encrypt & crypto , caam

cancel
Showing results for 
Search instead for 
Did you mean: 

encrypt & crypto , caam

Jump to solution
695 Views
ranshalit
Senior Contributor I

Hello,

I am a new on the subject of caam with imx6.

I saw some questions on this subject, so please excuse me if I might repeat a question which was asked (though I could not find the answer yet).

We are dealing with a new project, so we shall use the latest BSP.

1. Encapsulate message from ethernet port #1,  Encrypt (AES256\128) data, and send through ethernet port #2

2. Decapsulate message from ethernet port #2 Dencrypt data, and send through ethernet port #1

Thank you for any suggestions and link to documentation !

Ran

Labels (1)
1 Solution
188 Views
Yuri
NXP TechSupport
NXP TechSupport

Hello,

  Yes, You may use the cryptodev.

Supported options, that should be registered in kernel, are described in

mentioned above Chapter 50  of “i.MX_Linux_Reference_Manual.pdf” 

Regards,

Yuri.

View solution in original post

5 Replies
188 Views
Yuri
NXP TechSupport
NXP TechSupport

Hello,

 

  When using Linux L4.1.15 : the CAAM drivers are accelerated through the CryptoDev interface. Please refer to Chapter 50 [CAAM (Cryptographic Acceleration and Assurance Module)] of “i.MX_Linux_Reference_Manual.pdf” describes CAAM driver options. Section 9 (Security) of “i.MX_Linux_User's_Guide.pdf” shows how to test CAAM driver with openssl.

 

 

Have a great day,

Yuri

 

------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct

Answer button. Thank you!

------------------------------------------------------------------------------

188 Views
ranshalit
Senior Contributor I

Hi Yuri,

I think that for packet encrypt/decrypt, I better use cryptodev instead of openssl APIs, Right ?

Does cryptodev should be used with "AF_ALG" APIs or "/dev/crypto" APIs ?

I also see that there are many oprtions in cryptodev , see

gocryptodev - GoDoc 

Does CAAM support all of them ?

I wonder what is aes 128/256 among these many options.

Regards,

Ran

0 Kudos
189 Views
Yuri
NXP TechSupport
NXP TechSupport

Hello,

  Yes, You may use the cryptodev.

Supported options, that should be registered in kernel, are described in

mentioned above Chapter 50  of “i.MX_Linux_Reference_Manual.pdf” 

Regards,

Yuri.

View solution in original post

188 Views
ranshalit
Senior Contributor I

Hi,

Thank you for the responses!

Now If I basicly just need to encrypt/decrypt specific messages with AES256:

Should I catch messages and use direct call to CAAM according to CAAM driver APIs (such solution must involve a kernel module solution I suppose), or should I use openssl to encrypt/decrypt as done in the following example:

http://web.mit.edu/sit/Sipb/iadev/doc/SSLeay/ssl-client.c 

Thank you for the suggestions,

Ran

0 Kudos
188 Views
BiyongSUN
NXP Employee
NXP Employee

please check the reply in

https://community.nxp.com/thread/436552

0 Kudos