CAAM black keys and public key cryptography in latest BSPs

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

CAAM black keys and public key cryptography in latest BSPs

1,140 次查看
msalvinik
Contributor III

Hi all,

As per AN12838 "Strengthening Public Key Cryptography using CAAM Secure Key" application note, it is possible to use the CAAM black keys with ECDSA (and RSA) algorithms.

As stated by the AN12838 this functionality is added by the patches contained in "meta-imx-ecdsa-sec" layer, that is in "imx_sec_apps" repository (https://github.com/nxp-imx-support/imx_sec_apps).

But this meta-layer supports only kernels up to 5.4 (warrior and zeus Yocto releases), there are no patches for newer kernel versions/Yocto releases.

I searched in newer kernel versions source supposing that patches introduced by "meta-imx-ecdsa-sec" layer were merged upstream, but I didn't find anything.

Is the develop on "meta-imx-ecdsa-sec" layer stopped?

How to implement the public key cryptography with CAAM black keys in latest BSP releases?

Thanks in advance, regards

Mauro

0 项奖励
回复
7 回复数

999 次查看
AldoG
NXP TechSupport
NXP TechSupport

Hello,

Please accept my apologize for the delayed response, it is actually part of the standard release, I don't know which version of BSP you have looked at or at where have you looked, if this is already enabled or not.

Please note that some names are not the same or even file directories of some drivers tend to change specially between major releases, so this may lead to some confusions,

For example, please refer to the section 10.6 crypto_af_alg application support, of the i.MX Linux User's Guide.
https://www.nxp.com/docs/en/user-guide/IMX_LINUX_USERS_GUIDE.pdf

If you have any other questions please do let me know!

Best regards/Saludos,
Aldo.

944 次查看
william-degisi
Contributor I

Hello

Thanks for the answer

Actually we are using Kirkstone BSP

Is it already implemented?

Thanks, William 

0 项奖励
回复

932 次查看
AldoG
NXP TechSupport
NXP TechSupport

Hello,

Yes, for the kirskstone release (L5.15.71_2.2.0) it does apply, please refer to the document for this Linux version:
https://www.nxp.com/docs/en/supporting-information/L5.15.71_2.2.0_LINUX_DOCS.zip

Best regards/Saludos,
Aldo.

0 项奖励
回复

880 次查看
msalvinik
Contributor III

Hi @AldoG ,

 

thank you for your answer.

I know that CAAM black keys are supported in NXP latest BSPs, using caam-keygen through crypto_af_alg as you stated: this is for encryption and decryption using symmetric keys, and we already use it.

But my question was about using CAAM black keys with public key cryptography (asymmetric keys) in your recent BSPs: I'm referring to examples shown in AN12838, where openssl is used to generate the keys and the private key is placed automatically in a black blob. In this AN, the "meta-imx-ecdsa-sec" layer is used: this layer applies patches to the kernel, but the layer development stopped at kernel 5.4.24 and the code added by those patches seems not to be in NXP kernels after 5.4.

Then, how can we have CAAM black keys with public key cryptography (asymmetric keys) in our Kirkstone BSP?


Thank you

Mauro

0 项奖励
回复

795 次查看
AldoG
NXP TechSupport
NXP TechSupport

Hello,

Please accept my apologize for the delayed response, I wanted to give an answer as clear as possible.

The solution that was previously offered via imx_sec_app is not suitable for upstream and as such we will not integrate that as part of the BSP enablement.

In BSP ECDSA operation is supported through OP-TEE and PKCS11 interface on all devices (and accelerated with CAAM when available).

Please refer to the Linux Users Guide chapter 10.4.7 Running OpenSSL asymmetric tests with PKCS#11 based engine.

Hope this helps,
Best regards/Saludos,
Aldo.

0 项奖励
回复

783 次查看
msalvinik
Contributor III

Hi @AldoG ,

 

thank you, now it's all clear.

 

Regards

1,076 次查看
msalvinik
Contributor III

Hi,

 

kind ping: anybody in NXP knows the current development status of this topic?

Thanks, regards

 

Mauro

0 项奖励
回复