I.MX6 Cryptographic Acceleration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I.MX6 Cryptographic Acceleration

Jump to solution
36,617 Views
johnlangworthy
Contributor I

The I.MX6 is described as offering cryptographic acceleration in the CAAM. However, as far as I can see, there is no documentation avaialble to support this. Does anybody know what the capabilities are, and how we can access them?

Cheers

Labels (1)
1 Solution
8,613 Views
rodz
Contributor III

Hi John,

As Yuri has mentioned above the i.MX 6 Security reference manual contains all the information on CAAM and it's capabilities.  This is a moderated document but should not require an NDA.  Please contact your local Freescale FAE to obtain access to this document.

At a high level the CAAM is a DMA master supporting the following capabilities:

Secure memory feature with HW enforced access control

Cryptographic authentication

  * Hashing algorithms

     * MD5

     * SHA-1

     * SHA-224

     * SHA-256

  * Message authentication codes (MAC)

     * HMAC-all hashing algorithms

     * AES-CMAC

     * AES-XCBC-MAC

  * Auto padding

  * ICV checking

Authenticated encryption algorithms

  * AES-CCM (counter with CBC-MAC)

Symmetric key block ciphers

  * AES (128-bit, 192-bit or 256-bit keys)

  * DES (64-bit keys, including key parity)

  * 3DES (128-bit or 192-bit keys, including key parity)

Cipher modes

  * ECB, CBC, CFB, OFB for all block ciphers

  * CTR for AES

Symmetric key stream ciphers

* ArcFour (alleged RC4 with 40 - 128 bit keys)

* Random-number generation

  * Entropy is generated via an independent free running ring oscillator

  * Oscillator is off when not generating entropy; for lower-power consumption

  * NIST-compliant, pseudo random-number generator seeded using hardware generated entropy

The Freescale Linux BSP contains a CAAM driver to make use of the above features.  The use of CAAM is via the Linux CryptoAPI.  The driver itself is integrated with the Crypto API kernel service in which the algorithms supported by CAAM can replace the native SW implementations.

Regards,

-Rod

View solution in original post

35 Replies
2,895 Views
kiyoshizen
Contributor I

Thank you Yuri and everyone else for very useful thread,

I managed to use AF_ALG on my nitrogen6q to make OpenSSL work with CAAM drivers. but the result is not stable, when running the openssl test randomly cause "Internal error: Oops: 17"   anyone got any idea what might be the problem? please help

Example:

# openssl speed -evp md5

Doing md5 for 3s on 16 size blocks: 26876 md5's in 0.17s

Doing md5 for 3s on 64 size blocks: 15716 md5's in 0.22s

Doing md5 for 3s on 256 size blocks: 15474 md5's in 0.14s

Doing md5 for 3s on 1024 size blocks: 13861 md5's in 0.09s

Doing md5 for 3s on 8192 size blocks: 7063 md5's in 0.15s

OpenSSL 1.0.1i 6 Aug 2014

built on: Thu Sep 10 16:02:35 IDT 2015

options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr)

compiler: /buildroot-2014.08/output/host/usr/bin/arm-buildroot-linux-gnueabi-gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLM

The 'numbers' are in 1000s of bytes per second processed.

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes

md5               2529.51k     4571.93k    28295.31k   157707.38k   385733.97k

#

#

# openssl speed -evp md5

Doing md5 for 3s on 16 size block[ 1992.291028] Unable to handle kernel NULL pointer dereference at virtual address 00000e90

