FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

encrypt & crypto , caam

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

encrypt & crypto , caam

Jump to solution
‎10-17-2016 10:42 PM
3,473 Views
rans
Senior Contributor I

Hello,

I am a new on the subject of caam with imx6.

I saw some questions on this subject, so please excuse me if I might repeat a question which was asked (though I could not find the answer yet).

We are dealing with a new project, so we shall use the latest BSP.

1. Encapsulate message from ethernet port #1,  Encrypt (AES256\128) data, and send through ethernet port #2

2. Decapsulate message from ethernet port #2 Dencrypt data, and send through ethernet port #1

Thank you for any suggestions and link to documentation !

Ran

Labels (1)
Labels
Reply
1 Solution

Jump to solution
‎10-19-2016 07:40 PM
2,966 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Yes, You may use the cryptodev.

Supported options, that should be registered in kernel, are described in

mentioned above Chapter 50  of “i.MX_Linux_Reference_Manual.pdf” 

Regards,

Yuri.

View solution in original post

Reply
5 Replies

Jump to solution
‎10-17-2016 10:57 PM
2,966 Views
Yuri
NXP Employee
NXP Employee

Hello,

 

  When using Linux L4.1.15 : the CAAM drivers are accelerated through the CryptoDev interface. Please refer to Chapter 50 [CAAM (Cryptographic Acceleration and Assurance Module)] of “i.MX_Linux_Reference_Manual.pdf” describes CAAM driver options. Section 9 (Security) of “i.MX_Linux_User's_Guide.pdf” shows how to test CAAM driver with openssl.

 

 

Have a great day,

Yuri

 

------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct

Answer button. Thank you!

------------------------------------------------------------------------------

Reply

Jump to solution
‎10-18-2016 10:45 PM
2,966 Views
rans
Senior Contributor I

Hi Yuri,

I think that for packet encrypt/decrypt, I better use cryptodev instead of openssl APIs, Right ?

Does cryptodev should be used with "AF_ALG" APIs or "/dev/crypto" APIs ?

I also see that there are many oprtions in cryptodev , see

gocryptodev - GoDoc 

Does CAAM support all of them ?

I wonder what is aes 128/256 among these many options.

Regards,

Ran

0 Kudos
Reply

Jump to solution
‎10-19-2016 07:40 PM
2,967 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Yes, You may use the cryptodev.

Supported options, that should be registered in kernel, are described in

mentioned above Chapter 50  of “i.MX_Linux_Reference_Manual.pdf” 

Regards,

Yuri.

Reply

Jump to solution
‎10-18-2016 05:31 AM
2,966 Views
rans
Senior Contributor I

Hi,

Thank you for the responses!

Now If I basicly just need to encrypt/decrypt specific messages with AES256:

Should I catch messages and use direct call to CAAM according to CAAM driver APIs (such solution must involve a kernel module solution I suppose), or should I use openssl to encrypt/decrypt as done in the following example:

http://web.mit.edu/sit/Sipb/iadev/doc/SSLeay/ssl-client.c 

Thank you for the suggestions,

Ran

0 Kudos
Reply

Jump to solution
‎10-17-2016 10:53 PM
2,966 Views
BiyongSUN
NXP Employee
NXP Employee

please check the reply in

https://community.nxp.com/thread/436552

0 Kudos
Reply