encrypt & crypto , caam

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

encrypt & crypto , caam

Jump to solution
1,609 Views
rans
Senior Contributor I

Hello,

I am a new on the subject of caam with imx6.

I saw some questions on this subject, so please excuse me if I might repeat a question which was asked (though I could not find the answer yet).

We are dealing with a new project, so we shall use the latest BSP.

1. Encapsulate message from ethernet port #1,  Encrypt (AES256\128) data, and send through ethernet port #2

2. Decapsulate message from ethernet port #2 Dencrypt data, and send through ethernet port #1

Thank you for any suggestions and link to documentation !

Ran

Labels (1)
1 Solution
1,102 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Yes, You may use the cryptodev.

Supported options, that should be registered in kernel, are described in

mentioned above Chapter 50  of “i.MX_Linux_Reference_Manual.pdf” 

Regards,

Yuri.

View solution in original post

5 Replies
1,102 Views
Yuri
NXP Employee
NXP Employee

Hello,

 

  When using Linux L4.1.15 : the CAAM drivers are accelerated through the CryptoDev interface. Please refer to Chapter 50 [CAAM (Cryptographic Acceleration and Assurance Module)] of “i.MX_Linux_Reference_Manual.pdf” describes CAAM driver options. Section 9 (Security) of “i.MX_Linux_User's_Guide.pdf” shows how to test CAAM driver with openssl.

 

 

Have a great day,

Yuri

 

------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct

Answer button. Thank you!

------------------------------------------------------------------------------

1,102 Views
rans
Senior Contributor I

Hi Yuri,

I think that for packet encrypt/decrypt, I better use cryptodev instead of openssl APIs, Right ?

Does cryptodev should be used with "AF_ALG" APIs or "/dev/crypto" APIs ?

I also see that there are many oprtions in cryptodev , see

gocryptodev - GoDoc 

Does CAAM support all of them ?

I wonder what is aes 128/256 among these many options.

Regards,

Ran

0 Kudos
1,103 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Yes, You may use the cryptodev.

Supported options, that should be registered in kernel, are described in

mentioned above Chapter 50  of “i.MX_Linux_Reference_Manual.pdf” 

Regards,

Yuri.

1,102 Views
rans
Senior Contributor I

Hi,

Thank you for the responses!

Now If I basicly just need to encrypt/decrypt specific messages with AES256:

Should I catch messages and use direct call to CAAM according to CAAM driver APIs (such solution must involve a kernel module solution I suppose), or should I use openssl to encrypt/decrypt as done in the following example:

http://web.mit.edu/sit/Sipb/iadev/doc/SSLeay/ssl-client.c 

Thank you for the suggestions,

Ran

0 Kudos
1,102 Views
BiyongSUN
NXP Employee
NXP Employee

please check the reply in

https://community.nxp.com/thread/436552

0 Kudos