s: [ 1992.301706] pgd = dc76c000

[ 1992.304645] [00000e90] *pgd=2ca14831, *pte=00000000, *ppte=00000000

[ 1992.310985] Internal error: Oops: 17 [#17] SMP ARM

[ 1992.315779] Modules linked in: algif_hash algif_skcipher af_alg

[ 1992.321759] CPU: 3 PID: 3003 Comm: openssl Tainted: G      D      3.10.17+ #3

[ 1992.328898] task: dc7ae580 ti: dc5ee000 task.ti: dc5ee000

[ 1992.334310] PC is at memcpy+0x80/0x330

[ 1992.338071] LR is at ahash_update_first+0x7f8/0x8ec

[ 1992.342953] pc : [<c024a340>]    lr : [<c04bbc50>]    psr: 000f0013

[ 1992.342953] sp : dc5efd14  ip : 00000010  fp : dc5efd9c

[ 1992.354431] r10: 000000d0  r9 : dc526680  r8 : 00000000

[ 1992.359658] r7 : 00000000  r6 : dc526400  r5 : 00000010  r4 : dc526600

[ 1992.366186] r3 : c04b8a9c  r2 : fffffff0  r1 : 00000e90  r0 : dc526600

[ 1992.372717] Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user

[ 1992.379854] Control: 10c5387d  Table: 2c76c04a  DAC: 00000015

[ 1992.385601] Process openssl (pid: 3003, stack limit = 0xdc5ee238)

[ 1992.391697] Stack: (0xdc5efd14 to 0xdc5f0000)

[ 1992.396057] fd00:                                              00000010 dc526400 00000000

[ 1992.404240] fd20: 00000000 dc526600 dc526600 c04bbc50 c004b90c c0251e44 dc5efd84 dc5efd48

[ 1992.412421] fd40: c00a48c0 c004b908 00000000 00000000 dc526500 00000000 2c64c928 dc5efd88

[ 1992.420603] fd60: dc526600 00000000 dc64c840 c0259fec dc5efd88 00000010 01703ea0 00000010

[ 1992.428786] fd80: 00010000 dc526400 dc5ee000 00000010 dc5efdac dc5efda0 c04b5e94 c04bb464

[ 1992.436968] fda0: dc5efdf4 dc5efdb0 bf00b2b0 c04b5e8c dc5efecc 00000001 dc5efecc dc571000

[ 1992.445149] fdc0: dc526544 dc526580 dc64c800 00000001 00000010 dc5efecc dc7ae580 01703e90

[ 1992.453330] fde0: dc5ee000 00008000 dc5efeb4 dc5efdf8 c050800c bf00b1f8 00000001 00000000

[ 1992.461512] fe00: dc5efe1c 00000010 da169e00 00000000 00000000 dc5efecc dc5efe54 dc5efe28

[ 1992.469695] fe20: c00c8fd4 c05dfc60 000003d0 00000010 dc571000 dc5710a0 00000001 00000000

[ 1992.477875] fe40: 00000000 00000000 00000000 dc7ae580 00000000 00000000 00000000 00000000

[ 1992.486056] fe60: dc5efdf8 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[ 1992.494237] fe80: 00000000 00000000 00000000 00000000 00000000 00000000 da169e00 00000010

[ 1992.502418] fea0: 00000000 00000000 dc5eff8c dc5efeb8 c0509e8c c0507f98 dc5efed4 fffffff7

[ 1992.510600] fec0: 00000000 01703e90 00000010 00000000 00000000 dc5efec4 00000001 00000000

[ 1992.518781] fee0: 00000000 00008000 0000011a c000f104 dc5effa4 dc5eff00 c05099b4 bf000350

[ 1992.526962] ff00: 00000000 00000000 61680026 00006873 00000000 00000000 00000000 00000000

[ 1992.535144] ff20: 0035646d 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[ 1992.543324] ff40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[ 1992.551506] ff60: c00e880c c00e878c 00000010 00000000 bec0b484 00000121 c000f104 00000000

[ 1992.559687] ff80: dc5effa4 dc5eff90 c0509ed0 c0509de0 00000000 00000000 00000000 dc5effa8

[ 1992.567869] ffa0: c000ef80 c0509ebc 00000010 00000000 00000004 01703e90 00000010 00008000

