Flf-5.15.y_var01%2Fdrivers%2Fcrypto%2Fcaam%2Fcaamkeyblob.c%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgitlab.navisincontrol.com%2Fvarigit%2Flinux-imx%2F-%2Fblob%2Flf-5.15.y_var01%2Fdrivers%2Fcrypto%2Fcaam%2Fcaamkeyblob.c%3C%2FA%3E%20%2C%20and%20for%20%3CSTRONG%3EAES-GCM%3C%2FSTRONG%3E%20at%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fnxp-mcuxpresso%2Fmcux-sdk%2Fblob%2Fmain%2Fdrivers%2Fcaam%2Ffsl_caam.c%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fnxp-mcuxpresso%2Fmcux-sdk%2Fblob%2Fmain%2Fdrivers%2Fcaam%2Ffsl_caam.c%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2138480%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Perform%20AES-GCM%20encryption%20and%20decryption%20of%20plaintext%20using%20the%20CAAM%20hardware%20on%20the%20LS1028A%20bo%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2138480%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%3C%2FP%3E%0A%3CP%3EYou%20can%20find%20a%20reference%20of%20how%20to%20generate%20a%20black%20key.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fnxp-imx%2Fkeyctl_caam%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EGitHub%20-%20nxp-imx%2Fkeyctl_caam%3A%20Keyctl%20CAAM%20Security%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EDPDK%20default%20supports%20AES_GCM%20in%20dpaa%20sec%20driver.%20You%20can%20refer%20to%20DPDK%20source%20code%20on%20descriptor%20building%20in%20DPAA_SEC_AEAD%20case.%3C%2FSPAN%3E%3CBR%20clear%3D%22none%22%20%2F%3E%3CSPAN%3EDPDK%2Fdrivers%2Fcrypto%2Fdpaa_sec%2Fdpaa_sec.c%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EYou%20can%20also%20find%20more%20information%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.nxp.com%2Fwebapp%2FDownload%3FcolCode%3DLS1028ASECRM%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ELS1028ASECRM%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E