En/Decryption of data on iMX6 board

The 3.10.9 release is not issued yet.

Hi Yuri,

I tried building the sdk to test the caam module with the command  ./tools/build_sdk with test=caam. But found no useful information on "./output/mx6dq/sdk_unit_test/sabre_ai_rev_a" folder. can you please suggest me on how to understand the output upon testing caam driver using sdk.

Thanks,

Rashmi. 

You wrote " found no useful information on "./output/mx6dq/sdk_unit_test/sabre_ai_rev_a" folder".

Do You mean that there are no .elf, .bin, .map files in the output directory ? 

Are there errors reported during build process ?

Hi Yuri,

No errors, have got .elf .bin .map files in output directory. But throught this files how can I ensure whether CAAM is tested on board or not.

Thanks,

Rashmi

Thanks for the reply Yuri.

Can you also brief me on how to execute those src .C files available on imx6_platform_SDk/sdk/drivers/caam. Can I use those C files to encrypt and decrypt my data.

Thanks ,

Rashmi

Source .c files may be used as example. It is needed to analyze them, using CAAM description in the Security Reference Manual for i.MX6.

You may download the security manual from our website (link below). You will

need to login in order to do this.

https://www.freescale.com/webapp/Download?colCode=IMX6DQ6SDLSRM&appType=moderatedWithoutFAE&fpsp=1&WT_TYPE=Reference%20Manuals&WT_VENDOR=FREESCALE&WT_FILE_FORMAT=pdf&WT_ASSET=Documentation&Parent_nodeId=1337694700967726419044&Parent_pageType=product&Parent_nodeId=1337694700967726419044&Parent_pageType=product

Hi Yuri,

I am using AF_ALG family for userspace interface for Kernel cryptoAPI. But when i try to test it using the command "openssl speed -evp aes-256 -cbc -engine af_alg -elapsed" i get the error as:

root@imx6qsabrelite:~# openssl speed -e aes-256-cbc -engine af_alg -elapsed
Error configuring OpenSSL
716629200:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:eng_cnf.c:204:
716629200:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=openssl_engines, retcode=-1     
root@imx6qsabrelite:~#

Please, Can you suggest me on how to fix these error.

Thanks,

Rashmi.

Hi Rashmi,

I have the exact same error. I downloaded the af_alg code that was attached in this community website by Dipen Patel. I compiled it on my iMX6. But when I tested with the above openssl command. I get the exact same error. Could you please tell me your fix so that it can help all of us?

thanks a ton in advance!

Tera

Hi Tera,

Link to configure AF_ALG in openssl:

http://src.carnivore.it/users/common/af_alg/about/

Regards,

Rashmi

Hi Rashmi,

Hello All,

Thank you for the link. I followed it. The only difference is when I replace the original openssl.cnf with the one of the af_alg as mentioned in the link above, I get the error that Rashmi had:

Error configuring OpenSSL
716629200:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:eng_cnf.c:204:
716629200:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=openssl_engines, retcode=-1

But when I retained the original openssl.cnf but already changed the kernel config with all the flags mentioned and after copying the libaf_alg.so in the correct openssl engine directory, I see that the engine af_alg gets set. I did a quick speed test but surprisingly saw that the speed was the same as before(without af_alg). So now I am puzzled whether my CAAM is being used at all by the af_alg :smileysad:

Anyone can throw some light? How can I check if my CAAM is being called by the af_alg? I had set "caam" in my bootargs. I also see it if I type /proc/crypto:

digestsize   : 20

min keysize  : 16

max keysize  : 32

min keysize  : 16

max keysize  : 32

Speed test:

openssl speed -evp aes-128-cbc

Doing aes-128-cbc for 3s on 16 size blocks: 3004381 aes-128-cbc's in 3.00s

Doing aes-128-cbc for 3s on 64 size blocks: 849813 aes-128-cbc's in 3.00s

Doing aes-128-cbc for 3s on 256 size blocks: 220358 aes-128-cbc's in 3.00s

Doing aes-128-cbc for 3s on 1024 size blocks: 55605 aes-128-cbc's in 3.00s

Doing aes-128-cbc for 3s on 8192 size blocks: 6969 aes-128-cbc's in 3.00s

OpenSSL 1.0.0e 6 Sep 2011

built on: Tue Feb 19 00:08:00 UTC 2013

options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr)

compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall

The 'numbers' are in 1000s of bytes per second processed.