[ 1992.576050] ffc0: 00000010 00000000 bec0b484 00000121 01703e90 00000000 0006842c 0007773c

[ 1992.584231] ffe0: 00000000 bec0b284 b6cc6ac0 b6da1a7c 600f0010 00000004 ebff5a13 e51f15bc

[ 1992.592407] Backtrace:

[ 1992.594879] [<c04bb458>] (ahash_update_first+0x0/0x8ec) from [<c04b5e94>] (ahash_update+0x14/0x18)

[ 1992.603848] [<c04b5e80>] (ahash_update+0x0/0x18) from [<bf00b2b0>] (hash_sendmsg+0xc4/0x1d0 [algif_hash])

[ 1992.613430] [<bf00b1ec>] (hash_sendmsg+0x0/0x1d0 [algif_hash]) from [<c050800c>] (sock_sendmsg+0x80/0xa0)

[ 1992.623007] [<c0507f8c>] (sock_sendmsg+0x0/0xa0) from [<c0509e8c>] (SyS_sendto+0xb8/0xdc)

[ 1992.631184]  r7:00000000 r6:00000000 r5:00000010 r4:da169e00

[ 1992.636906] [<c0509dd4>] (SyS_sendto+0x0/0xdc) from [<c0509ed0>] (SyS_send+0x20/0x28)

[ 1992.644749] [<c0509eb0>] (SyS_send+0x0/0x28) from [<c000ef80>] (ret_fast_syscall+0x0/0x30)

[ 1992.653018] Code: e320f000 e4913004 e4914004 e4915004 (e4916004)

[ 1992.659153] ---[ end trace dd17fad707916035 ]---

Segmentation fault

# [ 1992.989147] rtc-isl12022 0-006f: voltage dropped below 85%, date and time is not reliable.

0 Kudos
Reply
2,895 Views
Yuri
NXP Employee
NXP Employee

Hello,

You may try the recent FSL BSPs, where the Cryptodev interface is supported

via CAAM.

Regards,

Yuri.

2,925 Views
_benjamindubb
Contributor II

I tried using CAAM with ipsec and it seems like the kernel caam driver crashes. I'm on LTIB kernel 3.0.35-2310 version:

<8004a688>] (dma_sync_sg_for_device+0x18/0x4c) from [<803b290c>] (dma_map_sg_chained+0x48/0xa4)

[<803b290c>] (dma_map_sg_chained+0x48/0xa4) from [<803b4bfc>] (ablkcipher_edesc_alloc.constprop.27+0x3ac/0x3c8)

[<803b4bfc>] (ablkcipher_edesc_alloc.constprop.27+0x3ac/0x3c8) from [<803b4c34>] (ablkcipher_encrypt+0x1c/0x94)

[<803b4c34>] (ablkcipher_encrypt+0x1c/0x94) from [<8020b2bc>] (eseqiv_givencrypt+0x2c8/0x3d0)

[<8020b2bc>] (eseqiv_givencrypt+0x2c8/0x3d0) from [<8021ccc4>] (crypto_authenc_givencrypt+0x64/0x84)

[<8021ccc4>] (crypto_authenc_givencrypt+0x64/0x84) from [<8046daf8>] (esp_output+0x324/0x4bc)

[<8046daf8>] (esp_output+0x324/0x4bc) from [<8047a10c>] (xfrm_output_resume+0x188/0x278)

[<8047a10c>] (xfrm_output_resume+0x188/0x278) from [<80472034>] (xfrm4_output+0x20/0x24)

[<80472034>] (xfrm4_output+0x20/0x24) from [<80434f94>] (ip_local_out+0x28/0x2c)

[<80434f94>] (ip_local_out+0x28/0x2c) from [<8043610c>] (ip_send_skb+0xc/0xd8)

[<8043610c>] (ip_send_skb+0xc/0xd8) from [<80454560>] (udp_send_skb+0xf0/0x3c8)

