Hello,
I am a new on the subject of caam with imx6.
I saw some questions on this subject, so please excuse me if I might repeat a question which was asked (though I could not find the answer yet).
We are dealing with a new project, so we shall use the latest BSP.
1. Encapsulate message from ethernet port #1, Encrypt (AES256\128) data, and send through ethernet port #2
2. Decapsulate message from ethernet port #2, Dencrypt data, and send through ethernet port #1
Thank you for any suggestions and link to documentation !
Ran
Solved! Go to Solution.
Hello,
Yes, You may use the cryptodev.
Supported options, that should be registered in kernel, are described in
mentioned above Chapter 50 of “i.MX_Linux_Reference_Manual.pdf”
Regards,
Yuri.
Hello,
When using Linux L4.1.15 : the CAAM drivers are accelerated through the CryptoDev interface. Please refer to Chapter 50 [CAAM (Cryptographic Acceleration and Assurance Module)] of “i.MX_Linux_Reference_Manual.pdf” describes CAAM driver options. Section 9 (Security) of “i.MX_Linux_User's_Guide.pdf” shows how to test CAAM driver with openssl.
Have a great day,
Yuri
------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct
Answer button. Thank you!
------------------------------------------------------------------------------
Hi Yuri,
I think that for packet encrypt/decrypt, I better use cryptodev instead of openssl APIs, Right ?
Does cryptodev should be used with "AF_ALG" APIs or "/dev/crypto" APIs ?
I also see that there are many oprtions in cryptodev , see
Does CAAM support all of them ?
I wonder what is aes 128/256 among these many options.
Regards,
Ran
Hello,
Yes, You may use the cryptodev.
Supported options, that should be registered in kernel, are described in
mentioned above Chapter 50 of “i.MX_Linux_Reference_Manual.pdf”
Regards,
Yuri.
Hi,
Thank you for the responses!
Now If I basicly just need to encrypt/decrypt specific messages with AES256:
Should I catch messages and use direct call to CAAM according to CAAM driver APIs (such solution must involve a kernel module solution I suppose), or should I use openssl to encrypt/decrypt as done in the following example:
http://web.mit.edu/sit/Sipb/iadev/doc/SSLeay/ssl-client.c
Thank you for the suggestions,
Ran
please check the reply in