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes

aes-128-cbc      16023.37k    18129.34k    18803.88k    18979.84k    19030.02k

With af_alg:

openssl speed -evp aes-128-cbc -e

engine "af_alg" set.

Doing aes-128-cbc for 3s on 16 size blocks: 2998763 aes-128-cbc's in 3.00s

Doing aes-128-cbc for 3s on 64 size blocks: 849813 aes-128-cbc's in 3.00s

Doing aes-128-cbc for 3s on 256 size blocks: 220357 aes-128-cbc's in 3.00s

Doing aes-128-cbc for 3s on 1024 size blocks: 55605 aes-128-cbc's in 3.00s

Doing aes-128-cbc for 3s on 8192 size blocks: 6970 aes-128-cbc's in 3.00s

OpenSSL 1.0.0e 6 Sep 2011

built on: Tue Feb 19 00:08:00 UTC 2013

options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr)

compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall

The 'numbers' are in 1000s of bytes per second processed.

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes

aes-128-cbc      15993.40k    18129.34k    18803.80k    18979.84k    19032.75k

Thanks in advance.

Tera

Hi Tera,

You can use cat /proc/interrupts command and look for caam_jobr row entries values getting incremented on each run (if af_alg engine is used). If the values are incremented then CAAM is used.

Regards,

Rashmi.

Hi Yuri,

Above issue is been resolved. We have setup the CAAM and tried the AF_ALG userspace interface to implement the same.But I am seeing the output as below with openssl command.

root@imx6qsabrelite:~# openssl speed -evp aes-128-cbc -engine af_alg -elapsed
engine "af_alg" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 2892 aes-128-cbc's in 2.98s
Doing aes-128-cbc for 3s on 64 size blocks: 2840 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 2816 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2668 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 2031 aes-128-cbc's in 3.00s
OpenSSL 1.0.1e 11 Feb 2013
built on: Fri Oct 18 22:13:21 IST 2013
options:bn(64,32) rc4(ptr,int) des(idx,risc1,2,long) aes(partial) idea(int) blowfish(idx)
compiler: arm-poky-linux-gnueabi-gcc  -march=armv7-a -mthumb-interwork -mfloat-abi=hard -mfpu=neon -mtune=cortex-a9 --sysroot=/home/developer/Y
octo-1.5/build/tmp/sysroots/imx6qsabrelite -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN     -DTERMI
O  -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes 1024 bytes   8192 bytes
aes-128-cbc 15.53k       60.59k 240.30k      910.68k     5545.98k

I would like to know does the command "openssl speed -evp aes-128-cbc -engine af_alg -elapsed" has used CAAM for encryption?

How do I make sure whether CAAM is implemented?

Thanks,

Rashmi.

Dear Yuri,

I see the above output using openssl commands. But i'm not able to understand what does "Doing aes-128-cbc for 3s on 8192 size blocks: 2031 aes-128-cbc's in 3.00s" means, I have tried searching for the information but I got no information. If you could brief me on this result explains would be of great help to me.

Thanks,

Rashmi.

The phrase "Doing aes-128-cbc for 3s on 8192 size blocks: 2031 aes-128-cbc's in 3.00s" means,

that "aes-128-cbc" algorithm was used with data blocks of 8K and the speed of this operation

is 2031 ops per 3 sec. That is : ~[700 (aes-128-cbc) ops] / sec, when using 8K data blocks.

I think it makes sense check cpu usage using command "top"; if CAAM is working, cpu usage is ~several %. 

what does "3.10.17-1.0.0 beta release" mean? is this LTIB release number, Yocto release number, or OpenSSL release number, or android release number? I could not make sense out of any of these numbers.

thanks,