[<80454560>] (udp_send_skb+0xf0/0x3c8) from [<80456008>] (udp_sendmsg+0x254/0x7f8)

[<80456008>] (udp_sendmsg+0x254/0x7f8) from [<8045d8e8>] (inet_sendmsg+0x94/0xb8)

[<8045d8e8>] (inet_sendmsg+0x94/0xb8) from [<803feb84>] (sock_aio_write+0x114/0x13c)

[<803feb84>] (sock_aio_write+0x114/0x13c) from [<800eff30>] (do_sync_write+0xa4/0xe4)

[<800eff30>] (do_sync_write+0xa4/0xe4) from [<800f06bc>] (vfs_write+0x130/0x138)

[<800f06bc>] (vfs_write+0x130/0x138) from [<800f08a4>] (sys_write+0x40/0x6c)

[<800f08a4>] (sys_write+0x40/0x6c) from [<80040f80>] (ret_fast_syscall+0x0/0x30)

Code: e1a07003 d8bd80f8 e1a04001 e3a05000 (e5940000)

---[ end trace 9693d9778bad1379 ]---

I'm just trying to see what type of improvement to expect from the CAAM driver. I expect the CPU should not be so busy with HW CAAM engine. Any idea how much faster the CAAM engine is compared to plain software implementation?

Thanks,

-Ben

0 Kudos
Reply
2,925 Views
_benjamindubb
Contributor II

Freescale has shared with me some patches that address the CAAM driver crash. I can now pump traffic through ipsec tunnel setup with CAAM. These patches will hopefully be included in the next BSP update.

0 Kudos
Reply
2,925 Views
Yuri
NXP Employee
NXP Employee

Linux CAAM performance estimations may be found under the following discussion. 

< https://community.freescale.com/message/313424#313424 >

0 Kudos
Reply
2,925 Views
_benjamindubb
Contributor II

I get "Unauthorized" when I click on the link you provided. Do I need to ask my FAE for special access to this "secret" data?

0 Kudos
Reply
2,925 Views
Yuri
NXP Employee
NXP Employee

> Do I need to ask my FAE for special access to this "secret" data?


Yes, one way - to apply to FFAE.
Another way - just create SR (say, for me ) - I think I can provide the performance data under SR. 

0 Kudos
Reply
2,925 Views
davehaynie
Contributor II

I've been asking around for similar information. I have yet to meet anyone here from Freescale with crypto knowledge, until now. Original question is SR# 1-1062109201. Also a forum posting here.  Ideally after a benchmark of AES-GCM running on the i.MX6 (which, of course, can't be fully supported by the CAAM on this chip), but any performance metrics would be very useful in our selection process.

0 Kudos
Reply
2,925 Views
AlbertT
Contributor V

Hello Yuri,

So we can take advantage of the CAAM using OpenSSL ? Or it is restricted to some functions ?

Jocelyn

0 Kudos
Reply
2,925 Views
Yuri
NXP Employee
NXP Employee

> So we can take advantage of the CAAM using OpenSSL ?

Yes, if we find Open SSL implementation via scatterlist crypto API.

0 Kudos
Reply
2,925 Views
AlbertT
Contributor V

I don't fully understand, right now, if I use an OpenSSL function for AES encryption for instance, will it take advantage of CAAM or not ? Or should I code everything with Job Descriptor and so on ?

0 Kudos
Reply
2,925 Views
Yuri
NXP Employee
NXP Employee

If the OpenSSL uses /dev/crypto - we will use software implementation, no CAAM.

0 Kudos
Reply
2,925 Views
AlbertT
Contributor V

Oh ok, and is it possible to force OpenSSL to not use /dev/crypto or we have to wait for a new release of OSSL ?

0 Kudos
Reply
2,925 Views
Yuri
NXP Employee
NXP Employee

There is Security Reference Manual for i.MX6 - please apply to local Freescale FAE to get it.
(NDA is required.)