Crypto algorithms support
Algorithms Supported in the linux kernel scatterlist Crypto API
The Linux kernel contains various users of the Scatterlist Crypto API, including its IPsec implementation, sometimes referred to
as the NETKEY stack. The driver, after registering supported algorithms with the Crypto API, is therefore used to process per-
packet symmetric crypto requests and forward them to the SEC hardware.
Since SEC hardware processes requests asynchronously, the driver registers asynchronous algorithm implementations with the
crypto API: ahash, ablkcipher, and aead with CRYPTO_ALG_ASYNC set in .cra_flags.
Different combinations of hardware and driver software version support different sets of algorithms, so searching for the driver
name in /proc/crypto on the desired target system will ensure the correct report of what algorithms are supported.
Authenticated Encryption with Associated Data (AEAD) algorithms
These algorithms are used in applications where the data to be encrypted overlaps, or partially overlaps, the data to be
authenticated, as is the case with IPsec and TLS protocols. These algorithms are implemented in the driver such that the hardware
makes a single pass over the input data, and both encryption and authentication data are written out simultaneously. The AEAD
algorithms are mainly for use with IPsec ESP (however there is also support for TLS 1.0 record layer encryption).
CAAM drivers currently supports offloading the following AEAD algorithms:
• "stitched" AEAD: all combinations of { NULL, CBC-AES, CBC-DES, CBC-3DES-EDE, RFC3686-CTR-AES } x HMAC-{MD-5,
SHA-1,-224,-256,-384,-512}
• "true" AEAD: generic GCM-AES, GCM-AES used in IPsec: RFC4543-GCM-AES and RFC4106-GCM-AES
• TLS 1.0 record layer encryption using the "stitched" AEAD cipher suite CBC-AES-HMAC-SHA1
Encryption algorithms
The CAAM driver currently supports offloading the following encryption algorithms.
Authentication algorithms
The CAAM driver's ahash support includes keyed (hmac) and unkeyed hashing algorithms.
Asymmetric (public key) algorithms
Currently, RSA is the only public key algorithm supported.
Random Number Generation
caamrng
frontend driver supports random number generation services via the kernel's built-in hwrng interface when implemented
in hardware. To enable:
1. verify that the hardware random device file, e.g., /dev/hwrng or /dev/hwrandom exists. If it doesn't exist, make it with:
$ mknod /dev/hwrng c 10 183
2. verify /dev/hwrng doesn't block indefinitely and produces random data:
$ rngtest -C 1000 < /dev/hwrng
3. verify the kernel gets entropy:
$ rngtest -C 1000 < /dev/random
If it blocks, a kernel entropy supplier daemon, such as rngd, may need to be run. See linux/Documentation/hw_random.txt for
more info.
Device Drivers
Layerscape LS1028A BSP User Guide, Rev. 0.3, 04/2019
NXP Semiconductors
69
Summary of Contents for Layerscape LS1028A BSP
Page 135: ......