The acronym CAAM stands for Cryptographic Accelerator and Assurance Module. It is hardware that can be found on many i.MX NXP devices. When used it speeds up the cryptographic algorithms such as ECC and AES. In addition to the performance gained with using the CAAM for cryptographic operations, the application can also increase security by using encrypted keys and secure memory partitions with the CAAM. When describing the keys and blobs used with the CAAM, the term black keys and blobs are used to describe when the key has been encrypted by the hardware. Red keys refer to when a key has not been encrypted and is still in plain text.
wolfSSL has support for the CAAM driver with many IoT OS’s and embedded i.MX devices. Support for additional algorithms, devices and OS’s is continuously being added. There is also support by request if a project calls for something not already implemented or in progress.
What is currently supported in wolfSSL:
OS: QNX (using wolfSSL QNX CAAM driver)
Operations Supported:
– ECC (sign/verify/ecdh), with and without encrypted black keys
– AES-CMAC
– BLOB (red and black)
– TRNG
Notes: Developed on i.MX6 UL
OS: GreenHills Integrity (using wolfSSL CAAM driver)
Operations Supported:
– AES (CCM, ECB, CBC, CTR)
– MD5
– SHA1, SHA224, SHA256
– TRNG
– BLOB (red)
Notes: Developed on i.MX6 Dual/Quad/Solo series
OS: Embedded Linux (using third party cryptodev-linux or af-alg)
Operations Supported:
– AES (ECB, CBC, GCM)
– SHA256
Benchmarks using the CAAM with wolfSSL can be found on the benchmark page located here (https://www.wolfssl.com/docs/benchmarks/). For questions and comments regarding wolfSSL’s support of CAAM contact facts@wolfssl.com.